If you read around the Internet, you’ll have noticed news that shows the PS3’s security has been wholly compromised, and that Sony is looking into a solution for the problem.
Generally though, I find a lot of the details amusing, particularly ones covering why the security was so terrible. The tl;dr version is essentially, there is a pair of public/private keys and both have been made public instead of just the public one. The algorithm behind it was also terrible, so now everything is fair game on the PS3.
If it were up to me, I’d put out a new firmware with the following:
- Change to a new encryption system, we’ll call this the “NEW” encryption. “OLD” encryption refers to the system used pre-3.60.
- Create a game database saved locally by the new firmware. Only games that follow the “OLD” encryption and exist in the game database can load.
- Any new games in 3.60 onward are required to use the “NEW” encryption.
I should probably note that #1-3 above is probably possible, but if the core firmware update system uses the “OLD” encryption system being read from a read-only ROM chip, then it is screwed for life. Reason I say this is because it means CFW can be loaded at any time regardless of the current OFW; judging from the hacking team that claims anything can load now regardless of firmware, it’s more than likely this scenario was already considered.
Furthermore, this doesn’t solve the fact that all games using the “OLD” encryption are compromised. Essentially they are screwed, and I can’t see any way out of it. Publishers are going to be super-mad that this sort of thing was allowed to happen. The factors involved are a sight to behold:
- Pressure to remove OtherOS encouraged hackers to break the system
- Encryption algorithm was rather ridiculous; what was supposed to be a random number generator used constant numbers instead
- PSP master key (!!) was left on the PS3
The PSP has also been compromised in this endeavor, but at this point I probably would not do a thing about it anymore. It’s time to move into a new system, perhaps the PSP2? It’s already late into its lifecycle and should be written off soon. The same can’t be said for the PS3, which has been compromised halfway through the lifecycle it was supposed to have. Anyone who had a hand in the decisions leading to the #1-3 here are most certainly going to be getting the pink slip.