PlayStation 3 encryption keys revealed, hacker group claims
A PlayStation hacker group calling itself the Three Musketeers has released what it claims is a low-level encryption key that makes it possible to install custom firmware on Sony's PS3. The so-called LV0 key is an integral part of the PS3's security set-up. The key is the first thing the console's bootloader checks as part of the process for booting up the system, according to the PS3 Developer Wiki, a technical site dedicated to PlayStation hacking.
The Musketeers group said it was reluctant to publicly release the key and was apparently trying to keep the discovery a secret. “You can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day,” the group said in a posting to the site Pastie.
Whether Sony can patch this apparent security leak, as it did in 2011 for a previous exploit, is unclear. “The reveal of the LV0 key basically means that any system update released by Sony going forward can be decrypted with little or no effort whatsoever,” writes Eurogamer's Richard Leadbetter. But others aren't so sure. The BBC reports that an unnamed source close to Sony is “not convinced that the latest hack is any more serious that past ones.”
Whether or not the LV0 key release is a serious setback for Sony, the Musketeers group said it didn't want to go public with the information. The group said it was only releasing the key for fear that its discovery would be used by others to make money.
It's not clear what money-making scheme the group was referring to, but most reports say it was to stop the team behind Bluedisk CFW, a PS3 custom firmware that contained a DRM lock. It's not clear, however, if the Bluedisk CFW team planned to charge for its software.
Sony is particularly aggressive about protecting its console from hackers, ostensibly to prevent piracy. In early 2011, Sony sued several hackers for publicly releasing a previous set of the console's encryption keys as well jailbreaking tools for the PS3. Sony eventually withdrew its suit after George Hotz, one of the main defendants in the case, agreed to stop hacking Sony products in the future.
Sony's PS3 was once a more hacker-friendly platform. The company as recently as 2010 allowed users to install a limited number of Linux-based operating systems on the PS3 in addition to running the console's own firmware. The decision to get rid of the PS3's “Install Other OS” feature is often cited as one of the reasons hackers began trying in earnest to circumvent the console's digital locks.