The Waiting Tide? Major PSP Exploit May Appear in a Few Hours ...

[David Farber <dave () farber net>]

Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: June 14, 2005 6:08:22 PM EDT
To: dave () farber net
Cc: lauren () vortex com
Subject: The Waiting Tide? Major PSP Exploit May Appear in a Few  
Hours ...



Greetings.  You can't see them or hear them.  But around the world,
hundreds of thousands, perhaps millions of people, are anxiously
watching the clock.  They're anticipating the imminent release of
what is purported to be a software loader that will release Sony's
popular PSP portable gaming device from its sophisticated
signed-encryption/AES system, that currently prevents the running of
"unofficial" software on most of the sophisticated units.

The powerful new PSP -- based on the MIPS R4000 CPU -- complete with
a gorgeous color display and WiFi capability, became an obvious
target for homebrew applications, ranging from game emulators to
Linux projects.  However, the device was designed to refuse the
execution of programs that had not been "signed" by Sony, primarily
as a control against game piracy, we assume.

However, it was soon discovered that the earliest PSP units, released
only in Japan, contained a firmware flaw allowing the running of
properly manipulated unsigned code.  Immediately, homebrew
applications began to appear.  By the time the PSP was released in
the U.S. just a few months ago, the early Japanese version 1.0
firmware had been replaced with version 1.5, and the execution hole
appeared to be closed.  A high premium on the early Japanese units
resulted.

The U.S. PSP fans stayed busy by discovering a Web browser included
in a popular PSP game for update purposes ("Wipeout Pure"), that
could be manipulated to reach arbitrary sites via various DNS tricks.
Meanwhile, various hacking groups worked at finding a way to open an
unsigned execution path on the 1.5 firmware.

Numerous false alarms occurred, including fake claims and bogus demo
videos.  But now, word is out that the results of a 1.5 execution
effort from Spain are about to be released, and the PSP community
seems to be largely convinced that this one is on the level.  The
software is scheduled to appear via various sites tomorrow
morning U.S. time.

It is difficult to underestimate the impact if this turns out to be
a genuine exploit.  Sony recently released (in rapid succession)
versions 1.51 and 1.52 of PSP firmware, and reportedly plans to
force firmware upgrades in new official game releases.  Apparently
the new 1.5 exploit will *not* function on those post-1.5 firmware
versions, which could result in a run by homebrew enthusiasts to
obtain the existing 1.5-based units, before newer shipments are
switched to later releases -- which may or may not prove to be
"hackable" later on.

Is the PSP 1.5 exploit real?  If so, what will happen when an enormous
contingent of independent developers are set loose on the platform?
How will Sony react?  What does this mean for the gaming industry?
And what does this tell us about the difficulty of securing
hardware and software in our Internet-connected world?

We should start to know some answers in just a few hours.

--Lauren--
Lauren Weinstein
lauren () pfir org or lauren () vortex com or lauren () eepi org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
  - People For Internet Responsibility - http://www.pfir.org
Co-Founder, EEPI
  - Electronic Entertainment Policy Initiative - http://www.eepi.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/