Interesting People mailing list archives
The Waiting Tide? Major PSP Exploit May Appear in a Few Hours ...
From: David Farber <dave () farber net>
Date: Wed, 15 Jun 2005 11:32:48 -0400
Begin forwarded message: From: Lauren Weinstein <lauren () vortex com> Date: June 14, 2005 6:08:22 PM EDT To: dave () farber net Cc: lauren () vortex comSubject: The Waiting Tide? Major PSP Exploit May Appear in a Few Hours ...
Greetings. You can't see them or hear them. But around the world, hundreds of thousands, perhaps millions of people, are anxiously watching the clock. They're anticipating the imminent release of what is purported to be a software loader that will release Sony's popular PSP portable gaming device from its sophisticated signed-encryption/AES system, that currently prevents the running of "unofficial" software on most of the sophisticated units. The powerful new PSP -- based on the MIPS R4000 CPU -- complete with a gorgeous color display and WiFi capability, became an obvious target for homebrew applications, ranging from game emulators to Linux projects. However, the device was designed to refuse the execution of programs that had not been "signed" by Sony, primarily as a control against game piracy, we assume. However, it was soon discovered that the earliest PSP units, released only in Japan, contained a firmware flaw allowing the running of properly manipulated unsigned code. Immediately, homebrew applications began to appear. By the time the PSP was released in the U.S. just a few months ago, the early Japanese version 1.0 firmware had been replaced with version 1.5, and the execution hole appeared to be closed. A high premium on the early Japanese units resulted. The U.S. PSP fans stayed busy by discovering a Web browser included in a popular PSP game for update purposes ("Wipeout Pure"), that could be manipulated to reach arbitrary sites via various DNS tricks. Meanwhile, various hacking groups worked at finding a way to open an unsigned execution path on the 1.5 firmware. Numerous false alarms occurred, including fake claims and bogus demo videos. But now, word is out that the results of a 1.5 execution effort from Spain are about to be released, and the PSP community seems to be largely convinced that this one is on the level. The software is scheduled to appear via various sites tomorrow morning U.S. time. It is difficult to underestimate the impact if this turns out to be a genuine exploit. Sony recently released (in rapid succession) versions 1.51 and 1.52 of PSP firmware, and reportedly plans to force firmware upgrades in new official game releases. Apparently the new 1.5 exploit will *not* function on those post-1.5 firmware versions, which could result in a run by homebrew enthusiasts to obtain the existing 1.5-based units, before newer shipments are switched to later releases -- which may or may not prove to be "hackable" later on. Is the PSP 1.5 exploit real? If so, what will happen when an enormous contingent of independent developers are set loose on the platform? How will Sony react? What does this mean for the gaming industry? And what does this tell us about the difficulty of securing hardware and software in our Internet-connected world? We should start to know some answers in just a few hours. --Lauren-- Lauren Weinstein lauren () pfir org or lauren () vortex com or lauren () eepi org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, EEPI - Electronic Entertainment Policy Initiative - http://www.eepi.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- The Waiting Tide? Major PSP Exploit May Appear in a Few Hours ... David Farber (Jun 15)