What Is the PS3 Root Key Used For?

PlayStation Security

• In order to combat software piracy, Sony and other console manufacturers have locked down their consoles, so that only authorized software will run. Sony signs the official PlayStation software with a private key known only to the company. The PlayStation hardware uses a public key to verify the software's digital key is correct. If anyone attempts to tamper with the software in any way, it will no longer validate and the PlayStation will reject it. This stops pirate software from running, and allows Sony to keep strict controls on the software available for the PlayStation. Before the release of the root key, the PlayStation 3 had been widely regarded as the most secure of the consoles on the market.

What Is The PS3 Root Key

• The PS3 root key is Sony's private key used to sign the PlayStation 3 software, to authorize its use on the console, and held securely within Sony. In December 2010, the Fail0verflow group announced that by exploiting weaknesses in the encryption system, it had discovered the private key. The group decided not to publicly release the key, although they did publish the method used to find it. Geohot then used a similar method to find the private key, and publicly released it in Internet forums. Knowing that Sony would likely use legal action to force the removal of the key from the original sites, many people copied the key and published it elsewhere on the Internet to ensure it stayed in the public domain.

How Was The PS 3 Root Key Discovered?

• In theory, although the private and public keys are mathematically related, it is impossible to calculate a private key from a public key, taking so much processor time that it would simply not be viable. To generate the signature to sign the software, a random number must be used, which follows no predictable pattern. This means that you cannot establish patterns by looking at a number of signatures generated with the same private key. In practice, Sony used its own method for signing, which used the same number for each digital signature generated. This predictability enabled the calculation of the private key used to sign the PlayStation software.

What Can Be Done With The PS3 Root Key?

• Using the private key, anyone with the technical knowledge can sign software, which the PlayStation hardware then accepts as being Sony authorized and allows to run. This enables people to use their own homebrew software on the PlayStation, or possibly find further vulnerabilities. Because the keys are stored in the PlayStation hardware, it is difficult for Sony to stop, as changing the key would require also changing the hardware. Software updates from Sony intended to lock down the PlayStation again can be decrypted and reverse engineered, rendering them ineffective. This leads to a constant cat and mouse situation between Sony and the hackers as both fight for control of the console.