Hackers have found a way to break down one of the toughest defensive walls in Sony's PlayStation 3 software security, ensuring that those who use custom firmware can run homebrew software and pirated games forever.
A group calling itself "The Three Musketeers" on Monday released a secret set of LV0 codes that can decrypt the PlayStation 3's Level 0 (LV0) security layer used by the primary boot loader. This means that hackers should always have the ability to release custom firmware for the device any time Sony updates the console's software. Custom firmware gives PS3 owners the ability to run pirated games, homebrew software (such as retro game emulators), and even Linux.
"This means that all future firmwares and all future games are decryptable, and this time around they [Sony] really can't do anything about it," Marcan, one of the players in the fail0verflow exploit, wrote in a related Slashdot thread. "By extension, this means that given the usual cat-and-mouse game of analyzing and patching firmware, every current user of vulnerable or hacked firmware should be able to maintain that state through all future updates, as all future firmwares can be decrypted and patched and resigned for old PS3s."
Unfortunately, unless your PS3 runs custom firmware, or can downgrade to a custom firmware, the exploit means relatively nothing -- for now. Check out a very informative FAQ -- which derives from Marcan's observations of the breakthrough -- that describes the implications of the PS3 hack in plain english at the Wololo forums.
The group responsible for releasing the PS3 LV0 codes to the public only did so because a rival group had supposedly stolen the information, and planned to sell custom firmware based on it for profit.
"You can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now," wrote the Musketeers in a note attached to the LV0 reveal.
CNET has contacted Sony for comment and will update this report when we learn more.