Sony has filed a lawsuit against a group of hackers who were able to bypass the DRM protections in the company’s PlayStation 3, compromised the root key and later published tools allowing others to follow in their footsteps and play pirated software on the console.
On Tuesday, Sony filed suit in the Northern District of California against George Hotz, Hector Martin Cantero, Sven Peter and a number of unnamed defendants for circumventing the encryption mechanisms on the PS3 and then releasing the tools to enable other users to do the same. Hotz is well-known for his work jailbreaking various versions of the iPhone and other devices, and Sony alleges in its suit that he built on work published by a group known as Fail0verflow and found a method for jailbreaking the PS3 running firmware version 3.55. The company also is seeking a temporary restraining order against the group of defendants.
Sony is asserting that the defendants’ actions are violations of the Digital Millenium Copyright Act.
“The Root Keys, or “Metldr Keys,” that Hotz wrongfully compromised are part of a TPM in the PS3 System, and are necessary to authenticate code that runs on a critical level of that System. With access to this particular level, one can control crucial functions and operations of the PS3 System and execute code that will enable pirated video games to run on the PS3 System.
“Knowing that the “Metldr Keys” can defeat TPMs in the PS3 System, Hotz began using these proprietary Keys as a component of a Circumvention Device that applies SCEA signatures to any file, effectively “tricking” the PS3 System into running unauthorized programs. On January 2, 2011, Hotz published the Metldr Keys on his website under the banner “keys open doors.” By doing so, Hotz purposefully compromised the confidentiality of those Keys and invited other software pirates to incorporate the Keys into their own circumvention technology. (quoting Hotz January 2nd post: “use this info wisely”). Hotz’s distribution of the Metldr Keys enabled software pirates to create and run unauthorized copies of video games,” Sony states in its motion for a temporary restraining order to prevent the further distribution of the keys and tools used to extract them.
It’s unclear what effect, if any, the law suit and proposed restraining order will have on the security of the PS3, as the encryption keys have been published online in several places already. Unless the company is planning to revoke the private keys, it will be nearly impossible for Sony to reverse what’s been done. The code that Hotz created also is available on both his site and others.
Hotz posted a video on YouTube demonstrating his technique, which involved loading a custom firmware package onto the PS3 from a USB stick. On its site, the Fail0verflow crew, which gave a talk on their PS3 research at the 27C3 Conference in Berlin last month, said that it has never published Sony encryption keys or code.
- Our motivation was Sony’s removal of OtherOS.
- Our exclusive goal was, is, and always has been to get OtherOS back.
- We have never condoned, supported, approved of, or encouraged videogame piracy.
- We have not published any encryption or signing keys.
- We have not published any Sony code, or code derived from Sony’s code.
The group said their goal was to be able to run Linux on the PS3 and dual boot the console.
