Sony Sues PlayStation 3 Jailbreakers

Sony has filed a lawsuit against a group of hackers who were able to bypass the DRM protections in the company’s PlayStation 3, compromised the root key and later published tools allowing others to follow in their footsteps and play pirated software on the console.

PS3 hackedSony has filed a lawsuit against a group of hackers who were able to bypass the DRM protections in the company’s PlayStation 3, compromised the root key and later published tools allowing others to follow in their footsteps and play pirated software on the console.

On Tuesday, Sony filed suit in the Northern District of California against George Hotz, Hector Martin Cantero, Sven Peter and a number of unnamed defendants for circumventing the encryption mechanisms on the PS3 and then releasing the tools to enable other users to do the same. Hotz is well-known for his work jailbreaking various versions of the iPhone and other devices, and Sony alleges in its suit that he built on work published by a group known as Fail0verflow and found a method for jailbreaking the PS3 running firmware version 3.55. The company also is seeking a temporary restraining order against the group of defendants.

Sony is asserting that the defendants’ actions are violations of the Digital Millenium Copyright Act.

“The Root Keys, or “Metldr Keys,” that Hotz wrongfully compromised are part of a TPM in the PS3 System, and are necessary to authenticate code that runs on a critical level of that System. With access to this particular level, one can control crucial functions and operations of the PS3 System and execute code that will enable pirated video games to run on the PS3 System.

“Knowing that the “Metldr Keys” can defeat TPMs in the PS3 System, Hotz began using these proprietary Keys as a component of a Circumvention Device that applies SCEA signatures to any file, effectively “tricking” the PS3 System into running unauthorized programs. On January 2, 2011, Hotz published the Metldr Keys on his website under the banner “keys open doors.” By doing so, Hotz purposefully compromised the confidentiality of those Keys and invited other software pirates to incorporate the Keys into their own circumvention technology. (quoting Hotz January 2nd post: “use this info wisely”). Hotz’s distribution of the Metldr Keys enabled software pirates to create and run unauthorized copies of video games,” Sony states in its motion for a temporary restraining order to prevent the further distribution of the keys and tools used to extract them.

It’s unclear what effect, if any, the law suit and proposed restraining order will have on the security of the PS3, as the encryption keys have been published online in several places already. Unless the company is planning to revoke the private keys, it will be nearly impossible for Sony to reverse what’s been done. The code that Hotz created also is available on both his site and others.

Hotz posted a video on YouTube demonstrating his technique, which involved loading a custom firmware package onto the PS3 from a USB stick. On its site, the Fail0verflow crew, which gave a talk on their PS3 research at the 27C3 Conference in Berlin last month, said that it has never published Sony encryption keys or code.

  • Our motivation was Sony’s removal of OtherOS.
  • Our exclusive goal was, is, and always has been to get OtherOS back.
  • We have never condoned, supported, approved of, or encouraged videogame piracy.
  • We have not published any encryption or signing keys.
  • We have not published any Sony code, or code derived from Sony’s code.

The group said their goal was to be able to run Linux on the PS3 and dual boot the console.

Suggested articles

Discussion

  • Anonymous on

    (from the story teaser)

    Sony has filed a lawsuit against a group of hackers who were able to bypass the DRM protections in the company's PlayStation 3, compromised the root key and later published tools allowing others to follow in their footsteps and play pirated software on the console.

    How is jail breaking a PS3 pirating?  How is electronics engineering piracy? 

    If I want to tear apart a TV set and recreate it myself, I go out and buy every single resistor, cap, diode, semiconductor, coil, etc  I could slap my own label on, and there ain't a DAMN thing anyone can do about it. 

    Just because some electronic parts have been  jail broken doesn't equate to piracy and the people who say so, should be labeled the kooks they are.

    This whole piracy thing is way overblown.  I stuck through the sony rootkitted CD debacle because I love sony vegas, but sony better pull their heads out of their ass's and get on with life.  For one thing there wouldn't have even been a problem if sony didn't mess with the firmware in the first place!

     

    Childish nonsense drives the costs up on everyone regardless of the claims of piracy!

    Everyone please grow up.

    (for the record I don't own a PS3, but I do own sony vegas pro)

     

  • Nidhi Rastogi on

    I am interested in knowing how the hell will Sony accomplish this: "Unless the company is planning to revoke the private keys, it will be nearly impossible for Sony to reverse what's been done.

    Do they have a over the air update mehcanism (i don't own a PS) or do they expect existing customers to come to the Sony store for a "private key update"???

  • Anonymous on

    Was Sony ever formally sued by the EU members for bait and switch on their hardware/software? While they may have language related to being able to update code, they removed functionality which influenced many people to purchase their equipment.

    (part of why I havent' bought, nor do I plan to purchase a PS3...)

  • Henk on

    Interesting situation.  The damage is done.  Maybe Sony should focus on the platform market again. I think the PS3 is a great computing device AND a great games console.  So make it available as such. Maybe the model for supplying the games and other software should change.  Make it a SonyGames store, for example.  I see Steam working like this and it works very well.  

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.