PS3 Games Dumpable. Woopty Doo.

[ForumBot 0.8 beta]

PS3 Games Dumpable. Woopty Doo.

So, earlier tonight some news came out from a no-name PS3 hacking site. I say no-name because it's a wreck of a site. Anyway, the news was this - they figured out how to dump ISOs off Blu-Ray game discs. Apparently, by installing Fedora Core 5, you can just sort of rip the entire disc.

Turns out it's true.

One of the f13 gang here, who is far too useful with Linux (he's an OS/kernel Engineer), decided to try it out for me. It worked. Not only did it work, but he was able to mount the ISO in Linux. So it begs the question? What's on the disk. Answer: Lots of encrypted shit. But digging through it revealed a number of things. What follows are quotes, I'm certainly not smart enough to come up with all of this:

"It looks like the BD-ROM drive works similarly to DVD-ROM drives - some of the data (like the superblock, directories, some metadata like the PNGs) is unencrypted. The rest of the data, while mapped out by the filesystem structure appears (at a rather cursory glance) to be encrypted (or somehow scrambled). Linux is able to copy something which may well be the raw disk image from the BD-ROM drive. This is not amazingly useful unless somebody is able to decrypt the encrypted data (which requires either a cryptographic weakness or extraction of the keys). Also, the AVI files found on the disc do not conform to the AVI container format. They are not RIFF container files. In summation, BD-ROM ripping on the PS3 is similar to DVD ripping before decss."

Now, why did I go through the trouble of finding someone who can do this sort of shit? Well, that no-name site said that what was going so groundbreaking that my pants would simply burst into flames when I read it. Turns out there would be no combustion today. Due to the way the files are structured (and encrypted), it would require very low-level access to the hardware to emulate the environment necessary for running this sort of ISO.

If Sony did their job, no one will be simply mounting and running ISOs of BRD based games any time soon... Unless some sort of exploit exists - much like the ones that have been found in the PSP OS.

This isn't some sort of support for piracy by the way. It's simply a little investigation into seeing if having BRD makes anything easier. Seems it doesn't. That said, who wants to sit around with a 19GB FPS on a hard drive anyway?

[Trippy]

Some people did this with the 360 disc format a year ago with the same results. They can read the raw bits and the file structure but the data is still copy protected and AFAIK they haven't cracked the protection yet even after a year of trying (the benefits of controlling all the hardware).

[Quinton]

BD-ROM looks to have much stronger crypto than DVD did (and better, an extensible system where they can actually move to different crypto over time, should a weakness be discovered).  That said, presumably Sony could even use private (to Sony) key pairs for game content -- since Sony controls the console and Sony controls the disc mastering.  At that point you either need some serious cryptographic weakness, or you need to be able to somehow exploit the hypervisor to extract keys from the system, or you need to find an exploit in a game or the XMB that will let the system do decrypting reads for you and then you shuffle the data elsewhere. 

This is mostly assuming your goal is piracy or reverse engineering of game content, though if you want to try to author content you have similar issues.  I would assume Sony has learned from Dreamcast and didn't ship with a way to start games from completely unencrypted media (which made DC homebrew *so* nice).

Something I find incredibly technically interesting about PS3 is it is both a secure platfrom (hosts OSes under a hypervisor, presumably has a strong crypto path protecting the firmware/hypervisor startup, etc) and an open platform (provides a means to install an arbitrary third-party OS which is provided with access to basically the entire system except for protected content on hdd/bdrom and the gpu).  With luck, GPU access is just a "not ready at ship" issue (I'm crossing my fingers). 

One of the common doomsday scenarios people like to postulate about secure computing is that PCs will be so locked down that you literally will not be able to install an alternate OS, much less copy your mp3s.  Of course Sony *could* revoke this ability at any point and that would certainly cause an impressive wave of "I told you so!" commentary from the Secure Computer is the Devil people.

- Q

[bhodi]

And, like 360 disks, it is likely that it will be easier to play duplicated media (because the encryption remains intact) than actual homebrew code. Which makes piracy easy but homebrew hard.

It's pretty interesting from a technical perspective but nothing I didn't expect. Depending on the specifics (remember the crack of the orig xbox, a complete backdoor) it may be possible to do all sorts of things, but only time will tell.