[svenpeter]

zarvox already linked to the talk we gave at https://media.ccc.de/v/27c3-4087-en-console_hacking_2010.

We talked about how you could compute private keys but didn't release any keys for obvious reasons.

Essentially Sony had N different sets of keys protecting different levels of their system (e.g. one keyset for the hypervisor and another one for the kernel). What we found allowed to compute the private signing key given two public signatures.

Due to some technicality this meant that you needed another bug which allowed to extract these plaintext signatures. (The best comparison today would be that we found a universal code execution bug but you still needed to find your own info leak to defeat ASLR which we either didn't share or didn't have for all keysets).

What happened then was that geohot used this flaw we found together with a simple bug that leaked two plaintext signatures to extract one of the most important keys and published that one on his website.

Sony responded by suing him and us as well - probably because they assumed that we worked together. After a few month they reached a settlement with geohot where he promised to never hack any Sony product ever again. At the same time they simply dropped the lawsuit against marcan, me and a few other friends from fail0verflow without having ever served us. Those months resulted in quite some stress for me and personal and legal issues for another friend.