Scene member LightningMods has disclosed a series of encryption keys yesterday, that are claimed to be the PS4 Syscon keys. This happens a few weeks after team Fail0verflow provided a lengthy explanation on how they hacked into the PS4 syscon, with accompanying software tools. Knowledge of some of the Syscon secrets could lead to PS4 downgrades down the road.
What is PS4 Syscon, and why is it interesting for you?
The System Controller is a chip on the PS4, which is in charge of powering up other components of the system and communicating with them. According to hackers, it also happens to be storing some data on behalf of SAMU, the PS4 security processor.
flash internal to syscon is used as a small region of nonvolatile storage for other components on the system. The syscon-internal flash contains nvs and snvs regions which are accessible via icc.[…] snvs is used expressly by the security processor (SAMU) inside the APU.
Because of its interaction with the SAMU processor, Fail0verflow believe that access to some of syscon’s data could help with further hacking of the PS4, including possible downgrades. They state (emphasis mine):
This data is arranged in 0x20 byte “sectors", upon which XTS is used by SAMU (with XTS sector size = 0x200 bytes…), with a key only accessible by SAMU. So the actual data is opaque to pretty much everything outside SAMU. The communication between SAMU and snvs is additionally CMAC’d, so even though the traffic flows over icc and is thus easy to man-in-the-middle, any changes to requests to snvs or replies to SAMU will result in failed transfers. To protect against replay attacks at the icc level, nonces are used.
Clearly there is some interesting data being stored in snvs, and SAMU must trust this data to some extent. Since the use of CMAC entails there’s a shared secret in both SAMU and syscon, it becomes possible to at least replay old traffic, if the CMAC key can be extracted from syscon. From reversing x86 FreeBSD, we knew that SAMU stores system firmware version and manufacturing mode information in snvs (among other things). Therefore, being able to replay old snvs replies should allow downgrading firmware – a capability normally prohibited.
What are the keys that were revealed today?
The keys disclosed by LightningMod could help the scene build update patches, that any PS4 would believe to be official patches, and install without a problem. Furthermore, downgrades could even be possible down the way.
Here again, quoting from Fail0verflow:
The RL78 security key is global across syscons, so once it’s known only the initial simple glitch is needed to get full OCD access. Knowledge of the firmware updates keys means we can encrypt and sign our own patch files (it’s not explained in depth in this blog post – but syscon on retail PS4s is locked down to only support patching, not full update images). Custom patches are still enough to introduce permanent code changes to syscon firmware without mucking around with glitching at all. Lastly, the snvs keys do allow downgrading the system firmware version (although there are some complexities involved).