Someone has outlined two simple scenarios that will allow you to load external signed applications from USB drives through mathematically leaked private keys on the PS3 console that has been found by Fail0verflow team. These are just theories, but it is possible that the scenarios could happen.
- Install custom but correctly signed firmware. The PS3 will think that it’s valid firmware because the “SONY-FIRMWARE” header is correctly decrypted.
- Install from the USB drive a signed program that allows you to load other signed applications from any source. Note that this signed program may be masked as another legitimate application thanks to private key reverse engineering.
- Reinstall legitimate firmware on the PS3. It is now very hard to trace your trojan application, and you can still sign onto PSN.
- Install firmware whose signature exactly matches that of the latest legitimate Sony firmware. This is now very easy to do thanks to private key exposure; hackers just have to download the latest legit firmware, extract the signature, and sign custom firmware with the same signature. The custom firmware specifies that applications can be loaded from USB drives.
- There is no step 2.
The Fail0verflow team is expected to release a custom firmware called AsbestOS.PUP (PUP is a file format for official PS3 firmware) which is Marcan’s Linux loader for the PS3 console replacing GameOS on the fly.