Enlarge / The PlayStation Classic's internal USB, removed and picked at as part of the hacking effort. (credit: Yifan Lu / Twitter)
In the days since the PlayStation Classic's official release, hackers have already made great progress in loading other PlayStation games (and even non-PlayStation software) onto the plug-and-play device. What's more, it seems some sloppy cryptography work on Sony's part is key to unlocking the device for other uses.
Console hackers yifanlu and madmonkey1907 were among those who were able to dump the PlayStation Classic's code via the system's UART serial port in the days after its release. From there, as yifanlu laid out on Twitter, the hackers found that the most sensitive parts of the system are signed and encrypted solely using a key that's embedded on the device itself, rather than with the aid of a private key held exclusively by Sony. In essence, Sony distributed the PlayStation Classic with the key to its own software lock hidden in the device itself.
Further examination by yifanlu during a series of marathon, Twitch-streamed hacking sessions found that the PlayStation Classic also doesn't seem to perform any sort of signature check at all for the sensitive bootrom code that's loaded when the system starts up. That makes it relatively trivial to load any sort of payload to the hardware from a USB device at startup, as yifanlu demonstrated with a video of a Crash Bandicoot prototype running on the PlayStation Classic last week.
Read 3 remaining paragraphs | Comments
Last week, the arrest of MENG Wanzou made big waves in the news. Ms. Meng was arrested in Canada based on an arrest warrant issued for the United States Department of justice. Ms. Meng, as CFO of Huawei and possible heir to her father, the CEO of Huawei, is assumed to have access to substantial wealth. This led to a wave of advanced fee scams levering this news.
Advance fee scams have probably been most commonly associated with "Nigerian Prince" scams. The trick is to promise substantial wealth in exchange for a relatively small advanced fee.
In this case, the message sent via WeChat suggested that a corrupt Canadian guard would let Ms. Meng escape for a few thousand dollars. The recipient of the message is asked to transfer the money to the guard's account, and promised a large amount of money once Ms. Meng is released:
Translation: "Hello, I am MENG Wanzou. Currently, I have been detained by Canadian customs. I have limited use of my phone. Right now CIA is trying to get me into the hands of the US government. I bribed the guard of my room, and urgently need US$2000 to get out of here. Once I am out, I will reward you 200,000 shares of Huawei. I will be good on my word. if you are single, we can also discuss the important thing in life. The guard’s name is David, the account number is 52836153836252, swift 55789034. I will be good on my word"
Of course, it is questionable how successful a crude attempt like this will be. But sadly, experience tells us that there are still people falling for the old "Nigerian scam". By targeting Chinese individuals via WeChat, the scam may have a higher success rate than more widely distributed scams.
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|
String analysis: extracting and analyzing strings from binary files (like executables) to assist with reverse engineering.
It's a simple method, but still useful, if you don't have to spend hours sifting through all strings produced by the string tool. I have a tip to quickly find "interesting" strings: sort the output of the strings tool by string length. Start with the shortest strings, and end with the longest strings.
Take for example the analysis of a malicious document, that involved many steps and requires good knowledge of different file formats.
Just by extracting the strings of this document and sorting them by length, you immediately find the powershell command:
I developed my own strings.py tool, and option -L sorts strings by increasing lenght.
Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com
