decrption is when cryptography
Comment on PS5 ROM Keys Leaked: Sony’s Unpatchable Security Nightmare (2026) | The CyberSec Guru
Kazumara@discuss.tchncs.de 5 days agoYeah agreed especially further down when it’s just randomly rehashing old history. It’s also mixing up decryption and verification even in the beginning of the article. First they write:
BootROM (Level 0): The CPU runs code burned into it at the factory. This code is immutable (cannot be changed). It uses the ROM Keys to verify the signature of the next loader.
Then just two paragraphs below:
The ROM Keys change everything. With these keys, hackers can decrypt the Level 1 Bootloader.
So which is it? Usually boot chains hash the next stage and compare it with a signed “known-good” hash they have stored, no encryption. Maybe this is different for the PS5 but then that would be noteworthy, not something you just assume readers to know.
Lojcs@piefed.social 5 days ago
4am@lemmy.zip 5 days ago
Maybe I am missing something but I think you answers your own question?
ROM is Level 0, it has the burned-in, permanent key. It hashes and verifies the Level 1 bootloader, on disk, signed with the ROM key.
Now that the ROM key is known, anyone can sign a PS5 bootloader; and you can pretty much do whatever you want from there.
It would seem that all existing PS5s just went up in value.
Kazumara@discuss.tchncs.de 5 days ago
That was a rhetorical question after I pointed out the inconsistency: The author claimed they keys were for verification and then also said they were used to decrypt.
That’s most likely bullshit, and if it isn’t they should explain the unusual setup in detail instead of glossing over it.