Sunday, March 6, 2011

Shmuck of the Month: Sony

Two types of companies exist: those which are growing and those which are dying. Sony clearly belongs to the latter for over a decade now. The high level of engineering that once made their products excel has been replaced by bland mediocrity and delusional control ideas that are manifested in recent Sony products such as Bluray, the PS3, etc. In their latest act of desperation, they are suing a couple of guys who have successfully hacked the PS3 to bring Linux back to the console after it has been illegally removed in a firmware update. The flaws they used to obtain access to the multi-millon dollar security system can almost solely be attributed to crass design blunders that would have been completely avoidable in the first place.

Sony has a line of laptops ("Vaio") which compete mainly in the high value market segments. They implemented a master password bypass which is rather sane in comparison to the rest of the bunch:
  • The randomly generated master password is only stored in RAM, e.g. it's lost after the next reboot ("one time password").
  • RSA is used for encrypting the password which is then converted to a human-readable form (4x4 characters/8 bytes/64 bits).
  • Their customer support apparently allows for one free password generation per device which is pretty decent by the industry standard.
However, they screwed up by choosing a key length that is just 64 bit and hence too small: an unoptimized python implementation of a general number sieve yields the factors of the key in less than a minute. With these, writing the generator script is an easy exercise:
python pwgen-sony.py
Master Password Generator for Sony laptops (16 characters otp)
Copyright (C) 2009-2010 dogbert

After entering the wrong password for the third time, you will receive a code from which the password can be calculated,
e.g. 73KR-3FP9-PVKH-K29R

Please enter the code:
D63K-XFVF-TK7H-RJKX
The password is: 43878945

 
I'm not the first one who discovered this: hpgl also reversed this scheme quite a while back. There are even some idiots on eBay who sell these master passwords. Given that my stuff has been exploited by so many greedy idiots in the past, I decided against releasing it. This will hopefully also help to reduce the influx of stupid emails from *@hotmail.com users.
Update: Since I still get a substantial amount of email concerning pwgen-sony.py, let me be perfectly clear: I will neither send you the generator nor generate codes for you. I am not interested in selling the script nor am I a substitute for the Sony support or the lack thereof. Also, I do not endorse nor am I affiliated to any shady service that sells passwords or generators. In fact, I'm in the sole possession of the script so anyone claiming to sell the script to you is clearly attempting to defraud you.