In the days since the PlayStation Classic’s official release, hackers have already made great progress in loading other PlayStation games (and even non-PlayStation software) onto the plug-and-play device. What’s more, it seems some sloppy cryptography work on Sony’s part is key to unlocking the device for other uses.
Console hackers yifanlu and madmonkey1907 were among those who were able to dump the PlayStation Classic’s code via the system’s UART serial port in the days after its release. From there, as yifanlu laid out on Twitter, the hackers found that the most sensitive parts of the system are signed and encrypted solely using a key that’s embedded on the device itself, rather than with the aid of a private key held exclusively by Sony. In essence, Sony distributed the PlayStation Classic with the key to its own software lock hidden in the device itself.
Further examination by yifanlu during a series of marathon, Twitch-streamed hacking sessions found that the PlayStation Classic also doesn’t seem to perform any sort of signature check at all for the sensitive bootrom code that’s loaded when the system starts up. That makes it relatively trivial to load any sort of payload to the hardware from a USB device at startup, as yifanlu demonstrated with a video of a Crash Bandicoot prototype running on the PlayStation Classic last week.