Really tough guy. 99% would have given up. Only 10 players solved this challenge (the rest being mostly HW guys). So, well done, and a impressive show of technical and fast learning skills.
Funny thing about this, he can get banned for sharing the answer. Not only 10 people solved this challenge, but now thousands+ know the answer. Job well done
@@xorxpert It is not longer an event. The challenge and solution are available for education or personal challenges. If you don't want to know the solution, don't search for it.
I feel your pain here man, I was implementing some frequency analysis for the crypto pals challenges and realized like 8 days in that I was trying to run the attack against the hex of the potential plaintext instead of the actual potential plain text. I was ready to throw that laptop off the building.
Thank you for sharing your experience. The constant setbacks are an integral part of most projects I embark upon, so it was refreshing to see them be someone else's problem for a change. ;) Your final line is what makes it all worth it for me: if I do something outside of my comfort zone, it's a living hell, but I learn something from it. Thank you for giving me a fast track through this project, and please know that I have never seen another person deal with such failures like I do... until today.
+RedDragonflyxx everybody is just always trying to hide the failures. It took me a long time to feel comfortable showing my struggles this publicly. We always try to pose as perfect professionals that know everything. I hope I can show that struggling is no weakness :)
Looking back at this old video from years in the future as a watcher of your current channel content, I really liked the rawness of this old one with a few cuss words thrown around :)
I was not aware of the existence of such highly developed open source hardware for SCA on AES. Very impressive and puts quite a new view onto embedded security primarily protected by encryption. I assume to make it also work on e.g. serpent or twofish the hardware is sufficient and just the software needs to be adapted ? BTW the more frustrating it gets, the higher the learning experience when finally overcoming the issue. So being frustrated is an excellent albeit unpleasant way to improvement and personal growth.
It's great to see the entire journey of how you managed to solve the challenge and kept persisting with it. Most of the writeups these days just make you feel stupid as they already seem to know what has been done.
I really love the way you explain the hardest challenge to achieve the target. It so fuc*ing hilarious .. and thats make me thinking twice to do the same thing like what you had done..
Joe grand has an excellent explanation on side channel attacks in general using his own board and a 4 digit pin and how a 4x4x4x4=1024 possible calculations compared to 4+4+4+4=16 possible solutions while using side channel attack techniques
I've been there. But remember to not get locked into a set of doing things one way. A problem that you encounter, may require a completely different outlook from things you have done in the past. Try not to get yourself locked into attacking them from the problems you have solved, but the skill you have really learned is how to solve.
Keep it up! I really love your videos. I am a web developer so I only scratch the surface in your videos but I must say I've been learning a lot from you!
11:30 "...I was about to jump down from the next building" I didn't know whether to laugh or cry for you. I chose the former. What a pain. At last... Interesting stuff 👀👌
I'm seriously trying to figure out how to do this. Any tips? I failed out of college a while ago, so should I take some classes here to improve my GPA first? Thanks.
dude... this is so awesome. Most of videos do focus on problem - most successful attempt - solution methodology. while watching i've actually felt your pain, but still it was so satisfying to watch you overcoming shitload of small hurdles. just if i was looking at myself at my random attempts to do stuff. sincere respect and extra 50 points from me for being stubborn enough - you've earned it ;d
I love your channel, though you make me look like a super noob and you look like some technical God. Amazing, always impressed. Super geek I wish I was as impressive :)
LoL this logic analyzer issue you were having reminds me of an issue I had trying to get the CRC code to work on a chip I am testing... It turns out the c to python conversion was wrong in the sense that I had to take into account the variables were not 16 bits, so I had to mask everywhere I could to get it to work... took my almost a whole day testing every possible thing to figure out this was the issue lol... I should've just programmed an arduino with the original CRC calculation function and hard code it from the start (which was what I did)... The moral of the story is: the more you fiddle with things the higher the chances of you making dumb shit, so always verify what you are doing before moving on...
Great video, but all that level converter stuff wouldnt have really been necessary with an arduino. Just put a voltage divider betwenn arduino tx and Chip whisperer rx, and for the other way ardound you have to do nothing because arduinos usually still detect anything around 3v as "high"
Holy shit, 325 dollars for a board like that? I can't even afford IDA (nor binary ninja, nor hopper), and I do reversing challenges with objdump and radare like some poor fuck, I have probably spent about 50 bucks total on electronics and necessary tools as a student, I find this amount unfathomable.
I understand, I was a student once too. Now I'm lucky to work a nice job and these things become affordable. And I also now understand why they cost that much. I still can't quite afford a full IDA license, but binary ninja, hopper and similar tools are very affordable now. Good tools are worth a lot, but you can still learn a ton without them. To be honest I can't even use them to their full potential. Keep learning and in a few years, when you get out of school, you have great prospects in finding a good job because you are ahead of the people your age. And then you can buy the toys too :)
Thanks for the encouraging words. However I don't consider 100 dollars to be very affordable :( I could pay that, but it'd make a real dent on my quality of life for a long while. Sometimes I wish I won the "security lottery" and found a bug worth a few k$, as that would greatly impact me.
To be fair, the Chip Whisperer does have a pretty nice (and not cheap) Spartan-6 FPGA on it, plus Colin O'Flynn put a lot of work into developing both the hardware and software for this tool.
Arduino nano ist doch ein 328p, der 3,3v kann. Außer die Einstellungen der fuses lassen ihn erst später starten. Ein Versuch, diese mit isp zu bearbeiten wäre dann denkbar.
Hi, Can somebody tell me the exact wiring between the Arduino NANO and the Chipwhisperer? Honesly I'm struggrling, cannot find the power trace of the AES encryption. There is a simple AES impl running on the board.
Awesome video, very informative! I was trying to reproduce this challenge without the help of ChipWhisper, however I noticed that every time the serial connection is open, there's tons of noisy spikes in the power trace, did you experienced similar situation? Thanks!
Heya, not sure if you will end up reading this, but if you remember, would you mind giving some more detail as to how you hooked up the nano to the chipwhisperer, specifically, the power/measurement bits? It looks like you only used one wire for the measurement pin, but would you need some form of reference voltage? Did you wire the Nano and the CW to the same ground, or was it enough that they were both powered by the same PC, and had a common ground via that? Or did I miss something, and you used a differential probe? Thanks!
I’m not 100% sure because this was a loooong time ago. But I think I meassured the voltage accross the shunt resistor. So gnd and vcc before and after the resistor. If I didn’t do that, then definetly hooked gnd to nano gnd
For anyone else that may come across this comment, I figured it out! I put a 100 ohm resistor between pin 4 and the pad, then lead one wire from the load bearing side of the resistor to the middle measurement pin on the CW, and another wire connected from arduino ground to the ground pin of the measurement area on the CW. However, I was still getting crappy measurements, nothing like what was displayed at 10:53. I tried all sorts of things to improve my results (messing with oscilliscope, different resistances, removing decoupling capacitors), but nothing seemed to work. However, after lifting pin 6 of the 328p (which is _also_ VCC), I started seeing *much* better output. It might be that the power was bypassing the resistor entirely via that pin...? I still haven't managed to extract the key yet, but hopefully this helps anyone else who has this issue :)
Seriously, this introduced me to a tool I hadn't heard of before and explained side-channel attacks in greater detail. Keep making these videos! But also when do we get to meet your SO
Maybe it was only 100 points because wanted to have such a challenge in the CTF, but it is actually pay to win, so you do not get such a huge amount of points, if you have all the hardware and stuff.
The honest reason is, that I was lazy regarding the bureaucracy at university, so I went to the Uni where some friends went to. so they can tell me which forms to fill out.
@LiveOverflow Eine Frage, hast du als Bachelor TI oder normal info studiert? Ich würde deinen Master als E-techniker vielleicht in Betracht ziehen und wollte fragen, ob der überhaupt zur Wahl steht :)
“Angewandte Informatik” als duales Studium. IMO total egal was du machst. Hauptsache es motiviert dich über die Studieninhalte hinaus dich damit zu beschäftigen und du hast Spaß!
LiveOverflow Danke :) Naja, ich bin mir manchmal unsicher ob Informatik nicht besser als E Technik gewesen wäre, vor allem als ich deine Videos gefunden hab ^^'.
FYI, all that level conversion you did was mostly pointless. you can easily take the 3v signal and put it into the 5v pin and should work just fine. as far as the other way around(5v to 3v) just a single series resistor should do the job. They also make ready to use logic level converters just for that purpose but I guess that was easier for you.
+OtakuSanel thanks! I never had done it before. I didn't wanna wait on new parts. Didn't try the other idea. I'm sure it was not great what I did, but it worked :D
As long as it works lol all that really matters. Just a bit more complicated than it needed to be. Is there a reason you went with that scope over the ds1054? 2 channels tends to be very limiting especially when you want to do any kind of communication protocol analysis. Granted there are other tools for that like a salae logic analyzer but still.
the 1054z can as well and it's less than half the cost but twice the input channels! Unless you plan on working with RF woodoo magic I really don't see a reason why you would need such a high sampling rate. Is there any particular use for it or just wanted the fastest and that was within budget? Also be aware that the max sampling rate is ONLY achieved when you're using a single channel under certain modes. if you use the 2nd channel the rate gets divided in half as it's multiplexed or using high res modes or various other configurations it won't actually go that fast. You may also want to look into the buspirate, you may find a use for it.
+OtakuSanel I also got a buspirate :) So I got buspirate, Saleae, busblaster, microcontrollers for a few more custom stuff, FPGA dev boards for even faster custom stuff and all I missed was a high sampling osci. And I had experience with it from university. So as I didn't have a lot of experience with other oscilloscopes I got the one I knew I would find helpful :) But I agree, maybe I would never need that speed, and a 1054z or a new keysight would have matched my usage better :)
Yeah it was difficult, but you had never tried it before. You had no reference point so it involved a lot of frustrating trial and error. But see it from an experience HW attacker. It would be easily done in an hour.
Let's say the guy establishing the code gets unbelievably drunk, jams on the keyboard and thereby establishes the key with no memory. It seems to me that is secure....
Really tough guy. 99% would have given up. Only 10 players solved this challenge (the rest being mostly HW guys). So, well done, and a impressive show of technical and fast learning skills.
I missed the inscription phase, is there a way to join the challenge (cause you know the arduino has a "special" bootloader)?
The challenges (most of them) are on Riscure's Github repository. You can play with your own board. The encryption/authentication layer was removed.
great ! thanks for te reply
Funny thing about this, he can get banned for sharing the answer. Not only 10 people solved this challenge, but now thousands+ know the answer. Job well done
@@xorxpert It is not longer an event. The challenge and solution are available for education or personal challenges. If you don't want to know the solution, don't search for it.
I feel your pain here man, I was implementing some frequency analysis for the crypto pals challenges and realized like 8 days in that I was trying to run the attack against the hex of the potential plaintext instead of the actual potential plain text. I was ready to throw that laptop off the building.
Chatting and ranting over ctf challenges at 04:30 AM - I feel you :D
Thank you for sharing your experience. The constant setbacks are an integral part of most projects I embark upon, so it was refreshing to see them be someone else's problem for a change. ;)
Your final line is what makes it all worth it for me: if I do something outside of my comfort zone, it's a living hell, but I learn something from it. Thank you for giving me a fast track through this project, and please know that I have never seen another person deal with such failures like I do... until today.
+RedDragonflyxx everybody is just always trying to hide the failures. It took me a long time to feel comfortable showing my struggles this publicly. We always try to pose as perfect professionals that know everything.
I hope I can show that struggling is no weakness :)
LiveOverflow Respect!
2:42 "This is AES. Fuck my life" .. you made my day 😂😂😂😂
Looking back at this old video from years in the future as a watcher of your current channel content, I really liked the rawness of this old one with a few cuss words thrown around :)
I was not aware of the existence of such highly developed open source hardware for SCA on AES. Very impressive and puts quite a new view onto embedded security primarily protected by encryption. I assume to make it also work on e.g. serpent or twofish the hardware is sufficient and just the software needs to be adapted ?
BTW the more frustrating it gets, the higher the learning experience when finally overcoming the issue. So being frustrated is an excellent albeit unpleasant way to improvement and personal growth.
It's great to see the entire journey of how you managed to solve the challenge and kept persisting with it. Most of the writeups these days just make you feel stupid as they already seem to know what has been done.
Kudos for not giving up!
I really love the way you explain the hardest challenge to achieve the target. It so fuc*ing hilarious .. and thats make me thinking twice to do the same thing like what you had done..
points aint everything. Atleast you have learned something new.
Joe grand has an excellent explanation on side channel attacks in general using his own board and a 4 digit pin and how a 4x4x4x4=1024 possible calculations compared to 4+4+4+4=16 possible solutions while using side channel attack techniques
100 points .... for so much work .... wow xD
I've been there. But remember to not get locked into a set of doing things one way. A problem that you encounter, may require a completely different outlook from things you have done in the past. Try not to get yourself locked into attacking them from the problems you have solved, but the skill you have really learned is how to solve.
Good work... If anyone had to start from scratch all your work will help us to have a jumpstart...
Love Berlin and love your vids. Really interesting power analysis, keep up the good work! I have to see if my uni has such toy...equipment too.
this is AES.. fml.. couldnt stop laughing ^^ - btw: love your channel. stuck since days here :D
Keep it up! I really love your videos. I am a web developer so I only scratch the surface in your videos but I must say I've been learning a lot from you!
Great video man, love your presentation style and sense of humor.
11:30 "...I was about to jump down from the next building" I didn't know whether to laugh or cry for you. I chose the former. What a pain. At last... Interesting stuff 👀👌
Great video, great explanation. Keep up the good work!
Cool 33c3 wristband btw :)
Wish I had this much patience! Great job
very nice, makes you wonder to what ridiculous scale our sigint staff are capable of pulling off.
Well done - persistence! (And knowledge of ground loops!)
Thanks for sharing and not giving up. Inspirational :)
"Thats the awesome thing about university, you can get access as well as help & advice" - Perks of not going to a US college
come to Germany! :)
I'm seriously trying to figure out how to do this. Any tips? I failed out of college a while ago, so should I take some classes here to improve my GPA first?
Thanks.
Not really. Majority of decent US universities have this setup. I had to ask around and got a similar setup.
dude... this is so awesome. Most of videos do focus on problem - most successful attempt - solution methodology.
while watching i've actually felt your pain, but still it was so satisfying to watch you overcoming shitload of small hurdles.
just if i was looking at myself at my random attempts to do stuff.
sincere respect and extra 50 points from me for being stubborn enough - you've earned it ;d
I'm really impressed!
Hey, I'm also studying at TU Berlin. But I'm studying mathematics :)
I love your channel, though you make me look like a super noob and you look like some technical God. Amazing, always impressed. Super geek I wish I was as impressive :)
I think I'll stick to software for now :P Good job you didn't give up and succeeded to ph0wn the challenge
Congrats ! good work and spirit, thank you for sharing this !
GOAT in making! awesome!
Nice work. Haha I feel your pain. You had me laughing several times. Can relate. Cheers!
can you pleeease make video tutorial on how to extract authentication keys from 3g/4g sims?
LoL this logic analyzer issue you were having reminds me of an issue I had trying to get the CRC code to work on a chip I am testing... It turns out the c to python conversion was wrong in the sense that I had to take into account the variables were not 16 bits, so I had to mask everywhere I could to get it to work... took my almost a whole day testing every possible thing to figure out this was the issue lol... I should've just programmed an arduino with the original CRC calculation function and hard code it from the start (which was what I did)... The moral of the story is: the more you fiddle with things the higher the chances of you making dumb shit, so always verify what you are doing before moving on...
Awesome video man!
Great video, but all that level converter stuff wouldnt have really been necessary with an arduino. Just put a voltage divider betwenn arduino tx and Chip whisperer rx, and for the other way ardound you have to do nothing because arduinos usually still detect anything around 3v as "high"
wow wow ... better than Mr. Robot Series .. well done
They thought Kevin Mitnick could whistle into the phone and set off nuclear bombs... they were wrong this guy can
This is advance. You're amazing.
In the chips you buy for your computer, we make SCAing AES a little more difficult.
Never forget to smash that Like Button guys!!!! Awesome videos bro.
ur a fucking god srsly!! hoooly shit what a smart fucking guy!! :O
Holy shit, 325 dollars for a board like that?
I can't even afford IDA (nor binary ninja, nor hopper), and I do reversing challenges with objdump and radare like some poor fuck, I have probably spent about 50 bucks total on electronics and necessary tools as a student, I find this amount unfathomable.
I understand, I was a student once too. Now I'm lucky to work a nice job and these things become affordable. And I also now understand why they cost that much. I still can't quite afford a full IDA license, but binary ninja, hopper and similar tools are very affordable now.
Good tools are worth a lot, but you can still learn a ton without them. To be honest I can't even use them to their full potential. Keep learning and in a few years, when you get out of school, you have great prospects in finding a good job because you are ahead of the people your age. And then you can buy the toys too :)
Thanks for the encouraging words. However I don't consider 100 dollars to be very affordable :( I could pay that, but it'd make a real dent on my quality of life for a long while. Sometimes I wish I won the "security lottery" and found a bug worth a few k$, as that would greatly impact me.
To be fair, the Chip Whisperer does have a pretty nice (and not cheap) Spartan-6 FPGA on it, plus Colin O'Flynn put a lot of work into developing both the hardware and software for this tool.
these videos man, love em even tho its hard sometimes- keep learning mate :-)
You did it!!
Arduino nano ist doch ein 328p, der 3,3v kann. Außer die Einstellungen der fuses lassen ihn erst später starten. Ein Versuch, diese mit isp zu bearbeiten wäre dann denkbar.
you had me at "completely fucking wrong"
Hi,
Can somebody tell me the exact wiring between the Arduino NANO and the Chipwhisperer? Honesly I'm struggrling, cannot find the power trace of the AES encryption. There is a simple AES impl running on the board.
You're awesome.
8:58 a programmers lifr
dude you rock!
To find out the secret key of any chip even the new generation processors like intel or amd or processors on smartphones what equipment is needed?
?
🧠 killing my brain
No pain, no gain
Could you please answer how you capture the power traces and transfer them onto PC as you're not using the cw capture board in this experiment?
mind sharing that IRSSI setup?
great video btw :D
Awesome.
Awesome video, very informative! I was trying to reproduce this challenge without the help of ChipWhisper, however I noticed that every time the serial connection is open, there's tons of noisy spikes in the power trace, did you experienced similar situation? Thanks!
It has been a long time. But I think I saw stuff like that too. Did you connect your measurement directly in between the VCC line to the chip?
Have you done a video on bypassing 'Control Flow Guard ' just an idea keep up the
good work mate :)
+Muhaa Haloa nope, not yet. But I'm sure eventually I will reach that
Wow Respekt 👍
Heya, not sure if you will end up reading this, but if you remember, would you mind giving some more detail as to how you hooked up the nano to the chipwhisperer, specifically, the power/measurement bits?
It looks like you only used one wire for the measurement pin, but would you need some form of reference voltage? Did you wire the Nano and the CW to the same ground, or was it enough that they were both powered by the same PC, and had a common ground via that? Or did I miss something, and you used a differential probe? Thanks!
I’m not 100% sure because this was a loooong time ago. But I think I meassured the voltage accross the shunt resistor. So gnd and vcc before and after the resistor. If I didn’t do that, then definetly hooked gnd to nano gnd
@@LiveOverflow Thank you! Will have an experiment :)
For anyone else that may come across this comment, I figured it out! I put a 100 ohm resistor between pin 4 and the pad, then lead one wire from the load bearing side of the resistor to the middle measurement pin on the CW, and another wire connected from arduino ground to the ground pin of the measurement area on the CW.
However, I was still getting crappy measurements, nothing like what was displayed at 10:53. I tried all sorts of things to improve my results (messing with oscilliscope, different resistances, removing decoupling capacitors), but nothing seemed to work. However, after lifting pin 6 of the 328p (which is _also_ VCC), I started seeing *much* better output. It might be that the power was bypassing the resistor entirely via that pin...?
I still haven't managed to extract the key yet, but hopefully this helps anyone else who has this issue :)
Awesome to hear you haven’t given up yet!!
@@LiveOverflow I pulled it off! Thanks for the help. I'm going to give fault injection a try next :)
Did you need the oscilloscope or was it just helpful for debugging?
Uhhhhhh, Everything's going over my head.
respect. =)
normal people: "wow side channel attack very cool"
me: "wait liveoverflow has an so? tell me more"
Seriously, this introduced me to a tool I hadn't heard of before and explained side-channel attacks in greater detail. Keep making these videos! But also when do we get to meet your SO
Maybe it was only 100 points because wanted to have such a challenge in the CTF, but it is actually pay to win, so you do not get such a huge amount of points, if you have all the hardware and stuff.
so AES is shit ?
all sandisk flashdrives using AES 128bit can be decrypted this way ?
so there's not much difference if you use AES 128bit or 1024 ?
Incredible sir!! You inspire me to dig more and more! Can we connect on social media!
As someone who just chose his Uni for his CS Masters: Why TU B? Isn’t the HU the better choice? I chose another Uni entirely though
The honest reason is, that I was lazy regarding the bureaucracy at university, so I went to the Uni where some friends went to. so they can tell me which forms to fill out.
That's why I never was hacking. I just don't have enough patience to figgle out with things.
so relatable xD
@LiveOverflow Eine Frage, hast du als Bachelor TI oder normal info studiert?
Ich würde deinen Master als E-techniker vielleicht in Betracht ziehen und wollte fragen, ob der überhaupt zur Wahl steht :)
“Angewandte Informatik” als duales Studium. IMO total egal was du machst. Hauptsache es motiviert dich über die Studieninhalte hinaus dich damit zu beschäftigen und du hast Spaß!
LiveOverflow Danke :)
Naja, ich bin mir manchmal unsicher ob Informatik nicht besser als E Technik gewesen wäre, vor allem als ich deine Videos gefunden hab ^^'.
Soo AES is F#$! UP?!!!!
Did you ever try HackTheBox?
FYI, all that level conversion you did was mostly pointless. you can easily take the 3v signal and put it into the 5v pin and should work just fine. as far as the other way around(5v to 3v) just a single series resistor should do the job. They also make ready to use logic level converters just for that purpose but I guess that was easier for you.
+OtakuSanel thanks! I never had done it before. I didn't wanna wait on new parts. Didn't try the other idea. I'm sure it was not great what I did, but it worked :D
As long as it works lol all that really matters. Just a bit more complicated than it needed to be. Is there a reason you went with that scope over the ds1054? 2 channels tends to be very limiting especially when you want to do any kind of communication protocol analysis. Granted there are other tools for that like a salae logic analyzer but still.
+OtakuSanel I have an 8 channel saleae for that reason. And the DS2072A can be jailbroken to have very high sample rate :)
the 1054z can as well and it's less than half the cost but twice the input channels! Unless you plan on working with RF woodoo magic I really don't see a reason why you would need such a high sampling rate. Is there any particular use for it or just wanted the fastest and that was within budget? Also be aware that the max sampling rate is ONLY achieved when you're using a single channel under certain modes. if you use the 2nd channel the rate gets divided in half as it's multiplexed or using high res modes or various other configurations it won't actually go that fast. You may also want to look into the buspirate, you may find a use for it.
+OtakuSanel I also got a buspirate :)
So I got buspirate, Saleae, busblaster, microcontrollers for a few more custom stuff, FPGA dev boards for even faster custom stuff and all I missed was a high sampling osci. And I had experience with it from university. So as I didn't have a lot of experience with other oscilloscopes I got the one I knew I would find helpful :)
But I agree, maybe I would never need that speed, and a 1054z or a new keysight would have matched my usage better :)
mantap
Ich denke mal du studierst IT Sicherheit oder bist fertig damit? Wenn ja auf welcher Uni denn?
Ok Berlin hätte bis zum Ende warten sollen :D
What I feel when I watch this channels videos -> ua-cam.com/video/FktI4qSjzaE/v-deo.htmlm10s
FYI you can use 12:10 instead.
RIP arduino 13:40
Yeah it was difficult, but you had never tried it before. You had no reference point so it involved a lot of frustrating trial and error. But see it from an experience HW attacker. It would be easily done in an hour.
#thescakewasalie
2:02 your computer good?
This is AES. Fuck my life, too :))) I using sakura-g board :(
What is this chat application he is using at 13:23 ?
I would say, IRC. There are a lot of clients for it, especially under linux.
looks like Irssi a command line interface irc application
It’s weechat
Hello, Im a researcher from BGU and I would like to contact you, is it possible ?
you just did
WOOHOO ! :)
I'm trying to do CPA on some microcontroller and I would like to DM you and ask you some questions :D
exc
bro remove capacitor
Let's say the guy establishing the code gets unbelievably drunk, jams on the keyboard and thereby establishes the key with no memory. It seems to me that is secure....
are you chinese?哈哈 你的声音听起来有点像
No, he's German.
Cwlite is better
10:41 the way he said that made my day
Can this also be done with the PS3? to extract he private keys, like we can sign our own software?
The PS3 is more complex then that, but in the gist, I think yes.
Need to set it up for ECDSA, though.
The private keys aren't acturally on the console though