PSN authentication process by: c0mput3

A member over at PS3hax.net has some interesting information regarding the PSN authentication process.

c0mput3 Quote:

Quote:

---

I preformed an APR spoof between my ps3 and my network gateway during the PS3 boot sequence, during which the following IP addresses are resolved and tcp connections are made from the playstation

1. 198.107.158.197:443 : service.playstation.net
2. 95.100.177.215:443 : nsx.sec.np.dl.playstation.net
3. 199.108.4.73:443 : auth.np.ac.playstation.net

If you enter any of the IP address into your browse e.g.

https://198.107.158.197

You will get an SSL error, this error tells me that the cert is self signed by sony themselves which means the certs haven't been signed by companies like verisign.

The next step was to identify which versions SSL these servers supported.
It was during this process the web-services where identified as Apache and AkamaiGHost.

SSLv2 is also being accepted on these servers supporting the following ciphers

SSL2 DES 192 EDE3 CBC WITH MD5
SSL2 IDEA 128 CBC WITH MD5
SSL2 RC2 CBC 128 CBC WITH MD5
SSL2 RC4 128 WITH MD5
SSL2 DES 64 CBC WITH MD5
SSL2 RC4 128 EXPORT40 WITH MD5

My investigation continues.....
All help most welcome

---

If you would like to lend a hand, you can visit the original thread at: PSN authentication process

Source: ps3hax.net

Good Find!

Nothing interesting there at all, one tcpdump run can tell you all of that.

Sony uses their own root certs for certain sites, you have the CA certs on the flash, it's not a big mystery nor is it strange in any way. Not using Verisign certs is also not a mystery, can't understand that people still believe those certs are "safer" or "better" in any way than self-signed certs.

Some of the Akamai site will use certs signed by Akamai (but CA is GeoTrust iirc, they only issued another signing cert to Akamai), so you'll find all kinds of certs while looking around.

I kind of hoped someone managed to actually look into traffic and get some new data, this is nothing new or important :(

Now, I find it hard to believe that noone tried this yet, so here is something little you can do (which I posted to other forum ages ago, but nothing also came out of it).

You can replace CA certs on the flash (when using one of USB 'flash/firmware' loaders). If you replace them all with your own CA cert, your PS3 will refuse to boot properly and will boot in the 'safe' mode (plug controller, press PS, blah, blah). So, even though you're trying to run firmware via a loader (and should be 'safe'), PS3 still gets messed up - which means it does indeed use some of those CA certificates for something. Probably to check some signatures (on binaries, etc), and when it fails - it panics really hard.

I've tried replacing Sony's certs with my own, and trying to make PS3 connect to my own server via SSL (that uses cert signed by CA cert I've inserted onto flash), but browser (and PSN signup process) still refused to recognize the certificate and wouldn't proceed with SSL connection - which could mean that it might not trust those certs from the flash for everything. But again, I have very little free time and few hours I've spent playing with certs could mean that I just didn't do it carefully and missed something.

Then I gave up, because there is no point anymore in actually doing any interesting work on PS3. Seeing how everyone just wants to "find a key" or find shit related to playing "backups" (or on PSN)... that's not what interests me, so I don't even want to bother exploring anything even remotely related to that. If someone else wants to bother with this - good luck v0v

Is there any other point to finding out how to duplicate sony certs other than accessing psn? And why would that be a bad thing if that's what we wanted? I can understand you being against piracy, but why be against doing something the console WAS intended for? You started out with a very informative post that peaked my curiousity, and then you ended it by bulldozing any rational reason to work on changing certificate authentication? What's the deal man.

Quote:

---

Originally Posted by gundamwfan

Is there any other point to finding out how to duplicate sony certs other than accessing psn? And why would that be a bad thing if that's what we wanted? I can understand you being against piracy, but why be against doing something the console WAS intended for? You started out with a very informative post that peaked my curiousity, and then you ended it by bulldozing any rational reason to work on changing certificate authentication? What's the deal man.

---

My generation grew up with audio/VHS tapes, LPs and books. Guess how much I care about piracy (hint: I don't give a flying **** about piracy).

I care about not seeing all these hordes of beggars and "demanders" take advantage of anything I would do. So I don't do anything. Hacking PS3 is about fun and learning and challenges. Not about making backups run, or being online with jailbroken console. It's about being able to enjoy breaking things and sharing it with others who enjoy breaking things as much. There is no fun in breaking things then having noone to share with, because beggars are just interested in playing games and not learning how things work

I'd be interested to find out PSN auth process not because I'd want to go online, but because I'm genuinely interested to see what happens in the 'background', and how Sony implemented everything. So yes, there is a point in playing with certs (you can't duplicate them, not sure where you got that idea from). I had more fun seeing my console get "bricked" after booting with replaced certs, than any fun I could possibly having playing boring online games.

Imagine being the one who made it possible for all these beggars to end up on PSN with jailbroken consoles.

It'd be literally like you're Hitler (hi Mr. Godwin).

Quote:

---

It'd be literally like you're Hitler

---

get real

Quote:

---

Originally Posted by chocobo

Then I gave up, because there is no point anymore in actually doing any interesting work on PS3. Seeing how everyone just wants to "find a key" or find shit related to playing "backups" (or on PSN)... that's not what interests me, so I don't even want to bother exploring anything even remotely related to that. If someone else wants to bother with this - good luck v0v

---

Thats really hypocrite in my opinion.

The peoples who smuggled that exploit out of Sony's office obviously didn't do it so that we could play ping pong games involving 2 sprites with a laughable physic on our 40" LCD screens, huh ? :rolleyes:

You wanna develop games ?
Thats a good initiative, i admire it.

I suggest you try to get hired for it then.
Only a few dudes play those useless and outdated "games".
No point.

Homebrew is just a cover up, some peoples need to wake up.

The big money here is all about backups and the fact that you don't need to spend 50 bucks on a game : welcome to planet hearth where everything is about bucks and exploiting my dear friend.

Sorry for being harsh, but i'm tired of reading the same BS at every corner.
Peoples are hypocrites and won't admit the truth.

Quote:

---

Originally Posted by CS67700

The big money here is all about backups and the fact that you don't need to spend 50 bucks on a game : welcome to planet hearth where everything is about bucks and exploiting my dear friend.

Sorry for being harsh, but i'm tired of reading the same BS at every corner.
Peoples are hypocrites and won't admit the truth.

---

Wow, in your attempt to criticise chocobo's issues with the "scene", you just embodied them perfectly.

I do play the occasional game to kill a few hours every now and then, but, like chocobo, I find it a lot more stimulating to poke around and to figure out how stuff works.

And if I do happen to discover some kind of new security flaw, you're saying I should exploit the people who could have a use for it? Because I surely wouldn't want to give it away for free, this being planet Earth and all.

chocobo: There are more of us out here. ;-) We're just not very visible, it seems. (I'm currently fumbling around inside my lv2.bin dump with IDA, learning tons of useless, but interesting tidbits about the lv2 kernel. Damn, my assembler skills are rusty! ;-) )

Quote:

---

Originally Posted by CS67700

Thats really hypocrite in my opinion.

The peoples who smuggled that exploit out of Sony's office obviously didn't do it so that we could play ping pong games involving 2 sprites with a laughable physic on our 40" LCD screens, huh ? :rolleyes:

You wanna develop games ?
Thats a good initiative, i admire it.

I suggest you try to get hired for it then.
Only a few dudes play those useless and outdated "games".
No point.

Homebrew is just a cover up, some peoples need to wake up.

The big money here is all about backups and the fact that you don't need to spend 50 bucks on a game : welcome to planet hearth where everything is about bucks and exploiting my dear friend.

Sorry for being harsh, but i'm tired of reading the same BS at every corner.
Peoples are hypocrites and won't admit the truth.

---

What the ... ?

Ahahaha.

I rest my case.

Quote:

---

Originally Posted by lindax

Wow, in your attempt to criticise chocobo's issues with the "scene", you just embodied them perfectly.

I do play the occasional game to kill a few hours every now and then, but, like chocobo, I find it a lot more stimulating to poke around and to figure out how stuff works.

And if I do happen to discover some kind of new security flaw, you're saying I should exploit the people who could have a use for it? Because I surely wouldn't want to give it away for free, this being planet Earth and all.

---

You got me.
Thats your call (weather to make cash on it or not).

But i'd rather pay for someone who tries to share stuff, rather than pay an overpriced game in store. My point of view.