an idea for psn bypass

[alifaraz21]

Ok what if we use packet analyses on both 3.55 ps3 and a 3.60 ps3 and cross reference the results from both, I know the 3.60 one will have a new public key and thus new session keys for every ssl connection, so don't you think we MAY decipher the new hash functions and the new public key by analyzing the new packet headers? Its a very basic/stupid idea but has anyone given it atry yet, I am using wireshark on my 3.55 but i need someone with a 3.60

P.S please correct any factual errors(if any) in the above post.
regards

also does the ps3 by any chance use the D-H key exchange mechanism?? if so then my plan is an epic fail. one more thing i don't understand clearly is what did math mean when he said "they changed the xi passphrase"
did he mean they change the public encrypiton key?? or what??

[Xeauron]

I don't know if the above will work (haven't bothered trying), but what I can tell you is that I've seen about 5 or so threads in the last month with exactly the same concept word for word (packet analysis) and all of them have disappeared (or died).

I'm guessing this won't work...

[seanshoots]

Well, this would work, but as far as I know the PS3 uses HTTPS (It uses SSL) which means the traffic is encrypted. This is why for the numerous 3.55>3.56 PSN bypasses you had to replace a file in dev_flash. So, unless you can get R/W access (or another way to decrypt the traffic), you can't get the actual packet data.
...although I could be wrong.

[alifaraz21]

wireshark can offer decrypting features afaik need to read up on it a bit more, well its useless the private key in RSA format is needed so no luck here, now anyone has the private key to the sony's servers :P

[Xeauron]

Yeah, Mathieulh I think. Why don't you ask him for it...

[RatAndDragon]

There may be a possibility to smuggle a new certificate onto the system.

But it's a one-way change, whoever does this would need a 3.55 (or below) system that they're willing to update beyond 3.55.

Back when we were talking about interpreting and intercepting the comms, before it became possible to write to NOR on 3.55 using freeflash or the other write-enablers, we were rolling our own CFW with certificates replaced. One of the guys went a little too far and rolled his own 3.56 custom with a new certificate, before installing it and then realising he was now stuck.

3.56 introduced new validation methods, but because they're not present on 3.55, you can install hacked 3.56 PUPs. I don't know if you can install hacked 3.60 PUPs. You can't then go back, or ever install a new custom PUP. TBH I don't even know if the current tools allow us to pull apart and repackage 3.60 successfully. But Theoretically you could make a 3.60 update with a new cert in it and trap all the traffic for analysis. You would then only be able to update that machine to 3.60 or greater OFW.

Me, I don't really want to try this because I only have one PS3 on 3.55.

[RatAndDragon]

Ok what if we use packet analyses on both 3.55 ps3 and a 3.60 ps3 and cross reference the results from both, I know the 3.60 one will have a new public key and thus new session keys for every ssl connection, so don't you think we MAY decipher the new hash functions and the new public key by analyzing the new packet headers? Its a very basic/stupid idea but has anyone given it atry yet, I am using wireshark on my 3.55 but i need someone with a 3.60

P.S please correct any factual errors(if any) in the above post.
regards

also does the ps3 by any chance use the D-H key exchange mechanism?? if so then my plan is an epic fail. one more thing i don't understand clearly is what did math mean when he said "they changed the xi passphrase"
did he mean they change the public encrypiton key?? or what??

OK, so in previous PSN bypasses we didn't decode any keys, and packet headers are not a useful place to look for SSL keys. What you have to do is get a new trusted certificate on there so the PS3 trusts you.

They don't use DH or DHE (AFAICT), but this doesn't help us get at the traffic without access to private keys.

SSL is at a different layer to what Math was talking about the X-I-Passphrase is an HTTP header contained in the HTTPS stream over SSL. We can't see it (let alone alter it) without being able to decode the SSL traffic.

We (not counting math) don't know right now if the new value is the same every time you log on (the old value was) or if it is unique to your system. With the old value nobody wanted to trade them out in the open in case they were unique and somebody else found them, used them and then got your console banned.

Hope that clears it up.


**EDIT** looks like you can make your own 3.60 pup with different certificates. Whether it will install or not is anyone's guess, and as I explained, I don't feel like trying.

[krazyone2011]

i actually have a dns bypass file right now that i run and if your on rebug you can connect to the black ops psn servers and play supposidly haven't tryed it yet though

[fullban]

does it work? bops upload it il try

[krazyone2011]

just sent you a pm