Here's an abridged version, let me know if you want something shorter:
[user2] I just finished decrypting 100% of all psn functions, you can forget all the history wiper and log remove apps, there's a independent check which transfers all games and their playtime every time you login. You can modify it like the firmware version tho. Also they can detect backups this way
[user4] user2, is that in data sent to
a0.[CC].np.communication.PlayStation.net
[user2] Sony is the biggest spy ever, lol. All connected devices return values sent to Sony server. Returns tv, fw version, fw type, console model. also i found data it collects when i had USB device attached etc etc. so if they ever sue someone for PSN stuff, they will be sued themselves, as most of the data they collect is just not legal
[user6] user2: do you now know enough to wipe all traces, so that people who never had their consoles on the internet can avoid sending this information now?
[user2] @xxxx: we could modify the data via proxy between the tunnels, like delete all data between the XML tags or something
[user1] the only avoidance is block all
*.PlayStation.net
[user2] it could be that it's used for online playtime or PSN logged in playtime. For example: [redacted plain text code, includes false credit card number] sent as plaintext
[user1] wow, plaintext :S
[user5] plaintext wow
[user3] I'm never putting in my details like that
[user2] normally you AT LEAST encrypt the security code, even if its ssl
[user5] I'd hope Sony would do such in a safe manner, psn cards probably plain text to then
[user2] but hey it's Sony –> it's a feature
[user7] from all the actions they’ve taken the past years, we can only deduce that Sony don’t care about their customers
[user2] I know a few guys who worked @ Sony's PSN backend. Just when the ps3 was released we talked bout the first PSN, at this time ALL was HTTP and unencrypted. So you could see user/pass etc plain. I asked them, why is it that way. Lame answer was “we thought it was addressed.” – lol
[user8] that fits nicely into the “#define rand() 4″ mentality.
[user2] another funny function I found is regarding PSN downloads, its when a pkg game is requested from the store, in the URL itself you can define if you get the game free or not. Requires some modification in hashes and so on though. It's like drm:off
[user1] :facepalm:
[user2] still wondering when the big ban wave arrives
[user1] if they ban everyone, even using backups legally in their country (but in their opinion a TOS violation), it will be a huge tsunami, not a wave
[user4] an open PSN would be nice, even if it was just a player matching service
[user2] ya, a PSN host by the community
[user3] that actually could be perhaps possible, if you can get auth working
[user12] you can try to analyze the protocol and say “if X then Y” type responses the problems come up when you get something you haven't seen before. But for stuff like that the ticket has to exist on the PSN side of things, because if I send my ticket to a vendor server they will validate it against PSN, and if it's not there it will fail. Know this, Sony in realtime, monitors all messages over PSN. I verified that, it's part of my privacy threats thing I am doing. They appear to have at the very least keywords they look for, not sure just how invasive the whole thing is, but …
[user4] the censor word-list is ridiculous
[user12] the censor words in home is on your system, it downloads a dict list of words. an empty file resolves that
[user2] There actually is an easy way to get userlists. It would fuck PSN pretty hard if some skiddy releases a spam app. The highscore and matchmaking lobbies you can request per game id and get user mails for PSN. Huge list + spam app == sux. And we all know what happens if cool homebrew arrives, remember open remote play? Sony just releases an official tool lol. The PSN has 45 environments all working independent, we could just change to another environment. And they also need to have an eye to the official developers which use environments too, and the QA which needs to work with older firmware sometimes, so they can't update all environments and block all
[user4] luckily they use
CN=*.*.np.community.PlayStation.net
which saves a bit of hassle, just calling openssl from your app user12 ?
[user12] openssl libs, not the app itself. And I do it for ALL ssl connections in realtime, so even if you use the web browser it will generate certs for that too. It is similar in function to “sslsniff” but mine works with the ps3 and logs correctly
[user2] btw you know the login url for auth is like:
[user14] please not connect to external DNS IP with your ps3. Your passwords and email and other data is revealed on the external side. spam people can use this info for spamming
[user12] if it's just the firmware check then no, because there is nothing private sent in that http (cleartext) request. So it depends on what hosts they are looking at
[user2] for a test POST i worked with 1 only and always worked. Probably many to identify the service
[user12] the ticket is sent to say a game, Netflix, etc. anything that uses PSN. That way you do not send credentials to anyone but Sony
[user2] if it's like you say then this is another vuln, lol, as i tested if always first ticket works you could hijack a session the ticket and session i used didn't timeout and if it always creates a new ticket as you say there would be many sessions
[user12] I also know that the server that does the x-i-5 tickets is a bit more tight about the ciphers than any other system in sonyland. If Sony is watching this channel they should know that running an older version of apache on a redhat server with known vulnerabilities is not wise, especially when that server freely reports its version and its the auth server.
auth.np.ac.PlayStation.net
[user11] you know, watching this conversation makes me think about whether it was a good idea after all to buy a couple of games from PSN using a Visa card
[user12] they are running linux 2.6.9-2.6.24 on that box too. that too is old. My guess is that it really is undermaintained “it works why change anything”.
[user12] Sony really should update that stuff to something more current
[user2] but imagine, psn == 45 environments, and for example, every env has 50 subdomains
to external machines. It's rly rly huge. Who wants to do this xD ppl r lazy wont change
[user2] I just finished decrypting 100% of all psn functions, you can forget all the history wiper and log remove apps, there's a independent check which transfers all games and their playtime every time you login. You can modify it like the firmware version tho. Also they can detect backups this way
[user4] user2, is that in data sent to
[user2] Sony is the biggest spy ever, lol. All connected devices return values sent to Sony server. Returns tv, fw version, fw type, console model. also i found data it collects when i had USB device attached etc etc. so if they ever sue someone for PSN stuff, they will be sued themselves, as most of the data they collect is just not legal[user6] user2: do you now know enough to wipe all traces, so that people who never had their consoles on the internet can avoid sending this information now?
[user2] @xxxx: we could modify the data via proxy between the tunnels, like delete all data between the XML tags or something
[user1] the only avoidance is block all
[user2] it could be that it's used for online playtime or PSN logged in playtime. For example: [redacted plain text code, includes false credit card number] sent as plaintext[user1] wow, plaintext :S
[user5] plaintext wow
[user3] I'm never putting in my details like that
[user2] normally you AT LEAST encrypt the security code, even if its ssl
[user5] I'd hope Sony would do such in a safe manner, psn cards probably plain text to then
[user2] but hey it's Sony –> it's a feature
[user7] from all the actions they’ve taken the past years, we can only deduce that Sony don’t care about their customers
[user2] I know a few guys who worked @ Sony's PSN backend. Just when the ps3 was released we talked bout the first PSN, at this time ALL was HTTP and unencrypted. So you could see user/pass etc plain. I asked them, why is it that way. Lame answer was “we thought it was addressed.” – lol
[user8] that fits nicely into the “#define rand() 4″ mentality.
[user2] another funny function I found is regarding PSN downloads, its when a pkg game is requested from the store, in the URL itself you can define if you get the game free or not. Requires some modification in hashes and so on though. It's like drm:off
[user1] :facepalm:
[user2] still wondering when the big ban wave arrives
[user1] if they ban everyone, even using backups legally in their country (but in their opinion a TOS violation), it will be a huge tsunami, not a wave
[user4] an open PSN would be nice, even if it was just a player matching service
[user2] ya, a PSN host by the community
[user3] that actually could be perhaps possible, if you can get auth working
[user12] you can try to analyze the protocol and say “if X then Y” type responses the problems come up when you get something you haven't seen before. But for stuff like that the ticket has to exist on the PSN side of things, because if I send my ticket to a vendor server they will validate it against PSN, and if it's not there it will fail. Know this, Sony in realtime, monitors all messages over PSN. I verified that, it's part of my privacy threats thing I am doing. They appear to have at the very least keywords they look for, not sure just how invasive the whole thing is, but …
[user4] the censor word-list is ridiculous
[user12] the censor words in home is on your system, it downloads a dict list of words. an empty file resolves that
[user2] There actually is an easy way to get userlists. It would fuck PSN pretty hard if some skiddy releases a spam app. The highscore and matchmaking lobbies you can request per game id and get user mails for PSN. Huge list + spam app == sux. And we all know what happens if cool homebrew arrives, remember open remote play? Sony just releases an official tool lol. The PSN has 45 environments all working independent, we could just change to another environment. And they also need to have an eye to the official developers which use environments too, and the QA which needs to work with older firmware sometimes, so they can't update all environments and block all
[user4] luckily they use
which saves a bit of hassle, just calling openssl from your app user12 ?[user12] openssl libs, not the app itself. And I do it for ALL ssl connections in realtime, so even if you use the web browser it will generate certs for that too. It is similar in function to “sslsniff” but mine works with the ps3 and logs correctly
[user2] btw you know the login url for auth is like:
[user14] please not connect to external DNS IP with your ps3. Your passwords and email and other data is revealed on the external side. spam people can use this info for spamming[user12] if it's just the firmware check then no, because there is nothing private sent in that http (cleartext) request. So it depends on what hosts they are looking at
[user2] for a test POST i worked with 1 only and always worked. Probably many to identify the service
[user12] the ticket is sent to say a game, Netflix, etc. anything that uses PSN. That way you do not send credentials to anyone but Sony
[user2] if it's like you say then this is another vuln, lol, as i tested if always first ticket works you could hijack a session the ticket and session i used didn't timeout and if it always creates a new ticket as you say there would be many sessions
[user12] I also know that the server that does the x-i-5 tickets is a bit more tight about the ciphers than any other system in sonyland. If Sony is watching this channel they should know that running an older version of apache on a redhat server with known vulnerabilities is not wise, especially when that server freely reports its version and its the auth server.
[user11] you know, watching this conversation makes me think about whether it was a good idea after all to buy a couple of games from PSN using a Visa card[user12] they are running linux 2.6.9-2.6.24 on that box too. that too is old. My guess is that it really is undermaintained “it works why change anything”. [user12] Sony really should update that stuff to something more current
[user2] but imagine, psn == 45 environments, and for example, every env has 50 subdomains to external machines. It's rly rly huge. Who wants to do this xD ppl r lazy wont change
http://www.psx-sense.nl/46022/chatlog-hackers-credit-card-ge...