Ps3 Exploit Desde Italia

Sono passati oramai diversi giorni dalla messa in rete di questa notizia.
Un gruppo di hacker italiani guidati dal nostro utente Giulio19992 è riuscito infatti ad immettere nell'hard disk della PS3, attraverso un ripristino di un backup, il database di Metal Gear Solid che prima non era presente nello stesso.
Ovviamente, appena possibile, ci siamo subito informati sulla faccenda ed abbiamo contattato l'utente stesso che ci ha gentilmente rilasciato una breve ma esplicativa intervista su tutto ciò.
Sotto il primo spoiler trovate l'intervista, in esclusiva per NeXtRL.it .
Sotto il secondo spoiler trovate il post in inglese di Giulio19992 fatto su un sito estero di PS3 assieme a tre video.

NeXtRL: Come hai scoperto quest'exploit e soprattutto, a cosa serve e come può essere usato?
Giulio19992: L'Exploit Backup Tool, il primo exploit che é stato rovato dal nostro Team, ma anche uno dei più importanti fin'ora, é stato scoperto per pura casualità: durante un ripristino uno di noi si é chiesto: e se noi lo usassimo per Immettere files nell'HDD?. E da lì é nato tutto. Poi c'é da dire che abbiamo tratto l'ispirazione da uno dei giochi più famosi per PS3: Metal Gear Solid 4. Chi ha giocato questo titolo non avrà difficoltà a individuare i vari componenti per l'Hack. Se ricordate Liquid nel gioco cerca di usare GW per infiltrarsi all'interno della rete SOP e prenderne il controllo. Questo é ciò che facciamo noi con il Backup Exploit: ci infiltriamo e copiamo files all'interno dell'HDD. Questo può sembrare banale, ma stà dando dei risultati, come avete visto nei numerosi video.
N: E' possibile, ad oggi, avviare homebrew tramite questo exploit?
G: Beh in questo momento no ma siamo in grado di modificare Savegames per farlo
N: Tramite questo metodo è possibile avviare qualsiasi file .pkg?
G: No, solo .pkg firmati, per ora.
N: L'exploit potrebbe essere tappabile con un semplice aggiornamento del fw o serve qualcosa di più complesso?
G: Beh come sapete in questi giorni é stato rilasciato il Firmware 2.60. Dobbiamo ancora analizzarlo per verificare eventuali Bug-Fix. Comunque pensiamo che SONY possa Fixare questo Exploit aggiungendo un Check durante il ripristino di un Backup. Oppure riscrivere l'interà unità di Backup.
N: Beh, ora la spinta c'è. Si può arrivare anche a un bel "Hello World" facilmente?
G: Un Hw é già stato eseguito, ma non reso pubblico, attraverso Savegames.
N: Non so se ricordi quel fake del brasiliano che diceva di poter traformare le "Iso" dei Blue-Ray in .pkg , questo è possibile per ora?
G: No, impossibile e anche se fosse possibile occorrerebbe firmare quel .PKG .
N: Ergo tutto gira attorno al crack della firma Sony?
G: Beh noi non puntiamo alla firma ma all'aggiramento di essa e di Hypervisor.

INSTRUCTIONS BETA:

Edit: CLEAN File Repack located HERE.

You need to download the file and follow those incructions:

1: Extract in C:\
2: Download PS3_Debug_PKG_Test_File.rar
3: Copy the file .pkg inside in C:\
4: Execute the .EXE
5: Copy thath file to your Backup
6: Restore

1: Estraete in C:\
2: Scaricate PS3_Debug_PKG_Test_File.rar
3: Copiate il file .pkh in C:\
4: Eseguite il .exe
5: Copiate il file ottenuto nel vostro backup PS3
6: Ripristinate

Hello everyone,

I wanted to create this Thread to enable users of the forum to be constantly updated with my project. For this please moderators not to close or merge the discussion, and therefore ask users to respect the rules of the forum and not unnecessarily post in the debate.

Said that we begin:



First I would like to clarify, to avoid unpleasant incidents, that this project is based on the study of the usefulness of Backup PS3. Specifically deals with the reconstruction File System it. Let me also clarify that we are working to develop a "Hello World".

I understand that someone will think that we are the last arrived and that several teams are working over time, but I would like to specify that we are working very well with us at a great affiatamento for the same purpose.

Now move on to describe what will the Thread:

Our team is trying to analyze the backup files created by a PS3 during normal operation Backup. We believe that by analyzing these files can be the entire reconstruction File System and thus be aware of directories used by PS3. Through this we will create an application that, having bypassed Hypervisor, a display screen text.

To facilitate understanding of the various steps write a small description for each.

LIVE [1]

1) Backup operation in progress
Right now the PS3 is creating backup files on an external HDD

2) Backup Operation Completed
Backup files were created successfully created within the 'external HDD in the directory:

E: \ PS3 \ EXPORT \ BACKUP \ 200901031321

3) File Analysis



4) Copy Backup PC

5) Compiling possible. Tiff

6) Testing ...

7) Spoof succeeded!
The team is able to understand the vital function of a specific file Backup

Story:

The team during the first session Hack is able to complete a backup operation and then analyze the files created. These files have been analyzed and has created a "Zombie", a file that is infiltrated and is not functioning but placed between rows "Live" makes him seem alive too (Sorry for the trivial example but is difficult to explain in so simple). In this way the team has performed a "Spoof" ie has sniffed the files that are detected by the console during a phase of restoration of Backup. It was also found that the console write these files to make them useless and corrupt, we think the file for inibile zombie.

IMPORTANT [1]:

During the proceedings this afternoon, between a commitment to another, we were able to synthesize the Core Tool. Let me explain better. The Backup utility works as a copy-paste, is then copy the backup files in memory and then write to the HDD. After careful analysis we have come to find the Heart of the program, what does that is to write to the HDD. Through it we will be able to write any kind of program, image, video inside PS3.

IMPORTANT [2]:

The Core founded by us i affected by a BUG. In fact, the trophies system on which it operates are removed. And 'everyone knows that simply run a synchronization to return to normal.

IMPORTANT [3]:

I, but as members of the team, not deliver anything before "Hello World" and before that he had tested the whole.

LIVE [2]

1) Prepare for generation Hierarchies
The team is bringing stà prepare for the generations of hierarchies

2) Analysis and selection file

3) Preparation "Injector"

The 'Primer' is an external device that inept files for Backup

4) Injector ready

- START HACK -

5) Application formula:

archive2.dat = NO
archive2.dat + archive.dat = NO
archive2.dat + archive_00.dat = NO
archive2.dat + archive.dat + archive_00.dat = YES IT WORKS (Flasher)

6) Copy File Backup chosen nell'Iniettore



7) Testing

- ERROR -
Restoring property files

8) Testing [2]

[INJECTION IN FUNCTION]

9) Injection been successful

10) Check

- HIERARCHY -

archive.dat - archive2.dat = CORE

archive.dat - archive2.dat - XXXXXX <Seg. = INJECTION

- END HACK -

Story:

The team during the second section of Hack has thoroughly understood the operation of the 'injector "and the relationship with the files to be injected. The team has learned how to inject the files work on the basis of the presence of zombie files and files live. IS be noted that if not complied with an order of specific files Backup, while injecting some files are omitted. But the order has been learned and implemented accordingly in the formula. The team has also drawn two key hierarchies: The first made public, is to CORE nell'iniettore ie, the second, criticized the way, contains the formula needed to correct copying nell'HDD. To summarize this session was able to understand how the system proceed with copying files. That is the next step will be to simply copy files to assess the behavior during the injection. As for the video all'upload continue until procedure is finished. I remember that the video shows the injector in action.

LIVE BETA TEST

Story:

Today it is held the first session BETA TEST. The team consists of Giulio19992 tried yet the veracity of their Hack involving users of the Forum. Through this session was able to test the operation of Formula (See Live 2) even on systems other than those owned by Team. It 'showed that the procedure will go ulteriolmente improved to avoid bug recognition and a second extraction the injector. Nonostance what the test is done fairly with the help of one of the members of the Team.

LIVE [3]

1) Run Backup Utility
The team is conducting a new Backup

2) Merging of Files
Team is joining files and files Zombie Live

3) Check PS3 Backup Tool

4) Worked
It worked. PS3 has completed the operation.

Story:

The Team in this fourth session Hack tried, with success, to unite Backup files also created different dates. Is Be noted that this time the team has solved the annoying bugs that did stop the restore operation during the hack. Later he updated the previous formula:

archive2.dat = NO
archive2.dat + archive.dat = NO
archive2.dat + archive_00.dat = NO
archive2.dat + archive.dat + archive_00.dat = YES IT WORKS (Flasher With BUG)
archive2.dat + archive.dat + archive_00.dat + archive2_00.dat + archive2_01.dat [O] = YES IT WORKS (Flasher Without BUG)

With this we are pleased to announce that finding an exact location, and compiling a file Loader, we can inject this into the PS3. Making it working.

- PS3 Encryption File System Detected -

The team has identified the method HDD Encrypt the (So thank you for helping NDT). The information is secret but I can but i'll give you a source code that between 24 hours will be' removed (20.00) to give a chance 'to see how they work.
This code and 'was pulled up to 4 hands in a short time (say Lampo code) for this could essereci errors to be corrected in this case. Some parts were censored with "*" for not issuing sensitive information. The file and 'down in the Annex to this post.

[Hex][de 7f 35 e6 52 d8 34 f 20 from 6b 9th 24 a8 87 84] = Hello, World ***


This is proof that we know how to write in ***

Story:

With the latest beta the Team has realized some problems of procedure and how FIX them. Unfortunately aaaaa93 has failed because it lacked a device (USB) working.