Vulnerabilidad en home

una información que puede ser interesante para el futuro. parece que se puede acceder a los server de sony y que se pueden cambiar ficheros e inclusive se habla de acceso al disco (es la fantastica respuesta a de donde salieron los ficheros descifrados del home. Y nosotros pensando que podría ser algo filtrado). Creo que no infringe ninguna norma, pero por si acaso me reporto a mi mismo.

En principio quito todo enlace (y más viendo cuales son) hasta que digan los moderadores si se puede o no. De todas maneras, no vais a tener muchos problemas en encontrarlo...

Sacada de PS3Hax (también estan proponiendo algunas cosas la gente para avanzar) y del blog oficial de StreetskaterFU. Que no se empiece a flipar la gente con exploits y copias de seguridad y cosas así que no hay nada de eso...


Salu2

HOME public beta just started a few minutes ago, and as a little bonus I write this little vulnarabilitie disclosure of HOME beta 1.3. Don't be THAT surprised, remember the decrypted HOME game files^^. HOME is the most buggy game I ever saw and they really ****ed up so much. Ok, the delays gone about 2 years but after this years of waiting as user I expect a little bit more. "It feels like 2005 tech in 2008. I'm not sure that’s what people want.", I can only agree with this comment of Microsoft. Well, here the disclosure:

The first 2 are server structure listenings. Some uninteresting files like the model files are missing, in generall the most interesting files are included. JSP files are NEVER sources, they are the response of the server. They are responded for german area.

----------------------------------------------------------------------------

1) XXXX-home.XXXX.net server structure (without spaces as they are to big)

DOWNLOAD

2) homeps3.X.X (jsp files are no sources, they are responds of the home servers)

DOWNLOAD

3) The different Content Bases:

For Developers & Alpha = http://
For Quality Assurance = http://
For HOME Beta 0.9 = http://

4) Take a look in the first download package \c.home\prod\live\Screens\

Only one of the XML files is encrypted, which means you can simply customize the HOME areas with your own videos, pictures and text if you use a apache + simple dns redirection.

5) Download any file from the HOME content server you want

(Well now we come to the more interesting parts^^)

Theres a download script here...
(homeps3.X.X.X/HUBPS3_SVML/home/fileservices/Download.jsp)
...which is meaned to act as downloader for other users profiles, avatars and more. Example: User1 uploads his profile to the home server (see point 6), now User2 sees User1 in HOME; the downloader downloads the profile of User1 to the local HDD space of User2. So far so good. Now theres the possibility to do a realtime packet edit to download ANY file you want. It's up to you what files you think about now, but there are more than just lame user profiles on such servers ;-) To continue:

Download.jsp?filename=Profile-UserXYZ

This is the structure how it looks like when a user profile is requested, after this the server responds this way:

http://X.X.X.com/f422ad43e

Simply edit the filename to get your specific file

6) The most important vulnarability "upload any file to the HOME server"

The methode is nearly the same like in 5. just that you can upload instead of download a file. The structure looks like this:

Server request:
homeps3.X.X.X/HUBPS3_SVML/fileservices/UploadFileServlet?fileNameBeginsWith=Avatar-UserXYZ.jpg&filePermission=2&fileTypeID=2&fileDesc ription=unused

Aswell theres the file you want to upload as raw data in the POST header. Just do a live edit again and inject your file. It will be saved in /HUBPS3_SVML/.

Please don't upload any r00tshells or similiar ;-)

7) At the end a funny thing "delete any file on the HOME server"

homeps3.X.X.X/HUBPS3_SVML/home/fileservices/Delete.jsp?filename=XYZ

This could end really evil with a simple script :P

Please remember the last 3 vulnarabilities only work if you do a realtime packet edit. It's not possible to do this from a PC only or with fake packets!

----------------------------------------------------------------------------

So what is the conclusion?:

SONY ****ed it really up! First they delay HOME for more than a year, then they delay it a few times again and again till finally we have a HOME beta on a technical standard from 2005 with crappy graphics, a few boring areas and many many many many many many many many bugs. After this whole bullshitting we finally get our beta on 11.12.2008 with another delay of about 5 hours because SONY is unable to test their servers before. Congratz, to SONY for this fantastic product. THANKS!

Please remember:

Don't do anything stupid with this information which you could repent later.

Thanks for you attention, this was my little HOME vulnarabilities disclosure for you,
**********UPDATE1**********
I think I need to clear up some things:

1) This is all public information anyone with a bit networking knowledge can get.

2) At no time I hacked the servers. The HOME errors are NOT caused by me! The explainations are all based on theorethical base!

3) All scripts and responds are client site, so all legal.

4) I like the idea of HOME but the tech of 2005 is a fact.

5) I'm not responsible for other people which are going to experiment with the provided information.

6) I think this disclosure is very ok, think about the 2 options:

1. I disclosure it and it gets fixed by SONY.

2. Someone else use the bugs, uploads a shell, roots the server, kills your HOME.

**********UPDATE2**********
As many people just don't understand what are the risks of this crappy server structure, here is it in simple words:

1) Uploading own files to hack the server itself

2) Replace original files and insert code which could damage your PS3

3) Executing unsigned code via replaced LUA and JAVA files

These are the most important issues. I'm not responsible for any actions you do. Thanks for attention,

SKFU
Asi, a bote pronto...se me ocurre usar esa vulnerabilidad para conseguir acceso root al servidor, hacerse con una copia del server, y poder ejecutar home en tu propia casa y modificarlo a tu gusto :D ademas, dice de ejecutar codigo no firmado reemplazando scripts de LUA y archivos java, teniendo el server en tu pc seria la caña....
los LUA estos me parece que se utilizan para programar los juegos arcades....
Si, seguramente solo sirva para ver los videos que tu quieras en el cine, jugar los juegos que tu quieras en el arcade... vaya, nada que realmente se le pueda sacar provecho salvo el de modificar un poco el Home a tu gusto.
mangafan escribió:Si, seguramente solo sirva para ver los videos que tu quieras en el cine, jugar los juegos que tu quieras en el arcade... vaya, nada que realmente se le pueda sacar provecho salvo el de modificar un poco el Home a tu gusto.

algo es algo...
Jur...

parece que se puede acceder a los server de sony

Acceder a servidores ajenos y variar su información es un delito, por lo que no está permitido en EOL.

Un saludo.
Pues a mí todavía no me ha dejado entrar a home, me sale el error C-939 (o algo así), espero que no sea por los trasteos en el servidor por esto.

Un saludo.
me parece comprensible, si ves que lo que hay vulnera aún quitando los enlaces puedes cerrar el hilo fedopa...

donflopez: yo acabo de salir del home, es accesible pero cuesta. El error ese es porq estará petado.... a mi tb me salia salu2
Nitrok escribió:me parece comprensible, si ves que lo que hay vulnera aún quitando los enlaces puedes cerrar el hilo fedopa...

donflopez: yo acabo de salir del home, es accesible pero cuesta. El error ese es porq estará petado.... a mi tb me salia salu2


Me lo imaginaba, pero esque ni te imaginas la de veces que lo he intentado... ya estoy cabreándome, con las ganas que tengo de ver cómo es... porque lo mismo entro una vez y ya no más, pero quiero entrar esa vez. XD XD
Yo solo conseguí entrar una vez y eran las 5 de la madrugada mas o menos....
Eso es, que hackeen os servidores de home, ya vereis que gracioso es que se acceda a la información de las cuentas de PSN y por lo tanto de las tarjetas de credito... es para desearlo y descojonarse de la risa que haya vulnerabilidades ahí.
10 respuestas