Today I stumbled upon interesting info (for the tech savvy) about MITM attacks against SSL by exploiting null-prefix attack.
Bunch of links for reading:
This seems like something that could be potentially used to decrypt the communication with various Sony sites. However it requires some specially crafted certificate for your site - see the paper for details...
Well, this is rather old news.
I mean I like the idea, and never had any thoughts about implementing this - but it's been around for 4 months. I seen it when it was news on Hackaday.com - 4 moths ago.
Actually it would be easier to grab the cert from the Sony server while my proxy catches the PS3 and send the certificate off to the PS3.
Simple enough, I can't mess with my source or even test it as of now because I have a lot of things to manage.
If you need a co-developer - let me know. :-)
I have Visual Studio 2008 Enterprise Edition installed (as with being a .Net developer), and with my job changing into a more software security type role too - need to work on my hacking skill set
You can test this all for yourself... Install yourself a windows server (Virtual if needbe), setup a CA on it, then setup a website in IIS and request yourself a certificate & install it. Check the certificate out using the certificate snap in and you'll see it has a private key. Connect to the website from another machine and grab the certificate and compare the difference.
Then if you want to experiment with re-establishing an SSL tunnel, setup another virtual machine and install ISA 2006 on it. Use its reverse proxy feature to publish your website, you'll see it only works with a certificate containing the private key.
2 Screenshots - Kill the pleasure people lol
Well I've finally got some free time today, so I managed to move my project over to my music computer and installed vb.net and c#.net 2008 on it, so here's a few screenshots of this sucker in action.
The actual SSL/proxy UI is not integrated/implemented (Whatever you want to call it for now) yet.
So please bare with me and just wait it out. My schedule has been hectic ever since I've gotten home and just want to show you guys what I got so far.
Hope it helps for proof (DEATH TO THE NON-BELIEVERS!)
lol, well as always , I'll keep everyone updated.
Really really nice work.
I'm afraid that Sony somehow are keeping taps on this PS3News to get these type of new ideas and workarounds so they can implement a fix in their next updates.. and maybe not the updates that we are doing now. but at least they have an antidote and they release in the time of fruition.
what i'm trying to say is lets keep it simple and if there are critical information it should be kept under raps.
and thank you all for giving us hope to have something more and new.
It is a good project.. i hope that ionbladez will release it soon... however.. i dont know if it could be useful but using a particular packet sniffer program i've discovered that every demo that i download gives me a different Etag.
For example when i try to download bayonetta this program gives me these infos:
[Register or Login to view code]
could be useful?
Hey, haven't been working on my program for a few weeks, just got a new job and all that.
Thanks for pointing that out - I did notice the etag header. Actually, EVERY package, gives a different one.
The PS3 basically ignores it though, because if we could edit that, we'd be set. It's kinda like a fallback for Sony just in case we were to bypass their hash check. ETag headers come from a variety of different apache servers. I have it installed on mine, and ETag can be turned on or off.
Sony must've just purposely left it on for their own reasons, whatever that may be.