Sony Adds PS3 Firmware 3.60 Auth on PSN, CFW Patch Incoming
Last week PS3 Firmware 3.60 was released, and as of today Sony has updated the platform authentication xi passphrase for PSN resulting in Custom Firmware users (via FckPSN and similar methods) being blocked, however, according to IRC reports a PlayStation 3 CFW patch update shouldn't be far off.
To quote from PSX-Scene (linked above): "We are expecting sporadic PSN maintenance from approx 9am-3pm PST Thursday 03/17/2011. We apologize for the inconvenience."
That message was the last thing that CFW users got to see today, later after the network was back up everyone found they been kicked off their PSN!
Sony has finally enabled the new v3.60 auth system which was found hiding in the new firmware they had released last week!
Finally, from IRC:
Scorpion1: the 3.60 passphrase will be the same for everyone Scorpion1: well mathieulh said the 3.55 one is Scorpion1: saktdlMapxsbsghmq5dhlwrmtsicyijmzntqaLcpgd8ybbetdm sha=jm Scorpion1: and thats from his ps3 i take it Scorpion1: so is yours the same ? trixter: yeah that is the same as my 3.55 Scorpion1: so its the same then Mathieulh: it's a static value Mathieulh: for all ps3s trixter: so it appears that it is the same which means that they are not as smart as I gave them credit for Mathieulh: that's the 3.55 one Mathieulh: basically 3.56 and below have that old passphrase Scorpion1: what about all the old firmwares like 3.21 etc did the passphrase change much ? trixter: its used to auth with psn trixter: one of the HTTP headers trixter: X-Platform-Passphrase: saktdlMapxsbsghmq5dhlwrmtsicyijmzntqaLcpgd8ybbetdm sha=jm segobi: its tghaaiennclabelcaxetighenpgjgth5gkdhwlwldighhj8keh ehxl MCPADDING: lol i'll just wait for team rebug to release a pkg trixter: it *ONLY* is used to log into psn trixter: nothing else Scorpion1: trixter so you have the 3.60 passphrase ... whats the first character of it ? trixter: my scope is very narrowly defined, security/privacy related stuff in terms of where your information goes, to whom, when/why, so that you can make informed decisions about how you use things Scorpion1: there not going to ban anyone if you cant get online on psn anyway, whats the point in them doing that trixter: attempting to get online with a spoofed version lets them know who is violating the tos, they can console ban so tthat the device never gets on in the future even if you manage to figure it out trixter: the ban would only be from psn, it would stop them getting on psn Sc0rpius: trying to circumvent it is a direct violation of the TOS, so they could ban anyone with non matching version and passphrase Celestria: i been playing on jpsn for last month Celestria: no ban trixter: Celestria: each region is run independently of each other. you may get banned for certain language on one but not on the others, and a ban in one place does not guarantee it elsewhere Scorpion1: bet graf could find the 3.60 passphrase and he will post it, he posts everything lol trixter: Scorpion1: probably, although its already known to some trixter: it treally is not that hard to get it trixter: at least by my method, which requires no sneaky access to any of the software on the system, no disassembling, no nothing that way.. Scorpion1: but for 3.60 the ssl encryption keys changed Scorpion1: didnt they trixter: no defyboy-: you will need to generate your own certificate trixter: ssl makes new keys for each connection unless it caches trixter: if it caches it may use the same keys for a session to the same host but it will eventually rotate them to new keys either because its a new session or different host or watever trixter: its just how ssl works George234: does it use the chain of trust? trixter: it uses PKI yes, that is how SSL works (for https anyway) trixter: but the session key is dynamically created, it is just transmitted using the public key that is part of the server Scorpion1: so you can connect a 3.55 console get the ssl encryption keys cached , then connect an official 3.60 console and decrypt the ssl ? trixter: nono they are cached in memory and are device specific fwnpwno: Mathieulh: you know how to login with cfw isnt'it? Mathieulh: fwnpwno you grab the new passphrase, you patch vsh.self to use it and return 03.60, you profit
Sony: Activate the Dummy Plug System
Hackers: What'd you do, Sony?
Sony Techs: Signal Reception Confirmed:
Sony Techs: Control System Switched
Sony Techs: All nerves now connected to the dummy system.
Sony Techs: 32.8% of the emotional factor is unclear. Unable to monitor.
Sony: It doesn't matter. Release the system. Commence attack.