PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

131w ago - It was just a week ago since the previous PlayStation 3 System Software update arrived, but today Tempest_Fire of Sony PlayStation Support has announced that PS3 System Software Update v4.31 is incoming tonight with details below!

Download: PS3 Firmware 4.31 Update (US) / PS3 Firmware 4.31 Update (EU) / PS3 DEV_Flash 4.31 by Team Siracide / PS3 4.31 LV0 Decrypted by Soon (No Password) / lv0431decrypted.zip (Mirror - Password: consolecrunch) / PS3 LV0 4.25 / 4.30 / 4.31 Decrypted / PS3 LV0 4.25 / 4.30 / 4.31 Decrypted (Mirror) / PS3 LV0 4.25 / 4.30 / 4.31 Decrypted (Mirror #2) / PS3 LV0 4.25 / 4.30 / 4.31 Decrypted (Mirror #3) / PS3 LV0 4.25 / 4.30 / 4.31 Decrypted (Mirror #4) / Appldr of PS3 OFW 4.31 Decrypted by nathan_r32_69 / PS3 Firmware 4.31 Keys / KeyMEGAPACK.rar by unknown / COS 4.31 (Decrypted) / PS3Keys (Updated 11/30/2012) / SCETool Format Keys (Updated 11/30/2012) by SammyG0080 (aka str8b1t) / Core_OS 4.31 [Decrypted+Encrypted] by XxZer0ModZxX (via RedDot-3ND7355 from xxzer0modzxx.com/t1273-core_os-431-decryptedencrypted-by-xxzer0modzxx#9099) / PS3 4.30 / 4.31 LV1 / LV2 Dumps from SammyG0080 / PS3 4.31 Firmware Keys by MARKUS++

To quote: Hi everyone, I'm posting this message to inform you that there will be a minor firmware update (v.4.31) released on the evening of Monday, October 29th.

There will not be PlayStation Network maintenance during this time; online play and access to apps will not be affected during the release of this update.

This is not a mandatory update. However, we suggest you keep your systems updated with the latest firmware, as these updates further improve overall system stability and help provide you with the best online entertainment experience possible.

To update to v.4.31, select Settings from your Xross Media Bar (XMB) > System Update > Update via Internet and then follow the on-screen instructions.

More information about PlayStation system updates can be found here: http://us.playstation.com/support/systemupdates/

Tempest_Fire
Digital Platforms Community Manager
Sony Computer Entertainment America

From their Twitter: "If you've had issues with Monster Hunter Portable 3rd HD, download the optional PS3 software update (v.4.31)"

From afiser on the PS3 Keys posted above: This is as simple as putting the bootldr keys (what you all call the lv0 keys released last week) in the scetool data/keys file and running scetool.exe -d lv0 lv0.elf

From zadow28: Found some interesting, when debugging lv1.elf from 4.31:

[Register or Login to view code]

Only shows when debugging.. well thats where i'm at so far regards.

Dumps/Debug off core_os/Devflash files. 4.++

Have done some experimenting. Found out that you can actuelly run the self/sprx (ppc)

From core_os, and Devflash.. from "official" debugger,and dump them. You have to set up an fake Param.sfo, so the debugger thinks its an executable.. but the result is quite amazing. You really get an better overview, since you can see al the files it communicates with.

I use Ida pro 64 PPC proccesser to analyze, the dump. Then use Kakarotos scrips analyze_sprx.idc. Set new TOC, when the script tell you and reanalyze.

The dump is 4mb packed but 250 mb unpacked. I'll give an more deeper, TUT when i have the time. Works on all files so far i tested PPC ones, so all expect the spu files. Tested vsh.self/mcore.self/psp_emu.self plus many more.

Well here is the dump, for BDVD.SELF: http://rghost.net/41639087

Off course you can debug all the files, and the embedded spu before dumping.

Finally, from Team Siracide comes PS3 DEV_Flash 4.31 with details below, as follows:

[Register or Login to view code]

Sony PS3 System Software Update v4.31 Incoming, Details Arrive

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew PS4 Downloads.


  • Sponsored Links




#49 - R33L - 102w ago
R33L's Avatar
I got tired of waiting for someone to come across this information. not one single scene site has even noticed this: packetstormsecurity.com/files/121691/Sony-PS3-Firmware-4.31-Code-Execution.html
[code]Sony PS3 Firmware v4.31 - Code Execution Vulnerability

Date:

2013-05-12

References:

vulnerability-lab.com/get_content.php?id=767

VL-ID:

767

Common Vulnerability Scoring System:

6.5

Introduction:

The PlayStation 3 is the third home video game console produced by Sony Computer Entertainment and the successor to the
PlayStation 2 as part of the PlayStation series. The PlayStation 3 competes with Microsoft`s Xbox 360 and Nintendo`s Wii
as part of the seventh generation of video game consoles. It was first released on November 11, 2006, in Japan, with
international markets following shortly thereafter.

Major features of the console include its unified online gaming service, the PlayStation Network, its multimedia capabilities,
connectivity with the PlayStation Portable, and its use of the Blu-ray Disc as its primary storage medium.

(Copy of the Homepage: en.wikipedia.org/wiki/PlayStation_3)

PlayStation Network, often abbreviated as PSN, is an online multiplayer gaming and digital media delivery service provided/run
by Sony Computer Entertainment for use with the PlayStation 3, PlayStation Portable, and PlayStation Vita video game consoles.
The PlayStation Network is the video game portion of the Sony Entertainment Network.

(Copy of the Homepage: en.wikipedia.org/wiki/PlayStation_Network)

Abstract:

The Vulnerability Laboratory Research Team discovered a code execution vulnerability in the official Playstation3 v4.31 Firmware.

Report-Timeline:

2012-10-26: Researcher Notification & Coordination
2012-11-18: Vendor Notification 1
2012-12-14: Vendor Notification 2
2012-01-18: Vendor Notification 3
2012-**-**: Vendor Response/Feedback
2012-05-01: Vendor Fix/Patch by Check
2012-05-13: Public Disclosure

Status:

Published

Affected Products:

Sony
Product: Playstation 3 4.31


Exploitation-Technique:

Local

Severity:

High

Details:

A local code execution vulnerability is detected in the official Playstation3 v4.31 Firmware. The vulnerability allows local attackers to inject and execute code out of vulnerable ps3 menu main web context.

There are 3 types of save games for the sony ps3. The report is only bound to the .sfo save games of the Playstation3.
The ps3 save games sometimes use a PARAM.SFO file in the folder (USB or PS3 HD) to display movable text like marquees,
in combination with a video, sound and the (path) background picture. Normally the ps3 firmware parse the redisplayed
save game values & detail information text when processing to load it via usb/ps3-hd. The import ps3 preview filtering
can be bypassed via a splitted char by char injection of script code or system (ps3 firmware) specific commands.

The attacker syncronize his computer (to change the usb context) with USB (Save Game) and connects to the network
(USB, COMPUTER, PS3), updates the save game via computer and can execute the context directly out of the ps3 savegame preview
listing menu (SUB/HD). The exploitation requires local system access, a manipulated .sfo file, an usb device. The attacker
can only use the given byte size of the saved string (attribute values) to inject his own commands or script code.

The ps3 filter system of the SpeicherDaten (DienstProgramm) module does not recognize special chars and does not provide
any kind of input restrictions. Attackers can manipulate the .sfo file of a save game to execute system specific commands
or inject malicious persistent script code.

Successful exploitation of the vulnerability can result in persistent but local system command executions, psn session
hijacking, persistent phishing attacks, external redirect out of the vulnerable module, stable persistent save game preview
listing context manipulation.

Vulnerable Section(s):
[+] PS Menu > Game (Spiel)

Vulnerable Module(s):
[+] SpeicherDaten (DienstProgramm) PS3 > USB Gerät

Affected Section(s):
[+] Title - Save Game Preview Resource (Detail Listing)

Proof of Concept:

The firmware preview listing validation vulnerability can be exploited by local attackers and with low or medium required user interaction.
For demonstration or reproduce ...

The attacker needs to sync his computer (to change the usb context) with USB (Save Game) and connects to the network
(USB, COMPUTER, +PS3), updates the save game via computer and can execute the context directly out of the ps3 savegame preview
listing menu (SUB/HD). The exploitation requires local system access, a manipulated .sfo file, an usb device. The attacker
can only use the given byte size of the saved string (attribute values) to inject his own commands or script code.

The ps3 filter system of the SpeicherDaten (DienstProgramm) module does not recognize special chars and does not provide
any kind of input restrictions. Attackers can manipulate the .sfo file of a save game to execute system specific commands
or inject malicious persistent script code out of the save game preview listing.

If you inject standard frames or system unknow commands (jailbreak) without passing the filter char by char and direct sync
as update you will fail to reproduce!

PoC: PARAM.SFO

PSF Ä @ h % , 4
$ C @ ( V h j
€ p t € š
ACCOUNT_ID ATTRIBUTE CATEGORY DETAIL PARAMS PARAMS2 PARENTAL_LEVEL SAVEDATA_DIRECTORY SAVEDATA_LIST_PARAM SUB_TITLE TITLE
40ac78551a88fdc
SD
PSHACK: Benjamin Ninja H%20'>"

#48 - d3m0n1q733rz - 102w ago
d3m0n1q733rz's Avatar
I just saw this earlier: packetstormsecurity.com/files/121691/sony_ps3_firmware_v4.31-exec.txt
[code]Sony PS3 Firmware 4.31 Code Execution

A local code execution vulnerability is detected in the official PlayStation 3 v4.31 Firmware. The vulnerability allows local attackers to inject and execute code out of vulnerable PlayStation 3 menu main web context.

Title:

Sony PS3 Firmware v4.31 - Code Execution Vulnerability

Date:

2013-05-12

References:

vulnerability-lab.com/get_content.php?id=767


VL-ID:

767

Common Vulnerability Scoring System:

6.5

Introduction:

The PlayStation 3 is the third home video game console produced by Sony Computer Entertainment and the successor to the
PlayStation 2 as part of the PlayStation series. The PlayStation 3 competes with Microsoft`s Xbox 360 and Nintendo`s Wii
as part of the seventh generation of video game consoles. It was first released on November 11, 2006, in Japan, with
international markets following shortly thereafter.

Major features of the console include its unified online gaming service, the PlayStation Network, its multimedia capabilities,
connectivity with the PlayStation Portable, and its use of the Blu-ray Disc as its primary storage medium.

(Copy of the Homepage: en.wikipedia.org/wiki/PlayStation_3)

PlayStation Network, often abbreviated as PSN, is an online multiplayer gaming and digital media delivery service provided/run
by Sony Computer Entertainment for use with the PlayStation 3, PlayStation Portable, and PlayStation Vita video game consoles.
The PlayStation Network is the video game portion of the Sony Entertainment Network.

(Copy of the Homepage: en.wikipedia.org/wiki/PlayStation_Network)

Abstract:

The Vulnerability Laboratory Research Team discovered a code execution vulnerability in the official Playstation3 v4.31 Firmware.

Report-Timeline:

2012-10-26: Researcher Notification & Coordination
2012-11-18: Vendor Notification 1
2012-12-14: Vendor Notification 2
2012-01-18: Vendor Notification 3
2012-**-**: Vendor Response/Feedback
2012-05-01: Vendor Fix/Patch by Check
2012-05-13: Public Disclosure

Status:

Published

Affected Products:

Sony
Product: PlayStation 3 4.31

Exploitation-Technique:

Local

Severity:

High

Details:

A local code execution vulnerability is detected in the official Playstation3 v4.31 Firmware.
The vulnerability allows local attackers to inject and execute code out of vulnerable ps3 menu main web context.

There are 3 types of save games for the sony ps3. The report is only bound to the .sfo save games of the Playstation3.
The ps3 save games sometimes use a PARAM.SFO file in the folder (USB or PS3 HD) to display movable text like marquees,
in combination with a video, sound and the (path) background picture. Normally the ps3 firmware parse the redisplayed
save game values & detail information text when processing to load it via usb/ps3-hd. The import ps3 preview filtering
can be bypassed via a splitted char by char injection of script code or system (ps3 firmware) specific commands.

The attacker syncronize his computer (to change the usb context) with USB (Save Game) and connects to the network
(USB, COMPUTER, PS3), updates the save game via computer and can execute the context directly out of the ps3 savegame preview
listing menu (SUB/HD). The exploitation requires local system access, a manipulated .sfo file, an usb device. The attacker
can only use the given byte size of the saved string (attribute values) to inject his own commands or script code.

The ps3 filter system of the SpeicherDaten (DienstProgramm) module does not recognize special chars and does not provide
any kind of input restrictions. Attackers can manipulate the .sfo file of a save game to execute system specific commands
or inject malicious persistent script code.

Successful exploitation of the vulnerability can result in persistent but local system command executions, psn session
hijacking, persistent phishing attacks, external redirect out of the vulnerable module, stable persistent save game preview
listing context manipulation.

Vulnerable Section(s):
[+] PS Menu > Game (Spiel)

Vulnerable Module(s):
[+] SpeicherDaten (DienstProgramm) PS3 > USB Gerät

Affected Section(s):
[+] Title - Save Game Preview Resource (Detail Listing)

Proof of Concept:

The firmware preview listing validation vulnerability can be exploited by local attackers and with low or medium required user interaction.
For demonstration or reproduce ...

The attacker needs to sync his computer (to change the usb context) with USB (Save Game) and connects to the network
(USB, COMPUTER, +PS3), updates the save game via computer and can execute the context directly out of the ps3 savegame preview
listing menu (SUB/HD). The exploitation requires local system access, a manipulated .sfo file, an usb device. The attacker
can only use the given byte size of the saved string (attribute values) to inject his own commands or script code.

The ps3 filter system of the SpeicherDaten (DienstProgramm) module does not recognize special chars and does not provide
any kind of input restrictions. Attackers can manipulate the .sfo file of a save game to execute system specific commands
or inject malicious persistent script code out of the save game preview listing.

If you inject standard frames or system unknow commands (jailbreak) without passing the filter char by char and direct sync
as update you will fail to reproduce!

PoC: PARAM.SFO

PSF Ä @ h % , 4
$ C @ ( V h j
€ p t € š
ACCOUNT_ID ATTRIBUTE CATEGORY DETAIL PARAMS PARAMS2 PARENTAL_LEVEL SAVEDATA_DIRECTORY SAVEDATA_LIST_PARAM SUB_TITLE TITLE
40ac78551a88fdc
SD
PSHACK: Benjamin Ninja H%20'>"

#47 - cfwmark - 114w ago
cfwmark's Avatar
Back to 4.10 got it to 100% on first screen install. press PS. checking for update... the data is corrupted (8002F15E)

tried dev file for 4.31 didn't work (hope they work for you)

can anyone fix this or know how to?

#46 - Ozz465 - 117w ago
Ozz465's Avatar
Not anytime soon.

#45 - fadi - 117w ago
fadi's Avatar
will hackers ever find a jailbreak for ps3 ofw 4.31?

#44 - elser1 - 117w ago
elser1's Avatar
it would be better to display the keys in a post as i doubt anyone will risk downloading files from an unknown source to there pc. i know i wouldn't anyways!

#43 - michelemotta82 - 117w ago
michelemotta82's Avatar
Attachments file rar, confirm this keys ?

LIST FILE OF RAR

APP-PRIV-431
ISO-PRIV-431
LVO-PRIV-431
LV1-PRIV-431
LV2-PRIV-431
METLDR-PRIV-RETAIL-431

unknow uploader

#42 - BK Heritage - 123w ago
BK Heritage's Avatar
Hackers developer are such an intelligent people, we just take for granted for their contribution..

#41 - fatboyfry - 123w ago
fatboyfry's Avatar
wow this looks like great news

#40 - cfwmark - 123w ago
cfwmark's Avatar
got it to install this far so far on 4.10 techondon. got any ideas how to get around this?

so close to bypass the need to use an e3 but would I still have trouble with xmb manager I wonder? It stop at 79% look in background.

turn off PUP build change setting it kind of worked (wild guess I need toggle_pq.pkg like 430.v2)