E' da molto tempo che hacked2123 sta lavorando, ma il 06/12 è finalmente arrivato. Per mesi ha tenuto un segreto, qualcosa che può servire a bucare la Playstation 3.Oggi vi fornisco il "Ps3 Tri Fold Attack" (E il File d'aggiornamento 1.0, non necessario, ma per coloro che vogliono esaminare i file di sistema) che permetteranno di agire su un solo gioco che gode di un grave difetto sul lato della sicurezza.
Molti giochi prima di Call of Duty 3 avevano un grande bug che permetteva di scrivere file o codice nel l'HD della PS3, come Resistance: FoM, Motorstorm, e Warhawk. Warhawk è stato particolarmente positivo e sono riusciti a sovrascrivere i param.sfo.
Il problema principale è che le patch e gli aggiornamenti hanno bloccato il bug. Al momento abbiamo avuto poca conoscenza degli HDD per il funzionamento del sistema.
Questo mi porta al problema di sicurezza di CoD3, non può essere patchato senza un intero aggiornamento del firmware. Ciò significa che tutti gli PS3 Dev's che scelgono di continuare la ricerca non dovrebbero aggiornare la PS3 (che non è stato come il caso per Warhawk che ha utilizzato un messaggio di invito a indirizzare gli utenti ai Negozio a PSN per un aggiornamento).
Nota: Questo è l'unico gioco su PS3 che permette l'aggiornamento senza essere collegati in rete con il tuo account di playstation network.
Per ulteriori informazioni, leggere il file NFO a fondo pagina o visualizzare i video sopra.
Fonte: Ps3news.com
FILE NFO:
Description 1 (The File Writer potential)
CoD3 uses a per file public key verification on its updates. Files can be added to the list to update at will and
write with a root location of /BLUS30012/. Files can be written within that directory with /folder/file.name and to
other directories with ../otherBLUS/file.name. I have successfully over written other files on the HDD such as
ICON0.PNG to other PSN titles, by renaming the *.cod verified file to ICON0.PNG. Through some RAM dumps, and some
skill this verification scheme can be broken, and may lead to the modification of PRX files contained on the PS3.
EXAMPLE
Source - http://codupdater.ps3.activision.com/patches/1.0/cod_ps3f.self
Destination - cod_ps3f.self
Verification key - TkjcgKa44eanDv1ySRpEf6fBeHekbMFeI/yAhSVALY+vcKzAeOztb4KIAzPBFgP3wb8yqR AJHivTZtzb0UqYpc6OtvMh6GHKU+QHmYAumm0HmEn64h4DN
6PyHWE1sY9HvK6rXPAZRfNUM9t3ceMTOytxidFA6te1Mn83NHd5d1Q=
Description 2 (The Soft Reset potential)
As demonstrated in the video, following what I believe to be a stack overflow, and "Quit Game" the system performs a
soft reset. This is, to my knowledge, the first reproducible occurrence of this. With a soft reset, depending on
how it's being executed, may leave certain variables in memory, or create new ones without the same security
procedures.
Description 3 (The Stack Overflow potential)
The most valuable of the three attack potentials is what is, in my understanding, a stack overflow. Should I be
wrong, it may either be a parsing error (highly unlikely), or an error in the writing of param.sfo. Should it be a
stack overflow, through RAM dumps, ultimately execution of unsigned code is highly probable; unfortunately I do not
have access to these dumps, and can't deem this a successful hack just yet. (Other tested methods include
array-overflowing, and memory buffer overflows, which resulted in the game's termination and the XMB prompting an
error)
To test remove one "1" from the "Game.VER" included and see that the installation continues normally.
Tools Needed:
1. SimpleDNS (and the included "Simple DNS Records.rar") (STRONGLY RECOMMENDED TO BACKUP YOUR EXISTING SimpleDNS DIR)
2. Apache Web Server (and the included "Update Descriptors.rar")
3. A router/hub of some sort.
Instructions:
1. Extract the contents of "Simple DNS Records.rar" & "Update Descriptors.rar" to the C: directory of your computer
(all file paths there after have been preserved)
2. Restart/Start SimpleDNS and Apache
3. Boot your PS3 and enter network settings
4. Select Custom, and then when IP Address Setting appears select Manual
5. Assign an IP address suitable for your network (ex. 192.168.0.99 or 192.168.1.99), subnet 255.255.255.0, default
router = your computer's IP (this will help prevent it from updating on the PSN), and Primary DNS also your
computer's IP.
6. Execute CoD3 and witness the "update" screen
For those of interested in the file protection extract "Update 1.0 files (not needed).rar" and in the Apache folder
use "original GAME.VER" instead of GAME.VER.
NOTE: This is my final release to the hacking community, and will no longer be Hacked2123. I have tried so much,
and so hard, to further my existence and to exhibit my knowledge and understanding to the world for the purpose of
advancing my life. I have found this to be a dream, I have gained nothing, I work the same job, and all the work I
have put forth in the community is deemed "fake".
Nessun commento:
Posta un commento