-
Hey Guest. Check out your NeoGAF Wrapped 2025 results here!
PS3 OFW 3.56 New Feature: Rootkit (allegedly)
- Thread starter Vagabundo
- Start date
LiquidMetal14
hide your water-based mammals
So true lmaojcm said:
FunkyPajamas
Member
Honest question: how would that work? Wouldn't malicious users have to hack the actual PSN to be able to "broadcast" code to other users' PS3s? Or have a direct connection (hosting a hacked game sending data), or just by a non-malicious user downloading something and executing it?Vagabundo said:
I can't understand how it would work unless one of the hackers took control of the playstation network. And seeing how (if this news is true) Sony may start swinging the banhammer soon, the second option will probably not be possible later. The third option would only happen to users downloading unsigned software to their PS3s (i.e. homebrew, hackers or pirates) and I guess if you're downloading that stuff then you know the risks, no?
Ploid 3.0
Member
Vagabundo said:
I hope you guys don't get this thread locked like the original firmware thread.
This is a awesome post though. Screams panic. I bet sony require some kinda access code, program, or whatever that only Sony has to do whatever it is this firmware allows them to. Maybe it's just something that will allow them to detect cfw stuff easily and deny PSN access. Maybe it's a bomb that will make your console legit in order to access psn (legit as in disable cfw stuff).
Vagabundo said:
From day 1 the PS3 would upload the list of software which has been running on your console etc, without you knowing, as soon as you're connecting to the PSN. From day 1 the PSN would run code on your PS3 to make a prompt displaying "please update", locking you out of network services if you don't update.
So I guess rootkit has been there from day 1. Call the press and file a lawsuit.
Also how come no one has hacked into this yet?
LiquidMetal14
hide your water-based mammals
WCW OR NWO BOYEE?!!?Jocchan said:
XiaNaphryz
LATIN, MATRIPEDICABUS, DO YOU SPEAK IT
thisisneogaf.gifJocchan said:
BMF said:
agreed, they should just remove the code and send everyone manuals to do what they want.
So Tinfoil hat scenerio:
1 Sony puts in root kit
2 hackers access rootkit,
3 malicious code is sent fucking up a large amount of PS3's accross the globe
4 Sony get's sued, pulls out of hardware and goes third pary after crippling financial losses
5 ?
6 PROFIT!
I obviously do not think this will happen
IrishNinja
Member
BMF said:
thank you.
people celebrating because they dont want hacks online: fair enough.
people celebrating/corporate cheerleading because they dont want other people using custom firmware to do as they please with their own system: wow.
LiquidMetal14
hide your water-based mammals
You want on that list? We can tango my rapscalion fiend!Mithos said:
So let me get this straight then. Sony added a verification check system when you connect to PSN. The check is remotely controlled so it can be changed by Sony without the need of FW updates.
So essentially if your running CFW it has the ability to detect it and possibly stop you from going on PSN?
How is this the same as a rootkit?
LiquidMetal14
hide your water-based mammals
UNDERSTAND THIS THOUGH - What I'm saying is related to PSN. DO whatever you want as long as you don't log onto PSN or you will likely be ever to log in ever again.IrishNinja said:
This is a you problem if you ignored the TOS.
Just been searching through my chat logs:
Jan 27 14:44:32 <Mathieulh> 3.56 has nice new stuffs in there
Jan 27 14:44:43 <Mathieulh> like remote code execution upon login
Jan 27 14:44:45 <Sorrowuk> They will just release patches so people who have hacked cant go online
Jan 27 14:44:46 <Mathieulh> yummy
Jan 27 14:44:50 <noone> WAT
Jan 27 14:45:00 <noone> RFE built-in the fw!?
Jan 27 14:45:25 <Mathieulh> 3.56 pretty much has a built in psn rootkit
Jan 27 14:45:30 <noone> dude, that's the only stuff i'd be afraid of
Jan 27 14:45:31 <Mathieulh> don't tell me I haven't warned you
Jan 27 14:45:43 <Sorrowuk> psn rootkit ?
Jan 27 14:46:05 <noone> but if we could rip-off the fw that shit would be erased
Jan 27 14:46:20 <noone> that was the only thing stopped sony to _auto_ update your fw
Jan 27 14:46:22 <Mathieulh> noone it's not that simple
Jan 27 14:46:29 <Mathieulh> the server awaits a proper reply
Jan 27 14:46:34 <Mathieulh> and that reply isn't in the firmware
Grampa Simpson
Banned
You're a liar. Either that or your degree is worthless. Nobody is going to take you seriously if you aren't able to correctly describe what a router does.Choc said:
Edit: That came off a bit more vitriolic than I intended.
LiquidMetal14
hide your water-based mammals
The code that is meant to filter out the hackers. I understand the pessimistic view but they are trying to secure their network.Vagabundo said:
Dibbz said:
Its not. It's about spreading fud to people so that it gets picked up by big sites like Kotaku and then gets spread like wildfire without any real basis in fact or truth.
All of this is based on some speculation that was posted in an IRC channel, and I haven't even seen the logs of what was actually said.
LiquidMetal14
hide your water-based mammals
Sad but true. But lets trust faceless hackers over Sony.RyanDG said:
If I owned a business I would not be without hidden cameras. Same applies for this.
gregor7777
Banned
Withnail said:
Obviously, but it's pretty damn close to reality.
FunkyPajamas
Member
Oh, thank you, that makes sense.Vagabundo said:
"corporate cheerleading". Sure. It's your system, but it's their network. You can't go on their network if you're not playing by the rules. You can hack and homebrew all you want, but if you want to be on their network you need to understand they're not going to like it. If they have added a rootkit and you don't have your PS3 connected to psn/internet then you shouldn't have a problem. Unless you're downloading software from unknown sources. But why would you worry about that? The hackers are your friends, right? They gave you the keys to the console so that you can use it as you see fit.IrishNinja said:
Bojanglez
The Amiga Brotherhood
Doesn't a rootkit try and subvert the standard operation of an OS to give the person that wrote the rootkit external (and unauthorised) access to the OS?
As far as I can see it this is not doing that, it is merely the OS author adding functionality to its own software, there is no subversion involved it is software that is designed by the original OS author. If you don't trust the author of the OS to maintain that OS then I suggest you don't use that OS in the fist place.
As far as I can see it this is not doing that, it is merely the OS author adding functionality to its own software, there is no subversion involved it is software that is designed by the original OS author. If you don't trust the author of the OS to maintain that OS then I suggest you don't use that OS in the fist place.
LiquidMetal14
hide your water-based mammals
To me, it seems like some are taking these guys on the internet who know their code and hacking PS3's like their word is more solid than Sony's on this. And, the legit consumer, get looked at as a defender for wanting my network activities as secure as possible. And if that means Sony putting in this measure that protects the users and their huge investment then I agree with it.Raist said:
IrishNinja
Member
LiquidMetal14 said:
thanks, i caught that the first hundred times in this thread; (potentially) doing something invasive/shitty and mentioning it in your TOS isnt a free pass.
if you're asking who's "good or bad" i mean, i dont even know where to start with a question like that.
i get that its sony's network and their rules, but that doesnt mean i have to be pleased with the idea of something like this, much less celebrate it.
gregor7777
Banned
Hopefully they do put in some kind of check for CFW when logging in to PSN. Hopefully not bans, but just stop CFW from hitting PSN unless they switch back to OFW.
That way we can let the cheating issue go away and we can stop reading LiquidMetal's posts on the topic daily. He won't have anything to bitch about anymore.
That way we can let the cheating issue go away and we can stop reading LiquidMetal's posts on the topic daily. He won't have anything to bitch about anymore.
Ploid 3.0
Member
IrishNinja said:
People can still use CFW, dongles, otherOS as they please, just not on a PS3 that has 3.56 to access PSN, and soon any PS3 that access PSN. That's the point, people that mod their consoles with custom firmwares shouldn't be on PSN anyway. If they are using cheats, pirate games, or doing honest homebrewing.
Raist said:
Mathieulh's info has been 99% accurate and he's documented a lot of the PS3's security here: http://ps3wiki.lan.st/index.php/Main_Page
Also I'd prefer it if the OP quoted Mathieulh instead of me. Edit: Nevermind, you've changed it.
I don't have the time to go through the entire log but this bit seems the most relevant:
Jan 27 14:44:32 <Mathieulh> 3.56 has nice new stuffs in there
Jan 27 14:44:43 <Mathieulh> like remote code execution upon login
Jan 27 14:44:45 <Sorrowuk> They will just release patches so people who have hacked cant go online
Jan 27 14:44:46 <Mathieulh> yummy
Jan 27 14:44:50 <noone> WAT
Jan 27 14:45:00 <noone> RFE built-in the fw!?
Jan 27 14:45:25 <Mathieulh> 3.56 pretty much has a built in psn rootkit
Jan 27 14:45:30 <noone> dude, that's the only stuff i'd be afraid of
Jan 27 14:45:31 <Mathieulh> don't tell me I haven't warned you
Jan 27 14:45:43 <Sorrowuk> psn rootkit ?
Jan 27 14:46:05 <noone> but if we could rip-off the fw that shit would be erased
Jan 27 14:46:20 <noone> that was the only thing stopped sony to _auto_ update your fw
Jan 27 14:46:22 <Mathieulh> noone it's not that simple
Jan 27 14:46:29 <Mathieulh> the server awaits a proper reply
Jan 27 14:46:34 <Mathieulh> and that reply isn't in the firmware
Jan 27 14:46:42 <noone> oh...
Jan 27 14:46:46 <Mathieulh> it's in whatever code they remotely execute
Jan 27 14:46:53 * NNNnc1 sets channel limit to 836
Jan 27 14:46:59 <Mathieulh> which they of course can change at any given time but oh! well
Jan 27 14:47:03 <Sorrowuk> If we can always decrypt the ps3 firmwares, can't we just decrypt 3.56 and add any new syscalls or whatever into 3.55 and then 3.55 will run stuff made with the 3.56 sdk ?
Jan 27 14:47:03 <noone> but still, if they could RFE, then they could hash your current fw, no match = auto-update
Jan 27 14:47:07 <noone> even reformat your hdd
Jan 27 14:47:08 <Sorrowuk> so we could just always stay on 3.55
Jan 27 14:47:12 <Mathieulh> I assume they probably added some syscalls for lv2 integrity checks
Jan 27 14:47:42 <noone> Sorrowuk, if they have RFE, they could hash that customized 3.56
Jan 27 14:47:57 <noone> and there's no way you could fake a hash
Jan 27 14:48:09 <Sorrowuk> but wont RFE only work on 3.56 firmware
Jan 27 14:48:09 <noone> but you could fake the response
Jan 27 14:48:11 <Sorrowuk> and not 3.55
Jan 27 14:48:14 <noone> im being paranoid.
Jan 27 14:48:23 <Sorrowuk> cause 3.55 is hacked
Jan 27 14:48:25 <Sorrowuk> we can do anything
Jan 27 14:48:42 <Mathieulh> noone you could fake the syscalls their code use I guess
Jan 27 14:48:46 <Mathieulh> IF you know what they are
Jan 27 14:48:48 <noone> yep
Jan 27 14:48:52 <Mathieulh> it's a lot of work
Jan 27 14:48:53 * NNNnc1 sets channel limit to 834
Jan 27 14:48:59 <Mathieulh> and I am personally not doing it
Jan 27 14:49:04 <noone> but we could sniff the entry
Jan 27 14:49:08 <noone> over the network
Jan 27 14:49:13 <Mathieulh> also because they implemented this doesn't mean they'll make use of it
Jan 27 14:49:21 <Mathieulh> although it'd be silly not to
LiquidMetal14
hide your water-based mammals
Sigh, I guess you guys can start posting me as the local Sony defender on the web now. I swear I can't even voice my opinion in an issue I care about.gregor7777 said:
Or you can twist my words and look at me as a bad guy or internet heathen. All I want is for the network to be secure.jorma said: