Sponsored Links

Sponsored Links

Page 10 of 10 FirstFirst ... 8910
Results 91 to 97 of 97



  1. #91
    Contributor ionbladez's Avatar
    Join Date
    Apr 2009
    Posts
    225
    Sponsored Links
    Sponsored Links
    No, this isn't packaging redirection, this is packet manipulation, and modification.

    We change the info in the packet to a custom server, and as I said won't disconnect the PS3. The PS3 does not verify with the server that SSL packet. The one that contains the "*.*.*.dl.playstation.net" information.

    We need to live-edit this, and the playstation would let us download whatever we want from our own server *with name verification*

    So if we have an ALREADY SIGNED pkg *SONY* - We can easily get the PS3 to download and install it.

    We just need to modify the raw packet.

    Anyways that's just my 2 cents.

  2. #92
    Registered User RexVF5's Avatar
    Join Date
    Dec 2007
    Posts
    185
    Sponsored Links
    Sponsored Links
    Quote Originally Posted by ionbladez View Post
    No, this isn't packaging redirection, this is packet manipulation, and modification.

    We change the info in the packet to a custom server, and as I said won't disconnect the PS3. The PS3 does not verify with the server that SSL packet. The one that contains the "*.*.*.dl.playstation.net" information.

    We need to live-edit this, and the playstation would let us download whatever we want from our own server *with name verification*

    So if we have an ALREADY SIGNED pkg *SONY* - We can easily get the PS3 to download and install it.

    We just need to modify the raw packet.

    Anyways that's just my 2 cents.
    To tell the truth - I am lost - I have no clue what you're talking about. You cannot edit any packet in the SSL stream unless you possess server's (private) certificate - the whole communication is encrypted so your raw packet wouldn't be readable. Even if you had the way to decrypt it you'd have to route all the traffic from beginning through some intermediary server (man-in-the-middle) to decrypt it on the fly - but for this SSL has certain counter-measures.

    I have tried to go through your earlier posts but cannot grasp your intended scenario. Could please try to describe it better?
    Last edited by RexVF5; 06-27-2009 at 07:05 PM

  3. #93
    Registered User chigga102's Avatar
    Join Date
    May 2009
    Posts
    5
    Sponsored Links
    Sponsored Links
    my 2 cents is that couldnt someone with the right equipment be able to sniff the data on the bus going to the cpu as AFAIK one of the spus are there solely to run the hypervisor. couldnt we poke around the cpu and see what we find?

  4. #94
    Toucan Sam CJPC's Avatar
    Join Date
    Apr 2005
    Posts
    2,174
    Sponsored Links
    Sponsored Links
    Yeah, it sadly is not that easy, the PPU/SPU bus(es) are inside the cpu, and are not external - so they can not be sniffed.

    Note: Sure, I am assuming they could, in a laboratory, with crazy microscopes and very expensive equipment etc, but, its beyond any of our means.

  5. #95
    Registered User chigga102's Avatar
    Join Date
    May 2009
    Posts
    5
    Quote Originally Posted by CJPC View Post
    Yeah, it sadly is not that easy, the PPU/SPU bus(es) are inside the cpu, and are not external - so they can not be sniffed.

    Note: Sure, I am assuming they could, in a laboratory, with crazy microscopes and very expensive equipment etc, but, its beyond any of our means.
    oh, ouch. well are there software based approaches to getting such information for instance through linux or is it entirely hardware based for a sniffing attempt? maybe its possible using the cell sdk to create a program to get such info?

  6. #96
    Contributor semitope's Avatar
    Join Date
    Feb 2009
    Posts
    605
    Quote Originally Posted by CJPC View Post
    Yeah, it sadly is not that easy, the PPU/SPU bus(es) are inside the cpu, and are not external - so they can not be sniffed.

    Note: Sure, I am assuming they could, in a laboratory, with crazy microscopes and very expensive equipment etc, but, its beyond any of our means.
    Is there anywhere i can find info on how far or what you guys have uncovered? It just looks like its all a dead end. I dont work for sony, just want to know if there is some document with a compilation of things to be attempted and what is known about the various security methods in the ps3. Would help instead of throwing out already thought up hacks.

    I wish i had the technical know how to help in a different capacity. I would laugh heartily at sony once its hacked. Any hacker out there of worth () should take this as a direct challenge from sony.

  7. #97
    Registered User skelly's Avatar
    Join Date
    Jul 2009
    Posts
    3
    Quote Originally Posted by RexVF5 View Post
    You cannot edit any packet in the SSL stream unless you possess server's (private) certificate - the whole communication is encrypted so your raw packet wouldn't be readable. Even if you had the way to decrypt it you'd have to route all the traffic from beginning through some intermediary server (man-in-the-middle) to decrypt it on the fly - but for this SSL has certain counter-measures.
    You would think so wouldn't you? It is actually possible to replace objects being passed to a client over a SSL connection via a MIM attack. It's not easy as you have to do a lot of recalculations on the fly but it can be done. Some tools like Achilles (see:
    [Register or Login to view links]) implement some of these techniques.

    It's quite scary to think what the ISP's/Gov. can be done by marrying Deep Packet Inspection (DPI) hardware and code based on Achilles or Evilgrade.

    All is not what it seems...

 

Sponsored Links

Page 10 of 10 FirstFirst ... 8910
Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News