Sponsored Links

Sponsored Links

Results 1 to 2 of 2



  1. #1
    Toucan Sam CJPC's Avatar
    Join Date
    Apr 2005
    Posts
    2,174
    Sponsored Links

    Resistance: FoM Network Update Vulnerability

    Sponsored Links
    As you know, the Resistance: Fall of Man game updates via PlayStation Network. The resident PS3 Devs (Subdub and Gigi) discovered this nearly 6 months ago and others (Placa, to name just one) soon after, it's just another rehash of the old Warhawk method (detailed here and here), but more constrained.

    For example, using the Warhawk hole users could change directories, in the R:FOM one you can't. In layman's terms, it means this R:FOM method is even more limited/useless than the Warhawk one was. Of course to those who just recently discovered it- this is being incorrectly labeled as something useful when it sadly isn't at all.

    However, since Sony plugged the Warhawk hole in a past Firmware Update, most of the devs opted to keep quiet until tonight... as now this hole will certainly be addressed in an upcoming Firmware Update as it is indeed a security issue to Sony.

    It's a fairly simple method. Using your favorite DNS "hijack" method, or proxy server redirect download-prod.online.scea.com to a HTTP server.

    On the HTTP server, set up the path:
    /client-patch/resistancegs-prod/resistancegs_SCEE/8.7.1.1/

    So, http://download-prod.online.scea.com/client-<br>patch/resistancegs-prod/resistancegs_SCEE/8.7.1.1/ will be redirected to your HTTP server.

    You will want to download the files from there to your HTTP server, and recreate the file directory. You can then begin to play around with the files.

    http://download-prod.online.scea.com/client-patch/resistancegs-<br>prod/resistancegs_SCEE/8.7.1.1/manifest.dat

    http://download-prod.online.scea.com/client-patch/resistancegs-<br>prod/resistancegs_SCEE/8.7.1.1/EBOOT.BIN

    Note: You may need to change _SCEE to _SCEA, depending on your region.

    You cant do much with this, you can replace some files, but since they're all encrypted and signed, its somewhat useless indeed!

    In regards to the Manifest.dat, a hint:

    0x00: 0x49470001 - marker
    0x04: 0x0000000a - number of files
    0x08: 32 bytes per patch file

    And the patch files:

    0x00: 64-bit length
    0x08: 32-bit checksum? (unused)
    0x0c: 20 bytes - zero terminated file name

    More PlayStation 3 News...

  2. #2
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    27,829
    Sponsored Links

    Arrow

    Sponsored Links
    Here are a few more older PS3 vulnerabilities for those following...

    From seclists.org/bugtraq/2009/Jul/126

    [Register or Login to view code]

    Unfortunately it's from July 2009 so we don't know if it's already patched...

    [Register or Login to view code]

    Correct. Hard locks the PS3. You have to hard reset afterwards.

    Another: exploit-db.com/exploits/25718/

    Sony Playstation 3 (PS3) 4.31 - Save Game Preview SFO File Handling Local Command Execution

    [Register or Login to view code]

    Report-Timeline:

    [Register or Login to view code]

    This one is patched and couldn't really do much anyway.

 

Sponsored Links
Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News