Sponsored Links

Sponsored Links

PS3 Firmware 3.21 Update Arrives, It Only Does Less Than It Did!


Sponsored Links
234w ago - As scheduled, today the PS3 Firmware 3.21 update is available for download and as Sony previously confirmed it disables the OtherOS functionality in an effort to make the PlayStation 3 entertainment system more secure.

Download: [Register or Login to view links] / [Register or Login to view links]

PS3 hacker GeoHot ([Register or Login to view links] to [Register or Login to view links]) has promised a solution to those who hold off updating their console which may include PS3 Custom Firmware alongside a [Register or Login to view links] open-source PS3 RSX driver rumored to be in development.

More details to come as they are available, including a full PS3 Firmware version 3.21 changelog. At the moment, all that is available from the [Register or Login to view links] site according to [Register or Login to view links] is the following, to quote: "Firstly it appears the quality of of PlayStation format software from the Store has been improved, presumably referring to the PS1 functionality (FFIX?).

Secondly, it appears that the security of MP4 video playback has been boosted too, removing some vulnerabilities."

RSX objects:

0x0 -- 0x30 -- NV01_NULL
0x31337000 -- 0x4097 -- NV40TCL
0x31337303 -- 0x39 -- NV_MEMORY_TO_MEMORY_FORMAT
0x3137C0DE -- 0x39 -- NV_MEMORY_TO_MEMORY_FORMAT
0x31337A73 -- 0x309E -- NV40_SWIZZLED_SURFACE
0x313371C3 -- 0x3062 -- NV40_CONTEXT_SURFACES_2D
0x3137AF00 -- 0x3089 -- NV40_SCALED_IMAGE_FROM_MEMORY
0x31337808 -- 0x308A -- NV40_IMAGE_FROM_CPU

Changelog:

• The [Install Other OS] and [Default System] features have been deleted.
• The playback quality of some PlayStation® format software that is downloaded (as a purchase or for free) from PlayStation®Store has been improved.
• A security patch was added to address security vulnerabilities that may occur when playing MP4 format video files.

Finally, those who don't plan to update may want to check out the guides on How to Bypass PS3 Firmware 3.21 and Connect to PSN.



Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 116 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

Onestep's Avatar
#106 - Onestep - 233w ago
How would one go about hosting their own dns server on a local computer that works as well as the famed dns server working around 3.21 update?

moneymaker's Avatar
#105 - moneymaker - 233w ago
YOU SERIOUS ?? Which jollyroger company could run a public dns server in order to gain what ? My PSN account infos ? here tehre are some example:

Let say I'm 1.1.1.1 and wnt to connect to PSN which is 9.9.9.9 and I use a compromised dns that' 5.5.5.5 rerouting me through 8.8.8.8 (proxy faking 9.9.9.9 account info request) and then redirecting me to 9.9.9.9 keeping my account info, first of first every secure connection is encrypted through some strong algo, secondly if I have already fed credit card info that one is already stored onto PSN secure server or somewhere else, no need to feed it again but even in that case communications are still encrypted, finally 9.9.9.9 identifies me through (let say) 7.7.7.7 that's not a compromised dns thus communication can't be redirected from 5.5.5.5 but even if they were the need to fake my root key to identify my machine is nothing that has already be done (neither is on the horizon).

-Set up a (public) compromised dns.
-Set up a matching proxy able to filter and keep ENCRYPTED info.
-Hope that I should feed another credit card info otherwise PSN uses the one stored into it's secure server.
-Fake answers from my machine in order to achieve some kind of PSN->my-machine related public key (and they can't furthermore reroute communication between PSN and my machine cause 1° PSN uses another dns, 2° they doesn't -like everyone- know my machine key that's furthermore used encrypted).
-Decrypt some kind of INOX multilayer algo and retrieve infos that way (no one has already been able actually to decrypt).

All this mess to achieve what ?

To achieve (hopefully) my credit card infos and not the infos of other users cause if two or three bank customers from different parts of the world claim a fraud onto a suspicious transaction they will be caught in no time ?

I read well before posting, is for this reason I ask you, please, BE SERIOUS !!! I know and support your thesis that this kind of things can happen, but not at this level.

No one would spend millions and risk jail more than a big headache to steal my PSN avatar, it's just ridiculous.

FKell's Avatar
#104 - FKell - 233w ago
Quote Originally Posted by moneymaker View Post
Yeah, this is definitely true, you're right, what a BIG CAKE redirecting you to a WHOLE faked PSN site (that cannot have your credit card info stored inside if it weren't copied=hacked from the original PSN site)...

What a big achievement, I'm so scared...those ones are big pirates, stealing my PSN account is the worst thing they can do in this world...not to tell they can also spy which games am I playing...

(sorry but sarcasm 4 sarcasm..)

Ok, IT CAN BE DANGEROUS and could lead to some mess, but actually it would be the lighter of my concernings...

You sir, fail at READING. Did you note the part where I said the site is simply a PROXY REDIRECT? They don't NEED to HACK PSN. They simply ACCEPT the LOGIN information that YOU SENT them. They then STORE THAT INFORMATION, and REDIRECT YOUR CONNECTION on its merry way to PSN, at which point you are then pointing to the real PSN and gain all the features of PSN. They don't need to hack PSN, you just GAVE THEM YOUR LOGIN AND PASSWORD, which they can now use to login to PSN as you anytime they feel like.

You fail at READING. They don't NEED to fake the entire PSN site. They only need to fake the access page as a proxy redirect (something that takes all of 20 seconds to setup). Their site simply accepts connects made to it, STORES the USERNAME and PASSWORD that you SENT THEM, and then REDIRECTS that request to the REAL PSN. At no point would you see ANYTHING wrong with your connection. They don't need to "hack" PSN at all because you SENT them YOUR USERNAME and PASSWORD.

Think of it more like this, you swipe your credit card at a gas station, your card is charged for your gas, everything is fine. Two weeks later, you notice a charge for $5,000 worth of electronics you didn't purchase on your card. How did that happen? Well, turns out someone installed a logger on the credit card reader at the gas station pump you used and made a copy of all the credit card numbers, check cards and pin numbers entered. Then someone came back and then used that information to charge things to those cards. You say that couldn't happen? Think again:

[Register or Login to view links]

The DNS hack with a redirect works the same way. They just log the information that passes through their server, which includes your USERNAME and PASSWORD.

moneymaker's Avatar
#103 - moneymaker - 233w ago
Quote Originally Posted by FKell View Post
Yeah, it only points your system where to go when you specify a server name. No one has ever setup a fake site that looks like the real thing which redirects to the real thing after authentication (and logs the username/password for later use). It's not like anyone has ever thought of that before, so there is no problem with this type of thing.

Oh, wait, it HAS been done before? F-Me!

(If no one picked up on the sarcasm, I am saying the above is all sarcastic).

Yeah, this is definitely true, you're right, what a BIG CAKE redirecting you to a WHOLE faked PSN site (that cannot have your credit card info stored inside if it weren't copied=hacked from the original PSN site)...

What a big achievement, I'm so scared...those ones are big pirates, stealing my PSN account is the worst thing they can do in this world...not to tell they can also spy which games am I playing....

(sorry but sarcasm 4 sarcasm..)

Ok, IT CAN BE DANGEROUS and could lead to some mess, but actually it would be the lighter of my concernings...

ruger1234's Avatar
#102 - ruger1234 - 233w ago
Just to comment on the threat of fake sites... which a rouge DNS server could redirect our PS3s to...

As you know, for browser communications the problem of fake sites is addressed through use of 3rd party certificates (Verisign etc.). This makes sure that the destination host is authenticated, and thus not a fake one.

From the few times I have sniffed PS3 communications to grab URLs I know part of the content is encrypted, but I have not looked into the details and studied i.e. how Sony uses certificates.

I am only pointing this out as better understanding of the security details of PS3 communcations would useful be assess the threat of fake sites and easy MITM attacks.

In any case a MITM is dangerous. It opens up for all kinds of intriguing attacks as the MITM is able to manipulate traffic...

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News