Sponsored Links

Sponsored Links

Sony PS3 System Software Update v4.31 Incoming, Details Arrive


Sponsored Links
108w ago - It was just a week ago since the previous PlayStation 3 System Software update arrived, but today Tempest_Fire of Sony PlayStation Support has announced that PS3 System Software Update v4.31 is incoming tonight with details below!

Download: [Register or Login to view links] / [Register or Login to view links] / [Register or Login to view links] by Team Siracide / [Register or Login to view links] by Soon (No Password) / [Register or Login to view links] (Mirror - Password: consolecrunch) / [Register or Login to view links] / [Register or Login to view links] (Mirror) / [Register or Login to view links] (Mirror #2) / [Register or Login to view links] (Mirror #3) / [Register or Login to view links] (Mirror #4) / [Register or Login to view links] by nathan_r32_69 / PS3 Firmware 4.31 Keys / [Register or Login to view links] by unknown / [Register or Login to view links] / [Register or Login to view links] / [Register or Login to view links] by SammyG0080 (aka str8b1t) / [Register or Login to view links] by XxZer0ModZxX (via RedDot-3ND7355 from xxzer0modzxx.com/t1273-core_os-431-decryptedencrypted-by-xxzer0modzxx#9099) / [Register or Login to view links] from SammyG0080 / PS3 4.31 Firmware Keys by MARKUS++

To quote: Hi everyone, I'm posting this message to inform you that there will be a minor firmware update (v.4.31) released on the evening of Monday, October 29th.

There will not be PlayStation Network maintenance during this time; online play and access to apps will not be affected during the release of this update.

This is not a mandatory update. However, we suggest you keep your systems updated with the latest firmware, as these updates further improve overall system stability and help provide you with the best online entertainment experience possible.

To update to v.4.31, select Settings from your Xross Media Bar (XMB) > System Update > Update via Internet and then follow the on-screen instructions.

More information about PlayStation system updates can be found here: [Register or Login to view links]

Tempest_Fire
Digital Platforms Community Manager
Sony Computer Entertainment America

From their [Register or Login to view links]: "If you've had issues with Monster Hunter Portable 3rd HD, download the optional PS3 software update (v.4.31)"

From afiser on the PS3 Keys posted above: This is as simple as putting the bootldr keys (what you all call the lv0 keys released last week) in the scetool data/keys file and running scetool.exe -d lv0 lv0.elf

From zadow28: Found some interesting, when debugging lv1.elf from 4.31:

[Register or Login to view code]

Only shows when debugging.. well thats where i'm at so far regards.

Dumps/Debug off core_os/Devflash files. 4.++

Have done some experimenting. Found out that you can actuelly run the self/sprx (ppc)

From core_os, and Devflash.. from "official" debugger,and dump them. You have to set up an fake Param.sfo, so the debugger thinks its an executable.. but the result is quite amazing. You really get an better overview, since you can see al the files it communicates with.

I use Ida pro 64 PPC proccesser to analyze, the dump. Then use Kakarotos scrips analyze_sprx.idc. Set new TOC, when the script tell you and reanalyze.

The dump is 4mb packed but 250 mb unpacked. I'll give an more deeper, TUT when i have the time. Works on all files so far i tested PPC ones, so all expect the spu files. Tested vsh.self/mcore.self/psp_emu.self plus many more.

Well here is the dump, for BDVD.SELF: [Register or Login to view links]

Off course you can debug all the files, and the embedded spu before dumping.

Finally, from Team Siracide comes [Register or Login to view links] with details below, as follows:

[Register or Login to view code]




Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 49 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

R33L's Avatar
#49 - R33L - 78w ago
I got tired of waiting for someone to come across this information. not one single scene site has even noticed this: packetstormsecurity.com/files/121691/Sony-PS3-Firmware-4.31-Code-Execution.html
[code]Sony PS3 Firmware v4.31 - Code Execution Vulnerability

Date:

2013-05-12

References:

vulnerability-lab.com/get_content.php?id=767

VL-ID:

767

Common Vulnerability Scoring System:

6.5

Introduction:

The PlayStation 3 is the third home video game console produced by Sony Computer Entertainment and the successor to the
PlayStation 2 as part of the PlayStation series. The PlayStation 3 competes with Microsoft`s Xbox 360 and Nintendo`s Wii
as part of the seventh generation of video game consoles. It was first released on November 11, 2006, in Japan, with
international markets following shortly thereafter.

Major features of the console include its unified online gaming service, the PlayStation Network, its multimedia capabilities,
connectivity with the PlayStation Portable, and its use of the Blu-ray Disc as its primary storage medium.

(Copy of the Homepage: en.wikipedia.org/wiki/PlayStation_3)

PlayStation Network, often abbreviated as PSN, is an online multiplayer gaming and digital media delivery service provided/run
by Sony Computer Entertainment for use with the PlayStation 3, PlayStation Portable, and PlayStation Vita video game consoles.
The PlayStation Network is the video game portion of the Sony Entertainment Network.

(Copy of the Homepage: en.wikipedia.org/wiki/PlayStation_Network)

Abstract:

The Vulnerability Laboratory Research Team discovered a code execution vulnerability in the official Playstation3 v4.31 Firmware.

Report-Timeline:

2012-10-26: Researcher Notification & Coordination
2012-11-18: Vendor Notification 1
2012-12-14: Vendor Notification 2
2012-01-18: Vendor Notification 3
2012-**-**: Vendor Response/Feedback
2012-05-01: Vendor Fix/Patch by Check
2012-05-13: Public Disclosure

Status:

Published

Affected Products:

Sony
Product: Playstation 3 4.31


Exploitation-Technique:

Local

Severity:

High

Details:

A local code execution vulnerability is detected in the official Playstation3 v4.31 Firmware. The vulnerability allows local attackers to inject and execute code out of vulnerable ps3 menu main web context.

There are 3 types of save games for the sony ps3. The report is only bound to the .sfo save games of the Playstation3.
The ps3 save games sometimes use a PARAM.SFO file in the folder (USB or PS3 HD) to display movable text like marquees,
in combination with a video, sound and the (path) background picture. Normally the ps3 firmware parse the redisplayed
save game values & detail information text when processing to load it via usb/ps3-hd. The import ps3 preview filtering
can be bypassed via a splitted char by char injection of script code or system (ps3 firmware) specific commands.

The attacker syncronize his computer (to change the usb context) with USB (Save Game) and connects to the network
(USB, COMPUTER, PS3), updates the save game via computer and can execute the context directly out of the ps3 savegame preview
listing menu (SUB/HD). The exploitation requires local system access, a manipulated .sfo file, an usb device. The attacker
can only use the given byte size of the saved string (attribute values) to inject his own commands or script code.

The ps3 filter system of the SpeicherDaten (DienstProgramm) module does not recognize special chars and does not provide
any kind of input restrictions. Attackers can manipulate the .sfo file of a save game to execute system specific commands
or inject malicious persistent script code.

Successful exploitation of the vulnerability can result in persistent but local system command executions, psn session
hijacking, persistent phishing attacks, external redirect out of the vulnerable module, stable persistent save game preview
listing context manipulation.

Vulnerable Section(s):
[+] PS Menu > Game (Spiel)

Vulnerable Module(s):
[+] SpeicherDaten (DienstProgramm) PS3 > USB Gerät

Affected Section(s):
[+] Title - Save Game Preview Resource (Detail Listing)

Proof of Concept:

The firmware preview listing validation vulnerability can be exploited by local attackers and with low or medium required user interaction.
For demonstration or reproduce ...

The attacker needs to sync his computer (to change the usb context) with USB (Save Game) and connects to the network
(USB, COMPUTER, +PS3), updates the save game via computer and can execute the context directly out of the ps3 savegame preview
listing menu (SUB/HD). The exploitation requires local system access, a manipulated .sfo file, an usb device. The attacker
can only use the given byte size of the saved string (attribute values) to inject his own commands or script code.

The ps3 filter system of the SpeicherDaten (DienstProgramm) module does not recognize special chars and does not provide
any kind of input restrictions. Attackers can manipulate the .sfo file of a save game to execute system specific commands
or inject malicious persistent script code out of the save game preview listing.

If you inject standard frames or system unknow commands (jailbreak) without passing the filter char by char and direct sync
as update you will fail to reproduce!

PoC: PARAM.SFO

PSF Ä @ h % , 4
$ C @ ( V h j
€ p t € š
ACCOUNT_ID ATTRIBUTE CATEGORY DETAIL PARAMS PARAMS2 PARENTAL_LEVEL SAVEDATA_DIRECTORY SAVEDATA_LIST_PARAM SUB_TITLE TITLE
40ac78551a88fdc
SD
PSHACK: Benjamin Ninja H%20'>"

d3m0n1q733rz's Avatar
#48 - d3m0n1q733rz - 78w ago
I just saw this earlier: packetstormsecurity.com/files/121691/sony_ps3_firmware_v4.31-exec.txt
[code]Sony PS3 Firmware 4.31 Code Execution

A local code execution vulnerability is detected in the official PlayStation 3 v4.31 Firmware. The vulnerability allows local attackers to inject and execute code out of vulnerable PlayStation 3 menu main web context.

Title:

Sony PS3 Firmware v4.31 - Code Execution Vulnerability

Date:

2013-05-12

References:

vulnerability-lab.com/get_content.php?id=767


VL-ID:

767

Common Vulnerability Scoring System:

6.5

Introduction:

The PlayStation 3 is the third home video game console produced by Sony Computer Entertainment and the successor to the
PlayStation 2 as part of the PlayStation series. The PlayStation 3 competes with Microsoft`s Xbox 360 and Nintendo`s Wii
as part of the seventh generation of video game consoles. It was first released on November 11, 2006, in Japan, with
international markets following shortly thereafter.

Major features of the console include its unified online gaming service, the PlayStation Network, its multimedia capabilities,
connectivity with the PlayStation Portable, and its use of the Blu-ray Disc as its primary storage medium.

(Copy of the Homepage: en.wikipedia.org/wiki/PlayStation_3)

PlayStation Network, often abbreviated as PSN, is an online multiplayer gaming and digital media delivery service provided/run
by Sony Computer Entertainment for use with the PlayStation 3, PlayStation Portable, and PlayStation Vita video game consoles.
The PlayStation Network is the video game portion of the Sony Entertainment Network.

(Copy of the Homepage: en.wikipedia.org/wiki/PlayStation_Network)

Abstract:

The Vulnerability Laboratory Research Team discovered a code execution vulnerability in the official Playstation3 v4.31 Firmware.

Report-Timeline:

2012-10-26: Researcher Notification & Coordination
2012-11-18: Vendor Notification 1
2012-12-14: Vendor Notification 2
2012-01-18: Vendor Notification 3
2012-**-**: Vendor Response/Feedback
2012-05-01: Vendor Fix/Patch by Check
2012-05-13: Public Disclosure

Status:

Published

Affected Products:

Sony
Product: PlayStation 3 4.31

Exploitation-Technique:

Local

Severity:

High

Details:

A local code execution vulnerability is detected in the official Playstation3 v4.31 Firmware.
The vulnerability allows local attackers to inject and execute code out of vulnerable ps3 menu main web context.

There are 3 types of save games for the sony ps3. The report is only bound to the .sfo save games of the Playstation3.
The ps3 save games sometimes use a PARAM.SFO file in the folder (USB or PS3 HD) to display movable text like marquees,
in combination with a video, sound and the (path) background picture. Normally the ps3 firmware parse the redisplayed
save game values & detail information text when processing to load it via usb/ps3-hd. The import ps3 preview filtering
can be bypassed via a splitted char by char injection of script code or system (ps3 firmware) specific commands.

The attacker syncronize his computer (to change the usb context) with USB (Save Game) and connects to the network
(USB, COMPUTER, PS3), updates the save game via computer and can execute the context directly out of the ps3 savegame preview
listing menu (SUB/HD). The exploitation requires local system access, a manipulated .sfo file, an usb device. The attacker
can only use the given byte size of the saved string (attribute values) to inject his own commands or script code.

The ps3 filter system of the SpeicherDaten (DienstProgramm) module does not recognize special chars and does not provide
any kind of input restrictions. Attackers can manipulate the .sfo file of a save game to execute system specific commands
or inject malicious persistent script code.

Successful exploitation of the vulnerability can result in persistent but local system command executions, psn session
hijacking, persistent phishing attacks, external redirect out of the vulnerable module, stable persistent save game preview
listing context manipulation.

Vulnerable Section(s):
[+] PS Menu > Game (Spiel)

Vulnerable Module(s):
[+] SpeicherDaten (DienstProgramm) PS3 > USB Gerät

Affected Section(s):
[+] Title - Save Game Preview Resource (Detail Listing)

Proof of Concept:

The firmware preview listing validation vulnerability can be exploited by local attackers and with low or medium required user interaction.
For demonstration or reproduce ...

The attacker needs to sync his computer (to change the usb context) with USB (Save Game) and connects to the network
(USB, COMPUTER, +PS3), updates the save game via computer and can execute the context directly out of the ps3 savegame preview
listing menu (SUB/HD). The exploitation requires local system access, a manipulated .sfo file, an usb device. The attacker
can only use the given byte size of the saved string (attribute values) to inject his own commands or script code.

The ps3 filter system of the SpeicherDaten (DienstProgramm) module does not recognize special chars and does not provide
any kind of input restrictions. Attackers can manipulate the .sfo file of a save game to execute system specific commands
or inject malicious persistent script code out of the save game preview listing.

If you inject standard frames or system unknow commands (jailbreak) without passing the filter char by char and direct sync
as update you will fail to reproduce!

PoC: PARAM.SFO

PSF Ä @ h % , 4
$ C @ ( V h j
€ p t € š
ACCOUNT_ID ATTRIBUTE CATEGORY DETAIL PARAMS PARAMS2 PARENTAL_LEVEL SAVEDATA_DIRECTORY SAVEDATA_LIST_PARAM SUB_TITLE TITLE
40ac78551a88fdc
SD
PSHACK: Benjamin Ninja H%20'>"

cfwmark's Avatar
#47 - cfwmark - 91w ago
Back to 4.10 got it to 100% on first screen install. press PS. checking for update... the data is corrupted (8002F15E)

tried dev file for 4.31 didn't work (hope they work for you)

can anyone fix this or know how to?

Ozz465's Avatar
#46 - Ozz465 - 94w ago
Not anytime soon.

fadi's Avatar
#45 - fadi - 94w ago
will hackers ever find a jailbreak for ps3 ofw 4.31?

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News