Sony Adds PS3 Firmware 3.60 Auth on PSN, CFW Patch Incoming

118w ago - Last week PS3 Firmware 3.60 was released, and as of today Sony has updated the platform authentication xi passphrase for PSN resulting in Custom Firmware users (via FckPSN and similar methods) being blocked, however, according to IRC reports a PlayStation 3 CFW patch update shouldn't be far off.

To quote from PSX-Scene (linked above): "We are expecting sporadic PSN maintenance from approx 9am-3pm PST Thursday 03/17/2011. We apologize for the inconvenience."

That message was the last thing that CFW users got to see today, later after the network was back up everyone found they been kicked off their PSN!

Sony has finally enabled the new v3.60 auth system which was found hiding in the new firmware they had released last week!

Finally, from IRC:

Scorpion1: the 3.60 passphrase will be the same for everyone
Scorpion1: well mathieulh said the 3.55 one is
Scorpion1: saktdlMapxsbsghmq5dhlwrmtsicyijmzntqaLcpgd8ybbetdmsha=jm
Scorpion1: and thats from his ps3 i take it
Scorpion1: so is yours the same ?
trixter: yeah that is the same as my 3.55
Scorpion1: so its the same then
Mathieulh: it's a static value
Mathieulh: for all ps3s
trixter: so it appears that it is the same which means that they are not as smart as I gave them credit for
Mathieulh: that's the 3.55 one
Mathieulh: basically 3.56 and below have that old passphrase
Scorpion1: what about all the old firmwares like 3.21 etc did the passphrase change much ?
trixter: its used to auth with psn
trixter: one of the HTTP headers
trixter: X-Platform-Passphrase: saktdlMapxsbsghmq5dhlwrmtsicyijmzntqaLcpgd8ybbetdmsha=jm
segobi: its tghaaiennclabelcaxetighenpgjgth5gkdhwlwldighhj8kehehxl
MCPADDING: lol i'll just wait for team rebug to release a pkg
trixter: it *ONLY* is used to log into psn
trixter: nothing else
Scorpion1: trixter so you have the 3.60 passphrase ... whats the first character of it ?
trixter: my scope is very narrowly defined, security/privacy related stuff in terms of where your information goes, to whom, when/why, so that you can make informed decisions about how you use things
Scorpion1: there not going to ban anyone if you cant get online on psn anyway, whats the point in them doing that
trixter: attempting to get online with a spoofed version lets them know who is violating the tos, they can console ban so tthat the device never gets on in the future even if you manage to figure it out
trixter: the ban would only be from psn, it would stop them getting on psn
Sc0rpius: trying to circumvent it is a direct violation of the TOS, so they could ban anyone with non matching version and passphrase
Celestria: i been playing on jpsn for last month
Celestria: no ban
trixter: Celestria: each region is run independently of each other. you may get banned for certain language on one but not on the others, and a ban in one place does not guarantee it elsewhere
Scorpion1: bet graf could find the 3.60 passphrase and he will post it, he posts everything lol
trixter: Scorpion1: probably, although its already known to some
trixter: it treally is not that hard to get it
trixter: at least by my method, which requires no sneaky access to any of the software on the system, no disassembling, no nothing that way..
Scorpion1: but for 3.60 the ssl encryption keys changed
Scorpion1: didnt they
trixter: no
defyboy-: you will need to generate your own certificate
trixter: ssl makes new keys for each connection unless it caches
trixter: if it caches it may use the same keys for a session to the same host but it will eventually rotate them to new keys either because its a new session or different host or watever
trixter: its just how ssl works
George234: does it use the chain of trust?
trixter: it uses PKI yes, that is how SSL works (for https anyway)
trixter: but the session key is dynamically created, it is just transmitted using the public key that is part of the server
Scorpion1: so you can connect a 3.55 console get the ssl encryption keys cached , then connect an official 3.60 console and decrypt the ssl ?
trixter: nono they are cached in memory and are device specific
fwnpwno: Mathieulh: you know how to login with cfw isnt'it?
Mathieulh: fwnpwno you grab the new passphrase, you patch vsh.self to use it and return 03.60, you profit