Post: [CAUTION:]►PS3 OFW 3.56 New Feature: ➟Rootkit
01-31-2011, 04:29 AM #1
(adsbygoogle = window.adsbygoogle || []).push({});
CAUTION:
You must login or register to view this content.

Originally posted by another user
Vagabundo posts:
Apparently, examination of the OFW has found a new feature that will allow Sony to download and run code when you login to PSN.

The code they can run is obviously to check for CFW or whatever, but the code could change to check for anything really.

And with the current state of PS3 security there is the possibility that others might be able to run their code on your PS3 without your knowledge.

I don't run CFW and I'm pretty pissed about this. What they are doing might be illegal in the EU.



Originally posted by another user
Originally Posted by N.A
For those who are curious about the new PS3 security, it seems Sony has implemented something in 3.56 I mentioned here a few weeks ago that is the same as Microsoft uses to detect and ban 360's.

Mathieulh just posted about it on IRC.

Essentially Sony can now remotely execute code on the PS3 as soon as you connect.

This can do whatever Sony wants it to do such as verifying system files or searching for homebrew. Sony can change the code and add new detection methods without any firmware updates and as the code executes remotely there is no reliable way to forge the replies.

Whilst it is possible to patch or remove this code from the firmware this will likely mean the end of playing CFW online (as PSN can just check before login that this is active) or at the very least mean it will be even easier for Sony to detect and ban users.

Judging from the fact that people can still connect using the proxy method it seems Sony hasn't activated any of this yet but the functions are there in the new firmware.


Originally posted by another user
Originally Posted by IRC
Jan 27 14:44:32 <Mathieulh> 3.56 has nice new stuffs in there :P

Jan 27 14:44:43 <Mathieulh> like remote code execution upon login

Jan 27 14:44:45 <Sorrowuk> They will just release patches so people who have hacked cant go online

Jan 27 14:44:46 <Mathieulh> yummy :P

Jan 27 14:44:50 <noone> WAT

Jan 27 14:45:00 <noone> RFE built-in the fw!?

Jan 27 14:45:25 <Mathieulh> 3.56 pretty much has a built in psn rootkit

Jan 27 14:45:30 <noone> dude, that's the only stuff i'd be afraid of

Jan 27 14:45:31 <Mathieulh> don't tell me I haven't warned you

Jan 27 14:45:43 <Sorrowuk> psn rootkit ?

Jan 27 14:46:05 <noone> but if we could rip-off the fw that shit would be erased

Jan 27 14:46:20 <noone> that was the only thing stopped sony to _auto_ update your fw

Jan 27 14:46:22 <Mathieulh> noone it's not that simple

Jan 27 14:46:29 <Mathieulh> the server awaits a proper reply

Jan 27 14:46:34 <Mathieulh> and that reply isn't in the firmware



Sony's not even trying to hide it either...
You must login or register to view this content.
You must login or register to view this content.
You must login or register to view this content.


You must login or register to view this content.
[/center]
(adsbygoogle = window.adsbygoogle || []).push({});

The following 12 users say thank you to NextGenTactics for this useful post:

allant, AlphaPoppy, angel_of_deth, Clutch Hunterr, DeAd_bLiTz, iNoxx, LilP, manster, PlayDude77, SolidSnake77, stronghead, thecooldude71
01-31-2011, 11:52 PM #83
Winning
Former Staff
i would be scared if i were me.
01-31-2011, 11:53 PM #84
wardoc22
S.P.E.C.I.A.L
what the fluck? we are forced to agree with their terms to use the ps3. Its like payin 20k for a car and then we have to agree that we will buy insurance or we wont get to use it. thts messed up
02-01-2011, 12:18 AM #85
DeAd_bLiTz
You talkin to me?
Imma sue sony. Wish me luck boys. :carling:

The following 2 users say thank you to DeAd_bLiTz for this useful post:

GreenToxon, jimjaam
02-01-2011, 12:23 AM #86
xEnhancer
Cracking WI-FI
Uhhhhhhhhhhhhhhhhhhhhhhhhhhh !?
02-01-2011, 12:39 AM #87
angel_of_deth
Climbing up the ladder
Originally posted by cyberdoc View Post
Sony DOES NOT have a legal right to damage or brick or harm in any way, any piece of consumer owned equipment. They CANNOT prevent the offline use of said equipment. I can guarantee, I will start a Class action lawsuit at the first sign they had anything to do with any of my PS3's stopping to function offline.



---------- Post added at 11:20 AM ---------- Previous post was at 11:04 AM ----------



WRONG, You have every right to protect your property, any attmepts by a corporation to damage, Prevent Use of, of confiscate consumer equipment without a Warrant and proof of illegal activity is against the law. Sony is trying to scare people. Because the PSP2 and the new Playstation 4 is build around the same technology, because they were so successful in keeping hackers out of it for so long. They got complacent and figured what was working for PS3 would stand the test of time and Built the new boxes with old security.


yea if they do im sure a good 9/10 of those ppl wont just stand by and let them destroy their ps3 and them being able to if you live in the usa and they find its the only way to protect their interest they can try and its good to know there is still ppl willing to tell them to **** off if they try this
02-01-2011, 01:23 AM #88
was reading a post on update of geohots case and seen this

"Illston also tentatively agreed with Sony’s complaint that Hotz likely breached the Computer Fraud and Abuse Act by acquiring unauthorized access to the game console, access that Sony forbids.

That act, too, can be either a civil or criminal violation. It was unsuccessfully used to prosecute Lori Drew in the country’s first cyberbullying prosecution in 2009.

Sony, which is seeking unspecified monetary damages, has just released a firmware update designed to nullify Hotz’ code."

as everyone knows the door swings both ways. As and when you purchase a ps3 console, the console becomes your property and for sony to check anything on your ps3 without prior consent is a violation of this law.......depending on the number of people how get snooped on and complain about it, petition and thereafter......would make it a criminal violation1#

hope this has been of some help to you all state side.

As for the eu clan, im still searching.

if this has been of any help please thank or rep me

cheers
02-01-2011, 01:36 AM #89
bmxdude9
Million Miles Of Fun!
I find it stupid they really should just word it in the agreement "This just allows us to find whatever we want on your console and we don't care what". YES we own the hardware... we do NOT own the software meaning we can be voided from that. Still I find an issue with that as really they could see anything they want, people might have personal stuff on there. IMO its no better than spying with the kinect.

Would be HIGHLY FUNNY to exploit this though, if we really figured it out and mapped the network we could cause a little chaos on their side. Well depending on how this security actually works, i.e. what it looks for, how the functions work for finding stuff we shouldn't have etc and, how its sent to Sony.

I guess Sony's law department has to do something.
02-01-2011, 01:52 AM #90
Originally posted by bmxdude9 View Post
I find it stupid they really should just word it in the agreement "This just allows us to find whatever we want on your console and we don't care what". YES we own the hardware... we do NOT own the software meaning we can be voided from that. Still I find an issue with that as really they could see anything they want, people might have personal stuff on there. IMO its no better than spying with the kinect.

Would be HIGHLY FUNNY to exploit this though, if we really figured it out and mapped the network we could cause a little chaos on their side. Well depending on how this security actually works, i.e. what it looks for, how the functions work for finding stuff we shouldn't have etc and, how its sent to Sony.

I guess Sony's law department has to do something.




definately. We should all start putting an effort in to **** the corporation!!! :carling:
02-01-2011, 02:06 AM #91
bmxdude9
Million Miles Of Fun!
Originally posted by nutta1234 View Post
definately. We should all start putting an effort in to **** the corporation!!! :carling:


Like in all seriousness! If we are able to figure out the security we can then see what they are specifically looking for(my guess they have a lib of sort that compares to everything Sony has signed themselves and released... so all official games, DLC's and if it doesn't match they'll compare to make sure). Even if we figure that out the only fun would be putting backdoors into the code and compiling them as well known homebrew like FTP and IF and ONLY IF Sony actually receives the file(like they find it and then dl) then that would be our fun.

Other wise it sounds like a lot of hotfixes and security patches. We could perhaps, slim chance, exploit it in another way to send stuff to their side. This "rootkit" is like a bridge, if its secure then its no go or its more work... which it most likely will be.

BUT on what I said above I don't think Sony is that dumb(as of yet), to allow file transfer to view from us as it must TRULY be remote and be done virtually. There could be a troll on that bridge that when they detect potentials they frag ID them and if that pass doesn't match the troll blocks it.

Im betting you their smart enough to virtually view our homebrew(if that is in fact part of their goals.. I doubt they only want a list of what we ran on there as they could already do that and wouldn't add this then).

The following user thanked bmxdude9 for this useful post:

nutta1234

Copyright © 2026, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo