Post: [Explanation:]►Connecting to PSN on CFW 3.55 Kmeaw
02-12-2011, 07:18 PM #1
(adsbygoogle = window.adsbygoogle || []).push({});
You must login or register to view this content.
You must login or register to view this content.


By now everyone has seen this thread

You must login or register to view this content.

Atfer reading the tutorial posted, im sure most of you are wondering WTF!??!:FU:

Well Virtu from You must login or register to view this content.posts a great explanation of exactly how this hack works for those trying to learn and understand it:

Originally posted by another user
I’ll explain the principles of this hack. You need to understand how SSL works, and a few more things, and that’s it.

SSL creates an encrypted tunnel between 2 points, the CLIENT and the SERVER. A CLIENT can be a web browser, or a PS3 for example. A SERVER is a website.

Each CLIENT and SERVER has to have matching certificates.

There are 5 or 6 companies that make SSL certificates. When you install your web browser it comes with certificates pre-installed from all of those companies.

When you want to make a server that uses SSL, you go to one of those companies that buy your certificate because their certificates are already installed on all browsers.

Each SERVER certificate is linked to a web address.

So say you go to your bank’s website. Your browser makes a connection, and the SERVER responds and says here is my certificate for bank.com, and I got it from company X.

Your browser looks in its list of certificates for a certificate from company X. If you have one, the connection works.

The PS3 connects to Sony servers, and Sony’s certificates are all purchased from the company called Verisign. The PS3 has Verisign certificates already installed on it, just like your web browser.

For this hack, you need to fake a sony webserver, but you do not have a verisign certificate for a sony server.

So you make a fake certificate good for a sony server address on your own.

When the PS3 asks your proxy server for the sony server you give it the fake certificate you made. But there’s a problem. The PS3 does not trust your certificate, it only trusts Verisign certificates.

So, you must install your fake cert on the PS3. These certs are held in dev_flash. So you do that.

Now the PS3 connects to your proxy server, and it pretends to be a sony server and gives the PS3 the fake cert, and the PS3 believes your proxy server because you installed the fake cert already.

Now the PS3 will encrypt its data with your fake cert instead of the real versign cert, and your fake cert on the proxy server can unencrypt the data. Now you can modify the data.

Once your proxy server modifies the data, it sends it along to the real sony server and off you go.

(to the techies, yes I know, they are signed not purchased, etc etc. but that just confuses the issue)


Hope this Helped you better understand this hack. :bro:
(adsbygoogle = window.adsbygoogle || []).push({});

The following 5 users say thank you to NextGenTactics for this useful post:

Asmel, DanTheFEED, shaneod, talhab6, uhChad
02-12-2011, 07:50 PM #11
puretruth
Bounty hunter
Ok here is a tut. I copied this from psx-scene. This should allow someone to make a video tut. You will need Linux to run Charles.

Link to Charles: You must login or register to view this content.

Originally Posted by Yuki
Works.

Here's how I did it:

1. Set up dnsmasq to resolve your region's update server (fuk01.ps3.update.playstation.net in my case) and auth.np.ac.playstation.net to your computer. I just added them to my /etc/hosts and left the rest of the dnsmasq settings at default.

2. In Charles, set up reverse proxies for these two addresses on port 80 and 443 respectively. Also add auth.np.ac.playstation.net to the list of Locations in the SSL tab of Proxy Settings so you can actually see the data you'll be changing.

3. In Charles, under Tools > Map Local, map the /update/ps3/list/uk/ps3-updatelist.txt on your region's server to a local copy, for example the one attached to this post.

4. Using the AsbestOS installer on your PS3, enable R/W access to /dev/flash.

5. Rename charles-proxy-ssl-proxying-certificate.crt to xx.cer (where xx is a certificate that already exists) then use your preferred method to replace the one in your flash.

6. Set your PS3 DNS to the one you set up.

7. In Charles, set a Breakpoint on all https:// POST Requests.

8. Attempt to connect to PSN.

9. When you see the request in Charles, edit any instance of 3.55 you see in the headers to 3.56 then click Execute.

10. If it didn't work try again, eventually you should sign in. It only took me a couple of tries.

If I've missed anything out let me know. I'm working on how to automate the header rewriting but I've only started using Charles today and the auth is only required once per console boot so I'm just editing it manually for now.

The following user thanked puretruth for this useful post:

ILovePie24!!
02-12-2011, 07:56 PM #12
theps3gamer
Do a barrel roll!
Originally posted by treyb14 View Post
Hmm nice tut bro just got to wait for a downgrade :FU: lol

I saw a post earlier that Wutangraza said that if Sony finds out they will ban you for using this method. Is this true?
02-12-2011, 07:58 PM #13
puretruth
Bounty hunter
Originally posted by theps3gamer View Post
I saw a post earlier that Wutangraza said that if Sony finds out they will ban you for using this method. Is this true?


Uncomfirmed and will be until someone gets banned.
02-12-2011, 08:01 PM #14
haydar94
Do a barrel roll!
tbh idk wtf is going on and i just want a full tut
02-12-2011, 08:02 PM #15
D-E-A-D
SuperMan
Hi just wondering how you make a fake certificate? wish there was a tutorial on how to get all this to work
02-12-2011, 08:03 PM #16
Steve Jobs
★お元気ですか★
Originally posted by puretruth View Post
Uncomfirmed and will be until someone gets banned.


gonna find out how to install linux on my macbook pro so i can follow that tut
02-12-2011, 08:10 PM #17
P4NiSh3R
NexT GeN UpdaTe
thanks..nice tut
02-12-2011, 08:16 PM #18
Ix Benere xI
At least I can fight
Nice explanation which hopefully everyone will understand.
02-12-2011, 08:16 PM #19
puretruth
Bounty hunter
Originally posted by D View Post
Hi just wondering how you make a fake certificate? wish there was a tutorial on how to get all this to work



Posted by RatAndDragon on psx.scene

Creating a certificate is not a dark art!

To create an authority with openssl (on linux anyway) find the file called CA.sh that comes with openssl.

First run CA.sh -newca to create your authority, follow the prompts.

Now you have an authority. Grab the public key from the newly created democa directory. You should edit out the crap that openssl puts up the top until you're just left with the stuff between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, including those markers.

Now use CA.sh again to create another certificate by running CA.sh -newreq

This time you need to specify auth.np.ac.playstation.net as the common name. Then you need to sign it so run through CA.sh -signreq.

Now you have your certificates and private keys. Strip the passphrase from the private key using openssl rsa -in keyfile -out newkeyfile

Here comes the hard part -

Now you need to find a way to install the authority certificate (NOT the server certificate) in dev_flash/data/certs, and you need to install it over the top of one of the others because the file names are hard coded in an sprx in the firmware. You can do this with CFW of your own, or using the asbestos installer (haven't tried it) along with an ftp server program.

Then you need to get a proxy that can MITM stuff and give it the server certificate and key. You may need to set up a dns forwarding server like dnsmasque to point the ps3 to your proxy when it wants to talk to auth.np.ac.playstation.net, but use the classic DNS trick to resolve all other addresses.

The following user thanked puretruth for this useful post:

D-E-A-D

Copyright © 2026, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo