Thursday, February 17, 2011

Playstation 3 online analysis

I analysed, with my PC in bridge, which kind of traffic a PS3 will generate on startup without trying to access PSN, and the results are quite worrying.


PS3 sends the following lines to auth.np.ac.playstation.net:
X-Platform-Version: PS3 03.55
type=0&serviceid=SCEI-0&loginid=VrEa2uUV3s2hTgLj&password=BDFvcv2vQ2mGvxsJ&consoleid=YOUR_CONSOLE_ID


loginid and password are in base64 and they the same for all the PS3s. consoleid instead changes on every console.

PS3 also send some DNS request to resolve some playstation.net subdomains:

auth.np.ac.playstation.net
ena.net.playstation.net
mercury.dl.playstation.net
nsx.np.dl.playstation.net
tmdb.np.dl.playstation.net
us.np.stun.playstation.net
xmb.dl.playstation.net


PS3 also does some HTTP requests with PS3Application libhttp/3.5.5-000 (CellOS) as User-Agent.


I suggest to BLOCK *.playstation.net in router firewall or in dns to avoid information spoofing and banning

Thursday, February 3, 2011

Sony sends out DMCA Takedown Notices!

Soon after Sony won in SF with a TRO against Mr. Hotz regarding the 'metldr keys', their MIB Team started the next step and have issued DMCA Takedown Notices to a number of various 'scene' developers that had code either mirrored or stored on their GITHUB's or websites!
Here you can find the complete DMCA takedown notice and here you can find my gitorious mirror of the removed repositories.
I choose gitorious since it's in Norway where the DMCA is not valid.

UPDATE 2011/02/02
Sony sent a notice to Gitorious too and they removed my Gitorious repositories with the following email:
Greetings,

We're writing you to inform you that we have been forced to remove
your Gitorious repositories containing PS3 related code. We received a
DMCA takedown notice from Sony this morning, and Norwegian law
commands us to respond to such a notice by removing potentially
infringing content until it's legality can be fully clarified.

If you can provide Gitorious with irrefutable evidence that this code
is not violating neither Sony's copyrights/patents nor Norwegian law,
you are welcome to keep hosting the affected repositories with us.

UPDATE 2011/02/03
Gitorious accepted back my legal repositories and they sent a reply to Sony as you can read on their blog.
"Live long and prosper to legal hacking"