Mathieulh: SELF格式有天大的漏洞~ - 改機
By Regina
at 2011-10-29T15:00
at 2011-10-29T15:00
Table of Contents
http://goo.gl/d2H8z
...
Q) Could you tell us more about one of your recent Tweets (über
means "huge"): Mathieulh a écrit:@playstation #did you know that
your self format is uber fail? #morethanjustmy2cents.
A) This is a vulnerability that I discovered recently in the
SELF format from Sony.
Q) Have you been able to exploit the flaw (lack of verification
of the size of the header of an SCE SELF when copying the Local
Shared Storage to the Local Isolated Storage) unveiled by yourself a
while ago?
A) This fault is very difficult to implement and only works on certain
loaders when one has direct control over the arguments sent to them.
Nevertheless, there are other faults that have never been published.
Q) With the information made available to hackers and without 3.6+ key,
is it possible to sign an application that is functional in 3.70?
If so, do you think it would lead to piracy again?
A) It is impossible to recover the private key of keysets used in
firmwares 3.56+, and, consequently, to sign applications for the
latter, however, there is a way through the old keysets (0x0D below)
to launch chokes on 3.56+ if you know how it is more possible to
sign a custom firmware 3.60+ and install it over a 3.55 firmware
provided you have the keys 3.60+ available.
...
******
看來SONY遲早要考慮修改SELF檔案格式了,然後弄些新的 API進去新版韌體中。
否則3.55版理論上還能夠支援目前所有的遊戲(能解密的話)。
--
○ ____ _ _ _ _ ____ _ _ ____ _____ ____
。 ★(_ _)( \( )( \/ )( ___)( \( )(_ _)( _ )( _ \
o _)(_ ) ( \ / )__) ) ( )( )(_)( ) / ● ‧
(____)(_)\_) \/ (____)(_)\_) (__) (_____)(_)\_) ★
o
--
...
Q) Could you tell us more about one of your recent Tweets (über
means "huge"): Mathieulh a écrit:@playstation #did you know that
your self format is uber fail? #morethanjustmy2cents.
A) This is a vulnerability that I discovered recently in the
SELF format from Sony.
Q) Have you been able to exploit the flaw (lack of verification
of the size of the header of an SCE SELF when copying the Local
Shared Storage to the Local Isolated Storage) unveiled by yourself a
while ago?
A) This fault is very difficult to implement and only works on certain
loaders when one has direct control over the arguments sent to them.
Nevertheless, there are other faults that have never been published.
Q) With the information made available to hackers and without 3.6+ key,
is it possible to sign an application that is functional in 3.70?
If so, do you think it would lead to piracy again?
A) It is impossible to recover the private key of keysets used in
firmwares 3.56+, and, consequently, to sign applications for the
latter, however, there is a way through the old keysets (0x0D below)
to launch chokes on 3.56+ if you know how it is more possible to
sign a custom firmware 3.60+ and install it over a 3.55 firmware
provided you have the keys 3.60+ available.
...
******
看來SONY遲早要考慮修改SELF檔案格式了,然後弄些新的 API進去新版韌體中。
否則3.55版理論上還能夠支援目前所有的遊戲(能解密的話)。
--
○ ____ _ _ _ _ ____ _ _ ____ _____ ____
。 ★(_ _)( \( )( \/ )( ___)( \( )(_ _)( _ )( _ \
o _)(_ ) ( \ / )__) ) ( )( )(_)( ) / ● ‧
(____)(_)\_) \/ (____)(_)\_) (__) (_____)(_)\_) ★
o
--
Tags:
改機
All Comments
By Anonymous
at 2011-11-03T10:38
at 2011-11-03T10:38
By Emma
at 2011-11-05T08:13
at 2011-11-05T08:13
By Eden
at 2011-11-10T06:49
at 2011-11-10T06:49
By Kristin
at 2011-11-14T01:39
at 2011-11-14T01:39
By Franklin
at 2011-11-14T21:59
at 2011-11-14T21:59
By Rachel
at 2011-11-18T06:53
at 2011-11-18T06:53
By Lydia
at 2011-11-21T22:24
at 2011-11-21T22:24
Related Posts
來研究一下脈衝啟動自製系統
By Hedwig
at 2011-10-28T22:57
at 2011-10-28T22:57
將PSN遊戲和PKG裝到移動硬碟或usb
By Thomas
at 2011-10-28T11:33
at 2011-10-28T11:33
來研究一下脈衝啟動自製系統
By Hardy
at 2011-10-27T20:37
at 2011-10-27T20:37
有關multiman select + X 的問題
By Andrew
at 2011-10-27T17:40
at 2011-10-27T17:40
PS3 全裸了嗎?
By Dora
at 2011-10-27T16:25
at 2011-10-27T16:25