Discussioni, news, guide, non pertinenti con le altre sezioni hacking del forum.
Avatar utente
User

Luck

Livello

Full Member

Messaggi

87

Iscritto il

29 ago 2007, 19:35

Località

l'isola che non c'è!!

Trovato exploit in Call of Duty 3!!

da Luck » 13 giu 2008, 9:27

Eccoci , ragazzi , le news si susseguono, ovvero poterebbe essere Call of Duty 3 il gioco che permette la scrittura di codice non firmato ( il gat:liberty city per psp per intenderci) . vediamo rahgazzai, io avevo avvisato di asopettare dopo 'uscita di metalgear.
Ultima modifica di Anonymous il 13 giu 2008, 13:21, modificato 1 volta in totale.
Avatar utente
User

Jalek

Livello

Fondatore PS3ita

Messaggi

1281

Iscritto il

18 dic 2006, 15:28

Località

Nel server di questo sito (in letargo)

FW

0.00

Re: PS3: Novità sul fronte Hacking!!

da Jalek » 13 giu 2008, 9:51

Luck, tienici informati!
Che davvero sia giunto il fatidico momento dell' exploit?  :think:
Immagine
Immagine
Avatar utente
User

Rancid(o)

Livello

Ps3ita Team

Messaggi

4205

Iscritto il

19 dic 2006, 15:22

Località

nell' anno 1977

PSN ID

Rancid0x0

FW

4.05

Re: PS3: Novità sul fronte Hacking!!

da Rancid(o) » 13 giu 2008, 13:02

Questo è il video a cui fa riferimento il nostro luck:

http://www.youtube.com/watch?v=ru6onGJd ... potential/


Il tipo che ha scoperto l'exploit ha rilasciato anche la guida compresa di file.. Vi riporto il post originale:

Hacked2123's Final Release - PS3 Tri-Fold Attack Potential

It's been a long time coming, but 06/12 is finally here. For months, I've held a secret, something that may have the shear potential to ultimately unlock the PS3. A few select, knew of my work, and my prospects for this project, and a few select others were told "06/12 is the day."

Explanation: So on this day I give to you a tri-fold potential hack, all stemming from one game that has a very grave security flaw.

Call of Duty 3: Many games prior to discovering this one, had great potential to write files to the PS3 HDD, such as Resistance: FoM, Motorstorm, and Warhawk. Warhawk was a particularly good one at that cause at the time we managed
to overwrite other game param.sfo's.

The major flaw that came about was patches, and game updates that blocked our methods. At the time we had little knowledge of the HDD's true importance to the system's operation, as with prior PS3 Dev news on AIX.

This leads me to the security flaw of CoD3, it can't be patched without an entire Firmware update. This means all PS3 Dev's who choose to continue research in this area will find it always available to them, should they not update (which was not the case for Warhawk that used a "Server Down" call message to direct users to the PSN Store to update).

Note: This is the only game on the PS3 that allows updating to occur without being logged into your Playstation Network Account :D


Description 1 (The File Writer potential)

CoD3 uses a per file public key verification on its updates. Files can be added to the list to update at will and
write with a root location of /BLUS30012/. Files can be written within that directory with /folder/file.name and to
other directories with ../otherBLUS/file.name. I have successfully over written other files on the HDD such as
ICON0.PNG to other PSN titles, by renaming the *.cod verified file to ICON0.PNG. Through some RAM dumps, and some
skill this verification scheme can be broken, and may lead to the modification of PRX files contained on the PS3.

EXAMPLE

Source - http://codupdater.ps3.activision.com/pa ... _ps3f.self
Destination - cod_ps3f.self
Verification key - TkjcgKa44eanDv1ySRpEf6fBeHekbMFeI/yAhSVALY+vcKzAeOztb4KIAzPBFgP3wb8yqRAJHivTZtzb0UqYpc6OtvMh6GHKU+QHmYAumm0HmEn64h4DN
6PyHWE1sY9HvK6rXPAZRfNUM9t3ceMTOytxidFA6te1Mn83NHd5d1Q=


Description 2 (The Soft Reset potential)

As demonstrated in the video, following what I believe to be a stack overflow, and "Quit Game" the system performs a
soft reset. This is, to my knowledge, the first reproducible occurrence of this. With a soft reset, depending on
how it's being executed, may leave certain variables in memory, or create new ones without the same security
procedures.

Description 3 (The Stack Overflow potential)

The most valuable of the three attack potentials is what is, in my understanding, a stack overflow. Should I be
wrong, it may either be a parsing error (highly unlikely), or an error in the writing of param.sfo. Should it be a
stack overflow, through RAM dumps, ultimately execution of unsigned code is highly probable; unfortunately I do not
have access to these dumps, and can't deem this a successful hack just yet. (Other tested methods include
array-overflowing, and memory buffer overflows, which resulted in the game's termination and the XMB prompting an
error)

To test remove one "1" from the "Game.VER" included and see that the installation continues normally.

Tools Needed:

1. SimpleDNS (and the included "Simple DNS Records.rar") (STRONGLY RECOMMENDED TO BACKUP YOUR EXISTING SimpleDNS DIR)
2. Apache Web Server (and the included "Update Descriptors.rar")
3. A router/hub of some sort.

Instructions:

1. Extract the contents of "Simple DNS Records.rar" & "Update Descriptors.rar" to the C: directory of your computer
(all file paths there after have been preserved)
2. Restart/Start SimpleDNS and Apache
3. Boot your PS3 and enter network settings
4. Select Custom, and then when IP Address Setting appears select Manual
5. Assign an IP address suitable for your network (ex. 192.168.0.99 or 192.168.1.99), subnet 255.255.255.0, default
router = your computer's IP (this will help prevent it from updating on the PSN), and Primary DNS also your
computer's IP.
6. Execute CoD3 and witness the "update" screen

For those of interested in the file protection extract "Update 1.0 files (not needed).rar" and in the Apache folder
use "original GAME.VER" instead of GAME.VER.

NOTE: This is my final release to the hacking community, and will no longer be Hacked2123. I have tried so much,
and so hard, to further my existence and to exhibit my knowledge and understanding to the world for the purpose of
advancing my life. I have found this to be a dream, I have gained nothing, I work the same job, and all the work I
have put forth in the community is deemed "fake".

As always, feel free to donate (http://hacked2123.com/Donate.php) or email me @ hacked2123 -at- yahoo.com .


Occorrente: http://rapidshare.com/files/121902210/P ... l.rar.html


Ricordo che al momento questo exploit non serve a nulla.. se non come punto di partenza (speriamo) per futuri sviluppi.. staremo a vedere..




Ps: se qualcuno ha il tempo e la voglia di tradurre il tutto e riportarlo in homepage (purtroppo non lo posso fare personalmente.. sono un po' incasinato in questo periodo) farebbe un grandissimo piacere..  :shake2:  :cheers2:
Avatar utente
User

airart

Livello

Ps3ita Team

Messaggi

1655

Iscritto il

2 mar 2007, 23:16

Località

Terremotolandia

PSN ID

airart_0

FW

Cfw4.50 DEX ps3ita

Re: Trovato exploit in Call of Duty 3!!

da airart » 13 giu 2008, 13:53

Ottimo , tienici aggiornati.
Essere bannato non è sfiga....è uno stile di vita !

Guida per Testoni alla Modifica della PS3
http://www.ps3ita.it/forum/post38901.html#p38901
Avatar utente
User

Hellfish

Livello

Collaboratore

Messaggi

1271

Iscritto il

19 dic 2006, 13:50

Località

Asiago

Re: Trovato exploit in Call of Duty 3!!

da Hellfish » 13 giu 2008, 16:35

Speriamo che possa portare a qualche inizio!  :snack:

Aggiornamenti.....sarebbe anche da mettere in homepage!  :air:

Chi c’è in linea

Visitano il forum: Nessuno e 2 ospiti

Powered by phpBB ® | phpBB3 Style by KomiDesign
cron