[PS3 ] Mathieulh: SELF格式有天大的漏洞~
http://goo.gl/d2H8z
...
Q) Could you tell us more about one of your recent Tweets (über
means "huge"): Mathieulh a écrit:@playstation #did you know that
your self format is uber fail? #morethanjustmy2cents.
A) This is a vulnerability that I discovered recently in the
SELF format from Sony.
Q) Have you been able to exploit the flaw (lack of verification
of the size of the header of an SCE SELF when copying the Local
Shared Storage to the Local Isolated Storage) unveiled by yourself a
while ago?
A) This fault is very difficult to implement and only works on certain
loaders when one has direct control over the arguments sent to them.
Nevertheless, there are other faults that have never been published.
Q) With the information made available to hackers and without 3.6+ key,
is it possible to sign an application that is functional in 3.70?
If so, do you think it would lead to piracy again?
A) It is impossible to recover the private key of keysets used in
firmwares 3.56+, and, consequently, to sign applications for the
latter, however, there is a way through the old keysets (0x0D below)
to launch chokes on 3.56+ if you know how it is more possible to
sign a custom firmware 3.60+ and install it over a 3.55 firmware
provided you have the keys 3.60+ available.
...
******
看來SONY遲早要考慮修改SELF檔案格式了,然後弄些新的 API進去新版韌體中。
否則3.55版理論上還能夠支援目前所有的遊戲(能解密的話)。
--
○ ____ _ _ _ _ ____ _ _ ____ _____ ____
。 ★(_ _)( \( )( \/ )( ___)( \( )(_ _)( _ )( _ \
o _)(_ ) ( \ / )__) ) ( )( )(_)( ) / ● ‧
(____)(_)\_) \/ (____)(_)\_) (__) (_____)(_)\_) ★
o
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 140.120.31.137
推
10/29 16:34, , 1F
10/29 16:34, 1F
→
10/29 16:45, , 2F
10/29 16:45, 2F
推
10/29 20:05, , 3F
10/29 20:05, 3F
→
10/29 20:27, , 4F
10/29 20:27, 4F
推
10/30 00:07, , 5F
10/30 00:07, 5F
推
10/30 16:40, , 6F
10/30 16:40, 6F
→
10/30 19:03, , 7F
10/30 19:03, 7F