Post: Spoofing - Some facts
02-24-2011, 11:56 AM #1
(adsbygoogle = window.adsbygoogle || []).push({}); So some think they are safe now with only using the cfw spoof in combination with either f...psn or charles.

Well you are not.

The only thing that is spoofed is the fw version reported to the authentication server, but your ps3 is not only connecting to that server.
Every other connection you make (http and https) will also reveal your real fw version witch is contained in the user-agent header.
Part from that, every time you launch any app on your ps3 it will request and xml from one of the Sony servers.
The file requested is the gameid-ver.xml
( eg: You must login or register to view this content. )

Sony is not that stupid and they also created these xmls for all known homebrew like binddev, multiman, ...
( You must login or register to view this content. for multiman )

You will also need to spoof that with for example an official game you have. The disadvantage is that if you launch an app, and request the wrong xml, you are logged off from psn.

This amongst several other connections and data requested and send need to be spoofed in order to be "hidden"

You will also need to replace several certificates on the ps3 before you can actually decrypt many of the ssl connections.

But still, in order to spoof correctly one will also need to know the information that is send from a OFW 3.56. As it is most likely not only the fw version is different but some headers may have another value, or even new headers exist.

I'm NOT going to make a full tutorial on how to do this, if you are smart enough google can help you.

In short: As long there is no decrypted version of ofw 3.56 or any following, you might be able to trick the logon server in order to logon to PSN, but you will never be able to trick Sony in thinking you have the correct FW.

The following 2 users say thank you to penguin_be for this useful post:

vipervimal, Xcellerator
02-24-2011, 11:57 AM #2
Mankins
You talkin to me?
Basically the 3.56 spoofer stops your ps3 from updating?
02-24-2011, 11:58 AM #3
Originally posted by deardenfb View Post
Basically the 3.56 spoofer stops your ps3 from updating?


Yes, and that is the ONLY thing it does
02-24-2011, 12:02 PM #4
kyskidz
Big Sister
Originally posted by be View Post
Yes, and that is the ONLY thing it does


yeh and thats what it was released for, but people are using it for online now and the banhammer is going to come down again soon lol
02-24-2011, 12:50 PM #5
Ups.
Do a barrel roll!
yes just like they did on xbox 360 5 to 600ppl got ban.
02-24-2011, 02:02 PM #6
shaneod
I defeated!
Couldn't you just direct those too, then?
As long as ps3dns is opensource...
02-24-2011, 02:05 PM #7
Jubz_
Can’t trickshot me!
Does PSninja make life any safer?
02-24-2011, 02:11 PM #8
Originally posted by shaneod View Post
Couldn't you just direct those too, then?
As long as ps3dns is opensource...


redirecting is not an option, as the logon will fail.

---------- Post added at 09:11 AM ---------- Previous post was at 09:07 AM ----------

Originally posted by Jubz
Does PSninja make life any safer?


No, as deleting cache is not enough.
02-24-2011, 03:41 PM #9
skeezymofo
Pokemon Trainer
Originally posted by be View Post


I'm NOT going to make a full tutorial on how to do this, if you are smart enough google can help you.


Can you give us a starting point besides google?
02-24-2011, 04:21 PM #10
yes:
- Basic knowledge of networking
- Basic knowledge of encryption
- Basic knowledge in development is handy
- Using and knowing linux is very handy
- Learn to read the readme's and documentation of programs and devices
- Think as if you where Sony and want protect you and your partners
- And then trial and error

Really, if you have no clue on what happens between you entering a url in your browser and the moment you see the webpage, don't bother unless you are eager to learn.

Copyright © 2024, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo