Post: PS4 packet sniffer usernames
09-28-2017, 02:00 AM #1
coldmurda
▀▀▀███▀▀▀
(adsbygoogle = window.adsbygoogle || []).push({}); I'm looking for someone with some knowledge of the p2p packet data format for PS4, specifically in party chats.

I would like to know where in the packet hex sequence for the PSN name is stored. I haven't been able to find any pattern in my packet body dumps that would indicate a username. I understand these names are likely hashed, I just need a place to start.

I made my own sniffer for Linux/Mac and username functionality is the last feature I really want to add. There doesn't seem to be any public information on this subject so I was hoping someone here could help.


Here is an example of 3 packets I picked up from a friend:
    
FF 84 FF 1F FF 1F 96 E9 AC F5 6F E6 2B A1 D7 63 43 EB C5 AF 92 3B 5B 39 61 74 7A 31 7A C2 45 15 60 F9 55 A9 1E 48 87 5F DB 3E A7 82 AF 9E 36 3C 1B 50 AC 24 EE 1F 54 E7 06 9E F5 8C 2F 6C F4 42 29 0C 44 E0 B3 1C 1C 66 80 8B 4C B6 C1 15 3F 77 2A 43 54 AD DD 8E 92 12 25 CB D3 74 5A A1 E0 9E B1 B4 92 D7 2E 8F 83 BA 5D 90 76 F2 5C A5 E6 51 14 6D CA 28 3A 90 3D 5C 3C A8 49 72 BC C2 D7 6D B2 40 4D 3E 64 70 BD 5C 83 BC B0 8B EF 76 77 1A B8 32 CA DA 22 6B A1 22 D8 C3 AB 1C 29 00 4C AA C0 45 97 F0 42 E3 BA 19 11 D0 80 C3 83 E0 0B B0 D6 57 EA C4 F0 C5 C3 27 F4 B3 2E A8 6F 2C F8 5A F2 93 DD FE D3 B5 D4 BC 4D 8E 16 F8 A1 D2 CD 3F B2 F3 F3 4F 53 AE 1C 95 50 63 D3 9A 01 D7 FE 74 7F 3B 7D F1 CA E4

FF 84 FF 1F FF 1F 5B 5C 1D D3 02 DE 18 18 8B C5 B4 07 07 FF B0 66 B7 BA 1D 2F BA 6A 32 25 C1 9E 7A BA F3 9E F6 19 82 2D EC 76 31 34 7A 99 05 46 72 C0 42 08 D9 55 75 B6 53 1F 28 CE 1C 14 C0 5A 5F C3 89 62 7D E6 9A CF B6 14 6A 01 77 91 66 97 D4 1F 89 96 C3 9D 51 5C 29 BE 48 C4 92 4B 02 DC A2 39 EF 29 31 B4 28 E1 A6 D0 A5 71 0F 92 6F CA EA 1A 10 B7 77 9B D5 1E 89 C6 0B CD 58 A0 2F 34 41 14 25 CE B0 A5 2A 21 D1 EA 1D C9 16 E8 28 71 E2 90 6E 5C ED 12 A4 7D A6 85 41 42 FB 94 A8 06 19 20 53 44 13 BA AD 17 93 B1 E4 D0 73 34 4A 7A 60 B5 1D DD 06 0D 74 B1 1A 69 50 38 AE 4A 2B 33 34 FE 78 FB 30 9C 87 BB 43 52 C9 75 A7 32 48 07 05 A0 7F D6 78 A7 11 9F B4 18 E5 30 EB 96 A8 D0 F3 E2 8D 76 45 1B

FF 84 FF 1F FF 1F 40 A7 B0 34 B2 27 D3 47 26 72 40 25 CE CE 34 82 E7 20 E4 B8 C3 FB 12 BA 43 9D 2C 34 EB 2D 83 87 3E 3F F9 5C 2A 25 4C 16 0E 1A 83 F3 B6 70 B7 7C EE 8C FF FE 34 42 7C FB F2 54 18 04 02 D5 09 37 8F 5F 56 F7 31 F6 7E D2 D7 53 25 2A 69 99 12 E3 A4 9E 23 3E 50 22 01 62 ED 77 1A DF C8 ED 83 6F F0 E1 3F E8 63 B4 1F 9D A1 E5 F6 BF 3C EA 0B 26 27 6F 37 0A 0C 8A E1 0C EB 94 56 7A DC 6A F0 73 55 6B 17 01 0F 0D 28 C2 62 93 54 0C F0 C5 F1 0F A2 5D 85 D8 E6 9B D5 F3 75 9A 00 96 40 8E DC A9 DD E3 90 7F 5F 71 B8 6E DE 95 84 A1 BD 94 16 AF 40 08 9B 0B 1B 51 FA FA D1 46 52 B9 CA 75 FE DB 80 F3 26 E2 4F 63 65 81 DB 1D F1 DF 90 AC 87 66 8B 07 20 58 1C A6 A7 B8 7A 70 60 7F EF 05 B6 0A
09-28-2017, 06:27 AM #2
bmob10189
At least I can fight
Originally posted by coldmurda View Post
I'm looking for someone with some knowledge of the p2p packet data format for PS4, specifically in party chats.

I would like to know where in the packet hex sequence for the PSN name is stored. I haven't been able to find any pattern in my packet body dumps that would indicate a username. I understand these names are likely hashed, I just need a place to start.

I made my own sniffer for Linux/Mac and username functionality is the last feature I really want to add. There doesn't seem to be any public information on this subject so I was hoping someone here could help.


Here is an example of 3 packets I picked up from a friend:
    
FF 84 FF 1F FF 1F 96 E9 AC F5 6F E6 2B A1 D7 63 43 EB C5 AF 92 3B 5B 39 61 74 7A 31 7A C2 45 15 60 F9 55 A9 1E 48 87 5F DB 3E A7 82 AF 9E 36 3C 1B 50 AC 24 EE 1F 54 E7 06 9E F5 8C 2F 6C F4 42 29 0C 44 E0 B3 1C 1C 66 80 8B 4C B6 C1 15 3F 77 2A 43 54 AD DD 8E 92 12 25 CB D3 74 5A A1 E0 9E B1 B4 92 D7 2E 8F 83 BA 5D 90 76 F2 5C A5 E6 51 14 6D CA 28 3A 90 3D 5C 3C A8 49 72 BC C2 D7 6D B2 40 4D 3E 64 70 BD 5C 83 BC B0 8B EF 76 77 1A B8 32 CA DA 22 6B A1 22 D8 C3 AB 1C 29 00 4C AA C0 45 97 F0 42 E3 BA 19 11 D0 80 C3 83 E0 0B B0 D6 57 EA C4 F0 C5 C3 27 F4 B3 2E A8 6F 2C F8 5A F2 93 DD FE D3 B5 D4 BC 4D 8E 16 F8 A1 D2 CD 3F B2 F3 F3 4F 53 AE 1C 95 50 63 D3 9A 01 D7 FE 74 7F 3B 7D F1 CA E4

FF 84 FF 1F FF 1F 5B 5C 1D D3 02 DE 18 18 8B C5 B4 07 07 FF B0 66 B7 BA 1D 2F BA 6A 32 25 C1 9E 7A BA F3 9E F6 19 82 2D EC 76 31 34 7A 99 05 46 72 C0 42 08 D9 55 75 B6 53 1F 28 CE 1C 14 C0 5A 5F C3 89 62 7D E6 9A CF B6 14 6A 01 77 91 66 97 D4 1F 89 96 C3 9D 51 5C 29 BE 48 C4 92 4B 02 DC A2 39 EF 29 31 B4 28 E1 A6 D0 A5 71 0F 92 6F CA EA 1A 10 B7 77 9B D5 1E 89 C6 0B CD 58 A0 2F 34 41 14 25 CE B0 A5 2A 21 D1 EA 1D C9 16 E8 28 71 E2 90 6E 5C ED 12 A4 7D A6 85 41 42 FB 94 A8 06 19 20 53 44 13 BA AD 17 93 B1 E4 D0 73 34 4A 7A 60 B5 1D DD 06 0D 74 B1 1A 69 50 38 AE 4A 2B 33 34 FE 78 FB 30 9C 87 BB 43 52 C9 75 A7 32 48 07 05 A0 7F D6 78 A7 11 9F B4 18 E5 30 EB 96 A8 D0 F3 E2 8D 76 45 1B

FF 84 FF 1F FF 1F 40 A7 B0 34 B2 27 D3 47 26 72 40 25 CE CE 34 82 E7 20 E4 B8 C3 FB 12 BA 43 9D 2C 34 EB 2D 83 87 3E 3F F9 5C 2A 25 4C 16 0E 1A 83 F3 B6 70 B7 7C EE 8C FF FE 34 42 7C FB F2 54 18 04 02 D5 09 37 8F 5F 56 F7 31 F6 7E D2 D7 53 25 2A 69 99 12 E3 A4 9E 23 3E 50 22 01 62 ED 77 1A DF C8 ED 83 6F F0 E1 3F E8 63 B4 1F 9D A1 E5 F6 BF 3C EA 0B 26 27 6F 37 0A 0C 8A E1 0C EB 94 56 7A DC 6A F0 73 55 6B 17 01 0F 0D 28 C2 62 93 54 0C F0 C5 F1 0F A2 5D 85 D8 E6 9B D5 F3 75 9A 00 96 40 8E DC A9 DD E3 90 7F 5F 71 B8 6E DE 95 84 A1 BD 94 16 AF 40 08 9B 0B 1B 51 FA FA D1 46 52 B9 CA 75 FE DB 80 F3 26 E2 4F 63 65 81 DB 1D F1 DF 90 AC 87 66 8B 07 20 58 1C A6 A7 B8 7A 70 60 7F EF 05 B6 0A


The connection between you and them is usually not anywhere near hex. Closest u can get is find their IP. If connection worked through hex than we would all b doomed
09-28-2017, 03:14 PM #3
coldmurda
▀▀▀███▀▀▀
Originally posted by bmob10189 View Post
The connection between you and them is usually not anywhere near hex. Closest u can get is find their IP. If connection worked through hex than we would all b doomed



doesn't seem like you know what hex is. just a number format system. To find someone's IP a tool reads the header of a packet to get that information. Obviously a packet contains much more information than just an IP, sometimes including the psn name.


I'm not sure what you think hex is.
09-28-2017, 03:39 PM #4
Hydrogen
Super Mod
Originally posted by bmob10189 View Post
The connection between you and them is usually not anywhere near hex. Closest u can get is find their IP. If connection worked through hex than we would all b doomed


Not quite, you can find more than just an Internet Protocol. There is a lot of sniffers that pull up usernames, data packets, and a ton of more information.

The following user thanked Hydrogen for this useful post:

Jap
09-28-2017, 04:20 PM #5
Tustin
Balls of Steel
I know it's probably the route you won't want to take, but there was another sniffer tool called ConsoleSniffer which supported showing usernames. That should rule out the possibility of hashing and make it more likely to be encrypted. You could try deobfuscating it to see if there's a method for decrypting the usernames in the packet. Other than that I wouldn't know where to begin.
09-28-2017, 06:47 PM #6
coldmurda
▀▀▀███▀▀▀
Originally posted by Tustin View Post
I know it's probably the route you won't want to take, but there was another sniffer tool called ConsoleSniffer which supported showing usernames. That should rule out the possibility of hashing and make it more likely to be encrypted. You could try deobfuscating it to see if there's a method for decrypting the usernames in the packet. Other than that I wouldn't know where to begin.


they were formerly encrypted, but there was a ps4 update around January 2017 that patched Console Sniffers ability to get usernames. It just shows 16 bits of ascii junk now.

The console sniffer dev showed a video of a new version he is working on where you need to enter in the username you are looking for and select your console region. This is why i believe it is hashed (he is hashing the input and comparing to the packet data)

Anyway the console sniffer dev is a fucking dick and will ignore any question you ask him if it doesn't involved buying his shit. I would be willing to give him money, or better yet efficient sniffing software, but he just sees it as competition. I'm not even selling.
Last edited by coldmurda ; 09-28-2017 at 06:58 PM. Reason: Spelling
09-28-2017, 08:11 PM #7
Tustin
Balls of Steel
Originally posted by coldmurda View Post
they were formerly encrypted, but there was a ps4 update around January 2017 that patched Console Sniffers ability to get usernames. It just shows 16 bits of ascii junk now.

The console sniffer dev showed a video of a new version he is working on where you need to enter in the username you are looking for and select your console region. This is why i believe it is hashed (he is hashing the input and comparing to the packet data)

Anyway the console sniffer dev is a fucking dick and will ignore any question you ask him if it doesn't involved buying his shit. I would be willing to give him money, or better yet efficient sniffing software, but he just sees it as competition. I'm not even selling.

Oh alright, I just remember him having username whenever Sony patched it but I wasn't sure if that was recent or not. But yeah, that makes sense now. It could always be tied to NPID since that contains both the PSN and console region. If you can get access to the executable I can always try reverse engineering it for you.

The following 3 users say thank you to Tustin for this useful post:

BurtE, coldmurda, Frosty
09-28-2017, 08:56 PM #8
coldmurda
▀▀▀███▀▀▀
Originally posted by Tustin View Post
Oh alright, I just remember him having username whenever Sony patched it but I wasn't sure if that was recent or not. But yeah, that makes sense now. It could always be tied to NPID since that contains both the PSN and console region. If you can get access to the executable I can always try reverse engineering it for you.




I haven't heard of NPID before. I did a quick search and it sounds similar to a console ID but for accounts. I saw your name came up in a few posts about it.

I have console sniffers exe with a usable account, but my usernames haven't worked in months (i assumed the same for everyone)
To reverse engineer it would you have to view the assembled code? I don't know much about that, but i would really appreciate the help. thank you.
Last edited by coldmurda ; 09-28-2017 at 08:59 PM.
09-28-2017, 09:07 PM #9
Tustin
Balls of Steel
Originally posted by coldmurda View Post
I haven't heard of NPID before. I did a quick search and it sounds similar to a console ID but for accounts. I saw your name came up in a few posts about it.

I have console sniffers exe with a usable account, but my usernames haven't worked in months (i assumed the same for everyone)
To reverse engineer it would you have to view the assembled code? I don't know much about that, but i would really appreciate the help. thank you.

The NPID is basically like an account email. So for example, my PSN is tustin25 and it was created in the US, so my NPID is something like [email][email protected][/email]. Typically these are encoded with base64 but I'm not totally sure it would be stored like that in the packet.

If you want, you can send me a download link to the exe and I can take a look for you. I don't need an account or anything like that. Assuming it was written in C# it might be obfuscated with something which can make it harder to read. Or it might've been written in something like C++ and compiled down to native code which would make it easier since I can just read the assembly. Either way it shouldn't be too hard to figure out.

The following 2 users say thank you to Tustin for this useful post:

Jap, Smoky420
09-28-2017, 10:47 PM #10
coldmurda
▀▀▀███▀▀▀
I PMed the executable to Tustin for legal/site rule purposes (i don't know if it would be within site rules to post "commercial" software)

If anyone else would like it you can PM me.

Copyright © 2024, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo