Announcement

Collapse
No announcement yet.

Sony's PSN was hacked via custom firmware

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Sony's PSN was hacked via custom firmware

    A bit late as far as news goes, but here's the story from chesh420, a mod at PSX-Scene:

    Originally posted by chesh420
    Ok, I've seen a bunch of speculation of why people think PSN is down, and I thought I should just post what the community knows in comparison to what Sony is telling everyone. The truth is, there was a new CFW (custom firmware) released known as Rebug (http://rebug.me). It essentially turns a retail console into a dev console (not fully, but gives you a lot of the same options that usually dev's only have access to). Anyway, this new CFW was quickly figured out by 3rd parties (not Rebug) to give CFW users access to the PSN network again via the dev networks. With a little manipulation of the URL's through a proxy server you could get your hacked console back online. Not that big of a deal, right? Well, it also turns out that some people over at NGU found out that you could provide fake CC# info and the authenticity of the information was never checked as you were on Sony's private developer PSN network (essentially a network that Sony trusted). What happened next was extreme piracy of PSN content. Sony realizing the issue here shut down the network. Now, before you go freaking out about the latest information posted about Kotaku, no ones personal information was accessible via this hack. Not to say they couldn't get it, but no one is admitting to it being available. Anyway, that's the real reason for the PSN downtime. Sony is now rebuilding all of it's PSN servers to be more secure and (hopefully) make sure the CFW users cannot get online anymore.

    Edit #1: To those of you saying that this is speculation, you are correct. But, it is speculation based on a lot of facts and the outcome seems to make the most sense.

    Rebug was released on 3/31/11.

    First guides of how to use the dev network to get back on COD games on 4/3/11.

    Word of NGU users finding a way to pirate PSN content via the dev networks on 4/7/11 (basing this on posts I had to delete on the website. Update: Users have pointed out to me that these posts existed on NGU as of 4/2/11).

    PSN goes down on 4/20/11

    Now, you can believe Sony's PR team which has kept you completely in the dark, or you can see the list of events above and come to your own conclusion. Now, this isn't the first time Sony has fought back against the PS3 modders from getting on PSN. A couple of months ago we had a utility called f*ckPSN that changed the necessary header information that was being sent to Sony to allow modified consoles back online. We were able to use it for about a month. Then came the new TOS, the mass e-mail to PS3 customers, and software update 3.56 and 3.60. So, once again, yes this is all speculation, but it is speculation based on previous actions and known facts.

    Edit #2: Mathieulh just mentioned that he has been in contact with someone that has official access to the SCE devnet servers and it was posted to them today that only 3.60+ debug firmwares will be allowed on the dev network anymore. All earlier versions will be cut. If you want to retain your access you need to contact Sony and upgrade to 3.60 debug firmware.

    Edit #3: Ok, it looks like some various news sites have picked up this story and taken it out of context. Once again, this is all speculation and information gathered from various devs in the PS3 scene. It might very well not be the real reason PSN is down, but as the timeline fits, it's a reasonable explanation. Now, as to Rebug directly allowing this to happen, that's not the case at all. Different CFW's have had access to the dev network the whole time. This is not new news for people in the PS3 scene. It's what people have figured out what to do with the said network that has caused all the recent issues. Saying that Rebug is what did this is like saying a gun manufacturer is responsible for every death that happens with a gun.

    Edit #4: Looks like Sony is finally admitting that people have been able to get into their network and users personal info has possibly be compromised. See: Official Sony Blog for the latest update.

    Edit #5: Last edit folks. The whole story is unfolding over at PSX-Scene Looks like the data was unencrypted, and hackers are currently taking the highest bidder for the data (2.2mil CC#'s w/ first name, last name, address, etc) after trying to sell it back to Sony.
    This doesn't help the image of the custom firmware community, and by extension, may even cast a shadow on the hacking community as a whole. Though Sony's mismanagement of the PSN development network left this vulnerability waiting for an unsavory group of hackers, and such a group carried out the attack and subsequent theft (and sale) of data, it's not unlikely that Sony will simply see this as another massive loss of revenue and reputation caused by the hacking and homebrew scenes.
    I may be lazy, but I can...zzzZZZzzzZZZzzzZZZ...
    Tags: None
  • #2
    This just proves my point that the pathetic group under the name "anonymous" did not do anything to SONY, just them trying to steal credit *like always* for "e-fame".

    Comment

    • #3
      It's kind of funny how for a long time SONY's PS3 was the Fort Nox of the next gen systems, no hacks were possible on it atleast not for long anyways. I guess all that pride has led to the biggest hack of the next gen systems,should have better security in place to begin with. I'm relieved I don't have a PS3 when this all went down so my info is safe from thieves. I just hope Microsoft has better security in place since my info is on their servers.
      Spoiler Alert! Click to view...

      THE BAD GUY!!!!!!

      Comment

      • #4
        Originally posted by helder View Post
        It's kind of funny how for a long time SONY's PS3 was the Fort Nox of the next gen systems, no hacks were possible on it atleast not for long anyways. I guess all that pride has led to the biggest hack of the next gen systems,should have better security in place to begin with. I'm relieved I don't have a PS3 when this all went down so my info is safe from thieves. I just hope Microsoft has better security in place since my info is on their servers.
        It wasn't a fort nox, it was the most vulnerable console of the "next gen". The only reason why it lasted so long without being "hacked" is the fact it provided "OtherOS", which allowed people to install linux and/or home brew applications. There was no desire to "hack it" by most of the hacking scene. Once they removed "OtherOS" it took no more than 12 months and it FW mods came out to allow linux, USB Dongle was released to allow linux and home brew, etc. Had SONY left OtherOS in there (which was the biggest vulnerability of all the problems), it still would be in the original boat (not hacked).

        The PS3 had virtually no security, and banning from PSN relied entirely on a moderator literally catching you doing something you aren't supposed to. They had no cheat detection, no home brew detection, no pirated software detection, nothing. A guy that you pissed off online had to report you and they had to look for you while you were online to see if the report is valid and then manually ban you.

        Months before this so called "super hack" happened my friend Deft was already telling me that the dev FW has read / write access to over 90% of the servers with no protection. We suspected this was for the devs to upload a game patch or a new game, and because they are supposed to be trusted.

        So what the people did is actually not hacking, it was taking advantage of the dev FW full access on the servers.
        Last edited by Gtlcpimp; 06-10-2011, 11:55:56 AM.

        Comment

        • #5
          There's at least one slight flaw with this theory. Private parties have already had access to both test and tool machines, including some that were illegally resold with the now somewhat notorious QA flag still enabled. All the piracy and other funny stuff seemed to have already been going on before there was any kind of hacked firmware floating around. Of course, it's also fairly likely that owners of real dev equipment were upset that random users had gotten access to some of their extra features. It's entirely possible that person(s) behind the whole PSN attack had been waiting for a public release of hacked firmware before executing their plan. It's also quite possible that chesh made his story entirely up just to attract attention to psx-scene and the rebug firmware.

          I doubt the actual events regarding this mess will ever be really known. Especially with Sony having repeatedly shown themselves to be quite incompetent ever since this all started.

          Comment

          Previous template Next
          Working...
          X