IDPstealer - Grab Your ConsoleID Via PC By Flatz

Discussion in 'PS3 News' started by Tranced, Dec 27, 2014.

By Tranced on Dec 27, 2014 at 8:28 AM
  1. 1,308
    239
    73
    Tranced

    Tranced Programmer Administrator

    Joined:
    Sep 29, 2014
    Messages:
    1,308
    Likes Received:
    239
    Trophy Points:
    73
    Occupation:
    Programmer
    Location:
    Behind You
    Talented developer Flatz has released a tool for the PS3 community. With the aid of a PC this tool will allow you to obtain your PS3 console ID. IDPstealer does this by intercepting network traffic so there are a few requirements. Like using a latest or spoofed CFW to get PSN access and setting up a proxy server. Please note that the dev does mention that this method can be patched by Sony.

    Update: This application was patched by Sony in OFW 4.70 . Works on 4.66 OFW and lower only

    idpstealer.gif

    Source code via Flatz
    Code:
    #include <inttypes.h>
    #include <stdarg.h>
    #include <stdio.h>
    #include <stdlib.h>
    #include <string.h>
    #include <sys/stat.h>
    #include <sys/types.h> 
    
    #include <polarssl/des.h>
    
    #ifdef _WIN32
    #	include <windows.h>
    #	include <winsock2.h>
    #	include <ws2tcpip.h>
    #	include <process.h>
    
    #	ifdef _MSC_VER
    #		define snprintf _snprintf
    #		define vsnprintf _vsnprintf
    #		define strcasecmp _stricmp
    #		define strncasecmp _strnicmp
    #	endif
    #else
    #	include <sys/ioctl.h>
    #	include <sys/socket.h>
    #	include <fcntl.h>
    #	include <netdb.h>
    #	include <unistd.h>
    #endif
    
    #define STRINGIFY_HELPER(x_) #x_
    #define STRINGIFY(x_) STRINGIFY_HELPER(x_)
    
    #ifdef _MSC_VER
    #	define FORCE_INLINE __forceinline
    #	define NO_INLINE __declspec(noinline)
    #else
    #	define FORCE_INLINE __attribute__ ((always_inline))
    #	define NO_INLINE __attribute__ ((noinline))
    #endif
    
    #define SWAP32(x_) \
    	((uint32_t)(((((uint32_t)(x_)) & 0xFF000000) >> 24) | \
    	((((uint32_t)(x_)) & 0x00FF0000) >> 8 ) | \
    	((((uint32_t)(x_)) & 0x0000FF00) << 8 ) | \
    	((((uint32_t)(x_)) & 0x000000FF) << 24)))
    
    #ifdef _WIN32
    	typedef uintptr_t thread_t;
    	typedef SOCKET socket_t;
    
    #	define LE32(x_) (x_)
    #	define BE32(x_) SWAP32(x_)
    
    #	if !defined(S_ISREG) && defined(S_IFMT) && defined(S_IFREG)
    		#define S_ISREG(mode_) (((mode_) & S_IFMT) == S_IFREG)
    #	endif
    
    #	define LAST_SOCKET_ERROR WSAGetLastError()
    
    #	define CHECK_SOCKET(sock_) ((sock_) != INVALID_SOCKET)
    #	define CHECK_SOCKET_OP(value_) ((value_) != SOCKET_ERROR)
    
    #	define VALIDATE_SOCKET(expr_, format_, ...) \
    		do { \
    			if ((expr_) == INVALID_SOCKET) \
    				fail(format_, __VA_ARGS__); \
    		} while (0)
    #	define VALIDATE_SOCKET_OP(expr_, format_, ...) \
    		do { \
    			if ((expr_) == SOCKET_ERROR) \
    				fail(format_, __VA_ARGS__); \
    		} while (0)
    
    #	define AS_SOCKET_OPT(x_) (char*)(x_)
    #	define AS_SOCKET_CONST_OPT(x_) (const char*)(x_)
    #else
    	typedef pthread_t thread_t;
    	typedef int socket_t;
    
    #	define LE32(x_) (x_)
    #	define BE32(x_) SWAP32(x_)
    
    #	define INVALID_SOCKET (-1)
    #	define LAST_SOCKET_ERROR errno
    
    #	define CHECK_SOCKET(sock_) ((sock_) > 0)
    #	define CHECK_SOCKET_OP(value_) ((value_) >= 0)
    
    #	define VALIDATE_SOCKET(expr_, format_, ...) \
    		do { \
    			if ((expr_) < 0) \
    				fail(format_, __VA_ARGS__); \
    		} while (0)
    #	define VALIDATE_SOCKET_OP(expr_, format_, ...) \
    		do { \
    			if ((expr_) < 0) \
    				fail(format_, __VA_ARGS__); \
    		} while (0)
    
    #define AS_SOCKET_OPT(x_) (x_)
    #define AS_SOCKET_CONST_OPT(x_) (x_)
    
    #	define closesocket close
    #endif
    
    #undef USE_THEMIDA
    
    #ifdef USE_THEMIDA
    #	include <themida/ThemidaSDK.h>
    #else
    #	define VM_START
    #	define VM_END
    #	define CODEREPLACE_START
    #	define CODEREPLACE_END
    #endif
    
    #define DEFAULT_PORT 1337
    
    #define TCP_BUFFER_SIZE 2048
    #define THREAD_STACK_SIZE 16384
    #define RECEIVE_TIMEOUT_SEC 60
    
    #define SID_SIZE 64
    #define SID_KEY_SIZE 0x18
    #define SID_IV_SIZE 0x8
    #define SID_IDPS_OFFSET 0x10
    #define IDPS_SIZE 16
    
    static void cleanup(void);
    static void run_proxy(const char* idps_file_path, int port);
    static void client_thread(void* arg);
    
    static int hook_packet(const char* uri, const char* method, const char* protocol, const char* host_name, const char* path, int port, socket_t sock);
    static int catch_sid_packet(const char* uri, unsigned char idps[IDPS_SIZE]);
    static int check_idps(const unsigned char* idps);
    
    static int parse_request_with_uri(const char* request, char* method, char* uri, char* protocol);
    static int parse_uri(const char* uri, const char* method, char* host_name, char* path_name, int* port);
    
    static int get_ip_addr(const char* hostname, struct in_addr* addr);
    static void http_receive_packet(socket_t sock, char** buffer, size_t* buffer_size);
    static void socket_set_non_blocking_mode(socket_t sock, int flag);
    static void socket_get_available_bytes(socket_t sock, size_t* size);
    static int socket_is_bad(socket_t sock);
    
    static const char* get_file_name(const char* file_path);
    static int is_exists(const char* path);
    static int is_file(const char* file_path);
    
    static void read_divine_comedy();
    static void xor_string(const unsigned char* key, size_t key_size, unsigned char* data, size_t data_size);
    
    static unsigned int crc32(const void* data, size_t data_size, unsigned int initial_value);
    
    int parse_hex_string(const char* str, size_t str_length, unsigned char* buffer, size_t buffer_max_size, size_t* buffer_size);
    
    void info(const char* format, ...);
    void fail(const char* format, ...);
    
    struct client_thr_args_t {
    	const char* idps_file_path;
    	socket_t sock;
    	struct sockaddr_in addr;
    	int addr_size;
    	thread_t thread_id;
    };
    
    static char* packet_uri_prefix = NULL;
    static size_t packet_uri_prefix_size = 0;
    static char* packet_param_name = NULL;
    static size_t packet_param_name_size = 0;
    static unsigned char* packet_key = NULL;
    
    static int idps_stealed = 0;
    
    static const char http_request_end[] = "\r\n\r\n";
    static const char http_connection_established[] = "HTTP/1.0 200 Connection established\r\n\r\n";
    static const char http_bad_request[] = "HTTP/1.0 400 Bad Request\r\n\r\n";
    static const char http_not_found[] = "HTTP/1.0 404 Not Found\r\n\r\n";
    static const char http_internal_server_error[] = "HTTP/1.0 500 Internal Server Error\r\n\r\n";
    static const char http_not_implemented[] = "HTTP/1.0 501 Not Implemented\r\n\r\n";
    static const char http_bad_gateway[] = "HTTP/1.0 502 Bad gateway\r\n\r\n";
    static const char http_service_unavailable[] = "HTTP/1.0 503 Service Unavailable\r\n\r\n";
    static const char http_gateway_timeout[] = "HTTP/1.0 504 Gateway Timeout\r\n\r\n";
    
    static void show_usage(const char* program) {
    	fprintf(stdout, "IDPstealer v0.1 (c) flatz\n");
    	fprintf(stdout, "Usage: %s [options] <idps file>\n", program);
    	fprintf(stdout, "Options:\n");
    	fprintf(stdout, "  -p <port number> - Port to listen on (default: "STRINGIFY(DEFAULT_PORT)")\n");
    	fprintf(stdout, "  -h               - Show this help\n");
    	fprintf(stdout, "Arguments:\n");
    	fprintf(stdout, "  <idps file>      - Output file for IDPS\n");
    }
    
    int main(int argc, char* argv[]) {
    	int ret;
    
    #ifdef _WIN32
    	WSADATA wsa_data;
    #endif
    	const char* idps_file_path = NULL;
    	int port = DEFAULT_PORT;
    	int num_args_left;
    	int i;
    
    	if (argc < 2) {
    		show_usage(get_file_name(argv[0]));
    		exit(0);
    	}
    
    	atexit(&cleanup);
    
    	for (i = 1; i < argc; ++i) {
    		num_args_left = argc - i - 1;
    		if (strcmp(argv[i], "-h") == 0) {
    			show_usage(get_file_name(argv[0]));
    			exit(0);
    		} else if (strcmp(argv[i], "-p") == 0) {
    			if (num_args_left >= 1) {
    				port = atoi(argv[i++ + 1]);
    				if (port < 1024 || port > 65536)
    					fail("Invalid port specified: %d", port);
    			} else {
    				fail("No port number specified.");
    			}
    		} else if (*argv[i] != '-') {
    			idps_file_path = argv[i];
    			break;
    		} else {
    			fail("Unknown option specified: %s", argv[i]);
    		}
    	}
    	if (!idps_file_path)
    		fail("No output file specified.");
    	if (is_exists(idps_file_path) && !is_file(idps_file_path))
    		fail("Invalid output file specified.");
    
    #ifdef _WIN32
    	ret = WSAStartup(MAKEWORD(2, 2), &wsa_data);
    	if (ret != 0)
    		fail("WSAStartup() failed with error: 0x%08"PRIX32, ret);
    	if (LOBYTE(wsa_data.wVersion) != 2 || HIBYTE(wsa_data.wVersion) != 2)
    		fail("Could not find a suitable version of WinSock library.");
    #endif
    
    	read_divine_comedy();
    	run_proxy(idps_file_path, port);
    
    #ifdef _WIN32
    	WSACleanup();
    #endif
    
    	return 0;
    }
    
    static void cleanup(void) {
    	if (packet_uri_prefix)
    		free(packet_uri_prefix);
    	if (packet_param_name)
    		free(packet_param_name);
    	if (packet_key)
    		free(packet_key);
    }
    
    static void run_proxy(const char* idps_file_path, int port) {
    	struct client_thr_args_t* client_thr_args;
    	struct sockaddr_in my_addr, client_addr;
    	struct in_addr my_ip_addr;
    	struct timeval timeout;
    	socket_t listen_sock;
    	socket_t client_sock;
    	char* my_ip_addr_str;
    	int client_addr_size;
    	int one = 1;
    	int ret;
    
    	memset(&my_addr, 0, sizeof(my_addr));
    	if (!get_ip_addr("", &my_ip_addr))
    		fail("Unable to get local IP address.");
    	my_ip_addr_str = inet_ntoa(my_ip_addr);
    	my_addr.sin_family = AF_INET;
    	memcpy(&my_addr.sin_addr, &my_ip_addr, sizeof(my_ip_addr));
    	my_addr.sin_port = htons((unsigned short)port);
    
    	VALIDATE_SOCKET(
    		listen_sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP),
    		"socket() failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    	);
    	VALIDATE_SOCKET_OP(
    		ret = setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, AS_SOCKET_CONST_OPT(&one), sizeof(one)),
    		"setsockopt(SO_REUSEADDR) failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    	);
    	VALIDATE_SOCKET_OP(
    		ret = bind(listen_sock, (struct sockaddr*)&my_addr, sizeof(my_addr)),
    		"bind() failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    	);
    	VALIDATE_SOCKET_OP(
    		ret = listen(listen_sock, SOMAXCONN),
    		"listen() failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    	);
    
    	info("Starting proxy server on %s:%d", my_ip_addr_str, port);
    
    	memset(&timeout, 0, sizeof(timeout));
    	timeout.tv_sec = 1;
    	timeout.tv_usec = 00;
    
    	for (;;) {
    		client_addr_size = sizeof(client_addr);
    		VALIDATE_SOCKET(
    			client_sock = accept(listen_sock, (struct sockaddr*)&client_addr, &client_addr_size),
    			"accept() failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    		);
    
    		client_thr_args = (struct client_thr_args_t*)malloc(sizeof(struct client_thr_args_t));
    		memset(client_thr_args, 0, sizeof(*client_thr_args));
    		client_thr_args->idps_file_path = idps_file_path;
    		client_thr_args->sock = client_sock;
    		memcpy(&client_thr_args->addr, &client_addr, client_addr_size);
    		client_thr_args->addr_size = client_addr_size;
    
    #ifdef _WIN32
    		if (_beginthread(&client_thread, 0, client_thr_args) == (uintptr_t)-1) {
    			free(client_thr_args);
    			fail("_beginthread() failed with error: 0x%08"PRIX32, errno);
    		}
    #else
    		ret = pthread_create(&client_thr_id, NULL, &client_thread, client_thr_args);
    		if (ret < 0) {
    			free(client_thr_args);
    			fail("pthread_create() failed with error: 0x%08"PRIX32, ret);
    		}
    #endif
    	}
    
    	VALIDATE_SOCKET_OP(
    		ret = closesocket(listen_sock),
    		"closesocket() failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    	);
    }
    
    static void client_thread(void* arg) {
    	struct client_thr_args_t* args = (struct client_thr_args_t*)arg;
    
    	socket_t tunnel_sock = INVALID_SOCKET;
    	struct sockaddr_in tunnel_addr;
    	struct in_addr host_ip_addr;
    
    	fd_set read_fds;
    	struct timeval timeout;
    
    	char method[16];
    	char uri[8192];
    	char protocol[16];
    	char host_name[256];
    	char path[8192];
    	int port;
    	char* buffer;
    	char* extra;
    	char* request_end;
    	size_t buffer_size, extra_size;
    	int is_connect, n;
    
    	unsigned char idps[IDPS_SIZE];
    	FILE* fp;
    	int ret;
    
    #ifdef _WIN32
    	args->thread_id = (thread_t)GetCurrentThreadId();
    #else
    	args->thread_id = pthread_self();
    #endif
    
    	memset(&timeout, 0, sizeof(timeout));
    	timeout.tv_sec = RECEIVE_TIMEOUT_SEC;
    	timeout.tv_usec = 0;
    
    	VALIDATE_SOCKET_OP(
    		ret = setsockopt(args->sock, SOL_SOCKET, SO_RCVTIMEO, AS_SOCKET_CONST_OPT(&timeout), sizeof(timeout)),
    		"setsockopt(SO_RCVTIMEO) failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    	);
    
    	buffer = NULL;
    	buffer_size = 0;
    	http_receive_packet(args->sock, &buffer, &buffer_size);
    	if (!buffer || !buffer_size)
    		goto cleanup;
    
    	if (!parse_request_with_uri(buffer, method, uri, protocol))
    		goto cleanup;
    
    	info("Thread 0x%08X: Processing %s request: %s", (unsigned int)args->thread_id, method, uri);
    
    	if (!parse_uri(uri, method, host_name, path, &port) || strlen(host_name) == 0 || port <= 0)
    		goto cleanup;
    
    	if (!idps_stealed && strcmp(method, "GET") == 0 && catch_sid_packet(uri, idps)) {
    		fp = fopen(args->idps_file_path, "wb");
    		if (!fp)
    			fail("fopen() failed with error: 0x%08"PRIX32, errno);
    		fwrite(idps, 1, sizeof(idps), fp);
    		fclose(fp);
    
    		info("IDPS have been successfully written to: %s", args->idps_file_path);
    		idps_stealed = 1;
    	}
    
    	is_connect = strcmp(method, "CONNECT") == 0;
    
    	if (!get_ip_addr(host_name, &host_ip_addr)) {
    		info("Unable to get IP address from host name: %s", host_name);
    		goto cleanup;
    	}
    	memset(&tunnel_addr, 0, sizeof(tunnel_addr));
    	tunnel_addr.sin_family = AF_INET;
    	memcpy(&tunnel_addr.sin_addr, &host_ip_addr, sizeof(host_ip_addr));
    	tunnel_addr.sin_port = htons((unsigned short)port);
    
    	VALIDATE_SOCKET(
    		tunnel_sock = socket(AF_INET, SOCK_STREAM, 0),
    		"socket() failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    	);
    
    	VALIDATE_SOCKET_OP(
    		ret = setsockopt(tunnel_sock, SOL_SOCKET, SO_RCVTIMEO, AS_SOCKET_CONST_OPT(&timeout), sizeof(timeout)),
    		"setsockopt(SO_RCVTIMEO) failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    	);
    
    	if (!CHECK_SOCKET_OP(ret = connect(tunnel_sock, (struct sockaddr*)&tunnel_addr, sizeof(tunnel_addr)))) {
    		VALIDATE_SOCKET_OP(
    			ret = send(args->sock, http_gateway_timeout, sizeof(http_gateway_timeout) - 1, 0),
    			"send() failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    		);
    		goto cleanup;
    	}
    
    	if (!is_connect) {
    		if (!hook_packet(uri, method, protocol, host_name, path, port, args->sock)) {
    			snprintf(uri, sizeof(uri), "%s /%s %s", method, path, protocol);
    			extra = strstr(buffer, "\r\n");
    			VALIDATE_SOCKET_OP(
    				ret = send(tunnel_sock, uri, strlen(uri), 0),
    				"send() failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    			);
    			if (extra) {
    				extra_size = buffer_size - (extra - buffer);
    				VALIDATE_SOCKET_OP(
    					ret = send(tunnel_sock, extra, extra_size, 0),
    					"send() failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    				);
    			}
    		} else {
    			goto cleanup;
    		}
    	} else {
    		extra = NULL;
    		extra_size = 0;
    		request_end = strstr(buffer, http_request_end);
    		if (request_end) {
    			request_end += sizeof(http_request_end) - 1;
    			extra_size = buffer_size - (request_end - buffer);
    			if (extra_size != 0)
    				extra = request_end;
    		}
    
    		VALIDATE_SOCKET_OP(
    			ret = send(args->sock, http_connection_established, sizeof(http_connection_established) - 1, 0),
    			"send() failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    		);
    
    		if (extra && extra_size != 0) {
    			VALIDATE_SOCKET_OP(
    				ret = send(tunnel_sock, extra, extra_size, 0),
    				"send() failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    			);
    		}
    	}
    
    	if (is_connect) {
    		memset(&timeout, 0, sizeof(timeout));
    		timeout.tv_sec = RECEIVE_TIMEOUT_SEC;
    		timeout.tv_usec = 0;
    
    		for (;;) {
    			FD_ZERO(&read_fds);
    			FD_SET(tunnel_sock, &read_fds);
    			FD_SET(args->sock, &read_fds);
    			if (select(FD_SETSIZE, &read_fds, NULL, NULL, &timeout) < 0)
    				break;
    
    			if (FD_ISSET(tunnel_sock, &read_fds)) {
    				n = ret = recv(tunnel_sock, buffer, buffer_size, 0);
    				if (ret < 1)
    					break;
    				ret = send(args->sock, buffer, n, 0);
    				if (ret < n)
    					break;
    			} else {
    				n = ret = recv(args->sock, buffer, buffer_size, 0);
    				if (ret < 1)
    					break;
    				ret = send(tunnel_sock, buffer, n, 0);
    				if (ret < n)
    					break;
    			}
    		}
    	} else {
    		for (;;) {
    			ret = recv(tunnel_sock, buffer, buffer_size, 0);
    			if (ret <= 0)
    				break;
    			ret = send(args->sock, buffer, ret, 0);
    			if (ret <= 0)
    				break;
    		}
    	}
    
    cleanup:
    	if (CHECK_SOCKET(args->sock)) {
    		VALIDATE_SOCKET_OP(
    			ret = closesocket(args->sock),
    			"closesocket() failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    		);
    	}
    	if (CHECK_SOCKET(tunnel_sock)) {
    		VALIDATE_SOCKET_OP(
    			ret = closesocket(tunnel_sock),
    			"closesocket() failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    		);
    	}
    
    	if (buffer)
    		free(buffer);
    	free(args);
    }
    
    static int hook_packet(const char* uri, const char* method, const char* protocol, const char* host_name, const char* path, int port, socket_t sock) {
    	return 0;
    }
    
    static NO_INLINE int catch_sid_packet(const char* uri, unsigned char idps[IDPS_SIZE]) {
    	static unsigned char static_iv[SID_IV_SIZE] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
    
    	unsigned char sid[SID_SIZE];
    	unsigned char iv[SID_IV_SIZE];
    	des3_context ctx;
    	char* sid_hex;
    	size_t length;
    	size_t sid_size;
    
    	if (!packet_uri_prefix || !packet_param_name || !packet_key)
    		return 0;
    
    	if (strncmp(uri, packet_uri_prefix, packet_uri_prefix_size - 1) != 0)
    		return 0;
    
    	CODEREPLACE_START
    
    	sid_hex = strstr(uri + packet_uri_prefix_size - 1, packet_param_name);
    	if (!sid_hex)
    		return 0;
    	sid_hex += packet_param_name_size - 1;
    	length = strspn(sid_hex, "0123456789ABCDEFabcdef");
    	if (!length)
    		return 0;
    
    	if (!parse_hex_string(sid_hex, length, sid, sizeof(sid), &sid_size) || sid_size < IDPS_SIZE || sid_size > SID_SIZE)
    		return 0;
    
    	memcpy(iv, static_iv, sizeof(static_iv));
    	des3_set3key_dec(&ctx, packet_key);
    	des3_crypt_cbc(&ctx, DES_DECRYPT, sid_size, iv, sid, sid);
    
    	if (!check_idps(sid + SID_IDPS_OFFSET))
    		return 0;
    	memcpy(idps, sid + SID_IDPS_OFFSET, IDPS_SIZE);
    
    	CODEREPLACE_END
    
    	return 1;
    }
    
    static int check_idps(const unsigned char* idps) {
    	unsigned char tid = idps[5];
    	return idps[0] == 0x00 && idps[3] == 0x01 && ((tid >= 0x80 && tid <= 0x8F) || tid == 0xA0);
    }
    
    static int parse_request_with_uri(const char* request, char* method, char* uri, char* protocol) {
    	const char* uri_begin;
    	const char* uri_end;
    	const char* protocol_begin;
    	const char* protocol_end;
    	size_t length;
    
    	if (strncasecmp(request, "CONNECT ", 8) == 0)
    		uri_begin = request + 8;
    	else if (strncasecmp(request, "HEAD ", 5) == 0)
    		uri_begin = request + 5;
    	else if (strncasecmp(request, "GET ", 4) == 0)
    		uri_begin = request + 4;
    	else if (strncasecmp(request, "POST ", 5) == 0)
    		uri_begin = request + 5;
    	else
    		return 0;
    	uri_end = strpbrk(uri_begin, " \r\n\0");
    	if (*uri_end == '\0')
    		return 0;
    
    	length = uri_begin - request - 1;
    	strncpy(method, request, length);
    	method[length] = '\0';
    
    	length = uri_end - uri_begin;
    	strncpy(uri, uri_begin, length);
    	uri[length] = '\0';
    
    	protocol_begin = uri_end + 1;
    	protocol_end = strpbrk(protocol_begin, " \r\n\0");
    	length = protocol_end - protocol_begin;
    	strncpy(protocol, protocol_begin, length);
    	protocol[length] = '\0';
    
    	return 1;
    }
    
    static int parse_uri(const char* uri, const char* method, char* host_name, char* path_name, int* port) {
    	const char* host_begin;
    	const char* host_end;
    	const char* path_begin;
    	size_t length;
    
    	if (strncasecmp(uri, "http://", 7) == 0)
    		host_begin = uri + 7;
    	else if (strncasecmp(uri, "https://", 8) == 0)
    		host_begin = uri + 8;
    	else
    		host_begin = uri;
    	host_end = strpbrk(host_begin, " :/\r\n\0");
    	length = host_end - host_begin;
    	strncpy(host_name, host_begin, length);
    	host_name[length] = '\0';
    
    	if (!method)
    		*port = 80;
    	else {
    		if (strcmp(method, "CONNECT") == 0)
    			*port = 443;
    		else
    			*port = 80;
    	}
    	if (*host_end == ':')
    		*port = atoi(host_end + 1);
    
    	path_begin = strchr(host_begin, '/');
    	if (!path_begin)
    		path_name[0] = '\0';
    	else
    		strcpy(path_name, ++path_begin);
    	
    	return 1;
    }
    
    static int get_ip_addr(const char* hostname, struct in_addr* addr) {
    	struct hostent* host;
    	memset(addr, 0, sizeof(*addr));
    #ifdef _WIN32
    	addr->s_addr = inet_addr(hostname);
    	if (addr->s_addr != 0 && addr->s_addr != INADDR_NONE)
    		return 1;
    	else
    		host = gethostbyname(hostname);
    #else
    	host = gethostbyname(hostname);
    #endif
    	if (!host) {
    		fail("gethostbyname() failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR);
    		return 0;
    	}
    	memcpy(&addr->s_addr, host->h_addr, host->h_length);
    	return 1;
    }
    
    static void http_receive_packet(socket_t sock, char** buffer, size_t* buffer_size) {
    	char temp_buffer[2048];
    	char* buf = buffer ? *buffer : NULL;
    	size_t buf_size = buffer_size ? *buffer_size : 0;
    	char* new_buf;
    	size_t new_buf_size;
    	char* p;
    	int ret;
    
    	for (;;) {
    		ret = recv(sock, temp_buffer, sizeof(temp_buffer), 0);
    		if (!CHECK_SOCKET_OP(ret))
    			continue;
    		if (!ret)
    			break;
    
    		new_buf_size = buf_size + ret;
    		new_buf = realloc(buf, new_buf_size);
    		if (!new_buf) {
    			if (buf)
    				free(buf);
    			fail("Unable to allocate memory of size %"PRIuMAX".", (uintmax_t)new_buf_size);
    		}
    		buf = new_buf;
    		memcpy(buf + buf_size, temp_buffer, ret);
    		buf_size = new_buf_size;
    
    		p = strstr(buf, http_request_end);
    		if (p)
    			break;
    	}
    	
    	if (buffer)
    		*buffer = buf;
    	else if (buf)
    		free(buf);
    	if (buffer_size)
    		*buffer_size = buf_size;
    }
    
    static void socket_get_available_bytes(socket_t sock, size_t* size) {
    #ifdef _WIN32
    	u_long value;
    	VALIDATE_SOCKET_OP(
    		ioctlsocket(sock, FIONREAD, &value),
    		"ioctlsocket(FIONREAD) failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    	);
    #else
    	int value;
    	VALIDATE_SOCKET_OP(
    		ioctl(sock, FIONREAD, &value),
    		"ioctl(FIONREAD) failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    	);
    #endif
    	if (size)
    		*size = (size_t)value;
    }
    
    static void socket_set_non_blocking_mode(socket_t sock, int flag) {
    #ifdef _WIN32
    	u_long value = flag != 0;
    	VALIDATE_SOCKET_OP(
    		ioctlsocket(sock, FIONBIO, &value),
    		"ioctlsocket(FIONBIO) failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    	);
    #else
    	int value;
    	VALIDATE_SOCKET_OP(
    		ret = fcntl(sock, F_GETFL, &value),
    		"fcntl(F_GETFL) failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    	);
    	if (flag)
    		value |= O_NONBLOCK;
    	else
    		value &= ~O_NONBLOCK;
    	VALIDATE_SOCKET_OP(
    		ret = fcntl(sock, F_SETFL, value),
    		"fcntl(F_SETFL) failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    	);
    #endif
    }
    
    static int socket_is_bad(socket_t sock) {
    	int error = 0;
    	int length = sizeof(error);
    	int ret;
    	VALIDATE_SOCKET_OP(
    		ret = getsockopt(sock, SOL_SOCKET, SO_ERROR, AS_SOCKET_OPT(&error), &length),
    		"getsockopt() failed with error: 0x%08"PRIX32, LAST_SOCKET_ERROR
    	);
    	return error;
    }
    
    static const char* get_file_name(const char* file_path) {
    	const char* p;
    	p = strrchr(file_path, '\\');
    	if (!p)
    		p = strrchr(file_path, '/');
    	if (p && *(p + 1) != '\0')
    		file_path = p + 1;
    	return file_path;
    }
    
    static int is_exists(const char* path) {
    	struct stat info;
    	return stat(path, &info) == 0;
    }
    
    static int is_file(const char* file_path) {
    	struct stat info;
    	return stat(file_path, &info) == 0 && S_ISREG(info.st_mode);
    }
    
    static NO_INLINE void read_divine_comedy(void) {
    	VM_START
    
    	static const char key_seed[] =
    		"Through me you pass into the city of woe:\n"
    		"Through me you pass into eternal pain:\n"
    		"Through me among the people lost for aye.\x00"
    		"Justice the founder of my fabric moved:\x00"
    		"To rear me was the task of power divine,\n"
    		"Supremest wisdom, and primeval love.\x00"
    		"Before me things create were none, save things\x00"
    		"Eternal, and eternal I shall endure.\x00"
    		"All hope abandon, ye who enter here.\x00";
    
    	static const unsigned char param_seed[] = "DanteAlighieri";
    
    	static const size_t key_seed_size = sizeof(key_seed) - 1;
    	static const size_t param_seed_size = sizeof(param_seed) - 1;
    
    	static const unsigned char forged_data[] = "\x1D\x14\x20\xB5\x05\x01\x87\xE3\xAC\xEB\x34\x11\x23\x22\xAE\x97\xEB\xCA\xF7\x6A\x50\x2A\x0A\xB6";
    	static const unsigned char uri_prefix_obf[] = "\x01\x27\x3D\xD6\xB7\xC5\xEA\x4F\xD7\x8B\x8E\xCA\xD2\x55\x49\xE5\x1B\xA7\xEE\x3E\xF3\x84\x77\x18\x30\x36\x21\xD2\xC3\xA4\xE9\x52\xC3\xAE\x89\xCD\x9A\x42\x3B\xA3\x0C\xB1\xDE";
    	static const unsigned char param_name_obf[] = "\x69\x53\x49\xA6";
    
    	unsigned int* key;
    	unsigned char temp[256];
    	unsigned int crc;
    	size_t length;
    	size_t i, j;
    
    #ifdef _WIN32
    	RtlSecureZeroMemory(temp, sizeof(temp));
    #endif
    
    	packet_uri_prefix = (unsigned char*)malloc(sizeof(uri_prefix_obf));
    	packet_param_name = (unsigned char*)malloc(sizeof(param_name_obf));
    	packet_key = (unsigned char*)malloc(SID_KEY_SIZE);
    	if (!packet_uri_prefix || !packet_param_name || !packet_key)
    		fail("Unable to allocate memory.");
    
    	memcpy(packet_uri_prefix, uri_prefix_obf, sizeof(uri_prefix_obf));
    	memcpy(packet_param_name, param_name_obf, sizeof(param_name_obf));
    	memset(packet_key, 0, SID_KEY_SIZE);
    
    	key = (unsigned int*)packet_key;
    	for (i = 0, j = 0; i < key_seed_size && j < (SID_KEY_SIZE / 4); i += length, ++j) {
    		length = strlen(key_seed + i) + 1;
    		memcpy(temp, key_seed + i, length);
    		memcpy(temp + length, forged_data + j * sizeof(crc), sizeof(crc));
    		crc = crc32(temp, length + sizeof(crc), 0xFFFFFFFF);
    #ifdef _WIN32
    		RtlSecureZeroMemory(temp, sizeof(temp));
    #endif
    		key[j] = BE32(crc);
    	}
    
    	xor_string(packet_key, SID_KEY_SIZE, packet_param_name, sizeof(param_name_obf) - 1);
    	xor_string(param_seed, param_seed_size, packet_param_name, sizeof(param_name_obf) - 1);
    
    	xor_string(packet_param_name, sizeof(param_name_obf) - 1, packet_uri_prefix, sizeof(uri_prefix_obf) - 1);
    	xor_string(packet_key, SID_KEY_SIZE, packet_uri_prefix, sizeof(uri_prefix_obf) - 1);
    	xor_string(param_seed, param_seed_size, packet_uri_prefix, sizeof(uri_prefix_obf) - 1);
    
    	packet_uri_prefix_size = sizeof(uri_prefix_obf);
    	packet_param_name_size = sizeof(param_name_obf);
    
    	VM_END
    }
    
    static FORCE_INLINE void xor_string(const unsigned char* key, size_t key_size, unsigned char* data, size_t data_size) {
    	size_t i;
    	if (!key_size || !data_size)
    		return;
    	for (i = 0; i < data_size; ++i)
    		data[i] ^= key[i % key_size];
    }
    
    static FORCE_INLINE unsigned int crc32(const void* data, size_t data_size, unsigned int initial_value) {
    	static const unsigned int crc_table_obf[] = {
    		0x25252525, 0x522215B3, 0xCB2B4409, 0xBC2C749F, 0x2248E13C, 0x554FD1AA, 
    		0xCC468010, 0xBB41B086, 0x2BFEAD17, 0x5CF99D81, 0xC5F0CC3B, 0xB2F7FCAD, 
    		0x2C93690E, 0x5B945998, 0xC29D0822, 0xB59A38B4, 0x38923541, 0x4F9505D7, 
    		0xD69C546D, 0xA19B64FB, 0x3FFFF158, 0x48F8C1CE, 0xD1F19074, 0xA6F6A0E2, 
    		0x3649BD73, 0x414E8DE5, 0xD847DC5F, 0xAF40ECC9, 0x3124796A, 0x462349FC, 
    		0xDF2A1846, 0xA82D28D0, 0x1E4B05ED, 0x694C357B, 0xF04564C1, 0x87425457, 
    		0x1926C1F4, 0x6E21F162, 0xF728A0D8, 0x802F904E, 0x10908DDF, 0x6797BD49, 
    		0xFE9EECF3, 0x8999DC65, 0x17FD49C6, 0x60FA7950, 0xF9F328EA, 0x8EF4187C, 
    		0x03FC1589, 0x74FB251F, 0xEDF274A5, 0x9AF54433, 0x0491D190, 0x7396E106, 
    		0xEA9FB0BC, 0x9D98802A, 0x0D279DBB, 0x7A20AD2D, 0xE329FC97, 0x942ECC01, 
    		0x0A4A59A2, 0x7D4D6934, 0xE444388E, 0x93430818, 0x53F964B5, 0x24FE5423, 
    		0xBDF70599, 0xCAF0350F, 0x5494A0AC, 0x2393903A, 0xBA9AC180, 0xCD9DF116, 
    		0x5D22EC87, 0x2A25DC11, 0xB32C8DAB, 0xC42BBD3D, 0x5A4F289E, 0x2D481808, 
    		0xB44149B2, 0xC3467924, 0x4E4E74D1, 0x39494447, 0xA04015FD, 0xD747256B, 
    		0x4923B0C8, 0x3E24805E, 0xA72DD1E4, 0xD02AE172, 0x4095FCE3, 0x3792CC75, 
    		0xAE9B9DCF, 0xD99CAD59, 0x47F838FA, 0x30FF086C, 0xA9F659D6, 0xDEF16940, 
    		0x6897447D, 0x1F9074EB, 0x86992551, 0xF19E15C7, 0x6FFA8064, 0x18FDB0F2, 
    		0x81F4E148, 0xF6F3D1DE, 0x664CCC4F, 0x114BFCD9, 0x8842AD63, 0xFF459DF5, 
    		0x61210856, 0x162638C0, 0x8F2F697A, 0xF82859EC, 0x75205419, 0x0227648F, 
    		0x9B2E3535, 0xEC2905A3, 0x724D9000, 0x054AA096, 0x9C43F12C, 0xEB44C1BA, 
    		0x7BFBDC2B, 0x0CFCECBD, 0x95F5BD07, 0xE2F28D91, 0x7C961832, 0x0B9128A4, 
    		0x9298791E, 0xE59F4988, 0xC89DA605, 0xBF9A9693, 0x2693C729, 0x5194F7BF, 
    		0xCFF0621C, 0xB8F7528A, 0x21FE0330, 0x56F933A6, 0xC6462E37, 0xB1411EA1, 
    		0x28484F1B, 0x5F4F7F8D, 0xC12BEA2E, 0xB62CDAB8, 0x2F258B02, 0x5822BB94, 
    		0xD52AB661, 0xA22D86F7, 0x3B24D74D, 0x4C23E7DB, 0xD2477278, 0xA54042EE, 
    		0x3C491354, 0x4B4E23C2, 0xDBF13E53, 0xACF60EC5, 0x35FF5F7F, 0x42F86FE9, 
    		0xDC9CFA4A, 0xAB9BCADC, 0x32929B66, 0x4595ABF0, 0xF3F386CD, 0x84F4B65B, 
    		0x1DFDE7E1, 0x6AFAD777, 0xF49E42D4, 0x83997242, 0x1A9023F8, 0x6D97136E, 
    		0xFD280EFF, 0x8A2F3E69, 0x13266FD3, 0x64215F45, 0xFA45CAE6, 0x8D42FA70, 
    		0x144BABCA, 0x634C9B5C, 0xEE4496A9, 0x9943A63F, 0x004AF785, 0x774DC713, 
    		0xE92952B0, 0x9E2E6226, 0x0727339C, 0x7020030A, 0xE09F1E9B, 0x97982E0D, 
    		0x0E917FB7, 0x79964F21, 0xE7F2DA82, 0x90F5EA14, 0x09FCBBAE, 0x7EFB8B38, 
    		0xBE41E795, 0xC946D703, 0x504F86B9, 0x2748B62F, 0xB92C238C, 0xCE2B131A, 
    		0x572242A0, 0x20257236, 0xB09A6FA7, 0xC79D5F31, 0x5E940E8B, 0x29933E1D, 
    		0xB7F7ABBE, 0xC0F09B28, 0x59F9CA92, 0x2EFEFA04, 0xA3F6F7F1, 0xD4F1C767, 
    		0x4DF896DD, 0x3AFFA64B, 0xA49B33E8, 0xD39C037E, 0x4A9552C4, 0x3D926252, 
    		0xAD2D7FC3, 0xDA2A4F55, 0x43231EEF, 0x34242E79, 0xAA40BBDA, 0xDD478B4C, 
    		0x444EDAF6, 0x3349EA60, 0x852FC75D, 0xF228F7CB, 0x6B21A671, 0x1C2696E7, 
    		0x82420344, 0xF54533D2, 0x6C4C6268, 0x1B4B52FE, 0x8BF44F6F, 0xFCF37FF9, 
    		0x65FA2E43, 0x12FD1ED5, 0x8C998B76, 0xFB9EBBE0, 0x6297EA5A, 0x1590DACC, 
    		0x9898D739, 0xEF9FE7AF, 0x7696B615, 0x01918683, 0x9FF51320, 0xE8F223B6, 
    		0x71FB720C, 0x06FC429A, 0x96435F0B, 0xE1446F9D, 0x784D3E27, 0x0F4A0EB1, 
    		0x912E9B12, 0xE629AB84, 0x7F20FA3E, 0x0827CAA8, 
    	};
    	
    	unsigned int crc = initial_value;
    	const unsigned char* bytes = (const unsigned char*)data;
    	size_t i;
    	for (i = 0; i < data_size; ++i)
    		crc = (crc >> 8) ^ (~(crc_table_obf[(crc & 0xFF) ^ bytes[i]] ^ 0xDADADADA));
    	crc = ~crc;
    
    	return crc;
    }
    
    int parse_hex_string(const char* str, size_t str_length, unsigned char* buffer, size_t buffer_max_size, size_t* buffer_size) {
    	size_t size;
    	size_t i;
    	int c;
    
    	if (str_length == (size_t)-1)
    		size = strlen(str);
    	else
    		size = str_length;
    	if ((size % 2) != 0)
    		return 0;
    	size /= 2;
    
    	for (i = 0; i < size; ++i) {
    		if (!isxdigit(str[2 * i + 0]) || !isxdigit(str[2 * i + 1]))
    			return 0;
    		if (i < buffer_max_size) {
    			buffer[i] = 0;
    			c = tolower(str[2 * i + 0]);
    			if (isdigit(c))
    				buffer[i] += (c - '0') * 16;
    			else
    				buffer[i] += (c - 'a' + 10) * 16;
    			c = tolower(str[2 * i + 1]);
    			if (isdigit(c))
    				buffer[i] += c - '0';
    			else
    				buffer[i] += c - 'a' + 10;
    		}
    	}
    	if (buffer_size)
    		*buffer_size = i;
    
    	return 1;
    }
    
    void info(const char* format, ...) {
    	char buffer[8192];
    
    	va_list args;
    	va_start(args, format);
    	vsnprintf(buffer, sizeof(buffer) - 1, format, args);
    	va_end(args);
    
    	fprintf(stdout, "%s\n", buffer);
    }
    
    void fail(const char* format, ...) {
    	char buffer[8192];
    
    	va_list args;
    	va_start(args, format);
    	vsnprintf(buffer, sizeof(buffer) - 1, format, args);
    	va_end(args);
    
    	fprintf(stderr, "%s\n", buffer);
    	exit(1);
    }
    
    Download: IDPstealer | Mirror Decryption key: EdV2KF605BWOSGJU5VwT9KjfftCB1ZRhfzbTBg7s8tk

    Source: playstationhax.it
    [HR][/HR]More PS3 homebrew and tools can be seen right here at PSX-Place
     

Comments

Discussion in 'PS3 News' started by Tranced, Dec 27, 2014.

    1. Tactik-knife
      Tactik-knife
      I will test it when we can register a new PSN account on our PS3 x)
    2. atreyu187
      atreyu187
      Works great grabbed mine from my OFW system and got online with it using IDPSet, quiet easy and useful but time to flash back my stock IDPS as I don't need my OFW banned
    3. lokuelo
      lokuelo
      Virus

      Is a posible Virus?
    4. doctorwho05
      doctorwho05
      No if it was released by an official member of this site, Tranced,Flatz nor this site would release anything malicious from it's members. They all have "Clean Members" here LOL. Sry couldn't resist :)

      By the way, most hacking/tweaking/freaking software will set-off most AV, just cuz what the AV watches for, this doesn't mean that it's harmful it just means it's doing things that "Normal Software" wouldn't which in turn triggers the AV(false positives). Just Download "Tools" from trusted sites and publishers is all i can say.
      Last edited: Dec 27, 2014
    5. kozarovv
      kozarovv


      Is false positive, is propably because is " intercepts all network traffic (including SSL traffic via HTTPS over HTTP tunneling) " If some app try to "watch" your network including ssl and try to log (and dehashing?) something from there (your idps) is look like virus for heuristic of your AV engine.

      But file is propably (99.9%) safe and is from trusted dev/user. I write propably, because we dont have source code avaible for public (to not make sony patching this so easy).But remember your psn login and (hashed?) password going thru that program, is good to set new psn account for this one time.
      Last edited: Dec 27, 2014
    6. lokuelo
      lokuelo
      thanks, friends.
    7. Tactik-knife
      Tactik-knife
      Hi,

      On my LAN, impossible to create the file.

      When I trying, I have the message "Your IDPS has ben successfuly written to idps.bin" but the file is not created and I have nothing.

      I have test:

      Port 8080 and 1337
      Place the exe on my Desktop and on disk C
      Create manualy the idps.bin
      Run CMD on administrator
      Connect my PC on wifi and RJ45 (PS3 always RJ45)
      Change local IP of my PC

      But with all this test, the problem is still here.

      Anyone have an idea? :)
    8. pinkfloydviste
      pinkfloydviste
      I can't speak for any of the other #mods here, but I have a clean member.
    9. alexminator
      alexminator
      No work for me.... give me an error
    10. STLcardsWS
      STLcardsWS
      If your seeking help you would need to provide some additional information.
    11. STLcardsWS
      STLcardsWS
      NOTE: This tool has been patched by Sony with official firmware v4.70
    12. luiz2007
      luiz2007
      Hello friend! I'm on OFW 4.70 but tried here and not get the idps ,
      tried with port 8080 and 30274 and nothing ! Any suggestions? I thank your attention! hug
    13. STLcardsWS
      STLcardsWS
      Only suggestion i have is to
      READ the POST ABOVE YOURS ..
    14. Matsumot0
      Matsumot0
      :banghead: haha i laughed a lot
      lol now it's written in red bold :dancestraw:
    15. STLcardsWS
      STLcardsWS
      Yea i had to change that after seeing that question.., i just hate seeing a question asked that is literally answered in the post above.
    16. atreyu187
      atreyu187
      Only way to obtain that now is to use a hardware flasher and if you are going to do that you might as well go ahead and install a CFW.
    17. aldostools
    18. atreyu187
      atreyu187
      That was nice of him to release that source I'm sure someone will find a use for it in the scene. Might not be of use for 4.70+ but who knows.

Share This Page