PS3 HAN PS3Xploit v3 SSL Certificate Injector/Remover

[SpuddyBuddy]

changing certificates is a bad idea...

read this first
https://www.psx-place.com/threads/ps3-keeps-shutting-down-after-injecting-ssl-certificate.19358/

There's a few certificate formats, so chances are the firmware just bugs out rather than handles failure gracefully.

A PEM format file (text based, typically .crt) and a DER format (binary based, typically .cer) were mentioned, bit instead of conversion, the guy just renamed it and soft-bricked the console.

You can grab the latest CA cert from, say FireFox CA from Haxx.se, run it through an SSL converter (I use the online one at sslshopper often) from PEM to DER, then rename to suit the PS3.

The nice thing with the PEM, is that can bundle private CA on the end (literally copy/paste the CA file content) on the end of the new CA cert before then converting to a DER (binary) type, which I believe Jean_pierre_Jean and w01f wanted to do.

 

[me0101]

There's a few certificate formats, so chances are the firmware just bugs out rather than handles failure gracefully.

A PEM format file (text based, typically .crt) and a DER format (binary based, typically .cer) were mentioned, bit instead of conversion, the guy just renamed it and soft-bricked the console.

You can grab the latest CA cert from, say FireFox CA from Haxx.se, run it through an SSL converter (I use the online one at sslshopper often) from PEM to DER, then rename to suit the PS3.

The nice thing with the PEM, is that can bundle private CA on the end (literally copy/paste the CA file content) on the end of the new CA cert before then converting to a DER (binary) type, which I believe Jean_pierre_Jean and w01f wanted to do.

Although the files are .cer, their contents as are base64 enconded wich as far as im aware, it means that the ps3 certificates are in PEM format. So why whould you want to convert them to DER ?

 

[SpuddyBuddy]

Although the files are .cer, their contents as are base64 enconded wich as far as im aware, it means that the ps3 certificates are in PEM format. So why whould you want to convert them to DER ?

You are indeed correct, so I'll redact the above.

I was toying with the files today, replacing some, but no TLS connections apart from Google worked - I'm guessing I'm missing something, or the PS3 doesn't honour certificate revocation (so just fails when the cert doesn't validate).

Interestingly, the CA_LIST.cer is invalid according to Java keytool. Yet to try against other tools.

 

[me0101]

Did you manage to get it working ?

 

[Klashkog]

Can injector be used on CFW consoles with 4.87 firmware without worrying of bricking system?

 

[Coro]

Can injector be used on CFW consoles with 4.87 firmware without worrying of bricking system?

it has not been updated for 4.87 yet.

 

[NikoLiberty]

Anybody have a little more comprehensive/hands-on instructions for this? I did everything as instructed in the OP (to the best of my understanding) and the initialization keeps failing.

There's probably something I'm doing wrong, but I have no idea what.

I downloaded and copies the two folders linked, exported a certificate via Fiddler, threw it on a USB stick and went to the right link.

I gotta say, if there was a video showcasing these instructions (even an Unlisted one exclusive to the site) this would be a lot easier for me.

 

[Coro]

Anybody have a little more comprehensive/hands-on instructions for this? I did everything as instructed in the OP (to the best of my understanding) and the initialization keeps failing.

There's probably something I'm doing wrong, but I have no idea what.

I downloaded and copies the two folders linked, exported a certificate via Fiddler, threw it on a USB stick and went to the right link.

I gotta say, if there was a video showcasing these instructions (even an Unlisted one exclusive to the site) this would be a lot easier for me.

what firmware version are you on? you will have to install HFW if you are on 4.84 or above.

 

[NikoLiberty]

what firmware version are you on? you will have to install HFW if you are on 4.84 or above.

4.88 admittedly. And thank you for responding, because as time has passed, I only have more questions.

Will installing HFW on my 4.88 system lead to a fix in the injector's functionality? And if not, would I be able to use it on a system that has something older than 4.84? And if so (lol), can I still log into my PSN account through something like that?

 

[Coro]

Will installing HFW on my 4.88 system lead to a fix in the injector's functionality?

yes. this tool uses a bug in the web browser to function. sony updated the browser after 4.82, but HFW will put the old file back (that one file is the only difference between official firmware and HFW).

to use PSN on an unhacked ps3, you must be on the current firmware.

 

[NikoLiberty]

yes. this tool uses a bug in the web browser to function. sony updated the browser after 4.82, but HFW will put the old file back (that one file is the only difference between official firmware and HFW).

to use PSN on an unhacked ps3, you must be on the current firmware.

Admittedly, I put CFW on my PlayStation 3 console, the one I wish to use this stuff on anyway.

Do you recommend I remove the CFW before installing the HFW to be safe.

Optionally, can the HFW be installed on a Super Slim running 4.87 or 4.88?

 

[bguerville]

Admittedly, I put CFW on my PlayStation 3 console, the one I wish to use this stuff on anyway.

Do you recommend I remove the CFW before installing the HFW to be safe.

Optionally, can the HFW be installed on a Super Slim running 4.87 or 4.88?

If you have a CFW compatible console, you should stick to using a CFW.

If you have a non CFW compatible console like a slim 3xxx or a superslim 4xxx, you can only use HAN or HEN & to be able to launch the HAN/HEN exploits, you must use the official 4.82 ps3 browser.
That's why you need to install HFW 4.88 first, because it's an official 4.88 firmware repacked with the official 4.82 browser file, but there is no exploit or jailbreak in a HFW pup file, only the means to launch some of the ps3xploit tools using the 4.82 browser.
A HFW pup file being made only with official system files, it can be installed on any console model at any time, just like a OFW pup, it's basically the same thing.

FYI
It's pointless to use the ssl injector tool because it only does part of the job required to add a new functional ssl certificate for the ps3 system to use.
It can add a new certificate by replacing the CA_LIST.cer with a modded version or swapping an existing certificate file with a custom one but it doesn't patch the executables making use of the certificate files.
As a result, the "injected" certificate, whether a new entry in CA_LIST.cer or just a straight .cer file swap, will not pass the hash validity check performed by the system when a ssl certificate is loaded & the system will deny its use.

Nobody has bothered to look into customising ssl support so far, the ssl injector tool was only meant to be a proof of concept showing it was possible to edit/replace the certificate files, not a functional ssl certificate manager tool.

 

[NikoLiberty]

If you have a CFW compatible console, you should stick to using a CFW.

If you have a non CFW compatible console like a slim 3xxx or a superslim 4xxx, you can only use HAN or HEN & to be able to launch the HAN/HEN exploits, you must use the official 4.82 ps3 browser.
That's why you need to install HFW 4.88 first, because it's an official 4.88 firmware repacked with the official 4.82 browser file, but there is no exploit or jailbreak in a HFW pup file, only the means to launch some of the ps3xploit tools using the 4.82 browser.
A HFW pup file being made only with official system files, it can be installed on any console model at any time, just like a OFW pup, it's basically the same thing.

FYI
It's pointless to use the ssl injector tool because it only does part of the job required to add a new functional ssl certificate for the ps3 system to use.
It can add a new certificate by replacing the CA_LIST.cer with a modded version or swapping an existing certificate file with a custom one but it doesn't patch the executables making use of the certificate files.
As a result, the "injected" certificate, whether a new entry in CA_LIST.cer or just a straight .cer file swap, will not pass the hash validity check performed by the system when a ssl certificate is loaded & the system will deny its use.

Nobody has bothered to look into customising ssl support so far, the ssl injector tool was only meant to be a proof of concept showing it was possible to edit/replace the certificate files, not a functional ssl certificate manager tool.

Okay, but if I did want to use the Injector anyway, would you recommend I remove the CFW, start from scratch, and then install the HFW and the CFW respectively?

 

[Coro]

Okay, but if I did want to use the Injector anyway, would you recommend I remove the CFW, start from scratch, and then install the HFW and the CFW respectively?

if you are running CFW (or HEN), you can replace the files (without using the tool) by using a file manager or FTP. multiman, irisman, and managunz have file managers. webman and multiman have ftp.

 

[NikoLiberty]

if you are running CFW (or HEN), you can replace the files (without using the tool) by using a file manager or FTP. multiman, irisman, and managunz have file managers. webman and multiman have ftp.

Thanks for the tip, but is doing it the way I suggested an option?

Sorry for all the questions here, I just want to make sure if I do this, I do this right.

 

[bguerville]

Sorry NikoLiberty but I am afraid we don't really understand what you are doing or seeking.

Why would you want to use this poc tool at all cost if you cannot use the certificate you plan to inject anyway?

Why would you complicate matters by using an old obsolete exploitation tool when you can already edit/replace certificate files at will, as I have to assume from your previous posts you are currently using CFW or HEN? This tool is only a file swapper, you can do the same thing with a file manager or ftp.

What is your console model? CECH-???

What is currently installed on your console? CFW or OFW/HFW?

Strictly speaking, the ssl injection poc tool doesn't "care" whether a console is running on a phat, slim or superslim console & it doesn't "care" either about the firmware installation type, whether it's OFW or HFW with HEN or even CFW.

The only things that matter to this tool's exploit are:

1. the version of the console's firmware.
If the tool supports 4.81 min to 4.88 max, it won't run on 4.80 or future 4.89 without applying some minor changes in the source code.

2. The ps3 browser must be a 4.82 version max to be able to trigger the exploit.
That means the tool can run on OFW up to 4.82 but requires HFW from 4.83 up.

3. The kernel type must be CEX (Retail).
DEX (Debug/Development) mode is not supported. DEX firmwares are used on DECH debugging consoles & can be made to run on a retail console. The most recent OFW DEX firmware publicly available is 4.84.

If those 3 things are true, the tool will run just fine.

 

[NikoLiberty]

---

 

[NikoLiberty]

The only things that matter to this tool's exploit are:

1. the version of the console's firmware.
If the tool supports 4.81 min to 4.88 max, it won't run on 4.80 or future 4.89 without applying some minor changes in the source code.

2. The ps3 browser must be a 4.82 version max to be able to trigger the exploit.
That means the tool can run on OFW up to 4.82 but requires HFW from 4.83 up.

3. The kernel type must be CEX (Retail).
DEX (Debug/Development) mode is not supported. DEX firmwares are used on DECH debugging consoles & can be made to run on a retail console. The most recent OFW DEX firmware publicly available is 4.84.

If those 3 things are true, the tool will run just fine.

Okay, so what do you recommend I do? Should I simply go about using a 4.82 console and run the injector, or should I edit the certificates to get it working on my current setup?

 

[bguerville]

I apologize for any confusion. I will do my best to have you guys better understand my case.

1) So sorry to answer a question with a question, but how do I go about doing it the way you described, albeit successfully? I just thought that the injector was the only way to do it.

2) It's a CECHA-01 from February 2007.

3) I believe it's CFW. I just followed MrMario2011's most recent tutorial on jailbreaking on 4.88. I installed what he offered.

OK so you have an initial release model.
Nice backwards compatible.
Take good care of it. ;-)

Now that your console is fully jailbroken & runs on CFW, you can install homebrews.
Any backup manager like Irisman, Managunz, multiman, webMAN-MOD etc.. have a file manager feature built-in.
All you need to do is install the backup manager of your choice, launch it, open the file manager feature, mount /dev_flash (readonly partition mount) as /dev_blind (read/write partition mount), browse to /dev_blind/data/cert/ & you will find all the .cer files. You can replace or edit one of them as you wish, the result will be identical to what the ssl injection tool does.

 

[bguerville]

@NikoLiberty

FYI
If you install a HFW or OFW PUP, you will lose your jailbreak & will need to perform the jailbreak process again.

Don't try to use HEN as long as the console is running on CFW, they should not be mixed. HEN is only a partial jailbreak, it has nothing to offer that you can't already do on CFW anyway.