PS3 Remove SSL verification/add MITM certificate

[ssdrive]

Hello all,
I want to inspect the traffic of the PS3, specifically the PSN traffic to see how the multiplayer/login system works. I was also told that some people try to do this to cheat so I would like to make it clear that I will not be using this for cheating or getting games illegally, I just want to see what makes PSN tick.

 

[Coro]

we don't help with online cheating or pirating anyway. you are welcome here...but i'm not sure how far any conversation on this subject could go here. any real progress could be used with bad intentions by anyone reading the site.

 

[ssdrive]

we don't help with online cheating or pirating anyway. you are welcome here...but i'm not sure how far any conversation on this subject could go here. any real progress could be used with bad intentions by anyone reading the site.

I have just checked something on my side, and SSL verification removal is not the only thing required for accessing PSN network data. And I'm not sure how SSL verification could be used for piracy honestly.

 

[Coro]

I'm not sure how SSL verification could be used for piracy honestly.

probably not for piracy but online cheating yes.

if the goal is to revise games that can no longer be played online, often there are is server software or other impossible to obtain pieces of the puzzle.

 

[ssdrive]

probably not for piracy but online cheating yes.

if the goal is to revise games that can no longer be played online, often there are is server software or other impossible to obtain pieces of the puzzle.

As I said earlier, online cheating cannot be achieved just by disabling SSL verification. There is another thing required to view the requests of PSN which I will not be disclosing to prevent online cheating. (if you want to confirm that I'm not lying I can PM it to you)
And for the impossible to obtain pieces of the puzzle, that's what reverse engineering is for, no?

 

[GuilloteTesla]

PSN is an active service, and SSL and other security protocols are in place for a reason. Disclosing here how to bypass them could compromise this very website.

 

[ssdrive]

PSN is an active service, and SSL and other security protocols are in place for a reason. Disclosing here how to bypass them could compromise this very website.

SSL bypassing and MITMing is not illegal. Otherwise tools like mitmproxy would not exist. Other consoles like the Wii/Wii U have plugins dedicated to the disabling of SSL verification, even when their online services were active. And PSN has other security protocols than SSL. And the TLS ciphers on the PS3 are already weak. The worst this could lead to is _my_ account being banned for violating the PSN ToS, which everyone who installs CFW is doing because if I remember correctly that's against ToS.

 

[GuilloteTesla]

SSL bypassing and MITMing is not illegal.

Yes, it is. SSL was designed for making end-to-end connections secure, and that means no MITM because once the connection has been stablished with the certificates, the data is encrypted.

Remember, PSN is not only about online gaming but also about payment methods, invoices, purchased content, licences, private messages, personal data, among many other sensitive information.

So, again, bypassing a security layer placed by a service provider (like Sony) to avoid MITM and other type of attacks IS ILLEGAL.

Otherwise tools like mitmproxy would not exist.

Killing people is illegal, yet tools like knifes and guns exist. Best not to place those sort of examples in order to justify your argument.

Other consoles like the Wii/Wii U have plugins dedicated to the disabling of SSL verification, even when their online services were active.

That doesn't make those plugins legal at all. Another bad argument: "because other people do illegal stuff, then it's OK to do it".

And PSN has other security protocols than SSL.

Yes, there are, but SSL is the first step in the authentication process for a reason.

And the TLS ciphers on the PS3 are already weak.

We are not talking about PS3 but PSN, which is still used by more modern devices. Yet another bad argument to support your claim: "the gate is half open, so that grants me permission to enter the garden because I'm not forcing it".

The worst this could lead to is _my_ account being banned for violating the PSN ToS

If you bypass SSL by your own, in your private environment, then you are the sole responsible.

Discussing how to bypass SSL in a public forum like this over an active service used by millions of people, that involves other people, hence you are not the sole responsible.

which everyone who installs CFW is doing because if I remember correctly that's against ToS.

That's not true. Installing CFW and then using Sony's online services IS against ToS. Installing CFW in your device for private use is not (as long as there is no online use of any online services), because it's impossible for Sony (or anyone for that matter) to know with 100% certainty which console is hacked or not (and Sony won't make a legal move if the costs are not justified).

 

[ssdrive]

Yes, it is. SSL was designed for making end-to-end connections secure, and that means no MITM because once the connection has been stablished with the certificates, the data is encrypted.

Remember, PSN is not only about online gaming but also about payment methods, invoices, purchased content, licences, private messages, personal data, among many other sensitive information.

So, again, bypassing a security layer placed by a service provider (like Sony) to avoid MITM and other type of attacks IS ILLEGAL.



Killing people is illegal, yet tools like knifes and guns exist. Best not to place those sort of examples in order to justify your argument.



That doesn't make those plugins legal at all. Another bad argument: "because other people do illegal stuff, then it's OK to do it".



Yes, there are, but SSL is the first step in the authentication process for a reason.



We are not talking about PS3 but PSN, which is still used by more modern devices. Yet another bad argument to support your claim: "the gate is half open, so that grants me permission to enter the garden because I'm not forcing it".



If you bypass SSL by your own, in your private environment, then you are the sole responsible.

Discussing how to bypass SSL in a public forum like this over an active service used by millions of people, that involves other people, hence you are not the sole responsible.



That's not true. Installing CFW and then using Sony's online services IS against ToS. Installing CFW in your device for private use is not (as long as there is no online use of any online services), because it's impossible for Sony (or anyone for that matter) to know with 100% certainty which console is hacked or not (and Sony won't make a legal move if the costs are not justified).

Why is bypassing something that is keeping _my_ connections to the server secure illegal? SSL was created for _the client to verify the authenticity of the server_. Disabling SSL makes PSN no less secure to anyone but myself. Even _if_ MITMing was able to do some wacky online cheating, they have systems to detect and stop that. If you consider bypassing security for the sake of controlling your own hardware illegal then you should just stop using CFW, because that's also bypassing security. It's not like I'm trying to MITM everyone. MITMing yourself is perfectly legal.

 

[GuilloteTesla]

Why is bypassing something that is keeping _my_ connections to the server secure illegal?

Because the service provider states that any connections to THEIR services must follow THEIR security protocols, in this case SSL connections for encryption and data security.

It doesn't matter if you bypass your own connection or not.

SSL was created for _the client to verify the authenticity of the server_.

No, it's main purpose is to validate and keep the communication between a client and the server secure as long as it lasts. SSL protects data and validates identity.

Disabling SSL makes PSN no less secure to anyone but myself.

And Sony is the ultimate responsible that your data is safe and no theft nor malitious intent happens during your session.

Even _if_ MITMing was able to do some wacky online cheating, they have systems to detect and stop that.

Forget about online gaming, we are talking about a major security compromise here. It doesn't matter if Sony has systems to detect an attack.

If you consider bypassing security for the sake of controlling your own hardware illegal then you should just stop using CFW, because that's also bypassing security.

You are comparing pears to apples. Your device is yours. An online service (that belongs to a company that is not yours) is not. You deliberately omit the difference between online services and devices.

It's like modifying a car. You can do it and the brand won't care at all. Now, if you do illegal modifications and go for a ride on the street, you are breaking the law (the very meaning of "illegal").

It's not like I'm trying to MITM everyone. MITMing yourself is perfectly legal.

It is perfectly legal as long as you do it in your own, closed environment. PSN servers are out of your environment.

________________________________________________________________________________________________________

This conversation is going nowhere, because you believe that what you want to do is legal and valid, and I've given you multiple arguments against it.

This conversation seeks for help with dangerous topics (for you and for other fellow members that apply ), and that is against the rules.

2.) No Posting / Linking of Dangerous &/or Pirated Software.

• No posting/ linking to pirated &/or Dangerous materials will be tolerated.

Thread closed.