[Tutorial] PSN Bypass Techniques and Setting Up Development/Debugging Environment

Discussion in 'Tutorials & Guides' started by esc0rtd3w, Apr 1, 2017.

  1. 1,206
    2,932
    397
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    1,206
    Likes Received:
    2,932
    Trophy Points:
    397
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    Great team effort peeps :congratulatory:

    @catalinnc thanks again, i will build US and JP packages and test them out using your EU package as a base, and of course include credits!

    @Rajesh Dutta thanks again to you for testing and pushing us to fix this mess! I will include you in the credits for this app here and on NGU thread

    Nice Work, Team!!
     
    DeViL303 and Rajesh Dutta like this.
  2. 137
    94
    57
    catalinnc

    catalinnc Member

    Joined:
    Dec 26, 2015
    Messages:
    137
    Likes Received:
    94
    Trophy Points:
    57
    @esc0rtd3w wait for me to re-sign the us (NPUP10021) v4.01 and post it...

    i dont think i have the jp version (id?)...please, provide the psn link...
    _
     
    DeViL303 and esc0rtd3w like this.
  3. 1,206
    2,932
    397
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    1,206
    Likes Received:
    2,932
    Trophy Points:
    397
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    @catalinnc just tested with stock EBOOT from 4.01 EU and it works.

    EDIT #1: The ignition.self should be the same for all regions, as its klicense is all 0's

    EDIT #2: /lib/webkit.sprx needs its matching region i am assuming, as its signed with EP4183-NPEB00344_00-LOVEFILMFULL0100 as its Content ID

    EDIT #3: I am testing NPUP10021 now with only added directories and ignition.self from NPEB00344 added/replaced.

    EDIT #4: Just tested US version and it worked. Will post package to test
     
    Last edited: Jul 29, 2017
    DeViL303 likes this.
  4. 137
    94
    57
    catalinnc

    catalinnc Member

    Joined:
    Dec 26, 2015
    Messages:
    137
    Likes Received:
    94
    Trophy Points:
    57
    @esc0rtd3w please, dont rush it...the us version is diff from the eu one (other certificates and stuff)...just wait to do a proper job...
    _

    p.s. what is the id for jap version?
    _

    p.s.2 i got it (NPJB00773)...
    _
     
    Last edited: Jul 29, 2017
    DeViL303 and esc0rtd3w like this.
  5. 1,206
    2,932
    397
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    1,206
    Likes Received:
    2,932
    Trophy Points:
    397
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
  6. 137
    94
    57
    catalinnc

    catalinnc Member

    Joined:
    Dec 26, 2015
    Messages:
    137
    Likes Received:
    94
    Trophy Points:
    57
    here is the us version re-signed and ready to go...just install it...
    Code:
    Amazon Video App v4.01
    UP2064-NPUP10021_00-AMAZONIVIDEO0100.v4.01.NO.PSN.FiX3D.ignition.self.0x3CF73C_0x40.[A00E62E6].zip
    http://www13.zippyshare.com/v/362uskfe/file.html
    _

    this us version has lots and lots of diff files from the eu version!!!

    ignition.self is identical as in the eu version...all i did is patch it as the eu version (0x3CF73C_0x40) then re-sign it...

    the other self/sprx are re-signed for lower cfw...

    i hope this is all it needes to bypass the psn login...
    _

    p.s. i noticed a java script inside a sdat (USRDIR\js\app\modules\network.js.sdat) that has lots and lots of references to psn...
    _
     
    DeViL303 and esc0rtd3w like this.
  7. 1,206
    2,932
    397
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    1,206
    Likes Received:
    2,932
    Trophy Points:
    397
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    Thanks!

    most likely the "USRDIR\js\app\modules\network.js.sdat" is no longer referenced
     
  8. 137
    94
    57
    catalinnc

    catalinnc Member

    Joined:
    Dec 26, 2015
    Messages:
    137
    Likes Received:
    94
    Trophy Points:
    57
    here is the jap version re-signed and ready to go...just install it...
    Code:
    Amazon Video App v4.01
    JA0011-NPJB00773_00-AMAZONVIDEOJAPAN.v4.01.NO.PSN.FiX3D.ignition.self.0x3CF73C_0x40.[542EF569].zip
    http://www89.zippyshare.com/v/C7Nv5nPv/file.html
    _

    this jap version is almost identical to eu version!!!

    ignition.self is identical as in the eu version...all i did is patch it as the eu version (0x3CF73C_0x40) then re-sign it...

    i also modded NPJB00773\USRDIR\data\config\spark.cfg.sdat ("requirePSN" : false, - but i am not sure if this is really needed!)

    the other self/sprx are re-signed for lower cfw...

    i hope this is all it needes to bypass the psn login...
    _
     
    RandQalan, DeViL303 and esc0rtd3w like this.
  9. 1,206
    2,932
    397
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    1,206
    Likes Received:
    2,932
    Trophy Points:
    397
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    Thanks again to @catalinnc and @Rajesh Dutta for all their help!

    I have added new links, instructions, comments, and credits to the OP and to the NGU thread

    Here are also the renamed packages, untouched from @catalinnc, just renamed to keep uniform with all the rest of the app collection.

    Amazon-Instant-Video-v4.01-[NPEB00344]-NoPSN.pkg
    Amazon-Instant-Video-v4.01-[NPUP10021]-NoPSN.pkg
    Amazon-Instant-Video-v4.01-[NPJB00773]-NoPSN.pkg

    I have tested all the new packages from @catalinnc after adding the files and resigning the ignition.self and they all load up without issue, after pressing CIRCLE to bypass PSN Login.

    :triumphant:


    now........the Hulu Monster!!!


    EDIT: I may try bypassing the press circle requirement if i get bored soon!! Will need some testers probably, as apparently I have some SELF re-signing issues!!
     
    Last edited: Jul 29, 2017
    RandQalan and Rajesh Dutta like this.
  10. 137
    94
    57
    catalinnc

    catalinnc Member

    Joined:
    Dec 26, 2015
    Messages:
    137
    Likes Received:
    94
    Trophy Points:
    57
    you got PM...
    _
     
    esc0rtd3w likes this.
  11. 11
    12
    7
    Rajesh Dutta

    Rajesh Dutta Forum Noob

    Joined:
    Jul 20, 2017
    Messages:
    11
    Likes Received:
    12
    Trophy Points:
    7
    Gender:
    Male
    can you please provide me the patched elf for hulu.... I'll test.... :)
     
    esc0rtd3w likes this.
  12. 429
    310
    97
    RandQalan

    RandQalan Member

    Joined:
    Oct 4, 2014
    Messages:
    429
    Likes Received:
    310
    Trophy Points:
    97
    Still be nice if amazon would bypass the must be log in screen but nice work you two
     
    esc0rtd3w likes this.
  13. 137
    94
    57
    catalinnc

    catalinnc Member

    Joined:
    Dec 26, 2015
    Messages:
    137
    Likes Received:
    94
    Trophy Points:
    57
    what do you mean? the problem was fixed...(or not?)...
    _
     
    esc0rtd3w likes this.
  14. 1,206
    2,932
    397
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    1,206
    Likes Received:
    2,932
    Trophy Points:
    397
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    i think he means having to press circle. I will try messing with that tonight and post links for testers!!!

    @Rajesh Dutta i have no issues with loading Hulu ELF or SPRX re-signed, at least I don't think so. I have tested so many patches to Hulu off and on again over the past few months, my brain starts to hurt!!! I can get black screen, infinite Hulu background, infinite spinner, no spinner, etc, etc. The way it is structured is very linear. I can post some links later on just to see if other people experience the same results as i do.
     
    Last edited: Aug 2, 2017
    RandQalan likes this.
  15. 429
    310
    97
    RandQalan

    RandQalan Member

    Joined:
    Oct 4, 2014
    Messages:
    429
    Likes Received:
    310
    Trophy Points:
    97
    ^got it in one :D
     
    esc0rtd3w likes this.
  16. 137
    94
    57
    catalinnc

    catalinnc Member

    Joined:
    Dec 26, 2015
    Messages:
    137
    Likes Received:
    94
    Trophy Points:
    57
    i located the java script that is responsable for psn login in the hulu video app...
    Code:
    http://www90.zippyshare.com/v/hBGnpYzd/file.html
    if someone is skilled in java to make it skip the psn login, please take a look...
    _
     
    esc0rtd3w likes this.
  17. 799
    238
    72
    No0bZiLLa

    No0bZiLLa Moderator Developer

    Joined:
    Oct 1, 2014
    Messages:
    799
    Likes Received:
    238
    Trophy Points:
    72
    you could just fake the button press in the sprx posted a few posts back.
    isnt the actual login bypassed now, as in the screen comes up but just have to hit x to proceed?

    edit: i think around line 322, a person could just change the function to call whatever sub is "success", that way if it fails or not, it will be the same outcome (bypass login screen).
     
    Last edited: Aug 3, 2017
    esc0rtd3w, bguerville and RandQalan like this.
  18. 7,851
    6,547
    647
    bguerville

    bguerville Moderator

    Joined:
    Feb 25, 2015
    Messages:
    7,851
    Likes Received:
    6,547
    Trophy Points:
    647
    Location:
    Earth
    At first glance, the javascript deals with the psn login but not only.
    Once connected to PSN, a NP ticket (PSN cookie containing per console info among other data) for the Hulu app is requested. After the ticket is received & verified, it is being sent to https://play.hulu.com/tcm in order to receive a dictionary of options (in xml format) to initialise the app.

    Like I said, I just took a quick glance at it so I could be wrong but if I had to guess, I would say that only bypassing the PSN login in the javascript without any other changes would work if it were possible to get the NP ticket without being authenticated or if we could create a fake ticket to fool the Hulu server, otherwise my guess is it will fail.

    Of course if a patch has already been successfully applied & a bypass is already working, the aim of the game would just be to bypass the display of the PSN login page, that is a different matter..
     
    Last edited: Aug 3, 2017
    catalinnc and esc0rtd3w like this.
  19. 1,206
    2,932
    397
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    1,206
    Likes Received:
    2,932
    Trophy Points:
    397
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    i think that is deprecated, but i am checking it now


    EDIT #1: I have tested a few things with no luck, but that doesn't mean its hopeless....yet! Apps such as Twitch, Popcornflix, and others can be easily bypassed with Javascript hacks, although I think the Hulu app will need an SPRX or EBOOT patch to finalize the PSN bypass.

    here are a few "suspicious" areas

    - Force NP.status to stay TRUE

    - _onPSNEvent always returns ONLINE status

    - _onPSNEvent always returns the values from NP.GOT_TICKET

    - _onNPTicketVerified always responds with _currentlyFailedTicket = false;


    htvPlatform.js.sdat:
    Lines 484 - 488
    htvPlatform.js.sdat:
    Lines 322 - 275

    htvPlatform.js.sdat
    Lines 385 - 406
    htvInit.js.sdat:
    Lines 59 - 71
    Remove all lines except line 70??
     
    Last edited: Aug 3, 2017
  20. 137
    94
    57
    catalinnc

    catalinnc Member

    Joined:
    Dec 26, 2015
    Messages:
    137
    Likes Received:
    94
    Trophy Points:
    57

    i think the proper job to do is modding the script so it can dump (save) this "NP ticket" and also the "dictionary of options (in xml format)" for closer inspection...
    _
     
    RandQalan likes this.

Share This Page