![[Main Page]](http://www.eurasia.nu/images/svico_t.gif)
PS3 Network DNS Spoofing Exploit 1.70 - 1.81 Tutorial (Win32)
by Waisted(aka placasoft) @ http://waisted-ps3.blogspot.com/
Hey guys,
here we have a tutorial for my newest PS3 exploit. What do you need? :
* PS3 with 1.7 - 1.81 * Warhawk beta PKG file * Apache Server (http://www.apache.de/) * Simple DNS Plus (http://www.simpledns.com/)
1st. Installing Apache Server :
Install your Apache Server on Windows, after that go into your Apache Install folder, you will find a Folder called "htdocs". Go in there, and make some new Folder so it looks like this :
"\htdocs\medius-patch\warhawk-pubeta\warhawk\20070608_r012\"
If you finished that, go back to the "htdocs" folder and create more new Folder so it looks like this :
"\htdocs\download\ps3\eu\fah\"
2.Setting up Files
We now have to copy all files we need. Go to the "20070608_r012" folder and download following files into it :
* http://download-prod.online.scea.com/medius-patch/warhawk-pubeta/
warhawk/20070608_r012/NPUA80093.cfg
* http://download-prod.online.scea.com/medius-patch/warhawk-pubeta/
warhawk/20070608_r012/NPUA80093_113_PARAM.sfo
* http://download-prod.online.scea.com/medius-patch/warhawk-pubeta/
warhawk/20070608_r012/NPUA80093_113_release.self
Next step is to copy the warhawk.pkg in to the "fah" folder and rename it to : fah.pkg.
3. Getting the DNS Server work
Download and install the Simple DNS Plus. When you are finished start it, and make a right mouse click on the icon and go to "EDIT DNS RECORDS". Now you have to press "Quick Domain Wizard" Enter following data :
Domain Name : deu01.ps3.download.playstation.net (which is the server where the ps3 gets FAH) Web ServerIP/Mail server IP/FTP serverIP/IPaddress : The IP of your apache server!
Now go once again on "Quick Domain Wizard" and enter this : Domain Name : download-prod.online.scea.com (which is the server where the ps3 gets the Warhawk Update) Web ServerIP/Mail server IP/FTP serverIP/IPaddress : The IP of your apache server!
4. Setting up the PS3 and installing Warhawk Got to your PS3, and edit the Networksettings to you IP (DNS - Server). Now we need to Install Warhawk, for this you have to delete FAH (if you have installed it) and download it again! This time it will install Warhawk Beta on your PS3. If its finished start Warhawk.
5.Change Files to Update Go to the Warhawk update folder, and open "NPUA80093.cfg", this is the file in which Warhawk takes a look if there is anything new. The original one contains this :
1.13 NPUA80093_113_release.self warhawkapp.self 8019192 1.13 NPUA80093_113_PARAM.sfo PARAM.SFO 1128 1.00 data00p.psarc data00p.psarc 3043387
Version Number / name of the File on the server / name of the file on PS3 / size (bytes)
The last row is not allowed to edit, because if you do, the Update will fail! But you can change the first 2 rows. E.g. if you want to swap the .png just put this into your .cfg :
1.13 NPUA80093_113_PIC0.png PIC0.PNG 4676 1.13 NPUA80093_113_PIC1.png PIC1.PNG 3031316 1.00 data00p.psarc data00p.psarc 3043387
Now press ONLINE in warhawk, if all works right, he will see a new update and will download your files into the PS3 HDD. It is important that you just have 3 lines in the .cfg! Also the files you want to replace in the ps3 have to exist!
Now have fun with this little exploit and check back for more news!
cYa Waisted(aka placasoft)
PS3 Network DNS Spoofing Exploit 1.70 - 1.81 Tutorial (linux)
by ps3news.com
This Network Hole allows users to copy your own files to the PS3 HDD. Currently the issue is that the .SELF on the HDD is run off the EBOOT.BIN, and the .SELF is an NPDRM encrypted .SELF, so you can't just replace it with our own... however, it will help PS3Devs to examine what makes a .SELF work (aside from what is already known- SHA1 hashes, packed and encrypted, etc).
Linux Method Requirements:
* v1.70-v1.81 PS3 Firmware * Warhawk Package * Folding@Home DNS Method * HTTP server * Ettercap
Using 1.70+ PS3 Firmware, use the Folding@Home DNS Method to install the Warhawk package.
Upon completion, set up a HTTP server, as well as DNS (or say, Apache and Ettercap, as shown)
In your etter.dns, add: download-prod.online.scea.com A ApacheIPAddress
Save that file.
In your Apache HTDOCS, create the directories: medius-patch/warhawk-pubeta/warhawk/20070608_r012
So your full directory looks like: /var/www/html/medius-patch/warhawk-pubeta/warhawk/20070608_r012
Inside the 20070608_r012, do a:
wget http://download-prod.online.scea.com/medius-patch/warhawk-pubeta/warhawk/20070608_r012/NPUA80093.cfg
So, you get with three resulting files as follows: a .SELF, a .CFG, and an .SFO file.
Your .CFG file is: Code:
1.13 NPUA80093_113_release.self warhawkapp.self 8019192 1.13 NPUA80093_113_PARAM.sfo PARAM.SFO 1128 1.00 data00p.psarc data00p.psarc 3043387
In the above example, each column is as follows:
1.13, 1.13, and 1.00 are the Firmware update version.
NPUA80093_113_release.self, NPUA80093_113_PARAM.sfo, and data00p.psarc are the file names on the Web server.
warhawkapp.self, PARAM.SFO, and data00p.psarc are the file names on the PS3 HDD.
8019192, 1128, and 3043387 are the file sizes in bytes.
NOTE: This file can not be longer than 3 lines! If anything is wrong, it will fail and an error message will come up stating that the update didn't work, and then you will be prompted to redo it if you wish.
The 1.00 data00p.psarc line is REQUIRED, you can swap out the .SFO and .SELF, for other files (to change images etc, as we shown).
Finally, bring up your HTTP server, and turn on your PS3, then in a terminal run (on your Linux PC):
ettercap -T -Q -M arp -i eth0 -P dns_spoof
Once your HTTP server is up (with the files inside, that you changed), and DNS redirects are on (using your preferred method), run Warhawk, hit update, it will download the CFG from your PC, and update the files listed. This may work for other PS3 titles as well, but they have not been tested at this time.