[Pirate]

Day0 of public release and SKFU already whips out a list of vulnerabilities Home developers are most likely shooting themselves in the foot for.

What do these "vulnerabilities" include? Well besides the ability to delete any file from HOME servers and download any content from Home we please, the biggest hole probably is the ability upload any file to the HOME server, and the ability modify home your liking (i.e PC GAME MODS). SKFU posts in his blog exactly how this could be done:

Originally Posted by http://streetskaterfu.blogspot.com/ HOME public beta just started a few minutes ago, and as a little bonus I write this little vulnarabilitie disclosure of HOME beta 1.3. Don't be THAT surprised, remember the decrypted HOME game files^^. HOME is the most buggy game I ever saw and they really ****ed up so much. Ok, the delays gone about 2 years but after this years of waiting as user I expect a little bit more. "It feels like 2005 tech in 2008. I'm not sure that’s what people want.", I can only agree with this comment of Microsoft. Well, here the disclosure: The first 2 are server structure listenings. Some uninteresting files like the model files are missing, in generall the most interesting files are included. JSP files are NEVER sources, they are the response of the server. They are responded for german area. ---------------------------------------------------------------------------- 1) scee-home.playstation.net server structure (without spaces as they are to big) DOWNLOAD 2) homeps3.online.scee.com (jsp files are no sources, they are responds of the home servers) DOWNLOAD 3) The different Content Bases: For Developers & Alpha = http://homeps3-content.online.scee.com:10010/Alpha/Dev/ For Quality Assurance = http://homeps3-content.online.scee.com:10010/Alpha/QA/ For HOME Beta 0.9 = http://homeps3-content.online.scee.com:10010/Beta/090/ 4) Take a look in the first download package \c.home\prod\live\Screens\ Only one of the XML files is encrypted, which means you can simply customize the HOME areas with your own videos, pictures and text if you use a apache + simple dns redirection. 5) Download any file from the HOME content server you want (Well now we come to the more interesting parts^^) Theres a download script here... (homeps3.online.scee.com/HUBPS3_SVML/home/fileservices/Download.jsp) ...which is meaned to act as downloader for other users profiles, avatars and more. Example: User1 uploads his profile to the home server (see point 6), now User2 sees User1 in HOME; the downloader downloads the profile of User1 to the local HDD space of User2. So far so good. Now theres the possibility to do a realtime packet edit to download ANY file you want. It's up to you what files you think about now, but there are more than just lame user profiles on such servers ;-) To continue: Download.jsp?filename=Profile-UserXYZ This is the structure how it looks like when a user profile is requested, after this the server responds this way: http://pastebin.com/f422ad43e Simply edit the filename to get your specific file 6) The most important vulnarability "upload any file to the HOME server" The methode is nearly the same like in 5. just that you can upload instead of download a file. The structure looks like this: Server request: homeps3.online.scee.com/HUBPS3_SVML/fileservices/UploadFileServlet?fileNameBeginsWith=Avatar-UserXYZ.jpg&filePermission=2&fileTypeID=2&fileDescription=unused Aswell theres the file you want to upload as raw data in the POST header. Just do a live edit again and inject your file. It will be saved in /HUBPS3_SVML/. Please don't upload any r00tshells or similiar ;-) 7) At the end a funny thing "delete any file on the HOME server" homeps3.online.scee.com/HUBPS3_SVML/home/fileservices/Delete.jsp?filename=XYZ This could end really evil with a simple script :P Please remember the last 3 vulnarabilities only work if you do a realtime packet edit. It's not possible to do this from a PC only or with fake packets! ---------------------------------------------------------------------------- So what is the conclusion?: SONY ****ed it really up! First they delay HOME for more than a year, then they delay it a few times again and again till finally we have a HOME beta on a technical standard from 2005 with crappy graphics, a few boring areas and many many many many many many many many bugs. After this whole bull****ting we finally get our beta on 11.12.2008 with another delay of about 5 hours because SONY is unable to test their servers before. Congratz, to SONY for this fantastic product. THANKS! Please remember: Don't do anything stupid with this information which you could repent later. Thanks for you attention, this was my little HOME vulnarabilities disclosure for you, SKFU

UPDATE:
nicksasa has kindly made a easy tutorial to follow on how to change the movies/posters in Home. You can read his tutorial here.

[JordanBlack68]

Looks like a heap of **** to me xD

[er_tato_1991]

awesome, I am using one vulnerabilities, and, in fact, it seem that the ps3 scene is starting

[killerbread]

lol so its the OP fault that i cant connect to HOME? because im gettinf that error and does that mean you can change the videos in HOME becasuse if you can change all the vids to porn lol it would be so funny

[lanhikari3113]

I HAVE THE SOLUTION!!!! using this upload exploit you can upload your own program to the home folder so when you go to play a game in the bowling alley or somewhere where it has to load something with RSX access we could write our own buffer overflow program and then hijack the process and since home has dedicated hd access we could open it up from there we have to act now i just thought of the idea and it should be completely doable. upload exploit to home. use your own rsx buffer overflow program. hijack process. WIN

OR you could just upload a hijacking program or java exploit or just something to make home run when it goes to run a program started from home sorry if im confusing im writing so fast they could be patching this as we speak!



-natas
p.s. my idea if it works (if sony reads this i had nothing to do with it haha) (jk) omg so excited SKFU PLEASE TRY!!!!

[Alycan]

Originally Posted by lanhikari3113 I HAVE THE SOLUTION!!!! using this upload exploit you can upload your own program to the home folder so when you go to play a game in the bowling alley or somewhere where it has to load something with RSX access we could write our own buffer overflow program and then hijack the process and since home has dedicated hd access we could open it up from there we have to act now i just thought of the idea and it should be completely doable. upload exploit to home. use your own rsx buffer overflow program. hijack process. WIN OR you could just upload a hijacking program or java exploit or just something to make home run when it goes to run a program started from home sorry if im confusing im writing so fast they could be patching this as we speak! -natas p.s. my idea if it works (if sony reads this i had nothing to do with it haha) (jk) omg so excited SKFU PLEASE TRY!!!!

If this works... It will have repercussions both way's... First we will have HomeBrew and mighty fine games, but after merely 2 years the scene will die like the PSP is already. Everything goes for me but don't never ever kill the PS3 by making an ISO loader....

[Tcraw77813]

This is awesome! Nice job SKFU. Keep up the good work.

[snakeman]

Congrats SKFU for finding these vulnerabilities. Keep up the great work. CHEERS!!

[marcosilver2000]

You are a genius

[ajpowerranger]

Originally Posted by lanhikari3113 I HAVE THE SOLUTION!!!! using this upload exploit you can upload your own program to the home folder so when you go to play a game in the bowling alley or somewhere where it has to load something with RSX access we could write our own buffer overflow program and then hijack the process and since home has dedicated hd access we could open it up from there we have to act now i just thought of the idea and it should be completely doable. upload exploit to home. use your own rsx buffer overflow program. hijack process. WIN OR you could just upload a hijacking program or java exploit or just something to make home run when it goes to run a program started from home sorry if im confusing im writing so fast they could be patching this as we speak! -natas p.s. my idea if it works (if sony reads this i had nothing to do with it haha) (jk) omg so excited SKFU PLEASE TRY!!!!

Is anyone able to test this theory? changing all the arcade machines to a snes emulator would be the best thing ever!

Please someone who knows what they are doing try this!