OpenWrt Forum Archive

Topic: Use PSN with older firmware on Playstation 3

The content of this topic has been archived on 27 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

For anybody with a jailbroken PS3 you might have heard about the DNS man-in-the-middle method of preventing forced upgrades. All you need to do is change your PS3's DNS server to an external one, but relying on somebody else's service in this case is both unreliable and insecure. Here's how you do it yourself with OpenWrt!

First, you need to make dnsmasq resolve Sony's update servers DNS names to your own router's IP instead. Modify/add these names to your router's IP address in /etc/hosts:

192.168.1.1 router openwrt fus01.ps3.update.playstation.net fjp01.ps3.update.playstation.net feu01.ps3.update.playstation.net fkr01.ps3.update.playstation.net fuk01.ps3.update.playstation.net fmx01.ps3.update.playstation.net fau01.ps3.update.playstation.net fsa01.ps3.update.playstation.net ftw01.ps3.update.playstation.net fru01.ps3.update.playstation.net fcn01.ps3.update.playstation.net

Next, create the directory /www/update/ps3/list, and create the file ps3-updatelist.txt with the following content:

# EU
Dest=85;CompatibleSystemSoftwareVersion=1.0000-;
Dest=85;ImageVersion=0000b99c;SystemSoftwareVersion=3.5500;CDN=http://deu01.ps3.update.playstation.net/update/ps3/image/eu/2010_1207_ca595ad9f3af8f1491d9c9b6921a8c61/PS3UPDAT.PUP;CDN_Timeout=30;

# US
Dest=84;CompatibleSystemSoftwareVersion=1.0000-;
Dest=84;ImageVersion=0000b99c;SystemSoftwareVersion=3.5500;CDN=http://dus01.ps3.update.playstation.net/update/ps3/image/us/2010_1207_ca595ad9f3af8f1491d9c9b6921a8c61/PS3UPDAT.PUP;CDN_Timeout=30;

Now make the following symlinks:

root@OpenWrt # ln -s /www/update/ps3/list /www/update/ps3/list/eu
root@OpenWrt # ln -s /www/update/ps3/list /www/update/ps3/list/us

And you're done!

Next time you launch a game, your PS3 will check http://fus01.ps3.update.playstation.net … telist.txt (if you're in the US) and make sure you are at least on "CompatibleSystemSoftwareVersion". Since that DNS name points to OpenWrt, and our webserver has a modified ps3-updatelist.txt, you won't need to update because we only require version 1.0000 smile "ImageVersion" is the version it will try to fetch if you use system update. I've modified that to use 3.55 which is the latest jailbreakable firmware at the moment.

Sounds like you put the file in the wrong place. Do you have a /www/update/ps3/list/ps3-updatelist.txt? If you did, the URL you tried should work.

Ok, i resolved it.
You may add that the update folder must be chmod 755 big_smile

Thanks!

thanks, was always too lazy to do it myself big_smile

(Last edited by redcow on 7 Feb 2011, 23:54)

@coatto87

Well, that's kinda stating the obvious isn't it? smile

Does this work right now?


Sony Blocks DNS Trick and proxy.

It should be update with the new ssl cert method big_smile

This still works, but you also need a reverse proxy that rewrites the header when contacting Sony's auth server. For now you can do it on your computer with Charles proxy.

does anybody know a ssl MITM proxy which does not need java? unfortunately mitm-proxy is also java based, not a good idea to run on our routers.

arokh wrote:

I think pound can do the job: http://www.apsis.ch/pound/

Optionally varnish.

pound seems to be perfect for the matter, thanks, and as coincidence someone posted a patch for openwrt https://dev.openwrt.org/ticket/8855.

Using nginx as Reverse Proxy and modifying the header with "proxy_set_header" may also be possible.

(Last edited by redcow on 15 Feb 2011, 11:46)

Let me know if you have any success.

Yeah, go go redcow wink

arokh wrote:

I've made pound, nginx and threaded libopenssl packages available at http://enduser.subsignal.org/~trondah/packages/

thanks saved me a lot of time, unfortunately my laptop including my developing environment died hmm.

I have played around with nginx as transparent ssl proxy, the basic configuration works however I have still a configuration problem redirecting traffic to webserver using virtual hosts(so nearly all of them, including the psn one, except google), and nginx takes up all the ram until the process gets killed, have to check if that happens only with openwrt.

In case somebody needs it I will post later the latest stable version of nginx: nginx_0.8.54-4_ar71xx.ipk

(Last edited by redcow on 15 Feb 2011, 18:34)

I fixed the problem, I had to use the ip address insteat of the hostname because ssl does not support vhosts, didnt know that smile

Eventhough it "works" there seem to be a problem with modifying the "X-Platform-Version" header. I'm doing that with nginx, but should be nearly the same for all webservers.

my nginx config: probably something with the proxy_set_header is wrong.

# HTTPS server

    server {
        listen       443;
        server_name   auth.np.ac.playstation.net www.auth.np.ac.playstation.net;
        ssl                  on;
        ssl_certificate      server.crt;
        ssl_certificate_key  server.key;

        ssl_session_timeout  5m;

        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers   on;

        location / {
                proxy_pass https://199.108.4.73;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                #proxy_set_header X-Platform-Version "";
                proxy_set_header X-Platform-Version "PS3 03.56";
                proxy_redirect     off;

        }

In the meantime here is the ruby script from drizzt which does the entire work, however the ruby packages seem to be broken, gives me always an error for missing "thread" module.

http://pastebin.com/CeZ01Yeb

[edit]
pound does not work for me, I was using this minimalistic config

User            "nobody"
Group           "nogroup"

LogLevel 2

ListenHTTPS
        Address 192.168.1.1
        Port 443
        Cert "/etc/nginx/host.pem"
        AddHeader "X-Forwarded-Proto: https"
        HeadRemove "X-Forwarded-Proto"
        Service
                BackEnd
                        Address 127.0.0.1
                        Port 80
                End
        End
End

via webbrowser:

The service is not available. Please try again later.

and from syslog

Feb 15 23:18:52 pound: (803) backend 127.0.0.1:80 connect: Success
Feb 15 23:18:52 pound: (803) BackEnd 127.0.0.1:80 dead (killed)
Feb 15 23:18:52 pound: (803) e503 no back-end "GET / HTTP/1.1" from 192.168.1.6
Feb 15 23:18:57 pound: (402) connect_nb: connect failed: Success

Ofcourse I tried to set as Address the psn or google ip but didnt change anything.

(Last edited by redcow on 15 Feb 2011, 23:23)

Uhm, in pound you point backend to 127.0.0.1. It should be 199.108.4.73. And of course, the CA used to generate the certificate must be installed on the ps3. I'll play with this as soon as I have some time. fuckPsn works and is a lot more elegant, but the packages required are too big to fit on the firmware.

arokh wrote:

Uhm, in pound you point backend to 127.0.0.1. It should be 199.108.4.73. And of course, the CA used to generate the certificate must be installed on the ps3. I'll play with this as soon as I have some time. fuckPsn works and is a lot more elegant, but the packages required are too big to fit on the firmware.

the local ip address was only to test if it actually works, of course Ive replaced it with the correct ip but doesn't work, and yeah I have replaced the CA certificate on the ps3 otherwise fuckpsn wouldn't work but it does. But I would prefer a solution based on pound/nginx as it is much more lightweight. Maybe I should run nginx/pound on a linux box and run wireshark in order to see what is wrong.

(Last edited by redcow on 16 Feb 2011, 10:08)

ListenHTTPS
    Address 192.168.1.1
    Port    443
    Cert    "/mnt/sda1/openwrt/etc/pound.pem"
    HeadRemove "X-Platform-Version: PS3 03.55"
    AddHeader "X-Platform-Version: PS3 03.56"

    Service
        BackEnd
            Address    199.108.4.73
            Port    443
        End
    End
End

My pound config, didn't work:

Feb 16 10:00:31 OpenWrt daemon.warn pound: (c04) connect_nb: connect failed: Success
Feb 16 10:00:31 OpenWrt daemon.warn pound: (c04) backend 199.108.4.73:443 connect: Success
Feb 16 10:00:31 OpenWrt daemon.notice pound: (c04) BackEnd 199.108.4.73:443 dead (killed)
Feb 16 10:00:31 OpenWrt daemon.notice pound: (c04) e503 no back-end "POST /nav/auth HTTP/1.0" from 192.168.1.6
Feb 16 10:00:38 OpenWrt daemon.warn pound: (402) connect_nb: connect failed: Success
Feb 16 10:01:08 OpenWrt daemon.warn pound: (402) connect_nb: connect failed: Success
Feb 16 10:01:38 OpenWrt daemon.warn pound: (402) connect_nb: connect failed: Success
Feb 16 10:02:08 OpenWrt daemon.warn pound: (402) connect_nb: connect failed: Success
Feb 16 10:02:38 OpenWrt daemon.warn pound: (402) connect_nb: connect failed: Success

I'll try nginx after work. Wireshark is definitely an idea, I think it's speaking with the backend fine, but something clearly doesn't work. You can use tcpdump on the router then load pcap into wireshark btw.

(Last edited by arokh on 16 Feb 2011, 12:57)

It works! smile

After f*** around with wireshark and fuckpsn.rb not understanding whats wrong I finally figured out, my nginx configuration is perfectly correct the "ps3-updatelist.txt" is "wrong" I took the one from fuckpsn.rb made a symlink from ps3-updatelist.txt to "uk" and voila it works.

in short

nginx configuration:

    # HTTPS server

    server {
        listen       443;
        server_name   auth.np.ac.playstation.net www.auth.np.ac.playstation.net;
        ssl                  on;
        ssl_certificate      server.crt;
        ssl_certificate_key  server.key;

        ssl_session_timeout  5m;

        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers   on;

        location / {
                proxy_pass https://199.108.4.73;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Platform-Version "PS3 03.56";
                proxy_redirect     off;
        }

Follow the first post in this thread, use this ps3-updatelist.txt:

Dest=83;CompatibleSystemSoftwareVersion=3.2100-;
Dest=83;ImageVersion=00000000;SystemSoftwareVersion=3.2100;CDN=http://lolz.com;CDN_Timeout=30;

Dest=84;CompatibleSystemSoftwareVersion=3.2100-;
Dest=84;ImageVersion=00000000;SystemSoftwareVersion=3.2100;CDN=http://lolz.com;CDN_Timeout=30;

Dest=85;CompatibleSystemSoftwareVersion=3.2100-;
Dest=85;ImageVersion=00000000;SystemSoftwareVersion=3.2100;CDN=http://lolz.com;CDN_Timeout=30;

Dest=86;CompatibleSystemSoftwareVersion=3.2100-;
Dest=86;ImageVersion=00000000;SystemSoftwareVersion=3.2100;CDN=http://lolz.com;CDN_Timeout=30;

Dest=87;CompatibleSystemSoftwareVersion=3.2100-;
Dest=87;ImageVersion=00000000;SystemSoftwareVersion=3.2100;CDN=http://lolz.com;CDN_Timeout=30;

Dest=88;CompatibleSystemSoftwareVersion=3.2100-;
Dest=88;ImageVersion=00000000;SystemSoftwareVersion=3.2100;CDN=http://lolz.com;CDN_Timeout=30;

Dest=89;CompatibleSystemSoftwareVersion=3.2100-;
Dest=89;ImageVersion=00000000;SystemSoftwareVersion=3.2100;CDN=http://lolz.com;CDN_Timeout=30;

Dest=8A;CompatibleSystemSoftwareVersion=3.2100-;
Dest=8A;ImageVersion=00000000;SystemSoftwareVersion=3.2100;CDN=http://lolz.com;CDN_Timeout=30;

Dest=8B;CompatibleSystemSoftwareVersion=3.2100-;
Dest=8B;ImageVersion=00000000;SystemSoftwareVersion=3.2100;CDN=http://lolz.com;CDN_Timeout=30;

Dest=8C;CompatibleSystemSoftwareVersion=3.2100-;
Dest=8C;ImageVersion=00000000;SystemSoftwareVersion=3.2100;CDN=http://lolz.com;CDN_Timeout=30;

Dest=8D;CompatibleSystemSoftwareVersion=3.2100-;
Dest=8D;ImageVersion=00000000;SystemSoftwareVersion=3.2100;CDN=http://lolz.com;CDN_Timeout=30;

and add a further symlink with "ln -s /www/update/ps3/list /www/update/ps3/list/uk", there you go smile

If you already use port 443, you can run nginx on whatever port you want and redirect it with iptables

iptables -t nat -A prerouting_lan -p tcp -s YOUR_PS3IP --dport 443 -j DNAT --to ROUTERIP:NGINX_SSL_PORT

(Last edited by redcow on 17 Feb 2011, 09:52)

Yeah got it working as well, too bad Sony has started banning sad

arokh wrote:

Yeah got it working as well, too bad Sony has started banning sad

yeah pretty annoying hmm out of curiosity were you able to get it working with pound?

No, just nginx I have no idea why pound didn't work.

Ehehe, i upgraded to 3.56 sad

The discussion might have continued from here.