Inspirated

 
 

February 14, 2011

HOWTO: Access PSN on PS3 3.55 firmwares through Fedora

Filed under: Blog — krkhan @ 3:17 am

After a day of extensive Wireshark voyeurism I was finally able to connect to PSN on my 3.55 custom firmware through my Fedora box. This guide documents the procedure I used.

Requirements

The PC side of things:

  • Fedora 14. Any other Linux distro or even Windows machines can work, but since my primary OS is Fedora that’s what the guide shall be focusing on.
  • Internet connectivity on a separate interface than the one you’ll be connecting PS3 on. For example, my laptop connects through internet wirelessly while the PS3 is connecting to laptop through Ethernet.

The console side of things:

  • A custom firmware installed without level 2 patch. kmeaw is recommended.

Basic familiarity with Linux can be helpful. Please note that the guide requires you to mess with the flash memory of your PS3. If you aren’t paying attention you can end up with a FUBAR clinker.

Setting up the firewall

On Fedora, go to “Administration” > “Firewall” and provide the root password. In “Trusted Services”, enable the following:

DNS 53/tcp, 53/udp
DNS 53/tcp, 53/udp
Multicast DNS (mDNS) 5353/udp
Secure WWW (HTTPS) 443/tcp
WWW (HTTP) 80/tcp

In “Other Ports”, click on “Add” and select port 8888 for tcp.

Setting up a shared connection between Fedora and PS3

On Fedora:

  1. Connect to your wireless network.
  2. Right click on the Network Manager icon in the system tray and click on “Edit Connections”.
  3. Under the “Wired” tab, click on “Add”.
  4. Under the “IPv4 Settings” tab, select “Shared to other computers” as the method.
  5. Ensure that the “Connect automatically” box is checked.
  6. Click on apply.

On PS3:

  1. Under XMB, go to “Settings” > “Network Settings” > “Internet Connection Settings”.
  2. Select “Custom”.
  3. Select “Wired Connection”.
  4. Select “Auto-Detect for operation mode.
  5. Select “Automatic” for IP Address Setting.
  6. Select “Do Not Set” for DHCP host name.
  7. Select “Automatic” for DNS Setting.
  8. Select “Automatic” for MTU.
  9. Select “Do Not Use” for Proxy Server.
  10. Select “Enable” for UPnP.
  11. Connect the Ethernet cable and test the connection.

At this point, you should get the following result:

Obtain IP Address: Succeeded
Internet Connection: Succeeded
(A system software update is required. Go to [Settings] > [System Update] and perform the update.

To verify everything is working correctly, go to “System” > “Network Settings” >”Settings and Connection Status List”. You should see the following:

IP Address: 10.42.43.10
Subnet Mask: 255.255.255.0
Default Router: 10.42.43.1

Similarly, if you right click on the Network Manager icon in Fedora and click on “Connection Information”, you’ll see the following information for the shared connection:

IP Address: 10.42.43.1
Broadcast Address: 10.42.43.255
Subnet Mask: 255.255.255.0

As one last step for verification launch the Internet Browser on PS3 and see if it works.

Installing the proxy server

  1. Login as root.
    $ su -
  2. Download Charles for Linux.
    $ wget http://www.charlesproxy.com/assets//release/3.5.2/charles.tar.gz
  3. Extract the tarball:
    $ tar xvzf charles.tar.gz
  4. Change into the binary directory for Charles and add execute permissions to the launcher script:
    $ cd charles/bin/
    $ chmod a+x charles.sh
  5. Launch Charles:
    $ ./charles.sh
  6. Cancel the Firefox proxy configuration dialog. It isn’t needed for PS3.
  7. Go to “Tools” > “Proxy Settings” and ensure the HTTP Proxy is listening on port 8888.

On PS3:

  1. Launch “Settings” > “Network Settings” > “Internet Connection Settings” again.
  2. Use the same settings as before but under “Proxy Server” specify 10.42.43.1 as the address and 8888 as the port number.
  3. Test the connection. Charles should display a prompt about PS3 accessing the Internet, select “Allow”.

Just like before, ensure you can use the Internet Browse on PS3.

Finding the addresses of authorization and update servers

Restart your PS3 and try to sign in on PSN. Under the “Structure” tab in Charles you’ll see a server your console has communicated with during the process. For example, the “authentication” server is https://auth.np.ac.playstation.net:443/. In the list you’ll find the “update” server for your console (which differs from region to region). In my case, the update server was http://feu01.ps3.update.playstation.net/. Fire a console and find the IP addresses for both of these servers:

$ dig auth.np.ac.playstation.net

; <<>> DiG 9.7.2-P3-RedHat-9.7.2-5.P3.fc14 <<>> auth.np.ac.playstation.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8848
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;auth.np.ac.playstation.net. IN A

;; ANSWER SECTION:
auth.np.ac.playstation.net. 2893 IN A 199.108.4.73

;; Query time: 46 msec
;; SERVER: 203.82.48.3#53(203.82.48.3)
;; WHEN: Mon Feb 14 00:45:40 2011
;; MSG SIZE rcvd: 60

$ dig feu01.ps3.update.playstation.net

; <<>> DiG 9.7.2-P3-RedHat-9.7.2-5.P3.fc14 <<>> feu01.ps3.update.playstation.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16539
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;feu01.ps3.update.playstation.net. IN A

;; ANSWER SECTION:
feu01.ps3.update.playstation.net. 3600 IN CNAME a01.cdn.update.playstation.org.edgesuite.net.
a01.cdn.update.playstation.org.edgesuite.net. 54582 IN CNAME playstation.sony.akadns.net.
playstation.sony.akadns.net. 300 IN CNAME a192.d.akamai.net.
a192.d.akamai.net. 20 IN A 195.95.193.10
a192.d.akamai.net. 20 IN A 195.95.193.100

;; Query time: 952 msec
;; SERVER: 203.82.48.4#53(203.82.48.4)
;; WHEN: Mon Feb 14 00:49:07 2011
;; MSG SIZE rcvd: 203

Jot down the server names and their IP addresses:

auth.np.ac.playstation.net 199.108.4.73
feu01.ps3.update.playstation.net 195.95.193.10
195.95.193.10

Configuring the proxy server

In Charles:

  1. Goto “Proxy” > “Reverse Proxies” and add two entries like this:

    Charles Reverse Proxies Screenshot
    (Click on the thumbnail for larger version.)

  2. Download a spoofed ps3-updatelist.txt.
  3. Goto “Tools” > “Map Local” and add the following entry (“Local Path” should point to the ps3-updatelist.txt you downloaded in the previous step):

    Charles Map Local Add Dialog Screenshot
    Charles Map Local Screenshot
    (Click on the thumbnails for larger version.)

  4. Goto “Tools” > “Rewrite”, check “Enable Rewrite” and add a new set.
  5. Use the following settings for location:

    Charles Rewrite Add Location Screenshot

  6. And the following for rules:

    Charles Rewrite Add Rule Screenshot
    (Click on the thumbnail for larger version.)

  7. The rewrite settings should now look like this:

    Charles Rewrite Screenshot
    (Click on the thumbnail for larger version.)

  8. Go to “Proxy” > “Proxy Settings” > “SSL” and add the entry auth.np.ac.playstation.net in locations table.

Rebuilding Network Manager to mask PSN IPs

This can be a PITA for Linux newbies. Network Manager uses dnsmasq but hardcodes the configuration. Leaving us without any way of affecting the shared connection’s behavior without recompiling the RPM. If people are really having trouble with this part I’ll upload the patched RPMs.

  1. Login as root:
    $ su -
  2. Install build dependencies for Network Manager:
    $ yum-builddep NetworkManager
  3. Download and install the source RPM for NetworkManager:
    $ yumdownloader --source NetworkManager
  4. Install the source RPM:
    $ rpm -ivh NetworkManager-0.8.1-10.git20100831.fc14.src.rpm

    This will create a rpmbuild directory under the home directory for root.

  5. Go to the SOURCES directory and download the patches:
    $ cd ~/rpmbuild/SOURCES/
    $ wget https://inspirated.com/uploads/nm-applet-remove-dialog-sep.patch
    $ wget https://inspirated.com/uploads/nm-psn-access.patch

    The first patch is a minor bugfix which causes compile errors. The second patche spoofs the authentication server’s IP address to 10.42.43.1 instead of 199.108.4.73. If you got a different IP address for auth.np.ac.playstation.net earlier with the dig command edit the second patch accordingly.

  6. Download and build the spec file:
    $ cd ~/rpmbuild/SPECS/
    $ wget https://inspirated.com/uploads/NetworkManager.spec
    $ rpmbuild -ba NetworkManager.spec

    If everything goes fine, the built RPMs shall appear in ~/rpmbuild/RPMS/<arch> directory.

  7. Install the RPM:
    $ cd ~/rpmbuild/RPMS/x86_64/
    $ rpm -Uvh --force NetworkManager-0.8.1-10.git20100831.fc14.x86_64.rpm
  8. Restart Network Manager:
    $ service NetworkManager restart

Installing the spoofed certificate on PS3

The spoofed certificate Charles uses to intercept SSL traffic is in the docs directory of the tarball (charles-proxy-ssl-proxying-certificate.crt). Rename it to CA02.cer, put it on a USB stick and then head over to your console.

  1. Install the AsbestOS installer and Comgenie’s Awesome Filemanager.
  2. Restart your PS3, launch the AsbestOS installer.
  3. The installer shall quit with an error about lack of level 2 access, press X to exit to XMB.
  4. Launch Comgenie’s Awesome Filemanager. You’ll see a new device called /dev_rwflash which is providing read/write support to PS3’s internal flash.
  5. Move to /dev_flash/data/cert, backup CA02.cer on your USB drive and replace it with the Charles certificate.
  6. Restart your PS3.

Gluing it all together

So far:

  • Fedora is sharing the Internet connection with PS3.
  • PS3 is using Charles as the proxy server.
  • Charles is all set to replace ps3-updatelist.txt as well as rewrite authentication headers.
  • NetworkManager is patched to mask the authentication server’s IP address to 10.42.43.1.
  • The CA02.cer certificate on PS3’s flash has been replaced by Charles’ spoofed certificate.

Try signing in to PSN now. You should see ps3-updatelist.txt file being mapped to the local version and 03.55 being replaced with 03.56 in the auth.np.ac.playstation.net header. If everything goes according to plan, this will be the result:

PSN SSL Trick Screenshot
(Click on the thumbnail for larger version.)

Tags: , , , , , , , , , , ,

March 1, 2009

Top Five Improved Open-Source Projects

Filed under: Blog — krkhan @ 3:55 pm

“Evolution is God’s way of issuing upgrades.”

It’s a wonderful age to live in as an open-source enthusiast. The warm feeling is especially accentuated in one’s mind after recalling countless hours of hair-pulling trying to make that goddamned VGA monitor work with Red Hat Linux 6. Software for GNU/Linux has improved at an exponential rate. There are still plenty which lack the user-friendliness and all, but technologically the overall rate of improvement has been nothing short of astounding.

Ask any newcomer to the GNU/Linux world about their favorite open-source projects, and there’s a strong likelihood that the answer will be one of the “prominent big-guns”; the likes of Compiz Fusion, Firefox, KDE or Gnome. Ask any veteran the same question and you’re much more likely to get a diverse stock of answers ranging from Vim to Anjuta or probably even some obscure Window Manager like Fluxbox. The opinion about the most “improved” projects would thus be highly polarizing. Still and all, there are few projects which have eased my life substantially with their progress. To compliment the ones that have almost made me kiss virtual bits of code at one point or other, I’ve decided to choose the top five:

  1. recordMyDesktop
    The Dark Ages: Recording a video of an X session was nothing less than a nightmare. With sound, all the more so. The popular method was to run a VNC server and then use a tool such as vnc2swf to capture the footage.
    The Messiah: Once you install recordMyDesktop and one of its GUI frontends, recording becomes as easy as launching it and selecting “Record”. Really, you don’t have to use multiple software now for doing something as simple as that.

  2. NetworkManager
    The Dark Ages: You went to your workplace, geared up your Linux distribution and tried get some connectivity and to your utter horror, the Wireless network used WPA encryption for passphrase. wpa_supplicant was the command-line utility you could’ve used for connecting to such networks after hours of tinkering around, but it sadly wouldn’t have prevented you from getting fired because the execs weren’t that much amicable with open-source evangelism in the first place.
    The Messiah: Red Hat, for all the criticisms it receives for RHEL, is still the caring patron figure for desperate Linux users crying out for help. Hence, it’s no co-incidence that this project as well as next two on the list were initiated by the same company. NetworkManager makes mobile connectivity as peachy as it could’ve been. You spend a few days with NM on your notebook and it starts choosing the best network for you wherever you go, that too with least possible intrusion in your workflow.

  3. SELinux Troubleshooter
    The Dark Ages: In this particular case, the dark ages don’t belong to that much a distant past since the cause of all the mess was also a recent innovation. Security Enhanced Linux, while obstinately preached by Red Hat and enabled by default on its shipped operating systems, was unanimously loathed by all system administrators who had at one point or other given up their hopes and had disabled it completely on their networks. The error messages it churned out on regular bases were not only cryptic, but also critically hampered regular everyday usage of their host operating systems.
    The Messiah: With improved default policies, the situation was somewhat resolved for general user. Nevertheless, irregularities still kept popping up occasionally and hence came SELinux Troubleshooter to the rescue. For every cryptic denial that SELinux now pops up, the Troubleshooter will analyze it and even suggest workarounds for them so that you don’t have to manually mess with policy modules every time something perfectly legitimate starts getting labeled as “unauthorized” access.

  4. PulseAudio
    The Dark Ages: The music player was playing a song and you tried having a voice-call or playing another video = epic fail. The audio device was usable by only one application at a time. In fact, sound was the Achilles’ heel for default setups of pretty much every Linux distribution that existed.
    The Messiah: Playing a soundtrack in one application with volume tuned to max and having a video run in another with volume at half is no longer a fantasy. And no, ESD doesn’t even come close to PulseAudio in “seamless” multiplexing of such sounds. If you want more, Pulse can combine multiple soundcards into one and also — hold your breath — redirect audio streams to different hardware on the fly.

  5. TrueCrypt
    The Dark Ages: Disk encryption had been an ultra-geek thing for quite a while, especially on Linux. Software that provided such features needed to have modules compiled manually and loaded into the running kernel which opened up a whole plethora of compatibility issues which almost always made newcomers decide against the whole idea per se.
    The Messiah: God bless the developer who had the idea of using FUSE in TrueCrypt for mounting encrypted containers. As a consequence, once a user has installed TrueCrypt, the whole thing doesn’t need to be recompiled again from time to time with updated kernels. Also, thanks to wxWidgets, the GUI has drastically improved too; making it easier for even Linux newbies to utilize disk encryption.

Fortunately, unlike commercial operating systems, GNU/Linux users don’t have to wait for decades before seeing actual new “innovations” in action. Who knows, maybe next year we’ll have LOLPython topping my list. Anything’s probable.

Tags: , , , , , , , , , , ,