Well, that was fast. A poster by the name of StreetskaterFU has outlined what he claims is a method of hacking into
PlayStation Home's servers for download, uploading and deleting files. We're not able to verify his directions, but if true it would be a potentially calamitous oversight on Sony's part. Additionally, a PS3hax forum poster claims to have used StreeskaterFU's method and changed the movie posters and trailers (looks like it only affects what he sees locally; video embedded after the break). We haven't seen any signs of hacker malfeasance during our time with Home, but let us know if your virtual moviegoing experience has been drastically altered.
Read - HOME vulnerabilities disclosure
Read - How to mod Home with your own posters and movies
posted Dec 14th 2008 at 7:49PM
Reader Comments (Page 1 of 2)
hexoDAT64 @ Dec 14th 2008 7:54PM
I'm sorry but with that crappy video quality I don't really see much of anything. What did they change?
who? @ Dec 14th 2008 8:28PM
LOL
yoyodude64 @ Dec 14th 2008 8:31PM
he wrote LOL under all the posters. not a big change
Mobius_1 @ Dec 14th 2008 8:33PM
Them big "Home" posters say "lol" which is way too 1337 for any grownup to understand and way too humourous for a corporation to put on its products. I think it also has the hacker's (sorry, haXXor's) sig at the bottom, something ineligible due to poor video quality...
BTW, don't tell Engadget how to do it, I don't want my Home to become an Apple store.
hexoDAT64 @ Dec 14th 2008 9:05PM
I see it now. Before they had the video where they made all the posters the same.
maveric101 @ Dec 14th 2008 11:48PM
ineligible? i do think you meant illegible.
SITEiNK @ Dec 15th 2008 1:40AM
i'm not sure, i cant even get passed the "hit x to continue" screen. it just stays locked up on that screen.
Harry @ Dec 15th 2008 12:50PM
Hey Siteink, that sounds like the same problem I had until I realized Home only works with whatever is on controller slot #1. I had Rock Band dongles plugged in so those were being assigned to #1 and the Sixaxis was not working with Home. Reassigned it to controller #1 and it worked fine.
Erik @ Dec 14th 2008 7:57PM
1 million dollar bounty on Mr. Blurry Cam.
GO! GO! GO!
a ham sandwich @ Dec 14th 2008 8:40PM
if only it was that easy to get rid of mr. blurrycam for good....
jack @ Dec 14th 2008 10:21PM
im not even going to bother trying this out.
Magallanes @ Dec 15th 2008 9:00AM
Oh noes, another close encounters of the ‘blurred’ kind.
Paulmichael @ Dec 14th 2008 7:58PM
The modding Home one looks like it's only a local hack, in which case I'd rather just watch videos from the XMB. As for the vulnerabilities... idk what to make of it yet.
obo @ Dec 14th 2008 8:07PM
Malware, PS3 viruses, profile/ID theft, key/input loggers, Home as homebrew gateway, or just plain deleting necessary files from Sony's servers... this is like running a Web server that lets anyone administrate it.
makkura @ Dec 15th 2008 10:48AM
Even as a local only hack that could be used to effectively help ignore all the in game advertisements and attempts to sell products on Home.
If Sony couldn't catch it, I'd use something like that to block out Ads quite happily.
Sk8rman @ Dec 14th 2008 8:00PM
OH NOES!!!! THEY IS HAXORING MY HOME
-sony lolcat
skyblaze @ Dec 14th 2008 8:01PM
who loves me?
Jake Pollack @ Dec 14th 2008 8:04PM
no.
Patriks7 @ Dec 14th 2008 8:05PM
Definitely not me..
Menos @ Dec 14th 2008 8:12PM
die.
gonintendo @ Dec 14th 2008 8:14PM
I do.
Ethan @ Dec 14th 2008 8:30PM
Jesus
nerdtalker @ Dec 14th 2008 8:48PM
Find the nearest bridge.
Jump off it.
Then I will love you.
Lane @ Dec 14th 2008 9:15PM
Michael Jackson does.
guidedbyvoip @ Dec 15th 2008 10:23AM
A drunk David Hasselhoff.
skyblaze @ Dec 15th 2008 8:15AM
damn, i got alot of attention.
sorry tho. i had to do it.
this is what happens when you equate a slow day on engadget with a very bored commenter
UK Trojan @ Dec 15th 2008 1:40PM
I suspect your right hand, and no-one else.
BobBuilder @ Dec 14th 2008 11:40PM
Am I the only one who likes Playstation home? Its not a finished product right now since there are very few places to go, customize, etc. It definitely has potential though. The graphics are awesome compared to any other "virtual world" out there. Then again, I don't think I would ever actually spend any time in a virtual world (I don't play WoW or Second Life), so I might not be the target audience.
tristan88 @ Dec 14th 2008 8:10PM
i totally forgot about these kind of things happening to home. if sony doesnt get on this it could get alot worse than lol on those posters.
ScooterDe @ Dec 15th 2008 7:09AM
they should turn this into a feature, and allow people to interact; like those stupid SMS messages scrolling during music TV - of course Sony will want some cash money for each message, but it will be more entertaining than selling those slots to Coca-Cola.
Frantisek Fuka @ Dec 14th 2008 8:13PM
Erm, this has nothing to do with "hacking the servers". Yes, using this method you can change the posters you see on YOUR screen on YOUR PS3 but no one else in the world sees these changes. If I use Firefox extension to remove all ads from your site, this doesn't mean I'm "hacking the servers" and changing what everyone else sees, does it?
tretle @ Dec 14th 2008 8:24PM
Frantiesk Fuka - I was thinking the same, probably something to due to the hacked copy of home back in the closed beta. Intercept the packets coming in from the servers (not too hard considering the error handler was borked and was not parsing the messages correctly leading to people getting an error message with the url of the servers displayed). Once intercepted switch the data with your own, 876587.jpg gets replaced with your own photo renamed to 876587.jpg.
Not too sure tbh, if the hack doesn't involve physically writing data to the ps3 drive then this filtering method is most likely.
obo @ Dec 14th 2008 8:25PM
Read the exploit. SKFU found the script that uploads, downloads and deletes user profiles from the Home servers, and by intercepting and editing network packets, he could edit the URL to transfer to/from or delete any file on the Home servers.
"Example: User1 uploads his profile to the home server (see point 6), now User2 sees User1 in HOME; the downloader downloads the profile of User1 to the local HDD space of User2. So far so good. Now theres the possibility to do a realtime packet edit to download ANY file you want. It's up to you what files you think about now, but there are more than just lame user profiles on such servers ;-) To continue:
Download.jsp?filename=Profile-UserXYZ
...
Simply edit the filename to get your specific file :)
6) The most important vulnarability "upload any file to the HOME server"
The methode is nearly the same like in 5. just that you can upload instead of download a file.
...
At the end a funny thing "delete any file on the HOME server"
homeps3.online.scee.com/HUBPS3_SVML/home/fileservices/Delete.jsp?filename=XYZ"
SKFU had already decrypted Home's files and file structure in a previous post, so the "map" to find any file - movie trailers, posters, profiles, locations, objects, etc. - is already there.
IF SKFU IS RIGHT and this exploit is legitimate, this is NOT a local exploit.
obo @ Dec 14th 2008 8:30PM
It's worth noting that the poster and trailer hack has _nothing to do_ with SKFU's exploit. The poster/trailer hack is local. SKFU's involves exploiting scripts on Sony's servers to upload, overwrite or delete files on Sony's servers and is not local.
Engadget probably should not have paired these two as if they were related.
Baozer @ Dec 14th 2008 8:31PM
So what you're saying is.. this is the most pointless hack ever.
rock99rock @ Dec 14th 2008 10:36PM
I vote obo the new PS3 liason to Engadget. He obviously knows how to explain what he reads.
Blastar @ Dec 14th 2008 10:49PM
I think that you are right about the YOUR SCREEN part.
It's easy to mesh up with ps3 HD and its not a hack.. its called FAT32.
Since these are just stored files in Playstation Home CACHE at your OWN client which these files are rended, its easy to browse and replace an image leaving the same name by using a PC or so.
Since this is not a real threat except to your self sony probably didn't care much about that part.
So the only hack in this case is just the connecting the HDD from the PS3 to a PC and the opposite.
As about the special scripts.. the only truth is that you can copy replace and delete all the files that have been saved in your PS3's case.
I know that this have happened in the past in Second Life but no Known unofficial application or mod can do that in PS3.
Dave Chappelle @ Dec 14th 2008 8:13PM
"How to mod Home with your own posters and movies"
WTF engadget it looks like you want people to hack it?
tretle @ Dec 14th 2008 8:16PM
Genius idea hack into Sony's servers and upload content to your own account, they will never catch you :D
digitallysick @ Dec 14th 2008 8:20PM
oooo he changed the posters, i would of done something far more epic
who? @ Dec 14th 2008 8:56PM
Like what, put your avatar on there? I'd see that movie...
Blooper62 @ Dec 14th 2008 8:20PM
This why we cant have nice things.
-slycooper_rocker- (lorddshadow the amazing) psn: shahanasalam @ Dec 14th 2008 8:53PM
correction: This is why we can't have nice SONY things.
sure there's hacking on 360, wii, and ds but its nowhere near as widespread as the psp and i fear the ps3. (i do like hacking, i have a hacked psp but its just that most people just use it to get free games or mess things up instead of making their things more useful.)
TylerTech @ Dec 14th 2008 8:24PM
He changed a few posters! We're all going to die!
Obadiah @ Dec 14th 2008 8:27PM
Hackers never create anything, they just impinge upon and destroy other people's work.
who? @ Dec 14th 2008 8:54PM
Unlocked phones, hackintoshes, and homebrew, while not 'company approved,' are still far from destructive.
Sizer @ Dec 14th 2008 9:08PM
I've seen homebrew that's far cooler than anything that's in Home so far.
who? @ Dec 14th 2008 9:25PM
@Sizer
No kidding!
jtauke @ Dec 14th 2008 10:26PM
yes of course, because the so called "hackers" that work for security consulting firms are definitely black hearted bastards.....why don't you learn a little about what legitimate hackers do, before you open your mouth
mcatrage @ Dec 14th 2008 10:41PM
Nice lets have a hackers vs crackers debate and lets also add some black hats vs white hats or we can generalize and look like a moron.