PlayStation Home already hacked?
By Ross Miller 
posted Dec 14th 2008 7:49PM
posted Dec 14th 2008 7:49PM
Read - HOME vulnerabilities disclosure
Read - How to mod Home with your own posters and movies
Please note: If you're a current Engadget commenter, you do not need to re-register. Simply login and you will be prompted to select a username.
I'm sorry but with that crappy video quality I don't really see much of anything. What did they change?
LOL
he wrote LOL under all the posters. not a big change
Them big "Home" posters say "lol" which is way too 1337 for any grownup to understand and way too humourous for a corporation to put on its products. I think it also has the hacker's (sorry, haXXor's) sig at the bottom, something ineligible due to poor video quality...
BTW, don't tell Engadget how to do it, I don't want my Home to become an Apple store.
I see it now. Before they had the video where they made all the posters the same.
ineligible? i do think you meant illegible.
i'm not sure, i cant even get passed the "hit x to continue" screen. it just stays locked up on that screen.
Hey Siteink, that sounds like the same problem I had until I realized Home only works with whatever is on controller slot #1. I had Rock Band dongles plugged in so those were being assigned to #1 and the Sixaxis was not working with Home. Reassigned it to controller #1 and it worked fine.
1 million dollar bounty on Mr. Blurry Cam.
GO! GO! GO!
if only it was that easy to get rid of mr. blurrycam for good....
im not even going to bother trying this out.
Oh noes, another close encounters of the ‘blurred’ kind.
The modding Home one looks like it's only a local hack, in which case I'd rather just watch videos from the XMB. As for the vulnerabilities... idk what to make of it yet.
Malware, PS3 viruses, profile/ID theft, key/input loggers, Home as homebrew gateway, or just plain deleting necessary files from Sony's servers... this is like running a Web server that lets anyone administrate it.
Even as a local only hack that could be used to effectively help ignore all the in game advertisements and attempts to sell products on Home.
If Sony couldn't catch it, I'd use something like that to block out Ads quite happily.
OH NOES!!!! THEY IS HAXORING MY HOME
-sony lolcat
who loves me?
no.
Definitely not me..
die.
I do.
Jesus
Find the nearest bridge.
Jump off it.
Then I will love you.
Michael Jackson does.
A drunk David Hasselhoff.
damn, i got alot of attention.
sorry tho. i had to do it.
this is what happens when you equate a slow day on engadget with a very bored commenter
I suspect your right hand, and no-one else.
Am I the only one who likes Playstation home? Its not a finished product right now since there are very few places to go, customize, etc. It definitely has potential though. The graphics are awesome compared to any other "virtual world" out there. Then again, I don't think I would ever actually spend any time in a virtual world (I don't play WoW or Second Life), so I might not be the target audience.
i totally forgot about these kind of things happening to home. if sony doesnt get on this it could get alot worse than lol on those posters.
they should turn this into a feature, and allow people to interact; like those stupid SMS messages scrolling during music TV - of course Sony will want some cash money for each message, but it will be more entertaining than selling those slots to Coca-Cola.
Erm, this has nothing to do with "hacking the servers". Yes, using this method you can change the posters you see on YOUR screen on YOUR PS3 but no one else in the world sees these changes. If I use Firefox extension to remove all ads from your site, this doesn't mean I'm "hacking the servers" and changing what everyone else sees, does it?
Frantiesk Fuka - I was thinking the same, probably something to due to the hacked copy of home back in the closed beta. Intercept the packets coming in from the servers (not too hard considering the error handler was borked and was not parsing the messages correctly leading to people getting an error message with the url of the servers displayed). Once intercepted switch the data with your own, 876587.jpg gets replaced with your own photo renamed to 876587.jpg.
Not too sure tbh, if the hack doesn't involve physically writing data to the ps3 drive then this filtering method is most likely.
Read the exploit. SKFU found the script that uploads, downloads and deletes user profiles from the Home servers, and by intercepting and editing network packets, he could edit the URL to transfer to/from or delete any file on the Home servers.
"Example: User1 uploads his profile to the home server (see point 6), now User2 sees User1 in HOME; the downloader downloads the profile of User1 to the local HDD space of User2. So far so good. Now theres the possibility to do a realtime packet edit to download ANY file you want. It's up to you what files you think about now, but there are more than just lame user profiles on such servers ;-) To continue:
Download.jsp?filename=Profile-UserXYZ
...
Simply edit the filename to get your specific file :)
6) The most important vulnarability "upload any file to the HOME server"
The methode is nearly the same like in 5. just that you can upload instead of download a file.
...
At the end a funny thing "delete any file on the HOME server"
homeps3.online.scee.com/HUBPS3_SVML/home/fileservices/Delete.jsp?filename=XYZ"
SKFU had already decrypted Home's files and file structure in a previous post, so the "map" to find any file - movie trailers, posters, profiles, locations, objects, etc. - is already there.
IF SKFU IS RIGHT and this exploit is legitimate, this is NOT a local exploit.
It's worth noting that the poster and trailer hack has _nothing to do_ with SKFU's exploit. The poster/trailer hack is local. SKFU's involves exploiting scripts on Sony's servers to upload, overwrite or delete files on Sony's servers and is not local.
Engadget probably should not have paired these two as if they were related.
So what you're saying is.. this is the most pointless hack ever.
I vote obo the new PS3 liason to Engadget. He obviously knows how to explain what he reads.
I think that you are right about the YOUR SCREEN part.
It's easy to mesh up with ps3 HD and its not a hack.. its called FAT32.
Since these are just stored files in Playstation Home CACHE at your OWN client which these files are rended, its easy to browse and replace an image leaving the same name by using a PC or so.
Since this is not a real threat except to your self sony probably didn't care much about that part.
So the only hack in this case is just the connecting the HDD from the PS3 to a PC and the opposite.
As about the special scripts.. the only truth is that you can copy replace and delete all the files that have been saved in your PS3's case.
I know that this have happened in the past in Second Life but no Known unofficial application or mod can do that in PS3.
"How to mod Home with your own posters and movies"
WTF engadget it looks like you want people to hack it?
Genius idea hack into Sony's servers and upload content to your own account, they will never catch you :D
oooo he changed the posters, i would of done something far more epic
Like what, put your avatar on there? I'd see that movie...
This why we cant have nice things.
correction: This is why we can't have nice SONY things.
sure there's hacking on 360, wii, and ds but its nowhere near as widespread as the psp and i fear the ps3. (i do like hacking, i have a hacked psp but its just that most people just use it to get free games or mess things up instead of making their things more useful.)
He changed a few posters! We're all going to die!
Hackers never create anything, they just impinge upon and destroy other people's work.
Unlocked phones, hackintoshes, and homebrew, while not 'company approved,' are still far from destructive.
I've seen homebrew that's far cooler than anything that's in Home so far.
@Sizer
No kidding!
yes of course, because the so called "hackers" that work for security consulting firms are definitely black hearted bastards.....why don't you learn a little about what legitimate hackers do, before you open your mouth
Nice lets have a hackers vs crackers debate and lets also add some black hats vs white hats or we can generalize and look like a moron.
I guess people shouldn't know how stuff works, I guess everything is just magic and only our overlords should bestow such knowledge.
I, for one, welcome our new insect overlords.
Wow, some people are complete losers. Who would waste their time trying to find this stuff out and then actually carry it out? Get a job and a life for god sake.
You're posting on Engadget instead of skiing down Mt. Everest...? Get a life.
@Metkis
Most epic comment ever!
As if it weren't already hard enough to get home..
i can haz?
It's been out since Friday. Don't see how HARD it can be to reboot ur ps3 and have the Home icon appear in your xmb in the network space.
Did anyone else hear "That is good weed" during the video. Those kids/middle aged virgins are going places.
If only it was for everyone that it changed... I'd have made it p0rNs
Do all the avatars shop at the gap?
I wait for the deluge of 1 guy 1 jar and goatse to bring playstation home to its knees.
NO! Just NO. I never heard of the 1 guy 1 jar before but dude you just scarred me for life. That ***** is disgusting....
Please tell me why this story is significant? So the guy changes something for himself.....isnt that supposed to show the flexibility of Home?
Instead its sounds like a bad thing.....huh.....
Maybe they can hack some personality into Home...
How do I brewed haxed home?
alert("women's liberation? woman, you better get yourself back in that kitchen and cook me up some food.");
Embedded Javascript Fail
my wife is using it under the account I set up, damn Sony doesn't let you change your PlayStation account name once you have it set up.
years in the making and all we have to play is saucer pop, bowling, pool, and 3 crappy arcade games.
HOME, great concept, great technology, really boring. Hopefully they add more stuff for people to do then just chat and dance and get virtually raped by a bunch of idiot loons.
I think Sony HOME need to set up an area for kids and an area for idiots
He mustn't be too smart, what with signing his psn name at the bottom of the posters. BAN HAMMER for him I'd say within a few days. Sony are tough on hacking home and any other shit you can throw in there. They will find you and fuck you up.
Ok? What am I looking at? Where is the head coming out of the water? I'm not sure I see a pre-historic dinosaur in the loch.
Do they show full length movies on the screens in Home, because if they do, I'd actually be interested getting on. If they don't, they should. It'd be a cool marketing technique... walk into Home, see some section of some movie, get all caught up in it and then have someone else distract you or ask to play a game... just like real life.
If they'd actually prepare to have people create their own content instead of making people pay money to choose between things out of a list, maybe this wouldn't be so much of an issue. Maybe it's actually in their plans, but they sure are keeping it hush-hush.
Haha, this is really easy to do ^^
Its not that he has changed things on the servers so that everyone sees the things that have been changed, only him and people who have set up their home client the same as him.
Playstation home uses web servers to put content out on the billboards and poster boards and movie screens etc, all it is, is a simple forwarder to your own content links, all you need is a webserver (which anyone can get).
Its hardly hacking, its just things kids do to try and impress their mates, the same thing can be done with games like WoW and RO, you can change the files and links in your client to have strange things like cars in WoW instead of horses etc.
Almost all the data for Home is streamed via the web, hence why things like downloading a new area is only 20mb.
I will see if I can find a link for you to show you how its done, I am sure somebody somewhere will have posted the method, its probably how this kid has done it in the first place.
PSN ID: Dr-Mog
Mog
http://Www.MogCast.coM
Your exactly right, but most people on Engadget would rather it be a Home server hack because it would be better for screwing Sony.
Actually, even if this hack is local, it could be bad for Sony. I'm assuming at some point they're going to be selling those spots to advertisers. If you could replace the ads at with anything, then someeone spent some money for something you're never going to see. It would make advertises think twice about placing ads in Sony Home.
Right, just like how AdBlock Plus already does this for Firefox et al for every other web site out there, causing advertisers to think twice about buying even more banner ads... oh wait, that hasn't happened either!
Seriously, why don't this StreetskaterFU guy hack Xbox Live?
Home is already free. SONY has put up so much effort in developing it and given it to us without asking for anything. Granted that we may need to purchase some things here and there but it's still basically free. You can choose not to buy anything and still can make friends and have fun in HOME.
Hey StreetskaterFU, what are ya trying to proof? You're a hacking guru? or Robin Hood? Go hack Xbox Live and make it free for everyone. I'll say you're good if you can do that.
Leave HOME alone! It's disgraceful people like you we can't have free things.