Fixme.ch:OldWiki/PS3Game

=
=========== ps3game: A packet sender

=
===========

Submitter: Team devnull (73) Price: $600 Submission: 30 Sep 23:34

Comment by Admins

=
==== Official organizers' advisory!

Teaser

=
A ScaPy snippet that send the right packets with python. But you need to add the magic sauce yourself.

Content

=
def send_magic_udp(dst, dport, sport, payload, fakemagic = False): udp = UDP(dport = dport, sport = sport) / payload ip = IP(dst = dst) / Raw(str(udp) + (not fakemagic and magic(payload) or '?'*16)) ip.proto = 'udp' send(ip)

=
====== ps3game: Protection

=
======

Submitter: Team devnull (73) Price: $75 Submission: 30 Sep 20:19

Comment by Admins

=
==== Official organizers' advisory! :)

Teaser

=
This advisory tells you what is protecting your ps3game from arbitrary code execution.

Content

=
codeserv.ko is a kernel module that prevents arbitrary packets reaching the service. Maybe you can reverse engineer it and find out how to circumvent it? :)

=
========= ps3game: kernel tricks

=
=========

Submitter: Team devnull (73) Price: $850 Submission: 30 Sep 23:34

Comment by Admins

=
====

Teaser

=
A mathematic formula in C is provided.

Content

=
Mind potential inlining due to optimization...

snippet: h = codeserv_hash_tea((u32 *) data, data_length);

if(power_modulo(signature[0], pubkey, modulus) != (h & 0xffffffff)               || power_modulo(signature[1], pubkey, modulus) != (h >> 32)) {               return -1; }