Day0 of public release and SKFU already whips out a list of vulnerabilities Home developers are most likely shooting themselves in the foot for.
What do these "vulnerabilities" include? Well besides the ability to delete any file from HOME servers and download any content from Home we please, the biggest hole probably is the ability upload any file to the HOME server. SKFU posts in his blog exactly how this could be done:
HOME public beta just started a few minutes ago, and as a little bonus I write this little vulnarabilitie disclosure of HOME beta 1.3. Don't be THAT surprised, remember the decrypted HOME game files^^. HOME is the most buggy game I ever saw and they really ****ed up so much. Ok, the delays gone about 2 years but after this years of waiting as user I expect a little bit more. "It feels like 2005 tech in 2008. I'm not sure that?s what people want.", I can only agree with this comment of Microsoft. Well, here the disclosure:
The first 2 are server structure listenings. Some uninteresting files like the model files are missing, in generall the most interesting files are included. JSP files are NEVER sources, they are the response of the server. They are responded for german area.
4) Take a look in the first download package \c.home\prod\live\Screens\
Only one of the XML files is encrypted, which means you can simply customize the HOME areas with your own videos, pictures and text if you use a apache + simple dns redirection.
5) Download any file from the HOME content server you want
(Well now we come to the more interesting parts^^)
Theres a download script here...
(homeps3.online.scee.com/HUBPS3_SVML/home/fileservices/Download.jsp)
...which is meaned to act as downloader for other users profiles, avatars and more. Example: User1 uploads his profile to the home server (see point 6), now User2 sees User1 in HOME; the downloader downloads the profile of User1 to the local HDD space of User2. So far so good. Now theres the possibility to do a realtime packet edit to download ANY file you want. It's up to you what files you think about now, but there are more than just lame user profiles on such servers ;-) To continue:
Download.jsp?filename=Profile-UserXYZ
This is the structure how it looks like when a user profile is requested, after this the server responds this way:
Simply edit the filename to get your specific file
6) The most important vulnarability "upload any file to the HOME server"
The methode is nearly the same like in 5. just that you can upload instead of download a file. The structure looks like this:
Server request:
homeps3.online.scee.com/HUBPS3_SVML/fileservices/UploadFileServlet?fileNameBeginsWith=Avatar-UserXYZ.jpg&filePermission=2&fileTypeID=2&fileDesc ription=unused
Aswell theres the file you want to upload as raw data in the POST header. Just do a live edit again and inject your file. It will be saved in /HUBPS3_SVML/.
Please don't upload any r00tshells or similiar ;-)
7) At the end a funny thing "delete any file on the HOME server"
This could end really evil with a simple script :P
Please remember the last 3 vulnarabilities only work if you do a realtime packet edit. It's not possible to do this from a PC only or with fake packets!
SONY ****ed it really up! First they delay HOME for more than a year, then they delay it a few times again and again till finally we have a HOME beta on a technical standard from 2005 with crappy graphics, a few boring areas and many many many many many many many many bugs. After this whole bullshitting we finally get our beta on 11.12.2008 with another delay of about 5 hours because SONY is unable to test their servers before. Congratz, to SONY for this fantastic product. THANKS!
Please remember:
Don't do anything stupid with this information which you could repent later.
Thanks for you attention, this was my little HOME vulnarabilities disclosure for you,
SKFU
I think this is a great find and could have the potential to start up some pretty nice things.
P.S. I take no responsibility for the contents of this article. I did not write it, and all credit should go to the original place I found it at http://ps3hax.net
I also take no responsibility for any thing you screw up. =)
I haven't tested this yet... But a couple guys over on the ps3hax forums have managed to swap some of the videos around while playing Home. Lol. Sony..... XD
