Forum rules: Forum rule Nº 15 is strictly enforced in this subforum.
#103622 by r00t3r
Sat Oct 01, 2011 2:26 am
I have CFW 6.60 LME -1.4 and I'm able to access other system files and the registry files in flash 1 mode. I hexed the PSP registry file using OllDbg only to find my PlayStation Network username name(e-mail) and password in plain text. :shock: As you can see below, there are two files in the folder named registry. Hex edit system.dreg and you'll be amazed to see your password in plain text format.
Image

Now I'll be more careful not to run any apps with full access to my PSP. And even more, I won't give my PSP to people anymore.
What if someone makes a signed homebrew app to steal this info ?

Other stuff: In net\http there are two files (shown below)
Image

Open auth.dat and you'll find your saved password(s) in plain text also. The cookies.dat is self explanatory.

Just wanted to say that.
Advertising
#103638 by otakon435
Sat Oct 01, 2011 2:58 am
Why would devs even bother trying to get this.....
Advertising
#103639 by ramiro1398
Sat Oct 01, 2011 2:59 am
otakon435 wrote:Why would devs even bother trying to get this.....

+1
r00t3r wrote:I have CFW 6.60 LME -1.4 and I'm able to access other system files and the registry files in flash 1 mode. I hexed the PSP registry file using OllDbg only to find my PlayStation Network username name(e-mail) and password in plain text. :shock: As you can see below, there are two files in the folder named registry. Hex edit system.dreg and you'll be amazed to see your password in plain text format.
Image

Now I'll be more careful not to run any apps with full access to my PSP. And even more, I won't give my PSP to people anymore.
What if someone makes a signed homebrew app to steal this info ?

Other stuff: In net\http there are two files (shown below)
Image

Open auth.dat and you'll find your saved password(s) in plain text also. The cookies.dat is self explanatory.

Just wanted to say that.

i didnt knew this....
#103674 by s7a71cv01d1nt
Sat Oct 01, 2011 6:39 am
Nothing special there.
I was messing with these registry in DCv8 yesterday.

Try making pandora battery and MMS then inside DCv8 delete these registries and you will get chinese letters in DCv8 menu.

Also you can change X and O from these two registries.

I thought this was a nother leaked customer information from Sony website. lol :lol:
#103881 by otakon435
Sat Oct 01, 2011 8:51 pm
True, but still there isn't much of a point to make one for it. The first on was annoying though.
#103969 by Xian Nox
Sat Oct 01, 2011 11:05 pm
otakon435 wrote:True, but still there isn't much of a point to make one for it. The first on was annoying though.

Most users use only one password on all of their accounts, and similar usernames. Here's a valid point.
#104166 by otakon435
Sun Oct 02, 2011 3:46 pm
Xian Nox wrote:
otakon435 wrote:True, but still there isn't much of a point to make one for it. The first on was annoying though.

Most users use only one password on all of their accounts, and similar usernames. Here's a valid point.

This is true, I didn't think of that because I don't. Yes that would make this a problem.
#104173 by Sand3r
Sun Oct 02, 2011 5:03 pm
dang, I wanted to see if it was really that easy to extract the information from the file.
With the use of fseek() and fread() it was dead easy to display my username (email address) and password on the screen... :shock:
#104362 by m0skit0
Mon Oct 03, 2011 10:02 am
Doesn't surprise me. If they keep PSN account passwords in clear on the servers, why wouldn't they on the console? :roll:

Sand3r wrote:dang, I wanted to see if it was really that easy to extract the information from the file.

Huh? If it's in the file, accessing it is as easy as reading the file, obviously...

Who is online

Users browsing this forum: No registered users and 1 guest