Advertising (This ad goes away for registered users. You can Login or Register)

Sony keeps username & password in plain text format

Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
r00t3r
Posts: 1
Joined: Sat Oct 01, 2011 1:45 am

Sony keeps username & password in plain text format

Post by r00t3r » Sat Oct 01, 2011 2:26 am

I have CFW 6.60 LME -1.4 and I'm able to access other system files and the registry files in flash 1 mode. I hexed the PSP registry file using OllDbg only to find my PlayStation Network username name(e-mail) and password in plain text. :shock: As you can see below, there are two files in the folder named registry. Hex edit system.dreg and you'll be amazed to see your password in plain text format.
Image

Now I'll be more careful not to run any apps with full access to my PSP. And even more, I won't give my PSP to people anymore.
What if someone makes a signed homebrew app to steal this info ?

Other stuff: In net\http there are two files (shown below)
Image

Open auth.dat and you'll find your saved password(s) in plain text also. The cookies.dat is self explanatory.

Just wanted to say that.
Advertising

otakon435
Posts: 79
Joined: Sun Jul 03, 2011 5:52 pm
Location: Shadow Moses
Contact:

Re: Sony keeps username & password in plain text format

Post by otakon435 » Sat Oct 01, 2011 2:58 am

Why would devs even bother trying to get this.....
Advertising
PSP Info
PSP 3001 04g
Metal Gear Solid Special edition forest green
Firmware History 6.00==>6.20=>6.20 TN HEN==> 6.35 pro a-b===>6.39 pro b7===>6.20 perma patch pro b7===> perma patch pro b9
PSP Go 6.60 (temporary).

User avatar
ramiro1398
Posts: 116
Joined: Sat Feb 26, 2011 3:12 am

Re: Sony keeps username & password in plain text format

Post by ramiro1398 » Sat Oct 01, 2011 2:59 am

otakon435 wrote:Why would devs even bother trying to get this.....
+1
r00t3r wrote:I have CFW 6.60 LME -1.4 and I'm able to access other system files and the registry files in flash 1 mode. I hexed the PSP registry file using OllDbg only to find my PlayStation Network username name(e-mail) and password in plain text. :shock: As you can see below, there are two files in the folder named registry. Hex edit system.dreg and you'll be amazed to see your password in plain text format.
Image

Now I'll be more careful not to run any apps with full access to my PSP. And even more, I won't give my PSP to people anymore.
What if someone makes a signed homebrew app to steal this info ?

Other stuff: In net\http there are two files (shown below)
Image

Open auth.dat and you'll find your saved password(s) in plain text also. The cookies.dat is self explanatory.

Just wanted to say that.
i didnt knew this....

s7a71cv01d1nt
Posts: 49
Joined: Sun Jun 12, 2011 4:26 am

Re: Sony keeps username & password in plain text format

Post by s7a71cv01d1nt » Sat Oct 01, 2011 6:39 am

Nothing special there.
I was messing with these registry in DCv8 yesterday.

Try making pandora battery and MMS then inside DCv8 delete these registries and you will get chinese letters in DCv8 menu.

Also you can change X and O from these two registries.

I thought this was a nother leaked customer information from Sony website. lol :lol:
1 PSP 1001 TA-082(Ceramic White) running 5.00 M33-6. :D
1 PSP 3004 TA-090v2(Piano Black) running OFW 5.00(learning how to exploit and code usermode homebrews) :D

User avatar
Xian Nox
Retired Mod
Posts: 2749
Joined: Fri Nov 05, 2010 5:27 pm
Location: Over the hills and far away

Re: Sony keeps username & password in plain text format

Post by Xian Nox » Sat Oct 01, 2011 10:37 am

otakon435 wrote:Why would devs even bother trying to get this.....
Well, if you're making a PSP virus, you'll need this.

otakon435
Posts: 79
Joined: Sun Jul 03, 2011 5:52 pm
Location: Shadow Moses
Contact:

Re: Sony keeps username & password in plain text format

Post by otakon435 » Sat Oct 01, 2011 8:51 pm

True, but still there isn't much of a point to make one for it. The first on was annoying though.
PSP Info
PSP 3001 04g
Metal Gear Solid Special edition forest green
Firmware History 6.00==>6.20=>6.20 TN HEN==> 6.35 pro a-b===>6.39 pro b7===>6.20 perma patch pro b7===> perma patch pro b9
PSP Go 6.60 (temporary).

User avatar
Xian Nox
Retired Mod
Posts: 2749
Joined: Fri Nov 05, 2010 5:27 pm
Location: Over the hills and far away

Re: Sony keeps username & password in plain text format

Post by Xian Nox » Sat Oct 01, 2011 11:05 pm

otakon435 wrote:True, but still there isn't much of a point to make one for it. The first on was annoying though.
Most users use only one password on all of their accounts, and similar usernames. Here's a valid point.

otakon435
Posts: 79
Joined: Sun Jul 03, 2011 5:52 pm
Location: Shadow Moses
Contact:

Re: Sony keeps username & password in plain text format

Post by otakon435 » Sun Oct 02, 2011 3:46 pm

Xian Nox wrote:
otakon435 wrote:True, but still there isn't much of a point to make one for it. The first on was annoying though.
Most users use only one password on all of their accounts, and similar usernames. Here's a valid point.
This is true, I didn't think of that because I don't. Yes that would make this a problem.
PSP Info
PSP 3001 04g
Metal Gear Solid Special edition forest green
Firmware History 6.00==>6.20=>6.20 TN HEN==> 6.35 pro a-b===>6.39 pro b7===>6.20 perma patch pro b7===> perma patch pro b9
PSP Go 6.60 (temporary).

Sand3r
Posts: 49
Joined: Sun Oct 24, 2010 10:48 am
Location: Belgium, Europe
Contact:

Re: Sony keeps username & password in plain text format

Post by Sand3r » Sun Oct 02, 2011 5:03 pm

dang, I wanted to see if it was really that easy to extract the information from the file.
With the use of fseek() and fread() it was dead easy to display my username (email address) and password on the screen... :shock:
* PSP 3004 - 6.35 PRO B5
* Creator of CubeMania - Genesis competition 2011

User avatar
m0skit0
Guru
Posts: 3817
Joined: Mon Sep 27, 2010 6:01 pm

Re: Sony keeps username & password in plain text format

Post by m0skit0 » Mon Oct 03, 2011 10:02 am

Doesn't surprise me. If they keep PSN account passwords in clear on the servers, why wouldn't they on the console? :roll:
Sand3r wrote:dang, I wanted to see if it was really that easy to extract the information from the file.
Huh? If it's in the file, accessing it is as easy as reading the file, obviously...
I wanna lots of mov al,0xb
Image
"just not into this RA stuffz"

Post Reply

Return to “Programming and Security”