Sony keeps username & password in plain text format

[r00t3r]

I have CFW 6.60 LME -1.4 and I'm able to access other system files and the registry files in flash 1 mode. I hexed the PSP registry file using OllDbg only to find my PlayStation Network username name(e-mail) and password in plain text. As you can see below, there are two files in the folder named registry. Hex edit system.dreg and you'll be amazed to see your password in plain text format.


Now I'll be more careful not to run any apps with full access to my PSP. And even more, I won't give my PSP to people anymore.
What if someone makes a signed homebrew app to steal this info ?

Other stuff: In net\http there are two files (shown below)


Open auth.dat and you'll find your saved password(s) in plain text also. The cookies.dat is self explanatory.

Just wanted to say that.

[otakon435]

Why would devs even bother trying to get this.....

[ramiro1398]

Why would devs even bother trying to get this.....

+1

I have CFW 6.60 LME -1.4 and I'm able to access other system files and the registry files in flash 1 mode. I hexed the PSP registry file using OllDbg only to find my PlayStation Network username name(e-mail) and password in plain text. As you can see below, there are two files in the folder named registry. Hex edit system.dreg and you'll be amazed to see your password in plain text format.


Now I'll be more careful not to run any apps with full access to my PSP. And even more, I won't give my PSP to people anymore.
What if someone makes a signed homebrew app to steal this info ?

Other stuff: In net\http there are two files (shown below)


Open auth.dat and you'll find your saved password(s) in plain text also. The cookies.dat is self explanatory.

Just wanted to say that.

i didnt knew this....

[s7a71cv01d1nt]

Nothing special there.
I was messing with these registry in DCv8 yesterday.

Try making pandora battery and MMS then inside DCv8 delete these registries and you will get chinese letters in DCv8 menu.

Also you can change X and O from these two registries.

I thought this was a nother leaked customer information from Sony website. lol

[Xian Nox]

Why would devs even bother trying to get this.....

Well, if you're making a PSP virus, you'll need this.

[otakon435]

True, but still there isn't much of a point to make one for it. The first on was annoying though.

[Xian Nox]

True, but still there isn't much of a point to make one for it. The first on was annoying though.

Most users use only one password on all of their accounts, and similar usernames. Here's a valid point.

[otakon435]

True, but still there isn't much of a point to make one for it. The first on was annoying though.

Most users use only one password on all of their accounts, and similar usernames. Here's a valid point.

This is true, I didn't think of that because I don't. Yes that would make this a problem.

[Sand3r]

Damn, I wanted to see if it was really that easy to extract the information from the file.
With the use of fseek() and fread() it was dead easy to display my username (email address) and password on the screen...

[m0skit0]

Doesn't surprise me. If they keep PSN account passwords in clear on the servers, why wouldn't they on the console?

Damn, I wanted to see if it was really that easy to extract the information from the file.

Huh? If it's in the file, accessing it is as easy as reading the file, obviously...