Playstation 3 Store URL Discovered

fooster

Apprentice
Dec 10, 2005
426
0
0
www.epc-clan.net
#1
I've noticed that a lot of people were curious on where the actual playstation store connects to, so I did a tracer route on the ip addresses currently accessing my playstation 3 (I only picked the ones with multiple port use)

61.200.89.55:80 - This ip didn't post anything up, besides the fact that it is indeed based in Japan.

68.87.72.130:53 - For some reason, this ip is from a comcast center down in Chicago. Comcast is my isp btw, but I live in Ann Arbor, Michigan.

68.87.77.130:53 - This ip also connects to my isp's network, but this time, this one is local.

Now... for the main event.
199.108.4.75:443 - This ip address is indeed, our playstation 3 store's ip address. It even has a url: store.np.ac.playstation.net
However, the url does not work for me, perhaps you will have better luck.

After doing more indepth tracing, here is the main website, that does indeed do the playstation store.
http://www.station.sony.com/en/

Here is the ps3 ip info:
http://ip-lookup.net/?ip=199.108.4.75
 
Apr 10, 2006
29
0
0
40
#3
[QUOTE="gS32tom, post: 0]So, the PS3 access the store on port 443. That's a SSL port, so you have to access it with the SSL (https://store.np.ac.playstation.net/).
Then there is a Login-Site (https://account.np.ac.playstation.net/login.gvm), but I'am in europe and don't have the permission to access the site behind the login, until the european launch. :(

[/QUOTE]
The login page refreshes every time I try to login. So it doesn't work... maybe protected?
 

jaronn

Apprentice
Oct 19, 2006
237
0
0
39
#6
nice find, but when I try to log in it gives me an error messege and tells me to try again later.
 

Grem

Apprentice
Feb 9, 2006
176
0
0
#7
I tried to login with my European login information, but it told me I couldn't access the page until "the system has launched in your region"
 

gcubed

Dedicated Member
Aug 3, 2005
1,160
0
0
42
#8
it probably has some code to look for something specific the ps3 sends. Although, it is a great find! I wish we could either a) download to our pc then move it over, or b) schedule downloads from our pc for our ps3 to execute when we are away.

Above all, i'd be happy just to get background downloading (Hurry up March)
 

Cyrann

Master Guru
Oct 2, 2006
6,728
1
0
38
#9
That is a job well done...

While I cannot log into, due to the refreshing, I still say stellar job!
 

gS32tom

Apprentice
Nov 19, 2006
161
0
0
38
www.cs-expert.de
#11
[QUOTE="icdedppl, post: 0]use firefox and change your user agent to the following:
MOZILLA/5.0 (PLAYSTATION 3; 1.00)[/quote]

I tried this, but of course there is still the problem with the european launch.
So somebody of you has to try it. For Firefox 2.0.0.1 Users, put about:config into the address bar of your firefox, then filter general.useragent.extra.firefox and change it to MOZILLA/5.0 (PLAYSTATION 3; 1.00) .
This should also work with older versions of firefox.
 

fooster

Apprentice
Dec 10, 2005
426
0
0
www.epc-clan.net
#13
[QUOTE="jaronn, post: 0]nice find, but when I try to log in it gives me an error messege and tells me to try again later.[/QUOTE]

Yeah, I keep getting that too, I wonder whats going on with it.
 
Oct 19, 2006
8
0
0
39
#15
[QUOTE="gS32tom, post: 0]I tried this, but of course there is still the problem with the european launch.
So somebody of you has to try it. For Firefox 2.0.0.1 Users, put about:config into the address bar of your firefox, then filter general.useragent.extra.firefox and change it to MOZILLA/5.0 (PLAYSTATION 3; 1.00) .
This should also work with older versions of firefox.[/QUOTE]

Tried it.

This is what I get:

"An unexpected error has occurred.

Please try again later."


:(
 

icdedppl

Apprentice
Oct 16, 2006
483
0
0
43
#17
something else i noticed is that the ps3 (at least the browser) adds a new line description to the header which includes what your fw version is. i would assume that since our browser are not sending this additional line of information, that trying to use our browsers, even with the correct user agent, will not work. does anyone know how to add additional information to the header that is sent by the browser?
 

fooster

Apprentice
Dec 10, 2005
426
0
0
www.epc-clan.net
#18
[QUOTE="Twilights, post: 0]I lost my card to register my playstation 3 on line. Does any one know where to go.... I have been searching with no luck.[/QUOTE]

Registering the actual playstation 3? or registering for a playstation username for the European market?
 

icdedppl

Apprentice
Oct 16, 2006
483
0
0
43
#19
here is the full ps3 browser header information:
HTTP_CONNECTION:Keep-Alive
HTTP_ACCEPT_ENCODING:identity
HTTP_ACCEPT_LANGUAGE:en
HTTP_USER_AGEN:Mozilla/5.0 (PLAYSTATION 3; 1.00)
HTTP_X_PS3_BROWSER: 1.30 (WP; system=1.32)

as i said, that last piece of the header lists my fw version, 1.32. i bet when you login, this information is sent and that's how it knows if you need a new fw or not. not sure how we can get a regular browser to send this info. would probably be the only way to access the store via a browser.
 

360Spider

Super Elite
Nov 22, 2006
2,018
1
0
32
#21
I keep on getting that error too. Maybe they're working on it right now. Probably they're gonna let us download from the pc. Maybe it's a future update they're working on. Who knows. Only time will tell.
 

solinent

Elite Member
Jun 17, 2006
1,788
0
0
30
#22
I'll see how to send an extra header...

https://addons.mozilla.org/firefox/966/

let me try now...

Didn't work. Not sure if Tamper data is working. I'm gonna make a PHP script and try it out...

OK!

Made some progress. Here are my headers sent (cookie is censored).

To test your own headers, I have a script, ask me for it if you want to see it.
Code:
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Accept-Encoding: gzip,deflate
Accept-Language: en-gb,en;q=0.5
Cache-Control: max-age=0
Connection: keep-alive
Cookie: ****
Host: www.runeap.com
HTTP_X_PS3_BROWSER: 1.30 (WP; system=1.32)
Keep-Alive: 300
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.1) Gecko/20061204 MOZILLA/5.0 (PLAYSTATION 3; 1.00)
By looking at this, the user agent is wrong. I need to figure out how to change user agent.

Ok fixed that by using the tamper script. Here's my final result (still does not work however...)

Code:
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Accept-Encoding: gzip,deflate
Accept-Language: en-gb,en;q=0.5
Cache-Control: max-age=0
Connection: keep-alive
Cookie: ****
Host: www.runeap.com
HTTP_X_PS3_BROWSER: 1.30 (WP; system=1.32)
Keep-Alive: 300
User-Agent: MOZILLA/5.0 (PLAYSTATION 3; 1.00)
 
1

1301950

Guest
#23
from what i've seen of his ps3 traffic capture, HTTP_USER_AGEN:Mozilla/5.0 (PLAYSTATION 3; 1.00), i don't think you should put "HTTP_" in front of your header attribute. Maybe it was added by its tool or somethin.

But even if i took it out, and just X_PS3_BROWSER and its value being "1.30 (WP; system=1.32)" it still doesn't work.

But i have a question on how icdedppl gets his dump. The connection is on ssl, ie. encrypted. Even if you got a sniffer, you're only gonna get the data encrypted. Unless you're doing it from inside linux. But that would be different from doing it in the gameos.

That leads to another question - does this approach work inside linux? such as the yellow dog? We're getting there....
 

:mn:

Dedicated Member
Nov 25, 2005
1,117
1
0
29
#24
lol good luck guys im sure the ps3,could send out a bit of secret info other then browser data to show that its a ps3.
 

hardcandy2

Apprentice
Sep 14, 2006
297
0
0
71
#26
So basically, a skilled cracker is eventually going to be able to roam around the website. I wonder if any Sony IT people are aware and if they have planned for this, seems they would have a halfway decent security consultant evaluate the website before going live.
So are they using CSS or some XML variant?
Sony, see what happens when the games are scarce? The doodz gotta play wit sumthing!!! :-D
 

hardcandy2

Apprentice
Sep 14, 2006
297
0
0
71
#28
[QUOTE="wormsbaby, post: 0]nerds. (25 characters)........[/quote]

Nerds, terds, birds, so what? This is the new online game from Sony Entertainment.The studios were slow in bringing new game content out, so they created "Hack The Site". :-D
 

EddieDZ

Super Elite
Jan 28, 2006
2,278
0
0
Moncton
#29
[QUOTE="hardcandy2, post: 0]So basically, a skilled cracker is eventually going to be able to roam around the website. I wonder if any Sony IT people are aware and if they have planned for this, seems they would have a halfway decent security consultant evaluate the website before going live.
So are they using CSS or some XML variant?
Sony, see what happens when the games are scarce? The doodz gotta play wit sumthing!!! :-D[/QUOTE]

agree!!.. although this is a great find without a doub!(+rep!).. it will take no time for someone with extreme coding knownledge to find out the site to the playstation store to access it on a PC.. but thats not really good news, i can see that causing alot of flooding traffic :(. i hope sony keeps security tight on the PS store.
 
Aug 23, 2006
5,275
28
38
40
#30
I got through because mine didnt keep refreshing but after I got past it there was another error .... *looks into error*