** ** www.ps3xploit.net > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com) > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com down?

[Firebrand91]

Hi guys,

If I understand, we have actually only acces to HEN, correct?

Regards

 

[bobrooney]

There is on r/ps3homebrew new DNS workaround that is working for now.

Beware that there is also topic for self-hosted version of bgtools which I would not recommend. I'm not sure does author of bgtools approve that and you never know did they change something that may be harmful.

 

[Firebrand91]

Hi,

I have today, with success, use this method on this video for CFW:
Video Removed by Admin

Regards

 

[bobrooney]

There is no need to use these kind unofficial/modded/stollen version of bgtools that have instructions on a language that you don't understand, when there is DNS workaround that points on old bgtools app.

 

[Coro]

there is DNS workaround that points on old bgtools app.

if it is an old version, then it is not the real site. i would say that this is just a ruse to get people to use a certain copy instread of others.

 

[STLcardsWS]

There is on r/ps3homebrew new DNS workaround that is working for now.

Beware that there is also topic for self-hosted version of bgtools which I would not recommend. I'm not sure does author of bgtools approve that and you never know did they change something that may be harmful.

There is no need to use these kind unofficial/modded/stollen version of bgtools that have instructions on a language that you don't understand, when there is DNS workaround that points on old bgtools app.

if it is an old version, then it is not the real site. i would say that this is just a ruse to get people to use a certain copy instread of others.

The DNS trick will not longer work on the real site as @bguerville has explained:
https://www.psx-place.com/threads/ps3xploit-temporary-mirror-ps3xploit-me.38005/page-6#post-344589

To access the PS3 Toolset old domain, custom Cloudflare DNS won't help, SSL certificates could not be renewed without a functional domain so I removed ** ** www.ps3xploit.net > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com) > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com entries from CF.

So if that is the case that is suggesting what @Coro is suggesting is correct and someone is passing something off as something its not..

 

[kostirez1]

if it is an old version, then it is not the real site. i would say that this is just a ruse to get people to use a certain copy instread of others.

The DNS trick will not longer work on the real site as @bguerville has explained:
https://www.psx-place.com/threads/ps3xploit-temporary-mirror-ps3xploit-me.38005/page-6#post-344589


So if that is the case that is suggesting what @Coro is suggesting is correct and someone is passing something off as something its not..

Disclaimer: Based on the previous discussion, I'm assuming that the person who made the post about the DNS workaround is me. Sorry if this is not the case. I'm also in a conflict of interest writing here, since there's a public authoritative DNS server with ** ** www.ps3xploit.net > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com) > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com zone hosted by me. To be clear though, I'm not making any money by doing this, but do I accept donations to pay for the server. Between 2022-09-12 and 2022-10-13, I've received in total 1 donation of 2.30 euros (before paying PayPal a fee). It has covered roughly 1/3 of the monthly costs.

The reason why I made the post was the same as was discussed here and many other places. There are multiple clones popping up daily that are abusing the fact that official bgtoolset is not available. Even worse, some of them are actively trying to steal console IDs and bricking the systems, completely on purpose. Others are using laughably bad modifications of the code to allow flashing on any firmware version, making a huge disservice to the community by doing this.

Seeing this problem, I've looked into a possibility of re-hosting the DNS zone of ** ** www.ps3xploit.net > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com) > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com client side/publicly. It was in fact possible, since the original location where bgtoolset was hosted by @bguerville is still accessible. The only problem is that the TLS certificate is long expired by this point, but you can at least verify its authenticity by comparing it to certificate transparency logs and not fall in the hands of scammers. I tell people how to do it and encourage them to never trust anyone, including me. And to my knowledge, @bguerville never lost access to that web server, and he can delete it himself at any moment. I'm sorry if this is not the case, I'm just assuming all of this based on what was shared about the problem and didn't want to bother him unnecessarily. I can delete anything I've posted about this at any moment if anyone related to PS3Xploit project asks me to do so, but be aware of the statistics below.

Transparency report for my public DNS server between 2022-09-12 and 2022-10-13:
Configuration is as follows:

** ** www.ps3xploit.net > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com) > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com and www.** ** www.ps3xploit.net > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com) > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com	198.xxx.xxx.xxx (MochaHost LLC)	allow access to bgtoolset from August
*.ps3xploit.me	forwarded to public records	allow access to HEN installer
*.github.io	forwarded to public records	alternative HEN installer
Console manufacturer's domains	forwarded to public records	connection tests after modifying network settings
*.deanbg.com	forwarded to public records	something related to homebrew apps, people forget to remove the DNS settings after jailbreak

** www.** ** www.ps3xploit.net > D...eam** (NEW URL = http://ps3toolset.com[/TD]

Logs are deleted at UTC+0 midnight every day, kept for diagnostic purposes. Only aggregated statistics beyond that.

Statistics:

Total queries	80,954
Allowed queries	57,228
www.** ** www.ps3xploit.net > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com) > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com	791
** ** www.ps3xploit.net > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com) > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com	315
ps3xploit.me	101
www.ps3xploit.me	51
ps3addict.github.io	33

** www.** ** www.ps3xploit.net > D...eam** (NEW URL = http://ps3toolset.com[/TD] http://www.ps3xploit.me[/TD]

Based on this, it seems that there's still a lot of traffic for alternative ways to bgtoolset. I can't even imagine how much traffic clones must get, since they're far easier to access (users only care about how many buttons they have to press). They may also steal IDs and brick smaller percentage of consoles, to look more credible. If I had done that to just 10% of requests, I would have ~79 IDs by now. Multiply that by market value and it's something like $790? Obviously this is pulling numbers out of my ass, but I hope you get the point.

P.S. As said before, I'm willing to take it down at any request, I just don't think it's the right thing to do at this moment. Although, I will most probably take it down on 2022-10-31 myself.

 

[bobrooney]

Disclaimer: Based on the previous discussion, I'm assuming that the person who made the post about the DNS workaround is me. Sorry if this is not the case.

Yes, when I have written new DNS workaround I was referring to your post on Reddit.

Thank you for making that DNS server!

 

[Currican]

Yes, when I have written new DNS workaround I was referring to your post on Reddit.

Thank you for making that DNS server!

What is that DNS server?
I didn't manage to use the bgtoolser

 

[Coro]

What is that DNS server?
I didn't manage to use the bgtoolser

it is on Reddit. again, i do not think that it is the real site because the SSL cert expired already.

 

[kostirez1]

it is on Reddit. again, i do not think that it is the real site because the SSL cert expired already.

But how could it not be real? That certificate, even if expired, was still signed for the ** ** www.ps3xploit.net > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com) > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com domain by Let's Encrypt at the time it belonged to PS3Xploit team. Expiration dates on certificates are only there to mitigate the risk of private key leaks, deprecation of weak cryptography, cases where the domain changes ownership and stuff like that.

It would be actually more suspicious if the certificate wasn't expired and signed after August. Only possible scenario when that could happen is if the new owner requested it. Meaning there would be no way to validate the files, even if it had a valid certificate.

 

[STLcardsWS]

But how could it not be real? That certificate, even if expired, was still signed for the ** ** www.ps3xploit.net > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com) > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com domain by Let's Encrypt at the time it belonged to PS3Xploit team. Expiration dates on certificates are only there to mitigate the risk of private key leaks, deprecation of weak cryptography, cases where the domain changes ownership and stuff like that.

It would be actually more suspicious if the certificate wasn't expired and signed after August. Only possible scenario when that could happen is if the new owner requested it. Meaning there would be no way to validate the files, even if it had a valid certificate.

Let me bounce that same question to you, How do you know its real and most importantly not compromised in anyway or that its performing the way it should be? The answer is you do not really know only one guy know that true answer and that has been bguerville. So if he was worried about the certs expiring and its been a problem in the new setup (reason esc0rtd3w has mentioned recently i believe in this thread or the other one) then i would say that we listen to the guys who know better and how the toolset actually works and performs as they may have more importance or they may not..

 

[kostirez1]

--- JOKE ---

* Puts on a tinfoil hat*
Oh yeah, now I can clearly see it, now it makes complete sense. Bguerville got compromised by police, free masons and Russian forum owners and now is working for them to scam people and to set the New World Order. Now I must foil their evil plan by making another clone that would make the community more united.

"He was an IT person, and good at his job, but he committed the ultimate sin — and told people how to get the ** ** www.ps3xploit.net > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com) > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com zone back. Mods tried to kill him, but helped the scammers instead. Framed for the scams, now he prowls the badlands... an outlaw hunting outlaws... a bounty hunter... a renegade."
* Takes off the hat*

--- /JOKE ---

Back to the reality... Of course it's true there's no way to actually verify who manages the hosting at MochaHost and that @bguerville is the only person who really knows. But at the same time, what is the community supposed to do now? According to @bguerville and @esc0rtd3w, only domains got stolen, and Cloudflare authoritative servers were the place to get the right IP, before the zones got deleted from there that is. And that's the place I've got 198.38.94.115 from. There were no announcements about the hosting account being stolen, not when there was a workaround using Cloudflare, not even after. I also tried waiting a few weeks, but it's almost 3 months by now and users are impatient. And hey, I don't blame anybody, Bguerville must be working his ass off both in his personal life and to get the new hosting up and running. Huge respect to him that he never gave up.

Then there are our lovely Russian friends , who are publicly known to cause bricks, known to trade stolen console IDs. It's impossible to count how many people cried in homebrew related chats about bricking their stuff when using "official mirrors", now translated to Cyrillic of course. It was at least one person every other day, not counting those who never report it/ask about it. Meanwhile, there is the DNS server hosted by me, offering the original zone as it was when @bguerville said it should work (and it did). Out of ~1,500 requests, there were no complaints about bricked consoles, and again, there is no reason why there would be.

Rhetorical question: "If we cannot trust Bguerville to tell us if his hosting account got compromised, how are we supposed to trust him when he moves it to Malaysia, to a hosting company hosting black market shops with drugs and fake passports?"

But no, I'm the true con man now, even though half of this thread is about fighting clones, and the other one about people not willing to wait. It's still morally worse to point people to the last known location. Far worse than making countless clones filled with various modifications. Since at least with clones, you know for sure that you are going to brick your console. And it's even more dangerous when we cannot compare the risk, since there were no reports of bricked stuff out of 1,500 visits. It must be a statistical error hiding somewhere, and it's only an illusion at a first glance. More testing should be done before going public . Until then, let's stick to clones.

Again, if anyone requests me to take it down, I will be more than happy to do so. It costs me money, time, and now I'm the official super villain of this forum. At least I don't get any complaints from the actual users.

@bguerville thank you again for all the hard work you do for the community.

To elaborate more on the "certificate related" issues, there is no point in bothering them by asking, since you can easily check what the reason is.

PS3 browser supported TLS 1.2 cipher suites:
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
TLS_RSA_WITH_RC4_128_SHA (0x0005)
TLS_RSA_WITH_RC4_128_MD5 (0x0004)
TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

www.** ** www.ps3xploit.net > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com) > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com at MochaHost accepts the connection with:
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)

ps3xploit.me (the new hosting in Malaysia) refuses to connect with:
TLS1.2 - Handshake failure

Which can be then confirmed here by looking at "TLS 1.2 (suites in server-preferred order)":
https://www.ssllabs.com/ssltest/analyze.html?d=ps3xploit.me

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

None of them are supported by PS3, so unless the hosting allows weak and outdated cipher suites (unlikely considering what kind of other customers they host), there is no way how it could load over an encrypted connection. Other than that, the TLS certificate is trusted.

 

[STLcardsWS]

Back to the reality... Of course it's true there's no way to actually verify who manages the hosting at MochaHost and that @bguerville is the only person who really knows. But at the same time, what is the community supposed to do now? According to @bguerville and @esc0rtd3w, only domains got stolen, and Cloudflare authoritative servers were the place to get the right IP, before the zones got deleted from there that is. And that's the place I've got 198.38.94.115 from. There were no announcements about the hosting account being stolen, not when there was a workaround using Cloudflare, not even after. I also tried waiting a few weeks, but it's almost 3 months by now and users are impatient. And hey, I don't blame anybody, Bguerville must be working his ass off both in his personal life and to get the new hosting up and running. Huge respect to him that he never gave up.

There is PS3HEN so there is really no reason not to have patients or have these endless discussions about common sense vs risk.

Its not like the past for the PS3. where there was no other solutions but only a hardware flasher, like in 3.41 / 3.55 / 4.21 ....
Back then you updated you had nothing, These days you have PS3HEN a very capable jailbreak that 99% of the impatient have all features they use in CFW with PS3HEN.

https://www.psx-place.com/threads/ps3xploit-temporary-mirror-ps3xploit-me.38005/page-6#post-344589

To access the PS3 Toolset old domain, custom Cloudflare DNS won't help, SSL certificates could not be renewed without a functional domain so I removed ** ** www.ps3xploit.net > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com) > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com entries from CF.

There is no reason for all the tricks we have PS3HEN, I would say to everyone give the official dev the time and respect to get things sorted they have been thrown a bunch of curveballs trying to help everyone.

 

[Pooka]

There is no reason for all the tricks we have PS3HEN, I would say to everyone give the official dev the time and respect to get things sorted they have been thrown a bunch of curveballs trying to help everyone.

I'm sorry, but I wouldn't recommend PS3HEN to anyone who wants to use their PS3 to play PS2 games. I've been approached by a friend about how to make that happen, and I wasn't entirely against introducing her to PS3HEN, but if then I tell her she needs to convert her PS2 games to PS2 Classics and that it's a long messy process, honestly it's not worth the effort when her console is already a Backwards Compatible one.

There's two things I'd like to add here:
1) By using kostirez's DNS, we already respect bguerville by going straight to his work instead of clones. He still owns the server hosting bgtoolset and the whole suit of stuff, and as far as I understand networking, he still keeps the project running - the only obstacle is there's no easily accessible road to get to ps3xploit, but ps3xploit itself is still online.
2) People will always be impatient and will prefer to take any alternative solutions to get to what they want. Naturally, people will flock towards the better advertised clones, which aren't trustworthy at all with keeping your console ID safe or the console itself. It's more prudent to offer a way to access bguerville's own service, and save many people's consoles from getting bricked or their console IDs from being used by other people.

The point is, the ultimate disrespect to bguerville is these clone sites staying up as long as they did and will do. We can warn everyone from using these clones, but these warnings will fall on deaf ears because it's a "don't do" and not a solution to what people actually want. If instead we tell them "use this DNS to access the official bgtoolset", now that is the most effective way to get them from not going to those clone sites, because we'd have given them a real solution.

If bguerville himself deems that this DNS is for whatever reason disrespecting his work, then by all means, kostirez can take it down and move on. Until then, it's better not to presume what bguerville really wants until he actually appears, I think.

 

[STLcardsWS]

LoL thread closed at this point.
There is enough information for user's to decide for themselves..

The PS3 is not the best for PS2 Games, so kind of a weak argument to risk a console of justification for something in doubt.

Personally i would listen to the developer warnings and suggestions