This module implements TLS for the Vita in most use cases (including PSN access). Notably, WebKit does not seem to use this but it shares the CA list in vs0:data/external/cert/CA_LIST.cer
. CA_LIST.cer includes all the usual root CAs and in addition, 5 SCE signed ROOT CAs. Note that because the SCE root CAs are also used in WebKit and other apps (email for example), it is possible for Sony to do a MITM attack on any of their users. This is a privacy hole for users, but it seems that the same policy is in place in PSP, PS3, and likely PS4 as well. Although CA_LIST.cer is unsigned, just like in later PS3 firmwares, Sony stores the hash of all certificates in SceLibSsl (which itself is signed). This makes an theoretical attack of adding a root CA on an updated Vita in order to extract the platform passphrase impossible.
Module
Known NIDs
Version |
Name |
World |
Privilege |
NID
|
3.60 |
SceLibSsl |
Non-secure |
User |
0x9CD6CA85
|
Libraries
Known NIDs
Version |
Name |
World |
Visibility |
NID
|
3.60 |
SceSsl |
Non-secure |
User |
0xCAF5F2E9
|
3.60 |
SceSslInternal |
Non-secure |
User |
0x68D6C3FF
|
SceSslInternal
Internal Get CA
Obtains a certificate from vs0:data/external/cert/CA_LIST.cer
. If unk
, buf
, and unk2
are zero, then get the size of the certificate. Otherwise, load the certificate (PEM) into buf
. The file offset and size in CA_LIST.cer
is hard coded into the function for each given id pair. There is also a hard coded list of SHA1 hashes for each certificate that is checked against before returning.
Version
|
NID
|
3.60
|
0x064DFC99
|
int internal_get_ca(int id1, int id2, int unk, char *buf, int unk2, size_t *size);