Following up on his previous update and Flat_z's release earlier today, Spanish PlayStation 3 developer MiralaTijera has now made available the PS2 Classics keys and Cobra 6.0 4.30 PS3 CFW payload from the DRM-infected USB dongle by the notorious scene profiteers.
Download: http://pastie.org/private/txe12d4zyqxpsnyozbz0w / Cobra 6.0 4.30 PS3 CFW Payload (via pastie.org/private/ugnucdtw6dcb0bjjhxbq) / Cobra 6.0 4.30 PS3 CFW Payload (Mirror)
For those naive, it's no coincidence these PS2 keys and Cobra payload are just now mysteriously being released as the PS3 capitalistic pigs Max Louarn, Paul Owen and GaryOpa ready their next ripoff product for market this month and (once again) their True Blue cycle repeats on even more unsuspecting victims unfortunately.
To quote, roughly translated: payload 4.30 cobra 6.0 xDDDDDDDD
base = 0x8000000000540000
MiraElCobra what next?
Of the keys to what Flatz
Here the dongle detects the payload who send the instruction from the lv2 (0xAAAA 0xC0BA) and them one loop with a send cmd to the dongle...
VMC 64 E3 0D 19 A1 69 41 D6 77 E3 2E EB E0 7F 45 D2
ATA SEED D9 2D 65 DB 05 7D 49 E1 A6 6F 22 74 B8 BA C5 08 83 84 4E D7 56 CA 79 51 63 62 EA 8A DA C6 03 26
ECDSA PUBLIC 62 27 B0 0A 02 85 6F B0 41 08 87 67 19 E0 A0 18 32 91 EE B9 6E 73 6A BF 81 F7 0E E9 16 1B 0D DE B0 26 76 1A FF 7B C8 5B
DataKey 10 17 82 34 63 F4 68 C1 AA 41 D7 00 B1 40 F2 57
MetaKey 38 9D CB A5 20 3C 81 59 EC F9 4C 93 93 16 4C C9
Mira Miraaaaaa Miraaaalaaaaaaa
From haz367: Just for testing this payload..loaded the "payload.bin" using his 4.31CFW and Core 2.6.5 /update4 and it seems to inject payload into kernel, comparing lv1/lv2 dumps is a mess cuse it's always different.. log of payload loaded into kernel.. then what.. lol.. back to my psu.
seg010:80000000007F0830 ld r0, 0(r9)
seg010:80000000007F0834 ld r11, 0x10(r9)
seg010:80000000007F0838 mtctr r0
seg010:80000000007F083C ld r2, 8(r9)
seg010:80000000007F0844 ld r2, 0x90+var_68(r1)
seg010:80000000007F0848 li r11, -1
seg010:80000000007F084C mr. r4, r3
seg010:80000000007F0850 beq loc_0_80000000007F0A58
seg010:80000000007F0854 lis r0, -0x5556 # 0xAAAABAC0
seg010:80000000007F0858 lwz r9, 8(r4)
seg010:80000000007F085C mr r30, r4
seg010:80000000007F0860 ori r0, r0, 0xBAC0 # 0xAAAABAC0 --> USB PID ?
seg010:80000000007F0864 cmpw cr7, r9, r0
seg010:80000000007F0868 bne cr7, loc_0_80000000007F0880
seg010:80000000007F086C ld r9, off_0_8000000000340228 # unk_0_80000000002CF940
seg010:80000000007F0870 li r0, 1
seg010:80000000007F0874 li r11, 0
seg010:80000000007F0878 stw r0, 0(r9)
seg010:80000000007F087C b loc_0_80000000007F0A58
Finally, from ing_pereira (via elotrolado.net/hilo_informacion-sobre-ps2-classics-en-ps3_1862516_s40#p1731967660):
Core: Mount dev-rewrite Result (0x00000000)
Core: Payloader Called!!! Init subsystem
Core: Payloader copy and place on kernel the payload
Core: Payloader now place the hook on kernel
Core: syscall 36 is UP and all is OK, continue
Here I leave the source published by Flatz (Proof of concept of ps2 classics decryption, the. ENC, the encrypted virtual memory cards. VME and CONFIG file tweaks) with notes in English and the script. Py python already prepared with keys of miralatijera again who does or leaves much of the work.
The binary klicensee no texts as always, I remind you need python and well maybe the code has errors at some point but this desconosco it since I am still in the process of testing a classic ps2.
Use: ps2.py <ISO.BIN.ENC or CONFIG or SCEVMC*.VME> <klicensee_del_juego.bin>
This advanced for devs and theme they want to take a look at the issue of ps2 classics and encryption and decryption. Flatz With its analysis and work on the subject, miralatijera by keys.
More PlayStation 3 News...