Sponsored Links

Sponsored Links

Page 70 of 87 FirstFirst ... 2060686970717280 ... LastLast
Results 691 to 700 of 861



  1. #691
    Junior Member mellss's Avatar
    Join Date
    Oct 2011
    Posts
    19
    Sponsored Links

    True Blue (TB) and Cobra PS3 JB2 DRM Dongle Payloads WIP

    Sponsored Links
    Following up on the previous True Blue (TB) PS3 JailBreak 2 (JB2) DRM-infected dongle news comes a WIP update from Shadoxi on dumping and decrypting the TB and Cobra payloads below, as follows:

    Download: [Register or Login to view links] (2.84 MB) / [Register or Login to view links] (2.84 MB - Mirror) / [Register or Login to view links] (2.84 MB - Mirror) / [Register or Login to view links] (172.19 MB)

    I have figured out where the payload is located of the TB and Cobra dongles. You can find it at offset @360000 in lv2_kernel and 7f0000 in PS3 memory. According to the PS3 Developer Wiki (ps3devwiki.com/index.php/ReDRM_/_Piracy_dongles) the LV2 dump payload at 0x7f0000 has also been decrypted @ LV2 dump 0x7f0000 (pastebin.com/3VG76HQs)

    Drag and drop payload in [Register or Login to view links] and load it in Binary file mode, Processor type PPC.Press "C" to convert in ASM code.

    First of all you need to edit the header of lv2_kernel.self (from CFW TrueBlue) at offset 0x1D, replace 36 1A 00 by 4C FC F0. And decrypt it with unself tool from fail0verflow. Open lv2_kernel.elf with IDA Pro (in binary file mode), go to offset 360000 and press "C" to convert to asm code.

    TrueBlue use some HVCALL:
    • lv1_insert_htab_entry
    • lv1_undocumented_function_114
    • lv1_undocumented_function_115
    • lv1_allocate_device_dma_region
    • lv1_map_device_dma_region
    • lv1_net_start_tx_dma
    • lv1_net_control
    • lv1_panic (shutdown ps3 when TB is unplugged)

    This payload do some HVCALL:
    • lv1_insert_htab_entry (map lv1)
    • lv1_allocate_device_dma_region (?)
    • lv1_map_device_dma_region (?)
    • lv1_net_start_tx_dma (?)
    • lv1_net_control (?)
    • lv1_panic (shutdown ps3 when TrueBlue dongle is unplugged)
    • lv1_undocumented_function_114 (map lv1)
    • lv1_undocumented_function_115 (unmap lv1)

    We needed to dump lv2 and lv1 memory when the dongle is plugged in, so I created a modified TB CFW with peek and poke syscall. It works fine !

    Finally, from the MFW_TrueBLue.zip ReadMe file: Warning this mfw can brick your dongle !!!
    • First install PS3PEEKTEST.pkg
    • Install MFW TrueBlue firmware in recovery mode
    • Start ps3peektest

    If Peek Result is equal to 10 and true blue light is green -> work.

    True Blue (TB) and Cobra PS3 JB2 DRM Dongle Payloads WIP

    More PlayStation 3 News...
    Attached Thumbnails<br><br> Attached Thumbnails

    idahvcall.png  
    Attached Files Attached Files

  2. #692
    Junior Member hawkY's Avatar
    Join Date
    Apr 2011
    Posts
    61
    Sponsored Links
    Sponsored Links
    I cannot fully understand , where does it all lead to ?

  3. #693
    Senior Member DaedalusMinion's Avatar
    Join Date
    Sep 2010
    Posts
    356
    Sponsored Links
    Sponsored Links
    It leads to a CFW 3.55 that can play 3.60+ games.

  4. #694
    Senior Member cfwprophet's Avatar
    Join Date
    Jul 2008
    Posts
    1,815
    I'm doubt cause the dongle do some drm crypto stuff but beside that nice found and thx for sharing. But on the other heand if some one with a bit more knowledge on that would write a payload it could lead to 3.6+ games.

  5. #695
    Member Zentsuken's Avatar
    Join Date
    Sep 2010
    Posts
    116
    Yep, basically with these payloads, they could be built into a cfw and thus you would no longer need the USB devices. This is exactly what happened with the first "jailbreak" on 3.41, and how the "CFW" for 3.55 was born.

    I can't wait to hear more. I was giving up hope.

  6. #696
    Junior Member mellss's Avatar
    Join Date
    Oct 2011
    Posts
    19
    Yeah, these payloads will lead to play 3.6+ games. And it will also lead to implement in cfw 3.55 (without dongle).

    Shadoxi successfully added peek and poke syscall in TB CFW. And now he can dump lv1 and lv2 memory.
    Last edited by mellss; 02-17-2012 at 05:25 PM Reason: Automerged Doublepost

  7. #697
    Contributor 1one's Avatar
    Join Date
    Feb 2012
    Posts
    7
    Thanks for the info

  8. #698
    Junior Member hawkY's Avatar
    Join Date
    Apr 2011
    Posts
    61
    So will Shadoxi continue to work on it ? or did he just release this for someone else to do it ???

  9. #699
    Junior Member mellss's Avatar
    Join Date
    Oct 2011
    Posts
    19
    I don't know if he will continue to work on it. But now, i think it would not be so difficult to reverse these dongles. Particularly the Cobra dongle has much similarity with the PSJailbreak dongle.

  10. #700
    Junior Member hawkY's Avatar
    Join Date
    Apr 2011
    Posts
    61
    Anyway man someone HAS to do it , this is a new hope and a great opportunity for the scene, thank you man for delivering this news !

 

Sponsored Links

Page 70 of 87 FirstFirst ... 2060686970717280 ... LastLast
Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News