Page 85 of 87 FirstFirst ... 35758384858687 LastLast
Results 841 to 850 of 861



  1. #841
    Member fantopoulos's Avatar
    Join Date
    Feb 2011
    Posts
    146
    say thank you you for everything they done in scene and be glad you get what you get, that makes me so mad, do i have any other siders in this, i know many if so give me a like this cheers, and stop pissing groups off especially the top of the top unreal, no brains whatsoever.

    oh and this ans this and all 4.11 + games gee willackers, support me on this contributors or higher give us a like this to so that we are united in this view do not ask stupidly unreal, i am vecked.

  2. #842
    Senior Member HeyManHRU's Avatar
    Join Date
    Dec 2010
    Posts
    3,010
    Well it looks like I was better off not getting the dongle after all.

  3. #843
    Registered User antinun's Avatar
    Join Date
    Oct 2010
    Posts
    3
    Great news!

  4. #844
    Member roeykarou's Avatar
    Join Date
    Jan 2012
    Posts
    69
    friends, i don't understand. is it the END for TB, or they going to upgrade the cracking (lets say, i don't know to play a 4.2V games) and come back again to the scene?

    i'm very confused on what happened to them and why they are very quiet...

  5. #845
    Senior Member Tidusnake666's Avatar
    Join Date
    Sep 2008
    Posts
    789
    It seems to me so. They'll pull out new TB CFW v3, new dongle payload, change DRM algo so all new games will still require TB.

    They won't quit the scene so easily.

  6. #846
    Senior Member niwakun's Avatar
    Join Date
    Jun 2009
    Posts
    528
    the thing here is that they didn't tell anything about the dongle itself, maybe they already pawned the dongle's security chip (ATMEL that is) and they didn't tell it publicly so once TB released something new (security or algo or something), DUPLEX, N0DRM or whatever can do the same to piss off the TB makers again and again.

    As always, if TB makers decided to do it all over again with new hardware to support their new security system, a lot of existing TB users will be pissed off for sure.

  7. #847
    Registered User shadoxi's Avatar
    Join Date
    Feb 2012
    Posts
    2

    True Blue USB Dongle PS3 ELF Dumper and Source Code Surfaces

    Following up on the previous update, today I am releasing my True Blue USB dongle PS3 ELF dumper which works with any PlayStation 3 Firmware greater than 3.56 to dump the encrypted TB EBOOT / ELF files once they are loaded.

    Download: True Blue USB Dongle PS3 ELF Dumper / True Blue USB Dongle PS3 ELF Dumper (Mirror) / True Blue USB Dongle PS3 ELF Dumper (Mirror #2) / True Blue USB Dongle PS3 ELF Dumper (Mirror #3) / True Blue USB Dongle PS3 ELF Dumper (Mirror #4) / True Blue USB Dongle PS3 ELF Dumper (Mirror #5) / True Blue USB Dongle PS3 ELF Dumper (Mirror #6) / http://pastie.org/pastes/4582351/text?key=7hrn1g60zcqp0qkmcvq0q / http://pastebin.com/zw6mFauf (Mirror) / UTEBOOT (DUMPEDBOOT.bin and DUMPEDBOOT1.bin) by arnes_king / Mass Effect 3 BLUS30853 RAMDUMP by gibson25 / TB ELF Dumper v2 (np_trp_prx.rar) / TB ELF Dumper v2 (Mirror) / DUMPEDBOOT PoC by mellss

    Tested on:
    • Original 355 -> ok
    • True Blue CFW v2 -> ok
    • ...

    There are some bugs (size of dump ...) but it works. It's ELF dumper from memory and it work with True Blue cfw v2 and any 3.55 firmware because it doesn't use lv2 peek/poke.

    Warning: It will not brick your ps3. But I am not responsible for any damage.

    HOWTO:
    • Enable dev_blind with multiman
    • copy libsysutil_np_trophy.sprx from /dev_blind/sys/external/external to dev_hdd0/ and rename it "orignal_libsysutil_np_trophy.sprx"
    • copy my modified "libsysutil_np_trophy.sprx" to /dev_blind/sys/external/
    • load a True blue game from multiman
    • exit multiman
    • run your game
    • wait few minutes (if you get black screen after 3 minutes reboot ps3)
    • exit game
    • go to ftp
    • in dev_hdd0/ there are your decrypted DUMPEDBOOT.bin
    • copy and rename it with another name.

    Howto uninstall patch - Two ways:
    • You could uninstall this patch by replacing modified libsysutil_np_trophy.sprx by orginal libsysutil_np_trophy.sprx
    • Or update in recovery mode

    Thanks to: Ps3dev

    Brief Guide:

    1 - Install TB ELF Dumper first as stated in its readme file.
    2 - Start Multiman, it will make a dump of multiman eboots, so you must delete it first by browsing to dev_hdd0 then delete all DUMPEDEBOOT.BIN files you found there.
    3 - Back to multiman game selection then select any TB game then launch it.
    4 - Start the game from XMB then wait for some times until game start.
    5 - Exit game now then start multiman again then browse to dev_hdd0 and now you must found a decrypted game dump.

    From PlayStation 3 developer deank (via pastebin.com/avcM5iuU) comes a revision as follows:

    Download: TB ELF Dumper v2 (np_trp_prx.rar) / TB ELF Dumper v2 (Mirror)
    Code:
    // Author: Shadoxi
    // Modified: :)
    
    // Backup the original /dev_flash/sys/external/libsysutil_np_trophy.sprx to /dev_hdd0
    // Replace /dev_blind/sys/external/libsysutil_np_trophy.sprx by this sprx
    
    
    #include <stdio.h>
    #include <stdlib.h>
    
    #include <cell/error.h>
    #include <cell/cell_fs.h>
    
    #include <sys/process.h>
    #include <sys/paths.h>
    #include <sys/prx.h>
    #include <sys/tty.h>
    
    SYS_MODULE_INFO (sceNpTrophyhook, 0, 1, 0 );
    SYS_MODULE_START( _start );
    SYS_MODULE_STOP ( _stop  );
    
    SYS_LIB_DECLARE( sceNpTrophyhook, SYS_LIB_AUTO_EXPORT | SYS_LIB_WEAK_IMPORT );
    SYS_LIB_EXPORT ( loader_sprx, sceNpTrophyhook );
    
    int _start(void);
    int _stop(void);
    void DumpELF_Payload(void);
    void loader_sprx(const char* PATH_PRX);
    
    static void write_message (char const * message)
    {
    	unsigned int write_length;
    	char const * end;
    	for (end = message; *end != '\0'; ++end);
    	sys_tty_write(SYS_TTYP_PPU_STDERR, message,end - message, &write_length);
    }
    
    void DumpELF_Payload(void)
    {
    	write_message("Dumping ELF from RAM...\n");
    	int fd;
    	uint64_t nread;
    	uint64_t ptr= 0x00010000ULL;		//ELF offset in RAM;
    	uint64_t sizeelf = 35*1024*1024;	//Need a way to get size of ELF
    
    	char dump_path[30]="/dev_hdd0/RAMDUMP-00.BIN";
    	for(uint8_t i=0; i<100; i++)
    	{
    		dump_path[18]=0x30+i/10;
    		dump_path[19]=0x30+i%10;
    		if (cellFsOpen(dump_path, CELL_FS_O_RDONLY, &fd, NULL, 0) != CELL_FS_SUCCEEDED)
    		{
    			cellFsOpen(dump_path, CELL_FS_O_CREAT|CELL_FS_O_RDWR|CELL_FS_O_TRUNC, &fd, NULL, 0);
    			cellFsWrite(fd, (void*)ptr, sizeelf, &nread);
    			cellFsClose(fd);
    			return;
    		}
    		else
    			cellFsClose(fd);
    	}
    	return;
    }
    
    void loader_sprx(const char* PATH_PRX)
    {
    	sys_prx_id_t prx_id ;
    	write_message ("Loading original prx... ");
    	prx_id = sys_prx_load_module(PATH_PRX, 0, NULL);
    	if (prx_id <= CELL_OK) 
    	{
    		write_message ("Failed!\n");
    		return;
    	} 
    	else
    		write_message ("Done!\n\nStarting module... ");
    
    	int modres;
    	if(sys_prx_start_module( prx_id, 0, NULL, &modres, 0, NULL) != CELL_OK)
    		write_message ("Failed!\n");
    }
    
    int _start(void)
    {
    	write_message ("By shadoxi\n");
    	DumpELF_Payload();
    
    	// place here original libsysutil_np_trophy.sprx
    	loader_sprx("/dev_hdd0/libsysutil_np_trophy.sprx");
    
    	return SYS_PRX_RESIDENT;
    }
    
    int _stop(void)
    {
    	return SYS_PRX_STOP_OK;
    }
    Changed:
    • Doesn't stop dumping when it reaches embedded ELF
    • Dumps 35MB of RAM in one write call (so it takes ~1 second)
    • Dumps are saved in /dev_hdd0/RAMDUMP-##.BIN where ## is from 00 to 99 for 100 sequential dumps
    • Doesn't really require the original sprx, since loading never succeeds anyway
    • Tested: dumps mM, Beyond Good&Evil HD PSN...
    • Rebuilding the original 'elf' takes few minutes if you know what you're doing

    Finally, from mellss: I tested shadoxi patch, in ofw 3.55 dex and 3.55 cfw it work fine (but like he said some buggy with size of dump). And also let him time to dump all memory!!! (it take for me around ~10 - 20 min !!!)

    Proof Of Concept:
    • Download: http://www.uploadmirrors.com/downloa...DUMPEDBOOT.zip
    • dumpedboot.bin -> decrypt EBOOT.bin fifa 953 ko (original eboot 68 ko) -> winhex offset of decrypted elf 0x0 to 0xEA60 ~61 ko
    • dumpedboot1.bin -> decrypt fifazf.elf 25 mo (original self 35 mo) -> need to increase size of dump to 35 mo

    I make a fself EBOOT.bin (4.11 dex) which load reencrypted (flself) shadoxi patch and YES his patch dump my eboot and also some 4.11 dex lib sprx !!! So if someone can run shadoxi or deank patch when a game is running we can get decrypted 4.xx EBOOT.

    I think TB team load the decrypted eboot to another offset in memory, that's why some of people get ps3 crash when TB was plugged. But, We can get this new offset by editing shadoxi exploit and print the address of a variable (stack address) to get the new one.

    True Blue USB Dongle PS3 ELF Dumper and Source Code Surfaces

    True Blue USB Dongle PS3 ELF Dumper and Source Code Surfaces

    More PlayStation 3 News...
    Attached Files Attached Files

  8. #848
    Registered User Asure's Avatar
    Join Date
    Dec 2007
    Posts
    5
    shadoxi we can figure out the original ELF size using SCEtool to get this info right? (find start of elf64 header, + size = end of elf)

    Example
    Code:
    scetool -i tb_eboot.bin
    [*] ELF64 Header:
     Program Headers Offset 0x0000000000000040
     Section Headers Offset 0x00000000017EC228
    Then we know the section headers start at 0x17EC228

    Last section STRTAB:
    Code:
    [*] ELF64 Section Headers:
     Idx Name Type          Flags Address    Offset   Size     ES   Align    LK
    029 0001 STRTAB        ---   00000000   017EC0F7 0000012C 0000 00000001 000
    So elf ends at 0x17EC0F7 + 0x12C. We add padding to 0x17EC228, and insert clean elf64 section headerd dump from original eboot.bin, right? Or does this dump ELF+section headers+some extra stuff we can cut off?

    Anybody care to post a dumped elf (raw, with this tool) so i can look at it?

  9. #849
    Member fantopoulos's Avatar
    Join Date
    Feb 2011
    Posts
    146
    i have a true blue will do my best to get a dump for you to proceed where we were stuck for a long time but no it seems like we are going uphill again thanks shadoxi for starting this elf dumper , amazing work cheers triple thumbs up

  10. #850
    Contributor imajei's Avatar
    Join Date
    Jan 2012
    Posts
    16

    Idea

    I don't have a dongle so can someone with a tb upload a decrypted ghost recon eboot i have an idea please

    thats a pretty please i'm bored and need something to do thanx to the good ol community lol.

    do i need a tb dongle to do this?
    Last edited by imajei; 08-24-2012 at 10:43 PM Reason: Automerged Doublepost