Sponsored Links

Sponsored Links

Page 86 of 87 FirstFirst ... 367684858687 LastLast
Results 851 to 860 of 861



  1. #851
    Registered User violato135's Avatar
    Join Date
    Aug 2012
    Posts
    2
    Sponsored Links
    Sponsored Links
    Can I NOT use a dongle and jailbreak a ps3 without it???

  2. #852
    Senior Member Brenza's Avatar
    Join Date
    Sep 2010
    Posts
    303
    Sponsored Links
    Sponsored Links
    You shouldn't have released it... now they'll fix the exploit! >.>

  3. #853
    Senior Member StanSmith's Avatar
    Join Date
    Feb 2012
    Posts
    667
    Sponsored Links
    Sponsored Links
    So I used this and dumped 2 files from Ghost Recon FS. Now what?

    They aren't near the size of the eboot.bin so what are they good for?

  4. #854
    Senior Member technodon's Avatar
    Join Date
    Sep 2010
    Posts
    411
    woah, this is great! wondering if it would be possible to make this a fself so it runs on debug 4.20 then you could boot a game and get a .elf

  5. #855
    Senior Member StanSmith's Avatar
    Join Date
    Feb 2012
    Posts
    667
    Again, I have the 2 files. What do I do now? They aren't the eboot as they are both too small. Does this just dump memory or decrypt the eboot? I dont understand what its supposed to do and why its so good?

    BTW Here are the dumped files from TC Ghost Recon Future Soldier.

    [Register or Login to view links]
    Last edited by StanSmith; 08-25-2012 at 12:40 PM Reason: Automerged Doublepost

  6. #856
    Junior Member mellss's Avatar
    Join Date
    Oct 2011
    Posts
    19
    Here are the dumped files from fifa 12:

    [Register or Login to view links]

    -dumpedboot.bin -> decrypt EBOOT.bin fifa 953 ko (original eboot 68 ko)
    -dumpedboot1.bin -> decrypt fifazf.elf 25 mo (original self 35 mo)

    It work fine, just let it to dump all memory (until hdd led is off)

    we have to increase size of dump uint64_t sizeelf = 25*1024*1024 ; -> uint64_t sizeelf = 35*1024*1024 ;
    Last edited by mellss; 08-25-2012 at 12:57 PM Reason: Automerged Doublepost

  7. #857
    Contributor imajei's Avatar
    Join Date
    Jan 2012
    Posts
    16

    Cool

    Can you do ghost recon eboot? please

  8. #858
    Senior Member StanSmith's Avatar
    Join Date
    Feb 2012
    Posts
    667
    I just tried V2 and it doesn't work.

    I load up Multiman, select Ghost Recon FS and it goes backt o XMB like normal.
    I try to run GRFS and it black screens and locks up.
    I reboot and load up multiman and it also black screens and locks up.
    I reboot WITHOUT the dongle and it finally loads MM.
    I copy the file over to the PC, convert from ELF to BIN, put it in GRFS folder.
    I reboot WITH the dongle. goto MM select GRFS go back to XMB.
    I run GRFS from DVD. It loads up Multiman.

    I tried this 3 times and each time its the dump of Multiman NOT GRFS. And the file DOESN'T go, 00, 01, 02 etc, there is only 1 file and its 00. At least v1 gave multiple files but I couldn't get GRFS to work without the tb patched files.
    Last edited by StanSmith; 08-26-2012 at 02:11 PM Reason: Automerged Doublepost

  9. #859
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    27,730

    True Blue PS3 Disc BCA Codes Leaked By OxweB, Deemed Useless

    Today /GriFFin reports that OxweB has apparently leaked the True Blue PS3 disc BCA codes (although curiously a source wasn't specified), however, they are now conveniently deemed useless as the DRM-infected USB dongle itself.

    To quote: When the True Blue dongle first launched last year, it was originally using 'special' blu-ray discs to play games, instead of just DRMencoded eboots on the HDD.

    But even after all the Paradox releases, there was a few games that only were available still on 'special' blu-ray discs. Over the course of last year, various groups try to figure out how to copy these discs, as they were sadly pirate stores that wish to sell them to their customers. Finally have much research the BD-Rom marks called 'BCA Codes' were figured out so they could by copied on normal blu-ray burner.

    And now an person by the name 'OxweB' has leaked them onto the 'net, as basically they are useless now, but still it is part of sad scene PS3 history!

    These are BCA codes off the TB discs (the barcode on the inner part of the disc).

    You to can read them off the disc yourself with a scanner or magnifying glass, they are in binary format (skinny line = 0, Fat line = 1). Binary to HEX and there you go, a code almost ready to be stamped on to a BD-R.

    *Note - It's not that simple for regular retail games as there is still the PIC Zone to contend with.
    **Note - I realize these aren't overly useful but it's information which is all worth it in the long run.

    RESISTANCE 3
    Code:
    041E1015D0001520
    11030800364995AE
    041E1015D0001520
    11030800364995AE
    FC42445201120100
    0000000000000000
    FC42445201120100
    0000000000000000
    DISGEA 4
    Code:
    041E1015D0001620
    110308101021C054
    041E1015D0001620
    110308101021C054
    FC42445201120100
    0000000000000000
    FC42445201120100
    0000000000000000
    FIFA2012
    Code:
    041E1015D0001620
    110310005010EBD2
    041E1015D0001620
    110310005010EBD2
    FC42445201120100
    0000000000000000
    FC42445201120100
    0000000000000000
    PES2012
    Code:
    041E1015D0001520
    110309053550B929
    041E1015D0001520
    110309053550B929
    FC42445201120100
    0000000000000000
    FC42445201120100
    0000000000000000
    XMEN DESTINY
    Code:
    041E1015D0001520
    1103070035337952
    041E1015D0001520
    1103070035337952
    FC42445201120100
    0000000000000000
    FC42445201120100
    0000000000000000
    BATMAN ARKHAN CITY
    Code:
    041E100D00000000
    0000000000230611
    FC42445201120100
    0000000000000000
    041E100D00000000
    0000000000230611
    FC42445201120100
    0000000000000000
    Finally, in related news from GoD]oF[WaR (via nextgenupdate.com/forums/playstation-3-exploits-hacks/583397-bca.html#post4685403) to quote:

    I have done more research on BCA codes, they seem to be the new protection put on games, meaning with these values they can be cracked, and possibly pirated to even non-jailbroken systems.

    For those unaware, BCA is the new protection utilized in newer games and with a future editor you can have the BCA codes to use with the a loader which can patch games to run without the needed keys.

    There will be a patch released for each game, which is basically 64 bytes of BCA data in the form of a separate text file, that will come with the ISO file (this obviously only applies to scene releases)

    IF you have access to a retail copy of the game, then you can obtain the BCA code yourself to patch the game.

    Changelog, roughly translated:
    • New IOS 38 base. dev/mload with powerful features and EHCI driver based in interruptions and more stable
    • Support for DVD USB Devices: It can run only DVD backups from .iso (original don't work because DVD drivers don't support the Wii format). Remember you must insert a DVD to work at start the program.
    • Support for BCA datas. You can add it from .ISO offset 0x100 (64 bytes). If this area is filled with zeroes it use one BCA by default (NSMB compatible).
    • New ioctl 0xda function supported in dip_plugin and new option added for
    • DVD mode to read the BCA Datas from the original DVD
    • Support to load games from DVD with alternative DOL (press '2' without
    • USB device or press the DVD icon from the upper-right corner in the selection game screen)
    • Support for SD and USB FAT/FAT32: Now you can use cheats codes and loads alternative .dol from the USB 2.0 device (FAT partition is required)
    • Added alternative dol loader (now support for 5+ dols) for games as Red Steel and othrers (see readme.txt) , New error 002 patch and videomode autodetection patch (for PAL2NTSC, NTSC2PAL and NTSC2PAL60 (use F. PAL60 for this))
    • Added direct access for Dol Alternative selection
    • You can load differents ehcmodule.elf from sd:/apps/uloader/
    • Parental control added: by default the password is 00000 (the last 0 is the 'ENTER', so you can program as new password as XXXX0 ). You can change it from special menu pressing HOME. You can exits from the password box pressing B. Parental control list the last 8 games launched with date/time, enables the password box and fix a new password. Now 00000 disables the Parental Control
    • Support for covers (less than 200KB 160x224). You can download from internet or adquire covers from the curren tfolder in the SD automatically
    • Added one option to delete PNG icons/covers
    • Some bugs fixed (bug with no modchip game instal, for examplel)
    • Support for multiples WBFS partitions (max 4).
    • Possiblity to use the alternative cIOS 223 (only to launch games)
    • Added one option to rename games
    • Added one option to record the cheats selected from txt files
    • New usb code and more!

    The above thread gives information on BCA codes for the Wii, which could also apply to PS3 games in the same way. Meaning these BCA codes could lead to easily pirating games on all consoles who utilize the BCA algorithm.

    After further research, I am under the suspicion that these BCA codes are in fact a lead to playing pirated games (3.60+ games burned to BD/Launched via USB or external HDD - played on 3.55 WITHOUT CFW) possibly on current firmwares with a real developer at hand.

    Basically these BCA codes could lead to playing these burned ISO images on 3.55 (No CFW; without 3.60+ keys) and possibly current firmwares.

    The BCA codes that True Blue "leaked" are actually the codes to games that have been tested and work on 3.55 OFW. With the use of a new true blue dongle (JB2/Jailbreak2), games played off the BD without 3.60+ keys.

    The games that have been tested are the ones listed below;
    • Fifa 2012
    • Pes 2012
    • Driver san Fransisco
    • God of war Origin
    • X-men Destiny
    • Sniper ghost warrior

    Games that are in process of being tested;
    • Resistance 2
    • Disgaea 2
    • Batman Arkham City

    POC:




    True Blue PS3 Disc BCA Codes Leaked By OxweB, Deemed Useless

    More PlayStation 3 News...

  10. #860
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    27,730

    Video: PSN Back Online for PS3 3.55 TB CFW Using Spoof Method

    Below is a video from dantezteam (via twitter.com/dantezteam/status/244856386469638144) demonstrating what appears to be PSN back online for PS3 3.55 TB CFW using a ppoof method.

    The video shows today's date (September 9, 2012) with him downloading files from Sony's PS Store while being connected to PlayStation Network using a new PSN passphrase that has surfaced in encrypted and decrypted format (via ps3devwiki.com/wiki/Online_Connections#Online_Connections).

    3.55 / 3.56: saktdlMapxsbsghmq5dhlwrmtsicyijmzntqaLcpgd8ybbetdm sha=jm
    Code:
    09138F12484EA4F0D04CEDF4B82280E4
    3CB588767503D5EFB170AA194D427D4F
    CAD86C5A2BE0C38074228675105D4099
    630138067959B9629653DD677D244FA3
    3.60 / 3.61 / 3.65 / 3.66: c4ce4023bd7e0345feeb0dca80caf487a03b4545a8230a5d41 fe9855

    3.70 / 3.72 / 3.73 / 3.74 / 4.00: f81c4c14a0cd2c2dc566a885136fd5b51ca847cbb70fcc296b 24ec20

    4.10 / 4.11: 0e444f4dbd92145de39ab5bff3a23071f9d44db7bcf13e8c45 5c81f1
    Code:
    49E4B56D14FE48B9D1877FDF1CE0C621
    A3742C45678B694D32C0DCD9404FB8F6
    12E0603C37209D8B93716CD709C82021
    D7E5246A36BEE099A10E8F400D8E0D95
    4.20 / 4.21: t2wSyoqasqb_wndpmdmbhputnokghlupgtpighyrsygfbmrsec tfkqOb
    Code:
    2D445C392753C85067B9B56ED883B27C
    9E5C26973A949E4F4AA144B40483A0FC
    A8F2069BD47F81FDEC413BBE4EF26573
    9008294F6149FE5D6174D99FA8E59C9C
    From Twitter: TB dongle is not needed works on rebug or kmeaw etc .. The method is turn on fake plus go to store and buy plus free games

    From hellsing9: Games, PSTORE. (Someone signs out) Borderlands downloading. Closes PSSTORE.

    He is on DEX, uses FAKE PLUS and points the finger showing is ON with a CFW (according to him) 3.55 TB spoof.

    In short: He bought borderlands in the video via DEX with PLUS option ON... For me is just another attemp to troll or to give some life to TB, since he says he is using CFW TB 3.55 Spoof. And in the part description he says later I will add the Web.

    So he avoided so far any download link and surveys because he knows what happens next: youtube.com/user/dantezteam

    From dantezteam comes a FckPSN revision by Chinese developer Luckystar (via bbs.duowan.com/thread-28656355-1-1.html): [Register or Login to view links] / [Register or Login to view links] (Mirror) / [Register or Login to view links] (Mirror #2)

    Here is the upstreams and video for those interested: ustream.tv/recorded/25308408 and ustream.tv/recorded/25328218





    Finally, below is what redcfw claims is a real TB2 LV2 dump for those interested:

    Download: [Register or Login to view links]

    ALL TB2LV2 DUMPs posted before were FAKE!! tb2.51 lv2 dumped on Mar 2012. folks, feel free to study it.

    some IDA list
    Code:
    pl2:8000000000528EFC getKeyV5_:                              # DATA XREF: pl2:off_8000000000539F78o
    pl2:8000000000528EFC
    pl2:8000000000528EFC .set var_358, -0x358
    pl2:8000000000528EFC .set var_310, -0x310
    pl2:8000000000528EFC .set var_308, -0x308
    pl2:8000000000528EFC .set var_300, -0x300
    pl2:8000000000528EFC .set var_2F0, -0x2F0
    pl2:8000000000528EFC .set var_2E0, -0x2E0
    pl2:8000000000528EFC .set var_2D0, -0x2D0
    pl2:8000000000528EFC .set var_2BC, -0x2BC
    pl2:8000000000528EFC .set var_264, -0x264
    pl2:8000000000528EFC .set var_200, -0x200
    pl2:8000000000528EFC .set var_1FC, -0x1FC
    pl2:8000000000528EFC .set var_1F8, -0x1F8
    pl2:8000000000528EFC .set var_1E8, -0x1E8
    pl2:8000000000528EFC .set var_140, -0x140
    pl2:8000000000528EFC
    pl2:8000000000528EFC                 mflr      r0
    pl2:8000000000528F00                 bl        save_r24_r31r0
    pl2:8000000000528F04                 ld        r30, off_8000000000538F08 # byte_8000000000537C88
    pl2:8000000000528F08                 .using byte_8000000000537C88, r30
    pl2:8000000000528F08                 stdu      r1, -0x380(r1) # ver  == 5 getkey
    pl2:8000000000528F0C                 mr        r31, r3       # r31 ptr = copy from sce+0x980 len =0x100
    pl2:8000000000528F10                 addi      r29, r1, 0x240
    pl2:8000000000528F14                 mr        r3, r30
    pl2:8000000000528F18                 mr        r27, r4       # r4 = 0x100
    pl2:8000000000528F1C                 mr        r28, r5       # r5 qword_8000000000538670
    pl2:8000000000528F20                 mr        r4, r30
    pl2:8000000000528F24                 li        r5, 0x10
    pl2:8000000000528F28                 bl        encKey        # in byte_8000000000537C88:.byte 0x8A, 0x97, 0xB7, 0x2C, 0xC1, 0x10, 0x62, 0x22, 0x7B, 0x33, 0x39, 0xCB, 0x61, 0x2E, 0x80, 0xE9
    pl2:8000000000528F28                                         # out 00000470h: 4C 79 E1 8F 34 A9 D6 7D 74 33 9C D7 5D 09 20 B7 ; 
    pl2:8000000000528F2C                 nop
    pl2:8000000000528F30                 mr        r5, r29       # r1+0x240
    pl2:8000000000528F34                 mr        r3, r30       # 4c 79 ..
    pl2:8000000000528F38                 li        r4, 0x80
    pl2:8000000000528F3C                 bl        sub_800000000052F278
    pl2:8000000000528F40                 nop
    pl2:8000000000528F44                 mr        r3, r30
    pl2:8000000000528F48                 mr        r4, r30       # restore key
    pl2:8000000000528F4C                 li        r5, 0x10
    pl2:8000000000528F50                 addi      r30, r31, 0x10 # in r3+0x10
    pl2:8000000000528F54                 bl        encKey        # 000007b0h: 4C 79 E1 8F 34 A9 D6 7D 74 33 9C D7 5D 09 20 B7
    pl2:8000000000528F54                                         # 000007f0h: 8A 97 B7 2C C1 10 62 22 7B 33 39 CB 61 2E 80 E9
    pl2:8000000000528F58                 nop
    pl2:8000000000528F5C                 addi      r5, r27, -0x10 # r5 = 0x100 -0x10
    pl2:8000000000528F60                 mr        r6, r29       # r1+0x240
    pl2:8000000000528F64                 mr        r3, r30       # r30=byte_8000000000537C88
    pl2:8000000000528F68                 mr        r4, r30
    pl2:8000000000528F6C                 extsw     r5, r5        # r5=0xf0
    pl2:8000000000528F70                 mr        r7, r31       # in r3+0x10
    how to hook decKey?
    Code:
    #####################patch tb2 lv2 plugin##########################
    .set jb2pBASE, 0x8000000000700000
    .set jb2pTOC , 0x7000
    .set hookDNum, 0
    .align 4
    hookT:
    		#patchtbl
    		.quad jb2pBASE,hooks-hookT,hook_data-hooks
    		.quad 0x8000000000520568,pt520568-hookT,8
    		.quad 0x80000000005205e8,pt5205e8-hookT,8
    		.quad 0
    pt520568:
    		bl pt520568+((hook_520568-hooks)+jb2pBASE-0x8000000000520568)
    		#.long 0x48000001 | ((hook_520568-hooks)+jb2pBASE-0x8000000000520568)
    		lwz       r4, 8(r11)
    pt5205e8:
    		bl pt5205e8+((hook_520568-hooks)+jb2pBASE-0x80000000005205e8)
    		#.long 0x48000001 | ((hook_520568-hooks)+jb2pBASE-0x80000000005205e8)
    		lwz       r4, 8(r11)
    		
    
    #jb2pBASE
    .align 4
    hooks:
    hookDNum_ptr:
    		.quad hookDNum
    hook_data_ptr:
    		.quad hook_data-hooks+jb2pBASE
    
    hook_encKey_ptr:		
    		.quad 0x8000000000533470
    hook_encKey_callin_ptr:		
    		.quad 0x800000000052056C
    		
    hook_encKey_ptr_n0:		
    		.quad 0x8000000000523f14
    hook_encKey_ptr_n1:		
    		.quad 0x8000000000524004
    hook_encKey_ptr_n2:		
    		.quad 0x8000000000523fc0 # newcode
    hook_encKey_ptr_tl0:		
    		.quad 0x80000000005243e4
    hook_encKey_ptr_tl1:		
    		.quad 0x8000000000524428
    
    hook_TEA_dec_ptr:
    		.quad 0x8000000000533450
    hook_encTEA2_dec_ptr:
    		.quad 0x8000000000533220
    		
    encKeySi:.string "encKeyI"
    encKeySo:.string "encKeyO"
    TEAdecS: .string "TEAdec "
    encTEA2S:.string "encTEA2"
    				
    		# secret prg run before
    hook_520568:
    		lis	r8,-0x8000
    		sldi    r8, r8, 32
    		oris	r8, r8,(jb2pBASE+jb2pTOC)@h
    		ori 	r8, r8,(jb2pBASE+jb2pTOC)@l
    		
    		ld	r10, (hook_data_ptr-hooks-jb2pTOC)(r8)
    		ld	r9,  (hookDNum_ptr-hooks-jb2pTOC)(r8)
    		add	r10, r10, r9
    		
    		lis	r11,0xc #r11 0xc00000
    		
    		cmpld	cr7,r9,r11		
    		bgt	cr7,hook_520568_exit
    		
    		ld      r11, 0x70(r1)
    
    .if 0	# dis all call
    		std	r11, 0(r10)
    		addi	r10,r10,8
    		addi	r9,r9,8
    		b 	hook_520568_exit
    .endif
    #####################################################		
    hook_encKey:
    		ld	r4, (hook_encKey_ptr-hooks-jb2pTOC)(r8)
    		cmpld	cr7,r4,r11
    		bne	cr7,hook_TEA_dec
    .if 1
    ################dis normal
    		ld	r4,(hook_encKey_ptr_n0-hooks-jb2pTOC)(r8)
    		ld	r5,0xa0(r1)
    		cmpld	cr7,r4,r5  #dont hook hook_encKey_ptr_n0
    		beq	cr7,hook_TEA_dec
    	.if 1
    		ld	r4,(hook_encKey_ptr_n1-hooks-jb2pTOC)(r8)
    		ld	r5,0xa0(r1)
    		cmpld	cr7,r4,r5  #dont hook hook_encKey_ptr_n0
    		beq	cr7,hook_TEA_dec
    	.endif
    	.if 1
    		ld	r4,(hook_encKey_ptr_n2-hooks-jb2pTOC)(r8)
    		ld	r5,0xa0(r1)
    		cmpld	cr7,r4,r5  #dont hook hook_encKey_ptr_n0
    		beq	cr7,hook_TEA_dec
    	.endif
    		
    .endif
    ...
    		b	hook_520568_exit
    #######################################################
    hook_TEA_dec:
    		ld	r4, (hook_TEA_dec_ptr-hooks-jb2pTOC)(r8)
    		cmpld	cr7,r4,r11
    		bne	cr7,hook_encTEA2
    		# wname
    ...				
    		b	hook_520568_exit
    ############################################################
    hook_encTEA2:
    		ld	r4, (hook_encTEA2_dec_ptr-hooks-jb2pTOC)(r8)
    		cmpld	cr7,r4,r11
    		bne	cr7,hook_520568_exit
    		# wname
    ......
    hook_520568_exit:
    		std	r9,  (hookDNum_ptr-hooks-jb2pTOC)(r8)
    		ld	r11, 0x70(r1)
    		blr
    		
    .align	4
    hook_data:	
    hookTe:
    Attached Files Attached Files

 

Sponsored Links
Page 86 of 87 FirstFirst ... 367684858687 LastLast
Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News