Rumor: PS3 JailBreak 2 v3.55 Dongle Plays v3.60+ Game Backups?

[absarhegde]

Ok!!! i have this question can PSJB 1 dongle be upgraded with this pkg?

[Tidusnake666]

I posted this here also, but it probably fits better in this thread so here goes:

Thanks for the links guys (although I doubt this program will help us, but who knows)

Reporting in (Maybe someone had already done this and this is no big news, still, anyways):

0. I studied Paradox's EBOOT from portal 2 from the links on the second post (http://www.mediafire.com/?dt9a3biyr4uzyyd)
1. EBOOT.BIN supplied is fself (debug self?), 0x8000 maker at the 8th byte from the beginning.
2. SCEverifyrefused to read eboot's info, said that it's "devkit file"
3. readself gave next results:

Code:

SELF header
  elf #1 offset:  00000000_00000090
  header len:     00000000_00000980
  meta offset:    00000000_00000410
  phdr offset:    00000000_00000040
  shdr offset:    00000000_000a6ea6
  file size:      00000000_000ac650
  auth id:        10100000_01000003 (Unknown)
  vendor id:      01000002
  info offset:    00000000_00000070
  sinfo offset:   00000000_00000290
  version offset: 00000000_00000390
  control info:   00000000_000003c0 (00000000_00000070 bytes)
  app version:    1.0.0
  SDK type:       Devkit
  app type:       application

Control info
  control flags:
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  file digest:
     62 7c b1 80 8a b9 38 e3 2c 8c 09 17 08 72 6a 57 9e 25 86 e4
     bc 7b 00 1e e0 3f 1a ec 9b 9c 90 ff e2 5f 1a 89 9d 05 e7 13

Section header
    offset             size              compressed unk1     unk2     encrypted
    00000000_00000980  00000000_0009a6e0 [NO ]      00000000 00000000 [NO ]
    00000000_0009b060  00000000_00008eb4 [NO ]      00000000 00000000 [NO ]
    00000000_000a3f1a  00000000_00000000 [NO ]      00000000 00000000 [YES]
    00000000_000a3f1a  00000000_00000000 [NO ]      00000000 00000000 [YES]
    00000000_000a3f1a  00000000_00000000 [NO ]      00000000 00000000 [YES]
    00000000_00000000  00000000_000000e0 [NO ]      00000000 00000000 [N/A]
    00000000_00000000  00000000_00000028 [NO ]      00000000 00000000 [N/A]
    00000000_00000000  00000000_00000040 [NO ]      00000000 00000000 [N/A]

Encrypted Metadata
  no encrypted metadata in fselfs.

ELF header
  type:                                 Executable file
  machine:                              PowerPC64
  version:                              1
  phdr offset:                          00000000_00000040
  shdr offset:                          00000000_000abed0
  entry:                                00000000_000b1180
  flags:                                00000000
  header size:                          00000040
  program header size:                  00000038
  program headers:                      8
  section header size:                  00000040
  section headers:                      30
  section header string table index:    29

Program headers
    type  offset            vaddr             paddr
          memsize           filesize          PPU  SPE  RSX  align
     LOAD 00000000_00000000 00000000_00010000 00000000_00010000
          00000000_0009a6e0 00000000_0009a6e0 r-x  r--  ---  00000000_00010000
     LOAD 00000000_000a0000 00000000_000b0000 00000000_000b0000
          00000000_0004b508 00000000_00008eb4 rw-  rw-  ---  00000000_00010000
     LOAD 00000000_000a8eb4 00000000_00000000 00000000_00000000
          00000000_00000000 00000000_00000000 r--  ---  ---  00000000_00010000
     LOAD 00000000_000a8eb4 00000000_00000000 00000000_00000000
          00000000_00000000 00000000_00000000 rw-  ---  ---  00000000_00010000
     LOAD 00000000_000a8eb4 00000000_00000000 00000000_00000000
          00000000_00000000 00000000_00000000 rw-  rw-  rw-  00000000_00010000
    ????? 00000000_000a70a0 00000000_000b70a0 00000000_000b70a0
          00000000_00000374 00000000_000000e0 r--  ---  ---  00000000_00000008
    ????? 00000000_0009a678 00000000_000aa678 00000000_000aa678
          00000000_00000028 00000000_00000028 ---  ---  ---  00000000_00000008
    ????? 00000000_0009a6a0 00000000_000aa6a0 00000000_000aa6a0
          00000000_00000040 00000000_00000040 ---  ---  ---  00000000_00000004

Section headers
  [Nr] Name            Type      Addr              ES Flg Lk Inf Al
       Off                       Size
  [00] <no-name>       NULL      00000000_00000000 00     00 000 00
       00000000_00000000         00000000_00000000
  [01] <no-name>       PROGBITS  00000000_00010200 00 wa  00 000 04
       00000000_00000200         00000000_0000002c
  [02] <no-name>       PROGBITS  00000000_00010230 00 wa  00 000 08
       00000000_00000230         00000000_0008f0d4
  [03] <no-name>       PROGBITS  00000000_0009f304 00 wa  00 000 04
       00000000_0008f304         00000000_00000024
  [04] <no-name>       PROGBITS  00000000_0009f328 00 wa  00 000 04
       00000000_0008f328         00000000_000006a0
  [05] <no-name>       PROGBITS  00000000_0009f9c8 00  a  00 000 04
       00000000_0008f9c8         00000000_000047c0
  [06] <no-name>       PROGBITS  00000000_000a4188 00  a  00 000 04
       00000000_00094188         00000000_000000d4
  [07] <no-name>       PROGBITS  00000000_000a425c 00  a  00 000 04
       00000000_0009425c         00000000_00000004
  [08] <no-name>       PROGBITS  00000000_000a4260 00  a  00 000 04
       00000000_00094260         00000000_00000054
  [09] <no-name>       PROGBITS  00000000_000a42b4 00  a  00 000 04
       00000000_000942b4         00000000_00000004
  [10] <no-name>       PROGBITS  00000000_000a42b8 00  a  00 000 04
       00000000_000942b8         00000000_00000004
  [11] <no-name>       PROGBITS  00000000_000a42bc 00  a  00 000 04
       00000000_000942bc         00000000_000000dc
  [12] <no-name>       PROGBITS  00000000_000a4398 00  a  00 000 04
       00000000_00094398         00000000_00000004
  [13] <no-name>       PROGBITS  00000000_000a43a0 00  a  00 000 16
       00000000_000943a0         00000000_000062b8
  [14] <no-name>       PROGBITS  00000000_000aa658 00  a  00 000 08
       00000000_0009a658         00000000_00000020
  [15] <no-name>       PROGBITS  00000000_000aa678 00  ae 00 000 08
       00000000_0009a678         00000000_00000028
  [16] <no-name>       PROGBITS  00000000_000aa6a0 00  a  00 000 04
       00000000_0009a6a0         00000000_00000040
  [17] <no-name>       PROGBITS  00000000_000b0000 00  ae 00 000 04
       00000000_000a0000         00000000_00000030
  [18] <no-name>       PROGBITS  00000000_000b0030 00  ae 00 000 04
       00000000_000a0030         00000000_00000014
  [19] <no-name>       PROGBITS  00000000_000b0044 00  ae 00 000 04
       00000000_000a0044         00000000_00000004
  [20] <no-name>       PROGBITS  00000000_000b0048 00  ae 00 000 08
       00000000_000a0048         00000000_00000fc4
  [21] <no-name>       PROGBITS  00000000_000b100c 00  ae 00 000 04
       00000000_000a100c         00000000_000000d4
  [22] <no-name>       PROGBITS  00000000_000b10e0 00  ae 00 000 08
       00000000_000a10e0         00000000_00003150
  [23] <no-name>       PROGBITS  00000000_000b4230 00  ae 00 000 08
       00000000_000a4230         00000000_00002e70
  [24] <no-name>       PROGBITS  00000000_000b70a0 00  ae 00 000 04
       00000000_000a70a0         00000000_000000e0
  [25] <no-name>       NOBITS    00000000_000b7180 00  ae 00 000 08
       00000000_000a7180         00000000_00000294
  [26] <no-name>       PROGBITS  00000000_000b7418 00  ae 00 000 08
       00000000_000a7418         00000000_00001a9c
  [27] <no-name>       NOBITS    00000000_000b8eb8 00  ae 00 000 08
       00000000_000a8eb4         00000000_00042650
  [28] <no-name>       PROGBITS  00000000_00000000 00     00 000 01
       00000000_000a8eb4         00000000_00002ef1
  [29] <no-name>       STRTAB    00000000_00000000 00     00 000 01
       00000000_000abda5         00000000_00000124

Everything seems like fself, not compressed, seems like I was right few posts ago about the 80010009 error, seems like something similar to old good algo "3.41 to 3.55 manual patching" was used (decrypt self, copy unencrypted data to encrypted eboot, change headers to fself, change bits to "uncompressed")

4. fail0verflow's Unself gave error "segmentation fault (core dumped)", here's a dump:

Code:

Exception: STATUS_ACCESS_VIOLATION at eip=6110BC98
eax=00010000 ebx=0000C650 ecx=000013F4 edx=00000000 esi=7EFA8000 edi=00D70408
ebp=0028CB98 esp=0028CB8C program=C:\cygwin\bin\unself.exe, pid 7396, thread main
cs=0023 ds=002B es=002B fs=0053 gs=002B ss=002B
Stack trace:
Frame     Function  Args
0028CB98  6110BC98  (00D68D88, 7EFA0980, 0000C650, 00010000)
0028CBD8  6113F2E6  (0028D000, 00D68B94, 0028CBF8, 000001B6)
0028CC18  61117B5A  (0028D000, 7EF00980, 000AC650, 00000001)
0028CC38  61117C15  (7EF00980, 000AC650, 00000001, 00D68B94)
0028CD18  610C01A5  (6123B32F, 61179FC3, 0028CD58, 61006CD3)
0028CD58  61006CD3  (00000000, 0028CD94, 61006570, 7EFDE000)
End of stack trace

Parts of eboots, that were decrypted seems like junk.

5. Tried unselfing in Magic PKG, it wrote "Decrypted successfully...", but this is BS, the output file is the same as above, there was an error, and eboot is the same junk as using fail0verflow's unself (checked md5).

6. Deank's EBOOTMod gave the same results.

CONCLUSION: EBOOT can't be decrypted.

Seems like sections of EBOOT are ALREADY DECRYPTED like in old 3.55 to 3.41 patches.

My guess, is TRUE BLUE payload switches PS3 to read fselfs/unencrypted data, just the same way as original 3.41 PSJailbreak done on PS3.
But 3.55 kmeaw can't read those files without True Blue. Maybe we should makefself this eboot?

Also, have anyone on 3.41 tested those releases? It may work if used creating pkg with "magic pkg's" "3 method (no edit)"

[Krachwas]

Sounds good to me. So change the version number in the eboot (it was in the eboot wasn't it?) and try to make a "self" eboot with the 3.55 keys.

Why it should not work?

[Tidusnake666]

Oh, consider the time when my post was originally posted - before this update.

I thought that markers said it wasn't encrypted, so it shouldn't be encrypted, but RikuKH3 provided idea, that it can be encrypted with masterdisk, which I haven't thought about. So, take it with a grain of salt

Sounds good to me. So change the version number in the eboot (it was in the eboot wasn't it?) and try to make a "self" eboot with the 3.55 keys.

Why it should not work?

It is in Param.SFo and sometimes as .sys_proc_param in eboot in some games. In portal 2 I haven't found it (maybe because of some kind of encryption or obfuscation?).

And another crazy idea, since 3.56-MA DH-JFW has ability to natively run fselfs (am I not mistaken?), if anyone is on this FW, you can make NPDRM (pkg) package of the patched TB game and try to run Obviously, if you're not on this FW, do not install this just for stupid test. This will say for sure, if some type of encryption/obfuscation implemented in TB releases.

[Krachwas]

So whats so special on this "masterdiscs"? What are they doing?

[niwakun]

I think, this "masterdisc" are used on kiosk consoles (Demo consoles that you regularly seen on Video Game Shop) to play games that is particularly compiled directly by developers, so they can just give a copy on these kiosk console and begin demo playing them.

Somehow they manage to work it on official games, I don't know how it exactly works, but the important is, you can play 3.6x games using this.

[Pcsx2006]

Mad props to all DEVS working on this project, and i do hope that in coming days/weeks we surely have very useful stuff out of this.

[bebi1506]

Can we clone these dongles yet ?

[Raptros]

So to us common folk, what exactly can we do with this? i'm a complete noob at this myself but i suppose you have to throw the payload in a compatible dongle and it works kinda like an update/modification to the dongle, but what about people such as me who only use CFW 3.55 with multiman, can we just wait for a multiman release that includes a true blue payload THAT DOES NOT require a dongle to work?

[HeyManHRU]

You'll have to wait for someone to implement the payload in a CFW, for the average person like you and me the payload means nothing if you don't know what to do with it.