Over the weekend TeamSOS have released UnPKG GUI PS3 PKG Decompiler alongside a video of it in action below followed by PlayStation 3 Homebrew Stealthing Utility v1.3.5.
Download: UnPKG GUI PS3 PKG Decompiler / UnPKG Commandline PS3 PKG Decompiler / UnPKG v1.2 GUI / Commandline PS3 PKG Decompiler / PS3 Homebrew Stealthing Utility v1.3.5 / Stealthed MultiMAN PS3 Backup Manager / UngPKG 2GB Fix by element
To quote: First is Unpkg GUI (Windows Program requires .NET) and second is Allunpkg (Command Line version) both will decrypt and extract ALL pkg files with the exception of firmware PKG files. Instead of having to use different applications to deal with different pkg types, these applications will detect what's what and handle it accordingly. Major props goes to Blazie151 for making most of the app (I'm on TeamSOS too, just not as good as Blazie + he did most of it).
Thanks goes out to Mathieulh for sharing some of the source code needed for this release, also thanks to nawhrwet for his program that handles the debug pkgs.
If you would like to see it in action check out the video below:
I'm releasing an application, called Homebrew Stealthing Utility v1.3.5, that I created that allows you to stealth a homebrew application or game as any PSN demo or full game that you want. Instead of having it possibly affect your future gaming needs, or having 10,000+ people all playing the same "game", YOU can choose what you stealth the homebrew as. Normally, this would just appear as game sharing; for double protection or the paranoid bunch, download the demo first and it'll be added to your purchase history.
Ok, before anyone even asks - NO THIS NOT ALLOW YOU ACCESS TO PSN. It's an application that will make PSN safer once its restored. Trollers on this thread saying useless crap like "how does this help without PSN access" will not be appreciated.
So here's the theory I cooked up from getting information from multiple sources and seeing the data and logs myself, cross-referencing things like what was being played and used, when, how long, log cleaning and safety measures used, and online habits. Needless to say it was a lot of data to sift through to fully formulate my thoughts. Some of this is known, some of it I haven't seen on the net at all, so here goes...
Part 1 - Any homebrew you use puts a line in your log files. The log files are not normally wiped by going online. By wiping your own logs, you give reason for flags. The only time your logs would be erased normally is if you formatted your hard drive. When you log in 50 different times with blank logs, it would obviously be something noticeable on the server side, even if $ony is not monitoring it now. It takes more than 5 minutes to format your hard drive, pop it another game and get online. So when you log out, change your game with your boot manager, and log back in with clean logs again, it would look very fishy. All $ony would need to do is cache logs between log ins for a predetermined amount of time and wait for people to start triggering flags and warning that could turn into bans. For this reason, ALL HOMEBREW SHOULD BE STEALTHED!
Part 2 - If you can see what your friends are playing online, don't you think $ony can too? The way "stealth" homebrew is currently stealthed is by having it look like a game. The downfall is that you can't play that game in future, because the homebrew files are using that folder. Also, and a big one here, if your online with that stealth homebrew, it shows that its being played from the hard drive. Now, to me, that looks like a huge red flag waving around with a jumping kid screaming "$ony come ban me." I mean, if your friends can see that don't you think $ony can? I would think that would be immensely easy to detect. No gameid starting in B (as in BLES00000) should be listed as being played from the hard drive. I would think detecting this would be more than easy for $ony to implement, especially since the average user can see that now.
As for only releasing the homebrew stealthed as a single game, don't you thing it looks weird when 10,000+ people start using a game that's not popular? I know that question has been asked here before. Even if they can't ban someone directly for it, I would think $ony could at least monitor those consoles closer than the rest cause again, it just looks fishy.
Now the solution. What's the best way to stealth homebrew, without losing ability to play certain games from disc if you wanted to, and have everything look kosher and perfect, even while online? I decided that using PSN demos would be the safest. They never really get played so its not interfering with your regular gaming or other homebrew, you don't have to ever clean your logs, and your friends and $ony can't see you playing a disc-based game from the hard drive.
So why now, why not wait until PSN is back? Well, that's simple. PSN is coming back, it's inevitable. Why not already practice good stealthing so when PSN comes back your not scrambling to clean your logs and worrying that something slipped through the cracks?
This application supports all pkg files that are not firmware pkg files. You can select an extra file to include in the USRDIR directory (mainly implemented that for MultiMan use, since that file is needed to play backups and not included in the MultiMan package). Also, it supports pkg file creation for 3.41 and 3.55, as well as a pause function for manual file manipulation prior to re-packaging. It also saves your output directory and firmware selection for future use, as well as run time arguments. Drag a pkg file on top of it or assign pkg files to open with it in windows, and it will load the first field with that data.
The only applications I've seen have some problems with being stealthed are programs with callbacks to a static eboot.bin folder (like dev_blind), I'm working on a fix for that. Also, any program like MultiMan, that has an options ini file, needs that file modified with the new gameid in order for all the functions, such as covers, themes, etc, to work. All the other functions work fine though. If you'd like, check the pause option and modify the file manually. You also need to change the option to clear the logs when MultiMan boots. I'll work on a solution for this as well, but for now I'll also share my stealthed MultiMan with you all so you don't have to stealth that one if you don't want.
Current Feature List:Known Issues:
- Stealthed pkg file works on all firmware versions (3.15, 3.41, 3.55) including GH 3.55
- Supports all pkg files
- Supports run time arguments so you can open this program with a file or even automate it
- Grabs the GameIDs and homebrew names automatically
- Creates the -conf files automatically
- Creates the stealth pkg automatically
- Adds an additional user specified file if selected
- Can sign the file automatically if selected (3.55GH mainly)
- Pause checkbox allows manual modification of files before pkg'ing
- Works on Virtual Machines, runs with .net 3.5
Coming Soon:
- Some virus protection programs don't like it. This is because it creates all dependency files during run time, and some virus protection programs don't like exe files appearing from thin air. If this happens to you, please add the dir this utility is stored in to your excluded list in your virus scanner.
Enjoy!!!
- Automatic modification of ini files (like the ones in MultiMan)
- Automatically change MultiMan's log cleaning setting
Update: PlayStation 3 developer element has now made available an UngPKG 2GB fix below, as follows:
I am a great fan of the ps3tools ... but I have seen that the tools cannot support files which are larger than ~1.5 GB.
The reason is fairly simple... there are no more continuous heap left to map the entire file.
Therefore I have adapted the ungpkg tool, that this will read the file and make a decryption slice by slice. Hopefully somebody enjoy the releaseungpkg.c 2GB fix
- pastebin.com/19gFfkQF
- pastebin.com/VW8bfEV4
new types.hCode:#include <stdio.h> #include <stdlib.h> #include <string.h> #include <fcntl.h> #include <string.h> #include <assert.h> #include <stdlib.h> #include <unistd.h> #include "tools.h" #include "types.h" #include "common.h" #ifdef WIN32 #define MKDIR(x,y) mkdir(x) #else #define MKDIR(x,y) mkdir(x,y) #endif typedef void (*decrypt_callback) (u8*, u64, u64); static FILE *pkg; static u64 size; static u64 offset; static PKG_HEADER *header = NULL; static u8 key[0x10]; static decrypt_callback decrypt; void decrypt_debug_block(u8 *data, u64 size, u64 register_offset) { u64 i; u8 key[0x40]; u8 bfr[0x1c]; memset(key, 0, sizeof key); memcpy(key, header->digest, 8); memcpy(key + 0x08, header->digest, 8); memcpy(key + 0x10, header->digest + 0x08, 8); memcpy(key + 0x18, header->digest + 0x08, 8); wbe64(key + 0x38, be64(key + 0x38) + register_offset); sha1(key, sizeof key, bfr); for(i=0; i<size;i++) { if(i != 0 && (i % 16) == 0) { wbe64(key + 0x38, be64(key + 0x38) + 1); sha1(key, sizeof key, bfr); } data[i] ^= bfr[i & 0xf]; } } void decrypt_retail_block(u8 *data, u64 size, u64 register_offset) { u64 tmp; u8 iv[0x10]; memcpy(iv, header->k_licensee, 0x10); tmp = be64(iv + 8) + register_offset /*1*/; wbe64(iv + 8, tmp); if (tmp == 0) wbe64(iv, be64(iv) + register_offset /*1*/); aes128ctr(key, iv,data, size ,data); } static void unpack_pkg(void) { PKG_FILE_HEADER *file; u64 i; u64 n_files; u32 fname_len; u64 file_offset; u32 flags; u32 fname_off; u8 *data_block; u8 *file_block; char fname[255]; n_files = be32( (u8*) &header->item_count); file = malloc(sizeof(PKG_FILE_HEADER)); for ( i = 0; i < n_files; i++ ) { fseek(pkg, offset + (i * 0x20), SEEK_SET); fread(file, 0x20, 1, pkg); decrypt((u8*)file , 0x20, (offset + (i * 0x20) - offset) / 16); fname_off = be32((u8*)&file->filename_offset); fname_len = be32((u8*)&file->filename_size); file_offset = be64((u8*)&file->data_offset); size = be64((u8*)&file->data_size); flags = be32((u8*)&file->flags); fseek(pkg, fname_off + offset, SEEK_SET); file_block = malloc( fname_len ); fread( file_block, fname_len, 1, pkg ); decrypt(file_block, fname_len, fname_off / 16); memset(fname, 0, sizeof fname); strncpy(fname,(const char*) file_block, fname_len); printf("%10x %s\n",flags, fname); fseek( pkg, file_offset + offset, SEEK_SET); data_block = malloc ( size ); fread( data_block, size, 1, pkg); decrypt(data_block, size, file_offset / 16); flags &= 0xff; if(flags == 4) { MKDIR(fname, 0777); } else if (flags == 1 || flags == 3 || flags == 2) { memcpy_to_file( fname, data_block, size); } else { fail("unknown flags: %08x", flags); } } } int main(int argc, char *argv[]) { char *dir; if (argc != 2 && argc != 3) fail("usage: ungpkg filename.pkg [target]"); pkg = fopen( (const char*) argv[1], "rb"); header = malloc(sizeof(PKG_HEADER)); fread( header, sizeof(PKG_HEADER), 1, pkg); if (argc == 2) { dir = malloc(0x31); memset(dir, 0, 0x31); memset(dir, 0, 0x30); memcpy(dir, header->contentid, 0x30); } else { dir = argv[2]; } offset = be64((u8*)&header->data_offset); size = be64((u8*)&header->data_size); u32 type = be32((u8*)&header->pkg_type); if( type & 0x80000000 ) { if ((type & 0x0000000F) != 1) fail("invalid pkg type: %x", type); if (key_get_simple("gpkg-key", key, 0x10) < 0) fail("failed to load the package key."); decrypt = decrypt_retail_block; } else { decrypt = decrypt_debug_block; } MKDIR(dir, 0777); if (chdir(dir) != 0) fail("chdir(%s)", dir); unpack_pkg(); fclose(pkg); return 0; }
Code:// Copyright 2010 Sven Peter <svenpeter@gmail.com> // Licensed under the terms of the GNU GPL, version 2 // http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt #ifndef TYPES_H__ #define TYPES_H__ #include <stdint.h> typedef uint64_t u64; typedef uint32_t u32; typedef uint16_t u16; typedef uint8_t u8; struct elf_phdr { u32 p_type; u64 p_off; u64 p_vaddr; u64 p_paddr; u64 p_filesz; u64 p_memsz; u32 p_flags; u64 p_align; void *ptr; }; struct elf_shdr { u32 sh_name; u32 sh_type; u32 sh_flags; u64 sh_addr; u64 sh_offset; u32 sh_size; u32 sh_link; u32 sh_info; u32 sh_addralign; u32 sh_entsize; }; #define ET_NONE 0 #define ET_REL 1 #define ET_EXEC 2 #define ET_DYN 3 #define ET_CORE 4 #define ET_LOOS 0xfe00 #define ET_HIOS 0xfeff #define ET_LOPROC 0xff00 #define ET_HIPROC 0xffff struct elf_hdr { char e_ident[16]; u16 e_type; u16 e_machine; u32 e_version; u64 e_entry; u64 e_phoff; u64 e_shoff; u32 e_flags; u16 e_ehsize; u16 e_phentsize; u16 e_phnum; u16 e_shentsize; u16 e_shnum; u16 e_shtrndx; }; typedef struct { u32 magic; u32 pkg_type; u32 pkg_info_offset; u32 pkg_info_size; u32 header_size; u32 item_count; u64 total_size; u64 data_offset; u64 data_size; char contentid[0x30]; u8 digest[0x10]; u8 k_licensee[0x10]; } PKG_HEADER; typedef struct { u32 filename_offset; u32 filename_size; u64 data_offset; u64 data_size; u32 flags; u32 padding; } PKG_FILE_HEADER; struct id2name_tbl { u32 id; const char *name; }; struct key { u8 key[32]; u8 iv[16]; int pub_avail; int priv_avail; u8 pub[40]; u8 priv[21]; u32 ctype; }; struct keylist { u32 n; struct key *keys; struct key *idps; struct key *klic; struct key *rif; struct key *npdrm_const; struct key *free_klicensee; }; struct rif { u8 unk1[0x10]; //version, license type and user number u8 titleid[0x30]; //Content ID u8 padding[0xC]; //Padding for randomness u32 actDatIndex; //Key index on act.dat between 0x00 and 0x7F u8 key[0x10]; //encrypted klicensee u64 unk2; //timestamp?? u64 unk3; //Always 0 u8 rs[0x28]; } __attribute__ ((packed)); struct actdat { u8 unk1[0x10]; //Version, User number u8 keyTable[0x800]; //Key Table u8 unk2[0x800]; u8 signature[0x28]; } __attribute__ ((packed)); static inline u8 be8(u8 *p) { return *p; } static inline u16 be16(u8 *p) { u16 a; a = p[0] << 8; a |= p[1]; return a; } static inline u32 be32(u8 *p) { u32 a; a = p[0] << 24; a |= p[1] << 16; a |= p[2] << 8; a |= p[3] << 0; return a; } static inline u64 be64(u8 *p) { u32 a, b; a = be32(p); b = be32(p + 4); return ((u64)a<<32) | b; } static inline void wbe16(u8 *p, u16 v) { p[0] = v >> 8; p[1] = v; } static inline void wbe32(u8 *p, u32 v) { p[0] = v >> 24; p[1] = v >> 16; p[2] = v >> 8; p[3] = v; } static inline void wbe64(u8 *p, u64 v) { wbe32(p + 4, v); v >>= 32; wbe32(p, v); } #endif
More PlayStation 3 News...
13250 HeyManHRU
13207 PS3 News
11287 elser1
11119 oVERSoLDiER
9248 GrandpaHomer
8578 Tidusnake666
7968 saviour07
7340 condorstrike
7258 deank
6858 OGroteKoning
24993 PS3 News
5279 Starlight
2965 HeyManHRU
2173 CJPC
2126 elser1
1818 cfwprophet
1756 her0
1571 oVERSoLDiER
1291 GrandpaHomer
1080 barrybarryk
Reply With Quote
UngPKG 2GB Fix 
