Damage Inc Pacific Squadron WWII PS3 3.55 / 3.41 EBOOT Fix Out


83w ago - This weekend we received word from a PlayStation 3 developer who wishes to remain anonymous news of a Damage Inc Pacific Squadron WWII (Firmware 4.11) PS3 EBOOT fix for 3.55 and 3.41 Custom Firmware (CFW) users.

Download: Damage Inc Pacific Squadron WWII PS3 3.55 / 3.41 EBOOT Fix / Damage Inc Pacific Squadron WWII PS3 3.55 / 3.41 EBOOT Fix (Mirror) / Damage Inc Pacific Squadron WWII PS3 3.55 / 3.41 EBOOT Fix (Mirror #2) / Damage Inc Pacific Squadron WWII PS3 3.55 / 3.41 EBOOT Fix (Mirror #3) / Decrypted Original ELF by PSFreak

From the author on the release: Hello, I want to share an unreleased EBOOT with everybody but I want to be anonymous.

The EBOOT is for the game Damage Inc Pacific Squadron WWII (FW 4.11) and works on 3.41 / 3.55 CFW.

Everybody with a DECR and extra hardware to dump the RAM can get his hands on those decrypted EBOOTs.

Greetz

Below is a brief guide from zadow28, as follows:

This is great news, I just think there are other ways also to do it like full game debugging. I research this option myself, and I can see also there are ways to to obtain the decrypted eboot several ways. I really played around today, and I manages to get full game debugging.. also on the PS3 you can play the game under debugger mode.

Since EBOOTs stays in ram to the next is loaded the entire game can be debugged, so there for only the EBOOT have to be decrypted and not the SPRX if the Game OS needed off that.. when the debugging starts you can sniff with "software."

Even works on 4.11 games but prepare for huge files like 1GB when sniffing, so hope for any good suggestions. Funny that you can debug both TB and Cobra this way, all the updates an dongle updaters, just wised that DEX was around before

  • First reset in debugger mode
  • Locate the eboot.bin decrypt it, and resign with Fself one
  • Then in target manager set app_home to the BLES or BLUS folder
  • Reset target
  • Then load executable then locate the eboot.bin
  • Load it
  • Then open Tuner from the SDK
  • Then load executable there also
  • When you do this you get kicked to the ps3 debugger
  • Then in debugger you press go under options
  • Congrats you are debugging full game

So of course you say why debug the game:

1) Well the debugged of the game is done by decrypting and fself the EBOOT. Not the other files sSPRX/SELF ones they can still be signed with higher keys. This method also allowed full coredump from ram.

2) Other way i found is simply sniff with wireshark on local network, the game can be either set up as emu or just app_home.

Just sniff then load game. then in the log of the sniffer, the binary is there (HEX) still some testing.

So basically my theory is load 4.1 games with the update trick, load it in the debugger, when game is running make full dump with ram.
This should work since EBOOTs are stored in ram till the next is loaded.. still you need some kind off debug info in the EBOOT, for the debugger to load the EBOOT.

All the cobra and TB updates all the way up to the last can be debugged. Its pretty easy to do, just decrypt the updates and fself them. Run them in the debugger easy peacy. Just remember to make an folder PS3_GAME and put the USR dir inside+ set app_home to the dir where PS3_folder is.

Regarding the games all games is possible to debug. only the eboot have to be an fself one, then it dosen't matter if the other files are signed with greater keys. The challenge is to build an fself that launch the higher eboots 3.61+ ones, but still there are many ways.
can be if then game have an 3.60 patch but the rest is 4.21, then it should be apple to get some info there. No exact answer here.

Haven't tried yet on the nodrm games since I don't have any off those.. so if any have those try it out. I've made an small video that shows how to debugg the dongle updates I don't have any dongle attach... all updates and apps made can be done this way.





Also made this one about how to sniff the game, minus is that you get huge files, but you get the EBOOT decrypted.. so of course the next is to sniff emu/iso games. Also I'm on dex 4.21(affraid to downgrade, since I broke one console) If any on 3.55 can try sniffing the 4.21 emu games there and give some feedback.





Another thing i noticed is when running different EBOOTs. Is that the EBOOTs depends on many different files mostly sprx one, from dev flash from the console. So they also show in the debugger, decrypted or in the core dump.

Now i have many thought og doing this, one is maybe debug an game while it patches an game online.. not sure. Best is if we could build an debug self that runs the actuall eboot. Not unlike the eboots thats runs the signed files from console.those get decrypted. Remember if loaded from the debugger insteed of the target there is an nice little function called force coredump.

If you haven't figured it out yet you can debugg patches also .Like nodrm ones, or games. When you get the patches. you have to set the folders strait.

Make Ps3_Game folder, copy the USRDIR inside ,put the app_home ,then debug as normal. the nodrm patch would show up as any other patch for an game. (remember to Fself the EBOOT) if you want redump as nodrm did it, rebuild eboot.elf the elf would get decrypted right this time.and off coause this eboot work on any rip games.

I managed to dump sdat packed files also:

Now first when i debugged the patched the target was looking for game.psarc.sdat it gave an error since it wasn't there. so i replaced the game.psarc.sdat with files that was finallyzes encrypted, just rename the files i wanted to game.psarc.sdat then in debugger, do core dump extract the sdat decrypted.

And to math flags explaination, that you cant dump files without prober flags. I haven't come across and game or app that i havent been able to dump yet, maybe you can elaborate on that, since maybe the core isn't visible but, if stepping one by one into memory you are able to just dump the last executable one.

I've made an video sometime ago on another topic, but this would go for all the sdk.. new quick video:





I was looking at the sequence from make self, making fself, making E/Adat to examine the different algorythms. This is the way to debug and reverse it in ida pro, now this stuff is to hard for me to calculate the algorythm. now i highlight on video on right mouse what to look for, so if you get the video you get the point.

I admit this is to hardcore for me.. actually you would need some one like math to calculate the sequence, even with it being wide open.

The games that needs to run as emu, actually don't. After you build the emu in ps3gen, press verify. Then select emu you just build. then select all files and folders, then decrypt. Now in Target manager set app _home. to the folder you created. IN release mode play via XMB.

From Abkarino: You do not need all this steps to just decrypt SDAT files. You can use this application (asmodean.reverse.net/misc/_/extttdpk.zip) to do this. Also you can look at this article it take about SDAT decryption and this code is tested and work fine. You can build your app to decrypt any SDAT files and run it in any DEX or CEX with CFW console.

From RangerRus (via forum.xentax.com/viewtopic.php?f=21&t=7610): sdat files (PlayStation 3) decryption method:

Hello. Today we'll talk about .sdata encrypted files and HOW to decrypt and then "encrypt" them back.

First, i've to say about why we should know about this. There are many games which included such file types on ps3, many of them not supported another languages (ie. russian). And for their translation we need to decrypt this type of files (for example Red Dead Redemption or Demon's Souls).

Second, here is some information about encryption. Even if .sdata files encrypted, we can create .sdata file without encryption from decrypted file and it will work in a game. For this purpose you should use a standart SDK programm "make_sdata.exe". This (and other files we will talk about) here, in sdata-archive: * snip

Next, about how to decrypt them. Well, this is hard - you need: 1) jailbroken ps3 for real tests (or smbd. who got it) 2)SONY PS3 SDK (I think, you should take DUPLEX 3.40 version) 3) an encrypted file (examples in my sdata-archive). When the SDK would be downloaded, make all preparations to work with it and go next part:

To decrypt this files we should create a special "game" and run it from game manager, like Multiman. The question is how to build eboot.bin file we need it for. Well, some part of the answer is here: asmodean.reverse.net/pages/extttdpk.html

Let's try to understand what is this all in extttdpk.zip (included in my sdata-archive). First, we should to read SDATA-Overview_e.pdf (take it from my sdata-archive). It says that decryption of this file can be proceed by a function cellFsDataOpen() and other functions, which must be used when you create a game, i.e. EBOOT.BIN.

Ok, let's open extttdpk.zip:

1) extttdpk_v1.exe, extttdpk_v2.exe, extttdpk.cpp are files we no need in them.

folder decrsdat:

2) decrsdat.cpp - source C file we will need to create EBOOT.BIN
3) PS3_GAME folder: it's done folder of our "game"
4) decrsdat.conf & decrsdat.build we no need to modify - it have to use while compiling EBOOT.BIN with decrsdat.cpp.

folder game -> usrdir:

5) decrsdat.lst - simple file where we write about what file we need to decrypt (open with Notepad++). Example:


Here we need to decrypt file "datadkh.sdat" (which have placed in /dev_hdd0/game/LAUN12345/GAMEZ/BLJM60166/PS3_GAME/USRDIR/) and place decrypted copy "datadkh" of it in /dev_usb/ (ie. external HDD).

So, here is instruction:

1) Make eboot.bin with SDK & decrsdat.cpp & decrsdat.conf & decrsdat.build.
2) Edit decrsdat.lst with what files you want to decrypt.
3) Place compiled EBOOT.BIN in PS3_GAME\USRDIR
4) Place PS3_GAME folder on internal HDD
5) Run "game" and catch decrypted files on ext.HDD.

From Mathieulh: You need to understand a few things:

1. Coredump is by design, meant not to trigger when a process flagged as "not debuggable" (that's a capability flag in the EBOOT's metadata) is running.

2. It's easy to run an actual disc eboot in debug mode, it usually doesn't require anything more than using a static path for the eboot (and to have the original disc in the drive because the self is flagged with "discbind" capabilities), the thing is if it is flagged as not debuggable, even though you can run it, you cannot attach to the process and thus dump it, and coredump will be disabled.

3. The only thing that can trigger a coredump on a not debuggable process is an exception, but to have any process flagged as not debuggable copied to ram, you need to run it (you cannot load and not start a process flagged as not debuggable, unlike ones issued from fself or regular processes)

The issue is that once the said process is running, since it's obviously loaded from a signed and encrypted executable, you do not have any control of what runs there, you also cannot have your own process running on the background while this one gets started because all the sprx/processes you would have had loaded get unloaded as soon as the new executable starts (they don't have the proper cflags to stay loaded)

This means you cannot trigger the exception on your own, you have to rely on an existing bug in the actual game code (good luck with that)

Finally I don't see what wireshark has to do with this. For your intel, all 2.20+ game selfs are flagged as "not debugable" Oh ! and even on DECR-1000A, if you are running a process as "not debugable" the foot switch coredump will not work/trigger. Sorry to dissappoint you all.

Finally, if any other anonymous PlayStation 3 developers out there wish to have us share your work feel free to Contact Us or PM Me and we will be happy to do so of course!




Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 8728 Comments - Go to Forum Thread »

Quick Reply Quick Reply

cowboys805's Avatar
#8688 - cowboys805 - 8w ago
Does anybody have the 3.55 fix for Castlevania LODS Mirror of Fate HD PSN?? i would greatly appreciate this as i'm trying to pass it before I play lords of shadow 2? THANKS!!!

PS3 News's Avatar
#8687 - PS3 News - 8w ago
Below are some more PS3 Fixes for 3.41/3.55 by opoisso893 (Password: opoisso893.fr)

NASCAR '14 - BLUS31378 - Retail Fix & update 1.01 - 3.41/3.55/4.21+

BLUS31378 - Retail fix
3.41/3.55: https://safelinking.net/p/07d33759c6
4.21+: https://safelinking.net/p/feff5cedd4

BLUS31378 - Update 1.01
3.41/3.55: https://safelinking.net/p/cb3c858a4f
4.21+: https://safelinking.net/p/a9cfea4c40

Need For Speed Rivals - BLES01894 / BLUS31201 / NPEB01412 - update 1.03 - 3.41/3.55/4.21+

BLES01894 - Retail Fix - 3.41/3.55/4.21+
3.41/3.55: https://safelinking.net/p/21cb368f61
4.21+ : https://safelinking.net/p/6b04bab0da

BLES01894 - Update 1.03 - Need Official 1.03
3.41/3.55: https://safelinking.net/p/96616112c0
4.21+: https://safelinking.net/p/64b73c40f7

1.03: http://b0.ww.np.dl.playstation.net/tppkg/np/BLES01894/BLES01894_T2/57956f7e91f015af/EP0006-BLES01894_00-NFS14000PS3000EU-A0103-V0100-PE.pkg

BLUS31201 - Retail Fix - 3.41/3.55/4.21+
3.41/3.55: https://safelinking.net/p/535907318b
4.21+: https://safelinking.net/p/7b13fddf3d

BLUS31201 - Update 1.03 - Need Official 1.03
3.41/3.55: https://safelinking.net/p/8b2f23987d
4.21+: https://safelinking.net/p/fd46226247

1.03: http://b0.ww.np.dl.playstation.net/tppkg/np/BLUS31201/BLUS31201_T2/3b2c5065d5e310f8/UP0006-BLUS31201_00-NFS14000PS3000NA-A0103-V0100-PE.pkg

NPEB01412 - Game
http://zeus.dl.playstation.net/cdn/EP0006/NPEB01412_00/tgCwHRTLfhRzeRhuKsvXxPZyAVhpPVkfalLDzsOGArOFGkfecdejIkmVKtyMWQxRNqQvdyldItuwHXthkqPkVvdjMNcRdleKhKoJr.pkg

NPEB01412 - PSN Fix 1.03 - Need official update 1.03
3.41/3.55: https://safelinking.net/p/48e51ebb95
4.21+: https://safelinking.net/p/9feaffea5c

1.03: http://b0.ww.np.dl.playstation.net/tppkg/np/NPEB01412/NPEB01412_T2/d0a2c7de15516a19/EP0006-NPEB01412_00-NFS14000PS3000EU-A0103-V0100-PE.pkg

Puyopuyo Tetris - BLJM61097 - Retail Fix - 3.41/3.55/4.21+

BLJM61097 - Retail Fix
3.41/3.55/4.21+: https://safelinking.net/p/25b0c006ee

Yakuza Ishin Demo - NPJB90690 - 4.21+ only

NPJB90690 - Retail Fix
4.21+: https://safelinking.net/p/26324c7457

THIEF - BLES01982 - Retail Fix - 3.41/3.55/4.21+

BLES01982 - Retail Fix - Need BD-Mirror
3.41/3.55: https://safelinking.net/p/5a777b52f5
4.21+: https://safelinking.net/p/b3223eae84

BATTLEFIELD 4 - BLAS50588 / BLES01832 / BLUS31162 - update 1.08 - 3.41/3.55/4.21+

BLAS50588 - Update 1.08 - Need official update 1.08
3.41/3.55: https://safelinking.net/p/9901a98a63
4.21+: https://safelinking.net/p/c6cc7c4e1a

1.08: http://b0.ww.np.dl.playstation.net/tppkg/np/BLAS50588/BLAS50588_T7/82cd28f2bb869026/HP0006-BLAS50588_00-MPUPDATE00000007-A0108-V0100-PE.pkg

BLES01832 - Retail Fix
https://safelinking.net/p/a8fcd858cd

BLES01832 - Update 1.08 - Need official update 1.08
3.41/3.55: https://safelinking.net/p/a4b4d382ee
4.21+: https://safelinking.net/p/82a65193a2

1.08: http://b0.ww.np.dl.playstation.net/tppkg/np/BLES01832/BLES01832_T7/f793d554b247f5d6/EP0006-BLES01832_00-MPUPDATE00000007-A0108-V0100-PE.pkg

BLUS31162 - Retail Fix
Credits to Fugazi
https://safelinking.net/p/406cb4e8bf

BLUS31162 - Update 1.08 - Need official update 1.08
3.41/3.55: https://safelinking.net/p/195d9b3019
4.21+: https://safelinking.net/p/b797052872

1.08: http://b0.ww.np.dl.playstation.net/tppkg/np/BLUS31162/BLUS31162_T7/6ee1f726c5704682/UP0006-BLUS31162_00-MPUPDATE00000007-A0108-V0100-PE.pkg

CASTLEVANIA: LORDS OF SHADOW 2 - BLUS30999 - Retail Fix - 3.41/3.55/4.21+

BLUS30999 - Retail Fix - Fugoisso Release
3.41/3.55/4.21+: https://safelinking.net/p/8a5a22beba

Castlevania: Lords of Shadow 2 - BLES01644 - Retail Fix - 3.41/3.55/4.21+

BLES01644 - Retail Fix
3.41/3.55/4.21+: https://safelinking.net/p/36f15db4bd

BLUS30999 - Retail Fix - Fugoisso Release
3.41/3.55/4.21+: https://safelinking.net/p/8a5a22beba

Rambo - BLES01963 - Retail Fix - 4.21+ only

BLES01963 - Retail Fix
4.21+: https://safelinking.net/p/8bdbb78e9d

Tales Of Symphonia Chronicles - BLUS31172 - Retail Fix - 4.21+ only

BLUS31172 - Retail Fix
3.41/3.55: work in progress
4.21+: https://safelinking.net/p/0766f58b36

THIEF - BLES01982 - Update 1.01 - 3.41/3.55/4.21+ Read NFO file!

BLES01982 - Retail Fix - Need BD-Mirror
3.41/3.55: https://safelinking.net/p/5a777b52f5
4.21+: https://safelinking.net/p/b3223eae84

BLES01982 - Update 1.01 - Need BD-Mirror
3.41/3.55: https://safelinking.net/p/190076bcd2
4.21+: https://safelinking.net/p/2ce6c1c3b6

STRIDER Hiryu - BLJM61153 - Retail Fix - 3.41/3.55/4.21+

BLJM61153 - Retail fix
3.41/3.55/4.21+: https://safelinking.net/p/bd4f6e9106 (Includes Fixed Files)

READ NFO: Important steps to install this game. It's same game as STRIDER PSN and it's Multi languages. IMPORTANT: Read my NFO file to find steps to install this game.

SOUTH PARK: THE STICK OF TRUTH - BLUS31191 - Retail Fix and update 1.01 - 3.41/3.55/4.21+

BLUS31191 - Retail Fix - Need Bd-mirror
3.41/3.55/4.21+: https://safelinking.net/p/f25e27651d

BLUS31191 - Update 1.01 - Need Bd-mirror
3.41/3.55/4.21+: https://safelinking.net/p/fe85a6a5b3

BBoy Chrif's Avatar
#8686 - BBoy Chrif - 8w ago
Castlevania Lords of Shadow 2 PS3-DUPLEX

D U P L E X

P R O U D L Y P R E S E N T S: Castlevania Lords of Shadow 2
Date: 02/2014 Languages: English
Platform: PS3 Genre: Action

Release Info:

Castlevania: Lords of Shadow 2 returns in an epic adventure set in an
open, modern day world. Fans of the series will play as Dracula for
the very first time and uncover the shocking secrets behind the
"Lords of Shadow" saga!

Notes:

Enjoy This Fine DUPLEX Release

BBoy Chrif's Avatar
#8685 - BBoy Chrif - 8w ago
Thief PS3-DUPLEX

D U P L E X

P R O U D L Y P R E S E N T S: Thief
Date: 02/2014 Languages: English
Platform: PS3 Genre: Action

Release Info:

Garrett, the Master Thief, steps out of the shadows into the City. In
this treacherous place, where the Baron's Watch spreads a rising tide
of fear and oppression, his skills are the only things he can trust
Even the most cautious citizens and their best- guarded possessions
are not safe from his reach

Notes:

Enjoy This Fine DUPLEX Release

BBoy Chrif's Avatar
#8684 - BBoy Chrif - 9w ago
Following up on their previous release, today PlayStation 3 scene release group DUPLEX is back with Forest Legends The Call of Love PSN PS3 DUPLEX and Strider PSN PS3 DUPLEX for Custom Firmware users!

Forest.Legends.The.Call.of.Love.PSN.PS3-DUPLEX / Forest Legends The Call of Love PSN PS3 DUPLEX

Download: http://fileom.com/xwvi7dz4hh2d/BPSN_1216.part1.rar.html / http://fileom.com/2t3o0p9m6ccf/BPSN_1216.part2.rar.html / http://www.kookfile.com/rt2nrsmsulad/BPSN_1216.part1.rar / http://www.kookfile.com/dpe1mo089a3h/BPSN_1216.part2.rar

WORKS ON: 3.41/3.55/4.21+

Region: [EU] NPEB01924
Release by: Fugazi
Size: 2.2 GB
Language: English, French, German, Russian
Install Guide: Copy edat file to your user-profile on ps3 /dev_hdd0/home/0000000x/exdata/. Install game. Install pkg fix for your cfw.

HOW TO PLAY:
1-Install FULL GAME PKG.
2-Install FIX PKG.
3-Play!

Strider.PSN.PS3-DUPLEX / Strider PSN PS3 DUPLEX

Download: http://u27311.letitbit.net/download/57868.5d5be5d5ba63b46515fcb519a19d/Strider.PSN.PS3-DUPLEX.rar.html

More PlayStation 3 News...













Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News