69w ago - Below is a work-in-progress (WIP) of PS3 3.60+ games booting on PlayStation 3 Custom Firmware (CFW) 3.55 and 3.41 without a dongle for those interested in experimenting further with it.
What you need ?
1- PS3 3.55 CFW Rebug or 3.55/3.41 with Debug
2- Debug Dev_Flash (Also allow to have the debug options on retail)
3- Backup of your own CFW DEV_Flash (make a dev_flash path on your USB Device)
4- A File Manager
5- EBOOT.BIN of your games (also from Paradox)
What you need to know
Rebug normal in Debug mode 2
- You need to put your PS3 in boot mode -> debugger mode (and not system software mode)
- We're gonna use the debugger mode to debug the self execution we don't need to have NPDRM, anyway the debugger don't know how to Debug the Self NPDRM
- Release mode -> Development mode
- All the content type configuration -> Development mode
Dongle uses modified sprx/modules/lib related to the Debug files to be loaded when you boot the PS3 on CFW.
Almost all the EBOOT Paradox don't have NPDRM -> it's a simple self (fake sign header) renamed to EBOOT.BIN (like i was explaining many times) -> call function to the debugger -> sprx/modules loader.
Let's do a small test to be sure that you understand.. take whatever EBOOT Paradox, open with editeur hexa, check the first header ->
You can see that is a standard Self without NPDRM only have a fake sign header.
Rename this file EBOOT.SELF than .bin transfer your self on your usb stick/storage, launch a file manager, add the self to the path of your game and execute your self after that, self will load on the path APP_HOME of your XMB.
If you launch that with the debugger mode, it execute without problem and the debugger don't need to have NPDRM (anyway the debugger don't know how to read Self NPDRM)
Why we need debug_devflash
We need that to replace some specific temporary file to allow to boot on debugger mode and reload the XMB, also the backup of your dev_flash CFW it's here to put back your files (that allow to reboot without crash).
I don't put all now put this is one of the step and WIP of game 3.60+ boot on 3.55/3.41. Remember that the dongle use also standard Self to be load on a debugger mode.
Am I doing something wrong or is it not functioning properly on Rebug Rex 4.30.2? I select the automatic payload and exit so then it goes to sleep. I ...
Don't expect too much from me about the masterkey.
I suspected many different process to boot 3.60+ Games on older firmware and also some other stuff related to the internal emulation (PSX/PSP/PS2)
Have many theory about the dongle but i'm gonna explain something.
1-Many Official Game had standart self renamed to EBOOT.BIN (not even npdrm) you can easily unself them (and fix the encrypted section)
2-Patch the header from the official eboot.bin -> (self) and they don't make own eboot from this way, they patch the header to be work on a 3.55 Special CFW (allow to load specific stuff related to the CELL Execution)
3-the dongle = emulate debug patch dev_flash/payload that allow to boot into the debugger mode -> also to patch in real time (syscall function between usb port/CELL) remember jig generate dongle id
4-also some PS3 Games use specific SDK revision (like i show on a another topic)
5-and for the eboot NPDRM is different -> lv2kernel related to the liblv2.sprx, etc patching it's your answer
Regards
& where to find that debug dev_flash ???