44w ago - Just a few days since his
PS3Tools GUI Edition v3.0 release,
PsDev has now updated the homebrew application to version 3.1 which includes PS3 SPU emulation changes, .SELF encryption and more as outlined below.
Download:
PS3Tools GUI Edition v3.1
To quote: Just finished my latest update for PS3Tools GUI Edition. I added quite a bit of changes in this version, scroll down to the Change log to see.
- .SPU is now extension for emulator
- SPU editor
- Edit SPU files for emulator
- Save SPU files for emulator whilst the program still open for faster emulation
- A label that tells whether it’s currently emulating or not
- SPU emulator has message boxes now upon successeions or errors
- SPU refreshed button fixed
- Changed interface for LS and codewatcher
- Debug pkg decryption temporarily removed
- Checks pkg type now
- SELF encryption added
- Filter added to opening SPU file on editor and emulator so it narrows it down to just .SPU files
- CEX2DEX now will tell if validation is done
- Test.SPU included for testing
- Included missing .dll for SPU emulation
I had some reports the Debug pkg decryption wasn’t working, so I removed until further notice.
TEST.SPU:
#Example
# to make a comment use #
This is how to load a file
#elf,file.elf,true #the ext first the comma then the file name and ext.
#place the file to load in program folder
#now just load this test.SPU file and in r3[0]
#here is how you would test a register
#r,3,0,0xdead0000 #meaning r3[0] #shows in leftside
r,3,0,0xdead0000 #above^
r,5,0,0xbabe0000 #r5[0]
r,4,1,0xcafe0000 #r4[1]
r,127,0,0xbeef0000 #r127[0]
r,54,2,0xdead0000 #r54[2]
Nice little example I made up, I commented on it to give you a little understanding. Still gotta give props to
KDSBest for original creation.
Finally, below are some guides from
PsDev (via psx-scene.com/forums/content/tutorial-2471/) for those interested:
PS3 PUP Unpacker:
1. Make sure the PUP is named "PS3UPDAT.PUP"
2. Click the drop down menu in PUP Tools
3. Click "PUP unpacker"
4. Now click do it and your down, you will receive a output like below:
sections: 9
hdr size: 00000000_00000290
data size: 00000000_0c031127
header hmac: ???
unpacking version.txt (00000000_00000005 bytes; hmac: ???)...
unpacking license.txt (00000000_0004a59a bytes; hmac: ???)...
unpacking update_flags.txt (00000000_00000005 bytes; hmac: ???)...
unpacking ps3swu.self (00000000_005675c0 bytes; hmac: ???)...
unpacking vsh.tar (00000000_00002800 bytes; hmac: ???)...
unpacking dots.txt (00000000_00000003 bytes; hmac: ???)...
unpacking update_files.tar (00000000_0b501800 bytes; hmac: ???)...
Dev_flash Tool:
1. Name the PUP "PS3UPDAT.PUP"
2. Click the drop down menu in PUP Tools
3. Click Dev_flash unpacker, and hit Do It. You will get output like below (Note, It will be a lot longer, that's just a example):
opening file PS3UPDAT.PUP
Firmware version version : 4.20
extracting dev_flash/data/font/SCE-PS3-YG-R-KOR.TTF
extracting dev_flash/data/font/SCE-PS3-NR-L-JPN.TTF
extracting dev_flash/data/font/SCE-PS3-DH-R-CGB.TTF
extracting dev_flash/data/font/SCE-PS3-NR-R-JPN.TTF
extracting dev_flash/data/font/SCE-PS3-MT-B-LATIN.TTF
extracting dev_flash/data/font/SCE-PS3-CP-R-KANA.TTF
extracting dev_flash/data/font/SCE-PS3-NR-B-JPN.TTF
extracting dev_flash/data/font/SCE-PS3-YG-L-KOR.TTF
extracting dev_flash/data/font/SCE-PS3-RD-R-LATIN.TTF
extracting dev_flash/data/font/SCE-PS3-MT-BI-LATIN.TTF
extracting dev_flash/data/font/SCE-PS3-MT-I-LATIN.TTF
extracting dev_flash/data/font/SCE-PS3-NR-R-EXT.TTF
extracting dev_flash/data/font/SCE-PS3-SR-R-JPN.TTF
extracting dev_flash/data/font/SCE-PS3-SR-R-EXT.TTF
extracting dev_flash/data/font/SCE-PS3-RD-B-LATIN2.TTF
extracting dev_flash/data/font/SCE-PS3-RD-L-LATIN.TTF
extracting dev_flash/data/font/SCE-PS3-VR-R-LATIN.TTF
extracting dev_flash/data/font/SCE-PS3-SR-R-LATIN.TTF
extracting dev_flash/data/font/SCE-PS3-RD-B-LATIN.TTF
extracting dev_flash/data/font/SCE-PS3-RD-R-LATIN2.TTF
extracting dev_flash/data/font/SCE-PS3-VR-R-LATIN2.TTF
extracting dev_flash/data/font/SCE-PS3-YG-B-KOR.TTF
extracting dev_flash/data/font/SCE-PS3-SR-R-LATIN2.TTF
extracting dev_flash/data/font/SCE-PS3-MT-R-LATIN.TTF
extracting dev_flash/data/font/SCE-PS3-RD-BI-LATIN.TTF
extracting dev_flash/data/font/SCE-PS3-RD-L-LATIN2.TTF
extracting dev_flash/data/font/SCE-PS3-RD-I-LATIN.TTF
extracting dev_flash/data/font/SCE-PS3-RD-LI-LATIN.TTF
extracting dev_flash/vsh/etc/version.txt
Readself Tool:
1. Just place one of the following, lv0, lv1ldr, lv2ldr, appldr, isoldr or EBOOT.BIN in root of program folder
2. Click drop down menu
3. Click the one you want to use and click Do it, you will get the following output (Note, Different for other files selected):
SELF header
elf #1 offset: 00000000_00000090
header len: 00000000_00000500
meta offset: 00000000_000001e0
phdr offset: 00000000_00000040
shdr offset: 00000000_000e6c70
file size: 00000000_000e6a80
auth id: 1ff00000_01000001 (Unknown)
vendor id: ff000000
info offset: 00000000_00000070
sinfo offset: 00000000_00000140
version offset: 00000000_00000180
control info: 00000000_00000190 (00000000_00000070 bytes)
app version: 4.32.0
SDK type: Retail (Type 0)
app type: level 0
Control info
control flags:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
file digest:
ae 8f b2 11 30 04 95 27 1f ec 74 69 cc 2a c7 cb 9e 76 d7 58
Section header
offset size compressed unk1 unk2 encrypted
00000000_00010500 00000000_00000c70 [NO ] 00000000 00000000 [YES]
00000000_00020500 00000000_000c67c0 [NO ] 00000000 00000000 [YES]
Encrypted Metadata
unable to decrypt metadata
ELF header
type: Executable file
machine: PowerPC64
version: 1
phdr offset: 00000000_00000040
shdr offset: 00000000_000e6800
entry: 00000000_00000c60
flags: 00000000
header size: 00000040
program header size: 00000038
program headers: 2
section header size: 00000040
section headers: 10
section header string table index: 9
Program headers
type offset vaddr paddr
memsize filesize PPU SPE RSX align
LOAD 00000000_00010000 00000000_00000000 00000000_00000000
00000000_00000c70 00000000_00000c70 rwx --- --- 00000000_00010000
LOAD 00000000_00020000 00000000_08000000 00000000_08000000
00000000_000cb6d0 00000000_000c67c0 rwx --- --- 00000000_00010000
Section headers
[Nr] Name Type Addr ES Flg Lk Inf Al
Off Size
[00] <no-name> NULL 00000000_00000000 00 00 000 00
00000000_00000000 00000000_00000000
[01] <no-name> PROGBITS 00000000_00000000 00 wae 00 000 08
00000000_00010000 00000000_00000c70
[02] <no-name> PROGBITS 00000000_08000000 00 wa 00 000 04
00000000_00020000 00000000_0001758c
[03] <no-name> PROGBITS 00000000_08017590 00 a 00 000 16
00000000_00037590 00000000_0002c760
[04] <no-name> PROGBITS 00000000_08043cf0 00 ae 00 000 16
00000000_00063cf0 00000000_0007d768
[05] <no-name> PROGBITS 00000000_080c1460 00 ae 00 000 08
00000000_000e1460 00000000_00004278
[06] <no-name> PROGBITS 00000000_080c56d8 00 ae 00 000 08
00000000_000e56d8 00000000_00000080
[07] <no-name> PROGBITS 00000000_080c5760 00 ae 00 000 08
00000000_000e5760 00000000_00001060
[08] <no-name> NOBITS 00000000_080c6800 00 ae 00 000 128
00000000_000e67c0 00000000_00004ed0
[09] <no-name> STRTAB 00000000_00000000 00 00 000 01
00000000_000e67c0 00000000_0000003d
Core_os Tool:
1. Make sure the Core_os is named original.
2. Click Drop down menu
3. Then click decrypt and do it.
4. You will be outputed with a file called decrypted_core_os_package
5. Then click extract you will be presented with a extracted core_os
6. Then you can encrypt it and you will be presented with a encrypted core_os
7. Output below for decrypted log:
Metadata Key: D7 1D 9A 12 BB E6 D9 87 8F 72 AB 59 F1 ED D4 44
Metadata IV: 7E 05 A9 79 FF 64 DC FC 46 87 02 5B 69 82 AE E2
Metadata Size: 544 bytes
Data Start: 0x00000300
Data Size: 5778777 bytes (5.51 MB)
PKG Key: F8 72 19 EC FE 95 EF 1F 51 22 3D 04 A3 E2 37 5E
PKG IV: F7 1E 03 B6 9D 5D 74 D7 7B 03 F6 14 00 00 00 00
PKG Size: 7340000 bytes (7.00 MB)
Fix Tar Tool:
1. After modifying the tar file you need to fix it for it to be correct, so have it named "Update_files.tar"
2. Click drop down menu
3. Click the following options on the screen that apply to the tar you want to fix
4. Click do it, you will get a output similar like below:
Fixing file : BDIT_FIRMWARE_PACKAGE.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : BDPT_FIRMWARE_PACKAGE_301R.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : BDPT_FIRMWARE_PACKAGE_302R.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : BDPT_FIRMWARE_PACKAGE_303R.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : BDPT_FIRMWARE_PACKAGE_304R.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : BDPT_FIRMWARE_PACKAGE_306R.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : BDPT_FIRMWARE_PACKAGE_308R.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : BDPT_FIRMWARE_PACKAGE_310R.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : BDPT_FIRMWARE_PACKAGE_312R.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : BDPT_FIRMWARE_PACKAGE_314R.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : BLUETOOTH_FIRMWARE.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : CORE_OS_PACKAGE.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : MULTI_CARD_FIRMWARE.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : SYS_CON_FIRMWARE_01000006.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : SYS_CON_FIRMWARE_01010303.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : SYS_CON_FIRMWARE_01020302.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : SYS_CON_FIRMWARE_01030302.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : SYS_CON_FIRMWARE_01040402.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : SYS_CON_FIRMWARE_01050002.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : SYS_CON_FIRMWARE_01050101.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : SYS_CON_FIRMWARE_S1_00010002083E0832.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : UPL.xml.pkg
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : RL_FOR_PACKAGE.img
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : RL_FOR_PROGRAM.img
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash3_024.tar.aa.2012_06_15_074020
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_000.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_001.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_002.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_003.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_004.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_005.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_006.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_007.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_008.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_009.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_010.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_011.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_012.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_013.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_014.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_015.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_016.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_017.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_018.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_019.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_020.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_021.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_022.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
Fixing file : dev_flash_023.tar.aa.2012_06_15_073845
Owner/group: pup_tool(0001752)snes(0001274)
SCE Info Tool:
1. Have one of the following file in root folder, lv0, ld1ldr, lv2ldr, appldr, isoldr or eboot.bin
2. Click the option that applys
3. Click do it and you will get output similar like below:
Magic 0x53434500 [OK]
Version 0x00000002
Key Revision [Revision 0]
Header Type [SELF]
Metadata Offset 0x000001E0
Header Length 0x0000000000000500
Data Length 0x00000000000E6A80[*] SELF Header:
Header Type 0x0000000000000003
App Info Offset 0x0000000000000070
ELF Offset 0x0000000000000090
PH Offset 0x00000000000000D0
SH Offset 0x00000000000E6D00
Section Info Offset 0x0000000000000140
SCE Version Offset 0x0000000000000180
Control Info Offset 0x0000000000000190
Control Info Size 0x0000000000000070[*] Application Info:
Auth-ID [lv0]
Vendor-ID [hv]
SELF-Type [lv0]
Version 04.20[*] SCE Version:
Header Type 0x00000001
Present [FALSE]
Size 0x00000010
unknown_3 0x00000000[*] Control Info
Type Flags
Size 0x00000030
Next [TRUE]
Flags 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [*] Control Info
Type Digest
Size 0x00000040
Next [FALSE]
Digest 1 62 7C B1 80 8A B9 38 E3 2C 8C 09 17 08 72 6A 57
9E 25 86 E4
Digest 2 AE 8F B2 11 30 04 95 27 1F EC 74 69 CC 2A C7 CB
9E 76 D7 58 [*] Section Infos:
Idx Offset Size Compressed unk0 unk1 Encrypted
000 00010500 00000C70 [NO ] 00000000 00000000 [YES]
001 00020500 000C67C0 [NO ] 00000000 00000000 [YES][*] ELF64 Header:
Type [EXEC]
Machine [PPC64]
Version 0x00000001
Entry 0x0000000000000C60
Program Headers Offset 0x0000000000000040
Section Headers Offset 0x00000000000E6800
Flags 0x00000000
Program Headers Count 0002
Section Headers Count 0010
SH String Index 0009[*] ELF64 Program Headers:
Idx Type Offset VAddr PAddr FileSize MemSize PPU SPU RSX Align
000 LOAD 00010000 00000000 00000000 00000C70 00000C70 XWR --- --- 00010000
001 LOAD 00020000 08000000 08000000 000C67C0 000CB6D0 XWR --- --- 00010000[*] ELF64 Section Headers:
Idx Name Type Flags Address Offset Size ES Align LK
000 0000 NULL --- 00000000 00000000 00000000 0000 00000000 000
001 000B PROGBITS WAE 00000000 00010000 00000C70 0000 00000008 000
002 0013 PROGBITS -AE 08000000 00020000 0001758C 0000 00000004 000
003 0019 PROGBITS -A- 08017590 00037590 0002C760 0000 00000010 000
004 0021 PROGBITS WA- 08043CF0 00063CF0 0007D768 0000 00000010 000
005 0027 PROGBITS WA- 080C1460 000E1460 00004278 0000 00000008 000
006 002C PROGBITS WA- 080C56D8 000E56D8 00000080 0000 00000008 000
007 0033 PROGBITS WA- 080C5760 000E5760 00001060 0000 00000008 000
008 0038 NOBITS WA- 080C6800 000E67C0 00004ED0 0000 00000080 000
009 0001 STRTAB --- 00000000 000E67C0 0000003D 0000 00000001 000
SFO Reader Tool:
1. Name the file PARAM.SFO
2. Click drop dow menu and click sfo reader
3. Click do it and you will be presented with similar output like below:
****************
| HEADER |
****************
FILE_VERSION: 0x101
N┬░_PARAMETERS: 7
****************
| PARAMETERS |
****************
APP_VER: 01.16
CATEGORY: GD
PARENTAL_LEVEL: 0x09
PS3_SYSTEM_VER: 03.7200
TITLE: Modern Warfare┬� 3
TITLE_ID: BLUS30838
VE9: 01.00
RCO Tool:
1. Have the original name of one of the rco that are optioned in the drop down menu
2. Make sure that specific rco file is in your root of your folder
3. Click it then click do it, you will have a dumped rco in RCO folder along with following output:
RCO header info:
Endian = big (PS3)
VersionID = 0x120
Compression = 0x1
UMDFlag = 0
MainTree Offset = 0xa4
TextTree Offset = 0xe8c
ImageTree Offset = 0xcc
ObjectTree Offset = 0x1064c
TextData Offset = 0x9e4c [length = 0xd714]
NameData Offset = 0x16d6c [length = 0x1a14]
EventData Offset = 0x18780 [length = 0x27c]
ImageData Offset = 0x17560 [length = 0x2f100]
Header compression: compressed = 0x9d99 bytes, uncompressed = 0x18958 bytes
TextData Compression info:
LangID = 0x6, compressed = 0xbf1 bytes, uncompressed = 0x2ef8 bytes
LangID = 0x1, compressed = 0xab1 bytes, uncompressed = 0x2a80 bytes
LangID = 0x2, compressed = 0xc4a bytes, uncompressed = 0x30f8 bytes
LangID = 0x4, compressed = 0xc08 bytes, uncompressed = 0x2fd0 bytes
LangID = 0x5, compressed = 0xbc5 bytes, uncompressed = 0x2fb0 bytes
LangID = 0x0, compressed = 0x9c5 bytes, uncompressed = 0x18e8 bytes
LangID = 0x9, compressed = 0x9bb bytes, uncompressed = 0x18d0 bytes
LangID = 0x7, compressed = 0xc13 bytes, uncompressed = 0x2f48 bytes
LangID = 0x8, compressed = 0xcd5 bytes, uncompressed = 0x2f34 bytes
LangID = 0x3, compressed = 0xbbe bytes, uncompressed = 0x2ea8 bytes
LangID = 0xb, compressed = 0x8f1 bytes, uncompressed = 0x135c bytes
LangID = 0xa, compressed = 0x957 bytes, uncompressed = 0x1428 bytes
LangID = 0xe, compressed = 0xb80 bytes, uncompressed = 0x2bc0 bytes
LangID = 0xc, compressed = 0xb8b bytes, uncompressed = 0x2b94 bytes
LangID = 0xf, compressed = 0xb2e bytes, uncompressed = 0x2b20 bytes
LangID = 0xd, compressed = 0xb5d bytes, uncompressed = 0x2ac0 bytes
LangID = 0x10, compressed = 0xc92 bytes, uncompressed = 0x2eb0 bytes
LangID = 0x11, compressed = 0xbbe bytes, uncompressed = 0x2e70 bytes
LangID = 0x12, compressed = 0xab1 bytes, uncompressed = 0x2a80 bytes
Dumping resource 'tex_aa_plane'...
Dumping resource 'tex_button'...
Dumping resource 'tex_button_focus'...
Dumping resource 'tex_button_shadow'...
Dumping resource 'tex_arrow_anim'...
Dumping resource 'item_tex_plain_folder'...
Dumping resource 'tex_loading_icon'...
Dumping resource 'tex_opt_obi'...
Dumping resource 'tex_playing'...
Dumping resource 'tex_playing_shadow'...
Dumping resource 'game_tex_load'...
Dumping resource 'game_tex_load_shadow'...
Dumping resource 'tex_quit'...
Dumping resource 'video_tex_load'...
Dumping resource 'video_tex_load_shadow'...
Dumping resource 'video_tex_lock'...
Dumping resource 'video_tex_rental'...
Dumping resource 'tex_psplus_icon'...
Dumping resource 'bgdl_tex_preinstall'...
Dumping resource 'bgdl_tex_timelimit'...
Dumping resource 'tex_guit'...
Dumping resource 'tex_video'...
Dumping resource 'tex_video_shadow'...
Dumping resource 'item_tex_disc_bd'...
Dumping resource 'item_tex_disc_dvd'...
Dumping resource 'item_tex_disc_icon'...
Dumping resource 'item_tex_disc_bd_contents'...
Dumping resource 'item_tex_ms_icon'...
Dumping resource 'item_tex_sd_icon'...
Dumping resource 'item_tex_cf_icon'...
Dumping resource 'item_tex_psp_icon'...
Dumping resource 'item_tex_psp_ms_icon'...
Dumping resource 'item_tex_usb_connection'...
Dumping resource 'item_tex_digital_camera'...
Dumping resource 'item_tex_atrac_audio'...
Dumping resource 'item_tex_walkman'...
Dumping resource 'item_tex_ps_store'...
Dumping resource 'item_tex_upload'...
Dumping resource 'item_tex_dlna_scan'...
Dumping resource 'item_tex_dlna_base'...
Dumping resource 'item_tex_dlna_default'...
Dumping resource 'tex_mpg4'...
Dumping resource 'tex_avc'...
Dumping resource 'tex_mpg2'...
Dumping resource 'tex_mpg1'...
Dumping resource 'tex_mjpg'...
Dumping resource 'tex_wmv'...
Dumping resource 'tex_divx'...
Dumping resource 'tex_broken_icon'...
Dumping resource 'tex_unknown_icon'...
Dumping resource 'tex_bg_icon'...
Dumping resource 'tex_lock_icon'...
Dumping resource 'tex_sb_base'...
Dumping resource 'tex_sb_base_s'...
Dumping resource 'tex_sb_slider'...
Dumping resource 'tex_album_icon'...
Dumping resource 'video_tex_default'...
Dumping resource 'video_tex_album_default'...
Dumping Dutch text entries...
Dumping English text entries...
Dumping French text entries...
Dumping German text entries...
Dumping Italian text entries...
Dumping Japanese text entries...
Dumping Korean text entries...
Dumping Portugese text entries...
Dumping Russian text entries...
Dumping Spanish text entries...
Dumping ChineseSimpl text entries...
Dumping ChineseTrad text entries...
Dumping Danish text entries...
Dumping Finnish text entries...
Dumping Norwegian text entries...
Dumping Swedish text entries...
Dumping unknown0x10 text entries...
Dumping unknown0x11 text entries...
Dumping unknown0x12 text entries...
C2D Tool:
1. Have the eid_root_key named this "eid_root_key.bin"
2. Name the Flash or your Nor, CEXFLASH
3. Have openssl installed under C:/opensll
4. Then click drop down menu
5. Click only option
6. Click do it and get output plus DEXFLASH like below:
EID key : 48 bytes (eid_root_key.bin)
Flash size : 16 MB (CEXFLASH.bin)
Target ID : $85
EID ROOT KEY: 64D20967DEACDA16ACADBE289B0EE2C25EE77331A5040C5DC9 DF67B3FE574F6D
EID ROOT IV : 6BD7C324D3B213A647DC31987345595E
EID0 KEY : 9C1C4A93666EF67941F54679A7199D7553C8F0F50F3548C896 6D6872FC8CD668
EID0 IV : 2DC374E270F851EB0D524F89790F2563
EID0 SEC KEY: 4C40F3E244EF2BF29A9D48BE26FEEEEB
Target ID : $85 (from decrypted EID0 section)
CMAC HASH : F1053CC3818DD6CE2775F0273DFC212E
Writing modified flash (DEXFLASH.bin)...
Done!
"Does anyone else have Iris manager make their PS3 go nuts? I'm on Rebug Rex 4.30.2 and it causes the PS3 to apparently heat up so badly the yell...
That system uses 2 processes appldr, the 3.55, which installs the homebrew, and appldr (that of the Sony OFW) who starts the game 4.00.
A CFW obtained with a scrum of the various self of the core_os (4.00 and 3.55) but with a bit of reprogramming, so that uses two processes, depending on the function
Download: http://www.mediafire.com/?5kpbnpb4bujs3rz
To quote: Features:
• Can unpack any "PS3" Firmware up to date. Gets really fast after first or second use.
• A console is built into the program showing you the exact log a cmd would.
• Can Decrypt PS3/PSP retail PKG files (Signed by sony installable via OFW).
• Can readself of, Appldr, lv0, lv1ldr, lv2ldr, isoldr, EBOOT.BIN or if any of the things that you want to read are not listed on a button you can run a custom command to do it, for example: aim_spu_module.self just type that in where it says input and it will read it. So any file that is possible to use via readself, can be done in a fast manor 1-2 sec.
• A full featured .Conf editor. view .Conf files edit them then hit save button when finished.
• A awesome Core_os_package tool that can decrypt, extract and encrypt the Core_os_package.pkg all in about 1-2 sec.
• Sign pkg for 3.55 or 3.41
• UnSELF a file.
• Build SELF a file.
• Whenever a tar file is modified, it's permissions need to be set, this tool can do that for you. fix the tar file for the following FW. retail fw up to 3.72, debug fw up to 3.72 and retail and debug fw 4.0.
Usage:
Lets use a example: If you want to unpack a ps3 update just get the PS3UPDAT.PUP
(Don't change the name of any file in ps3 FW keep original) and put in tool folder, run my program click unpack and it will unpack it.
So like if you want to fix tar make sure the update_files.tar stays the same name and put in the main folder where program is located. same for anyfile keep the original name. So it's pretty simple just drag the file that you want the tool to do something with and keep the original name.
Here is a video I made (I am pretty bad a videos) to help it' a tutorial that covers everything. If some one else could make a better one that would be awesome.
Notes: PS3Tools GUI Edition will create two new files for the Core_os_package. "decrypted_core_os" and "CORE_OS_PACKAGE_ENCRYPTED.pkg" don't change the name of the decrypted one or else you won't be able to encrypt it
BETA Tester Thoughts: Tested by jhax78
All those command line tools that takes loads of time and sometimes commands that you need to understand will be replaced by this 1 click tool, even a trained monkey could extract repack sign with this now.. it's taking literally 3 seconds to extract a pup resign or whatever you need to do.
I'm no dev but like to poke around in stuff and i think more ppl think like this with this tool all that is just peanuts now.
More PlayStation 3 News...
OK so lets get right to it. This is a theory, nothing more.
There has been information available for quite some time. and I took it, thought about it, researched and experimented and I come out with my theory below to exploit 4.00 part of the way. This is not a random theory to, this is logical stuff and true facts. I'm providing this info for other devs to look at and lets see if this can work. I don't keep my work to my self, I like to share in give other people chances in discovering stuff. It always makes me happy when someone finds something out using my work, it just tells me I did a good job in describing and helping and they did a good job in listening and learning the material in order to trigger the exploit or whatever it might be.
So the lv2ldr verifys decrypts the lv2_kernal.self. we can get the address of this happening. inside Parameters Layout there are arguments, they are used as commands basically to load a function you want to use. they start in the lv2 @ 0x3E800(seems to be same for other ldrs) that address. There is a argument that is called lv2_in and lv2_out (we have know about these) basically we can use lv2_in to map out the address and lv2_out to map out the address for where the lv2ldr decryptes the self file.
We can make a program like readself basically and get the offset, u8* means read one byte from the address. use that and we can actually be get the exact offset where it all happens at. once we have the location grabbing this decrypted self should be the easy task. Like I said some info we had and some we did not know about can be obtained like this and used to get keys.
exploiting 4.00 with this method would work most likely because I doubt sony changed all the locations where the loaders do there thing, sure there encapsulated in the bootloader but they still pass over into the ram at one point before being fed over to the metldr which loads ldrs and if all that is still happening then Sony didn't change nothing.. some where along these lines:
[code]
void *buf; //