Sponsored Links

Sponsored Links

PS3Tools GUI Edition v3.1 - PS3 SPU Emulation and .SELF Encryption


Sponsored Links
126w ago - Just a few days since his PS3Tools GUI Edition v3.0 release, PsDev has now updated the homebrew application to version 3.1 which includes PS3 SPU emulation changes, .SELF encryption and more as outlined below.

Download: [Register or Login to view links]

To quote: Just finished my latest update for PS3Tools GUI Edition. I added quite a bit of changes in this version, scroll down to the Change log to see.

  • .SPU is now extension for emulator
  • SPU editor
  • Edit SPU files for emulator
  • Save SPU files for emulator whilst the program still open for faster emulation
  • A label that tells whether it’s currently emulating or not
  • SPU emulator has message boxes now upon successeions or errors
  • SPU refreshed button fixed
  • Changed interface for LS and codewatcher
  • Debug pkg decryption temporarily removed
  • Checks pkg type now
  • SELF encryption added
  • Filter added to opening SPU file on editor and emulator so it narrows it down to just .SPU files
  • CEX2DEX now will tell if validation is done
  • Test.SPU included for testing
  • Included missing .dll for SPU emulation

I had some reports the Debug pkg decryption wasn’t working, so I removed until further notice.

TEST.SPU:

[Register or Login to view code]

Nice little example I made up, I commented on it to give you a little understanding. Still gotta give props to KDSBest for original creation.

Finally, below are some guides from PsDev (via psx-scene.com/forums/content/tutorial-2471/) for those interested:

PS3 PUP Unpacker:

1. Make sure the PUP is named "PS3UPDAT.PUP"
2. Click the drop down menu in PUP Tools
3. Click "PUP unpacker"
4. Now click do it and your down, you will receive a output like below:

[Register or Login to view code]


Dev_flash Tool:

1. Name the PUP "PS3UPDAT.PUP"
2. Click the drop down menu in PUP Tools
3. Click Dev_flash unpacker, and hit Do It. You will get output like below (Note, It will be a lot longer, that's just a example):

[Register or Login to view code]


Readself Tool:

1. Just place one of the following, lv0, lv1ldr, lv2ldr, appldr, isoldr or EBOOT.BIN in root of program folder
2. Click drop down menu
3. Click the one you want to use and click Do it, you will get the following output (Note, Different for other files selected):

[Register or Login to view code]


Core_os Tool:

1. Make sure the Core_os is named original.
2. Click Drop down menu
3. Then click decrypt and do it.
4. You will be outputed with a file called decrypted_core_os_package
5. Then click extract you will be presented with a extracted core_os
6. Then you can encrypt it and you will be presented with a encrypted core_os
7. Output below for decrypted log:

[Register or Login to view code]


Fix Tar Tool:

1. After modifying the tar file you need to fix it for it to be correct, so have it named "Update_files.tar"
2. Click drop down menu
3. Click the following options on the screen that apply to the tar you want to fix
4. Click do it, you will get a output similar like below:

[Register or Login to view code]


SCE Info Tool:

1. Have one of the following file in root folder, lv0, ld1ldr, lv2ldr, appldr, isoldr or eboot.bin
2. Click the option that applys
3. Click do it and you will get output similar like below:

[Register or Login to view code]


SFO Reader Tool:

1. Name the file PARAM.SFO
2. Click drop dow menu and click sfo reader
3. Click do it and you will be presented with similar output like below:

[Register or Login to view code]


RCO Tool:

1. Have the original name of one of the rco that are optioned in the drop down menu
2. Make sure that specific rco file is in your root of your folder
3. Click it then click do it, you will have a dumped rco in RCO folder along with following output:

[Register or Login to view code]


C2D Tool:

1. Have the eid_root_key named this "eid_root_key.bin"
2. Name the Flash or your Nor, CEXFLASH
3. Have openssl installed under C:/opensll
4. Then click drop down menu
5. Click only option
6. Click do it and get output plus DEXFLASH like below:

[Register or Login to view code]





Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter, Facebook and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene and PlayStation 4 scene updates and fresh homebrew releases!

Comments 52 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles.
 
#22 - moonwalker7 - 150w ago
moonwalker7's Avatar
The Appldr from 3.60 + firmware has been encapsulated in lv0. So we must first access the lv0 (not yet decrypted). In firmware 3.60-instead appldr is independent of other processes. If you change the system so that the install package files installs games appldr using of the firmware 3.55 (which we know keys), so installing a backup managers, which mounts the boot path of the games and then uses the appldr of the firmware 4.00.

That system uses 2 processes appldr, the 3.55, which installs the homebrew, and appldr (that of the Sony OFW) who starts the game 4.00.

A CFW obtained with a scrum of the various self of the core_os (4.00 and 3.55) but with a bit of reprogramming, so that uses two processes, depending on the function

#21 - elser1 - 150w ago
elser1's Avatar
good stuff.. thanks for that i'm sure i'll use it someday..

#20 - PS3 News - 150w ago
PS3 News's Avatar
Today PlayStation 3 developer [Register or Login to view links] has made available PS3Tools GUI Edition, which is a suite consisting of several PlayStation 3 utility PC applications.

Download: [Register or Login to view links]

To quote: Features:

  • Can unpack any "PS3" Firmware up to date. Gets really fast after first or second use.
  • A console is built into the program showing you the exact log a cmd would.
  • Can Decrypt PS3/PSP retail PKG files (Signed by sony installable via OFW).
  • Can readself of, Appldr, lv0, lv1ldr, lv2ldr, isoldr, EBOOT.BIN or if any of the things that you want to read are not listed on a button you can run a custom command to do it, for example: aim_spu_module.self just type that in where it says input and it will read it. So any file that is possible to use via readself, can be done in a fast manor 1-2 sec.
  • A full featured .Conf editor. view .Conf files edit them then hit save button when finished.
  • A awesome Core_os_package tool that can decrypt, extract and encrypt the Core_os_package.pkg all in about 1-2 sec.
  • Sign pkg for 3.55 or 3.41
  • UnSELF a file.
  • Build SELF a file.
  • Whenever a tar file is modified, it's permissions need to be set, this tool can do that for you. fix the tar file for the following FW. retail fw up to 3.72, debug fw up to 3.72 and retail and debug fw 4.0.

Usage:

Lets use a example: If you want to unpack a ps3 update just get the PS3UPDAT.PUP

(Don't change the name of any file in ps3 FW keep original) and put in tool folder, run my program click unpack and it will unpack it.

So like if you want to fix tar make sure the update_files.tar stays the same name and put in the main folder where program is located. same for anyfile keep the original name. So it's pretty simple just drag the file that you want the tool to do something with and keep the original name.

Here is a video I made (I am pretty bad a videos) to help it' a tutorial that covers everything. If some one else could make a better one that would be awesome.





Notes: PS3Tools GUI Edition will create two new files for the Core_os_package. "decrypted_core_os" and "CORE_OS_PACKAGE_ENCRYPTED.pkg" don't change the name of the decrypted one or else you won't be able to encrypt it

BETA Tester Thoughts: Tested by jhax78

All those command line tools that takes loads of time and sometimes commands that you need to understand will be replaced by this 1 click tool, even a trained monkey could extract repack sign with this now.. it's taking literally 3 seconds to extract a pup resign or whatever you need to do.

I'm no dev but like to poke around in stuff and i think more ppl think like this with this tool all that is just peanuts now.

More PlayStation 3 News...

#19 - enoughbr - 151w ago
enoughbr's Avatar
Developer PsDev is back again today with another article (psx-scene.com/forums/content/possible-1885/) for everyone to read and enjoy. This time, the topic revolves around a possible PS3 4.0 exploit, and the theory around it. This is information that he would like to share with the scene, in hopes of change and overcoming the current barriers to jailbreaking the PS3 console. Feedback welcomed, as PsDev has put a lot of thought and time into this theory.

OK so lets get right to it. This is a theory, nothing more.

There has been information available for quite some time. and I took it, thought about it, researched and experimented and I come out with my theory below to exploit 4.00 part of the way. This is not a random theory to, this is logical stuff and true facts. I'm providing this info for other devs to look at and lets see if this can work. I don't keep my work to my self, I like to share in give other people chances in discovering stuff. It always makes me happy when someone finds something out using my work, it just tells me I did a good job in describing and helping and they did a good job in listening and learning the material in order to trigger the exploit or whatever it might be.

So the lv2ldr verifys decrypts the lv2_kernal.self. we can get the address of this happening. inside Parameters Layout there are arguments, they are used as commands basically to load a function you want to use. they start in the lv2 @ 0x3E800(seems to be same for other ldrs) that address. There is a argument that is called lv2_in and lv2_out (we have know about these) basically we can use lv2_in to map out the address and lv2_out to map out the address for where the lv2ldr decryptes the self file.

We can make a program like readself basically and get the offset, u8* means read one byte from the address. use that and we can actually be get the exact offset where it all happens at. once we have the location grabbing this decrypted self should be the easy task. Like I said some info we had and some we did not know about can be obtained like this and used to get keys.

exploiting 4.00 with this method would work most likely because I doubt sony changed all the locations where the loaders do there thing, sure there encapsulated in the bootloader but they still pass over into the ram at one point before being fed over to the metldr which loads ldrs and if all that is still happening then Sony didn't change nothing.. some where along these lines:
[code]
void *buf; //

#18 - PS3 News - 158w ago
PS3 News's Avatar
I figured as much based on what I've read thus far, but Thanks for the confirmation Tidusnake666 and +Rep!

 

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2015 PlayStation 3 News