Finally, after a long period of a scene that got riddled by money hungry dongle suppliers we uncover this big scam and show you how things actually work.
First of all, none of the code the dongles use comes from the creators. All files used come directly from higher PS3 firmwares. This works by using plugins / SPRX's who are basically just drivers, from a higher PS3 firmware.
To get games to work, you need to use the files from higher firmwares, that games require. Those plugins we are talking about, also have the decrypt information stored in them that the games use to work.
Some of the newer SPRX's are compatible with older firmwares and can be used on older firmwares quiet easily. All you need to do is place them in the right folder and that's it.
Of course this procedure doesn't work with all the games quite so easy, some of the 3.6+ games load right away, others need some fixing. This fixing is done by patching the SPRX's to work with the lower firmware. Porting the drivers, so they can work with lower firmwares should be the easiest task.
Basically all this DRM does is nothing. The stick holds some drivers, like i explained earlier in this post, and lets the system use them. The HyperVisior LV1 Patches are nothing more then redirections to the USB stick / DRM fake.
The USB stick holds some dev_flash files, the system then uses. Its basically the same thing we did in the early stages of the Custom Firmware to load modified files quick and easy.
So after knowing all this, this explains why the dongles use DRM on their USB stick, simply to not let us see that they are really just scamming us with the cheapest materials they could find and some (by now old) dev_flash files stored in it. It's nothing more, and I'm sure that TeaM AC1D will empower more things and work on more in the future then the dongles have in last months.
We love Open Source and that's why we share this information with you. This needs to be stopped and we should all join hands to finally put an end to all of this. Use this information and do what you have to do.
Our respect goes out to Kakaroto, grafchokolo, Hermes, Deank, JaiCraB, Jjolano, Stoker25, Redsquirrel87, GeoHot, Condorstrike, Team Hades and everybody else we forgot to mention here.
Don't let yourself get fooled by these dongles guys and happy hacking to everyone!
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
Below is a work-in-progress (WIP) of PS3 3.60+ games booting on PlayStation 3 Custom Firmware (CFW) 3.55 and 3.41 without a dongle for those interested in experimenting further with it.
What you need ?
1- PS3 3.55 CFW Rebug or 3.55/3.41 with Debug
2- Debug Dev_Flash (Also allow to have the debug options on retail)
3- Backup of your own CFW DEV_Flash (make a dev_flash path on your USB Device)
4- A File Manager
5- EBOOT.BIN of your games (also from Paradox)
What you need to know
Rebug normal in Debug mode 2
You need to put your PS3 in boot mode -> debugger mode (and not system software mode)
We're gonna use the debugger mode to debug the self execution we don't need to have NPDRM, anyway the debugger don't know how to Debug the Self NPDRM
Release mode -> Development mode
All the content type configuration -> Development mode
Dongle uses modified sprx/modules/lib related to the Debug files to be loaded when you boot the PS3 on CFW.
Almost all the EBOOT Paradox don't have NPDRM -> it's a simple self (fake sign header) renamed to EBOOT.BIN (like i was explaining many times) -> call function to the debugger -> sprx/modules loader.
Let's do a small test to be sure that you understand.. take whatever EBOOT Paradox, open with editeur hexa, check the first header ->
You can see that is a standard Self without NPDRM only have a fake sign header.
Rename this file EBOOT.SELF than .bin transfer your self on your usb stick/storage, launch a file manager, add the self to the path of your game and execute your self after that, self will load on the path APP_HOME of your XMB.
If you launch that with the debugger mode, it execute without problem and the debugger don't need to have NPDRM (anyway the debugger don't know how to read Self NPDRM)
Why we need debug_devflash
We need that to replace some specific temporary file to allow to boot on debugger mode and reload the XMB, also the backup of your dev_flash CFW it's here to put back your files (that allow to reboot without crash).
I don't put all now put this is one of the step and WIP of game 3.60+ boot on 3.55/3.41. Remember that the dongle use also standard Self to be load on a debugger mode.