125w ago - Despite
retiring from the iPhone and PS3 scene shortly before
PS JailBreak first surfaced (amid
rumors from one
reseller that appear to point in his direction), today
GeoHot has reappeared and shared dePKG which is a PlayStation 3 Firmware Package Decrypter!
Downloads:
dePKG PS3 Firmware Package Decrypter /
dePKG r1 PS3 Firmware Package Decrypter by
daGraveR /
dePKG (Pre-Compiled x86_64 and x86) by
daGraveR /
dePKG (Pre-Compiled Win32) by
XVortex /
dePKG (Pre-Compiled Win32) and
Dissect_CoreOS by
cory1492 /
Decrypted CORE_OS PKG UnPack Script by
anomaly /
CORE_OS_PACKAGE.pkg Extract by
talruum /
Guide: Extracting dev_flash from PS3 Firmware Updates by
netkas /
FwTool to Encrypt PS3 Firmware Package Files by
waninkoko /
PS3 Firmware 3.41 Decrypt /
PS3 Firmware 3.50 Decrypt /
FwTool (Pre-Compiled) by
evilsperm /
PS3 PUP Update File Extractor/Creator and
PS3 PUP Update File Extractor v2 by
KaKaRoToKS /
PS3 Decrypt Tools (Windows) /
PS3 Firmware Toolbox v1.0 and
PS3 Firmware Toolbox v1.1 by
Chossy /
PS3 Decrypt SELF by
GFK
In his
post,
GeoHot simply stated the following, to quote:
"
A Little Gift for the Scene
#1419148 - Pastie
Decrypt pkg files computer side.
Mad props to
fail0verflow"
Additionally,
cory1492 states the following there: "CORE_OS_PACKAGE is NOT a .tar, it's a flash image - to extract it's contents you need to parse it out... a really shoddy/quickly made win32 built extractor for CORE_OS_PACKAGE is attached. Drag and drop your decrypted CORE_OS_PACKAGE onto the exe and it will extract the binaries inside (keep in mind most everything inside it is crypted, it contains the lv1/lv2 selfs and some spu modules and the like.) There shouldn't be anything in there that would prevent a very fast port to *nix (and many thanks go to graf_chokolo for partially documenting the structure on his hv reversing page at lan.st wiki.)
Also did a msys build of the depkg for windows which doesn't rely on external code, source included along with all the COPY notices that go with the aes implementation I used (also I'm running it on win7 x64 from the command line without issue, though it is a 32bit targeted build.)"
As a follow-up,
Mathieulh Tweeted the following confirmation: "http://pastie.org/1419148 <== thx geohot /me whistles"
To quote from PSGroove: "The app is very useful for devs, that are planning to look into Sony's official firmware files. dePKG is a linux app, that will decrypt PKG files (not to be confused with PSN PKG files), that are within PS3UPDAT.PUP files.
This will allow devs to take a look at files such as CORE_OS_PACKAGE.pkg, from the convenience of their PC. Previously, the only way to take a look at these files, was via graf_chokolo's method, which utilized the PS3. Geohot's app is ready to be compiled and includes the necessary decryption keys."
The PS3 Firmware Package Decrypter source code is linked above, and also can be found below as follows: http://pastebin.com/qvJdMtvX
Little script to unpack the decrypted core_os pkg by
anomaly:
http://pastebin.com/ujUdWEeW
http://pastebin.com/7VViLpAf
From
kamikatze, a Decrypted 3.41 CORE_OS_PACKAGE Extract Shell Script: http://pastebin.com/VzGwVYte
wow.thanks mate.thats amazing!!
tried to dl it.it says its some script or some bs.anyway you have a mediafire link.cheers...
From his twitter account: https://twitter.com/hackinblack/status/21002370037063680
Long time I don't play with C code... drinking an Erdinger here, and some other there, remembered old times coding this simple tool to extract files from CORE_OS_PACKAGE.pkg (after decoded with geohot tool, of course).
It's not hardcoded, so you can use it on every firmware version that's out. Attached the source code and a x86_64 dynamic compiled at CentOS 5.4.
Maybe the code is wrong, but until now, I assume that's ok. Let's play
Cheers!
[root@localhost 3.41-debug]# ./coreos_extract CORE_OS_PACKAGE.pkg.dec
Number of files: 23
Extracting filename: creserved_0 with size: 262144 at position 1120
Extracting filename: sdk_version with size: 8 at position 263264
Extracting filename: lv1ldr with size: 125256 at position 263296
Extracting filename: lv2ldr with size: 94192 at position 388608
Extracting filename: isoldr with size: 77940 at position 482816
Extracting filename: appldr with size: 123476 at position 560768
Extracting filename: spu_pkg_rvk_verifier.self with size: 64204 at position 684244
Extracting filename: spu_token_processor.self with size: 23700 at position 748448
Extracting filename: spu_utoken_processor.self with size: 26064 at position 772148
Extracting filename: sc_iso.self with size: 86828 at position 798212
Extracting filename: aim_spu_module.self with size: 17560 at position 885040
Extracting filename: spp_verifier.self with size: 55280 at position 902600
Extracting filename: mc_iso_spu_module.self with size: 32908 at position 957880
Extracting filename: me_iso_spu_module.self with size: 35000 at position 990788
Extracting filename: sv_iso_spu_module.self with size: 49272 at position 1025788
Extracting filename: sb_iso_spu_module.self with size: 23984 at position 1075060
Extracting filename: default.spp with size: 8864 at position 1099044
Extracting filename: lv1.self with size: 1211888 at position 1107968
Extracting filename: lv0 with size: 255608 at position 2319872
Extracting filename: lv2_kernel.self with size: 1561552 at position 2575480
Extracting filename: eurus_fw.bin with size: 462740 at position 4137032
Extracting filename: emer_init.self with size: 511416 at position 4599772
Extracting filename: hdd_copy.self with size: 396648 at position 5111188
Done!
[root@localhost 3.41-debug]#
I'm basing that on the fact that I know how to program and taking code and piecing it together into a code abomination isn't exactly hard, what is difficult is making the code clean and bug free.
While I agree with you that about 80% of the people on the forums are sitting here going "yeah but will it play GT5," I am not one of them. Writing code such that it works like current ppf patches where you have a main pup as in the update file and then a list of changes in a file like a ppf is not difficult.
Where the difficultly comes in is when people want to add themes and features (not present already) to the firmware. IMO these should be installed separate from a main update file, ESPECIALLY for the dumbasses out there that will go "hur an update for my ps3 slim that will make it play ps2 games dur OMFG I SHOULD INSTALL THIS."
if yes, we can keep 3.41 jailbreak firmware and use updated firmware with USb.
if no, i think I have to wait a little time
Don't think so. As I read the slides/see the videos from failoverflow, the keys for lv1/lv2/apploader are different. So, no apploader keys yet (to decompress self's). Correct me if I'm wrong.
And, we don't know how to bypass the chain of trust yet.
We need to change the loaders, or bypass them. Just setting up 3.55 apploader on 3.41 doesn't work too, 'cause 3.55 requires every loader from 3.55 and so on.
We still need more info to come public
Please explain because pkg_size is the size of the decrypted pkg, not the encrypted one. Can't see the error here, since 0x1000 = 4096:
pkg data @ 300 with size 1000
not inflated, writing 4096 bytes