Sponsored Links

Sponsored Links

JaicraB on Cobra USB JIG Protection RTOC Trick for PS3


Sponsored Links
157w ago - Today Spanish PlayStation 3 developer JaicraB has explained the Cobra USB JIG protection RTOC trick implemented for the PS3 against cloning the device.

To quote, roughly translated: Flynn sent me this text explaining this protective carrying the Cobra, I hope it will open the eyes of those interested in reversing the dumps.

EXPLAIN RTOC COBRA TRICK

The JIG Cobra has several protective measures to ensure that your code could not be used correctly even if your code could be dumped.

This trick RTOC in the registry is the first used for this purpose in addition to hinder analysis.
Registration is initially RTOC stored in the battery to keep the RTOC of lv2 and power it back later:


At this point we have to explain that the OFFSET DELTA. DELTA OFFSET is a method used in the x86 in its original moments in the creation of computer viruses, to calculate the memory address in which we are in the sea of ​​bytes in RAM.

In the original time a computer virus when I did not know where he was pulled into an executable,
depending on the executable it could be an initial site or another, for it was invented DELTA OFFSET.

DELTA OFFSET can be used in any system, the procedure is:

  • Using the record that indicates the current execution address (or the next depending on the system)
  • Reducing the size of the previous code we use the value obtained from the registry.

Knowing this, and taking for example the x86 processor where the EIP register can not be read directly invented the trick make a call to a "subfunction" which is simply the following line to the call:


X86 call instruction saves the top of the stack the address of the next instruction to itself. Thus using pop draw from the top of the stack this value, and stored in eax for example, and having the memory address where we only subtract the above would be missing and we have the exact calculation.

The PowerPC can use this trick using the BL instruction is equivalent (LINK BRANCH), which jumps to a "subfunction" but before you save LR in the record the following address to BL.


At this point we see the trick used for the creation of the RTOC of charges at this time. If you look both r0 and RTOC are passed to 0:


Subsequently, given the value 0x11DE0 to RTOC:


A r0 is given the value 0x920:


R0 is subtracted from the value of RTOC:


Unlike the PowerPC x86 LR register can be read directly with mflr instruction, we put in RTOC the value obtained by the delta offset:


To calculate the delta offset subtract final instructions executed before the delta offset, which were 4, or 16 bytes:


Finally we add the value of r0 at the end of the delta offset RTOC, storing the result in the RTOC and this already takes RTOC suitable for this hook:


It takes having the RTOC stored in the stack 3 arguments that the hook received:


You call the function of the charges where the first argument will check for command 0x8202 (a special command to the usual):


After making the necessary steps as charged, the battery recovers the original RTOC, like the arguments the hook received, it executes the original instruction that was overwritten in the syscall entry 379 (in this case) to have our hook, and call the original syscall lv2:


Upon returning to retrieve the original LR from the stack and returns to the prompt





Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 690 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

PS3 News's Avatar
#685 - PS3 News - 4w ago
Here is a follow-up from magneto to the previous Cobra ODE 2.1 Public Beta for those interested:

We are releasing a public beta for the 2.1 firmware which is soon to be released. This beta is for v4.20, v4.30 and v5.10 boards only. Unfortunately, we are still finalizing the FPGA images for v3.x boards. You can download the beta from here: v2.1_beta.rar
For v4 board users, make sure you flash both FPGA images correctly.

For v5 board users, you MUST update to the 2.0 firmware before using this beta. If you did not update to 2.0 already, then the 2.0 firmware file is included in the beta archive.

Update 1: The beta image in the above file will not work on v5.x boards. Please use this beta file instead: [Register or Login to view links]

Here is the changelog:

  • FPGA1 : Fix timing issues in AES core
  • FPGA3 : Improve stability
  • Fix encryption issues causing 80010017 errors for v3, v4 and v5 boards
  • Fix bypass method for MPX001 motherboards
  • Fix issue when BD-RE disc is detected in drive
  • Added support for bypass.delay option (default is 10000 in milliseconds)
  • Enable mcu.underclock by default
  • Set default manager type to browser
  • Enable eject.on_selection by default
  • Enable eject.add_menu by default

Small changes are required, the browser, eject on selection, eject add menu and underclock are enabled by default, so in order to disable them you would need to use: mcu.underclock=0 or eject.add_menu=0 for example in cobra.cfg

Update 2: 2.1 Beta 9 Files: Link 1 (mediafire): [Register or Login to view links] / Link 2 (dropbox - mirror): [Register or Login to view links]

Comment: Both mediafire and dropbox files are identical one is just a mirror ...

Update procedure:

1. First update the .spi in the FPGA folder (reboot the ODE after the flash, it will finish after the reboot).
2. Then update the .spi in the root folder.
3. If you brick it, unbrick it with the procedure here: [Register or Login to view links]
4. Try step 1 and 2 again... (also some users and me (DarkKitarist) first updated to 2.0 from the official site and then updated to 2.1 beta 9)

Update 3: 14 - 6 - 2014 Cobra ODE News - Update

We are proud to present the 2.1 release, firstly we're updating the firmware to Improve stability and performance as well as fix bypass method not working for some PS3 models and we have made the Cobra browser the default game manager as well as displaying the firmware version in the browser and added new configuration options.

We haven now updated the bypass tools, the genps3swapdisc tool will now be able to update an existing swap disc when new eboots are added to it and previously converted isos will not need to be re-converted for the new swap disc. The EBOOT folder has also been updated, now with 5760 total eboots files.

The database has also been updated, and The user manual has now been updated illustrating new
config options.

A small number of 5.1B early production boards had a manufacturing issue which caused them to corrupt data and the PS3 would show an error when trying to run games.

We are releasing an update specifically for those boards which have issues and which should fix the problem, although we cannot guarantee every board will be fixed by the update. We recommend anyone with a defective board to return it for replacement after making sure the issue they are experiencing is caused by a defective board.

If the normal 2.1 firmware does not work for you and you get error 80010017 or 80010007 in the XMB, but the error disappears after you use the special 2.1 firmware for defective boards, then your board has the defect and you can request a replacement.

Cobra ODE 2.1 (Non-Beta) Changelog:

  • FPGA 1 : Fix AES encryption timing issues causing some encryption errors
  • FPGA 3 : Improve stability
  • V5.x boards : Update USB driver
  • V5.x boards : Fix race condition on USB reads causing error
  • Add support for bypass.delay configuration option
  • Add support for folders.ps3_games configuration option
  • Add support for folders.ps2_games configuration option
  • Add support for folders.ps1_games configuration option
  • Add support for folders.bd_movies configuration option
  • Add support for folders.dvd_movies configuration option
  • Fix issue with uninitialized configuration on ODE boot causing software pass-through mode to be enabled by default until valid HDD is inserted
  • Change default manager type to browser
  • Set eject.on_selection=1 option as default
  • Set eject.add_menu=1 option as default
  • Set mcu.underclock=1 option as default
  • Fix issue of disc not showing if PS3 boots with a BD-RE disc in tray
  • Display firmware version in XMB when using the browser
  • Fix bypass method freezing for 4k systems with MPX001 motherboards

Downloads:


Finally, from Joonie86: Here's the important files of swap disc tool, I just created a new swap iso files.

Download: [Register or Login to view links]

Path: D:\
891de28e99a099034174676fb4346ab2 SWAP.iso 150.0 MB (157,286,400)

TOTAL: 1 files - 150.0 MB (157,286,400 bytes)

This is really small and fast, I'm currently testing if all my previous ISOs are OK with new swap disc I just burnt. I'll also try different bootdisc as well without conversion.










esostaks's Avatar
#684 - esostaks - 6w ago
Hey guys!

Recently I bought PS3 Slim 12 GB and installed the latest version of Cobra ODE. What I didn't know when buying my PS3 was the fact that most of the games will install files to your internal HDD even if you run those games from CD or from your external HDD as in the case with Cobra ODE.

Is there any hacker solution to change the location of game data to the external HDD or to avoid the installation of game data at all?

hooman777's Avatar
#683 - hooman777 - 8w ago
hi everybody, I have a ps3 slim with cobra ode v5.1 on ofw 4.55 and i have problem with my WD elements hdd, so my console can not recognition it (in NTFS format) at backward pcb usb and the red light dont changing to the green light?!

but when i change hdd to the fat32 it dose know it?! and in fat32 format my games have lag and rippe and slow load and slow speed!!!

how can i to change my hdd to ntfs (normal ways dont work) and solve the same problems? any one can help me plz help?

sorry for my bad language

PS3 News's Avatar
#682 - PS3 News - 8w ago
Today SDeath (via magneto) announced that the Cobra ODE 2.1 update is incoming with the changelog below, as follows:

  • FPGA 1 : Fix AES encryption timing issues causing some encryption errors
  • FPGA 3 : Improve stability
  • V5.x boards : Update USB driver
  • V5.x boards : Fix race condition on USB reads causing error
  • Add support for bypass.delay configuration option
  • Add support for folders.ps3_games configuration option
  • Add support for folders.ps2_games configuration option
  • Add support for folders.ps1_games configuration option
  • Add support for folders.bd_movies configuration option
  • Add support for folders.dvd_movies configuration option
  • Fix issue with uninitialized configuration on ODE boot causing software pass-through mode to be enabled by default until valid HDD is inserted
  • Change default manager type to browser
  • Set eject.on_selection=1 option as default
  • Set eject.add_menu=1 option as default
  • Fix issue of disc not showing if PS3 boots with a BD-RE disc in tray
  • Display firmware version in XMB when using the browser
  • Fix bypass method freezing for 4k systems with MPX001 motherboards

Also some user videos of related issues:







PS3 News's Avatar
#681 - PS3 News - 9w ago
Cobra Box v1.04 and v1.05 are now available with details below roughly translated by sadeghgenavehi, as follows:

Download: [Register or Login to view links] / [Register or Login to view links] (Mirror) / [Register or Login to view links] (Mirror #2) / [Register or Login to view links] (Mirror #3)

Certainly, many users are familiar with the Cobra Custom Firmwares and different capabilities. This Custom Firmwares terms of security and features are better than normal Custom Firmwares.

Now, I have released a new version of app called Cobra Box v 1.04. Cobra Box can fixes many bugs and problems in cobra cfws and provide new feature in this cfws to you and a lot of users who will use the cobra custom firmwares.

With this tool you can get the latest version of webMAN directly and very quick to install and also take advantage of other programs.

Changelog v1.04:

  • Possibility installing webMAN 1.29.3 (MOD)
  • Possibility installing HabibPlugin on all CFW Habib Cobra Cfw 4.55 V 1.03
  • Possibility installing Cinavia Remover for firmware 4.46, 4.55
  • Possibility installing dynamic ColdBoot proprietary for firmware 4.46, 4.55 (Final version)
  • Possibility installing Habib 4.55 Spoofer on all CFW,s 4.46, 4.50, 4.53
  • Possibility enabling the ability to take screenshots from games Custom Firmware 4.46
  • Possibility installing webMAN Custom Icons
  • Possibility installing Package Manager
  • Remove the in-game music
  • Fix some minor bugs

Attention: For more Security recommend installed Habib Cobra V 1.03 to up. because other app and function such as webMAN installed in the folder Dev_habib to the limit possible banning on running games… to zero.

Please tell me what you like the new features to be added in the next version of the program can ask in this thread.

Changelog v1.05:

Certainly, many users are familiar with the Cobra Custom Firmwares and different capabilities. This Custom Firmwares terms of security and features are better than normal Custom Firmwares.

Download: [Register or Login to view links] / [Register or Login to view links] / [Register or Login to view links] / [Register or Login to view links]

  • Add to IrisManager specific Persian language for all versions
  • Possibility installing webMAN 1.29.3 (MOD)
  • Possibility installing HabibPlugin on all CFW Habib Cobra Cfw 4.55 V 1.03
  • Possibility installing Cinavia Remover for firmware 4.46, 4.55
  • Possibility installing dynamic ColdBoot proprietary for firmware 4.46, 4.55 (Final version)
  • Possibility enabling the ability to take screenshots from games Custom Firmware 4.46
  • Possibility installing webMAN Custom Icons
  • Possibility installing Package Manager
  • Remove the Habib 4.55 Spoofer
  • Fixed Bugs in Previous Version
  • Added a Function for Fix Persian language in IRIS manager or Others Forks of Iris manager

Attention: For more Security recommend installed Habib Cobra V 1.03 to up. because other app and function such as webMAN installed in the folder Dev_habib to the limit possible banning on running games... to zero.

Enabling Learning HabibPlugin: After installing HabibPlugin to enable the running game XMB or R2 L2 Select buttons you activate this plugin.

Enabling Learning Farsi Saz IrisManager: First of all IrisManager to install software (not matter what version it is) then run it once and go to the XMB CobraBox program to install it. Then make IrisManager program and click Start button, then go to the Tools and click on the English button and put it on Custom File Now lets cross the language will enjoy this program.




Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News