Sponsored Links

Sponsored Links

PS3 3.60 Keys Leaked, New PlayStation 3 EBOOTs Decrypted & More!


Sponsored Links
111w ago - Following up on the previous news that the PS3 v3.60+ keys were incoming, today the PS3 3.60 keys appear to have been leaked from fckyoudh on Spanish site Elotrolado (linked above) which has lead to new decrypted PlayStation 3 EBOOT fixes for CFW users.

Download: [Register or Login to view links] / [Register or Login to view links] (Mirror) / [Register or Login to view links] (Mirror #2) / [Register or Login to view links] (Mirror #3) / [Register or Login to view links] (Mirror #4) / [Register or Login to view links] (Mirror #5) / [Register or Login to view links] (Mirror #6) / [Register or Login to view links] (Mirror #7) / [Register or Login to view links] (Mirror #8) / [Register or Login to view links] / [Register or Login to view links] (Mirror) / [Register or Login to view links] (Mirror #2) / [Register or Login to view links] (Mirror #3) / [Register or Login to view links] (Mirror #4) / [Register or Login to view links] (Mirror #5) / [Register or Login to view links] (Mirror #6) / [Register or Login to view links] (Mirror #7) / [Register or Login to view links] (Mirror #8) / [Register or Login to view links] (Mirror #9) / [Register or Login to view links] (Mirror #10) / [Register or Login to view links] (Mirror #11) / [Register or Login to view links] (Mirror #12) / [Register or Login to view links] (Mirror #13) / [Register or Login to view links] (Mirror #14) / [Register or Login to view links] (Mirror #15) / [Register or Login to view links] (Mirror #16) / [Register or Login to view links] / [Register or Login to view links] by nathan_r32_69 / [Register or Login to view links] / [Register or Login to view links] by PsDev / [Register or Login to view links] by coreylad / [Register or Login to view links] by Attila

To quote, roughly translated: [Register or Login to view links] (aka [Register or Login to view links])

fck you .... demonhades I told you you were in your place guapeton these strings do you like most? Anti-e3 people.

PS3 3.60 Keys:

[Register or Login to view code]

From eussNL: I wonder if anyone is even considering adding the 3.56 and 3.60 keys to appldr to make 3.60 content playable

3.60 Keys, ready for use with Naehrwert SCETool: [Register or Login to view links]

[Register or Login to view code]

For those curious, below are some PlayStation 3 games which are reported as being 3.6 Firmware titles, however, some of them have already been fixed and are working on PS3 Custom Firmware:

  • Air Conflicts: Secret Wars
  • Alice: Madness Returns
  • Ape Escape On The Move
  • Arcana Heart 3
  • Atelier Meruru: The Apprentice of Arland (Japanese release)
  • Brink
  • Captain America: Super Soldier
  • Catherine
  • Crysis
  • Deus Ex: Human Revolution
  • Dirt 3
  • Duke Nukem Forever
  • Dynasty Warriors Gundam 3
  • Earth Defense Force: Insect Armageddon
  • El Shaddai: Ascension of the Metatron
  • F.E.A.R 3
  • Green Lantern: Rise of the Manhunters
  • Harry Potter and the Deathly Hallows: Part 2
  • Hunted: The Demons Forge
  • inFAMOUS 2
  • inFAMOUS 2: Festival of Blood
  • Kung Fu Panda 2
  • LA Noir
  • LEGO Pirates of the Caribbean: The Video Game
  • Let's Dance with Mel B
  • MLB 2011: The Show
  • MX vs. ATV Alive
  • Naruto Shippuden: Ultimate Ninja Storm 2
  • Nascar The Game 2011
  • National Geographic Challenge
  • NCAA Football 12
  • Need for Speed: Shift 2 - Unleashed
  • Operation Flashpoint: Red River
  • Phineas and Ferb Across the 2nd Dimension
  • Portal 2
  • Prince of Persia Trilogy 3d
  • Record of Agarest War Zero
  • Red Faction: Armageddon
  • Sniper: Ghost Warrior
  • Supremacy MMA
  • The Penguins of Madagascar: Dr. Blowhole Returns
  • Thor: God of Thunder
  • Transformers: Dark of the Moon
  • Warriors: Legends of Troy
  • White Knight Chronicles II

From the PlayStation 3 Developer Wiki (via ps3devwiki.com/wiki/KaKaRoTo_Kind_of_%C2%B4Jailbreak%C2%B4#3.60_keys_Update):

PS3 3.60 keys Update

Q: Recently 3.60 keys surfaced (lv1ldr, lv2ldr, isoldr, appldr), what does this mean for this release and the future?
A: That is actually a multiparted answer: Now that several binairies (Iso module + CoreOS minus the loaders that are inside lv0) can be decrypted, more investigation can be done in them, which give a new boost in (unrelated to the HeN) other targets, like:

  • Hardwareless downgrades : Downgrading with PSgrade Dongle (lv1.self)
  • QA Flagging / systemtokens (spu_token_processor.self) and usertokens (spu_utoken_processor.self)
  • PS2 compatibility (mc_iso_spu_module.self , me_iso_for_ps2emu.self , sv_iso_for_ps2emu.self)
  • Getting per_console_root_key_1 / EID_root_key on 3.56+/slim3K (lv1.self , aim_spu_module.self)
  • Backsigning applications for <=3.55 and patch sys_proc_param_version (appldr.self , lv2_kernel.self)

Q: So does this mean a future release would be sooner?
A: Only God knows But it can also be that because of the above, it would become meaningless/surpassed by better progress. So lets all hope for the best

Also from PS3 Dev Wiki (ps3devwiki.com/wiki/Talk:Playstation_Update_Package_%28PUP%29#Adding_new_keys_to_older_firmwares):

Adding new keys to older firmware

  • Patch the loaders
  • Add keys to appldr keys index & tables
  • There are also npdrm keys inside appldr as well, add the 3.56++ ones
  • appldr,. lv2.self and game_ext_plugin need patching for new games support
  • vsh.self maybe too

Note: PlayStation 3 developer Rogero has confirmed he started working already.. stating eventually it will be possible to do a new PS3 CFW so EBOOT converters are not necessary.

From Sony PS3 hacker deank: They also posted my ebootFIX/ebootMOD tools prepackaged (linked above) with the keys in .ps3 folder, so it is ready to be used like in the old 3.41/3.55 days.

Have in mind that some games (like Sniper Ghost Warrior) have additional .self/.sprx files and it is better to use ebootFIX by dragging the PS3_GAME folder to it - it will find and fix all necessary files. If you use ebootMOD you'll have to search for these files yourself and 'fix' them one by one.

How to Use SCETool to Decrypt a PS3 3.60 EBOOT.BIN File Guide:

[vcdLAKERS] for those of you who want to decrypt a 3.60 EBOOT.BIN use scetool
[vcdLAKERS] download scetool_0.2.7.zip unzip it to C:\scetool
[vcdLAKERS] create a new folder inside scetool and name it data
[vcdLAKERS] and download these files here:

  • keys: ps3devwiki.com/files/devtools/scetool/data/keys
  • ldr_curves: ps3devwiki.com/files/devtools/scetool/data/ldr_curves
  • vsh_curves: ps3devwiki.com/files/devtools/scetool/data/vsh_curves

[vcdLAKERS] and put them inside data folder
[vcdLAKERS] put your EBOOT.BIN file in scetool folder
[vcdLAKERS] go to start - run - cmd and cd to the folder were scetool is
[vcdLAKERS] for example "cd C:\scetool"
[vcdLAKERS] then type this command to decrypt the EBOOT.BIN:
[vcdLAKERS] scetool -d EBOOT.BIN EBOOT.ELF
[vcdLAKERS] and use this one to encrypt it to 3.41 :
[vcdLAKERS] C:\scetool>scetool -0=SELF -5=APP -6=0003004100000000 -e EBOOT.elf E
[vcdLAKERS] BOOT.BIN

From Billal (aka S.B.M) comes a few corrections to the above guide, as follows:

You have to leave a space between an (abbreviated) option and a parameter not an equal sign "="
It lacks the option for key revision "-2 0004" or "--key-revision=0004"

This is the correct command: C:\scetool>scetool -0 SELF -1 TRUE -s TRUE -2 0004 -3 1010000001000003 -4 01000002 -5 APP -6 0003004100000000 -e EBOOT.elf EBOOT.self

How to Use SCETool to Decrypt a PS3 3.60 EBOOT.BIN File (Revised) Guide:

  • For those of you who want to decrypt a 3.60 EBOOT.BIN use scetool by naehrwert.
  • Download scetool_0.2.7.zip unzip it to C:\scetool
  • Create a new folder inside scetool and name it data and download the data files from the previous guide and put them inside data folder
  • Put your EBOOT.BIN file in scetool folder
  • Go to start > run > cmd and cd to the folder were scetool is for example "cd C:\scetool"
  • Then type this command to decrypt the EBOOT.BIN: scetool -d EBOOT.BIN EBOOT.ELF
  • And use this one to encrypt it to 3.41: C:\scetool>scetool -0 SELF -1 TRUE -s TRUE -2 0004 -3 1010000001000003 -4 01000002 -5 APP -6 0003004100000000 -e EBOOT.elf EBOOT.self
  • Or you can use ScetoolGui (ps3devwiki.com/files/devtools/scetool/ScetoolGui.exe)
  • Download and copy ScetoolGui.exe to your scetool folder
  • Open it > click browse file and select your game EBOOT.BIN
  • Then click decrypt, scetool will decrypt your "eboot.bin" and create a new file "eboot.elf" (decrypted eboot.bin)
  • To resign "eboot.elf" for lower fw (3.41) activate enable encryption: in self type choose APP and in SELF fw version write 3.41 and click encrypt.
  • Don't forget to rename EBOOT.self to EBOOT.BIN.

From defaultdnb comes another brief How-To Guide:

  • Download the keys folder for 3.60.
  • Download deank's ebootfix.
  • Add keys to eboot fix .PS3 folder.
  • Drag PS3_GAME folder from 3.60 game info the ebootfix.exe
  • Profit.

From andreus: Ok, so for the updates do this:

1. So first go get the scetool (ps3devwiki.com/files/devtools/scetool/) Download the entire directory and subdirectories and unzip the latest version 0.2.7
2. Create a batch file named "eboot360npdrmfix.bat" in scetool folder with this code:

[Register or Login to view code]


3. Put the EBOOT.BIN in the scetool main folder
4. Do this command

[Register or Login to view code]


And get the ContentID
5. Run from dos prompt

[Register or Login to view code]


It pauses when you encrypt the file and them shows the info of the new EBOOT.BIN for you to check.
6. You should now have an EBOOT.BIN NPDRM signed. If you want to put it in the package, use psn_package_npdrm.exe to create the package.

How to Use AldosTools Applications Guide:

1. For retail disks signed with 3.60 keys: Copy all eboot.bin/SPRX/SELF/SFO files to the tool directory and run eboot_fix.bat, them copy the reasigned files to your game backup directory. This tool will reasign all files with 3.40+ keys (works on 3.40+ cfw), reasign the sys_proc_param to 3.40 and change the sfo to 3.40

2. For game updates signed with 3.60 keys: Extract the package, copy EBOOT.BIN/PARAM.SFO and all SPRX/SELF files to the bruteforce tool directory

2.1 If it only uses EBOOT.BIN and PARAM.SFO, just run eboot_fix.bat
2.2 If also have SPRX/SELF files
2.2.1 If SELF file is equal to eboot.bin use bruteforce tool and it will autodetect and just create a reassigned copy of EBOOT.BIN (deank method)
2.2.2 Else, you have to bruteforce with bruteforce tool to get the klic so you can decrypt the SELF/SPRX files and them reassign them

When you have all files reasigned, them create a fix update package. Extra: If do not want to be disturbed with game updates with 3.65+ keys change PARAM.SFO APP_VERSION to 9.99. Note: This tool can't manage sdat, edat files

Convert PS3 3.60 Games / Patches to 3.55 Guide By JayDee78

Download this, it contains all the tools need:


Download and unrar to a folder. Also, use sfoedit to change the param.sfo to 3.55/3.41 instead of 3.60. I'll use Dirt 3 (BLES01287) in this example. Get the EP4001-BLES01287_00-DIRT3PATCHEU0101-A0101-V0100-PE.pkg patch and start Pkgview 1.3.

Drag and drop the Dirt 3 pkg patch in the left window, right click in it, and "extract to source directory"

Cut the eboot.bin from the "PkgView_1.3\EP4001-BLES01287_00-DIRT3PATCHEU0101-A0101-V0100-PE\BLES01287\USRDIR" and paste it in the SCETOOL folder. In the SCETool folder hold down the shift button+right click in the window and choose "open cmd window"

Write "ebootfix EP4001-BLES01287_00-DIRT3PATCHEU0101" and it starts decrypting the file. Take the EBOOT.bin (not ORGINAL_EBOOT.bin) and copy it back to the USRDIR folder you first got it.

Now cut the BLES01287 folder and paste it in the psn_package_npdrm folder (package.conf in here needs to change package version from 1.04 to 1.01 but the rest is already setup for DIRT3). Again, open a cmd window (shift+right click) and write "psn_package_npdrm.exe package.conf BLES01287"

Wait until finished, install the new pkg and play Dirt 3. Guide works for all 3.60 games/patches (WITHOUT selfs & sprx files These are ten times harder to decrypt and fix up to a proper retail level...) Hope someone gets some use from this

From Spanish site [Register or Login to view links] comes [Register or Login to view links] with a brief guide (roughly translated) as follows:

Here are the manuals:

  • You must copy the keys (. Ps3keys) in your user folder (C: \ Users \ XXXX \. Ps3keys) if you have Windows, if you want to use Cygwin or Linux you get the keys (. Ps3) in your user folder (home \ XXXXXX \. PS3), you should copy the two folders.
  • Just put in the command (cmd / terminal) the command to decrypt would be: EBOOT.BIN unself EBOOT.ELF
  • To encrypt this: EBOOT.ELF make_self EBOOT.BIN
  • The easiest is to drag the console, otherwise you must move the directories to where the exe / bin and decrypt / fix are.




PsDev has made available [Register or Login to view links] followed by the [Register or Login to view links] from coreylad which may be of use to those seeking a PlayStation 3 version 3.60 Custom Firmware (CFW) update

To quote: The files in the download below are all from the 3.60 Core_OS and I decrypted using the 3.60 keys.

The files that were unselfed were:

  • aim_spu_module
  • emer_init
  • lv1.self
  • lv2_kernal
  • manu_info_spu_module
  • mc_iso_spu_module
  • me_iso_spu_module
  • sb_iso_spu_module
  • sc_iso
  • spp_verifier
  • spu_pkg_rvk_verifier
  • spu_token_processor
  • spu_utoken_processor
  • sv_iso_spu_module

Also like to thanks naehrwert.

PS3 developer SiLENTGame has made available PS3 Hack Checker v0.1 followed by [Register or Login to view links] stating:

I was bored and so I have written a little tool which grabs the latest "hack status" of the PS3. I think the screenshot below says everything. I hope you like it. I'm thankful for suggestions, bug reports or anything else. So long.

It's important to note that currently PS3 CECH-3nnnX/CECH-4nnnX (and some CECH-2500X) console models cannot be downgraded though.

v0.2 Changelog:

  • hackable firmware fixed
  • firmware downgrade information added
  • key information added
  • DEX converting information added

PlayStation 3 developer Deviance has made available [Register or Login to view links] followed by [Register or Login to view links] which is a PS3 EBoot Grabber with the following features:

This application is designed to make life easier to download Eboots. Since it's the initial release, The database is still quite small but will be updated over time to add more additions. Very simple to use. Click the game and press go!

What's new?

  • Initial release

Notes

  • Planning on adding descriptions and make sure you are using the latest eboot
  • Buy me a beer! (Info in about tab)
  • If the eboot download gets removed. Just wait and a new link will be in the db.

Update

  • Database updated
  • If you're experiencing graphical issues when running the application, try [Register or Login to view links] version.

About

  • Freeloader is an app for windows that has a database full of the latest 3.60 Eboots to be easily downloadable.

What's new in V0.2?

  • Spiffy Gui
  • PS ID's added
  • Regions Added
  • Descriptions Added
  • (Bugfix) Corrected how it grabbed the database
  • A new database layout. (Lots of new titles added)
  • The db will have even more titles soon. (Only a one man band)

PlayStation 3 developer aryaei (aka aryasoft2872) has made available [Register or Login to view links] (requires [Register or Login to view links]) followed by [Register or Login to view links] which assists users in fixing PS3 3.6 games automatically.

You have to just enter the title ID and after click on "Do It!" it will automatically download patches and then fix the latest one for you. This app also has an option that will fix EBOOT.BIN without downloading updates.

FYI:

1- if you have downloaded files before and you just want to fix them put them in application's folder.after checking the sony server if file exists it will skip that file and will start to fix
2- to copy download Download Link double click on it
3- this app doesn't changes PARAM.SFO (Some times changing PARAM.SFO causes some problem in packing) to prevent Update error enable the spoof on your cfw
4- here is a example of which files to install
for example i want to update and install Gran Turismo 5

1- Enter BCES00569
2- it will automatically download the 9 files:

[Register or Login to view code]

After download finished the application will automatically fix the latest patch (in this case:"EP9001-BCES00569_00-0000000000000000-A0113-V0100-PE.pkg") and will make a new file which is fixed for 3.55 with following name: EP9001-BCES00569_00-0000000000000000.pkg (The last part of name has been removed.)

Now you have to install following 8 files:

[Register or Login to view code]

And then install the latest update which is fixed by application (EP9001-BCES00569_00-0000000000000000.pkg)

Changelog v1.2:
Version 1.2 is ready to download...

  • Added:Sign and repack specific PKG.
  • Fixed: 8001003C error
  • Improvements in fixing and file managing.
  • Fixed: blur bog
  • Minor UI Changes.
  • Fixed: some of minor bugs

Changelog v1.1:

  • Fixed some bugs
  • Updated scetool to latest version to have better fixing.
  • Added Option to just fix EBOOT.BIN.
  • Some minor improvements in code.

Asure (via pastie.org/4407666) has made a [Register or Login to view links] that can bruteforce the klic key from PS3 EBOOTs that use/load SELF/SPRX files stating the followng:

[Register or Login to view code]

You need to put this into a folder with scetool, data / keys etc. working. Then drop an eboot.bin and decrypt it with scetool into eboot.elf. The drop an encrypted self, or sprx and modify the bat file a little perhaps.

The needed linux tools like od.exe, sed.exe, can all be found in the package above. If you want to test with say, portal 2 sprx files, you can try starting at offset 608600. MW3 around offset 54272.. The batch file is not perfect. On large files, the CUT command starts to malfunction as i don't take this into account with the sed/cut combo. Some PS3 game key examples are located HERE and also below in full.

From deank: The other day someone sent me eboot+self for "Ryu ga Gotoku of the End" (Yakuza). It is one of these games (like Rock Band 3) which cannot be 'decrypted' using a k_lic, so here is the "ogrez.self" patched for 3.55.

Download: [Register or Login to view links]

You can prepare a fixed update pkg by using the original pkg + the fixed eboot.bin and this fixed ogrez.self. It is pretty simple once you figure it out

You will notice that in some game updates you have:

  • EBOOT.BIN
  • blabla.self

Where both files are "the same". They are not 1:1 the same, because they're encrypted with different keys, but if you look at the prog/data sections and the offsets - you will see what I mean. Also the sizes are the same. I noticed this 'update' approach back in 2010 with "Prince of Persia TFS" and with some other games, so I decided to try that. Both in this game and Rock Band there are no references to the .self and no k_lic... either.

What you have to do is:

1) Decrypt the EBOOT.BIN to .elf
2) Use scetool to create NPDRM NPTYPE=UPDATE with key 00, contentID=game-update-content-id, and np-original-name=name_of_the_self.
3) You get the new blabla.self and use it

For example for this yakuza game you'll notice that the info for the eboot.bin and the ogrez.self are the same:

[Register or Login to view code]

There is no universal approach. Sizes must be equal (not more or less) and to be sure that there is no k_license involved you can either check if the .self is referenced in the eboot.bin or you'll have to use IDA to make sure that NP functions use NULL k_lic... (or find the k_license location in IDA using the NP functions).

A simple bat/cmd script to compare the PROGBITS sections of 2 files (like EBOOT.BIN and ogrez.self): check.cmd

[Register or Login to view code]


[Register or Login to view code]

If they match (i.e. no differences) then there is a very good chance that you only need to re-self the eboot.bin to the desired .self without the need of a license key.

From aldostools.org/temp/klics.txt:

[Register or Login to view code]


Note: This is just a proof-of-concept, I wanted to know how the whole SELF/SPRX stuff worked. It doesn't contain keys or any proprietary tools from Sony, and as far as I know, it's not doing anything illegal.

From JLM: In case anyone is not sure how to use the script:

1. Use scetool to decrypt the eboot.bin, copy eboot.bin to the scetool folder, use command scetool -v -d eboot.bin eboot.elf, screen output should be (brackets removed from around *'s because it screws up the post formatting):

[Register or Login to view code]

2. Use scetool to decrypt the sprx with Asure's script, unpack his bruteforce.zip in the scetool directory, copy the sprx to the scetool directory, use his script or the following which is slightly different: rename the sprx to exactly this: game.sprx, using notepad create a text file and paste the script contents:

[Register or Login to view code]

Save the file as sprxdecrypt.bat, open a command prompt window, type: sprxdecrypt.bat wait a long time.. ONLY FOR THE VERY PATIENT.

Tiny changes to Asure's script: changed filename to game.sprx and game.prx, change it to whatever you like (remember to use the same name in the test line after "IF EXIST") also removed extra -l %key% in the scetool command line.

Finally, from aldostools comes a Quick Tutorial for Converting PS3 3.60 Games to 3.55 Using PS3 Tools, a [Register or Login to view links] for the above batch file followed by [Register or Login to view links] who states:

It has a slider for a more convenient selection of the offset. The cut.exe / dd.exe / od.exe / sed.exe / batch files are not needed. Just put it in the same folder of the scetool.exe, with the EBOOT.BIN and the .self or .sprx to be decrypted, start the BruteForce.exe and press the Start button. Tested working with Red Dead Redemption. Added support for command line parameters.

Example: BruteForce.exe 332300 /start

Anyway I improved the BruteForce.exe a bit more:

  • Added additional checks when the program starts
  • Now the tool auto-resigns the EBOOT.BIN and the self/sprx with the 3.55 keys when it finds the klic
  • Small GUI changes
  • Included all the tools in a 7z archive

In Portal 2, the klic key is not aligned to 4. Thus the faster method (4X) will not find it. So, I made BruteForce 1.4: It first try to find the key in a range aligned to 4. If it doesn't find the key, then it retries using the original method (1 byte at a time).

The method is similar to the original batch, but bytes aligned to 4 are tested first. Keys already tested, are ignored. In this version also it is possible to define the range to parse (start and stop addresses). Additionally, I added other data aligments: 1, 2, 4, 8 and 16. So in some cases, it could be up to 16X faster than the original method

Updated to [Register or Login to view links] (ignored keys/offsets are refreshed on screen every 1/2 second, added a clean_folder.bat)

For those interested, posted here are the BruteForce/SCETool Decrypter Build Changelogs and additional updates as they are available.








Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 68 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

racer0018's Avatar
#28 - racer0018 - 111w ago
This is great news indeed. We will have to wait and see what happens on this. Thanks

StanSmith's Avatar
#27 - StanSmith - 111w ago
This is awesome news. Its also about time they were released. Now there is just about no need for a DRM dongle

TAKE THAT! Just before they release another dongle there is now no need. LOL!

Nope. There are still games with higher firmware keys. I tried Lollypop chainsaw and it crashes when I try to decode the EBOOT.BIN as its a 4.00+ firmware game I think? Lets just hope the next set of keys are released soon then we will be able to play all games.

merlino15's Avatar
#26 - merlino15 - 111w ago
Now with this we can use all games?

Neo Cyrus's Avatar
#25 - Neo Cyrus - 111w ago
It hasn't even been a full day... I was just saying that for anyone who didn't know.

hey69's Avatar
#24 - hey69 - 111w ago
A new uncharted 3 release would be nice. The old hack gives very long loadtimes

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News