Sponsored Links

Sponsored Links

PS3 CFW EBOOT Resigner Homebrew App By RaxorX is Released


Sponsored Links
75w ago - Today PlayStation 3 homebrew developer RazorX has released PS3 CFW EBOOT Resigner v1.01 followed by v1.03 and v1.05 which is an x86 / x64 application for updating 3.55 and 3.41 CFW game files for use on 4.XX CFW.

Download: [Register or Login to view links] / [Register or Login to view links] / [Register or Login to view links] (Mirror) / [Register or Login to view links]

To quote: Hey guys i got a very simple very noob proof app for you i've put together, very simply all you do is put an EBOOT.BIN into the same folder as the app then launch it and you can select from:

  • CFW 3.40
  • CFW 3.55
  • CFW 3.60
  • CFW 4.20
  • CFW 4.30

and then choose either:

  • NPDRM EBOOT
  • DISC EBOOT

Then the app will do the rest very simple very easy very fast and an all-in-one application however it will require you to install 7-Zip, i was going to include it into the app but then my virus scanner thinks it's a virus and deletes it because it's stupid so just install 7-Zip and your golden.

Enjoy

Update: I've just updated my app to v1.01 now it will retrieve the content id from the eboot and ask you if it's correct if it is enter "y" for yes and it will use it, if you enter "n" it will then ask you to enter a content id in which case you can enter whatever you want then hit enter and it will use that.

Update 2: Added a x86 and a x64 version to the zip file.

Update 3: Added the ability to patch pkg files and Added 7zip built in so you no longer need to install it

Update 4: Updated pkg section, now you can repack games/homebrew, gamedata, ps1 games & minis with the last 3 you will need to enter the contentid also you can now change the package version of any of the pkg options.

Update 5: Added contentid app and param.sfo editor app from aldostools (thank you aldostools) to allow you to find out the contentid from any pkg you gonna use and to allow full customization of the param.sfo file, all build in to this app and setup to automatically load the pkg or param your using.

Update 6: Updated pkg unpacking process so now it shouldnt have a problem unpacking anything the keys are out for. Updated script so now it no longer asks you for the version now it extracts the version directly from the PARAM.SFO.

Hint: If your having problems with the repacking of the pkg please check the contentid against the param.sfo i had problems repacking a pkg until i realized the titleid in the param.sfo did not match the titleid that is part of the contentid.






Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 234 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

PS3 News's Avatar
#39 - PS3 News - 97w ago
Following up on his PS3 SCETool update and PS3 Dump_Rootkey code, today Sony PlayStation 3 hacker Naehrwert has posted some details on exploiting the PlayStation 3 lv2_kernel and has made available a sample 3.41 implementation below.

To quote from his blog: Exploiting (?) lv2

A long while ago KaKaRoTo pointed me to a stack overflow he found while reversing lv2_kernel. But there are two problems:

1. The vulnerability is in a protected syscall (the SELF calling it got to have the 0x40... control flags set). So you’d first need to find a suitable usermode exploit (don’t ask us), that gives you code execution with the right privileges.

2. The payload data is copied to lv2 heap first and the function will do a free call on it before the payload has any chance to get executed. This might not sound like a problem but it looks like lv2′s heap implementation will overwrite the free’ed space with 0xABADCAFE and thus destroy the payload.

Here (pastie.org/4755699) is my sample implementation for 3.41 lv2_kernel (although the vulnerability should be present in all versions of lv2 up to the latest firmware), maybe someone of you will find a way to overcome problem (2.) and can get something nice out of it because right now it’s only good to crash lv2.

From Mathieulh (via pastebin.com/naxXkv3M):

The footer signature is still not checked upon npdrm self files execution as of 4.21.

Because kakaroto says something that doesn't make it true. Basically he found a check in 3.55 that was not even called and assumed they used it in 3.60+.

Of course they do whitelist npdrm now so even if the footer isn't checked you cannot run your own npdrm selfs signed with keyset lower than 0x0D making the whole debate rather pointless. Aditional checks are now performed on the actual file format as well such as the segment counter flag that needs to be set to 0x01 except for the very last segment.

Finally, from KDSBest (via twitlonger.com/show/jcmh80): Since naehrwert posted an lv2 exploit I will do so too . The stack pointer points to lv2 and if we do a syscall, the syscall saves register to the stack HAHA.

Btw. It just crashes the console for now, since I totally overwrite dump the lv2 or some memory addresses I don't know. Feel free to try around, adjust the address of the stackpointer and so on. If you managed to get the panic payload executed. Tell me!!! ^^

I didn't managed to make it work on 4.21 so I just did on 4.20

More PlayStation 3 News...

Ezio's Avatar
#38 - Ezio - 100w ago
The last versions of scetool work fine also without zlib1.dll, I tested them myself.

rageagainst1's Avatar
#37 - rageagainst1 - 100w ago
That zlib1.dll is outdated (1.2.5). The latest version is 1.2.7 (many improvements have been made). You can get it here:

[Register or Login to view links]
or
[Register or Login to view links]

PS3 News's Avatar
#36 - PS3 News - 100w ago
Following up on his previous release, today Sony PlayStation 3 hacker Naehrwert has updated SCETool to version 0.2.9 which now includes an NP application types fix and more followed by an unofficial update from Gamma Argon as detailed in the changes below.

Download: [Register or Login to view links] / [Register or Login to view links] (Required) / [Register or Login to view links] (Mirror) / [Register or Login to view links] (no zlib1.dll or data folder required) by ben.ss7 / [Register or Login to view links] by TheUnkn0w / PS3 SCETool v0.2.9 (4.46 keys) by Smhabib and Naewhert / [Register or Login to view links] by Deroad (aka Wargio) / [Register or Login to view links] by SMOKE / [Register or Login to view links] / [Register or Login to view links] by Gamma Argon

Version 0.2.9

  • Plaintext sections will now take less space in metadata header keys array.
  • Added option to specifiy a template SELF to take configuration values from.
  • Added option to override the keyset used for en-/decryption.
  • Fixed NP application types.
  • [Firmware Version] will now be written to control info only.
  • [Application Version] will now be written to application info only.

Finally, from ben.ss7: Here is a scetool v0.2.9 which has zlib1.dll and the data folder embedded within the exe, which means it doesn't require you to have zlib1.dll and the data folder for keys.

The original scetool source code hasn't been touched and it shouldn't have any issues. The keys which have been embedded in to this exe are:

  • NP_tid
  • NP_ci
  • NP_klic_free
  • NP_klic_key
  • NP_sig
  • metldr
  • bootldr(lv0)

If any user wants me to embed all the keys up to 4.31 PM me. Enjoy

Update: From TheUnkn0w via IRC: Updated my sce_encrypt tool, supports drag and drop decryption, added a checkbox for compression and fixed a few bugs Just paste it into your scetool folder and run, makes decrypting/encrypting files far more easier.

Version 0.3.0

  • Added option to specify the data path

From toolboy2012: Hi Guys, So, I decided to make one more nice update to the SCETOOL, so we could seriously clean up that "::makeself{}" routine.....so I added one more command, so that we could dump the specific fields we need to save off from the original SELF header, so we can re-create it with the same data (rather than build these enormous lists of authids, vendorids, etc!)

So now the "SCETOOL -w" command will dump the specific header info we need to PS3MFW, (example is below):

So I dump the following fields:
1) KEY-REV
2) AUTH-ID
3) VENDOR-ID
4) SELF-TYPE
5) VERSION
6) CTRL FLAGS
7) CAPAB FLAGS
8) COMPRESSED

So, there are a couple of new routines I had to add in my "ps3mfw_base.tcl", and the updated "scetool.exe"....

so feel free to take what you need... so my new ::makeself routine utilizes these fields, all read into a global array... and the routine is now much simpler/cleaner.

Note: I still want to review the "self-app-version" & the "self-fw-version" fields in the SCETOOL, and see where exactly they actually reside in the SCE headers, as I would like to get them 100% copied over as well, right now I'm setting both to the "version" field (ie 3.55, etc)

SCETool Unofficial Update by Gamma Argon: Unofficial minor update to scetool.

1. in release of official scetool firmware version was not added to control info when re-signing non-NPDRM eboots (functionality was already coded but not used).

Please note: you may notice some difference between an original self and a re-encrypted self (header size, key table). These changes are the same for official scetool and the unofficial update.

OS: windows, requires standard windows dll's only (vc).

More PlayStation 3 News...

Blade86's Avatar
#35 - Blade86 - 103w ago
Plz someone tell us

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News