23w ago - Following up on his
previous update, today PlayStation 3 developer
Flat_z has updated the PS3 Save Game Tools Pack to include SFOPatcher v0.2.0 and PFDTool version 0.2.3 alongside an update to the BruteforceSaveData GUI by
aldostools below.
Download:
PS3 Save Game Tools Pack Update (121412) /
PFDTool and SFOPatcher Source Code /
BruteforceSaveData GUI
From
Flat_z: Some people asked me about the source code of pfd & sfo tools.. here they are (linked above).
Guys, here is an update of my tools. It contains an update to sfopatcher (see the changelog below) and a small update to pfdtool. Previously you should make a save game for your game on your console and then use PARAM.SFO from it as a template to PARAM.SFO from a foreign save game to build a new PARAM.SFO which will contain the data specific to your console. A newer version of sfopatcher will use a foreign save data directory and params only if you specify these options.
From
aldostools: A new version of the frontend is available with the updated tools from flatz and new settings to take advantage of these features.
Changes: new "Rebuild" option, new "Restore" option, updated the database with secure_file_id for more than 750 games (over 3140 title ids). Added a new "date" column. Special thanks to flatz, Alex at CMP, acab, skillerCMP, gingerbread and many others
Changelog:
pfdtool 0.2.3
- Added an option to specify the relative offset to advance each time while bruteforcing a secure file ID.
Finally, below is a guide from
zorrolaro on how to use PFDTool without PS3 CFW using Borderlands 2 as an example:
Required Tools:
Guide:
- Create a folder near your root drive for pfdtool (i.e. c:/pfdtool/), then extract all files into that folder from the linked archive.
- Download and install wireshark and winPcap (included with the wireshark installer)
- Download and install the .net runtimes
- Download and install PS3 ProxyServer
- Open a command prompt (start menu -> all programs -> accessories -> command prompt) and enter command "ipconfig". Write down the IPv4 address (should look like 192.168.0.10 or something similar)
- Open PS3 ProxyServer and copy the IPv4 address you wrote down into the IP Address field and check of PS3 mode, leave the other options alone. Hit the big start button. Keep you IPv4 number handy, you'll need it again. Leave this program running.
- Open Wireshark. On the left side there is an option to start capture. Left click with your mouse to select the appropriate network adapter listed below the start command. If you are not sure about which adapter to use, select them all using ctrl + left mouse click. Hit the start button once you've highlighted the appropriate adapters. Leave this program running.
- Boot up your PS3 and navigate to Settings -> Network Settings -> Internet Connection Settings. on the first page select Custom, on the second select whether you are connected wirelessly or wired. Skip all other options by hitting right on your controller until you get to the Proxy Server page, then select use for that option. input the IPv4 address you wrote down earlier into the top field.
Make sure that the port number on this page matches the port number on PS3 ProxyServer (should both say 8080). Skip to the last page on the configuration and hit x. Test connection when prompted by hitting x again. As long as the top 3 fields say succeeded you can carry on to the next step. if not, review your settings in this step and steps 5 and 6 and retry.
- Sign into the playstation network and login to the psn store.
- Go back to your pc and check Wireshark. There should be a whole bunch of information displayed on the screen, don't worry you don't need to know what it means. Press [ctrl]+ e to stop capturing, then press [ctrl]+f to bring up your search dialogue. Under "find" check of "string" and under "Search In" check off "Packet bytes". Enter 0000000100 as your search criteria and hit enter. If the necessary packet was found, in the bottom frame it should show the number highlighted on the right side (plaintext view) to ensure you have the right packet, right before the highlighted text it should say "devideID":" and then the numbers you searched for.
Take all the numbers and letters starting with your highlighted numbers and copy everything down until you find the next quotation mark in the plaintext. You should have a total of 32 digits written down. Should look something like 000000010084 followed by a bunch of letters and numbers. This is your console id.
- Go to the folder you installed pfdtool in. Open global.conf in notepad. Eidt the line where it says console_id=by adding the console id you just captured after the =. Also change the other fields that are bolded below to match
; Global settings
[global]
authentication_id=1010000001000003
console_id=00000001008400xxx01dxxxx239xx6x6
user_id=00000001
syscon_manager_key=D413B89663E1FE9F75143D3BB4565274
keygen_key=6B1ACEA246B745FD8F93763B920594CD53483B82
savegame_param_sfo_key=0C08000E090504040D010F000406020209060D03
trophy_param_sfo_key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
tropsys_dat_key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
tropusr_dat_key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
troptrns_dat_key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
tropconf_sfm_key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
fallback_disc_hash_key=D1C1E10B9C547E689B805DCD9710CE8D
- Save file and exit (make sure you save as .conf not .txt)
- Open the games.conf file in the same folder. Edit it as follows for NA retail disc version only. You'll have a different game id (the BLUS30982) and secure_file_id. You'll need to ask for someone on the forums to get those for you if you are using a different region, version or entirely differnt game. You can add additional games follwing the same layout by adding more lines. The disc_hash_key is commented out, so you will get a notifaction everytime you use pfdtool, but it still works fine.
; "Borderlands 2"
[BLUS30982]
;disc_hash_key=
secure_file_id:*=02010508040102010508030A0F070C0D
- Save and close the file once you are done adding games. Again make sure you save as .conf, not .txt.
- Make sure you have a copy of your save game on your pc. I like to copy them right into the same folder as pfdtool to make for shorter commands.
- You are now ready to actually use pfdtool. Navigate your command prompt to the folder you installed it (command to use is simply the path of the folder, ie "c:/pfdtool"). To decrypt we use the following command:
pfdtool -g BLUS30982 -d "C:/pfdtool/BLUS30982-SAVE-SAVE0001" SAVE0001.SAV
- Where the part in quotations will be changed to reflect your actual drive location and the name of the file will be changed to your actual file name. The file name and path are case sensitive, make sure you double check you have the right case.
- You now have a decrypted save file. Use your hex editor of choice or in the case of Borderlands 2 you can use the latest version of Gibbed's Borderlands 2 Save Editor. Once you are done editing, sae your game again and onto the last step.
- All that's left at this point is to encrypt the file again. See below, same notes as when decrypting about file path and name.
pfdtool -g BLUS30982 -e "C:/pfdtool/BLUS30982-SAVE-SAVE0001" SAVE0001.SAV
- You can now transfer your save game back to your PS3.
A couple of quick notes: I have tried to make this as noob friendly as possible, but you still need some basic knowledge to follow this guide. Also, atm I really have no interest in modding any other save games so I do not have the info for other games to place in your games.conf file, though if anyone wants to post them I will be happy to add them to the guide. I did not write nor do I support any of the software mentioned in this guide.
Unfortunately we can't extract it from .PFD because IDPS is not stored there. They used it as a HMAC key to hash the content of PARAM.SFO.
I already said many times that some hashes are not checked. That's why Xploder works fine without your console ID. But my goal was the correct generation of the PFD (because S0ny can add new checks in the future) and I had managed to use all keys but you can omit some of them (based on your console id or disc hash key, for example).
From
cheetahh: I can confirm that flat_z tool can be used to decrypt TROPTRANS.DAT file and if you know how to modify all the files correctly (there are different checksums and hashes in the files) you can sync those unlocked trophies to PSN as well.
From
Sunny992: All information should be free, don't conceal it if it's already leaked, which it was.
troptrns_dat_key=91EE81555ACC1C4FB5AAE5462CFE1C62A4AF36A5
It was leaked on NGU.
Cech-2504a...
Welcome to legend of zelda savegame PS3 LOL
Download: http://www.mirrorcreator.com/files/DH9NXOUX/ / https://rapidshare.com/#!download|78p8|2747838316|strawberry.7z|510|0|0 (Mirror) / https://rapidshare.com/#!download|33p5|897689842|pfdtool_update.7z|25|0|0 / http://aldostools.org/temp/BruteforceSaveData.rar by aldostools
From Twitter: A save game tool in a testing phase before tomorrow's release
Trophies will work in the next release but I'm afraid to add support for them because you can easily hack your trophies with it and synchronize them with the server. I'll release a port of my dumpers to 4.21 soon. I'm working on a new payload which I think allow me to not to replace sprx. And newer version will write keys directly to the file.
You don't need to replace modules and launch a dumper if you only want to resign files. A dumper required only for extracting a save game key directly from the memory of the game. And trophy keys are the same for every console because they are constant. In addition, you don't need to extract/read/write keys every time.
A .PFD file for save games is a bit complex than trophy's .PFD. And games uses different keys for their save files. Trophy keys are constants as I mentioned above. I don't like a name PSID because there are two different PSIDs on the PS3: PSID and OpenPSID. So I call the first one as Console ID (it should contains the Target ID of your console). The second one seems to be random bytes (or encrypted bytes) which widely used on PSN stuff.
There are different ways to get your console ID. If you have a flasher then you can make a dump of your flash, then locate your EID0 there and the first 16 bytes will be your Console ID. The second way is using a proxy server as you mentioned. A PS3 will send your console ID in different queries (for example, when you try to login to PSN, when it fetches your act.dat, etc).
It used as a HMAC key to hash a file content along with another keys. I suppose that current firmwares don't check these hashes. That's why Xploder don't need your Console ID. You can check it by yourself making a different console ID and resign your save game and then try to load it. But I want to generate all hashes correctly. That's why I used all real parameters. But you can omit some of them.
You don't need to specify a full file path, only a file name inside a folder (actually it is an entry name inside .PFD). By the way, specifying a zero offset causes a very slow processing. Because .ELF files have a 70-80% of code and not data. And I recommend to use a dumper instead of bruteforcing.
It is better than Xploder because it is not server based, so you can do what you want with your save game and I think Xploder doesn't allow you to decrypt/encrypt data (I can be wrong because I don't use the Xploder's software). Trophies are also supported but not in current version because I didn't include keys for them in the release.
From the included ReadMe Files: Data Dumper (data_dumper.pkg)
Requirements:
• 3.55 CFW (e.g. Kmeaw)
• MultiMAN or original dev_blind application and FTP client
1. Install Data Dumper (data_dumper.pkg) if you didn't installed it before. It is a homebrew application to dump a data from some LV2 memory to a file: /dev_hdd0/tmp/dumps.bin
2. Every time you're want to dump a data from my applications (e.g. Klicensee Dumper) you're need to reboot a console to clear a data storage in LV2 memory.
3. Run a dumper loader, then start your game.
4. After exiting from the game you need to run Data Dumper, you will hear some beeps.
5. Then run any FTP client (e.g. builtin in MultiMAN) and download a dumped data from /dev_hdd0/tmp/dumps.bin.
Disc Hash Key Dumper (disc_hash_key_dumper_loader.pkg)
Requirements:
• 3.55 CFW (e.g. Kmeaw)
• MultiMAN or another FTP client
1. Install Data Dumper (data_dumper.pkg) if you didn't installed it before. It is a homebrew application to dump a data from some LV2 memory to a file: /dev_hdd0/tmp/dumps.bin A data which stored there is written by dumper loaders, e.g. by Disc Hash Key Dumper.
2. Install Disc Hash Key Dumper Loader (disc_hash_key_dumper_loader.pkg). It stores a disc hash key if your game is not a PSN/SEN game.
3. Reboot a console to clear a data storage in LV2 memory.
4. Now you need to start Disc Hash Key Dumper Loader, then start your game.
5. After exiting from the game you need to run Data Dumper, you will hear some beeps.
6. Then run any FTP client (e.g. builtin in MultiMAN) and download a dumped disc hash key from /dev_hdd0/tmp/dumps.bin.
PFDTool & SFOPatcher Beta version (pfd_sfo_tools: pfdtool.exe and sfopatcher.exe)
Some notes about keys:
1. 'Syscon Manager Key' (syscon_manager_key): a constant key from a Syscon Manager.
2. 'PARAM.SFO Key' (param_sfo_key): a constant key used for PARAM.SFO entry.
3. 'Fallback Disc Hash Key' (fallback_disc_hash_key): a constant key used for discless PSN/SEN games.
4. 'Authentication ID' (authentication_id): an additional constant key.
5. 'Console ID' (console_id): your unique console identifier.
6. 'Secure File ID' (secure_file_id): per a game file, almost the same for all files of the game, specified by a game developer (used to encrypt save game files and to hash their content).
7. 'Disc Hash Key' (disc_hash_key): per a game disc or a constant key for PSN/SEN games (used to hash a file entry). You need to use an original game disc and extract it from the disc. For PSN/SEN games they used a fallback disc hash key. 'Disc Hash Key' hash is not verified by PS3 so you can omit this key.
Attention! Some game developers (for example, creators of Metal Gear Solid 4) uses a custom additional encryption layer for their save files. In these cases you need to reverse-engineer the game itself.
1. Paste your console specific data inside 'global.conf'. You need to paste your console ID (IDPS) and needed keys. Open 'Keys' page on the PS3 Dev Wiki and look into the 'Key lists - sc_iso module 1.00-4.00'. There is a 'Syscon Manager Key' at the #2.
Open 'Talk:Keys' page on the PS3 Dev Wiki and search for strings 'Params' and 'Fallback key'. They are 'PARAM.SFO Key' and 'Fallback Disc Hash Key'.
2. Prepare required keys for the game and place them inside 'games.conf'. You need these keys only to verify your .PFD file (it is an optional feature) or to play with save game data encryption. So if you want only to resign a foreign save game then you need only your console ID and skip some hash updates by specifying some flags at 'pfdtool'.
For secure file IDs you can specify an exact file name or use wildcards to match a file name (for example, you don't need to specify the same key for all game files if the game uses the same key for all of them). A disc hash key can be extracted only from an original game disc. For PSN/SEN games a fallback disc hash key is used. This type of hash is not verified by PS3 so you can omit its key but they can add a check in the future firmware versions.
So if you want to use 'Disc Hash Key'=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX and 'Secure File ID'=YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY for a save file named 'SAVE.DAT' and your game have a product code='BLZZZZZZZ' place them inside a config file:
[BLZZZZZZZ]
disc_hash_key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
secure_file_id:SAVE.DAT=YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
1) You may also need to patch a copy protection flag inside your PARAM.SFO because some games uses it:
a) 'Rebuild Database' in the system recovery menu. Be careful with it because it can corrupt your file system in rarely cases.
b) Manually copy your save game to the corresponding folder by using a FTP client (for example, embedded in MultiMAN).
2) You need to patch a foreign PARAM.SFO with data from your PARAM.SFO (the tool uses your account ID, save parameters, optional title and description values):
Make sure that you specify a game setting set (from 'games.conf') otherwise you will get some fails.
a) You will always get a 'Disc Hash Key FAIL' if you don't use a valid disc hash key. It is not important because it is not checked.
b) If you will get a 'Console ID Hash FAIL' then you use a wrong console ID.
c) If you will get a 'Secure File ID Hash FAIL' then you use a wrong secure file ID for a corresponding file.
You don't need to get a valid console ID for foreign save, just use your console ID and update a save game.
1) To list all entries from PARAM.PFD use a 'list' command:
pfdtool -g -d
Once again, if you want to easily resign a save game (as publicly known commercial tools does) you just need to place your console ID and use the command:
I will be glad to see if someone will write a batch script for automate the process or a GUI application because I have no time to do it personally. Also will be nice if someone will create a centralized storage of game setting' sets to find keys there. In the future the tool needs to be improved for error handling because it is poor at the moment. I will plan to improve it in further versions.
Secure File ID Dumper (secure_file_id_dumper: ps3_savedata_plugin.sprx, ps3_savedata_plugin_game.sprx, ps3_savedata_plugin_game_mini.sprx and secure_file_id_dumper_loader.pkg)
A secure file ID is specified by developer of the game. There are can be more than one secure file IDs, one ID per file. There are cases when these bytes stored at EBOOT.ELF as is, so you can use my PFD tool to bruteforce them by specifying a PARAM.PFD and file name.
In other cases you need skills of reverse-engineering and a disassembler to find a secure file ID. That's why I had created this dumper. It dumps a secure file ID from memory itself.
Requirements:
• 3.55 CFW (e.g. Kmeaw)
• MultiMAN or original dev_blind application and FTP client
1. Install Data Dumper (data_dumper.pkg) if you didn't installed it before. It is a homebrew application to dump a data from some LV2 memory to a file: /dev_hdd0/tmp/dumps.bin. A data which stored there is written by dumper loaders, e.g. by Klicensee Dumper.
2. Install Secure File ID Dumper Loader (secure_file_id_dumper_loader.pkg). It stores a file path to the file which used in your save data and a secure file ID of this file.
3. Now you need to replace original libraries located at dev_flash/vsh/module by modified versions. There are ps3_savedata_plugin.sprx, ps3_savedata_plugin_game.sprx, ps3_savedata_plugin_game_mini.sprx. I use a dev_blind feature from MultiMAN, you can use any other way. Don't forget to backup original files.
4. Reboot a console to clear a data storage in LV2 memory.
5. Now you need to start Secure File ID Dumper, then start your game.
6. Then you need to make a game save.
7. After exiting from the game you need to run Data Dumper, you will hear some beeps.
8. Then run any FTP client (e.g. builtin in MultiMAN) and download dumped secure file IDs from /dev_hdd0/tmp/dumps.bin.
9. Restore original libraries ps3_savedata_plugin.sprx, ps3_savedata_plugin_game.sprx, ps3_savedata_plugin_game_mini.sprx using the same method as at step 3.
Notes: Not all of these libraries used with all games, there is one library per game type.
From gingerbread: Save Data Information
; Game settings
; "Alice: Madness Returns�"
[BLUS30607]
;disc_hash_key=
secure_file_id:*=0A0B01070D06010C09050206090C0A01
; "Assassin's Creed Brotherhood"
[BLES00909]
;disc_hash_key=
secure_file_id:*=0D0E0A0D0B0E0E0F0A0A0A0A0A0A0A0A
; "Assassin's Creed Revelations"
[BLES01384]
;disc_hash_key=
secure_file_id:*=0D0E0A0D0B0E0E0F0A0A0A0A0A0A0A0A
; "Assassin's Creed 3"
[BLES01667]
;disc_hash_key=
secure_file_id:*=0D0E0A0D0B0E0E0F0A0A0A0A0A0A0A0A
; "Batman Arkham Asylum"
[BLES00503]
;disc_hash_key=
secure_file_id:*=0A0B01070D06010C09050206090C0A01
; "Batman Arkham City"
[BLES00926]
;disc_hash_key=
secure_file_id:*=0A0B01070D06010C09050206090C0A01
; "Battlefield 3" (FAIRLIGHTWASHERE)
[BLES01275]
;disc_hash_key=
secure_file_id:*=464149524C4947485457415348455245
; "Borderlands"
[BLUS30386]
;disc_hash_key=
secure_file_id:*=0A0B01070D06010C09050206090C0A01
; "Burnout Paradise The Ultimate Box"
[BLES00455]
;disc_hash_key=
secure_file_id:*=4DE9DD39677742058E1F4FBD1F18A15C
; "Cars 2"
[BLUS30725]
;disc_hash_key=
secure_file_id:*=8B0F7E73B74A96C2477A7895DEF9C883
; "Cartoon Network Punch Time Explosion XL"
[BLUS30834]
;disc_hash_key=
secure_file_id:*=0D0E0F0E0C0A080D0B0A05050F0A0C0E
; "Castlevania: Lord of Shadow"
[BLES01047]
;disc_hash_key=
secure_file_id:*=0F010F020F030F040F050F060F070F08
; "Disney Universe"
[BLUS30773]
;disc_hash_key=
secure_file_id:*=3536336A775E3825246E773837683437
; "Grand Turismo 5"
[BCES00569]
disc_hash_key=13D222C834F7F2BD2E4CB8CED51B1D94
secure_file_id:*=BDBD2EB72D82473DBE09F1B552A93FE6
; "God of War III"
[BCES00510]
;disc_hash_key=
secure_file_id:*=D6485E21CFB9078544FB0183E823923E
; "God of War Collection HD"
[BCUS98229]
;disc_hash_key=
secure_file_id:*=822142D227749706622546E6E7200627
; "Hitman Absolution"
[BLES01403]
;disc_hash_key=
secure_file_id:*=20534C6CBB7F435388C3E9659B6F6989
; "inFAMOUS 2"
[BCUS98125]
;disc_hash_key=
secure_file_id:*=E64A76385EF04A71B080A056F5D3FDF7
; "inFAMOUS: Festival of Blood"
[NPUA80657]
;disc_hash_key=
secure_file_id:*=E64A76385EF04A71B080A056F5D3FDF7
; "KILLZONE 2" (123456781234567.)
[BCES00081]
;disc_hash_key=
secure_file_id:*=31323334353637383132333435363700
; "KILLZONE 3" (123456781234567.)
[BCES01007]
;disc_hash_key=
secure_file_id:*=31323334353637383132333435363700
; "L.A. Noire" (LANoireSaveData.)
[BLUS30554]
;disc_hash_key=
secure_file_id:*=4C414E6F697265536176654461746100
; "LEGO Batman"
[BLUS30175]
;disc_hash_key=
secure_file_id:*=12010B10080605120E0519080F150708
; "LEGO Batman 2"
[BLES01613]
;disc_hash_key=
secure_file_id:*=12010B10080605120E0519080F150708
; "LEGO Harry Potter Years 1-4"
[BLUS30437]
;disc_hash_key=
secure_file_id:*=12010B10080605120E0519080F150708
; "LEGO Harry Potter Years 5-7"
[BLES01348]
;disc_hash_key=
secure_file_id:*=12010B10080605120E0519080F150708
; "LEGO Pirates of the Caribbean"
[NPEB00654]
;disc_hash_key=
secure_file_id:*=12010B10080605120E0519080F150708
; "LEGO® Star Wars® III: The Clone Wars�"
[BLUS3054]
;disc_hash_key=
secure_file_id:*=12010B10080605120E0519080F150708
; "LEGO Star Wars The Complete Saga"
[BLES00121]
;disc_hash_key=
secure_file_id:*=12010B10080605120E0519080F150708
; "Medal of Honor"
[BLES00860]
;disc_hash_key=
secure_file_id:*=0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F
; "Metal Gear Solid" (SOLIDMETAL4GEAR.)
[BLUS30109]
disc_hash_key=DD297C809BCAC34E23D3C1E6ACA22317
secure_file_id:*=534F4C49444D4554414C344745415200
; "Mirror's Edge"
[BLES00322]
disc_hash_key=845D434A390342117E5DB9066BDEFF0F
secure_file_id:*=0A0B01070D06010C09050206090C0A01
; "ModNation� Racers"
[BCUS98167]
;disc_hash_key=
secure_file_id:*=11223344556677889910A1B1C1D1E1F1
; "Mortal Kombat 9"
[BLUS30522]
;disc_hash_key=
secure_file_id:*=01020103010401050106010701080109
; "MotorStorm Apocalypse"
[BCES00484]
;disc_hash_key=
secure_file_id:*=17FD23A15B0946C1DB35BBE5AC928F77
; "Need For Speed: Shift" (01234567HGFEDCBA)
[BLES01066]
;disc_hash_key=
secure_file_id:*=30313233343536374847464544434241
; "Need For Speed: Hot Pursuit" (CgAlaskaSaveGame)
[BLES00949]
;disc_hash_key=
secure_file_id:*=4367416C61736B615361766547616D65
; "Need For Speed: Most Wanted" (CgHawaiiSaveGame)
[BLES01659]
;disc_hash_key=
secure_file_id:*=43674861776169695361766547616D65
; "Phineas & Ferb Across the 2nd Dimension"
[BLUS30726]
;disc_hash_key=
secure_file_id:*=8714994222255479301AF1C22DDA4154
; "Ratchet & Clank Tools of Destruction"
[BCES00052]
;disc_hash_key=
secure_file_id:*=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
; "Ratchet & Clank Future: A Crack in Time"
[BCUS98124]
;disc_hash_key=
secure_file_id:*=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
; "Ratchet & Clank® Future: Quest for Booty�"
[NPUA80145]
;disc_hash_key=
secure_file_id:*=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
; "Ratchet & Clank All 4 One"
[BCES00226]
;disc_hash_key=
secure_file_id:*=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
; "Resistance 2"
[BCES00226]
;disc_hash_key=
secure_file_id:*=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
; "Resistance 3"
[BCES00226]
;disc_hash_key=
secure_file_id:*=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
; "Resident Evil 5"
[BLUS30491]
disc_hash_key=F4E44339C6AEBCF1ED408E033158F85A
secure_file_id:*=0D0D0D0D0F020D0D0C0D080D0D0D070D
; "Skyrim"
[BLUS30778]
;disc_hash_key=
secure_file_id:*=01AD4F9DFED22E37998BDDC57E135935
; "Uncharted 3"
[BCES01175]
;disc_hash_key=
secure_file_id:*=23548914547891467574812548227533
; "TimeShift"
[BLES00159]
;disc_hash_key=
secure_file_id:*=0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F0F
; "Toy Story 3"
[BLES00876]
;disc_hash_key=
secure_file_id:*=8B0F7E73B74A96C2477A7895DEF9C883
; "X-Men: Destiny"
[BLES01351]
;disc_hash_key=
secure_file_id:*=7D555F62B68E70199A9446F5A4EF9214
So for game saves they are a static key embedded in the prx module, your unique console ID, disc hash key and authentication ID (it is static too). So if you take a foreign save game you probably don't have its console ID and the disc hash key (you can only take a disc hash key if you have an original game disc for it).
Also if you don't have a secure file ID and you are lazy to get it (by bruteforcing it/reversing the game executable/dumping from the memory) then you can't calculate hashes for game files too. That's why I created two different modes of signing/checking - one for these people who want only to resign a foreign save game and nothing more and the second one is for people who have all data to update all hashes for their save game.
The first mode called partial update/check (see the corresponding option at pfdtool), and for full update you don't need to specify this option. The partial update only updates hashes which are easy to calculate (based on static data such as authentication ID and console ID).
So if you have a filled global.conf (all keys and your console ID) and run a partial update on the foreign save game to resign it for your console then you got a fully working resigned save game.
But if you want to modify save game files which are encrypted then you need to get all data and specify them in configuration files and then use a full update to resign it. By the way the PS3 itself doesn't check some hashes such as a hash which was calculated using a disc hash key.
So you can omit some of them (I only omitted the hash which I said and it works fine). But I don't know what situation will be in the future, maybe S0ny will add a check for them.
Finally, from aldostools: I have updated the BruteforceSaveData tool with the suggested changes.
TIP: Hold Ctrl key and press Enter or double-click on a game to skip the bruteforce using the keys in the database. This feature can be use useful for savegames with large data (eg. >4MB and that you already know that the key is unknown)
More PlayStation 3 News...
Download: PS3 Cheats Editor Installer (by [b by technodon
From his Tweet: Release: Custom ps3usercheat v2.3 + cheatlist.dat v6.1
Finally releasing what I have many times asked for
Now everyone can make their own AR cheats for PS3.
I hope that in one day PS3 will have so much cheats like Nintendo DS
Thanks to HeroQ8 for support.
!!! Never use this for cheating in online games !!!
This would help you making your own cheats: pastebin.com/tsD7wKv7
In related news Tetzrep has made available (via psx-scene.com/forums/content/even-2606/) a http://www.mediafire.com/?hplppcp7g8ha52m (Password: tetzrep)
This time allowing for mulitplayer and tag team use of the NPC's that were unlocked last month. A few other nice touches in this update include:
• The ability to morph Shang Tsung into other characters, as he does in the arcade ladder. This is nice considering all you can do with the move is take a bit of their life bar away. Now with certain button combos, you can pretty much morph into any character on the roster, and the NPC's to boot. All of this selectable through ps3usercheat, and the same directions from last months post applies also.
• The ability in the challenge tower on challenge 227 (Cyborg-Absorb) to not just play as Cyber-Reptile in this challenge, but to give the cyborg character in that challenge the fighting styles and any character, including the bosses.
• Other cheats added allow you to speed up and slow down gameplay.
There is a very nice jpg packaged in with the .dat file which gives specific instructions on how to get this to work, and the button combos needed.
Also from Hero Q8 (aka ueess via codemasters-project.net/vb/showthread.php?13123-Cheat&p=132900#post132900) comes some PS3 CFW 4.21+ Only Cheat Packages below, as follows:
Installation Instructions
1. Unrar The Rar File
2. Copy the pkg file to your USB
3. Install Package from "Install Package Files".
4. Choose The Game from Multiman or any other Manager (Must Have Any Disc In The Drive)
5. Boot the game from installed pkg not the disc icon it will start the game with the codes
NOTE 1: Some Games Needs Files from USRDIR to be moved to PKG dir (Minus Eboot) after install i will add Note 1 for these Games
NOTE 2: Some PKG are Just Update Install It and Boot The Game Normal i will add Note 2 for these Games
All Cheats For 4.21+ Only - For People who are on 3.55 CFW use PS3UserCheats (free) Which Has all codes converted to be used on that divice (Same ones you find in All Old and Current Eboot PKGs)
2nd Super Robot Taisen OG BLJS10133
1. Infinite Money
2. Infinite PP
3. Infinite SP
BLJS10133
http://www.putlocker.com/file/31B61E77E1AD8976
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Borderlands 2 BLUS30982
1. Max Money on Buy
2. Max Badass Token & Skills
3. Max Level [NO EXP REQUIRED]
4. Infinite Ammo
BLUS30982
http://www.putlocker.com/file/EB1CB757807F469B
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Darksiders 2 BLUS30829 and BLES01597
1. Infinite Skill Points Have at least 1
2. Infinite Wrath
3. Infinite Reaper Gauge
4. Max Yellow Coins after Save
5. Max Blue Coins after Save
BLUS30829
http://www.putlocker.com/file/16A1AAF26AC0AB47
BLES01597
http://www.putlocker.com/file/7BCE345B19B1F135
NOTE: For Yellow and Blue Coins Load Game with code save game, quit game & reload
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Devil May Cry 4 BLUS300920
1. Infinite Health
2. Infinite Devil Trigger
3. Infinite Exceed
4. Always SSS Style
BLUS300920
http://www.putlocker.com/file/B28AB14D1635C8CB
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Far Cry 3 BLUS30687
1. Max Money on Buy/Sell
2. Max Skill Points on Use
3. Max Exp on Gain
4. Infinite Ammo
BLUS30687
http://www.putlocker.com/file/2E1D1E00B3E0465C
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Medal of Honor Warfighter BLUS30990
1. Infinite Ammo
BLUS30990
http://www.putlocker.com/file/FE8FCF2C2CA5499F
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Need for Speed Most Wanted BLUS31010
1. Infinite Nitros
2. Infinite SP
BLUS31010
http://www.putlocker.com/file/F2D114D7ABA60F82
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Never Dead BLES01303
1. Infinite Ammo
BLES01303
http://www.putlocker.com/file/4E52BC166CC88799
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Ni no Kuni Wrath of the White Witch BLES01555
1. Max Money On Gain
BLES01555
http://www.putlocker.com/file/F359211A87282361
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Sleeping Dogs BLES01661
1. Infinite Money
BLES01661
http://www.putlocker.com/file/E186D51F97DDAC28
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Soul Calibur V BLUS30736
1. Infinite Health
2. 1 Hit Ko
BLUS30736
http://www.putlocker.com/file/822992CFA5A437BB
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Spec Ops The Line BLUS30531
1. Infinite Ammo
BLUS30531
http://www.putlocker.com/file/C3322E0AF43DCA0D
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Tekken Tag Tournament 2 BLES01702
1. Max Money on Buy
BLES01702
http://www.putlocker.com/file/E71CC5B09949270F
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
The Darkness II BLUS30743
1. Max Essences on Gain
BLUS30743
http://www.putlocker.com/file/9E0BCFF14D17E781
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Twisted Metal BCUS98106
1. Infinite Health
2. Infinite Ammo
BCUS98106
http://www.putlocker.com/file/76E57141489BBBAA
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Below is a Tool To Apply PS3UserCheat Hacks on Eboots from KDSBest (via twitlonger.com/show/kigtsr):
Download: http://www.file-upload.net/download-7005179/Patch-ELF-PS3UserCheat.rar.html
// Patch PS3UserCheat Cheat to an ELF File
// 1. Decrypt EBOOT.BIN to EBOOT.ELF
// 2. Provide PATCH.TXT with the following Format (From PS3 Cheats Editor)
// Example PATCH.TXT
//00002000 0002A878 33FE034C
// Another Example of PATCH.TXT
//00002000 010AF534 00000000
//00002000 010AF538 00000000
//00002000 010AF53C 00000000
//00002000 010AF540 00000000
// 3. Run this Code
// 4. Rencrypt EBOOT.KDSBest.ELF to EBOOT.BIN
// 5. Replace EBOOT.BIN of your game with the new one
// Sorry I couldn't provide a One Click Tool I lack in time
// the 0000c001 patches are button mapping for cheat pkgs, since we fixed patch it this isn't supported.
// Example Tales of Grace F Move Fast Speed (Press []) is the following PATCH.TXT
//00002000 007DF6FC 3F800000
//0000C001 00000000 00000080
//00002000 007DF6FC 3FE00000
// If you don't want to patch the speed the PATCH.TXT you provide
//00002000 007DF6FC 3F800000
// If you want constant faster speed you provide
//00002000 007DF6FC 3FE00000
// It reads the following way
// 00002000 = Patch Memory (Eboot)
// 0000C001 = Button Event
// Look how easy
// If nothing is pressed
// {
//00002000 007DF6FC 3F800000 => Patch Memory At 007DF6FC to 3F800000
// }
//0000C001 00000000 00000080 => else If(Button Event(00000080)) => 00000080 = []
// {
//00002000 007DF6FC 3FE00000 => Patch Memory At 007DF6FC to 3FE00000
// }
// Why I write this tool
// I provided the patches by hand
// 1. Load ELF in IDA
// 2. Check bytes at Address
// 3. Search Bytes from IDA (Which can parse the elf header and knows the exact locations) in Hex Editor
// 4. Patch Bytes by hand
// 5. ....
// Why is this tool written like bullshit
// I don't have the mood to write it clean
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
namespace Patch_ELF_PS3UserCheat
{
class Program
{
public struct ELFLocation
{
public uint Offset;
public uint OffsetFile;
public uint Size;
}
public struct Patch
{
public uint Offset;
public uint PatchValue;
}
public static uint byteToUInt(byte[] b)
{
return byteToUInt(b, 0);
}
public static uint byteToUInt(byte[] b, int offset)
{
uint a = (uint)b[offset] 16) & 0xFF);
b[2] = (byte)((i >> 8) & 0xFF);
b[3] = (byte)((i) & 0xFF);
return b;
}
public static int LoadElfPHDR(BinaryReader br, List Elf, uint phdr_offset, uint phdr_size, uint i)
{
byte[] phdr = new byte[phdr_size];
br.BaseStream.Seek(phdr_offset + phdr_size * i, SeekOrigin.Begin);
br.Read(phdr, 0, phdr.Length);
ELFLocation elfLocation = new ELFLocation();
elfLocation.OffsetFile = byteToUInt(phdr, 0x0C);
elfLocation.Offset = byteToUInt(phdr, 0x14);
elfLocation.Size = byteToUInt(phdr, 0x24);
Elf.Add(elfLocation);
return 0;
}
public static ushort byteToUShort(byte[] b, int offset)
{
ushort a = (ushort)(b[offset] = locations[ii].Offset && p.Offset < locations[ii].Offset + locations[ii].Size)
{
locationForPatch = locations[ii];
break;
}
}
if (locationForPatch == null)
{
Console.WriteLine("Patch is not for this ELF!");
Console.ReadLine();
return;
}
else
{
p.Offset = p.Offset - locationForPatch.Value.Offset + locationForPatch.Value.OffsetFile;
patches[i] = p;
}
}
Console.WriteLine("Patching ELF...");
File.Copy("EBOOT.ELF", "EBOOT.KDSBest.ELF");
BinaryWriter bw = new BinaryWriter(File.OpenWrite("EBOOT.KDSBest.ELF"));
foreach (Patch p in patches)
{
bw.Seek((int) p.Offset, SeekOrigin.Begin);
bw.Write(uintToByte(p.PatchValue));
}
bw.Close();
Console.WriteLine("DONE!");
Console.ReadLine();
}
}
}
To make things clear again. This is not fully working. Read below.
Stay tuned, KDSBest
// The full Code for the hack
// It doesn't work yet, because of the 2. stage
// shellcode crash on read sometimes.
// Have to check things out
// Next I start to bring up a working version.
// Maybe someone finds a trick or has a tip in the // mean time
#define uint64_t unsigned long long
register uint64_t r3 __asm("r3");
register uint64_t r4 __asm ("r4");
register uint64_t r11 __asm ("r11");
uint64_t firstStageSC[] = {
// blr PREVENT SYSCALL 900 FROM DESTROY INFORMATION
// blr PREVENT SYSCALL 900 FROM DESTROY INFORMATION
0x4E8000204E800020ULL,
//li %r3, 0x80
//rldicr %r3, %r3, 48,15
0x38600080786383C6ULL,
//addi %r3, %r3, 0x7FFF
//rldicr %r3, %r3, 8,55
0x38637FFF786345E4ULL,
//addi %r3, %r3, 0xC0
//std %r5, 0(%r3)
0x386300C0F8A30000ULL,
//li %r3, 0
//b
0x38600000480345D0ULL
};
int firstStageSCLen = 5;
/*uint64_t secondStageSC[] = {
0xF821FFA1F8610058ULL,
0xFB21005038600080ULL,
0x786383C638637FFFULL,
0x786345E4386300C0ULL,
0xEB2300002FB90000ULL,
0x419E003CE8790000ULL,
0x786300222FA30000ULL,
0x419E002CA0790008ULL,
0x5463073E2FA300FFULL,
0x409E001C38600100ULL,
0x3880000038A00000ULL,
0x38C000003960017BULL,
0x44000002E8610058ULL,
0xEB210050E8210000ULL,
0x4E8000204E800020ULL
};*/
uint64_t secondStageSC[] = {
0xF821FFA1F8610058ULL,
0xFB210050F8810048ULL,
0x38600080786383C6ULL,
0x38637FFF786345E4ULL,
0x386300C0EB230000ULL,
0x388000017884C1E4ULL,
0x7FB92040409D0038ULL,
0x7C641B78A0790008ULL,
0xF8640010F8840020ULL,
0x5463073E2FA3000FULL,
0x409E001C38600100ULL,
0x3880000038A00000ULL,
0x38C000003960017BULL,
0x44000002E8610058ULL,
0xEB210050E8810048ULL,
0xE82100004E800020ULL
};
int secondStageSCLen = 16;
#define SCStartFirstStage 0x800000000008FC2CULL
#define SCStartSecondStage 0x800000000008FC8CULL
int __volatile__ main(int argc, const char* argv[])
{
for(int i = 0; i < firstStageSCLen; i++)
{
r4 = firstStageSC[i];
r3 = SCStartFirstStage + (8*i);
r11 = 0x07;
__asm("sc");
}
for(int i = 0; i < secondStageSCLen; i++)
{
r4 = secondStageSC[i];
r3 = SCStartSecondStage + (8*i);
r11 = 0x07;
__asm("sc");
}
// Patch li r3, 0 to first Stage Payload
r4 = 0x4BFCBA18FB410080ULL;
r3 = 0x80000000000C421CULL;
r11 = 0x07;
__asm("sc");
// Patch blr to second Stage Payload
r4 = 0x4BFCB9C07C7F07B4ULL;
r3 = 0x80000000000C42CCULL;
r11 = 0x07;
__asm("sc");
return 0;
}
// Shellcode development
// First Stage does it's job just well
// Saves the parameter to a memory adress lv2 will find
// but we need to save more parameters to precisly pick
// the package we want
// Second Stage crashes often on the read of userland
// data. And the check isn't right yet. I lack of time
// like always
// PS: Ignore the main Function it is just for
// compiler to have sth todo
// I copy the instructions with a IDA out of the ELF
#define uint64_t unsigned long long
register uint64_t sp __asm("r1");
register uint64_t r3 __asm("r3");
register uint64_t r4 __asm ("r4");
register uint64_t r5 __asm ("r5");
register uint64_t r6 __asm ("r6");
register uint64_t r7 __asm ("r7");
register uint64_t r8 __asm ("r8");
register uint64_t r9 __asm ("r9");
register uint64_t r11 __asm ("r11");
register uint64_t r25 __asm("r25");
void __volatile__ FirstStage()
{
__asm("li %r3, 0x80");
__asm("sldi %r3, %r3, 48");
__asm("addi %r3, %r3, 0x7FFF");
__asm("sldi %r3, %r3, 8");
__asm("addi %r3, %r3, 0xC0");
__asm("std %r5, 0x00(%r3)");
__asm("li %r3, 0");
}
void __volatile__ SecondStage()
{
__asm("stdu %r1, -0x60(%r1)");
__asm("std %r3, 0x58(%r1)");
__asm("std %r25, 0x50(%r1)");
__asm("std %r4, 0x48(%r1)");
__asm("li %r3, 0x80");
__asm("sldi %r3, %r3, 48");
__asm("addi %r3, %r3, 0x7FFF");
__asm("sldi %r3, %r3, 8");
__asm("addi %r3, %r3, 0xC0");
__asm("ld %r25, 0x0(%r3)");
__asm("li %r4, 0x01");
__asm("sldi %r4, %r4, 24");
__asm("cmpld cr7, %r25, %r4");
__asm("ble cr7, 0x38");
__asm("mr %r4, %r3");
__asm("lhz %r3, 0x8(%r25)");
__asm("std %r3, 0x10(%r4)");
__asm("std %r4, 0x20(%r4)");
__asm("clrlwi %r3, %r3, 28");
__asm("cmpdi cr7, %r3, 0xF");
__asm("bne cr7, 0x1C");
r3 = 0x100;
r4 = 0;
r5 = 0;
r6 = 0;
r11 = 0x017B;
__asm("sc");
__asm("ld %r3, 0x58(%r1)");
__asm("ld %r25, 0x50(%r1)");
__asm("ld %r4, 0x48(%r1)");
__asm("ld %r1, 0x00(%r1)");
__asm("blr");
}
int main(int argc, const char* argv[])
{
FirstStage();
SecondStage();
return 0;
}
// Shutdown on Gamepad L3+R3+Start+Select by KDSBest
// ONLY press those 4 buttons to Shutdown
// Works on REX 4.21 with CEX LV2 KERNEL
// DON'T compile with make or libs or so else
// the funny gcc will optimize the poke and uses other register
// ppu-lv2-gcc KDSBestGamepadHack.c -o KDSBestGamepadHack.elf
#define uint64_t unsigned long long
register uint64_t r3 __asm("r3");
register uint64_t r4 __asm ("r4");
register uint64_t r11 __asm ("r11");
uint64_t sc[] = {
/* SAVE ALL REGISTER */
//stdu %sp, var_60(%sp)
//std %r3, arg_58(%sp)
0xF821FFA1F8610058ULL,
//std %r4, arg_48(%sp)
//std %r5, arg_50(%sp)
0xF8810048F8A10050ULL,
//std %r6, arg_38(%sp)
/* READ SRC OF MEMCPY FROM SC 502 */
//ld %r6, 0(%r19)
0xF8C10038E8D30000ULL,
/* CUT OUT OTHER BUTTONS */
//rldicl %r6, %r6, 48,16
/* MAKE COMPARE REGISTER */
//li %r3, 0x7C
0x78C684023860007CULL,
//rldicr %r3, %r3, 16,47
//addi %r3, %r3, 0xF
0x786383E43863000FULL,
/* COMPARE AND DO NOT SHUTDOWN ON MISS */
//cmpw cr7, %r3, %r6
//bne cr7, loc_106D8
0x7F833000409E001CULL,
/* SHUTDOWN */
//li %r3, 0x100
//li %r4, 0
0x3860010038800000ULL,
//li %r5, 0
//li %r6, 0
0x38A0000038C00000ULL,
//li %r11, 0x17B
//sc
0x3960017B44000002ULL,
/* RESTORE REGISTER */
//noShutdown:
//ld %r3, arg_58(%sp)
//ld %r4, arg_48(%sp)
0xE8610058E8810048ULL,
//ld %r5, arg_50(%sp)
//ld %r6, arg_38(%sp)
0xE8A10050E8C10038ULL,
//ld %sp, arg_0(%sp)
//mr %r4, %r28
0xE82100007F84E378ULL,
//mr %r4, %r28 (DUMMY TO LAZY TO CALC NEW ADDR FOR BACK JUMP)
//mr %r4, %r28 (DUMMY TO LAZY TO CALC NEW ADDR FOR BACK JUMP)
0x7F84E3787F84E378ULL,
//b back
//dummy
0x4BFE2C884BFE2C88ULL
};
int scLen = 14;
#define SCStart 0x800000000008FC8CULL
uint64_t test123;
int __volatile__ main(int argc, const char* argv[])
{
// Copy Shellcode
for(int i = 0; i < scLen; i++)
{
r4 = sc[i];
r3 = SCStart + (8*i);
r11 = 0x07;
__asm("sc");
}
// Redirect to Shellcode
r4 = 0x4801D3147D635B78ULL;
r3 = 0x8000000000072978ULL;
r11 = 0x07;
__asm("sc");
return 0;
}
// Shutdown on Gamepad L3+R3+Start+Select by KDSBest
// ONLY press those 4 buttons to Shutdown
// Works on REX 4.21 with CEX LV2 KERNEL
// DON'T compile with make or libs or so else
// the funny gcc will optimize the poke and uses other register
// ppu-lv2-gcc KDSBestGamepadHack.c -o KDSBestGamepadHack.elf
#define uint64_t unsigned long long
register uint64_t r3 __asm("r3");
register uint64_t r4 __asm ("r4");
register uint64_t r11 __asm ("r11");
uint64_t sc[] = {
/* SAVE ALL REGISTER */
//stdu %sp, var_60(%sp)
//std %r3, arg_58(%sp)
0xF821FFA1F8610058ULL,
//std %r4, arg_48(%sp)
//std %r5, arg_50(%sp)
0xF8810048F8A10050ULL,
//std %r6, arg_38(%sp)
/* READ SRC OF MEMCPY FROM SC 502 */
//ld %r6, 0(%r19)
0xF8C10038E8D30000ULL,
/* CUT OUT OTHER BUTTONS */
//rldicl %r6, %r6, 48,16
/* MAKE COMPARE REGISTER */
//li %r3, 0x7C
0x78C684023860007CULL,
//rldicr %r3, %r3, 16,47
//addi %r3, %r3, 0xF
0x786383E43863000FULL,
/* COMPARE AND DO NOT SHUTDOWN ON MISS */
//cmpw cr7, %r3, %r6
//bne cr7, loc_106D8
0x7F833000409E001CULL,
/* SHUTDOWN */
//li %r3, 0x100
//li %r4, 0
0x3860010038800000ULL,
//li %r5, 0
//li %r6, 0
0x38A0000038C00000ULL,
//li %r11, 0x17B
//sc
0x3960017B44000002ULL,
/* RESTORE REGISTER */
//noShutdown:
//ld %r3, arg_58(%sp)
//ld %r4, arg_48(%sp)
0xE8610058E8810048ULL,
//ld %r5, arg_50(%sp)
//ld %r6, arg_38(%sp)
0xE8A10050E8C10038ULL,
//ld %sp, arg_0(%sp)
//mr %r4, %r28
0xE82100007F84E378ULL,
//mr %r4, %r28 (DUMMY TO LAZY TO CALC NEW ADDR FOR BACK JUMP)
//mr %r4, %r28 (DUMMY TO LAZY TO CALC NEW ADDR FOR BACK JUMP)
0x7F84E3787F84E378ULL,
//b back
//dummy
0x4BFE2C884BFE2C88ULL
};
int scLen = 14;
#define SCStart 0x800000000008FC8CULL
uint64_t test123;
int __volatile__ main(int argc, const char* argv[])
{
// Copy Shellcode
for(int i = 0; i < scLen; i++)
{
r4 = sc[i];
r3 = SCStart + (8*i);
r11 = 0x07;
__asm("sc");
}
// Redirect to Shellcode
r4 = 0x4801D3147D635B78ULL;
r3 = 0x8000000000072978ULL;
r11 = 0x07;
__asm("sc");
return 0;
}
Ni No Kuni Max EXP ps3usercheat hack (You can use my Tool to apply it!): 00002000 006F96BC 38007FFE
Shortly following, AnoRelease (aka KDSBest and CFWProphet) made available a http://www.mirrorcreator.com/files/1NE1JKR6/Ni_No_Kuni_EXP_Hack.pdf_links stating:
Hi, it’s me AnoRelease, look what I got hear for ya.
Greetings
AnoRelease
Below is a FAQ Interview from him as well:
Q.1) So it appears you are known by another name, what is it, who are you ?
A) I’m a Chinese hacker and yeah I’m known as different persons. I guess you have to read between the line. I get hacks from a Team and I release them for them. They want to stay underground. This is how this works after all. Who am I? A leaker with the permission to leak the stuff. I’m the Chinese hacker that never existed after all.
Q.2) Rumour has it that you also released the Cex > Dex method, is that true ?
A) Yeah I wasn’t able to register on PS3HaX back then, now I could and so it was released on PS3News. A site which I don’t visit on my own, but I thought interesting news will spread anyway. I just tested the algorithm and got permission to release it. Basically the happy (fairy tail) guy was the brain behind it. Most people in the scene should know who he is. Even if he is mostly underrated.
Q.3) Why did you release it ?
A.) Why not make it public? I asked if I can release it and was told that the owner doesn’t care if it is out there, as long as his name isn’t exposed.
Q.4) Will you be releasing anything else ?
A.) This depends on the brilliant hackers behind all this. I just say AC1D
Q.5) What do you think of the lv0 keys release ?
A.) Oh I think I know who is behind it, but of course I have no proof. They somehow claim they were forced to release it, but how are they forced to? So they gave it to someone else in the first hand. In my opinion it is their problem after all and I don’t believe that they didn’t want to release it. They checked cex > dex and nothing special happened because of the Anon release maybe and saw how a release is done.
Q.6) What do you think of the PS3 scene ?
A.)I like it. A good amount of drama and epic stories. It is/was a quite impressive time so far. I can’t wait for the next gen consoles. Sometimes it is sad how no brainers talk about the devs and it’s sad how others put them on a throne.
Q.7) What do you think about graf_chokolo ?
A.) His story is sad at the end. He is very inspiring for many hackers in the scene I guess. No one reached his knowledge about the PS3 so far and he will always be the number one hacker in our hearts. Many kudos for him.
Q.8) I hear you are a big fan of GeoHot, what is it you like about him ?
A.) I like it when people act dumb and go to TV. It’s like a robber ringing the bell afterwards and tell the house owner I just stole your stuff. Like my hacker friend (happy [fairy tail] guy) always says “Hacking is an underground job after all”. I don’t know if he ever said that on a forum, but he told me often enough. I like his humour I guess, the rap video was funny as hell. I wish he did more of them, but going on TV is not a well idea. I heard rumours he lost his job at Facebook too. He is just too ego I guess and no team player after all.
Q.9) Will you be working on any Next Gen consoles ?
A.)If I get the chance I will of course. The PS4 Press release was awesome in my opinion. I’m a bit happy about the X86 architecture and a bit sad. X86 is full of garbage because it grew with the time and still is backward compatible. AMD and Intel both worked that whore and that is how she looks like in my opinion.
Q.10) Is there anything you would like to add ?
A.) I would like to thank some people: KDSBest, cfwprophet, Team AC1D, GregoryRasputin, Pockets69, graf, durandal, eussNL, naehrwert and everything else I forgot of course.
Finally, HotNsexy has shared a http://www.mediafire.com/?t5d53a50m444lje stating the following:
Ok. I'm on rebug 4.21.2 and I succeed to make a pkg cheat for Dead Space 3 BLUS31053 Its full heath and stasis and infinite ammo, for version 1.0 if you have 1.01 installed delete it and then install this pkg:
If you get a black screen, just take out your BD from drive, restart console go to MM and start the game (no BD mirror or what so ever), just start the game and then start it from APP/HOME when prompt to update to 1.01 just skip it and enjoy... All greats to "medo" that released the codes.
He also made available an http://www.mediafire.com/?k6qw6a6rqjavwm1 stating: Again its for version 1.00 if you update 1.01 installed delete it and then install this pkg. Try it as I didnt try but I think it will work, cause Im currently playing with the other one hehe... Tried with patch update but always give me a black screen.
More PlayStation 3 News...
Lots of info here: codemasters-project.net/vb/forumdisplay.php?152-Games-Hacked to quote:
Here is a list of cheat pkgs from Codemasters
Agarest Generations of War (PAL)
1. Max Gold
2. Max Tp
3. Max PP
4. Max Stats
5. Max Materials
http://www.mediafire.com/?dca3swcycxt30ra
Agarest Senki 2 (JPN)
1. Max Gold
2. Max Tp
3. Max PP
4. Max Stats
http://www.mediafire.com/?5umowvo1rcpv37i
NOTE 1: Needs Files from USRDIR to be moved to PKG dir(Minus Eboot)after install
Alice Madness Returns (NTSC)
1. Infinite Health
2. Max Teeth
3. Slow Enemies
4. Mega Jump
5. 1 Hit Kills
http://www.mediafire.com/?wuwims48ku76jwz
Note: If you are using DUPLEX Fix remove this patch whenever you want to play Alice 1 PSN game
Another Century's Episode R (JPN)
1. Max A.C.E. Points On Gain/use
2. Max Skill Points Gain/Use
http://www.mediafire.com/?ai8dd2bh0bnpav6
Ar Tonelico 3/Qoga (NTSC)
1. Max Money After Buy/Gain
2. Max HP
3. Max Status
http://www.mediafire.com/?2a774jr6b2cbumg
NOTE 1: Needs Files from USRDIR to be moved to PKG dir(Minus Eboot)after install
Assassins Creed Brotherhood (PAL)
1. Infinite Health
http://www.mediafire.com/?uw8wha8h1v88u3h
NOTE: Extremely high falls and heavy weapons still seem to be able to kill you
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Atelier Rorona Alchemist of Arland (NTSC)
1. Max Money
2. Max Attack In Battle
3. Max Defense In Battle
4. Max HP In Battle
5. Max LV
http://www.mediafire.com/?tmte2wybyitid1d
NOTE 1: Needs Files from USRDIR to be moved to PKG dir(Minus Eboot)after install
Bayonetta (NTSC)
1. Max Halos on Gain/Lose
http://www.mediafire.com/?a9ef6bhy6pubidh
Bladestorm (PAL)
1. Max Money
2. Max EXP
3. Max Points in Battle
4. Max Combo
http://www.mediafire.com/?bh44y5mytlts8zi
Cross Edge (NTSC)
1. Max Gold
2. Max TP
3. Max EP
4. Max PP
http://www.mediafire.com/?uofgcqbl0gha08n
Dark Souls (NTSC) and (PAL)
1.Max Souls
BLUS30782
http://www.mediafire.com/?y948r4fp6fyc2aq
BLES01402
http://www.mediafire.com/?n5kvv5pmlu8ltsa
BLES01396
http://www.mediafire.com/?woi3oknpk4rgm2t
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Dead Rising 2 (NTSC)
1. Infinite HP
2. Max Zombie Kills (Lots of EXP per Kill)
http://www.mediafire.com/?gnd3grebtqyygjw
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Dead Space 1 (NTSC) and (PAL)
1. Max Money On Gain
2. Max Money On Sell
3. Max Money On Buy
NTSC
http://www.mediafire.com/?47bbc7pyx4dfjsl
PAL
http://www.mediafire.com/?hdmnjl3b91hm374
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Dead Space 2 (NTSC) and (PAL)
1. Max Money On Gain
2. Max Money On Sell/Load
NTSC
http://www.mediafire.com/?y284tv76ah6jmkp
PAL
http://www.mediafire.com/?eeqy86r6342aii5
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Demon Souls (PAL)
1. Max Soul
2. Max Damage
http://www.mediafire.com/?7s67y71w6ennczk
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Devil May Cry 4 (NTSC)
1. Max Proud Souls
2. Max Red Orbs
http://www.mediafire.com/?gqx2wzq42dlv222
Disgaea 3 (NTSC)
1. Max Mana
2. Max SP
http://www.mediafire.com/?5qsd88d27a028c8
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Disgaea 4 (JPN) and (USA)
1. Max Money
2. Max Mana
3. Max Stats for player Magichange weapon
4. 100% Steal Rate
JPN
http://www.mediafire.com/?5k6mlnooq2q2sc6
USA
http://www.mediafire.com/?c02vkd03ablzq0r
Dragon Ball Raging Blast 2 (PAL)
1. Max Speed Recover
2. Max Damage
http://www.mediafire.com/?i13z5zh8bzk2zmx
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Duke Nukem Forever (PAL)
1. Infinite Ammo
http://www.mediafire.com/?z9ud864tmqtn36n
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Dynasty Warriors 7 (NTSC)
1. Max Money after buying weapons
2. Max ATK
3. Max DEF
4. Max Skill Points
5. Max KO
6. Max Combo
7. Max Kills
8. Max Reputation/Prestige
http://www.mediafire.com/?uter2btjtjktdhe
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Dynasty Warriors Gundam 3 (NTSC) and (JPN)
1. Max Money On Item Sell
2. Max Pilot Exp on gain
3. Max Unit Status on Upgrading
4. Infinite Upgrade Slot
JPN
http://www.mediafire.com/?djjqf4xqjmxdsgl
NTSC
http://www.mediafire.com/?dds8pxz6u43msux
Dynasty Warriors Strikeforce (NTSC)
1. Max Money on Sell
2. Max Sword/Claw Experience After Battle
3. Max Spear Experience After Battle
4. Max Pike Experience After Battle
5. Max Cudgel/Staff Experience After Battle
6. Max Bow Experience After Battle
7. Max Cane/War Fans Experience After Battle
8. Max Deeds
9. Max Exp
10. Max Rewards
http://www.mediafire.com/?rrpqdwk7c2htxcs
Enchanted Arms (NTSC) and (PAL)
1. Max Money on Buy/Sell
2. Max Casino Chips on Buy/Exchange
3. Max SP on Use
NTSC
http://www.mediafire.com/?63abrt1ujd5t6sc
PAL
http://www.mediafire.com/?u7fax7jx88fcf9l
Eternal Sonata (NTSC) and (PAL)
1. Max Money
2. Max Item on Gain
NTSC
http://www.mediafire.com/?vo3yn7v228duyv9
PAL
http://www.mediafire.com/?454yv2zyfu265zo
Final Fantasy 13 (NTSC)
1. Max Gill
2. Max CP after battle
3. Max HP/MAG/STR
4. Max Materials
5. Max Battle Item
http://www.mediafire.com/?7fgbkan639o89lm
Fist of the North Star Ken's Rage (NTSC) and (PAL)
1. Max Life After Battle
2. Max Attack After Battle
3. Max Defense After Battle
4. Max Skill Points after Battle
5. Max Hokuto Shinken Kills After battle
6. Max Nanto Seiken Kills After battle
7. Max Ujoken Kills After battle
8. Damege Taken 0
NTSC
http://www.mediafire.com/?f009zlc7si5vzvj
PAL
http://www.mediafire.com/?0eeklrh86b076xd
Genji Days of The Blade (NTSC) and (PAL)
1. Max Mashogane Fragments
2. Max Essence of Amahagane
3. Max Hp upon upgrading
4. Max out kamui upon upgrading
5. Max Item upon picking up
NTSC
http://www.mediafire.com/?bb8w6hka5dr7ueq
PAL
http://www.mediafire.com/?lbcz9yb923vdoa5
Grand Theft Auto 4 (NTSC)
1. Infinite Health
http://www.mediafire.com/?5s589m9cu43yy83
God of War Chains of Olympus (NPUA-80637)
1. Infinite Health
2. Infinite Magic
NPUA-80637
http://www.mediafire.com/?f5dz5swce24lo45
NOTE : Just Install it over Your Game
God Of War Ghost Of Sparta (NPUA-80636)
1. Infinite Health
2. Infinite Magic
3. Infinite Thera's Bane
4. Infinite Red Orbs
NPUA-80636
http://www.mediafire.com/?3k7n4ih5tmdwfp5
NOTE : Just Install it over Your Game
Hyperdimension Neptunia (NTSC) and (PAL)
1. Max Money on Buy or Sell
NTSC
http://www.mediafire.com/?xhs41dwxyv491dc
PAL
http://www.mediafire.com/?8n3r8p8pvfmp2p8
inFamous (NTSC) and (PAL)
1. Infinite Electricity
NTSC
http://www.mediafire.com/?9z1cao33tvm9r51
PAL
http://www.mediafire.com/?dqwvdrrqc49qb0c
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
inFamous 2(NTSC)
1. Infinite Electricity
2. Infinite Health
3. Max EXP
http://www.mediafire.com/?eajs10h8ennepng
inFamous 2 Festival Of Blood (NPUA80657)
1. Infinite Health
2. Infinite Blood Jar
3. Infinite Electricity
NPUA80657
http://www.mediafire.com/?ehmltdj5hwlnd67
NOTE : Just Install it over Your Game
KillZone 2 (NTSC)
1. Infinite Ammo
2. Infinite Grenade
http://www.mediafire.com/?kt6gutri6uy3y67
NOTE 1: Needs Files from USRDIR to be moved to PKG dir(Minus Eboot)after install
Last Rebellion (PAL)
1. Max Bonus
2. Max Combo
http://www.mediafire.com/?xpe8mb22fxfhnva
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Macross Trial Frontier (JPN)
1. Infinite Ammo
2. Infinite Anti Missile
3. Max SP
http://www.mediafire.com/?782wdhwg7jzix9v
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Marvel Vs Capcom 3 (NTSC)
1. Max PP
http://www.mediafire.com/?v9xeybi34446gdo
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Max Payne 3 (NTSC)
1. Infinite Health
http://www.mediafire.com/?8c2tac10blyp0gk
Midnight Club Los Angeles Complete Edition (NTSC)
1. Infinite Nitro
2. No Damage
3. Max Money
http://www.mediafire.com/?8x465838st86171
Mobile Suit Gundam Battlefield Record (JPN)
1. Max Money on Loading
2. Max EXP on Gain
http://www.mediafire.com/?n18xn57j8fniycj
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Naruto Shippuden Ultimate Ninja Storm 2 (PAL)
1. Max Ryo
2. Max SP
http://www.mediafire.com/?snn5s0445pp1x9f
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Nier (NTSC)
1. Max Money after shopping
http://www.mediafire.com/?jd579de6laj7id7
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Ninja Gaiden Sigma (NTSC)
1. Infinite Health
2. Infinite Ki
3. Infinite Items
4. Max Money On Gain
5. Max Karma
http://www.mediafire.com/?6up9665515rd8hi
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Ninja Gaiden Sigma 2 (NTSC)
1. Infinite HP Use Magic To Activate
2. Infinite MP Use Magic To Activate
3. Max Money
http://www.mediafire.com/?ca51xmffe9bh28v
One Piece Kaizoku Musou (JPN)
1. Max Level
http://www.mediafire.com/?c02vkd03ablzq0r
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Red Dead Redemption (NTSC)
1. Infinite Ammo/No Reload
2. Infinite Health
3. Infinite Dead Eye
NTSC
http://www.mediafire.com/?2uz6s88scdd67b0
Resident Evil 5 Gold Edition (NTSC) and (PAL)
1. Infinite HP
2. Infinite Ammo
3. Max Money On Sale
4. Max Exchange Points on Gain
NTSC
http://www.mediafire.com/?7zve3wvvv1qbxvb
PAL
http://www.mediafire.com/?zkdznnfg77sc55v
Resident Evil Code Veronica X(NPUB30467)
1. Infinite Health
2. Infinite Ammo Put a Weapon at Slot 1 on Item Box (Warning)
3. Low Time
4. Save Always 0
5. No Retries
NPUB30467
http://www.mediafire.com/?vz2etfo31f6s89a
Warning: If you have any items in Slot 1 on Item Box move it or you may lose important/key items
NOTE : Just Install it over Your Game
Resistance 2 (NTSC)
1. Infinite Ammo
2. Infinite Secondary Ammo
http://www.mediafire.com/?uatl3xyxk1y24c3
Resonance Of Fate (NTSC)
1. Max Money
http://www.mediafire.com/?woroxyw4nbfidan
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Rune Factory Tides of Destiny (JPN)
1. Infinite Gold
http://www.mediafire.com/?umhy8pdaol6f62u
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Saint Seiya Senki (JPN)
1. INF Health
2. INF MP
3. INF CP
http://www.mediafire.com/?14dzeudygn44u4k
NOTE: Just Replace It With your Eboot
Sengoku Basara Samurai Heroes (PAL)
1. Max Money
2. Max Hit Combo
3. Max Level after 2 battles
4. Max Materials after a battle
http://www.mediafire.com/?cabn810uh73z189
Sengoku Musou 3Z (JPN)
1. Max Points in Water Challenge Mode
2. Max KO
3. Max KO during Musou attacks
4. Max Rice
http://www.mediafire.com/?5744jajyql7ziyb
Silent Hill Homecoming (PAL)
1. Infinite Health
2. Infinite Ammo
http://www.mediafire.com/?a8wb2xugi2fl3ya
Sonic The Hedgehog (NTSC)
1. Max Ring
2. Infinite Ring
3. Never Loose Rings When Hit
http://www.mediafire.com/?5a0p6vvqp7lirh9
Sonic The Hedgehog 4 Episode 1 (NPUB30127)
1. Infinite Live
2. Max Ring
http://www.mediafire.com/?87360ttr72vh0s4
NOTE: Just Install It Over Your Game
Soul Calibur 4 (NTSC) and (PAL)
1. Max Money On Gain
NTSC
http://www.mediafire.com/?k7x4z5ysgpfs2rc
PAL
http://www.mediafire.com/?750hmjmw20rsrhv
Star Ocean The Last Hope International (NTSC)
1. Max Money
2. Max Arena Money After Battle
3. Max Individual SP on Gain/Loss Of Sp
4. Max Party SP after leveling/Making a new recipe
5. Max CP on Level
6. Max BEAT:B level after battle
7. Max BEAT:S level after battle
8. Max Exp on Gain
http://www.mediafire.com/?3ehbt87xdo6gasw
NOTE 1: Needs Files from USRDIR to be moved to PKG dir(Minus Eboot)after install
Super Street Fighter IV Arcade Edition (NTSC)
1. Infinite Health
2. Infinite Super
3. Infinite Ultra
http://www.mediafire.com/?ac1a6iam8ppmy5w
Tales Of Grace F (JPN)
1. Max Money
2. Max Energy Consuption
http://www.mediafire.com/?a2qq08h89r8hstb
NOTE 1: Needs Files from USRDIR to be moved to PKG dir(Minus Eboot)after install
Tales Of Vesperia (JPN)
1. Max Money
http://www.mediafire.com/?vf3yte5dcs58b3a
NOTE 1: Needs Files from USRDIR to be moved to PKG dir(Minus Eboot)after install
Tales Of Xilia (JPN)
1. Max Gold on Gain/Sell
2. Max HP
JPN
http://www.mediafire.com/?v9d737t3awgwshi
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Tekken 6 (NTSC) and (PAL)
1. Max Money
NTSC
http://www.mediafire.com/?7wfdc41n4m1ww3r
PAL
http://www.mediafire.com/?bvt9ic1nri9nbdz
Tomb Raider Underworld (NTSC)
1. Infinite Health
2. Infinite Oxygen
3. Infinite Ammo
4. Infinite Grenades
http://www.mediafire.com/?43aeeugnprxby88
Top Spin 4 (NTSC)
1. Max EXP
http://www.mediafire.com/?9cv306j6vkad868
NOTE 1: Needs Files from USRDIR to be moved to PKG dir(Minus Eboot)after install
Trinity Universe (NTSC)
1. Max Money
2. Max AP out of battle
3. Unlimited AP in Battle
http://www.mediafire.com/?i5vlyqjj66w6ayr
Valkyria Chronicles (NTSC) and (PAL)
1. Max EXP on Use (Go Back in and out of Training)
2. Max DCT on Use (Go Back in and out of Workshop)
3. Max EXP on Gain After Battle
4. Max DCT on gain After Battle
5. Max CP
NTSC
http://www.mediafire.com/?bg0tdefqjicfcaj
PAL
http://www.mediafire.com/?7qoisals1kh53fz
Vanquish (NTSC)
1. Infinite Ammo
2. Infinite Grenade
http://www.mediafire.com/?4nce7hom9hxhibd
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Way of the Samurai 3 (NTSC)
1. Max Money
2. Max Samurai Points
http://www.mediafire.com/?ch1aricn67vvnov
Way Of The Samurai 4 (JPN)
1. Max Money On Buy
2. Max Attack When Upgrade Weapons
3. Max Durability When Upgrade Weapons
http://www.mediafire.com/?gw2a29rang66992
White Knight Chronicles (NTSC) and (PAL)
1. Max Gold
2. Max Items
3. Max AC
4. Max EXP
5. Max Skill On Use
6. Infinite Items
7. Enchance without Materials
8. HP/MP Recovery after withdrawing weapon
NTSC
http://www.mediafire.com/?w2agnqg8wwwgngo
PAL
http://www.mediafire.com/?uxg61x2mho00g27
X-Men Origins Wolverine (NTSC)
1. Infinite Health
2. Infinite Rage
http://www.mediafire.com/?6joc06g0xl01ya9
NOTE 2: This Is Update PKG Just Boot The Game Normal After Install
Yakuza 3 (NTSC)
1. Max EXP
2. Max Money
http://www.mediafire.com/?bwtbxx6z2a0btr7
Yakuza 4 (NTSC)
1. Infinite HP/Heat Enter The Menu
2. Max Money
3. Max Soul
4. Quick Exp Gain
AKIYAMA
http://www.mediafire.com/?2r9743fze724ce3
KIRYU
http://www.mediafire.com/?94n8ofh8ay0kdun
SAEJIMA
http://www.mediafire.com/?e3qe62gy66afwz6
TANIMURA
http://www.mediafire.com/?81430quxkx1ov57
Want to make your own cheat pkg?
1. Decrypt the (Eboot.bin) SELF (you Can use SelftoElftotxt.bat for this along with the Ps3tools apps)
2. Using Cheats - Open .ELF in hex editor of your choice, locate cheat location via offsets or codes posted by those who hacked the game, change hex values and save.If you want the Said Code Put Code Steps in here
Code steps are the Patterns you will find.. they will tell u what to replace. you replace them using your fav Hex editor . (I use Hex workshop)
Example NPUA30073 PAY DAY THE HEiST
Find the first string in the hex editor than replace with the string from the second line.
NO HITS HOTPLAYER
SET OGP=42C8000001003AC000F9BA3000F41BB000D4008800D400A000F420A000D400B000F4107000D400B800F4175000F4174800D400C800F412C0
SET COP=0000000001003AC000F9BA3000F41BB000D4008800D400A000F420A000D400B000F4107000D400B800F4175000F4174800D400C800F412C0
SHOCK misses
SET OGP=42C80000461C40000100404400F21708BF8000003DCCCCCD3F00000000F24F9800F24BB000F9D96800F2485000F248E800000000
SET COP=00000000461C40000100404400F21708BF8000003DCCCCCD3F00000000F24F9800F24BB000F9D96800F2485000F248E800000000
FLAME misses
SET OGP=42C8000000D4898800000D6000000D6800000D7000000D7800000D8800000D9000000D9800000DA000F8F32000F95208010066140100661000F597D0010066E8
SET COP=0000000000D4898800000D6000000D6800000D7000000D7800000D8800000D9000000D9800000DA000F8F32000F95208010066140100661000F597D0010066E8
Game Speed
SET OGP=3C003F803AB800343AD800503AF8006C38E000007863002092AE002892CE004C92EE0054930E00009352000493B20008900E0058
SET COP=3C0040003AB800343AD800503AF8006C38E000007863002092AE002892CE004C92EE0054930E00009352000493B20008900E0058
3F80 = NORMAL
4000 = 2X
3. HDD Backups - If you intend on playing the game off of a HDD, Open .ELf in hex editor of your choice, find all instances of "/dev_bdvd/", change to a valid "/dev_hdd0/" path*, and save.
4.Encrypt the Elf to a Self (you can use MakePKG.bat along with ps3tools to do this)
Eboot.elf, Param.sfo.Icon0.png Are truly the only files u need but its always good to put your Trophies data also in your PKG
If the Hacker has told you the games needs to be loaded from another game ID then u need to change the game id In the Param.SFO Example if u see BLUS00012 just change the L to X and that will do it.
5.Build the .pkg. (you can use MakePKG.bat along with ps3tools to do this)
6.Install the .pkg, then depending on how you build the .pkg, transfer remaining files.
Here is video tutorial showing part of the process
EBOOT.BIN Modding Tutorial
This video shows you:
a) The directory that EBOOT.BIN is located
b) How to use cygwin to make PKGs and decrypt the EBOOT.BIN
c) Modify the eboot for HDD playing
d) Re-encrypt EBOOT.ELF
e) Create PKGs
f) Sign PKGs for Geohot 3.55 CFW
What it does not show:
a) How to get EBOOT.BIN off the PS3
b) How to "hack" cheats for any game
c) How to rip games
d) Where to download games
e) Other things
Now, once you get to the part of modding /dev_bdvd to /dev_hdd0 you can do this, or you can skip it. Changing the paths to /dev_hdd0 lets you play the game from the HDD, before moving onto re-encrypting you simply use the hex editor to search for the cheat using the pattern of numbers & letters (these are called BYTES) by pressing CTRL + F in the hex editor, or by going to it's search menu along the top. After that follow the video for making a PKG.
Extract st.dat from ps3usercheat with package view 1.3 or download here: http://www.mediafire.com/?uega2ve26i6ayx1
Click on + to add games example BLES01356 DRAGONS DOGMA 01.00
click on + on right hand side to add code example
00000100 424C4553 01356018
00002000 008BFC44 00000000
Then click save transfer to ps3 via ftp load cheat and enjoy!
Pay Day example would be:
NPUA30073 PAY DAY THE HEIST 01.00
00000100 4E505541 30073018
00002000 00F68E08 00000000
00002000 00F6C7BC 00000000
00002000 00F6EAD0 00000000