53w ago - Following up on the previous release, this weekend PlayStation 3 hacker Flat_z has released PS3 Save Game Tools including a Data Dumper, Disc Hash Key Dumper, PFD SFO Tools, Secure File ID Dumper, and a PFD Tool update with details below.
From Twitter: A save game tool in a testing phase before tomorrow's release save game tools. hehe, dunno yet maybe I will make a managed dll for pfd stuff. An another link if you experience a troubles with downloading. Little update of pfdtool (I fixed an issue with 4 version for some games. They should be fine now.)
Trophies will work in the next release but I'm afraid to add support for them because you can easily hack your trophies with it and synchronize them with the server. I'll release a port of my dumpers to 4.21 soon. I'm working on a new payload which I think allow me to not to replace sprx. And newer version will write keys directly to the file.
You don't need to replace modules and launch a dumper if you only want to resign files. A dumper required only for extracting a save game key directly from the memory of the game. And trophy keys are the same for every console because they are constant. In addition, you don't need to extract/read/write keys every time.
A .PFD file for save games is a bit complex than trophy's .PFD. And games uses different keys for their save files. Trophy keys are constants as I mentioned above. I don't like a name PSID because there are two different PSIDs on the PS3: PSID and OpenPSID. So I call the first one as Console ID (it should contains the Target ID of your console). The second one seems to be random bytes (or encrypted bytes) which widely used on PSN stuff.
There are different ways to get your console ID. If you have a flasher then you can make a dump of your flash, then locate your EID0 there and the first 16 bytes will be your Console ID. The second way is using a proxy server as you mentioned. A PS3 will send your console ID in different queries (for example, when you try to login to PSN, when it fetches your act.dat, etc).
It used as a HMAC key to hash a file content along with another keys. I suppose that current firmwares don't check these hashes. That's why Xploder don't need your Console ID. You can check it by yourself making a different console ID and resign your save game and then try to load it. But I want to generate all hashes correctly. That's why I used all real parameters. But you can omit some of them.
You don't need to specify a full file path, only a file name inside a folder (actually it is an entry name inside .PFD). By the way, specifying a zero offset causes a very slow processing. Because .ELF files have a 70-80% of code and not data. And I recommend to use a dumper instead of bruteforcing.
It is better than Xploder because it is not server based, so you can do what you want with your save game and I think Xploder doesn't allow you to decrypt/encrypt data (I can be wrong because I don't use the Xploder's software). Trophies are also supported but not in current version because I didn't include keys for them in the release.
From the included ReadMe Files: Data Dumper (data_dumper.pkg)
3.55 CFW (e.g. Kmeaw)
MultiMAN or original dev_blind application and FTP client
1. Install Data Dumper (data_dumper.pkg) if you didn't installed it before. It is a homebrew application to dump a data from some LV2 memory to a file: /dev_hdd0/tmp/dumps.bin
2. Every time you're want to dump a data from my applications (e.g. Klicensee Dumper) you're need to reboot a console to clear a data storage in LV2 memory.
3. Run a dumper loader, then start your game.
4. After exiting from the game you need to run Data Dumper, you will hear some beeps.
5. Then run any FTP client (e.g. builtin in MultiMAN) and download a dumped data from /dev_hdd0/tmp/dumps.bin.
1. Install Data Dumper (data_dumper.pkg) if you didn't installed it before. It is a homebrew application to dump a data from some LV2 memory to a file: /dev_hdd0/tmp/dumps.bin A data which stored there is written by dumper loaders, e.g. by Disc Hash Key Dumper.
2. Install Disc Hash Key Dumper Loader (disc_hash_key_dumper_loader.pkg). It stores a disc hash key if your game is not a PSN/SEN game.
3. Reboot a console to clear a data storage in LV2 memory.
4. Now you need to start Disc Hash Key Dumper Loader, then start your game.
5. After exiting from the game you need to run Data Dumper, you will hear some beeps.
6. Then run any FTP client (e.g. builtin in MultiMAN) and download a dumped disc hash key from /dev_hdd0/tmp/dumps.bin.
PFDTool & SFOPatcher Beta version (pfd_sfo_tools: pfdtool.exe and sfopatcher.exe)
ATTENTION!!! Be careful with 'pfdtool' because it is working with the directory you specify so it will overwrite files inside it.
Some notes about keys:
1. 'Syscon Manager Key' (syscon_manager_key): a constant key from a Syscon Manager.
2. 'PARAM.SFO Key' (param_sfo_key): a constant key used for PARAM.SFO entry.
3. 'Fallback Disc Hash Key' (fallback_disc_hash_key): a constant key used for discless PSN/SEN games.
4. 'Authentication ID' (authentication_id): an additional constant key.
5. 'Console ID' (console_id): your unique console identifier.
6. 'Secure File ID' (secure_file_id): per a game file, almost the same for all files of the game, specified by a game developer (used to encrypt save game files and to hash their content).
7. 'Disc Hash Key' (disc_hash_key): per a game disc or a constant key for PSN/SEN games (used to hash a file entry). You need to use an original game disc and extract it from the disc. For PSN/SEN games they used a fallback disc hash key. 'Disc Hash Key' hash is not verified by PS3 so you can omit this key.
Attention! Some game developers (for example, creators of Metal Gear Solid 4) uses a custom additional encryption layer for their save files. In these cases you need to reverse-engineer the game itself.
1. Paste your console specific data inside 'global.conf'. You need to paste your console ID (IDPS) and needed keys. Open 'Keys' page on the PS3 Dev Wiki and look into the 'Key lists - sc_iso module 1.00-4.00'. There is a 'Syscon Manager Key' at the #2.
Open 'Talk:Keys' page on the PS3 Dev Wiki and search for strings 'Params' and 'Fallback key'. They are 'PARAM.SFO Key' and 'Fallback Disc Hash Key'.
2. Prepare required keys for the game and place them inside 'games.conf'. You need these keys only to verify your .PFD file (it is an optional feature) or to play with save game data encryption. So if you want only to resign a foreign save game then you need only your console ID and skip some hash updates by specifying some flags at 'pfdtool'.
For secure file IDs you can specify an exact file name or use wildcards to match a file name (for example, you don't need to specify the same key for all game files if the game uses the same key for all of them). A disc hash key can be extracted only from an original game disc. For PSN/SEN games a fallback disc hash key is used. This type of hash is not verified by PS3 so you can omit its key but they can add a check in the future firmware versions.
So if you want to use 'Disc Hash Key'=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX and 'Secure File ID'=YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY for a save file named 'SAVE.DAT' and your game have a product code='BLZZZZZZZ' place them inside a config file:
After copying it to the PS3 you need to update a game cache. You have two solutions:
a) 'Rebuild Database' in the system recovery menu. Be careful with it because it can corrupt your file system in rarely cases.
b) Manually copy your save game to the corresponding folder by using a FTP client (for example, embedded in MultiMAN).
2) You need to patch a foreign PARAM.SFO with data from your PARAM.SFO (the tool uses your account ID, save parameters, optional title and description values):
4. Import your optionally patched save game folder to 'pfdtool' and use it.
Make sure that you specify a game setting set (from 'games.conf') otherwise you will get some fails.
a) You will always get a 'Disc Hash Key FAIL' if you don't use a valid disc hash key. It is not important because it is not checked.
b) If you will get a 'Console ID Hash FAIL' then you use a wrong console ID.
c) If you will get a 'Secure File ID Hash FAIL' then you use a wrong secure file ID for a corresponding file.
You don't need to get a valid console ID for foreign save, just use your console ID and update a save game.
1) To list all entries from PARAM.PFD use a 'list' command:
pfdtool -l <save game folder>
2) To check the validity of PARAM.PFD use a 'check' command.
pfdtool -g <game setting set> -c <save game folder>
3) If you don't plan to modify save game files and you want only to resign a save game for your console then just use an 'update' command with a 'partial' update option:
pfdtool -g <game setting set> -p -u <save game folder>
4) If you plan to modify save game files then use an 'update' command without the option above:
pfdtool -g <game setting set> -u <save game folder>
5) To encrypt or decrypt specified save game files use 'encrypt' or 'decrypt' command:
6) To bruteforce a secure file ID use a 'brute' command along with the .ELF file from the game and specified decimal offset (I recommend to specify an offset of data segment which is usually started at 70-80% of the entire file):
pfdtool -b <save game folder> <elf file> <starting offset in decimal> <file1 file2...>
Bruteforcing a secure file ID takes a lot of time because it is based on hashing of the game file. The larger the file size, the longer the wait. And bruteforcing don't guarantee that you will get a secure file ID because it can not be specified in the plaintext inside an ELF file.
Once again, if you want to easily resign a save game (as publicly known commercial tools does) you just need to place your console ID and use the command:
pfdtool -p -u <save game folder>
I also recommend to use my 'Disc Key Dumper' (incorrectly named because it is a disc hash key really) and 'Secure File ID Dumper' to dump keys directly from the memory of a game. But they are written for 3.55 CFW. I will port them to the 4.21 soon.
I will be glad to see if someone will write a batch script for automate the process or a GUI application because I have no time to do it personally. Also will be nice if someone will create a centralized storage of game setting' sets to find keys there. In the future the tool needs to be improved for error handling because it is poor at the moment. I will plan to improve it in further versions.
Secure File ID Dumper (secure_file_id_dumper: ps3_savedata_plugin.sprx, ps3_savedata_plugin_game.sprx, ps3_savedata_plugin_game_mini.sprx and secure_file_id_dumper_loader.pkg)
A secure file ID is specified by developer of the game. There are can be more than one secure file IDs, one ID per file. There are cases when these bytes stored at EBOOT.ELF as is, so you can use my PFD tool to bruteforce them by specifying a PARAM.PFD and file name.
In other cases you need skills of reverse-engineering and a disassembler to find a secure file ID. That's why I had created this dumper. It dumps a secure file ID from memory itself.
3.55 CFW (e.g. Kmeaw)
MultiMAN or original dev_blind application and FTP client
1. Install Data Dumper (data_dumper.pkg) if you didn't installed it before. It is a homebrew application to dump a data from some LV2 memory to a file: /dev_hdd0/tmp/dumps.bin. A data which stored there is written by dumper loaders, e.g. by Klicensee Dumper.
2. Install Secure File ID Dumper Loader (secure_file_id_dumper_loader.pkg). It stores a file path to the file which used in your save data and a secure file ID of this file.
3. Now you need to replace original libraries located at dev_flash/vsh/module by modified versions. There are ps3_savedata_plugin.sprx, ps3_savedata_plugin_game.sprx, ps3_savedata_plugin_game_mini.sprx. I use a dev_blind feature from MultiMAN, you can use any other way. Don't forget to backup original files.
4. Reboot a console to clear a data storage in LV2 memory.
5. Now you need to start Secure File ID Dumper, then start your game.
6. Then you need to make a game save.
7. After exiting from the game you need to run Data Dumper, you will hear some beeps.
8. Then run any FTP client (e.g. builtin in MultiMAN) and download dumped secure file IDs from /dev_hdd0/tmp/dumps.bin.
9. Restore original libraries ps3_savedata_plugin.sprx, ps3_savedata_plugin_game.sprx, ps3_savedata_plugin_game_mini.sprx using the same method as at step 3.
Notes: Not all of these libraries used with all games, there is one library per game type.
Let me say a few words about the process of signing. There are two types of files - system file object (PARAM.SFO) and game files (which are encrypted by the secure file ID). The first one contains 3 or 4 hashes (depending on whether it is a trophy file database or not).
So for game saves they are a static key embedded in the prx module, your unique console ID, disc hash key and authentication ID (it is static too). So if you take a foreign save game you probably don't have its console ID and the disc hash key (you can only take a disc hash key if you have an original game disc for it).
Also if you don't have a secure file ID and you are lazy to get it (by bruteforcing it/reversing the game executable/dumping from the memory) then you can't calculate hashes for game files too. That's why I created two different modes of signing/checking - one for these people who want only to resign a foreign save game and nothing more and the second one is for people who have all data to update all hashes for their save game.
The first mode called partial update/check (see the corresponding option at pfdtool), and for full update you don't need to specify this option. The partial update only updates hashes which are easy to calculate (based on static data such as authentication ID and console ID).
So if you have a filled global.conf (all keys and your console ID) and run a partial update on the foreign save game to resign it for your console then you got a fully working resigned save game.
But if you want to modify save game files which are encrypted then you need to get all data and specify them in configuration files and then use a full update to resign it. By the way the PS3 itself doesn't check some hashes such as a hash which was calculated using a disc hash key.
So you can omit some of them (I only omitted the hash which I said and it works fine). But I don't know what situation will be in the future, maybe S0ny will add a check for them.
Finally, from aldostools: I have updated the BruteforceSaveData tool with the suggested changes. Also if you press the buttons holding Ctrl it will allow to edit the command line
TIP: Hold Ctrl key and press Enter or double-click on a game to skip the bruteforce using the keys in the database. This feature can be use useful for savegames with large data (eg. >4MB and that you already know that the key is unknown)
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
5) Press "Save Keys" (So you don't have to enter on startup)
6) Copy over *YOUR* save data from the PS3.
7) Locate "Enter Private Keys".
8) Either enter the values in yourself or load YOUR param.sfo from YOUR Save.
9) Now click save Profile (As either 01, 02, or 03)
10) On the tabs, go back to "Save Resigner"
11) Go to File > Open > Locate Modded Save Data
12) After mod save is loaded, you can change region by editing the Game ID.
13) (Don't edit the Console, Account, or User ID's)
14) Now select a profile to resign to.
15) Either decrypt the save and then edit and re-encrypt and resign OR...
16) Simply click "Resign" and use it.
17) Sometimes it still says corrupt after resign so you need to copy params.
FIXING CORRUPT ISSUES
1) Check the box of copy params of a specific game.
2) If you get an error, you need to install msvr100.dll (Link Below)
3) Now select "Resign", and it MAY fix the corrupt issue.
(I have had this problem with Sound Shapes Game Save)
msvr100.dll = http://www.microsoft.com/en-us/downl...n.aspx?id=5555
Microsoft .Net Framework 4 = http://www.microsoft.com/en-us/downl...ramework%204.0
PS3 Save Game Resigner by K.G = https://www.dropbox.com/sh/x8tvy92l6d8wgeq/A_HuXl2bDm
READ IF YOU ARE GETTING SAVEDATA CORRUPT ISSUES!!!
This is caused because the games.conf file does not have the games savedata keys in it. This is because a game that is protected with a file hash key hasn't been signed properly. In order to do this, you need to update the configuration file with keys.
Configuration File Structure
Lets pretend our game name is "JeoWay's Tutorial" and our region code for account is JWUB6144 for example.
; Game settings This is always at the top of file on the first line
Keep a space here and for every game information you put in!
; "JeoWay's Tutorial" This is where you need to put the game name in quotations.
[JWUB6144] In the brackets is where you put region code (Name of Save Folder)
;disc_hash_key= This is ALWAYS the same thing. Just copy it there EXACTLY how it is in this example and dont change it!!!
secure_file_id:*=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX X Corresponds to the Key. This is the key. Below is how to get it.
That up there ^^^^^^^^^^^^^^^^ is the Configuration Structure... Below is an example of THREE Games being recordered in the .conf file!
; "The Elder Scrolls V: Skyrim"
And it continues exactly in that form above ^^^ Notice the Spaces above, thats VERY important!!
How to get your secure_file_id (Save Key) for updating configuration file!
In order to obtain the Key for the secure_file_id to sign the save data so it won't be corrupt either copying or loading the data on PS3, you either need to use a good Brute Forcing Program, Calculate them yourself, or live without it.
I recommend using the Save Data Bruteforce program here: ps3tools.aldostools.org/BruteforceSaveData.rar
Using the Bruteforcing Program (Tutorial for Aldostools: http://www.sendspace.com/file/izyf2z)
1. Make sure "Use Data Aligment" is checked in the top right hand corner.
2. Under the "Use Data Aligment", press the button with three periods "..."
3. Find your save data folder and select it.
4. Once opened, where the information is displayed in the middle, right click it and press "Bruteforce"
5. It will ask you to bruteforce again, press yes and at the bottom should be the info you should recognize (The .conf information).
6. Copy and Paste that code into the Configuration File in the Save Resigner (Refer to Configuration File Structure to learn how)
7. Save the configuration file and voila, just resign your savedata and you shouldn't get anymore errors.
How to copy save data to your PlayStation 3!
1. Plug in your USB to your PC
2. In the root, create a folder called "PS3" (Without quotations.)
3. Inside the folder "PS3", create another folder called "SAVEDATA (Again, no quotations)
4. Inside the folder "SAVEDATA", place your resigned save data in there.
5. Plug USB in PS3, now copy over to PS3.
Come on. I play games for the fun of it and I use Cheat devices also such as Game Genie but I am tired of hearing people complain about Stupid Trophies.
All the Trophies are dumb since it just lets people Brag about their achievements and such which I don't play games just to show off and look like Top Dog or anything with Trophies, I play to just have fun with the game like I always did all the way back to NES and Even Atari.
Damn game companies and even console makers have just advanced way too far these days and now do to stupid online play and stupid trophies, Us people that like the good old cheat devices to make our games more fun even extend the fun using cheats and even funny cheats that make the game do funny stuff, now we have trouble using them do to limits caused by this new online play and now dumb Trophies which I have trophies also but if I could, I would delete mine and block mine from ever showing again.
Everyone that goes for Trophies, Grow up since you are not a Top Dog on games and you need to just play your games and or play them with your friends that visit you or you visit and leave us alone that use cheats and Stop trying to ban our cheat devices or we may jump in and Fight rough back and start a PS3 war or something.
Some people like me have already played that game on another account and just want it moved to the new account. But as for cheating after the 2nd or 3rd playthrough you sometimes want the big guns from the start.
If your playing singleplayer then who really cares if you cheat or not? Games are meant for fun and if your having fun and cheating then who cares, enjoy
But if you cheat in Multiplayer then you suck bigtime.
This seem good just to have some fun with a game, but as for cheating on a game, what's the point of buying a game to cheat it, i like the challenge of the games i buy isn't that the point of gaming to overcome the challenges in the game to complete it. well that's what i think.
How to Resign PS3 Trophies to New Profile Tutorial by barelynotlegal
so ya got banned (ha ha, so did i and wanted to get my status back, ie trophies and gamesave) here ya go. THANx to ALDOS & Stoker25
So i have started all over with new profile from scratch. will be posting this as new thread and maybe hopefully a tutorial for others. so here we go... NOTE I AM USING REBUG 4.41 LITE
1. create a new profile.
2. create a new account via internet (psn store)
3. spoof console id using psid patch by stoker 25 (thanx stoker and of course aldos
4. once spoofed sign up using account already created(you have two options create new account or use already created account) browse the store, then quit.
5. log out and load a game however you want (bd disk or manager), play and save. (i use borderlands 2 cause not only auto save but trophy at beginning of game) then quit. (so now you have new profile with psn account and fresh game save with psn attached.)
6. load multiman and extract trophy direct from old profile, also ftp new profile gamesave (that way you have all info required, psid, console id, and param from new profile. (i always make a backup "new trophies" folder in case something goes wrong)
7. now open bruteforce (run as admin) and select gamesave from new profile.
select set param.sfo as template, configure profiles, set param fro profile (whatever you want) then a window will open with param from new gamesave(use that) then it should show your psid or numbers. after that should be good to go.
8. now open "new trophies folder" via bruteforce and you should see something like this..(note that they have been signed except one, using as a example)
9. now just select trophy and use rebuild button. BEFORE YOU DO ANYTHING ELSE, delete param.sfo_original or it will not work, i always forget to. lol
10. now just ftp back to ps3 home/user_xx/trophy/ (new profile.)
11. get into recovery mode and rebuild database...
(power off then hold power button til it starts then shuts off then hold power button again until you here 2 beeps and let go)
note i think you will have to spoof console every time you use this new profile as its tied with new console id, so just spoof before every sign in via profile) and for those who have trophies that have no attachments (see photo)
just use ps3tools game updates and type in name of game then select the region of your copy, then double click on sfo (bottom left corner of bruteforce) param editor will pop up , just copy and paste the tittle id( blus, bles, bcus, ect ect) click save and done. refresh bruteforce , you will now see a name next to the trophy. now just rebuild with correct profile and POW. done
(took me many times to figure that part out) once again i hope this helps someone.. please feel free to ask or add input. haven't seen much covered about this and i know there is people looking to do this. and if anyone knows if there is a rogero that lets you get to psn store without update is required message let me know. will try it on that CFW too. please give thanX if helped, to let me know it was appreciated. took me a while to iron all this out.