7w ago - Following up on the previous updates and SCETool Script, today PlayStation 3 developer Habib (aka smhabib) who recently released Habib CEX 4.50 V1.03 PS3 CFW unofficially updated PS3 SCETool to version 0.3.1 for Custom Firmware users with the changes below.
To quote: Basically what it does is,it encrypts iso modules (needed for cfw creation!) with its respective indiv seeds of eid.now normal people can do amazing things.i first posted this on psx-scene but with not much details.SO HERE IT GOES WITH SRC!!!!
A short NOTE:the keys should be only edited with notepad++ to save its formating or you might get errors(latest keyset included!)
FOR N00BS: you can also use scetool --template spu_token_processor.self(original self) --sce-type=SELF --encrypt spu_token_processor.elf(modified elf) spu_token_processor.self(output modified self)
2. my friend anonymous dev
I SALUTE YOU BOTH!!!!!!!!!
1. Fixed makefile
2. Added indiv seed options for creaters of cfw or for some testers
From zecoxao: Here is the tool on github (github.com/zecoxao/scetool) with all the added "changes" (which was commenting one line and uncommenting two, bravo...)
And here's an example of the new features being used: pastebin.com/Cw6uPiaJ
To quote: Now I'll give you example of a Fan Control Utility being ran with my kernel and not with any other 4.50 cfw.if you try you'll simply get an error showing bad temp reading and sys_sm_get_fan_policy error. Currently source code is a lot a mess but ill be sharing it too.
Current Syscalls Added are: 386,389,409,383.
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
Today PlayStation 3 homebrew developer spacemanspiff has released OpenSCETool (OSCETool) v0.9.2 which is an open-source clone of the original SCETool followed by the SCETool source code by naehrwert with details below.
To quote: OpenSCETool is a clone of scetool under an open source license. SCETool was reverse engineered and analized to produce this program, and copied his behaivour.
OpenSCETool (OSCETool) Changelogs:
Fixed rap/rif/idps/act.dat management. Now it works fine.
Fixed a segfault decrypt some SELFs.
Added option -p to patch the sys_process_param when signing an ELF. This is the same as applying FixELF.exe before signing.
Added support to klics.txt. If the klicensee is not specified, it is looked up in the data/klics.txt automatically (only for decrypt).
First commited version, compatible with SCETool 0.2.9.
Now GNU/Linux users can have a native tool too. If you want an SCETool replacement, remember to add this keys (this were in the code, you can find them in previous revisions of the code, or in flatz's rif/raf tools:
Plaintext sections will now take less space in metadata header keys array.
Added option to specifiy a template SELF to take configuration values from.
Added option to override the keyset used for en-/decryption.
Fixed NP application types.
[Firmware Version] will now be written to control info only.
[Application Version] will now be written to application info only.
Version 0.2.8 (intermediate release):
Fixed minor bugs where scetool would crash.
Added SPP parsing.
Decrypting RVK/SPP will now write header+data to file.
Added local NP license handling.
Added option to override klicensee.
Added option to disable section skipping (in SELF generation).
Added option to use provided metadata info for decryption.
"PS3" path environment variable will now be searched for keys/ldr_curves/vsh_curves too.
Added option to display raw values.
Moved factory Auth-IDs to (as they are on ps3devwiki now).
Added options to override control/capability flags (32 bytes each).
Fixed where a false keyset would crash scetool when decrypting a file.
Some source level changes and optimizations.
zlib is required to use scetool.
'sdk_type' was changed to 'revision' in data/keys.
1. Add subfolder traversal in edat/sdat folder.
2. Fix 2G+ file handling issue (probably).
3. Fix syntax issue while handling certian edat files.
4. Re-adjust the mainmenu.
1. Add SDAT file supporting.
1. Fix Java OutOfMemory for encrypting big files.
2. Add JVM Memory config in toolcore.cfg.
1. Decrypt and encrypt edat files on pc.
2. Fast rebuild mode.
3. Batch mode.
4. Dev Klic should be input manually at now.
It seems Windows 8 cannot pass the java check.. maybe fix it in next version.
Finally, from oakhead69: Hi jjkkyu, If you have based your code on my C# code which in turn is based on the port by KDSBest. There is a significant bug in the reverseByteWithSizeFIX code.
It will fail the hash check on some data blocks, hench KDSBest removed the test. More importantly when generating the hash for the data blocks during encryption, the hash will be incorrect. Hench the resulting SDAT/EDAT will be bad. I have attached some updated code below.
public static byte reverseByteWithSizeFIX(byte b)
if (b.Length < 0x10 && (b[b.Length - 1] & 0x80) != 0)
b2 = new byte[0x10];
for (i = 0; i < b.Length; i++)
b2[b2.Length - 1 - i] = b[i];
for (i = b.Length; i < 0x10; i++)
b2[0x10 -1 - i] = 0xff;
b2 = new byte[b.Length];
for (i = 0; i < b2.Length; i++)
b2[b2.Length - 1 - i] = b[i];
So.. it only works if we find the klic for the edat we want to decrypt? If there's a way to automate cracking it (I've suggested this before but.. CUDA/OpenCL anyone?) that would make this even better, but This is great nonetheless. Does it work on all types of edat? Like DLC, paid themes, iso.bin.edat, docinfo.edat, etc.?