49w ago - Following up on their previous progress updates, today the PS3UserCheat PS3 Cheat USB dongle has been hacked for use on PS3 Custom Firmware (CFW) without a dongle by Oct0xor (aka Mr. DongleBreaker) and Flat_z.
Below are some excerpts from his Twitter (linked above), as follows:
Release: ps3usercheat dongle pwned!
I am not a lone wolf and say thanks to all who helps me anyhow with this: @flat_z. <3
Also thanks to Baphometh from psjailbreak.ru who donated dongle to me. Btw its first dongle hacked since original psjailbreak.. all features are available. 1/3... Who's next ?
This also does screenshots in all games. I had patch all by hand, binary. Btw the latest 6.0 cheatlist will be later, when I get some free time.
PS3UserCheat doesn't currently work on TB or Cobra CFW (kicks you back to the PS3 XMB), possibly because it may use peek & poke (speculation at the moment).
Also God of War 3 (BCUS98111) PS3 freezes / locks up the PS3 console when using previous game saves so a new save is required for use with cheats.
To change the title ID you simply need to load the PARAM.SFO in PS3SFOEdit and modify it with another title ID, so you have to use only the real title ID for the game (US, EUR, etc.).
For example in GOW3 (BCUS98111) you don't have the choice to change in-game language for the subtitles, or audio. But when you change the title ID to BCES00510 (EUR version) the menu appears in the options. Don't forget to make backups of your files before you modify them!
Finally, below is a brief PS3UserCheat Tutorial from jakenastysnake (via psx-scene.com/forums/f224/ps3usercheat-103959/#post978858):
STEP 1: You will need to download the PS3usercheat PKG file. Hopefully this part is self explanatory, but if not, then continue on...
Unzip the file and put the .pkg file on the root of a USB drive (The package should be named UP0001-CHET11111_00-0000111122223333.pkg)
STEP 2: Insert your USB drive into the PS3 and find the "Install Package" option under the Game column in the XMB. Install the package. After the package has been installed, the PS3usercheat icon should be visible under Game.
This is a good time to insert your PS3 game disc and load up a game from Multiman or whatever you use for a backup manager. Be sure to make note of the game ID before loading it up... you WILL need it.
STEP 3: Run PS3usercheat (or CU or Code Unique... whatever you wanna call it) and locate your game in the list. It is VERY important that your game ID's match up or this will not work properly. When you find your game, press Circle to view the available cheats. Again, you MUST press Circle to select the cheats that you want. After selecting your cheats, press Start.
STEP 4: You should be back at the XMB now.
*Note - I noticed that if you try loading your game through the */app_home/PS3_GAME/ option, the cheats might not work and when you quit the game, the cheats will be reset (Ex: God of War III on Rebug 3.55.2). That being the case, I would run the game from the disc icon instead.
Run the game from the disc icon and wait for it to load. Test the cheats out and if they work, great! If not, double check your game ID. Also, BE SURE you run the game from the disc icon instead of */app_home/PS3_GAME/
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
Can anyone able to communicate with the devs ask them if they could include multicore support for bruteforcing? I've got a fairly crappy quad core and each core can't do much on its own, but pfdtool seems to be locked to a single core.
Either that, or CUDA/OpenCL. one or both of those options should really speed up the bruteforcing.
Following up on his previous update, today PlayStation 3 developer Flat_z has updated the PS3 Save Game Tools Pack to include SFOPatcher v0.2.0 and PFDTool version 0.2.3 alongside an update to the BruteforceSaveData GUI by aldostools below.
From Flat_z: Some people asked me about the source code of pfd & sfo tools.. here they are (linked above).
Guys, here is an update of my tools. It contains an update to sfopatcher (see the changelog below) and a small update to pfdtool. Previously you should make a save game for your game on your console and then use PARAM.SFO from it as a template to PARAM.SFO from a foreign save game to build a new PARAM.SFO which will contain the data specific to your console. A newer version of sfopatcher will use a foreign save data directory and params only if you specify these options.
From aldostools: A new version of the frontend is available with the updated tools from flatz and new settings to take advantage of these features.
Changes: new "Rebuild" option, new "Restore" option, updated the database with secure_file_id for more than 750 games (over 3140 title ids). Added a new "date" column. Special thanks to flatz, Alex at CMP, acab, skillerCMP, gingerbread and many others
Added an option to specify the relative offset to advance each time while bruteforcing a secure file ID.
Finally, below is a guide from zorrolaro on how to use PFDTool without PS3 CFW using Borderlands 2 as an example:
Create a folder near your root drive for pfdtool (i.e. c:/pfdtool/), then extract all files into that folder from the linked archive.
Download and install wireshark and winPcap (included with the wireshark installer)
Download and install the .net runtimes
Download and install PS3 ProxyServer
Open a command prompt (start menu -> all programs -> accessories -> command prompt) and enter command "ipconfig". Write down the IPv4 address (should look like 192.168.0.10 or something similar)
Open PS3 ProxyServer and copy the IPv4 address you wrote down into the IP Address field and check of PS3 mode, leave the other options alone. Hit the big start button. Keep you IPv4 number handy, you'll need it again. Leave this program running.
Open Wireshark. On the left side there is an option to start capture. Left click with your mouse to select the appropriate network adapter listed below the start command. If you are not sure about which adapter to use, select them all using ctrl + left mouse click. Hit the start button once you've highlighted the appropriate adapters. Leave this program running.
Boot up your PS3 and navigate to Settings -> Network Settings -> Internet Connection Settings. on the first page select Custom, on the second select whether you are connected wirelessly or wired. Skip all other options by hitting right on your controller until you get to the Proxy Server page, then select use for that option. input the IPv4 address you wrote down earlier into the top field.
Make sure that the port number on this page matches the port number on PS3 ProxyServer (should both say 8080). Skip to the last page on the configuration and hit x. Test connection when prompted by hitting x again. As long as the top 3 fields say succeeded you can carry on to the next step. if not, review your settings in this step and steps 5 and 6 and retry.
Sign into the playstation network and login to the psn store.
Go back to your pc and check Wireshark. There should be a whole bunch of information displayed on the screen, don't worry you don't need to know what it means. Press [ctrl]+ e to stop capturing, then press [ctrl]+f to bring up your search dialogue. Under "find" check of "string" and under "Search In" check off "Packet bytes". Enter 0000000100 as your search criteria and hit enter. If the necessary packet was found, in the bottom frame it should show the number highlighted on the right side (plaintext view) to ensure you have the right packet, right before the highlighted text it should say "devideID":" and then the numbers you searched for.
Take all the numbers and letters starting with your highlighted numbers and copy everything down until you find the next quotation mark in the plaintext. You should have a total of 32 digits written down. Should look something like 000000010084 followed by a bunch of letters and numbers. This is your console id.
Go to the folder you installed pfdtool in. Open global.conf in notepad. Eidt the line where it says console_id=by adding the console id you just captured after the =. Also change the other fields that are bolded below to match
Save file and exit (make sure you save as .conf not .txt)
Open the games.conf file in the same folder. Edit it as follows for NA retail disc version only. You'll have a different game id (the BLUS30982) and secure_file_id. You'll need to ask for someone on the forums to get those for you if you are using a different region, version or entirely differnt game. You can add additional games follwing the same layout by adding more lines. The disc_hash_key is commented out, so you will get a notifaction everytime you use pfdtool, but it still works fine.
Save and close the file once you are done adding games. Again make sure you save as .conf, not .txt.
Make sure you have a copy of your save game on your pc. I like to copy them right into the same folder as pfdtool to make for shorter commands.
You are now ready to actually use pfdtool. Navigate your command prompt to the folder you installed it (command to use is simply the path of the folder, ie "c:/pfdtool"). To decrypt we use the following command:
Where the part in quotations will be changed to reflect your actual drive location and the name of the file will be changed to your actual file name. The file name and path are case sensitive, make sure you double check you have the right case.
You now have a decrypted save file. Use your hex editor of choice or in the case of Borderlands 2 you can use the latest version of Gibbed's Borderlands 2 Save Editor. Once you are done editing, sae your game again and onto the last step.
All that's left at this point is to encrypt the file again. See below, same notes as when decrypting about file path and name.
You can now transfer your save game back to your PS3.
A couple of quick notes: I have tried to make this as noob friendly as possible, but you still need some basic knowledge to follow this guide. Also, atm I really have no interest in modding any other save games so I do not have the info for other games to place in your games.conf file, though if anyone wants to post them I will be happy to add them to the guide. I did not write nor do I support any of the software mentioned in this guide.
Unfortunately we can't extract it from .PFD because IDPS is not stored there. They used it as a HMAC key to hash the content of PARAM.SFO.
I already said many times that some hashes are not checked. That's why Xploder works fine without your console ID. But my goal was the correct generation of the PFD (because S0ny can add new checks in the future) and I had managed to use all keys but you can omit some of them (based on your console id or disc hash key, for example).
From cheetahh: I can confirm that flat_z tool can be used to decrypt TROPTRANS.DAT file and if you know how to modify all the files correctly (there are different checksums and hashes in the files) you can sync those unlocked trophies to PSN as well.
From Sunny992: All information should be free, don't conceal it if it's already leaked, which it was.
Following up on his initial release, this weekend PlayStation 3 developer Flat_z has updated his PS3 Save Game Tools hacking pack alongside a fix for PFDTool v0.2.0 followed by v0.2.1 and v0.2.2 with details below.
From the included ReadMe file: Guys, here is an updated version of pfdtool.
Please test it carefully because I have no time at the moment to test it by myself.
Support of PARAM.PFD for trophies (without keys, of course)
Support of PARAM.PFD v4 which used in a newer SDK
Fixed a bug with verify operation on signature hashes
Now you can use a list of product codes delimeted by '/' (slash), for example: [BLUS31142/BLES01403], they should use the same disc hash key and secure file IDs
Show an information about .PFD type and version
The format for 'global.conf' is different. Please add these changes to your files:
1. Add a new parameter called 'user_id' which set the user identifier (the same number as used in your home folder: /dev_hdd0/home/[user_id]/)
2. Add a new parameter called 'keygen_key'. Open 'Talk:Keys' page on the PS3DevWiki and search for string 'KeygenV4'
3. Rename the parameter 'param_sfo_key' to 'savegame_param_sfo_key' (see below)
4. There a bunch of new keys for trophies: 'trophy_param_sfo_key', 'tropsys_dat_key', 'tropusr_dat_key', 'troptrns_dat_key', 'tropconf_sfm_key' and they are not public so left them as XX.
Also I noticed that some of you use a kernel swapping feature in the REX firmware. Don't forget to use your current (!) console ID. For example, if you made a save game on a DEX then you need to specify a DEX console ID.
Disc hash keys are sent to the PS3 by the Blu Ray Drive itself (well, not the actual disc hash key but some data from the disc which will be encrypted after that and used as a disc hash key).
PFDTool 0.2.1 Changelog:
Fixed issues with the file size.
PFDTool 0.2.2 Changelog:
Now encrypt and decrypt operations update hashes automatically (be sure to use all keys!).
Fixed another issue with the file size of modified files.
Removed a verbose flag because it is not used at the moment.