77w ago - Following up on the
version 2.2 update, today True Blue (JB2) version 2.3 has arrived alongside some
reverse-engineering updates including v2.3 UnPKG'd / UnSelf'd and the Payload from the PlayStation 3 Development Wiki below.
Download:
True Blue (JB2) PS3 Update v2.3 /
True Blue (JB2) PS3 Update v2.3 (Mirror) /
True Blue (JB2) PS3 Update v2.3 (Mirror #2) /
True Blue (JB2) PS3 Update v2.3 UnPKG'd / UnSelf'd /
True Blue (JB2) PS3 Update v2.3 Payload_2.3.bin
From the ReadMe File: True Blue Dongle Update v2.3
How to update:
1. Make sure your PS3 is running the True Blue "3.55-Dongle" CFW (custom firmware)
2. Copy TrueBlueUpdate-2.3.pkg from this archive to a USB flash drive
3. Boot your PS3 _WITHOUT_ True Blue inserted, and then insert the USB flash drive
4. Navigate to (Game) -> (Install Package Files), and then select TrueBlueUpdate-2.3.pkg
5. The True Blue updater will be installed onto your PS3 HDD
6. Navigate to (Game) and load "True Blue Update v2.3"
7. The updater will start, and will then prompt you to insert the True Blue dongle. Insert it only at this point, and continue. Your dongle will then be updated
8. After the update procedure has completed your PS3 will reset, and you will then be able to enjoy your updated dongle
9. You may delete the True Blue Updater from your HDD after the update is complete
Change log:
- v2.3
- Fixed games requiring "BD Mirror"
- True Blue firmware version is now displayed on the XMB "System Information" screen
- v2.2
- Initial worldwide release
- Support for running "True Blue" titles directly from HDD via standard backup managers
From
Bartholomy on the update:
This is what happen with
Rebug TB using BD mirror. So if this is a problem of Rebug TB i hope will be fixed. For sure i'm not moving to 3.55-dongle, all my saves are ruined with fakesaveowner.
Those interested can see
THIS post for more details and updates.
From Sony PlayStation 3 hacker
KaKaRoToKS on the True Blue PS3 USB dongle via Twitter:
xl14 (http://twitter.com/#!/xl14/status/140036151984652289):
KaKaRoToKS In your opinion is worth buy the true blue?
KaKaRoToKS (http://twitter.com/#!/KaKaRoToKS/status/140064074988929024):
xl14 no. Dont
KaKaRoToKS (http://twitter.com/#!/KaKaRoToKS/status/144612386341531648): http://pastie.org/2983927
As far as I understand it, the hate for TB is because what they achieved was to decrypt newer npdrm games and what they did is they patch the games to check for the TB dongle or quit. The TB dongle does *NOTHING* other than a DRM that is completely not needed.
The torrent releases that are "TB compatible" just means that they added the DRM check that prevents them from running if you didn't buy a TB dongle. That's not any kind of help to the scene and it's people getting paid by promoting piracy.
PlayStation 3 developer
CrashSerious also commented on the True Blue dongle in an interview, to quote in part:
"I can say that we don't like the disease that Cobra pushes with their Cobra and Cobra True Blue DRM replacement dongles. Ironically, they replace one DRM with another- in the process, stealing from those in the scene that did the work in the first place. Cobra offered some features that were new initially, but did so on the backs of the people before them. They made money off these people, like graf and others, and maintain no known public or private link to the scene. We find it interesting that even Cobra does not come out and claim responsibility for the Cobra True Blue dongle, but simple analysis points directly to them.
The Cobra True Blue Dongle seems to only promote theft, yet could have valid uses for those who wish to buy and play newer games on their <3.56 FW Consoles. Yet they have chosen NOT to give back to the scene, by implementing their own Cobra TB Encrypted Eboots, when keys for 3.55 and below are already known and useable by all jailbroken consoles. They have therefore instead chosen to profit from a situation that we all have been placed in by Sony's initial choice to remove otherOS and prohibit true homebrew applications in the name of "preventing piracy".
Additionally, the Cobra True Blue dongle took this one step farther by selling these Cobra TB disks- a clear violation of copyright and a threat to all of us wanting homebrew on future systems."
There is also some reverse-engineering updates from
eussNL today as follows via: ps3devwiki.com/index.php?title=PS3JB2_Reverse_Engineering#Content_Releases
lv2_kernel.self
http://pastie.org/private/onlbfdxjdtaddb9blu0sq
-800000000028fe30: f8 21 ff 11 stdu r1,-240(r1)
-800000000028fe34: 7c 08 02 a6 mflr r0
-800000000028fe38: 38 61 00 70 addi r3,r1,112
-800000000028fe3c: fb 41 00 c0 std r26,192(r1)
-800000000028fe40: fb 61 00 c8 std r27,200(r1)
-800000000028fe44: fb 81 00 d0 std r28,208(r1)
-800000000028fe48: fb a1 00 d8 std r29,216(r1)
-800000000028fe4c: fb c1 00 e0 std r30,224(r1)
-800000000028fe50: fb e1 00 e8 std r31,232(r1)
-800000000028fe54: f8 01 01 00 std r0,256(r1)
-800000000028fe58: 4b dc 12 05 bl 0x800000000005105c
-800000000028fe5c: 2f 83 00 00 cmpwi cr7,r3,0
-800000000028fe60: 40 9e 00 1c bne- cr7,0x800000000028fe7c
-800000000028fe64: 89 21 00 70 lbz r9,112(r1)
-800000000028fe68: 3b e0 00 01 li r31,1
-800000000028fe6c: 39 29 ff ff addi r9,r9,-1
-800000000028fe70: 55 29 06 3e clrlwi r9,r9,24
-800000000028fe74: 2b 89 00 01 cmplwi cr7,r9,1
-800000000028fe78: 40 9d 00 b4 ble- cr7,0x800000000028ff2c
-800000000028fe7c: 3b 41 00 74 addi r26,r1,116
-800000000028fe80: e8 82 18 58 ld r4,6232(r2)
-800000000028fe84: 38 a0 00 3f li r5,63
-800000000028fe88: 7f 43 d3 78 mr r3,r26
-800000000028fe8c: 3f a0 80 01 lis r29,-32767
-800000000028fe90: 4b db e8 bd bl 0x800000000004e74c
-800000000028fe94: 38 00 00 00 li r0,0
-800000000028fe98: 39 20 00 01 li r9,1
-800000000028fe9c: 90 01 00 b4 stw r0,180(r1)
-800000000028fea0: 91 21 00 b8 stw r9,184(r1)
-800000000028fea4: 4b d8 04 91 bl 0x8000000000010334
-800000000028fea8: 4b d8 04 bd bl 0x8000000000010364
-800000000028feac: eb 62 18 08 ld r27,6152(r2)
-800000000028feb0: eb 82 18 00 ld r28,6144(r2)
-800000000028feb4: 63 bd 00 2b ori r29,r29,43
-800000000028feb8: 3b c0 00 0a li r30,10
-800000000028febc: 7f 43 d3 78 mr r3,r26
-800000000028fec0: 7f 84 e3 78 mr r4,r28
-800000000028fec4: 7f 65 db 78 mr r5,r27
-800000000028fec8: 38 c0 00 00 li r6,0
-800000000028fecc: 38 e0 00 01 li r7,1
-800000000028fed0: 39 00 00 00 li r8,0
-800000000028fed4: 39 20 00 00 li r9,0
-800000000028fed8: 39 40 00 00 li r10,0
-800000000028fedc: 48 02 2b e1 bl 0x80000000002b2abc
-800000000028fee0: 7f 83 e8 00 cmpw cr7,r3,r29
-800000000028fee4: 7c 7f 1b 78 mr r31,r3
-800000000028fee8: 40 9e 00 44 bne- cr7,0x800000000028ff2c
-800000000028feec: 7d 30 42 a6 mfsprg r9,0
-800000000028fef0: e9 69 00 a0 ld r11,160(r9)
-800000000028fef4: 3c 80 00 07 lis r4,7
-800000000028fef8: 38 a0 00 00 li r5,0
-800000000028fefc: 38 c0 00 00 li r6,0
-800000000028ff00: 60 84 a1 20 ori r4,r4,41248
-800000000028ff04: e8 6b 00 40 ld r3,64(r11)
-800000000028ff08: 4b d9 86 11 bl 0x8000000000028518
-800000000028ff0c: 4b d8 04 29 bl 0x8000000000010334
-800000000028ff10: 38 80 00 2e li r4,46
+800000000028fe30: 7c 08 02 a6 mflr r0
+800000000028fe34: f8 01 00 10 std r0,16(r1)
+800000000028fe38: f8 21 ff 81 stdu r1,-128(r1)
+800000000028fe3c: 48 00 00 25 bl 0x800000000028fe60
+800000000028fe40: 38 21 00 80 addi r1,r1,128
+800000000028fe44: e8 01 00 10 ld r0,16(r1)
+800000000028fe48: 7c 08 03 a6 mtlr r0
+800000000028fe4c: 78 00 07 c4 rldicr r0,r0,0,31
+800000000028fe50: 64 00 00 7f oris r0,r0,127
+800000000028fe54: 7c 09 03 a6 mtctr r0
+800000000028fe58: 4e 80 04 20 bctr
+800000000028fe5c: 00 00 00 00 .long 0x0
+800000000028fe60: f8 21 ff 81 stdu r1,-128(r1)
+800000000028fe64: 7c 08 02 a6 mflr r0
+800000000028fe68: fb e1 00 78 std r31,120(r1)
+800000000028fe6c: 3b e0 00 00 li r31,0
+800000000028fe70: f8 01 00 90 std r0,144(r1)
+800000000028fe74: 57 e9 38 30 rlwinm r9,r31,7,0,24
+800000000028fe78: 38 00 ff ff li r0,-1
+800000000028fe7c: 7d 29 07 b4 extsw r9,r9
+800000000028fe80: 78 00 00 04 rldicr r0,r0,0,0
+800000000028fe84: 39 69 00 08 addi r11,r9,8
+800000000028fe88: 65 29 0f 00 oris r9,r9,3840
+800000000028fe8c: 65 6b 0f 00 oris r11,r11,3840
+800000000028fe90: 79 29 00 20 clrldi r9,r9,32
+800000000028fe94: 79 6b 00 20 clrldi r11,r11,32
+800000000028fe98: 7d 29 03 78 or r9,r9,r0
+800000000028fe9c: 7d 6b 03 78 or r11,r11,r0
+800000000028fea0: 57 e4 18 38 rlwinm r4,r31,3,0,28
+800000000028fea4: 38 60 00 00 li r3,0
+800000000028fea8: 7c 84 07 b4 extsw r4,r4
+800000000028feac: e8 a9 00 00 ld r5,0(r9)
+800000000028feb0: e8 cb 00 00 ld r6,0(r11)
+800000000028feb4: 54 c6 02 1e rlwinm r6,r6,0,8,15
+800000000028feb8: 60 c6 01 90 ori r6,r6,400
+800000000028febc: 48 00 00 39 bl 0x800000000028fef4
+800000000028fec0: 60 00 00 00 nop
+800000000028fec4: 38 1f 00 01 addi r0,r31,1
+800000000028fec8: 7c 1f 07 b4 extsw r31,r0
+800000000028fecc: 2f 9f 00 80 cmpwi cr7,r31,128
+800000000028fed0: 40 9e ff a4 bne+ cr7,0x800000000028fe74
+800000000028fed4: e8 01 00 90 ld r0,144(r1)
+800000000028fed8: eb e1 00 78 ld r31,120(r1)
+800000000028fedc: 38 21 00 80 addi r1,r1,128
+800000000028fee0: 7c 08 03 a6 mtlr r0
+800000000028fee4: 4e 80 00 20 blr
+800000000028fee8: 00 00 00 00 .long 0x0
+800000000028feec: 00 00 00 01 .long 0x1
+800000000028fef0: 80 01 00 00 lwz r0,0(r1)
+800000000028fef4: 7c 08 02 a6 mflr r0
+800000000028fef8: f8 01 00 10 std r0,16(r1)
+800000000028fefc: 39 60 00 01 li r11,1
+800000000028ff00: 44 00 00 22 sc 1
+800000000028ff04: 7c 63 07 b4 extsw r3,r3
+800000000028ff08: e8 01 00 10 ld r0,16(r1)
+800000000028ff0c: 7c 08 03 a6 mtlr r0
+800000000028ff10: 4e 80 00 20 blr
800000000028FE30 .drop r27
800000000028FE30 .drop r28
800000000028FE30
800000000028FE30 # =============== S U B R O U T I N E =======================================
800000000028FE30
800000000028FE30
800000000028FE30 sub_28FE30: # CODE XREF: sub_28FF58+FCp
800000000028FE30 # sub_28FF58+1FC_p
800000000028FE30 # DATA XREF: 0000000000324938
800000000028FE30
800000000028FE30 .set arg_10, 0x10
800000000028FE30
800000000028FE30 7C 08 02 A6 mflr r0
800000000028FE34 F8 01 00 10 std r0, arg_10(sp)
800000000028FE38 F8 21 FF 81 stdu sp, -0x80(sp)
800000000028FE3C 48 00 00 25 bl sub_28FE60
800000000028FE40 38 21 00 80 addi sp, sp, 0x80
800000000028FE44 E8 01 00 10 ld r0, arg_10(sp)
800000000028FE48 7C 08 03 A6 mtlr r0
800000000028FE4C 78 00 07 C4 clrrdi r0, r0, 32
800000000028FE50 64 00 00 7F oris r0, r0, 0x7F
800000000028FE54 7C 09 03 A6 mtctr r0
800000000028FE58 4E 80 04 20 bctr
800000000028FE58
800000000028FE58 # ---------------------------------------------------------------------------
800000000028FE5C 00 00 00 00 .long 0
800000000028FE60
800000000028FE60 # =============== S U B R O U T I N E =======================================
800000000028FE60
800000000028FE60
800000000028FE60 sub_28FE60: # CODE XREF: sub_28FE30+Cp
800000000028FE60
800000000028FE60 .set var_8, -8
800000000028FE60 .set arg_10, 0x10
800000000028FE60
800000000028FE60 F8 21 FF 81 stdu sp, -0x80(sp)
800000000028FE64 7C 08 02 A6 mflr r0
800000000028FE68 FB E1 00 78 std r31, 0x80+var_8(sp)
800000000028FE6C 3B E0 00 00 li r31, 0
800000000028FE70 F8 01 00 90 std r0, 0x80+arg_10(sp)
800000000028FE74
800000000028FE74 loc_28FE74: # CODE XREF: sub_28FE60+70j
800000000028FE74 57 E9 38 30 slwi r9, r31, 7
800000000028FE78 38 00 FF FF li r0, -1
800000000028FE7C 7D 29 07 B4 extsw r9, r9
800000000028FE80 78 00 00 04 clrrdi r0, r0, 63
800000000028FE84 39 69 00 08 addi r11, r9, 8
800000000028FE88 65 29 0F 00 oris r9, r9, 0xF00
800000000028FE8C 65 6B 0F 00 oris r11, r11, 0xF00 # 0x8001002B
800000000028FE90 79 29 00 20 clrldi r9, r9, 32
800000000028FE94 79 6B 00 20 clrldi r11, r11, 32
800000000028FE98 7D 29 03 78 or r9, r9, r0
800000000028FE9C 7D 6B 03 78 or r11, r11, r0
800000000028FEA0 57 E4 18 38 slwi r4, r31, 3
800000000028FEA4 38 60 00 00 li r3, 0
800000000028FEA8 7C 84 07 B4 extsw r4, r4
800000000028FEAC E8 A9 00 00 ld r5, 0(r9)
800000000028FEB0 E8 CB 00 00 ld r6, 0(r11)
800000000028FEB4 54 C6 02 1E rlwinm r6, r6, 0,8,15
800000000028FEB8 60 C6 01 90 ori r6, r6, 0x190
800000000028FEBC
800000000028FEBC loc_28FEBC: # CODE XREF: ROM:000000000028FF28j
800000000028FEBC 48 00 00 39 bl sub_28FEF4
800000000028FEC0 60 00 00 00 nop
800000000028FEC4 38 1F 00 01 addi r0, r31, 1
800000000028FEC8 7C 1F 07 B4 extsw r31, r0
800000000028FECC 2F 9F 00 80 cmpwi cr7, r31, 0x80
800000000028FED0 40 9E FF A4 bne cr7, loc_28FE74
800000000028FED4 E8 01 00 90 ld r0, 0x80+arg_10(sp)
800000000028FED8 EB E1 00 78 ld r31, 0x80+var_8(sp)
800000000028FEDC 38 21 00 80 addi sp, sp, 0x80
800000000028FEE0 7C 08 03 A6 mtlr r0
800000000028FEE4 4E 80 00 20 blr
800000000028FEE4
800000000028FEE4 # ---------------------------------------------------------------------------
800000000028FEE8 00 00 00 00 .long 0
800000000028FEEC 00 00 00 01 .long 1
800000000028FEF0 80 01 00 00 .long 0x80010000
800000000028FEF4
800000000028FEF4 # =============== S U B R O U T I N E =======================================
800000000028FEF4
800000000028FEF4
800000000028FEF4 sub_28FEF4: # CODE XREF: sub_28FE60:loc_28FEBCp
800000000028FEF4
800000000028FEF4 .set arg_10, 0x10
800000000028FEF4
800000000028FEF4 7C 08 02 A6 mflr r0
800000000028FEF8 F8 01 00 10 std r0, arg_10(sp)
800000000028FEFC 39 60 00 01 li r11, 1
800000000028FF00 44 00 00 22 hvsc # hvsc(1) lv1_write_htab_entry
800000000028FF04 7C 63 07 B4 extsw r3, r3
800000000028FF08 E8 01 00 10 ld r0, arg_10(sp)
800000000028FF0C 7C 08 03 A6 mtlr r0
800000000028FF10 4E 80 00 20 blr
800000000028FF10
800000000028FF14 # ---------------------------------------------------------------------------
Only 1 function change, and a section added sub_28fe30 is replaced 1) the new section is loaded at 0x80000000007f0000 (which is where those payloads are being loaded)
lv2_kernel.bin (6.41 KB)
Note 1) : * the 28fe30 function is replaced with OFW code during exploit execution (which is why it is OFW, when there is no dongle).
That 28fe30 function mounts dev_flash, so they are in control before even dev_flash loads. When lv2 loads dev_flash, the exploit is triggered which, among the things it does, is replace the function with the proper one to mount dev_flash, then branchs to it and boot continues.
True Blue 2.3
True Blue Dongle Update v2.3 -
TrueBlueUpdate-2.3.zip (546.29 KB)
- Fixed games requiring "BD Mirror"
- True Blue firmware version is now displayed on the XMB "System Information" screen
PKG:
SHA1: B8A48394FF09A358CAB230823C18F871256C6A34
MD5: 67185C448FAEE1FE262556302FB86240
CRC32: AFF450D2
CRC16: 21C1
Unpkg/unself'ed:
TrueBlueUpdate-2.3.pkg.out.rar (1022.45 KB)
Payload (2.3)
Located in unself'ed eboot.bin @ offset:
eboot payload
Offset(h) Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00008698 00000000 09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01 .......��.�.
...
0007BD88 000736F0 99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2 �.Le*�.�sü�â
Download:
Payload_2.3.bin (461.75 KB)
SHA1: DD8C3302F5F2394B2A0D907DE972AFB8E94DB0B5
MD5: 7E4C3C6D7BA24375D3BE83074D882E0A
CRC32: 7D748CE8
CRC16: 4A3B
lv2 dump (2.3)
Payload @ file offset 0x8698 - 0x736F0
descriptors (2.3)
Start Offset End Offset descriptor Description
0x0000000 ... 0x0
09 02 1200 01 00 00 80 fa
09 04 00 00 00 fe 01 02 00
00 00 00 00 00 00 fa ce b0 03 aa bb cc dd
- - -
09 03 A6 4E 80 04 21
09 03 A6 E8 5F 00 08
09 03 A6 E8 5F 00 08
09 00 00 F8 41 00 28
09 03 A6 E8 49 00 08
09 00 00 F8 41 00 28 E9
09 03 A6 E8 49 00 08 4E
...
Here is a PS3 True Blue Installation Guide from
erick2010 for those interested:
PS3 True Blue Installation Guide
Step 1: Make sure your PS3 is in V3.55 system, either OFW (official firmware) or CFW (official firmware). Which means if your PS3 is lower than V3.55, just update it to V3.55! If your PS3 is higher than V3.55, sorry, you can not use this item. please use E3 flasher to downgrade your PS3 to V3.55 first.
Step 2: When your PS3 is in V3.55, you need to install the PS3 True Blue V3.55 CFW. Here is the method on how to install PS3 True Blue V3.55 CFW.The update method is just the same as update the official firmware via USB storage.
- Download the PS3 True Blue V3.55 CFW
- Extract the file, you will get "TrueBlue-3.55-CFW" folder, you can see "PS3UPDAT.PUP" inside.
- Prepare a USB storage, create a folder named "PS3"in the root of your USB storage, then create another folder named "UPDATE" in the "PS3" folder, in the end put the "PS3UPDAT.PUP" in the "UPDATE" folder. So it is: USB storage----PS3----UPDATE----PS3UPDAT.PUP
- Insert your USB storage into your PS3 USB interface and power on your PS3.
- Move to the system update option and choose update via USB storage.
- Choose the PS3UPDAT.PUP and start updating, go and drink a beer, wait until it finishes updating. Don't do anything during the update progress.
- Your PS3 will be in PS3 True Blue V3.55 CFW after the installation.
Step 3: Update your PS3 True Blue to the latest version V2.3.
- Download the True Blue (JB2) PS3 Update v2.3
- Extract the file you will get "TrueBlueUpdate-2.3.pkg"
- Put the "TrueBlueUpdate-2.3.pkg" file in your USB storage.
- Insert the USB storage into your PS3 and then install the pkg file in your PS3.
- After you finish the installation, you will see the "True blue Update V2.3"
- Click the "True blue Update V2.3" it will ask you to insert your PS3 True Blue. then insert your PS3 True Blue.
- Go on the update procress to finish the update.
After this step, you have installed the PS3 True Blue successfully. Let's go and start playing a game. i will take "FEAR 3" as an example.
Notice: You need to replace the PS3 true blue eboot for the V3.60+ games before you play the games.
It means you need to download the both FEAR 3 game file and also F.E.A.R.3_EBOOT_PATCH_TB_ PS3-PARADOX if you dont do this step,the screen will freeze and change black. ok i have downloaded those files and also have patched it, let's go.
- Before you power on the PS3, just insert the PS3 True Blue and the your game HDD.
- Login Multiman and find the FEAR3
- Press X to login the game
- It will take you back to XMB
- Go to "app_home/PS3_GAME/" and click it to play FEAR3
- Done, congratulations!
Finally, below is a video of a True Blue (JB2) freezing issue that occurs on TB JB2 2.3, Rebug CFW TB and with Rebug Update 0.2 according to
asdeburn via YouTube and a follow-up and a video detailing how to replace the PS3 True Blue Eboot files for PS3 3.60+ games alongside PS3 True Blue Playing FEAR 3 on v3.55 Firmware.
I will offering dual booting mods for ps3 nands. I will do this by soldering in two more nands. Thanks....
thats a pretty please i'm bored and need something to do thanx to the good ol community lol.
do i need a tb dongle to do this?
Example
scetool -i tb_eboot.bin
• ELF64 Header:
Program Headers Offset 0x0000000000000040
Section Headers Offset 0x00000000017EC228
Then we know the section headers start at 0x17EC228
Last section STRTAB:
• ELF64 Section Headers:
Idx Name Type Flags Address Offset Size ES Align LK
029 0001 STRTAB --- 00000000 017EC0F7 0000012C 0000 00000001 000
So elf ends at 0x17EC0F7 + 0x12C. We add padding to 0x17EC228, and insert clean elf64 section headerd dump from original eboot.bin, right? Or does this dump ELF+section headers+some extra stuff we can cut off?
Anybody care to post a dumped elf (raw, with this tool) so i can look at it?
Download: http://www.filefactory.com/file/1mxrnsbnysb/n/TB_ELF_Dumper.zip / http://www.2shared.com/file/elOEAmgg/TB_ELF_Dumper.html (Mirror) / http://www.mediafire.com/?htg9apb38sxcw9t (Mirror #2) / http://www61.zippyshare.com/v/32707610/file.html (Mirror #3) / http://www.gamefront.com/files/22169441/tbed.zip (Mirror #4) / http://www.mediafire.com/?p2o498r20ep5vic (Mirror #5) / http://cvfzpr.1fichier.com/en/ (Mirror #6) / http://pastie.org/pastes/4582351/text?key=7hrn1g60zcqp0qkmcvq0q / http://pastebin.com/zw6mFauf (Mirror) / http://www.multiupload.nl/H5XU4KMIUD (DUMPEDBOOT.bin and DUMPEDBOOT1.bin) by arnes_king / http://rghost.net/40005638 by gibson25 / http://www.mediafire.com/file/i11zafxgz4caz3j/np_trp_prx.rar (np_trp_prx.rar) / http://uploadmirrors.com/download/1AUM1GKM/np_trp_prx.rar (Mirror) / http://www.uploadmirrors.com/download/1IPWSYTT/DUMPEDBOOT.zip by mellss
Tested on:
• Original 355 -> ok
• True Blue CFW v2 -> ok
• ...
There are some bugs (size of dump ...) but it works. It's ELF dumper from memory and it work with True Blue cfw v2 and any 3.55 firmware because it doesn't use lv2 peek/poke.
Warning: It will not brick your ps3. But I am not responsible for any damage.
HOWTO:
• Enable dev_blind with multiman
• copy libsysutil_np_trophy.sprx from /dev_blind/sys/external/external to dev_hdd0/ and rename it "orignal_libsysutil_np_trophy.sprx"
• copy my modified "libsysutil_np_trophy.sprx" to /dev_blind/sys/external/
• load a True blue game from multiman
• exit multiman
• run your game
• wait few minutes (if you get black screen after 3 minutes reboot ps3)
• exit game
• go to ftp
• in dev_hdd0/ there are your decrypted DUMPEDBOOT.bin
• copy and rename it with another name.
Howto uninstall patch - Two ways:
• You could uninstall this patch by replacing modified libsysutil_np_trophy.sprx by orginal libsysutil_np_trophy.sprx
• Or update in recovery mode
Thanks to: Ps3dev
Brief Guide:
1 - Install TB ELF Dumper first as stated in its readme file.
2 - Start Multiman, it will make a dump of multiman eboots, so you must delete it first by browsing to dev_hdd0 then delete all DUMPEDEBOOT.BIN files you found there.
3 - Back to multiman game selection then select any TB game then launch it.
4 - Start the game from XMB then wait for some times until game start.
5 - Exit game now then start multiman again then browse to dev_hdd0 and now you must found a decrypted game dump.
From PlayStation 3 developer deank (via pastebin.com/avcM5iuU) comes a revision as follows:
Download: http://www.mediafire.com/file/i11zafxgz4caz3j/np_trp_prx.rar (np_trp_prx.rar) / http://uploadmirrors.com/download/1AUM1GKM/np_trp_prx.rar (Mirror)
[code]
// Author: Shadoxi
// Modified:
// Backup the original /dev_flash/sys/external/libsysutil_np_trophy.sprx to /dev_hdd0
// Replace /dev_blind/sys/external/libsysutil_np_trophy.sprx by this sprx
#include
#include
#include
#include
#include
#include
#include
#include
SYS_MODULE_INFO (sceNpTrophyhook, 0, 1, 0 );
SYS_MODULE_START( _start );
SYS_MODULE_STOP ( _stop );
SYS_LIB_DECLARE( sceNpTrophyhook, SYS_LIB_AUTO_EXPORT | SYS_LIB_WEAK_IMPORT );
SYS_LIB_EXPORT ( loader_sprx, sceNpTrophyhook );
int _start(void);
int _stop(void);
void DumpELF_Payload(void);
void loader_sprx(const char* PATH_PRX);
static void write_message (char const * message)
{
unsigned int write_length;
char const * end;
for (end = message; *end != '\0'; ++end);
sys_tty_write(SYS_TTYP_PPU_STDERR, message,end - message, &write_length);
}
void DumpELF_Payload(void)
{
write_message("Dumping ELF from RAM...\n");
int fd;
uint64_t nread;
uint64_t ptr= 0x00010000ULL; //ELF offset in RAM;
uint64_t sizeelf = 35*1024*1024; //Need a way to get size of ELF
char dump_path[30]="/dev_hdd0/RAMDUMP-00.BIN";
for(uint8_t i=0; i