True Blue (TB) and Cobra PS3 JB2 DRM Dongle Payloads WIP

Category: PS3 Hacks & JailBreak By: mellss - (ps3news.com)
Tags: true blue ps3 trueblue ps3 tb ps3 cobra ps3 ps3 jb2 ps3 drm dongles ps3 payloads

65w ago - Following up on the previous True Blue (TB) PS3 JailBreak 2 (JB2) DRM-infected dongle news comes a WIP update from Shadoxi on dumping and decrypting the TB and Cobra payloads below, as follows:

Download: TB / Cobra Payloads (2.84 MB) / TB / Cobra Payloads (2.84 MB - Mirror) / TB / Cobra Payloads (2.84 MB - Mirror) / PS3 True Blue MFW (172.19 MB)

I have figured out where the payload is located of the TB and Cobra dongles. You can find it at offset @360000 in lv2_kernel and 7f0000 in PS3 memory. According to the PS3 Developer Wiki (ps3devwiki.com/index.php/ReDRM_/_Piracy_dongles) the LV2 dump payload at 0x7f0000 has also been decrypted @ LV2 dump 0x7f0000 (pastebin.com/3VG76HQs)

Drag and drop payload in IDA and load it in Binary file mode, Processor type PPC.Press "C" to convert in ASM code.

First of all you need to edit the header of lv2_kernel.self (from CFW TrueBlue) at offset 0x1D, replace 36 1A 00 by 4C FC F0. And decrypt it with unself tool from fail0verflow. Open lv2_kernel.elf with IDA Pro (in binary file mode), go to offset 360000 and press "C" to convert to asm code.

TrueBlue use some HVCALL:

lv1_insert_htab_entry
lv1_undocumented_function_114
lv1_undocumented_function_115
lv1_allocate_device_dma_region
lv1_map_device_dma_region
lv1_net_start_tx_dma
lv1_net_control
lv1_panic (shutdown ps3 when TB is unplugged)

This payload do some HVCALL:

lv1_insert_htab_entry (map lv1)
lv1_allocate_device_dma_region (?)
lv1_map_device_dma_region (?)
lv1_net_start_tx_dma (?)
lv1_net_control (?)
lv1_panic (shutdown ps3 when TrueBlue dongle is unplugged)
lv1_undocumented_function_114 (map lv1)
lv1_undocumented_function_115 (unmap lv1)

We needed to dump lv2 and lv1 memory when the dongle is plugged in, so I created a modified TB CFW with peek and poke syscall. It works fine !

Finally, from the MFW_TrueBLue.zip ReadMe file: Warning this mfw can brick your dongle !!!

First install PS3PEEKTEST.pkg
Install MFW TrueBlue firmware in recovery mode
Start ps3peektest

If Peek Result is equal to 10 and true blue light is green -> work.

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

860 Comments - Go to Forum Thread »

#855 - mellss - 38w ago

Here are the dumped files from fifa 12:

http://uploadmirrors.com/download/1IPWSYTT/DUMPEDBOOT.zip

-dumpedboot.bin -> decrypt EBOOT.bin fifa 953 ko (original eboot 68 ko)
-dumpedboot1.bin -> decrypt fifazf.elf 25 mo (original self 35 mo)

It work fine, just let it to dump all memory (until hdd led is off)

we have to increase size of dump uint64_t sizeelf = 25*1024*1024 ; -> uint64_t sizeelf = 35*1024*1024 ;

#854 - StanSmith - 38w ago

Again, I have the 2 files. What do I do now? They aren't the eboot as they are both too small. Does this just dump memory or decrypt the eboot? I dont understand what its supposed to do and why its so good?

BTW Here are the dumped files from TC Ghost Recon Future Soldier.

http://www.mediafire.com/?wme9qnnmifabmyw

#853 - technodon - 38w ago

woah, this is great! wondering if it would be possible to make this a fself so it runs on debug 4.20 then you could boot a game and get a .elf

#852 - StanSmith - 38w ago

So I used this and dumped 2 files from Ghost Recon FS. Now what?

They aren't near the size of the eboot.bin so what are they good for?

#851 - Brenza - 38w ago

You shouldn't have released it... now they'll fix the exploit! >.>

Page 2 of 172 «‹123 4 5 6 7 8 9 ›LAST »

Related PS3 News and PS3 CFW Hacks or JailBreak Articles

• PSPMinis / PS3Minis / Bite v1.5.1 Update for PS3 is Now Released
• PS3 Fan Control Utility v1.7 for PS3 CFW CEX 3.41 to 4.41 Arrives
• PSPMinis / PS3Minis / Bite v1.5 for PS3 with PSP Homebrew Support
• PS3 Fan Control Utility v1.6 for PS3 CFW CEX 3.41 to 4.40 Arrives
• OpenSCETool (OSCETool) v0.9.2 By SpacemanSpiff for PS3 is Released
• PUAD GUI v1.5 - PS3 PUP Unpacker, Repacker and Decrypter Out

PlayStation 3 Links
• Contact Us E-Mail
• PS3 Affiliates
• PS3 CFW & MFW
• PS3 Debug Firmware
• PS3 Decrypted PSN Links for CFW
• PS3 Downloads
• PS3 EBOOT.BIN Original File Links
• PS3 Firmware
• PS3 Game Releases List
• PS3 Guides & Tutorials
• PS3 Hacking Guides and Tutorials
• PS3 Hacks & JailBreak
• PS3 Help & Support
• PS3 JailBreak Game Compatibility List
• PS3 JB2 / True Blue (TB) Game Links
• PS3 multiMAN Updates
• PS3 News Forums
• PS3 News Site FAQ
• PS3 News Site Advertising FAQ
• PS3 News Site Posting FAQ
• PS3 News Site Privacy FAQ
• PS3 News Site Rules
• PS3 News Site Tag Cloud
• PS3 News Site Terms
• PS3 Resources
• PS3 Reviews
• PS3 Save Files Repository
• PS3 Themes
• PS3 Trophies List
• PS3 Videos
• PS Vita Trophies List

PlayStation 3 News Discussions

PS3 questions, been out of the loop help? - 8m ago

Well this is no good. I tried installing Rebug D-Rex 4.30.2 but kept getting an error that it's corrupt from the main update screen and from the recov...

By Neo Cyrus with

5 Comments »

The Yes/No question thread - 3h ago

Yes. Do you need the eSATA station to downgrade a "phat" PS3?...

By Lurker with

2048 Comments »

Introductions: Hello Everyone, I'm New at PS3News.com! - 3h ago

Hello brothers and sisters, slim 160gb rebug 3.55.1 working great....

By kamikasear with

6991 Comments »

PS3 Fan Control Utility v0.3 for 4.31 and 4.40 CFW CEX is Released - 4h ago

So...what are the actual benefits of using this utility other than maintaining the PS3 at a reasonable temperature? I ask since there are posts here s...

By Lurker with

19 Comments »

Latest PlayStation 3 Trophies