107w ago - Following up on the True Blue PS3 JB2 v2.2 Payload, today PlayStation 3 developers on the Wiki (linked above) have started a preliminary Q&A work-in-progress for hacking the True Blue (TB) PS3 JailBreak 2 (JB2) USB dongle.
Q: Is this possible on other dongles from the FW3.41 days like Blackcat and Teensy?
A: Dongles are bad and obsolete, mkay (once you have the key/algo, you don't need any dongle at all)
Q: Are they (TB team) just stealing the dev eboots?
A: First we thought that too but today the first TB game was released Dirt 3 and it's working and it isn't a dev eboot so it maybe is really worth something so it's time to search why and how to use it.
You can only rumor which source they use to resign the content to lock-in their DRM. But ofcourse those very same DRM-less files can be resigned for 3.55 too (as has been done numerous times in the past). Piracy is bad, but pirates using DRM to make sure they get the money and not genuine developers is even worse (especially when they lock you into a single firmware that has even less to offer than generic MFW and makes you loose OtherOS++ too).
It seems the ps3jb2 loads masterdiscs with fself, with the algo provided and the right key (which is not provided) you can decrypt said masterdiscs images right on pc and grab the fself files.
[an0nym0us] TB is just a clone, blame cobra
[walsid] TB is a clone?
[an0nym0us] yes, its a clone of the cobra dongle
[an0nym0us] I really enjoy saying that ... especially since it is true
[an0nym0us] look at the lv2_kernel.self for cobra pup and tb pup
[an0nym0us] Its the same hook with different "payloads" at 0x80000000007f0000
[an0nym0us] so either cobra decided to "update" without "updating" the existing dongles, or they just wanted more money from you pir8s
Folks I looked a little more and it seems the psjb2 just runs masterdiscs with fself, kinda lame. very lame. npdrm encrypted but labeled as fself, it's an fself but I dunno what it does, I never looked at it. I don't really care on doing more if you use the masterdisc algo I provided and the proper key which I am not supplying you can decrypt all the psjb2 disc images right on pc, grab the fself and use them to run them on a regular 3.55 fw.
Basically security == LAME, still interesting to see how they patched the firmware to allow masterdiscs, they also do some auth with the dongle which involves crypto to make sure the firmware does not load without it, but if you don't need the firmware to load the games... they could have added some extra keys in appldr and encrypted the damn eboots at least. I guess they didn't have enough time or enough spu skills
Regarding FSELF from "RikuKH3":
Real FSELFs are never encrypted. You can extract it with official unfself tool from SDK. But, in this FSELF I looked into (driver sf) ELF inside IS encrypted. You can say this because it's masterdisc fself, but I really doubt it. It doesn't look like a proper fself to me at all, in header it says that sections unecrypted, but it's not true. Another thing - Masterdisc Generator tool from Sony gives errors with this EBOOT (if it's a masterdisc eboot as stated, why?).
More details will be posted as they become available, and below is another PS3 JailBreak 2 (True Blue) HDD Review video from MrDjbubba2002, one of Batman Arkham City with the True Blue PS3 JB2 dongle from leksetengah and True Blue booting NFS The Run on PS3 CFW 3.55 from MrSenaxx.
Finally from TheNaughtyD (via ps3crunch.net/forum/threads/1813-Installing?p=18173#post18173) comes a few videos on installing TB CFW over Kmeaw followed and updating the TB dongle followed by replacing TB Eboots over your PS3 Backup with a guide below:
Make sure you are on 3.55 FW or lower
Plug your USB drive into your PC
Create a new folder on it called "PS3" (must be in capitals without quotes)
Inside that PS3 folder, create a new folder called "UPDATE" (must be in capitals without quotes)
Save the file “PS3UPDAT.PUP” into the UPDATE folder on your USB storage device (this is provided by the TB team)
Unplug the flash drive from your PC and plug into any free USB slot on your PS3
Go to the “Settings” XMB menu, choose “System Update”
Choose “Update via storage media”
The USB drive will be scanned. If you get an error that no update file was found, ensure that the folder structure is correct
Select “OK” to copy the update file to the PS3′s hard disk
Wait for the file to be copied and the PS3 should reboot automatically (leave the USB drive plugged in during this phase)
When the PS3 has started up again you should be presented with a screen showing the version of the system software ready to install. Press the PS button
Wait for the “Checking for update data” to complete
Accept the user agreement
Press X button to confirm the installation
The update will be installed and the PS3 should be rebooted!
Now transfer TrueBlueUpdate-2.2.pkg file to the root of your flash drive on your pc and plug it in your ps3 console
Open Install Package Files and install the TrueBlueUpdate-2.2.pkg file
At this point make sure nothing is plugged in the ps3's usb ports
Open PlayStation folder and run the True Blue Updater
Follow the on screen instructions to complete the dongle update
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
Recently and_fis reports that the PS3 Slim 3K series of PlayStation 3 consoles are surfacing on 3.55 Custom Firmware (CFW), leading to speculation of a new DRM-infected JailBreak Software Tanpa dongle or service from Indonesia.
To quote (via ps3crunch.net/forum/threads/5321-3K?p=58294&viewfull=1#post58294) on the (tokoteknologi.com/home/browse/25-consolemesin.html?sef=hc):
For some Indonesian rupies according to the site above you can purchase A 3K console with a Seri CFW 3.55 (RFW Version) installed! Which also comes with a JAILBREAK SOFTWARE TANPA DONGLE as they call it... If this site is real then someone has found a new exploit that allows 300X version ps3 consoles to downgrade to 3.55 cfw. They have also locked this to a new drm dongle... Let the games begin again!
Rp 3.700.000,00 or about $320 usa, for a base model 160 gb ps3
The only way this would be possiable is if they used hardware to somehow reflash the syscon. that is where the hash checks are that determine the lowest firmware you can have...or they were able to use a hardware flasher and a cfw that had all the hash checks removed.
Or changed and reflashed a cfw that the ps3 "thought" was the right firmware... IDK there is nothing on wiki about either processes
From Abkarino: I know this seller and i talked with him and have a deal 1 and half month ago, they offer me a pre-moded 3K console and they does not sell the modchip/method used to do that. Also he claim that this console uses a special modified CFW based on Rogero CFW.
Also they had used some kind of modchip/flasher to do that. Also he told me that there is a modchip under development for hacking 3K console and it must be released around this month, but till now no new news from him.
From and_fis: I found this info (lan.st/showthread.php?t=3313&page=2) from back in 2010 when 3.41 had alot of access and workings... So if it is true that syscon can be written to with a pkg BUT, it would have to be offically signed or a hardware flasher of some sorts would have to be used if a pkg could not. So in theory, it would be possiable to reflash a syscon from a factory install of 3.60 to 3.55
Thanks Abkarino I posted this at the same time you did.. So my suspicions were true about a hardware flasher.. Thank you for the info
From Abkarino: Yea may be they had found a way to reprogram Syscon EEPROM may be they had used an SPI Flasher since SysCon conect to Cell/BE using SPI Bus. I think that they had used a hardware method not a software (sure if this is legit and not a fake, until some one get this console and confirm this news).
Below is a video from dantezteam (via twitter.com/dantezteam/status/244856386469638144) demonstrating what appears to be PSN back online for PS3 3.55 TB CFW using a ppoof method.
The video shows today's date (September 9, 2012) with him downloading files from Sony's PS Store while being connected to PlayStation Network using a new PSN passphrase that has surfaced in encrypted and decrypted format (via ps3devwiki.com/wiki/Online_Connections#Online_Connections).
He is on DEX, uses FAKE PLUS and points the finger showing is ON with a CFW (according to him) 3.55 TB spoof.
In short: He bought borderlands in the video via DEX with PLUS option ON... For me is just another attemp to troll or to give some life to TB, since he says he is using CFW TB 3.55 Spoof. And in the part description he says later I will add the Web.
So he avoided so far any download link and surveys because he knows what happens next: youtube.com/user/dantezteam
From dantezteam comes a FckPSN revision by Chinese developer Luckystar (via bbs.duowan.com/thread-28656355-1-1.html): http://www.multiupload.nl/40S5UPQYVH / http://www.putlocker.com/file/E62645DA4EE9339C (Mirror) / https://anonfiles.com/file/03cb21c25efd41bda59885fd2edfca51 (Mirror #2)
Here is the upstreams and video for those interested: ustream.tv/recorded/25308408 and ustream.tv/recorded/25328218
Finally, below is what redcfw claims is a real TB2 LV2 dump for those interested:
ALL TB2LV2 DUMPs posted before were FAKE!! tb2.51 lv2 dumped on Mar 2012. folks, feel free to study it.
Today /GriFFin reports that OxweB has apparently leaked the True Blue PS3 disc BCA codes (although curiously a source wasn't specified), however, they are now conveniently deemed useless as the DRM-infected USB dongle itself.
To quote: When the True Blue dongle first launched last year, it was originally using 'special' blu-ray discs to play games, instead of just DRMencoded eboots on the HDD.
But even after all the Paradox releases, there was a few games that only were available still on 'special' blu-ray discs. Over the course of last year, various groups try to figure out how to copy these discs, as they were sadly pirate stores that wish to sell them to their customers. Finally have much research the BD-Rom marks called 'BCA Codes' were figured out so they could by copied on normal blu-ray burner.
And now an person by the name 'OxweB' has leaked them onto the 'net, as basically they are useless now, but still it is part of sad scene PS3 history!
These are BCA codes off the TB discs (the barcode on the inner part of the disc).
You to can read them off the disc yourself with a scanner or magnifying glass, they are in binary format (skinny line = 0, Fat line = 1). Binary to HEX and there you go, a code almost ready to be stamped on to a BD-R.
*Note - It's not that simple for regular retail games as there is still the PIC Zone to contend with.
**Note - I realize these aren't overly useful but it's information which is all worth it in the long run.
Finally, in related news from GoD]oF[WaR (via nextgenupdate.com/forums/playstation-3-exploits-hacks/583397-bca.html#post4685403) to quote:
I have done more research on BCA codes, they seem to be the new protection put on games, meaning with these values they can be cracked, and possibly pirated to even non-jailbroken systems.
For those unaware, BCA is the new protection utilized in newer games and with a future editor you can have the BCA codes to use with the a loader which can patch games to run without the needed keys.
There will be a patch released for each game, which is basically 64 bytes of BCA data in the form of a separate text file, that will come with the ISO file (this obviously only applies to scene releases)
IF you have access to a retail copy of the game, then you can obtain the BCA code yourself to patch the game.
Changelog, roughly translated:
New IOS 38 base. dev/mload with powerful features and EHCI driver based in interruptions and more stable
Support for DVD USB Devices: It can run only DVD backups from .iso (original don't work because DVD drivers don't support the Wii format). Remember you must insert a DVD to work at start the program.
Support for BCA datas. You can add it from .ISO offset 0x100 (64 bytes). If this area is filled with zeroes it use one BCA by default (NSMB compatible).
New ioctl 0xda function supported in dip_plugin and new option added for
DVD mode to read the BCA Datas from the original DVD
Support to load games from DVD with alternative DOL (press '2' without
USB device or press the DVD icon from the upper-right corner in the selection game screen)
Support for SD and USB FAT/FAT32: Now you can use cheats codes and loads alternative .dol from the USB 2.0 device (FAT partition is required)
Added alternative dol loader (now support for 5+ dols) for games as Red Steel and othrers (see readme.txt) , New error 002 patch and videomode autodetection patch (for PAL2NTSC, NTSC2PAL and NTSC2PAL60 (use F. PAL60 for this))
Added direct access for Dol Alternative selection
You can load differents ehcmodule.elf from sd:/apps/uloader/
Parental control added: by default the password is 00000 (the last 0 is the 'ENTER', so you can program as new password as XXXX0 ). You can change it from special menu pressing HOME. You can exits from the password box pressing B. Parental control list the last 8 games launched with date/time, enables the password box and fix a new password. Now 00000 disables the Parental Control
Support for covers (less than 200KB 160x224). You can download from internet or adquire covers from the curren tfolder in the SD automatically
Added one option to delete PNG icons/covers
Some bugs fixed (bug with no modchip game instal, for examplel)
Support for multiples WBFS partitions (max 4).
Possiblity to use the alternative cIOS 223 (only to launch games)
Added one option to rename games
Added one option to record the cheats selected from txt files
New usb code and more!
The above thread gives information on BCA codes for the Wii, which could also apply to PS3 games in the same way. Meaning these BCA codes could lead to easily pirating games on all consoles who utilize the BCA algorithm.
After further research, I am under the suspicion that these BCA codes are in fact a lead to playing pirated games (3.60+ games burned to BD/Launched via USB or external HDD - played on 3.55 WITHOUT CFW) possibly on current firmwares with a real developer at hand.
Basically these BCA codes could lead to playing these burned ISO images on 3.55 (No CFW; without 3.60+ keys) and possibly current firmwares.
The BCA codes that True Blue "leaked" are actually the codes to games that have been tested and work on 3.55 OFW. With the use of a new true blue dongle (JB2/Jailbreak2), games played off the BD without 3.60+ keys.
The games that have been tested are the ones listed below;
Driver san Fransisco
God of war Origin
Sniper ghost warrior
I load up Multiman, select Ghost Recon FS and it goes backt o XMB like normal.
I try to run GRFS and it black screens and locks up.
I reboot and load up multiman and it also black screens and locks up.
I reboot WITHOUT the dongle and it finally loads MM.
I copy the file over to the PC, convert from ELF to BIN, put it in GRFS folder.
I reboot WITH the dongle. goto MM select GRFS go back to XMB.
I run GRFS from DVD. It loads up Multiman.
I tried this 3 times and each time its the dump of Multiman NOT GRFS. And the file DOESN'T go, 00, 01, 02 etc, there is only 1 file and its 00. At least v1 gave multiple files but I couldn't get GRFS to work without the tb patched files.