108w ago - Following up on the True Blue PS3 JB2 v2.2 Payload, today PlayStation 3 developers on the Wiki (linked above) have started a preliminary Q&A work-in-progress for hacking the True Blue (TB) PS3 JailBreak 2 (JB2) USB dongle.
Q: Is this possible on other dongles from the FW3.41 days like Blackcat and Teensy?
A: Dongles are bad and obsolete, mkay (once you have the key/algo, you don't need any dongle at all)
Q: Are they (TB team) just stealing the dev eboots?
A: First we thought that too but today the first TB game was released Dirt 3 and it's working and it isn't a dev eboot so it maybe is really worth something so it's time to search why and how to use it.
You can only rumor which source they use to resign the content to lock-in their DRM. But ofcourse those very same DRM-less files can be resigned for 3.55 too (as has been done numerous times in the past). Piracy is bad, but pirates using DRM to make sure they get the money and not genuine developers is even worse (especially when they lock you into a single firmware that has even less to offer than generic MFW and makes you loose OtherOS++ too).
It seems the ps3jb2 loads masterdiscs with fself, with the algo provided and the right key (which is not provided) you can decrypt said masterdiscs images right on pc and grab the fself files.
[an0nym0us] TB is just a clone, blame cobra
[walsid] TB is a clone?
[an0nym0us] yes, its a clone of the cobra dongle
[an0nym0us] I really enjoy saying that ... especially since it is true
[an0nym0us] look at the lv2_kernel.self for cobra pup and tb pup
[an0nym0us] Its the same hook with different "payloads" at 0x80000000007f0000
[an0nym0us] so either cobra decided to "update" without "updating" the existing dongles, or they just wanted more money from you pir8s
Folks I looked a little more and it seems the psjb2 just runs masterdiscs with fself, kinda lame. very lame. npdrm encrypted but labeled as fself, it's an fself but I dunno what it does, I never looked at it. I don't really care on doing more if you use the masterdisc algo I provided and the proper key which I am not supplying you can decrypt all the psjb2 disc images right on pc, grab the fself and use them to run them on a regular 3.55 fw.
Basically security == LAME, still interesting to see how they patched the firmware to allow masterdiscs, they also do some auth with the dongle which involves crypto to make sure the firmware does not load without it, but if you don't need the firmware to load the games... they could have added some extra keys in appldr and encrypted the damn eboots at least. I guess they didn't have enough time or enough spu skills
Regarding FSELF from "RikuKH3":
Real FSELFs are never encrypted. You can extract it with official unfself tool from SDK. But, in this FSELF I looked into (driver sf) ELF inside IS encrypted. You can say this because it's masterdisc fself, but I really doubt it. It doesn't look like a proper fself to me at all, in header it says that sections unecrypted, but it's not true. Another thing - Masterdisc Generator tool from Sony gives errors with this EBOOT (if it's a masterdisc eboot as stated, why?).
More details will be posted as they become available, and below is another PS3 JailBreak 2 (True Blue) HDD Review video from MrDjbubba2002, one of Batman Arkham City with the True Blue PS3 JB2 dongle from leksetengah and True Blue booting NFS The Run on PS3 CFW 3.55 from MrSenaxx.
Finally from TheNaughtyD (via ps3crunch.net/forum/threads/1813-Installing?p=18173#post18173) comes a few videos on installing TB CFW over Kmeaw followed and updating the TB dongle followed by replacing TB Eboots over your PS3 Backup with a guide below:
Make sure you are on 3.55 FW or lower
Plug your USB drive into your PC
Create a new folder on it called "PS3" (must be in capitals without quotes)
Inside that PS3 folder, create a new folder called "UPDATE" (must be in capitals without quotes)
Save the file “PS3UPDAT.PUP” into the UPDATE folder on your USB storage device (this is provided by the TB team)
Unplug the flash drive from your PC and plug into any free USB slot on your PS3
Go to the “Settings” XMB menu, choose “System Update”
Choose “Update via storage media”
The USB drive will be scanned. If you get an error that no update file was found, ensure that the folder structure is correct
Select “OK” to copy the update file to the PS3′s hard disk
Wait for the file to be copied and the PS3 should reboot automatically (leave the USB drive plugged in during this phase)
When the PS3 has started up again you should be presented with a screen showing the version of the system software ready to install. Press the PS button
Wait for the “Checking for update data” to complete
Accept the user agreement
Press X button to confirm the installation
The update will be installed and the PS3 should be rebooted!
Now transfer TrueBlueUpdate-2.2.pkg file to the root of your flash drive on your pc and plug it in your ps3 console
Open Install Package Files and install the TrueBlueUpdate-2.2.pkg file
At this point make sure nothing is plugged in the ps3's usb ports
Open PlayStation folder and run the True Blue Updater
Follow the on screen instructions to complete the dongle update
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
i have a true blue will do my best to get a dump for you to proceed where we were stuck for a long time but no it seems like we are going uphill again thanks shadoxi for starting this elf dumper , amazing work cheers triple thumbs up
Then we know the section headers start at 0x17EC228
Last section STRTAB:
ELF64 Section Headers:
Idx Name Type Flags Address Offset Size ES Align LK
029 0001 STRTAB --- 00000000 017EC0F7 0000012C 0000 00000001 000
So elf ends at 0x17EC0F7 + 0x12C. We add padding to 0x17EC228, and insert clean elf64 section headerd dump from original eboot.bin, right? Or does this dump ELF+section headers+some extra stuff we can cut off?
Anybody care to post a dumped elf (raw, with this tool) so i can look at it?
Following up on the previous update, today I am releasing my True Blue USB dongle PS3 ELF dumper which works with any PlayStation 3 Firmware greater than 3.56 to dump the encrypted TB EBOOT / ELF files once they are loaded.
Original 355 -> ok
True Blue CFW v2 -> ok
There are some bugs (size of dump ...) but it works. It's ELF dumper from memory and it work with True Blue cfw v2 and any 3.55 firmware because it doesn't use lv2 peek/poke.
Warning: It will not brick your ps3. But I am not responsible for any damage.
Enable dev_blind with multiman
copy libsysutil_np_trophy.sprx from /dev_blind/sys/external/external to dev_hdd0/ and rename it "orignal_libsysutil_np_trophy.sprx"
copy my modified "libsysutil_np_trophy.sprx" to /dev_blind/sys/external/
load a True blue game from multiman
run your game
wait few minutes (if you get black screen after 3 minutes reboot ps3)
go to ftp
in dev_hdd0/ there are your decrypted DUMPEDBOOT.bin
copy and rename it with another name.
Howto uninstall patch - Two ways:
You could uninstall this patch by replacing modified libsysutil_np_trophy.sprx by orginal libsysutil_np_trophy.sprx
Or update in recovery mode
Thanks to: Ps3dev
1 - Install TB ELF Dumper first as stated in its readme file.
2 - Start Multiman, it will make a dump of multiman eboots, so you must delete it first by browsing to dev_hdd0 then delete all DUMPEDEBOOT.BIN files you found there.
3 - Back to multiman game selection then select any TB game then launch it.
4 - Start the game from XMB then wait for some times until game start.
5 - Exit game now then start multiman again then browse to dev_hdd0 and now you must found a decrypted game dump.
From PlayStation 3 developer deank (via pastebin.com/avcM5iuU) comes a revision as follows:
write_message("Dumping ELF from RAM...\n");
uint64_t ptr= 0x00010000ULL; //ELF offset in RAM;
uint64_t sizeelf = 35*1024*1024; //Need a way to get size of ELF
for(uint8_t i=0; i