79w ago - Following up on the
True Blue PS3 JB2 v2.2 Payload, today PlayStation 3 developers on the Wiki (linked above) have started a preliminary Q&A work-in-progress for hacking the True Blue (TB) PS3 JailBreak 2 (JB2) USB dongle.
To clarify the initial reports, after examining the
PS3 JailBreak 2 (JB2) / True Blue (TB) CFW PARADOX Game Releases they now state the EBOOT used on the True Blue (TB) released 3.6+ PS3 games are not a Debug ones. Below is the complete text thus far, as follows:
True Blue (TB) PS3 JailBreak 2 (JB2) Q&A
Q: Is this possible on other dongles from the FW3.41 days like Blackcat and Teensy?
A: Dongles are bad and obsolete, mkay
(once you have the key/algo, you don't need any dongle at all)
Q: Are they (TB team) just stealing the dev eboots?
A: First we thought that too but today the first TB game was released
Dirt 3 and it's working and it
isn't a dev eboot so it maybe is really worth something so it's time to search why and how to use it.
You can only rumor which source they use to resign the content to lock-in their DRM. But ofcourse those very same DRM-less files can be resigned for 3.55 too (as has been done numerous times in the past). Piracy is bad, but pirates using DRM to make sure they get the money and not genuine developers is even worse (especially when they lock you into a single firmware that has even less to offer than generic MFW and makes you loose OtherOS++ too).
It seems the ps3jb2 loads
masterdiscs with
fself, with the algo provided and the
right key (which is not provided) you can
decrypt said
masterdiscs images right on pc and grab the fself files.
[an0nym0us] TB is just a clone, blame cobra
[walsid] TB is a clone?
[an0nym0us] yes, its a clone of the cobra dongle
[an0nym0us] I really enjoy saying that ... especially since it is true
[an0nym0us] look at the lv2_kernel.self for cobra pup and tb pup
[an0nym0us] Its the same hook with different "payloads" at 0x80000000007f0000
[an0nym0us] so either cobra decided to "update" without "updating" the existing dongles, or they just wanted more money from you pir8s
// do crypt
unsigned char sector_key[16];
memset(sector_key, 0, 16);
sector_key[12] = (sector_num & 0xFF000000)>>24;
sector_key[13] = (sector_num & 0x00FF0000)>>16;
sector_key[14] = (sector_num & 0x0000FF00)>> 8;
sector_key[15] = (sector_num & 0x000000FF)>> 0;
// encrypt sector
aes_context aes_ctx;
aes_setkey_enc(&aes_ctx, G_DEBUG_KEY, 128);
aes_crypt_cbc(&aes_ctx, AES_ENCRYPT, aligned_size, sector_key, buff, buff);
// decrypt
aes_context aes_ctx;
aes_setkey_dec(&aes_ctx, G_DEBUG_KEY, 128);
aes_crypt_cbc(&aes_ctx, AES_DECRYPT, aligned_size, sector_key, buff, buff);
That's the algo for masterdiscs,
ps3gen dll has the static keys for masterdiscs you can also get it from
sv_iso the crappy
sdk tool that generates masterdisc images for dex.
Files to strip:
rootfolder, LICDIR + content, TROPDIR + content, USRDIR (EBOOT.BIN + other signed binaries like .SPRX, .sdat)
example (portal_2_BLUS30732) :
|-- ICON0.PNG
|-- LICDIR
| `-- LIC.DAT
|-- PARAM.SFO
|-- PIC0.PNG
|-- PIC1.PNG
|-- PIC2.PNG
|-- PS3LOGO.DAT
|-- SND0.AT3
|-- TROPDIR
| `-- NPWR01719_00
| `-- TROPHY.TRP
`-- USRDIR
|-- EBOOT.BIN
|-- bin
| |-- datacache_ps3.sprx
| |-- engine_ps3.sprx
| |-- filesystem_stdio_ps3.sprx
| |-- inputsystem_ps3.sprx
| |-- launcher_ps3.sprx
| |-- localize_ps3.sprx
| |-- materialsystem_ps3.sprx
| |-- scenefilecache_ps3.sprx
| |-- soundemittersystem_ps3.sprx
| |-- steam_api_ps3.sprx
| |-- steam_config.sdat
| |-- steam_resources.sdat
| |-- steamclient_ps3.sprx
| |-- studiorender_ps3.sprx
| |-- tier0_ps3.sprx
| |-- vgui2_ps3.sprx
| |-- vguimatsurface_ps3.sprx
| |-- vjobs_ps3.sprx
| |-- vphysics_ps3.sprx
| |-- vscript_ps3.sprx
| `-- vstdlib_ps3.sprx
`-- portal2
`-- bin
|-- client_ps3.sprx
|-- matchmaking_ps3.sprx
`-- server_ps3.sprx More talk:
Folks I looked a little more and it seems the psjb2 just runs masterdiscs with fself, kinda lame. very lame. npdrm encrypted but labeled as fself, it's an fself but I dunno what it does, I never looked at it. I don't really care on doing more if you use the masterdisc algo I provided and the proper key which I am not supplying you can decrypt all the psjb2 disc images right on pc, grab the fself and use them to run them on a regular 3.55 fw.
Basically security == LAME, still interesting to see how they patched the firmware to allow masterdiscs, they also do some auth with the dongle which involves crypto to make sure the firmware does not load without it, but if you don't need the firmware to load the games... they could have added some extra keys in appldr and encrypted the damn eboots at least. I guess they didn't have enough time or enough spu skills
Regarding FSELF from "
RikuKH3":
Real FSELFs are never encrypted. You can extract it with official unfself tool from SDK. But, in this FSELF I looked into (driver sf) ELF inside IS encrypted. You can say this because it's masterdisc fself, but I really doubt it. It doesn't look like a proper fself to me at all, in header it says that sections unecrypted, but it's not true. Another thing - Masterdisc Generator tool from Sony gives errors with this EBOOT (if it's a masterdisc eboot as stated, why?).
More details will be posted as they become available, and below is another PS3 JailBreak 2 (True Blue) HDD Review video from
MrDjbubba2002, one of Batman Arkham City with the True Blue PS3 JB2 dongle from
leksetengah and True Blue booting NFS The Run on PS3 CFW 3.55 from
MrSenaxx.
Finally from
TheNaughtyD (via ps3crunch.net/forum/threads/1813-Installing?p=18173#post18173) comes a few videos on installing TB CFW over Kmeaw followed and updating the TB dongle followed by replacing TB Eboots over your PS3 Backup with a guide below:
- Make sure you are on 3.55 FW or lower
- Plug your USB drive into your PC
- Create a new folder on it called "PS3" (must be in capitals without quotes)
- Inside that PS3 folder, create a new folder called "UPDATE" (must be in capitals without quotes)
- Save the file “PS3UPDAT.PUP” into the UPDATE folder on your USB storage device (this is provided by the TB team)
- Unplug the flash drive from your PC and plug into any free USB slot on your PS3
- Go to the “Settings” XMB menu, choose “System Update”
- Choose “Update via storage media”
- The USB drive will be scanned. If you get an error that no update file was found, ensure that the folder structure is correct
- Select “OK” to copy the update file to the PS3′s hard disk
- Wait for the file to be copied and the PS3 should reboot automatically (leave the USB drive plugged in during this phase)
- When the PS3 has started up again you should be presented with a screen showing the version of the system software ready to install. Press the PS button
- Wait for the “Checking for update data” to complete
- Accept the user agreement
- Press X button to confirm the installation
- The update will be installed and the PS3 should be rebooted!
- Now transfer TrueBlueUpdate-2.2.pkg file to the root of your flash drive on your pc and plug it in your ps3 console
- Open Install Package Files and install the TrueBlueUpdate-2.2.pkg file
- At this point make sure nothing is plugged in the ps3's usb ports
- Open PlayStation folder and run the True Blue Updater
- Follow the on screen instructions to complete the dongle update
DLC for BLUS30778 :
The Elder Scrolls V Skyrim - Dragonborn
http://zeus.dl.playstation.net/cdn/UP1003/BLUS30778_00/bShuIaxVWkGUfBiOxikxdBCBHMNZFzl...
As always, if TB makers decided to do it all over again with new hardware to support their new security system, a lot of existing TB users will be pissed off for sure.
They won't quit the scene so easily.
i'm very confused on what happened to them and why they are very quiet...