To quote (via Wololo): You might remember the psp2ps3 tools, and all the excitement a few weeks ago around a recent hack breakthrough that allows people to run psp isos (and, potentially, homebrews) on a hacked PS3, by “camouflaging” the game inside a PSP Mini.
Although people believed this trick was reserved to PS3s running a Custom Firmware, this might become an incorrect statement very soon…
I was contacted by scene member CapetLeVrai who apparently found a way to run those PSP ISOs on a non hacked PS3 running the latest official firmware 4.41.
The current technique will probably not blow your mind for now, as it requires you to own both a hacked and a non hacked PS3, but it could open huge opportunities in the near future if the right people decide to look into that. The basic idea is that after being installed on a CFW PS3, the ISO can be transferred to the OFW PS3 through the integrated Data Transfer Utility, and will still run perfectly fine.
How It Works
The PS3 allows you to copy data from one PS3 to another, usually when you want to transfer all your existing content in the case you bought a new PS3. This is done by connecting your two PS3s with an ethernet cable. What CapetLeVrai did, which sounds simple enough but appears to work, was to install the game on his hacked PS3, then copy the entire content of his hacked PS3 to the OFW one with the Data Transfer Utility, and the hacked iso then simply accepted to run on the OFW PS3.
Please note I haven’t confirmed myself because I’m beyond lazy and don’t want to lose my OFW PS3′s content (copying from your hacked PS3 to your unhacked PS3 will erase the previous content!) but from what I can tell this is legit.
Now, why would it be interesting if this requires a hacked PS3 in the first place? Well, it shows that once installed, the game seems to be able to bypass the standard DRM security checks on OFW that should prevent it from running in the first place. Or, rather, that the hack perfectly tricked the OFW PS3 into believing the game was legally acquired. Which means that if people had a way to run a package installer on official firmware PS3s, there could be a way to install and run psp isos (and, who knows, PSP homebrews) on the latest PS3 Official firmware.
Is it far fetched? Probably. But exciting? Definitely. Enjoy the video, in French. If you are able to confirm this and post a video on your own, please do credit CapetLeVrai for this discovery, as, as far as I know, nobody else had found that (at least publicly) before him.
From the video's caption: This vulnerability requires a PS3 CFW at least able to install the file. Pkg
I am not a hacker, at least I do not code and I do not claim to be a pirate, I am interested in this field and I put it gradually but I'm still far from finding and exploiting real flaws, this video aims to acquaint developers much more qualified than I am to try to find a solution for users who want to enjoy their PSP games on PS3 OFW (Official FirmWare) or via a possible HEN CFW (as I know KaKaRoToKs found a flaw like this...
For console users DEX (formal or via CFW whatever) who want to transfer data on a console OFW:
System mode: Normal
XMB Operation Mode: CEX
Debug Menu Type: CEX QA
LV2 Kernel: CEX
Target Type: CEX
Hello World PSPHomebrew on PS3 By Harryoke
PSP Homebrew on PS3 By Xerpi (YA2D with Controls) Tested by Harryoke
This thank you very much for watching the video, if you are interested in PlayStation hack let me know in the comments I will make a small series of video to tell you all this technical vocabulary that ultimately is not that complicated!
Finally, from samson: Also i found the kurok source files (bladebattles.com/kurok/files/), harryoke you was asking for sources Wavegen pspsdk sample:
No screen output (because its suffers the same problem as gta games) but audio and controller work, X to change wave form, push joystick up for higher frequency and down for lower frequency. do not have volume too high before starting, enjoy.
Update: From xxmcvapourxx: KIRK 13 ECDSA
Guys, After months of researching and alot of studying on security this might help other devs.
Let me explain: LV2_kernal.elf hold's the public key underneath holds the ECDSA curve.
E6 79 2E 44 6C EB A2 7B CA DF 37 4B 99 50 4F D8 E8 0A DF EB 00 00 00 00 3E 66 DE 73 FF E5 8D 32 91 22 1C 65 01 8C 03 8D 38 22 C3 C9 <--- this is public key to lv2_Kernal.elf
A6 8B ED C3 34 18 02 9C 1D 3C E3 3B 9A 32 1F CC BB 9E 0F 0B = B
ECDSA Curve: D9 AA EB 60 54 30 7F C0 FB 48 8B 15 AE 11 B5 58 C7 5F C8 A3 00 00 00 00 EC 49 07 E1 29 C5 B5 CD 38 6D 94 D8 23 18 B9 D5 58 77 7C 5A 62 7C B1 80 8A B9 38 E3 2C 8C 09 17 08 72 6A 57 9E 25 86 E4
p = FFFFFFFFFFFFFFFF00000001FFFFFFFFFFFFFFFF
Elliptic Curve Math formula : with NP points on the curve
p = FFFFFFFFFFFFFFFF00000001FFFFFFFFFFFFFFFF
memcpy(buffer, multiplier, 0x14);
memcpy(buffer+0x14, pointx, 0x14);
memcpy(buffer+0x28, pointy, 0x14);
The result is a new point(x and y are each 0x14 bytes long).
To test this, you can call 0xC service and copy the first 0x14 bytes to a new buffer, then copy the Gx and Gy values after that. Calling 0xD with the new buffer will return the values of x and y that were generated by the 0xC call.
This has been updated in wiki euss had kindly confirmed and helped me. This does not lead getting private keys but its usefully for other devs.
That is a decrypted self found inside emulator_drm.sprx in pspemu. You can look at the keys starting at offset 0x19EA0 from there until 0x19F80 you have kirk cmd 4/7 keys (already documented in libkirk) On offset 0x1A060 you have the section 0x6 keyseed and below it, some ecdsa stuff (the seed is already documented in seeds page, the ecdsa stuff however, isn't) This is for filling up the keys page. it's also good to have a look at.
PS: You can only find the seed on later firmwares. 3.55 and below firmwares do not have that seed.
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
Hi, first post, I am having trouble here. I have many legally owned psp games. I am trying with several different programs to convert 4 to play on my ps3. it has cfw kmeaw 3.55. I am trying to convert aliens vs predator requiem, dead head fred, infected, and 3rd birthday.
I get the pkg created, and installed fine. the games come up. however, when the games try to save a profile, it cant. dead head fred played fine but wouldnt save, avp wouldnt save a profile and find one to load, I havent gotten any further. seems like the game isnt redirecting the saves to the hard drive. can someone please help?
Following up on their previous revision, Italian PlayStation 3 developer Francesco Lanzilotta at BiteYourConsole has updated the PSP Minis on PS3 application dubbed PSPMinis / PS3Minis / Bite to version 1.5.1 with the changes outlined below.
To quote, roughly translated: Bite H&E 1.5.1 Released
After a week, we at BiteYourConsole.net we release a new version of Bite that today comes to version 1.5.1. Bite h&e, this is the name of the new version which is for homebrew, emulation & why we decided to integrate three of the most popular emulators of the scene.
The three emulators are the famous PPSSPP of the PSP, which boasts numerous titles, the ePSXe regarding the PSOne and PlayStation 2 emulator, PCSX2.
Attention: the emulator ePSXe and PCSX2 BiOS need to operate, the bios for these emulators is owned by sony, unfortunately we cannot provide support on copyrighted material.
We wanted to totally change the menus, which as you can see from the pictures they approach remarkably in similarity to the XMB (XrossMediaBar), the graphical user interface developed by Sony.
The Homebrew section now is invoked by an external application that is easier in targeted projects.
Improved graphics from Flash, total compatibility on almost all operating systems.
Added three home sony psp emulators, psone and pstwo.
Added Bite, prompt new external program to develop homebrew for our ps3.
Fixed several minor bugs of the previous version.
By clicking the Home button will return to the main menu
By clicking the circle next to the musical note pkg files possibly created will be moved to a folder called fact PKG from where they can be easily copied.
By clicking on the minus key will delete all temporary files that the program creates at the moment of conversion.
Finally, below is BiteYourFirmware - The Ultimate PS3 Custom Firmware Collection also from them with details as follows, roughly translated:
Today we decided to release the first collection of custom firmware for our beloved ps3, never search the Web, usenet and immediately ready to be installed on the console.
The program begins by giving us a nice video presentation with just claims of our blog, a way to repay us for the long time spent in execution.
The various custom firmware will be presented along with their code md5 (Message Digest algorithm 5, which means this is a cryptographic hashing algorithm) which have been checked thoroughly.
There are 12 of the most famous are the classic custom firmware kmeaw, the more secure and stable Rogero, but also the Rebug for the most geeks, in short, a fine collection of custom firmware to always keep on hand in order to avoid long searches.
Download directly without waiting.
Extract the contents and copy the PS3 folder on the stick, immediately ready for installation you have to do.