To quote (via Wololo): You might remember the psp2ps3 tools, and all the excitement a few weeks ago around a recent hack breakthrough that allows people to run psp isos (and, potentially, homebrews) on a hacked PS3, by “camouflaging” the game inside a PSP Mini.
Although people believed this trick was reserved to PS3s running a Custom Firmware, this might become an incorrect statement very soon…
I was contacted by scene member CapetLeVrai who apparently found a way to run those PSP ISOs on a non hacked PS3 running the latest official firmware 4.41.
The current technique will probably not blow your mind for now, as it requires you to own both a hacked and a non hacked PS3, but it could open huge opportunities in the near future if the right people decide to look into that. The basic idea is that after being installed on a CFW PS3, the ISO can be transferred to the OFW PS3 through the integrated Data Transfer Utility, and will still run perfectly fine.
How It Works
The PS3 allows you to copy data from one PS3 to another, usually when you want to transfer all your existing content in the case you bought a new PS3. This is done by connecting your two PS3s with an ethernet cable. What CapetLeVrai did, which sounds simple enough but appears to work, was to install the game on his hacked PS3, then copy the entire content of his hacked PS3 to the OFW one with the Data Transfer Utility, and the hacked iso then simply accepted to run on the OFW PS3.
Please note I haven’t confirmed myself because I’m beyond lazy and don’t want to lose my OFW PS3′s content (copying from your hacked PS3 to your unhacked PS3 will erase the previous content!) but from what I can tell this is legit.
Now, why would it be interesting if this requires a hacked PS3 in the first place? Well, it shows that once installed, the game seems to be able to bypass the standard DRM security checks on OFW that should prevent it from running in the first place. Or, rather, that the hack perfectly tricked the OFW PS3 into believing the game was legally acquired. Which means that if people had a way to run a package installer on official firmware PS3s, there could be a way to install and run psp isos (and, who knows, PSP homebrews) on the latest PS3 Official firmware.
Is it far fetched? Probably. But exciting? Definitely. Enjoy the video, in French. If you are able to confirm this and post a video on your own, please do credit CapetLeVrai for this discovery, as, as far as I know, nobody else had found that (at least publicly) before him.
From the video's caption: This vulnerability requires a PS3 CFW at least able to install the file. Pkg
I am not a hacker, at least I do not code and I do not claim to be a pirate, I am interested in this field and I put it gradually but I'm still far from finding and exploiting real flaws, this video aims to acquaint developers much more qualified than I am to try to find a solution for users who want to enjoy their PSP games on PS3 OFW (Official FirmWare) or via a possible HEN CFW (as I know KaKaRoToKs found a flaw like this...
For console users DEX (formal or via CFW whatever) who want to transfer data on a console OFW:
System mode: Normal
XMB Operation Mode: CEX
Debug Menu Type: CEX QA
LV2 Kernel: CEX
Target Type: CEX
Hello World PSPHomebrew on PS3 By Harryoke
PSP Homebrew on PS3 By Xerpi (YA2D with Controls) Tested by Harryoke
This thank you very much for watching the video, if you are interested in PlayStation hack let me know in the comments I will make a small series of video to tell you all this technical vocabulary that ultimately is not that complicated!
Finally, from samson: Also i found the kurok source files (bladebattles.com/kurok/files/), harryoke you was asking for sources Wavegen pspsdk sample:
No screen output (because its suffers the same problem as gta games) but audio and controller work, X to change wave form, push joystick up for higher frequency and down for lower frequency. do not have volume too high before starting, enjoy.
Update: From xxmcvapourxx: KIRK 13 ECDSA
Guys, After months of researching and alot of studying on security this might help other devs.
Let me explain: LV2_kernal.elf hold's the public key underneath holds the ECDSA curve.
E6 79 2E 44 6C EB A2 7B CA DF 37 4B 99 50 4F D8 E8 0A DF EB 00 00 00 00 3E 66 DE 73 FF E5 8D 32 91 22 1C 65 01 8C 03 8D 38 22 C3 C9 <--- this is public key to lv2_Kernal.elf
A6 8B ED C3 34 18 02 9C 1D 3C E3 3B 9A 32 1F CC BB 9E 0F 0B = B
ECDSA Curve: D9 AA EB 60 54 30 7F C0 FB 48 8B 15 AE 11 B5 58 C7 5F C8 A3 00 00 00 00 EC 49 07 E1 29 C5 B5 CD 38 6D 94 D8 23 18 B9 D5 58 77 7C 5A 62 7C B1 80 8A B9 38 E3 2C 8C 09 17 08 72 6A 57 9E 25 86 E4
p = FFFFFFFFFFFFFFFF00000001FFFFFFFFFFFFFFFF
Elliptic Curve Math formula : with NP points on the curve
p = FFFFFFFFFFFFFFFF00000001FFFFFFFFFFFFFFFF
memcpy(buffer, multiplier, 0x14);
memcpy(buffer+0x14, pointx, 0x14);
memcpy(buffer+0x28, pointy, 0x14);
The result is a new point(x and y are each 0x14 bytes long).
To test this, you can call 0xC service and copy the first 0x14 bytes to a new buffer, then copy the Gx and Gy values after that. Calling 0xD with the new buffer will return the values of x and y that were generated by the 0xC call.
This has been updated in wiki euss had kindly confirmed and helped me. This does not lead getting private keys but its usefully for other devs.
That is a decrypted self found inside emulator_drm.sprx in pspemu. You can look at the keys starting at offset 0x19EA0 from there until 0x19F80 you have kirk cmd 4/7 keys (already documented in libkirk) On offset 0x1A060 you have the section 0x6 keyseed and below it, some ecdsa stuff (the seed is already documented in seeds page, the ecdsa stuff however, isn't) This is for filling up the keys page. it's also good to have a look at.
PS: You can only find the seed on later firmwares. 3.55 and below firmwares do not have that seed.
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
Following up on their previous revision, today Italian PlayStation 3 developer Francesco Lanzilotta at BiteYourConsole has updated the PSP Minis on PS3 application dubbed PSPMinis / PS3Minis / Bite to version 1.4 Extreme Edition which includes Mac support in the changes below.
To quote, roughly translated: After a very short time since our last release we have decided to release to the public a new version of our tool for Windows PCs called Bite, to version 1.4 (Extreme Edition).
The tool allows you to convert and transform your files with a simple click, and in turn transform your PSP games in PKG and launch on PS3 with CFW.
This new update adds lots of news! Now the meter will be installed from the setup, no more folders improvised, we have integrated a video player, a mp3 player, in fact clicking on the button shaped like a musical note we can load our favorite song, and many other innovations that we're going to see here followed by the changelog.
NOTE: We recommend always delete the files created by a previous session in order to avoid conflicts in the execution of various scripts.
Changelog v1.4 Bite:
Fixed some Bug
Adding new GUI
Added the readings. Mp3 files
Adding reading video files
Adding installation via setup
Added HTML Browser with direct connection to the site BiteYourConsole
Added the ability to convert ps1 backup with the program PS1toPS3
Integrated HxD Hex editor
Integrated PBP unpacker utility
1. By clicking on the select button enter the folder where the drag image files to convert and get the files processed in PKG.
2. By clicking on the start button go into the folder where Psx drag our image file to convert and get the files also processed in PKG.
3. Clicking on the button shaped like a musical note we can upload an audio file to listen waiting to convert our files.
4. The 2 buttons control the volume.
5. Clicking on this button you can load movies.
6. The home button always brings us back in the first menu.
7. With the forward and back buttons to navigate through the mini built-in browser.
8. These buttons are used to process the files PSP and PSone.
Note: * The English version for Mac is not available yet, you can use it, with http://www.winehq.org/download + http://xquartz.macosforge.org/landing/. WineBottler does not work.
Finally, in related PS3 homebrew news today PlayStation 3 developer $n!pR has made available PSP2PS3 Toolkit GUI with details below followed by a few updated revisions, as follows:
Ok so while running batch files is fun and all I decided to make my own tool. This is just an early build I've been working on which creates the basic file structure. You still need Adolstools to create the PKG file for now.
Basic how to:
Browse to ISO, the program will automatically find the CID
Enter the Title ID you want to use
Click Make Package
Right click the folder created and click Make PKG
Add option to copy media files from ISO
Add option to use EBOOT.PBP from PSN
Make PKG file
There is a conflict between multiMAN and PSP/MINI's Gameplay. When the "Enable Dynarec" is turned "ON" and multiMAN is launched, then exited and a PSP/MINI Game is then launched. It will result in a BLACK SCREEN FREEZE (no mini's logo appears).
To avoid this issue do not run multiMAN prior to a PSP/MINI game or Turn OFF the Dynarec within multiMAN setting located in the XMMB view near the bottom of the "Settings" Column. Some people may of thought some titles were unplayable via the Mini's emulator but actually were victim of this conflict so be sure you to re-check your converted games if you had this option enabled.
PSP2PS3 Toolkit v1.10 Changelog:
Copies media files from ISO by default
Make PKG file
Add option to use EBOOT.PBP from PSN
Add option to use custom media files (psn_package_npdrm requires ICON0.PNG)
PSP2PS3 Toolkit v1.20 Changelog:
Added option to use EBOOT.PBP from PSN
Added option to use custom media files
Bug fixes in PKG creation process
There was a bug in PARAM SFO Editor which has been fixed in v2.8.5
PSP2PS3 Toolkit v1.20a Changelog:
Added save game fix option
PSP2PS3 Toolkit v1.30 Changelog:
Added support for PKG files
Just a side note: For retail packages it will scan and use the full 36 character content id, instead of just the 9 alphanumeric CID. eg. Instead of using placeholder UP1004-ULUS10160_00-0000000000000001, it'll use UP1004-ULUS10160_00-GTAVICECITYST000.
PSP2PS3 Toolkit v1.40 Changelog:
Added PSP Remasters support
Finally, from aldostools comes PSP2PS3 v1.7.4 for CEX / DEX (linked above) with the changes outlined below:
For GUI lovers / black box (DOS window) haters, here is a new version of 1.7.4a with a quick GUI (ps3_minis.exe)
Changes in PSP2PS3 1.7.4a mod by aldostools:
The GUI supports drag & drop, CLI and browse dialog
File types supported: pbp, pkg, cso and iso
A nice progress bar is displayed while the file is being processed.
The GUI is an initial release and issues are expected.
Changes in PSP2PS3 1.7.4b mod by aldostools:
Added option to create EBOOT.PBP with no compression
Changes in PSP2PS3 1.7.5 mod by aldostools:
Updated with ps3_minis GUI v1.3 (mainly minor changes to the GUI. Compatibility should be the same as 1.7.4)
Its a hit and miss atm. I tried 2 games and 1 doens't work at all, black screens and locks up. The other got past the MINIS logo then it loaded up the first part but black screens and locks up before the menu.
Still get error on some games but it seems to be saving the data anyways. Almost like it's mounting the "card" to save and then "removing" directly after it finishes.... odd, but yea it's saving data and working.