Editing Dev Tools

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
== Tools ==
[[Category:Software]]
==Tools==


[http://pastie.org/1430104 hexkey2bin.c]
[http://pastie.org/1430104 hexkey2bin.c]


[http://pastie.org/2834445 hex2key.c edit]
[ edited http://pastie.org/2834445 hex2key.c]


[http://pastie.org/1431980 readselfoffsets.c]
[http://pastie.org/1431980 readselfoffsets.c]
Line 13: Line 14:
[http://pastie.org/private/vgrajylkeetkem7ommqdta downgrade]
[http://pastie.org/private/vgrajylkeetkem7ommqdta downgrade]


== Git ==
==Git==


[http://library.edgecase.com/git_immersion/ git docs]
[http://library.edgecase.com/git_immersion/ git docs]


== SceTool ==
* [http://www.psdevwiki.com/files/devtools/scetool/ scetool] / [http://www.sendspace.com/file/a0an56] (Windows)
** [http://mir.cr/MLZONDKY cygwin-dll.rar] (needed in case of cygwin1.dll missing error)
* <!--// https://www.dropbox.com/sh/9tp1x59jd5z34qa/10BT-4IDxX //-->[https://www.dropbox.com/sh/9tp1x59jd5z34qa/QBcYdjPA9q/ps3/release/scetool_0.2.9.7z scetool_0.2.9.7z] (Linux)
* [http://www.2shared.com/file/Lshbj21H/scetool_029_mac.html scetool_0.2.9] (OSX)
<s>common for all above: [http://pastie.org/8026816 keys]</s>
scetool 0.2.7 <public build> (C) 2011-2012 by naehrwert 
NP local license handling (C) 2012 by flatz
=== Setup ===
- /data/keys : Keyfile.
- /data/ldr_curves : Loader curves (7744 bytes).
- /data/vsh_curves : VSH curves (360 bytes).
- /data/idps : IDPS as binary file
- /data/act.dat : act.dat
- /rifs/* : *.rif files
- /raps/* : *.rap files
==== Keyfile format ====
[keyname]
type={SELF, RVK, PKG, SPP, OTHER}
revision={00, ..., 18, 8000}
version={..., 0001000000000000, ...}
self_type={LV0, LV1, LV2, APP, ISO, LDR, UNK_7, NPDRM}
key=...
erk=...
riv=...
pub=...
priv=...
ctype=...
====Keyset example====
[metldr]
type=SELF
revision=00
self_type=LDR
erk=0000000000000000000000000000000000000000000000000000000000000000
riv=00000000000000000000000000000000
pub=00000000000000000000000000000000000000000000000000000000000000000000000000000000
priv=000000000000000000000000000000000000000000
ctype=00
====NPDRM key(set) names====
- [NP_tid]: Title ID OMAC1 key.
- [NP_ci]: Control info OMAC1 key.
- [NP_klic_free]: Free klicensee.
- [NP_klic_key]: klicensee key.
- [NP_idps_const]: IDPS constant.
- [NP_rif_key]: rif key.
- [NP_sig]: Footer signature ECDSA keyset.
==== Error: Could not find keyset for SELF ====
Unlike unself, scetool does not bruteforce keys. So if you are trying to decrypt a file that is using a 4.75 key (4.20-{{latestPS3}}) and you only have that same key under :
4.20 {{dot}} 4.21 {{dot}} 4.22 {{dot}} 4.23 {{dot}} 4.25 {{dot}} 4.26 {{dot}} 4.30 {{dot}} 4.31 {{dot}} 4.40 {{dot}} 4.41 {{dot}} 4.45 {{dot}} 4.46 {{dot}} 4.50 {{dot}} 4.55 {{dot}} 4.60 {{dot}} 4.65 {{dot}} 4.66 {{dot}} 4.70
it will error out.
To see which key version is used by that complaining SELF, use:
<code>scetool -i file_in</code>
and add the missing key(s)
if that produces a line like:
<code>Key Revision    [DEBUG]</code>
the file is an fself (debug == no keys), just strip the first 0x90 bytes and save
===Help text===
USAGE: scetool [options] command
==== Commands ====
COMMANDS              Parameters            Explanation
-h, --help                                  Print this help.
-k, --print-keys                            List keys.
-i, --print-infos file_in                  Print SCE file info.
-d, --decrypt    file_in file_out          Decrypt/dump SCE file.
-e, --encrypt    file_in file_out          Encrypt/create SCE file.
==== Options ====
OPTIONS                Possible Values      Explanation
-v, --verbose                              Enable verbose output.
-r, --raw                                  Enable raw value output.
-0, --sce-type        SELF/RVK/PKG/SPP      [[SCE File Types|SCE File Type]]
-1, --compress-data  TRUE/FALSE(default)  Whether to compress data or not.
-s, --skip-sections  TRUE(default)/FALSE  Whether to skip sections or not.
-2, --key-revision    e.g. 00,01,...,0A,... [[Revision versus Version|Key Revision]]
-m, --meta-info                            Use provided meta info to decrypt.
-3, --self-auth-id    e.g. 1010000001000003 [[Program Authority ID]]
-4, --self-vendor-id  e.g. 01000002        [[Program Vender ID]]
-5, --self-type      LV0/LV1/LV2/APP/ISO/
                      LDR/NPDRM            [[Program Type]]
-6, --self-fw-version e.g. 0003004100000000 [[Revision versus Version|Firmware Version]]
-7, --self-add-shdrs  TRUE(default)/FALSE  Whether to add ELF shdrs or not.
-8, --self-ctrl-flags 32 bytes              Override [[Control Flags|control flags]].
-9, --self-cap-flags  32 bytes              Override [[Capability Flags|capability flags]].
-b, --np-license-type LOCAL/FREE            [[License Types|License Type]]
-c, --np-app-type    SPRX/EXEC/UPDATE      [[App Types|App Type]]
-f, --np-content-id                        Content ID
-l, --np-klicensee    16 bytes              Override klicensee.
-g, --np-real-fname  e.g. EBOOT.BIN        Real Filename
-j, --np-add-sig      TRUE/FALSE(default)  Whether to add a NP sig. or not.
=== History ===
==== Version 0.2.7 ====
- Added local NP license handling.
- Added option to override klicensee.
- Added option to disable section skipping (in SELF generation).
==== Version 0.2.5 ====
- Added option to use provided metadata info for decryption.
- "PS3" path environment variable will now be searched for keys/ldr_curves/vsh_curves too.
==== Version 0.2.4 ====
- Added option to display raw values.
- Moved factory Auth-IDs to <public build> (as they are on psdevwiki now).
==== Version 0.2.2 ====
- Added options to override control/capability flags (32 bytes each).
- Fixed where a false keyset would crash scetool when decrypting a file.
- Some source level changes and optimizations.
==== Version 0.2.1 ====
- [http://www.psdevwiki.com/files/devtools/scetool/zlib1.dll zlib] [http://mir.cr/1PQW9REH] is required to use scetool.
- 'sdk_type' was changed to 'revision' in data/keys.
== OpenSCETool ==
https://github.com/spacemanspiff/oscetool
== Break N Make (MakeSelf & BreakSelf) ==
[[File:Make Self v1.1.0.0 (08112014153810).png|300px|Make Self v1.1.0.0 (08112014153810)]]
=== Download ===
'''Download:''' https://www.mediafire.com/?f9aaj86vn0w4nn1 [https://mega.co.nz/#!2oVC3BJD!hNEbAHyO6H8Mug0ipoonlA5V2Mzosd0QrB6E-xTMc8Y mirror]
=== Key.conf ===
http://pastie.org/9821745 <- dead link
=== Features ===
* Win32 GUI Version
* Drag and Drop of bin.self.SPRX (Will Open if Klic Key needs changing)
* Changing of Decyption Klic
* Decryption of NPDRM
* Uses Key.conf to add new Keys if necessary (iso/app/npdrm/lv0/lv1/lv2 keys)
* Can be added (Manually) to Right click Function for Quick Decryption
=== Changelog ===
==== V1.1 (08-11-2014) ====
* Added Control Flags 0x1B = 0x10
* Changed Wording For Flag "default licensee" to “First Boot”..
* Moved Configuration Section into its own Button
** Now you can set the Configuration for the ini files inside
* Added in klicensee.ini
** This allows you to Database your own Personal Keys.
* Added ability to Change DRM Type
** Checks for it in the klicensee.ini will set new key if pressent
* Added Quick Selector
** (Reads from klicensee.ini) in NPDRM Settings Area for any preprogramed files..
* Added Drag and Drop to Clone
** (Can now Drop file you want to use for Clone "ANY" place outside of the Elf/Self File Sections and it will read it to try and clone it)
* Upgraded Clone Function (this will use klicensee.ini)
** If the file is present inside the klicensee.ini it will auto detect when you Clone the original file.
===== New Klicensee.ini what is it? =====
First Format
[klicensee]
title=
productid=
filename=
flags=
key0=
key1=
key2=
key3=
key4=
[/klicensee]
Explaination
* title =
  is the title you will see in Quick Selection area. (Put what you would like)
* productionid =
  this is the 36character ID that belongs to the game (eg: UP1017-BLUS30682_00-GTACOMPLETEV0102)
* filename =
  the name to the file this works for so Eboot/SPRX/SELF and so on) (note 1 name per [klicensee] section)
* flags = 
  20 – Game Update / 01 – First boot …. Note that they Stack so 21 – both on
* Key0=
  Disc (normaly just normal Free key no need to put)
* Key1=
  Network (Normaly the same as RiF key)
* Key2=
  Local (This is your Personal Rif key)
* Key3=
  Free (for Eboots this key is the normal Free key, for Sprx,Selfs this key can be found inside the Eboot to decypt the Sprx,Self)
* Key4=
  for PSP
Note : you only need to put the Key section you plan to use.
here is an example setup
[klicensee]
title=GTACOMPLETE –SELF
productid=UP1017-BLUS30682_00-GTACOMPLETEV0102
filename=GTAIV.self
key3= 00000000000000000000000000000000
[/klicensee]
==== V1.0 - Original (29-10-2011) ====
[[File:Make Self v1.0.0.1 (29102011123508).jpg|300px]]
* Allows you to Encrypt (Dex)+(CEX)+(NPDRM) Bin,Self,Sprx,Isoself
* Has Clone Function
* Allows for Multi control over how files are encrypted ..
* Allows for Setup of Quick Settings inside Quick.ini
* Updatable keys.conf uses same one as Breakself.
* Allows for Encrypting Using original 
===== What is Clone? =====
* Clone Settings from Original Encrypted file
Press “Clone Settings” then pick original Encrypted file .. If NPDRM you may need to fill in the K_Licensee with decrypt key Before doing the Clone..
== NPDTool v4d ==
*http://mir.cr/1VI625HY
*http://mir.cr/NUUBDXDI
npdtool v4d by '''belmondo''' and '''user''' ©2014
usage decrypt: npdtool [mode] infile outfile [rap/idps/klic] [act] [rif]
        [mode]:  d    (decrypt edata using idps, act.dat and rif)
                  dk  (decrypt edata using k_licensee)
                  dr  (decrypt edata using rap)
                  ds  (decrypt sdata)
usage encrypt edata: npdtool [format] infile outfile [klic] [cID] [block]
        [format]: 1    (format1 edata)
                  1c  (format1 compressed edata)
                  2    (format2 edata)
                  2c  (format2 compressed edata)
                  3    (format3 edata)
                  3c  (format3 compressed edata)
                  4    (format4 edata)
                  4c  (format4 compressed edata)
        [cID]:    XX0000-YYYY00000_00-0000000000000000
        [block]:  not for compressed [MAX 8000]
usage encrypt goma: npdtool [format] [cID]
        [format]: goma (licence edata)
        [cID]:    XX0000-YYYY00000_00-0000000000000000
usage encrypt sdata: npdtool [format] infile outfile [block]
        [format]: 1s  (format1 sdata)
                  2s  (format2 sdata)
                  2sc  (format2 compressed sdata)
                  3s  (format3 sdata)
                  3sc  (format3 compressed sdata)
                  4s  (format4 sdata)
                  4sc  (format4 compressed sdata)
        [block]:  not for compressed [MAX 8000]
usage bruteforce: npdtool [mode] inNPD inELF outK_lic.bin
        [mode]:  b    (bruteforce k_licensee in hex)
                  b2  (bruteforce k_licensee in ascii)
usage info: npdtool [mode] inNPD
        [mode]:  i    (info)
== PSNope ==
by u$er - latest version 1.06?
== PSN Patch ==
(psidpatch+psnope)
*http://store.brewology.com/ahomebrew.php?brewid=244 v4.70.06 by KW
==SDATA Tool==
Small open source tool to unpack and decrypt SDATA files. All the hard work and reverse engineering done by Hykem, along with collaboration of AlexAltea and BlackDaemon. It supports all SDATA file variants: v1 to v4, compresed or uncompressed, debug or release SDATAs.
Link: <!-- Old: https://github.com/AlexAltea/sdata-tool --> https://github.com/inaina/sdata-tool
Usage: ''sdata-tool.exe <input> <output>''


==fail0VERFLOW==
==fail0VERFLOW==


[http://git-hacks.com/ps3free/ps3tools ps3tools] // [https://github.com/search?&q=ps3tools ps3tools@github]
[http://git-hacks.com/ps3free/ps3tools ps3tools]


:cospkg
:cospkg
Line 346: Line 69:
:unself_gnpdrm
:unself_gnpdrm
::usage: unself_gnpdrm in.self out.elf
::usage: unself_gnpdrm in.self out.elf
self_rebuilder
:: usage: self_rebuilder [input.elf] [output.self] [original.self] [keytype] [keysuffix] [sdkversion] [sdktype] [auth id [idps.bin] [act.dat] [game.rif]
:::self_rebuilder keytype keysuffix sdkversion sdktype input.elf output.self original.self
:::input.elf=The input ELF/PRX to sign
:::output.self=The output SELF/SPRX to generate
:::original.self=The original SELF/SPRX for reference
:::keytype=lv0|lv1|lv2|iso|app|ldr|npd  (please note if type is ldr use versionsuffix retail)
:::keysuffix=080|092|240|340|350|355|356|360|365|370
:::sdkversion=0.80.0|0.92.0|2.40.0|3.40.0|3.50.0|3.55.0|3.56.0|3.60.0|3.65.0|3.70.0
:::sdktype=0000:retail0|0001:retail|0002:retail1|0004|0007|000A|000D|0010|0013|0016|8000:devkit
:::authid=1070000039000001  (only use if you want to change a revoked authid)
:::idps.bin=The input idps.bin to use  (only needed for NPD1/NPD2 de/encryption)
:::act.dat=The input act.dat to use  (only needed for NPD1/NPD2 de/encryption)
:::game.rif=The input game.rif to use  (only needed for NPD1/NPD2 de/encryption)


==Geohot Signing Tools==
==Geohot Signing Tools==
Line 377: Line 84:
::usage: package_finalize my.pkg
::usage: package_finalize my.pkg


== Graf Chokolo Tools ==
==Graf Chokolo Tools==


[http://github.com/grafchokolo/psgroove graftools]
[http://github.com/grafchokolo/psgroove graftools]
[[Talk:Graf%27s_PSGroove_Payload | Graftools]]
[http://www.ps3devwiki.com/index.php?title=Talk:Graf%27s_PSGroove_Payload Graftools]


:sendfile
:sendfile
Line 386: Line 93:
:pcap2bin
:pcap2bin


== spkg tool 1.0 ==
:
*[[http://www.mirrorcreator.com/files/1KDUUGFL/spkg_tool.tar.gz_links|spkg (linux/win)]]
 
<!--// passworded RAR
==anergistic==
anergistic modded for appldr
 
src: http://www.megaupload.com/?d=1P4AZNUA


requirements:
bin+samples: http://www.megaupload.com/?d=AVBBRCMJ
* fail0verflow key folder
* spkg(3.56+) and pkg(0.80-3.55) key/iv
* disabled ecdsa check in spu_pkg_rvk_verifier


<!--// spkg in.pkg out.spkg_hdr [-d|--decrypt_spkg_hdr_only] //-->
e.g.: decrypting retail rev1 sce self headers works
usage:<br />
//-->
:spkg in.pkg out.spkg_hdr<br />
::or<br />
:spkg in.spkg_hdr out.decrypted_spkg -d


== sputnik - Cell/SPU Pipeline viewer==
== sputnik - Cell/SPU Pipeline viewer==
Line 404: Line 110:
* [http://dl.dropbox.com/u/334837/Sputnik.exe.zip Windows] (will also need [http://qt.nokia.com/downloads QT runtime files])  
* [http://dl.dropbox.com/u/334837/Sputnik.exe.zip Windows] (will also need [http://qt.nokia.com/downloads QT runtime files])  
* [http://dl.dropbox.com/u/334837/Sputnik.dmg MAC OSX]
* [http://dl.dropbox.com/u/334837/Sputnik.dmg MAC OSX]
== commtool ==
Encryption/decryption of community files.
Binaries: http://www.sendspace.com/file/ympcze
Source code: http://www.sendspace.com/file/zjl6xx


== netrpc ==
== netrpc ==
Line 443: Line 143:
   objdump -d empty.o</pre>
   objdump -d empty.o</pre>
Source: http://askrprojects.net/software/objdump.html
Source: http://askrprojects.net/software/objdump.html
=== doing SPRX ===
ppu-objdump -xD --endian=big --target=elf64-powerpc --architecture=powerpc:common64 --disassembler-options=cell --target=binary binary filename.elf


== Several handy scripts ==
== Several handy scripts ==
Line 467: Line 163:
  The returned value shouldn't be 0xff
  The returned value shouldn't be 0xff
  ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07
  ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07
=== read eEID.sh ===
This script will dump your EID.
echo Dumping EID
dd if=/dev/ps3nflasha skip=$((0x2F000)) of=eid.bin bs=1 count=$((0x10000))
=== write eEID.sh ===
This script will write EID to flash.
echo Writing EID
dd if=eid.bin of=/dev/ps3nflasha bs=1 seek=$((0x2F000)) count=$((0x10000))


===dump_EID0.sh===
===dump_EID0.sh===
Line 504: Line 190:


===nor_dump.sh===
===nor_dump.sh===
This will dump your NOR memory.
  echo Dumping nor
  echo Dumping nor
  dd if=/dev/ps3nflasha of=nor.bin bs=1024
  dd if=/dev/ps3nflasha of=nor.bin
 
===nor_write.sh===
This will write dump to NOR memory.
echo Writing nor
dd if=nor.bin of=/dev/ps3nflasha bs=1024


===dump_ram.sh===
===dump_ram.sh===
Line 522: Line 202:
  echo Dumping vram
  echo Dumping vram
  dd if=/dev/ps3vram of=ps3vram.bin
  dd if=/dev/ps3vram of=ps3vram.bin


== Payloader3 ==
== Payloader3 ==
source code repository:
* http://git.dashhacks.com/payloader3/payloader3/trees/master (down)
* http://gitorious.ps3dev.net/payloader3/payloader3/trees/master
<!--
* 2011-06-22 backup: http://gotbrew.org/payloader3.tar.gz / [http://www.multiupload.com/DM8KLHX2SS payloader3.tar.gz (55.55 MB)]
* 2011-06-22 backup: http://gotbrew.org/payloader3.tar.gz / [http://www.multiupload.com/DM8KLHX2SS payloader3.tar.gz (55.55 MB)]
* Up including last commit before dashhacks went down : [http://www.multiupload.com/ZZ0X312CDM payloader3.tar.bz2 (45.49 MB)] (full git backup, also includes : [http://www.multiupload.com/EVO0GPP4DB payloader3-src-only.rar (2.08 MB)])
* Up including last commit before dashhacks went down : [http://www.multiupload.com/ZZ0X312CDM payloader3.tar.bz2 (45.49 MB)] (full git backup, also includes : [http://www.multiupload.com/EVO0GPP4DB payloader3-src-only.rar (2.08 MB)])
-->


===Howto===
===Howto===
Line 548: Line 226:
=== ps3load 3.55 make_self fixed ===
=== ps3load 3.55 make_self fixed ===
* older versions of ps3load would '''not''' work on 3.50/3.55 (¨sysProcessExitSpawn2¨ won't work proper), and you had to use 3.41 instead. This is no longer an issue with the recent version ps3load which fixed the (make_self) issue for 3.55
* older versions of ps3load would '''not''' work on 3.50/3.55 (¨sysProcessExitSpawn2¨ won't work proper), and you had to use 3.41 instead. This is no longer an issue with the recent version ps3load which fixed the (make_self) issue for 3.55
** standalone precompiled version to try: [http://www.psdevwiki.com/files/devtools/payloader3/ps3load.gnpdrm.pkg ps3load.gnpdrm.pkg (522.17 KB)] (don't forget to delete your old version first)
** standalone precompiled version to try: [http://www.multiupload.com/K9CHO86E0Q ps3load.gnpdrm.pkg (522.17 KB)] (don't forget to delete your old version first)


The PKG will install to the harddrive (dev_hdd0/game/PS3LOAD04/) with ps3load added as icon to the XMB > Network category.
The PKG will install to the harddrive (dev_hdd0/game/PS3LOAD04/) with ps3load added as icon to the XMB > Network category.
Line 623: Line 301:
    
    
   346690: 80000000002be570 # syscall_map_open_desc
   346690: 80000000002be570 # syscall_map_open_desc
== xorhack v2.0 ==
[http://www.multiupload.com/F09XP3YTVX xorhack_v2.0.zip (35.56 KB)]
===Installing===
If you have a previous version of XorHack installed you should remove it first. Do this by navigating to the install dir and typing "make clean" then "make uninstall" and then delete all remaining source files.
To install XorHack copy the all files and folders that came with this readme onto your PS3 harddrive and then navigate to the location you copied them to.
  Type "make" to build all parts of XorHack.
  Type "make install" to install all parts of XorHack.
  Type "make uninstall" to uninstall all parts of XorHack.
=== Running ===
* Once installed you can start the exploit loop from the command line by typing "ps3exploit 100" to perform the exploit loop 100 times.
* Once the exploit is successful the hypervisor can be dumped by typing "dumphv". It will dump it to a file in the current dir.
* Once the exploit is successful the bootloader can be dumped by typing "dumpbl". It will dump it to a file in the current dir.
== GameOS dumper tools ==
=== Memdump ===
<!--// also here [[Software_Dumping#Memdump]] //-->
<div style="float:right">[[File:Memdump-lv1 1280.png|x300px|thumb|left|Memdump - lv1 screen]]</div>
PS3 memory dumping tool that can dump lv1, lv2, NAND/NOR Flash, and eEID from GameOS.
<gallery>
File:Memdump-main 1280.png|Memdump - main screen
File:Memdump-about 1280.png|Memdump - about screen
File:Memdump-help 1280.png|Memdump - help screen
File:Memdump-lv1 1280.png|Memdump - lv1 screen
File:Memdump-lv2 1280.png|Memdump - lv2 screen
</gallery>
{{#ev:youtube|_uqCxkNxXqo}}
==== Download ====
* [http://www.embedupload.com/?d=3HH5KJGLY4 memdump .pkg]
* [https://archive.midnightchannel.net/SonyPS/PS3/Source%20Code/gitorious.ps3dev.net/memdump/ memdump source code]
==== Applicable firmwares ====
{| class="wikitable"
|-
! rowspan="2" | FW !! rowspan="2" | lv1 !! rowspan="2" | lv2 !! rowspan="2" | Flash !! rowspan="2" | eEID !! colspan="2" | 0.01 FINAL
|-
! Logs !! Notes
|-
| style="background:lightgrey; color:#ff0000; text-align: center;" | &lt;=2.60 {{CEX}} {{DEX}} || {{NA}} || {{NA}} || {{NA}} || {{NA}} || colspan="4" style="background:lightgrey; color:#ff0000; text-align: center;" | Not available as target version atm
|-
| style="background:Green; color:#ffffff; text-align: center;" | 2.70 {{CEX}} {{DEX}} || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
| style="background:Green; color:#ffffff; text-align: center;" | 2.76 {{CEX}} {{DEX}}  || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
| style="background:Green; color:#ffffff; text-align: center;" | 2.80 {{CEX}} {{DEX}}  || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
| style="background:Green; color:#ffffff; text-align: center;" | 3.00 {{CEX}} {{DEX}}  || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
| style="background:Green; color:#ffffff; text-align: center;" | 3.01 {{CEX}} {{DEX}}  || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
| style="background:Green; color:#ffffff; text-align: center;" | 3.10 {{CEX}} {{DEX}}  || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
| style="background:Green; color:#ffffff; text-align: center;" | 3.15 {{CEX}} {{DEX}}  || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
| style="background:Green; color:#ffffff; text-align: center;" | 3.20 {{CEX}} {{DEX}}  || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
| style="background:Green; color:#ffffff; text-align: center;" | 3.21 {{CEX}} {{DEX}}  || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
| style="background:Green; color:#ffffff; text-align: center;" | 3.30 {{CEX}} {{DEX}}  || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
| style="background:Green; color:#ffffff; text-align: center;" | 3.40 {{CEX}} {{DEX}}  || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
| style="background:Green; color:#ffffff; text-align: center;" | 3.41 {{CEX}} {{DEX}}  || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
| style="background:Green; color:#ffffff; text-align: center;" | 3.42 {{CEX}} {{DEX}}  || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
| style="background:Green; color:#ffffff; text-align: center;" | 3.50 {{CEX}} {{DEX}}  || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
| style="background:Green; color:#ffffff; text-align: center;" | 3.55 {{CEX}} {{DEX}}  || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
| 3.56 {{CEX}} {{DEX}} || {{Pending}} || {{Pending}} || {{Pending}} || {{Pending}} ||
|-
| style="background:lightgrey; color:#ff0000; text-align: center;" | =&gt;3.60 {{CEX}} {{DEX}}  || {{NA}} || {{NA}} || {{NA}} || {{NA}} || rowspan="2" colspan="4" style="background:lightgrey; color:#ff0000; text-align: center;" | Not available as target version atm
|-
|}
===== Legenda =====
* NA : Not Available as target version (mostly because of missing lv1:mmap114 or lv2:peek/poke patches)
* Yes: Fully supported
* No: Not supported
* Partial: Some functions work, others might not be complete
* Pending: No reports yet (help out by sending in your logs and dumps in a ZIP/RAR/7z!)
==== Known bugs ====
* buttons do not come back up after pressing -> to be fixed in v0.02 (button handler thread)
* exit app gives rightscreen black triangle -> to be fixed in v0.02 (cleanup RSX buffer)
* when free space is 0 bytes when dumping, application will halt ->  to be fixed in v0.02 (check freespace first)
==== Current limitations ====
* Needs mmap114+peek/poke as minimal patches
* Can be buggy with strange spoofs
* No reports yet on Kiosk/SEX & Tool/DECR models
* NAND only : second bootldr at 0xF000000 - 0xF03FFFF (The last 256KB of flash) will be missing. Just copypaste the first bootldr 0x0000000 - 0x003FFFF (The first 256KB of flash), they are the same. Also, a console boots fine with only the first one.
=== flash dumper ===
precompiled:
* [http://www.psdevwiki.com/files/flash/Tools/USB%20Flash%20Dump/dump_flash.pkg dump_flash.pkg (70.48 KB)]
<!--// * [http://www.multiupload.com/2V5J0MHF4F dump_flash-faster.pkg (70.23 KB)] not faster, old bugged version that also dumps vflash on NOR consoles //-->
:NOR flash - dump will take about 30 minutes<!--// 30mins and 20 secs ~9 KB/sec //-->, size: 16 MB (1 file: flash.bin)
:NAND flash - dumps will take more then 2½ hours<!--// 150mins ~ 27 KB/sec //-->, size: 239MB (1 file: flash.bin) with bootldr missing.
* [http://www.multiupload.com/VWN0XF3LFZ dump_flash_ptab.pkg (70.23 KB)]
:NOR flash - The tool dumps the first 2 sectors of "VFLASH partition table" located inside "virtual flash" region on HDD, dump size 0x3FF (0x30 header + 0x90 per region)
git source:
* [http://foxbrew.org/git/otheros-utils/dump_flash.git/ dump_flash.git]
* [http://foxbrew.org/git/otheros-utils/dump_flash_ptab.git/ dump_flash_ptab.git]
* [http://www.psdevwiki.com/files/flash/Tools/USB%20Flash%20Dump/dump_flash-src.rar dump_flash-src.rar]
=== lv1 dumper ===
precompiled:
* [http://www.multiupload.com/FJTQM8QAY2 dump_lv1.pkg (70.11 KB)] (glevand)<br />
:lv1 dump will take about 30minutes, size: 16 MB  (1 file: lv1.bin)
git source:
* [http://foxbrew.org/git/otheros-utils/dump_lv1.git/ dump_lv1.git]
alternative:
* lv1dumper [http://www.multiupload.com/WVLKP4MHS4 FLU1_T_2011.zip (9.72 KB)] (flukes1)
:This is an application which runs on the PS3 that you can compile and package using PSL1GHT and geohot’s tools. After running it, lv1 will be mapped at 0×8000000014000000 with read/write access, and you will be able to poke lv2 without the system shutting down.
=== lv2 dumper ===
precompiled:
* [http://www.multiupload.com/J0V1AIZKT0 dump_lv2.pkg (70.11 KB)] (glevand)<br />
:lv2 dump will take considerable less than lv1dump, size: 8.5 MB  (2 files: lv2.bin.0 & lv2.bin.1)
* [http://www.multiupload.com/MBEP4VSCN5 lv2dump_07a.pkg (1.48 MB)] (other) <br />
:lv2 dump saves to harddrive, you'll have to ftp it out. no sourcecode available.
git source:
* [http://foxbrew.org/git/otheros-utils/dump_lv2.git/ dump_lv2.git]
=== sysrom dumper ===
precompiled:
[http://www.multiupload.com/27TV582N4O dump_sysrom.pkg (69.67 KB)] (glevand)<br />
:sysrom dump takes only few seconds, size: 256KB  (1 file: sysrom.bin)
git source:
* [http://foxbrew.org/git/otheros-utils/dump_sysrom.git/ dump_sysrom.git]
=== metldrdumper ===
precompiled:
[https://mega.nz/#!Yk1RiYyT!xbNV_ZbPLatBtw3M_9DwORz2HXGCiso4gGRE0tVQhOY dump_metldr.pkg (69.67 KB)] (CMX / original source code by: Flatz)<br />
:metldr dump takes only few seconds, size: 256KB  (1 file: dump.bin)
source code:
* [https://mega.nz/#!YkNk1DzS!k9bCVXTYlx1gexoOJIx7TfH8uQ0C3gGigO_e2W70tEM metldr_dumper]
=== vflash dumper ===
git source:
* [http://foxbrew.org/git/otheros-utils/dump_vflash_ptab_fat.git/ dump_vflash_ptab_fat.git]
* [http://foxbrew.org/git/otheros-utils/dump_vflash_ptab_slim.git/ dump_vflash_ptab_slim.git]
=== vsh dumper ===
precompiled:
* [http://www.multiupload.com/IBF5XTDFWP vshDumper.rar (25.29 KB)] ([[User:Daxgr]])<br />
:([http://pastie.org/private/lbv2vc50spgjx816mahfa IDA analysis of sacd.sprx])
== pupx dev_flash ==
Extracts dev_flash files from ps3 updates. To extract them you just have to put PS3UPDAT.PUP in the same folder and launch it.
*http://hsreina.shadosoft-tm.com
*http://psx-scene.com/forums/f149/extract-dev_flash-ps3-update-74664/
*http://www.multiup.org/download/4884407dbbdc793549561d0d735ba8b1/pupx_dev_flash.rar
== dev_flash and dev_flash3 unpacker ==
it's a simple dev_flash extractor for 3.56+ PUPs
Before using it: Change this line "TOOLS=/home/wargio/.ps3tools" with the path of your tools, example: TOOLS=/home/god/ps3dev/ps3tools
LINUX version: http://pastebin.com/kLrPFb7y
OSX version: http://pastebin.com/FDMbgyVk
Usage: unpack_dev_flash.sh <*.pup>
example: unpack_dev_flash.sh PS3UPDAT.PUP
== core os extractor ==
it's a simple core os extractor for 3.56+ PUPs
Before using it: Change this line "TOOLS=/home/wargio/.ps3tools" with the path of your tools, example: TOOLS=/home/god/ps3dev/ps3tools
Linux/OSX: http://pastebin.com/1AkEgW3y
Usage: ./extract_coreos.sh <PUP>
example: extract_coreos.sh PS3UPDAT.PUP
== Syscon FW Reader ==
This simple program will read and show information about a Syscon Firmware package.<br />
To compile it, just run make.<br />
[http://gitorious.ps3dev.net/playstation-3/ps3tools SRC]
== SFO Reader ==
it will show useful informations, built initially for vita pkgs<br />
To build it, just run make.<br />
[http://gitorious.ps3dev.net/playstation-3/ps3tools SRC] -&gt; [[Gitorious]]
Example of output:
<pre>[SFO HDR]    0x46535000
[SFO Version] 0x00000101
[SFO N]       13 Value(s)
[SFO Values]  0x000000e4
[SFO Params]  0x0000016c
[ SFO ]
[  1 ]          APP_VER | Param: 01.00
[  2 ]        ATTRIBUTE | Param: 0x0
[  3 ]        BOOTABLE | Param: 0x1
[  4 ]        CATEGORY | Param: AV
[  5 ]          LICENSE | Param: Library programs ©Sony Computer Entertainment Inc. Licensed for play on the PLAYSTATION®3 Computer Entertainment System or authorized PLAYSTATION®3 format systems. For full terms and conditions see the user's manual. This product is authorized and produced under license from Sony Computer Entertainment Inc. Use is subject to the copyright laws and the terms and conditions of the user's license.
[  6 ]  PARENTAL_LEVEL | Param: 0x1
[  7 ]  PS3_SYSTEM_VER | Param: 03.4200
[  8 ]      REGION_DENY | Param: 0xfffffffd
[  9 ]      RESOLUTION | Param: 0x1d
[  10 ]    SOUND_FORMAT | Param: 0x307
[  11 ]            TITLE | Param: Netflix Instant Streaming
[  12 ]        TITLE_ID | Param: NPUP00030
[  13 ]          VERSION | Param: 01.03
</pre>
==SFO2SFX==
it's a really simple Sfo to sfx converter.<br />for now it's not able to convert from sfx to sfo (when i will have more time, i will write a SFX2SFO. deroad)<br />
Download [http://www.mediafire.com/?u198mdksubj6c9c ps3tool_with_sfo2sfx] (this is my full SRC. all the tools are already compiled)<br />
[http://gitorious.ps3dev.net/playstation-3/ps3tools Mirror]<br />
From<br />
<pre>[SFO HDR]    0x00505346
[SFO Version] 0x00000101
[SFO N]       6 Value(s)
[SFO Params Offsets]  0x000000b4
[ SFO ]
[  1 ]        CATEGORY | Param: 2D
[  2 ]  PARENTAL_LEVEL | Param: 0x1
[  3 ]  PS3_SYSTEM_VER | Param: 01.3100
[  4 ]            TITLE | Param: PS2 System Data
[  5 ]        TITLE_ID | Param: NPIA00001
[  6 ]          VERSION | Param: 01.00</pre>
to<br />
<pre><?xml version="1" encoding="utf-8" standalone=yes"?>
<paramsfo add_hidden="false">
  <param key="CATEGORY" fmt="utf8" max_len="4">2D</param>
  <param key="PARENTAL_LEVEL" fmt="int32" max_len="4">1</param>
  <param key="PS3_SYSTEM_VER" fmt="utf8" max_len="8">01.3100</param>
  <param key="TITLE" fmt="utf8" max_len="128">PS2 System Data</param>
  <param key="TITLE_ID" fmt="utf8" max_len="16">NPIA00001</param>
  <param key="VERSION" fmt="utf8" max_len="8">01.00</param>
</paramsfo></pre>
==make_his==
Generates a PARAM.HIS file from a Unix-formatted text file
https://github.com/jjolano/make_his
==HIP2HIS==
This app simply convert a PARAM.HIP file to PARAM.HIS
http://www.mediafire.com/?rv6jajz3nfy53iw
== ReactPSN .rap to .rif converter ==
This tool will convert .rap files to .rif. Place it to the ps3tools directory along with other tools and then place your idps and act.dat files to appropriate folders.
::usage: rap2rif <rap file> <rif file>
* [http://www.mediafire.com/?sgxq5r7twy9907d '''Rap2Rif''' compiled executable by '''Flatz''']
* [https://web.archive.org/web/20141118183315/http://pastie.org/private/yltlfwubsz8w5pyhmojyfg '''Rap2Rif''' source code by '''Flatz''']
==ReactPSN .rif -> .rap converter==
Your concole's IDPS named idps is in the exdata file folder.<br />
Your act.dat is also in the exdata file folder.<br />
The usage:<br />
rif2rap <xxx.rif> <xxx.rap>
&nbsp;&nbsp;&nbsp;&nbsp;or
rif2rap <xxx.rif>
http://www.mirrorcreator.com/files/SGL6EZCS/rif2rap.rar_links
== .rifkey to ReactPSN .rap converter ==
This tool can convert rifkey (klicensee) file to .rap file.
rifkey2rap <rifkey file> <rap file>
* [http://mir.cr/1QRV777I ''Rifkey2Rap''' compiled executable + souce code by '''Flatz''']
* [https://web.archive.org/web/20141118220924/http://pastie.org/private/9hjpnaewxg5twytosnx4w ''Rifkey2Rap''' souce code by '''Flatz''']
== ReactPSN .rap to .rifkey converter ==
This tool can convert .rap file to rifkey (klicensee) file.
rap2rifkey <rap file> <rifkey file>
* [https://web.archive.org/web/20141118183317/http://pastie.org/private/pmnmsnqg6zbfnk9xactbw '''Rap2Rifkey''' souce code by '''Flatz''']
== Metldr extractor ==
Extract metldr of NOR/NAND dump.
usage: extract_metldr <flash.bin> <destination>
[http://gitorious.ps3dev.net/simple-ps3-tools/metldr_extractor/trees/master Source]
(or just use Flowrebuilder and extract all binary)
== decompile/disassembly .NET==
* http://ilspy.net/
* http://www.devextras.com/decompiler/
* http://www.jetbrains.com/decompiler/
* http://www.telerik.com/products/decompiler.aspx
* http://www.reflector.net/
== Total Commander ==
* Handy for searching static values (such as sboxes or curves) recursively in folders
* Also useful to know where keys exist (in which elf they are located)
* http://www.ghisler.com/
== PkgView ==
* By ifcaro, [http://ps3zone.ifcaro.net/ web], [https://github.com/ifcaro/PkgView source code]
== SPRXPatcher ==
* A modern PlayStation 3 ELF patcher to load SPRX files
* [https://github.com/NotNite/SPRXPatcher Source code]
{{Development}}<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)