Editing ReDRM / Piracy dongles

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
{{Wikify}}
[[Category:Software]][[Category:Hardware]]
=Description=
=Description=
TrueBlue dongles are USB dongles for the PS3 which enable custom firmware 'special' functionality to launch resigned game backups. These dongles are themselves a form of DRM, as the particular format of these backups will not work without the TB dongle. Contentdisc's contain fself'ed eboot.bin's. <br />
Dongle is DRM to make sure you have the dongle, the firmware 'special' functionality will not work without it.
Hardware-wise, there are many similarities with [[PS3Cobra_Payload_Reverse_Engineering#Hardware_Dongle|PS3Cobra]]
Contentdisc's contain fself'ed eboot.bin's. <br />
Hardwarewise, there are many simularities with [[PS3Cobra_Payload_Reverse_Engineering#Hardware_Dongle|PS3Cobra]]


== Clarifications ==
== Debunking ==
* '''If the content works with the dongle, that means the original content also works (without the dongle) if resigned for Firmware v3.55!'''
* '''If the content works with the dongle, that means the original content if resigned for 3.55 also works (without the dongle)!'''
* TrueBlue dongles/firmware do not support PSN (OFW and [[KaKaRoTo Kind of ´Jailbreak´]] do)
* No PSN (OFW and [[KaKaRoTo Kind of ´Jailbreak´]] do)
* Special features for PS Vita are not usable (OFW and [[KaKaRoTo Kind of ´Jailbreak´]] can)
* Cannot use special features for PS Vita (OFW and [[KaKaRoTo Kind of ´Jailbreak´]] can)
* TrueBlue cannot play Firmware 3.6x+/3.7x+/4.x+ original content (it does not have the keys for it).
 
* It can only play such content which is re-encrypted/resigned with the key supported by the dongle.
* It does not play 3.6x+/3.7x+/4.x+ original content (it does not have the keys for it).
** Such content was limited to already decryptable and debug eboot.bin's.
* It can only play such content which is re-encrypted/resigned with their donglekey.
*** Titles in the wild were almost entirely released by PARADOX (patches) & PARADiSO (full pirated releases) between November 2011 and June 2012 - with groups like BORG and EHRGEIZ appearing from May through June of 2012. There was also lighttake, which sold full pre-patched pirated Blu-ray discs. It seems possible that they were involved in the TrueBlue production/distribution. Profiting from or otherwise receiving money for re-applying DRM could likely be considered a scam.
** Such content will be limited to those already decryptable and debug eboot.bin's.
*** No public tools exist for 'converting' to TB format (re-encrypting/resigning) - making TB dongle users completely dependent on warez release groups like PARADOX/PARADiSO/BORG/EHRGEIZ.
*** At this moment, only a few titles in the wild released:
* Content for Firmware v3.55 and lower still works (after all, its just a MFW 3.55) - with some exceptions (in some cases it will even brick the dongle when running certain pieces of homebrew).
**** all by PARADOX (patches)/PARADiSO (full pirated releases) and lighttake that sells full prepatched pirated BD-discs, which makes it seem they are into the money/DRM scam or otherwise profiting from releasing for it.
* Needs the MFW (and cannot work on OFW's, that is why there is no 'power/eject trick')
**** Because the resellers profit from selling discs, those titles will not be released by PARADOX (patches)/PARADiSO (full pirated releases)
**** You can hear daily 'more games today' and still see nothing released for 5+ days in a row
** no public tools exist for 'converting' to TB format (re-encryption/resigning) - making you completely dependant of releasegroups like PARADOX/PARADiSO.
* Content for 3.55 and lower still work (after all, its just a MFW 3.55) - with some exceptions (in some cases it will even brick the dongle when running those homebrew)
* Needs the MFW (and cannot work on OFW's, that is why there is 'no power/eject trick')
* Cannot be used for downgraded consoles (which rely on lv1 syscon hashcheck patches)
* Cannot be used for downgraded consoles (which rely on lv1 syscon hashcheck patches)
* If you are using special firmware now, they will not be compatible with this one. e.g. Incompatible with:
* If you are using special firmwares now, they will not be compatible with this one. e.g. Incompatible with:
** OtherOS++
** OtherOS++
** Proper MFW's
** Proper MFW's
Line 256: Line 261:
CLK for Actel <br />
CLK for Actel <br />
==== AMS1117  2.851049 - Low Dropout Linear Regulator ====
==== AMS1117  2.851049 - Low Dropout Linear Regulator ====
Datasheet:  
Datasheet: http://www.sltdigital.com/product/product_pdf/AMS1117.pdf / http://home1.cyber-labo.co.jp/board/goods/pdf/AMS1117.pdf <br />
* https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Datasheets/AMS1117-.pdf
* https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Datasheets/AMS1117.pdf<!--// http://www.sltdigital.com/product/product_pdf/AMS1117.pdf / http://home1.cyber-labo.co.jp/board/goods/pdf/AMS1117.pdf //--> <br />
[[:File:AMS1117 - SOT-223.png]]
[[:File:AMS1117 - SOT-223.png]]


Line 284: Line 287:
|-
|-
|}
|}
==== Winbond 25X16AVSIG (SPI Flash 16Mbit) ====
{{Template:Winbond 25X16AVSIG}}
====Test Points====
<div style="float:right">[[File:Psjb2-Trueblue-TESTPOINTS.jpg|200px|thumb|left|PSJB2/TrueBlue - Testpoints to Winbond SPI flash]]<br /></div>
There are test points on the dongle that provice full pin access to the Winbond chip, be careful soldering to them since it is easy to pull off a test point.<br>
== Dongle 2.0 ==
Supposed to be massproduced instead of manually soldered like the 1.0 dongle. Not seen in the wild yet.
== Dongle Clones ==
=== Jb2usb ===
<table width="100%" align="left"><tr>
<td align="left">[[File:Jb2usb1.jpg|200px|thumb|left|Jb2usb clone dongle overview]]</td>
<td align="left">[[File:Jb2usb2.jpg|200px|thumb|left|Jb2usb clone dongle board]]</td></tr></table>
<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
=== JB-King ===
* JB-King is a "copy-cat" clone by dongle makers in China. (some have claimed by the makers of PS3Go). Its poetic, piracy and theft of the "intellectual property" of pirates and thieves.
<gallery>
File:Jb-king-front.jpg|JB-King clone dongle front
File:JB-King BACK.jpg|JB-King clone dongle - BACK
File:JB-King_Dongle_Abkarino_DVD4Arab_01.png|tb-king clone dongle overview
File:JB-King_Dongle_Abkarino_DVD4Arab_02.png|tb-king clone dongle board
File:JBKing-1.jpg
File:JBKing-2.jpg
</gallery>
=== Components ===


==== Winbond 25X16AVSIG (SPI Flash 16Mbit) ====
==== Winbond 25X16AVSIG (SPI Flash 16Mbit) ====
Line 328: Line 298:
I - Temperature Range: Industrial (-40'C ~ 85'C)
I - Temperature Range: Industrial (-40'C ~ 85'C)
G - Environment: Green Package (Lead-free, RoHS Compliant, Halogen-free (TBBA), Antimony-Oxie-free)</pre>
G - Environment: Green Package (Lead-free, RoHS Compliant, Halogen-free (TBBA), Antimony-Oxie-free)</pre>
datasheet: [http://www.winbond.com/NR/rdonlyres/C6366616-2CB7-49F8-A1F9-3BC363DF9480/0/W25X16A.pdf W25X16A.pdf (1.3 MB)] / https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/Datasheets/W25X16A.pdf <br />
datasheet: [http://www.multiupload.com/P2833U5SOW W25X16A.pdf (1.3 MB)] <br />
Note: can use [http://blog.hodgepig.org/busninja/ Bus Ninja] or [http://flashrom.org/Bus_Pirate Bus Pirate] and [http://flashrom.org/Flashrom FlashROM] - <abbr title="In-System Programming (ISP)">ISP</abbr> is possible, so long as no other devices on the SPI bus are trying to access the device (in that case, you might want to cut Vcc to the FPGA or the regulator for it).  
Note: can use [http://blog.hodgepig.org/busninja/ Bus Ninja] or [http://flashrom.org/Bus_Pirate Bus Pirate] and [http://flashrom.org/Flashrom FlashROM] - <abbr title="In-System Programming (ISP)">ISP</abbr> is possible, so long as no other devices on the SPI bus are trying to access the device (in that case, you might want to cut Vcc to the FPGA or the regulator for it).  


Line 352: Line 322:
|-
|-
|}
|}
====Test Points====
<div style="float:right">[[File:Psjb2-Trueblue-TESTPOINTS.jpg|200px|thumb|left|PSJB2/TrueBlue - Testpoints to Winbond SPI flash]]<br /></div>
<pre>W - Winbond


====Test Points====
There are test points on the dongle that provice full pin access to the Winbond chip, be careful soldering to them since it is easy to pull off a test point.<br>
<br>
<div style="float:right">[[File:Psjb2-Trueblue-TESTPOINTS.jpg|200px|thumb|left|PSJB2/TrueBlue - Testpoints to Winbond SPI flash]]</div>
<br>


==== STM32 F103C8T6 : U2 ====
== Dongle 2.0 ==
U2 <br />
Supposed to be massproduced instead of manually soldered like the 1.0 dongle. Not seen in the wild yet.
datasheet: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Datasheets/stm32_f103c8t6.pdf stm32_f103c8t6.pdf (1.38 MB)]
 
===== Pinout STM32 F103C8T6 LQFP48 =====
== Dongle Clones ==
<div style="float:right">[[File:STM32 F103C8T6 - LQFP48.png|200px|thumb|left|STMicroelectronics STM32 F103C8T6 - LQFP48 package]]</div>
 
<div style="height:250px; overflow:auto">
* JB-King is a "copy-cat" clone by dongle makers in China. (some have claimed by the makers of PS3Go)
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;"  
 
|- bgcolor="#cccccc"
<table width="100%" align="left"><tr>
! Pin !! Function !! Notes
<td align="left">[[File:Jb-king-front.jpg|200px|thumb|left|JB-King clone dongle front]]<br />[[File:JB-King BACK.jpg|200px|thumb|left|JB-King clone dongle - BACK]]</td>
|-
<td align="left">[[File:JB-King_Dongle_Abkarino_DVD4Arab_01.png|200px|thumb|left|tb-king clone dongle overview]]</td>
| 1 || VBAT ||  
<td align="left">[[File:JB-King_Dongle_Abkarino_DVD4Arab_02.png|200px|thumb|left|tb-king clone dongle board]]</td></tr></table>
|-
 
| 2 || PC13-TAMPER-RTC ||  
Its poetic, piracy and theft of the "intellectual property" of pirates and thieves.
|-
 
=== Components ===
 
==== Winbond 25X16AVSIG (SPI Flash 16Mbit) ====
<div style="float:right">[[File:W25X16A - SOIC-8.png|200px|thumb|left|8-pin TSSOP<br />Winbond 25X16A<br />SOIC-8 pinout]]
<br /></div>
<pre>W - Winbond
25X - SPI Flash with 4KB sectors/64Kbyte blocks, dual output
16A - 16Mbit / 2M-byte
V - Supply Voltage 2.7 to 3.6V
S - Package Type : 8pin SOIC 150-mil
I - Temperature Range: Industrial (-40'C ~ 85'C)
G - Environment: Green Package (Lead-free, RoHS Compliant, Halogen-free (TBBA), Antimony-Oxie-free)</pre>
datasheet: [http://www.multiupload.com/P2833U5SOW W25X16A.pdf (1.3 MB)] <br />
Note: can use [http://blog.hodgepig.org/busninja/ Bus Ninja] or [http://flashrom.org/Bus_Pirate Bus Pirate] and [http://flashrom.org/Flashrom FlashROM] - <abbr title="In-System Programming (ISP)">ISP</abbr> is possible, so long as no other devices on the SPI bus are trying to access the device (in that case, you might want to cut Vcc to the FPGA or the regulator for it).
 
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;"
|- bgcolor="#cccccc"
! Pin !! Usage !! I/O !! Remarks
|-
| 1 || /CS || I || Chip Select (high=deselect, low=select)
|-
| 2 || DO || O || Data output
|-
| 3 || /WP || I || Write Protect (active low)
|-
| 4 || GND ||  || Ground
|-
| 5 || DIO || I/O || Serial data input/output
|-
| 6 || CLK || I || Serial Clock
|-
| 7 || /HOLD || I || Hold (high=normal/resume, low=hold/pause)
|-
| 8 || VCC ||  || Vcc (min 2.7-max 3.6V @ Fr0 75MHz / min 3.0-max 3.6V @ Fastread Fr1 100MHz)
|-
|}
====Test Points====
<br>
<div style="float:right">[[File:Psjb2-Trueblue-TESTPOINTS.jpg|200px|thumb|left|PSJB2/TrueBlue - Testpoints to Winbond SPI flash]]</div>
<br>
 
==== STM32 F103C8T6 : U2 ====
U2 <br />
datasheet: [http://www.multiupload.com/WPXWYMX3UU stm32_f103c8t6.pdf (1.38 MB)]
===== Pinout STM32 F103C8T6 LQFP48 =====
<div style="float:right">[[File:STM32 F103C8T6 - LQFP48.png|200px|thumb|left|STMicroelectronics STM32 F103C8T6 - LQFP48 package]]</div>
<div style="height:250px; overflow:auto">
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;"  
|- bgcolor="#cccccc"
! Pin !! Function !! Notes
|-
| 1 || VBAT ||  
|-
| 2 || PC13-TAMPER-RTC ||  
|-
| 3 || PC14-OSC32_IN ||  
| 3 || PC14-OSC32_IN ||  
|-
|-
Line 702: Line 727:
= Downloads =
= Downloads =
== First release (1.0/2.1) ==
== First release (1.0/2.1) ==
* MFW: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Firmware/Jailbreak2.CFW.rar Jailbreak2.CFW.rar (172.34 MB)]<!--//http://www.filesonic.nl/file/2688912531/Jailbreak2.CFW.zip (password: whyudie)//-->
* MFW: [http://www.multiupload.com/O7SP26A83E Jailbreak2.CFW.rar (172.34 MB)]<!--//http://www.filesonic.nl/file/2688912531/Jailbreak2.CFW.zip (password: whyudie)//-->
** Alternative FW compatible with the PSJB2/TrueBlue dongle DRM lock-in : [http://rebug.me REBUG 3.55.2 TB EDITION] / [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Firmware/3.55.2_TBE_Links.rar 3.55.2_TBE_Links.rar]
** Alternative FW compatible with the PSJB2/TrueBlue dongle DRM lock-in : [http://rebug.me REBUG 3.55.2 TB EDITION]
* Dongle Updater v2.1: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.1/dongle-updater.pkg dongle-updater.pkg (2.1 MB)]<!--//http://www.filesonic.nl/file/2689038911/JB2.Dongle.Updater.zip (password: whyudie)//-->
* Dongle Updater v2.1: [http://www.multiupload.com/9YPQX47G7F JB2.Dongle.Updater.rar (2.1 MB)]<!--//http://www.filesonic.nl/file/2689038911/JB2.Dongle.Updater.zip (password: whyudie)//-->
 
== Update 2.2 ==
== Update 2.2 ==
* Dongle Updater v2.2: https://web.archive.org/web/*/http://ps3devwiki.com/files/TrueBlue/Updates/TrueBlueUpdate-2.2/
* Dongle Updater v2.2: [http://www.multiupload.com/QU4XVYD4CF TrueBlueUpdate2_2.zip (544.2 KB)]


== FW Info (1.0/2.1) ==
== FW Info (1.0/2.1) ==
Line 772: Line 796:
Data length: 172890112
Data length: 172890112
File hash : 93A7A95BFCFC263DCB4A18477062FDCC72BE47A0</pre>
File hash : 93A7A95BFCFC263DCB4A18477062FDCC72BE47A0</pre>
== JBKing 1.5 update ==
http://www.ps3hax.net/2012/03/finally-jb-king-cracks-v2-5-update/
https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/JBKing/Updates/JBKing%202.5/


=Content discs=
=Content discs=
Line 849: Line 868:
== Paradox TB ==
== Paradox TB ==
Note: Releases seen in the wild are full BD content prepatched for TrueBlue. We are only interested in documenting/reversing, so please don't post full links (only stripped).
Note: Releases seen in the wild are full BD content prepatched for TrueBlue. We are only interested in documenting/reversing, so please don't post full links (only stripped).
* [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Patches/portal_2_BLUS30732_TB.rar portal_2_BLUS30732_TB.rar (78.04 MB)]
* [http://www.multiupload.com/9A4DXVTXX9 portal_2_BLUS30732_TB.rar (78.04 MB)]


=== EBOOT.BIN details ===
=== EBOOT.BIN details ===
Line 857: Line 876:
== FW Changes (1.0/2.1) ==
== FW Changes (1.0/2.1) ==
Compared to OFW 3.55:
Compared to OFW 3.55:
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Firmware/analysis/ofw-vs-jb2.rar ofw-vs-jb2.rar (4.18 MB)]
[http://www.multiupload.com/LAIIB6IMX0 ofw-vs-jb2.rar (4.18 MB)]
====EULA.xml====
====EULA.xml====
<pre> <str id="msg_updater_10">This update will install PS3 system software version 3.55, modified to support homebrew software and the disc dongle.</str> </pre>
<pre> <str id="msg_updater_10">This update will install PS3 system software version 3.55, modified to support homebrew software and the disc dongle.</str> </pre>
Line 885: Line 904:
only 1 function change, and a section added <br />
only 1 function change, and a section added <br />
sub_28fe30 is replaced <small>1)</small><br />
sub_28fe30 is replaced <small>1)</small><br />
the new section is loaded at 0x80000000007f0000 (which is where those payloads are being loaded) [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Firmware/analysis/lv2_kernel.bin lv2_kernel.bin (6.41 KB)]
the new section is loaded at 0x80000000007f0000 (which is where those payloads are being loaded) [http://www.multiupload.com/CI5XRM3FOP lv2_kernel.bin (6.41 KB)]


<small>note 1) : * ''the 28fe30 function is replaced with OFW code during exploit execution (which is why it is OFW, when there is no dongle). That 28fe30 function mounts dev_flash, so they are in control before even dev_flash loads. When lv2 loads dev_flash, the exploit is triggered which, among the things it does, is replace the function with the proper one to mount dev_flash, then branchs to it and boot continues.''</small>
<small>note 1) : * ''the 28fe30 function is replaced with OFW code during exploit execution (which is why it is OFW, when there is no dongle). That 28fe30 function mounts dev_flash, so they are in control before even dev_flash loads. When lv2 loads dev_flash, the exploit is triggered which, among the things it does, is replace the function with the proper one to mount dev_flash, then branchs to it and boot continues.''</small>
Line 920: Line 939:


== 2.1 ==
== 2.1 ==
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.1/dongle-updater.pkg TrueBlueUpdate-2.1/dongle-updater.pkg]
Dongle is released with 1.0, this PKG is used to update the dongle to 2.1
Dongle is released with 1.0, this PKG is used to update the dongle to 2.1
     SHA1: 4066FFEFD723FAF08EB84A62F4AA38180C40129C // MD5: 0200689D58FCA0FC51F7B738C33A5DC9 // CRC32: 4D72836 // CRC16: 8A62  
     SHA1: 4066FFEFD723FAF08EB84A62F4AA38180C40129C // MD5: 0200689D58FCA0FC51F7B738C33A5DC9 // CRC32: 4D72836 // CRC16: 8A62  


Unpkg/unself'ed: [http://www.multiupload.com/XC00DAHUXP dongle-updater.pkg.out.rar (2.03 MB)] <br />
Plaintext visible in the unself'ed eboot.bin : http://pastebin.com/EFQczE2r (interesting note: it used /dev_hdd0/vsh/tmp.bin as temp for the payload)<br />
Plaintext visible in the unself'ed eboot.bin : http://pastebin.com/EFQczE2r (interesting note: it used /dev_hdd0/vsh/tmp.bin as temp for the payload)<br />


Line 935: Line 953:
   002084E0  001FFFF0  EB 3B 01 F7 6F A9 CF 3C B6 EB 89 82 7D E6 7D 3B  ë;.÷o©Ï<¶ë‰‚}æ};
   002084E0  001FFFF0  EB 3B 01 F7 6F A9 CF 3C B6 EB 89 82 7D E6 7D 3B  ë;.÷o©Ï<¶ë‰‚}æ};


[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.1/TB_dongle_payload.bin TrueBlueUpdate-2.1/TB_dongle_payload.bin (2 MB)]
[http://www.multiupload.com/PFC3IZZNNN TB_dongle_payload.bin (2 MB)]
     SHA1: 43402D6FE2ECE43EBE91531EFA07C366D46DD121 // MD5: BA5AFAB174BF6003D41AC8951301B822 // CRC32: 248284D2 // CRC16: 8C78
     SHA1: 43402D6FE2ECE43EBE91531EFA07C366D46DD121 // MD5: BA5AFAB174BF6003D41AC8951301B822 // CRC32: 248284D2 // CRC16: 8C78


Line 1,418: Line 1,436:
   00000010  03 6b 2d 2c 45 d7 25 ff  aa 34 b1 a8 8b 5d a7 b3   
   00000010  03 6b 2d 2c 45 d7 25 ff  aa 34 b1 a8 8b 5d a7 b3   
   ...
   ...


== 2.2 ==
== 2.2 ==
True Blue Dongle Update v2.2 - Initial worldwide release
True Blue Dongle Update v2.2 - Initial worldwide release
    SHA1: 504D53CD6EDFA3382510CCB40CE49F802073FBD4 // MD5: A09CBCD5B3AEC31B07D974BEB4AC21FE // CRC32: 82F977CC // CRC16: 92D4


[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.2/TrueBlueUpdate-2.2.pkg TrueBlueUpdate-2.2/TrueBlueUpdate-2.2.pkg]
Unpkg/unself'ed: [http://www.multiupload.com/NUILFATYL1 TrueBlueUpdate-2.2.pkg.out.rar (1018.2 KB)] <br />
    SHA1: 504D53CD6EDFA3382510CCB40CE49F802073FBD4 // MD5: A09CBCD5B3AEC31B07D974BEB4AC21FE // CRC32: 82F977CC // CRC16: 92D4


=== Payload (2.2) ===
=== Payload (2.2) ===
Line 1,433: Line 1,452:
   0007B588  00072EF0  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â
   0007B588  00072EF0  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â


[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.2/TB_payload_2.2.bin payload2-2.bin (459.75 KB)]
[http://www.multiupload.com/KARELUPQRS payload2-2.bin (459.75 KB)]
     SHA1: 69953C9CF60E67E798A22C1016ABCB44A1D42CDF // MD5: F0826BA059B352BC6100647DB7EFDE5F // CRC32: 4B3C2132 // CRC16: 8181
     SHA1: 69953C9CF60E67E798A22C1016ABCB44A1D42CDF // MD5: F0826BA059B352BC6100647DB7EFDE5F // CRC32: 4B3C2132 // CRC16: 8181


Line 2,229: Line 2,248:


== 2.3 ==
== 2.3 ==
True Blue Dongle Update v2.3 - [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.3/TrueBlueUpdate-2.3.pkg /TrueBlueUpdate-2.3/TrueBlueUpdate-2.3.pkg]
True Blue Dongle Update v2.3 - [http://www.multiupload.com/S5S9X4UON0 TrueBlueUpdate-2.3.zip (546.29 KB)]
* Fixed games requiring "BD Mirror"
* Fixed games requiring "BD Mirror"
* True Blue firmware version is now displayed on the XMB "System Information" screen
* True Blue firmware version is now displayed on the XMB "System Information" screen
Line 2,236: Line 2,255:


<!--// The 'True Blue' team again comes thru with more support, this time with another update (v2.3), which was developed after the team was contacted by 'Paradox' in regard to problems with some of the latest games like 'Modern Warfare 3', and up-coming releases and patches, after some brain-storming and figuring out the compatibility problems the 'True Blue' team has now released the v2.3 update which will be required for all 'future' PS3 games released. //-->
<!--// The 'True Blue' team again comes thru with more support, this time with another update (v2.3), which was developed after the team was contacted by 'Paradox' in regard to problems with some of the latest games like 'Modern Warfare 3', and up-coming releases and patches, after some brain-storming and figuring out the compatibility problems the 'True Blue' team has now released the v2.3 update which will be required for all 'future' PS3 games released. //-->
Unpkg/unself'ed: [http://www.multiupload.com/FHT635SH7W TrueBlueUpdate-2.3.pkg.out.rar (1022.45 KB)] <br />


=== Payload (2.3) ===
=== Payload (2.3) ===
Line 2,245: Line 2,265:
   0007BD88  000736F0  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â
   0007BD88  000736F0  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â


[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.3/payload_2.3.bin payload_2.3.bin (461.75 KB)]
[http://www.multiupload.com/F0OVXTV2UV payload_2.3.bin (461.75 KB)]
   SHA1: DD8C3302F5F2394B2A0D907DE972AFB8E94DB0B5 // MD5: 7E4C3C6D7BA24375D3BE83074D882E0A // CRC32: 7D748CE8 // CRC16: 4A3B
   SHA1: DD8C3302F5F2394B2A0D907DE972AFB8E94DB0B5 // MD5: 7E4C3C6D7BA24375D3BE83074D882E0A // CRC32: 7D748CE8 // CRC16: 4A3B


Line 2,274: Line 2,294:


== 2.4 ==
== 2.4 ==
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.4/TrueBlueUpdate-2.4.pkg TrueBlueUpdate-2.4/TrueBlueUpdate-2.4.pkg]
[http://www.multiupload.com/8D38XV8KFK TrueBlueUpdate-2.4.zip (704.48 KB)]
 
Unpkg/unself'ed: [http://www.multiupload.com/5TA80L7I8V UP0001-TRUEBLUE4_00-0000000000000000.rar (1.31 MB)]
 
=== Payload (2.4) ===
=== Payload (2.4) ===
located in unself'ed eboot.bin @ offset:
located in unself'ed eboot.bin @ offset:
Line 2,283: Line 2,306:
   000A3620  0009AEFF  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â
   000A3620  0009AEFF  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â


[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.4/payload_2.4.bin payload_2.4.bin (619.75 KB)]
[http://www.multiupload.com/0F9906NKSO payload_2.4.bin (619.75 KB)]
   SHA1: C062057BFBE4A0DF6C6C6E1B33C7561BC859C23F // MD5: 69FC4CE04DD4255A0BEEF4C2168F0AB0 // CRC32: 1C9EE18 // CRC16: 85DE
   SHA1: C062057BFBE4A0DF6C6C6E1B33C7561BC859C23F // MD5: 69FC4CE04DD4255A0BEEF4C2168F0AB0 // CRC32: 1C9EE18 // CRC16: 85DE


IDA DB: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.4/EBOOT_SHT_fixed.i64 EBOOT_SHT_fixed.i64 (3.01 MB)]
IDA DB: [http://www.multiupload.com/2GBP8AY2NF EBOOT_SHT_fixed.i64 (3.01 MB)]
 
== 2.5 ==
=== Payload (2.5) ===
start: 8600, end: 63e00, size: 5b800
 
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.5/EBOOT,BIN.elf TrueBlueUpdate-2.5/EBOOT,BIN.elf]
 
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.5/update_data_2.5.bin TrueBlueUpdate-2.5/update_data_2.5.bin]
 
== 2.61 ==
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.61/TrueBlueUpdate-2.61.pkg TrueBlueUpdate-2.61.pkg]
=== Payload (2.61) ===
located in unself'ed eboot.bin @ offset:
 
  Offset(h)  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00008768  00000000  E4 C7 60 B6 E3 77 C2 89 B3 71 1D 06 EE 4C DF F7  äÇ`¶ãw‰³q..îLß÷
    ...
  00066F58  0005E7F0  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â
 
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.61/payload_2.61.bin payload_2.61.bin (378 KB)]
  SHA1: 7CEA46601B717912D6A434CA2C164E0A9B890825 // MD5: 1114BC3061581FC592A3797B340FD545 // CRC32: B66F50FD // CRC16: B685
 
IDA DB: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.61/TrueBlueUpdate-2.61.idc TrueBlueUpdate-2.61.idc (203 KB)]
 
== 2.62 ==
=== Payload (2.62) ===
located in unself'ed eboot.bin @ offset:
 
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00000000  E0 AE 1B 14 9D 24 05 8A D0 BB 65 D8 7F CC 1C 24  à®...$.ŠÐ»eØ.Ì.$
    ...
  0005E7F0  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â
 
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.62/payload_2.62.bin payload_2.62.bin (378 KB)]
  SHA1: C5D37456FD5E59CFB648C82BBBE3FD95875E7C49 // MD5: 870C58F2CEC6BDB0ACF43EDD459ECD1C // CRC32: 35B2B2CA // CRC16: E3DE
 
== 2.7 ==
=== Payload (2.7) ===
located in unself'ed eboot.bin @ offset:
 
  Offset(h)  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  000087c8  00000000  E0 AE 1B 14 9D 24 05 8A D0 BB 65 D8 7F CC 1C 24  à®...$.ŠÐ»eØ.Ì.$
    ...
  00067fc8  0005F7F0  D9 5A C0 45 E8 78 E6 C6 16 0A 98 10 1B CA 52 3B  ÙZÀEèxæÆ..˜..ÊR;
 
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.7/TB_payload_27.bin TB_payload_27.bin (382 KB)]
  SHA1: 107A4E37471D58E79B6F8A884FF09DD3A5F83DD0 // MD5: 495970F92139F966BF78E43509BB7C38 // CRC32: FBA0FCEB // CRC16: AD81
 
 
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)