Editing ReDRM / Piracy dongles

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
{{Wikify}}
[[Category:Software]][[Category:Hardware]]
=Description=
=Description=
TrueBlue dongles are USB dongles for the PS3 which enable custom firmware 'special' functionality to launch resigned game backups. These dongles are themselves a form of DRM, as the particular format of these backups will not work without the TB dongle. Contentdisc's contain fself'ed eboot.bin's. <br />
Dongle is DRM to make sure you have the dongle, the firmware 'special' functionality will not work without it.
Hardware-wise, there are many similarities with [[PS3Cobra_Payload_Reverse_Engineering#Hardware_Dongle|PS3Cobra]]
Contentdisc's contain fself'ed eboot.bin's. <br />
Hardwarewise, there are many simularities with [[PS3Cobra_Payload_Reverse_Engineering#Hardware_Dongle|PS3Cobra]]


== Clarifications ==
== Debunking ==
* '''If the content works with the dongle, that means the original content also works (without the dongle) if resigned for Firmware v3.55!'''
* '''If the content works with the dongle, that means the original content if resigned for 3.55 also works (without the dongle)!'''
* TrueBlue dongles/firmware do not support PSN (OFW and [[KaKaRoTo Kind of ´Jailbreak´]] do)
* No PSN (OFW and [[KaKaRoTo Kind of ´Jailbreak´]] do)
* Special features for PS Vita are not usable (OFW and [[KaKaRoTo Kind of ´Jailbreak´]] can)
* It does not play 3.6x+/3.7x+ original content (it does not have the keys for it).
* TrueBlue cannot play Firmware 3.6x+/3.7x+/4.x+ original content (it does not have the keys for it).
* It can only play such content which is re-encrypted/resigned with their donglekey.
* It can only play such content which is re-encrypted/resigned with the key supported by the dongle.
** Such content will be limited to those already decryptable and debug eboot.bin's.
** Such content was limited to already decryptable and debug eboot.bin's.
*** At this moment, only a few (15) titles in the wild released:
*** Titles in the wild were almost entirely released by PARADOX (patches) & PARADiSO (full pirated releases) between November 2011 and June 2012 - with groups like BORG and EHRGEIZ appearing from May through June of 2012. There was also lighttake, which sold full pre-patched pirated Blu-ray discs. It seems possible that they were involved in the TrueBlue production/distribution. Profiting from or otherwise receiving money for re-applying DRM could likely be considered a scam.
**** all by PARADOX (patches)/PARADiSO (full pirated releases) and lighttake that sells full prepatched pirated BD-discs, which makes it seem they are into the money/DRM scam or otherwise profiting from releasing for it.<!--//
*** No public tools exist for 'converting' to TB format (re-encrypting/resigning) - making TB dongle users completely dependent on warez release groups like PARADOX/PARADiSO/BORG/EHRGEIZ.
Alice_Madness_Returns_EBOOT_PATCH_TB_PS3-PARADOX / Alice_Madness_Returns_TB_PS3-PARADiSO
* Content for Firmware v3.55 and lower still works (after all, its just a MFW 3.55) - with some exceptions (in some cases it will even brick the dongle when running certain pieces of homebrew).
Bleach_Soul_Resurreccion_EBOOT_PATCH_TB_PS3-PARADOX / Bleach_Soul_Resurreccion_TB_PS3-PARADiSO
* Needs the MFW (and cannot work on OFW's, that is why there is no 'power/eject trick')
Cabelas_Big_Game_Hunter_2012_EBOOT_PATCH_TB_PS3-PARADOX
* Cannot be used for downgraded consoles (which rely on lv1 syscon hashcheck patches)
Captain_America_Super_Soldier_TB_PS3-PARADiSO
* If you are using special firmware now, they will not be compatible with this one. e.g. Incompatible with:
Catherine_TB_PS3-PARADiSO
Dark_Souls_EBOOT_PATCH_TB_PS3-PARADOX / Dark_Souls_TB_PS3-PARADiSO
Dragon_Ball_Z_Ultimate_Tenkaichi_TB_PS3-PARADiSO
Dirt_3_EBOOT_PATCH_TB_PS3-PARADOX / Dirt 3 WORKING TB READNFO PS3-PARADOX
Dynasty_Warriors_Gundam_3_TB_PS3_PARADiSO
F.E.A.R.3_TB_PS3-PARADiSO
GoldenEye_007_Reloaded_EBOOT_PATCH_TB_PS3-PARADOX
NBA_2K12_EBOOT_PATCH_TB_PS3-PARADOX
Need_For_Speed_The_Run_TB_PS3-PARADiSO
Portal_2_EBOOT_PATCH_TB_PS3-PARADOX / Portal 2 WORKING TB READ NFO PS3-PARADOX
Rage WORKING TB READ NFO PS3-PARADOX
Shadows_of_the_Damned_EBOOT_PATCH_TB_PS3-PARADOX
Supremacy_MMA_EBOOT_PATCH_TB_PS3-PARADOX
'Cabela's Big Game',
//-->
** no public tools exist for 'converting' to TB format (re-encryption/resigning) - making you completely dependant of releasegroups like PARADOX/PARADiSO.
* Content for 3.55 and lower still work (after all, its just a MFW 3.55) - with some exceptions (in some cases it will even brick the dongle when running those homebrew)
* Needs the MFW (and cannot work on OFW's, that is why there is 'no power/eject trick')
* If you are using special firmwares now, they will not be compatible with this one. e.g. Incompatible with:
** OtherOS++
** OtherOS++
** Proper MFW's
** Proper MFW's
Line 256: Line 275:
CLK for Actel <br />
CLK for Actel <br />
==== AMS1117  2.851049 - Low Dropout Linear Regulator ====
==== AMS1117  2.851049 - Low Dropout Linear Regulator ====
Datasheet:  
Datasheet: http://www.sltdigital.com/product/product_pdf/AMS1117.pdf / http://home1.cyber-labo.co.jp/board/goods/pdf/AMS1117.pdf <br />
* https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Datasheets/AMS1117-.pdf
* https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Datasheets/AMS1117.pdf<!--// http://www.sltdigital.com/product/product_pdf/AMS1117.pdf / http://home1.cyber-labo.co.jp/board/goods/pdf/AMS1117.pdf //--> <br />
[[:File:AMS1117 - SOT-223.png]]
[[:File:AMS1117 - SOT-223.png]]


Line 284: Line 301:
|-
|-
|}
|}
==== Winbond 25X16AVSIG (SPI Flash 16Mbit) ====
{{Template:Winbond 25X16AVSIG}}
====Test Points====
<div style="float:right">[[File:Psjb2-Trueblue-TESTPOINTS.jpg|200px|thumb|left|PSJB2/TrueBlue - Testpoints to Winbond SPI flash]]<br /></div>
There are test points on the dongle that provice full pin access to the Winbond chip, be careful soldering to them since it is easy to pull off a test point.<br>
== Dongle 2.0 ==
Supposed to be massproduced instead of manually soldered like the 1.0 dongle. Not seen in the wild yet.
== Dongle Clones ==
=== Jb2usb ===
<table width="100%" align="left"><tr>
<td align="left">[[File:Jb2usb1.jpg|200px|thumb|left|Jb2usb clone dongle overview]]</td>
<td align="left">[[File:Jb2usb2.jpg|200px|thumb|left|Jb2usb clone dongle board]]</td></tr></table>
<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
=== JB-King ===
* JB-King is a "copy-cat" clone by dongle makers in China. (some have claimed by the makers of PS3Go). Its poetic, piracy and theft of the "intellectual property" of pirates and thieves.
<gallery>
File:Jb-king-front.jpg|JB-King clone dongle front
File:JB-King BACK.jpg|JB-King clone dongle - BACK
File:JB-King_Dongle_Abkarino_DVD4Arab_01.png|tb-king clone dongle overview
File:JB-King_Dongle_Abkarino_DVD4Arab_02.png|tb-king clone dongle board
File:JBKing-1.jpg
File:JBKing-2.jpg
</gallery>
=== Components ===


==== Winbond 25X16AVSIG (SPI Flash 16Mbit) ====
==== Winbond 25X16AVSIG (SPI Flash 16Mbit) ====
<div style="float:right">[[File:W25X16A - SOIC-8.png|200px|thumb|left|8-pin TSSOP<br />Winbond 25X16A<br />SOIC-8 pinout]]
<div style="float:right">[[File:W25X16A - SOIC-8.png|200px|thumb|left|8-pin TSSOP<br />Winbond 25X16A<br />SOIC-8 pinout]]
<br /></div>
<br />[[File:Psjb2-Trueblue-TESTPOINTS.jpg|200px|thumb|left|PSJB2/TrueBlue - Testpoints to Winbond SPI flash]]</div>
<pre>W - Winbond
<pre>W - Winbond
25X - SPI Flash with 4KB sectors/64Kbyte blocks, dual output
25X - SPI Flash with 4KB sectors/64Kbyte blocks, dual output
Line 328: Line 312:
I - Temperature Range: Industrial (-40'C ~ 85'C)
I - Temperature Range: Industrial (-40'C ~ 85'C)
G - Environment: Green Package (Lead-free, RoHS Compliant, Halogen-free (TBBA), Antimony-Oxie-free)</pre>
G - Environment: Green Package (Lead-free, RoHS Compliant, Halogen-free (TBBA), Antimony-Oxie-free)</pre>
datasheet: [http://www.winbond.com/NR/rdonlyres/C6366616-2CB7-49F8-A1F9-3BC363DF9480/0/W25X16A.pdf W25X16A.pdf (1.3 MB)] / https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/Datasheets/W25X16A.pdf <br />
datasheet: [http://www.multiupload.com/P2833U5SOW W25X16A.pdf (1.3 MB)] <br />
Note: can use [http://blog.hodgepig.org/busninja/ Bus Ninja] or [http://flashrom.org/Bus_Pirate Bus Pirate] and [http://flashrom.org/Flashrom FlashROM] - <abbr title="In-System Programming (ISP)">ISP</abbr> is possible, so long as no other devices on the SPI bus are trying to access the device (in that case, you might want to cut Vcc to the FPGA or the regulator for it).  
Note: can use [http://blog.hodgepig.org/busninja/ Bus Ninja] or [http://flashrom.org/Bus_Pirate Bus Pirate] and [http://flashrom.org/Flashrom FlashROM] - <abbr title="In-System Programming (ISP)">ISP</abbr> is possible, so long as no other devices on the SPI bus are trying to access the device (in that case, you might want to cut Vcc to the FPGA or the regulator for it).  


Line 353: Line 337:
|}
|}


====Test Points====
== Dongle 2.0 ==
<br>
Supposed to be massproduced instead of manually soldered like the 1.0 dongle. Not seen in the wild yet.
<div style="float:right">[[File:Psjb2-Trueblue-TESTPOINTS.jpg|200px|thumb|left|PSJB2/TrueBlue - Testpoints to Winbond SPI flash]]</div>
 
<br>
== Dongle Clones ==
... :P
 
= Downloads =
== First release (1.0/2.1) ==
* MFW: [http://www.multiupload.com/O7SP26A83E Jailbreak2.CFW.rar (172.34 MB)]<!--//http://www.filesonic.nl/file/2688912531/Jailbreak2.CFW.zip (password: whyudie)//-->
** Alternative FW compatible with the PSJB2/TrueBlue dongle DRM lock-in : [http://rebug.me REBUG 3.55.2 TB EDITION]
* Dongle Updater v2.1: [http://www.multiupload.com/9YPQX47G7F JB2.Dongle.Updater.rar (2.1 MB)]<!--//http://www.filesonic.nl/file/2689038911/JB2.Dongle.Updater.zip (password: whyudie)//-->
== Update 2.2 ==
* Dongle Updater v2.2: [http://www.multiupload.com/QU4XVYD4CF TrueBlueUpdate2_2.zip (544.2 KB)]


==== STM32 F103C8T6 : U2 ====
== FW Info (1.0/2.1) ==
U2 <br />
<pre>PS3 System Software
datasheet: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Datasheets/stm32_f103c8t6.pdf stm32_f103c8t6.pdf (1.38 MB)]
 
===== Pinout STM32 F103C8T6 LQFP48 =====
MFW 3.55-Dongle (Jailbreak2.CFW)
<div style="float:right">[[File:STM32 F103C8T6 - LQFP48.png|200px|thumb|left|STMicroelectronics STM32 F103C8T6 - LQFP48 package]]</div>
filedate: juli 13 2011 2:08:58
<div style="height:250px; overflow:auto">
174639 KB
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;"
MD5: 43C522F8897D77B6165F95BCF3409090
|- bgcolor="#cccccc"
SHA1: A64B010DB98996C7E53768D37D4D346F271D5950
! Pin !! Function !! Notes
CRC32: A32FDD1D
|-
CRC16: 6420
| 1 || VBAT ||
HMAC_SHA1: 0x88EF9FEB9BB80ABE7CF68EB3BD76148F7AD6230C
|-
 
| 2 || PC13-TAMPER-RTC ||
Remarks: needs JB2 dongle as DRM</pre>
|-
 
| 3 || PC14-OSC32_IN ||
<pre>PUP file information
|-
Package version: 1
| 4 || PC15-OSC32_OUT ||
Image version: 47517
|-
File count: 7
| 5 || PD0-OSC_IN ||
Header length: 528
|-
Data length: 178829542
| 6 || PD1-OSC_OUT ||
PUP file hash : 88EF9FEB9BB80ABE7CF68EB3BD76148F7AD6230C
|-
File 0
| 7 || NRST ||
Entry id: 0x100
|-
Filename : version.txt
| 8 || VSSA ||
Data offset: 0x210
|-
Data length: 13
| 9 || VDDA ||
File hash : 8E533875E1B43B6CBAF5E91663EB7554107B5509
|-
File 1
| 10 || PA0-WKUP ||
Entry id: 0x101
|-
Filename : license.xml
| 11 || PA1 ||
Data offset: 0x21D
|-
Data length: 267513
| 12 || PA2 ||
File hash : B77EFE54859738385DD803E88FB5E807FF1BC6AB
|-
File 2
| 13 || PA3 ||
Entry id: 0x103
|-
Filename : update_flags.txt
| 14 || PA4 ||
Data offset: 0x41716
|-
Data length: 5
| 15 || PA5 ||
File hash : FD7C893936FDFC668922BE6D119A462111B2BBDB
|-
File 3
| 16 || PA6 ||
Entry id: 0x200
|-
Filename : ps3swu.self
| 17 || PA7 ||
Data offset: 0x4171B
|-
Data length: 5661656
| 18 || PB0 ||
File hash : C61DDE12E75C2218214700D7D49006583F1B968B
|-
File 4
| 19 || PB1 ||
Entry id: 0x201
|-
Filename : vsh.tar
| 20 || PB2 ||
Data offset: 0x5A7AF3
|-
Data length: 10240
| 21 || PB10 ||
File hash : D9B66E0D2845D71A67D76E7907AB06368CE61E08
|-
File 5
| 22 || PB11 ||
Entry id: 0x202
|-
Filename : dots.txt
| 23 || VSS_1 ||
Data offset: 0x5AA2F3
|-
Data length: 3
| 24 || VDD_1 ||
File hash : 1AA4749D0EE0D0AE937FBF73BC4B9ACD352F732A
|-
File 6
| 25 || PB12 ||
Entry id: 0x300
|-
Filename : update_files.tar
| 26 || PB13 ||
Data offset: 0x5AA2F6
|-
Data length: 172890112
| 27 || PB14 ||
File hash : 93A7A95BFCFC263DCB4A18477062FDCC72BE47A0</pre>
|-
 
| 28 || PB15 ||
=Content discs=
|-
| 29 || PA8 ||
|-
| 30 || PA9 ||
|-
| 31 || PA10 ||
|-
| 32 || PA11 ||
|-
| 33 || PA12 ||
|-
| 34 || PA13 ||
|-
| 35 || VSS_2 ||
|-
| 36 || VDD_2 ||
|-
| 37 || PA14 ||
|-
| 38 || PA15 ||
|-
| 39 || PB3 ||
|-
| 40 || PB4 ||
|-
| 41 || PB5 ||
|-
| 42 || PB6 ||
|-
| 43 || PB7 ||
|-
| 44 || BOOT0 ||
|-
| 45 || PB8 ||
|-
| 46 || PB9 ||
|-
| 47 || VSS_3 ||
|-
| 48 || VDD_3 ||
|-
|}
</div>


==== Actel ProASIC3 A3P125 - FPGA : U3 ====
== EBOOT.BIN details (1.0/2.1) ==
U3
  A3P125 = 125,000 System Gates
  blank = Speed Grade: Standard
  VQ = Package Type: Very Thin Quad Flat Pack (0.5mm pitch)
  G = Lead-Free Packaging: RoHS-Compliant (Green)
  100 = Package Lead Count : 100 pins
  blank = Security Feature : no IP license
  blank = Temperature Range: Commercial (0°C to +70°C Ambient Temperature)
128-bit AES <br />
1,024 bits of user flash memory <br />
Datasheets and usermanuals: http://www.actel.com/products/pa3/docs.aspx#ds <br />
Familyroot: http://www.actel.com/products/pa3/ <br />


===== Pinout A3P125 VQ100 =====
===SELF header===
<div style="float:right">[[File:VQ100.png|200px|thumb|left|Actel ProASIC3 A3P250 - FPGA (psjb2-Trueblue) VQ100 package]]</div>
  elf #1 offset:  00000000_00000090
<div style="height:350px; overflow:auto">
  header len:    00000000_00000a80
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;"
  meta offset:    00000000_000004a0
|- bgcolor="#cccccc"
  phdr offset:    00000000_00000040
! Pin !! Function !! Notes
  shdr offset:    00000000_002117f8
|-
  file size:      00000000_0021150c
| 1 || GND || Ground
  auth id:        10100000_01000003 (Unknown)
|-
  vendor id:      01000002
| 2 || GAA2/IO118UDB3 ||
  info offset:    00000000_00000070
|-
  sinfo offset:  00000000_00000290
| 3 || IO118VDB3 ||
  version offset: 00000000_00000390
|-
  control info:   00000000_000003c0 (00000000_00000100 bytes)
| 4 || GAB2/IO117UDB3 ||
  app version:    1.0.0
|-
  SDK type:       Devkit
| 5 || IO117VDB3 ||
  app type:       NP-DRM application
|-
 
| 6 || GAC2/IO116UDB3 ||
===Control info===
|-
  control flags:
| 7 || IO116VDB3 ||
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|-
  file digest:
| 8 || IO112PSB3 ||
    62 7c b1 80 8a b9 38 e3 2c 8c 09 17 08 72 6a 57 9e 25 86 e4
|-
    f1 95 cf a4 c0 04 0f c9 14 de 1f 9a 21 4e 10 ca 6b a6 8c 86
| 9 || GND || Ground
  NPDRM info:
|-
    magic: 4e504400
| 10 || GFB1/IO109PDB3 ||
    unk0 : 00000001
|-
    unk1 : 00000003
| 11 || GFB0/IO109NDB3 ||
    unk2 : 00000001
|-
    content_id: IV0002-NPXS00020_00-TEST000000000001
| 12 || VCOMPLF ||
    digest:    09 37 f1 32 60 b9 70 02 76 9e e4 0f 7b 10 70 0f
|-
    invdigest:  f6 c8 0e cd 9f 46 8f fd 89 61 1b f0 84 ef 8f f0
| 13 || GFA0/IO108NPB3 ||
    xordigest:  5c 62 a4 67 35 ec 25 57 23 cb b1 5a 2e 45 25 5b
|-
 
| 14 || VCCPLF ||
===Section header===
|-
    offset            size              compressed unk1    unk2    encrypted
| 15 || GFA1/IO108PPB3 ||
    00000000_00000a80  00000000_00209dc0 [NO ]      00000000 00000000 [NO ]
|-
    00000000_00210a80  00000000_000005b0 [NO ]      00000000 00000000 [NO ]
| 16 || GFA2/IO107PSB3 ||
    00000000_00211030  00000000_00000000 [NO ]      00000000 00000000 [NO ]
|-
    00000000_00211030  00000000_00000000 [NO ]      00000000 00000000 [NO ]
| 17 || VCC ||
    00000000_00211030  00000000_00000000 [NO ]      00000000 00000000 [NO ]
|-
    00000000_00210df8  00000000_00000004 [NO ]      00000000 00000000 [N/A]
| 18 || VCCIB3 ||
    00000000_0020a7e0  00000000_00000020 [NO ]      00000000 00000000 [N/A]
|-
    00000000_0020a800  00000000_00000040 [NO ]      00000000 00000000 [N/A]
| 19 || GFC2/IO105PSB3 ||
 
|-
===Encrypted Metadata===
| 20 || GEC1/IO100PDB3 ||
  no encrypted metadata in fselfs.
|-
 
| 21 || GEC0/IO100NDB3 ||
===ELF header===
|-
  type:                                Executable file
| 22 || GEA1/IO98PDB3 ||
  machine:                              PowerPC64
|-
  version:                              1
| 23 || GEA0/IO98NDB3 ||
  phdr offset:                          00000000_00000040
|-
  shdr offset:                          00000000_00210e08
| 24 || VMV3 ||
  entry:                                00000000_002200f0
|-
  flags:                                00000000
| 25 || GNDQ || Ground
  header size:                          00000040
|-
  program header size:                  00000038
| 26 || GEA2/IO97RSB2 ||
  program headers:                      8
|-
  section header size:                  00000040
| 27 || GEB2/IO96RSB2 ||
  section headers:                      28
|-
  section header string table index:    27
| 28 || GEC2/IO95RSB2 ||
 
|-
 
| 29 || IO93RSB2 ||
= Content Releases =
|-
 
| 30 || IO92RSB2 ||
== Paradox TB ==
|-
Note: Releases seen in the wild are full BD content prepatched for TrueBlue. We are only interested in documenting/reversing, so please don't post full links (only stripped).
| 31 || IO91RSB2 ||
* [http://www.multiupload.com/9A4DXVTXX9 portal_2_BLUS30732_TB.rar (78.04 MB)]
|-
 
| 32 || IO90RSB2 ||
=== EBOOT.BIN details ===
|-
...
| 33 || IO88RSB2 ||
 
|-
=FW analysis=
| 34 || IO86RSB2 ||
== FW Changes (1.0/2.1) ==
|-
Compared to OFW 3.55:
| 35 || IO85RSB2 ||
[http://www.multiupload.com/LAIIB6IMX0 ofw-vs-jb2.rar (4.18 MB)]
|-
====EULA.xml====
| 36 || IO84RSB2 ||
<pre> <str id="msg_updater_10">This update will install PS3 system software version 3.55, modified to support homebrew software and the disc dongle.</str> </pre>
|-
====Version.txt====
| 37 || VCC ||
<pre>3.55-Dongle</pre>
|-
 
| 38 || GND || Ground
===CORE_OS_PACKAGE.pkg===
|-
====lv1.self====
| 39 || VCCIB2 ||
One patch to lv1_map_htab (lv1 undocumented function 114) to allow for RW mapping of all RAM. So who knows how many other lv1 patches are done at runtime.
|-
 
| 40 || IO77RSB2 ||
<pre>
|-
file
| 41 || IO74RSB2 ||
        Offset(h) 00 01 02 03
|-
  OFW:  000F5A44  39 20 00 00  li  r9,0
| 42 || IO71RSB2 ||
  TB:  000F5A44  39 20 00 01  li  r9,1
|-
</pre>
| 43 || GDC2/IO63RSB2 ||
<pre>
|-
memory
| 44 || GDB2/IO62RSB2 ||
        Offset(h) 00 01 02 03
|-
  OFW:    2d5a44  39 20 00 00  li r9,0
| 45 || GDA2/IO61RSB2 ||
  TB:    2d5a44  39 20 00 01  li r9,1
|-
</pre>
| 46 || GNDQ || Ground
 
|-
====lv2_kernel.self====
| 47 || TCK ||
http://pastie.org/private/onlbfdxjdtaddb9blu0sq <br />
|-
 
| 48 || TDI ||
only 1 function change, and a section added <br />
|-
sub_28fe30 is replaced <small>1)</small><br />
| 49 || TMS ||
the new section is loaded at 0x80000000007f0000 (which is where those payloads are being loaded) [http://www.multiupload.com/CI5XRM3FOP lv2_kernel.bin (6.41 KB)]
|-
 
| 50 || VMV2 ||
<small>note 1) : * ''the 28fe30 function is replaced with OFW code during exploit execution (which is why it is OFW, when there is no dongle). That 28fe30 function mounts dev_flash, so they are in control before even dev_flash loads. When lv2 loads dev_flash, the exploit is triggered which, among the things it does, is replace the function with the proper one to mount dev_flash, then branchs to it and boot continues.''</small>
|-
 
| 51 || GND || Ground
===dev_flash_010.tar.aa.2010_11_27_051337===
|-
====\dev_flash\vsh\module\nas_plugin.sprx====
| 52 || VPUMP ||
 
|-
<pre>
| 53 || NC ||
        Offset(h) 00 01 02 03
|-
  OFW:  00003250  7C 60 1B 78  mr    r0, r3
| 54 || TDO ||
  TB:  00003250  38 00 00 00  li    r0, 0
|-
</pre>
| 55 || TRST ||
<pre>
|-
        Offset(h) 00 01 02 03
| 56 || VJTAG ||
  OFW:  00037350  41 9E 00 4C  beq- cr7,4c
|-
  TB:  00037350  60 00 00 00  nop
| 57 || GDA1/IO60USB1 ||
</pre>
|-
 
| 58 || GDC0/IO58VDB1 ||
"standard pkg patches"
|-
 
| 59 || GDC1/IO58UDB1 ||
===dev_flash_016.tar.aa.2010_11_27_051337===
|-
====\dev_flash\vsh\resource\explore\xmb\category_game.xml====
| 60 || IO52NDB1 ||
 
|-
standard app_home and install package files from mfw builder.
| 61 || GCB2/IO52PDB1 ||
 
|-
http://pastie.org/private/ixsiyvycqmgmcdmv7swcsg
| 62 || GCA1/IO50PDB1 ||
 
|-
====\dev_flash\vsh\resource\explore\xmb\category_video.xml====
| 63 || GCA0/IO50NDB1 ||
netflix removed
|-
 
| 64 || GCC0/IO48NDB1 ||
http://pastie.org/private/4i02xv2onvaezfiy3i56a
|-
 
| 65 || GCC1/IO48PDB1 ||
= Dongle Updater PKG =
|-
 
| 66 || VCCIB1 ||
== 2.1 ==
Dongle is released with 1.0, this PKG is used to update the dongle to 2.1
    SHA1: 4066FFEFD723FAF08EB84A62F4AA38180C40129C // MD5: 0200689D58FCA0FC51F7B738C33A5DC9 // CRC32: 4D72836 // CRC16: 8A62
 
Unpkg/unself'ed: [http://www.multiupload.com/XC00DAHUXP dongle-updater.pkg.out.rar (2.03 MB)] <br />
Plaintext visible in the unself'ed eboot.bin : http://pastebin.com/EFQczE2r (interesting note: it used /dev_hdd0/vsh/tmp.bin as temp for the payload)<br />
 
=== Payload (2.1) ===
located in unself'ed eboot.bin @ offset:
  eboot      payload
  Offset(h)  Offset(h)  00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  000084F0  00000000  09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01  .......€ú.....þ.
    ...
  002084E0  001FFFF0  EB 3B 01 F7 6F A9 CF 3C B6 EB 89 82 7D E6 7D 3B  ë;.÷o©Ï<¶ë‰‚}æ};
 
[http://www.multiupload.com/PFC3IZZNNN TB_dongle_payload.bin (2 MB)]
    SHA1: 43402D6FE2ECE43EBE91531EFA07C366D46DD121 // MD5: BA5AFAB174BF6003D41AC8951301B822 // CRC32: 248284D2 // CRC16: 8C78
 
==== lv2 dump (2.1) ====
payload decrypted @ LV2 dump 0x7f0000
 
http://pastebin.com/3VG76HQs
 
==== descriptors (2.1) ====
 
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;"
|- bgcolor="#cccccc"
! Start Offset !! End Offset !! descriptor !! Description
|-
|-
| 67 || GND || Ground
| 00000000 || 00000FFF || 0x0 || 3.41 <!--// typical psgroove descriptors //-->
|-
|-
| 68 || VCC ||  
| 00001000 || 00001FFF || 0x1 || 3.41 <!--// typical psgroove descriptors //-->
|-
|-
| 69 || IO43NDB1 ||  
| 00002000 || 00002FFF || 0x2 || 3.41 <!--// typical psgroove descriptors //-->
|-
|-
| 70 || GBC2/IO43PDB1 ||  
| 00003000 || 00003FFF || 0x3 || 3.41 <!--// typical psgroove descriptors //-->
|-
|-
| 71 || GBB2/IO42PSB1 ||  
| 00004000 || 00007FFF || 0x4 ||
|-
|-
| 72 || IO41NDB1 ||  
| 00008000 || 00008FFF || 0x5 ||
|-
|-
| 73 || GBA2/IO41PDB1 ||  
| 00009000 || 0000BFFF || 0x6 ||
|-
|-
| 74 || VMV1 ||  
| 0000C000 || 0000CFFF || 0x7 ||  
|-
|-
| 75 || GNDQ || Ground
| 0000D000 || 0000DFFF || 0x8 ||  
|-
|-
| 76 || GBA1/IO40RSB0 ||  
| 0000E000 || 0000FFFF || 0x9 ||  
|-
|-
| 77 || GBA0/IO39RSB0 ||  
| 00010000 || 00013FFF || 0xA ||  
|-
|-
| 78 || GBB1/IO38RSB0 ||  
| 00014000 || 0001BFFF || 0xB ||  
|-
|-
| 79 || GBB0/IO37RSB0 ||  
| 0001C000 || 0001C00F || 0xC ||  
|-
|-
| 80 || GBC1/IO36RSB0 ||  
| 0001C010 || 0001C01F || 0xD ||  
|-
|-
| 81 || GBC0/IO35RSB0 ||  
| 0001C020 || 0001C03F || 0xE ||  
|-
|-
| 82 || IO29RSB0 ||  
| 0001C040 || 0001C05F || 0xF ||  
|-
|-
| 83 || IO27RSB0 ||  
| 0001C060 || 0001C06F || 0x10 ||  
|-
|-
| 84 || IO25RSB0 ||  
| 0001C070 || 0001C07F || 0x11 ||  
|-
|-
| 85 || IO23RSB0 ||  
| 0001C080 || 0001C09F || 0x12 ||  
|-
|-
| 86 || IO21RSB0 ||  
| 0001C0A0 || 001FFFFF || 0x13 ||  
|-
|-
| 87 || VCCIB0 ||  
|}
{|
|-
|-
| 88 || GND || Ground
| 000A1A80 || 000B039F || 0x14 ||
|-
|-
| 89 || VCC ||  
| 000B03A0 || 001736FF || 0x15 ||
|-
|-
| 90 || IO15RSB0 ||  
| 00173700 || 00189D5F || 0x16 ||
|-
|-
| 91 || IO13RSB0 ||  
| 00189D60 || 001FFFFF || 0x17 ||
|-
| 92 || IO11RSB0 ||
|-
| 93 || GAC1/IO05RSB0 ||
|-
| 94 || GAC0/IO04RSB0 ||
|-
| 95 || GAB1/IO03RSB0 ||
|-
| 96 || GAB0/IO02RSB0 ||
|-
| 97 || GAA1/IO01RSB0 ||
|-
| 98 || GAA0/IO00RSB0 ||
|-
| 99 || GNDQ || Ground
|-
| 100 || VMV0 ||  
|-
|-
|}
|}
</div>


==== unreferenced 5pin IC ====
  descriptor 0x0
U4
  00000000  09 02 12 00 01 00 00 80  fa 09 04 00 00 00 fe 01 
 
  00000010  02 00 00 00 00 00 00 00  fa ce b0 03 aa bb cc dd
==== unreferenced 3pin IC ====
  ...
U5
 
  descriptor 0x1
  00000000  09 02 12 00 01 00 00 80  fa 09 04 00 00 00 fe 01 
  00000010  02 00 00 00 00 00 00 00  fa ce b0 03 aa bb cc dd
  ...


==== 24.000 MHz Crystal ====
  descriptor 0x2
CLK for Actel <br />
  00000000  09 02 12 00 01 00 00 80  fa 09 04 00 00 00 fe 01 
  00000010  02 00 00 00 00 00 00 00  fa ce b0 03 aa bb cc dd
  ...


= Downloads =
  descriptor 0x3
== First release (1.0/2.1) ==
  00000000  09 02 12 00 01 00 00 80  fa 09 04 00 00 00 fe 01 
* MFW: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Firmware/Jailbreak2.CFW.rar Jailbreak2.CFW.rar (172.34 MB)]<!--//http://www.filesonic.nl/file/2688912531/Jailbreak2.CFW.zip (password: whyudie)//-->
  00000010  02 00 00 00 00 00 00 00  fa ce b0 03 aa bb cc dd
** Alternative FW compatible with the PSJB2/TrueBlue dongle DRM lock-in : [http://rebug.me REBUG 3.55.2 TB EDITION] / [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Firmware/3.55.2_TBE_Links.rar 3.55.2_TBE_Links.rar]
  ...
* Dongle Updater v2.1: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.1/dongle-updater.pkg dongle-updater.pkg (2.1 MB)]<!--//http://www.filesonic.nl/file/2689038911/JB2.Dongle.Updater.zip (password: whyudie)//-->


== Update 2.2 ==
  descriptor 0x4
* Dongle Updater v2.2: https://web.archive.org/web/*/http://ps3devwiki.com/files/TrueBlue/Updates/TrueBlueUpdate-2.2/
  00000000  09 02 16 00 01 01 00 80  01 09 04 00 00 00 fe 01 
  00000010  02 00 04 21 b4 2f fe b1  b2 11 81 84 f8 81 2e 2f
  ...


== FW Info (1.0/2.1) ==
  descriptor 0x5
<pre>PS3 System Software
  00000000  09 02 4d 0a 01 01 00 80  01 09 04 00 00 00 fe 01 
    
   00000010  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
MFW 3.55-Dongle (Jailbreak2.CFW)
  00000020  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
filedate: juli 13 2011 2:08:58
  00000030  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
174639 KB
  00000040  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
MD5: 43C522F8897D77B6165F95BCF3409090
  00000050  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
SHA1: A64B010DB98996C7E53768D37D4D346F271D5950
  00000060  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
CRC32: A32FDD1D
  00000070  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
CRC16: 6420
  00000080  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
HMAC_SHA1: 0x88EF9FEB9BB80ABE7CF68EB3BD76148F7AD6230C
  00000090  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
 
  000000a0  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
Remarks: needs JB2 dongle as DRM</pre>
  000000b0  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
 
  000000c0  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
<pre>PUP file information
  000000d0  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
Package version: 1
  000000e0  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
Image version: 47517
  000000f0  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
File count: 7
  00000100  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
Header length: 528
  00000110  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
Data length: 178829542
  00000120  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
PUP file hash : 88EF9FEB9BB80ABE7CF68EB3BD76148F7AD6230C
  00000130  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
File 0
  00000140  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
Entry id: 0x100
  00000150  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
Filename : version.txt
  00000160  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
Data offset: 0x210
  00000170  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
Data length: 13
  00000180  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
File hash : 8E533875E1B43B6CBAF5E91663EB7554107B5509
  00000190  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
File 1
  000001a0  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
Entry id: 0x101
  000001b0  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
Filename : license.xml
  000001c0  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
Data offset: 0x21D
  000001d0  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
Data length: 267513
  000001e0  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
File hash : B77EFE54859738385DD803E88FB5E807FF1BC6AB
  000001f0  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
File 2
  00000200  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
Entry id: 0x103
  00000210  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
Filename : update_flags.txt
  00000220  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
Data offset: 0x41716
  00000230  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
Data length: 5
  00000240  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
File hash : FD7C893936FDFC668922BE6D119A462111B2BBDB
  00000250  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
File 3
  00000260  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
Entry id: 0x200
  00000270  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
Filename : ps3swu.self
  00000280  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
Data offset: 0x4171B
  00000290  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
Data length: 5661656
  000002a0  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
File hash : C61DDE12E75C2218214700D7D49006583F1B968B
  000002b0  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
File 4
  000002c0  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
Entry id: 0x201
  000002d0  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
Filename : vsh.tar
  000002e0  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
Data offset: 0x5A7AF3
  000002f0  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
Data length: 10240
  00000300  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
File hash : D9B66E0D2845D71A67D76E7907AB06368CE61E08
  00000310  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
File 5
  00000320  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
Entry id: 0x202
  00000330  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
Filename : dots.txt
  00000340  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
Data offset: 0x5AA2F3
  00000350  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
Data length: 3
  00000360  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
File hash : 1AA4749D0EE0D0AE937FBF73BC4B9ACD352F732A
  00000370  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
File 6
  00000380  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
Entry id: 0x300
  00000390  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
Filename : update_files.tar
  000003a0  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
Data offset: 0x5AA2F6
  000003b0  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
Data length: 172890112
  000003c0  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
File hash : 93A7A95BFCFC263DCB4A18477062FDCC72BE47A0</pre>
  000003d0  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
 
  000003e0  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
== JBKing 1.5 update ==
  000003f0  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
http://www.ps3hax.net/2012/03/finally-jb-king-cracks-v2-5-update/
  00000400  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
 
  00000410  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/JBKing/Updates/JBKing%202.5/
  00000420  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
 
  00000430  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
=Content discs=
  00000440  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
 
  00000450  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
== EBOOT.BIN details (1.0/2.1) ==
  00000460  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
 
  00000470  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
===SELF header===
  00000480  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
  elf #1 offset: 00000000_00000090
  00000490  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
  header len:    00000000_00000a80
  000004a0  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  meta offset:   00000000_000004a0
  000004b0  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  phdr offset:   00000000_00000040
  000004c0  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
  shdr offset:   00000000_002117f8
  000004d0  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  file size:      00000000_0021150c
  000004e0  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
  auth id:        10100000_01000003 (Unknown)
  000004f0  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
  vendor id:      01000002
  00000500  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
  info offset:   00000000_00000070
  00000510  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  sinfo offset:  00000000_00000290
  00000520  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  version offset: 00000000_00000390
  00000530  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  control info:  00000000_000003c0 (00000000_00000100 bytes)
  00000540  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  app version:   1.0.0
  00000550  04 00 00 00 fe 01 02 00  00 fe 01 02 00 09 04 00 
  SDK type:      Devkit
  00000560  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  app type:      NP-DRM application
  00000570  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
 
  00000580  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00  
===Control info===
  00000590  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  control flags:
   000005a0  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
   000005b0  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
  file digest:
   000005c0  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
    62 7c b1 80 8a b9 38 e3 2c 8c 09 17 08 72 6a 57 9e 25 86 e4
  000005d0  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
    f1 95 cf a4 c0 04 0f c9 14 de 1f 9a 21 4e 10 ca 6b a6 8c 86
  000005e0  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
  NPDRM info:
  000005f0  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
    magic: 4e504400
   00000600  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
    unk0 : 00000001
  00000610  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
    unk1 : 00000003
  00000620  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
    unk2 : 00000001
  00000630  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
    content_id: IV0002-NPXS00020_00-TEST000000000001
   00000640  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
    digest:    09 37 f1 32 60 b9 70 02 76 9e e4 0f 7b 10 70 0f
  00000650  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
    invdigest: f6 c8 0e cd 9f 46 8f fd 89 61 1b f0 84 ef 8f f0
  00000660  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
    xordigest: 5c 62 a4 67 35 ec 25 57 23 cb b1 5a 2e 45 25 5b
  00000670  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
 
  00000680  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
===Section header===
  00000690  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
    offset            size              compressed unk1    unk2    encrypted
  000006a0  01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
    00000000_00000a80 00000000_00209dc0 [NO ]      00000000 00000000 [NO ]
  000006b0  00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 
    00000000_00210a80 00000000_000005b0 [NO ]      00000000 00000000 [NO ]
  000006c0  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
    00000000_00211030 00000000_00000000 [NO ]      00000000 00000000 [NO ]
  000006d0  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
    00000000_00211030 00000000_00000000 [NO ]      00000000 00000000 [NO ]
  000006e0  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
    00000000_00211030 00000000_00000000 [NO ]      00000000 00000000 [NO ]
  000006f0  00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 
    00000000_00210df8 00000000_00000004 [NO ]      00000000 00000000 [N/A]
  00000700  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
    00000000_0020a7e0 00000000_00000020 [NO ]      00000000 00000000 [N/A]
  00000710  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
    00000000_0020a800 00000000_00000040 [NO ]      00000000 00000000 [N/A]
  00000720  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
 
  00000730  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
===Encrypted Metadata===
  00000740  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
  no encrypted metadata in fselfs.
  00000750  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
 
  00000760  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
===ELF header===
  00000770  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02  
  type:                                Executable file
  00000780  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00  
  machine:                              PowerPC64
  00000790  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
  version:                              1
  000007a0  00 09 04 00 00 00 fe 01  00 00 00 fe 01 02 00 09 
  phdr offset:                          00000000_00000040
  000007b0  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  shdr offset:                          00000000_00210e08
  000007c0  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00  
  entry:                                00000000_002200f0
  000007d0  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09  
  flags:                                00000000
  000007e0  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02  
  header size:                          00000040
  000007f0  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe  
  program header size:                  00000038
  00000800  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04  
  program headers:                      8
  00000810  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00  
  section header size:                  00000040
  00000820  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01  
  section headers:                      28
  00000830  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00  
  section header string table index:   27
  00000840  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
 
  00000850  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
 
  00000860  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
= Content Releases =
  00000870  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
 
  00000880  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
== Paradox TB ==
  00000890  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
Note: Releases seen in the wild are full BD content prepatched for TrueBlue. We are only interested in documenting/reversing, so please don't post full links (only stripped).
  000008a0  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
* [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Patches/portal_2_BLUS30732_TB.rar portal_2_BLUS30732_TB.rar (78.04 MB)]
  000008b0  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
 
  000008c0  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
=== EBOOT.BIN details ===
  000008d0  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
...
  000008e0  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
 
  000008f0  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
=FW analysis=
  00000900  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
== FW Changes (1.0/2.1) ==
  00000910  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
Compared to OFW 3.55:
  00000920  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Firmware/analysis/ofw-vs-jb2.rar ofw-vs-jb2.rar (4.18 MB)]
  00000930  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
====EULA.xml====
  00000940  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
<pre> <str id="msg_updater_10">This update will install PS3 system software version 3.55, modified to support homebrew software and the disc dongle.</str> </pre>
   00000950  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
====Version.txt====
  00000960  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
<pre>3.55-Dongle</pre>
  00000970  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
  00000980  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
  00000990  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  000009a0  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  000009b0  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  000009c0  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  000009d0  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
  000009e0  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
  000009f0  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
  00000a00  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  00000a10  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  00000a20  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  00000a30  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
  00000a40  00 fe 01 02 00 09 04 00  00 00 fe 01 02 88 37 f5 
  00000a50  49 4f df 9c 28 32 2f f0  14 cd 27 47 6a 23 81 75 
  ...


===CORE_OS_PACKAGE.pkg===
  descriptor 0x6
====lv1.self====
  0000000 09 02 4d 0a 01 01 00 80 01 09 04 00 00 00 fe 01
One patch to lv1_map_htab (lv1 undocumented function 114) to allow for RW mapping of all RAM. So who knows how many other lv1 patches are done at runtime.
  0000010 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
 
  0000020 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
<pre>
  0000030 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
file
  0000040 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
        Offset(h) 00 01 02 03
  0000050 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  OFW:  000F5A44  39 20 00 00 li  r9,0
  0000060 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  TB:  000F5A44  39 20 00 01  li  r9,1
  0000070 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
</pre>
  0000080 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
<pre>
  0000090 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
memory
  00000a0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
        Offset(h) 00 01 02 03
  00000b0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  OFW:   2d5a44  39 20 00 00 li r9,0
  00000c0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  TB:    2d5a44  39 20 00 01 li r9,1
  00000d0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
</pre>
  00000e0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
 
  00000f0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
====lv2_kernel.self====
  0000100 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
http://pastie.org/private/onlbfdxjdtaddb9blu0sq <br />
  0000110 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
 
  0000120 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
only 1 function change, and a section added <br />
  0000130 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
sub_28fe30 is replaced <small>1)</small><br />
   0000140 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
the new section is loaded at 0x80000000007f0000 (which is where those payloads are being loaded) [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Firmware/analysis/lv2_kernel.bin lv2_kernel.bin (6.41 KB)]
  0000150 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
 
  0000160 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
<small>note 1) : * ''the 28fe30 function is replaced with OFW code during exploit execution (which is why it is OFW, when there is no dongle). That 28fe30 function mounts dev_flash, so they are in control before even dev_flash loads. When lv2 loads dev_flash, the exploit is triggered which, among the things it does, is replace the function with the proper one to mount dev_flash, then branchs to it and boot continues.''</small>
  0000170 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
 
  0000180 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
===dev_flash_010.tar.aa.2010_11_27_051337===
  0000190 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
====\dev_flash\vsh\module\nas_plugin.sprx====
  00001a0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
 
  00001b0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
<pre>
  00001c0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
        Offset(h) 00 01 02 03
  00001d0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
   OFW:  00003250  7C 60 1B 78  mr   r0, r3
  00001e0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
   TB:  00003250  38 00 00 00 li   r0, 0
  00001f0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
</pre>
  0000200 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
<pre>
  0000210 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
        Offset(h) 00 01 02 03
  0000220 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
   OFW:  00037350  41 9E 00 4C  beq-  cr7,4c
  0000230 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
   TB:  00037350  60 00 00 00 nop
  0000240 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
</pre>
  0000250 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
 
   0000260 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
"standard pkg patches"
   0000270 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
 
   0000280 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
===dev_flash_016.tar.aa.2010_11_27_051337===
   0000290 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
====\dev_flash\vsh\resource\explore\xmb\category_game.xml====
  00002a0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
 
  00002b0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
standard app_home and install package files from mfw builder.
  00002c0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
 
   00002d0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
http://pastie.org/private/ixsiyvycqmgmcdmv7swcsg
   00002e0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
 
  00002f0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
====\dev_flash\vsh\resource\explore\xmb\category_video.xml====
  0000300 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
netflix removed
  0000310 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
 
  0000320 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
http://pastie.org/private/4i02xv2onvaezfiy3i56a
  0000330 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
 
  0000340 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
= Dongle Updater PKG =
  0000350 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
 
  0000360 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
== 2.1 ==
  0000370 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.1/dongle-updater.pkg TrueBlueUpdate-2.1/dongle-updater.pkg]
  0000380 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
 
  0000390 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
Dongle is released with 1.0, this PKG is used to update the dongle to 2.1
  00003a0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
    SHA1: 4066FFEFD723FAF08EB84A62F4AA38180C40129C // MD5: 0200689D58FCA0FC51F7B738C33A5DC9 // CRC32: 4D72836 // CRC16: 8A62
  00003b0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
 
  00003c0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
Plaintext visible in the unself'ed eboot.bin : http://pastebin.com/EFQczE2r (interesting note: it used /dev_hdd0/vsh/tmp.bin as temp for the payload)<br />
  00003d0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
 
  00003e0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
=== Payload (2.1) ===
  00003f0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
located in unself'ed eboot.bin @ offset:
  0000400 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
   eboot      payload
  0000410 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
   Offset(h)  Offset(h)  00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  0000420 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
   000084F0  00000000  09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01 .......€ú.....þ.
  0000430 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
    ...
  0000440 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
   002084E0  001FFFF0  EB 3B 01 F7 6F A9 CF 3C B6 EB 89 82 7D E6 7D 3B  ë;.÷o©Ï<¶ë‰‚}æ};
  0000450 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
 
  0000460 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.1/TB_dongle_payload.bin TrueBlueUpdate-2.1/TB_dongle_payload.bin (2 MB)]
  0000470 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
    SHA1: 43402D6FE2ECE43EBE91531EFA07C366D46DD121 // MD5: BA5AFAB174BF6003D41AC8951301B822 // CRC32: 248284D2 // CRC16: 8C78
  0000480 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
 
  0000490 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
==== lv2 dump (2.1) ====
  00004a0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
payload decrypted @ LV2 dump 0x7f0000
  00004b0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
 
  00004c0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
http://pastebin.com/3VG76HQs
   00004d0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
 
   00004e0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
==== descriptors (2.1) ====
   00004f0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
 
  0000500 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;"
  0000510 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
|- bgcolor="#cccccc"
  0000520 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
! Start Offset !! End Offset !! descriptor !! Description
   0000530 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
|-
  0000540 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
| 00000000 || 00000FFF || 0x0 || 3.41 <!--// typical psgroove descriptors //-->
  0000550 04 00 00 00 fe 01 02 00 00 fe 01 02 00 09 04 00
|-
  0000560 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
| 00001000 || 00001FFF || 0x1 || 3.41 <!--// typical psgroove descriptors //-->
  0000570 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
|-
  0000580 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
| 00002000 || 00002FFF || 0x2 || 3.41 <!--// typical psgroove descriptors //-->
  0000590 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
|-
  00005a0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
| 00003000 || 00003FFF || 0x3 || 3.41 <!--// typical psgroove descriptors //-->
  00005b0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
|-
  00005c0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
| 00004000 || 00007FFF || 0x4 ||
  00005d0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
|-
  00005e0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
| 00008000 || 00008FFF || 0x5 ||
  00005f0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
|-
  0000600 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
| 00009000 || 0000BFFF || 0x6 ||
  0000610 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
|-
  0000620 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
| 0000C000 || 0000CFFF || 0x7 ||
  0000630 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
|-
  0000640 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
| 0000D000 || 0000DFFF || 0x8 ||
  0000650 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
|-
  0000660 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
| 0000E000 || 0000FFFF || 0x9 ||
  0000670 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
|-
  0000680 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
| 00010000 || 00013FFF || 0xA ||
  0000690 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
|-
  00006a0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
| 00014000 || 0001BFFF || 0xB ||
  00006b0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
|-
  00006c0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
| 0001C000 || 0001C00F || 0xC ||
  00006d0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
|-
  00006e0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
| 0001C010 || 0001C01F || 0xD ||
  00006f0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
|-
  0000700 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
| 0001C020 || 0001C03F || 0xE ||
  0000710 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
|-
  0000720 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
| 0001C040 || 0001C05F || 0xF ||
  0000730 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
|-
  0000740 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
| 0001C060 || 0001C06F || 0x10 ||
  0000750 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
|-
  0000760 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
| 0001C070 || 0001C07F || 0x11 ||
  0000770 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
|-
  0000780 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
| 0001C080 || 0001C09F || 0x12 ||
  0000790 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
|-
  00007a0 00 09 04 00 00 00 fe 01 00 00 00 fe 01 02 00 09
| 0001C0A0 || 001FFFFF || 0x13 ||
  00007b0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
|-
  00007c0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
|}
  00007d0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
{|
  00007e0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
|-
  00007f0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
| 000A1A80 || 000B039F || 0x14 ||
  0000800 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
|-
  0000810 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
| 000B03A0 || 001736FF || 0x15 ||
  0000820 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
|-
  0000830 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
| 00173700 || 00189D5F || 0x16 ||
  0000840 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
|-
  0000850 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
| 00189D60 || 001FFFFF || 0x17 ||
  0000860 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
|-
  0000870 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
|}
  0000880 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
 
  0000890 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
   descriptor 0x0
  00008a0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
   00000000  09 02 12 00 01 00 00 80  fa 09 04 00 00 00 fe 01
  00008b0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
   00000010  02 00 00 00 00 00 00 00 fa ce b0 03 aa bb cc dd
  00008c0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
   ...
  00008d0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
 
  00008e0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
   descriptor 0x1
  00008f0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
   00000000  09 02 12 00 01 00 00 80  fa 09 04 00 00 00 fe 01
  0000900 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
   00000010  02 00 00 00 00 00 00 00 fa ce b0 03 aa bb cc dd
  0000910 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  0000920 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  0000930 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  0000940 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  0000950 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  0000960 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  0000970 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
   0000980 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
   0000990 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  00009a0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  00009b0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
   00009c0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
   00009d0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  00009e0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
   00009f0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
   0000a00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  0000a10 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  0000a20 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
   0000a30 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  0000a40 00 fe 01 02 00 09 04 00 00 00 fe 01 02 2e e3 7c
  0000a50 d5 9b 2c 40 0a 02 39 f6 68 6a 15 37 90 2e 38 86
   ...
   ...


   descriptor 0x2
   descriptor 0x7
   00000000  09 02 12 00 01 00 00 80 fa 09 04 00 00 00 fe 01
   0000000 09 02 12 00 01 01 00 80 01 09 04 00 00 00 fe 01
   00000010  02 00 00 00 00 00 00 00  fa ce b0 03 aa bb cc dd
   0000010 02 00 66 bc a5 34 64 68 d0 6e 31 4c 8e d5 cd 44
   ...
   ...


   descriptor 0x3
   descriptor 0x8
   00000000  09 02 12 00 01 00 00 80 fa 09 04 00 00 00 fe 01
   0000000 09 02 00 00 01 01 00 80 01 09 04 00 00 00 fe 01
   00000010  02 00 00 00 00 00 00 00  fa ce b0 03 aa bb cc dd
   0000010 02 00 db e9 f4 e4 8b c0 7e 8c 61 47 ab 71 1b 08
   ...
   ...


   descriptor 0x4
   descriptor 0x9
   00000000  09 02 16 00 01 01 00 80 01 09 04 00 00 00 fe 01
   0000000 09 02 30 00 01 01 00 80 01 09 04 00 00 00 fe 01
   00000010  02 00 04 21 b4 2f fe b1  b2 11 81 84 f8 81 2e 2f
   0000010 02 00 3e 21 00 00 00 00 fa ce b0 03 aa bb cc dd
  ...
 
  descriptor 0xa
  0000000 09 02 20 00 01 00 00 80 01 09 04 00 00 02 ff 00
  0000010 00 00 07 05 02 02 08 00 00 07 05 81 02 08 00 00
  ...
 
  descriptor 0xb
  0000000 09 02 35 00 01 01 00 80 32 09 04 00 00 05 fe 01
  0000010 02 00 07 05 04 02 08 00 00 07 05 85 02 08 00 00
   ...
   ...


   descriptor 0x5
   descriptor 0xc
   00000000  09 02 4d 0a 01 01 00 80  01 09 04 00 00 00 fe 01  
   00000000  09 02 00 0f 01 00 00 80 09 02 00 0f 01 00 00 80  
  00000010  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
 
  00000020  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00   
   descriptor 0xd
  00000030  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
   00000000 09 02 00 0f 01 00 00 80 09 02 00 0f 01 00 00 80  
   00000040  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
 
   00000050 01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
   descriptor 0xe
  00000060  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
   00000000 09 02 16 00 01 01 00 80 23 97 93 9c 54 80 63 58  
  00000070  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
   00000010 4d d0 de c2 81 e4 2b 0b a9 d1 df 8b a6 86 03 3e  
  00000080  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00   
 
  00000090  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
   descriptor 0xf
   000000a0  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
   00000000 09 02 4d 0a 01 01 00 80 09 02 4d 0a 01 01 00 80  
   000000b0  04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 
   00000010 c4 ed 19 24 d6 5a d9 40 cc ba 88 95 1c 0b 51 9b  
  000000c0  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
 
  000000d0  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04  
   descriptor 0x10
   000000e0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00  
   00000000 09 02 12 00 01 01 00 80 09 02 12 00 01 01 00 80  
  000000f0  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
 
   00000100  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
   descriptor 0x11
   00000110 00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
   00000000 09 02 30 00 01 01 00 80 aa 47 64 8a ca d1 c2 e5  
  00000120  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  00000130  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe  
  00000140  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
  00000150  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00   
   00000160 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01  
  00000170  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
   00000180  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
   00000190  04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  000001a0  00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 
  000001b0  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  000001c0  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
  000001d0  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01  
  000001e0  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
   000001f0  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
   00000200  04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  00000210  00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 
  00000220  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  00000230  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
  00000240  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
  00000250  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
  00000260  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  00000270  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  00000280  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
  00000290  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  000002a0  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
  000002b0  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
  000002c0  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
  000002d0  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  000002e0  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  000002f0  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  00000300  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  00000310  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
  00000320  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
  00000330  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
  00000340  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  00000350  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  00000360  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  00000370  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
  00000380  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
  00000390  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
  000003a0  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
  000003b0  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
  000003c0  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  000003d0  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  000003e0  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
  000003f0  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  00000400  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
  00000410  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
  00000420  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
  00000430  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  00000440  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  00000450  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
  00000460  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  00000470  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
  00000480  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
  00000490  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
  000004a0  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  000004b0  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  000004c0  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
  000004d0  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  000004e0  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
  000004f0  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
  00000500  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
  00000510  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  00000520  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  00000530  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  00000540  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  00000550  04 00 00 00 fe 01 02 00  00 fe 01 02 00 09 04 00 
  00000560  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  00000570  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
  00000580  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  00000590  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  000005a0  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  000005b0  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
  000005c0  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
  000005d0  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
  000005e0  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
  000005f0  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
  00000600  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  00000610  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  00000620  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
  00000630  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  00000640  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
  00000650  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
  00000660  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
  00000670  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  00000680  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  00000690  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
  000006a0  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  000006b0  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
  000006c0  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
  000006d0  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
  000006e0  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  000006f0  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  00000700  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
  00000710  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  00000720  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
  00000730  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
  00000740  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
  00000750  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  00000760  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  00000770  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  00000780  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  00000790  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
  000007a0  00 09 04 00 00 00 fe 01  00 00 00 fe 01 02 00 09 
  000007b0  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  000007c0  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  000007d0  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  000007e0  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  000007f0  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
  00000800  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
  00000810  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
  00000820  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
  00000830  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
  00000840  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  00000850  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  00000860  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
  00000870  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  00000880  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
  00000890  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
  000008a0  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
  000008b0  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  000008c0  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  000008d0  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
  000008e0  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  000008f0  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
  00000900  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
  00000910  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
  00000920  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  00000930  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  00000940  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
  00000950  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  00000960  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
  00000970  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
  00000980  02 00 09 04 00 00 00 fe  01 02 00 09 04 00 00 00 
  00000990  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  000009a0  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  000009b0  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  000009c0  01 02 00 09 04 00 00 00  fe 01 02 00 09 04 00 00 
  000009d0  00 fe 01 02 00 09 04 00  00 00 fe 01 02 00 09 04 
  000009e0  00 00 00 fe 01 02 00 09  04 00 00 00 fe 01 02 00 
  000009f0  09 04 00 00 00 fe 01 02  00 09 04 00 00 00 fe 01 
  00000a00  fe 01 02 00 09 04 00 00  00 fe 01 02 00 09 04 00 
  00000a10  00 00 fe 01 02 00 09 04  00 00 00 fe 01 02 00 09 
  00000a20  04 00 00 00 fe 01 02 00  09 04 00 00 00 fe 01 02 
  00000a30  00 09 04 00 00 00 fe 01  02 00 09 04 00 00 00 fe 
  00000a40  00 fe 01 02 00 09 04 00  00 00 fe 01 02 88 37 f5 
  00000a50  49 4f df 9c 28 32 2f f0 14 cd 27 47 6a 23 81 75  
  ...
 
  descriptor 0x6
  0000000 09 02 4d 0a 01 01 00 80 01 09 04 00 00 00 fe 01
  0000010 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  0000020 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  0000030 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  0000040 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  0000050 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  0000060 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  0000070 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
  0000080 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  0000090 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  00000a0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  00000b0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  00000c0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  00000d0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  00000e0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
  00000f0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
  0000100 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  0000110 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  0000120 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  0000130 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  0000140 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  0000150 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
  0000160 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
  0000170 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  0000180 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  0000190 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  00001a0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  00001b0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  00001c0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
  00001d0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
  00001e0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  00001f0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  0000200 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  0000210 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  0000220 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  0000230 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  0000240 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
  0000250 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  0000260 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  0000270 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  0000280 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  0000290 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  00002a0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  00002b0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
  00002c0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  00002d0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  00002e0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  00002f0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  0000300 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  0000310 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  0000320 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
  0000330 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
  0000340 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  0000350 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  0000360 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  0000370 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  0000380 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  0000390 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
  00003a0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
  00003b0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  00003c0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  00003d0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  00003e0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  00003f0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  0000400 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
  0000410 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
  0000420 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  0000430 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  0000440 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  0000450 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  0000460 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  0000470 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  0000480 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
  0000490 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  00004a0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  00004b0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  00004c0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  00004d0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  00004e0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  00004f0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
  0000500 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  0000510 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  0000520 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  0000530 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  0000540 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  0000550 04 00 00 00 fe 01 02 00 00 fe 01 02 00 09 04 00
  0000560 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  0000570 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
  0000580 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  0000590 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  00005a0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  00005b0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  00005c0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  00005d0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
  00005e0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
  00005f0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  0000600 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  0000610 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  0000620 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  0000630 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  0000640 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
  0000650 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
  0000660 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  0000670 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  0000680 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  0000690 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  00006a0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  00006b0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  00006c0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
  00006d0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  00006e0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  00006f0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  0000700 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  0000710 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  0000720 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  0000730 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
  0000740 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  0000750 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  0000760 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  0000770 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  0000780 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  0000790 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  00007a0 00 09 04 00 00 00 fe 01 00 00 00 fe 01 02 00 09
  00007b0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  00007c0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  00007d0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  00007e0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  00007f0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  0000800 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  0000810 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
  0000820 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
  0000830 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  0000840 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  0000850 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  0000860 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  0000870 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  0000880 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
  0000890 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
  00008a0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  00008b0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  00008c0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  00008d0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  00008e0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  00008f0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  0000900 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
  0000910 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  0000920 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  0000930 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  0000940 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  0000950 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  0000960 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  0000970 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
  0000980 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00
  0000990 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  00009a0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  00009b0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  00009c0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00
  00009d0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04
  00009e0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00
  00009f0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01
  0000a00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00
  0000a10 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09
  0000a20 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02
  0000a30 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe
  0000a40 00 fe 01 02 00 09 04 00 00 00 fe 01 02 2e e3 7c
  0000a50 d5 9b 2c 40 0a 02 39 f6 68 6a 15 37 90 2e 38 86
  ...


   descriptor 0x7
   descriptor 0x12
   0000000 09 02 12 00 01 01 00 80 01 09 04 00 00 00 fe 01
   00000000  09 02 20 00 01 00 00 80 d5 77 77 85 62 ab 13 4a 
  0000010 02 00 66 bc a5 34 64 68 d0 6e 31 4c 8e d5 cd 44
   00000010  aa 91 92 8c d9 96 c0 6e  eb 20 9d 9e 92 a7 38 df 
   ...
 
  descriptor 0x8
  0000000 09 02 00 00 01 01 00 80 01 09 04 00 00 00 fe 01
  0000010 02 00 db e9 f4 e4 8b c0 7e 8c 61 47 ab 71 1b 08
  ...


   descriptor 0x9
   descriptor 0x13
   0000000 09 02 30 00 01 01 00 80 01 09 04 00 00 00 fe 01
   00000000  09 02 35 00 01 01 00 80 8e 7f 3d 02 11 aa 2a fa 
   0000010 02 00 3e 21 00 00 00 00 fa ce b0 03 aa bb cc dd
   00000010  03 6b 2d 2c 45 d7 25 ff  aa 34 b1 a8 8b 5d a7 b3 
   ...
   ...


  descriptor 0xa
  0000000 09 02 20 00 01 00 00 80 01 09 04 00 00 02 ff 00
  0000010 00 00 07 05 02 02 08 00 00 07 05 81 02 08 00 00
  ...


  descriptor 0xb
== 2.2 ==
  0000000 09 02 35 00 01 01 00 80 32 09 04 00 00 05 fe 01
True Blue Dongle Update v2.2 - Initial worldwide release
  0000010 02 00 07 05 04 02 08 00 00 07 05 85 02 08 00 00
    SHA1: 504D53CD6EDFA3382510CCB40CE49F802073FBD4 // MD5: A09CBCD5B3AEC31B07D974BEB4AC21FE // CRC32: 82F977CC // CRC16: 92D4
  ...
 
  descriptor 0xc
  00000000  09 02 00 0f 01 00 00 80  09 02 00 0f 01 00 00 80 
 
  descriptor 0xd
  00000000  09 02 00 0f 01 00 00 80  09 02 00 0f 01 00 00 80 
 
  descriptor 0xe
  00000000  09 02 16 00 01 01 00 80  23 97 93 9c 54 80 63 58 
  00000010  4d d0 de c2 81 e4 2b 0b  a9 d1 df 8b a6 86 03 3e 
 
  descriptor 0xf
  00000000  09 02 4d 0a 01 01 00 80  09 02 4d 0a 01 01 00 80 
  00000010  c4 ed 19 24 d6 5a d9 40  cc ba 88 95 1c 0b 51 9b 
 
  descriptor 0x10
  00000000  09 02 12 00 01 01 00 80  09 02 12 00 01 01 00 80 


  descriptor 0x11
Unpkg/unself'ed: [http://www.multiupload.com/NUILFATYL1 TrueBlueUpdate-2.2.pkg.out.rar (1018.2 KB)] <br />
  00000000  09 02 30 00 01 01 00 80  aa 47 64 8a ca d1 c2 e5 
 
  descriptor 0x12
  00000000  09 02 20 00 01 00 00 80  d5 77 77 85 62 ab 13 4a 
  00000010  aa 91 92 8c d9 96 c0 6e  eb 20 9d 9e 92 a7 38 df 
 
  descriptor 0x13
  00000000  09 02 35 00 01 01 00 80  8e 7f 3d 02 11 aa 2a fa 
  00000010  03 6b 2d 2c 45 d7 25 ff  aa 34 b1 a8 8b 5d a7 b3 
  ...
 
== 2.2 ==
True Blue Dongle Update v2.2 - Initial worldwide release
 
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.2/TrueBlueUpdate-2.2.pkg TrueBlueUpdate-2.2/TrueBlueUpdate-2.2.pkg]
    SHA1: 504D53CD6EDFA3382510CCB40CE49F802073FBD4 // MD5: A09CBCD5B3AEC31B07D974BEB4AC21FE // CRC32: 82F977CC // CRC16: 92D4


=== Payload (2.2) ===
=== Payload (2.2) ===
Line 1,433: Line 1,070:
   0007B588  00072EF0  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â
   0007B588  00072EF0  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â


[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.2/TB_payload_2.2.bin payload2-2.bin (459.75 KB)]
[http://www.multiupload.com/KARELUPQRS payload2-2.bin (459.75 KB)]
     SHA1: 69953C9CF60E67E798A22C1016ABCB44A1D42CDF // MD5: F0826BA059B352BC6100647DB7EFDE5F // CRC32: 4B3C2132 // CRC16: 8181
     SHA1: 69953C9CF60E67E798A22C1016ABCB44A1D42CDF // MD5: F0826BA059B352BC6100647DB7EFDE5F // CRC32: 4B3C2132 // CRC16: 8181


Line 2,089: Line 1,726:
|}
|}
http://pastie.org/private/11axjnmsy73lury2iaymkw
http://pastie.org/private/11axjnmsy73lury2iaymkw
==== TB 2.2 update ====
<!--//TB 2.2 update and how the update data .bin is written//-->
{| class="wikitable"
|-
! 0x00000 - 0x00eff !! 0x00000 - 0x00eff
|-
| <pre>
0000000 09 02 12 00 01 00 00 80 fa 09 04 00 00 00 fe 01
0000010 02 00 00 00 00 00 00 00 fa ce b0 03 aa bb cc dd
0000020 7c 08 02 a6 48 00 00 05 7c 88 02 a6 38 84 ff f8
</pre> || <pre>
0000000 09 02 12 00 01 00 00 80 fa 09 04 00 00 00 fe 01
0000010 02 00 00 00 00 00 00 00 fa ce b0 03 aa bb cc dd
0000020 7c 08 02 a6 48 00 00 05 7c 88 02 a6 38 84 ff f8
</pre>
|-
| <pre>
0000ed0 80 00 00 00 00 7f 03 30 80 00 00 00 00 7f 8c 30
0000ee0 00 00 00 00 00 00 00 00 80 00 00 00 00 7f 03 44
0000ef0 80 00 00 00 00 7f 8c 30 00 00 00 00 00 00 00 00
</pre> || <pre>
0000ed0 80 00 00 00 00 7f 03 30 80 00 00 00 00 7f 8c 30
0000ee0 00 00 00 00 00 00 00 00 80 00 00 00 00 7f 03 44
0000ef0 80 00 00 00 00 7f 8c 30 00 00 00 00 00 00 00 00
</pre>
|-
! 0x00f00 - 0x11eff !! 0x20000 - 0x30fff
|-
| <pre>
0000f00 11 4d c0 07 90 7c 60 db fc 5c 66 c5 d2 b9 ea 18
0000f10 38 e2 81 dd aa a7 09 e6 c9 71 89 94 4c cb 26 c0
0000f20 54 00 0c 0d f5 cb 38 12 19 f8 11 5d 05 11 ef b3
</pre> || <pre>
0020000 11 4d c0 07 90 7c 60 db fc 5c 66 c5 d2 b9 ea 18
0020010 38 e2 81 dd aa a7 09 e6 c9 71 89 94 4c cb 26 c0
0020020 54 00 0c 0d f5 cb 38 12 19 f8 11 5d 05 11 ef b3
</pre>
|-
| <pre>
0011ed0 5e e3 d5 fe cc b5 4b b9 cd de c4 b5 be c2 97 91
0011ee0 4f f8 c6 84 3f 51 ab 7a 61 e6 10 8c 5b 75 2e 21
0011ef0 f0 c8 66 52 67 ed 0c 7e b9 1e ce 05 82 6f 4a 95
</pre> || <pre>
0030fd0 5e e3 d5 fe cc b5 4b b9 cd de c4 b5 be c2 97 91
0030fe0 4f f8 c6 84 3f 51 ab 7a 61 e6 10 8c 5b 75 2e 21
0030ff0 f0 c8 66 52 67 ed 0c 7e b9 1e ce 05 82 6f 4a 95
</pre>
|-
! 0x11f00 - 0x21eff !! 0x40000 - 0x4ffff
|-
| <pre>
0011f00 bd a7 dc 80 af ce a8 35 e9 51 de 8b a3 20 53 cd
0011f10 e1 6c ed 3a b9 b9 a5 02 09 04 4c 40 d4 fb 44 79
0011f20 79 a5 0a f5 c0 d4 69 f7 20 8b 6d 0b f8 31 ab 2f
</pre> || <pre>
0040000 bd a7 dc 80 af ce a8 35 e9 51 de 8b a3 20 53 cd
0040010 e1 6c ed 3a b9 b9 a5 02 09 04 4c 40 d4 fb 44 79
0040020 79 a5 0a f5 c0 d4 69 f7 20 8b 6d 0b f8 31 ab 2f
</pre>
|-
| <pre>0021ed0 ba 85 d4 f2 cc 57 4b ae 28 6a cc ed 12 73 c3 21
0021ee0 28 fd f1 ff 91 b5 bf dc 12 34 e4 e5 81 ed 00 d1
0021ef0 3b 4c 13 e9 8d b8 0e 15 07 15 cb 37 14 1e fc 12</pre> || <pre>
004ffd0 ba 85 d4 f2 cc 57 4b ae 28 6a cc ed 12 73 c3 21
004ffe0 28 fd f1 ff 91 b5 bf dc 12 34 e4 e5 81 ed 00 d1
004fff0 3b 4c 13 e9 8d b8 0e 15 07 15 cb 37 14 1e fc 12
</pre>
|-   
! 0x21f00 - 0x32eff !! 0xa0000 - 0xb0fff
|-
| <pre>
0021f00 4a e0 50 59 85 2f 3c 35 82 3a 87 45 d4 9c 02 a7
0021f10 3c 36 b9 58 e2 b6 ac cb cc a1 51 14 9e 18 b7 1c
0021f20 49 ee a9 db 86 e0 ca 20 b6 73 9e 65 66 77 85 da
</pre> || <pre>
00a0000 4a e0 50 59 85 2f 3c 35 82 3a 87 45 d4 9c 02 a7
00a0010 3c 36 b9 58 e2 b6 ac cb cc a1 51 14 9e 18 b7 1c
00a0020 49 ee a9 db 86 e0 ca 20 b6 73 9e 65 66 77 85 da
</pre>
|-
| <pre>
0032ed0 02 e9 0a 39 b3 44 a2 a1 b1 11 e1 c7 d7 16 a1 a4
0032ee0 f9 17 e0 29 e8 92 0b bd c2 90 c0 94 63 65 86 bf
0032ef0 8b cf a7 59 e5 df 80 b3 02 94 f6 02 28 f3 90 58
</pre> || <pre>
00b0fd0 02 e9 0a 39 b3 44 a2 a1 b1 11 e1 c7 d7 16 a1 a4
00b0fe0 f9 17 e0 29 e8 92 0b bd c2 90 c0 94 63 65 86 bf
00b0ff0 8b cf a7 59 e5 df 80 b3 02 94 f6 02 28 f3 90 58
</pre>
|-
! 0x32f00 - 0x44eff !! 0xc0000 - 0xd1fff
|-
| <pre>
0032f00 04 a3 9b e7 82 91 8d e5 d5 80 2b d9 d7 3c 1e c0
0032f10 61 d6 09 3a a6 1c 93 6f c5 7c 31 f8 dd cb 78 28
0032f20 6b b6 77 5a 23 b6 06 dd a8 d1 4e a6 dc fb 98 9e
</pre> || <pre>
00c0000 04 a3 9b e7 82 91 8d e5 d5 80 2b d9 d7 3c 1e c0
00c0010 61 d6 09 3a a6 1c 93 6f c5 7c 31 f8 dd cb 78 28
00c0020 6b b6 77 5a 23 b6 06 dd a8 d1 4e a6 dc fb 98 9e
</pre>
|-
| <pre>
0044ed0 92 7b 93 d8 3b 36 d8 2d ea ca 6c e6 e3 4e e1 61
0044ee0 48 9e 52 e5 0a 74 0b 1c 5b d4 76 01 13 fc 37 84
0044ef0 05 a3 8b 12 ed d4 12 f0 12 e2 50 0a 86 81 eb 5b
</pre> || <pre>
00d1fd0 92 7b 93 d8 3b 36 d8 2d ea ca 6c e6 e3 4e e1 61
00d1fe0 48 9e 52 e5 0a 74 0b 1c 5b d4 76 01 13 fc 37 84
00d1ff0 05 a3 8b 12 ed d4 12 f0 12 e2 50 0a 86 81 eb 5b
</pre>
|-
! 0x44f00 - 0x72eff !! 0x60000 - 0x8dfff
|-
| <pre>
0044f00 7a e9 9b 7e ca b6 2b ff da fe 16 be 7b 59 d2 b2
0044f10 a4 ec 11 b0 11 0c d1 ea f4 d4 3b a2 2a f4 e9 b3
0044f20 ca 86 ae 02 32 a7 19 e6 0d 6f cd 84 fc 66 c5 c2
</pre> || <pre>
0060000 7a e9 9b 7e ca b6 2b ff da fe 16 be 7b 59 d2 b2
0060010 a4 ec 11 b0 11 0c d1 ea f4 d4 3b a2 2a f4 e9 b3
0060020 ca 86 ae 02 32 a7 19 e6 0d 6f cd 84 fc 66 c5 c2
</pre>
|-
| <pre>
0072ed0 38 b8 fe 73 60 a2 7b 1d 3b bb a2 f6 3c d6 ca 0d
0072ee0 16 b4 4b 1b bc ae fc 93 27 60 70 3a be 8f b5 cd
0072ef0 99 0a 4c 65 2a ce de d6 0d c8 d2 73 fc b3 85 e2
</pre> || <pre>
008dfd0 38 b8 fe 73 60 a2 7b 1d 3b bb a2 f6 3c d6 ca 0d
008dfe0 16 b4 4b 1b bc ae fc 93 27 60 70 3a be 8f b5 cd
008dff0 99 0a 4c 65 2a ce de d6 0d c8 d2 73 fc b3 85 e2
</pre>
|-
|}
http://pastie.org/private/xqnwgptonrxonytzdstdka


== 2.3 ==
== 2.3 ==
True Blue Dongle Update v2.3 - [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.3/TrueBlueUpdate-2.3.pkg /TrueBlueUpdate-2.3/TrueBlueUpdate-2.3.pkg]
True Blue Dongle Update v2.3 - [http://www.multiupload.com/S5S9X4UON0 TrueBlueUpdate-2.3.zip (546.29 KB)]
* Fixed games requiring "BD Mirror"
* Fixed games requiring "BD Mirror"
* True Blue firmware version is now displayed on the XMB "System Information" screen
* True Blue firmware version is now displayed on the XMB "System Information" screen
Line 2,236: Line 1,735:


<!--// The 'True Blue' team again comes thru with more support, this time with another update (v2.3), which was developed after the team was contacted by 'Paradox' in regard to problems with some of the latest games like 'Modern Warfare 3', and up-coming releases and patches, after some brain-storming and figuring out the compatibility problems the 'True Blue' team has now released the v2.3 update which will be required for all 'future' PS3 games released. //-->
<!--// The 'True Blue' team again comes thru with more support, this time with another update (v2.3), which was developed after the team was contacted by 'Paradox' in regard to problems with some of the latest games like 'Modern Warfare 3', and up-coming releases and patches, after some brain-storming and figuring out the compatibility problems the 'True Blue' team has now released the v2.3 update which will be required for all 'future' PS3 games released. //-->
Unpkg/unself'ed: [http://www.multiupload.com/FHT635SH7W TrueBlueUpdate-2.3.pkg.out.rar (1022.45 KB)] <br />


=== Payload (2.3) ===
=== Payload (2.3) ===
Line 2,245: Line 1,745:
   0007BD88  000736F0  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â
   0007BD88  000736F0  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â


[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.3/payload_2.3.bin payload_2.3.bin (461.75 KB)]
[http://www.multiupload.com/F0OVXTV2UV payload_2.3.bin (461.75 KB)]
   SHA1: DD8C3302F5F2394B2A0D907DE972AFB8E94DB0B5 // MD5: 7E4C3C6D7BA24375D3BE83074D882E0A // CRC32: 7D748CE8 // CRC16: 4A3B
   SHA1: DD8C3302F5F2394B2A0D907DE972AFB8E94DB0B5 // MD5: 7E4C3C6D7BA24375D3BE83074D882E0A // CRC32: 7D748CE8 // CRC16: 4A3B


Line 2,261: Line 1,761:
00 00 00 00 00 00 fa ce b0 03 aa bb cc dd</pre>
00 00 00 00 00 00 fa ce b0 03 aa bb cc dd</pre>
|-
|-
| - || - || - || <pre>09 03 A6 4E 80 04 21
09 03 A6 E8 5F 00 08
09 03 A6 E8 5F 00 08
09 00 00 F8 41 00 28
09 03 A6 E8 49 00 08
09 00 00 F8 41 00 28 E9
09 03 A6 E8 49 00 08 4E
...
</pre>
|-
|}
== 2.4 ==
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.4/TrueBlueUpdate-2.4.pkg TrueBlueUpdate-2.4/TrueBlueUpdate-2.4.pkg]
=== Payload (2.4) ===
located in unself'ed eboot.bin @ offset:
  eboot      payload
  Offset(h)  Offset(h)  00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00008730  00000000  09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01  .......€ú.....þ.
    ...
  000A3620  0009AEFF  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.4/payload_2.4.bin payload_2.4.bin (619.75 KB)]
  SHA1: C062057BFBE4A0DF6C6C6E1B33C7561BC859C23F // MD5: 69FC4CE04DD4255A0BEEF4C2168F0AB0 // CRC32: 1C9EE18 // CRC16: 85DE
IDA DB: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.4/EBOOT_SHT_fixed.i64 EBOOT_SHT_fixed.i64 (3.01 MB)]
== 2.5 ==
=== Payload (2.5) ===
start: 8600, end: 63e00, size: 5b800
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.5/EBOOT,BIN.elf TrueBlueUpdate-2.5/EBOOT,BIN.elf]
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.5/update_data_2.5.bin TrueBlueUpdate-2.5/update_data_2.5.bin]
== 2.61 ==
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.61/TrueBlueUpdate-2.61.pkg TrueBlueUpdate-2.61.pkg]
=== Payload (2.61) ===
located in unself'ed eboot.bin @ offset:
  Offset(h)  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00008768  00000000  E4 C7 60 B6 E3 77 C2 89 B3 71 1D 06 EE 4C DF F7  äÇ`¶ãw‰³q..îLß÷
    ...
  00066F58  0005E7F0  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.61/payload_2.61.bin payload_2.61.bin (378 KB)]
  SHA1: 7CEA46601B717912D6A434CA2C164E0A9B890825 // MD5: 1114BC3061581FC592A3797B340FD545 // CRC32: B66F50FD // CRC16: B685
IDA DB: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.61/TrueBlueUpdate-2.61.idc TrueBlueUpdate-2.61.idc (203 KB)]
== 2.62 ==
=== Payload (2.62) ===
located in unself'ed eboot.bin @ offset:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00000000  E0 AE 1B 14 9D 24 05 8A D0 BB 65 D8 7F CC 1C 24  à®...$.ŠÐ»eØ.Ì.$
    ...
  0005E7F0  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.62/payload_2.62.bin payload_2.62.bin (378 KB)]
  SHA1: C5D37456FD5E59CFB648C82BBBE3FD95875E7C49 // MD5: 870C58F2CEC6BDB0ACF43EDD459ECD1C // CRC32: 35B2B2CA // CRC16: E3DE
== 2.7 ==
=== Payload (2.7) ===
located in unself'ed eboot.bin @ offset:
  Offset(h)  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  000087c8  00000000  E0 AE 1B 14 9D 24 05 8A D0 BB 65 D8 7F CC 1C 24  à®...$.ŠÐ»eØ.Ì.$
    ...
  00067fc8  0005F7F0  D9 5A C0 45 E8 78 E6 C6 16 0A 98 10 1B CA 52 3B  ÙZÀEèxæÆ..˜..ÊR;
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.7/TB_payload_27.bin TB_payload_27.bin (382 KB)]
  SHA1: 107A4E37471D58E79B6F8A884FF09DD3A5F83DD0 // MD5: 495970F92139F966BF78E43509BB7C38 // CRC32: FBA0FCEB // CRC16: AD81
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)