Editing Talk:ReDRM / Piracy dongles

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
== another clone? -> FAKE! ==
<div style="float:right">[[File:Infinitydongle.jpg|210px|thumb|right|Infinity dongle]]</div>
http://www.jb-infinity.com/infinity_usb/
This clone turned to be '''fake''' and Matrix team was not involved.<br />
To quote:<br />
'''Matrix Team, producer of popular products suchs as Matrix Infinity, Matrix Glitcher Series, Matrix Freedom PCB etc. would like to clearly state we are not involved in any way in the announced ‘Infinity Dongle’ for Playstation 3. If this product is not a fake the people behind it are clearly trying to profit from Matrix Team excellent reputation in both production quality and product support to improve their sales.''' <br />
http://www.ps3hax.net/2012/07/infinity-dongle-beta-packaging/
== naehrwert : Reversing TB – Part 1: The VM ==
source: [http://nwert.wordpress.com/2012/06/02/reversing-tb-part-1-the-vm/ naehrwert : Reversing TB – Part 1: The VM]
Thanks to [https://twitter.com/#!/oct0xor oct0xor] we could get our hands on the decrypted TB payload (stage 2). Of course the first thing to do is to fire it up in IDA, our favourite tool of the trade. The entry code of the payload looks like this:
<pre>
1337C0DE00000000 _start:
1337C0DE00000000
1337C0DE00000000 .set var_58, -0x58
1337C0DE00000000 .set arg_10,  0x10
1337C0DE00000000
1337C0DE00000000        mflr      r0
1337C0DE00000004        bl        loc_1337C0DE00000008
1337C0DE00000008 1337C0DE00000008 loc_1337C0DE00000008:
1337C0DE00000008        mflr      r3
1337C0DE0000000C        lis      r4, 0 # 8
1337C0DE00000010        addi      r4, r4, 8 # 8
1337C0DE00000014        subf.    r3, r4, r3
1337C0DE00000018        beq      skip_reloc
1337C0DE0000001C        li        r6, 0
1337C0DE00000020        oris      r6, r6, 0x1337
1337C0DE00000024        ori      r6, r6, 0xC0DE
1337C0DE00000028        lis      r4, 1 # 0xA848
1337C0DE0000002C        addi      r4, r4, -0x57B8 # 0xA848
1337C0DE00000030        lis      r5, 1 # 0x10D18
1337C0DE00000034        addi      r5, r5, 0xD18 # 0x10D18
1337C0DE00000038        subf.    r5, r4, r5
1337C0DE0000003C        beq      skip_reloc
1337C0DE00000040        srdi.    r5, r5, 3
1337C0DE00000044        mtctr    r5
1337C0DE00000048        add      r4, r4, r3
1337C0DE0000004C
1337C0DE0000004C reloc_loop:
1337C0DE0000004C        ld        r5, 0(r4)
1337C0DE00000050        srdi      r7, r5, 32
1337C0DE00000054        cmpw      r7, r6
1337C0DE00000058        bne      skip_rewrite
1337C0DE0000005C        clrldi    r5, r5, 32
1337C0DE00000060        add      r5, r5, r3
1337C0DE00000064        std      r5, 0(r4)
1337C0DE00000068
1337C0DE00000068 skip_rewrite:
1337C0DE00000068        addi      r4, r4, 8
1337C0DE0000006C        bdnz      reloc_loop
1337C0DE00000070
1337C0DE00000070 skip_reloc:
1337C0DE00000070        std      r0, arg_10(r1)
1337C0DE00000074        stdu      r1, -0x80(r1)
1337C0DE00000078        std      r2, 0x80+var_58(r1)
1337C0DE0000007C        lis      r4, 1 # 0x17E40
1337C0DE00000080        addi      r4, r4, 0x7E40 # 0x17E40
1337C0DE00000084        add      r2, r4, r3
1337C0DE00000088        bl        payload_main
</pre>
In the first loop it will relocate itself using 0x1337C0DE as an identifier for the upper 32 bits and rewrite that to the actual base. The disassembly above was already loaded using 0x1337C0DE00000000 as base. While scrolling through the data section at the end of the payload one quickly figures out that the RTOC is 0x1337C0DE00017E40.
As I was analyzing the code I found a sub that was basically just a really big switch with random looking case values. Once I reversed the sub at 0x1337C0DE00002578 and some of the following ones and analyzed their usage in the switch sub, I knew that I was looking at a fricking virtual machine.
<pre>
1337C0DE00002578 vm_push_word_0:
1337C0DE00002578        ld        r11, off_1337C0DE00010128 # stack_ptr
1337C0DE0000257C        ld        r9, 0(r11)
1337C0DE00002580        addi      r0, r9, 4
1337C0DE00002584        std      r0, 0(r11)
1337C0DE00002588        stw      r3, 4(r9)
1337C0DE0000258C        blr
</pre>
Paranoid TB developers even used XOR-tables to obfuscate the VM instructions and data. The virtual machine is mostly stack based but the instructions let you work using registers too. The next thing to do is to reverse all the instructions and write a disassembler and emulator. [http://pastie.org/4015202 Here is some code]<!--// http://pastebin.com/DuPaSKen //--> to unscramble the embeded vm binary for further investigation. I’m going to write more about this topic in the future.
==Q&A==
==Q&A==
Q: Is this posible on other dongles from the FW3.41 days like Blackcat and Teensy? <br />
Q: Is this posible on other dongles from the FW3.41 days like Blackcat and Teensy? <br />
Line 83: Line 5:
Q: Are they (TB team) just stealing the dev eboots? <br />
Q: Are they (TB team) just stealing the dev eboots? <br />
A: You can only rumor which source they use to resign the content to lock-in their DRM. But ofcourse those very same DRM-less files can be resigned for 3.55 too (as has been done numerous times in the past). Piracy is bad, but pirates using DRM to make sure ''they'' get the money and ''not'' genuine developpers is even worse (especially when they lock you into a single firmware that has even less to offer than generic MFW and makes you loose OtherOS++ too). <br />
A: You can only rumor which source they use to resign the content to lock-in their DRM. But ofcourse those very same DRM-less files can be resigned for 3.55 too (as has been done numerous times in the past). Piracy is bad, but pirates using DRM to make sure ''they'' get the money and ''not'' genuine developpers is even worse (especially when they lock you into a single firmware that has even less to offer than generic MFW and makes you loose OtherOS++ too). <br />
Q: Is it possible that they (TB team) have an FPGA setup to read the PS3's RAM, upgraded the PS3 to the latest FW and dumped the RAM after the PS3 loads a game. Then extracting decrypted EBOOT.BIN from the RAM dump?


=== Content ===
=== Content ===
{| class="wikitable"
{| class="wikitable"
|-
|-
! Title !! PARADOX<br />PARADiSO !! Disc !! Dongleless<br />resigned<br /> !! [[KaKaRoTo_Kind_of_%C2%B4Jailbreak%C2%B4|'Kind Of']] !! DiskID !! Notes
! Title !! PARADOX<br />PARADiSO !! Disc !! Dongleless<br />resigned<br /> !! [[KaKaRoTo_Kind_of_%C2%B4Jailbreak%C2%B4|'Kind Of']] !! Notes
|-
| Ace Combat Assault Horizon || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30613, BLES-01392 || {{Yes}}
|-
| Air Conflicts: Secret Wars || {{No}} || {{No}} || {{Yes}} || {{Yes}} || BLUS-30850 || {{Yes}} DUPLEX
|-
| Alice Madness Returns || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30607, BLES-01265 || {{Yes}} DUPLEX
|-
| Armored Core V || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJM-60012, BLES-01440 || {{Yes}} EXEtrimALL
|-
|-
| Assassins Creed Revelations || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30808, BLES-01467 || {{Yes}} DUPLEX
| Air Conflicts: Secret Wars || ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Asuras Wrath || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01227 || {{Yes}}
| Alice Madness Returns || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Atelier Meruru The Apprentice of Arland || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJM-60348, BLUS-30941, BLES-01593 || {{Yes}} N0DRM
| Assassins Creed Revelations || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Atelier Totori The Adventurer of Arland || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30735, BLES-01221 || {{Yes}} N0DRM
| Atelie Totori The Adventurer of Arland || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Ape Escape || {{No}} || {{No}} || {{Yes}} || {{Yes}} || BCES01186 || {{Yes}}
| Atelier Meruru The Apprentice of Arland || {{Yes}} || || {{Yes}} || {{Yes}} ||
|-
|-
| Batman Arkham City || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || BLUS-30538, BLUS-30817SA (Limited Edition), BLES-00926 || {{Yes}}
| Batman Arkham City || || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
|-
| Beyond the Future: Fix the Time Arrows || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJM-60408 || {{Yes}} N0DRM
| Bleach Soul Resurreccion || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Binary Domain || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01211 || {{Yes}} N0DRM
| Bodycount || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Birds of Steel || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01397 ||  
| Cabelas Big Game Hunter 2012 || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Blades of Time || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01395, BLUS-30833 || {{Yes}} N0DRM
| Call of Duty Modern Warfare 3 || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Blazblue Continuum Shift || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30576 || {{Yes}} N0DRM
| Call of Juarez: The Cartel || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Bleach Soul Ignition || {{Yes}} ||  || {{Yes}} || {{Yes}} || BCJS-30077 ||  
| Captain America Super Soldier || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Bleach Soul Resurreccion || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30769 || {{Yes}} N0DRM
| Cars 2 || ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Bodycount || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30562, BLES-01314 || {{Yes}}
| Catherine || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Cabelas Big Game Hunter 2012 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30843 || {{Yes}} N0DRM
| Child of Eden || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Call of Duty Modern Warfare 3 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30838, BLES-01428, BLES-01430 (Hardened Edition) || {{Yes}}
| Dance! It’s your Stage || ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Call of Juarez: The Cartel || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01352, BLUS-30795 || {{Yes}} N0DRM
| Dark Souls || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Captain America Super Soldier || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01167, BLUS-30642 || {{Yes}}
| Dead Island || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Carnival Island || {{Yes}} ||  || {{Yes}} || {{Yes}} || BCUS-98271 || {{Yes}} N0DRM
| Deus Ex Human Revolution || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Cars 2 || {{No}} || {{No}} || {{Yes}} || {{Yes}} || BLUS-30725, BLES-01328 || {{Yes}}
| Dirt 3 || {{Yes}} || || {{Yes}} || {{Yes}} ||
|-
|-
| Catherine || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01459, BLUS-30428 ||  
| Disgaea 4 A Promise Unforgotten ||  || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
|-
| Child of Eden || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01114, BLUS-30669 || {{Yes}} RangerRus
| Dragon Ball Z Ultimate Tenkaichi || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
<!--//  //-->
| Driver San Francisco || || {{Yes}} || {{Yes}} || {{Yes}} ||
| Dance! It’s your Stage || {{No}} || {{No}} || {{Yes}} || {{Yes}} || BLES-01266 || {{Yes}} DUPLEX
|-
|-
| Dark Souls || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30782, BLUS-30807 (LE), BLES-01396, BLES-01402 (LE) || {{Yes}}
| Dungeon Siege 3 || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Dead Island || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-00749, BLUS-30790, BLUS-31026 (GOTY) || {{Yes}}
| Dynasty Warriors Gundam 3 || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Dead Rising 2: Off the Record || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30763 || {{Yes}}
| F1 2011 || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Deus Ex Human Revolution || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01151, BLUS-30476, BLUS-30733 (AE) || {{Yes}}
| F.E.A.R. 3 || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Devil May Cry HD Collection || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01228 || {{Yes}} DUPLEX
| FIFA 12 ||  || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
|-
| Dirt 3 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01287, BLUS-30724, BLUS-30975 (CE) || {{Yes}}
| God of War Origins Collection ||  || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
|-
| Dirt Showdown || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01578 || {{Yes}} DUPLEX
| Goldeneye 007 Reloaded || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Disgaea 4 A Promise Unforgotten ||  || {{Yes}} || {{Yes}} || {{Yes}} || BLUS-30727, BLUS-30783 (Premium), BLES-01225, BLES 01225 (Premium) || {{Yes}}
| Green Lantern: Rise of the Manhunters || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Disney Universe ||  || {{Yes}} || {{Yes}} || {{Yes}} || || {{Yes}}
| Harry Potter And The Deathly Hallows Part 2 || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Dragon Ball Z Ultimate Tenkaichi || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30823 ||  
| Kidou Senshi Gundam Extreme || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Dragon's Dogma || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01356, BLUS-30720 || {{Yes}} EXEtrimALL
| Kung Fu Panda 2 || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Driver San Francisco || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || BLUS-30536, BLES-00892 || {{Yes}} N0DRM
| Lego Pirates of the Caribbean || || || {{Yes}} || {{Yes}} ||
|-
|-
| Dungeon Siege 3 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01161, BLUS-30510 || {{Yes}}
| Lord of the Rings War in the North || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Dynasty Warriors Gundam 3 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01301, BLUS-30703 || {{Yes}}
| Madden NFL 12 || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Eyepet and Friends || {{Yes}} ||  || {{Yes}} || {{Yes}} || BCUS98235 || {{Yes}}
| Monkey Island Collection Special Edition || ||  || {{Yes}} || {{Yes}} ||
|-
|-
| F1 2011 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01311, BLUS-30772 || {{Yes}}
| NBA 2K12 || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| F.E.A.R. 3 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-00963, BLUS-30511 || {{Yes}}
| NCAA Football 12 || ||  || {{Yes}} || {{Yes}} ||
|-
|-
| FIFA 12 || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || BLUS-30809, BLES-01381 ||  
| Need for Speed The_Run || {{Yes}} || || {{Yes}} || {{Yes}} ||
|-
|-
| FIFA Street || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01493 || {{Yes}} E3
| No More Heroes: Heroes Paradise || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Final Fantasy XIII-2 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJM-60382, BLES-01269, BLUS-30776 || {{Yes}}
| Portal 2 || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Gal Gun || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJM60434 ||  
| Pro Evolution Soccer 12 ||  || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
|-
| Game of Thrones || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS30939 || {{Yes}} EXEtrimALL
| Rage || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| God of War Origins Collection ||  || {{Yes}} || {{Yes}} || {{Yes}} || BCUS-98289 ||  
| Ratchet & Clank All 4 One || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Goldeneye 007 Reloaded || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30755 ||  
| Rayman Origins || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Grand Slam Tennis 2 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-00709 || {{Yes}}
| Record of Agarest War Zero || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Green Lantern: Rise of the Manhunters || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES01116, BLUS-30674 || {{Yes}}
| Red Faction Armageddon || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Harry Potter And The Deathly Hallows Part 2 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01307, BLUS-30768 ||  
| Resistance 3 ||  || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
|-
| Hyperdimension Neptunia MK2 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJM-60992 || {{Yes}} N0DRM
| Rune Factory Tides of Destiny || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Idolmaster 2 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJM-60444 ||  
| Saint Seiya Senki || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Jak & Daxter Collection || {{Yes}} ||  || {{Yes}} || {{Yes}} || BCUS-98281 ||  
| Saints Row the Third || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Janes Advanced Strike Fighters || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30333 ||  
| Sengoku Musou 3 Empires || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Jikkyou Powerful Pro Yakyuu 2011 Ketteiban || || || || || || {{Yes}} NoRePack
| Shadow Of The Damned || {{Yes}} || || {{Yes}} || {{Yes}} ||
|-
|-
| Just Dance 3 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01522 ||  
| Sniper Ghost Warrior ||  || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
|-
| Kidou Senshi Gundam Extreme VS || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJS-10131 || {{Yes}} NoRePack
| Sonic Generations || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Kidou Senshi Gundam UC || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJS-10154 || {{Yes}} NoRePack
| Spider-Man Edge of Time ||  || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
|-
| Kingdoms of Amalur Reckoning || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01251 || {{Yes}}
| Super Street Fighter IV Arcade Edition || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Kung Fu Panda 2 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30634 ||  
| Supremacy MMA || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Lego Harry Potter Years 5-7 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30794 ||  
| Tales of Xillia || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Lego Pirates of the Caribbean || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01239, BLUS-30744 ||  
| The Cursed Crusade || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Lord of the Rings War in the North || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30421, BLES-01181 || {{Yes}}
| The Elder Scrolls V Skyrim (+update) || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Madden NFL 12 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01320, BLUS-30770 ||  
| The Idolmaster 2 || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Major League Baseball 2k12 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30931 ||  
| The King Of Fighters 13 || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Mass Effect 3 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30853 || {{Yes}} N0DRM
| Thor God of Thunder || ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Max Payne 3 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-00942, BLUS-30557 || {{Yes}} DUPLEX
| Ultimate Marvel vs Capcom 3 || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Meikyuu Touro Legasista || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJS-10157 ||  
| Warhammer 40000 Space Marine || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Metal Gear Solid HD Collection || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30847, BLES-01419 || {{Yes}}
| White Knight Chronicles II  || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
|-
| Monkey Island Collection Special Edition || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01413 ||  
| X-Man Destiny ||  || {{Yes}} || {{Yes}} || {{Yes}} ||
|-
|-
| MUD FIM Motocross World Championship || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01551 ||
| WWE '12 || {{Yes}} ||  || {{Yes}} || {{Yes}} ||
|-
| Mugen Souls || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJM-60456 ||
|-
| Musou Orochi 2 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJM-60147 || {{Yes}} NoRePack
|-
| Naruto Shippuden Ultimate Ninja Storm Generations || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJS-10156 || {{Yes}} EXEtrimALL
|-
| NBA 2K12 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30830 ||
|-
| N.C.I.S. The Game || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01460 || {{Yes}} N0DRM
|-
| NCAA Football 12 ||  ||  || {{Yes}} || {{Yes}} || BLUS-30745 ||
|-
| Need for Speed The_Run || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01298, BLUS-30757 || {{Yes}} N0DRM
|-
| NeverDead || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30654, BLES-01303 || {{Yes}} DUPLEX, EXEtrimALL
|-
| NHL '12 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01357, BLUS-30791 || {{Yes}}
|-
| Ni no Kuni: Wrath of the White Witch || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJS-10150 || {{Yes}} for update 3.0
|-
| Ninja Gaiden 3 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01524 || {{Yes}} E3
|-
| No More Heroes: Heroes Paradise || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30652, BLES-01101 || {{Yes}}
|-
| Nurarihyon no Mago Hyakki Ryouran Taisen || {{Yes}} ||  || {{Yes}} || {{Yes}} ||  ||
|-
| One Piece Kaizoku Musou || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJM-60416 || {{Yes}} EXEtrimALL
|-
| Order Up || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30904 ||
|-
| Phineas & Ferb Across the 2nd Dimension || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30726 ||
|-
| Portal 2 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30732, BLES-01222 || {{Yes}}
|-
| Pro Evolution Soccer 12 ||  || {{Yes}} || {{Yes}} || {{Yes}} ||  || {{Yes}} 0ac
|-
| Prototype 2 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01532, BLUS-30756 || {{Yes}} EXEtrimALL
|-
| Puss in Boots || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01240, BLUS-30731 ||
|-
| Rage || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01378, BLUS-30485 || {{Yes}}
|-
| Ratchet & Clank All 4 One || {{Yes}} ||  || {{Yes}} || {{Yes}} || BCES-01141, BCUS-98175 ||
|-
| Rayman Origins || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01386, BLUS-30836 || {{Yes}} N0DRM
|-
| Record of Agarest War Zero || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30686 ||
|-
| Red Faction Armageddon || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-00991, BLUS-30585 ||
|-
| Resistance 3 ||  || {{Yes}} || {{Yes}} || {{Yes}} || BCUS-98176, BCES-01118 || {{Yes}}
|-
| Rugby World Cup 2011 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01358 ||
|-
| Rune Factory Tides of Destiny || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30759 || {{Yes}} N0DRM
|-
| Saint Seiya Sanctuary Battle || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01421 || {{Yes}} N0DRM
|-
| Saint Seiya Senki || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJS-10152 ||
|-
| Saints Row the Third || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01342, BLUS-30666 ||
|-
| SBK Generations || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01647 || {{Yes}} N0DRM
|-
| Sengoku Basara 3 Utage || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJM-60389 ||
|-
| Sengoku Musou 3 Empires || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJM-60990 ||
|-
| Shadow Of The Damned || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01276, BLUS-30653 ||
|-
| Shin Sangoku Musou 6 Moushouden || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLAS-50413 ||
|-
| Silent Hill Downpour || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30565 || {{Yes}} E3
|-
| Sniper Elite V2 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01290 || {{Yes}} DUPLEX
|-
| Sniper Ghost Warrior ||  || {{Yes}} || {{Yes}} || {{Yes}} || BLUS-30796 || {{Yes}} DUPLEX
|-
| Snipers Invisible, Silent, Deadly || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01327 || {{Yes}} DUPLEX
|-
| Sonic Generations || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01236, BLUS-30612 || {{Yes}}
|-
| Soul Caliber V || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01250, BLUS-30736 || {{Yes}} N0DRM
|-
| Spider-Man Edge of Time ||  || {{Yes}} || {{Yes}} || {{Yes}} || BLUS-30760 ||
|-
| Splinter Cell Trilogy HD || {{No}} || {{No}} || {{Yes}} || {{Yes}} || BLES01146 || {{Yes}}
|-
| SSX || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01437 || {{Yes}} N0DRM
|-
| Start the Party Save the World || {{Yes}} ||  || {{Yes}} || {{Yes}} || BCES-01273 ||
|-
| Street Fighter X Tekken || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJM-60350, BLES-01252, BLUS-30722 || {{Yes}} N0DRM
|-
| Summer Stars 2012 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01528 || {{Yes}} N0DRM
|-
| Super Star Kartz || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01373, BLUS-30799 || {{Yes}} N0DRM
|-
| Super Street Fighter IV (Arcade Edition) || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30793, BLES-00770 || {{Yes}}
|-
| Supremacy MMA || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30706 ||
|-
| Syndicate || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01371 || {{Yes}} DUPLEX
|-
| Tacchi Shiyo Love Application || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJM-60444 ||
|-
| Tales of Graces F || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30903 ||
|-
| Tales of Xillia || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJS-10120 || {{Yes}}
|-
| Tekken Hybrid || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01454, BLUS-30892 ||
|-
| The Adventures of Tintin The Secret of the Unicorn || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01306 ||
|-
| The Cursed Crusade || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01299 ||
|-
| The Darkness 2 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30743, BLES-01388 ||
|-
| The Elder Scrolls V Skyrim (+update) || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01330, BLUS-30778 ||
|-
| The Idolmaster 2 || {{Yes}} ||  || {{Yes}} || {{Yes}} ||  ||
|-
| The King of Fighters 13 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS30845 ||
|-
| Thor God of Thunder || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01069, BLUS-30539 || {{Yes}} DUPLEX
|-
| Tiger Woods PGA Tour '13 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01490, BLUS-30854 || {{Yes}} DUPLEX
|-
| Tom Clancy's Ghost Recon Future Soldier || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30521, BLES-00924 ||
|-
| Top Gun Hard Lock || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLUS-30858 || {{Yes}} N0DRM
|-
| (Le) Tour De France 2011 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01296 ||
|-
| Twisted Metal || {{Yes}} ||  || {{Yes}} || {{Yes}} || BCES-01010, BCUS-98106 || {{Yes}} DUPLEX
|-
| UFC Personal Trainer || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01170, BLUS-30693 ||
|-
| Ultimate Marvel vs Capcom 3 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01355, BLUS-30787 ||
|-
| Uncharted 3 || {{No}} || {{No}} || {{Yes}} || {{Yes}} || BCES01175 || {{Yes}}
|-
| Under Defeat HD || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLJM-60448 ||
|-
| Warhammer 40000 Space Marine || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01347, BLUS-30432 ||
|-
| Warriors Orochi 3 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01588 ||
|-
| White Knight Chronicles II  || {{Yes}} ||  || {{Yes}} || {{Yes}} || BCES-01085, BLUS-30784 ||
|-
| WWE '12 || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-1439, BLUS-30841 || {{Yes}}
|-
| X-Man Destiny ||  || {{Yes}} || {{Yes}} || {{Yes}} || BLUS-30746 ||
|-
| Yakuza Dead Souls || {{Yes}} ||  || {{Yes}} || {{Yes}} || BLES-01399 ||  
|-
|-
|}
|}
Line 472: Line 227:
Fake proof:
Fake proof:
# Though the 2.3 payload upon execution does relocate itself to 0x80000000007f0000 then continue execution, the USB descriptor is still present, at minimum those 0x20 bytes would need to be removed, or accounted for during the initial execute.  multiMan has no facility for this.
# Though the 2.3 payload upon execution does relocate itself to 0x80000000007f0000 then continue execution, the USB descriptor is still present, at minimum those 0x20 bytes would need to be removed, or accounted for during the initial execute.  multiMan has no facility for this.
# The initial EBOOT.BIN.elf does contain the 2MB flash contents for the dongle, BUT that would need to be carefully extracted (and has been, it too is available on the psdevwiki), again multiMan has no facility for this.
# The initial EBOOT.BIN.elf does contain the 2MB flash contents for the dongle, BUT that would need to be carefully extracted (and has been, it too is available on the ps3devwiki), again multiMan has no facility for this.
# The creating of the folder and copying the files into it was just to make this fake seem more real with additional steps.  multiMan has no code to ever look inside that directory.
# The creating of the folder and copying the files into it was just to make this fake seem more real with additional steps.  multiMan has no code to ever look inside that directory.
# The fact of the matter is that the source code for multiMan was available, and there is NO provisioning in multiMan for "additional" payloads of any kind, the values possible in the .ini file are hard-coded.  It is well documented what payloads work with multiMan, and multiMan will only work with those payloads.
# The fact of the matter is that the source code for multiMan was available, and there is NO provisioning in multiMan for "additional" payloads of any kind, the values possible in the .ini file are hard-coded.  It is well documented what payloads work with multiMan, and multiMan will only work with those payloads.
Line 479: Line 234:


http://pastie.org/private/2dnlv03jlewuyrw9g4he6w
http://pastie.org/private/2dnlv03jlewuyrw9g4he6w
== stupid newssites ==
For some reason newssites ([http://psx-scene.com/forums/content/kado-releases-true-blue-patch-downgraded-ps3-s-1804/]/[http://www.ps3crunch.net/forum/threads/2192-KADO-True-Blue-JB2-Patch-for-Downgraded-consoles] like to be trolled or troll themselves (maybe because they profit from selling these IP-stealing reDRM dongles):
<pre>How to use it:
If you attend to downgrade 3.56+ console and use TB dongle after that then
use this steps (if you already at Rogero CFW V2.0 do the same steps also):
- Dump your NOR flash using Progskeet first if you didn't have a good dump from your console.
- Download patch file attached to this thread.
- Extract this file and you will get 4 folders use patch in folder "Coba_2" to patch your dump using WinSkeet.
- Apply this patch to your dump then flash it to your console.
- Enter a Factory Service Mode using any method you like.
- Use TB CFW with Lv2diag.self to flash your TB CFW in FSM.
- Start your console normally, if it brick just dump this NOR flash again then patch again using "Coba_2" patch.
- If it still bricked use "Coba_3" patch to patch your dump again then flash it back to your console.
- Start console normally, now your console can run TB CFW on downgraded console.
- Power off your console, plug your TB Dongle then power it on again and enjoy .
Credit goes to Kado for this patch
Also a very big thanks goes to:
Abkarino (Me kado gives me this not me),nice69, uf6667, rogero,muggi, eusnl, ago, and all ppl.
Hot Tip:
For every one interested just look at patch2 file it is and empty coreos file with only part of lv0 modified to do this trick
</pre>
There are many wrongs in above statements:
* It is not related to TrueBlue/Cobra, but to installing unmodified (no downgrader patched lv1.self) firmwares on downgraded consoles (which thus have syscon hashes at 3.56+)
* There is no lv0 modified in the patch files, the data still there is just author lazyness
* It can be done so much simpler by just using 3 files and even less stages (mentioned on Downgrader talkpage)
<pre>
<eussNL> kado ?? <eussNL> ROS empty until 366770 <Abkarino> yea, this is what kado said to me : this is an offset for a modified lv0
<kado> eussNL: yes thats not lv0, thats lv2kernel took from rogero
<eussNL> ok, so leftover from FSM
<kado> yup
<eussNL> in that case I was correct in my assumption "<eussNL> btw the unreferenced ros area is not lv0, but leftover from lv2_kernel.self"
</pre>
So much for the trial to make the world believe the lie that they pwned lv0 ;)


== old talk ==
== old talk ==
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)

Templates used on this page: