ReDRM / Piracy dongles: Difference between revisions
Jump to navigation
Jump to search
m (→FW analysis) |
|||
| Line 175: | Line 175: | ||
====\dev_flash\vsh\resource\explore\xmb\category_game.xml==== | ====\dev_flash\vsh\resource\explore\xmb\category_game.xml==== | ||
====\dev_flash\vsh\resource\explore\xmb\category_video.xml==== | ====\dev_flash\vsh\resource\explore\xmb\category_video.xml==== | ||
= Hardware Dongle = | |||
<table width="100%" align="left"><tr> | |||
<td align="left">[[File:Psjb2-Trueblue-OVERVIEW.jpg|200px|thumb|left|Psjb2 Trueblue - OVERVIEW]]</td> | |||
<td align="left">[[File:Psjb2-Trueblue-TOP.jpg|200px|thumb|left|Psjb2 Trueblue - TOP]]</td> | |||
<td align="left">[[File:Psjb2-Trueblue-BOTTOM.jpg|200px|thumb|left|Psjb2 Trueblue - BOTTOM]]</td></tr></table> | |||
== Components == | |||
=== Actel ProASIC3 A3P250 - FPGA === | |||
128-bit AES <br /> | |||
1,024 bits of user flash memory <br /> | |||
Datasheets and usermanuals: http://www.actel.com/products/pa3/docs.aspx#ds <br /> | |||
Familyroot: http://www.actel.com/products/pa3/ <br /> | |||
=== 24.000 MHz Crystal === | |||
CLK for Actel <br /> | |||
=== AMS1117 2.851049 - Low Dropout Linear Regulator === | |||
Datasheet: http://www.sltdigital.com/product/product_pdf/AMS1117.pdf / http://home1.cyber-labo.co.jp/board/goods/pdf/AMS1117.pdf <br /> | |||
Revision as of 21:31, 6 November 2011
Description
Dongle is DRM to make sure you have the dongle, the firmware 'special' functionality will not work without it. Contentdisc's contain fself'ed eboot.bin's
Downloads
- MFW: Jailbreak2.CFW.rar (172.34 MB)
- Dongle Updater: JB2.Dongle.Updater.rar (2.1 MB)
FW Info
PS3 System Software MFW 3.55-Dongle (Jailbreak2.CFW) filedate: juli 13 2011 2:08:58 174639 KB MD5: 43C522F8897D77B6165F95BCF3409090 SHA1: A64B010DB98996C7E53768D37D4D346F271D5950 CRC32: A32FDD1D CRC16: 6420 HMAC_SHA1: 0x88EF9FEB9BB80ABE7CF68EB3BD76148F7AD6230C Remarks: needs JB2 dongle as DRM
PUP file information Package version: 1 Image version: 47517 File count: 7 Header length: 528 Data length: 178829542 PUP file hash : 88EF9FEB9BB80ABE7CF68EB3BD76148F7AD6230C File 0 Entry id: 0x100 Filename : version.txt Data offset: 0x210 Data length: 13 File hash : 8E533875E1B43B6CBAF5E91663EB7554107B5509 File 1 Entry id: 0x101 Filename : license.xml Data offset: 0x21D Data length: 267513 File hash : B77EFE54859738385DD803E88FB5E807FF1BC6AB File 2 Entry id: 0x103 Filename : update_flags.txt Data offset: 0x41716 Data length: 5 File hash : FD7C893936FDFC668922BE6D119A462111B2BBDB File 3 Entry id: 0x200 Filename : ps3swu.self Data offset: 0x4171B Data length: 5661656 File hash : C61DDE12E75C2218214700D7D49006583F1B968B File 4 Entry id: 0x201 Filename : vsh.tar Data offset: 0x5A7AF3 Data length: 10240 File hash : D9B66E0D2845D71A67D76E7907AB06368CE61E08 File 5 Entry id: 0x202 Filename : dots.txt Data offset: 0x5AA2F3 Data length: 3 File hash : 1AA4749D0EE0D0AE937FBF73BC4B9ACD352F732A File 6 Entry id: 0x300 Filename : update_files.tar Data offset: 0x5AA2F6 Data length: 172890112 File hash : 93A7A95BFCFC263DCB4A18477062FDCC72BE47A0
Content discs
EBOOT.BIN details
SELF header
elf #1 offset: 00000000_00000090 header len: 00000000_00000a80 meta offset: 00000000_000004a0 phdr offset: 00000000_00000040 shdr offset: 00000000_002117f8 file size: 00000000_0021150c auth id: 10100000_01000003 (Unknown) vendor id: 01000002 info offset: 00000000_00000070 sinfo offset: 00000000_00000290 version offset: 00000000_00000390 control info: 00000000_000003c0 (00000000_00000100 bytes) app version: 1.0.0 SDK type: Devkit app type: NP-DRM application
Control info
control flags:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
file digest:
62 7c b1 80 8a b9 38 e3 2c 8c 09 17 08 72 6a 57 9e 25 86 e4
f1 95 cf a4 c0 04 0f c9 14 de 1f 9a 21 4e 10 ca 6b a6 8c 86
NPDRM info:
magic: 4e504400
unk0 : 00000001
unk1 : 00000003
unk2 : 00000001
content_id: IV0002-NPXS00020_00-TEST000000000001
digest: 09 37 f1 32 60 b9 70 02 76 9e e4 0f 7b 10 70 0f
invdigest: f6 c8 0e cd 9f 46 8f fd 89 61 1b f0 84 ef 8f f0
xordigest: 5c 62 a4 67 35 ec 25 57 23 cb b1 5a 2e 45 25 5b
Section header
offset size compressed unk1 unk2 encrypted 00000000_00000a80 00000000_00209dc0 [NO ] 00000000 00000000 [NO ] 00000000_00210a80 00000000_000005b0 [NO ] 00000000 00000000 [NO ] 00000000_00211030 00000000_00000000 [NO ] 00000000 00000000 [NO ] 00000000_00211030 00000000_00000000 [NO ] 00000000 00000000 [NO ] 00000000_00211030 00000000_00000000 [NO ] 00000000 00000000 [NO ] 00000000_00210df8 00000000_00000004 [NO ] 00000000 00000000 [N/A] 00000000_0020a7e0 00000000_00000020 [NO ] 00000000 00000000 [N/A] 00000000_0020a800 00000000_00000040 [NO ] 00000000 00000000 [N/A]
Encrypted Metadata
no encrypted metadata in fselfs.
ELF header
type: Executable file machine: PowerPC64 version: 1 phdr offset: 00000000_00000040 shdr offset: 00000000_00210e08 entry: 00000000_002200f0 flags: 00000000 header size: 00000040 program header size: 00000038 program headers: 8 section header size: 00000040 section headers: 28 section header string table index: 27
FW analysis
FW Changes
Compared to OFW 3.55: ofw-vs-jb2.rar (4.18 MB)
EULA.xml
<str id="msg_updater_10">This update will install PS3 system software version 3.55, modified to support homebrew software and the disc dongle.</str>
Version.txt
3.55-Dongle
CORE_OS_PACKAGE.pkg
lv1.self
Just one patch:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F OFW: 000F5A40 39 20 00 00 9 .. li r9,0 JB2: 000F5A40 39 20 00 01 9 .. li r9,1
This is in lv1_map_htab to allow for RW mapping of all RAM. So who knows how many other lv1 patches are done at runtime.
lv2_kernel.self
dev_flash_010.tar.aa.2010_11_27_051337
\dev_flash\vsh\module\nas_plugin.sprx
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F OFW: 00003250 7C 60 1B 78 |`.x mr r0, r3 JB2: 00003250 38 00 00 00 8... li r0, 0
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F OFW: 00037350 41 9E 00 4C Až.L beq- cr7,4c JB2: 00037350 60 00 00 00 `... nop
"standard pkg patches"
dev_flash_016.tar.aa.2010_11_27_051337
\dev_flash\vsh\resource\explore\xmb\category_game.xml
\dev_flash\vsh\resource\explore\xmb\category_video.xml
Hardware Dongle
Components
Actel ProASIC3 A3P250 - FPGA
128-bit AES
1,024 bits of user flash memory
Datasheets and usermanuals: http://www.actel.com/products/pa3/docs.aspx#ds
Familyroot: http://www.actel.com/products/pa3/
24.000 MHz Crystal
CLK for Actel
AMS1117 2.851049 - Low Dropout Linear Regulator
Datasheet: http://www.sltdigital.com/product/product_pdf/AMS1117.pdf / http://home1.cyber-labo.co.jp/board/goods/pdf/AMS1117.pdf