ReDRM / Piracy dongles: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
Line 192: Line 192:
   blank = Security Feature : no IP license
   blank = Security Feature : no IP license
   blank = Temperature Range: Commercial (0°C to +70°C Ambient Temperature)
   blank = Temperature Range: Commercial (0°C to +70°C Ambient Temperature)
[[:File:VQ100.png]] <br />
128-bit AES <br />
128-bit AES <br />
1,024 bits of user flash memory <br />
1,024 bits of user flash memory <br />

Revision as of 21:57, 6 November 2011

Description

Dongle is DRM to make sure you have the dongle, the firmware 'special' functionality will not work without it. Contentdisc's contain fself'ed eboot.bin's

Downloads

FW Info

PS3 System Software

MFW 3.55-Dongle (Jailbreak2.CFW)
filedate: juli 13 2011 2:08:58
174639 KB
MD5: 43C522F8897D77B6165F95BCF3409090
SHA1: A64B010DB98996C7E53768D37D4D346F271D5950
CRC32: A32FDD1D
CRC16: 6420
HMAC_SHA1: 0x88EF9FEB9BB80ABE7CF68EB3BD76148F7AD6230C

Remarks: needs JB2 dongle as DRM
PUP file information
Package version: 1
Image version: 47517
File count: 7
Header length: 528
Data length: 178829542
PUP file hash : 88EF9FEB9BB80ABE7CF68EB3BD76148F7AD6230C
	File 0
	Entry id: 0x100
	Filename : version.txt
	Data offset: 0x210
	Data length: 13
File hash : 8E533875E1B43B6CBAF5E91663EB7554107B5509
	File 1
	Entry id: 0x101
	Filename : license.xml
	Data offset: 0x21D
	Data length: 267513
File hash : B77EFE54859738385DD803E88FB5E807FF1BC6AB
	File 2
	Entry id: 0x103
	Filename : update_flags.txt
	Data offset: 0x41716
	Data length: 5
File hash : FD7C893936FDFC668922BE6D119A462111B2BBDB
	File 3
	Entry id: 0x200
	Filename : ps3swu.self
	Data offset: 0x4171B
	Data length: 5661656
File hash : C61DDE12E75C2218214700D7D49006583F1B968B
	File 4
	Entry id: 0x201
	Filename : vsh.tar
	Data offset: 0x5A7AF3
	Data length: 10240
File hash : D9B66E0D2845D71A67D76E7907AB06368CE61E08
	File 5
	Entry id: 0x202
	Filename : dots.txt
	Data offset: 0x5AA2F3
	Data length: 3
File hash : 1AA4749D0EE0D0AE937FBF73BC4B9ACD352F732A
	File 6
	Entry id: 0x300
	Filename : update_files.tar
	Data offset: 0x5AA2F6
	Data length: 172890112
File hash : 93A7A95BFCFC263DCB4A18477062FDCC72BE47A0


Content discs

EBOOT.BIN details

SELF header

 elf #1 offset:  00000000_00000090
 header len:     00000000_00000a80
 meta offset:    00000000_000004a0
 phdr offset:    00000000_00000040
 shdr offset:    00000000_002117f8
 file size:      00000000_0021150c
 auth id:        10100000_01000003 (Unknown)
 vendor id:      01000002
 info offset:    00000000_00000070
 sinfo offset:   00000000_00000290
 version offset: 00000000_00000390
 control info:   00000000_000003c0 (00000000_00000100 bytes)
 app version:    1.0.0
 SDK type:       Devkit
 app type:       NP-DRM application

Control info

 control flags:
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 file digest:
    62 7c b1 80 8a b9 38 e3 2c 8c 09 17 08 72 6a 57 9e 25 86 e4
    f1 95 cf a4 c0 04 0f c9 14 de 1f 9a 21 4e 10 ca 6b a6 8c 86
 NPDRM info:
   magic: 4e504400
   unk0 : 00000001
   unk1 : 00000003
   unk2 : 00000001
   content_id: IV0002-NPXS00020_00-TEST000000000001
   digest:     09 37 f1 32 60 b9 70 02 76 9e e4 0f 7b 10 70 0f
   invdigest:  f6 c8 0e cd 9f 46 8f fd 89 61 1b f0 84 ef 8f f0
   xordigest:  5c 62 a4 67 35 ec 25 57 23 cb b1 5a 2e 45 25 5b

Section header

   offset             size              compressed unk1     unk2     encrypted
   00000000_00000a80  00000000_00209dc0 [NO ]      00000000 00000000 [NO ]
   00000000_00210a80  00000000_000005b0 [NO ]      00000000 00000000 [NO ]
   00000000_00211030  00000000_00000000 [NO ]      00000000 00000000 [NO ]
   00000000_00211030  00000000_00000000 [NO ]      00000000 00000000 [NO ]
   00000000_00211030  00000000_00000000 [NO ]      00000000 00000000 [NO ]
   00000000_00210df8  00000000_00000004 [NO ]      00000000 00000000 [N/A]
   00000000_0020a7e0  00000000_00000020 [NO ]      00000000 00000000 [N/A]
   00000000_0020a800  00000000_00000040 [NO ]      00000000 00000000 [N/A]

Encrypted Metadata

 no encrypted metadata in fselfs.

ELF header

 type:                                 Executable file
 machine:                              PowerPC64
 version:                              1
 phdr offset:                          00000000_00000040
 shdr offset:                          00000000_00210e08
 entry:                                00000000_002200f0
 flags:                                00000000
 header size:                          00000040
 program header size:                  00000038
 program headers:                      8
 section header size:                  00000040
 section headers:                      28
 section header string table index:    27

FW analysis

FW Changes

Compared to OFW 3.55: ofw-vs-jb2.rar (4.18 MB)

EULA.xml

	<str id="msg_updater_10">This update will install PS3 system software version 3.55, modified to support homebrew software and the disc dongle.</str> 

Version.txt

3.55-Dongle

CORE_OS_PACKAGE.pkg

lv1.self

Just one patch:

        Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  OFW:  000F5A40              39 20 00 00                              9 ..       li      r9,0
  JB2:  000F5A40              39 20 00 01                              9 ..       li      r9,1

This is in lv1_map_htab to allow for RW mapping of all RAM. So who knows how many other lv1 patches are done at runtime.

lv2_kernel.self

dev_flash_010.tar.aa.2010_11_27_051337

\dev_flash\vsh\module\nas_plugin.sprx

         Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   OFW:  00003250                                      7C 60 1B 78              |`.x    mr r0, r3
   JB2:  00003250                                      38 00 00 00              8...    li r0, 0


         Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   OFW:  00037350  41 9E 00 4C                                      Až.L    beq-    cr7,4c
   JB2:  00037350  60 00 00 00                                      `...    nop

"standard pkg patches"

dev_flash_016.tar.aa.2010_11_27_051337

\dev_flash\vsh\resource\explore\xmb\category_game.xml

\dev_flash\vsh\resource\explore\xmb\category_video.xml

Hardware Dongle

Psjb2 Trueblue - OVERVIEW
Psjb2 Trueblue - TOP
Psjb2 Trueblue - BOTTOM

Components

Actel ProASIC3 A3P250 - FPGA

  A3P250 = 250,000 System Gates
  blank = Speed Grade: Standard
  VQ = Package Type: Very Thin Quad Flat Pack (0.5mm pitch)
  G = Lead-Free Packaging: RoHS-Compliant (Green)
  100 = Package Lead Count : 100 pins
  blank = Security Feature : no IP license
  blank = Temperature Range: Commercial (0°C to +70°C Ambient Temperature)

File:VQ100.png
128-bit AES
1,024 bits of user flash memory
Datasheets and usermanuals: http://www.actel.com/products/pa3/docs.aspx#ds
Familyroot: http://www.actel.com/products/pa3/

24.000 MHz Crystal

CLK for Actel

AMS1117 2.851049 - Low Dropout Linear Regulator

Datasheet: http://www.sltdigital.com/product/product_pdf/AMS1117.pdf / http://home1.cyber-labo.co.jp/board/goods/pdf/AMS1117.pdf
File:AMS1117 - SOT-223.png