Talk:PS3Cobra Payload Reverse Engineering

From PS3 Developer wiki
Revision as of 22:21, 3 July 2012 by Euss (talk | contribs)
Jump to navigation Jump to search

Manager payload behaviour

  • Manager/sprx contain lv2ldr keys inside
  • dev_blind is unmounted
  • dev_wflash is mounted writeable
  • Manager contains unself/createself for patching ps2 emu files (to patch a crypto stub and add *install packages* to "/dev_wflash/vsh/resource/explore/xmb/category_game_tool2.xml"), while the message "Installing PS2 support. Please wait..." is displayed

note: mounting dev_flash writeable is also seen with reDRM dongles.

Host

whois:cobra-usb.com

Domain Name ..................... COBRA-USB.COM
Name Server ..................... ns1.myhostadmin.net
ns2.myhostadmin.net                                  
Registrant Name ................. liang wang
Registrant Organization ......... Wang liang
Registrant Address .............. GuangDong ShenZhen HuaQiang 5A
Registrant City ................. ShenZhen
Registrant Province/State ....... GD
Registrant Postal Code .......... 518000
Registrant Country Code ......... cn
Registrant Phone Number ......... 0755-88362654 
Registrant Fax .................. 0755-89206158 
Registrant Email ................ 
Technical Organization .......... liang wang
Technical Address ............... GuangDong ShenZhen HuaQiang 5A
Technical City .................. ShenZhen
Technical Province/State ........ GD
Technical Postal Code ........... 518000
Technical Country Code .......... cn
Technical Phone Number .......... 0755-88362654
Technical Fax ................... 0755-89206158
Technical Email ................. 
Administrative Organization ..... liang wang
Administrative Address .......... GuangDong ShenZhen HuaQiang 5A
Administrative City ............. ShenZhen
Administrative Province/State ... GD
Administrative Postal Code ...... 518000
Administrative Country Code ..... cn
Administrative Phone Number ..... 0755-88362654
Administrative Fax .............. 0755-89206158
Administrative Email ............ 
Billing Organization ............ liang wang
Billing Address ................. GuangDong ShenZhen HuaQiang 5A
Billing City .................... ShenZhen
Billing Province/State .......... GD
Billing Postal Code ............. 518000
Billing Country Code ............ cn
Billing Phone Number ............ 0755-88362654
Billing Fax ..................... 0755-89206158
Billing Email ................... 
Expiration Date ................. 2012-12-07 09:35:00


D/L's

COBRA v2.0 boot //mirror (TDC) dumpsource

COBRA v2 objdump disassembly

COBRA v2 IDA disassembly

PSGrooPIC Cobra v2.00 (not working)

cobra 2.0 exit from ps2 game+boot of ps2 game at 185632.rar (4.48 MB)




Updater v1.0

http://www.ps3hax.net/2011/10/cobra-v4-1-cobra-usb-ps3-updater-v1-0-released/


Cobra Firmwares

Firmware Hash? (in file) Version Remarks
Cobra-USB_Firmware_v1.1.rar (60.28 KB) A2A30E4441BA822FD72747D2219B12B9C4486E0F 00 1A F4 95 AD
Cobra-USB_Firmware_v1.2.rar (61 KB) 5111FFC1DF746F23615959D521281B68C4486E0F 01 1A F4 95 AD
Cobra-USB_Firmware_v2.0.rar (118.42 KB) CF17BAD4E92D480C43503D3DAB94A6577FF64588 02 2A 42 43 E6
Cobra-USB_Firmware_v3.0.rar (147.52 KB) 85E8A2AE796A4FA39DA7FB11319E5315B5B6A39B 03 6F E1 29 08
Cobra-USB_Firmware_v3.1.rar (148.99 KB) 437111595DF345B4B12EF4A597A4E4B19BDB12FB 04 2D 6E A6 2B
Cobra-USB_Firmware_v3.2.rar (153.06 KB) 0803227CF2640845DB8DC00AF3BE58740D0B5273 05 A4 0F 75 59
Cobra-USB_Firmware_v3.3.rar (153.87 KB) FB9F197B85B62C428FD855C51290C9B1BCE48039 06 64 E3 6A 37
Cobra-USB_Firmware_v4.0.rar (171.89 KB) 1CC06C6BCA55033D628F2C7E0545C8ADB459E7CB 07
Cobra-USB_Firmware_v4.1.rar (174.44 KB) EAF8F9730B41D18F4939C1261CC856FA047418DA 08
Cobra-USB_Firmware_v4.2.rar (175.21 KB) 373B1234BCE9E5C4A6A043E389F1440075367626 09
Cobra-USB_Firmware_v4.3.rar (184.56 KB) A57D0359E1A002E38357BDAE83B32BD81AA5B433 0A

Header

Example 1.1 / 1.2

1.1 1.2
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   
00000000  43 4F 42 52 41 00 00 00 A2 A3 0E 44 41 BA 82 2F  COBRA...¢£.DAº‚/
00000010  D7 27 47 D2 21 9B 12 B9 C4 48 6E 0F 1A F4 95 AD  ×'GÒ!›.¹ÄHn..ô•­
00000020  2E 1C 9E 29 E9 43 7E 0A 95 24 D3 F9 6C AB 1A 75  ..ž)éC~.•$Óùl«.u
00000030  56 FC BD 77 5A 3C 72 9E 41 89 09 06 E2 2B 4F 40  Vü½wZ<ržA‰..â+O@
00000040  68 6F C5 F0 EA EF 4B 80 12 DF ED 72 8B 7F 08 E5  hoÅðêïK€.ßír‹..å
00000050  5E 98 FF 51 0D FD 30 BB 7E C8 6A D1 10 62 8D BC  ^˜ÿQ.ý0»~ÈjÑ.b.¼
00000060  FD BB 02 EE A2 89 F5 71 81 7D 25 A0 08 CA 18 6F  ý».õq.}% .Ê.o

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   
00000000  43 4F 42 52 41 00 00 00 51 11 FF C1 DF 74 6F 23  COBRA...Q.ÿÁßto#
00000010  61 59 59 D5 21 28 1B 68 C4 48 6E 0F 1A F4 95 AD  aYYÕ!(.hÄHn..ô•­
00000020  3E F1 4E 41 92 05 28 48 FD 18 07 8D 78 E4 8F 19  >ñNA’.(Hý...xä..
00000030  16 AF 29 A2 06 E7 99 DB DC 28 27 8B 50 02 DA 29  .¯)¢.ç™ÛÜ('‹P.Ú)
00000040  68 6F C5 F0 EA EF 4B 80 12 DF ED 72 8B 7F 08 E5  hoÅðêïK€.ßír‹..å
00000050  5E 98 FF 51 0D FD 30 BB 7E C8 6A D1 10 62 8D BC  ^˜ÿQ.ý0»~ÈjÑ.b.¼
00000060  B6 89 8F 0D 1A 41 14 66 F1 5A A6 1F FD 81 22 A4  ¶‰...A.fñZ¦.ý."¤
Address Length Value Description
0x00 0x5 0x434F425241 Magic "COBRA"
0x05 0x1 0x0 Unknown, always 0x0
0x06 0x1 0x0 Updaterversion? (always 0x0 for 3.3 and older, always 0x1 for 4.x)
0x07 0x1 0x0 Unknown, always 0x0
0x08 0x14 0xA2A30E4441BA822FD72747D2219B12B9C4486E0F Hash?
0x1C 0x4 0x1AF495AD Unknown, both 1.1 and 1.2 has same value 0x1AF495AD

Example 2.0 / 3.0 / 3.1 / 3.2 / 3.3

2.0 3.0 3.1 3.2 3.3
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  43 4F 42 52 41 00 00 00 CF 17 BA D4 E9 2D 48 0C  COBRA...Ï.ºÔé-H.
00000010  43 50 3D 3D AB 94 A6 57 7F F6 45 88 2A 42 43 E6  CP==«”¦W.öEˆ*BCæ
00000020  F4 C4 31 CB 73 A7 1F 6F 68 6F C5 F0 EA EF 4B 80  ôÄ1Ës§.ohoÅðêïK€
00000030  12 DF ED 72 8B 7F 08 E5 5E 98 FF 51 0D FD 30 BB  .ßír‹..å^˜ÿQ.ý0»
00000040  7E C8 6A D1 10 62 8D BC 65 56 02 DD 26 3E D0 B8  ~ÈjÑ.b.¼eV.Ý&>и
00000050  41 9C E4 EA 5E 12 4A E0 7D 4F 7A 52 C0 97 28 33  Aœäê^.Jà}OzRÀ—(3
00000060  09 7A 19 D1 28 B5 7B EA 0D 71 72 57 70 8F 3C 8F  .z.Ñ(µ{ê.qrWp.<.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  43 4F 42 52 41 00 00 00 85 E8 A2 AE 79 6A 4F A3  COBRA...…袮yjO£
00000010  9D A7 FB 11 31 9E 53 15 B5 B6 A3 9B 6F E1 29 08  .§û.1žS.µ¶£›oá).
00000020  F2 4D 55 B0 A9 72 FF C2 3B 75 82 CB D3 F9 EC 4E  òMU°©rÿÂ;u‚ËÓùìN
00000030  E0 52 07 1E E4 AF BC 76 38 E3 04 0D 22 C2 E9 5A  àR..䯼v8ã.."ÂéZ
00000040  E7 BE 2D B4 37 F6 4F 76 9C 88 3F DC D6 DE 1A FE  ç¾-´7öOvœˆ?ÜÖÞ.þ
00000050  8B 50 B0 66 B1 4D AF 83 D3 B5 F7 B3 AF C2 FE 6E  ‹P°f±M¯ƒÓµ÷³¯Âþn
00000060  06 F6 2A FD F7 C6 8E 2A 51 DA 9A B1 2E 26 85 41  .ö*ý÷ÆŽ*QÚš±.&…A
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  43 4F 42 52 41 00 00 00 43 71 11 59 5D F3 45 B4  COBRA...Cq.Y]óE´
00000010  B1 2E F4 A5 97 A4 E4 B1 9B DB 12 FB 2D 6E A6 2B  ±.ô¥—¤ä±›Û.û-n¦+
00000020  35 D9 C6 C2 86 52 9C 33 D7 5E 80 30 90 5E 0B 28  5ÙƆRœ3×^€0.^.(
00000030  74 F5 A8 44 E9 07 78 6D 2F 05 15 8D 30 72 34 0B  tõ¨Dé.xm/...0r4.
00000040  D9 60 EC 57 B9 A6 15 51 EA B5 C8 F3 5D 81 87 39  Ù`ìW¹¦.QêµÈó].‡9
00000050  C4 17 06 1A 2F 69 DB A4 46 A6 9C 0E 04 2F B2 C9  Ä.../iÛ¤F¦œ../²É
00000060  60 17 EF A1 95 E8 AD 6D 93 D7 AD B1 76 75 77 68  `.ï¡•è­m“×­±vuwh
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  43 4F 42 52 41 00 00 00 08 03 22 7C F2 64 08 45  COBRA....."|òd.E
00000010  DB 8D C0 0A F3 BE 58 74 0D 0B 52 73 A4 0F 75 59  Û.À.ó¾Xt..Rs¤.uY
00000020  B9 49 94 7C F8 DC 83 E5 D7 5E 80 30 90 5E 0B 28  ¹I”|ø܃å×^€0.^.(
00000030  74 F5 A8 44 E9 07 78 6D 2F 05 15 8D 30 72 34 0B  tõ¨Dé.xm/...0r4.
00000040  D9 60 EC 57 B9 A6 15 51 EA B5 C8 F3 5D 81 87 39  Ù`ìW¹¦.QêµÈó].‡9
00000050  C4 17 06 1A 2F 69 DB A4 46 A6 9C 0E 04 2F B2 C9  Ä.../iÛ¤F¦œ../²É
00000060  60 17 EF A1 95 E8 AD 6D 93 D7 AD B1 76 75 77 68  `.ï¡•è­m“×­±vuwh
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  43 4F 42 52 41 00 00 00 FB 9F 19 7B 85 B6 2C 42  COBRA...ûŸ.{…¶,B
00000010  8F D8 55 C5 12 90 C9 B1 BC E4 80 39 64 E3 6A 37  .ØUÅ..ɱ¼ä€9dãj7
00000020  FC B0 8E AB 67 53 C3 FD B8 DD 39 6B BB AC 8A B7  ü°Ž«gSÃý¸Ý9k»¬Š·
00000030  1E 2D BB A5 4C 76 49 2B 41 54 0D 4E E3 9D C6 9F  .-»¥LvI+AT.Nã.ÆŸ
00000040  5A 00 00 5D 2A 41 25 BF 1E 84 35 44 43 F6 82 9B  Z..]*A%¿.„5DCö‚›
00000050  46 90 9F 1C 80 56 9A B8 B5 BB BA 43 BE 58 D0 8B  F.Ÿ.€Vš¸µ»ºC¾XЋ
00000060  82 51 12 25 AD D0 19 EE 65 26 26 91 0F E3 86 4A  ‚Q.%­Ð.îe&&‘.ã†J

Example 4.0 / 4.1 / 4.2 / 4.3

4.0 4.1 4.2 4.3
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  43 4F 42 52 41 00 01 00 1C C0 6C 6B CA 55 03 3D  COBRA....ÀlkÊU.=
00000010  62 8F 2C 7E 05 45 C8 AD B4 59 E7 CB 00 00 07 00  b.,~.EÈ­´YçË....
00000020  43 6F 62 72 61 20 55 53 42 20 46 69 72 6D 77 61  Cobra USB Firmwa
00000030  72 65 20 34 2E 30 00 00 00 00 00 00 00 00 00 00  re 4.0..........
00000040  08 45 60 67 D5 4F 85 CA 6B C4 69 64 EA B0 92 FD  .E`gÕO…ÊkÄidê°’ý
00000050  3A 61 A3 94 41 8E A4 F5 3A 1C A0 D0 DE CC 15 9E  :a£”AŽ¤õ:. ÐÞÌ.ž
00000060  45 71 95 8C E8 DA 52 46 33 8A D7 E6 6A 6D 83 25  Eq•ŒèÚRF3Š×æjmƒ%
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  43 4F 42 52 41 00 01 00 EA F8 F9 73 0B 41 D1 8F  COBRA...êøùs.AÑ.
00000010  49 39 C1 26 1C C8 56 FA 04 74 18 DA 00 00 08 00  I9Á&.ÈVú.t.Ú....
00000020  43 6F 62 72 61 20 55 53 42 20 46 69 72 6D 77 61  Cobra USB Firmwa
00000030  72 65 20 34 2E 31 00 00 00 00 00 00 00 00 00 00  re 4.1..........
00000040  CE 6A 02 37 5E D8 B6 01 6C FE 2D F3 87 58 BE B0  Îj.7^ض.lþ-ó‡X¾°
00000050  69 74 DA 0F D9 3B E7 7A 2F 82 5E 7F 12 6B D8 68  itÚ.Ù;çz/‚^..kØh
00000060  C3 7A CB CC 6D BA 02 0B 58 D0 05 53 B6 84 CE 3A  ÃzËÌmº..XÐ.S¶„Î:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  43 4F 42 52 41 00 01 00 37 3B 12 34 BC E9 E5 C4  COBRA...7;.4¼éåÄ
00000010  A6 A0 43 E3 89 F1 44 00 75 36 76 26 00 00 09 00  ¦ Cã‰ñD.u6v&....
00000020  43 6F 62 72 61 20 55 53 42 20 46 69 72 6D 77 61  Cobra USB Firmwa
00000030  72 65 20 34 2E 32 00 00 00 00 00 00 00 00 00 00  re 4.2..........
00000040  27 63 F4 92 8B 68 28 81 39 26 5C A8 58 20 F2 48  'cô’‹h(.9&\¨X òH
00000050  69 74 DA 0F D9 3B E7 7A 2F 82 5E 7F 12 6B D8 68  itÚ.Ù;çz/‚^..kØh
00000060  01 D5 1B 38 D4 F7 4B CD 58 D0 05 53 B6 84 CE 3A  .Õ.8Ô÷KÍXÐ.S¶„Î:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  43 4F 42 52 41 00 01 00 A5 7D 03 59 E1 A0 02 E3  COBRA...¥}.Yá .ã
00000010  83 57 BD AE 83 B3 2B D8 1A A5 B4 33 00 00 0A 00  ƒW½®ƒ³+Ø.¥´3....
00000020  43 6F 62 72 61 20 55 53 42 20 46 69 72 6D 77 61  Cobra USB Firmwa
00000030  72 65 20 34 2E 33 00 00 00 00 00 00 00 00 00 00  re 4.3..........
00000040  AF 27 77 7E E2 42 ED AD 81 89 24 09 84 D8 44 31  ¯'w~âBí­.‰$.„ØD1
00000050  F8 DB AD 01 20 E4 FF 09 8C 8F 54 56 59 A6 0C 57  øÛ­. äÿ.Œ.TVY¦.W
00000060  4E C6 F8 93 61 15 30 94 79 EB 7F 6E B0 78 78 50  NÆø“a.0”yë.n°xxP
Structure
Address Length Value Description
0x00 0x5 0x434F425241 Magic "COBRA"
0x05 0x1 0x0 Unknown, always 0x0
0x06 0x1 0x0 Updaterversion? (always 0x0 for 3.3 and older, always 0x1 for 4.x)
0x07 0x1 0x0 Unknown, always 0x0
0x08 0x14 0x373B1234BCE9E5C4A6A043E389F1440075367626 Hash
0x1C 0x1 0x0 Unknown
0x1D 0x1 0x0 Unknown
0x1E 0x1 0xA Version (0x0A for 4.3, 0x09 for 4.2, 0x08 for 4.1, 0x07 for 4.0)
0x1F 0x1 0x0 Unknown
0x20 0x20 0x436F62726120555342204669726D7761726520342E31 Filename ASCII: "Cobra USB Firmware 4.3"