Lv1.self

From PS3 Developer wiki
Revision as of 22:20, 22 May 2011 by PsiCoLeO (talk | contribs)
Jump to navigation Jump to search

This is the Hypervisor see (Hypervisor Reverse Engineering) and follows the format of every self see(Signed Executable and Linkable Format (SELF))

Embedded Files Segment

lv1 contains many embedded selfs inside of a special segment "Embedded Files Segment" This is a segment within the program itself, loading in a hex editor gives a small file table which appears different from the others that sony has used.

File Table

The file table follows this structure

  • 4 bytes = number of entries
  • 4 bytes = table length

then the file table:

  • 4 bytes = index
  • 4 bytes = start
  • 4 bytes = length

then follows a null terminated string for each file commonly:

  • pme_init
  • sysmgr_ss.fself
  • pme_init.conf
  • ss_init.fself
  • updater_frontend.fself
  • ss_server1.fself
  • ss_server2.fself
  • ss_server3.fself


Files common on lv1

lv1.self delegates a lot of his work to the embedded selfs wich it loads to different process see (Hypervisor Reverse Engineering)

File Description
pme_init
sysmgr_ss.fself
pme_init.conf
ss_init.fself
updater_frontend.fself
ss_server1.fself
ss_server2.fself
ss_server3.fself

lv1.self 3.41

lv1 Embedded files segment

Segment start offset
0x1D0000
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

001D0000  00 00 00 08 00 00 00 E8 00 00 00 00 00 00 00 00  .......è........
001D0010  00 02 48 24 00 00 00 09 00 02 48 24 00 05 F7 90  ..H$......H$..÷.
001D0020  00 00 00 19 00 08 3F B4 00 00 00 AF 00 00 00 27  ......?´...¯...'
001D0030  00 08 40 64 00 03 4E B8 00 00 00 35 00 0B 8F 1C  [email protected]¸...5....
001D0040  00 02 39 F0 00 00 00 4C 00 0D C9 0C 00 08 11 D0  ..9ð...L..É....Ð
001D0050  00 00 00 5D 00 15 DA DC 00 04 A9 40 00 00 00 6E  ...]..ÚÜ..©@...n
001D0060  00 1A 84 1C 00 03 8E D0 70 6D 65 5F 69 6E 69 74  ..„...ŽÐpme_init
001D0070  00 73 79 73 6D 67 72 5F 73 73 2E 66 73 65 6C 66  .sysmgr_ss.fself
001D0080  00 70 6D 65 5F 69 6E 69 74 2E 63 6F 6E 66 00 73  .pme_init.conf.s
001D0090  73 5F 69 6E 69 74 2E 66 73 65 6C 66 00 75 70 64  s_init.fself.upd
001D00A0  61 74 65 72 5F 66 72 6F 6E 74 65 6E 64 2E 66 73  ater_frontend.fs
001D00B0  65 6C 66 00 73 73 5F 73 65 72 76 65 72 31 2E 66  elf.ss_server1.f
001D00C0  73 65 6C 66 00 73 73 5F 73 65 72 76 65 72 32 2E  self.ss_server2.
001D00D0  66 73 65 6C 66 00 73 73 5F 73 65 72 76 65 72 33  fself.ss_server3
001D00E0  2E 66 73 65 6C 66 00 00 7F                       .fself...
Offset Size Value Description
0x00000000 0x04 0x08 number of entries
0x00000004 0x04 0xE8 table length
name start length index Real start (segment start + table length + start)
pme_init 0x0 0x24824 0x00 0x1D00E8
sysmgr_ss.fself 0x24824 0x5f790 0x09 0x1F490C
pme_init.conf 0x83fb4 0xAF 0x19 0x25409C
ss_init.fself 0x84064 0x34eb8 0x27 0x25414C
updater_frontend.fself 0xB8F1C 0x239F0 0x35 0x289004
ss_server1.fself 0xDC90C 0x811D0 0x4C 0x2AC9F4
ss_server2.fself 0x15DADC 0x4A940 0x5D 0x32DBC4
ss_server3.fself 0x1A841C 0x38ED0 0x6E 0x378504

pme_init.conf Example

#
# configuration file for pme_init
#
# notation:
#	boot	name_of_executable	sync/nosync

# sample
boot	ss_init.fself		sync
boot	sysmgr_ss.fself		nosync
boot	pme_shell		nosync

Dump lv1 embedded elfs Script

I did this script quickly to exctract the embedded files within lv1. This script doesn't use the file table, is ugly, but works... anyone feel free to improve it --PsiCoLeO 16:11, 22 May 2011 (CDT)

How to use it

Save the script in a file named

dump_lv1_embedded_files.sh

give it execute permisions

ch mod +x dump_lv1_embedded_files.sh

feed it with decrypted lv1.self

./dump_lv1_embedded_files.sh lv1.elf
#!/bin/bash
# PsiCoLeO 2011
#
# Script to extract the embedded files from lv1.self
# There is no warranty that this script will work for you
# I can not be held responsable of what you do with this script or any damage you get from using it
# Use it as you please

# File names
files=( "pme_init" "sysmgr_ss.fself" "pme_init.conf" "ss_init.fself" "updater_frontend.fself" "ss_server1.fself" "ss_server2.fself" "ss_server3.fself" )

# File sizes
size=( 0x24824 0x5f790 0xAF 0x34eb8 0x239F0 0x811D0 0x4A940 0x38ED0 )

# File offsets
offset=( 0x1D00E8 0x1F490C 0x25409C 0x25414C 0x289004 0x2AC9F4 0x32DBC4 0x378504 )

cont=0

printf "***************************** \n"
printf "* Psicoleo's                * \n"
printf "* Dump lv1 Embedded files   * \n" 
printf "***************************** \n\n"

for file in "${files[@]}"
do
        printf "***************************** \n\n"
        printf "      %s\n" "${file}"
        printf "***************************** \n\n"
	printf "%s\n" "${offset[$cont]}"
	printf "%s\n" "${size[$cont]}"
	printf "%s\n" "${cont}"
	dd if=$1 of=$file bs=1 obs=1 skip=$((${offset[$cont]})) count=$((${size[$cont]}))
	cont=$(($cont+1))
done