December, 2010 | PS3Hax Network

Waninkoko’s FwTool Source Code Pushed

Posted by PS3Hax Member News , on 31/12/2010 , @ 10:31pm

Waninkoko pushed FwTool source code.

Developer Waninkoko has pushed his FwTool source code onto GitHub. Once compiled, you can use FwTool to encrypt and decrypt packages

Source 1 forum.jailbreakscene.com

Source 2 PSX Scene

GitHub Source Code

[WIP] SuiteApp – Open Source Multi Text Reader

Posted by GregoryRasputin , on 31/12/2010 , @ 04:24pm

For a while now, i have know that facanferff has been working on a text reader, for various file types, today Dukio reported on his WIP, here is what they said:

you can expect these features in the upcoming SuiteApp:

* Open a document;
* Fast reading;
* Settings page: Font size, screen lines, background colour, font colour;
* Supports now: *.txt, *.cpp, *.c, *.h, *.ini, *.bin, *.htm, *.aspx, *.php, *.asp, *.xml
* Now files big (e.g. 1 Gb) doesn’t take time to load
* Added option to download things (will be used for update and download/open files from websites)
* File Browser to select document
* Option to increase/decrease font size
* Option to increase/decrease number of lines of the document to be read
* Return to File Browser when you are inside a document (R3)
* Working in binary mode (for bin files)

SOURCE

To keep up with facanferff’s progress, visit his Twitter here

Tutorial: Custom PS3 Boot Logos (SD)

Posted by Pirate , on 31/12/2010 , @ 11:37am

Ihatecompvir has released a tutorial on how to change your PS3′s boot logo/image. Currently his method only works for SD resolutions, and the image is only static – but it is now out there for all of you to try and come up with something creative (and figure out how to make it work for HD res). Don’t forget to backup your original RAF file before starting.

To quote:
I used SimplyZIP to decompress the RAF starting at the Zlib header (78DA) to the end of the file.

Now that you have the RAF file decompressed, it’s basically a P3T (yes, Sony are that lazy) After this, you just need to run it through P3T Decompiler or whatever because you can’t actually get the source files for the logo (no converter will convert them properly and I can’t manually get them to show) you need to create a DDS File with these sizes:

* Any gtf with _sd in the name – Standard Definition – 240 x 120
* Any gtf without _sd in the name – High Definition – 700 x 350

The file sizes:

* HD Files – 486,656 Bytes
* SD Files – 57,088 Bytes

After making a DDS you feel is appropriate, you need to get it into the GTF format. There is a gtf/dds tool in the PS3 SDK that does this but I am not allowed to share it because I believe it is illegal. If this gets popular, a tool will almost certainly be written which will not be illegal.

After having your gtf, you’ll need to create a file with the appropriate size as shown above. Go into the gtf in a hex editor and copy it. Go into the file with the size you just made and paste-write it into the file (some hex editors dont support this, its basically pasting but overwriting)

Save it. Most of your work is done. Now you must take the original gtf, copy it all in hex, then search for it in the raf. When it finds the match, just go to the beginning of the match, and paste-write. It should completely overwrite the gtf and the thing you should then see is the beginning of the next gtf. You’ve now written a new file into the raf.

From here, you just compress the raf with SimplyZip, then take the compressed file simplyzip gives you and insert it into the original raf. Most likely, the raf will have gained in size. This is 100% normal, as the original Sony files didn’t have much in them due to the fact that is mostly empty files with a PS logo in one solid color.

[VIA PSX-Scene]

GeoHot Releases dePKG – Firmware Package Decrypter

Posted by PS3Hax Member News , on 31/12/2010 , @ 07:37am

I already posted something about this in the Epic Fail thread but now it is official:

The famous Geohot resurfaced today, to release a useful app called dePKG. The app is very useful for devs that are planning to look into Sony’s official firmware files. dePKG is a linux app that will decrypt PKG files (not to be confused with PSN PKG files) that are within PS3UPDAT.PUP files. This will allow devs to take a look at files such as CORE_OS_PACKAGE.pkg, from the convenience of their PC. Previously, the only way to take a look at these files was via graf_chokolo’s method which utilized the PS3. Geohot’s app is ready to be compiled and includes necessary decryption keys.

Source PSX Scene
Source PSGroove
Download
Download Win32 Version

fail0verflow Demos PS3 Exploit at CCC

Posted by Pirate , on 30/12/2010 , @ 12:26pm

marcan, a member of Team fail0verflow, has demoed his teams new PS3 exploit and shows him booting a PS3 slim straight into a Linux kernel. You can see the original presentation about this exploit here.

Full video below (thanks to PSGroove for providing it):

Download PDF slides of the presentation here.

PS3′s Dreamcast Emulator Compiles And Works With PSL1GHT

Posted by PS3Hax Member News , on 30/12/2010 , @ 08:50am

Here’s an update of the nullDC emulator being worked on by drk||Raziel:

According to developer drk||Raziel, the nullDC emulator has been successfully compiled using the open source PSL1GHT SDK and is running as should, but there are a few problems ahead. -jailbreakscene.com

from developer drk||Raziel:

the good : ndce compiles and works with psl1ght
the bad: it has no 3d out yet. This was quite a bit more complex than initially thought, and I had far less time than planned.
the ugly: I’m leaving for vacations tomorrow, so don’t expect anything fancy the following week

SOURCE

CCC: “PS3 Security is Epic Fail”. fail0verflow Project.

Posted by Pirate , on 29/12/2010 , @ 12:10pm

If you missed the Chaos Communication Congress conference, then we have the summary for you of all the goodies you missed right here.

We basically learned that the PS3 security is now “epic fail”, and the 360 is currently a more secure system compared to the PS3.

To quote:

The first few minutes of the conference were spent explaining the state of security on other consoles (Wii, 360, etc). Following this, the group went on to explain the current state of affairs on the PS3. First, explaining Geohot’s memory line glitching exploit from earlier this year. The team then went on to explain the current PS3 security bypasses, such as jailbreaking and service mode/downgrading.

Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs Following this, the team declared Sony’s security to be EPIC FAIL!

The recent advent of these new exploits means current firmware is vulnerable, v3.55 and possibly beyond. It will be very difficult for Sony to fix the described exploits.

The team then displayed the website http://fail0verflow.com/ were we assume will host examples of the new exploits and further details. They stated that easy to use tools would be coming next month.

Sounds like great news for us .

Here are some of the latest Twitter updates for fail0verflow:

@KushanTheCat our goal is to have linux running on all existing PS3 consoles, whatever their firmware versions.
Our current PS3 goal: AsbestOS.pup

[More info at fail0verflow and fail0verflow Twitter, via PSGroove]

27C3 – Console Hacking 2010 from Yifan Lu on Vimeo.

NDS3 – Video of the Nintendo DS Emulator

Posted by PS3Hax Member News , on 29/12/2010 , @ 11:52am

The French site PS3Gen.fr has released a video of the emulator Nintendo DS, developed by Anonymous, the new name of the emulator is NDS3. Here is a summary of the news :

There are some days that the site PS3Gen.fr has announced in exclusivity the new creation of Anonymous, which is a porting of an emulator Nintendo DS. Its name is now NDS3, this emulator has improved, so we decided to make a video of the latest draft to show you the progression.

Since the last version, Anonymous had restart porting of the emulator DeSmuME to adapt with the PowerPC architecture of the PlayStation 3. Now, the console is capable of using the CPU successfully to comfortably play 3D games, they were accelerated by 7 times compared to the first version. However, the emulator is still under development and 3D games are not yet optimized to their fullest. We present two games in this video, Yoshi’s Island DS and Mario & Luigi: Partners in Time. To make the most of the gameplay offered by the emulator, we cut the cutscenes.

As you see, the 2D games are very fluid and require almost no more work, Anonymous will now concentrate on the most advanced games to optimize the architecture of the PlayStation 3. The video is available below, we will give you more information, always exclusive, as soon as development progresses.

Source : PS3Gen.fr

Chaos Communication Congress – Console Hacking – 3PM GMT – 29/12/2010

Posted by GregoryRasputin , on 29/12/2010 , @ 09:29am

Well the PS3 is hacked, what else do we need, well we will find out in about forty minutes, marcan, famous for AsbestOS and hacking Kinect, along with bushing, sven and segher will be holding an hour long conference at the CCC(Chaos Communication Congress), on the circumventing process of the PS3, marcan also promises to reveal information on new hacks, could this be the accidentally leaked recovery mode for PS3, we will all find out quite soon, so check these links for live video or audio streaming:

Slides
http://saal1.slides.27c3.fem-net.de/

H.264
http://saal1.h264.27c3.fem-net.de/

WMV
http://wmv.27c3.fem-net.de/saal1
http://www.stream-host.de/flowplayer/flow.html
rtmp://rtmp1.stream-host.de/rtmp/saal1_lq

Audio
http://audio.27c3.fem-net.de/27c3_saal1.ogg

grandy over at PSGroove will also be hosting it here

Official CCC Website

[Release] MD5 PSHasher – PS3 Firmware Update Pup Checker

Posted by GregoryRasputin , on 28/12/2010 , @ 11:02am

DanyL a valued member of PSX Scene has created quite a handy tool, it checks the firmware you have on your computer, this will help those of you that have downloaded a Jailbreakable firmware and want to check that it is indeed the firmware you believe it to be, here is a quote from the dev at the source:

Hello PSX-Scene, I’m releasing a new handy tool called MD5 PSHasher. I got the idea yesterday in the morning and started developing it.. I amazed myself how quickly I developed it…

Features:
1. Show you the MD5 of the .pup file you chose.
2. Show you which firmware is in the .pup file.
3. Tell you if the firmware is Jailbreakable or downgradeable.
4. Built-in updater.

Currently I got the following firmwares at the database:
* Original US 3.41
* US 3.21
* US 3.42
* US 3.30
* US 3.01
* Modified 3.41
* US 3.15
* US 3.40
* US 3.50
* US 3.10
* US 3.00
* v3.55
* Quiet release US 3.41

If you want to submit firmwares to the program just post here a comment with the following details:
Firmware:
MD5:
JailBreakable
Downgradeable:

Enjoy!

Here are some images:

Firmware 1.30

Firmware 3.15

Firmware 3.50

SOURCE PSX SCENE
Via Dukio
DOWNLOAD

PS3 Dongle ID Key Generator

Posted by PS3Hax Member News , on 28/12/2010 , @ 07:56am

Well, the master key is out and about now so here’s a convenient little application to generate your dongle id keys.

Straight forward to use.

Linux only – will compile a Windows build if needed.

Originally Posted by readme.txt

p3kg – Xtse

Description
Generates a Dongle ID Key based on the Dongle ID provided.
Usage
./p3kg
Example
./p3kg 0xAABB

Note: must be 2 bytes (4 characters) and prefixed with 0x
I.e. 0x0AA will not work; 0x00AA will.

When I wrote this I hard-coded the revoke list on graf_chokolo’s wiki so credits to him and all of his hard work.

If you want source code, let me know – I’ll make a few changes – tidy it up and post it as well.

Link: http://www.mediafire.com/?e52oddvlmtw8d2j

Graf_Chokolo Exploits HV Through lv2 gameOS

Posted by PS3Hax Member News , on 27/12/2010 , @ 06:51pm

That is it guys!! almost full control of the Ps3 now! Hacker Extraordinaire Graf_Chokolo announced minutes ago that he successfully exploited the hypervisor through gameOS here is what he had to say on the matter:

—Quote—
I have just exploited and dumped HV 3.15 from GameOS

I used memory glitching like Geohot to get dangling HTAB entry but 2nd and 3rd stages are quite different. I used my knowledge about HV internals and created a simpler exploit for stage2 and stage3.

I didn’t use second VAS like Geohot. I used lv1_undocumented_function_114 and lv1_undocumented_function_115 to exploit HV after i got a dangling HTAB entry

I will make everything public very soon and i plan to dump HV 3.41 in the next days

Happy new year guys
—End Quote—
we are still yet to know if any hardware is required i have already asked him this, but i think it is not!

Source PSX SCENE

[Emulator] Mednafen PS3 Updated – Revision 157

Posted by GregoryRasputin , on 26/12/2010 , @ 11:49am

facanferff has compiled a new version of RoboHobo’s Mednafen PS3 to revision 157, here is what is new on the latest revision, as well as some past revisions:

Revision 157:
- Fix rebuild all switch, add note about vbam in BUILDING_NOTES.TXT

Revision 151-156:
- Begin finalizing new browser
- Bookmarks can point to ftp now
- Basic error handling in file browser, Force disable of filesys.samedir settings, sorry (if you had them enabled you need to move all saves to the folders in /dev_hdd0/game/MDFN90002/USRDIR/mednafen/)
- Bug fixes
- Some bug fixes
- Updated build scheme

Revision 146-150:
- Circle now exits IconGrid
- Tune down optimizations in system-l1ght, begin to refactor file browser
- Fix FTP credentials
- Quick FTP fix (OSX FTP sharing works now)
- Even more FTP fixes

To Download, visit the official thread here

[RUMOR] New SLIM Model – Downgrade ineffective

Posted by PS3Hax Member News , on 26/12/2010 , @ 06:15am

Hi,

It seems Sony has started packaging new slim units that are downgarder resistant
This is what Logic Sunrise states in their article here:
http://playstation-3.logic-sunrise.c…-ps3-slim.html

To quote:

Sources said Sony would put on the market in new PS3 Slim version 3.50. These have the special boarding this firmware a new anti-downgrade.

Indeed, some new PS3 buyers who intended to spend at or below 3.41 with the downgrade have been unpleasantly surprised to discover that this was not possible.

There is currently no way of knowing where these consoles have been shipped, or even to know in advance if the PS3 sold currently are protected or not.

The only advice we can give you is to check the serial number of the consoles. Tested all the consoles and downgraded included the notion CECH, so logically consoles should have unprotected 25xx-CECH CECH pushing the maximum-251x.

Again, this new version of PS3 Slim is a rumor, but enough for this LS you about it.

Source Dukio
Via Logic Sunrise

Rumor: PS3 “Phat” BluRay Compatability Restored

Posted by Pirate , on 25/12/2010 , @ 12:57pm

Well a great gift this morning to the PS3 scene, as arodd of PSX-Scene has managed to restore Bluray again to “Phat” PS3 models that were lost @ time of downgrade (the issue was the loss of the DRL1/DRL2 files when the PS3 was downgraded).

The current method, posted below, is a bit complicated and requires the knowledge of how to use a PC with BluRay reader and HEX editor. You can however expect an “newb friendly” tool in the future though.

To quote:

There is now a *hacky* method of doing a safe downgrade for users who don’t have the ability to do a backup of their drl files. This method can also be used to fix a ps3 with broken playback if you know the newest disc your ps3 has played.

If you go out and rent Inception(high mkb) and play this in your ps3 before downgrading this spreadsheet will be updated with the hex values of the DRL files to recover your blu ray playback.

https://spreadsheets.google.com/ccc?…en&output=html

I don’t have the DRL data from inception yet, but this is a good candidate as it has one of the higher mkb versions. Once I get it I will add it to the spreadsheet. Let’s say that The Dark Knight was the highest MKB version that your PS3 has seen, than the below data would be used to restore your playback.

We have found out that the mkb from the title that updated your drl files can be used to restore your playback completely. The MKB data is located inside BD://AACS/MKB_RO.inf; If you use a PC BD drive from windows, mac, linux, etc. You can extract this data. We are working towards a method of doing this from the PS3 directly, but so far it appears GAMEOS may be blocking this file.

If this file is opened in a hex editor the beginning of the file contains the Type and Version record…

ie: 10 00 00 0C 00 04(mkb version) 10 03 00 00 00 09 — The Dark Knight

Then the HRL is listed….

21 00 00 6C(record length) 00 00 00 07 00 00 00 07 00 09 FF FF 00 00 00 0B 00 00 FF FF 00 00 00 16 00 08 FF FF 00 00 00 21 00 03 FF FF 00 00 00 35 00 04 FF FF 00 00 00 4E 00 03 FF FF 00 00 00 54 00 03 FF FF 00 00 00 5E 2B 73 F1 7E 29 D4 04 7D 74 84 21 1E 3F 35 42 FE EB 3E B9 B1 63 B9 57 7D 86 AF F4 1A 02 A9 33 61 96 51 5A 67 0A 27 5C 8A — The Dark Knight

Following the HRL the actual DRL data begins.

20 00 00 34(record length) 00 00 00 00 00 00 00 00 44 8F F5 FA B4 79 A3 FD FC B9 92 01 35 5C 21 3B D9 8C D3 20 06 B0 76 B5 46 92 1E 46 52 16 EE A5 5D 1E 7B 2D 02 C7 6D 0A — The Dark Knight

Combining the Type and Version Record with the DRL data gives you the hex contents of the proper DRL1/DRL2 files if this disc was the highest mkb version your ps3 has seen. This is called a Partial MKB.

IE: 10 00 00 0C 00 04 10 03 00 00 00 09 20 00 00 34 00 00 00 00 00 00 00 00 44 8F F5 FA B4 79 A3 FD FC B9 92 01 35 5C 21 3B D9 8C D3 20 06 B0 76 B5 46 92 1E 46 52 16 EE A5 5D 1E 7B 2D 02 C7 6D 0A

The above hexed over your broken drl will restore your playback. This isn’t surefire if you’ve played another movie that is higher than inception or have updated your drl with a different movie that is the same mkb as inception. All in all you just need to know which newest disc you have played and that will give you the method to restore your playback.

FYI: Merry X-Mas! This is a gift to all! Thanks to HI3 for doing all of the leg work in understanding the different record types.

[VIA PSX-Scene]

UPDATE: I received the following PM earlier today:

I’ve been working with Hi3 and the rest of the crew at #ps3bluray on Efnet and it’s urgent that the story about bluray playback problem being solved be removed because the research is not even CLOSE to final and the person who released the information was not authorized to do so.

So its not finalized yet and you should proceed to do this at your own risk. According to hi3, “If the traitor system is triggered it could lead to drive/host revocation en-masse in the future.”

multiMAN 01.11.05 Updated – Added Experimental PS2 Backup Support

Posted by GregoryRasputin , on 23/12/2010 , @ 11:00am

deanrr is forever improving his awesome program for the PS3, the popular multiMAN, it does, PS3 backups, ftp, filemanager, images, hex reading, MP3′s and now he has added PS2 backup support, it is still in the experimental stage, but deanrr is on the way, to having a complete Media Center for the PS3:

01.11.05 –

* Fixed mount points reset on launch
* Added experimental support for PS2 game backups
* Other minor fixes

A quote from deanrr:

For those of you who wish to experiment with PS2 backups:

1) Proper category_game_tool2.xml required to enable PS2 disc icon in XMB/GAME column in jailbreak mode
2) Original PS2 game required
3) Original PS3 game required
4) PS2 backup extracted in one of the folders where multiMAN looks for games (usually with your PS3 backups)

1) Reboot your PS3 in JB mode
2) Put original PS3 disc
3) Launch multiMAN and mount your PS2 game backup
4) Replace the PS3 disc with original PS2 disc
5) PS2 disc icon should appear in GAMES column. Try to launch it.

Dean

EDIT
As it seems people will misunderstand the purpose of this, i would like to remind people that this is only for BC(Backwards Compatible) PS3 Consoles.

Source
Download

Gliitch’s Awesome XMB – Is Now Stable :D

Posted by PS3Hax Member News , on 23/12/2010 , @ 05:51am

I have been working away at this for a few days, and its a follow up to my Unstable version of my XMB. Well good news people, it is now fully usable.

As this is still my first proper release, its not by any means complete. No debug options enabled yet, but i think i have done pretty well. Thank you GregoryRasputin for helping me out.

Little hint, check out “About Game” from any Homebrew app.