• Is our situation not dismal? Wonderland is so discombobulated that lady bugs have turned belligerent and enlisted in the queen's army! PUNISH THEIR CONVERSION!

    Is our situation not dismal? Wonderland is so discombobulated that lady bugs have turned belligerent and enlisted in the queen's army! PUNISH THEIR CONVERSION!

    User @munky875821417 today made a thread about a key that was released on Wiki Talk Page. (Ps3devwiki) by Nas_Plugi.

    To quote:

    PSISOIMG0000

    Public key: 948DA13E8CAFD5BA0E90CE434461BB327FE7E080475EAA0AD3AD4F5B6247A7FDA86DF69790196773
    Curve type: 2 (vsh)

    They say that curiosity killed the cat…and @GregoryRasputin found this.
    User Tommydanger member of lan.st started some research about PSX Eboots:

    Hi
    I thought I would share my findings about the PSX Eboots. (official ones )
    It’s by far not complete, there is still many unknown. (atleast to me :P )
    (I haven’t found a place with a proper discussion about it yet :/ )
    But I hope with the help of others we are able to reverse engineer the format much quicker

    Feel free to correct me If I got something wrong

    keys.bin
    16 Byte file with the “keys” required to run the game?
    If you try to run the game without the keys.bin present it gives you CA000005 error on 3.02 OE-B. I don’t know if this is a custom error code from Dax?!
    Used for XOR encryption -> memory card?!

    document.dat
    According to Dax bunch of pngs which hold the manual
    Encrypted

    Infact if you try to enter the manual with no document.dat present, it states that there is no user manual.
    You can however switch document.dat, it doesn’t seem to be tied to the eboot (I could open Cool Boarders 2 manual even though I was playing Hot Shots Golf )

    16 byte header which is the same on every document.dat.
    Starting with magic key 0″PGD”, 0 Byte is followed by PGD
    followed by 2 4bytes which MSB is 1 and other 0 then followed by 4 0 Bytes to finish of the header.
    Quote:
    00 50 47 44 01 00 00 00 01 00 00 00 00 00 00 00
    Eboot.pbp
    Contains the compressed ISO image of the psx game.
    40Byte header, just like any other pbp.
    Contains offset to:
    -sfo
    -icon0 (icon you’ll see in the xmb)
    -pic0(semi transparent png which is always in front of pic1)
    -pic1(full res background)
    -psp
    -psar
    Psar offset points to
    “PSISOIMG0000″ followed by 4 Bytes of unknown purpose.
    (Maybe some offset?)
    16 bytes header, however only the last 4 bytes differ from eboot to eboot.
    Resident Evil Directors Cut [JP]
    Quote:
    50 53 49 53 4F 49 4D 47 30 30 30 30 00 B3 82 16
    Cool Boarders [US]
    Quote:
    50 53 49 53 4F 49 4D 47 30 30 30 30 C0 DD 7D 11
    Hot Shots Golf 2 [US]
    Quote:
    50 53 49 53 4F 49 4D 47 30 30 30 30 40 C2 F6 08
    Immediately after the PSISOIMG0000 header there are some 0 bytes, which size vary from eboot to eboot
    (Note, there are some 0 bytes before the PSISOIMG0000 label too)
    After the 0 bytes there’s a PGD header of unknown purpose

    At the very bottom of every PSX Eboot you can find a PNG image.
    (I still have to figure the offset to it out)
    This is simply the image you will see when you execute your PSX Eboot.
    On a non PSX Eboot you would see the gameboot.pmf.
    I think it can be changed without breaking the eboot.

    Then after the PNG image, theres another PGD header also of unkown purpose. After it -> EOF.
    (Maybe the 2 PGD files in it are responsible for the way the manual works.
    e.g When you browse through the manual and say exit it at page 15 and then you reenter the manual or reenter after you exited the game it’s still at page 15.
    I tested it on document.dat, leaving it on page 15 and then on page 20, nothing changed, file is still the same.
    So there must be some indicator that keeps track of which page you browsed the last, maybe these two PGD’s have something to do with it?!)

    Savegames
    It saves at ms0:/PSP/SAVEDATA/GAMEID
    param.sfo
    Ordinary param.sfo
    icon0.png
    Png which was extracted from the eboot
    config.bin
    Always 1024 bytes.
    Purpose yet to be revealed
    memcard1.dat/memcard2.dat
    Always 131104 bytes.
    Most likely imitates the playstation memory card file system
    Encrypted (xor keys.bin?!)

    Yeah that’s it for now, tell me what you think

    So far we have:

    • Nas_plugi found this key inside EMU not VSH.
    • It’s not DEX specific (or unique for DEX).
    • Common for al TargetID that has EMU.
    • It’s on its in ps1_netemu.self.elf and ps1_newemu.self.elf.
    • Key is STATIC.
    • Curvetype is INSIDE vsh.self not the key.

     

    What we can do with this?:

    Just wait and see what happens but is related to:

    • PS ONE emulation
    • PSX emulation
    • We don’t know what key was used to decrypt but since the KEY is static *could* be the same.

    ==========================================================

    Note: I will keep updating this until we reach something worth to the average user to understand, please don’t jump into conclusions if it’s COBRA pwned or something like that. It’s a research and a key posted on PS3DEVWIKI.

    [Source] :

    Nas_Plugi talk Page 

    Tommydanger’s:  Research about PSX Eboots

    ========================

    [Links of Interest] : 

    TargetID

    Emulation: Talk page

    PSISOIMG0000 key released on wiki

    ========================

    Regards

     

    Hellsing9

    P.s: Many THANKS to @euss for his time and patience.

     

    Discuss in Forums (30)


  • 30 Comments

    1. svenmullet
      09-16-2012
      06:55 PM
      1

      Does this mean Cobra features without a dongle?

    2. Hells Guardian
      09-16-2012
      07:04 PM
      2

      Oh now thats interesting!!!!!!!!!

    3. GregoryRasputin
      09-16-2012
      07:12 PM
      3

      This page was last modified on 13 December 2011, at 00:03.

      EDIT
      Never mind >.<

    4. falloutsux
      09-16-2012
      07:15 PM
      4

      what does this mean? its so bright and so vivid

    5. baargle
      09-16-2012
      07:23 PM
      5

      Originally Posted by svenmullet
      Does this mean Cobra features without a dongle?
      quick google has references to PS1 eboots....so at best, PS1 iso loading.

    6. GregoryRasputin
      09-16-2012
      07:23 PM
      6

      Im about to go to bed,not quite sure what this is, but here is some info i found, maybe [MENTION=186943]hellsing9[/MENTION] can write something about it

      Eboot.pbp
      Contains the compressed ISO image of the psx game.
      40Byte header, just like any other pbp.
      Contains offset to:
      -sfo
      -icon0 (icon you'll see in the xmb)
      -pic0(semi transparent png which is always in front of pic1)
      -pic1(full res background)
      -psp
      -psar
      Psar offset points to
      "PSISOIMG0000" followed by 4 Bytes of unknown purpose.
      (Maybe some offset?)
      16 bytes header, however only the last 4 bytes differ from eboot to eboot.
      Immediately after the PSISOIMG0000 header there are some 0 bytes, which size vary from eboot to eboot
      (Note, there are some 0 bytes before the PSISOIMG0000 label too)
      After the 0 bytes there's a PGD header of unknown purpose

      At the very bottom of every PSX Eboot you can find a PNG image.
      (I still have to figure the offset to it out)
      This is simply the image you will see when you execute your PSX Eboot.
      On a non PSX Eboot you would see the gameboot.pmf.
      I think it can be changed without breaking the eboot.
      Source

    7. tjhooker73
      09-16-2012
      07:26 PM
      7

      Oh more stuff to Wake the scene up

    8. GregoryRasputin
      09-16-2012
      07:27 PM
      8

      http://ps3devwiki.com/index.php?titl...0#PSISOIMG0000


      http://www.multiupload.co.uk/B5F336G4UF

      EDIT
      Forget the download, its been removed already (By the file hosting service)>.<

    9. baargle
      09-16-2012
      07:27 PM
      9

      Originally Posted by GregoryRasputin
      maybe [MENTION=186943]hellsing9[/MENTION] can write something about it


      ............

    10. JustThatDude
      09-16-2012
      07:30 PM
      10

      Omfg PS1 Iso loading without Cobra HYFR Thats how we take down these DRM companies one step at a time

    11. baargle
      09-16-2012
      07:41 PM
      11

      Originally Posted by JustThatDude
      Omfg PS1 Iso loading without Cobra HYFR Thats how we take down these DRM companies one step at a time
      Maybe it's just me but your post sounds like a line out of my fave 90s tv show fetish that none of my 11 year old peers knew I watched. - power rangers.

      Go get 'em guys.


      .....To stay on topic but to comment on your post, power rangers now is just plain awful. Well it was awful from around the 3rd season really and got worse from there, that was 15 years ago...Yep 2000s cartoons\kids tv...don't know what went wrong I think it's when the producers stopped crediting kids with have the brain cells needed to understand a story. I mean kids understood Snow White, Beauty and beast and what not years ago but suddenly they only have 3 second memories...so we'll just zap them with totally over the top zany characters with noses bigger than their feet and don't look either human or animal, coupled with 5 frames per second cheap animation produced in east Asia.

      Cheers tv studios....**** it's late. Shouldn't think out loud.

    12. JustThatDude
      09-16-2012
      07:46 PM
      12

      Originally Posted by baargle
      Maybe it's just me but your post sounds like a line out of my fave 90s tv show fetish that none of my 11 year old peers knew I watched. - power rangers.

      Go get 'em guys.
      Lol power rangers is so stupid now along with all these soap opra cartoons like bigtime rush. Cartoons are f*cking sh*t. Anyway back on topic it's probally because I was a 90's chilid.

    13. hellsing9
      09-16-2012
      07:50 PM
      13

      need to double check with *guru* i will rep back. [MENTION=7773]GregoryRasputin[/MENTION] xD

    14. JustThatDude
      09-16-2012
      08:07 PM
      14

      Originally Posted by baargle
      Maybe it's just me but your post sounds like a line out of my fave 90s tv show fetish that none of my 11 year old peers knew I watched. - power rangers.

      Go get 'em guys.


      .....To stay on topic but to comment on your post, power rangers now is just plain awful. Well it was awful from around the 3rd season really and got worse from there, that was 15 years ago...Yep 2000s cartoons\kids tv...don't know what went wrong I think it's when the producers stopped crediting kids with have the brain cells needed to understand a story. I mean kids understood Snow White, Beauty and beast and what not years ago but suddenly they only have 3 second memories...so we'll just zap them with totally over the top zany characters with noses bigger than their feet and don't look either human or animal, coupled with 5 frames per second cheap animation produced in east Asia.

      Cheers tv studios....**** it's late. Shouldn't think out loud.
      Kids this century get everything handed to them I wish everyone got to grow up like how we got to in the 90's I'm 15 so I was born in 97 but I was still treated the way without all these technologic advancements Now all these 3 to 12 year olds want is the latest iPhone or the next biggest thing. I f*cking hate it and TBH when I have kids the first thing they get will be a Gameboy Color with that one cable to connect to another to play "online". All these kids need to be grateful for what they get and not be little b*tches complaining that they don't have the newest bestest thing out. F*ck the kids growing up in this generation.

    15. TheWhiteTyger
      09-16-2012
      08:13 PM
      15

      Originally Posted by JustThatDude
      Kids this century get everything handed to them I wish everyone got to grow up like how we got to in the 90's I'm 15 so I was born in 97 but I was still treated the way without all these technologic advancements Now all these 3 to 12 year olds want is the latest iPhone or the next biggest thing. I f*cking hate it and TBH when I have kids the first thing they get will be a Gameboy Color with that one cable to connect to another to play "online". All these kids need to be grateful for what they get and not be little b*tches complaining that they don't have the newest bestest thing out. F*ck the kids growing up in this generation.
      I have to add my two cents. I agree, but I'm older school so I will start my little girl out with good ol 8-bit NES emulators and progress up like I did so she will appreciate the games of yester-decade.

      My nephew is 7, has many games and is always indecisive about what to play, and only plays them for like 10 mins.

    16. zebular
      09-16-2012
      09:47 PM
      16

      So what are we talking about here? Possibly running psx game isos without the need of a psx disc?

    17. hellsing9
      09-16-2012
      10:11 PM
      17

      Originally Posted by zebular
      So what are we talking about here? Possibly running psx game isos without the need of a psx disc?
      I don't think so, better wait and hold this info and see what happens next.

    18. Pingoo
      09-17-2012
      01:43 AM
      18

      Nothing really came out of that HDD decryption thing a few days ago. I doubt anything will come out of this either. Will love to be proved wrong.

    19. zecoxao
      09-17-2012
      01:57 AM
      19

      there's a reference to PSISOIMG0000 inside decrypted ISO.BIN.EDAT of my ff7.
      Offset 0x100400

    20. hellsing9
      09-17-2012
      02:08 AM
      20

      I don't get my hopes up neither...but we never know.

    21. DEFAULTDNB
      09-17-2012
      02:15 AM
      21

      Sounds promising.

    22. falloutsux
      09-17-2012
      02:23 AM
      22

      i sure hope someone does something with files

      i haven't uploaded in days, im wasting a lot of paid services...

    23. JustThatDude
      09-17-2012
      02:23 AM
      23

      Originally Posted by Pingoo
      Nothing really came out of that HDD decryption thing a few days ago. I doubt anything will come out of this either. Will love to be proved wrong.
      Nothing has come out of it yet. Its quite useful to decrypt a HDD because you can take all your stuff and transfer it to your pc then transfer it back to a HDD and encrypt it

    24. sandungas
      09-17-2012
      07:03 AM
      24

      Originally Posted by zecoxao
      there's a reference to PSISOIMG0000 inside decrypted ISO.BIN.EDAT of my ff7.
      Offset 0x100400
      One for each disc, as i explained here
      http://www.ps3devwiki.com/wiki/Iso.bin.edat

    25. Ada Love Lace
      09-17-2012
      07:59 AM
      25

      It s a really nice post , resume lot of different file (and some file having the same name but different in encryption and use).
      I ll try to give some details:
      For eboot.pbp from Tommydanger:
      Keys.bin is required when it s on psp and need at least LCFW. It s probably unique per user account and per game, meaning the keys.bin for FF7 US will not work with the FF7 UE.
      It s not really important because either you can run the game as iso (and so, the need of keys.bin is patched, and this way of patching have changed according to the cfw on psp, but to resume the same key.bin, originally for hot shot golf, was used for others games)
      This file is not required on PS3 but can be added on the folder CONTENT if you want to prepare your ps1 game to be exported (ps3 to psp copy ) or added later on PSP directly.

      The iso bin edat can be see as more secure equivalent of this keys.bin file but on PS3.

      Document.dat (manual of the game) as already said, it s not tied to the eboot.pbp but to the type of it (so document.dat for ps1 don t work on MINIS, and MINIS document.dat might have 2 different versions with the pgd algo)

      Manual of the game will also appear in different way, since PS1 game don t have xmb in game. Minis s manual will appear when you press home button ( you can trigger this on other hdd game category by changing your psn game to MN on param.sfo...but manual will not load)

      The idea is to use this xmb function (as described, bunch of png read by the "pdf viewer" of ps3) on homebrew/ps3 games and to have custom manual.

      Config.bin is probably use to load the number disc according to the save data (when you start one game directly at disc 2)

      Save games on ps3/psp are not completely documented on the ps3 wiki but it s not really important because we can do without the missing part (the only really important part will be on header of .psv so you can use modified save data on higher ofw)

      The other part of the article "so far we have" is not something i can understand (or only the fact the key is static)

      The last part, "What we can do with this?:" if we have more advance, i m sure lot of tools/homebrews will be ready to use from other scene (yaroze or psp)
      May be one thing is to post on the wiki decrypted iso bin edat if you have them.

      Team N0drm also is not so far, according to them "no thanks to you leeches we got around the need for that SDK update and pwned latest EDAT format! "...MINIS2.edat being used recently for psp remastered.

      edit: to resume, keys.bin (and i suspect the value can be also on iso.bin edat but will ask [MENTION=202964]sandungas[/MENTION] about it), eboot.pbp format, document.dat, config.bin are less or more documented, even the pgd algo) and not really important, even this new key for PSISOIMG0000 might not be so important. The .edat file is probably more important (and so, the need of tools and example)
      But the part "what we know so far" and the focus on ps1 game by some advance user is really promising (and in same area, i remember cobra s user saying final fantasy crisis core working).
      (sorry my post might look even more confuse now)

      edit2:
      about keys.bin, i might be wrong about the part of unique per user account after thinking ( well, it s trivial and easy to check if you already purchased ps1 game)
      For minis and export, i don t know how to make it working.
      The export function is easy to trigger, but there are fews checks on 3.55 and Sony might have change it and make it much more secure on higher FW.
      The interesting part of export will be for someone with PS VITA and PP category. Also during test for vbhl, irrc, some users were doing it with that function but have encounter some issue.


      Here some example for keys.bin for research intended (edit: id of the game mentioned for avoid INTERNET research but it s not what make keys.bin really match );
      [SPOILER]
      Chronos Cross SLUS01041:
      56 88 57 C6 70 2D 42 2B 3A FA 8C B3 F1 1B 06 DC

      Final Fantasy 7 SCES00868:
      6A B9 09 C8 4D 2B A2 CA CA FD 07 7A 5F BD A0 5C

      Final Fantasy 8 SLUS00892:
      D3 47 EF 28 17 6F 6C 58 90 DF 5E 22 75 BD B1 E2

      Metal Gear Solid SLUS00594:
      E1 79 13 B7 37 22 F7 AF 80 E2 04 4E 5A 6E E3 7E

      Legend of Mana SLUS01013 :
      E2 ED 4D C0 D3 F2 50 BC BC 15 D9 37 47 70 B6 02

      [/SPOILER]
      About config, the little i understand , it s like SYSTEM.CNF on original PS1 games.

    26. TheWhiteTyger
      09-17-2012
      01:19 PM
      26

      Thanks for the insight, in time all good things, eh?

    27. advocatusdiaboli
      09-17-2012
      09:10 PM
      27

      PS1 eboot? Is there one for No Fear Downhill Mountain Biking?

    28. hellsing9
      09-18-2012
      12:47 AM
      28

      Tommydanger really done a neat job with that research.

    29. Ada Love Lace
      09-18-2012
      01:21 AM
      29

      Originally Posted by hellsing9
      Tommydanger really done a neat job with that research.
      well, i was going to say it was already on the wiki but after checking the link on the new and see the date...2006... i might not say anything.

    30. hellsing9
      09-18-2012
      02:45 AM
      30



      [spoiler]
      Riddle me this, riddle me that...
      [/spoiler]