• Homebrew, PS3 Hacks, Software , 06.10.2012

    PS3 Homebrew Developer flatz has released two new homebrew applications for the PS3,  Disc Key Dumper and Klicensee Dumper, here is information from the ReadMe.

     

    Disc Key Dumper

     

    Requirements:
    - 3.55 CFW (e.g. Kmeaw)
    - MultiMAN or original dev_blind application and FTP client

    1. Install `Data Dumper` (data_dumper.pkg) if you didn’t installed it before.
    It is a homebrew application to dump a data from some LV2 memory to a file: /dev_hdd0/tmp/dumps.bin
    A data which stored there is written by dumper loaders, e.g. by Disc Key Dumper.

    2. Install `Disc Key Dumper Loader` (disc_key_dumper_loader.pkg).
    It stores a disc key if your game is not a PSN/SEN game.

    3. Reboot a console to clear a data storage in LV2 memory.

    4. Now you need to start `Disc Key Dumper Loader`, then start your game.

    5. After exiting from the game you need to run `Data Dumper`, you will hear some beeps.

    6. Then run any FTP client (e.g. builtin in MultiMAN) and download a dumped disc key from /dev_hdd0/tmp/dumps.bin.

     

    Klicensee Dumper

    A klicensee is specified by developer of the game.
    Usually it is stored in EBOOT.ELF and you can find it in a disassembler or by brute forcing a key along with a NPD header.
    But in some cases this key is not stored in a plaintext format and can be annoying to analyze a game’s executable.
    That’s why I had created this dumper.

    Requirements:
    - 3.55 CFW (e.g. Kmeaw)
    - MultiMAN or original dev_blind application and FTP client

    1. Install `Data Dumper` (data_dumper.pkg) if you didn’t installed it before.
    It is a homebrew application to dump a data from some LV2 memory to a file: /dev_hdd0/tmp/dumps.bin
    A data which stored there is written by dumper loaders, e.g. by Klicensee Dumper.

    2. Install `Klicensee Dumper Loader` (klicensee_dumper_loader.pkg).
    It stores a file path to self/sprx/edat and a klicensee key if it is specified.

    3. Now you need to replace original `libsysutil_np.sprx`. I use a dev_blind feature from MultiMAN, you can use any other way. Don’t forget to backup original file.

    4. Reboot a console to clear a data storage in LV2 memory.

    5. Now you need to start `Klicensee Dumper Loader`, then start your game.

    6. After exiting from the game you need to run `Data Dumper`, you will hear some beeps.

    7. Then run any FTP client (e.g. builtin in MultiMAN) and download dumped klicensee keys from /dev_hdd0/tmp/dumps.bin.

    8. Restore an original `libsysutil_np.sprx` using the same method as at step 3.

     

    Download Disc Key Dumper

    Download Klicensee Dumper

     

    flatz has stated here, that the Disc Key Dumper will be useful for a new tool he is releasing, that will let you decrypt/encrypt Game Saves and resign them for your console.

     

    Source flatz Twitter

    FOLLOW flatz ON TWITTER(Click)

    Discuss in Forums (22)


  • 22 Comments

    1. flatz
      10-06-2012
      05:14 AM
      1

      One of dumpers is an alternative to klicensee bruteforcer which released before because some klicensee keys cannot be bruteforced. Klicensee is used to resign/decrypt/encrypt self/sprx/edat.

    2. DEFAULTDNB
      10-06-2012
      05:20 AM
      2

      Awesome work [MENTION=209887]flatz[/MENTION]

    3. flatz
      10-06-2012
      05:22 AM
      3

      As for the other dumper (for a disc key), I'm writing a tool to decrypt/encrypt saves and resign them for your console if you want to use a save from another console. I will release a tool soon when it will be completed.

    4. kiwitothemax
      10-06-2012
      05:22 AM
      4

      Disk key dumper sounds interesting

    5. flatz
      10-06-2012
      05:32 AM
      5

      Originally Posted by kiwitothemax
      Disk key dumper sounds interesting
      Hehe, it sounds more interesting than it actually is :D It is just one of keys which used in save game signature file.

    6. xxmcvapourxx
      10-06-2012
      05:34 AM
      6

      Originally Posted by flatz
      One of dumpers is an alternative to klicensee bruteforcer which released before because some klicensee keys cannot be bruteforced. Klicensee is used to resign/decrypt/encrypt self/sprx/edat.
      Question Flat_z could this be used to update the sprx decryption pkg which nobody manage to finish it be amazing to look at

    7. GregoryRasputin
      10-06-2012
      05:36 AM
      7

      PS3 Homebrew Developerflatzhas released two n... [Read More]

    8. flatz
      10-06-2012
      05:37 AM
      8

      Originally Posted by xxmcvapourxx
      Question Flat_z could this be used to update the sprx decryption pkg which nobody manage to finish it be amazing to look at
      Can you explain what problems are you experienced?

    9. H3avyRa1n
      10-06-2012
      05:51 AM
      9

      awesome work [MENTION=209887]flatz[/MENTION]

    10. uncharted angel
      10-06-2012
      06:14 AM
      10

      thanks a lot flatz
      nice work

    11. sandungas
      10-06-2012
      06:28 AM
      11

      Originally Posted by flatz
      Hehe, it sounds more interesting than it actually is :D It is just one of keys which used in save game signature file.
      Lol, this one was pretty good hidden, im glad to see how PARAM.PFD puzzle is solved

    12. MRDOTB
      10-06-2012
      07:34 AM
      12

      Originally Posted by flatz
      As for the other dumper (for a disc key), I'm writing a tool to decrypt/encrypt saves and resign them for your console if you want to use a save from another console.

      (...)

      It is just one of keys which used in save game signature file.
      Are you talking about PARAM.PFD? I'm waiting for such app for ages. Thanks.

      It could be possible to remove Copy Prohibited atrribute from PARAM.SFO and still having vaild save (editing Demon's Souls PARAM.SFO cause XMB reject it)?

      - - -

      p&p is needed? As I understand for klic dmp yes because there's some files to be replaced in flash but what about disc key dmp? If not it will work on DEX?

    13. flatz
      10-06-2012
      07:39 AM
      13

      Originally Posted by MRDOTB
      Are you talking about PARAM.PFD? I'm waiting for such app for ages. Thanks.

      It could be possible to remove Copy Prohibited atrribute from PARAM.SFO and still having vaild save (editing PARAM.SFO not work for i.e Demon's Souls)?
      Yes, i'm about PARAM.PFD.
      Generally speaking you don't need to remove this attribute You will be able to resign save files so PS3 will think that they was created on your console. And yes, with this feature you will be able to use saves for any game and on any firmware, even on OFW.

    14. MRDOTB
      10-06-2012
      07:44 AM
      14

      Originally Posted by flatz
      Generally speaking you don't need to remove this attribute
      Mhm, I feel that something I don't understand. As I know, XMB recognize if save could be copied or not only (?) by this attribute in *.sfo. I'm wrong?

      And now you say it's not needed. I'm confused.

    15. sandungas
      10-06-2012
      09:34 AM
      15

      Originally Posted by MRDOTB
      Mhm, I feel that something I don't understand. As I know, XMB recognize if save could be copied or not only (?) by this attribute in *.sfo. I'm wrong?

      And now you say it's not needed. I'm confused.
      If you want to import the save in another ps3 with official firmware i imagine is needed to remove the "copy protected" attribute

      But for a ps3 with cfw you can just copy the folder in the internall hdd manually (still protected)
      If you remove the copy protection.... maybe is added in the next save (when the files are updated by the game)

    16. MRDOTB
      10-06-2012
      11:50 AM
      16

      Originally Posted by sandungas
      If you want to import the save in another ps3 with official firmware i imagine is needed to remove the "copy protected" attribute
      And this is why I asked.

      But for a ps3 with cfw you can just copy the folder in the internall hdd manually (still protected)
      If you remove the copy protection.... maybe is added in the next save (when the files are updated by the game)
      This is obvious for me. Long ago first thing which I did after installing gh CFW was copy my precious saves (and trophies, BTW: I'm curious if PFD in trophies are the same).

      Yes, this is highly probable but I asked because of below scenario:
      copy 'Copy Prohibited' save from DEX CFW >> unlock it >> copy it to CEX OFW. In this case we could have the best method to restore CP saves on different mobo on OFW (because from system backup such saves are not restoring).


      Also this application will throw out from business Xploder app which this situation is twice awesome for me. :D

    17. nzie
      10-06-2012
      12:18 PM
      17

      Thanks [MENTION=209887]flatz[/MENTION]

    18. Ada Love Lace
      10-06-2012
      08:44 PM
      18

      [MENTION=209887]flatz[/MENTION],
      thanks you for the apps,
      i tried the Disc Keys Dumper and i was not able to get the dumps.bin
      I might have miss something, either from the way of using your homebrew (i tried as: 1-load your homewbrew, 2-game, 3-load again but no beep)

      i tried different games and different things (load save, overwrite save, create new save) but was not able to get the beep (and so no files)
      There are may be something related to the FW i used (this ps3 is FW 3.55 rebug but i can try in other) or the games i tried (Meruru Atelier most of the time, also Valkyria Chronicle and other so no psn games) or the way to launch the games (back up manager)?

      So basically, every time i run the disc key dumper, there are only black screen for fews seconds and after back to xmb.

      thanks you for your apps and good luck for this param.pfd hunt.

    19. flatz
      10-07-2012
      02:47 AM
      19

      Thank you for testing! I think you're right, assuming that this is due to the firmware. It will be nice if you'll test it on a different firmware (not a Rebug). If I have time today, I'll try to test it on the Rebug firmware too.

    20. Ada Love Lace
      10-07-2012
      12:47 PM
      20

      Oh...i think i know my (stupid) mistake ...i ll try in couple of hours (and now with Kweam and after with Rebug so you don t need to test this FW i ll do) sorry for the inconvenience. Dump for dumb people like me ( i feel really stupid now because forgot dump data pkg and only used disc key dumper)

      edit: somewhere else i saw it ( i though it was other homebrew and though it was different homebrew for localized dump but i think i got it now)

    21. Isleofdoom
      10-07-2012
      04:26 PM
      21

      This is kinda funny bein released with the new cfw bein released that we are getting this tool for games. Methods of dumping keys for games. Could be a major draw back for the creators of this new fw.

    22. Ada Love Lace
      10-07-2012
      05:39 PM
      22

      [MENTION=209887]flatz[/MENTION],
      Everything is fine now, i tested quickly with Data dumper and i got the file( tested with Ni no Kuni but gonna do for others games also)

      I was really stupid to miss the data dumper (i can post here link for this pkg but i don t know if you prefer to have your own link)
      Will test more and report here (other FW etc...)
      Thanks you a lot.

      Edit: i understand (really little) what and why this tool do now.
      Tested with rebug 3.55.2 also and working. Thanks you for it and if possible future for this tool.
      If you need more test to short cut your time, i m here