TrueBlue and Cobra payload - Page 2 - PS3Hax Network

japsander · 02-17-2012

Originally Posted by Chris9191

not downloaded the files, too lazy

But are the payloads for other atmel devices?

2 files in the zip with a readme
PayloadLv2cobra.bin
PayloadLv2TrueBlue.bin

Originally Posted by readme

drag and drop payload in ida and load it in Binary file mode, Processor type PPC.Press "C" to convert in asm code.

gliitch · 02-17-2012

******* bums trueblue..thats why they removed the post ><

Cage · 02-17-2012

Originally Posted by Nateblitz16

ps3newz just deleted the thread..

Actually they just merged it with the bigger one related to DRM dongles.

These files are probably legit.

derako · 02-17-2012

so, how we dump lv2 and lv1 with trueblue working?

pereb27 · 02-17-2012

You probably also want appldr for True Blue.
Interesting nonetheless, hope you figure it out

spectlze · 02-17-2012

hopefully this will make for a free true blue and cobra alternative.

Cheesethief · 02-17-2012

Here's a mediafire mirror so you do not have to wait half an hour to start the download:
http://www.mediafire.com/?vpf113m30y5x4kh

I also made other mirrors in case this gets taken offline.

svenmullet · 02-17-2012

I wouldn't doubt if this is the dongle-killer right here; I just ordered a Cobra, should be here Tuesday

This is exactly what happened with the downgrade payload, I order an E3 cardreader from lightake, and it goes open source the next day. I wonder if I can return it for my money back (when it gets here) (if this does end up pwning the dongles)

euss · 02-17-2012

Thank you for reading wiki november updates

/sarcasm

startpost 18 februari 2012: I (aka shadoxi) figured out where is located the payload of Trueblue and cobra dongle. You can find it at offset @360 000 in lv2_kernel and 7f0000 in ps3 memory.

versus

wiki 17-25 november 2011:

lv2_kernel.self
http://pastie.org/private/onlbfdxjdtaddb9blu0sq

only 1 function change, and a section added
sub_28fe30 is replaced 1)
the new section is loaded at 0x80000000007f0000 (which is where those payloads are being loaded) lv2_kernel.bin (6.41 KB)

note 1) : * the 28fe30 function is replaced with OFW code during exploit execution (which is why it is OFW, when there is no dongle). That 28fe30 function mounts dev_flash, so they are in control before even dev_flash loads. When lv2 loads dev_flash, the exploit is triggered which, among the things it does, is replace the function with the proper one to mount dev_flash, then branchs to it and boot continues.

as to the rest:

<eussNL> let me translate it for you: ¨offset 0x1D, replace 36 1A 00 by 4C FC F0¨ -> fix bad SHT
<eussNL> and open lv2_kernel in IDA just like you normaly would
<eussNL> the rest is just the same as on wiki
<eussNL> nothing new I see
<eussNL> ¨create a modified TrueBlue Cfw with peek and poke syscall.¨ which is funny when you see it tests for that syscall and bricks the dongle

Originally Posted by JOshISPoser

[...] hopefully this leads somewhere quick so people can complain about something else

With the speed of how they read november wiki in februari, I would not be that hopefull

JOshISPoser · 02-17-2012

i bet they'll change their site saying no returns sven

hopefully this leads somewhere quick so people can complain about something else

02-17-2012	#12
gliitch Member Join Date: Aug 2008 Location: Nibelheim, Mako Reactor Posts: 839 Likes: 80 Liked 280 Times in 119 Posts Mentioned: 16 Post(s) Tagged: 0 Thread(s)	******* bums trueblue..thats why they removed the post >< __________________ Inventor of cool thingz - Gliitch's Awesome XMB, PS3 Bootup Soundz, Gliitch's Unbrick Tutorial aka RED SCREEN OF FAIL FIXERUPER JOBBIE. & Gliitch's MEGA AWESOME H0US3 WIRELESS SURROUND SOUND CONSOLE SYSTEM & WIRELESS MEGADRIVE :D

02-17-2012	#15
pereb27 Member Join Date: Sep 2011 Posts: 880 Likes: 152 Liked 277 Times in 189 Posts Mentioned: 52 Post(s) Tagged: 0 Thread(s)	You probably also want appldr for True Blue. Interesting nonetheless, hope you figure it out __________________ PS3 Slim CECH-3004A 160GB (500GB) PS2 Slim SCPH-70004 - FMCB 1.8b

02-17-2012	#17
Cheesethief Senior Member Join Date: Sep 2011 Posts: 1,788 Likes: 468 Liked 942 Times in 519 Posts Mentioned: 91 Post(s) Tagged: 0 Thread(s)	Here's a mediafire mirror so you do not have to wait half an hour to start the download: http://www.mediafire.com/?vpf113m30y5x4kh I also made other mirrors in case this gets taken offline. __________________

02-17-2012	#18
svenmullet Member Join Date: Jun 2011 Location: The Frozen North. Posts: 748 Likes: 503 Liked 707 Times in 312 Posts Mentioned: 82 Post(s) Tagged: 0 Thread(s)	I wouldn't doubt if this is the dongle-killer right here; I just ordered a Cobra, should be here Tuesday This is exactly what happened with the downgrade payload, I order an E3 cardreader from lightake, and it goes open source the next day. I wonder if I can return it for my money back (when it gets here) (if this does end up pwning the dongles) __________________ Twitter is stupid

		PS3Hax Network - Playstation 3 Hacks and Mods > PS3Hax > PS3 \| General Discussion
TrueBlue and Cobra payload

02-17-2012	#14
derako Member Join Date: Feb 2012 Posts: 69 Likes: 25 Liked 19 Times in 12 Posts Mentioned: 8 Post(s) Tagged: 0 Thread(s)	so, how we dump lv2 and lv1 with trueblue working?

02-17-2012	#16
spectlze Member Join Date: Oct 2011 Location: Puerto Rico Posts: 133 Likes: 102 Liked 25 Times in 20 Posts Mentioned: 11 Post(s) Tagged: 0 Thread(s)	hopefully this will make for a free true blue and cobra alternative.

02-17-2012	#20
JOshISPoser Join Date: May 2009 Location: in your pants Posts: 672 Likes: 134 Liked 171 Times in 120 Posts Mentioned: 14 Post(s) Tagged: 0 Thread(s)	i bet they'll change their site saying no returns sven hopefully this leads somewhere quick so people can complain about something else

User Name		Remember Me?
Password