|
|
04-10-2012
|
#41 |
|
Member
 Join Date: Dec 2011
Posts: 360
Likes: 235
Liked 857 Times in 185 Posts
Mentioned: 188 Post(s)
Tagged: 0 Thread(s)
|
so here some news for you.
There have always been problems debugging SPU elf files, since there are almost no debugger know to do this, ecxept really slow terminal and anergistic. wicth is almost impossiple to use.. and its in the spu files, the goodie stuff is. normally in exampel ida pro, you could open spu, but not debugg them, so almost useless. you have to find the software, yourself but this little command in linux or cygwin appldr.elf(SPU FILE) Code:
spu_elf-to-ppu_obj.exe --strip-mode=none --writable appldr.elf appldrppc.elf Code:
$ spu_elf-to-ppu_obj.exe --strip-mode=none --writable isoldr.elf elfisoldr8.elf it turns the appldr into PPC insteed of SPU. Code:
zadow @zadow -PC ~/ann $ spu-lv2-readelf -a appldrppc.elf ELF-hoved: Magi: 7f 45 4c 46 02 02 01 66 00 00 00 00 00 00 00 00 Klasse: ELF64 Data: 2-komplement, big endian Version: 1 (current) OS/ABI: CellOS Lv-2 ABI-version: 0 Type: REL (relok▒rbar fil) Maskine: PowerPC64 Version: 0x1 Indgangsodresse: 0x0 Start for programhoveder: 0 (byte inde i filen) Start for sektionshoveder: 128528 (byte inde i filen) Flag: 0x1000000 Dette hoveds st▒rrelse: 64 (byte) Programhovedernes st▒rrelse: 0 (byte) Antal programhoveder: 0 Sektionshovedernes st▒rrelse: 64 (byte) Antal sektionshoveder: 10 Sektionshovedets strengtabelsindeks: 7 Now we can debuggug into Memory, and find those hidden goddies this is some of the string from the RAM from isoldr.elf in memory Code:
RAM:00141660 00000005 C D$\bv
RAM:00141682 00000005 C D$\be
RAM:001416A4 00000005 C D$\b{
RAM:001416C6 00000005 C D$\b}
RAM:00141792 00000005 C D$\b\b
RAM:00142DB0 0000002F C __new__ takes at most one positional parameter
RAM:00142DE0 00000023 C variant_level must be non-negative
RAM:00142E04 0000004D C The number of nested variants wrapping the real data. 0 if not in a variant.
RAM:00142E51 0000001A C %s(%s, variant_level=%ld)
RAM:00142E6B 00000007 C %s(%s)
RAM:00142E72 00000015 C __dbus_object_path__
RAM:00142E87 0000000E C variant_level
RAM:00142E95 0000001E C attribute name must be string
RAM:00142EB3 00000018 C _dbus_bindings._IntBase
RAM:00142ECB 0000001A C _dbus_bindings._FloatBase
RAM:00142EE5 00000018 C _dbus_bindings._StrBase
RAM:00142EFD 00000019 C _dbus_bindings._LongBase
RAM:00142F16 00000012 C s:set_unique_name
RAM:00142F28 0000000B C self->conn
RAM:00142F37 00000014 C Unknown bus type %d
RAM:00142F4B 00000010 C address_or_type
RAM:00142F5B 00000009 C mainloop
RAM:00142F64 00000030 C This connection already has a unique name: '%s'
RAM:00142F94 00000027 C This connection has no unique name yet
RAM:00142FBC 00000034 C A string address or an integer bus type is required
RAM:00142FF0 0000003C C Byte constructor takes no more than one positional argument
RAM:0014302C 0000003C C Expected a string of length 1, or an int in the range 0-255
RAM:0014306C 0000001C C Integer outside range 0-255
RAM:00143088 0000000A C dbus.Byte
RAM:00143092 0000000F C dbus.ByteArray
RAM:001430A5 0000001E C A dbus.Connection is required
RAM:001430C3 0000001A C _dbus_bindings.Connection
RAM:001430DD 00000008 C address
RAM:001430E8 00000054 C Newly created D-Bus connection already has a Connection instance associated with it
RAM:0014313C 00000048 C D-Bus connection does not have a Connection instance associated with it
RAM:00143184 00000055 C Return from D-Bus message handler callback should be None, NotImplemented or integer
RAM:001431DC 00000068 C Integer return from D-Bus message handler callback should be a DBUS_HANDLER_RESULT_... constant, not %d
RAM:00143244 00000035 C Connection is in an invalid state: no DBusConnection
RAM:00143279 0000001A C O:_unregister_object_path
RAM:00143293 00000011 C Timeout too long
RAM:001432A4 0000001E C OO|fi:send_message_with_reply
RAM:001432C2 00000007 C remove
RAM:001432C9 0000001C C OO|Oi:_register_object_path
RAM:001432E5 00000005 C (OO)
RAM:001432EA 00000019 C i:set_exit_on_disconnect
RAM:00143303 00000013 C _require_main_loop
RAM:00143316 00000006 C close
RAM:0014331C 00000006 C flush
RAM:00143322 00000011 C get_is_connected
RAM:00143333 00000015 C get_is_authenticated
RAM:00143348 0000000C C get_unix_fd
RAM:00143354 00000013 C get_peer_unix_user
RAM:00143367 00000019 C get_peer_unix_process_id
RAM:00143380 00000013 C add_message_filter
RAM:00143393 00000016 C remove_message_filter
RAM:001433A9 0000000D C send_message
RAM:001433B6 0000001C C list_exported_child_objects
RAM:001433D2 0000000D C _new_for_bus
RAM:001433DF 00000010 C get_unique_name
RAM:001433F3 0000000E C reply_handler
RAM:00143401 0000000A C timeout_s
RAM:0014340B 0000000B C on_message
RAM:00143416 0000000E C on_unregister
RAM:00143424 00000009 C fallback
RAM:00143430 000000C7 C To make asynchronous calls, receive signals or export objects, D-Bus connections must be attached to a main loop by passing mainloop=... to the constructor or calling dbus.set_default_main_loop(...)
RAM:001434F8 00000025 C path must be a str or unicode object
RAM:00143520 0000004C C Can't unregister the object-path handler for '%s': there is no such handler
RAM:0014356C 00000026 C O|f:send_message_with_reply_and_block
RAM:00143594 00000038 C Connection is disconnected - unable to make method call
RAM:001435CC 0000004C C Can't register the object-path handler for '%s': there is already a handler
RAM:00143624 00000033 C Mb@A__new__ takes exactly one positional parameter
RAM:00143658 0000001F C D-Bus structs may not be empty
RAM:00143678 00000028 C %s(%s, signature=%s, variant_level=%ld)
RAM:001436A0 00000042 C The key type in a Dictionary's signature must be a primitive type
RAM:001436E4 0000004F C There must be exactly two complete types in a Dictionary's signature parameter
RAM:00143734 0000004A C There must be exactly one complete type in an Array's signature parameter
RAM:00143780 00000049 C The D-Bus signature of each element of this Array (a Signature instance)
RAM:001437CC 00000080 C The D-Bus signature of each key in this Dictionary, followed by that of each value in this Dictionary, as a Signature instance.
RAM:0014384C 0000000C C |Ol:__new__
RAM:00143858 00000015 C %s(%s, signature=%s)
RAM:0014386D 0000000E C |OOO:__init__
RAM:0014387B 0000000B C dbus.Array
RAM:00143886 00000010 C dbus.Dictionary
RAM:00143896 0000000C C dbus.Struct
RAM:001438A2 00000014 C mapping_or_iterable
RAM:001438B6 00000010 C dbus.exceptions
RAM:001438C6 0000000E C DBusException
RAM:001438D4 00000011 C _dbus_error_name
RAM:001438E5 0000000C C dbus.Double
RAM:001438F1 00000014 C Object is immutable
RAM:00143908 00000027 C Instances of this type are not ordered
RAM:00143933 00000005 C True
RAM:00143938 00000006 C False
RAM:0014393E 0000000D C dbus.Boolean
RAM:0014394B 0000000B C dbus.Int16
RAM:00143956 0000000C C dbus.UInt16
RAM:00143962 0000000B C dbus.Int32
RAM:0014396D 0000000C C dbus.UInt32
RAM:00143979 0000000B C dbus.Int64
RAM:00143984 0000000C C dbus.UInt64
RAM:00143990 00000021 C Value %d out of range for UInt16
RAM:001439B4 00000020 C Value %d out of range for Int16
RAM:001439D4 00000022 C Timeout object is no longer valid
RAM:001439F8 00000034 C A dbus.mainloop.NativeMainLoop instance is required
RAM:00143A2C 0000001C C FD watch is no longer valid
RAM:00143A4A 0000000F C NULL_MAIN_LOOP
RAM:00143A59 00000015 C _dbus_bindings.Watch
RAM:00143A6E 00000017 C _dbus_bindings.Timeout
RAM:00143A85 0000001D C dbus.mainloop.NativeMainLoop
RAM:00143AA2 00000007 C fileno
RAM:00143AA9 0000000A C get_flags
RAM:00143AB3 00000007 C handle
RAM:00143ABA 0000000C C get_enabled
RAM:00143AC6 0000000D C get_interval
RAM:00143AD4 00000026 C __dbus_object_path__ must be a string
RAM:00143AFC 0000003C C String parameters to be sent over D-Bus must be valid UTF-8
RAM:00143B38 00000024 C Expected a string or unicode object
RAM:00143B5C 0000002D C Unable to guess signature from an empty list
RAM:00143B8C 0000002D C Unable to guess signature from an empty dict
RAM:00143BBC 0000003B C Don't know how which D-Bus type to use to encode type \"%s\"
RAM:00143BF8 00000047 C More items found in struct's D-Bus signature than in Python arguments
RAM:00143C40 00000037 C Expected a string of length 1 byte, but found %d bytes
RAM:00143C78 00000022 C %d outside range for a byte value
RAM:00143C9C 0000003E C Fewer items found in D-Bus signature than in Python arguments
RAM:00143CDC 00000027 C Unknown type '\\x%x' in D-Bus signature
RAM:00143D04 00000046 C Internal error: _signature_string_from_pyobject returned a bad result
RAM:00143D4C 0000003D C More items found in D-Bus signature than in Python arguments
RAM:00143D8A 0000000A unicode bqxuD
RAM:00143D94 0000001D C -Bus structs cannot be empty
RAM:00143DB3 00000005 C join
RAM:00143DBA 00000006 C a{%s}
RAM:00143DC0 00000008 C a{%s%s}
RAM:00143DC8 00000011 C message-append.c
RAM:00143DDD 00000005 C (s#)
RAM:00143DE2 0000000A C |z:append
RAM:00143DEC 00000017 C Corrupt type signature
RAM:00143FEC 00000012 C MethodCallMessage
RAM:00143FFE 00000014 C MethodReturnMessage
RAM:00144012 0000000D C sss:__init__
RAM:0014401F 0000000E C O!sz:__init__
RAM:0014402D 0000000C C O!:__init__
RAM:00144039 0000000E C zszs:__init__
RAM:00144047 00000011 C z:set_error_name
RAM:00144058 00000010 C z:set_interface
RAM:00144068 00000010 C z:has_interface
RAM:00144078 00000012 C z:set_destination
RAM:0014408A 00000012 C s:has_destination
RAM:0014409C 0000000D C z:set_sender
RAM:001440A9 0000000D C s:has_sender
RAM:001440B6 00000010 C s:has_signature
RAM:001440C6 0000000B C z:set_path
RAM:001440D1 0000000B C z:has_path
RAM:001440DC 0000000D C z:set_member
RAM:001440E9 0000000D C z:has_member
RAM:001440F6 0000000D C ss:is_signal
RAM:00144103 0000000B C s:is_error
RAM:0014410E 00000012 C ss:is_method_call
RAM:00144120 00000016 C dbus.lowlevel.Message
RAM:00144136 0000001B C dbus.lowlevel.ErrorMessage
RAM:00144151 0000001C C dbus.lowlevel.SignalMessage
RAM:0014416D 00000009 C reply_to
RAM:00144176 0000000E C error_message
RAM:00144184 00000007 C method
RAM:0014418B 00000005 C copy
RAM:00144190 00000010 C guess_signature
RAM:001441A0 0000000F C get_auto_start
RAM:001441AF 0000000F C set_auto_start
RAM:001441BE 00000010 C get_destination
RAM:001441CE 0000000F C get_error_name
RAM:001441DD 0000000E C get_interface
RAM:001441EB 0000000B C get_member
RAM:001441F6 00000009 C get_path
RAM:001441FF 00000014 C get_path_decomposed
RAM:00144213 0000000D C get_no_reply
RAM:00144220 0000000D C set_no_reply
RAM:0014422D 00000011 C get_reply_serial
RAM:0014423E 00000011 C set_reply_serial
RAM:0014424F 0000000B C get_sender
RAM:0014425A 0000000B C get_serial
RAM:00144265 0000000E C get_signature
RAM:00144273 00000009 C get_type
RAM:0014427C 0000005F C Message object is uninitialized, or has become unusable due to error while appending arguments
RAM:001442DC 0000002D C A dbus.lowlevel.Message instance is required
RAM:0014430C 00000020 C dbus.lowlevel.MethodCallMessage
RAM:0014432C 00000022 C dbus.lowlevel.MethodReturnMessage
RAM:00144366 00000012 C |ii:get_args_list
RAM:00144378 0000000C C byte_arrays
RAM:00144384 0000000D C utf8_strings
RAM:00144394 00000024 C Unknown type '\\%x' in D-Bus message
RAM:001443B8 0000002C C get_args_list takes no positional arguments
RAM:00144448 00000008 C 2.4.2c1
RAM:00144450 0000000F C _dbus_bindings
RAM:0014445F 00000015 C org.freedesktop.DBus
RAM:00144474 00000010 C BUS_DAEMON_NAME
RAM:00144484 00000016 C /org/freedesktop/DBus
RAM:0014449A 00000010 C BUS_DAEMON_PATH
RAM:001444AA 00000011 C BUS_DAEMON_IFACE
RAM:001444BB 0000001C C /org/freedesktop/DBus/Local
RAM:001444D7 0000000B C LOCAL_PATH
RAM:001444E2 0000001B C org.freedesktop.DBus.Local
RAM:001444FD 0000000C C LOCAL_IFACE
RAM:00144509 00000015 C INTROSPECTABLE_IFACE
RAM:0014451E 0000001A C org.freedesktop.DBus.Peer
RAM:00144538 0000000B C PEER_IFACE
RAM:00144543 00000011 C PROPERTIES_IFACE
RAM:00144554 00000019 C DBUS_START_REPLY_SUCCESS
RAM:0014456D 0000001C C RELEASE_NAME_REPLY_RELEASED
RAM:00144589 0000001D C RELEASE_NAME_REPLY_NOT_OWNER
RAM:001445A6 0000001C C REQUEST_NAME_REPLY_IN_QUEUE
RAM:001445C2 0000001A C REQUEST_NAME_REPLY_EXISTS
RAM:001445DC 0000001C C NAME_FLAG_ALLOW_REPLACEMENT
RAM:001445F8 0000001B C NAME_FLAG_REPLACE_EXISTING
RAM:00144613 00000017 C NAME_FLAG_DO_NOT_QUEUE
RAM:0014462A 0000000C C BUS_SESSION
RAM:00144636 0000000B C BUS_SYSTEM
RAM:00144641 0000000C C BUS_STARTER
RAM:0014464D 00000015 C MESSAGE_TYPE_INVALID
RAM:00144662 00000019 C MESSAGE_TYPE_METHOD_CALL
RAM:0014467B 0000001B C MESSAGE_TYPE_METHOD_RETURN
RAM:00144696 00000013 C MESSAGE_TYPE_ERROR
RAM:001446A9 00000014 C MESSAGE_TYPE_SIGNAL
RAM:001446BD 0000000A C TYPE_BYTE
RAM:001446C7 0000000D C TYPE_BOOLEAN
RAM:001446D4 0000000B C TYPE_INT16
RAM:001446DF 0000000C C TYPE_UINT16
RAM:001446EB 0000000B C TYPE_INT32
RAM:001446F6 0000000C C TYPE_UINT32
RAM:00144702 0000000B C TYPE_INT64
RAM:0014470D 0000000C C TYPE_UINT64
RAM:00144719 0000000C C TYPE_DOUBLE
RAM:00144725 0000000C C TYPE_STRING
RAM:00144731 00000011 C TYPE_OBJECT_PATH
RAM:00144742 0000000F C TYPE_SIGNATURE
RAM:00144751 0000000B C TYPE_ARRAY
RAM:0014475C 0000000C C TYPE_STRUCT
RAM:00144768 0000000D C STRUCT_BEGIN
RAM:00144775 0000000B C STRUCT_END
RAM:00144780 0000000D C TYPE_VARIANT
RAM:0014478D 00000010 C TYPE_DICT_ENTRY
RAM:0014479D 00000011 C DICT_ENTRY_BEGIN
RAM:001447AE 0000000F C DICT_ENTRY_END
RAM:001447BD 00000017 C HANDLER_RESULT_HANDLED
RAM:001447D4 0000001B C HANDLER_RESULT_NEED_MEMORY
RAM:001447EF 0000000F C WATCH_READABLE
RAM:001447FE 0000000F C WATCH_WRITABLE
RAM:0014480D 0000000D C WATCH_HANGUP
RAM:0014481A 0000000C C WATCH_ERROR
RAM:00144826 00000011 C restructuredtext
RAM:00144837 0000000E C __docformat__
RAM:00144845 00000007 C 0.81.1
RAM:0014484C 0000000C C __version__
RAM:00144858 00000010 C _python_version
RAM:00144868 00000007 C _C_API
RAM:0014486F 00000017 C s:validate_object_path
RAM:00144886 00000017 C s|ii:validate_bus_name
RAM:0014489D 00000017 C s:validate_member_name
RAM:001448B4 0000001A C s:validate_interface_name
RAM:001448CE 00000016 C set_default_main_loop
RAM:001448E4 00000016 C get_default_main_loop
RAM:001448FA 00000014 C validate_error_name
RAM:0014490E 0000000D C allow_unique
RAM:0014491B 00000011 C allow_well_known
RAM:0014492C 00000024 C org.freedesktop.DBus.Introspectable
RAM:00144950 00000020 C org.freedesktop.DBus.Properties
RAM:00144970 00000021 C DBUS_START_REPLY_ALREADY_RUNNING
RAM:00144994 00000020 C RELEASE_NAME_REPLY_NON_EXISTENT
RAM:001449B4 00000021 C REQUEST_NAME_REPLY_PRIMARY_OWNER
RAM:001449D8 00000021 C REQUEST_NAME_REPLY_ALREADY_OWNER
RAM:001449FC 0000001F C HANDLER_RESULT_NOT_YET_HANDLED
RAM:00144A20 0000001A C dbus.lowlevel.PendingCall
RAM:00144A3A 00000006 C block
RAM:00144A40 00000007 C cancel
RAM:00144A47 0000000E C get_completed
RAM:00144A58 00000053 C D-Bus notify function was called for an incomplete pending call (shouldn't happen)
RAM:00144AAB 0000000C C s|O:__new__
RAM:00144AB7 0000000F C dbus.Signature
RAM:00144AC6 0000001E C _dbus_bindings._SignatureIter
RAM:00144AE4 00000069 C dbus-python is not compatible with this version of Python (unicode objects are assumed to be fixed-size)
RAM:00144B50 0000004C C The number of nested variants wrapping the real data. 0 if not in a variant
RAM:00144B9C 0000000C C s|l:__new__
RAM:00144BA8 00000010 C dbus.UTF8String
RAM:00144BB8 00000010 C dbus.ObjectPath
RAM:00144BC8 0000000C C dbus.String
RAM:00144BD4 00000006 C value
RAM:00144BDC 00000032 C Invalid object path '%s': does not start with '/'
RAM:00144C10 00000032 C Invalid object path '%s': contains substring '//'
RAM:00144C44 0000003A C Invalid object path '%s': contains invalid character '%c'
RAM:00144C80 0000003C C Invalid object path '%s': ends with '/' and is not just '/'
RAM:00144CBC 00000032 C Invalid interface or error name: may not be empty
RAM:00144CF0 00000042 C Invalid interface or error name '%s': too long (> 255 characters)
RAM:00144D34 0000003E C Invalid interface or error name '%s': contains substring '..'
RAM:00144D74 0000003E C Invalid interface or error name '%s': must not start with '.'
RAM:00144DB4 00000041 C Invalid interface or error name '%s': a digit may not follow '.'
RAM:00144DF8 00000042 C Invalid interface or error name '%s': must not start with a digit
RAM:00144E3C 00000046 C Invalid interface or error name '%s': contains invalid character '%c'
RAM:00144E84 0000003C C Invalid interface or error name '%s': must not end with '.'
RAM:00144EC0 00000037 C Invalid interface or error name '%s': must contain '.'
RAM:00144EF8 00000026 C Invalid member name: may not be empty
RAM:00144F20 00000036 C Invalid member name '%s': too long (> 255 characters)
RAM:00144F58 00000036 C Invalid member name '%s': must not start with a digit
RAM:00144F90 0000003A C Invalid member name '%s': contains invalid character '%c'
RAM:00144FCC 00000023 C Invalid bus name: may not be empty
RAM:00144FF0 00000010 C Invalid well-kno
d Code:
$(,048<@DHLSDGFJSD¤#&%/¤/"B¤%YPTX\\`dhlptx this would help those, that hunt for keys  now lets dump some stuff
__________________
 Last edited by zadow28; 04-10-2012 at 09:13 AM. |
|
|
Likes: (31) |
bigo93,
big_russ,
calo,
Deadman19,
eetz1,
ElSalvatore,
etertay,
EX-OD-US,
hellsing9,
Isakill,
KentaZX,
kira.30,
lufcmattylad,
marfoldi,
MarioTheMastermind666,
MethodXVI,
Mistawes,
nzie,
oPolo,
pampos,
Pedram_,
Reza684,
RickDangerous,
Royalkfox,
sahibunlimited,
screwingates,
shareboy,
Smoergler,
TheEvolution_PT,
Trokadero,
willemse21
|
|
04-11-2012
|
#42 |
|
Member
Join Date: Dec 2011
Posts: 360
Likes: 235
Liked 857 Times in 185 Posts
Mentioned: 188 Post(s)
Tagged: 0 Thread(s)
|
here is an update
got the debugger working with encrypted spu files. Now this is goona be very tecnical, so hope there are gonna be some math freaks out there. been testing this on the lv0 from 4.11. there are two goodies the debugger for spu encrypted files, and an exploit. Open ida pro 32 bit (important) For debugging encrypted elf choose metapc in ida, then bin file. Go to remote debugger options and choose, run command before debugging, choose full linux system. go setup host the choose localhost and choose port 8832. Wupti you go to debugging mode. Then there is the other thing this is for coders and math people Download this pack. http://www.filedropper.com/pdbforida they contains of PDB files (information Files) go to file------->load pdb------------>open one of the pdb files. uncheck local types the PDB information files loads into ida and the lv0 you could just load the header PDB, and delete the header section but we will load one of the crypto information files. Now in the function windows all the crypted places in the lv0 shows. and there are alot since its encrypted.  but the information files are clever and can tell what the areas of the files means. and renames the funtions. here are just some Scrool that way -------------> Code:
CryptoPP::ClonableImpl<CryptoPP::SHA1,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<uint,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,64,CryptoPP::HashTransformation>,CryptoPP::SHA1>>::ClonableImpl<CryptoPP::SHA1,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<uint,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,64,CryptoPP::HashTransformation>,CryptoPP::SHA1>>(ClonableImpl<CryptoPP::SHA1,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<uint,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,64,CryptoPP::HashTransformation>,CryptoPP::SHA1>>::ClonableImpl<CryptoPP::SHA1,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<uint,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,64,CryptoPP::HashTransformation>,CryptoPP::SHA1>> const &) seg000 00027C80 0000002D R . . . . T . CryptoPP::ClonableImpl<CryptoPP::SHA1,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<uint,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,64,CryptoPP::HashTransformation>,CryptoPP::SHA1>>::ClonableImpl<CryptoPP::SHA1,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<uint,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,64,CryptoPP::HashTransformation>,CryptoPP::SHA1>>(void) seg000 00019900 00000039 R . . . . T . CryptoPP::ClonableImpl<CryptoPP::SHA1,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<uint,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,64,CryptoPP::HashTransformation>,CryptoPP::SHA1>>::Clone(void) seg000 0002EBD0 00000097 R . . . . T . CryptoPP::ClonableImpl<CryptoPP::SHA1,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<uint,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,64,CryptoPP::HashTransformation>,CryptoPP::SHA1>>::operator=(CryptoPP::ClonableImpl<CryptoPP::SHA1,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<uint,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,64,CryptoPP::HashTransformation>,CryptoPP::SHA1>> const &) seg000 00027870 0000002D R . . . . T . CryptoPP::ClonableImpl<CryptoPP::SHA1,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<uint,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,64,CryptoPP::HashTransformation>,CryptoPP::SHA1>>::~ClonableImpl<CryptoPP::SHA1,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<uint,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,64,CryptoPP::HashTransformation>,CryptoPP::SHA1>>(void) seg000 00027FF0 00000025 R . . . . T . CryptoPP::ClonableImpl<CryptoPP::SHA224,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<uint,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,64,CryptoPP::HashTransformation>,CryptoPP::SHA224>>::Clone(void) seg000 0002F320 00000097 R . . . . T . CryptoPP::ClonableImpl<CryptoPP::SHA256,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<uint,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,64,CryptoPP::HashTransformation>,CryptoPP::SHA256>>::Clone(void) seg000 0002EFF0 00000097 R . . . . T . CryptoPP::ClonableImpl<CryptoPP::SHA384,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA384>>::ClonableImpl<CryptoPP::SHA384,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA384>>(ClonableImpl<CryptoPP::SHA384,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA384>>::ClonableImpl<CryptoPP::SHA384,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA384>> const &) seg000 0001AA7C 00000004 R . . . . T . CryptoPP::ClonableImpl<CryptoPP::SHA384,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA384>>::ClonableImpl<CryptoPP::SHA384,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA384>>(ClonableImpl<CryptoPP::SHA384,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA384>>::ClonableImpl<CryptoPP::SHA384,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA384>> const &) seg000 00028390 0000002E R . . . . T . CryptoPP::ClonableImpl<CryptoPP::SHA384,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA384>>::Clone(void) seg000 0002FA80 00000097 R F . . . T . CryptoPP::ClonableImpl<CryptoPP::SHA384,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA384>>::operator=(CryptoPP::ClonableImpl<CryptoPP::SHA384,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA384>> const &) seg000 0001ABC0 0000000B R . . . . T . CryptoPP::ClonableImpl<CryptoPP::SHA384,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA384>>::~ClonableImpl<CryptoPP::SHA384,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA384>>(void) seg000 0001AB70 0000001D R . . . . T . CryptoPP::ClonableImpl<CryptoPP::SHA512,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA512>>::ClonableImpl<CryptoPP::SHA512,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA512>>(void) seg000 000287F0 00000027 R . . . . T . CryptoPP::ClonableImpl<CryptoPP::SHA512,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA512>>::operator=(CryptoPP::ClonableImpl<CryptoPP::SHA512,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA512>> const &) seg000 000283F0 0000002D R F . . . T . CryptoPP::ClonableImpl<CryptoPP::SHA512,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA512>>::~ClonableImpl<CryptoPP::SHA512,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned __int64,CryptoPP::EnumToType<CryptoPP::ByteOrder,1>,128,CryptoPP::HashTransformation>,CryptoPP::SHA512>>(void) seg000 000283C0 00000024 R . . . . T . Now we press one function it goes to ida view Then we press F5 to show the calls. and Wupti this is the first SHA1 funtion showed Code:
void __thiscall CryptoPP__ClonableImpl_CryptoPP__SHA1_CryptoPP__AlgorithmImpl_CryptoPP__IteratedHash_unsigned_int_CryptoPP__EnumToType_enum__CryptoPP__ByteOrder_1__64_CryptoPP__HashTransformation__CryptoPP__SHA1____ClonableImpl_CryptoPP__SHA1_CryptoPP__AlgorithmImpl_CryptoPP__IteratedHash_unsigned_int_CryptoPP__EnumToType_enum__CryptoPP__ByteOrder_1__64_CryptoPP__HashTransformation__CryptoPP__SHA1__(CryptoPP::ClonableImpl<CryptoPP::SHA224,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned int,CryptoPP::EnumToType<enum CryptoPP::ByteOrder,1>,64,CryptoPP::HashTransformation>,CryptoPP::SHA224> > *this, CryptoPP::ClonableImpl<CryptoPP::SHA224,CryptoPP::AlgorithmImpl<CryptoPP::IteratedHash<unsigned int,CryptoPP::EnumToType<enum CryptoPP::ByteOrder,1>,64,CryptoPP::HashTransformation>,CryptoPP::SHA224> > *__that)
{
_CF = 1;
_OF = 0;
_AL = -47;
_ZF = 0;
_SF = 1;
__asm
{
daa
pushf
}
JUMPOUT(*(int *)unk_27C93);
}
or the key agreement function showed. Code:
void __usercall CryptoPP__DL_KeyAgreementAlgorithm_DH_CryptoPP__Integer_CryptoPP__EnumToType_enum_CryptoPP__CofactorMultiplicationOption_0_____AgreeWithStaticPrivateKey____1___dtor_9(int a1<edx>, int a2<ecx>, int a3<esi>, int a4, int a5, int a6, int a7, int a8, int a9, int a10, int a11, int a12, int a13)
{
char v13; // t0@1
int v14; // eax@1
int v15; // ecx@1
v13 = __ROL__(*(_BYTE *)(a2 + 1684849656), a2);
*(_BYTE *)(a2 + 1684849656) = v13;
v14 = *(_DWORD *)(a3 + 4);
*((_BYTE *)&a13 + 8 * a2 + 3) ^= BYTE1(v14);
v15 = a2 - 1;
LOBYTE(v14) = v15 | v14;
vf352b1d1 = v14;
*(_DWORD *)(2 * a1 + 0x78732B0E) |= v15;
__asm { iret }
}
Code:
CryptoPP::PrivateKey *__cdecl _AccessPrivateKey___TF_ObjectImplBase_VTF_DecryptorBase_CryptoPP__U__TF_CryptoSchemeOptions_V__TF_ES_V__OAEP_VSHA1_CryptoPP__VP1363_MGF1_2__CryptoPP__URSA_2_H_CryptoPP__URSA_2_V__OAEP_VSHA1_CryptoPP__VP1363_MGF1_2__2__2_VInvertibleRSAFunction_2__CryptoPP__UEAAAEAVPrivateKey_2_XZ(CryptoPP::TF_ObjectImplBase<CryptoPP::TF_DecryptorBase,CryptoPP::TF_CryptoSchemeOptions<CryptoPP::TF_ES<CryptoPP::OAEP<CryptoPP::SHA1,CryptoPP::P1363_MGF1>,CryptoPP::RSA,int>,CryptoPP::RSA,CryptoPP::OAEP<CryptoPP::SHA1,CryptoPP::P1363_MGF1> >,CryptoPP::Inv *this)
{
signed __int16 v1; // ax@1
char v2; // sf@1
char v3; // of@1
int v4; // ebx@1
int v5; // edi@1
JUMPOUT();
HIBYTE(v1) ^= 0x80u;
UNDEF(v2);
UNDEF(v3);
*(_BYTE *)(v5 + 11) = v1 / *(_BYTE *)(v4 - 11);
JUMPOUT(
!((unsigned __int8)v2 ^ (unsigned __int8)v3),
*(unsigned int *)((char *)_AlgorithmName___AlgorithmImpl_VTF_DecryptorBase_CryptoPP__V__TF_ES_V__OAEP_VSHA1_CryptoPP__VP1363_MGF1_2__CryptoPP__URSA_2_H_2__CryptoPP__UEBA_AV__basic_string_DU__char_traits_D_std__V__allocator_D_2__std__XZ
+ 1));
__asm { bound esi, [ebx-2C94F74Dh] }
_EAX = 904458821;
__asm { aad 0FEh }
JUMPOUT(*(int *)_GetPrivateKey___TF_ObjectImplBase_VTF_DecryptorBase_CryptoPP__U__TF_CryptoSchemeOptions_V__TF_ES_V__OAEP_VSHA1_CryptoPP__VP1363_MGF1_2__CryptoPP__URSA_2_H_CryptoPP__URSA_2_V__OAEP_VSHA1_CryptoPP__VP1363_MGF1_2__2__2_VInvertibleRSAFunction_2__CryptoPP__UEBAAEBVPrivateKey_2_XZ);
So we got debugging of encrypted lv0 from 4.11 and function calls. the funtions calls are pretty long but not is all about keys. and all the function for the algorytme are there too, we just have to keep pressing F5 this if the coders and math people go together, no one can stop you. I would recommend loading the header information files. and get the information about the header. regards
__________________
Last edited by zadow28; 04-11-2012 at 06:19 AM. |
|
|
|
Likes: (26) |
-eH-,
badsnoopdog,
big_russ,
calo,
Deadman19,
DEFAULTDNB,
eetz1,
FirefoxRuels,
hellsing9,
HipHopStyler,
jr3277,
KentaZX,
landon,
Mackdanny,
mcmrc1,
MethodXVI,
mrBear,
mrc1978,
Mystic Racer,
nzie,
ocam,
oPolo,
pratiko,
TheEvolution_PT,
v8s10,
zizoux
|
|
04-11-2012
|
#43 |
|
Member
Join Date: Dec 2011
Posts: 360
Likes: 235
Liked 857 Times in 185 Posts
Mentioned: 188 Post(s)
Tagged: 0 Thread(s)
|
update
i have unself and signed the eboot from Two TB games. with 3.55 keys Batman: Arkham City http://www.filefactory.com/file/1nyi...t3.55EBOOT.zip and ace combat Assault_Horizon http://www.filedropper.com/showdownl...acecombateboot i was then able to sign with 3.55 keys. one fellow in irc tryed on rebug, but dindt run. so check and try them out. the eboot.bin unself without errors and the hex is readeble.. eboot ace combat Assault_Horizon with TB and with my signed 3.55. Code:
zadow @zadow -PC ~ $ readself eboot.bin SELF header elf #1 offset: 00000000_00000090 header len: 00000000_00000980 meta offset: 00000000_00000410 phdr offset: 00000000_00000040 shdr offset: 00000000_00a5ab48 file size: 00000000_00a5aa98 auth id: 10100000_01000003 (Unknown) vendor id: 01000002 info offset: 00000000_00000070 sinfo offset: 00000000_00000290 version offset: 00000000_00000390 control info: 00000000_000003c0 (00000000_00000070 bytes) app version: 1.0.0 SDK type: Devkit app type: application Control info control flags: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 file digest: 62 7c b1 80 8a b9 38 e3 2c 8c 09 17 08 72 6a 57 9e 25 86 e4 c9 d7 a1 d5 3f c7 f3 46 c1 11 cb b1 75 85 46 a8 c7 6f 97 6f Section header offset size compressed unk1 unk2 encrypted 00000000_00000980 00000000_009e9268 [NO ] 00000000 00000000 [NO ] 00000000_009f0980 00000000_00063d7c [NO ] 00000000 00000000 [NO ] 00000000_00a546fc 00000000_00000000 [NO ] 00000000 00000000 [NO ] 00000000_00a546fc 00000000_00000000 [NO ] 00000000 00000000 [NO ] 00000000_00a546fc 00000000_00000000 [NO ] 00000000 00000000 [NO ] 00000000_00a42db0 00000000_00000004 [NO ] 00000000 00000000 [N/A] 00000000_009e9b80 00000000_00000028 [NO ] 00000000 00000000 [N/A] 00000000_009e9ba8 00000000_00000040 [NO ] 00000000 00000000 [N/A] Encrypted Metadata no encrypted metadata in fselfs. ELF header type: Executable file machine: PowerPC64 version: 1 phdr offset: 00000000_00000040 shdr offset: 00000000_00a5a258 entry: 00000000_00a19ef0 flags: 00000000 header size: 00000040 program header size: 00000038 program headers: 8 section header size: 00000040 section headers: 33 section header string table index: 32 Program headers type offset vaddr paddr memsize filesize PPU SPE RSX align LOAD 00000000_00000000 00000000_00010000 00000000_00010000 00000000_009e9268 00000000_009e9268 r-x r-- --- 00000000_00010000 LOAD 00000000_009f0000 00000000_00a00000 00000000_00a00000 00000000_005f36f8 00000000_00063d7c rw- rw- --- 00000000_00010000 LOAD 00000000_00a53d7c 00000000_00000000 00000000_00000000 00000000_00000000 00000000_00000000 r-- --- --- 00000000_00010000 LOAD 00000000_00a53d7c 00000000_00000000 00000000_00000000 00000000_00000000 00000000_00000000 rw- --- --- 00000000_00010000 LOAD 00000000_00a53d7c 00000000_00000000 00000000_00000000 00000000_00000000 00000000_00000000 rw- rw- rw- 00000000_00010000 ????? 00000000_00a42430 00000000_00a52430 00000000_00a52430 00000000_00000260 00000000_00000004 r-- --- --- 00000000_00000008 ????? 00000000_009e9200 00000000_009f9200 00000000_009f9200 00000000_00000028 00000000_00000028 --- --- --- 00000000_00000008 ????? 00000000_009e9228 00000000_009f9228 00000000_009f9228 00000000_00000040 00000000_00000040 --- --- --- 00000000_00000004 Section headers [Nr] Name Type Addr ES Flg Lk Inf Al Off Size [00] <no-name> NULL 00000000_00000000 00 00 000 00 00000000_00000000 00000000_00000000 [01] <no-name> PROGBITS 00000000_00010200 00 wa 00 000 04 00000000_00000200 00000000_0000003c [02] <no-name> PROGBITS 00000000_00010240 00 wa 00 000 16 00000000_00000240 00000000_007f3cf8 [03] <no-name> PROGBITS 00000000_00803f38 00 wa 00 000 04 00000000_007f3f38 00000000_00000034 [04] <no-name> PROGBITS 00000000_00803f6c 00 wa 00 000 04 00000000_007f3f6c 00000000_00003220 [05] <no-name> PROGBITS 00000000_008071a0 00 wa 00 000 04 00000000_007f71a0 00000000_00017838 [06] <no-name> PROGBITS 00000000_0081e9d8 00 a 00 000 04 00000000_0080e9d8 00000000_00002268 [07] <no-name> PROGBITS 00000000_00820c40 00 a 00 000 04 00000000_00810c40 00000000_00000644 [08] <no-name> PROGBITS 00000000_00821284 00 a 00 000 04 00000000_00811284 00000000_00000004 [09] <no-name> PROGBITS 00000000_00821288 00 a 00 000 04 00000000_00811288 00000000_0000001c [10] <no-name> PROGBITS 00000000_008212a4 00 a 00 000 04 00000000_008112a4 00000000_00000004 [11] <no-name> PROGBITS 00000000_008212a8 00 a 00 000 04 00000000_008112a8 00000000_00000004 [12] <no-name> PROGBITS 00000000_008212ac 00 a 00 000 04 00000000_008112ac 00000000_000004d0 [13] <no-name> PROGBITS 00000000_0082177c 00 a 00 000 04 00000000_0081177c 00000000_00000004 [14] <no-name> PROGBITS 00000000_00821780 00 a 00 000 16 00000000_00811780 00000000_00063cf8 [15] <no-name> PROGBITS 00000000_00885478 00 a 00 000 08 00000000_00875478 00000000_00000020 [16] <no-name> PROGBITS 00000000_00885500 00 a 00 000 128 00000000_00875500 00000000_00173c80 [17] <no-name> PROGBITS 00000000_009f9180 00 ae 00 000 08 00000000_009e9180 00000000_00000028 [18] <no-name> PROGBITS 00000000_009f91a8 00 a 00 000 04 00000000_009e91a8 00000000_00000040 [19] <no-name> PROGBITS 00000000_00a00000 00 ae 00 000 04 00000000_009f0000 00000000_00000488 [20] <no-name> PROGBITS 00000000_00a00488 00 ae 00 000 04 00000000_009f0488 00000000_000002c0 [21] <no-name> PROGBITS 00000000_00a00748 00 ae 00 000 04 00000000_009f0748 00000000_00000004 [22] <no-name> PROGBITS 00000000_00a00750 00 ae 00 000 08 00000000_009f0750 00000000_00019148 [23] <no-name> PROGBITS 00000000_00a19898 00 ae 00 000 04 00000000_00a09898 00000000_00000644 [24] <no-name> PROGBITS 00000000_00a19ee0 00 ae 00 000 08 00000000_00a09ee0 00000000_00017840 [25] <no-name> PROGBITS 00000000_00a31720 00 ae 00 000 08 00000000_00a21720 00000000_00020d08 [26] <no-name> PROGBITS 00000000_00a52428 00 ae 00 000 04 00000000_00a42428 00000000_00000004 [27] <no-name> NOBITS 00000000_00a52430 00 ae 00 000 08 00000000_00a4242c 00000000_00000258 [28] <no-name> PROGBITS 00000000_00a52700 00 ae 00 000 128 00000000_00a42700 00000000_0001167c [29] <no-name> NOBITS 00000000_00a63d80 00 ae 00 000 128 00000000_00a53d7c 00000000_0058f978 [30] <no-name> PROGBITS 00000000_00000000 00 00 000 04 00000000_00a53d7c 00000000_00002a18 [31] <no-name> PROGBITS 00000000_00000000 00 00 000 01 00000000_00a56794 00000000_0000397f [32] <no-name> STRTAB 00000000_00000000 00 00 000 01 00000000_00a5a113 00000000_00000145 zadow @zadow -PC ~ $ readself acecombatEBOOT.BIN SELF header elf #1 offset: 00000000_00000090 header len: 00000000_00000a80 meta offset: 00000000_000004b0 phdr offset: 00000000_00000048 shdr offset: 00000000_00a4e630 file size: 00000000_00a5b2e3 auth id: 10100000_01000003 (Unknown) vendor id: 01000002 info offset: 00000000_00000070 sinfo offset: 00000000_000002a0 version offset: 00000000_000003a0 control info: 00000000_000003d0 (00000000_00000100 bytes) app version: 3.55.0 SDK type: Retail app type: NP-DRM application Control info control flags: 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 file digest: 62 7c b1 80 8a b9 38 e3 2c 8c 09 17 08 72 6a 57 9e 25 86 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 NPDRM info: magic: 4e504400 unk0 : 00000001 unk1 : 00000003 unk2 : 00000001 content_id: UP0001-ABCD12345_00-0000111122223333 digest: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 invdigest: 7a b5 e8 d3 4e df f5 a7 9d dc 66 5d 0a ca 43 09 xordigest: 2e cd 8d f6 9f 64 1d 74 45 74 80 0d 39 57 46 95 Section header offset size compressed unk1 unk2 encrypted 00000000_00000a80 00000000_009e9da0 [YES] 00000000 00000000 [YES] 00000000_009ea820 00000000_00063dff [YES] 00000000 00000000 [YES] 00000000_00a4e620 00000000_00000008 [YES] 00000000 00000000 [YES] 00000000_00a4e630 00000000_00000008 [YES] 00000000 00000000 [YES] 00000000_00a4e640 00000000_00000000 [NO ] 00000000 00000000 [YES] 00000000_00a4e640 00000000_00000004 [NO ] 00000000 00000000 [N/A] 00000000_00a4e650 00000000_00000028 [NO ] 00000000 00000000 [N/A] 00000000_00a4e680 00000000_00000040 [NO ] 00000000 00000000 [N/A] Encrypted Metadata unable to decrypt metadata ELF header type: Executable file machine: PowerPC64 version: 1 phdr offset: 00000000_00000048 shdr offset: 00000000_00a5aa98 entry: 00000000_00a19ef0 flags: 00000000 header size: 00000040 program header size: 00000038 program headers: 8 section header size: 00000040 section headers: 33 section header string table index: 32 Program headers type offset vaddr paddr memsize filesize PPU SPE RSX align LOAD 00000000_00000000 00000000_00010000 00000000_00010000 00000000_009e9268 00000000_009e9268 r-x r-- --- 00000000_00010000 LOAD 00000000_009f0000 00000000_00a00000 00000000_00a00000 00000000_005f36f8 00000000_00063d7c rw- rw- --- 00000000_00010000 LOAD 00000000_00a53d7c 00000000_00000000 00000000_00000000 00000000_00000000 00000000_00000000 r-- --- --- 00000000_00010000 LOAD 00000000_00a53d7c 00000000_00000000 00000000_00000000 00000000_00000000 00000000_00000000 rw- --- --- 00000000_00010000 LOAD 00000000_00a53d7c 00000000_00000000 00000000_00000000 00000000_00000000 00000000_00000000 rw- rw- rw- 00000000_00010000 ????? 00000000_00a42430 00000000_00a52430 00000000_00a52430 00000000_00000260 00000000_00000004 r-- --- --- 00000000_00000008 ????? 00000000_009e9200 00000000_009f9200 00000000_009f9200 00000000_00000028 00000000_00000028 --- --- --- 00000000_00000008 ????? 00000000_009e9228 00000000_009f9228 00000000_009f9228 00000000_00000040 00000000_00000040 --- --- --- 00000000_00000004 Section headers [Nr] Name Type Addr ES Flg Lk Inf Al Off Size [00] <no-name> NULL 00000000_00000000 00 00 000 00 00000000_00000000 00000000_00000000 [01] <no-name> PROGBITS 00000000_00010200 00 wa 00 000 04 00000000_00000200 00000000_0000003c [02] <no-name> PROGBITS 00000000_00010240 00 wa 00 000 16 00000000_00000240 00000000_007f3cf8 [03] <no-name> PROGBITS 00000000_00803f38 00 wa 00 000 04 00000000_007f3f38 00000000_00000034 [04] <no-name> PROGBITS 00000000_00803f6c 00 wa 00 000 04 00000000_007f3f6c 00000000_00003220 [05] <no-name> PROGBITS 00000000_008071a0 00 wa 00 000 04 00000000_007f71a0 00000000_00017838 [06] <no-name> PROGBITS 00000000_0081e9d8 00 a 00 000 04 00000000_0080e9d8 00000000_00002268 [07] <no-name> PROGBITS 00000000_00820c40 00 a 00 000 04 00000000_00810c40 00000000_00000644 [08] <no-name> PROGBITS 00000000_00821284 00 a 00 000 04 00000000_00811284 00000000_00000004 [09] <no-name> PROGBITS 00000000_00821288 00 a 00 000 04 00000000_00811288 00000000_0000001c [10] <no-name> PROGBITS 00000000_008212a4 00 a 00 000 04 00000000_008112a4 00000000_00000004 [11] <no-name> PROGBITS 00000000_008212a8 00 a 00 000 04 00000000_008112a8 00000000_00000004 [12] <no-name> PROGBITS 00000000_008212ac 00 a 00 000 04 00000000_008112ac 00000000_000004d0 [13] <no-name> PROGBITS 00000000_0082177c 00 a 00 000 04 00000000_0081177c 00000000_00000004 [14] <no-name> PROGBITS 00000000_00821780 00 a 00 000 16 00000000_00811780 00000000_00063cf8 [15] <no-name> PROGBITS 00000000_00885478 00 a 00 000 08 00000000_00875478 00000000_00000020 [16] <no-name> PROGBITS 00000000_00885500 00 a 00 000 128 00000000_00875500 00000000_00173c80 [17] <no-name> PROGBITS 00000000_009f9180 00 ae 00 000 08 00000000_009e9180 00000000_00000028 [18] <no-name> PROGBITS 00000000_009f91a8 00 a 00 000 04 00000000_009e91a8 00000000_00000040 [19] <no-name> PROGBITS 00000000_00a00000 00 ae 00 000 04 00000000_009f0000 00000000_00000488 [20] <no-name> PROGBITS 00000000_00a00488 00 ae 00 000 04 00000000_009f0488 00000000_000002c0 [21] <no-name> PROGBITS 00000000_00a00748 00 ae 00 000 04 00000000_009f0748 00000000_00000004 [22] <no-name> PROGBITS 00000000_00a00750 00 ae 00 000 08 00000000_009f0750 00000000_00019148 [23] <no-name> PROGBITS 00000000_00a19898 00 ae 00 000 04 00000000_00a09898 00000000_00000644 [24] <no-name> PROGBITS 00000000_00a19ee0 00 ae 00 000 08 00000000_00a09ee0 00000000_00017840 [25] <no-name> PROGBITS 00000000_00a31720 00 ae 00 000 08 00000000_00a21720 00000000_00020d08 [26] <no-name> PROGBITS 00000000_00a52428 00 ae 00 000 04 00000000_00a42428 00000000_00000004 [27] <no-name> NOBITS 00000000_00a52430 00 ae 00 000 08 00000000_00a4242c 00000000_00000258 [28] <no-name> PROGBITS 00000000_00a52700 00 ae 00 000 128 00000000_00a42700 00000000_0001167c [29] <no-name> NOBITS 00000000_00a63d80 00 ae 00 000 128 00000000_00a53d7c 00000000_0058f978 [30] <no-name> PROGBITS 00000000_00000000 00 00 000 04 00000000_00a53d7c 00000000_00002a18 [31] <no-name> PROGBITS 00000000_00000000 00 00 000 01 00000000_00a56794 00000000_0000397f [32] <no-name> STRTAB 00000000_00000000 00 00 000 01 00000000_00a5b2d8 00000000_0000000b zadow @zadow -PC ~ $ Code:
4A 75 6E 65 00 4A 75 6C 79 00 41 pril.June.July.A 00 53 65 70 74 65 6D 62 65 72 00 ugust.September. 65 72 00 4E 6F 76 65 6D 62 65 72 October.November 6D 62 65 72 00 41 4D 00 50 4D 00 .December.AM.PM. 20 25 65 20 25 48 3A 25 4D 3A 25 %a %b %e %H:%M:% 25 6D 2F 25 64 2F 25 79 00 25 48 S %Y.%m/%d/%y.%H 53 00 25 49 3A 25 4D 3A 25 53 20 :%M:%S.%I:%M:%S 04 00 01 00 25 61 20 25 62 20 25 %p.......%a %b % 25 4D 3A 25 53 20 25 5A 20 25 59 e %H:%M:%S %Z %Y 25 67 25 74 25 6D 25 74 25 66 00 .%p%t%g%t%m%t%f. 61 20 25 6C 00 49 53 4F 2F 49 45 +%c %a %l.ISO/IE 35 32 20 69 31 38 6E 20 46 44 43 C 14652 i18n FDC 00 4B 65 6C 64 20 53 69 6D 6F 6E C-set.Keld Simon 65 6C 64 40 64 6B 75 75 67 2E 64 sen.keld@dkuug.d 20 33 31 32 32 2D 36 35 34 33 00 k.+45 3122-6543. 33 32 35 2D 36 35 34 33 00 49 53 +45 3325-6543.IS 00 31 39 39 37 2D 31 32 2D 32 30 O.1.0.1997-12-20 00 50 4F 53 49 58 00 41 4E 53 49 .libc.POSIX.ANSI 2D 31 39 36 38 00 55 6E 65 78 70 _X3.4-1968.Unexp 20 65 72 72 6F 72 2E 0A 00 4F 55 ected error...OU 43 48 41 52 53 45 54 00 63 68 61 TPUT_CHARSET.cha 00 4C 41 4E 47 55 41 47 45 00 6D rset=.LANGUAGE.m 65 73 00 2F 75 73 72 2F 73 68 61 essages./usr/sha 63 61 6C 65 00 6C 6C 64 00 6C 6C re/locale.lld.ll 00 6C 6C 75 00 6C 6C 78 00 6C 6C i.llo.llu.llx.ll 72 61 6C 3D 00 6E 70 6C 75 72 61 X.plural=.nplura 4C 53 50 41 54 48 00 69 6E 66 00 ls=.NLSPATH.inf. 00 6E 61 6E 00 2D 63 00 2F 62 69 inity.nan.-c./bi 65 78 69 74 20 30 00 4D 53 47 56 n/sh.exit 0.MSGV 45 56 5F 4C 45 56 45 4C 00 20 20 ERB.SEV_LEVEL. 49 58 3A 20 00 25 73 25 73 25 73 .TO FIX: .%s%s%s 73 25 73 25 73 25 73 25 73 0A 00 %s%s%s%s%s%s%s.. 57 41 52 4E 49 4E 47 00 45 52 52 INFO.WARNING.ERR 4C 54 00 74 6F 5F 6F 75 74 70 75 OR.HALT.to_outpu 6E 69 6C 29 00 28 6E 75 6C 6C 29 nct.(nil).(null) 49 4E 46 00 74 6F 5F 69 6E 70 75 .NAN.INF.to_inpu 2B 00 25 73 25 73 55 6E 6B 6E 6F nct.w+.%s%sUnkno 67 6E 61 6C 20 25 64 0A 00 55 6E wn signal %d..Un 20 73 69 67 6E 61 6C 00 74 6D 70 known signal.tmp 00 54 4D 50 44 49 52 00 2F 74 6D f.w+b.TMPDIR./tm 73 2F 25 2E 2A 73 58 58 58 58 58 p.%.*s/%.*sXXXXX 6F 63 2F 73 65 6C 66 2F 66 64 00 X./proc/self/fd. 2F 73 65 6C 66 2F 66 64 2F 25 64 /proc/self/fd/%d 75 63 63 65 73 73 00 4F 70 65 72 /%s.Success.Oper 20 6E 6F 74 20 70 65 72 6D 69 74 ation not permit 6F 20 73 75 63 68 20 66 69 6C 65 ted.No such file 69 72 65 63 74 6F 72 79 00 4E 6F or directory.No 20 70 72 6F 63 65 73 73 00 49 6E such process.In 70 74 65 64 20 73 79 73 74 65 6D terrupted system 00 49 6E 70 75 74 2F 6F 75 74 70 call.Input/outp 72 6F 72 00 4E 6F 20 73 75 63 68 ut error.No such 63 65 20 6F 72 20 61 64 64 72 65 device or addre 67 75 6D 65 6E 74 20 6C 69 73 74 ss.Argument list 6C 6F 6E 67 00 45 78 65 63 20 66 too long.Exec f 20 65 72 72 6F 72 00 42 61 64 20 ormat error.Bad 64 65 73 63 72 69 70 74 6F 72 00 file descriptor. 69 6C 64 20 70 72 6F 63 65 73 73 No child process 6E 6E 6F 74 20 61 6C 6C 6F 63 61 es.Cannot alloca 6D 6F 72 79 00 50 65 72 6D 69 73 te memory.Permis 64 65 6E 69 65 64 00 42 61 64 20 sion denied.Bad 73 73 00 42 6C 6F 63 6B 20 64 65 address.Block de 72 65 71 75 69 72 65 64 00 44 65 vice required.De 6F 72 20 72 65 73 6F 75 72 63 65 vice or resource 00 46 69 6C 65 20 65 78 69 73 74 busy.File exist 61 6C 69 64 20 63 72 6F 73 73 2D s.Invalid cross- 65 20 6C 69 6E 6B 00 4E 6F 20 73 device link.No s 65 76 69 63 65 00 4E 6F 74 20 61 uch device.Not a 63 74 6F 72 79 00 49 73 20 61 20 directory.Is a 74 6F 72 79 00 49 6E 76 61 6C 69 directory.Invali 75 6D 65 6E 74 00 54 6F 6F 20 6D d argument.Too m 70 65 6E 20 66 69 6C 65 73 20 69 any open files i 74 65 6D 00 54 6F 6F 20 6D 61 6E n system.Too man 6E 20 66 69 6C 65 73 00 54 65 78 y open files.Tex 65 20 62 75 73 79 00 46 69 6C 65 t file busy.File 6C 61 72 67 65 00 4E 6F 20 73 70 too large.No sp 65 66 74 20 6F 6E 20 64 65 76 69 ace left on devi 6C 65 67 61 6C 20 73 65 65 6B 00 ce.Illegal seek. 6F 6E 6C 79 20 66 69 6C 65 20 73 Read-only file s 00 54 6F 6F 20 6D 61 6E 79 20 6C ystem.Too many l 42 72 6F 6B 65 6E 20 70 69 70 65 inks.Broken pipe 72 69 63 61 6C 20 72 65 73 75 6C .Numerical resul 20 6F 66 20 72 61 6E 67 65 00 52 t out of range.R 63 65 20 64 65 61 64 6C 6F 63 6B esource deadlock 64 65 64 00 46 69 6C 65 20 6E 61 avoided.File na 6F 20 6C 6F 6E 67 00 4E 6F 20 6C me too long.No l 61 76 61 69 6C 61 62 6C 65 00 46 ocks available.F 6F 6E 20 6E 6F 74 20 69 6D 70 6C unction not impl 65 64 00 44 69 72 65 63 74 6F 72 emented.Director 20 65 6D 70 74 79 00 4E 6F 20 6D y not empty.No m 65 20 6F 66 20 64 65 73 69 72 65 essage of desire 65 00 49 64 65 6E 74 69 66 69 65 d type.Identifie 6F 76 65 64 00 43 68 61 6E 6E 65 r removed.Channe 62 65 72 20 6F 75 74 20 6F 66 20 l number out of 00 4C 65 76 65 6C 20 32 20 6E 6F range.Level 2 no 63 68 72 6F 6E 69 7A 65 64 00 4C t synchronized.L 33 20 68 61 6C 74 65 64 00 4C 65 evel 3 halted.Le 20 72 65 73 65 74 00 4C 69 6E 6B vel 3 reset.Link 65 72 20 6F 75 74 20 6F 66 20 72 number out of r 50 72 6F 74 6F 63 6F 6C 20 64 72 ange.Protocol dr 6E 6F 74 20 61 74 74 61 63 68 65 iver not attache 43 53 49 20 73 74 72 75 63 74 75 d.No CSI structu 61 69 6C 61 62 6C 65 00 4C 65 76 re available.Lev 68 61 6C 74 65 64 00 49 6E 76 61 el 2 halted.Inva 78 63 68 61 6E 67 65 00 49 6E 76 lid exchange.Inv 72 65 71 75 65 73 74 20 64 65 73 alid request des 6F 72 00 45 78 63 68 61 6E 67 65 criptor.Exchange reagards and diskuess here http://www.ps3hax.net/showthread.php?t=36146&page=34
__________________
Last edited by zadow28; 04-11-2012 at 04:48 PM. |
|
|
|
Likes: (4) |
|
04-11-2012
|
#44 |
|
Member
 Join Date: Nov 2011
Posts: 88
Likes: 4
Liked 13 Times in 11 Posts
Mentioned: 3 Post(s)
Tagged: 0 Thread(s)
|
it can only works with TB or it doesnt needed?
|
|
|
|
04-11-2012
|
#45 | |
|
Member
Join Date: Dec 2011
Posts: 360
Likes: 235
Liked 857 Times in 185 Posts
Mentioned: 188 Post(s)
Tagged: 0 Thread(s)
|
that would be an kick in the face. and post here this is read only please. http://www.ps3hax.net/showthread.php?t=36146&page=34
__________________
|
|
|
|
|
Likes: (2) |
|
04-12-2012
|
#46 |
  
Join Date: Jun 2009
Location: up sh*t creek without a paddle
Posts: 7,645
Likes: 2,746
Liked 5,253 Times in 2,513 Posts
Mentioned: 358 Post(s)
Tagged: 1 Thread(s)
|
AttentionI think we are all sick of babysitting this thread now. @zadow28 when you wish to update this thread pm or ask a mod on irc to unlock it for you. Stick to the discussion thread for everything else people. |
|
|
 |
| Bookmarks |
| Thread Tools | |
|
|
