[ryant001]

Ok guys, after a number of tests i came to the conclusion(and i'm pretty confident with this) that the real reason that dex consoles lets us play only with backups that have updates installed is that the eboot in the update patch is encrypted with npdrm.

In summary :

-retail eboot = bad
-retail eboot+npdrm = good

But since we don't have the keys to decrypt 3.60+ eboots we are unable to add the npdrm layer to them, so i had this idea: what would happen if we created a custom eboot that acts as a loader ourselves that can then be encrypted and packaged?

This may be a stupid idea and i have too little coding skills and technical knowledge of the ps3 to know if it could be done or not,so i have to ask this to those people that are better than me: would it be possible to create a custom eboot which only function would be that of loading the retail eboot(renamed to something else eg. GAME.BIN) or other game assets?

[yayodusud]

This is what im after too...
But none does it so??

Should only be a few line of hex code then bintoelf it then fself it..

[ryant001]

Originally Posted by yayodusud This is what im after too... But none does it so?? Should only be a few line of hex code then bintoelf it then fself it..

Yeah, it shouldn't take more than a couple of lines of code to make it work.
So, does anybody know how to do it?

[SonyH@K&R]

I guess its not possible because original eboot that you name GAME.BIN is still encrypted and those keys are in higher ofw. They will only work if you find an exploit in eboot like e3 team, use debug updates, or crack the encryption of higher OFW

[yayodusud]

Originally Posted by SonyH@K&R I guess its not possible because original eboot that you name GAME.BIN is still encrypted and those keys are in higher ofw. They will only work if you find an exploit in eboot like e3 team, use debug updates, or crack the encryption of higher OFW

Of course i was speaking to run it on a DEX firmware for exemple 4.11...

[ryant001]

Originally Posted by yayodusud Of course i was speaking to run it on a DEX firmware for exemple 4.11...

Exactly, the whole idea is to make a fake update patch that contains a custom eboot(fselfed or whatever works) whose function is to load the retail eboot while on fw 4.11+.

Here's the whole process:

Start game on bd-emu hdd(retail eboot) ---> Console looks for update data(custom eboot) ---> Custom eboot loads retail eboot(second copy renamed GAME.BIN)

I don't know if this idea will work but since i don't know how to write a custom eboot i'm unable to even test it so i have to ask for help from someone more knowledgeable in order to create one.

[Pingoo]

Is EBOOT.BIN documented in the wiki? It has a really detailed documentation of PARAM.SFO, but I couldn't find info on EBOOT.BIN.

[ryant001]

Originally Posted by Pingoo Is EBOOT.BIN documented in the wiki? It has a really detailed documentation of PARAM.SFO, but I couldn't find info on EBOOT.BIN.

I looked for it too but i didn't find anything about the functions it uses to load other files.
I only found the basic structure of self files.

[Hells Guardian]

I'll tell you right now even if you use a modified eboot.bin as a bootloader it won't work. the reason the eboot file is unable to load is because of the encryption. unless you can crack it there is no way it can load on the console. though playing from disc works because it's a "master disc" and the console will load these freely get a hold of some blank copies of true blues backup discs and I bet you can use backups on them. Either way Point is no it wont work. though if you can find a copy of the game and get a ram dumper running on the system to dump ram right after the console loads eboot.bin you should be able to dump a decrypted copy of the eboot from memory and use it to play your games. though this is not something I have actually done though if the console is loading the file it is being decrypted and loaded into memory when run so like I said should be doable.

[ryant001]

Originally Posted by Hells Guardian I'll tell you right now even if you use a modified eboot.bin as a bootloader it won't work. the reason the eboot file is unable to load is because of the encryption. unless you can crack it there is no way it can load on the console. though playing from disc works because it's a "master disc" and the console will load these freely get a hold of some blank copies of true blues backup discs and I bet you can use backups on them. Either way Point is no it wont work. though if you can find a copy of the game and get a ram dumper running on the system to dump ram right after the console loads eboot.bin you should be able to dump a decrypted copy of the eboot from memory and use it to play your games. though this is not something I have actually done though if the console is loading the file it is being decrypted and loaded into memory when run so like I said should be doable.

Did you test it yourself?
Because if you didn't your "won't work" theory is just as good as my "could work" one and i prefer to try things out before crossing them out as no good.
Retail updates are just retail eboots with npdrm added to them and the console loads them without any problem so i think your point about encryption doesn't work in this case.
The point here is to create a situation where the console gets tricked into loading a retail eboot using some sort of system loophole similar to what is happening with 3.60+ backups with updates installed.
What's more, if you rename an eboot to something else the console will stop treating it as an eboot and will see it as a game asset and this could lead to various scenarios but unless i run some tests i won't be able to find out if this could work.