[Asure]

Originally Posted by deeptrap Im also trying your pastie bat to see what will happen. I get the following error . od does not recognised, it think this is a typo and must be do, but it will still not work. Maybe something wrong with the quotes ?

You need to add the tools in from cygwin.
Or, use this pre-packaged set. It does not contain keys or scetool. You need to put scetool and data directory and eboot/self in the same folder.

Code:

http://www.sendspace.com/file/g9syfd

For time-reasons, it would be best to try with a small decrypted eboot.elf, and self/sprx.. as small as possible, then it takes a lot less time. I'm trying with Portal 2 now, but that's still 20 hours..

[deeptrap]

Originally Posted by Asure You need to add the tools in from cygwin. Or, use this pre-packaged set. It does not contain keys or scetool. You need to put scetool and data directory and eboot/self in the same folder. Code: http://www.sendspace.com/file/g9syfd For time-reasons, it would be best to try with a small decrypted eboot.elf, and self/sprx.. as small as possible, then it takes a lot less time. I'm trying with Portal 2 now, but that's still 20 hours..

I know
Tried now on XP machine (also win 7)
Same error



od is not recognized as an internal or external command ...
Hope you can fix it for me i have here lots of cpu power : )

[Asure]

Originally Posted by deeptrap I know Tried now on XP machine (also win 7) Same error od is not recognized as an internal or external command ... Hope you can fix it for me i have here lots of cpu power : )

Well, od.exe is in the zipfile. So you're doing something wrong.

You need to put the content from the zipfile in the same folder as SCEtool, eboot.elf and somefile.sprx. Edit the bat file as needed if you want to try with another elf/sprx combination. Run from a dos-window. This is not some easy tool to use by double-clicking

[longhornx]

Originally Posted by Asure Well, i left it running overnight, and OD.exe crashed after ~19000 tries. I started calculating how long things will take. Currently my pc does ~10 key/sec from eboot.elf, and there's ~700000KBytes in the file. I'm shifting one byte at a time, so that's roughly 20 hours we're looking at to try all the possible options. (It can do ~600keys / minute. For a 700KB file, shifting one byte at a time, that's 700.000/600=roughly 20 hours) There must be better ways. Perhaps once we get a few decrypted samples. I'm testing with a SPRX and ELF (portal2) now, since the eboot.elf is only ~700kb. You can do the math for the 33MB elf/self combination for Rage if you want

its what I'm aspecting..., certely the klicense is located under a sce header, or some reference hex, with 4self's with possible to have sure if is location is fixed

[deeptrap]

Originally Posted by Asure Well, od.exe is in the zipfile. So you're doing something wrong. You need to put the content from the zipfile in the same folder as SCEtool, eboot.elf and somefile.sprx. Edit the bat file as needed if you want to try with another elf/sprx combination. Run from a dos-window. This is not some easy tool to use by double-clicking

Got it working

not the good user rights on the od.exe .

The eboot.elf file which one doe i have to use to compare

decryption of this one :

scetool.exe --decrypt ..\EBOOT.BIN ..\workdir\DECRYPTED.ELF

or

this one second part of decryption from the eboot

scetool.exe --decrypt ..\workdir\MODDED_EBOOT.BIN ..\workdir\FIXED.ELF

(source from _d_S_ : update decryption npdrm bat)

btw here 180 keys / sec 1 min . almost 11000 keys a minute

[Asure]

Originally Posted by deeptrap Got it working not the good user rights on the od.exe . The eboot.elf file which one doe i have to use to compare decryption of this one : scetool.exe --decrypt ..\EBOOT.BIN ..\workdir\DECRYPTED.ELF or this one second part of decryption from the eboot scetool.exe --decrypt ..\workdir\MODDED_EBOOT.BIN ..\workdir\FIXED.ELF (source from _d_S_ : update decryption npdrm bat) btw here 180 keys / sec 1 min . almost 11000 keys a minute

You can use both fixed.elf, or decrypted.elf.
You must use a sprx/self which is related to the fixed.elf or decrypted.elf.
See the included batch file for an example (portal 2).

[deeptrap]

Im trying the npdrm update from mw3 1.01 update to decrypt EP0002-BLES01433_00-MW3P000000000010-A0102-V0100-PE.

the update contains eboot.bin and default.self and default_mp.self..

im now trying to decrypt default.self with this bruteforce methode.

eboot.bin is 76 Kb default.self = 7 MB

btw i m only do 2000 keys / min . little calculation error...

im now at offset 68000..
************* [ - Post Merged - ] *************
btw im seeing a lot of 0000 something other mubers but the most are 000

Working with offset: 69527
Trying 00000000000000000000000000000000
Working with offset: 69528
Trying 00000000000000000000000000000000
Working with offset: 69529
Trying 00000000000000000000000000000000
Working with offset: 69530
Trying 00000000000000000000000000000000
Working with offset: 69531
************* [ - Post Merged - ] *************
Working with offset: 71495
od: cannot skip past end of combined input

[JonahUK]

@Asure ,

Don't you get the k_license from the pkg rather than the elf or any other files within the pkg?

The k_license is only used when building a pkg (entered in package.conf) and (afaik), its the only time the k_license is introduced so I don't think it will be in the files but rather the package itself.

I may be wrong but its worth looking at.

[Asure]

Originally Posted by deeptrap Im trying the npdrm update from mw3 1.01 update to decrypt EP0002-BLES01433_00-MW3P000000000010-A0102-V0100-PE. the update contains eboot.bin and default.self and default_mp.self..

This update is 3.7x and you cannot decrypt eboot.bin, so that's no use..

...
Just grabbed BLUS30838 and this is also 3.72 now.. i could swear it was 3.60 a day ago?!?

[DEFAULTDNB]

Originally Posted by Asure Just grabbed BLUS30838 and this is also 3.72 now.. i could swear it was 3.60 a day ago?!?

Strange!? wtf!?