[deroad]

In this tutorial i'll explain how to use the all the ps3 tools around the network
(i will write better descriptions soon)

To follow this tutorial you will need:

- linux or/and windows*
- fail0verflow's tools
- geohot's tools
- ps3 keys
- psn/force_package_npdrm (for windows users) or sony's make_package_npdrm (for linux users)
- PSP/PS3 PKG Decrypter_Extractor (just for windows users)
- Notepad++ (on windows) or gedit (already installed on linux)
- cygwin and winrar (JUST IF YOU ARE ON Windows)
- NOR dumper (if you want to work with the NOR)
- rms's norunkg (if you want to work with the NOR)
- rms's eEID splitter (if you want to work with the NOR)
- graf_chokolo tools and kernel

EVERYTHING MUST BE ALREADY COMPILED BY YOU OR SOMEONE ELSE (DON'T ASK ME TO DO THAT)

ALL LINKS ARE IN Before You Start


MADE BY DEROAD - Please do not Copy

Tell me if something is not so clear or if i made some grammatical mistake and tell me
if i forget something, i will add it

This tutorial is also posted on NextGenUpdate

- Before You Start -

- Download PS Tools -
Almost all the tools you need are here --> All Activities - git-hacks.com

Download Tools Keys rar
Tools-Keys.rar - Download - ShareMole.Com----online file hosting distribution service.
MEGAUPLOAD
RapidShare
More mirrors: #1667382 - Pastie
Thank's to manster for all other links

Before you start to use these guide you have to place the ps3 keys in the right folder.

- PS3 Keys Folder -

You need to extract all ps3 keys in the following folder:

/home/username/.ps3

change username with the name of your user.
for example:

/home/deroad/.ps3

On Windows the HOME folder is inside the cygwin directory

- Packages -

Packages are like zip or rar files, in this page i'll explain how to decompress and
recompress them.

first thing that you must know is that there are 3 main types of PKGs:

Retail --> Signed by Sony
Debug --> Not Signed
Pseudo-Retail --> Signed but just for Custom Firmware

All the pseudo-retail apps will work just on CFW. If you update from a CFW to OFW and try
to start any homebrew, you will get an error.
Geohot relase a PKG called Test.pkg; this pkg is signed as retail, that's why you are still
able to use in a OFW!


- How to decompress a PKG -

If you have a RETAIL or PSEUDO-RETAIL pkg

On Windows

open PSP/PS3 PKG Decrypter_Extractor drop the pkg inside the new window and click on EXTRACT you will have it extracted.

or

Code:

make a new folder and drop inside it psn_package_npdrm or force_package_npdrm
now copy the folder address (c:\bla\bla\bla\)

Open CMD and digit:

cd 

now press SPACE and PASTE the address, then press ENTER
now digit:

psn_package_npdrm -x package.pkg

or

force_package_npdrm -x package.pkg

change "package" with the name of your pkg.

Linux

Code:

Make a new directory and drop inside it make_package_npdrm and your pkg.
then open your terminal and write:

cd 

press SPACE and drop the folder inside the terminal, then press enter

now digit:

./make_package_npdrm -x 

press SPACE, drop your pkg inside the terminal and press ENTER

If you have a DEBUG pkg


On Windows

Code:

make a new folder and drop inside it psn_package_npdrm or force_package_npdrm
now copy the folder address (c:\bla\bla\bla\)

Open CMD and digit:

cd 

now press SPACE and PASTE the address, then press ENTER
now digit:

psn_package_npdrm -x package.pkg

or

force_package_npdrm -x package.pkg

change "package" with the name of your pkg.

Linux

Make a new directory and drop inside it make_package_npdrm and your pkg. then open your terminal and write: cd press SPACE and drop the folder inside the terminal, then press enter now digit: ./make_package_npdrm -x press SPACE, drop your pkg inside the terminal and press ENTER

- How to Compress a PKG -

you need to make a file called package.conf (make it with gedit or notepad++)

this file will contain these infos:

Code:

Content_ID=ID0002-ABCD12345_00-SAMPLE0000000001
K_Licensee = 00000000000000000000000000000000
DRMType = Free
Content_Type = 
Package_Version = 00.01

now as you can see on Content_Type there's nothing written..
you need to say which type of PKG:

GameExec --> Hdd Game pkg
GameData --> Game Update pkg

you can change DRMType with Free or Paid
the K_Licensee is a random alphanumeric code.. you can use without problems
00000000000000000000000000000000

for example:
i need a game update pkg, so i'll write:

Code:

Content_ID=ID0002-ABCD12345_00-SAMPLE0000000001
K_Licensee = 00000000000000000000000000000000
DRMType = Free
Content_Type = GameData
Package_Version = 00.01

you need to change the ABCD12345 with your BLES or BLUS or with what you want

now we need to put this file inside a new folder.
drop inside the same folder all the files we want in the pkg and OUTSIDE the
psn_package_npdrm or force_package_npdrm (on windows) or sony's make_package_npdrm (if you
are on linux)




On Windows

Open your folder and copy the folder address (c:\bla\bla\bla\) Open CMD and write: cd Press SPACE and PASTE the address, then press ENTER now digit: cd .. and then digit psn_package_npdrm NameOfFolder change "NameOfFolder" with your folder name end press ENTER

On Linux

Open CMD and write: cd Press SPACE and drop your folder (with inside your files), then press ENTER now digit: cd .. and write ./make_package_npdrm NameOfFolder change "NameOfFolder" with your folder name end press ENTER

it will compress a DEBUG pkg


- How to make Game Update pkg -

First thing you have to use Update instead of GameData for one reason: we are going to use
a command that require Update as Content_Type.

so we have something like this for package.conf:

Code:

Content_ID=ID0002-ABCD12345_00-SAMPLE0000000001
K_Licensee = 00000000000000000000000000000000
DRMType = Free
Content_Type = Update
Package_Version = 00.01

save package.conf inside a new folder and drop inside the same folder all the files we want
in the pkg and also the psn_package_npdrm or force_package_npdrm (on windows) or sony's
make_package_npdrm (if you are on linux)



On Windows

Code:

Open your folder and copy the folder address (c:\bla\bla\bla\)
Open CMD and write:

cd

Press SPACE and PASTE the address, then press ENTER
now digit:

psn_package_npdrm --patch-for-discgame 

press ENTER

On Linux

Code:

Open CMD and write:

cd

Press SPACE and drop your folder (with inside your files), then press ENTER
now digit:

./make_package_npdrm --patch-for-discgame 

press ENTER

it will compress a DEBUG game update pkg


- How to make a Pseudo-Retail PKG -

you need a debug PKG (follow the tutorial above)
in the same CMD or Terminal that you used to make a debug PKG do:

On Windows

Code:

copy package_finalize.exe in C:\
Open CMD and go in the same folder where you keep the PKG that you want to sign.
then write: \package_finalize YOUR.PKG
change YOUR with the name of your PKG (you also need to
wait 5 seconds and you will have your PKG signed.

Linux

Code:

copy in the same folder where you keep the PKG that you want to sign.
open Terminal and write: .\package_finalize YOUR.PKG
wait 5 sec and you will have your PKG signed.

- SELFs & BINs & ELFs -

Selfs, Bins and Elfs are a executable files (like exe for windows or xex for Xbox360)
Selfs are a security extension of elfs, they are encrypted.
Bins and Selfs are the same thing, but the BINs have the NPDRM encryption

- How to make an ELF form a SELF -

REMEMBER THAT NOT ALL SELFS ARE DECRYPTABLE!

Open Cygwin (if you are on window) or a terminal on Linux use cd command to browse inside your hdd (remember that with the command cd .. you will return on the previous folder) now once you are in your correct folder with your self inside and coy in that folder unself and readself. open notepad++ or gedit on the terminal write: readself your.self change "your" with the name of your self copy from the terminal or cygwin and paste on your notepad++ or gedit the SELF Header: Example: Code: SELF Header elf #1 offset : 00000000_00000090 header lcn: 00000000_00000880 meta offset: 00000000_000003a0 phdr offset: 00000000_00000040 shdr offser: 00000000_005650f0 file size: 00000000_00b74060 auth id: 10700003_fd000001 vendor id: 01000002 info offset: 00000000_00000070 sinfo offset: 00000000_00000260 version offet: 00000000_00000310 control info: 00000000_00000350 <00000000 00000070 bytes> app version: 3.70.0 SDK type: Retail app type: application save it as self_header.txt (you will need it) now write on the same terminal: unself your.self yournew.elf change "your" with the name of your self and "yournew" with the name that you want for the elf. you will have a new file: an elf

- How to make a SELF from an ELF -

THIS IS JUST FOR NOT NPDRM SELF

if you extracted an ELF from a SELF with the previous method you will have the self_header.txt if you don't extracted your ELF, you will need: app type, version offet , app version, vendor ID, auth ID and sdk type. Open a terminal or cygwin and browse in that folder where you keep youe elf and copy makeself (fail0verflow tool) inside that directory. Open your self_header.txt or keep app type, app version, vendor ID, auth ID and sdk type near you. now write: makeself <app type> <version suffix> <app version> <vendor id> <auth id> <sdk type> your.elf yournew.self example: makeself app 341 3.70.0 01000002 10700003_fd000001 retail my.elf out.self now wait (may take a while, 15 min or more if you are unlucky)

- How to make a Pseudo-Retail NPDRM self from elf -

This is Just for ELF extracted from BIN file

On Windows

Code:

copy make_self (geohot tool) in C:\ 

now open CMD end browse to the folder that has your elf, then write:

make_self your.elf EBOOT.BIN ID0002-ABCD12345_00-SAMPLE0000000001

change "your" with the name of your elf, change ID0002-ABCD12345_00-SAMPLE0000000001 with
the content ID of your PKG (yes the content id of your PKG)

WARNING: NPDRM cares about the output of the file name, so DO NOT rename the new SELF/BIN.

On Linux

Code:

make a new folder, copy make_self (geohot tool) in your elf folder (ELF extracted from BIN
file), open your terminal and write:

cd

then press SPACE and drop that folder inside the terminal and press ENTER
now write:

make_self your.elf EBOOT.BIN ID0002-ABCD12345_00-SAMPLE0000000001

change "your" with the name of your elf, change ID0002-ABCD12345_00-SAMPLE0000000001 with 
the content ID of your PKG (yes the content id of your PKG)

WARNING: NPDRM cares about the output of the file name, so DO NOT rename the new SELF/BIN.

- Extract and Compress PUPs -

PUPs are the sony's update file, it contain the sony firmware update.

- How to Extract PUPs -

open Cygwin or a Terminal and browse to your PUP folder. use cd command to browse inside your hdd (remember that with the command cd .. you will return on the previous folder) now write: ./pupunpack PS3UPDAT.PUP OUTPUTDIR change "PS3UPDAT" if you change the name of the PUP and also change "OUTPUTDIR" with another name if you want (it will make a new dir with that name)

- How to make PUPs -

open Cygwin or a Terminal and browse to your extracted PUP folder. use cd command to browse inside your hdd (remember that with the command cd .. you will return on the previous folder) now write: ./puppack PS3UPDAT.PUP INPUTDIR buildnumber change INPUTDIR with the name of the folder where you keep your modded extracted PUP and change buildnumber with the build number (it can be a random number if you don't know what to write) example: ./puppack PS3UPDAT.PUP 355derocfw 1323

- Systems PKGs -

These pkgs are different from game pkgs. they contain all the firmware update for BluRay
Drive or Bluetooth and also dev_flash and dev_flash3

- How to Extract a System PKG -

YOU CAN'T EXTRACT 3.60+ CORE OS PKG WITH THIS GUIDE!
this is just for core os file from FW<=3.55

open Cygwin or a Terminal and browse to your CoreOS pkg folder. use cd command to browse inside your hdd (remember that with the command cd .. you will return on the previous folder) now write: ./unpkg file.pkg OUTPUTDIR change "file" if you change the name of the PKG and also change OUTPUTDIR with another name if you want (it will make a new dir with that name)

- How to make a System PKG -

open Cygwin or a Terminal and browse to your CoreOS pkg folder. use cd command to browse inside your hdd (remember that with the command cd .. you will return on the previous folder) now write: ./pkg fw INPUTDIR fileout.pkg change "fileout" with the name of the PKG, change INPUTDIR with the name of the dir with all your files and change "fw" with the number of the firmware (355,341,315,etc..). an example: ./pkg 341 dev_flash dev_flash.pkg

- Core OS PKGs -

This pkgs is different from game pkgs. this contain lv2_kernel.self, eurusfw.bin,lv0,
hdd_copy.self,etc.. and on the newer FW (>=3.60) LV0.2; when you install
CORE_OS_FIRMWARE.PKG, you are working on the NAND/NOR

The CoreOS's PKG is stored in PS3UPDAT.PUP/update_files.tar/ and it's called CORE_OS_PACKAGE.pkg

- How to Extract a CORE OS PKG -

just for core os file from FW<=3.55

open Cygwin or a Terminal and browse to your CoreOS pkg folder. use cd command to browse inside your hdd (remember that with the command cd .. you will return on the previous folder) now write: ./cosunpkg file.pkg OUTPUTDIR change "file" if you change the name of the PKG and also change OUTPUTDIR with another name if you want (it will make a new dir with that name)

just for core os file from 3.56 to the latest FW

First thing download this file and save it as extract_coreos.sh (i.e. as a bash script): Linux/OSX: http://pastebin.com/1AkEgW3y (it may work on cygwin, i never tryied.) open a Terminal and change the permission of the script (chmod +x extract_coreos.sh ) now you need to set the correct path if the fail0verflow tools to have this script working. so, open the script and change this line "TOOLS=/home/wargio/.ps3tools" with the path of your tools, example: TOOLS=/home/god/ps3dev/ps3tools the return to the Terminal and browse to your PUP folder put the script inside the same directory of the PS3 firmware update. then launch the script : extract_coreos.sh PS3UPDATE.PUP if you change the name of the pup, just change the word "PS3UPDATE.PUP" with the correct name.

- How to make a CORE OS PKG -

YOU CAN'T USE THIS WITH A 3.56+ COREOS.

open Cygwin or a Terminal and browse to your CoreOS pkg folder. use cd command to browse inside your hdd (remember that with the command cd .. you will return on the previous folder) now write: ./cospkg fileout.pkg INPUTDIR change "fileout" if you change the name of the PKG and also change INPUTDIR with the name of your directory.

- Nor Flash & eEID -

NOR flash is a type of flash that allows random byte access, it's like an hard disk.
The eEID contains your system model data, your target ID, and your PS3 motherboard revision.

here you can have more infos about this --> A look at NOR flash | rms's crypt

- NOR Unpkg –

open Cygwin or a Terminal and browse to your nor-dump folder. once you are inside your nor dump folder, copy rms's norunpkg inside this directory and write: ./norunpkg dump.bin NORDIR change "dump" if you change the name of your dump file and also change NORDIR with another name if you want (it will make a new dir with that name)

it will unpack asecure_loader, cCSD, cISD, cvtrm, eEID, ros0, ros1, trvk_pkg0, trvk_pkg1,
trvk_prg0, trvk_prg1 and metldr

- eEID Splitter -

you will have 6 EID dumps from your eEID

open Cygwin or a Terminal and browse to your nor-dump folder. once you are inside your nor dump folder, copy rms's eEIDsplitter inside this directory and write: ./eEIDsplitter your_eEID change "your_eEID" with the name of your eEID file

- PS3 Linux Driver and Kernel -

Here is the original guide (made by graf_chokolo) Main Page - PS3 Development Wiki

- Booting Linux 2.6 kernel on running PS3 Linux with Kexec -

Kexec-tools are very useful if you want to test a new Linux 2.6 kernel on PS3 without a long boot procedure with petitboot

• Compiling kexec for PS3 Linux
  
  To compile the latest kexec-tools on Debian Squeeze, you have to install autoconf and libc6-dev-ppc64 packages
  
  
  Code:

  git clone git://git.kernel.org/pub/scm/utils/kernel/kexec/kexec-tools.git
  cd kexec-tools
  ./bootstrap
  ./configure
  make

• Kexec on running PS3 Linux
  
  
  Code:

   ./build/sbin/kexec -l /boot/vmlinux-2.6.38-rc4-00155-gb0fd285 --append="root=/dev/ps3dd1 video=720p"
   swapoff -a
   sync
   ./build/sbin/kexec -e

  change vmlinux-2.6.38-rc4-00155-gb0fd285 with the name of your vmlinux

- Downgrade with Linux -

Emulating JIG with Linux

if Product Mode isn't disabled at the end of the procedure you will need a dongle to get out of it!

open a terminal and digit:

1. Generating a challenge
   ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_challenge
   
2. Generating a valid response for a challenge
   You need a dongle ID. Valid range for dongle IDs is 0×0000 – 0xffff. So choose one, doesn’t matter which one, but some are revoked!
   mine was: 0xA3FF
   ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_resp 0xA3FF
   
   Change 0xA3FF with your dongle ID; You will get something like this 0xXX 0xXX … of size 20 bytes.
   
3. Verifying response (Enabling “Product Mode”)
   Now you need to verify the product mode:
   
   ps3dm_usb_dongle_auth /dev/ps3dmproxy verify_resp 0xA3FF
   
   Change 0xA3FF with your dongle ID; if you get the same bytes as in step 2 you enable it.
   
4. Checking if “Product Mode” is enabled
   
   ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07
   
   The returned value shouldn’t be 0xFF. If you get that value, you need to restart from the beginning!
5. Check if CORE_OS_PACKAGE.pkg isn't damaged
   ps3dm_um /dev/ps3dmproxy inspect_pkg 1 0x9 CORE_OS_PACKAGE.pkg
   
   if the response is 0×0000000300000000 you can install it.
   Example:
   

   package lpar address 0x00006c0061000000 size 5344182 /dev/ps3dmproxy: request id 0x661cb453aff4695a /dev/ps3dmproxy: 0×0000000300000000 0×0000000500000000

6. Install CORE_OS_PACKAGE.pkg
   
   ps3dm_um /dev/ps3dmproxy update_pkg 1 0x9 CORE_OS_PACKAGE.pkg
   
   
7. Disabling “Product Mode”
   
   ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xff

done. you downgrade from linux !! :claps:

- PSL1GHT PARAM.SFO -

The param.sfo is a file that include these infos: PARAM.SFO - PARAMETERS - PS3DEVWIKI

with the python app included with PSL1GHT, you are able to build an sfo and revert a PSL1GHT one to an xml file.

Build a PARAM.SFO:

First thing, you need an this xml : http://pastebin.com/raw.php?i=Y8SSw3uX
Save it as what you like with the XML extension (an example: bestapp.xml)
now to generate a sfo, you need to open a Terminal and go (with the shell) in the same folder of sfo.py
then copy the previously xml in the same folder and write inside the terminal this:

python sfo.py -f sfo.xml PARAM.SFO

you can also force the app title or/and App_ID with this flags:

python sfo.py --title "TITLE" --appid "APP_ID" -f sfo.xml PARAM.SFO

(change sfo.xml with the name of your XML file. an example python sfo.py -f bestapp.xml PARAM.SFO

Revert to XML a PSL1GHT PARAM.SFO:

To revert a param.sfo built with psl1ght sdk, you can simply do this:
Open a terminal and go in the same folder of the sfo.py
Copy the SFO into the same folder and write this into the terminal:

python sfo.py -t PARAM.SFO new_sfo.xml

what you will get is a new XML generated from the PARAM.SFO with the name new_sfo.xml .



- FAQ -


I get this error, what i have to do?:

Code:

key_get failed
perror: No such file or directory

You forget to put all PS3 Keys in /home/username/.ps3
change username with your user name.

I'm able to build a custom firmware with this guide?
Sure! you can do it! but right now you can build Custom FW for this FW: from 1.50 to 3.55

I saw 3.56 keys in the .ps3 folder, i'm able to make a CFW for 3.56?
no you can't do that! you need 3.56 private keys to sign all your stuff, but no one has them.

How can i downgrade?
You need an external NOR/NAND programmer

[Pockets69]

Great first post! is this tutorial yours? if not please give credit to the original author.

[deroad]

i wrote it.. if you need the NGU post, i can give it to you

[NCDog]

thats great

but i can´t test it because my brother updated my ps3 to 3.65

[bruiser brody]

Originally Posted by NCDog thats great but i can´t test it because my brother updated my ps3 to 3.65

Hope you gave your brother a good beat down for that

[deroad]

Originally Posted by NCDog thats great but i can´t test it because my brother updated my ps3 to 3.65

you CAN use it even without a ps3.
the only thing that you need is a pc.
(obviously for some things you need a ps3 :D )

i hope that someone will find it really useful

[deroad]

little update! i forgot a thing :D

[tthousand]

Originally Posted by deroad little update! i forgot a thing :D

Hi again. I saw you over at the psx-scene earlier.

Great work. Speaking of updates, how often do you update, and do you mainly just update the NGU post, or are you going to try to keep them all updated?

[deroad]

I'll keep updated this thread in all forums.

[DSwizzy145]

@deroad What if there was a possible way to extract the Core OS package from firmware 3.65? will you then add more info to that part? and does finding the SDK version 3.65 counts to the apps part or not until 3.65 Cfw is possible?