[JonahUK]

Hey All,

Can any of the more knowledgable people answer a query for me?

Regarding the SELF format and how each section relates to each other.

From the wiki:

It is the format used by the executables on the PS3 It has a specific header here called SCE header where it stores all the parameters for this process

SCE Header

It consist on information regarding the structure and offsets of the self. The first part is in plaintext until you reach Metadata Info.

Metadata Info

Metadata Info is itself under AES 256 CBC. This part contains KEY + IV to further decrypt the header using AES 128 CTR.

Metadata

The metadata header, Metadata Section Headers, Section Hash, Capabilities and Signature are under this AES 128 CTR layer and is decrypted with the key above.

Metadata Header

Metadata header contains the info required to authenticate the header and the structure of the metadata. The signature is ECDSA of the SHA1 hash of the self file starting at 0x0 and ending at 0x0+signatureInputLength

Data Sections

The data sections might be encrypted using AES 128 CTR and/or compressed. HMAC-SHA1 is used to authenticate they have not been modified.

Note: not only ELF/PRX files can be signed with this format, other known files with SCE header are :

revoke (e.g. RL_FOR_PACKAGE.img/RL_FOR_PROGRAM.img and pkg.srvk/prog.srvk)
spp (e.g. default.spp)
package (e.g. .pkg/.spkg_hdr.X)
edat

So, theoretically, if you (somehow ) swapped the metadata info section "key" with a known key, would that lead to the rest of the eboot being decrypted as it uses the key given by the metadata info to decrypt?

As anyone ever looked at this?

You would possibly have to modify the hash as the key has changed so as long as the hash and key match, shouldn't that be theoretically possible?

I could be totally talking out of my arse here but I'm bored and have had a few drinks so I don't care