WIP: MFW – First PS3 ModFirmWare

Well the first glimpse of a custom firmware is here and about to be released
quoting:
German developer Dark Monkey claims to have programmed the very first PS3 ModFirmWare!
He is calling his release MFW, and will be releasing all details and packages in a few days time!
In the meantime, he has posted the above video showing his BETA version running on a PS3 Console!

Quote: RELEASE: ! Soon ! Changelog: rev b0.01 -started project -Homebrewchannel rev b0.02 -bugfixes -Downloadbutton “BackUp manager” rev b0.03 -/app_Host/PS3_Game Icon -> Ps1-disc icon Our thanks to Zerrox for giving us a quick german translation on Dark

Monkey’s recent post:

Originally Posted by Zerrox View Post Actually, I can speak german very well. Here’s my personal translation: ” If I understood the whole structure of a payload, I would be able to integrate it into a payload. No, of course for normal users there’s just the possibility to load the ModFW through a USB-Dongle/Loader, but for users with access to the hypervisory it is indeed possible to load it through the flash of the PS3 (so probably no one of you can do something with the second method)."

here is a video of it in action

Source: http://psx-scene.com/forums/f6/wip-m…irmware-70969/

Follow Button......................

Hi 2 all, Thanks for reading my blog but so i can keep track it would be nice if you could hit the follow button on the middle left of the page ......................

Thanks again for your support 
                   

SynaPS3 - PS3 Compatibility, Backup and Homebrew Library

After being delayed for several days pending some bugs and features, we're proud to release SynaPS3 - PS3 compatibility, backup and homebrew library with all but 1 intended release feature!

Download: SynaPS3 / SynaPS3 GIT

SynaPS3 is a simple library for people using the Sony PS3 Cell SDK, primarily made for making applications universally compatible with payloads, to help extend and improve existing functions for homebrew, and to add new functions.

Documentation for SynaPS3 is on github. Some of the most notable features of SynaPS3 included syscall36 compatibility on ALL PL3 payloads, and syscall35 compatibility on Hermes v3 and Hermes v4 payloads. To integrate these compatibility fixes it's as simple as opening the source of an existing program, removing the syscall35/syscall36 functions, and including SynaPS3!

SynaPS3 also has functions to help save you time while coding, such as ReadFirmwareVersion, IsBlurayGame, Firmware342Fix, and more.

SynaPS3 is nowhere near where we want it to be yet. This is only the beginning. SynaPS3 aims to become a full library, with PS3 dialogs and full PNG output.

A decent chunk of our code was inspired by Open Manager and we'd like to thank all the coders who worked on it.

SynaPS3 is released under this license, with the following additions:

While you are free to use SynaPS3 in your programs, please DO NOT modify the library itself in any way. This includes synaps3.h.

Also, please DO NOT copy synaps3 code outside of the file itself, use the original distributed file from github in your programs.

Essentially, if there is something critically wrong with SynaPS3, don't use it or revert to an earlier version, do not attempt to fix it yourself unless you plan on submitting it directly to us.

If you have a bug or see problems with SynaPS3, notify us immediately or push your fix to our github! We'll add it ASAP if it works. DO NOT use your fix in your program releases until it is on github. You will receive credit for your fix.

The one feature we feel we could have included in this initial SynaPS3 release was GetPayloadCaps(), designed to return payload capabilities. While the functions included in SynaPS3 do check before running functions that may not be supported, GetPayloadCaps() was designed for use in homebrew. We plan to include this in our next update.

You can find SynaPS3 here. We will try and ALWAYS have only stable commits that work up on github. If you find one that isn't stable or something not working, notify us!

Enjoy, and let us know what you think!

- n4ru, methionine_
 
 DOWNLOAD & SOURCE

Open Manager v2.1 Rev I-2 released

 


The guys over at elotrolado.net have released an updated version of their great Open Manager.




Here’s what’s new in version I-2:

- Now clears the list of games played at start the application.
- Remote-Play activated: OM can now run from a PC / PSP remote.
- Added new parameters to indicate order to draw the layers (Fund Cover, lock, etc …), Change text on / off home / homebrew, and show if the disk is selected game internal / external / BR as its parameters to change its location.


Download links:
>>> Download VIA PS3Hax HERE. <<<<
OM 2.1I-2 OMAN46756 ML Spanish/English (PKG)
http://www.multiupload.com/LOSH095TTM
OM 2.1I-2 OMAN01234 ML Spanish/English (PKG)
http://www.multiupload.com/QROJ9IX00I
OM 2.1I-2 SOURCE ML (Source-Code)
http://www.multiupload.com/H04VXVC286
Stealth versions:
OM 2.1I-2 NPWR01247 by doggie721 (C.O.D – B.O.)
http://www.megaupload.com/?d=VZ54HK1J
OM 2.1I-2 NPEB90274 by Telcontar (FIFA 11 Demo) (not recommended, doesn’t show game titles)
http://hotfile.com/dl/81965480/d5169…23333.rar.html
Source: http://www.elotrolado.net/hilo_open-…xterno_1504137

Payloads, Payloads, Payloads – PSN Access & 3.50 Firmware Spoofing

 

All these now include PSN access and firmware 3.50 spoofing, which allows you to run some games that ask for 3.42 or later. Not sure about games that are compiled against the latest Sony 3.50 SDK though. Some of these payloads are Hermes, PL3 or a combination of both.
Props to everyone who made PSN + 3.50 firmware spoofing possible: xoeo, evilsperm, CyberSkunk… The folks who’ve compiled all these various builds: fl0PPsy, ricardopvz, Blake_Zero, this site here… No doubt I’ve missed a few. Anyway, props to you all!

SOURCE & DOWNLOAD

New PSN Terms of Service - Bans Coming Soon?

 

It seems there's a new Terms of Service popping up for European users on PSN, according to PSX-Scene. Many are interpreting this as a sign Sony will crack down on the many jailbreakers who are now going on PSN. However, there are no reports yet of any bans, but its good to exercise caution.

There will be PSN maintenance occurring between 16:05 and 23:00 on Thursday 18th November 2010. During this time, PlayStation Store (via PC and PS3) will be unavailable together with Account Management and Registration services. Users already signed in should not be affected and those that have signed in previously may still be able to do so on their PlayStation 3.

We apologize for any inconvenience this outage may cause.

The key part to the TOS is most likely the following:

# You must not use any unauthorised hardware or software to access or use Sony Online Services or make, or distribute unauthorised software or hardware via, or in connection with, Sony Online Services (including but not limited to cheat code software or devices that circumvent any security features or limitations included on any software or devices).
# You must not modify or attempt to modify the online client, disc, save file, server, client-server communication, or other part of any Service or cause disruption to any account, system, hardware, software, or network connected to Sony Online Services for any reason, including to gain an unfair advantage in any Service.
# You must not bypass or attempt to bypass any user authentication systems or security feature or attempt to hack or reverse engineer any code or equipment in connection with Sony Online Services (unless permitted by applicable law).

The new TOS is located in its entirety at http://legaldoc.dl.playstation.net/p..._tosua_en.html

FreeBOOT Toolbox 0.04 Maker v2.6 UPDATE

 

Besides the new fbBuild 0.11 patches this new version added swedish language and allows to use “freeboot_alt.bin” for 360 users without DVD-player. Since the last version (v2.5) there’s of course still the debug option that will show you all ibuild or fbuild error messages.
What’s new :
- Add FbBuild V0.11 support
- Add Swedish language
- Add option to use freeboot_alt.bin for xbox without drive.
To create a new “freeBOOT” v0.04 image the program can take in a freeBOOT v0.032, XBR or original dump for 16Mb NANDs, for 256/512 you will need an original NAND dump.
http://www.bestpig.fr

fbBuild v0.11

 
What’s New:
- critical bug fix relating to some 16M jaspers (fixjaspa)
- minor updates and fixes
Current Limitations:
- security files besides KV must be provided in encrypted form
- STAY THE HELL OFF LIVE! Nuff said, we’re not you’re mum.
Changes:
0.11
- add “jasper16a” LBA method as default for jasper
- add SMC check for encrypted and known hack SMC
- search for valid smc_config hash instead of hard coded offsets, support filename “config.bin”
- refine KV encryption check- disable extended DVD auth for OSIG keyvaults (aka: AP25)
- random non-critical changes
xbin.org

Dash Launch v2.07

 

What’s new/fixed:
* update to fbbuild 0.11 patches
* fixed bug with fatal freeze options
* changed installer to use zeropair CB version to determine patch set
* added new options dvdexitdash and xblaexitdash
* added regionspoof, dvdexitdash and xblaexitdash to ini updater
* added instructions to this readme regarding boot time buttons and diagnosing non-ASCII ini files
xbins.org

PSIDPatch 1.0 Released - Changes Your PS ID

stoker25 of PSX-Scene has released a nice PS3 app that will help users avoid being banned from PSN. It's called PSIDPatch 1.0, and its capable of changing a user's PSID/Console ID. The PSID/Console ID is one of the unique identifiers that Sony can use to ban you by. Changing your PSID to a fake one would protect your console from being permanently banned. However, reports are coming in that using a made up Console ID does not allow you on PSN. This probably means you'd need to swap your ID with another legitimate one.

Download PSIDPatch 1.0: psidpatch10.zip




 Saw Mathiuelh talking about swapping PSIDs on his twitter, as soon as I saw him talking about extracting one from an LV2 dump I knew it would be possible to patch

PSID is your playstation's unique identifier to Sony, this program will patch the loaded PSID in memory to one of your choice. This won't permanently patch your PSID, but should let you fool PSN. Best way to try this is for somebody with a banned PS3 to try changing it and going online.

Made and tested on a 3.41 PS3... if your using a different version and patching doesn't work properly please contact me and we'll work out a fix

Features
Shows you current PSID
Patch PSID from dev_usb/psid.txt
Choose USB to load from
(should add) save PSID to dev_usb/orig_psid.txt

Download
1.0 (PKG and source)

This uses the peek and poke syscalls in order to patch your PSID. Please make sure your using a payload which uses them (PL3 dev for example)

Usage
Create a text file called psid.txt on root of your USB
Put 32 hex characters inside (e.g. 1234567890ABCDEFFEDCBA0987654321)
Install package
Run PSIDPatch
Select USB with Up/Down
Press X to patch.

Technical Stuff
PSID starts at 0x800000000044A18C in memory (3.41), it is 16 bytes long.

Thanks
Mathieulh/RichDevX - bragging about PSID stuff on twitter, if it was a private convo I never would of started this
user - Fixing CFWLoad code so no SCE confidential stuff is included, thanks man

Edit:
While I haven't personally tested this online, facanferff has said that changing their PSID to a random one and going on PSN with a banned console doesn't work. I'm assuming that PSN operates in a whitelist way, only allowing PS3s with PSIDs inside the Authorised database online or something. They could even use other parts of the PS3 for identification, such as BD-ROM serial or MAC address.

SOURCE

New Updates from C4Eva: LT+ WIP, Slim Checks, AP2.5 Info, OSIG Spoof Checks

Some new #FW@EFnet IRC-transcripts from the last 2 days with some updates on the iXtreme LT+ progress and AP2.5 findings:

[2010-11-13 Updates]
[*****] is it possible to spoof our current drives to appear as samsung drives and bypass ap25
[c4eva] *****:osig is checked as part of ap25
[********] I spoofed 4 o 5 Slims to diferent drives, and only 2 times it don’t works with Kinect (Play DVD) However, other slims read all (unless Fable 3 xD)
[c4eva] ********:new dash at some point checks slim drive fw, once it has spoof will cease to work
[*****] c4eva will LT+ firmware be available to hitachi v79 drives?
[c4eva] *****:maybe
[******] C4eva have u tested AC brotherhood?
[c4eva] yes, i have ac:b, all is good!
[c4eva] lt+ testing begins this weekend, not long now!
[******] unless u have a hitatchi drive or a sammy, but sammys seem to be hit and miss, works for some and not for others
[c4eva] ******:ap25 is checking osig
[******] +c4eva – what is osig?
[c4eva] original drive signature for motherboard
[c4eva] osig is interesting, they took out kernel check due to rrod repairs, now ap25 had to have it,otherwise everyone would be a sammy, now rrod repairs may not boot if osig wasnt updated!
[c4eva] its gone past just live, they want no backups booting period!
[*******] I read somewhere that this ap 2.5 can be different for each game … so every new game might not work the same way as the previous one and may need a new fw update?
[c4eva] fw will be fine!
[******] it’ll work for any AP2.5 challenge he said
[*****] c4eva fable3 and asasin have same ap25 checks ?
[c4eva] ap25 checks are game specific
[*********] c4eva do u know why samsung does not have ap2.5 ]
[c4eva] because it doesnt have the code for it :)
[******] c4eva, AP2.5 – thats a name you came up with or does it show in the dash binary somehow ?
[******] that’s what the specification is actually called, ******
[*********] c4eva, i suppose we will need new software/hardware aswell, to dump the new sectors and inject them in iso ?
[******] ******, specification that came from MS to game developers ?
[*****] New 0800 and xbc would be liky
[*****] Likely
[c4eva] yes
[****] c4eva, so if ap2.5 is game specific. Could ms implement new checks with an update and render the new drive FW useless again ?
[c4eva] ****:fw will be fine
[*******] c4eva original slim now can be updated to new firmware and after that it can be LT+ flashed with no problem?
[*********] how do you dump and test ap25 games for now? is it a secre? :)
[c4eva] *******:yes
[c4eva] *********:yes
[*********] [+c4eva] thanks for all your hard work man, we love you. Maybe consider putting out a non-LIVE version of the FW for those that dont care about LIVE. It would have to be easier on ou.
[*****] C4s always been committed to stealth
[*****] And im
[*****] Sure he is busy enough
[c4eva] ap25, live or no live, doesnt matter
[*********] my fable 3 doesnt show AP25 in ABGX???
[******] *********: Fable III doesn’t have that flag
[c4eva] with new dash xex flag is irrelevant!
[******] yeah, so that becomes an unreliable method to determine

[2010-11-14 Updates]
[c4eva] testing code, so far so good!
[******] is black ops as safe as any other game before the dash update?
[c4eva] ******:yes
[***] for slim what kind of real time checks are we talking about?
[c4eva] ***:realtime fw check,realtime ram check!
[c4eva] they are checking for our code/data in drive!
[*********] c4 can we expect lt+ this side of christmas?
[c4eva] *********:yes

fbBuild 0.1

fbBuild 0.1
===========




Introduction:
=============
Sad to hear the rumor of ikari stepping down, and even sadder to hear
of the profiteers taking advantage of this... we bring you a tribute
to ikari. If you paid for this, get a refund!

fbBuild is a NAND image builder made to suit freeBoot style images,
the included patches and freboot.bin core are based on the original
works done by ikari.

It is suitable to build rebooter images for all current JTAG exploit
compatible xbox 360's. As with ibuild produced images, this version
only requires a single flash 16MiB in size or larger.

What's New:
===========
- based on targeting kernel 2.0.12611.0
- patches from freeBoot kernel/hv are ported to 12611
- supports both flash tool and ibuild extracted kv/smc_config
- supports injecting Mobile*.dat
- previously revoked usb devices should now work
- kinect works (apply system update for avatars and kinect)
it is strongly recommended that r6t3 be removed
- entirely new image builder (no extraction)
- rebuilt/cleaned core can now boot xell on slot to eject dvd drives
(see bin directory for alternate)
- exploit payload simplified

Current Limitations:
====================
- security files besides KV must be provided in encrypted form
- STAY THE HELL OFF LIVE! Nuff said, we're not you're mum.

How To Use:
===========
- See individual folders for lists of files to provide
- if desired provide replacement cpu and 1bl keys in text files
- open a command window in the fbBuild directory
- on the command line type, for example:

example - if you provided keys in appropriate text files

fbbuild.exe -c falcon -d myfalcon myfalconout.bin

-c falcon = use falcon bl and patch set
-d myfalcon = a folder is present called "myfalcon" with per machine
files
myfalconout.bin = the file that will be produced

- type fbbuild.exe -? for command line info

Note:
=====
- for those of you using donor data, the security files shouldn't pose a
problem but make sure the CPU key you use is from the machine that donated
the kv instead of the target machine you are building the image for.

Credits:
========
Without ikari this would not have been possible, thanks!
__ ____ ___ ___ _____
/ _|_ __ ___ ___| __ ) / _ \ / _ \_ _|
| |_| '__/ _ \/ _ \ _ \| | | | | | || |
| _| | | __/ __/ |_) | |_| | |_| || |
|_| |_| \___|\___|____/ \___/ \___/ |_|
[v0.04 - inspired by ikari]
R.I.P.

Thanks and greetz to everyone who has contributed to hacking this
wonderful machine. Thanks to the engineers and countless others who made
the machine what it is... we only wish they had listened and RROD was
not a problem.

Big thanks to the folks at #freeboot on efnet for the tireless
hours of help you all give freely. Big thanks to the testers who made
sure stuff worked.

Don't believe what random people *cough* write on forums ..

-----
2010/11/10
-----
DOWNLOAD IS AT THE BOTTOM RIGHT OF THE PAGE UNDER XBIN.ORG

PS3 Firmware 3.50 Decrypted, Free Public PS3 Downgrader WIP

Just a few days back we saw a video of PS Downgrade software by the PSJailBreak Team in action, and today graf_chokolo has posted on xorloser's blog (linked above) that he has decrypted PS3 Firmware 3.50 and while it's still a WIP it could very well lead to a free public PlayStation 3 downgrader alternative.

To quote: I am able now to decrypt and decompress CORE_OS_PACKAGE.pkg from PS3 PUP-Files. The decrypted and decompressed package is a copy of FLASH region where all the important SELFs and isolated SPUs stored, e.g. lv1.self or isoldr.

So, now i could downgrade PS3 by writing this decrypted image to FLASH manually, without Update Manager from HV. In fact, Update Manager just do this But the problem is, that the SHA-1 hash values for these files are stored not in flash but in SC EEPROM and i don’t have access to it yet

Here is a snippet from CORE_OS_PACKAGE.pkg 3.15:

Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F

00000000 00 00 00 01 00 00 00 17 00 00 00 00 00 6F FF E0 ………….oÿà
00000010 00 00 00 00 00 00 04 60 00 00 00 00 00 04 00 00 …….`……..
00000020 63 72 65 73 65 72 76 65 64 5F 30 00 00 00 00 00 creserved_0…..
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00000040 00 00 00 00 00 04 04 60 00 00 00 00 00 00 00 08 …….`……..
00000050 73 64 6B 5F 76 65 72 73 69 6F 6E 00 00 00 00 00 sdk_version…..
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00000070 00 00 00 00 00 04 04 80 00 00 00 00 00 01 E5 CC …….€……åÌ
00000080 6C 76 31 6C 64 72 00 00 00 00 00 00 00 00 00 00 lv1ldr……….
00000090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
000000A0 00 00 00 00 00 05 EA 80 00 00 00 00 00 01 6D A0 ……ꀅ…m
000000B0 6C 76 32 6C 64 72 00 00 00 00 00 00 00 00 00 00 lv2ldr……….
000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
000000D0 00 00 00 00 00 07 58 80 00 00 00 00 00 01 2E 44 ……X€…….D
000000E0 69 73 6F 6C 64 72 00 00 00 00 00 00 00 00 00 00 isoldr……….
000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00000100 00 00 00 00 00 08 87 00 00 00 00 00 00 01 DA E4 ……‡…….Úä
00000110 61 70 70 6C 64 72 00 00 00 00 00 00 00 00 00 00 appldr……….
00000120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00000130 00 00 00 00 00 0A 61 E4 00 00 00 00 00 00 FA CC ……aä……úÌ
00000140 73 70 75 5F 70 6B 67 5F 72 76 6B 5F 76 65 72 69 spu_pkg_rvk_veri
00000150 66 69 65 72 2E 73 65 6C 66 00 00 00 00 00 00 00 fier.self…….
00000160 00 00 00 00 00 0B 5C B0 00 00 00 00 00 00 5C 94 ……°……”
00000170 73 70 75 5F 74 6F 6B 65 6E 5F 70 72 6F 63 65 73 spu_token_proces
00000180 73 6F 72 2E 73 65 6C 66 00 00 00 00 00 00 00 00 sor.self……..
00000190 00 00 00 00 00 0B B9 44 00 00 00 00 00 00 65 D0 ……¹D……eÐ
000001A0 73 70 75 5F 75 74 6F 6B 65 6E 5F 70 72 6F 63 65 spu_utoken_proce
000001B0 73 73 6F 72 2E 73 65 6C 66 00 00 00 00 00 00 00 ssor.self…….
000001C0 00 00 00 00 00 0C 1F 14 00 00 00 00 00 01 53 2C …………..S,
000001D0 73 63 5F 69 73 6F 2E 73 65 6C 66 00 00 00 00 00 sc_iso.self…..
000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
000001F0 00 00 00 00 00 0D 72 40 00 00 00 00 00 00 44 98 ……r@……D˜
00000200 61 69 6D 5F 73 70 75 5F 6D 6F 64 75 6C 65 2E 73 aim_spu_module.s
00000210 65 6C 66 00 00 00 00 00 00 00 00 00 00 00 00 00 elf………….
00000220 00 00 00 00 00 0D B6 D8 00 00 00 00 00 00 D7 F0 ……¶Ø……×ð
00000230 73 70 70 5F 76 65 72 69 66 69 65 72 2E 73 65 6C spp_verifier.sel
00000240 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f……………
00000250 00 00 00 00 00 0E 8E C8 00 00 00 00 00 00 80 8C ……ŽÈ……€Œ
00000260 6D 63 5F 69 73 6F 5F 73 70 75 5F 6D 6F 64 75 6C mc_iso_spu_modul
00000270 65 2E 73 65 6C 66 00 00 00 00 00 00 00 00 00 00 e.self……….
00000280 00 00 00 00 00 0F 0F 54 00 00 00 00 00 00 88 B8 …….T……ˆ¸
00000290 6D 65 5F 69 73 6F 5F 73 70 75 5F 6D 6F 64 75 6C me_iso_spu_modul
000002A0 65 2E 73 65 6C 66 00 00 00 00 00 00 00 00 00 00 e.self……….
000002B0 00 00 00 00 00 0F 98 0C 00 00 00 00 00 00 C0 78 ……˜…….Àx
000002C0 73 76 5F 69 73 6F 5F 73 70 75 5F 6D 6F 64 75 6C sv_iso_spu_modul
000002D0 65 2E 73 65 6C 66 00 00 00 00 00 00 00 00 00 00 e.self……….
000002E0 00 00 00 00 00 10 58 84 00 00 00 00 00 00 5D B0 ……X„……]°
000002F0 73 62 5F 69 73 6F 5F 73 70 75 5F 6D 6F 64 75 6C sb_iso_spu_modul
00000300 65 2E 73 65 6C 66 00 00 00 00 00 00 00 00 00 00 e.self……….
00000310 00 00 00 00 00 10 B6 34 00 00 00 00 00 00 22 A0 ……¶4……”
00000320 64 65 66 61 75 6C 74 2E 73 70 70 00 00 00 00 00 default.spp…..
00000330 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00000340 00 00 00 00 00 10 D9 00 00 00 00 00 00 12 B1 70 ……Ù…….±p
00000350 6C 76 31 2E 73 65 6C 66 00 00 00 00 00 00 00 00 lv1.self……..
00000360 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00000370 00 00 00 00 00 23 8A 80 00 00 00 00 00 03 E8 28 …..#Š€……è(
00000380 6C 76 30 00 00 00 00 00 00 00 00 00 00 00 00 00 lv0………….
00000390 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
000003A0 00 00 00 00 00 27 72 A8 00 00 00 00 00 16 EE B8 …..’r¨……î¸
000003B0 6C 76 32 5F 6B 65 72 6E 65 6C 2E 73 65 6C 66 00 lv2_kernel.self.
000003C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
000003D0 00 00 00 00 00 3E 61 60 00 00 00 00 00 07 0F 94 …..>a`…….”
000003E0 65 75 72 75 73 5F 66 77 2E 62 69 6E 00 00 00 00 eurus_fw.bin….
000003F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00000400 00 00 00 00 00 45 70 F4 00 00 00 00 00 07 FC 48 …..Epô……üH
00000410 65 6D 65 72 5F 69 6E 69 74 2E 73 65 6C 66 00 00 emer_init.self..
00000420 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….
00000430 00 00 00 00 00 4D 6D 3C 00 00 00 00 00 06 16 00 …..Mm……..
00000440 68 64 64 5F 63 6F 70 79 2E 73 65 6C 66 00 00 00 hdd_copy.self…
00000450 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….

00263264 33 31 35 2E 30 30 30 0A 00 00 00 00 00 00 00 00 315.000………
00263280 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …………….

I have already decrypted Core OS Packages from 3.15, 3.41 and 3.50 PUP-Files. Also decrypted Revoke List for Packages and Programs which can be also found in PUP-Files. And also SYSCON firmware was decrypted by me.

Sony uses zlib to compress Core OS Packages. But not all packages are compressed, e.g. SYSCON firmwares are not compressed, just crypted. Packages are first compressed and then decrypted. So first they have to be decrypted and then decompressed with zlib on Linux e.g.

I have also decrypted profile file DEFAULT.SPP. There are stored e.g. System manager configuration and other things like ACLs.

Today decrypted Core OS Package 2.80, BlueRay Drive Firmware, Bluetooth Firmware and System Controller Firmware.

Bluetooth/WLAN is a Marvell chip.

Some interesting strings from Bluetooth Firmware 3.41:

Marvell Firmware SDK Version 2.3.0

Eurus_Primary_Phy Marvell_AP

DoSharedKeySeq1

mlmeAuthDoSharedKeySeq3

There is a new isolated SPU module in Firmware 3.50 which is not contained in older firmwares.

manu_info_spu_module.self (it stands for “manufacture information”)

Just decrypted 1.80 debug firmware.
Contents of DEFAULT.SPP file are a little bit different.

In DEFAULT.SPP are stored different configuratons which are e.g. read by system manager during boot, e.g. LPAR parameters for LINUX, GameOS, PS2 Emulation. This file is managed by SPL (Secure Profile Loader).

CORE_OS_PACKAGE.pkg from 3.42 Firmware is now also decrypted :-)
And 1.10, the first firmware, also :-)

Here is a small snippet: http://pastie.org/1297704

Here is a snippet from 1.10: http://pastie.org/1297722

Here is a snippet from 3.50: http://pastie.org/1297727

Here is a snippet of BD Firmware 301R from Firmware 3.50: http://pastie.org/1297732

Stay tuned for more PS3 Hacks news. Also be sure to drop by the PS3 Hacks Forum for updates!

Updating XeLL to XeLLous (TuT By DARKFIB3R)

 This is a great TuT from a friends web-blog, Thanks DARKFIB3R

Download Flash360 from Xbins
Download XeLLous from Xbins

Extract contents of Flash360.zip to a folder

Copy that folder to the root of your Xbox 360 HDD

Extract xell-2f.bin from XeLLous.zip and rename it to updslot0.bin

Copy updslot0.bin  to a USB stick and put it in your 360

Start XeXMenu, Navigate to the root of you HDD and run Flash360.xex
Press button B, press button A.

Follow on screen instructions to exit and shut down from Flash360 (do not exit via guide button)
Once console has shut down, remove power for at least 30 seconds to allow for a complete reinitialization of console.

Remove USB stick

Replace power and boot console via the eject button to boot into XeLLous.
You can now connect to your 360 with a web browser (use firefox). Leave XeLLous running, go to your computer and enter the URL given at the bottom of the screen into your browsers address bar.  (obviously, you’ll need your 360 to be connected to your network for this to work)

XeLLous URL

That will take you to the following page where you can directly download various bit of pure win from your 360

XeLLous Web Page

Yaris-Swap v0.9 Beta3

 

Zouzzz released Yaris-Swap v0.9 Beta3 "ChitOtest Edition".

What's new/fixed:
* Enable de la RichtexBox in ReadOnly
* Resizing ViewList.
* Add a panel Profile Info with ID profile, hardware, gamertag, XUID, icon ...
* Add a button Donate for the generous donors
* Add a button About with thanks, changelogs (in French)...
* Add DeviceID and ProfileID for CON files in ViewList
* resign CON files now possible (mass resign)
* ID XUID : now good length 0x8 against 0x6 in previous versions

Official Site/Download: hb-released.com