Tutorial on how to make your Ninja Backup Manager
[how to hex edit your manager.pkg to be hidden - in theory by Field]
Ok, well it seems that everyone is jumping on the band wagon with changing the ID, yet i'm thinking that people aren't really doing it correctly. Or taking what was posted here and regurgitating it like a poor sick puppy [using Blur Demo, that was so last week.] Anyway, here is the proper way of being protected and hidden from Sony peering eyes.
Note - you might still get banned if using online, or by just using it. At least it's better than using a supposed 'Stealth-ed' PKG, which still has links to the LAUN12345 folder.
Sorry for the long post, but I'm trying to explain it with heaps of details so everyone can learn from this experiece. Oh and credit goes to all the people on the original topic - Possibly editing the PSJB Backup Manager to hide it's ID , big props to randalf who pointed me in the right direction. And big thanks to all from PS3News communtity. To all others If you're going to copy this, at least give some credit. OK lets start!!
YOU'LL NEED THE FOLLOWING
Retail Consoles: http://www.ps4news.com/forums/attach...chmentid=20917
Debug Consoles: http://www.ps4news.com/forums/attach...chmentid=20919
It's known as manager.pkg. The new version will be released soon, so best to get that version. New features have been added. This is a debug PKG file so other debugging tools will work with this file.
Some good examples are Hex Workshop, 010 Editor and most likely some free ones too. You won't need to cure cancer with it, so just get something simple and user friendly
A retail PSN game demo pkg.
You'll need to get a retail pkg. Lucky enough this awesome site PS3News has retail links on the main page. Pick a game demo. I would choose something small. One of the Indie games. I used The Last Guy PSN Euro Demo (around 160mb). If you choose something like God Of War 3 Demo, you're going to have to pad a lot, so keep it small. You'll also have to start the download on you're console for activation on their servers. I'll explain that later. Just choose a game that you don't really want to play and is available in your region. A PSP game demo might also be an option, but is currently untested.
This program allows you to create a SFO file [System File Editor].
PS3 SDK 1.6
I used the 156mb version. It contains a file that is very important to this process. It's make_package_npdrm. Don't ask 'where can I get this file?' or 'I need the SDK, otherwise my emo world will come crushing down around me' - It's not allowed on these forums. Use the same tools that you use to look up porn, sports results, or of people dressing up as 'Star Wars' figures, waving around light sabres going "zoom zoom zoom".
A Dummy File creator.
An app that can create dummy files. I used Dummy File Creator from http://www.mynikko.com/downloads.html
LETS KICK THIS!
So for this demonstration, I'll be using the retail demo version of 'The Last Guy'. I download the actual Demo from the PSN store onto my console. Also downloaded the retail PKG on this site [PS3 News Retail Playstation Network Links - NOT debug version]. Make sure that it's from the same region. I used EUR, though I'm in Australia. You'll need the one from this site as we'll be extracting info from it. The one you downloaded from the PSN servers and onto your console is just for validating the install on their servers. My idea is that if Sony check and see that you have a game that you haven't download and installed from their servers, they might get suss. It's easy to play games without updating as you leave the network cable unplugged, but a demo that is [in theory and legally] only obtainable from the PSN network, and it's installed. Well a little suss. Another interesting approach might be game demos available on blu-ray discs from magazines, as they don't come from the PSN store, they get installed and maybe activated before install to their servers. This is something to be mindfull of.
At the moment, this might be my downfull as I may have an incorrect version due to the one that I'm getting. Will need to check differences between all regions. At least, they'd probably be looking for those with LAUN12345 as their Content ID's first.
Place the 2 PKG files (manager.pkg and gamedemo.pkg that you acquired from the PS3News site) into the ps3/cell/host-win32/bin [linux users have /cell/host-linux/bin
You'll see the make_package_npdrm file, along with many other SDK files.
I'm using Windows 7. Linux will use Terminal.
Run cmd command. [Win7 users run as Admin]. For total noobs click Start. In search box at the bottom - type cmd. Search will find it and right click and Run As Admin
Find the directories that you placed the PS3 SDK. I'm using G drive.
We are going to extract our debug backup manager.pkg. So issue the command below. The -x extracts the files contained within the manager.pkg
G:\ps3\cell\host-win32\bin>make_package_npdrm -x manager.pkg
It'll extract the files and shows the following. Note: I didn't worry about the +> to overwrite or -> to not overwrite.
raw data: + 1040: PARAM.SFO
raw data: + 24569: ICON.PNG
directory: + 0: USRDIR
NPDRM SELF: + 507888: USRDIR/EBOOT.BIN
If you're like me [sexy and hot - umm sorry], you'll have Windows Explorer already open. Good. Go to the sdk folder. You'll now see a new folder in the sdk/cell/host-win32/bin. The folder is LAUN12345. Looking inside this folder will show the ICON.PNG, PARAM.SFO and the USRDIR [which also contains the EBOOT.BIN]. This makes up the Backup Manager - manager.pkg
Ok. Now back to cmd. Type
make_package_npdrm -c manager.pkg
It'll show a bit more info now. You'll see Checker Revision, Package Filename, ContentID, DRM Type, Content Type, PackageVersion, # QA_digest [which is the K_Licensee number] and # Packaged by.
Below that is Content Information Files and most likely you'll also get Illegal Package. But we won't worry about that. Take note of that QA_digest number. We need to replace that with the Retail PKG so that it's more hidden.
make_package_npdrm -x TheLastGuy.pkg [I've changed the name due to the length of the original pkg]
You'll see that it spits the dummy and freezes. A folder is created, in my case it was NPEA90027 [which is the retail The Last Guy Demo pkg] It'll then show some weird symbols and basically won't extract anything. Fail. But that's ok, I just wanted to prove that retail PKG can't be opened. It's good to fail sometimes.
make_package_npdrm -c TheLastGuy.pkg
It'll to make an error stating 'This file was finalized: 'TheLastGuy.pkg'
So all in all, no good. But we have a plan. Keep cmd open for now. Just minimize it.
HAMMER TIME? NO! HEX EDIT TIME
Open your fave Hex Editor. For this I'll be using 010 Editor. I also used Zerotacq PS3 PKG Binery Template. But you won't need that as the work has already been done.
So have a look at the retail demo PKG [in my case TheLastGuy.pkg]. Also open up the manager.pkg file.
You'll see, in hex format, the ContentID at offset 30h - 5Fh. At 60h you'll see more weird letters and such.
Retail.pkg - copy from offset 60h - 70h. So there will be 16 double digits selected. Now paste those hex numbers into manager.pkg [The debug Backup Manager]. While you're here also copy offset C0h - 0120h [last bytes should be 00 00 - it's before more crazy hex code] of the retail pkg. That hex, details the package version, DRM type and other info, which would be great to know when building your new SFO. So paste that into the manager.pkg too. Oh I'm hoping that you're replacing the hex at the same location, don't just stick it anywhere. If you did, please slap yourself for me.
Now save as and name it to something like manager2.pkg. Save to the same directory as the other pkgs.
Close the hex editor. I'm hoping you've kept cmd open, so back to that.
make_package_npdrm -c manager2.pkg
You'll now see a new QA_Digest. It's the K_licesense of the retail.pkg. Also note that cmd will probably have a sook and show weird letters that wouldn't be out of place on some NASA workstation, and it'll probably end up with 'This application has requested the Runtime to terminate....' etc etc. But that's ok, as we've got what we wanted. Write down the QA_Digest number and also get Checker Revision, Content_ID, DRMType, Content Type, and PackageVersion, as you'll need that for PS3SFOedit to create a new SFO.
You won't need this manager2.pkg anymore, so delete it, hide it, or place in a folder incase you think you'll need it. Proabably why I have 20 copies placed all over my hard drives now, sigh.
CREATE OUR BEAUTFUL PKG FILE (Or Frankenstein monster)
Open up PS3SFOEdit by Hellcat
Load the PARAM.SFO from the manager.pkg that we extracted earlier. It should be in host-win32/bin/LAUN12345
Now you'll see that it's filled out with info about the SFO. This SFO could be read by Sony, or info from this SFO could be stored on your console and sent back to HQ, so things need to be correct.
Hex edit open the retail PKG [TheLastGuy.pkg]. Heck even open up the manager2.pkg file. This just allows you to check and learn more about these PKG files, as you'll be able to cross check with the hex and with hellcats' PS3SFOEdit progam.
So in my case - The Title ID is NPEA and 90027. It's at offset 37h - 40h.
The title (Default) is interesting as we haven't seen it as yet. Oh but in fact we have. Switch on your PS3 and go download the retail game demo. Once complete and it's been installed. Go to the game folder and highlight the game. Press 'triangle' on the game. Scroll down to Information. Now you'll see the icon (which is ICON0) and Title, Album, Parental Control, Size, Version. You'll need to write these settings down. Once done, run or walk back quickly to your PC [unless you have them both in the same room]. So mine was The Last Guy™ Demo Version. Yes I even included the TM symbol (just google, copy and past).
My version was 01.00 as this is the Game Version. I used the PackageVersion 01.02 as the App. Version. Set my Parental Lock to that of the game which was 3. Data Type is important. It should be left at HG. Reason is that the Backup Manager.pkg is run from the Hard Drive, same as the PSN retail demo. Retail Blu-Ray discs would have DG [Disc Game], whereas DP is Disc Package, DM is Disc Movie, IP is Install Package, and SD is Save Game Data. Leave all other options as they are [ie audio 7.1 etc] Click on Save. You can overwrite or save to a new dictortory if you want. Exit PS3SFOEdit and thank HELLCAT for that program.
OH LOOK A PRETTY LITTLE PICTURE
ICON0.PNG is what is shown when you highlight it within the PS3. You can change this if you'd like. I wasn't going to, but though, "hey why not". Just a simple colour change and shadow on the arrow was enough for me. You could actually use the full space up, but just don't get too fancy, otherwise you'll end up with no icon displayed. You could always use a modded PSP to check the ICON if you'd like [might work]
LETS TAKE A LOOK AT THE EBOOT.BIN
The EBOOT.BIN is the main execuatable for the Backup Manager. Without it, the Manager wouldn't boot. We'll also need to edit this as at offset 330711, it points to /dev_hdd0/game/LAUN12345. We probably don't want it to do that, as this means that it's creating a folder on the PS3 named LAUN12345.
Now open up the web and go to this address. Well if you'd like. It shows the PSJailbreak in action and installed for the first time.
PS Jailbreak PS3 Modchip Video Guide HD
When watching the video you'll see that when a game is being installed (onto the PS3 internal hard drive) it goes to his location.
/dev_hdd0/game/LAUN12345/GAMEZ/XXXXXXXXX [XXXXXXXXX is the Game ID]
At 2 minutes 18, you see /dev_usb000/manager.pkg which is the Backup Manager being installed from the USB flash pen (note - not the PSJailbreak USB, or future devices)
At 2 minutes 54, you see that the game is being backed up to /dev_hdd0/game/LAUN12345/GAMEZ/BLES00278
So therefore looking at the above info, it seems that all backups get installed to the PS3 Hard Drive (/dev_hdd0) under /game/LAUN12345/GAMEZ/ then followed by the Content ID of the game. In their case, it's BLES00278. I guess somethings never change with Sony, as their codes BLES and BLUS (US version) have been used since the PS1 days. Also note the GAMEZ, with the Z. Kinda hip and cool, yet a big company like Sony would never use the Z.
So we are going to change this location so it's something more proper. I was thinking of different locations, hidding it in the video area, or photos, but for today, I'll be placing mine in the dictory that The Last Guy retail PKG goes. Note: by doing this I may never be able to ever play 'The Last Guy' again as it could overwrite files, but not really fussed. It's on Xbox anyway, and I wasn't a big fan.
So change /dev_hdd0/game/LAUN12345 to /dev_hdd0/game/NPEA90027 [which is the ContentID of The Last Guy PSN Demo. [Side note - the full game of TLG, has NPEA00080, yet the demo is different. I'm still going for the demo, as that's the version I'm faking with. Had a look through the full game and it doesn't state where it gets installed to. The different regions are NPJA00029 - Japan, NPHA80044 err no idea, NPEA00080 - Europe, NPUA80154 - USA]]
Now at offset 331791 [0x0005100F] you'll see another LAUN12345/GAMEZ, so it'll be best to change this to NPEA90027/GAMEZ I had thought about changing the GAMEZ to GAMES or GDATA, but I'm not sure if it will kill the Backup Manager. I had a look through the full version of TLG, but couldn't see where it gets installed to.
You'll also see /dev_usb00%d/GAMEZ/ but I think this should be ok to leave, as it's pointing to the External Hard Drive. I think using the external hard drive is the better option, but that's personally choice.
Also the GAMEZ at offset 330651, 330667 and 330683. I'm not sure where they point too. It's best to leave these as they may be important, or used by the EBOOT. The 'Z' is a little annoying and could be flagged, but hopefully those folders rest inside the main NPEB90250 or on the External HD.
Once completed. Save edited manager.pkg
WHOSE A DUMMY NOW?
Open up your dummy file creator app or use some hex wizardly to create a dummy file.
I used Dummy File Creator from http://www.mynikko.com/downloads.html
I wanted something I didn't have to install as I only wanted to use it once. The progam above is just an exe file.
So load up Dummy File Creator. Also open up the Calculator, or if you're old school, grab one from your Desk drawer, or if you're really really old school, do the subtraction in your head [cough smart arse cough]
You'll need to make a dummy file so that once done, the edited Backup Manager PKG will be the same size as the original retail demo PKG. So to help you out :
Retail PKG KB - 527KB = Dummy File to create in KB
In my case 116,810 - 527 = 116,283KB.
[Oh also note that with the new version of Backup Manager, it might be larger, so take that into account. Version 1 is only 527KB]
If using Dummy File Creator - I used Single File, changed the file path to anything other than C: [as Windows 7 doesn't like files going there, for me it likes to hide them somewhere, this is due to the UAL thing], and File Size: 116283 - make sure you set it to KB, otherwise you'll end up with a Gigabyte worth of nothingness. I also named it DATA.BIN. This process took less than a second. If you hex edit, it's all 20 20 20 20. Move this file to your USRDIR directory
THE CONFIG FILE - PACKAGE.CONF
Ok so now. The Config file that make_package_npdrm needs.
Open Notepad. Save as package.conf - make sure that txt is selected. Try 'all files' from the drop down menu.
Save it to the ps3/cell/host-win32/bin folder
Paste the below into Notepad (or download the one that I have here)
DRMType = Free
ContentType = GameExec
PackageVersion = 00.00
Now hopefully you wrote down that K_licensee file [yep that was the QA_digest number]. The Content ID is shown at the start of the retail PKG demo. DRM Type is Free, which the demos are and so you don't need to buy it. Content Type is GameExec
Content ID - the full name of the package. Originally the Backup Manager was UP0001-LAUN12345_00-0000111122223333 [yep highly original there], so now it's been replaced by a proper Content ID - that of the PSN Retail Demo.
K_Licensee - I'm happy to say that I've found this, well I think I was one of the first. Anyway enough gloating, paste this here and be happy to know, that if Sony does look at these numbers, you'll be one step closer to being hidden.
DRM Type - either Local or Free. Local means that the package is distributed with charge, Free means the package is without charge. So you'll want the FREE option.
Content Type - You'll want GameExec as this means that the package will appear in the Game Column and is executable. GameData will appear in the Game Data Utility - so most likely patches are stored here.
PackageVersion = which ever that version number was when you wrote down the QA_digest and Content ID. Mine was 01.02
Don't forget to save.
THE FINAL FRONTIER
Well we are near the end, wow what a long, but hopefully not boring, read. I hope everything has been coming along well. Previously I had been stumped at the building stage of the make_package_npdrm. Windows 7 just wouldn't do it. I tried various versions of Linux, enough to make a geek wet his pants. Ran VMWare and still lost out. So after many hours of searching I've finally done it. If you can re-build without all the extra baggage, then great, but for those that were in the same boat as me, this is what I've done.
Oh I should start with the normal way first, in case you do get it working. I haven't been able to do this but others have.
Maximize or open cmd. Go to the ps3/cell/host-win32/bin folder and type
Now it will find the package.conf file that you stored there earlier. It should also build the package. But for me, every time I tried this, it would state 'Illegal head' and 'can't find USRDIR'. So....
Borrowing from a site that had borrowed from my own post about the Blur Demo and it's ID, I read about MSYS. It's some Linux based thing. Don't worry it's doesn't install over any operating system. Though I've installed it in G Drive, just in case.
It's located here http://downloads.sourceforge.net/mingw/MSYS-1.0.11.exe
So after trying to follow the Spainish to English translation, thanks to Google, [Mm I didn't think I needed a horse for this program], i went crazy and copied the whole host-win32/bin into the MSYS1.0 bin folder.
So make_package_npdrm was next to makeinfo and other MSYS exe files.
Run msys.bat [MINGW32 cmd] [email protected]_NAME ~ pops up.
Type make_package_npdrm and it popped up can't open file. Mmm
Ok so I was getting desprate and laughing like a crazy man, placed the following files into the MYSYS /home/myname* folder. There was ICON0.PNG [edited and colored], package.conf [created by notepad], PARAM.SFO [edited with Hellcat's PS3SFOEdit] and .inputrc [which was originlly there from the MYSYS install] *That's my actual name... well not myname, but err you know what I mean.
There was also the USRDIR folder, which contained the EBOOT.BIN (all caps thank you) and the dummy DATA.BIN.
I typed make_package_npdrm and..... it worked!!! It created the 116,822KB file for me. The new edited and hopefully stealthed (everyone else is using that word nowadays) Backup Manager [side note - I'm gonna call it Ninja instend of Stealth].
Well done. You too have created a 'ninja backup manager.pkg'
So now copy that to a flash pen, install and ... err play some games I guess. I'm off to bed! Of first read the FAQ as it might explain some more stuff
Q - So this will protect me right?
Well that’s kinda like asking that to a hooker, after she gives you some cling wrap and some duct tape to use as protection. At this moment, we are unsure. At least this approach is better than using one of the previous ‘jump the gun’ tutorials or manager.pkg. The EBOOT.BIN has been modified to reflect a new directory on your console’s hard drive.
Q – So I shouldn’t use this online?
I’d say not. I think there has been some confusion regarding this. I believe that the device never really allowed you to play online. It was created for homebrew and backups. I’ve changed the ID so that if Sony checks the console’s logs, it won’t have LAUN12345 contained within the log file. Also if it checks the contents of your hard drive, it won’t see LAUN12345 there either. Also using an external hard drive is best; however I’m not sure of the speeds of transfer while playing from External hard drives. Even though all information for a retail PSN game has been used, there is still the chance of getting detected.
Playing online could be risky. Other checks could be made like checking the game in /dev_bdvd to that of /dev_hdd0 or USB. Don’t forget that if using a PSJailbreak device you’ll need the USB device still plugged in – [if using an Open Source you may be able to bypass this.] Once connected, Sony could check to see if you’re running debug mode or if the stack overflow was used.
Eg. There is belief that if the Xbox360 is booted up without a dvd rom, this gets logged internally. When the hacked firmware first came out, hitachi drives needed to be booted into modeb, so power from the console was used. Sata connections were connected to the PC sata ports, not to the Xbox; so therefore the console logged this. When connected to Xbox Live, a small file was possibly sent back and flagged.
So who’s to say that booting into debug mode from the first time will write a log. Remember if you’re going to go down the path of modifying or hacking your console, then be prepared to get banned. Don’t ***** when you do. Buy another console for online play only if you want.
Q – Are you sure that the edited PKG will work?
At this point, I haven’t got the USB device yet, so I haven’t installed my own edited (ninja) backup manager pkg. Not to mention that in Australia, it’s now been banned for retailers to sell. Open Source hacks have been released, but I’m yet to go down that path. So you’ll be the first to try it. While I wish I could try it [kinda feels like coming home to find your best mate having sex with the blow up doll you just ordered online – note I’ve never brought a blow up doll], I’ll just have to wait. Also I’m waiting for the new backup manager [hopefully with NTFS support] to come out from PSJailbreak, or another form of homebrew.
Q – Err blow up doll? Umm Ok, so should I wait for the new manager then?
Yes, I’d say so. But give it a go with this first version, just to learn from the experience. If you have already installed manager.pkg, then please tell me how it went. I’m hoping that it works and everything in the EBOOT.BIN links up nicely. If you haven’t as yet installed the manager.pkg, then maybe wait a little bit longer for the new version to come out.
Q – I haven’t installed this as yet, anything I should know?
Yes! This should (if possible) be installed on unmodified consoles. If you’ve already installed the manager.pkg file then the content ID (LAUN12345) may already be logged, so you might be flagged already. By all means, reinstall the new edited version as it’ll go to a new location. I’m not sure if you can delete the previous manager.pkg install, and by doing this, it’ll also delete the games stored on the internal hard drive. It’s something you’ll have to discover for yourself, unless I find it; with which I’ll post it in the next revision.
When the new manger.pkg version comes out, you may need to re-do the whole process. Though it would be slightly quicker as you should have most of the files already, and the SFO creation should still be valid (in theory).
Q – So when the new version comes out, what will I do?
If you’ve followed the tutorial already and made your manager.pkg, then you’ll need to replace the new manager EBOOT.BIN with the old manager EBOOT.BIN. You’ll also need to do a new dummy file, as the two versions of manager.pkg would probably be different. The PARAM.SFO should still be good, as with the package.conf file and its contents (Content ID, QA_Digest [K_Licencee], Package Version).
Q - Ninja Backup Manager? Sounds cool and stealthily
Thanks, I thought that ‘Backdoor Rapist Backup Manager’ might be a little too extreme for the general hacking community
Q - Any other future ideas for avoiding detection?
I’ve got a few, but I need to have a think about it first. Things like using a PSP Game Demo, instead of a PS3 game demo, could be used. You’d need access to a modified PSP running CFW. Go download a PSP Game Demo from the PSN store. Activate/Validate and install. It’ll ask you to connect your PSP. Do so and then connect the PSP to your PC via USB. Copy the game to your PC. Use PSP editing tools to extract the info. You’ll see the PARAM.SFO, and ICON0.PNG. You’ll also see ICON1 and other PNG pictures. These display in the background, or show when you load the app. Once edited with the PS3 tools, you’ll use it as your new manager.pkg. Don’t worry it won’t try to install back onto the PSP, as the EBOOT.BIN is now the Backup Manager. It’ll load to the manager
I may in a future revision move to this process. It depends if I can get the information that I need. Eventually I’d like to hide the whole backup manager folder into something other than GAMEZ. Something like ‘VIDEO’ or ‘DATA’ or ‘PSPDATA’. A directory that might not be easily checked by Sony. This will take testing and looking inside the PSP demo, or exploring a PS3 hard drive to see its file structure. This way, it’s more personal, as it has been downloaded to your own console. With the PS3 Game Demo, I had to assume that the retail PSN demo and the Euro version downloaded from the PS3News links were the same Content ID. The process with the PSP Game Demo would still be the same, but the fake container will be different. Note – I’m yet to look into this, and the files within the PSP game might be DATA.PSP or other files, so this might cause issues. I'm still learning at the moment.
Another possible idea would be to run the backup manager from USB only. Therefore it never installs anything within the console. Though the Content ID could still be gathered and logged, but this is only theories at the moment.
In time, hackers will work out better ways of running apps within the system. Previously the console was locked, but now it’s been unlocked (still not fully open like running media players and linux on xbox1), and future developments look exciting and challenging. Let the games begin!
Q – Umm anything else you want to say?
Yes! Thanks to all on the PS3News forums, and any other forums that might have had info regarding this. Thanks to the hacking community for the tools. Good luck and hopefully this helps experienced hackers and the newbies (like myself) out there. Any questions, or ideas, please let me know. What was detailed above it still based on theories, i don't have all the answers. Thanks.