Page 3 of 9 FirstFirst ... 234 ... LastLast
Results 21 to 30 of 87

Thread: Discover the Sony PKG file structure.

  1. #21
    MIPs Guest
    Small Update/Attempt to keep thread alive

    offset: 0x8 - 0xb: word size: value 0xc0: 192 decimal =

    Possibly size of header:0x0 - 0xbf

  2. #22
    hacked2123 Guest
    Thanks MIPs so how long to till have some vital information, something that screams "We're almost there!"

  3. #23
    MIPs Guest
    Man I wish I knew ^_^. I'm praying that sony possibly used a readily available compression algo because I'm about to start testing the blocks of data that looked compressed with zlib and such. Here is a good article (and site altogether) that explains the idea. ""

  4. #24
    smackholio Guest

    SHA-1 value is at the end of PKG file

    Hey guys,

    Been doing some of my own analysis and came upon this thread. The last 20 bytes of the file (excluding the final 12-byte zero pad) is indeed the SHA-1 value of the PKG file minus the last 32-bytes (20-byte SHA-1 + 12-byte zero pad).

    So, for all the PSP license files (since they're all the same size):

    0x0 - 0x18FDF = block of data to calculate SHA-1 on
    0x18FE0 - 0x18FF3 = SHA-1 of the block from 0x0-0x18FDF
    0x18FF4 - 0x18FFF = 12-byte zero pad at the end

    Likewise for the other PKG files. For example, using the Q*Bert PKG file:

    0x0 - 0x8E3FBF = block of data to calculate SHA-1 on
    0x8E3FC0 - 0x8E3FD3 = SHA-1
    0x8E3FD4 - 0x8E3FDF = 12-byte zero pad at the end

    The SHA-1 of the Q*Bert file is:
    C6 54 7C 88 D2 CB 72 C8 05 E1 AB 6F 31 E0 22 88 5C D7 85 06

    Using a hex editor, I wrote out the block of data and calculated the SHA-1 value on that block. They matched exactly. I confirmed this with a few other PKG files as well.

    So it appears the SHA-1 is used as a checksum to prevent tampering of the PKG file. But now that we know how the SHA-1 is calculated, we can start tampering :-)

    I've got more PKG structure analysis that I'll write up later, but at least wanted to confirm that the PKG file does indeed contain the SHA-1 at the end.

  5. #25
    NDT Guest
    smackholio, this is cool indeed, can you hook me up on how to calculate the SHA-1 of a file so maybe i can compile a tool that recalculates it after a hex editing?

    Thanks in advance and 1 thumb-up

    I just noticed that winhex evaluate the SHA-1 of the files so i can try hex-editing the tekken pkg and in order to install it! Really cool indeed

    I can confirm the smackholio finding! Damn cool mate!

    There is some bytes that we can try to edit in order to let the ps3 think the content doesn't need to be bought

    the bad part is that i can't go online to install it for now cause i have fw 1.32

    So we need a person with at least 1.50 fw to install the modified pkg

  6. #26
    lillprinsen Guest
    dont understand much of what you guys are doin... but keep up the good work

  7. #27
    Xlom3000 Guest
    I am an unfortunate fool that has 1.51. If you need to test anything let me know. We may need to do it before thursday however. No telling what they will change to the storefront by then.

  8. #28
    ModderFokker Guest
    Excellent work Smackholio.....thumbs up

  9. #29
    kidling Guest
    I did some compare of .pkg headers, there are any interesting on offset CB. That value is 02 for pay files like (lemmings/qbert/tekken) and 03 for "free" files like gripSHIT and demos (ridge racer, gthd, etc). See the picture:

    i will make modification on offset CB (02 to 03) and test the install of lemmings, soon iŽll post the results.

  10. #30
    s1301950 Guest
    I got 1.51 still. Can test anytime. I'm on #ps3news as well.

Page 3 of 9 FirstFirst ... 234 ... LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts