03-05-2007 #21MIPs Registered User
Small Update/Attempt to keep thread alive
offset: 0x8 - 0xb: word size: value 0xc0: 192 decimal =
Possibly size of header:0x0 - 0xbf
03-05-2007 #22hacked2123 Registered User
Thanks MIPs so how long to till have some vital information, something that screams "We're almost there!"
03-05-2007 #23MIPs Registered User
Man I wish I knew ^_^. I'm praying that sony possibly used a readily available compression algo because I'm about to start testing the blocks of data that looked compressed with zlib and such. Here is a good article (and site altogether) that explains the idea. "https://www.openrce.org/articles/full_view/16"
03-06-2007 #24smackholio Registered User
SHA-1 value is at the end of PKG file
Been doing some of my own analysis and came upon this thread. The last 20 bytes of the file (excluding the final 12-byte zero pad) is indeed the SHA-1 value of the PKG file minus the last 32-bytes (20-byte SHA-1 + 12-byte zero pad).
So, for all the PSP license files (since they're all the same size):
0x0 - 0x18FDF = block of data to calculate SHA-1 on
0x18FE0 - 0x18FF3 = SHA-1 of the block from 0x0-0x18FDF
0x18FF4 - 0x18FFF = 12-byte zero pad at the end
Likewise for the other PKG files. For example, using the Q*Bert PKG file:
0x0 - 0x8E3FBF = block of data to calculate SHA-1 on
0x8E3FC0 - 0x8E3FD3 = SHA-1
0x8E3FD4 - 0x8E3FDF = 12-byte zero pad at the end
The SHA-1 of the Q*Bert file is:
C6 54 7C 88 D2 CB 72 C8 05 E1 AB 6F 31 E0 22 88 5C D7 85 06
Using a hex editor, I wrote out the block of data and calculated the SHA-1 value on that block. They matched exactly. I confirmed this with a few other PKG files as well.
So it appears the SHA-1 is used as a checksum to prevent tampering of the PKG file. But now that we know how the SHA-1 is calculated, we can start tampering :-)
I've got more PKG structure analysis that I'll write up later, but at least wanted to confirm that the PKG file does indeed contain the SHA-1 at the end.
03-06-2007 #25NDT Registered User
smackholio, this is cool indeed, can you hook me up on how to calculate the SHA-1 of a file so maybe i can compile a tool that recalculates it after a hex editing?
Thanks in advance and 1 thumb-up
I just noticed that winhex evaluate the SHA-1 of the files so i can try hex-editing the tekken pkg and in order to install it! Really cool indeed
I can confirm the smackholio finding! Damn cool mate!
There is some bytes that we can try to edit in order to let the ps3 think the content doesn't need to be bought
the bad part is that i can't go online to install it for now cause i have fw 1.32
So we need a person with at least 1.50 fw to install the modified pkg
03-06-2007 #26lillprinsen Registered User
dont understand much of what you guys are doin... but keep up the good work
03-06-2007 #27Xlom3000 Registered User
I am an unfortunate fool that has 1.51. If you need to test anything let me know. We may need to do it before thursday however. No telling what they will change to the storefront by then.
03-06-2007 #28ModderFokker Registered User
Excellent work Smackholio.....thumbs up
03-06-2007 #29kidling Registered User
I did some compare of .pkg headers, there are any interesting on offset CB. That value is 02 for pay files like (lemmings/qbert/tekken) and 03 for "free" files like gripSHIT and demos (ridge racer, gthd, etc). See the picture:
i will make modification on offset CB (02 to 03) and test the install of lemmings, soon iŽll post the results.
03-06-2007 #30s1301950 Registered User
I got 1.51 still. Can test anytime. I'm on #ps3news as well.