Retail PS3 game into a debug hdd boot game

[ncfballkid]

Do you know how the retail EBOOTs are encrypted ? I think all we would have to do is reverse the algorithm and we'd be good to go... extract the decrypted elf from the retail EBOOT , change the code to run from the hard drive and then use the make_fself_npdrm to make a debug EBOOT... what if we could write an app that loads the EBOOTs in the memory and then make a dump of the memory like onto a memory stick or something ... bc from my understanding .. the EBOOT is decrypted after it is ran in memory.

Do you by chance know how the retail EBOOTS are encrypted and decrypted? What if we were to write a program that runs and then you get to choose any EBOOT to run into memory and then dump it on a USB drive ... im sure we could find the offsets for the decrypted self file...

[CJPC]

From the looks of it, it seems the problem is that in some of the games you are actually overwriting data by replacing the dev_bdvd data, with dev_hdd0, if so try to remove 00 bits near that area, and then insert data as you can not overwrite actual data without consequences.

[cvp]

@CJPC
and you think we can fix this with a downgrade ? or will you achieve it all?

[pngo]

Understood. I will give a try... removing 00 trailing fields and inserting new fields to match the proper path. however, I will probably have to insert new 00 fields anyway otherwise the resulting file might have a different size, which will prevent it from being re-fake-signed by make_fself_nodprm.

[cvp]

CJPC, you know by chance if this is solved with the FW 1.50?

[CJPC]

Understood. I will give a try... removing 00 trailing fields and inserting new fields to match the proper path. however, I will probably have to insert new 00 fields anyway otherwise the resulting file might have a different size, which will prevent it from being re-fake-signed by make_fself_nodprm.

Well no, it can be done ,for example say you have (where . 's are 00)

. . . . . . . . /dev_bdvd/ps3_game/usrdir/eboot.bin A Z M Q
And, you want: /dev_hdd0/game/BLES00000/USRDIR/eboot.bin
Can then be:

. . /dev_hdd0/game/BLES00000/USRDIR/eboot.bin A Z M Q

See how the 00's were removed (or, overwritten?) Same thing applies if its close, if its not really close, you may run into problems.

[pngo]

got it, I will fix the path starting from the last letter then going from right to left.

[cvp]

you can make an example here? would be very nice!

Code:

74 65 6D 43 61 63 68 65 00 00 00 00 00 00 00 00 temCache........
2F 64 65 76 5F 68 64 64 30 00 00 00 00 00 00 00 /dev_hdd0.......
2F 64 65 76 5F 62 64 76 64 2F 50 53 33 5F 47 41 /dev_bdvd/PS3_GA
4D 45 2F 55 53 52 44 49 52 2F 00 00 00 00 00 00 ME/USRDIR/......

[CJPC]

you can make an example here? would be very nice!

Code:

74 65 6D 43 61 63 68 65 00 00 00 00 00 00 00 00 temCache........
2F 64 65 76 5F 68 64 64 30 00 00 00 00 00 00 00 /dev_hdd0.......
2F 64 65 76 5F 62 64 76 64 2F 50 53 33 5F 47 41 /dev_bdvd/PS3_GA
4D 45 2F 55 53 52 44 49 52 2F 00 00 00 00 00 00 ME/USRDIR/......

Ok - that for example, since there is 00 padding to the right, you should be ok. - mind you, this hex is NOT right, but

Code:

74 65 6D 43 61 63 68 65 00 00 00 00 00 00 00 00 temCache........
2F 64 65 76 5F 68 64 64 30 00 00 00 00 00 00 00 /dev_hdd0.......
2F 64 65 76 5F 62 64 76 64 2F 50 53 33 5F 47 41 /dev_hdd0/game/BL
4D 45 2F 55 53 52 44 49 52 2F 00 00 00 00 00 00 ES00001/USRDIR/..

But , even easier if these things dont work ,there are 2 more you can try. One, serve the game from a pc, use "app_home/PS3_GAME/USRDIR" (a direct replacement for dev_bdvd - no length issues), or even use the BD emulator (no need to edit, at all!)

Also a downgrade or 1.50 will not help this really - the simplest thing to do to ensure it works, is to use the BD EMU.

[GotNoUsername]

Is there a chance some one can do an auto Blu-ray to HDD game install Application , so we can paly games from HDD with no Blu-ray in Drive?