Unencrypted SPU Binary Found in Def Jam: Icon Demo for PS3
Today SKFU (linked above) is reporting that he has ran across what he believes to be an unencrypted SPU binary found in the Def Jam: Icon demo for PS3.
To quote: When I was bored yesterday I dealed with HDD decryption again and looked through the game folders on the decrypted HDD.
The Def Jam: Icon USA Demo seemed interesting as it only works on US consoles. While looking for the answer I noticed a folder dj3-ps3-opt in /USRDIR/spu/.
In there are several files like elf_sputhreads_apply.bin. I opened some files in a simple HEX editor and noticed that the files are not encrypted.
As well it looks like a binary. It does not have the default binary header used by SPU .self files compiled with the SONY PS3 SDK. It may be compiled with a third party compiler or with the IBM Cell SDK.
I did not check that, yet. Well, come back to check for updates regarding the research!
More PlayStation 3 News...
Me and SKFU were talking about this file earlier - it is quite interesting in that it is not encrypted, and shares a common header.
However I believe its part of the in-game engine, as the files have a common header, but are not encrypted.
If they were any form of an ELF (elf, self, sprx, for both ppu/spu etc), they would be encrypted - the mastering software scans the files for the file magic, and forces one to encrypt them.
But, as to how these affect the game itself is unknown, as we have yet to see an unencrypted master binary.
Nice find! Hopefully continuing efforts such as these will produce useful results or at least further an understanding of how to exploit the hardware. Your efforts and that of others is appreciated.
I hope we are ALL sacrificing spotless lambs to the gods daily! We all must do our part to get the ps3 hacked
Is there any indepth article about decrypting the elf? Whether its possible at all without breaking into sony with shotguns and skimasks.
I think he just meant that it needs to be looked into further... still nice at the find!
Well, it's still an interesting find.. if that code can be modified and 'injected' into the main application, then we could have a custom code loader through that icon... modify that icon and inject custom code.. I'm sure the file format can be reverse engineered somehow, we just need skilled people, time and a bit of luck!
I hope this can lead to something useful!
Thanks for sharing the news!
well, if it's signed i think we're at a dead end again... if it's not, we can actually use it to something useful (i think )