09-10-2010 #1Field Guest
Backup Manager EBOOT.BIN replacing PKG EBOOT.BIN
Was wondering why no one has mentioned this in detail before Ė or maybe Iíve just missed it.
Looking for someone/s to test this method and see if it works. Also for any hacking guru to let us know if this is plausible.
Basically the idea is to copy the EBOOT.BIN from the Backup Manager, and replace it over the EBOOT.BIN of a game demo or app that is already stored in the /dev_hdd0/game on your PS3
Before someone jumps up and down with the above statement, yes hex editing would need to be done, but those that did the Ninja Backup Manager Tutorial will have no troubles accomplishing this task [or anyone else with a basic idea of hex editing Ė it is really easy]
I still currently donít have a USB device [or the free sources out there], so canít test it out myself. Iím so hanging to try the FTP app, thatís what Iím most excited about.
Oh and while Iím here, like to thank the following for emails regarding the Ninja Backup Manager and whether it worked for them Ė Fonzi09, ReanimationXP and Magestischu.
And to the following for posts on that original Ninja thread - PS3 News, iCEQB, Transient, radialman, NInjaOptimus (nice avater), dragonsan, randalf, neophyte5001, gtxboyracer, and chaostic. Also thank to all that posted on the original Editing The PSJB BM to Hide it's ID [would write everyones name but this is already going to be too long]
Iíll treat this for first time users, as this is when it will be at its purist form. If you already have the Backup Manager installed, itís up to you if you want to do this proposed method, though this way may offer more protection against, the theorised, log files
Install JB device
Whichever method you use Ė Blackcat USB, PSJB, Nokia n900, PSP, the Family toaster [just joking but who knows in the future]
Run PS3 FTP Server Homebrew App
Without this app, it would have been next to impossible. Connect to your FTP of choice, most are using Filezilla. Iíll be attempting to use FlashFXP Ė not sure if it will work, will confirm.
Backup PS3 Files
Iím still not sure of the directory structure, but whatever you think is worth backing up. Me, Iíd backup everything I could. Just be careful; as CJPC stated, that Ďsome of the flash contents ARE writeableí, this area could cause trouble for new and unexperienced users.
Be sure to check out /dev_hdd0/home/PROFILENUMBER/etc/boot_history.dat as this file may contain your boot history. Someone reported that they couldnít copy the file, but Iím not sure if that was human, program, or other error.
Find the game demo
Letís say you have ĎPainí demo installed. It should be at location - also note that you might have a different version than I, so this one looks like UK.
Inside the USRDIR is the EBOOT.BIN Ė this one is the Pain executable file.
Acquire the Backup Manager
Now Iím hoping this is ok. Was going to post up the EBOOT.BIN from the Backup Manager. Iíd lead to believe that because itís debug, itís not going to cause issues due to illegal content. If I am able too, please let me know and Iíll upload the file on my next post.
Note - Backup Manager 1.1 is "released on or before the 15th of September"
If I am not allowed to, then you will need to do the extraction yourself. But this is an easy process. Use the Ninja Backup Manager tutorial for info on that extraction.
So in any case, once youíve got the EBOOT.BIN, open up your hex editor and go to offset 330711 [0x00050BD7] - 330720 [0x00050BE0] and replace LAUN12345 with NPEA00054 (if using PAIN or whichever the folder of the PSN demo you chose.)
Do the same at offset 331791 [0x0005100f] - 331800 [0x00051018]
/dev_hdd0/game/LAUN12345/GAMEZ [or whatever you used if you previously used a game or followed the Ninja Backup Manager Tutorial] to /dev_hdd0/game/NPEA00054/GAMEZ
Change this to the location of the demo/app that you plan to overwrite. If youíre new here, youíll be changing all LAUN12345 to the game directory of your choice.
Also I've left the GAMEZ folder there, that will be discussed if we can leave it there, or change it. Note - you will need to add the folder to your PS3 when copying back the edited EBOOT.BIN - I will remind you later on.
Side note Ė at this point we have no idea how things will get discovered. It might be a simple log, or it might be checking file sizes of folders and what they are meant to be. We can combat that by padding extra space in the actual EBOOT.BIN if sizes are different [maybe a little OCD], however CRC checks could show differences between the Ďsupposed to beí and the Ďnow editedí. If file sizes are checked maybe putting the location of the games into something that is more plausible Ė like videos. But then again, if file structure logs do get sent, itís going to have all folders. Iím only theorizing, and Iím sure someone here will tell me if a log like that exists. We just donít know how Sony could detect modified consoles.
Iím also guessing that with the original Jailbreak and the ĎInstall Package Filesí command, it was making the directories for you. But with the FTP app we can make our own directories and point the Backup Manager EBOOT.BIN to those locations. So I would recommend installing PS3 FTP first in installing the JB for the first time.
Once done. Save, and FTP to the PS3 at the location that you had set. So basically we are going to overwrite over the PSN gameís EBOOT.BIN. Don't forget to include the folder GAMEZ [all caps, just like the Backup Manager EBOOT.BIN], otherwise you're backups won't know where to get installed.
Once done, please load the game. You wonít see the fancy Backup Manager icon, or anything like that, as youíve only replaced the EBOOT.BIN. To the program and hopefully to Sony, when you click on the game Icon to start it, itís booting the EBOOT.BIN, which just happens to be our Backup Manager EBOOT.BIN. If any Content ID is sent, itís still the original untouched Content ID.
So please let me know if this works, or any questions, or problems. In theory it sounds good, and much easier than previous methods of hiding the Backup Manager.
I canít really call this the new 'Ninja Backup Manager' tutorial, as itís just a copy, hex and paste.... Maybe I should call it Stealth lol, nah maybe Iíll go with 'Imposter Backup Manager'... suggestions anyone?
09-10-2010 #2TheShroomster Guest
very well written. + rep
09-10-2010 #3atlask2 Guest
Great work , will be useful for ppl doesnt understand the first tut
09-10-2010 #4D4T Guest
Does this method really stop Sony's banning for now? Can someone please confirm?
09-10-2010 #5Pcsx2006 Guest
A very nicely written Guide buddy, but this is sony we are dealing with, no matter what method is used to make backup manager stealth or ninja sony can detect it, but as they actually didnt banneded any console till yet (same as psp scene) so no worries, but what they will surely do again & again is try to block the actual exploit with a firmware update as they have done it recently with psjailbreak/psgroove in 3.42 update.
09-10-2010 #6Field Guest
This method lets people create a personal backup manager and allows us to scatter or hide in the crowd, so to speak, instead of sitting in a group with the same Content ID - easier to target [if that makes sense]
Sony may have other means of detecting modified console. They could run a check to see if the console was run in debug mode. So if the console was connected to the PSN network as retail, then changes to debug, then retail again, this could be flagged.
Or they might check blu-ray usage. The problem is no one really knows. If people have fears of getting banned, then best to not touch the jailbreak methods. Due to previous consoles and the lessons the companies learnt, and now that we are dealing with consoles that use online functionality, it's just too risky.
Also (as far as I know) Sony haven't started banning as yet. This will probably come in one big hit, just like the Halo 3 beta / Crackdown copies ban hammer of the Xbox360. I'd dare say that the bans might occur when a big game is released. In closing, there probably isn't many people with the jailbreak due to Sony closing the door quick with the updates. All of my friends knew nothing of the jailbreak, and once the device was pre-released, Sony issued an update with 2 weeks or so.
09-10-2010 #7fldash Guest
Everyone keeps saying Sony can detect it and will ban the console, but so far no one has been banned. How can you possible know what Sony can and can't see unless we have someone on the inside? Who's to say if they can even see that log file?
For all we know, they could have blocked the exploit simply by updating code in 3.42, and they would know about the exploit obviously because they don't live in a bubble and they do have access to the internet.
If they really wanted to put the smack down, they would have banned consoles immediately and release the firmware update as well. Since they didn't, one could assume, they don't have near as much information as we think.
They figured out the methods people were using to bypass 3.42 (DNS and Logan's Tool) through the internet, and fixed them. However, I have a hard time seeing how they can fix anything like that permanently. Someone should be able to write something that emulates a PC almost identically and use that as a proxy to the Sony servers...
09-10-2010 #8pip1 Guest
what makes you think that the eboot.bin will pass signature check and boot to begin with?
it would be like having a drain pipe 4 feet tall running from a river straight under the vaults at fort knox.
is there a 4 foot pipe running under fort knox?
09-10-2010 #9syphonlord Guest
I haven't installed anything yet to my ps3,but i have plugged my xplain in to my ps3,just to check it works.It does. Now i want to back up my harddrive and save it to my external hard drive,then when iget a new ps3 in november do you think it will be safe to install my back up,or will there be any trace of me having plugged in the xplain on there, don't want to get my new one banned bcuz thats gonna be my online baby.
09-10-2010 #10Field Guest
LOL, all very good points to the idea. I don't disagree with any of them. They are all valid. It's just that this method might be more protective than the previous method
Using the original Backup Manager has LAUN12345 which if Sony were to check the Content ID would see that ID
It's been mentioned that a log exists that tells the last 5 ID booted, and another log that mentions all ID logged on your console.
Using the original Ninja Backup Tutorial allowed you to use the same Content ID along with other possible future checks as a PSN demo. So if Sony do check the Content ID - at least there is no LAUN12345
This new method combats against all wrong values that might be there from the copying of the PSN Demo - such as K_licensee, Content ID from incorrect versions of the game, as it's still using the original complete. All you have done is replace the EBOOT.BIN
If Sony were to check the CRC of EBOOT.BIN or the content, then they would have a lot more power. They need an easy approach, something that gets uploaded easy - like a Content ID check. Small 2kb file that goes unnoticed.
I started snowboarding this year, loved it. I'm also a musician. So when I did go to the snow, I had wrist guards, rump protector, all this extra protection, just in case I fall and break something. It's that over protection that makes the difference.
Oh as far as signature checks, err I guess that's why I've asked for someone to test this tutorial out for me lol as mentioned at the very top of the page
Oh and Syphonlord - sorry I'll reply back in a few hours, have to go out and people are waiting on me. But I would back the saves using the hard drive - you don't want to back up everything as it'll be a new console - just backup your saves and you should be fine. It might have been logged that you used the device - besides the .dat files will probably be set to your current console so that might cause mismatch and errors.