PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

January 16, 2011 // 9:50 pm - Update: PS3 hacker Graf_Chokolo has now shared news of a PlayStation 3 GameOS Hypervisor exploit (quoted below) and released a NPDRM Decryption Payload (GIT) for developers while JU57FL1P has decrypted an NCIS Eboot.

PlayStation 3 developers were previously unable to decrypt NPDRM EBOOT.BIN's (like those in PKG files) as the PS3's NPDRM encryption differed, but today Graf_Chokolo has figured out how to use appldr to decrypt NPDRM encrypted data from Sonic 4.

For those who haven't been following, prior to this PS3 hacking update Graf_Chokolo was working on porting the LV1 Exploit to GameOS mode.

Graf_Chokolo said the following, to quote: "Dumped appldr arguments for NPDRM decryption on 3.41. I'm able now to decrypt NPDRMs with appldr on 3.41. Thanks to Jack for his support.

Here is a snippet from Sonic 4 NPDRM decrypted on 3.41:

[Register or Login to view code]

Guys, if someone has NPDRMs to test please upload it. Thanks.

Uploaded my new stuff: NPDRM, SYSCON, HV exploit from GameOS and other thinsg.

With NPDRM payload you won't be able to decrypt all NPDRMs.

I 'm already able to decrypt dev_flash by using HV calls only.

HV uses ENCDEC device to do storage device encryption/decryption. I'm currently working on reversing of this peripheral. I have full HV access now and can control it So expect more nice stuff in the future

And thanks for all NPDRMs, guys. I will test them and will let you know which one decrypted.

Guys and be careful with store_file_on_flash.c and replace_lv2.c payloads. With store_file_on_flash.c i'm able to store a new file on FLASH memory where CORE OS files are stored from PUP. If you do not know what that means then don't play with this, it could brick your PS3, but it's safe to use when you know what you do.

With both of those payloads i'm able to boot a patched lv2_kernel.self from FLASH without flashing PUP, i just store a second lv2_lernel.self on FLASH, then patch System Manager in HV which is reponsible for booting GameOS and boot custom LV2 kernel from 3.41. You don't need NOR flasher if something goes wrong, just reboot HV and your original lv2_kernel.self will be booted again

The same way you could boot lv2_kernel.self from dev_flash. Just patch path to lv2_kernel.self in System Manager and point it to lv2_kernel.self stored on dev_flash

Theoretically, yeah, you could run what ever OS you want It has just to support Cell arch Today i will try to boot PS2 soft EMU instead of LV2 kernel. Linux would be nice of course and it would have all the rights of GameOS.

I'm reversing currently HDD, BD and FLASH encryption/decryption, trying to understand how HV does it. The key to understanding of it is the ENCDEC peripheral device which i'm currently working with. As soon as i have some good results which can be used by other developers i will make it public and let you know. Are you also reversing this part of HV currently ?

Booting PS2 EMU didn't work, i could boot ps2_emu.self but the screen was black. PS2 Soft EMU ps2_softemu.self didn't boot at all, HV shuts down. You have to patch also LAID in System Manager and not only file path or else lv2ldr wont't decrypt the PS2 kernel.

otheros.self is not a kernel like LV2 or Linux, it's gameOS application, you cannot boot it like a OS kernel on PS3. But i see no problems to boot Linux kernel instead of LV2. To boot Linux kernel image instead of LV2 kernel, you have to store Linux image on CORE OS flash, patch GameOD System Manager and point kernel path to Linux image, then patch System Manager so it won't use lv2ldr to load the Linux image, just memcpy Linux image to memory of GameOS.

HV procs cannot read USB devices because there is no USB device driver in HV. USB device driver is implemnted only in gameOS kernel and without some kind of USB device driver in HV there is no way to boot a LV2 kernel from USB. I can only boot LV2 kernel from CORE OS flash or dev_flash."

Graf Chokolo Decrypts PS3 NPDRM SELF Data from Sonic 4 Game

PlayStation Follow us on Twitter, Facebook and join us at our new site WWW.PSXHAX.COM!

#23 - PS4 News - November 12, 2011 // 1:36 am
PS4 News's Avatar
This is quite an old thread so I will close it, but you may want to check this article/thread if you haven't seen it already:

#22 - tranvanthien - November 12, 2011 // 1:31 am
tranvanthien's Avatar
Hi all !

Please make eboot patch 3.41 for resident evil 4 psn eu or us verion. i've already have patch for JPN version. thanks a lot. Could you tell me how to decrypt npdrm eboot?

#21 - BackHome - January 19, 2011 // 4:25 pm
BackHome's Avatar
It would be nice if the Linux kernel could be patched to provide a GameOS like interface to Games.

This would make PS3 just like a Windows PC, running games!!

#20 - aries2k6 - January 18, 2011 // 2:41 am
aries2k6's Avatar
Great work Graf. It would be great if we could get all those updates going.

Thanks for all your efforts on the ps3.

#19 - PS4 News - January 17, 2011 // 9:48 pm
PS4 News's Avatar
I have now updated the first post with Graf_Chokolo's NPDRM Decryption Payload and PS3 GameOS Hypervisor exploit news as well.

#18 - System Repairs - January 17, 2011 // 8:08 pm
System Repairs's Avatar

Exciting news to know how close things are in the PS3 world to my old PS2... soon to be better!

#17 - Raikard - January 17, 2011 // 7:18 pm
Raikard's Avatar
Graf if you create GT5 1.05 Eboot you'll be a hero!! Greetings

#16 - Brian10122 - January 17, 2011 // 4:24 pm
Brian10122's Avatar
Sick! It just shows how we're getting further and further. We're progressing nicely I can't wait for us to be able to get full PSN/DLC games.

#15 - jarvis - January 17, 2011 // 3:29 pm
jarvis's Avatar
Have updated tools been released that allow true signing of packages or is everyone still signing using geohots key which is hard coded and can easily be identified? Sony *may* have let these slide if backup manages didn't work and we couldn't decrypt/resign PSN downloads but they are not going to sit back and allow this. Unless we have real tools expect an update real soon and most likely banning to begin...

#14 - Brenza - January 17, 2011 // 11:26 am
Brenza's Avatar
Great news chakolo, thank you very much for your wonderful work!