PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

July 8, 2011 // 6:59 pm - Today Spanish PlayStation 3 developer JaicraB has explained the Cobra USB JIG protection RTOC trick implemented for the PS3 against cloning the device.

To quote, roughly translated: Flynn sent me this text explaining this protective carrying the Cobra, I hope it will open the eyes of those interested in reversing the dumps.


The JIG Cobra has several protective measures to ensure that your code could not be used correctly even if your code could be dumped.

This trick RTOC in the registry is the first used for this purpose in addition to hinder analysis.
Registration is initially RTOC stored in the battery to keep the RTOC of lv2 and power it back later:

[Register or Login to view code]

At this point we have to explain that the OFFSET DELTA. DELTA OFFSET is a method used in the x86 in its original moments in the creation of computer viruses, to calculate the memory address in which we are in the sea of ​​bytes in RAM.

In the original time a computer virus when I did not know where he was pulled into an executable,
depending on the executable it could be an initial site or another, for it was invented DELTA OFFSET.

DELTA OFFSET can be used in any system, the procedure is:

  • Using the record that indicates the current execution address (or the next depending on the system)
  • Reducing the size of the previous code we use the value obtained from the registry.

Knowing this, and taking for example the x86 processor where the EIP register can not be read directly invented the trick make a call to a "subfunction" which is simply the following line to the call:

[Register or Login to view code]

X86 call instruction saves the top of the stack the address of the next instruction to itself. Thus using pop draw from the top of the stack this value, and stored in eax for example, and having the memory address where we only subtract the above would be missing and we have the exact calculation.

The PowerPC can use this trick using the BL instruction is equivalent (LINK BRANCH), which jumps to a "subfunction" but before you save LR in the record the following address to BL.

[Register or Login to view code]

At this point we see the trick used for the creation of the RTOC of charges at this time. If you look both r0 and RTOC are passed to 0:

[Register or Login to view code]

Subsequently, given the value 0x11DE0 to RTOC:

[Register or Login to view code]

A r0 is given the value 0x920:

[Register or Login to view code]

R0 is subtracted from the value of RTOC:

[Register or Login to view code]

Unlike the PowerPC x86 LR register can be read directly with mflr instruction, we put in RTOC the value obtained by the delta offset:

[Register or Login to view code]

To calculate the delta offset subtract final instructions executed before the delta offset, which were 4, or 16 bytes:

[Register or Login to view code]

Finally we add the value of r0 at the end of the delta offset RTOC, storing the result in the RTOC and this already takes RTOC suitable for this hook:

[Register or Login to view code]

It takes having the RTOC stored in the stack 3 arguments that the hook received:

[Register or Login to view code]

You call the function of the charges where the first argument will check for command 0x8202 (a special command to the usual):

[Register or Login to view code]

After making the necessary steps as charged, the battery recovers the original RTOC, like the arguments the hook received, it executes the original instruction that was overwritten in the syscall entry 379 (in this case) to have our hook, and call the original syscall lv2:

[Register or Login to view code]

Upon returning to retrieve the original LR from the stack and returns to the prompt

[Register or Login to view code]

JaicraB on Cobra USB JIG Protection RTOC Trick for PS3

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew PS4 Downloads.

#389 - weedge1212 - December 12, 2012 // 2:34 pm
weedge1212's Avatar
i just updated to rogero 4.30 v2 from kmeaw3.55. but i didn't update multiman first. i currently have multiman 4.0.1 installed. how do i install multiman 4.14 BASE??? install .pkg option is gone from xmb and when i select the .pkg from the multiman filemanager it just takes me back to xmb without installing. sorry if this has been addressed before. my searches yielded nothing. any help is appreciated.

#388 - vallejo18 - December 11, 2012 // 9:01 pm
vallejo18's Avatar
Quote Originally Posted by BluRay View Post
Anyone managed to get StealthMan working on Rebug CFW? In here it just asks for the full version and freeze.

I knew I wasn't the only one with that problem. I'm trying out this other version of stealthMAN as a standalone app with the Name of a EURO game.

#387 - tonyqc - December 11, 2012 // 6:42 pm
tonyqc's Avatar
Following up on the previous revision, today PlayStation 3 developer deank has updated multiMAN to version 04.15.00 which now includes Remote Access functionality allowing you to link PS3 CEX and DEX consoles together alongside mmRAS (multiMAN Remote Access Service) by aldostools with details below.

Download: multiMAN v04.15.00 UPD CEX (20121212) (mM+ps3netsrv/GUI+mmRAS+installPKG - 3.21 MB) / multiMAN v04.15.00 UPD CEX (20121212) / multiMAN v04.15.00 UPD CEX (20121212) / multiMAN v04.15.00 UPD CEX (20121212) / multiMAN v04.15.00 UPD CEX (20121212) / multiMAN v04.15.00 UPD CEX (20121212) / multiMAN v04.15.00 UPD CEX (20121212) / multiMAN v04.15.00 UPD CEX (20121212) / multiMAN v04.15.00 UPD CEX (20121212) / multiMAN v04.15.00 UPD CEX (20121212) / multiMAN v04.15.00 UPD CEX (20121212) / multiMAN v04.15.00 UPD CEX (20121212) / multiMAN v04.15.00 UPD CEX (20121212) / multiMAN v04.15.00 UPD CEX (20121212) / multiMAN v04.15.00 UPD DEX (20121212) / PS3 Tools Collection 2.0.51 by aldostools

multiMAN 04.15.00 Changelog: This is only an UPDATE version (you need 04.14.00/04.15.00 BASE or FULL installed).

  • Updated PC application "ps3netsrv" to support fast folder-data retrieval
  • Greatly improved loading of remote /net_host folders (up to 4096 entries in mmOS and 2048 in other modes)
  • Greatly improved loading of remote Retro ROMs folders with covers
  • Added support to access remote PS3 system in mmOS or in game modes via /net_host
  • You can access all data of a remote PS3 to view/play photo/music/video files, transfer files/folders (and load ISO games/movies PS3/PSX/DVD/BD if used with Cobra CFW)
  • Added option in "Settings" - "Connect to Another PS3" - it allows full remote control (screen/pad) of another PS3 running multiMAN 04.15.00 and later
  • Added option in "Settings" - "Remote Access Permissions" (Disable/Files/Screen/Full) to restrict remote connnections to your PS3
  • Added support for mmRAS - PC application by Aldo (aldostools) which allows remote access to your PS3 (screen/pad) while running multiMAN
  • Screenshot feature in multiMAN (START+R2) will now save screens as JPEG.

The key features of this release:

  • The improved PC ps3netsrv application allows much faster access speeds when retrieving data from folders in mmOS or when browsing photo/music/video/ROMs from remote /net_host. You can now browse a remote folder with roms+covers and it takes a fraction of the time it took before.
  • The Remote Access feature allows you to connect to another PS3 anywhere in the world (be it in the other room or across the country) and copy files/folders, play Retro ROMs, view photos and play music and video files (after caching)
  • The Remote Access Control (PS3) feature allows you to connect to another PS3 running multiMAN and view its screen and control it with your pad. It allows you to minimize the current session and work with your own PS3 (to transfer files to the remote PS3 for example) and then return to the other PS3.
  • The Remote Access Control (PC) feature via aldostools mmRAS client allows you to connect to your PS3 (or any other PS3 around the world running multiMAN) from your PC. You can change the encoding quality of the picture, take screenshots in JPG (PrintScreen button) and control the PS3 with your keyboard and mouse. Click the [?] button for more information of the keyboard mappings.
  • The option in "Settings" (Remote Access Permissions) allows you to configure the access to your PS3. You can completely "Disable" it, you can allow remote connections only to access your "Files", you can restrict it only to remote control "Screen" or allow "Full" access for files and screen control.
  • The Remote Access Control provides 960x540 resolution (it doesn't depend on the remote PS3 resolution). The best results/quality and fastest response is achieved when server PS3 is running in 1920x1080.
  • To be able to use these features you have to configure your remote peers in "Settings" -> "Network Servers".
  • Any configured /net_host can be used for file access (PC and PS3) and for remote control (PS3)
  • If you are connecting to a PC you must have ps3netsrv application running on the PC side
  • If you wish to restrict access to your PS3 - change the setting in "Remote Access Permissions"
  • If you wish to connect to another PS3 configured as /net_host - use the "Connect to Another PS3" function in "Settings"

While connected to another PS3 you can 'minimize' the connection and work with your own PS3 and then resume the remote control. You will see the live minimized remote screen in the lower corner. To switch between local/remote control use [START]+[SQUARE].

To terminate a connection to a remote PS3 use [START]+[CIRCLE]. All other buttons you press will be sent to the remote PS3.

MANY thanks to aldostools for creating the PC application to connect to a remote-control-enabled PS3.

From aldostools comes a quick tutorial, as follows:

0- Run PARAM.SFO Edit.exe as Administrator to associate .SFO/.SFX extensions. Close it.
1- Backup your save data folder to a USB storage device (/PS3/SAVEDATA) or download them to the PC from /dev_hdd/home/0000000x/savedata via FTP
2- Backup your savedata folder in a ZIP/RAR/7z (just in case you make a mistak and corrupt your saves)
3- Start the Bruteforce and browse to your local savedata folder
4- Browse to a savedata with your account id and "Use PARAM.SFO as template" (you can do this manually copying the PARAM.SFO as "template.sfo" into the folder of Bruteforce)
5- Browse to a savedata with a foreign account id.
6- If the game has a key in the database it will be displayed, otherwise you will need to bruteforce it double clicking on the game and providing the ELF of the game (EBOOT or another self)
7- Once you have the key for the savedata to be resigned, press "Update Account ID" to update the PARAM.SFO with the account id in the template.
8- Press "Patch SFO" if the game is copy protected (it says YES in the Protected column)
9- Select all the files from the PFD using Ctrl+A and press "Decrypt PFD"
10- Use "Update PFD (Partial)" or "Update PFD (Partial update without Game setting) to update the hashes in the PFD. If you have the disc_hash_key for the game, you can use "Updae PFD (Full)".
11- Once the PFD is updated, select all files usingCtrl+A and press "Encrypt PFD"
12- Press "Verify PFD" to check if everything is OK.
13- Copy the resigned savedata to a USB storage device (/PS3/SAVEDATA) or transfer them from the PC to /dev_hdd/home/0000000x/savedata via FTP

Finally, from M@tsumot0: nice job master, i waiting for update STEALH version.

Put report_data.txt to your root usb go to install package file (Rogero 4.30 v2.03) on "APP_HOME/PS3_GAME" and push start for update your multiman 04.14.XX STEALTH to 04.15.00 STEALTH.


More PlayStation 3 News...

#386 - BluRay - December 11, 2012 // 1:25 pm
BluRay's Avatar
I'm sorry but if the games folder is empty It's because It's content have been deleted and I doubt It can be recovered. I've already deleted MultiMan before and It didn't delete my games folder, so I'm not sure of what you did wrong...

#385 - cjugem - December 10, 2012 // 10:06 pm
cjugem's Avatar
I previously had mm 4.09 installed with 4.30. I updated to 4.30 v2.03 and installed mm 4.14.00 and updated to stealth. I deleted my old mm.

My problem is I don't see my internal games anywhere. When I click on the folder they use to be in (hdd0:/GAMES) it's empty.

How can I access the games I have ripped on my ps3 internal hdd?

#384 - BluRay - December 10, 2012 // 9:10 pm
BluRay's Avatar
Anyone managed to get StealthMan working on Rebug CFW? In here it just asks for the full version and freeze.

#383 - hilongo - December 8, 2012 // 8:35 pm
hilongo's Avatar
Check where are the things that dones't show in your MM ... Every game should reside in their own folder, all inside a GAMES folder in your internal (/dev/hd0) ...

As for the emulators, I guess they should be inside a folder called ROMS ... but right now I don't know if you need a folder inside for every emulator (FCEU, etc) ... I'll check it and add to this post ...

#382 - scott7seven - December 8, 2012 // 5:57 pm
scott7seven's Avatar
rogaro 430 the latest andmm 14.14.04

#381 - racer0018 - December 8, 2012 // 5:48 pm
racer0018's Avatar
Ok first thing is first. Tell us what cfw and what ver. Of multiman. Thanks

#380 - scott7seven - December 8, 2012 // 2:39 pm
scott7seven's Avatar
my emulators and stuff used to show up in my games list in mm, now some of them dont, and some never did, ive tried refreshing everything and in settings, how do i get everything in my game folder on the int hard drive to show up in the games list in mm??