PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

October 16, 2012 // 12:07 am - Following up on the previous PS3 IDPS update, today PlayStation 3 homebrew developer Rnd (aka RndRandomizer) has released a Request IDPS Generator version 1.0.0.0 with details below.

Download: PS3 Request IDPS Generator v1.0.0.0

From the ReadMe file: REQUEST IDPS Generator - v1.0.0.0 - Rnd

v1.0.0.0:

  • Initial Release

Features:

  • Generate a request_idps file
  • Get PerConsole Data (board ID, cid, ecid, kiban ID, ckp2_data, ckp_management_id)

Usage:

Just get your NAND/NOR dump and drop it in this application.

No more need for re-flashing the whole dump in order to convert EID.

Simply it makes it easier to use it with ObjectiveSuites-SetIdps and you dont have to gether it from Sony's server.

Put request_idps.txt in Temp folder in ObjectiveSuites, to set your request_idps and you are done with flashing the new EID.

I'm not responsible for ANY DAMAGE it may cause! USE AT YOUR OWN RISK!

P.S. If somebody has a script to get the EID with ObjectiveSuites, I would be very kind if you could let me know, I will update the application.

Sincerely,
Rnd

Contact me at RndRandomizer

Finally, from zecoxao: Found it, now we can make our own request_idps files

request_idps.txt (hex) info by Scorpion2k7

name Start offset Size (byte)

per_console_serial 0 8
header 8 96

- Header structure

bytes description
4 number of file (5)
4 lenght of entire file (value-8)
8 unknown (00 03 00 04 00 00 00 00)
(file table)
4 file position 1 (value-8)
4 file lenght 1
8 file id 1
4 file position 2 (value-8)
4 file lenght 2
8 file id 2
...
...

- File info

File 1 - 16 bytes - 00 12 00 02 00 00 00 00 00 00 00 00 00 00 00 00
File 2 - 2144 bytes - EID0
File 3 - 128 bytes - EID2 PBLOCK
File 4 - 48 bytes - EID4
File 5 - 2560 - EID5

Finally, below is a brief guide from Abkarino as follows:

1 - Dump you NAND/NOR flash using a memDump tool or Hardware flasher if you have a higher firmware.
2 - Drag this dump into Request IDPS generator tool to generate the request_idps.txt file.
3 - Set your PC IP Address to: 192.168.0.100 and sub net mask to 255.255.255.0.
4 - Enter a FSM using any dongle/software method you like.
5 - Connect your PS3 to your PC directly using Ethernet cable.
6 - Find the old leaked CEX2DEX conversion tools that contains ObjectiveSuite-SetIDPS.
7 - copy all files from conversion folder into flash drive and put it in the right USB slot in your PS3.
8 - in your PC start copy the generated request_idps.txt into the TEMP folder inside the ObjectiveSuite-SetIDPS folder.
9 - Start ObjectiveSuite.exe then power up your PS3.
10 - Wait for about 1 min and you will see a "PASS" message in ObjectiveSuite.
11 - Now turn off your console.
12 - Flash any 3.55 CFW DEX.
13 - While in FSM remarry your BD Drive using 3.30 DEX PUP + 3.55 Remarry tools from Wiki.
14 - Exit from FSM and now you have a fully functional DEX machine.

From eussNL via IRC: patch SSL, use REQUEST IDPS Generator, lay back bored (since what happens with SetIDPS isn't really a true conversion, because you just write your own EID to the NOR/NAND).


PS3 Request IDPS Generator v1.0.0.0 By Rnd is Now Available

PlayStation Follow us on Twitter, Facebook and join us at our new site WWW.PSXHAX.COM!



#47 - Kaci - November 6, 2014 // 5:20 pm
Kaci's Avatar
is dangerous to use it without a stealth multiman?

#46 - Anton1997 - October 30, 2014 // 10:49 pm
Anton1997's Avatar
thanks

#45 - robbie1234999 - October 29, 2014 // 3:29 pm
robbie1234999's Avatar
hello, nice bro.. working?

#44 - dj1138 - October 19, 2014 // 3:32 am
dj1138's Avatar
i use both (not at the same time) psnpatch and webman. with webman IDPS and PSID are both spoofed from the get go and stay spoofed till you turn off the spoofing function, psnpatch spoofs till you turn off/restart then you have to use psnpatch again unless u use the .cfg file.

or you can have webman spoof one IDPS/PSID and psnpatch spoof another (obviously not at the same time). psn patch also installs rap and edat files while webman lets you stream games from external computer/over network.

#43 - badchimp - October 19, 2014 // 12:11 am
badchimp's Avatar
I'm using ccapi console control, you need to sign in with a legit valid cid, then change it to a banned or made up cid.

#42 - Akephalos - October 18, 2014 // 10:19 pm
Akephalos's Avatar
Sure is. I myself use PSNPatch.

It includes a .cfg file you can edit and set a spoofed ID to. It boots via USB with a .pkg and works wonders for me. On Habib 4.65 Cobra and no issues getting on PSN.

#41 - djstiff - October 18, 2014 // 8:43 pm
djstiff's Avatar
I was wondering if there was any reliable to spoof a cid?

#40 - scousetomo - October 10, 2013 // 1:10 pm
scousetomo's Avatar
i've got a working ps3 id, is there any tool available to use without a flasher? i'm on harib 4.50 cfw now on a banned slim but the id off a fat unbanned one

#39 - zant - October 5, 2013 // 8:21 pm
zant's Avatar
Can somebody make a working NAND version, please? I have been waiting to use something like this for a while now since Joris' didn't work.

#38 - JAYRIDER666 - October 5, 2013 // 12:23 pm
JAYRIDER666's Avatar
i tried but ps nope 1.05 don't work on my rogero 4.46

Also from zecoxao: Obtaining Packet IDs from Game_OS Syscall Interfaces The Easy Way (RE)

What is required:

  • IDA
  • PS3 Elf Loader
  • Kakaroto's analyze_self64.idc
  • Notepad++
  • lv1.self.elf processes (see SELFs inside ELFs on devwiki)
  • HxD

Tutorial:

Obtain the processes through table at 0x1D0000 (regular elf) or 0x1F0000 (factory elf)
Extract processes.

Load each through IDA with PS3 Elf Loader. Never undefine database and use kakaroto's idc to correctly define the offsets. In the end define the RTOC value in IDA's preferences.

Export each database to an assembly file.

Open the assembly file in IDA (any of them) search for this:

[Register or Login to view code]

The sub HAS to contain only that instruction AND a blr.

Save the offsets in each sub for each asm file. Now, go to ida and load any process elf. Go to the specified offset (pick any). Go to the function, highlight it in IDA-View... ctrl-X (xrefs) it'll show up a list of possible xrefs (most of them are Packet IDs)

Credits:

Hykem, for the work being currently done
deroad, for the help at the weekends
and of course, graf chokolo

Here's a list of offsets of the get_* functions from factory JIG lv1

Download: factory243.zip

I'll start using this thread to post my findings, even if they are off-topic.. for starters:

[Register or Login to view code]

there are a lot of these under special areas of the ps3. here are a few examples.

[Register or Login to view code]

perconsole nonce is also an interesting bit to watch. it's in metldr,bootldr,eid0,eid3 and eid5. perconsole revision key however, is only on 4 of these and not in eid3.

[Need Testers] Get logs from initialization with Juan Nadie's bootldr exploit

So yesterday i had a very interesting conversation with a friend of mine from irc. He had a theory about the initialization of the ps3. He also had logs, obtained from a modification of Juan Nadie's bootldr exploit. Unfortunately, he had to format the hdd, so the logs were lost. And this happened a long time ago.

right now we're trying to reproduce the same thing. so far:

I've uncommented line 912 ( //createLog(0); )
I've added these lines
[code]
} else if (page >= (FLASH_SEGMENT + FLASH_OFFSET + BOOTLOADER_OFFSET) && page