Want to Join Us ?

you'll be able to discuss, share and send private messages.

Game Packages

Discussion in 'Homebrew' started by Rip Cord, Mar 29, 2016.

Share This Page

  1. Rip Cord

    Administrator Staff Member Admin Developer

    I always use aldotools for game packages, but a few people were interested in adding features to other pkg tools.

    xgpkg BETA
    for retail ps3 game packages. support for large files.

    xgpkg.exe 0.2.2

    Usage: xgpkg.exe filename option
    option:
    -a, extract all
    -e, extract selfs and sfo's
    -f, fix selfs and sfo's; WARNING!, proccesses in place

    IMPORTANT! option f processes the pkg in place. please only use this option with a back up copy of your game package. the other options open the input pkg as read only. options a and e create output directory from content id.

    option f creates a pseudo retail pkg. To use this on cfw 4.21, I had to patch na5_plugin.5sprx. see post 2 for patches for 4.21. also, I don't know about fixing or resigning sdats or edats, so this fixes only eboots, sprx, spu and param.sfo types.

    WARNING na5_plugin.5prx is a firmware module in dev flash. edit at your own risk.
     

    Attached Files:

    Last edited: Mar 29, 2016
    catalinnc likes this.
  2. Rip Cord

    Administrator Staff Member Admin Developer

    to use these pseudo retail pkgs, na5_plugin.prx must be patched.
    here are the patch offsets with the prx loaded in a hex editor or addresses if loaded in a dissembler.

    notes:
    offsets and addresses differ by F0 for section 0 of the prx.
    the original bytes and patched bytes are shown.
    tested and works on my cfw ps3, but the ps3 is never connected to PSN and never online so couldn't test if patches effect network functionality.



    error 80029564 is at three places in na5_plugin.prx from 4.21 rex:


    1.address 0x14C8
    Code (Text):

    in hex editor:
    OFFSET BYTES
    15B8     3C00 8002 6000 9564 <-80029564 split up 8002 and 9564 to 2 instructions
     
    only one reference to this location:
    Code (Text):

    in hex editor:
    OFFSET BYTES
    1634     41 9E FF 84 83 A2 80 28 <-1st 4 bytes are instruction at 1634, jump FF84 == -7C (location 15B8)
    change to:
    1634    41 9E 00 04 83 A2 80 28 <-change 3rd and 4th byte to 0004, jump 4 bytes
     
    Code (Text):

    in dissembler:
    address instruction
    1544    beq cr7, loc 14C8 <-4 byte instruction, if equal jump to location 14C8
    change to:
    1544    beq cr7, loc 1548 <-if equal jump 4 bytes to the next instruction; if not equal, goes to next instruction
     


    2.address 0x1834
    Code (Text):

    in hex editor:
    OFFSET BYTES
    1924     3C00 8002 6000 9564 <-80029564 split up 8002 and 9564 to 2 instructions
     
    the pseudo retail pkg has the sha1 footer; no need to patch this location.



    3.address 0x2E464
    Code (Text):

    in hex editor:
    OFFSET BYTES
    2E554    3C00 8002 6000 9564 <-80029564 split up 8002 and 9564 to 2 instructions
     
    three references to this location:
    Code (Text):

    hex editor:
    OFFSET BYTES
    2E240    41 9E 03 14 80 1E 00 04 <-jump 0x314 bytes (2E240 + 314 = 2E554)
    change to:
    2E240   41 9E 00 04 80 1E 00 04 <-jump 0x4 bytes
     
    Code (Text):

    dissembler:
    2E150    beq cr7, loc 2E464 <-if equal, jump 0314 to error 80029564, if not equal, goes to next instruction
    change to;
    2E150    beq cr7, loc 2E154 <-if equal, jump 0004 to next instruction; if not equal, goes to next instruction
     
    Code (Text):

    hex editor:
    OFFSET BYTES
    2E420    41 9E 01 34 80 1D 00 20 <-jump 0x134 bytes (2E420 + 134 = 2E554)
    change to:
    2E420    41 9E 00 04 80 1D 00 20 <-jump 0x4 bytes
     
    Code (Text):

    dissembler:
    2E330    beq cr7, loc 2E464 <-if equal, jump 0134 to error 80029564, if not equal goes to next instruction
    change to:
    2E330    beq cr7, loc 2E334 <-if equal, jump 0004 to next instruction; if not equal, goes to next instruction
     
    Code (Text):

    hex editor:
    OFFSET BYTES
    2E550    40 9E 00 10 3C 00 80 02 <-if not equal jump 0x10 bytes, over error 80029564 at 2E554
    change to:
    2E550    48 00 00 10 3C 00 80 02 <-always jump 0x10 bytes, over error 80029564 at 2E554
     
    Code (Text):

    dissembler:
    2E460    bne cr7, loc 2470 <-if not equal, jump to 2470
    change to:
    2E460    b loc 2470 <-always jump to 2470
     
     
    Last edited: Mar 29, 2016
    catalinnc and storm shadow like this.
  3. Rip Cord

    Administrator Staff Member Admin Developer

    fixed formatting of 2nd post
    added warning about editing files in dev flash

    thanks to stormshadow for dissembler/dissembler setup
    thanks to author of dissembler scripts
     
    catalinnc likes this.
  4. Rip Cord

    Administrator Staff Member Admin Developer

    looks like na5_plugin only checks the three signatures in the game pkg and the pkg sha1.

    1. patch 1 patches the check of the signature for the entire package, right before the pkg sha1 at the end of the pkg.

    Code (Text):

    in hex editor:
    OFFSET BYTES
    1634    41 9E FF 84 83 A2 80 28 <-1st 4 bytes are instruction at 1634, jump FF84 == -7C (location 15B8)
    change to:
    1634    41 9E 00 04 83 A2 80 28 <-change 3rd and 4th byte to 0004, jump 4 bytes
     
    Code (Text):

    in dissembler:
    address instruction
    1544    beq cr7, loc 14C8 <-4 byte instruction, if equal jump to location 14C8
    change to:
    1544    beq cr7, loc 1548 <-if equal jump 4 bytes to the next instruction; if not equal, goes to next instruction
     

    2. patch 2 patches the check of the signature for the pkg header

    Code (Text):

    hex editor:
    OFFSET BYTES
    2E240   41 9E 03 14 80 1E 00 04 <-jump 0x314 bytes (2E240 + 314 = 2E554)
    change to:
    2E240   41 9E 00 04 80 1E 00 04 <-jump 0x4 bytes
     
    Code (Text):

    dissembler:
    2E150    beq cr7, loc 2E464 <-if equal, jump 0314 to error 80029564, if not equal, goes to next instruction
    change to;
    2E150    beq cr7, loc 2E154 <-if equal, jump 0004 to next instruction; if not equal, goes to next instruction
     
    3. skip patch 3 @0x2E330/2E420, not needed

    4. patch 4 patches the check of the signature for the pkg attributes
    Code (Text):

    hex editor:
    OFFSET BYTES
    2E550    40 9E 00 10 3C 00 80 02 <-if not equal jump 0x10 bytes, over error 80029564 at 2E554
    change to:
    2E550    48 00 00 10 3C 00 80 02 <-always jump 0x10 bytes, over error 80029564 at 2E554
     
    Code (Text):

    dissembler:
    2E460    bne cr7, loc 2470 <-if not equal, jump to 2470
    change to:
    2E460    b loc 2470 <-always jump to 2470
     
    1, 2, and 4 were the only necessary patches, but if anyone skips calculating the pkg sha1, they can use patch 5

    5. OPTIONAL. patch 5 patches the check of the sha1 at the end of the game pkg.
    Code (Text):

    hex editor:
    OFFSET BYTES
    1920     41 9E 00 20 3C 00 80 02    <-jump 0x20 bytes if equal
    change to:
    1920     48 00 00 20 3C 00 80 02    <-jump 0x20 bytes
     
    thanks to catalinnc for your help.
     
    catalinnc and storm shadow like this.
  5. Rip Cord

    Administrator Staff Member Admin Developer

    here is a beta version of fix_edat.exe

    converts np type 1 or 2 to type 3
    If the version in edat footer is 4, uses edat key 1, else uses edat key 0. not sure if this is foolproof method to choose which key?

    Is it also necessary to change the edat version from 4 to a lower version?

    thanks to the person who sent the source of make_npdata and to the developer of make_npdata of course.

    edit
    updated fix_edat BETA to version 1.6
    added support for edat with data length 0x00
    still only supports edat with flags 3C
     

    Attached Files:

    Last edited: May 19, 2016
    storm shadow and catalinnc like this.
  6. Rip Cord

    Administrator Staff Member Admin Developer

    converts NP type 1 or 2 to type 3 is more clear, edited above.
    this is very early version for testing.
    so far I only have edats with flag 3c and all very small files.
    no support yet for edat > 2gb
    no sdat support.
    the file name used to calculate the omac is the input.edat argument entered on the commandline.
     
    catalinnc and storm shadow like this.
  7. Rip Cord

    Administrator Staff Member Admin Developer

    updated fix_edat.exe, BETA2.7z attached above.

    thanks to the member who explained that version 4 must be lowered to 3 for firmwares 3.55 & below, also for letting me know about edat with 0x00 length data.
     
    catalinnc and storm shadow like this.
Top