Want to Join Us ?

you'll be able to discuss, share and send private messages.

Release SCETOOL source converted for Windows

Discussion in 'Homebrew' started by Rip Cord, Dec 3, 2013.

Share This Page

  1. Rip Cord

    Administrator Staff Member Admin Developer

    The original source code release for SCETOOL compiles easily with gcc on linux. I made some small changes to allow compiling with Visual C++ in Windows.

    Here is the source code/solution and compiled exe. Included zlib 1.2.5; it's compatible with original source. Linked with zlib static lib 32. If the linker has problem finding the zlib library (zlibstat.lib), add your source directory to the search path: Project->Properties->Linker->General: additional library directories.

    Compiled with Visual C++ 2008 free edition (no registration required, no expiration date)
    just open the sln file with Visual Studio to convert/load into other editions of VS; tested and working ok on VS 2010 too.


    March 14 2015 Update: new link
     

    Attached Files:

    Last edited: Mar 14, 2015
  2. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Very good Rip Cord
     
  3. Rip Cord

    Administrator Staff Member Admin Developer

    Thanks.

    it's nice that zlib can be linked staticly, no need for dll.
     
    Last edited: Mar 14, 2015
    Jarnotdf and storm shadow like this.
  4. Rip Cord

    Administrator Staff Member Admin Developer

    I used the same steps to convert scetool to compile with Visual C++ 2010
    Only needs a few changes:
    1. In VC++ select new project, win32 console application, enter a name for the project, and make sure that create directory for solution is checked. Uncheck precompiled header. OK.
    2. Set the project properties to multibyte for both debug and release configurations.
    3. In the solution explorer window right click the name of the main source file and rename to main.cpp. Copy/paste all the text from the original main.cpp scetool source code into the main.cpp in your VC++ project.
    4. Edit main.cpp so there is only one int main() and one closing return 0/closing brace. Comment out the line: #ifndef _DEBUG. Also right below the line #include <sys/stat.h> add an external "C" def for zlib.h:
    Code (Text):

    extern "C"
    {
    #include "zlib.h"
    };
     
    5. Save all.
    6. Copy all the header files from the original scetool source directory to the source directory of your project.
    7. In the VC++ solution explorer right click the folder "header files" ->add->existing item and add all the header files you just copied to the source directory.
    8. Save all.
    9. In the solution explorer double click to open zconf.h. Add 2 defs right before the line #ifndef ZCONF_H:
    Code (Text):

    #define ZLIB_WINAPI
    #define ZLIB_INTERNAL
     
    10. Save all.
    11. From the original scetool source directory copy all the source files with extension .c and .cpp (except of course main.cpp already done) to the project source directory.
    12. In the solution explorer right click the folder "source files" ->add->existing item and add all the source files you just copied to the source directory.
    13. Save all.
    14. Add the external "C" def for zlib.h to the source files sce.cpp and to util.cpp.
    Code (Text):

    extern "C"
    {
    #include "zlib.h"
    };
     
    It should be the first include before all the others. Also, comment out the line #include "zlib.h" that was already there, further down the list of includes.
    15. Save all.
    16. Extract zlibstat.lib from the static32 folder of zlib125dll.zip and copy it to the project source folder.
    17. In the project properties settings, in the linker section, for additional library directories, add the project source directory. In the input subsection of the linker section, add zlibstat.lib to the additional libraries. Click ok of course.
    18. Save all.

    Now it will build without errors.
     
  5. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    You think it might be possible to add check off headers to pkg packages.
     
  6. Rip Cord

    Administrator Staff Member Admin Developer

    there is a little code related to packages that is commented out. looks like he intended to include package functions.
     
    storm shadow likes this.
  7. Rip Cord

    Administrator Staff Member Admin Developer

    made a simple variation called scedetect.
    some gui' s for scetool don't show output command, this will print a log file showing the command with commandline arguments that are passed to scetool by the gui. the log file is scedetect.txt and is created in the working directory of the gui.

    instructions: look in subfolder of gui tool for scetool, backup and then replace original scetool with this version,
    run gui, see command in scedetect.txt

    Code (Text):

        //scedetect code
        FILE *fp_detect;
        if ((fp_detect = fopen("scedetect.txt", "a"))==NULL) {
            printf("\nCannot create or open scedetect.txt log file...\n");
            return 1;
        }
        fprintf(fp_detect, "\n\n\n%s", argv[0]);
        for(int counter=1; counter < argc; counter++) {
            fprintf(fp_detect, " %s",argv[counter]);
        }
        if(fp_detect) fclose(fp_detect);
     
     

    Attached Files:

  8. Rip Cord

    Administrator Staff Member Admin Developer

    scetool places a watermark in the files that it encrypts:
    Code (Text):
    encrypted with scetool
    00000420 4E50 4400 0000 0001 0000 0003 0000 0001 NPD.............
    00000430 5550 3030 3031 2D47 414D 4531 3131 3131 UP0001-GAME11111
    00000440 5F30 302D 4741 4D45 4E41 4D45 3030 3030 _00-GAMENAME0000
    00000450 3030 3031 0000 0000 0000 0000 0000 0000 0001............
    00000460 7761 7465 726D 6172 6B74 726F 6C6F 6C6F watermarktrololo
    00000470 4D29 0FD5 1253 AEDD 549B DA58 2612 10D0 M)...S..T..X&...
    00000480 9182 CA8D 7A6D B94C 9809 88D2 568B 9439 ....zm.L....V..9
    00000490 0000 0000 0000 0000 0000 0000 0000 0000 ................
     
    "watermarktrololo"

    also "SURPRIZE :D " and "IM IN UR KEYZ !!" are inserted into the keys array for encrypting self.

    here some versions of scetool with the watermarking removed.
    scetoolw_no_wm.exe and scetoolw_detect_no_wm.exe
    scetoolw "w" == compiled for windows os
    "no_wm" ==no watermark
    "detect" the version in post above that saves a log file of the command used to invoke scetool
    someone else can pick a better name for exe
    tested only with a couple of eboots, encryption and decryption both.
     

    Attached Files:

  9. Rip Cord

    Administrator Staff Member Admin Developer

    added option to print encryption parameters
    Code (Text):

    G:\tools>scetoolw -p eboot.bin
    scetool 0.2.9 <public build> (C) 2011-2013 by naehrwert
    NP local license handling (C) 2012 by flatz
     
    Encryption Parameters for eboot.bin.
    Key Revision 0010
    Auth-ID      1010000001000003
    Vendor-ID    01000002
    SELF-Type    00000008  NPDRM
    APP Version  0001000000000000
    FW Version  0003600000000
    Control Flags    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Capability Flags 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    00 00 00 00 00 00 00 3B 00 00 00 01 00 00 20 00
     
    when using an eboot.bin as a template to encrypt an elf but want to change one of the parameters. it's easier than looking through the regular output to find the encryption parameters.

    usage:
    scetoolw -p eboot.bin
    or
    scetoolw --print-params eboot.bin

    I tested with a few eboots. If someone tests, let me know if you find any mistakes.
    There's the source code. The changes are ugly, you're eyes have been warned.
     

    Attached Files:

    jo3tomas and storm shadow like this.
  10. Rip Cord

    Administrator Staff Member Admin Developer

    Anyone know why scetool (official public released version by naehrwert) does not include firmware version in the control info when it's used to re-encrypt an eboot?

    here's info from original game eboot:

    Encryption Parameters for GOW_EBOOT.BIN:

    Key Revision 0001
    Auth-ID 1010000001000003
    Vendor-ID 01000002
    SELF-Type 00000004 APP
    APP Version 0001000000000000
    FW Version 0003150000000
    Control Flags 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Capability Flags 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 3B 00 00 00 01 00 04 00 00

    after eboot is decrypted and re-encrypted with scetool:

    Encryption Parameters for GOW_EBOOT_ENCRPT.BIN:

    Key Revision 0001
    Auth-ID 1010000001000003
    Vendor-ID 01000002
    SELF-Type 00000004 APP
    APP Version 0001000000000000
    FW Version 0000000000000
    Control Flags 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Capability Flags 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 3B 00 00 00 01 00 04 00 00
    all disc boot type eboots end up with 0000 for firmware version.

    here's the file information for the same eboot re-encrypted with a modded version of scetool:

    Encryption Parameters for GOW_EBOOT_ENCRPT_fwfixed.BIN:

    Key Revision 0001
    Auth-ID 1010000001000003
    Vendor-ID 01000002
    SELF-Type 00000004 APP
    APP Version 0001000000000000
    FW Version 0003150000000
    Control Flags 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    Capability Flags 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 3B 00 00 00 01 00 04 00 00
    Here is the modded scetool if anyone wants to test it. This mod only enables fw-version change with commandline arguments but not when using a template eboot to fill the values.
     

    Attached Files:

    storm shadow likes this.
  11. Rip Cord

    Administrator Staff Member Admin Developer

    added another option. When using a template to re-encrypt an eboot, this allows specifying a different firmware version (in the control info) and/or key revision.

    template option with official scetool:
    scetool.exe -0SELF -tGOW.BIN -e GOW.ELF GOW_355_MOD.BIN

    modded scetool with template options:
    scetoolw_to.exe -0SELF -2000A -60003005500000000 -tGOW.BIN -e GOW.ELF GOW_355_MOD.BIN

    with NPDRM eboot:
    scetoolw_to.exe -0SELF -2000A -60003005500000000 -bFREE -cEXEC -fEP4321-BLES01286_00-SGWEUPATCH000001 -gEBOOT.BIN -tSWG-EBOOT.BIN -e SWG-EBOOT.ELF SWG_355_MOD.BIN

    This wasn't my idea, but a feature request. Thanks for the idea. Also, I think this fixes the problem I mentioned above when using a template scetool doesn't include the firmware version in the control info.
     

    Attached Files:

    storm shadow likes this.
  12. Rip Cord

    Administrator Staff Member Admin Developer

    It's easy to see the official scetool and the versions with small changes I have posted, both make some changes to the header length and the number of metadata keys.

    I have compared the same eboot decrypted, then re-encrypted, then re-decrypted with both official scetool and my modded versions. The resulting elfs have been identical. Did this with a few eboots. I would appreciate a heads up if any sees any anomolies with these versions or suggestion on how to make scetool more accurate in its results.
     
    storm shadow likes this.
  13. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Not sure if i understand , if they are identical after re encrypting, is that a problem ?
     
  14. Rip Cord

    Administrator Staff Member Admin Developer

    Hopefully, shows that I didn't screw up scetool since the same file changes occur with official release.
     
    storm shadow likes this.
  15. jo3tomas

    Well-Known Member Developer

    hi

    could you fix encryption spu self files from games retail and npdrm

    i checked all available scetool version, and all versions have problem with encryption spu self files

    spu self file from retail game:
    Code (Text):
    http://www38.zippyshare.com/v/48292329/file.html
    regards
     
    Rip Cord and storm shadow like this.
  16. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    if retail sign self/sprx with free key, eg. no key

    if retail update or npdrm then you bruteforce self/sprx o get devklic key /klic and sign with it
    and with npdrm he must add np commands / CID with real file name.

    example npdrm

    Code (Text):
    scetool.exe --verbose --sce-type=SELF --np-klicensee=00000000000000000000000000000000 --compress-data=TRUE --skip-sections=FALSE --key-revision=19 --self-auth-id=1010000001000003 --self-vendor-id=01000002 --self-ctrl-flags 4000000000000000000000000000000000000000000000000000000000000002 --self-cap-flags=00000000000000000000000000000000000000000000003B0000000100002000 --self-type=NPDRM --self-fw-version=0004002000000000 --np-license-type=FREE --np-content-id=UP0006-NPUB30464_00-CRASHTRIAL0000NA --np-app-type=SPRX --self-app-version=0001000000000000 --np-real-fname=CRASH.DLL.SPRX --encrypt CRASH.DLL.SPRX.elf CRASH.DLL.SPRX
    you can skip skip ctrl flags and cap flags and for retail.

    Code (DOS):
    scetool.exe --verbose --sce-type=SELF --compress-data=TRUE --skip-sections=FALSE --key-revision=19 --self-auth-id=1010000001000003 --self-vendor-id=01000002 --self-type=APP --self-fw-version=0004002000000000 --np-app-type=SPRX --self-app-version=0001000000000000 --np-real-fname=Game_PS3.self --encrypt Game_PS3.elf Game_PS3.self
     
    Rip Cord and Nighthawk like this.
  17. jo3tomas

    Well-Known Member Developer

    no difference what command i use, after encryption self is corrupted

    example from file from my post above spu self - audiof.self

    decryption - working fine
    Code (Text):
    scetool.exe -v -d audiof.self audiof.elf
    encryption your command
    Code (Text):
    scetool.exe --verbose --sce-type=SELF --compress-data=FALSE --skip-sections=FALSE --key-revision=19 --self-auth-id=1010000001000003 --self-vendor-id=01000002 --self-type=APP --self-fw-version=0004002000000000 --np-app-type=SPRX --self-app-version=0001000000000000 --np-real-fname=audiof.self --encrypt audiof.elf audiof.self
    i use this command earlier
    Code (Text):
     scetool.exe --sce-type=SELF --compress-data=TRUE --skip-sections=FALSE --key-revision=0004 --self-auth-id=1010000001000003 --self-vendor-id=01000002 --self-type=APP --self-app-version=0001000000000000 --self-fw-version=0003004000000000 --encrypt audiof.elf audiof.self
    encrypted self is always corrupted - only 640 bytes, i tried without compression and other setting but still no result self is corrupted. i tried other spu self from far cry classic npdrm - same result, i tested earlier 6 or 7 but i can't fix properly all these files

    regards
     
    Nighthawk likes this.
  18. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    C:\Users\Administrator\ps3tools\ps3tools\tools\scetool>SCETOOLW_to2.exe --verbos
    e --sce-type=SELF --np-klicensee=00000000000000000000000000000000 --compress-dat
    a=TRUE --skip-sections=FALSE --key-revision=19 --self-auth-id=1010000001000003 -
    -self-vendor-id=01000002 --self-ctrl-flags 4000000000000000000000000000000000000
    000000000000000000000000002 --self-cap-flags=00000000000000000000000000000000000
    000000000003B0000000100002000 --self-type=NPDRM --self-fw-version=00040020000000
    00 --np-license-type=FREE --np-content-id=UP0006-NPUB30464_00-CRASHTRIAL0000NA -
    -np-app-type=SPRX --self-app-version=0001000000000000 --np-real-fname=CRASH.DLL.
    SPRX --encrypt audiof.elf audiof1.self

    results in a 748 kb file
    use the sceetool That Rip Cord made

    resign file below

    remember i used a different SKU ID
     

    Attached Files:

    Nighthawk likes this.
  19. jo3tomas

    Well-Known Member Developer

    check your file again, it's corrupted and have only 768 bytes

    original scetool or Rip Cord scetool, no difference, i can encrypt and decrypt without error but still elf is corrupted

    original elf size (audiof.elf) - 76,7 KB (bytes: 78 556)

    encryption - no errors
    Code (Text):
    [*] SELF built.
    [*] Data compressed.
    [*] Data encrypted.
    [*] audiof.self written.
    decryption - no errors
    Code (Text):
    [*] Loaded keysets.
    [*] Loaded loader curves.
    [*] Loaded vsh curves.
    [*] Using keyset [appldr 0x0004 03.42]
    [*] Header decrypted.
    [*] Data decrypted.
    [*] ELF written to audiof.elf.
    elf file size after encryption - 148 bytes (bytes: 148)

    tool only crash when i try get info

    you can compare files yourself, i upload both elf, before and after encryption
    Code (Text):
    http://www13.zippyshare.com/v/2867603/file.html
    regards
     
    Nighthawk and storm shadow like this.
  20. Rip Cord

    Administrator Staff Member Admin Developer

    here is the self made with makeself. It is about the right size, but I seriously doubt that it will work. This tool doesn't make selfs properly either. If you look at the self, it looks like part fself, part self.

    this is the command:
    makeself app 341 1.00.0 01000002 1010000001000003 0004 audiof.elf audiof_1.self

    also tried with a couple other tools including self_rebuilder, but it has the same problems as makeself.
     

    Attached Files:

    storm shadow likes this.
Top