Want to Join Us ?

you'll be able to discuss, share and send private messages.

Self dissector

Discussion in 'General Discussion' started by Rip Cord, Jul 25, 2014.

Share This Page

  1. Rip Cord

    Administrator Staff Member Admin Developer

    some command line tools for taking apart disc game eboots.
    decrypt self one step at a time. can stop at any step, examine or edit self, and re-encrypt.
    choose which parts to decrypt
    saves entire decrypted self file instead of extracted elf
    all the original self information remains in the file, enabling the use of the same metadata and other self information when re-encrypting.

    this is a beta version. tested 2 games backed up from disc to internal hdd and resigned.
    based on failoverflow tools
    place your key files in a subfolder named "ps3keys"
    file name format for keys: app type - key type - key revision; app-key-0004, app-iv-0004,...

    decrypt_tools.zip:
    decrypt_meta_info_keys.exe
    decrypt_meta_data.exe
    decrypt_section.exe

    edit the decrypted self with the utilities below or in a hex editor then re-encrypt in the listed order.

    enrypt_tools.zip:
    encrypt_section.exe
    encrypt_meta_data.exe
    encrypt_meta_info_keys.exe

    utilities.zip:
    edit_app_info.exe, edits app version, authentication_id, and vendor_id
    edit_app_version.exe
    edit_authentication_id.exe
    edit_vendor_id.exe
    edit_firmware_version.exe, edits firmware version and key revision
    insert_section.exe
    section_decompress.exe
    section_compression.exe, level 6 seems to give closest value to original size, editing the section will likely change the compressed size so the section size in the self must be edited

    EDIT: updated, fixed decrypt_meta_info_keys.exe crashed when passed wrong version key files
    EDIT: updated again, now looks for "curves" file in same ps3keys folder as key files
     

    Attached Files:

    Last edited: Jul 29, 2014
    storm shadow likes this.
  2. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    This is awsome very nice work Rip :angelic.png:
     
  3. Rip Cord

    Administrator Staff Member Admin Developer

    thanks, just split up the steps and added a little bit.

    it's definitely a beta though. only rudimentary error handling. still needs some clean up.
    compiled with mingw, except the compress and decompress compiled with visual c++

    Usage:

    decrypt_meta_info_keys <input.self> <output.self> <key_file> <iv_file>

    output.self will have meta info keys decrypted.
    key files should be placed in subdirectory "ps3keys"
    key file to use, ex: app-key-425...
    iv file to use, ex: app-iv-425...


    decrypt_meta_data <input.self> <output.self>
    input self with decrypted meta info keys.
    output self will have decrypted meta data.


    decrypt_section <input.self> <output.self> <index>

    input self with decrypted meta data.
    output self will have section number <index> decrypted.
    index is the index number of the data section to decrypt.
    possible values 0,1,...index of last section


    encrypt_section <input.self> <output.self> <index>

    input self with a decrypted section.
    output self will have re-encrypted section.
    index is the index number of the data section to encrypt

    possible values 0,1,...index of last section


    encrypt_meta_data <input.self> <output.self> <public> <private> <curve type>
    input self with decrypted meta data
    file names for key files, app-pub-341, app-priv-341, app-ctype-341
    place key files in subdirectory "ps3keys"


    encrypt_meta_info_keys <input.self> <output.self> <key_file> <iv_file>
    key_file ex: app-key-425...
    iv_file ex: app-iv-425...
    keys folder should be in current directory and named "ps3keys"
     
    Last edited: Jul 28, 2014
  4. Rip Cord

    Administrator Staff Member Admin Developer

    decrypts one section at a time, so can be used to decrypt just one section for editing.
    decrypt meta info keys, decrypt meta data, then pick a section to decrypt, sys_proc_param is in section 0 in the eboots I have. decrypt section 0, edit section 0, encrypt section 0, edit any self info in the header like firmware version and key revision, encrypt meta data, then encrypt meta_info keys.
     
    Last edited: Jul 26, 2014
    storm shadow likes this.
  5. Rip Cord

    Administrator Staff Member Admin Developer

    updated first post
    added error handling to decrypt_meta_info_keys
    in the unlikely event that someone else besides me enters the wrong key files, it won't crash. :D
     
    storm shadow likes this.
  6. Rip Cord

    Administrator Staff Member Admin Developer

    updated first post
    now looks for "curves" file in same ps3keys folder as key files
    (previously looked in keys folder specified in environment variable)
     
    storm shadow likes this.
  7. Rip Cord

    Administrator Staff Member Admin Developer

    for meta info keys in npdrm eboots

    decrypt_np_free.exe
    encrypt_np_free.exe
    decrypt_np_rap.exe

    compiled with visual c

    place ps3 keys in subfolder ps3keys
    note: these tools use key files in the format app type-key type-key revision, ex. drm-key-000A

    Usage: decrypt_np_free <input.bin> <output.bin> <klicensee_key>
    Usage: encrypt_np_free <input.self> <output.bin> <klicensee_key>
    Usage: decrypt_np_rap <input.self> <output.bin> <rap_key>

    klicensee_key and rap_key are the names of the key files
    edit: updated

    edit: credit goes to Flatz for inventing and releasing the code to convert rap to a key for decrypting the meta info keys. of course, everything else is from work of fail0verflow.
     

    Attached Files:

    Last edited: Nov 24, 2014
    storm shadow likes this.
  8. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    i might get a ps3 again to test all the coll stuff your making.
     
    Rip Cord likes this.
  9. Rip Cord

    Administrator Staff Member Admin Developer

    haha, in that case I'll lie and say I'm doing something absolutely brilliant that's never been done before. :p

    nah, I was just breaking down ps3tools into separate steps because of questions like that member who had problems resigning a few spu selfs and also there were some eboots that were corrupted by self rebuilder and other available tools. Anyway, it seems to help with the few self I have been able to test.
     
    storm shadow likes this.
  10. Rip Cord

    Administrator Staff Member Admin Developer

    updated post #7
    tweaked console output
    added 2 apps: edit_license_type and hash_np_control_info

    Usage: edit_license_type <input.bin> <output.bin>
    edits license type from local to free
    Usage: hash_np_control_info <input.bin> <real file name> <klicensee_key> <output.bin>
    recalculates the hashes for the np portion of the self header

    zip also includes sample batch file for converting np eboot with rap to free, only need to edit the name of the rap file in dissect_EBOOT_355.bat, double click on resign_EBOOT_355.bat, it calls the other bat and saves a log of console output.
     
    storm shadow likes this.
  11. Rip Cord

    Administrator Staff Member Admin Developer

    forgot to included an app to edit sdk version. Though it's just as easy to use a hex editor, edit_elf_param edits the sdk version in the decrypted file.
    Usage: edit_elf_param <input file> <output file> <SDK Version>
    SDK Version is 2 digits, ex. 34 or 35
     

    Attached Files:

    storm shadow likes this.
Top