Self dissector

Rip Cord

Administrator
Staff member
Developer
some command line tools for taking apart disc game eboots.
decrypt self one step at a time. can stop at any step, examine or edit self, and re-encrypt.
choose which parts to decrypt
saves entire decrypted self file instead of extracted elf
all the original self information remains in the file, enabling the use of the same metadata and other self information when re-encrypting.

this is a beta version. tested 2 games backed up from disc to internal hdd and resigned.
based on failoverflow tools
place your key files in a subfolder named "ps3keys"
file name format for keys: app type - key type - key revision; app-key-0004, app-iv-0004,...

decrypt_tools.zip:
decrypt_meta_info_keys.exe
decrypt_meta_data.exe
decrypt_section.exe

edit the decrypted self with the utilities below or in a hex editor then re-encrypt in the listed order.

enrypt_tools.zip:
encrypt_section.exe
encrypt_meta_data.exe
encrypt_meta_info_keys.exe

utilities.zip:
edit_app_info.exe, edits app version, authentication_id, and vendor_id
edit_app_version.exe
edit_authentication_id.exe
edit_vendor_id.exe
edit_firmware_version.exe, edits firmware version and key revision
insert_section.exe
section_decompress.exe
section_compression.exe, level 6 seems to give closest value to original size, editing the section will likely change the compressed size so the section size in the self must be edited

EDIT: updated, fixed decrypt_meta_info_keys.exe crashed when passed wrong version key files
EDIT: updated again, now looks for "curves" file in same ps3keys folder as key files
 

Attachments

  • utilities.zip
    157.5 KB · Views: 9
  • decrypt_tools.zip
    51.2 KB · Views: 3
  • encrypt_tools.zip
    72.5 KB · Views: 3
Last edited:

Rip Cord

Administrator
Staff member
Developer
thanks, just split up the steps and added a little bit.

it's definitely a beta though. only rudimentary error handling. still needs some clean up.
compiled with mingw, except the compress and decompress compiled with visual c++

Usage:

decrypt_meta_info_keys <input.self> <output.self> <key_file> <iv_file>

output.self will have meta info keys decrypted.
key files should be placed in subdirectory "ps3keys"
key file to use, ex: app-key-425...
iv file to use, ex: app-iv-425...


decrypt_meta_data <input.self> <output.self>
input self with decrypted meta info keys.
output self will have decrypted meta data.


decrypt_section <input.self> <output.self> <index>

input self with decrypted meta data.
output self will have section number <index> decrypted.
index is the index number of the data section to decrypt.
possible values 0,1,...index of last section


encrypt_section <input.self> <output.self> <index>

input self with a decrypted section.
output self will have re-encrypted section.
index is the index number of the data section to encrypt

possible values 0,1,...index of last section


encrypt_meta_data <input.self> <output.self> <public> <private> <curve type>
input self with decrypted meta data
file names for key files, app-pub-341, app-priv-341, app-ctype-341
place key files in subdirectory "ps3keys"


encrypt_meta_info_keys <input.self> <output.self> <key_file> <iv_file>
key_file ex: app-key-425...
iv_file ex: app-iv-425...
keys folder should be in current directory and named "ps3keys"
 
Last edited:

Rip Cord

Administrator
Staff member
Developer
decrypts one section at a time, so can be used to decrypt just one section for editing.
decrypt meta info keys, decrypt meta data, then pick a section to decrypt, sys_proc_param is in section 0 in the eboots I have. decrypt section 0, edit section 0, encrypt section 0, edit any self info in the header like firmware version and key revision, encrypt meta data, then encrypt meta_info keys.
 
Last edited:

Rip Cord

Administrator
Staff member
Developer
updated first post
added error handling to decrypt_meta_info_keys
in the unlikely event that someone else besides me enters the wrong key files, it won't crash. :D
 

Rip Cord

Administrator
Staff member
Developer
updated first post
now looks for "curves" file in same ps3keys folder as key files
(previously looked in keys folder specified in environment variable)
 

Rip Cord

Administrator
Staff member
Developer
for meta info keys in npdrm eboots

decrypt_np_free.exe
encrypt_np_free.exe
decrypt_np_rap.exe

compiled with visual c

place ps3 keys in subfolder ps3keys
note: these tools use key files in the format app type-key type-key revision, ex. drm-key-000A

Usage: decrypt_np_free <input.bin> <output.bin> <klicensee_key>
Usage: encrypt_np_free <input.self> <output.bin> <klicensee_key>
Usage: decrypt_np_rap <input.self> <output.bin> <rap_key>

klicensee_key and rap_key are the names of the key files
edit: updated

edit: credit goes to Flatz for inventing and releasing the code to convert rap to a key for decrypting the meta info keys. of course, everything else is from work of fail0verflow.
 

Attachments

  • edit_np.zip
    212.2 KB · Views: 4
Last edited:

Rip Cord

Administrator
Staff member
Developer
haha, in that case I'll lie and say I'm doing something absolutely brilliant that's never been done before. :p

nah, I was just breaking down ps3tools into separate steps because of questions like that member who had problems resigning a few spu selfs and also there were some eboots that were corrupted by self rebuilder and other available tools. Anyway, it seems to help with the few self I have been able to test.
 

Rip Cord

Administrator
Staff member
Developer
updated post #7
tweaked console output
added 2 apps: edit_license_type and hash_np_control_info

Usage: edit_license_type <input.bin> <output.bin>
edits license type from local to free
Usage: hash_np_control_info <input.bin> <real file name> <klicensee_key> <output.bin>
recalculates the hashes for the np portion of the self header

zip also includes sample batch file for converting np eboot with rap to free, only need to edit the name of the rap file in dissect_EBOOT_355.bat, double click on resign_EBOOT_355.bat, it calls the other bat and saves a log of console output.
 

Rip Cord

Administrator
Staff member
Developer
forgot to included an app to edit sdk version. Though it's just as easy to use a hex editor, edit_elf_param edits the sdk version in the decrypted file.
Usage: edit_elf_param <input file> <output file> <SDK Version>
SDK Version is 2 digits, ex. 34 or 35
 

Attachments

  • edit_elf_param.zip
    34 KB · Views: 3
Top