[jasonmbrown]

If i were to go raiding through the eboot.pbp with multiple hex editors what would be a good place to start (ive read through yapspd, and was about halfway through understanding the headers in the files... stupid encryption...) Anyone getting anywhere with ar stuff? Also think there might be an exploit in the language.bin file that AR installer puts on the psp?

Edit: just looked at the language.bin.. Theres only 1 byte so nvm

 

[NoEffex]

If i were to go raiding through the eboot.pbp with multiple hex editors what would be a good place to start (ive read through yapspd, and was about halfway through understanding the headers in the files... stupid encryption...) Anyone getting anywhere with ar stuff? Also think there might be an exploit in the language.bin file that AR installer puts on the psp?

Edit: just looked at the language.bin.. Theres only 1 byte so nvm

First, you wouldn't be able to do anything on legit OFW psps.

Second you'd use Yoshihiro's tool to decrypt it (unpack-pbp EBOOT.PBP, rename DATA.PSP to EBOOT.BIN, then follow directions, and then viola).

 

[jasonmbrown]

k thanks, ive used the decryptor already but dont really know what to do with the files lol. Its a bit easier to look at in hex but other then that, il have to figure something out. Also WTF are the "Leaked" Umd tools any good for?

Edit: my bad i didnt decrypt them i just extracted them from the eboot...

Also Think i can use the decryptor In J-PSP? cause all ive got right now is a psp go and a copies of all the files that came with the 3 i had to return (so i could compare them in hex workshop... the files they came with were all exactly the same lol)

 

[pukkie]

Some cheats dont work like in gta liberty city stories.
Like inf healt , inf run and max cash and moonjumps dont work

 

[Hellcat]

k thanks, ive used the decryptor already but dont really know what to do with the files lol.

Well, if you don't know anything about MIPS assembler and the use of PRXTool and similar apps, there's not really much you can do....

Also WTF are the "Leaked" Umd tools any good for?

In this caes? They are of no use.

Also Think i can use the decryptor In J-PSP? cause all ive got right now is a psp go and a copies of all the files that came with the 3 i had to return (so i could compare them in hex workshop... the files they came with were all exactly the same lol)

No, you can't use the decryptor in JPSP as the decryption is done through the KIRK engine (a hardware thing in the PSP) that is not being emulated by JPSP.

 

[Sebiroth]

What can you do with ht tp://ww w.youtube.c om/watch?v=BXBZuewG_Vg this?

 

[pukkie]

What can you do with ht tp://ww w.youtube.c om/watch?v=BXBZuewG_Vg this?

What can it do?

 

[explosions]

What can you do with ht tp://ww w.youtube.c om/watch?v=BXBZuewG_Vg this?

I doubt that does anything useful.

 

[ctr3k]

no one any ware wants this for cheating -only for an exploit to load homebrew

 

[Deathrow]

My first slip up, sorry MFM, didn't mean too

---------- Post added at 04:17 AM ---------- Previous post was at 04:13 AM ----------

no one any ware wants this for cheating -only for an exploit to load homebrew

This is true. If HEN or homebrew was enabled on a 6.xx firmware, chances of a CFW are pretty damn slim. Im not really too sure to claim who can crack the IPL, but to me, chances are pretty damn slim and only a few can succeed.

 

[AnalogMan]

Datel says they've validated my key and that my inability to register is a problem on my end. Just great. Now to find someone to give my PSP ID and Key to that will send me the resulting DAT.

This is interesting... here's a reply I got from tech support:

The PlayStation Action Replay license key will be "married" to the PSP, User Name & Password it is activated on. This means that once the Action Repaly key is validated and istalled on a PSP, it is only functional on that PSP console. If the memory stick is inserted into another PSP it will not be fully functional and be in placed into 'demo' mode.

So, if you decide to try activating the PSP Action Replay, please be sure that the Action Replay is installed and activated on your PSP using your user name & password.

I've asked them if by Username and Password they mean the PSN account on the PSP. I'll post their reply here when they answer.

 

[Dragoneon]

Hey analogeman after you register teh ar
upload the files
and maby we can finaly get the ar hack to work

 

[AnalogMan]

I plan on PMing them to RichDevX, the one who posted the code for a generator. While the keys it generates may not be on Datel's servers, if he can find how it mixes with your PSP ID he could make fake DAT files that the eboot finds authentic.

 

[explosions]

I could make a multi-use license.dat file for anyone running NoEffex's altered version, if only I had a valid key.

 

[AnalogMan]

I would but I primarily want this for my Go which can't run the altered version.

 

[vista200]

Hey guys!

Just tried some hexediting in the PBP... I set the adress of the DATA.PSAR in the PARAM.SFO just behind the end of "Jim, their shields are still up!" (0x02B5AA of the PBP) and it still booted fine. So, even a "cutdown" version of the PRX boots just fine. There might be a jump into the "real" code in the few bytes before "Jim".

Also, I googled just out of curiousity which encryption is used for updates. I found PRXDecrypter, which doesn't decrypt the DATA.PSP. This might be due to the missing decryption key in PRXDecrypter. This is what it says:

DATA.PSP -> insize 1401KB, encrypted (~PSP), known tag 0x0B000000, modname (updater), outsize 1401KB, contains embedded modules, done.

What about this key: 0x53 0x54 0x41 0x52 0x54 0x52 0x45 0x4B? (It says "STARTREK" in plain text) Who knows...

Also, a very strange "feature": The info screen freezes on all of my three PSPs. Every version was installed from a different PC, all PSPs have different firmwares (OFW/CFW), all EBOOTs have same size and checksum, so they are interchangeable between the PSPs. Updates are not interchangeable from classic PSPs to Go and vice versa.

On firmware 6.20 you can quit AR via Home, on 5.00 M33-4 (DDcv8) it doesn't work. Nothing that really matters...

That's it...

Good luck while cracking the PSP's encryption and Datel's signature server (First thing is more important )

 

[explosions]

Hey guys!

Just tried some hexediting in the PBP... I set the adress of the DATA.PSAR in the PARAM.SFO just behind the end of "Jim, their shields are still up!" (0x02B5AA of the PBP) and it still booted fine. So, even a "cutdown" version of the PRX boots just fine. There might be a jump into the "real" code in the few bytes before "Jim".

I doubt the PSP pays much attention to that address; it probably loads directly from the known starting point of the DATA.PSP. (Otherwise, I don't think KIRK would decrypt it.)

Also, I googled just out of curiousity which encryption is used for updates. I found PRXDecrypter, which doesn't decrypt the DATA.PSP. This might be due to the missing decryption key in PRXDecrypter. This is what it says:

Yoshihiro's tool will decrypt the DATA.PSP if you rename it to EBOOT.BIN

Also, a very strange "feature": The info screen freezes on all of my three PSPs. Every version was installed from a different PC, all PSPs have different firmwares (OFW/CFW), all EBOOTs have same size and checksum, so they are interchangeable between the PSPs. Updates are not interchangeable from classic PSPs to Go and vice versa.

There's a different version of AR for the Go!, but it decrypts to the same ELF.

 

[vista200]

There's a different version of AR for the Go!, but it decrypts to the same ELF.

The version for the Go has a different size than the one for the Classics... So how can there be the same output on two different inputs? I know, it's possible, but there must be two keys or some dummy files (AR "Home" menu etc). Actually, this isn't a dummy

Anyway... Checking with Yoshihiro's tool! Thanks for the tip

 

[Kazaharu]

no one any ware wants this for cheating -only for an exploit to load homebrew

Actually, there are those of us out there that are more interested in the game hacking aspect of all of this. I being among them, still for the most part you are probably right.

That said, and I'm sorry if this has been covered already, but I was wondering what roby65 used to read/edit the codelist.bin, I've been at reading it since I got the bloody thing and can't, I can get the game and code titles but everything thing else shows as gibberish.

Let myself get too used to the ARs that gave me a built in editor I suppose...shameful that...ah well. Any help would be much appreciated, sorry if this is out of line or place for me to ask and thank you in advance for any help.

~Kaza​

 

[explosions]

The version for the Go has a different size than the one for the Classics... So how can there be the same output on two different inputs? I know, it's possible, but there must be two keys or some dummy files (AR "Home" menu etc). Actually, this isn't a dummy

Anyway... Checking with Yoshihiro's tool! Thanks for the tip

They're both signed with Sony's updater key. I still don't fully understand the different outputs with the same input. But I think it's the way the PRXs in the EBOOT are signed.