PSGroove Payload Released That Decrypts Firmware Files by Graf_Chokolo

marra

Inactive User
Joined
May 2, 2005
Messages
4,623
Reaction score
182
Location
The rats nest of wires behind my TV
Good News taken from Here

PSGroove Payload Released That Decrypts Firmware Files by Graf_Chokolo

Posted By: bandit

Graf_Chokolo has released his version of the PSGroove payload that allows developers to finally see full details out of the PS3 system firmware complete with decrypted contents. -- This release is advance and for developers only, but hopefully it will give them a very useful tool to expand the PS3 Scene even more!

So guys, i promised to you that i will made my PSGroove payload public.
I just uploaded it to github. Let me first explain how it works. I do not have much free time, so please do not expect me to explain every detail to you :) The target group of this release are advanced programmers among you. The source code is not commented but it’s clean, well structured and self-explaining.

My payload has 2 stages. The 1st stage is actually a PSGroove payload. It initializes the gelic device and allocates memory needed for the 2nd stage. Just compile the 1st stage binary, convert it to C hex array and replace the PSGroove payload.

The 2nd stage does the real job, e.g. decrypts a CORE_OS_PACKAGE.pkg from a PUP file, runs some isolated SPU module or dumps FLASH. The 2nd stage binary is sent to PS3 over Ethernet with “sendfile” which i also provided. The 1st stage code receives this data and stores it in a memory region of size 64 kb. After the upload is complete, the 1st stage code jumps to the 2nd stage code and executes it. So, you have to program PSGroove only once and can just change the 2nd stage binary to execute different code.

In order to be able to run isolated SPUs, you first need to dump your FLASH memory.
Then extract these files from dump and after that you can use it e.g. to decrypt packages :) I described how to extract files from FLASH dump on my Hypervisor Reverse Engineering page.

To be able to decrypt packages from PUP file, first you need to extract a revoke list for packages from PUP file 3.41 e.g. (RL_FOR_PACKAGE.pkg). Just extract it, convert it to C hex array and paste it into rvk_pkg_341.c. You have to do it yourself because i don’t want any legal problems with SONY.

I didn’t use any GameOS functions in my code because my goal is to reverse Hypervisor and i wanted to learn how to do it without GameOS. I don’t plan to release any GameOS tools, so feel free to create new cool and helpful programs for GameOS using my code :)

I’m using ppu toolchain for Linux provided by IBM to compile the source code.

I will try to answer any of your questions here. But please do not ask me questions like how to install ppu compiler or something like that :) You will find everything on the Internet. I don’t have much time, so try to do as much as you can by yourself, you will benefit from it yourself :)

So, have fun guys :)

and the code is here
Code:
You don't have permission to view the code content. Log in or register now.


does this mean i should order a psgroove then if so can someone post me a link to be ready, cheers.
 
Last edited by a moderator:
Not much use to us mere mortals but hopefully the devs will come up with somthing good. :)
 
cheers mate i thought as much tbh but i thought i would post it incase we have any closet dev's around lol.

ps ill start boxing my links mate i didnt realise it was a prob i noticed one was coded the other day and didnt remeber doing it lol
 
Last edited:
cheers mate i thought as much tbh but i thought i would post it incase we have any closet dev's around lol.

ps ill start boxing my links mate i didnt realise it was a prob i noticed one was coded the other day and didnt remeber doing it lol

No worrys marra mickie d wants anything ps3 related coding so we don't get link backs. Sony are going after anyone they can so it just covers dw's ass.:)

Who knows maybe someone here can use the files and it's good info so thanks for posting it.
 
Back
Top