"Here is a little, noob-unfriendly howto about recreating ps3 apps after you have decrypted it
as example, I will talk about vsh.self, which everyone on jb ps3 can find in /dev_flash/
1) decrypt it with graf_chokolo’s payload, you will get two files after all, lets call them vsh.0 and vsh.1
2) compress these files with zlib, I use zpipe for it
cat vsh.0 | ./zpipe > vsh.0z
cat vsh.1 | ./zpipe > vsh.1z
size of files:
6951464 2010-12-05 02:06 vsh.0
2930941 2010-12-05 04:04 vsh.0z
338832 2010-12-05 02:06 vsh.1
133356 2010-12-05 04:04 vsh.1z
3) going into vsh.self
look at 64-bit big endian value at 0×290 – 0×0000000000000900 (2304 decimal), its start of first segment (vsh0) in vsh.self, next 64bit BE value at 0×298 is size of this section – 0×00000000002cb8fd (2930941 decimal) , perfectly matched to size of out vsh.0z ;)
same for vsh1, start at 0×2b0 – 0×00000000002dafe0 (2994144 decimal), size at 0×2b8 – 0×00000000000208ec == 133356 (size of vsh.1z)
4) now we need to copy decrypted and inflated sections to the vsh.self
dd if=./vsh.0z of=./vsh.self bs=1 seek=2304 conv=notrunc
dd if=./vsh.1z of=./vsh.self bs=1 seek=2994144 conv=notrunc
5) need to edit some headers -
0×08 big endian 0004 to 8000
0×2af, 0×2cf, 0×2ef, 0×30f, 0×32f – change 0×01 to 0×02.
6) now u have this pseudo-debug self, and can use usual three steps to make it run on jb ps3, where EBOOT.BIN is our final self after 5th step
Selftool.exe -o EBOOT2.BIN -c0 EBOOT.BIN
unfself.exe EBOOT2.BIN EBOOT3.BIN
make_fself.exe EBOOT3.BIN EBOOT4.BIN
EBOOT3.BIN is a nice to analyze elf, EBOOT4.BIN is a ready to run SELF."
source
No comments:
Post a Comment