Help the PSP 3D community grow!
Vote for us below:
| | Homebrew/Hacking - Discuss the latest available homebrew applications and games. |
Welcome to PSP3D.com - Sony PlayStation Portable News, Homebrew, Hacks, Reviews, Videos, Mods, Forums!
You are currently viewing our website as a guest, which gives you limited access to reply and interact to discussions and other members. By joining our free community, you will be able to post topics in the forums, communicate privately with other members, vote in polls, and access many other special features.
Registration is fast, simple, and absolutely free so join our community today!
|
 | | 
06-30-2006, 09:33 AM
| | | | My research so far into the wonderful world of 2.71 homebrew possibilities! :D
Well I upgraded to 2.71 and was so pissed off when i herd bout 2.5/2.6 kernel access that Ive started looking into the build up of eboots from a hex point of view. I have noticed a couple of things that become apparent on a simple diffgram of any 2 sony encrypted eboots. Thers a pattern! Every now and again in the eboot ther will be an address that is always the same no matter what eboot you look at. Now i bet everyone is thinking oh so you could just put in ur own code around the common bits!?!?! Well I havent tried it yet because it wud take too long to do and I cant be bothered but its possible. However you can only get the pattern for as long as your eboot is. So if u have a backup of a game as an iso for instance and wish to patch it say onto the loco roco demo eboot you wud run out of pattern after 8mb of hex. And of course if thers a checksum at the end of the eboot this whole thing wont work becuase it will look for the right number of commonality bits in the eboot. At the moment I do know that a) Eboots can be edited without breaking them and b) theres a common pattern in all eboots!  This probably wont get anywhere at all but I will keep looking into it. My computer science degree comes in fairly handy for all this stuff  |
06-30-2006, 09:46 AM
| | Senior Member | | Join Date: Dec 2005
Posts: 113
Points: 0.11 Donate | | | Hi
Good work!
I hope this lead to Homebrew,...
cu M.S. |
06-30-2006, 12:12 PM
|  | Senior Member | | Join Date: Jan 2006
Posts: 213
Points: 1.24 Donate | | | well good luck then
__________________ Firmware 2.5=>2.6=>1.5!!!!!!!!!!!!!!!
---  |
06-30-2006, 12:25 PM
|  | Camouflage Condoms: They won't see you coming
My Mood:  | | Join Date: Nov 2005 Location: Surrey, UK Age: 22
Posts: 1,310
Points: 214.02 Donate | | | This won't lead to homebrew, sorry guys.
The EBOOT has common bits, most probably either because of the structure of the file itself, or if it is an update, the part of the code that does all the flashing etc.
With the structure, I'm talking about how the file is put together, and how it is loaded etc. A good way to demonstrate this, is renaming the 1.50 update file to a .RES file, and opening it in a program such as "Resource Hacker", which shows how alike the file structures are.
And with the code, it is most of the stuff EXCEPT the actual contents of the updated Flash0 sector. This can be code such as the GUI, debugging, the calling of various functions such as "sceLflashFatfmtStartFatfmt", which formats the flash, or even the code which copys the data itself.
Please also remember that ALL EBOOTS are edit-protected, due to various checksums, size and content checkers, and a whole array of other data protection.
Don't give up though, even though editing an EBOOT is likely never to change the path of PSP hacking, there is always the hope that unsigned code will some day be unleashed on 2.70+!
Of course, the easiest way to avoid this situation is NOT to upgrade past v2.60!
Last edited by pj1115 : 06-30-2006 at 12:46 PM.
|
06-30-2006, 12:35 PM
|  | Senior Member | | Join Date: Jun 2006 Location: C:\windows\fonts\gigabyte.tff
Posts: 612
Points: 0.86 Donate | | im on 1.5 id never upgrade. i have the perfect psp |
06-30-2006, 02:11 PM
| | | | PJ1115 is probably right but he could be equally wrong and these commonallity bits could be the way the eboot is encrypted. It does make sense as it would lead itself to a very sophisticated encryption algorithm. I looked at the addresses and offset and cant find a pattern there will be an algorithm to work out the next common bit value and offset but of course unless your sony... you dont know it! Im not sure who is right maybe we are both wrong. Im not sure. What I will do over the weekend is try to use the Kazuo eboot structure and transpose the loco roco demo over the top of it leaving in the common bits. If this works I reckon they common bits are the encryption key! Of course Im really clutching at straws here but lets see wot appens! I dont have much time for messing with psps at the mo due to work but I will try fit it in! |
06-30-2006, 02:14 PM
|  | Master-Bator | | Join Date: Jan 2006 Location: England Age: 18
Posts: 957
Points: 16.78 Donate | | | Doubt this would work because the hex editor wouldn't show the encryption key but good luck anyway. |
06-30-2006, 02:34 PM
|  | Designer
My Mood:  | | Join Date: Jan 2006 Location: Oslo, Norway Age: 17
Posts: 2,344
Points: 25.60 Donate | | | All work is good work!! keep it up, i support you no matter how small the chanses for finfing stuf is. everyone said homebrew on 2.01+ was impossible, and now we have kernel access. they said that a 2.00 downgrader would be impossible, look what we've got. they also said that 2.01+ downgrader was impossible, but now we might have it soon. so dont stop people int hinking and trying! |
06-30-2006, 02:35 PM
| | | | nope your right it doesnt show the encryption key at all. But if that is the encryption key who says i need to know it? I just leave it in the eboot. I was expecting it to change with say size of file based on a hash code algorithm. Think of it like those little child spy things where you get a piece of paper with a load of garbage writing on it. When you place the key (Another piece of paper with bits cut out of it) and place it over the garbage u can read the secret code. Well obviously I cant read off the encryption key using this as that would be an extra step but I can identify where these bits are held. This like I said before is pure speculation as it could just be the makeup of the file. Its unlikely tho! |
06-30-2006, 02:40 PM
| | | Master-Bator | | Join Date: Jan 2006 Location: England Age: 18
Posts: 957
Points: 16.78 Donate | | | I have compared eboots using hex editors before and they had similarities but if that simalaritie was the encyption key then I would have had to make my own toolchain that signs eboots when compiling the source code. | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | | Thread Tools | | | | Display Modes |  Linear Mode | 
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts
HTML code is Off
Points Per Thread View: 0.00 Points Per Thread: 1.00 Points Per Reply: 0.10 | | | | |
