PS3 Apollo save tool (development thread)

[sandungas]

thanks for the info @sandungas !

in this TLOU case there's a dedicated encryption layer that is handled by this tlou_decrypter ... I was playing a bit with Ghidra, reversing the tool, and the encryption looks very much like the crypt_64bit...() function from >> https://github.com/RocketRobz/NTR_L...r/twlnand-side/BootLoader/source/encryption.c

again, a proper implementation would require a lot of work & patience, so for the moment cheats for these games will have to be removed.

There is some way to identify that problematic savegames automatically just by scanning the savegame, or is going to be needed to create some kind of blacklist with his TITLE_ID's ?

 

[bucanero]

There is some way to identify that problematic savegames automatically just by scanning the savegame, or is going to be needed to create some kind of blacklist with his TITLE_ID's ?

I think we'll need to do a black list by title_id, as there's no information in the .ps3patch file about this additional layer. I assume that in aldo's BSD there's some kind of "table" that keeps track of which games need to use those decrypt tools. E.g:
TLOU -> tlou_save_decrypter.exe
Some other game -> some_other_decrypter.exe
etc

Let's see if @aldostools can share some information about it

 

[aldostools]

Let's see if @aldostools can share some information about it

Yes, there is an internal table that I think I already shared to you.

The following Title_ID's use the tlou_save_data_decrypter.exe to decrypt/encrypt the security layer.

Spoiler

// TLOU
BCUS98174 BCES01584 BCES01585 BCJS37010 NPUA80960 BCAS20270 BCAS25015
NPEA00435 NPJA00096 NPEA90122 NPUA70257
// Uncharted 3
BCES01692 NPUA70180 BCES01175 BCUS98244 BCUS99086 BCES01176 NPEK00227
BCUS98233 BCUS90675 BCAS25009 BCET70034 BCUS98366 BCES01670 BCAS25014
NPEA00422 BCET70043 NPUA80858 NPEA00330 BCJS75003
// Uncharted 2
BCUS98123 BCES00509 BCES00727 BCES00757 NPEA00365 NPEK00166 BCJS37004 BCKS10086 BCAS20097 NPEA00329 BCAS20142 BCUS98257 BCUS90641 NPUA80698 BCKS10084 BCJS70021 NPUA70049 NPUA70051 BCET70015 NPEA90055 NPUA70092

IIRC Uncharted: Drake's Fortune doesn't have that security layer like TLOU, Uncharted 2 and Uncharted 3.

Other games that implement a security layer are:
Diablo 3 uses diablo_3_save_decrypter.exe or d3savedecrypt.exe

Spoiler

BLUS31188 BLUS31221 NPUB31299 NPUB31300 NPUB90974 BLES01921 BLES01922
NPEB01803 NPEB01804 NPEB90508 NPEJ00206 BLJM61136 NPJB00541 BCAS20295
BLUS31437 BLUS31438 BLES02035 BLES02036 NPUB31502 NPUB31503 NPEB02026
NPEB02027 BLJM61197 NPJB00632

DmC5 uses dmc5.exe

Spoiler

BLES01698 BLUS30723 NPEJ00085 BLJM60502
NPEB01020 NPUB30830 NPUB90929 NPEB90473

GTAV uses GTA_V_plugin.exe

Spoiler

BLUS31156 NPUB31154 NPUB50233 BLES01807 NPEB01283 BLJM61019 NPJB00516
BLAS50639 BLKS20442 NPEP00231 BLJM61182 BLUS41019

NFS Rivals uses nfs_rivals_save_decrypter.exe

Spoiler

BLUS31201 NPUB31252 NPUB50201 NPEB01412 BLES01894
NPJB00433 BLJM61070 NPHB00557 BLAS50602

Black Ops saga uses black_ops_save_decrypter.exe

Spoiler

// Black Ops
BLUS30638 BLUS30625 BLUS30591 NPUB30584 BLES01013 BLES01031 BLES01032
BLES01033 BLES01034 BLES01035 BLES01105 NPEB00756 BLJM60286 BLJM60536
BLJM60537 BLJM61004 BLJM61005 BLKS20228 BLJM60287 BLES00356
// Black Ops II
NPUB31054 BLUS31140 BLUS31141 BLJM60549 NPEB01205 NPEB01206 NPEB01204
BLJM60548 BLUS31011 BLES01719 BLES01717 BLES01718 BLES01720 BLJM61109
BLJM61110 BLUS31080 BLJM61230 NPEP00183
// Black Ops III
BLUS31527 NPUB31665 BLES02166 BLES02168 NPEB02266 NPEB02268
BCJS35003 NPJA00135

Some title ids could be missing due the database of game ids that I used is from 2016

 

[Berion]

There is some way to identify that problematic savegames automatically just by scanning the savegame, or is going to be needed to create some kind of blacklist with his TITLE_ID's ?

Encrypted data have no zeroes, while decrypted... can have many. But if it is compressed, we back to square one as those are also don't have much zeroes (so the only very slow and faulty method is counting 00x0 and based on percentage (x>5%?) judge if save is encrypted or not ;p). There is no standard as I remember in save structure (only in meta data) to guess by i.e header.

 

[sandungas]

Encrypted data have no zeroes, while decrypted... can have many. But if it is compressed, we back to square one as those are also don't have much zeroes (so the only very slow and faulty method is counting 00x0 and based on percentage (x>5%?) judge if save is encrypted or not ;p). There is no standard as I remember in save structure (only in meta data) to guess by i.e header.

Is not a bad idea, but im thinking it would only work if the whole "data chunk" we are scanning is encrypted from start to end

 

[bucanero]

Yes, there is an internal table that I think I already shared to you.

The following Title_ID's use the tlou_save_data_decrypter.exe to decrypt/encrypt the security layer.
Some title ids could be missing due the database of game ids that I used is from 2016

thanks a lot @aldostools !! I think that at some point I asked about the TLOU hmac key, but I totally missed this encryption thing.

Anyways, I'll go with the blacklist approach (even if trying some heuristics seems tempting ) , as it's the most safe way to be sure that unsupported cheats are not used with Apollo.

Also, if in the future someone provides the source (or reverse) some of those decrypters, I'll just take the game out of the black-list and re-add the .ps3patch file.

I know that games such as Uncharted/TLOU/CoD/GTA are quite popular so it would be nice to have cheats for them, but for the moment it's better not to destroy valid save-games.

 

[bucanero]

Some good news at least for TLOU and Uncharted 2 /3, I reversed the decrypting tool so I'll be able to support those cheats in Apollo. (when I adjust all the code to big-endian)

It was a nice challenge, as I wasn't using Ghidra and OllyDbg in a LONG time...
as I suspected from my first Ghidra look, the encryption algorithm is basically the same from: https://github.com/RocketRobz/NTR_L...r/twlnand-side/BootLoader/source/encryption.c (used on the Nintendo DS)

of course, with a different key_table[] and a secret_key = "(SH[@2>r62%5+QKpy|g6"

A detailed explanation of this symmetric encryption can be found here:
http://www.ssugames.org/pluginfile....0/gbatek.htm#dsencryptionbygamecodeidcodekey1

Anyways, later I'll create a quick repo on GitHub and upload the sources, along with the dumped key_table just for reference. This command-line tool should be also useful for non-windows users.

credits: Red-EyeX32 / aerosoul94 / Ghidra / OllyDbg

 

[bucanero]

Here's the source for my version of the tlou_save_data_decrypter:
https://github.com/bucanero/naughtydog-ps3save-decrypter

I named it "naughty dog decrypter" because from aldo's feedback, this tool is actually used in other NaughtyDog games such as Uncharted 2 & 3.

Notes: for simplicity, my tool doesn't include the SHA1 HMAC hash-calc so if you modify the unencrypted data, you'll have to adjust the hash manually.

In any case, the main reason for this code is to include it on Apollo, so once it's ready everything will be automated. (decryption, cheat, rehash, etc.)

 

[aldostools]

Here's the source for my version of the tlou_save_data_decrypter:
https://github.com/bucanero/naughtydog-ps3save-decrypter

I named it "naughty dog decrypter" because from aldo's feedback, this tool is actually used in other NaughtyDog games such as Uncharted 2 & 3.

Notes: for simplicity, my tool doesn't include the SHA1 HMAC hash-calc so if you modify the unencrypted data, you'll have to adjust the hash manually.

In any case, the main reason for this code is to include it on Apollo, so once it's ready everything will be automated. (decryption, cheat, rehash, etc.)

I wanted to mention that your code is very elegant

 

[bucanero]

I wanted to mention that your code is very elegant

thanks @aldostools ! good to know that the code looks nice and I hope it also helps anyone who wants to understand more about this encryption algorithm

one related question to the black-list / white-list of Title_IDs , could you tell me how Bruteforce Data handles the unencrypted savegames like Uncharted 1?

I mean, is BSD using a list or something? In Apollo I'm doing a "risky bet", if the game is not in the games.conf file list, then I assume it's an unencrypted game, but I know it's not always right.

Thanks for your feedback!

 

[aldostools]

thanks @aldostools ! good to know that the code looks nice and I hope it also helps anyone who wants to understand more about this encryption algorithm

one related question to the black-list / white-list of Title_IDs , could you tell me how Bruteforce Data handles the unencrypted savegames like Uncharted 1?

I mean, is BSD using a list or something? In Apollo I'm doing a "risky bet", if the game is not in the games.conf file list, then I assume it's an unencrypted game, but I know it's not always right.

Thanks for your feedback!

BSD first checks if the game has a SecureID. If the game doesn't have one, it checks if the title in the list of UNPROTECTED games.

The following are a list of unprotected games that I found by trial-and-error. They are listed as comments in games.conf of BSD.

Spoiler

; -- UNPROTECTED GAMES --
; [PROTOTYPE]
; Assassin's Creed
; Assassin's Creed II
; BATTLEFIELD 1943
; BATTLEFIELD: Bad Company
; BATTLEFIELD: Bad Company 2
; Bioshock
; Bioshock 2
; Blazing Angels: Squadrons of WWII
; Blazing Angels 2: Secret Missions of WWII
; Bomberman Ultra
; Call of Duty 4: Modern Warfare
; Call of Duty: Modern Warfare 2
; Condemned 2: Bloodshot
; Dante's Inferno
; Dark Sector
; Dead Space
; Dead to Rights: Retribution
; Def Jam: Icon
; Disney Bolt
; Droplitz
; echochrome
; echochrome 2
; End of Eternity Playable t.A.B.
; Everyday Shooter
; F.E.A.R.
; F.E.A.R. 2 Project Origin
; Ferrari Challenge: Trofeo Pirelli
; FIFA 08
; FIFA Street 3
; FIGHT NIGHT ROUND 3
; FolksSoul: Ushinawareta Denshou (Folklore)
; Frogger Returns
; FUEL
; Fuel Overdose
; Go! Puzzle
; Harry Potter and the Order of the Phoenix
; HAZE
; Heroes Over Europe
; Imabi Kisou
; Infamous
; Karaoke Revolution
; Karaoke Revolution Presents: American Idol Encore
; Karaoke Revolution Presents: American Idol Encore 2
; Kung Fu Panda
; LEGO Rock Band
; LittleBigPlanet
; LittleBigPlanet 2
; LittleBigPlanet 3
; Madden NFL 07
; Madden NFL 08
; Mahjong Tales: Ancient Wisdom
; Major League Baseball 2K8
; Minecraft: Story Mode
; MLB 09 The Show
; Mobile Gundam: Crossfire
; Mobile Gundam: Target in Sight
; Monopoly
; MotorStorm
; NBA Street: Homecourt
; NCAA Football 08
; NCAA Basketball 09
; Need for Speed: ProStreet
; NHL 08
; NHL 09
; NBA Live 09
; Operation Flashpoint Dragon Rising
; Prince of Persia 2008
; Prince of Persia Forgotten Sands
; Punisher No Mercy
; Red Faction: Guerrilla
; Resonance of Fate
; SEGA Rally / SEGA Rally Revo
; Shaun White Snowboarding
; Shiki-Tei
; Shrek Forever After
; Skate
; Skate 3
; Supercar Challenge
; Terminator: Salvation
; The Price is Right
; The Simpsons Game
; Tiger Woods PGA TOUR 07
; Tiger Woods PGA TOUR 08
; Tiger Woods PGA TOUR 11
; Tom Clancy's Ghost Recon: Advanced Warfighter 2
; Tom Clancy's H.A.W.X
; TRANSFORMERS: Revenge of the Fallen
; UNCHARTED: Drake's Fortune®
; Vandal Hearts: Flames of Judgement
; WET
; Zen Pinball

 

[bucanero]

BSD first checks if the game has a SecureID. If the game doesn't have one, it checks if the title in the list of UNPROTECTED games.

The following are a list of unprotected games that I found by trial-and-error. They are listed as comments in games.conf of BSD.

Spoiler

; -- UNPROTECTED GAMES --

thanks a lot for the info!! I think I'll have to add a similar list to Apollo if I want to handle the unencrypted savegames properly. I didn't like too much my "risky" solution and I really want to improve it.
I think it's a good time to do it, since I'm adding a bunch of features and improvements to the next version.

cheers!

 

[bucanero]

I've scripted a quick list of the unprotected games and their title IDs. I added it to the games.conf file, so I can easily check for the TITLE_ID and the "UNPROTECTED" file... if I get a hit from the db, then the game is not protected and I don't need to decrypt it.

If the title_id doesn't exist on the database, then I can assume that it's encrypted (but missing) and halt the process before doing any changes to the savegame.

Spoiler

; -- UNPROTECTED GAMES --
; "[PROTOTYPE]ª"
[NPEB00436/NPUB30389/BLKS20132/BLES00269/BLUS30145]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Assassin's Creed ª"
[BLES00288/BLJM60050/BLES00158/BLUS30089/NPUB30451/NPEB00393/BLKS20049/BLAS50038/BLES00199/BLUS30096/BLKS20104/BLAS50075/BLJM60110]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Assassin's Creed II ª"
[BLKS20167/BLAS50359/BLES00670/NPEB00462/BLAS50159/BLJM60185/NPUB90267/BLES00751/BLUS30364/BLES00897/BLES00898/BLES00669/BLUS30446/NPEJ00046/NPUB30423/BLES00899/BLJM60233]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "BATTLEFIELD 1943ª"
[NPUB30077/NPUB90256/NPEB00092/NPEL00127/NPJB00027/NPHB00098]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "BATTLEFIELD: Bad Company 2ª"
[BLUS30458/BLUS30517/BLES00773/BLES00779/NPEB00724/BLJM60197/BLAS50186/BLKS20192/NPUB30583/NPUB90316/BLJM60295/BLJM60507/NPHB00186/NPUB90347/NPEB90212]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "BATTLEFIELD: Bad Companyª"
[BLKS20054/BLJM60071/BLES00259/BLAS50046/BLUS30118/NPUB90070/NPEB90073/NPJB90112/BLJM60158/BLES00261/BLUS30121/BLKS20072/BLAS50056/BLAS50338/BLAS50125]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "BioShock¨"
[NPJB00431/BLJS10189/BLUS31149/BLJS10041/NPUB30393/NPEB00772/BLUS30166/BLES00316/BLES00317/NPJB90159/NPUB90156/NPEB90102/BLJS10058]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "BioShock¨ 2"
[BLJS10078/BCJS10078/NPEB00771/BLUS30420/BLUS30486/BLES00728/NPUB30392/BLAS50179/BLKS20146]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Blazing Angels 2: Secret Missions of WWII"
[NPUB90063/NPEB90043/BLKS20035/BLES00103/BLAS50023/BLUS30052/NPJB00475/BLJM60072/NPEB01291]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Blazing Angels: Squadrons of WWII"
[BLJS10007/NPUB31143/BLES00023/BLKS20012/BLUS30006]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Bomberman Ultra"
[NPEB00076/NPJB00018/NPUB30051]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Call of Duty¨ 4: Modern Warfare"
[BLES00155/BLES00115/BLKS20048/BLJS10013/BLES00149/NPEB00740/BLES00156/BLES00154/BLES00148/NPUB30588/BLUS30072/BLJM60173/BLJS10031]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Call of Duty¨ Modern Warfare 2"
[NPEB90263/BLES00691/BLES00690/BLES00687/BLES00686/BLKS20159/BLES00684/BLES00683/BLUS30337/BLUS30377/NPEB00731/BLUS30429/BLJM60269/BLJM61006/BLES00685/BLJM60191/BLUS30450]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Condemned 2"
[BCKS10047/BLES00219/BLAS50049/BLUS30115/NPEB90067/NPUB90084]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Dante's Infernoª"
[NPEB00549/BLES00714/BLAS50175/BLES00713/BLJM60202/BLKS20184/NPUB30478/NPEB00548/NPHB00185/NPEB90206/NPUB90332/BLUS30405/BLJM60299]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Dark Sector"
[BLJS10021/BLUS30116/BLES00222/BCAS20036/BCKS10049/NPUB90019/NPEB90069/NPJB90107]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Dead Spaceª"
[BLES00308/NPEB00051/NPEB00050/NPEB00049/NPUB30569/BLUS30177/BLES00310/BLAS50072/BLKS20087]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Dead to Rights: Retribution"
[BLJS10082/BLUS30278/BLES00824/BLAS50198]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "DEF JAM: ICONª"
[BLAS50012/BLKS20014/BLJM60029/BLUS30024/BLES00042/NPUB90004/BLJM60091]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Disney's Bolt"
[NPUB30556/BLES00415/BLUS30229/BLES00416/BLES00417/BLES00414]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Droplitz"
[NPUB30057]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "echochrome"
[NPJA00027/NPUA80134/NPEA00071/NPEK00117/NPHA80041/NPEA90025/NPJA90067]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "echochromeª ii"
[BCAS20133/NPHA80102/NPUA80473/BCJS30065/NPEA00253]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "End of Eternity"
[BLAS50176/BLAS50194/BLJM61094/BLJM60298/BLJM60187/NPJB90223]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Everyday Shooter"
[NPUA80098]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "F.E.A.R."
[BLES00035/BLUS30003/BLES00036]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "F.E.A.R. 2"
[NPEB90134/NPUB90121/BLES00471/BLJM60160/NPEL00125/BLKS20119/BLES00464/BLUS30251/NPEB90184/NPUB90307]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Ferrari Challenge: Trofeo Pirelli + Supercar Challenge"
[BLES01451]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "FIFA 08"
[BLAS50027/BLUS30038/BLKS20038/BLES00132/BLES00133/BLES00140/NPUB90039/NPEB90023/NPJB90062/BLJM60046]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "FIFA Street 3"
[BLKS20056/BLAS50041/BLES00188/BLJM60079/BLUS30099/NPEB90054/NPUB90068]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "FIGHT NIGHT ROUND 3"
[BLUS30019/BLJM60020/BLKS20007/BLAS50009/BLES00026/BLJM60092]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Folkloreª"
[BCES00050/BCAS20013/BCUS98147/NPUA70002/NPEA90020/NPUA70001/NPEA90019/NPJA90031/NPHA80020/BCJS30009/BCKS10018/BCAS20038/BCJS70011/BCKS10066/BCJS70002]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Frogger Returns"
[NPEB00162/NPUB30118/NPJB00041]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "FUELª"
[BLES00570/BLJM60163/BLUS30314/BLJM60264/NPEB90171/NPUB90281]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Fuel Overdose"
[NPEB00876]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Go! Puzzleª"
[NPEA00006/NPJA00003/NPUA80022]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Harry Potter and the Order of the Pheonix"
[BLUS30045/BLKS20023/BLES00070/BLAS50018/BLES00071/BLJM60048/NPEB90017/NPUB90030]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "HAZE"
[BLUS30094/BLES00157/BLES00169/BLJS10019/BLES00164/BCKS10026/BCAS20030/NPEB90068/NPJB90100/NPUB90031]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Heroes Over Europe"
[BLUS30308/BLES00679/BLAS50141]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Imabi Kisou"
[BLJM60042/NPJB90030]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "inFamous"
[BCUS98119/BCUS98154/BCUS98184/BLES00220/BLES00609/NPEA00257/NPUA80480/BCES00220/BCES00591/BCAS20074/NPHK80090/BCKS10082/BCAS20180/BCJS30037/BCES00609/NPEK00076/NPEA00252]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Karaoke Revolution"
[BLES00694/BLUS30378]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Karaoke Revolution Presents: American Idol Encore"
[BLUS30112]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Karaoke Revolution Presents: American Idol Encore 2"
[BLUS30215]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Kung Fu Panda¨"
[BLJS10024/BLES00243/BLKS20065/BLUS30136]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "LEGO¨ Rock Band"
[BLUS30382/BLES00636]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "LittleBigPlanetª"
[NPUA80472/BCES00141/BCES00611/NPUA70056/BCUS98208/BCAS20058/BCUS98148/BCJN29601/BCJN29602/BCJS30018/NPEA00241/NPJA00052/NPHA80092/CEJH10003/CEJH10004/NPEO00051/BCJN29603/BCKS10059/BCET70011/NPJA90074/BCET70002/NPUA70045/NPJA90097/NPEA00147/NPHA80067/BCAS20078/BCUS98199/BCKS10088/BCJS70009/BCAS20091]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "LittleBigPlanetª 2"
[BCUS98288/BCUS98372/BCES00850/BCES01086/BCES01694/BCES01346/BCES01345/BCUS98245/NPUA80662/NPEA00324/BCES01693/BCAS20201/BCAS20113/BCUS98249/NPEA90077/NPEA90082/NPEA90098/NPUA70127/NPUA70131/NPUA70151/NPUA70169/NPUA70174/NPUA07128/NPJA90152/NPJA90158/JPSN12345/NPHA80113/NPHA80125/NPHA80163/NPHA80132/BCJS30058/BCJS70024/BCET00018/BCET70023/BCET70035/NPUA70117/NPHA80161/NPEA00437]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "LittleBigPlanetª 3"
[BCUS81138/BCUS98362/NPUA81116/BCES01663/BCES02068/NPEA00515/BCJS30095/BCAS20322/NPJA00123/NPHA80277]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Madden NFL 07"
[BLUS30014/BLJM60021]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Madden NFL 08"
[BLES00102/BLAS50019/BLUS30037]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Mahjong Tales: Ancient Wisdom"
[NPHB00088/NPEB00067/NPUB30045]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Major League Baseball 2K8"
[BLUS30122/BLJM60099/NPUB90083]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Minecraft: Story Mode"
[BLUS31579/NPUB31725/NPEB02294]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "MLB 09: The Showª"
[BCUS98180/BCKS10073/BCAS20072/NPUA70032]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Mobile Suit Gundam: Crossfire"
[BLUS30017]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Mobile Suit Gundam: Target in Sight"
[BLJS10002/BLAS50001/BLJS50011/BLJS50002]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "MONOPOLY¨"
[BLES00387/BLUS30213]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "MotorStorm"
[BCAS20004/BCKS10002/BCJS30004/BCES00006/BCUS98137]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "NBA STREET Homecourt"
[BLAS50011/BLJM60025/BLUS30022]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "NCAA¨ Football 08"
[BLUS30039/NPUB90038]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "NCAA¨ Basketball 09"
[BLUS30231/NPUB90180]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Need for Speedª ProStreet"
[BLES00177/BLUS30066/BLES00175/BLES00176/BLKS20034/BLJM60059/BLAS50026/NPJB90068/NPUB90033/BLJM60143/BLAS50124]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "NHLª 08"
[BLUS30062/BLES00118/NPUB90028]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "NHLª 09"
[BLES00298/BLUS30168/NPEB90089/NPUB90137]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "NBA Live 09"
[BLES00302/BLAS50070/BLUS30173/BLJM60096/BLKS20083/NPUB90139/NPEB90088]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Operation Flashpoint¨ Dragon Risingª"
[BLES00597/BLUS30316/BLJM60152/BLJM60477/BLJM60315]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Prince of Persia"
[BLAS50085/BLUS30214/BLES00389/BLKS20100/BLJM60107/NPUB30424/BLES00390/NPEL00079/BLAS50131/BLUS30245]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Prince Of Persia The Forgotten Sandsª"
[NPUB30632/BLKS20193/BLJM60234/NPEB00774/BLES00840/BLES00906/NPUB90370/BLES00839/BLUS30401/BLAS50207]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "The Punisher: No Mercy"
[NPUB30070/NPEB00098/NPEB00112/NPUB90198/NPEB90179]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Red Faction: Guerrilla"
[BLES00498/NPEB00353/BLJS10055/NPUB30295/BLES00592/BLAS50118/BLES00496/BLES00497/BLUS30258/NPEB90146/NPUB90228/NPHB00107/BLJS10086/NPEB90158]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Resonance of Fateª"
[BLUS30484/BLES00789/NPEB01348]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "SEGA Rallyª"
[BLES00107]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "SEGA Rallyª Revo"
[BLJM60057/BLES00108/BCKS10023/BLAS50028/BLUS30068/NPUB90055/NPJB90076/NPEB90018/NPHB00014/BLJM60125]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Shaun White Snowboarding"
[BLES00445/BLES00403/BLAS50083/BLJM60131/BLUS30223/BLUS30233/BLJM60184]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Shiki-Tei"
[NPJA00026]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Shrek Forever After"
[BLUS30496/BLES00837]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Skate"
[BLES00125/BLUS30059/BLES00124/BLAS50021/BLJM60070/BLKS20024/NPUB90057/NPEB90031/BLJM60141]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Skate 3"
[BLJM60296/BLES00760/BLUS30464/BLJM60437]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Supercar Challenge"
[BLES00581/BLET70001]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Terminator: Salvation"
[BLUS30318/BLES00537/BLJM60169]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "The Price Is Right"
[NPUB30167]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "The Simpsonsª Game"
[BLES00142/BLUS30065/BLKS20044/BLAS50033/BLES00146/NPEB90029/NPUB90048]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Tiger Woods PGA TOUR¨ 07"
[BLES00012/BLAS50004/BLUS30013]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Tiger Woods PGA TOUR¨ 08"
[BLAS50020/BLUS30053/BLES00105/NPEB90024/NPUB90050]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Tiger Woods PGA TOUR¨ 11"
[BLJM60245/BLUS30489/BLAS50213/BLES00870]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Tom Clancy's Ghost Recon: Advanced Warfighter 2"
[BLJM60040/NPJB00213/BLKS20080/BLUS30034/BCAS20022/BCKS10019/BLES00067/NPUB30502/NPUB90027/NPEB90016/BLAS50060/BLJM60147]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Tom Clancy's H.A.W.X"
[NPUB31101/BLES00330/BLAS50101/BLUS30186/BLJM60144]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "TRANSFORMERS: Revenge of The Fallenª"
[BLES00577/BLKS20127/BLUS30297]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "UNCHARTED 2: Among Thievesª"
[NPEK00166/BCJS37004/BCKS10086/BCAS20097/BCES00727/BCES00509/BCUS98123/BCES00757/NPEA00365/BCUS98257/NPUA80698/BCAS20142/BCUS90641/BCKS10084/BCJS70021/NPUA70049/NPUA70051/BCET70015/NPEA90055/NPUA70092/BCJS30035]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "UNCHARTED: Drake's Fortune¨"
[NPUA80697/BCES00065/BCJS30015/BCAS20024/NPEA00363/BCUS98103/BCKS10021/NPJA90063/NPUA98103/NPEA90018/BCUS90640/BCAS20079/BCUS98375/BCJS30051]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Vandal Hearts: Flames of Judgment"
[NPJB00038/NPEB00148]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "WET"
[BCKS10092/BCAS20092/BLES00708/BLUS30403/BLES00707/BLJS10062/NPUB90310/NPEB90186]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000
; "Zen Pinball"
[NPUB90239/NPUB30055/NPEB00099/NPEB90151]
;disc_hash_key=
secure_file_id:UNPROTECTED=00000000000000000000000000000000

 

[bucanero]

I've just released v1.2.0 with many improvements and features discussed here:
https://github.com/bucanero/apollo-ps3/releases/tag/v1.2.0

What remains to be added:
- The account list XML (and related stuff)
- The option to bulk-copy to HDD (including the DB rebuild trick with the db.err file, user warning, etc.)
- the eid key dump stuff (lower priority since I don't have a CFW to test)

Also I'm thinking to:
- move the "Bulk resign+unlock USB saves" to the "USB Saves" menu (probably first item at the top of the list)
- move the "Copy all HDD saves to USB" to the "HDD Saves" menu
...
leaving the "User backup" menu only with stuff not related to save-games. (like licenses, trophies, etc)

 

[bucanero]

While working on the XML-owners file, I finally took the time to test one idea I had about copying a PS3 savegame to HDD while getting the XMB database to update properly.

The good news is that my idea worked nicely , so now I can implement the long-awaited option to copy saves to HDD (one by one or in a bulk mass-resign+copy)! also, this trick avoids the need to rebuild the database and all the stuff discussed with @sandungas before

it's almost as good as the original copy from the XMB, but might be a bit slower (the file-copy functions are not optimized)

probably in this first version my app won't overwrite saves that already exist on the HDD, to avoid any issues (only copy the save if it doesn't exist in the HDD)

stay tuned...

 

[sandungas]

While working on the XML-owners file, I finally took the time to test one idea I had about copying a PS3 savegame to HDD while getting the XMB database to update properly.

The good news is that my idea worked nicely , so now I can implement the long-awaited option to copy saves to HDD (one by one or in a bulk mass-resign+copy)! also, this trick avoids the need to rebuild the database and all the stuff discussed with @sandungas before

it's almost as good as the original copy from the XMB, but might be a bit slower (the file-copy functions are not optimized)

probably in this first version my app won't overwrite saves that already exist on the HDD, to avoid any issues (only copy the save if it doesn't exist in the HDD)

stay tuned...

Nice, i guess it will be a more proper "import", and incase there is no need to rebuild database it will be less confusing and invasive for the user

Btw, yesterday i had an idea, is a bit unrelated with the latest features you have implemented but anyway... i just mentioning it because im not sure how to achieve it, but maybe someone figures a way to do it
The idea is to use some official function to do some kind of "validation check" to the converted save.. and based on it apollo automatically decides if the save was rebuilt correctly (no need to boot the game to check it manually)
You know... the goal is to identify (and prevent the "import") of the "broken" saves in a automated way

The only way we have right now to see if the save was rebuilt properly is to boot the game and see if the save loads normally (obviouslly), but it requires the user to boot the game, see if the save loads, etc...

 

[aldostools]

Btw, yesterday i had an idea, is a bit unrelated with the latest features you have implemented but anyway... i just mentioning it because im not sure how to achieve it, but maybe someone figures a way to do it
The idea is to use some official function to do some kind of "validation check" to the converted save.. and based on it apollo automatically decides if the save was rebuilt correctly (no need to boot the game to check it manually)
You know... the goal is to identify (and prevent the "import") of the "broken" saves in a automated way

The only way we have right now to see if the save was rebuilt properly is to boot the game and see if the save loads normally (obviouslly), but it requires the user to boot the game, see if the save loads, etc...

Good idea. IMO there are 2 types of validation checks: Generic validations and game specific validations.

The generic validations are easier to implement. They could be a list of rules that every save must meet.
Some of the rules could be:
1. The save data must be located at /dev_hdd0/home/********/savedata
2. The folder name must include the Title_Id of the game in the first 9 characters
3. The folder must include at least the following files: ICON0.PNG, PARAM.SFO, PARAM.PFD
4. The "magic" number in the header of these files must match with the file type.
5. The Title_Id in PARAM.SFO and the Title_Id of the game must match.
6. If file the "~files_decrypted_by_pfdtool.txt" is found, it's very likely that the files are still in decrypted state. Therefore corrupted.
7. There could be a threshold for the folder size. For instance, a save data must be smaller than 100MB
8. There must exist a valid SECURE_FILE_ID for the Title_Id in games.conf

The game specific validations are harder to implement because each game has it's own validation rules like:
9. A save data must include specific file names with specific format
10. Some save data files require a hash validation (many of the BSD scripts deal with this restriction)
11. Some games have a second encryption layer (GTAV, DmC5, Diablo3, NaughtyDog, NFS Rivals, BlackOps).and they must be in encrypted state.
12. There could a threshold for the file size per file type.

Apart of these validation checks (I could be forgetting a few validations), the only way to really validate that a save data is valid is testing it in the game.

 

[Coro]

concerning number 7 above: i dont know what the biggest save out there is, but SSX has a save that stores replays and it is 100MB before it is ever used (i dont think it gets bigger). maybe it would be better to warn the user that the save may be invalid but should be tested to be sure?

 

[aldostools]

concerning number 7 above: i dont know what the biggest save out there is, but SSX has a save that stores replays and it is 100MB before it is ever used (i dont think it gets bigger). maybe it would be better to warn the user that the save may be invalid but should be tested to be sure?

The number 7 is not very important... As you mentioned there could be various types of validation results:
- Fatal Errors (missing files, missing keys, invalid files, invalid checks, etc.)
- Warnings (unexpected file/folder sizes, unexpected files, unexpected sub-folders, invalid letter case, etc.)
- Everything is OK


I only commented about file size, because it's very unlikely to have a save data folder >100MB

 

[sandungas]

Good idea. IMO there are 2 types of validation checks: Generic validations and game specific validations.

The generic validations are easier to implement. They could be a list of rules that every save must meet.
Some of the rules could be:
1. The save data must be located at /dev_hdd0/home/********/savedata
2. The folder name must include the Title_Id of the game in the first 9 characters
3. The folder must include at least the following files: ICON0.PNG, PARAM.SFO, PARAM.PFD
4. The "magic" number in the header of these files must match with the file type.
5. The Title_Id in PARAM.SFO and the Title_Id of the game must match.
6. If file the "~files_decrypted_by_pfdtool.txt" is found, it's very likely that the files are still in decrypted state. Therefore corrupted.
7. There could be a threshold for the folder size. For instance, a save data must be smaller than 100MB
8. There must exist a valid SECURE_FILE_ID for the Title_Id in games.conf

The game specific validations are harder to implement because each game has it's own validation rules like:
9. A save data must include specific file names with specific format
10. Some save data files require a hash validation (many of the BSD scripts deal with this restriction)
11. Some games have a second encryption layer (GTAV, DmC5, Diablo3, NaughtyDog, NFS Rivals, BlackOps).and they must be in encrypted state.
12. There could a threshold for the file size per file type.

Apart of these validation checks (I could be forgetting a few validations), the only way to really validate that a save data is valid is testing it in the game.

I was thinking mostly in something intermediate in between system functions and the game functions
Something like... a syscall to load the save in ram and validate it (the PFD security and posible encryption of the save file itself)... but i guess there is not something ike that in the firmware
Also, i guess it would not be failproof because we could package a "garbage" data as a legit save and it would bypass that kind of check

The generic validations you mentioned are something i didnt thought, but could be handy, and even some more
Btw, how would work rule 5 ?... we have the TITLE_ID in the SFO but what should we use to compare it, the first 9 characters of the folder name ?