PS3 Cobra changes to add full burned optical media support

modrobert said:
Perhaps 1:1 encrypted would be good considering CFW stealth?

Was thinking along the lines of having something like Habib DB (Dual Boot) "OFW" which only have ECDSA patches to allow being overwritten by CFW including this hack allowing encrypted 1:1 from burned disc, giving the user a really clean way of playing copy/backup discs online with minor risk of getting banned.

Just speculating here, feel free to punch holes in my reasoning.
Click to expand...
Yep, i mentioned it before (with some sarcasm, but i guess people got the idea)
Minimalistic cfw + DB patches + optical disc backup support

But after thinking a bit more in it... for people with flashers installed permanentlly there is even a more stealthy way.... by removing the DB patches :)

So the only way to return back to cfw is with the flasher... but because is installed permanentlly is an easy task
 
Last edited:
sandungas said:
But after thinking a bit more in it... for people with flashers installed permanentlly there is even a more stealthy way.... by removing the DB patches :)

So the only way to return back to cfw is with the flasher... but because is installed permanentlly is an easy task
Click to expand...

Lol well yeah that's doable and I used to have a dual boot setup with e3flasher that allowed easy stealth mode but not ideal.

I bet my 2cents on closing PSN before we get banned


Sent from my iPhone using Tapatalk
 
Wich file needs to be patched for optical disc backup support btw ?, i lost the track where it was mentioned and i cant find it

I think this is the definitive stealth cfw with backup support, the amount of patches is reduced to one, lol... all other stuff is about resigning/repacking, but there is not much needed right ?
 
@sandungas
Are you asking about the changes proposed by deank in this thread & added to Cobra?
If I am not mistaken there is no additional file patching done with this update, deank only improved the disc type detection algorithm in storage_ext.c.
 
sandungas said:
Wich file needs to be patched for optical disc backup support btw ?, i lost the track where it was mentioned and i cant find it

I think this is the definitive stealth cfw with backup support, the amount of patches is reduced to one, lol... all other stuff is about resigning/repacking, but there is not much needed right ?
Click to expand...

Well unless we reverse hypervisor, I don't think it's possible to do it without COBRA. as @deank stated earlier when he released his codes.

he basically added an extra detection from existing one that relies on COBRA's scsi commands from BD Drive and return it as PS3 disc
 
sandungas said:
Ok, i see

Though...
1 - Dump lv1 without the patch
2 - Dump lv1 with the patch
3 - Compare
Click to expand...

that's not that simple................. COBRA does this on LV2 level..

Alternatively one can build a mini COBRA that has bare minimum features with OFW dev_flash.

I think that's good enough.
 
Last edited:
Cant be done the same with lv2 ?
Anyway, what i wanted to point is that is not need to do the whole reverse engineering, seems easyer to do comparisons with and without the patch to see what cobra is patching
Thought the original coder of cobra knew what he was patching for sure

Never mind, im not going to derail more the thread, the rabbit is out of the hat anyway i think eventually will appear a firmware like that
 
sandungas said:
Cant be done the same with lv2 ?
Anyway, what i wanted to point is that is not need to do the whole reverse engineering, seems easyer to do comparisons with and without the patch to see what cobra is patching
Thought the original coder of cobra knew what he was patching for sure

Never mind, im not going to derail more the thread, the rabbit is out of the hat anyway i think eventually will appear a firmware like that
Click to expand...

COBRA is not patching.. COBRA is faking the BD/DVD Authentications by hooking existing functions from LV2..

You have a point, COBRA source shows how it mimics the existing LV2 functions and how it fakes with its own code. so basically what you're asking is to reverse the existing LV2 functions to replace with what COBRA does without COBRA loaded.

I suggested the idea to @habib about making a mini COBRA that doesn't have any features but burned optical media playback.
which could be used with OFW dev_flash only. I think this is the maximum stealth it can get with the bare minimum back up feature.
 
Last edited:
I don't have a working PS3 with CFW 4.81 at the moment (all dead from YLOD), but how about finding out where LV2 (lv2_kernel.elf.) is residing in memory and patch memory offsets directly (0x80000000000xxxxx). Thinking stealth, a patcher can be loaded at boot and exit after patching is done, leaving no process running, run the patcher binary from some boot script, avoid patching elf's directly in case file hashes are checked.
 
modrobert said:
I don't have a working PS3 with CFW 4.81 at the moment (all dead from YLOD), but how about finding out where LV2 (lv2_kernel.elf.) is residing in memory and patch memory offsets directly (0x80000000000xxxxx). Thinking stealth, a patcher can be loaded at boot and exit after patching is done, leaving no process running, run the patcher binary from some boot script, avoid patching elf's directly in case file hashes are checked.
Click to expand...

@habib suggested patching syscall 864 like sacd-ripper does to allow direct-disc-access. (Not exactly the same patch)

Here's the offset for both CEX and DEX 4.81, if anyone's bored, feel free to try this without COBRA.

COBRA hooks this syscall so you can't apply patches directly without removing the hook.

upload_2017-2-4_3-10-30.png


So for DEX 4.81, the offset is 0x22CC88and for CEX 4.81 the offset should be 0x2267AC
replace F821FF517C0802A6 with 386000004e800020 See if it allows burned PS3 disc.

DB OFW won't work due to modified LV2, so you have to disable ECDSA on lv2ldr and probably lv1ldr too..
 
Joonie said:
@habib suggested patching syscall 864 like sacd-ripper does to allow direct-disc-access. (Not exactly the same patch)

Here's the offset for both CEX and DEX 4.81, if anyone's bored, feel free to try this without COBRA.

COBRA hooks this syscall so you can't apply patches directly without removing the hook.

View attachment 8051

So for DEX 4.81, the offset is 0x22CC88and for CEX 4.81 the offset should be 0x2267AC
replace F821FF517C0802A6 with 386000004e800020 See if it allows burned PS3 disc.

DB OFW won't work due to modified LV2, so you have to disable ECDSA on lv2ldr and probably lv1ldr too..
Click to expand...

Thanks, so the patch code is this...

Code: 
li r3,0
blr

Looks familiar, déjà vu Kakaroto.
 
modrobert said:
Thanks, so the patch code is this...

Code: 
li r3,0
blr

Looks familiar, déjà vu Kakaroto.
Click to expand...

Don't worry, I already tested, and it seems like it's breaking BD Auth with the patch.

It not only doesn't recognize the burned disc, also breaks the compatibility with all homebrew which was returned as 80010009 from VSH

So @habib's going to make a small payload instead

I think supporting both ODE and backup disc ONLY maybe doable although only a handful user would use it though.

a while ago, I was able to reproduce the issue with ODE on COBRA mode and found out what fixed the issue that could be ported to non COBRA CFW, but I haven't tried it ever since.
 
Joonie said:
Don't worry, I already tested, and it seems like it's breaking BD Auth with the patch.

It not only doesn't recognize the burned disc, also breaks the compatibility with all homebrew which was returned as 80010009 from VSH

So @habib's going to make a small payload instead

I think supporting both ODE and backup disc ONLY maybe doable although only a handful user would use it though.

a while ago, I was able to reproduce the issue with ODE on COBRA mode and found out what fixed the issue that could be ported to non COBRA CFW, but I haven't tried it ever since.
Click to expand...

Yes, CFW with ODE seems a bit too hardcore for any broad use, but I like the spirit.

Strange as it may seem I've always had a disc fetish, just love burning the damned things and using them, so was really happy to read about Dean's progress in this thread.

Before there were any PS3 hacks I expected hacked drive firmware (similar to iXtreme on Xbox 360) to be first out with encrypted games on BD-R. Then came PSJB where games were decrypted when dumped, stored on hard drive, and it evolved from there instead. I'm not complaining, it was just an unexpected leap at the time.

Thinking about purpose and broad use in general, this is PS3 roughly ten years after launch, so anything we do is more about having fun than anything else at this point.
 
Last edited:
deank said:
Thank you... at least I'm not alone :)
Click to expand...

Dean, unfortunately it's not working.
Game exists immediately when you start it, it goes back to XMB. No 80010017 error seen.

I'm on Rebug 4.81.2 with Rebug toolbox 02.02.13. So that's Cobra 7.52 on CECH-2504A CEX.

Iso is generated by genps3iso_v2.0

It shows up under XMB fine (Teenage Mutant Ninja Turtles) with disc logo and the background.

ISO has label PS3VOLUME
Burned by CDBURNERXP to Verbatim BD-R 25GB

Folders:

MY_STUFF with 3 subfolders
PS3_GAME
PS3_UPDATE - empty
PS3DISC.SFB

This game has no updates (yet) so unfortunately it's not possible to update it.

Rebug mode is set to OFF
Cobra mode to ON

After some retries it only sees it as data disc. Cold boot seems to help.

I made a HxD hex dump which is located here:

https://w00fer.stackstorage.com/s/laQZbV3hXD1mqSw
 
W00fer said:
Dean, unfortunately it's not working.
Game exists immediately when you start it, it goes back to XMB. No 80010017 error seen.

I'm on Rebug 4.81.2 with Rebug toolbox 02.02.13. So that's Cobra 7.52 on CECH-2504A CEX.

Iso is generated by genps3iso_v2.0

It shows up under XMB fine (Teenage Mutant Ninja Turtles) with disc logo and the background.

ISO has label PS3VOLUME
Burned by CDBURNERXP to Verbatim BD-R 25GB

Folders:

MY_STUFF with 3 subfolders
PS3_GAME
PS3_UPDATE - empty
PS3DISC.SFB

This game has no updates (yet) so unfortunately it's not possible to update it.

Rebug mode is set to OFF
Cobra mode to ON

After some retries it only sees it as data disc. Cold boot seems to help.

I made a HxD hex dump which is located here:

https://w00fer.stackstorage.com/s/laQZbV3hXD1mqSw
Click to expand...

What's the title ID of the game, I don't recall these games were released as retail disc (except for Teenage Mutant Ninja Turtles: Mutants in Manhattan )

and Teenage Mutan Ninja Turtle has several series, please be specific.

If it was converted from PSN format, then you will likely need to resign the EBOOT properly/
 
Joonie said:
What's the title ID of the game, I don't recall these games were released as retail disc (except for Teenage Mutant Ninja Turtles: Mutants in Manhattan )

and Teenage Mutan Ninja Turtle has several series, please be specific.

If it was converted from PSN format, then you will likely need to resign the EBOOT properly/
Click to expand...

Yeah it is Mutants in Manhattan, the DUPLEX release, so no conversion from PSN.

4249Teenage.Mutant.Ninja.Turtles.Mutants.in.Manhattan.PS3-DUPLEXBLES02155duplex-tmntmm2016-05-25
I tried with Uncharted 3, which also has PS3VOLUME label tag and it does not work either (BD-R 50GB TDK disc)

Turtles disc is generated by genps3iso_v2 and has CDFS filesystem. Quite weird.
Uncharted 3 disc has UDF 2.50

It may be that the CDFS filesystem is the culprit on the Turtles disc. For the Uncharted disc it's still unclear

Uncharted 3 first 110 sectors HxD hex dump is here:

https://w00fer.stackstorage.com/s/DoANqsF7cgSyWUo
 
Last edited:
W00fer said:
Yeah it is Mutants in Manhattan, the DUPLEX release, so no conversion from PSN.

4249Teenage.Mutant.Ninja.Turtles.Mutants.in.Manhattan.PS3-DUPLEXBLES02155duplex-tmntmm2016-05-25
I tried with Uncharted 3, which also has PS3VOLUME label tag and it does not work either (BD-R 50GB TDK disc)

Turtles disc is generated by genps3iso_v2 and has CDFS filesystem. Quite weird.
Uncharted 3 disc has UDF 2.50

It may be that the CDFS filesystem is the culprit on the Turtles disc. For the Uncharted disc it's still unclear

Uncharted 3 first 110 sectors HxD hex dump is here:

https://w00fer.stackstorage.com/s/DoANqsF7cgSyWUo
Click to expand...

If it's the scene rip, then it maybe your eboot isn't original.
 
You must log in or register to reply here.

Similar threads

Back
Top