PS3 Newb ps3 elf questions.

[Kevstah2004]

How do I go about extracting & repacking a ps3 .self?

If I have it as a decrypted ps3 .elf from rpcs3 how do I then extract it & repack it's contents?

Can you run decrypted ps3 .elfs on cfw? or do you need to resign them each time to match the same kernal version as the current official firmware it's based off?

Fake signed ps3 .elf can run on any firmware or just dex? If I rename or overwrite a .self in devflash?

.self or ps3 .elf can run inside a custom .pkg for testing purposes without touching the devflash?

 

[Devildwarf]

Well to resign a ELF to SELF/EBOOT i would normally use "TrueAncestor_SELF_Resigner" or "ESSSE RESIGNER" either can decrypt and encrypy eboot/self/elf files, you can also resign to CFW or DEX depending on what you want, BUT if your eboot uses a DEX function it wont just magically make it work on CEX so keep that in mind,

If its a really old or a unsigned elf then it should be resigned to work on more modern machines but NO you dont need to resign everytime a firmware is released, infact we usually resign stuff now with keys from 4.55 (i think, correct me if im wrong) and they still work on modern firmware.

a fake signed ps3 elf can run on CFW depending if the elf uses DEX functions or not, some dex functions are just not availible in CEX firmware, but if the elf uses functions that do exist in CEX then yes its just a case of resigning it, infact some CFW's can even just run debug eboots as is and dont even need resigning from debug to retail. I wouldn't recommend replacing a .self in devflash if it can be helped unless you know what you are doing, you could softbrick your ps3 (requiring a format to fix), but if you do decide to try this only do it on CFW, DONT DO IT ON HEN/HFW you will brick it.

You can run a .self/eboot off the ps3 hdd if its a standalone, and i think webman has a "remapping" feature to allow people to replace files in devflash without actually replacing them, i would look into that first (im not 100% sure because i have never had to do that).
Good luck

 

[Kevstah2004]

Ok thanks, I still don't understand the ELF format PS2 or PS3 is it a container or not? from what I can tell it's C or C+ program code recompiled to the target cpu as the first data chunk followed by any extra used assets, I need to know how to replace the extra assets also.
Everything i've seen requires tools from the official SDK is their no homebrew solution?

 

[Devildwarf]

Ok thanks, I still don't understand the ELF format PS2 or PS3 is it a container or not? from what I can tell it's C or C+ program code recompiled to the target cpu as the first data chunk followed by any extra used assets, I need to know how to replace the extra assets also.
Everything i've seen requires tools from the official SDK is their no homebrew solution?

An ELF is basically the same as a PC .exe file, it works the same way, it has headers and stubs and structure just like any other executable, you can probably pack some resources inside a ELF too if you wish but usually they are external (there are exceptions like some image files and bios files), it really depends on how much memory space you have to work with. And PS2 ELF and a PS3 ELF are different, mostly because they are built for different systems, think of it like trying to run a Android game on a IOS phone, it wouldnt work because they use different hardware, They are made using different SDK's that are made for their own hardware and also the source code is different for the API's for that.

Replacing assets inside a ELF can be done but if you intend to make it bigger you would need to reverse the headers and resize them to fit the new content, if its the same size or smaller you could probably just replace the file inside with a hex edit then resign. If you decide to reverse it there are plugins for IDA Pro or Ghidra that help with PS3 ELF's and you can find them around.

And there is a PS3 homebrew solution but its not as powerful as the real SDK so most people still use the official sdk sadly, PSL1GHT is the homebrew version of the ps3 sdk.

 

[Kevstah2004]

An ELF is basically the same as a PC .exe file, it works the same way, it has headers and stubs and structure just like any other executable, you can probably pack some resources inside a ELF too if you wish but usually they are external (there are exceptions like some image files and bios files), it really depends on how much memory space you have to work with. And PS2 ELF and a PS3 ELF are different, mostly because they are built for different systems, think of it like trying to run a Android game on a IOS phone, it wouldnt work because they use different hardware, They are made using different SDK's that are made for their own hardware and also the source code is different for the API's for that.

Replacing assets inside a ELF can be done but if you intend to make it bigger you would need to reverse the headers and resize them to fit the new content, if its the same size or smaller you could probably just replace the file inside with a hex edit then resign. If you decide to reverse it there are plugins for IDA Pro or Ghidra that help with PS3 ELF's and you can find them around.

And there is a PS3 homebrew solution but its not as powerful as the real SDK so most people still use the official sdk sadly, PSL1GHT is the homebrew version of the ps3 sdk.

Well the file I want to swap is 4,194,304 bytes in both .self's, ClaimToolV2 extracted it out of both unencrypted .elf so I shouldn't to need to change anything just reinsert the file from one to another & resign it as npdrm with PUAD GUI? nothing is byte reversed so it should makes things a bit easier.
I can't use app_home the folder is too small because I resized the HDD not to use OtherOS, i've tried running some .self's already on devflash with multiman file manager but they just fallback to the XMB.

 

[Gregor]

I don't know if it's possible to boot elf files on the ps3 unless they're fself or a normal self. you can boot either with webman mod or multiman at least. elf is a generic file type that's used because of its versatility with big and little endian afaik. most systems use elf, then the file is linked to a generic file type of the system. if you want to make a pkg easily, install @aldostools ' ps3tools. I think you need to open the pkg content id as administrator for this to happen, but it will allow a folder to be turned into a pkg in the context menu of windows. it must contain at least a PARAM.SFO afaik for this to work.

 

[Kevstah2004]

I used Break N Make to resign the .elf this time instead, it allows you to use another .self as a doner template via cloning, this time it didn't poweroff the ps3 it just stalled on a blackscreen I guess softemu would require different commands passed to it via webmanmod than those used by the other ps2 emulators, Break N Make showed it updated the .self.

 

[Gregor]

I've never heard of that program. I know scetool can use something similar with the template command. I didn't know that wmm or cfw could even still use softemu. I only vaguely remember playing softemu with the cobra dongle a very long time ago. it was very primitive and slow from what I remember. I do not know if it was ever finished or how improved it is above 3.55. I'd suggest using the scetool template command, just to try it:
scetool --verbose --template ps2_softemu.self --sce-type=SELF --skip-sections=FALSE --compress-data=TRUE --encrypt ps2_softemu.elf ps2_softemu.self


iirc, that's the command. decrypt the self first with the -d command. scetool -d ps2_softemu.self ps2_softemu.elf

edit: nm, that's just going to resign them for the same firmware.

 

[Kevstah2004]

Ok i'll do some more tests in rpcs3 with different firmware versions first I think before I start overwriting them on my real ps3, don't wanna brick it, I was just testing the resigned .elfs to see if they worked or not.

My intention isn't to use softemu unless I want to run something from the actual bluray drive, but to use the bios segment from softemu on netemu since it's more complete, somebody already modded it to include the xmodules but imo it'd better to use the earlier softemu bios as a base then update it for netemu use, both bios have iLink & HDD support removed the entry in softemu bios system configuration for digital out is removed & language, clock remain & possibly the component/rgb switch ran in pcsx2.

 

[Gregor]

try this one. I was able to add the keys to scetool through the mfw .bat, then I added them manually to the keys file for scetool. I used the netemu as the template for the softemu. I have rpcs3, but I don't really know how to use the softemu in there. I don't know how reliable rpcs3 will be though, because it doesn't include the coreOS files of a cfw afaik. plus, emulators are notoriously unreliable to compare to actual hardware.

 

[Kevstah2004]

try this one. I was able to add the keys to scetool through the mfw .bat, then I added them manually to the keys file for scetool. I used the netemu as the template for the softemu. I have rpcs3, but I don't really know how to use the softemu in there. I don't know how reliable rpcs3 will be though, because it doesn't include the coreOS files of a cfw afaik. plus, emulators are notoriously unreliable to compare to actual hardware.

If softemu only ever supported real discs & not virtual also like ps2classic, the mounting points might be different that might be why it just stuck on a blackscreen with softemu renamed as netemu ran via webmanmod, I don't think it mirrors them to the same path.

I know when I insert a ps2 disc the contents doesn't show up under ps2dvd but ps3 bdvd instead same when you mount a ps2 iso with multiman then browse the disc with the filemanger, webmanmod autoboots the iso so you can't open the contents with filemanger, it also unmounts the iso when you exit the emulator back to the xmb.

 

[Gregor]

If softemu only ever supported real discs & not virtual also like ps2classic, the mounting points might be different that might be why it just stuck on a blackscreen with softemu renamed as netemu ran via webmanmod, I don't think it mirrors them to the same path.

I know when I insert a ps2 disc the contents doesn't show up under ps2dvd but ps3 bdvd instead same when you mount a ps2 iso with multiman then browse the disc with the filemanger, webmanmod autoboots the iso so you can't open the contents with filemanger, it also unmounts the iso when you exit the emulator back to the xmb.

it's also possible that it's just too outdated due to the sdk used. after all, 3.72 is pretty old. that's assuming it's even possible to load the self to begin with. I dunno. interesting test though. I'm not sure which firmware was the last with softemu, but I could've sworn cobra could use softemu on like 4.10 or 4.20 at the latest. that might've been around when it became open-sourced. then, soft-emu stopped appearing in firmware updates.

 

[Kevstah2004]

it's also possible that it's just too outdated due to the sdk used. after all, 3.72 is pretty old. that's assuming it's even possible to load the self to begin with. I dunno. interesting test though. I'm not sure which firmware was the last with softemu, but I could've sworn cobra could use softemu on like 4.10 or 4.20 at the latest. that might've been around when it became open-sourced. then, soft-emu stopped appearing in firmware updates.

This is what I found today, it might be easier to test the bios in the form of a ps2classic instead, the softemu bios is called juarez.bin instead of .crack in the netemu.

 

[Gregor]

good luck. you were asking about elfs specifically before. as I mentioned, they're used because of their versatility with big and little endian both, which is why most systems use the format. iirc, the ps3, 360, wii, wii u, possibly switch and switch 2 are big endian; ps4 and 5 are little endian, which is basically byte reversed. just a fyi. I hope you succeed at figuring this out btw.

edit: nm about the switch 1 and 2. I just looked it up. both support big and little endian, but both actually use little endian. I know the switch 1 uses elf before it's linked into an nro as I've built switch stuff before, but I've never hacked a switch.

 

[Kevstah2004]

Headers for softemu.
No38 is the bios at Offset: 003b7980
Filesize: 001d0000 or 1900544 bytes which should bring me to the next file
No39 at Offset: 00577980 or 00587980? why is there also a 10000 difference listed with each entry?

SELF header
  elf #1 offset:  00000000_00000090
  header len:     00000000_00000400
  meta offset:    00000000_00000190
  phdr offset:    00000000_00000040
  shdr offset:    00000000_001f5b10
  file size:      00000000_005dcbb0
  auth id:        10200004_01000001 (Unknown)
  vendor id:      02000003
  info offset:    00000000_00000070
  sinfo offset:   00000000_00000110
  version offset: 00000000_00000130
  control info:   00000000_00000140 (00000000_00000070 bytes)
  app version:    3.114.0
  SDK type:       Retail (Type 0)
  app type:       level 2

Control info
  control flags:
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  file digest:
     42 a3 ad a2 d2 ea 61 9e 2d a8 00 59 28 3f 8d 08 ce 0e b7 1b

Section header
    offset             size              compressed unk1     unk2     encrypted
    00000000_00010400  00000000_001e0751 [YES]      00000000 00000000 [YES]

Encrypted Metadata
  unable to decrypt metadata

ELF header
  type:                                 Executable file
  machine:                              PowerPC64
  version:                              1
  phdr offset:                          00000000_00000040
  shdr offset:                          00000000_005dbdf0
  entry:                                00000000_00000094
  flags:                                00000000
  header size:                          00000040
  program header size:                  00000038
  program headers:                      1
  section header size:                  00000040
  section headers:                      55
  section header string table index:    54

Program headers
    type  offset            vaddr             paddr
          memsize           filesize          PPU  SPE  RSX  align
     LOAD 00000000_00010000 00000000_00000000 00000000_00000000
          00000000_02315760 00000000_005c6db0 rwx  ---  ---  00000000_00010000

Section headers
  [Nr] Name            Type      Addr              ES Flg Lk Inf Al
       Off                       Size
  [00] <no-name>       NULL      00000000_00000000 00     00 000 00
       00000000_00000000         00000000_00000000
  [01] <no-name>       PROGBITS  00000000_00000000 00 wa  00 000 16
       00000000_00010000         00000000_00002000
  [02] <no-name>       PROGBITS  00000000_00002000 00 wa  00 000 64
       00000000_00012000         00000000_000002c0
  [03] <no-name>       PROGBITS  00000000_00002300 00  ae 00 000 128
       00000000_00012300         00000000_00005100
  [04] <no-name>       PROGBITS  00000000_00007400 00 wa  00 000 16
       00000000_00017400         00000000_00000140
  [05] <no-name>       PROGBITS  00000000_00008000 00  ae 00 000 08
       00000000_00018000         00000000_00000080
  [06] <no-name>       PROGBITS  00000000_00008080 00 wae 00 000 16
       00000000_00018080         00000000_00003a84
  [07] <no-name>       PROGBITS  00000000_00010000 00 wa  00 000 04
       00000000_00020000         00000000_00005c6c
  [08] <no-name>       PROGBITS  00000000_00015c6c 00 wa  00 000 04
       00000000_00025c6c         00000000_00001bf4
  [09] <no-name>       PROGBITS  00000000_00017860 00 wa  00 000 04
       00000000_00027860         00000000_0001d194
  [10] <no-name>       PROGBITS  00000000_000349f4 00 wa  00 000 04
       00000000_000449f4         00000000_00006e4c
  [11] <no-name>       PROGBITS  00000000_0003b840 00 wa  00 000 64
       00000000_0004b840         00000000_00201d20
  [12] <no-name>       PROGBITS  00000000_0023d560 00 wa  00 000 04
       00000000_0024d560         00000000_000000b0
  [13] <no-name>       PROGBITS  00000000_0023d610 00 wa  00 000 04
       00000000_0024d610         00000000_000005e0
  [14] <no-name>       PROGBITS  00000000_0023dbf0 00 wa  00 000 04
       00000000_0024dbf0         00000000_000001b0
  [15] <no-name>       PROGBITS  00000000_0023dda0 00 wa  00 000 04
       00000000_0024dda0         00000000_00000534
  [16] <no-name>       PROGBITS  00000000_0023e2d4 00 wa  00 000 04
       00000000_0024e2d4         00000000_0000000c
  [17] <no-name>       PROGBITS  00000000_0023e2e0 00 wa  00 000 04
       00000000_0024e2e0         00000000_0000000c
  [18] <no-name>       PROGBITS  00000000_0023e2ec 00 wa  00 000 04
       00000000_0024e2ec         00000000_00000214
  [19] <no-name>       PROGBITS  00000000_0023e500 00 wa  00 000 04
       00000000_0024e500         00000000_00000164
  [20] <no-name>       PROGBITS  00000000_0023e664 00 wa  00 000 04
       00000000_0024e664         00000000_00000244
  [21] <no-name>       PROGBITS  00000000_0023e8a8 00 wa  00 000 04
       00000000_0024e8a8         00000000_00000264
  [22] <no-name>       PROGBITS  00000000_0023eb0c 00 wa  00 000 04
       00000000_0024eb0c         00000000_000003c8
  [23] <no-name>       PROGBITS  00000000_0023eed4 00 wa  00 000 04
       00000000_0024eed4         00000000_00000bf8
  [24] <no-name>       PROGBITS  00000000_0023facc 00 wa  00 000 04
       00000000_0024facc         00000000_000002ec
  [25] <no-name>       PROGBITS  00000000_0023fe00 00  a  00 000 01
       00000000_0024fe00         00000000_000048a0
  [26] <no-name>       PROGBITS  00000000_00244700 00  a  00 000 01
       00000000_00254700         00000000_00131048
  [27] <no-name>       PROGBITS  00000000_00375780 00  ae 00 000 64
       00000000_00385780         00000000_0000f8d0
  [28] <no-name>       PROGBITS  00000000_00385050 00  ae 00 000 08
       00000000_00395050         00000000_00000000
  [29] <no-name>       PROGBITS  00000000_00385050 00  ae 00 000 16
       00000000_00395050         00000000_00003e08
  [30] <no-name>       PROGBITS  00000000_00388e58 00  ae 00 000 08
       00000000_00398e58         00000000_000117b8
  [31] <no-name>       PROGBITS  00000000_0039a610 00  ae 00 000 08
       00000000_003aa610         00000000_00002ca8
  [32] <no-name>       PROGBITS  00000000_0039d2b8 00  ae 00 000 08
       00000000_003ad2b8         00000000_000094b0
  [33] <no-name>       PROGBITS  00000000_003a6768 00  ae 00 000 08
       00000000_003b6768         00000000_00000018
  [34] <no-name>       PROGBITS  00000000_003a6780 00  ae 00 000 08
       00000000_003b6780         00000000_00000008
  [35] <no-name>       PROGBITS  00000000_003a6788 00  ae 00 000 08
       00000000_003b6788         00000000_00000038
  [36] <no-name>       PROGBITS  00000000_003a67c0 00  ae 00 000 08
       00000000_003b67c0         00000000_00000038
  [37] <no-name>       PROGBITS  00000000_003a67f8 00  ae 00 000 08
       00000000_003b67f8         00000000_00001128
  [38] <no-name>       PROGBITS  00000000_003a7980 00  a  00 000 128
       00000000_003b7980         00000000_001d0000
  [39] <no-name>       PROGBITS  00000000_00577980 00  a  00 000 16
       00000000_00587980         00000000_00016878
  [40] <no-name>       PROGBITS  00000000_0058e1f8 01  a  00 000 08
       00000000_0059e1f8         00000000_000071b6
  [41] <no-name>       PROGBITS  00000000_005953ae 00  a  00 000 02
       00000000_005a53ae         00000000_00000024
  [42] <no-name>       PROGBITS  00000000_005953d8 00  a  00 000 08
       00000000_005a53d8         00000000_00000008
  [43] <no-name>       PROGBITS  00000000_005953e0 00  a  00 000 08
       00000000_005a53e0         00000000_00000008
  [44] <no-name>       PROGBITS  00000000_005953e8 00  a  00 000 08
       00000000_005a53e8         00000000_00000008
  [45] <no-name>       PROGBITS  00000000_005953f0 00  a  00 000 08
       00000000_005a53f0         00000000_00000008
  [46] <no-name>       PROGBITS  00000000_005953f8 00  a  00 000 08
       00000000_005a53f8         00000000_00000008
  [47] <no-name>       PROGBITS  00000000_00595400 00  a  00 000 08
       00000000_005a5400         00000000_00000008
  [48] <no-name>       PROGBITS  00000000_00595408 00  a  00 000 08
       00000000_005a5408         00000000_000023c0
  [49] <no-name>       PROGBITS  00000000_005977c8 00  a  00 000 04
       00000000_005a77c8         00000000_00000008
  [50] <no-name>       PROGBITS  00000000_005977d0 00  ae 00 000 08
       00000000_005a77d0         00000000_00029670
  [51] <no-name>       PROGBITS  00000000_005c0e40 00  ae 00 000 08
       00000000_005d0e40         00000000_00005f70
  [52] <no-name>       NOBITS    00000000_005c6e00 00  ae 00 000 256
       00000000_005d6db0         00000000_01d4e960
  [53] <no-name>       PROGBITS  00000000_00000000 00     00 000 01
       00000000_005d6db0         00000000_00004a5c
  [54] <no-name>       STRTAB    00000000_00000000 00     00 000 01
       00000000_005db80c         00000000_000005e0

1,900,512 bytes still a 32 byte difference,
I can't see it using any compression but .self can use zlib.

https://github.com/xXxTheDarkprogra...lacer/blob/master/PS4/PS20220WD20050620.crack