[Tutorial] PSN Bypass Techniques and Setting Up Development/Debugging Environment

Discussion in 'Tutorials & Guides' started by esc0rtd3w, Apr 1, 2017.

  1. 1,200
    2,922
    397
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    1,200
    Likes Received:
    2,922
    Trophy Points:
    397
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
  2. 11
    12
    7
    Rajesh Dutta

    Rajesh Dutta Forum Noob

    Joined:
    Jul 20, 2017
    Messages:
    11
    Likes Received:
    12
    Trophy Points:
    7
    Gender:
    Male
    Hi esc0rtd3w,

    I went through the posts and found that you want to know if some one able to boot with resign the amazon instant video v4.01 app. I did some common things which might help you to resign this app and liberate it from PSN.

    I resign the amazon instant video v4.01 (NPEB00344) app which is dully work on 4.75 firmware to lower version 4.46 with aldos ps3 tool and it boot on ps3 4.70 firmware.

    Below are the step which I performed.

    1. I extracted the package with pkgview
    2. I used SELF tools --> resign BOOT/SELF option
    3. It asked me to search any more self file then patched it.
    4. I create the package with same aldos tool.

    The app patched to lower firmware and boot perfectly.

    Could you please try to apply your patches and resign with default aldos tool setting without changing anything.

    Please ignore if it seems too lame or you have already perform these steps... I am quite new to forums, don't know much rules.... but following you from past couple of months....

    Thank you so much for your great works..... People love you for your devotion and your selfless works.... :)
     
    kozarovv, esc0rtd3w and DeViL303 like this.
  3. 1,200
    2,922
    397
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    1,200
    Likes Received:
    2,922
    Trophy Points:
    397
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    well, thank you for taking the time to check that out and post. I am 99% sure I have tried AldoTools as well as many others, but I will try again this weekend and see what I can come up with. From what I remember, it was just a matter of the EBOOT returning me back to the XMB for some reason. What firmware are you on, if I may ask?

    Thanks again :glee:


    EDIT: Did you try resigning the ignition.sprx file? That is most likely the target for PSN check, possibly EBOOT or other means though.
     
    kozarovv likes this.
  4. 7,608
    5,757
    872
    kozarovv

    kozarovv Super Moderator

    Joined:
    Nov 8, 2014
    Messages:
    7,608
    Likes Received:
    5,757
    Trophy Points:
    872
    Home Page:
    Who is making those names. :)
     
    Rajesh Dutta and esc0rtd3w like this.
  5. 11
    12
    7
    Rajesh Dutta

    Rajesh Dutta Forum Noob

    Joined:
    Jul 20, 2017
    Messages:
    11
    Likes Received:
    12
    Trophy Points:
    7
    Gender:
    Male
    Hi esc0rtd3w,

    Currently my PS3 slim 2k version is running on Habib cfw 4.70 cobra 7.10 CEX firmware. Yes I resigned ignition.sprx too...

    Could you please provide me all the elf files which you patched with location... So I can try to resign it... If it worked then everyone can enjoy the glory of your liberated amazon app..... :adoration::adoration:

    Thanks,
     
    esc0rtd3w likes this.
  6. 137
    94
    57
    catalinnc

    catalinnc Member

    Joined:
    Dec 26, 2015
    Messages:
    137
    Likes Received:
    94
    Trophy Points:
    57
    @Rajesh Dutta...

    this Amazon Video app has lots of SPECIAL self/sprx files...
    Code:
    NPEB00344\usrdir\EBOOT.BIN
    NPEB00344\usrdir\bin\ignition.self
    NPEB00344\usrdir\com.amazon.ignition.framework.javascript-bin\mozjs24.sprx
    NPEB00344\usrdir\com.amazon.ignition.framework.player-bin\playready\cachemgr.self
    NPEB00344\usrdir\data\cachemgr\cachemgr.self
    NPEB00344\usrdir\lib\webkit.sprx
    it also has a sdat (NPEB00344\USRDIR\data\config\spark.cfg.sdat) with this content:
    Code:
    "requirePSN" : true,
    i change that to "false"...lets hope it is all it needs...i also PROPER re-signed all the self/sprx files...

    here is the "no psn fix pkg" with instructions inside...
    Code:
    Amazon.Video.PSN.PS3.NPEB00344.v4.01.NO.PSN.FiX.zip
    http://www120.zippyshare.com/v/5X1oktmU/file.html
    let me know how it works...
    _
     
    Rajesh Dutta likes this.
  7. 11
    12
    7
    Rajesh Dutta

    Rajesh Dutta Forum Noob

    Joined:
    Jul 20, 2017
    Messages:
    11
    Likes Received:
    12
    Trophy Points:
    7
    Gender:
    Male
    Hi catalinnc,

    I tried to follow the steps and installed all the apps as per the sequence mentioned in the zip file. But still this app is asking for PSN login.:apologetic:. I tried to press circle to see if it can bypass but nothing happened. The app resign is perfect and it boot flawlessly but it seems somehow this requirePSN is not working... :apologetic::apologetic::apologetic:

    Thanks
     
  8. 1,200
    2,922
    397
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    1,200
    Likes Received:
    2,922
    Trophy Points:
    397
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    That only applies to the old version that does not use Ignition Framework. There is also already several links to Spoofed NoPSN packages available, such as here and here.

    EDIT: will check your fix as well and see what its about. Thanks!
     
    Last edited: Jul 22, 2017
  9. 1,200
    2,922
    397
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    1,200
    Likes Received:
    2,922
    Trophy Points:
    397
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    @Rajesh Dutta

    what are your scetool arguments for resigning EBOOT? Mine are basically default, when i use the GUI. When i use AldoTools to resign on DEX i get return to XMB and on CEX black screen. I am still testing on Rebug 4.81.2. Thanks:cool new:

     
  10. 11
    12
    7
    Rajesh Dutta

    Rajesh Dutta Forum Noob

    Joined:
    Jul 20, 2017
    Messages:
    11
    Likes Received:
    12
    Trophy Points:
    7
    Gender:
    Male
    Yes till 3.03 version of this app requirePSN = false was the solution......

    @
    Below is my scetool argument.... seems same

    scetool -l 72F990788F9CFF745725F08E4C128387 --sce-type=SELF --compress-data=TRUE --skip-sections=FALSE --key-revision=04 --self-ctrl-flags=4000000000000000000000000000000000000000000000000000000000000002 --self-auth-id=1010000001000003 --self-add-shdrs=TRUE --self-vendor-id=01000002 --self-app-version=0004000100000000 --self-type=NPDRM --self-fw-version=0003004000000000 --np-license-type=FREE --np-content-id=EP4183-NPEB00344_00-LOVEFILMFULL0100 --np-app-type=EXEC --np-real-fname="EBOOT.BIN" --encrypt "EBOOT.elf" "EBOOT.BIN"
     
  11. 7,846
    6,526
    647
    bguerville

    bguerville Moderator

    Joined:
    Feb 25, 2015
    Messages:
    7,846
    Likes Received:
    6,526
    Trophy Points:
    647
    Location:
    Earth
    Instead of passing all those arguments, have you tried using the --template argument with the original self as template file?
    Instead of passing all those arguments, have you tried using the --template argument with the original self as template file? The template optional argument should be available in versions 0.2.9/0.2.14/0.3.1/0.3.2...
    Here is how the syntax goes :)
    Code:
    scetool --eboot_template.bin --verbose --sce-type=SELF --compress-data=TRUE --encrypt eboot.elf eboot.bin
     
    Last edited: Jul 22, 2017
    esc0rtd3w likes this.
  12. 11
    12
    7
    Rajesh Dutta

    Rajesh Dutta Forum Noob

    Joined:
    Jul 20, 2017
    Messages:
    11
    Likes Received:
    12
    Trophy Points:
    7
    Gender:
    Male
    @esc0rtd3w

    Could you please provide the patched elf without signed..Or the patched package you created.. Let me try on habib 4.70 cfw for testing...
     
    esc0rtd3w likes this.
  13. 1,200
    2,922
    397
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    1,200
    Likes Received:
    2,922
    Trophy Points:
    397
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    @Rajesh Dutta i have not created any patched files yet because i never got past resigning a stock EBOOT. i have IDA files with notes still though.

    @catalinnc i tried your method by installing all 3 packages in order, as well as manual extract and merge with no effect. I didn't quite understand what you were saying at first until i saw your file structure from ZIP. This method was probably obsoleted once changing to Ignition Framework, but I like how it should work!!! Thanks :grin:

    @bguerville thanks! i didn't realize there was a template option!
     
    Last edited: Jul 22, 2017
    bguerville and Rajesh Dutta like this.
  14. 7,846
    6,526
    647
    bguerville

    bguerville Moderator

    Joined:
    Feb 25, 2015
    Messages:
    7,846
    Likes Received:
    6,526
    Trophy Points:
    647
    Location:
    Earth
    No problem.
    I edited my previous post with an example & the versions of scetool that support it.
    The template option can also be used with prx/sprx files.
     
    esc0rtd3w likes this.
  15. 11
    12
    7
    Rajesh Dutta

    Rajesh Dutta Forum Noob

    Joined:
    Jul 20, 2017
    Messages:
    11
    Likes Received:
    12
    Trophy Points:
    7
    Gender:
    Male
    @esc0rtd3w : can it possible, there is some issue with rebug 4.81 cfw which not let this app to boot properly.... Can you try to resign it as 4.81... like below code

    scetool -l 72F990788F9CFF745725F08E4C128387 --sce-type=SELF --compress-data=TRUE --skip-sections=FALSE --key-revision=04 --self-ctrl-flags=4000000000000000000000000000000000000000000000000000000000000002 --self-auth-id=1010000001000003 --self-add-shdrs=TRUE --self-vendor-id=01000002 --self-app-version=0004000100000000 --self-type=NPDRM --self-fw-version=0004008100000000 --np-license-type=FREE --np-content-id=EP4183-NPEB00344_00-LOVEFILMFULL0100 --np-app-type=EXEC --np-real-fname="EBOOT.BIN" --encrypt "EBOOT.elf" "EBOOT.BIN"

    Thanks
     
    esc0rtd3w likes this.
  16. 1,200
    2,922
    397
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    1,200
    Likes Received:
    2,922
    Trophy Points:
    397
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    yeah, for sure a possibility. Let me look over IDA notes and make a few different EBOOT and SPRX patched files to upload with different "shot-in-the-dark" modifications. :eek new: I may just install the same CFW as you for testing.
     
    Rajesh Dutta likes this.
  17. 11
    12
    7
    Rajesh Dutta

    Rajesh Dutta Forum Noob

    Joined:
    Jul 20, 2017
    Messages:
    11
    Likes Received:
    12
    Trophy Points:
    7
    Gender:
    Male
    Sure.... I am praying any of your dark shot will work..... At the end hope is the only thing which let us move forward.....:adoration:
     
    esc0rtd3w likes this.
  18. 7,846
    6,526
    647
    bguerville

    bguerville Moderator

    Joined:
    Feb 25, 2015
    Messages:
    7,846
    Likes Received:
    6,526
    Trophy Points:
    647
    Location:
    Earth
    Anything is possible of course but I doubt that this is an issue related to Rebug 4.81 CFW alone..
     
    esc0rtd3w likes this.
  19. 137
    94
    57
    catalinnc

    catalinnc Member

    Joined:
    Dec 26, 2015
    Messages:
    137
    Likes Received:
    94
    Trophy Points:
    57
    please, upload your modded elfs (when ready!) and i will PROPER re-sign them...
    _

    L.E. i am on the phone now...tomorrow (when i have access to a PC) i will post the PROPER scetool re-sign lines for each of the self/sprx...the template method is good BUT will not allow resigning for lower CFWs (ex: if the self is signed for 475 the template method will re-sign it for 475)...
    _
     
    Last edited: Jul 22, 2017
    esc0rtd3w likes this.
  20. 1,200
    2,922
    397
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    1,200
    Likes Received:
    2,922
    Trophy Points:
    397
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    I just installed Habib 4.70 1.01 CFW to test and it has the same freezing black screen......so.......

    @Rajesh Dutta can you upload an EBOOT.BIN and IGNITION.SPRX unmodified and re-signed for me to see if it boots?

    @catalinnc what are you re-signing with? can you post a link to your scetool and script (if used)??

    for the record, I have only had issues with Amazon and Hulu, which I figured out the Hulu issue long ago for re-signing, but no PSN bypass, and the Amazon app looks easier to bypass but no re-signing?!?!? :confused:


    EDIT 1: I just re-installed Rebug 4.81.2 and Amazon loaded right up with re-signed EBOOT :beaten::beaten::beaten:

    On to IDA again...will post updates!! :topsy turvy:


    EDIT #2: I also re-signed ignition.sprx and the app loaded without issues. I guess i had some shit in the flash!!!
     
    Last edited: Jul 22, 2017

Share This Page