Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS3 CFW and Hacks       Thread starter PSXHAX       Start date Aug 2, 2017 at 11:17 PM       44      
Continuing the PS3 Data Transfer Utility (DTU) Methods following PS3 PKG Game Transfer to OFW Rumors and the release of CFW2OFW Helper v8 comes a PS3 OFW Bubble Maker for DTU Method script by PlayStation 3 developer @esc0rtd3w to create bubbles on OFW using the DTU method and a CFW console complete with source code and details below. :thumbup:

Download: PS3 OFW Bubble Maker / GIT

PS3 OFW Bubble Maker For DTU Method by Esc0rtd3w.pngTo quote from esc0rtd3w as outlined in the README.md:

PS3 OFW Bubble Maker Tool For DTU Method

This is another side project of mine that I figured I would release. Now slow down, this is nothing groundbreaking!!! :teary:

This will allow you to create bubbles on OFW using the DTU method and a CFW console.

It lets you drag & drop packages, edit XMB text, and change icon. Everything is automated and it will transfer all created files to the PS3 when finished. If you continue to make bubbles, the IP address is saved so you don't have to re-enter it every time.

Supports multiple bubble creation (not sure the limit!!!) and will automatically increment the output directory number to create new bubbles.

From my testing, it will allow you to install any ORIGINAL package on OFW from a cute little bubble. (-8 The benefit of this at the moment seems meaningless, but I thought it was a neat setup to get bubbles on OFW. Maybe better things will be in the future!!

** THE SCREENSHOTS ARE FROM THE FIRST BUILD AND HAVE SINCE CHANGED A BIT **

PS3 OFW Bubble Maker for DTU Method by Esc0rtd3w 2.png

PS3 OFW Bubble Maker for DTU Method by Esc0rtd3w 3.png

PS3 OFW Bubble Maker for DTU Method by Esc0rtd3w 4.png

PS3 OFW Bubble Maker for DTU Method by Esc0rtd3w 5.png

PS3 OFW Bubble Maker for DTU Method by Esc0rtd3w 6.png

PS3 OFW Bubble Maker for DTU Method by Esc0rtd3w 7.png

PS3 OFW Bubble Maker for DTU Method by Esc0rtd3w 8.png

PS3 OFW Bubble Maker for DTU Method by Esc0rtd3w 9.png

Cheers to both RLC for letting us know in the ongoing thread and esc0rtd3w for the follow-up! :beer:
 

Comments

esc0rtd3w

Developer
Member
Contributor
@Arch91 extra kudos for the directory traversal attack. I have applied this technique in some javascript hax testing for some PS3 apps

I will try and update the GitHub repo with your new method and also add some test d0 and d1 files for templating, plus some more customization for all the variables, so different bubble types can be built and tested faster.

Any other ideas you have, let me know and i can add it to the scripting or templates
 

Arch91

Member
Contributor
Verified
esc0rtd3w said:
I have seen PS1 and PSP packages not delete the bubble for some reason during my testing.
esc0rtd3w said:
different bubble types can be built and tested faster.
Will wait for the unremoveable bubbles. No need to download (and even to pay for download) from PSN if you know that there is only one pkg will be installed. I think we will not be able to see more in other files which will goal to only one pkg is installed.

As for the scripting, while executing ps3-ofw-bubble-maker.bat - in part where it is doing ftp transfer to the PS3 - maybe you should edit the next lines:
Code:
echo user ps3>>%tempFile%
echo ps3>>%tempFile%
- as it is "rumbling" for the ps3 command. And also these lines:
Code:
echo mkdir %pathRemote%>>%tempFile%
echo mkdir %pathRemote%/game_pkg>>%tempFile%
echo mkdir %pathRemote%/game_pkg/%pkgNumberBase%>>%tempFile%
- my ps3 with Rogero 4.50 is not able to get mkdir command through ftp (maybe it is available on CFWs with PL3 additions). So, everyone who meet that should create 80000000 folder in /dev_hdd0/vsh/game_pkg/ path by he-/she-self.

Please, write here when you made the changes and have something to test.
 

esc0rtd3w

Developer
Member
Contributor
As for the scripting, while executing ps3-ofw-bubble-maker.bat - in part where it is doing ftp transfer to the PS3 - maybe you should edit the next lines:
Code:
echo user ps3>>%tempFile%
echo ps3>>%tempFile%
- as it is "rumbling" for the ps3 command.

i will check that out, I thought it was using it for password, although i could just have it do anonymous.

And also these lines:
Code:
echo mkdir %pathRemote%>>%tempFile%
echo mkdir %pathRemote%/game_pkg>>%tempFile%
echo mkdir %pathRemote%/game_pkg/%pkgNumberBase%>>%tempFile%
i originally added the extra lines to create a directory if it doesnt exist already. I only tested on Rebug 4.81.2 for the FTP and it worked. It was failing if the game_pkg or 80000000 directory was not created so those lines were added. I will see what i can do with getting the scripting cleaned up a bit and look at those issues.

Thanks for the feedback!


Edit #1: here the original d0 and d1 pdb files that i posted screenshots of before. I am trying to gather a few more from the PSN store....just trying to get banned....lol :p

do+d1_pdb_in_tmp_np_pkg_before_moving.zip
do+d1_pdb_after_moving_to_vsh-game_pkg-80000001.zip

i am also updating GitHub repo and will post when new stuff has been added.


Edit #2: here are some more d0 and d1 files from PSN Store downloads for testing.

These are files that were re-created under "/vsh/task/" by the PS3, after removing them with FileZilla while the PSN Store was running
These were created under "/vsh/task/" after pressing "Background Download" from the PSN Store
I have not had time to look through these thoroughly yet, but feel free to check them out and see if anything can be made of them. I will be looking at these more closely, soon.


Edit #3: here is another test using Dead or Alive 5 Last Round. This one does a couple things differently. It creates a "UP4108-NPUB31289_00-DOA5UHDDBOOT0000.rif" file under "/home/$user/exdata", and also creates 2 different sets of PDB files depending on what "stage" it is in.

I have posted all 3 files to also see what others and myself can come up with.

do-d1-bubble--test--NPUB31289--task--created-rif.zip
do-d1-bubble--test--NPUB31289--task--during-processing-large-file.zip
do-d1-bubble--test--NPUB31289--task--after-processing-large-file.zip


Edit #4: here are a couple more test files to try, all the DLC seems to create a RIF file.

This one is from a Free Demo Game...actually the ONLY one listed in store

This one is from Free DLC addon from Nascar 2016 Season Update

This one is also from DLC. Ace Combat Zero Decal Set

This 1st attempt partial is from Valyria Revolution Special Issue Ragnite Shards
* This is difficult capturing a 100KB download and install before it erases itself! :ninja:

it is also worth noting that the VSH keeps track of what number directory it should be on, even if removed.

I am currently (brand new idea...lol) writing a hrrmmmm.... Bubble Basher script to repeatedly try pulling files from console via FTP, to get those stubborn small files. I will report on that and probably just integrate it into the Bubble Maker.

as kind of a side note, I am slightly to fairly confident that most, if not all of these functions can be replicated on OFW using a modified PSN Store....currently in testing WIP :sneaky:
 
Last edited:

Arch91

Member
Contributor
Verified
I looked at every attach you made. You've done big job... Each PSN download contains only one pkg for installing. So, nothing new.

I am not saying for sure, but if you ask me - I would say that we can not use bubbles to download certain pkg, or create a rif, or activate console, or create act.dat file (I am still unsuccessfully looking for the way how to get an official act.dat file for my PS3 with OFW 4.50...). I suppose that for all these cases I just listed here, the d0.pdb and d1.pdb and etc. nearby files are just temporary log files with only one action - pkg install. Like an air for us after the flora's photosynthesis.

However, while looking on those files attached by you, I had an idea to create a task folder with the files which you get while downloading-pkg-file. BUT I think it is bad idea. Take a look at any dx.pdb file (except from Edit #1 attaches) - all your files have this 20bytes length value: A7 F8 37 ... CB 56 8A . I think it might be something that belongs to your personal data. Maybe even to account. Can you, please, search for this value in your ps3 user's exdata act.dat file ? (but DO NOT attach it either here or anywhere.) Write here whenever it has this value or it has not. It can be presented as a rewerted like A8 65 BC ... 73 8F 7A

So, why I consider that action of pkg-downloading task test as bad idea - we are downloading from sony zone. Maybe it can be ban dangerous to use "third-party" files when operating official - that's from one side. And from other side - the goal - is nothing. For what?..

By the way, you said that you
esc0rtd3w said:
have seen PS1 and PSP packages not delete the bubble for some reason during my testing.
Can you re-create the conditions/environment of that moment and make a search for the bubble's undeletable skill again?
 

esc0rtd3w

Developer
Member
Contributor
I looked at every attach you made. You've done big job...
Thanks!

(I am still unsuccessfully looking for the way how to get an official act.dat file for my PS3 with OFW 4.50...)

I think the only way to do it, which I did on my test 3001 OFW box, is dump NOR with E3 flasher and extract IDPS. Then I used IDPSet on CFW PS3 to change my IDPS and PSID to match the OFW box. It created an act.dat file......now....is it 100% the same one it creates on the OFW with the same CID?? I don't know, but i would think so. :confused:

I am not saying for sure, but if you ask me - I would say that we can not use bubbles to download certain pkg, or create a rif, or activate console, or create act.dat file
You are probably right, but never say never :D

I suppose that for all these cases I just listed here, the d0.pdb and d1.pdb and etc. nearby files are just temporary log files with only one action - pkg install. Like an air for us after the flora's photosynthesis.

However, while looking on those files attached by you, I had an idea to create a task folder with the files which you get while downloading-pkg-file. BUT I think it is bad idea. Take a look at any dx.pdb file (except from Edit #1 attaches) - all your files have this 20bytes length value: A7 F8 37 ... CB 56 8A . I think it might be something that belongs to your personal data. Maybe even to account. Can you, please, search for this value in your ps3 user's exdata act.dat file ? (but DO NOT attach it either here or anywhere.) Write here whenever it has this value or it has not. It can be presented as a rewerted like A8 65 BC ... 73 8F 7A

So, why I consider that action of pkg-downloading task test as bad idea - we are downloading from sony zone. Maybe it can be ban dangerous to use "third-party" files when operating official - that's from one side. And from other side - the goal - is nothing. For what?..
If I were to give you my 3001 test OFW dumps, and you did not flash the CID, or take it online and get it banned :eek: (it's the same one I use for PSN store testing), then I could PM you the files :ninja:
 
Last edited:

Arch91

Member
Contributor
Verified
Arch91 said:
(I am still unsuccessfully looking for the way how to get an official act.dat file for my PS3 with OFW 4.50...)
esc0rtd3w said:
I think the only way to do it, which I did on my test 3001 OFW box, is dump NOR with E3 flasher and extract IDPS. Then I used IDPSet on CFW PS3 to change my IDPS and PSID to match the OFW box. It created an act.dat file......now....is it 100% the same one it creates on the OFW with the same CID?? I don't know, but i would think so. :confused:
I am reporting you here and now that it is not the act.dat which your 3001 would create in usual way. Here that I was doing:
  • I was in time to obtain ConoleID of my SuperSlim using Cobra ODE's IDPS Dumper (however, I am still on OFW 4.50 and it still works for me)) ). About PSID - I don't remember how I obtained this. Maybe from save file?.. And the MAC-address.
  • at that time of global test, I had two PS3s with CFW - CHECHG08 Rogero 4.50 ("opened" CPU case and it is a break) and CECHL08 Rogero 4.50 (have it still now). So, I wanted to log in to PSN from both PS3s with CFW using these data from PS3 with OFW. How I did that:
  • I prepared files.txt with ConsoleID, PSID and MAC-address for SEN Enabler uses. Also created user which number and name are same from SuperSlim. And also injected accountID to xregistry.sys to /dev_flash1. Cleaned the story, changed the MAC-address, spoofed the data, made fake-OFW info and login from my account. Downloaded Tekken Revolution. RIF-file and act.dat appeared in exdata. Transfering the game, RIF-file and act.dat to the same right places on SuperSlim. Launching... an error, which means that SuperSlim do not accepts either act.dat or RIF-file. And after SuperSlim reboot - it deletes act.dat which totally means that it do not accepts act.dat.
  • next, I disactivated from account the PS3 with CFW I just entered with spoofing to PSN and repeated the same steps on other PS3 with CFW. Same result. Now I have two act.dat files which supposed to be the same. If to differ them in HEX, they have the same data in offsets 0000-086F 0880-0ECF but other offsets are different.
Also I did same test (except accountID and user datas) with ConsoleID, PSID and MAC-address which were flashed to CECHG08 (because SuperSlim have NAND and CECHG have NAND) - same result.

Nevertheless, that's another story. I have many global-test stories to tell and everyone of them is fail. Let's return to bubbles)
esc0rtd3w said:
If I were to give you my 3001 test OFW dumps, and you did not flash the CID, or take it online and get it banned :eek: (it's the same one I use for PSN store testing), then I could PM you the files :ninja:
Thanks for the trust, but what should I do with your dumps? I just asked you to open d0.pdb and your act.dat in some HEX-editor and search for that 20bytes length value I described above.

And, once again, pay attention for the bubble from PS1/PSP package which was not deleted. Remember it and test again.
 

esc0rtd3w

Developer
Member
Contributor
@Arch91 i checked the act.dat and did not find those hex values or similar. I did see the area you were referring to (0x6D - 0x9C)

there probably is nothing more that can be done except what it is... replicate a bubble structure that installs an original package. I will see about the bubble removal issue when I have time.
 

Arch91

Member
Contributor
Verified
So... esc0rtd3w, did you do something in that way related? Have you a PSOne Classics Game available to download?

Has anyone such game available to download it from PSN in original way? (Everyone is welcome)
 

B7U3 C50SS

~ Team_Zer0 ~
Senior Member
Contributor
So... esc0rtd3w, did you do something in that way related? Have you a PSOne Classics Game available to download?

Has anyone such game available to download it from PSN in original way? (Everyone is welcome)

I personally loved this game enough to buy it on the N.Sane trilogy. I love Crash! ;)

EDIT The old domain was suspended. I don't know the story behind it.
 

Arch91

Member
Contributor
Verified
B7U3 C50SS, this is not that I meant. I do not need the pkg itself, I need that someone download the PSOne Classics game from PSN in the official way - then the bubble appeares.

Next, it is needed that /dev_hdd0/vsh/gamepkg/800000X directory is someway copied to PC and uploaded for downloading.
 
Top