Nas_Plugi a dévoilé une nouvelle clé de la PS3, et cette fois-ci c'est une clé publique PSISOIMG0000 servant au décryptage des jeux PS1 sur la PS3.La voici la voilà, la clé publique :
948DA13E8CAFD5BA0E90CE434461BB327FE7E080475EAA0AD3AD4F5B6247A7FDA86DF69790196773
Cette clé est disponible dans les fichiers ps1_newemu.self et ps1_netemu.self du firmware et possède un curve type 2 (vsh-curves).
Hi
I thought I would share my findings about the PSX Eboots. (official ones )
It’s by far not complete, there is still many unknown. (atleast to me)
(I haven’t found a place with a proper discussion about it yet :/ )
But I hope with the help of others we are able to reverse engineer the format much quicker
Feel free to correct me If I got something wrong
keys.bin
16 Byte file with the “keys” required to run the game?
If you try to run the game without the keys.bin present it gives you CA000005 error on 3.02 OE-B. I don’t know if this is a custom error code from Dax?!
Used for XOR encryption -> memory card?!
document.dat
According to Dax bunch of pngs which hold the manual
Encrypted
Infact if you try to enter the manual with no document.dat present, it states that there is no user manual.
You can however switch document.dat, it doesn’t seem to be tied to the eboot (I could open Cool Boarders 2 manual even though I was playing Hot Shots Golf )
16 byte header which is the same on every document.dat.
Starting with magic key 0″PGD”, 0 Byte is followed by PGD
followed by 2 4bytes which MSB is 1 and other 0 then followed by 4 0 Bytes to finish of the header.
Quote:
00 50 47 44 01 00 00 00 01 00 00 00 00 00 00 00
Eboot.pbp
Contains the compressed ISO image of the psx game.
40Byte header, just like any other pbp.
Contains offset to:
-sfo
-icon0 (icon you’ll see in the xmb)
-pic0(semi transparent png which is always in front of pic1)
-pic1(full res background)
-psp
-psar
Psar offset points to
“PSISOIMG0000″ followed by 4 Bytes of unknown purpose.
(Maybe some offset?)
16 bytes header, however only the last 4 bytes differ from eboot to eboot.
Resident Evil Directors Cut [JP]
Quote:
50 53 49 53 4F 49 4D 47 30 30 30 30 00 B3 82 16
Cool Boarders [US]
Quote:
50 53 49 53 4F 49 4D 47 30 30 30 30 C0 DD 7D 11
Hot Shots Golf 2 [US]
Quote:
50 53 49 53 4F 49 4D 47 30 30 30 30 40 C2 F6 08
Immediately after the PSISOIMG0000 header there are some 0 bytes, which size vary from eboot to eboot
(Note, there are some 0 bytes before the PSISOIMG0000 label too)
After the 0 bytes there’s a PGD header of unknown purpose
At the very bottom of every PSX Eboot you can find a PNG image.
(I still have to figure the offset to it out)
This is simply the image you will see when you execute your PSX Eboot.
On a non PSX Eboot you would see the gameboot.pmf.
I think it can be changed without breaking the eboot.
Then after the PNG image, theres another PGD header also of unkown purpose. After it -> EOF.
(Maybe the 2 PGD files in it are responsible for the way the manual works.
e.g When you browse through the manual and say exit it at page 15 and then you reenter the manual or reenter after you exited the game it’s still at page 15.
I tested it on document.dat, leaving it on page 15 and then on page 20, nothing changed, file is still the same.
So there must be some indicator that keeps track of which page you browsed the last, maybe these two PGD’s have something to do with it?!)
Savegames
It saves at ms0:/PSP/SAVEDATA/GAMEID
param.sfo
Ordinary param.sfo
icon0.png
Png which was extracted from the eboot
config.bin
Always 1024 bytes.
Purpose yet to be revealed
memcard1.dat/memcard2.dat
Always 131104 bytes.
Most likely imitates the playstation memory card file system
Encrypted (xor keys.bin?!)
Yeah that’s it for now, tell me what you think
Mais à quoi ça sert ?
Ca pourrait servir à avoir un émulateur PS1 pour lire des backups. Petit à petit, toutes les fonctionnalités du dongle Cobra pourraient être disponible ... ?
Source : http://www.ps3hax.net/2012/09/psisoimg0000-mistery-key-psonepsx-related/
Flux RSS