Jump to content


Super Admin
  • Posts

  • Joined

  • Last visited

  • Days Won


zecoxao last won the day on July 8

zecoxao had the most liked content!


1,374 Excellent



About zecoxao

  • User Group: Super Admin

  • Member ID: 29

  • Post Count: 902

  • Posts Per Day: 0.34

  • Total Rep: 1,374

  • MOTD's Won: 94

  • Joined: 08/02/2014

  • With Us For: 2639 Days

  • Last Activity:

  • Currently:

  • Age: 31

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

9,317 profile views
  1. Special Thanks to Anonymous for helping me with this, and to @softstarfor providing the elfs You'll need: An FTP Payload with CUSTOM DECRYPT command (you can compile it from scene-collective github repo) A target file (i've chosen 5.05's SceShellCore for this) in both encrypted and decrypted state. Filezilla Hashing tool (i use WSL with sha256sum tool) Step1: Send FTP Payload Step2: Grab the encrypted SceShellCore (at /system/vsh/) Step3: Use custom DECRYPT command (in filezilla, this can be found in Server->Indicate personalized command...) Step4: Grab decrypted SceShellCore (same location but now DECRYPT is toggled ON) Step5: Hash the decrypted elf (sha256sum SceShellCore.elf) Step6: Compare it with the FIRST 0x20 bytes that look like random data. If they match, your elf is OK, if they don't match, retry to download the elf with DECRYPT toggled on until it matches. This concludes the tutorial added 7 minutes later some pics:
  2. Required Tools: python2 ecdsa python module pycryptodome module verify_eid.py file (provided in the zip) donor file (provided in the zip) (WARNING, contains DECH-A idps minver! do NOT push your luck by by going below the previous idps minver!) advanced tools (provided in the zip) eid_root_key (get this either with flatz's dumper or rebug toolbox's embedded dumper) eid file (you can get this by running advanced tools->dump_eeid and renaming eeid.bin to eid) Steps: 1- Place ALL of the files required in the same folder The structure MUST BE: folder: --------eid --------eid_root_key --------donor --------verify_eid.py 2- Run the script: python2 verify_eid.py 3- Make sure that the ECDSA values are VALID (if the idps is INVALID and the CMAC is INVALID, they'll be VALID later) 4- rerun the script 5- Make sure that ALL 3 values are VALID 6- Install Advanced Tools 7- Place your newly modified eid in the root of usb stick. rename it to eeid.bin 8- Run Advanced Tools->Flash EEID 9- Congratulations! You're now on full DEX system! You can now go to any DEX OFW without siren beep (validation brick) Tools: https://www.sendspace.com/file/zi8adp
  3. added lv1 internal folder with embedded internal lv1 processes from ebootroms previous to 0.84.001 Updated databases via Lumina Push n Pull (January 1st 2021)
  4. Currently uploaded: lv0 (ssl) lv1 (picard) lv2 (picard) vsh (ssl) ss_server1(ssl) ss_server2(ssl) pme_init(picard) sys_init_osd(ssl)
  5. This is a project i've been aiming to do for a while, but never got the resources needed to do so. Now that i do (IDA 7.5 with latest decompilers) I can start it and people can contribute as well, using Lumina or via their own hands at home. The first .c file and its corresponding database will be submitted and i'll add more and more throughout edits. It'll all be posted in this post added 3 minutes later For now, let's start with lv1 from 4.46 ( 3141card has reversed this and he's very good and what he has done ) Folder Link: https://mega.nz/folder/09V3nC5b#-pzGqyoGkjMEhKyCwjmOrw
  6. https://github.com/balika011/belf/releases no links for pirate content has to be done manually
  7. Tools Required: IDA Pro or Ghidra with proper ps4 loaders / tools (i'll be using IDA Pro 7.x with balika's loader for this) Hexeditor of choice (I Use HxD) Flatz's required functions, They are as follows: 7CxI50-xlCk +OnbUs1CV0M xmhnAoxN3Wk pMxXhNozUX sometimes they have underscore behind them so: _7CxI50-xlCk _+OnbUs1CV0M _xmhnAoxN3Wk _pMxXhNozUX eboot of the game you want to fix (for example fifa 20) in ELF format, NOT FSELF! The process: Load your eboot with IDA and balika's loader, the process will be similar to this when it finishes loading go to the pink area at the bottom (the nids) under functions window patch all these from so ff 25 72 ff 25 6a ff 25 62 ff 25 5a to 31 C0 C3 apply and your EA Eboot should work properly together with 5.05 backport tools this concludes the tutorial Credits: @flatz for the original discovery @Joonie for the implementation and POC in the scene
  8. blc is a plugin that was created to implement Ghidra's decompiler natively into Ida Pro. it works really well for most languages but not ps3 ppu elfs, which is why i decided to add support for them (hardcoded still at the moment). https://www.sendspace.com/file/izd2pe first you must download this (Ghidra folder) and extract it under your IDA 7.0 or 7.2 plugins directory Then, according to the module you'll be studying, you download this https://www.sendspace.com/file/caywmf and start reversing away with alt+f3 for decompilation of function Enjoy RE! Note: I have fixed the 64 bit addr bug, so the ppc_64.cspec comes already bundled in the first zip. For @mysis and @3141card in case they need
  9. Just spoke to him directly on skype. he is investigating
  10. With these steps you'll be able to set up a proxy on your main psn ps4 machine and grab some pkgs you purchased or visit other links: Tools required: .Net 1.1 (in case you don't have it) and PS3 Proxy Server Gui https://www.sendspace.com/file/f98qv5 cmd line to know your ip Step 1: Install .net 1.1 Step 2: Install PS3 Proxy Server Gui Step 3: Start the cmd line and copy your PC ip (in my case it's https://imgur.com/a/nUku3xD Step 4: Start PS3 Proxy GUI and choose PS3 Mode (it's located in C:\Program Files (x86)\CF3B5\PS3.ProxyServer, double click it) Step 5: Start the proxy https://imgur.com/a/KYUWM0i Step 6: On your ps4 settings->network settings, do a manual connection and select the pc ip (in this case as ip, port should already be 8080. Step 7: Check Logs in PS3 Proxy Server GUI, you should have some with ps4 connections Credits to Andrew2007 for letting me know the proxy server works on ps4 and we don't need no charles for this or skfu
  • Create New...