Remove EBOOT.BIN Encryption ?

[STRATEGIZER]

Iv searched all day on how to remove the encryption from the EBOOT.BIN but haven't been able to find out what I need to know. I know its possible because I have seen lots of 3.55 EBOOT.BIN's modified for 3.41 flying around & they have had the encryption removed... (Another words the EBOOT.BIN is open & not encrypted & doesnt need to be encrypted to be used).

Anyone know how to do this or have a link to a "How to" ?

Thanks.

[chesh]

I think this has the info you're looking for: http://psx-scene.com/forums/f187/%5B...-eboots-74649/ ([EASIEST GUIDE YET] BDVD into HDD/USB/CF/MS/SD EBOOTs.)

[STRATEGIZER]

I think this has the info you're looking for: http://psx-scene.com/forums/f187/%5B...-eboots-74649/ ([EASIEST GUIDE YET] BDVD into HDD/USB/CF/MS/SD EBOOTs.)

Yes I know how to do that but I want to be able to encrypt the EBOOT.BIN without making it into a .pkg game. Get me ? The game Im using is Bulletstorm & it can be run from a .pkg...

Im modding the game but to do so I need to be able to encrypt the EBOOT.BIN after I have made changes. ATM the only way Im able to do this is with a pre-modded 3.41 EBOOT.BIN with the encryption removed.

[cookie42]

Look at this thread. http://psx-scene.com/forums/f187/ebo...ository-74327/ (EBOOT.bin repository)
Fortunately unself works properly now, so additional steps probably are longer required, maybe you can just unself the eboot, change the tag on each section from encrypted to not encrypted and change another tag to an fself, then rename to eboot.bin. So look at step 7 and 8. Oh yeah, change the tags to say it's not compressed too. For detailed information of the self file format, look here. http://ps3devwiki.com/index.php?titl...and_Decryption
I may have missed something, but i'm pretty sure that it...

TUTORIAL On how to modify Eboot.bin yourself to try to make it works !
Originally Posted by Veritas?
I've actually written this a few times and promptly lost it due to browser instability. Oops.

Anyway, this guide requires you to have some knowledge of how the SELF and ELF file formats are laid out. I don't have a quick tool to do this for me, but it takes maybe 5 minutes of my time to do it by hand.

1. Open EBOOT.BIN in a hex editor of your preference.
2. In EBOOT.BIN, look at the SELF control info, if you see anything resembling the game titleid, it's an NPDRM SELF and this guide won't work, give up.
3. Use readself on EBOOT.BIN to get information about the encrypted metadata sections.
4. unself EBOOT.BIN eboot.elf
5. Open eboot.elf in a hex editor of your preference.
6. In eboot.elf, go to every encrypted metadata section (now decrypted), copy its data, and replace the encrypted data in EBOOT.BIN.
7. In EBOOT.BIN, change SELF header to indicate it's FSELF.
8. In EBOOT.BIN, change SELF section headers that are marked as encrypted to say they are not encrypted.
9. If the game is a newer SDK version (like GT5, which is 3.50), in EBOOT.BIN, find the .sys_proc_param segment and change the SDK version to something earlier, such as 3.41. This will probably cause crashes in games that actually use newer SDK features that are not available in earlier SDK versions.
10. Save EBOOT.BIN
11. Cross fingers, run game, hope it works.

[STRATEGIZER]

Look at this thread. http://psx-scene.com/forums/f187/ebo...ository-74327/ (EBOOT.bin repository)
Fortunately unself works properly now, so additional steps probably are longer required, maybe you can just unself the eboot, change the tag on each section from encrypted to not encrypted and change another tag to an fself, then rename to eboot.bin. So look at step 7 and 8. Oh yeah, change the tags to say it's not compressed too. For detailed information of the self file format, look here. SELF File Format and Decryption - PS3 Development Wiki
I may have missed something, but i'm pretty sure that it...

This is what I was looking for ! Thanks for the reply & link.

[STRATEGIZER]

Look at this thread. http://psx-scene.com/forums/f187/ebo...ository-74327/ (EBOOT.bin repository)
Fortunately unself works properly now, so additional steps probably are longer required, maybe you can just unself the eboot, change the tag on each section from encrypted to not encrypted and change another tag to an fself, then rename to eboot.bin. So look at step 7 and 8. Oh yeah, change the tags to say it's not compressed too. For detailed information of the self file format, look here. SELF File Format and Decryption - PS3 Development Wiki
I may have missed something, but i'm pretty sure that it...

Does this look correct to you ?

Code:

STRATEGIZER@STRATEGIZER-PC ~
$ readself EBOOT.BIN
SELF header
  elf #1 offset:  00000000_00000090
  header len:     00000000_00000980
  meta offset:    00000000_00000410
  phdr offset:    00000000_00000040
  shdr offset:    00000000_062e3fb8
  file size:      00000000_062e3e88
  auth id:        10100000_01000003 (Unknown)
  vendor id:      01000002
  info offset:    00000000_00000070
  sinfo offset:   00000000_00000290
  version offset: 00000000_00000390
  control info:   00000000_000003c0 (00000000_00000070 bytes)
  app version:    1.0.0
  SDK type:       Devkit
  app type:       application

Control info
  control flags:
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  file digest:
     62 7c b1 80 8a b9 38 e3 2c 8c 09 17 08 72 6a 57 9e 25 86 e4
     e2 d9 00 e7 4e f6 4a 27 5a c5 f7 82 c8 5b 54 34 50 ad e7 c4

Section header
    offset             size              compressed unk1     unk2     encrypted
    00000000_00000980  00000000_01be4768 [NO ]      00000000 00000000 [NO ]
    00000000_01bf0980  00000000_000a8d80 [NO ]      00000000 00000000 [NO ]
    00000000_01c99700  00000000_00000000 [NO ]      00000000 00000000 [NO ]
    00000000_01c99700  00000000_00000000 [NO ]      00000000 00000000 [NO ]
    00000000_01c99700  00000000_00000000 [NO ]      00000000 00000000 [NO ]
    00000000_01c4f1d4  00000000_00000290 [NO ]      00000000 00000000 [N/A]
    00000000_01be5080  00000000_00000028 [NO ]      00000000 00000000 [N/A]
    00000000_01be50a8  00000000_00000040 [NO ]      00000000 00000000 [N/A]

Encrypted Metadata
  no encrypted metadata in fselfs.

ELF header
  type:                                 Executable file
  machine:                              PowerPC64
  version:                              1
  phdr offset:                          00000000_00000040
  shdr offset:                          00000000_062e36c8
  entry:                                00000000_01c4f120
  flags:                                00000000
  header size:                          00000040
  program header size:                  00000038
  program headers:                      8
  section header size:                  00000040
  section headers:                      31
  section header string table index:    30

Program headers
    type  offset            vaddr             paddr
          memsize           filesize          PPU  SPE  RSX  align
     LOAD 00000000_00000000 00000000_00010000 00000000_00010000
          00000000_01be4768 00000000_01be4768 r-x  r--  ---  00000000_00010000
     LOAD 00000000_01bf0000 00000000_01c00000 00000000_01c00000
          00000000_004c3e18 00000000_000a8d80 rw-  rw-  ---  00000000_00010000
     LOAD 00000000_01c98d80 00000000_00000000 00000000_00000000
          00000000_00000000 00000000_00000000 r--  ---  ---  00000000_00010000
     LOAD 00000000_01c98d80 00000000_00000000 00000000_00000000
          00000000_00000000 00000000_00000000 rw-  ---  ---  00000000_00010000
     LOAD 00000000_01c98d80 00000000_00000000 00000000_00000000
          00000000_00000000 00000000_00000000 rw-  rw-  rw-  00000000_00010000
    ????? 00000000_01c4e854 00000000_01c5e854 00000000_01c5e854
          00000000_00000290 00000000_00000290 r--  ---  ---  00000000_00000008
    ????? 00000000_01be4700 00000000_01bf4700 00000000_01bf4700
          00000000_00000028 00000000_00000028 ---  ---  ---  00000000_00000008
    ????? 00000000_01be4728 00000000_01bf4728 00000000_01bf4728
          00000000_00000040 00000000_00000040 ---  ---  ---  00000000_00000004

Section headers
  [Nr] Name            Type      Addr              ES Flg Lk Inf Al
       Off                       Size
  [00] <no-name>       NULL      00000000_00000000 00     00 000 00
       00000000_00000000         00000000_00000000
  [01] <no-name>       PROGBITS  00000000_00010200 00 wa  00 000 04
       00000000_00000200         00000000_0000002c
  [02] <no-name>       PROGBITS  00000000_00010230 00 wa  00 000 16
       00000000_00000230         00000000_017fe178
  [03] <no-name>       PROGBITS  00000000_0180e3a8 00 wa  00 000 04
       00000000_017fe3a8         00000000_00000024
  [04] <no-name>       PROGBITS  00000000_0180e3cc 00 wa  00 000 04
       00000000_017fe3cc         00000000_00004a98
  [05] <no-name>       PROGBITS  00000000_01812e64 00  a  00 000 04
       00000000_01802e64         00000000_00000150
  [06] <no-name>       PROGBITS  00000000_01812fb4 00  a  00 000 04
       00000000_01802fb4         00000000_00000554
  [07] <no-name>       PROGBITS  00000000_01813508 00  a  00 000 04
       00000000_01803508         00000000_00000004
  [08] <no-name>       PROGBITS  00000000_0181350c 00  a  00 000 04
       00000000_0180350c         00000000_00000004
  [09] <no-name>       PROGBITS  00000000_01813510 00  a  00 000 04
       00000000_01803510         00000000_00000004
  [10] <no-name>       PROGBITS  00000000_01813514 00  a  00 000 04
       00000000_01803514         00000000_000003c8
  [11] <no-name>       PROGBITS  00000000_018138dc 00  a  00 000 04
       00000000_018038dc         00000000_00000004
  [12] <no-name>       PROGBITS  00000000_018138e0 00  a  00 000 32
       00000000_018038e0         00000000_0023ad48
  [13] <no-name>       PROGBITS  00000000_01a4e680 00  ae 00 000 128
       00000000_01a3e680         00000000_001a6080
  [14] <no-name>       PROGBITS  00000000_01bf4700 00  ae 00 000 08
       00000000_01be4700         00000000_00000028
  [15] <no-name>       PROGBITS  00000000_01bf4728 00  a  00 000 04
       00000000_01be4728         00000000_00000040
  [16] <no-name>       PROGBITS  00000000_01c00000 00  ae 00 000 04
       00000000_01bf0000         00000000_00000244
  [17] <no-name>       PROGBITS  00000000_01c00244 00  ae 00 000 04
       00000000_01bf0244         00000000_0000019c
  [18] <no-name>       PROGBITS  00000000_01c003e0 00  ae 00 000 04
       00000000_01bf03e0         00000000_00000004
  [19] <no-name>       PROGBITS  00000000_01c003e8 00  ae 00 000 08
       00000000_01bf03e8         00000000_0000adf8
  [20] <no-name>       PROGBITS  00000000_01c0b1e0 00  ae 00 000 04
       00000000_01bfb1e0         00000000_00000554
  [21] <no-name>       PROGBITS  00000000_01c0b738 00  ae 00 000 08
       00000000_01bfb738         00000000_0004dbe8
  [22] <no-name>       PROGBITS  00000000_01c59320 00  ae 00 000 08
       00000000_01c49320         00000000_00005534
  [23] <no-name>       PROGBITS  00000000_01c5e854 00  ae 00 000 04
       00000000_01c4e854         00000000_00000004
  [24] <no-name>       PROGBITS  00000000_01c5e858 00  ae 00 000 08
       00000000_01c4e858         00000000_0000028c
  [25] <no-name>       PROGBITS  00000000_01c5eb00 00  ae 00 000 128
       00000000_01c4eb00         00000000_00049d5c
  [26] <no-name>       PROGBITS  00000000_01ca8860 00  ae 00 000 128
       00000000_01c98860         00000000_00000520
  [27] <no-name>       NOBITS    00000000_01ca8e00 00  ae 00 000 256
       00000000_01c98e00         00000000_0041b018
  [28] <no-name>       PROGBITS  00000000_00000000 00     00 000 01
       00000000_05982be0         00000000_0000321d
  [29] <no-name>       PROGBITS  00000000_00000000 00     00 000 04
       00000000_059878a4         00000000_000009dc
  [30] <no-name>       STRTAB    00000000_00000000 00     00 000 01
       00000000_062e34df         00000000_00000139