hit tracker

Resign spu game selfs with reself

Discussion in 'PS3 Technical Only Topics' started by Gamma Argon, Jun 21, 2014.

  1. 34
    35
    18
    Gamma Argon

    Gamma Argon Loyal Member

    Joined:
    Jul 11, 2013
    Reself is an adaptation of self_rebuilder for resigning spu game selfs.

    A member asked for help resigning some game files that were corrupted with publicly available resigning tools.
    Resigning the files manually with openssl worked, so I adapted self_rebuilder to resign the selfs.

    usage: reself game.self resigned.self ???

    for ??? substitute the firmware version for the resigned self, ex 355: reself game.self resigned.self 355


    For npdrm only type 3 (free) is supported.
    uses the same key files as fail overflow ps3 tools.
    on xp: c:\documents and settings\username\ps3keys.
    For npdrm there should be a key called free_klicensee-key in the keys folder. If your self file doesn't use the free klicensee, just back up the free one and make a key file with the klic for the self and name it free_klicensee-key. Scans keys directory and creates a log file, keys_get.log, of incomplete key sets.
    for self look at the self info first with scetool, readself, or other tool to check if it is spu self and not ppc. If it's 30MB, it's not a spu self. :)

    Reself is an adaptation of self_rebuilder. It was compiled with mingw, zip includes the 2 msys dll's; place them in same folder as reself.
     

    Attached Files:

    Last edited by a moderator: Jul 9, 2014
    catalinnc and Joonie86 like this.
  2. 34
    35
    18
    Gamma Argon

    Gamma Argon Loyal Member

    Joined:
    Jul 11, 2013
    Here's a slightly different version for resigning sprx. I only have one game with a sprx, and it does not have sys_proc_param. I also looked at one game update with a sprx, and it does not contain sys_proc_param. Does anyone know if game sprx have any other attribute in the elf sections that needs editing for running on lower firmware?

    Tested by backing up a game to internal hdd from retail disc. Edited param.sfo, fixed eboot, and used resprx to resign the sprx. The backed up game runs normally on my cfw console with the resigned files. Here is the tool if someone else wants to test.

    command to resign one file: resprx ### game.sprx

    or for all the sprx in the current directory use the * wildcard symbol: resprx ### *.SPRX

    for ### put the firmware version for the resigned sprx; resprx 355 *.SPRX, resprx 341 *.SPRX or whatever. Before running the command there must be a folder named "output" in the working directory to accept the resigned files (or will terminate with fopen error, file/directory not found).

    adapted from self_rebuilder
    uses key files (like failoverflow tools)
    Key files go in userprofile/ps3keys, for xp: c:\documents and settings\username\ps3keys
    The path that is searched for the key files is listed in the console output.
    For help with key files aldo has a useful tool called ps3keys.exe that will generate key files from the scetool key file in the scetool data folder.
    This is a beta release; npdrm files not supported.
    If testing a game that has already been attempted, note that the system software may cache information from the param.sfo. For possible problems and fixes see the page on param.sfo at ps3devwiki.com

    [ATTACH]1855.vB[/ATTACH]
     
    Last edited by a moderator: Jul 12, 2014
    catalinnc likes this.
  3. 34
    35
    18
    Gamma Argon

    Gamma Argon Loyal Member

    Joined:
    Jul 11, 2013
    A simple resigner for disc game eboots. For eboots that in the elf section only the sdk version needs editing. If anything else needs editing, a different tool will need to be used instead.

    Usage:
    resign_eboot <input.self> <output.self> <key_revision> <firmware_version> <sdk_version> [index]

    key revision for resigned self, 04, 0A,...
    firmware version for resigned self, 341, 355,...
    sdk version in sys_proc_param for resigned self, 34, 35,...

    optional parameter: index of the section containing the sdk version
    possible values 0-index number of last section, default is section 0

    resign for 3.41:
    resign_eboot EBOOT.BIN EBOOT341.BIN 04 341 34 0
    or resign_eboot EBOOT.BIN EBOOT341.BIN 04 341 34

    resign for 3.55:
    resign_eboot EBOOT.BIN EBOOT355.BIN 0A 355 35 0
    or resign_eboot EBOOT.BIN EBOOT355.BIN 0A 355 35

    thanks to fail0verflow.

    tested with 4 games by backing up disc to hdd, used mM to copy eboots to usb, resigned with resign_eboot, copied back to hdd, played game
    UPDATE: edits sdk version in sys_proc_prx_param
    this is a beta View attachment resign_eboot_update.zip
     
    Last edited by a moderator: Oct 11, 2014
  4. 34
    35
    18
    Gamma Argon

    Gamma Argon Loyal Member

    Joined:
    Jul 11, 2013
    Some very few eboots are not resigned properly with publicly available tools.

    From my own tests using eboots from official game discs:
    Bulletstorm original eboot size is 98.8mb
    resigned with scetool size is 28.5mb (or 11.0 mb if compressed), eboot doesn't work on ps3.
    resigned with resign_eboot size is exactly same as original and works.

    Homefront eboot is 115mb
    resigned with scetool size is 31.4mb (or 11.4mb if compressed), also won't work.
    resigned with resign_eboot size is exactly same as original and works.

    Differences between orginal eboot and eboot resigned with resign_eboot:

    eboot (with uncompressed section)
    self header:
    1 byte of key revision -- this has been edited by the app
    2 bytes of firmware version-- this has also been edited
    0x40 bytes, the meta info keys-- these are encrypted with key files for different firmware version so of course different, but after unencrypted, they are the same meta info keys as original
    20 bytes, the sha1 hmac of the edited section- an edited section will have a different sha1 hmac; the correct value for the edited section must be entered in the table to pass verification, same input key used as original
    41 bytes, the header signature--any time the header is edited the signature must be re-calculated to match

    edited section:
    1 byte, the sdk version--this has been edited by the app

    eboot (with compressed section)
    self header same as above plus:
    1 byte of section size in table, because of the nature of compression algorithms the size of the edited section will change when re compressed, from my tests size changes one byte only, the app will edit this value in the table to reflect the change in size
    1 byte of section size in 2nd table, same reason

    edited compressed section same as above plus:
    When compressed, a variable number of bytes will be changed by the compression algorithm at the location of the sdk version; it differs depending on the edited values though it was always less than 0x30 bytes (in a section of 8mb or more). Also the section size increased by 1 byte, but because we use the same compression algorithm as original games, all the other bytes are the same even compressed. Uncompressed all the bytes will be the same except for the 1 byte changed for the sdk version
     
    Last edited by a moderator: Oct 5, 2014

Share This Page