[Release] psardumper mod to extract 3.00 (NOT decrypt)

[jas0nuk]

Extract 3.00 (encrypted only, need new keys)
Press CIRCLE, the other options don't work. If you try SQUARE ("decrypt all") it extracts the data files which aren't encryped and skips the PRXs

3.00 DATA.PSAR goes into root of memory stick, use PBP Extractor to get it.
(Can read PSAR files up to 18mb [3.00 PSAR is 16.7mb])

Cheers to Dark_AleX for psardumpermod, and zshadow for the buffer fix

Stuff to note about the firmware:
- No more ./vsh/resource/1.bmp, 2.bmp, 3.bmp (etc.)
Instead, there's now just a 1-12.bmp which is grey. The firmware probably applies a colour overlay onto this.
- audiocodec_260.prx and mpegbase_260.prx
Audio/video codecs from 2.60..?
- Just 1 certificate in "./data/cert" folder

Discuss anything else you find.

[_twopoint]

Can we use this to get an hybrid 3.0 devhook?

[jas0nuk]

Nah, for that we need the decryption keys, which aren't available just yet.

[_twopoint]

OOO.

So this is just proof that 3.0 can be cracked?

[Skyline34]

sorry for being so noobish but how were we able to obtain the decryption keys for 2.0-2.71?

[AndyMosh]

Skyline34 they have there little elf's working for them putting any encryption key they can think into a secret program... do you believe me? If not, you should! If you do join me in my evil empire!

So this can dump the 3.00 firmware so we can analyse it?

[jas0nuk]

Quote:

Originally Posted by GLITCH410

So this is just proof that 3.0 can be cracked?

Well, at least they didn't change the PSAR revision, so all we need is the and then it can be fully extracted/disassembled and potentially emulated.

Quote:

Originally Posted by Skyline34

sorry for being so noobish but how were we able to obtain the decryption keys for 2.0-2.71?

I think they were obtained from a kernel RAM dump.

Quote:

Originally Posted by AndyMosh

So this can dump the 3.00 firmware so we can analyse it?

Well, for now we can analyse the layout until we have the keys. And this is proof that it can be extracted.

[pJ14]

Yes,

usbcam.prx is new and usbgps.prx is there again

[tommydanger]

or if you want to do it yourself increase the buffer to this:

Quote:

u8 g_dataPSAR[17000000] __attribute__((aligned(64 )));

it dumps all files-prx-some files
It's like we're knocking on the door

[minus5252]

So there are so many guys out there who really know what they are doing, and I am facinated by this. I would love to help, but I also would just like to learn how anyone is able to even *begin* to make headway on this. To find the key for stuff like this seems like it would take FOREVER, but what can we do to help, and is there somewhere I could look to learn more about this(i.e. the process' people used to decrypt the previous firmwares, etc.). Anyway, I continue to be astounded by the things you guys are able to accomplish out there. I hope you're all making big bucks in your real jobs.

Minus