Post: [PS3] CFW Ban Counter Measures
02-11-2013, 04:47 AM #1
BuC-ShoTz
TeamMvKâ?¢
(adsbygoogle = window.adsbygoogle || []).push({}); This does NOT stop you from being BANNED for MODDING!!!!
Treyarch scans your PS3 Folders, Do not have these folders on your PS3 when you run Black Ops 2 from CFW.
And for you DEX users look at the last one...
    
/dev_hdd0/game/BLES80608
/dev_hdd0/game/TOGGLEQAF
/dev_hdd0/GAMES
/dev_blind
/dev_hdd0/game/SDISABLER
/dev_hdd0/game/BLND00001
/dev_hdd0/game/VEBUSPOOF
/dev_hdd0/game/HTSS00003
/app_home/PS3_GAME

    
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F


018BA300 2F 64 65 76 5F 68 64 64 30 2F 67 61 /dev_hdd0/ga
018BA310 6D 65 2F 42 4C 45 53 38 30 36 30 38 00 00 00 00 me/BLES80608....
018BA320 2F 64 65 76 5F 68 64 64 30 2F 67 61 6D 65 2F 54 /dev_hdd0/game/T
018BA330 4F 47 47 4C 45 51 41 46 00 00 00 00 2F 64 65 76 OGGLEQAF..../dev
018BA340 5F 68 64 64 30 2F 47 41 4D 45 53 00 2F 64 65 76 _hdd0/GAMES./dev
018BA350 5F 62 6C 69 6E 64 00 00 2F 64 65 76 5F 68 64 64 _blind../dev_hdd
018BA360 30 2F 67 61 6D 65 2F 53 44 49 53 41 42 4C 45 52 0/game/SDISABLER
018BA370 00 00 00 00 2F 64 65 76 5F 68 64 64 30 2F 67 61 ..../dev_hdd0/ga
018BA380 6D 65 2F 42 4C 4E 44 30 30 30 30 31 00 00 00 00 me/BLND00001....
018BA390 2F 64 65 76 5F 68 64 64 30 2F 67 61 6D 65 2F 56 /dev_hdd0/game/V
018BA3A0 45 42 55 53 50 4F 4F 46 00 00 00 00 2F 64 65 76 EBUSPOOF..../dev
018BA3B0 5F 68 64 64 30 2F 67 61 6D 65 2F 48 54 53 53 30 _hdd0/game/HTSS0
018BA3C0 30 30 30 33 00 00 00 00 2F 61 70 70 5F 68 6F 6D 0003..../app_hom
018BA3D0 65 2F 50 53 33 5F 47 41 4D 45 e/PS3_GAME


Last edited by BuC-ShoTz ; 02-11-2013 at 04:58 AM.

The following 32 users say thank you to BuC-ShoTz for this useful post:

^TPP^, Agent_LSD, blackhawk34, Cesei, DevilzFinest, ErasedDev, Sabotage, Disslzit, emcrew2, have fun, ICECOLDKILLAH, Insult, jwm614, KCxFTW, TheMightyMoJo, Mr. Revenge, nohcho_95, OG VeNoM, Vince, Pseudo_Soldier, SALEM-x, sarracen, SC58, spudeeelad, Taylor, Swifter, Uk_ViiPeR, xkoeckiiej, XxShadowhawkxX
02-20-2013, 03:34 PM #38
Legend_Armour_
LEGENDARY ASSASSIN
so has anyone been banned with this yet, im on my last console id which has lasted about 2 weeks by staying completely off blops 2 and tbh blops 1 is horrible now
02-20-2013, 09:56 PM #39
Agent_LSD
Vault dweller
Fantastic info! Props to Buc yet again!! Treyarch is scanning the most commonly used directories by CFW, so the trick is to customize yours to something that no one else would possibly use. Eventually though I'm sure they'll just scan the entire disk end to end. "Technically" what they are doing is illegal, however, being that we aren't supposed to see what they are doing if we filed a lawsuit they could then turn around and pull the DMCA violation, copyright, hacking, etc... plus those homo's have more money than most 3rd world countries backing them... Reminds me of the old Sony Malware that was dumped onto PC's back in the day to detect bootleg music cds.
02-21-2013, 09:45 AM #40
Ghost Rolly
I am error
Originally posted by patastinky View Post
First....Isn't there an app that will delete your "boot" history or whatever the name of the "temp" file that stores all your information which SONY has access too. I remember early on in the CFW days there was a PKG you could run that would remove said history from your ps3.

Secondly. Why not just copy all of those directories into (1) directory "> /dev_usb/New Folder/". Once your done doing whatever it is that you wanted to do online; simply copy it back to its original directory..? If they are scanning for those folders simply relocating them is better then deleting them, no? It would be very troublesome to have to re-install games/content once you've deleted.


/dev_hdd0/game/BLES80608 > /dev_usb/New Folder/
/dev_hdd0/game/TOGGLEQAF > /dev_usb/New Folder/
/dev_hdd0/GAMES > /dev_usb/New Folder/
/dev_blind > /dev_usb/New Folder/
/dev_hdd0/game/SDISABLER > /dev_usb/New Folder/
/dev_hdd0/game/BLND00001 > /dev_usb/New Folder/
/dev_hdd0/game/VEBUSPOOF > /dev_usb/New Folder/
/dev_hdd0/game/HTSS00003 > /dev_usb/New Folder/
/app_home/PS3_GAME > /dev_usb/New Folder/


You can backup them, but the thing is /app_home/PS3_GAME ...
dev_hdd0/GAMES can be moved to dev_usb000/GAMES LoL
And, we (DEX users) can't we boot things from PC ?
02-21-2013, 01:14 PM #41
BuC-ShoTz
TeamMvKâ?¢
Originally posted by Rolly View Post
we (DEX users) can't we boot things from PC ?


yes thats what app_home is for
try naming your folder /app_home/NOT_PS3_GAME.

theres also other things you can do in the elf to prevent them from getting your info.
they do collect mac address, psid, console id too

also they may have added more checks in the 1.07 update, i havent checked yet
Last edited by BuC-ShoTz ; 02-21-2013 at 01:18 PM.

The following user thanked BuC-ShoTz for this useful post:

Ghost Rolly
02-21-2013, 04:21 PM #42
Tustin
Balls of Steel
Originally posted by Rolly View Post
You can backup them, but the thing is /app_home/PS3_GAME ...
dev_hdd0/GAMES can be moved to dev_usb000/GAMES LoL
And, we (DEX users) can't we boot things from PC ?

Yeah, that's what i did with my games folder :p. Still don't know how to combat the app_home though.
02-21-2013, 05:18 PM #43
iOdysseus
Bounty hunter
Y'all do know that TreyArch monitor forums like this right? Asking BuC-ShotZ for everything isn't a smart idea. Just fucking rename your folders. However what TreyArch could do IS:

They could make a signature (maybe MD5 easier but signature more stronger) of CFW files. This way renaming it won't work. They'll just scan the signature across the PS3. Which instead is what Sony could do. Add a little more detection in there and a way to prevent client-side modification from changing the results if a bad signature was found.
03-10-2013, 01:14 AM #44
Anyone know if app_home folder is on OFW hard drive?Ive custom stealthed everything else,thanks
03-20-2013, 06:04 PM #45
Originally posted by xModderzxHD View Post
thanks bug shotz


dude thats spelled wrong but honestly it sounds badass "bug shotz" Im not trolling, its bad ass lol.
06-29-2013, 08:02 PM #46
Originally posted by ShoTz View Post
yes thats what app_home is for
try naming your folder /app_home/NOT_PS3_GAME.

theres also other things you can do in the elf to prevent them from getting your info.
they do collect mac address, psid, console id too

also they may have added more checks in the 1.07 update, i havent checked yet


If I fully understand what you said there.... the simplest solution is edit the list of suspicious directories directly in the BO2's EBOOT.ELF file. Then Resign it with SCETOOL and run that (your own modded / safe'd EBOOT.BIN binary) instead of the official BO2 EBOOT.BIN.

It makes a lot of sense, because you can't sensibly do away with the /app_home folder. Believe me, I went through all the SPRX and even the VSH & LV2 Kernel of my Rebug CFW. You can actually rename "/app_home" to any other string with the same number of characters. eg "/ps3_home" which was the name I plumped for in this little experiment... and many games will continue to work fine. I tested about 10 games or so but 2 of them didn't properly work anymore and came up with a bizarre trohpy error... Certain games internally expect the "/app_home" folder actually being called "/app_home"... including Mass Effect 1. I think the other game was Killzone 2. Obviously I have quite a limited collection of games so couldn't exhaustively test any further. It was enough to discover the general nature of the problem.

Unless you want to cripple certain other games (or some of the future games you have not played yet) then renaming of "/app_home" in reality is off the table. And therefore eliminated.

Leaving about 4 possible solutions:

* Rename Bubba's list of suspicion folders in the BO2's ELF file. Presumably in the way mentioned above ^^.

* Find the branch in the bytecode of ELF before that list is rung up... And stop the problem at the source. Eg skip over or modify the CFW checks. Might be rather difficult to find without some proper DEX runtime debugging and step-though (I certainly don't have set up).

* Find the place where your IDPS and other info is being reported back to Treyach. Presumably in the ELF also... or where Peek/Poke is being detected... and replace that with fake console info / or disable entirely. So that way whatever checks the game uses to detect it's a CFW console, it doesn't matter. Since it tries but can't successfully phone home the necessary info back to TreyArch servers.

* Run each time the BO2 PSN Tool that disables PEEK/POKE and other cool anti-BO2 measures.... Might forget.

There are some interesting avenues to pursue. They assumed that everything is found there in the main BO2 ELF / runtime files. That may not be the reality however.

Personally, I wasn't able to successfully decrypt the original (presumably v1.00) EBOOT.BIN off the Duplex BO2 torrent. Some scetool error. My scetool is working 100%. I'm sure of it. But maybe there is some layer of additional game-specific decryption for the BO2 binary program (runtime) files... Anyway it's not really expected for these people to leave it in plain sight directly in the main ELF file.

Don't have the full BO2 to play with. But might download the latest game update and try to poke around in again in that one... Probably be unsuccessful (again).
Last edited by afzoo3gen ; 06-29-2013 at 10:58 PM.

Copyright © 2024, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo