Post: Breaking Down & Reverse Engineering Geohots 3.55 CFW
Options
03-14-2013, 02:10 AM
#1
Dr. Mayham
Banned
ps3swu.elf:
<XMBML>
<Query class="type:x-xmb/folder-pixmap" key="seg_package_files" src="#seg_package_files" />
<View id="seg_package_files">
<Attributes>
<Table key="host_device">
<Pair key="icon_rsc"><String>tex_album_icon</String></Pair>
<Pair key="title_rsc"><String>msg_tool_install_file</String></Pair>
<Pair key="child"><String>segment</String></Pair>
<Pair key="ingame"><String>disable</String></Pair>
</Table>
</Attributes>
<Items>
<Query class="type:x-xmb/xmlpackagefolder" key="host_device" attr="host_device" src="#seg_packages" />
</Items>
</View>
<View id="seg_packages">
<Items>
<Query class="type:x-xmb/xmlpackagefolder" key="host_provider_host" src="host://localhost/q?path=/app_home/&suffix=pkg&subclass=x-host/package" />
<Query class="type:x-xmb/xmlpackagefolder" key="host_provider_bdvd" src="host://localhost/q?path=/dev_bdvd&suffix=pkg&subclass=x-host/package" />
<Query class="type:x-xmb/xmlpackagefolder" key="host_provider_ms" src="host://localhost/q?path=/dev_ms&suffix=pkg&subclass=x-host/package" />
<Query class="type:x-xmb/xmlpackagefolder" key="host_provider_usb0" src="host://localhost/q?path=/dev_usb000&suffix=pkg&subclass=x-host/package" />
<Query class="type:x-xmb/xmlpackagefolder" key="host_provider_usb1" src="host://localhost/q?path=/dev_usb001&suffix=pkg&subclass=x-host/package" />
<Query class="type:x-xmb/xmlpackagefolder" key="host_provider_usb2" src="host://localhost/q?path=/dev_usb002&suffix=pkg&subclass=x-host/package" />
<Query class="type:x-xmb/xmlpackagefolder" key="host_provider_usb3" src="host://localhost/q?path=/dev_usb003&suffix=pkg&subclass=x-host/package" />
<Query class="type:x-xmb/xmlpackagefolder" key="host_provider_usb4" src="host://localhost/q?path=/dev_usb004&suffix=pkg&subclass=x-host/package" />
<Query class="type:x-xmb/xmlpackagefolder" key="host_provider_usb5" src="host://localhost/q?path=/dev_usb005&suffix=pkg&subclass=x-host/package" />
<Query class="type:x-xmb/xmlpackagefolder" key="host_provider_usb6" src="host://localhost/q?path=/dev_usb006&suffix=pkg&subclass=x-host/package" />
<Query class="type:x-xmb/xmlpackagefolder" key="host_provider_usb7" src="host://localhost/q?path=/dev_usb007&suffix=pkg&subclass=x-host/package" />
</Items>
</View>
</XMBML>
A File Header: NONE (THIS FILE IS A FAKE FILE WITH NOTHING IN IT)
UPL.xml.pkg Header: NONE! Sony retail pkg file..... but something is different with it...... I can't reverse engineer it :/ I'll find a way!
UPL.xml (Decrypted):
<?xml version="1.0" encoding="UTF-8"?>
<UpdatePackageList>
<Header>
<Version>03.5500</Version>
<Build>45039,20100721</Build>
<UplFormatVersion>1.00</UplFormatVersion>
<Product>CEX-ww</Product>
<Region>JAPAN</Region>
</Header>
<Package>
<Type>ProgramRevoke</Type>
<FileName>RL_FOR_PROGRAM.img</FileName>
</Package>
<Package>
<Type>PackageRevoke</Type>
<FileName>RL_FOR_PACKAGE.img</FileName>
</Package>
<Package>
<Type>CoreOs</Type>
<FileName>CORE_OS_PACKAGE.pkg</FileName>
</Package>
<Package>
<Type>VSH</Type>
<FileName>dev_flash_000.tar.aa.NAME OF PACKAGE</FileName>
</Package>
<Package>
<Type>BdpRevoke</Type>
<FileName>dev_flash3_022.tar.aa.2010_07_29_17012 2</FileName>
</Package>
<Package>
<Type>BD</Type>
<FileName>BDIT_FIRMWARE_PACKAGE.pkg</FileName>
</Package>
<Package>
<Type>BD</Type>
<FileName>BDPT_FIRMWARE_PACKAGE_301R.pkg</FileName>
</Package>
<Package>
<Type>BD</Type>
<FileName>BDPT_FIRMWARE_PACKAGE_302R.pkg</FileName>
</Package>
<Package>
<Type>BD</Type>
<FileName>BDPT_FIRMWARE_PACKAGE_303R.pkg</FileName>
</Package>
<Package>
<Type>BD</Type>
<FileName>BDPT_FIRMWARE_PACKAGE_304R.pkg</FileName>
</Package>
<Package>
<Type>BD</Type>
<FileName>BDPT_FIRMWARE_PACKAGE_306R.pkg</FileName>
</Package>
<Package>
<Type>BD</Type>
<FileName>BDPT_FIRMWARE_PACKAGE_308R.pkg</FileName>
</Package>
<Package>
<Type>MCC</Type>
<FileName>MULTI_CARD_FIRMWARE.pkg</FileName>
</Package>
<Package>
<Type>BT</Type>
<FileName>BLUETOOTH_FIRMWARE.pkg</FileName>
</Package>
<Package>
<Type>SC</Type>
<FileName>SYS_CON_FIRMWARE_01000006.pkg</FileName>
</Package>
<Package>
<Type>SC</Type>
<FileName>SYS_CON_FIRMWARE_01010303.pkg</FileName>
</Package>
<Package>
<Type>SC</Type>
<FileName>SYS_CON_FIRMWARE_01020302.pkg</FileName>
</Package>
<Package>
<Type>SC</Type>
<FileName>SYS_CON_FIRMWARE_01030302.pkg</FileName>
</Package>
<Package>
<Type>SC</Type>
<FileName>SYS_CON_FIRMWARE_01040402.pkg</FileName>
</Package>
<Package>
<Type>SC</Type>
<FileName>SYS_CON_FIRMWARE_01050002.pkg</FileName>
</Package>
<Package>
<Type>SC</Type>
<FileName>SYS_CON_FIRMWARE_01050101.pkg</FileName>
</Package>
<Package>
<Type>SC</Type>
<FileName>SYS_CON_FIRMWARE_S1_00010002083E0832.pkg </FileName>
</Package>
</UpdatePackageList>
Download to the CFW (This shows that it only has 3 files): You must login or register to view this content.
The following user thanked Dr. Mayham for this useful post:
The following user thanked Scrumilation for this useful post:
03-14-2013, 11:46 AM
#3
ELITE xxmcvapourxx
Guest
That's not even reverse engineering lol all you did is use scetool's change it from self > elf Here's my tip read up on IDA PRO and use the ps3 plugin's have a knowledge of c# reverse engineering begin's with 0x01c or 0x04 then no its not just hex editing it takes alot of time and effort to reverse engineer that's how all dev's use but well done on decryption you done the first stage.and second look at install package is not in ps3swu look at nas_plugin With the second xml you can use RCO editing :-) if you want any help im always on irc channel efnet #ps3dev!
The following user thanked ELITE xxmcvapourxx for this useful post:
03-14-2013, 04:43 PM
#5
Dr. Mayham
Banned
Originally posted by xxmcvapourxx
That's not even reverse engineering lol all you did is use scetool's change it from self > elf Here's my tip read up on IDA PRO and use the ps3 plugin's have a knowledge of c# reverse engineering begin's with 0x01c or 0x04 then no its not just hex editing it takes alot of time and effort to reverse engineer that's how all dev's use but well done on decryption you done the first stage.and second look at install package is not in ps3swu look at nas_plugin With the second xml you can use RCO editing :-) if you want any help im always on irc channel efnet #ps3dev!
There are only 3 files though,
1.) UPL.xml.pkg (Header is XML @ at 0x00000090)
2.) ps3swu.self (Header is ELF @ 0x00000090)
3.) a (Secure File..... There is nothing in it when I do a Ollydgb dump)
There are no dev_flash files for me to edit
03-14-2013, 05:37 PM
#6
ELITE xxmcvapourxx
Guest
03-14-2013, 05:45 PM
#7
Alexis Rhodes
#get rekt
Originally posted by KYRSP33DY
There are only 3 files though,
1.) UPL.xml.pkg (Header is XML @ at 0x00000090)
2.) ps3swu.self (Header is ELF @ 0x00000090)
3.) a (Secure File..... There is nothing in it when I do a Ollydgb dump)
There are no dev_flash files for me to edit
1.) UPL.xml.pkg (Header is XML @ at 0x00000090)
2.) ps3swu.self (Header is ELF @ 0x00000090)
3.) a (Secure File..... There is nothing in it when I do a Ollydgb dump)
There are no dev_flash files for me to edit
one ollydgb is a 32bit asm dissembler it wont work with most of the ps3 files you need ida pro to view them with the corrected plugins like vapour just replied to you lmao
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
