SIG File Format

From PS3 Developer wiki
Jump to: navigation, search


[edit] Objects

Objects used by the .SIG files.

    • Unknown
  • FILE
    • A file operation, currently thought to be in the temp directory of the USB
    • Unknown, likely WWCS communications to a centralized server used at the factory or repair center.
  • PS/2
    • Likely from a barcode reader on COM1 with 9600,7,2,0,50,0,0,0,0 as settings.
    • Functions in the LV2Diag
  • EDIT
    • Unknown

[edit] Functions

Functions called by the .SIG files, arranged by the objects that are available. Functions can have one, more, or no arguments (s_data, s_delim, r_data, and r_delim) associated with it.

The following syntax items have been noticed:

  • for options, temp:xxxx where xxxx is a file name in the temp folder of the USB flash drive
  • for options, xml:xxxx where xxxx is the .SIG file name (XML data set name)
  • for options, a HEX number
  • for options, two comma delimited values
  • for other arguments, file://temp: for a file located in teh temp folder of the USB flash drive.
  • for other arguments, a string to be displayed

[edit] TOOLKIT

  • IsInit
  • GetMacAddress
  • MessageBox
  • Exit
  • GetDateTime
  • CreateProcess

[edit] FILE

  • Copy
  • WriteRead
  • Divide
  • AsciiToBin
  • MD5
  • Length
  • Erase
  • AddC39M10W3
  • Append
  • GetProfileString
  • AsciiToBinAscii
  • Insert
  • Operator
  • Read
  • HexToDec

[edit] PS3PICSY

  • CheckWwcsAuthentication
  • SetSessionId
  • RequestWwcsJigData
  • RequestLogisticsLabel
  • RequestIdpsConfig
  • RequestIdps
  • RequestServerTime
  • EntryWwcsLog
  • RequestSetSerial

[edit] PS/2

  • Read

[edit] PS3LV2DIAG

The functions available with this object will likely vary with the LV2DIAG used.

  • Open
  • WaitEvent
  • ReadAscii
  • WriteRead
  • Close
  • GetScErrLog
  • UpdateSYSCON (Unleaked .SIG file in combination with a modified downgrade lv2diag)

[edit] EDIT

  • Write

[edit] Tools useable for SIG files

[edit] ssleay32.dll patch

small ssleay32.dll patch for ObjectiveSuites (educational use only):

[edit] .SIG <> XLS

 * sigtool.c
 * Copyright (C) an0nym0us
 * This software is distributed under the terms of the GNU General Public
 * License ("GPL") version 3, as published by the Free Software Foundation.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

main ( int argc, char *argv[] )
  int i = 0 ;
  FILE *src_file ;
  FILE *dst_file ;
  size_t buf_size = 0 ;
  char *src ;
  char *dst ;

  if (argc != 3) {
    fprintf(stderr, "usage: %s SOURCE_FILE.SIG DEST_FILE.XLS\n", argv[0]);
    return -1;

  src_file = fopen ( argv[1], "rb" ) ;
  dst_file = fopen ( argv[2], "wb" ) ;

  fseek ( src_file, 0L, SEEK_END ) ;
  buf_size = ftell ( src_file ) ;
  fseek ( src_file, 0L, SEEK_SET ) ;

  src = malloc ( buf_size ) ;
  dst = malloc ( buf_size ) ;

  fread ( src, buf_size, 1, src_file ) ;

  for ( i = 0; i < buf_size; i++ )
    if ( src[i] >= 0x20 && src[i] <= 0x7e )
      dst[i] = (char)0x9e - (char)src[i] ;
      dst[i] = (char)src[i] ;

  fwrite ( dst, buf_size, 1, dst_file ) ;
  fclose ( src_file ) ;
  fclose ( dst_file ) ;

  free ( src ) ;
  free ( dst ) ;

  return ( 0 ) ;


[edit] unsig - SIG File De-/Recrypter

vote + download :

[edit] Files leaked by an0n

Objective suites creates files in the temp folder inside the Objective Suites folder where the EXE is ran whenever it processes teh commands in a sig file. This section attempts to unravel what these files are.

[edit] auth_0.txt

auth_0.txt is the MAC of a NIC, the JIG PC's used at the repair centers may very well be dual homed. One NIC for PS3 Communication and one for external communication.

[edit] auth_1_.txt

auth_1.txt is the MAC of another NIC, the JIG PC's used at the repair centers may very well be dual homed. One NIC for PS3 Communication and one for external communication.

[edit] auth_01.txt

This file is simply:


[edit] auth_10.txt

This file is simply:


[edit] auth_data.txt

This file is (probably) the NIC that authenticated (it IS one of the NICS in retrieved in earlier lines of the SIG file) and another MAC address, of which the source is unknown at this time.

[edit] request_idps_in.txt

(the one one after this is all you have left math of CEX-DEX)

This file is the following files concatenated together, in a tab delimited fashion:

pd_label.txt [tab] kiban_id.txt [tab] cid.txt [tab] ecid.txt [tab] idps_bbox_config_version.txt

This data is sent to Sony's servers to process. The product is sent back to Objective suites.

(Kiban :from Japanese 機番 = machine number)

[edit] request_idps.txt

This is the file needed for the SET-IDPS portion of the original CEX-DEX leak. It is:

pd_label_bin_ascii.txt + [the result of the call to sony for request_idps_in.txt]



[edit] Structure

Offset Length Value Note
0x0 0x4 '.CER' magic
0x4 0x4 0x00000006 type?
0x8 0x4 0
0xC 0x4 0
0x10 0x30 'EP9000-PCSF00284_00-CROSSCONTROLLERV' NP Content Id
0x40 0xC0 0 padding?
0x100 0x100 encrypted data Password/Certificate PKG information?

Cross Controller Game list:

  • Sly Cooper: Thieves in Time
  • Ultimate Marvel vs Capcom 3
  • LittleBigPlanet 2 (extra edition or updates/DLC)
  • Guacamelee!