Editing ReDRM / Piracy dongles

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
{{Wikify}}
=Description=
=Description=
TrueBlue dongles are USB dongles for the PS3 which enable custom firmware 'special' functionality to launch resigned game backups. These dongles are themselves a form of DRM, as the particular format of these backups will not work without the TB dongle. Contentdisc's contain fself'ed eboot.bin's. <br />
Dongle is DRM to make sure you have the dongle, the firmware 'special' functionality will not work without it.
Hardware-wise, there are many similarities with [[PS3Cobra_Payload_Reverse_Engineering#Hardware_Dongle|PS3Cobra]]
Contentdisc's contain fself'ed eboot.bin's


== Clarifications ==
== Downloads ==
* '''If the content works with the dongle, that means the original content also works (without the dongle) if resigned for Firmware v3.55!'''
=== First release (1.0/2.1) ===
* TrueBlue dongles/firmware do not support PSN (OFW and [[KaKaRoTo Kind of ´Jailbreak´]] do)
* MFW: [http://www.multiupload.com/O7SP26A83E Jailbreak2.CFW.rar (172.34 MB)]<!--//http://www.filesonic.nl/file/2688912531/Jailbreak2.CFW.zip (password: whyudie)//-->
* Special features for PS Vita are not usable (OFW and [[KaKaRoTo Kind of ´Jailbreak´]] can)
* Dongle Updater v2.1: [http://www.multiupload.com/9YPQX47G7F JB2.Dongle.Updater.rar (2.1 MB)]<!--//http://www.filesonic.nl/file/2689038911/JB2.Dongle.Updater.zip (password: whyudie)//-->
* TrueBlue cannot play Firmware 3.6x+/3.7x+/4.x+ original content (it does not have the keys for it).
=== Update 2.2 ===
* It can only play such content which is re-encrypted/resigned with the key supported by the dongle.
...
** Such content was limited to already decryptable and debug eboot.bin's.
 
*** Titles in the wild were almost entirely released by PARADOX (patches) & PARADiSO (full pirated releases) between November 2011 and June 2012 - with groups like BORG and EHRGEIZ appearing from May through June of 2012. There was also lighttake, which sold full pre-patched pirated Blu-ray discs. It seems possible that they were involved in the TrueBlue production/distribution. Profiting from or otherwise receiving money for re-applying DRM could likely be considered a scam.
=== FW Info (1.0/2.1) ===
*** No public tools exist for 'converting' to TB format (re-encrypting/resigning) - making TB dongle users completely dependent on warez release groups like PARADOX/PARADiSO/BORG/EHRGEIZ.
<pre>PS3 System Software
* Content for Firmware v3.55 and lower still works (after all, its just a MFW 3.55) - with some exceptions (in some cases it will even brick the dongle when running certain pieces of homebrew).
 
* Needs the MFW (and cannot work on OFW's, that is why there is no 'power/eject trick')
MFW 3.55-Dongle (Jailbreak2.CFW)
* Cannot be used for downgraded consoles (which rely on lv1 syscon hashcheck patches)
filedate: juli 13 2011 2:08:58
* If you are using special firmware now, they will not be compatible with this one. e.g. Incompatible with:
174639 KB
** OtherOS++
MD5: 43C522F8897D77B6165F95BCF3409090
** Proper MFW's
SHA1: A64B010DB98996C7E53768D37D4D346F271D5950
** Kmeaw, wutangrza, waninkoko, etc.
CRC32: A32FDD1D
** pre 3.50 etc.
CRC16: 6420
HMAC_SHA1: 0x88EF9FEB9BB80ABE7CF68EB3BD76148F7AD6230C
 
Remarks: needs JB2 dongle as DRM</pre>
 
<pre>PUP file information
Package version: 1
Image version: 47517
File count: 7
Header length: 528
Data length: 178829542
PUP file hash : 88EF9FEB9BB80ABE7CF68EB3BD76148F7AD6230C
File 0
Entry id: 0x100
Filename : version.txt
Data offset: 0x210
Data length: 13
File hash : 8E533875E1B43B6CBAF5E91663EB7554107B5509
File 1
Entry id: 0x101
Filename : license.xml
Data offset: 0x21D
Data length: 267513
File hash : B77EFE54859738385DD803E88FB5E807FF1BC6AB
File 2
Entry id: 0x103
Filename : update_flags.txt
Data offset: 0x41716
Data length: 5
File hash : FD7C893936FDFC668922BE6D119A462111B2BBDB
File 3
Entry id: 0x200
Filename : ps3swu.self
Data offset: 0x4171B
Data length: 5661656
File hash : C61DDE12E75C2218214700D7D49006583F1B968B
File 4
Entry id: 0x201
Filename : vsh.tar
Data offset: 0x5A7AF3
Data length: 10240
File hash : D9B66E0D2845D71A67D76E7907AB06368CE61E08
File 5
Entry id: 0x202
Filename : dots.txt
Data offset: 0x5AA2F3
Data length: 3
File hash : 1AA4749D0EE0D0AE937FBF73BC4B9ACD352F732A
File 6
Entry id: 0x300
Filename : update_files.tar
Data offset: 0x5AA2F6
Data length: 172890112
File hash : 93A7A95BFCFC263DCB4A18477062FDCC72BE47A0</pre>
 
=Content discs=
 
== EBOOT.BIN details (1.0/2.1) ==
 
===SELF header===
  elf #1 offset:  00000000_00000090
  header len:    00000000_00000a80
  meta offset:    00000000_000004a0
  phdr offset:    00000000_00000040
  shdr offset:    00000000_002117f8
  file size:      00000000_0021150c
  auth id:        10100000_01000003 (Unknown)
  vendor id:      01000002
  info offset:    00000000_00000070
  sinfo offset:  00000000_00000290
  version offset: 00000000_00000390
  control info:  00000000_000003c0 (00000000_00000100 bytes)
  app version:    1.0.0
  SDK type:      Devkit
  app type:      NP-DRM application
 
===Control info===
  control flags:
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  file digest:
    62 7c b1 80 8a b9 38 e3 2c 8c 09 17 08 72 6a 57 9e 25 86 e4
    f1 95 cf a4 c0 04 0f c9 14 de 1f 9a 21 4e 10 ca 6b a6 8c 86
  NPDRM info:
    magic: 4e504400
    unk0 : 00000001
    unk1 : 00000003
    unk2 : 00000001
    content_id: IV0002-NPXS00020_00-TEST000000000001
    digest:    09 37 f1 32 60 b9 70 02 76 9e e4 0f 7b 10 70 0f
    invdigest:  f6 c8 0e cd 9f 46 8f fd 89 61 1b f0 84 ef 8f f0
    xordigest:  5c 62 a4 67 35 ec 25 57 23 cb b1 5a 2e 45 25 5b
 
===Section header===
    offset            size              compressed unk1    unk2    encrypted
    00000000_00000a80  00000000_00209dc0 [NO ]      00000000 00000000 [NO ]
    00000000_00210a80  00000000_000005b0 [NO ]      00000000 00000000 [NO ]
    00000000_00211030  00000000_00000000 [NO ]      00000000 00000000 [NO ]
    00000000_00211030  00000000_00000000 [NO ]      00000000 00000000 [NO ]
    00000000_00211030  00000000_00000000 [NO ]      00000000 00000000 [NO ]
    00000000_00210df8  00000000_00000004 [NO ]      00000000 00000000 [N/A]
    00000000_0020a7e0  00000000_00000020 [NO ]      00000000 00000000 [N/A]
    00000000_0020a800  00000000_00000040 [NO ]      00000000 00000000 [N/A]
 
===Encrypted Metadata===
  no encrypted metadata in fselfs.
 
===ELF header===
  type:                                Executable file
  machine:                              PowerPC64
  version:                              1
  phdr offset:                          00000000_00000040
  shdr offset:                          00000000_00210e08
  entry:                                00000000_002200f0
  flags:                                00000000
  header size:                          00000040
  program header size:                  00000038
  program headers:                      8
  section header size:                  00000040
  section headers:                      28
  section header string table index:    27
 
=FW analysis=
== FW Changes (1.0/2.1) ==
Compared to OFW 3.55:
[http://www.multiupload.com/LAIIB6IMX0 ofw-vs-jb2.rar (4.18 MB)]
====EULA.xml====
<pre> <str id="msg_updater_10">This update will install PS3 system software version 3.55, modified to support homebrew software and the disc dongle.</str> </pre>
====Version.txt====
<pre>3.55-Dongle</pre>
 
===CORE_OS_PACKAGE.pkg===
====lv1.self====
Just one patch:
<pre>        Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  OFW:  000F5A40              39 20 00 00                              9 ..      li      r9,0
  JB2:  000F5A40              39 20 00 01                              9 ..      li      r9,1</pre>
<!--// ofw:  2d5a44: 39 20 00 00  li      r9,0  /  jb2:  2d5a44: 39 20 00 01  li      r9,1//-->
This is in lv1_map_htab to allow for RW mapping of all RAM. So who knows how many other lv1 patches are done at runtime.
 
====lv2_kernel.self====
 
===dev_flash_010.tar.aa.2010_11_27_051337===
====\dev_flash\vsh\module\nas_plugin.sprx====
 
<pre>        Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  OFW:  00003250                                      7C 60 1B 78              |`.x    mr r0, r3
  JB2:  00003250                                      38 00 00 00              8...    li r0, 0</pre>
 
 
<pre>        Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  OFW:  00037350  41 9E 00 4C                                      Až.L    beq-    cr7,4c
  JB2:  00037350  60 00 00 00                                      `...   nop</pre>
 
"standard pkg patches"
 
===dev_flash_016.tar.aa.2010_11_27_051337===
====\dev_flash\vsh\resource\explore\xmb\category_game.xml====
====\dev_flash\vsh\resource\explore\xmb\category_video.xml====


= Hardware Dongle =
= Hardware Dongle =
== Dongle 1.0 ==
<table width="100%" align="left"><tr>
<table width="100%" align="left"><tr>
<td align="left">[[File:Psjb2-Trueblue-OVERVIEW.jpg|200px|thumb|left|Psjb2 Trueblue - OVERVIEW]]</td>
<td align="left">[[File:Psjb2-Trueblue-OVERVIEW.jpg|200px|thumb|left|Psjb2 Trueblue - OVERVIEW]]</td>
Line 29: Line 184:
<td align="left">[[File:Psjb2-Trueblue-BOTTOM.jpg|200px|thumb|left|Psjb2 Trueblue - BOTTOM]]</td></tr></table>
<td align="left">[[File:Psjb2-Trueblue-BOTTOM.jpg|200px|thumb|left|Psjb2 Trueblue - BOTTOM]]</td></tr></table>


=== Components ===
== Components ==
==== Actel ProASIC3 A3P250 - FPGA ====
=== Actel ProASIC3 A3P250 - FPGA ===
   A3P250 = 250,000 System Gates
   A3P250 = 250,000 System Gates
   blank = Speed Grade: Standard
   blank = Speed Grade: Standard
Line 43: Line 198:
Familyroot: http://www.actel.com/products/pa3/ <br />
Familyroot: http://www.actel.com/products/pa3/ <br />


===== Pinout A3P250 VQ100=====
==== Pinout A3P250 VQ100====
<div style="float:right">[[File:VQ100.png|200px|thumb|left|Actel ProASIC3 A3P250 - FPGA (psjb2-Trueblue) VQ100 package]]</div>
<div style="float:right">[[File:VQ100.png|200px|thumb|left|Actel ProASIC3 A3P250 - FPGA (psjb2-Trueblue) VQ100 package]]</div>
<div style="height:350px; overflow:auto">
<div style="height:350px; overflow:auto">
Line 253: Line 408:
</div>
</div>


==== 24.000 MHz Crystal ====
=== 24.000 MHz Crystal ===
CLK for Actel <br />
CLK for Actel <br />
==== AMS1117  2.851049 - Low Dropout Linear Regulator ====
=== AMS1117  2.851049 - Low Dropout Linear Regulator ===
Datasheet:  
Datasheet: http://www.sltdigital.com/product/product_pdf/AMS1117.pdf / http://home1.cyber-labo.co.jp/board/goods/pdf/AMS1117.pdf <br />
* https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Datasheets/AMS1117-.pdf
* https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Datasheets/AMS1117.pdf<!--// http://www.sltdigital.com/product/product_pdf/AMS1117.pdf / http://home1.cyber-labo.co.jp/board/goods/pdf/AMS1117.pdf //--> <br />
[[:File:AMS1117 - SOT-223.png]]
[[:File:AMS1117 - SOT-223.png]]


==== A 47 (unreferenced 5pin IC) ====
=== A 47 (unreferenced 5pin IC) ===
<div style="float:right">[[File:SOT5.PNG|200px|thumb|left|5-pin SOT5<br />A 47<br />pinout]]</div>
<div style="float:right">[[File:SOT5.PNG|200px|thumb|left|5-pin SOT5<br />A 47<br />pinout]]</div>


Line 285: Line 438:
|}
|}


==== Winbond 25X16AVSIG (SPI Flash 16Mbit) ====
=== Winbond 25X16AVS1G (SPI Flash 16Mbit) ===
{{Template:Winbond 25X16AVSIG}}
<div style="float:right">[[File:W25X16A - SOIC-8.png|200px|thumb|left|8-pin TSSOP<br />Winbond 25X16A<br />SOIC-8 pinout]]</div>
 
====Test Points====
<div style="float:right">[[File:Psjb2-Trueblue-TESTPOINTS.jpg|200px|thumb|left|PSJB2/TrueBlue - Testpoints to Winbond SPI flash]]<br /></div>
 
There are test points on the dongle that provice full pin access to the Winbond chip, be careful soldering to them since it is easy to pull off a test point.<br>
 
== Dongle 2.0 ==
Supposed to be massproduced instead of manually soldered like the 1.0 dongle. Not seen in the wild yet.
 
== Dongle Clones ==
 
=== Jb2usb ===
<table width="100%" align="left"><tr>
<td align="left">[[File:Jb2usb1.jpg|200px|thumb|left|Jb2usb clone dongle overview]]</td>
<td align="left">[[File:Jb2usb2.jpg|200px|thumb|left|Jb2usb clone dongle board]]</td></tr></table>
<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
 
=== JB-King ===
* JB-King is a "copy-cat" clone by dongle makers in China. (some have claimed by the makers of PS3Go). Its poetic, piracy and theft of the "intellectual property" of pirates and thieves.
 
<gallery>
File:Jb-king-front.jpg|JB-King clone dongle front
File:JB-King BACK.jpg|JB-King clone dongle - BACK
File:JB-King_Dongle_Abkarino_DVD4Arab_01.png|tb-king clone dongle overview
File:JB-King_Dongle_Abkarino_DVD4Arab_02.png|tb-king clone dongle board
File:JBKing-1.jpg
File:JBKing-2.jpg
</gallery>
 
=== Components ===
 
==== Winbond 25X16AVSIG (SPI Flash 16Mbit) ====
<div style="float:right">[[File:W25X16A - SOIC-8.png|200px|thumb|left|8-pin TSSOP<br />Winbond 25X16A<br />SOIC-8 pinout]]
<br /></div>
<pre>W - Winbond
<pre>W - Winbond
25X - SPI Flash with 4KB sectors/64Kbyte blocks, dual output
25X - SPI Flash
16A - 16Mbit / 2M-byte
16 - 16Mbit / 2M-byte (Uniform 4Kbyte sectors/64Kbyte blocks)
V - Supply Voltage 2.7 to 3.6V
AVS1G - 100MHz (200Mbits/sec)</pre>
S - Package Type : 8pin SOIC 150-mil
datasheet: [http://www.multiupload.com/P2833U5SOW W25X16A.pdf (1.3 MB)]
I - Temperature Range: Industrial (-40'C ~ 85'C)
G - Environment: Green Package (Lead-free, RoHS Compliant, Halogen-free (TBBA), Antimony-Oxie-free)</pre>
datasheet: [http://www.winbond.com/NR/rdonlyres/C6366616-2CB7-49F8-A1F9-3BC363DF9480/0/W25X16A.pdf W25X16A.pdf (1.3 MB)] / https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/Datasheets/W25X16A.pdf <br />
Note: can use [http://blog.hodgepig.org/busninja/ Bus Ninja] or [http://flashrom.org/Bus_Pirate Bus Pirate] and [http://flashrom.org/Flashrom FlashROM] - <abbr title="In-System Programming (ISP)">ISP</abbr> is possible, so long as no other devices on the SPI bus are trying to access the device (in that case, you might want to cut Vcc to the FPGA or the regulator for it).


{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;"  
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;"  
|- bgcolor="#cccccc"
|- bgcolor="#cccccc"
! Pin !! Usage !! I/O !! Remarks
! Pin !! Usage !! Remarks
|-
| 1 || /CS || I || Chip Select (high=deselect, low=select)
|-
| 2 || DO || O || Data output
|-
| 3 || /WP || I || Write Protect (active low)
|-
| 4 || GND ||  || Ground
|-
| 5 || DIO || I/O || Serial data input/output
|-
| 6 || CLK || I || Serial Clock
|-
| 7 || /HOLD || I || Hold (high=normal/resume, low=hold/pause)
|-
| 8 || VCC ||  || Vcc (min 2.7-max 3.6V @ Fr0 75MHz / min 3.0-max 3.6V @ Fastread Fr1 100MHz)
|-
|}
 
====Test Points====
<br>
<div style="float:right">[[File:Psjb2-Trueblue-TESTPOINTS.jpg|200px|thumb|left|PSJB2/TrueBlue - Testpoints to Winbond SPI flash]]</div>
<br>
 
==== STM32 F103C8T6 : U2 ====
U2 <br />
datasheet: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Datasheets/stm32_f103c8t6.pdf stm32_f103c8t6.pdf (1.38 MB)]
===== Pinout STM32 F103C8T6 LQFP48 =====
<div style="float:right">[[File:STM32 F103C8T6 - LQFP48.png|200px|thumb|left|STMicroelectronics STM32 F103C8T6 - LQFP48 package]]</div>
<div style="height:250px; overflow:auto">
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;"
|- bgcolor="#cccccc"
! Pin !! Function !! Notes
|-
| 1 || VBAT ||
|-
| 2 || PC13-TAMPER-RTC ||
|-
| 3 || PC14-OSC32_IN ||
|-
| 4 || PC15-OSC32_OUT ||
|-
| 5 || PD0-OSC_IN ||
|-
| 6 || PD1-OSC_OUT ||
|-
| 7 || NRST ||
|-
| 8 || VSSA ||
|-
| 9 || VDDA ||
|-
| 10 || PA0-WKUP ||
|-
| 11 || PA1 ||
|-
| 12 || PA2 ||
|-
| 13 || PA3 ||
|-
| 14 || PA4 ||
|-
| 15 || PA5 ||
|-
| 16 || PA6 ||
|-
| 17 || PA7 ||
|-
| 18 || PB0 ||
|-
| 19 || PB1 ||
|-
| 20 || PB2 ||
|-
| 21 || PB10 ||
|-
| 22 || PB11 ||
|-
| 23 || VSS_1 ||
|-
| 24 || VDD_1 ||
|-
| 25 || PB12 ||
|-
| 26 || PB13 ||
|-
| 27 || PB14 ||
|-
| 28 || PB15 ||
|-
| 29 || PA8 ||
|-
| 30 || PA9 ||
|-
| 31 || PA10 ||
|-
| 32 || PA11 ||
|-
| 33 || PA12 ||
|-
| 34 || PA13 ||
|-
| 35 || VSS_2 ||
|-
| 36 || VDD_2 ||
|-
| 37 || PA14 ||
|-
| 38 || PA15 ||
|-
| 39 || PB3 ||
|-
| 40 || PB4 ||
|-
| 41 || PB5 ||
|-
| 42 || PB6 ||
|-
| 43 || PB7 ||
|-
| 44 || BOOT0 ||
|-
| 45 || PB8 ||
|-
| 46 || PB9 ||
|-
| 47 || VSS_3 ||
|-
| 48 || VDD_3 ||
|-
|}
</div>
 
==== Actel ProASIC3 A3P125 - FPGA : U3 ====
U3
  A3P125 = 125,000 System Gates
  blank = Speed Grade: Standard
  VQ = Package Type: Very Thin Quad Flat Pack (0.5mm pitch)
  G = Lead-Free Packaging: RoHS-Compliant (Green)
  100 = Package Lead Count : 100 pins
  blank = Security Feature : no IP license
  blank = Temperature Range: Commercial (0°C to +70°C Ambient Temperature)
128-bit AES <br />
1,024 bits of user flash memory <br />
Datasheets and usermanuals: http://www.actel.com/products/pa3/docs.aspx#ds <br />
Familyroot: http://www.actel.com/products/pa3/ <br />
 
===== Pinout A3P125 VQ100 =====
<div style="float:right">[[File:VQ100.png|200px|thumb|left|Actel ProASIC3 A3P250 - FPGA (psjb2-Trueblue) VQ100 package]]</div>
<div style="height:350px; overflow:auto">
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;"
|- bgcolor="#cccccc"
! Pin !! Function !! Notes
|-
| 1 || GND || Ground
|-
| 2 || GAA2/IO118UDB3 ||
|-
| 3 || IO118VDB3 ||
|-
| 4 || GAB2/IO117UDB3 ||
|-
| 5 || IO117VDB3 ||
|-
| 6 || GAC2/IO116UDB3 ||
|-
| 7 || IO116VDB3 ||
|-
| 8 || IO112PSB3 ||
|-
| 9 || GND || Ground
|-
| 10 || GFB1/IO109PDB3 ||
|-
| 11 || GFB0/IO109NDB3 ||
|-
| 12 || VCOMPLF ||
|-
| 13 || GFA0/IO108NPB3 ||
|-
| 14 || VCCPLF ||
|-
| 15 || GFA1/IO108PPB3 ||
|-
| 16 || GFA2/IO107PSB3 ||
|-
| 17 || VCC ||
|-
| 18 || VCCIB3 ||
|-
| 19 || GFC2/IO105PSB3 ||
|-
| 20 || GEC1/IO100PDB3 ||
|-
| 21 || GEC0/IO100NDB3 ||
|-
| 22 || GEA1/IO98PDB3 ||
|-
| 23 || GEA0/IO98NDB3 ||
|-
| 24 || VMV3 ||
|-
| 25 || GNDQ || Ground
|-
| 26 || GEA2/IO97RSB2 ||
|-
| 27 || GEB2/IO96RSB2 ||
|-
| 28 || GEC2/IO95RSB2 ||
|-
| 29 || IO93RSB2 ||
|-
| 30 || IO92RSB2 ||
|-
| 31 || IO91RSB2 ||
|-
| 32 || IO90RSB2 ||
|-
| 33 || IO88RSB2 ||
|-
| 34 || IO86RSB2 ||
|-
| 35 || IO85RSB2 ||
|-
| 36 || IO84RSB2 ||
|-
| 37 || VCC ||
|-
| 38 || GND || Ground
|-
| 39 || VCCIB2 ||
|-
| 40 || IO77RSB2 ||
|-
| 41 || IO74RSB2 ||
|-
| 42 || IO71RSB2 ||
|-
| 43 || GDC2/IO63RSB2 ||
|-
| 44 || GDB2/IO62RSB2 ||
|-
| 45 || GDA2/IO61RSB2 ||
|-
| 46 || GNDQ || Ground
|-
| 47 || TCK ||
|-
| 48 || TDI ||
|-
| 49 || TMS ||
|-
| 50 || VMV2 ||
|-
| 51 || GND || Ground
|-
| 52 || VPUMP ||
|-
| 53 || NC ||
|-
| 54 || TDO ||
|-
| 55 || TRST ||
|-
| 56 || VJTAG ||
|-
| 57 || GDA1/IO60USB1 ||
|-
| 58 || GDC0/IO58VDB1 ||
|-
| 59 || GDC1/IO58UDB1 ||
|-
| 60 || IO52NDB1 ||
|-
| 61 || GCB2/IO52PDB1 ||
|-
| 62 || GCA1/IO50PDB1 ||
|-
| 63 || GCA0/IO50NDB1 ||
|-
| 64 || GCC0/IO48NDB1 ||
|-
| 65 || GCC1/IO48PDB1 ||
|-
| 66 || VCCIB1 ||
|-
| 67 || GND || Ground
|-
| 68 || VCC ||
|-
| 69 || IO43NDB1 ||
|-
| 70 || GBC2/IO43PDB1 ||
|-
| 71 || GBB2/IO42PSB1 ||
|-
| 72 || IO41NDB1 ||
|-
| 73 || GBA2/IO41PDB1 ||
|-
| 74 || VMV1 ||
|-
| 75 || GNDQ || Ground
|-
| 76 || GBA1/IO40RSB0 ||
|-
| 77 || GBA0/IO39RSB0 ||
|-
| 78 || GBB1/IO38RSB0 ||
|-
| 79 || GBB0/IO37RSB0 ||
|-
|-
| 80 || GBC1/IO36RSB0 ||  
| 1 || /CS || Chip Select
|-
|-
| 81 || GBC0/IO35RSB0 ||  
| 2 || DO || Data output
|-
|-
| 82 || IO29RSB0 ||  
| 3 || /WP || Write Protect
|-
|-
| 83 || IO27RSB0 ||  
| 4 || GND || Ground
|-
|-
| 84 || IO25RSB0 ||  
| 5 || DIO || Serial data input/output
|-
|-
| 85 || IO23RSB0 ||  
| 6 || CLK || Serial Clock
|-
|-
| 86 || IO21RSB0 ||  
| 7 || /HOLD || Hold
|-
|-
| 87 || VCCIB0 ||
| 8 || VCC || Vcc (min 2.7-max 3.6V)
|-
| 88 || GND || Ground
|-
| 89 || VCC ||  
|-
| 90 || IO15RSB0 ||
|-
| 91 || IO13RSB0 ||
|-
| 92 || IO11RSB0 ||
|-
| 93 || GAC1/IO05RSB0 ||
|-
| 94 || GAC0/IO04RSB0 ||
|-
| 95 || GAB1/IO03RSB0 ||
|-
| 96 || GAB0/IO02RSB0 ||
|-
| 97 || GAA1/IO01RSB0 ||
|-
| 98 || GAA0/IO00RSB0 ||
|-
| 99 || GNDQ || Ground
|-
| 100 || VMV0 ||
|-
|-
|}
|}
</div>
==== unreferenced 5pin IC ====
U4
==== unreferenced 3pin IC ====
U5
==== 24.000 MHz Crystal ====
CLK for Actel <br />
= Downloads =
== First release (1.0/2.1) ==
* MFW: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Firmware/Jailbreak2.CFW.rar Jailbreak2.CFW.rar (172.34 MB)]<!--//http://www.filesonic.nl/file/2688912531/Jailbreak2.CFW.zip (password: whyudie)//-->
** Alternative FW compatible with the PSJB2/TrueBlue dongle DRM lock-in : [http://rebug.me REBUG 3.55.2 TB EDITION] / [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Firmware/3.55.2_TBE_Links.rar 3.55.2_TBE_Links.rar]
* Dongle Updater v2.1: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.1/dongle-updater.pkg dongle-updater.pkg (2.1 MB)]<!--//http://www.filesonic.nl/file/2689038911/JB2.Dongle.Updater.zip (password: whyudie)//-->
== Update 2.2 ==
* Dongle Updater v2.2: https://web.archive.org/web/*/http://ps3devwiki.com/files/TrueBlue/Updates/TrueBlueUpdate-2.2/
== FW Info (1.0/2.1) ==
<pre>PS3 System Software
 
MFW 3.55-Dongle (Jailbreak2.CFW)
filedate: juli 13 2011 2:08:58
174639 KB
MD5: 43C522F8897D77B6165F95BCF3409090
SHA1: A64B010DB98996C7E53768D37D4D346F271D5950
CRC32: A32FDD1D
CRC16: 6420
HMAC_SHA1: 0x88EF9FEB9BB80ABE7CF68EB3BD76148F7AD6230C
Remarks: needs JB2 dongle as DRM</pre>
<pre>PUP file information
Package version: 1
Image version: 47517
File count: 7
Header length: 528
Data length: 178829542
PUP file hash : 88EF9FEB9BB80ABE7CF68EB3BD76148F7AD6230C
File 0
Entry id: 0x100
Filename : version.txt
Data offset: 0x210
Data length: 13
File hash : 8E533875E1B43B6CBAF5E91663EB7554107B5509
File 1
Entry id: 0x101
Filename : license.xml
Data offset: 0x21D
Data length: 267513
File hash : B77EFE54859738385DD803E88FB5E807FF1BC6AB
File 2
Entry id: 0x103
Filename : update_flags.txt
Data offset: 0x41716
Data length: 5
File hash : FD7C893936FDFC668922BE6D119A462111B2BBDB
File 3
Entry id: 0x200
Filename : ps3swu.self
Data offset: 0x4171B
Data length: 5661656
File hash : C61DDE12E75C2218214700D7D49006583F1B968B
File 4
Entry id: 0x201
Filename : vsh.tar
Data offset: 0x5A7AF3
Data length: 10240
File hash : D9B66E0D2845D71A67D76E7907AB06368CE61E08
File 5
Entry id: 0x202
Filename : dots.txt
Data offset: 0x5AA2F3
Data length: 3
File hash : 1AA4749D0EE0D0AE937FBF73BC4B9ACD352F732A
File 6
Entry id: 0x300
Filename : update_files.tar
Data offset: 0x5AA2F6
Data length: 172890112
File hash : 93A7A95BFCFC263DCB4A18477062FDCC72BE47A0</pre>
== JBKing 1.5 update ==
http://www.ps3hax.net/2012/03/finally-jb-king-cracks-v2-5-update/
https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/JBKing/Updates/JBKing%202.5/
=Content discs=
== EBOOT.BIN details (1.0/2.1) ==
===SELF header===
  elf #1 offset:  00000000_00000090
  header len:    00000000_00000a80
  meta offset:    00000000_000004a0
  phdr offset:    00000000_00000040
  shdr offset:    00000000_002117f8
  file size:      00000000_0021150c
  auth id:        10100000_01000003 (Unknown)
  vendor id:      01000002
  info offset:    00000000_00000070
  sinfo offset:  00000000_00000290
  version offset: 00000000_00000390
  control info:  00000000_000003c0 (00000000_00000100 bytes)
  app version:    1.0.0
  SDK type:      Devkit
  app type:      NP-DRM application
===Control info===
  control flags:
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  file digest:
    62 7c b1 80 8a b9 38 e3 2c 8c 09 17 08 72 6a 57 9e 25 86 e4
    f1 95 cf a4 c0 04 0f c9 14 de 1f 9a 21 4e 10 ca 6b a6 8c 86
  NPDRM info:
    magic: 4e504400
    unk0 : 00000001
    unk1 : 00000003
    unk2 : 00000001
    content_id: IV0002-NPXS00020_00-TEST000000000001
    digest:    09 37 f1 32 60 b9 70 02 76 9e e4 0f 7b 10 70 0f
    invdigest:  f6 c8 0e cd 9f 46 8f fd 89 61 1b f0 84 ef 8f f0
    xordigest:  5c 62 a4 67 35 ec 25 57 23 cb b1 5a 2e 45 25 5b
===Section header===
    offset            size              compressed unk1    unk2    encrypted
    00000000_00000a80  00000000_00209dc0 [NO ]      00000000 00000000 [NO ]
    00000000_00210a80  00000000_000005b0 [NO ]      00000000 00000000 [NO ]
    00000000_00211030  00000000_00000000 [NO ]      00000000 00000000 [NO ]
    00000000_00211030  00000000_00000000 [NO ]      00000000 00000000 [NO ]
    00000000_00211030  00000000_00000000 [NO ]      00000000 00000000 [NO ]
    00000000_00210df8  00000000_00000004 [NO ]      00000000 00000000 [N/A]
    00000000_0020a7e0  00000000_00000020 [NO ]      00000000 00000000 [N/A]
    00000000_0020a800  00000000_00000040 [NO ]      00000000 00000000 [N/A]
===Encrypted Metadata===
  no encrypted metadata in fselfs.
===ELF header===
  type:                                Executable file
  machine:                              PowerPC64
  version:                              1
  phdr offset:                          00000000_00000040
  shdr offset:                          00000000_00210e08
  entry:                                00000000_002200f0
  flags:                                00000000
  header size:                          00000040
  program header size:                  00000038
  program headers:                      8
  section header size:                  00000040
  section headers:                      28
  section header string table index:    27
= Content Releases =
== Paradox TB ==
Note: Releases seen in the wild are full BD content prepatched for TrueBlue. We are only interested in documenting/reversing, so please don't post full links (only stripped).
* [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Patches/portal_2_BLUS30732_TB.rar portal_2_BLUS30732_TB.rar (78.04 MB)]
=== EBOOT.BIN details ===
...
=FW analysis=
== FW Changes (1.0/2.1) ==
Compared to OFW 3.55:
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Firmware/analysis/ofw-vs-jb2.rar ofw-vs-jb2.rar (4.18 MB)]
====EULA.xml====
<pre> <str id="msg_updater_10">This update will install PS3 system software version 3.55, modified to support homebrew software and the disc dongle.</str> </pre>
====Version.txt====
<pre>3.55-Dongle</pre>
===CORE_OS_PACKAGE.pkg===
====lv1.self====
One patch to lv1_map_htab (lv1 undocumented function 114) to allow for RW mapping of all RAM. So who knows how many other lv1 patches are done at runtime.
<pre>
file
        Offset(h) 00 01 02 03
  OFW:  000F5A44  39 20 00 00  li  r9,0
  TB:  000F5A44  39 20 00 01  li  r9,1
</pre>
<pre>
memory
        Offset(h) 00 01 02 03
  OFW:    2d5a44  39 20 00 00  li r9,0
  TB:    2d5a44  39 20 00 01  li r9,1
</pre>
====lv2_kernel.self====
http://pastie.org/private/onlbfdxjdtaddb9blu0sq <br />
only 1 function change, and a section added <br />
sub_28fe30 is replaced <small>1)</small><br />
the new section is loaded at 0x80000000007f0000 (which is where those payloads are being loaded) [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Firmware/analysis/lv2_kernel.bin lv2_kernel.bin (6.41 KB)]
<small>note 1) : * ''the 28fe30 function is replaced with OFW code during exploit execution (which is why it is OFW, when there is no dongle). That 28fe30 function mounts dev_flash, so they are in control before even dev_flash loads. When lv2 loads dev_flash, the exploit is triggered which, among the things it does, is replace the function with the proper one to mount dev_flash, then branchs to it and boot continues.''</small>
===dev_flash_010.tar.aa.2010_11_27_051337===
====\dev_flash\vsh\module\nas_plugin.sprx====
<pre>
        Offset(h) 00 01 02 03
  OFW:  00003250  7C 60 1B 78  mr    r0, r3
  TB:  00003250  38 00 00 00  li    r0, 0
</pre>
<pre>
        Offset(h) 00 01 02 03
  OFW:  00037350  41 9E 00 4C  beq-  cr7,4c
  TB:  00037350  60 00 00 00  nop
</pre>
"standard pkg patches"
===dev_flash_016.tar.aa.2010_11_27_051337===
====\dev_flash\vsh\resource\explore\xmb\category_game.xml====
standard app_home and install package files from mfw builder.
http://pastie.org/private/ixsiyvycqmgmcdmv7swcsg
====\dev_flash\vsh\resource\explore\xmb\category_video.xml====
netflix removed
http://pastie.org/private/4i02xv2onvaezfiy3i56a


= Dongle Updater PKG =
= Dongle Updater PKG =
== 2.1 ==
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.1/dongle-updater.pkg TrueBlueUpdate-2.1/dongle-updater.pkg]
Dongle is released with 1.0, this PKG is used to update the dongle to 2.1
Dongle is released with 1.0, this PKG is used to update the dongle to 2.1
     SHA1: 4066FFEFD723FAF08EB84A62F4AA38180C40129C // MD5: 0200689D58FCA0FC51F7B738C33A5DC9 // CRC32: 4D72836 // CRC16: 8A62  
     SHA1: 4066FFEFD723FAF08EB84A62F4AA38180C40129C // MD5: 0200689D58FCA0FC51F7B738C33A5DC9 // CRC32: 4D72836 // CRC16: 8A62  


Unpkg/unself'ed: [http://www.multiupload.com/XC00DAHUXP dongle-updater.pkg.out.rar (2.03 MB)] <br />
Plaintext visible in the unself'ed eboot.bin : http://pastebin.com/EFQczE2r (interesting note: it used /dev_hdd0/vsh/tmp.bin as temp for the payload)<br />
Plaintext visible in the unself'ed eboot.bin : http://pastebin.com/EFQczE2r (interesting note: it used /dev_hdd0/vsh/tmp.bin as temp for the payload)<br />


=== Payload (2.1) ===
== Payload ==
located in unself'ed eboot.bin @ offset:
located in unself'ed eboot.bin @ offset:
   eboot      payload
   eboot      payload
Line 935: Line 483:
   002084E0  001FFFF0  EB 3B 01 F7 6F A9 CF 3C B6 EB 89 82 7D E6 7D 3B  ë;.÷o©Ï<¶ë‰‚}æ};
   002084E0  001FFFF0  EB 3B 01 F7 6F A9 CF 3C B6 EB 89 82 7D E6 7D 3B  ë;.÷o©Ï<¶ë‰‚}æ};


[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.1/TB_dongle_payload.bin TrueBlueUpdate-2.1/TB_dongle_payload.bin (2 MB)]
[http://www.multiupload.com/PFC3IZZNNN TB_dongle_payload.bin (2 MB)]
     SHA1: 43402D6FE2ECE43EBE91531EFA07C366D46DD121 // MD5: BA5AFAB174BF6003D41AC8951301B822 // CRC32: 248284D2 // CRC16: 8C78
     SHA1: 43402D6FE2ECE43EBE91531EFA07C366D46DD121 // MD5: BA5AFAB174BF6003D41AC8951301B822 // CRC32: 248284D2 // CRC16: 8C78


==== lv2 dump (2.1) ====
=== lv2 dump ===
payload decrypted @ LV2 dump 0x7f0000
payload decrypted @ LV2 dump 0x7f0000


http://pastebin.com/3VG76HQs
http://pastebin.com/3VG76HQs


==== descriptors (2.1) ====
=== descriptors ===


{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;"  
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;"  
Line 1,418: Line 966:
   00000010  03 6b 2d 2c 45 d7 25 ff  aa 34 b1 a8 8b 5d a7 b3   
   00000010  03 6b 2d 2c 45 d7 25 ff  aa 34 b1 a8 8b 5d a7 b3   
   ...
   ...
== 2.2 ==
True Blue Dongle Update v2.2 - Initial worldwide release
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.2/TrueBlueUpdate-2.2.pkg TrueBlueUpdate-2.2/TrueBlueUpdate-2.2.pkg]
    SHA1: 504D53CD6EDFA3382510CCB40CE49F802073FBD4 // MD5: A09CBCD5B3AEC31B07D974BEB4AC21FE // CRC32: 82F977CC // CRC16: 92D4
=== Payload (2.2) ===
located in unself'ed eboot.bin @ offset:
  eboot      payload
  Offset(h)  Offset(h)  00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00008690  00000000  09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01  .......€ú.....þ.
    ...
  0007B588  00072EF0  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.2/TB_payload_2.2.bin payload2-2.bin (459.75 KB)]
    SHA1: 69953C9CF60E67E798A22C1016ABCB44A1D42CDF // MD5: F0826BA059B352BC6100647DB7EFDE5F // CRC32: 4B3C2132 // CRC16: 8181
==== lv2 dump (2.2) ====
payload @ file offset 0x8698 - 0x7b598
http://pastie.org/private/byhfezysb8iz2hed8o2hva
==== descriptors (2.2) ====
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;"
|- bgcolor="#cccccc"
! Start Offset !! End Offset !! descriptor !! Description
|-
| 0x0000000 || ... || 0x0 || <pre>09 02 1200 01 00 00 80 fa
09 04 00 00 00 fe 01 02 00
00 00 00 00 00 00 fa ce b0 03 aa bb cc dd</pre>
|-
| 0x0001000 || ... || 0x1 || <pre>09 02 1200 01 00 00 80 fa
09 04 00 00 00 fe 01 02 00
00 00 00 00 00 00 fa ce b0 03 aa bb cc dd</pre>
|-
| 0x0002000 || ... || 0x2 || <pre>09 02 1200 01 00 00 80 fa
09 04 00 00 00 fe 01 02 00
00 00 00 00 00 00 fa ce b0 03 aa bb cc dd</pre>
|-
| 0x0003000 || ... || 0x3 || <pre>09 02 1200 01 00 00 80 fa
09 04 00 00 00 fe 01 02 00
00 00 00 00 00 00 fa ce b0 03 aa bb cc dd</pre>
|-
| 0x0004000 || ... || 0x4 || <pre>09 02 1600 01 01 00 80 01
09 04 00 00 00 fe 01 02 00</pre>
|-
| 0x0008000 || ... || 0x5 || <pre>09 02 4d0a 01 01 00 80 01
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 04
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 04
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 04 00 00 00 fe 01 02 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 04
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 04 00
09 04 00 00 00 fe 01 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 04
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 00 fe 01 02 00
09 04 00 00 00 fe 01 02 88 37 f5</pre>
|-
| 0x0009000 || ... || 0x6 || <pre>09 02 4d0a 01 01 00 80 01
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 04
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 04
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 04 00 00 00 fe 01 02 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 04
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 04 00
09 04 00 00 00 fe 01 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 04
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 09 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 01 02 00
09 04 00 00 00 fe 00 fe 01 02 00
09 04 00 00 00 fe 01 02 2e e3 7c</pre>
|-
| 0x000c000 || ... || 0x7 || <pre>09 02 1200 01 01 00 80 01
09 04 00 00 00 fe 01 02 00</pre>
|-
| 0x000d000 || ... || 0x8 || <pre>09 02 0000 01 01 00 80 01
09 04 00 00 00 fe 01 02 00</pre>
|-
| 0x000e000 || ... || 0x9 || <pre>09 02 3000 01 01 00 80 01
09 04 00 00 00 fe 01 02 00
3e 21 00 00 00 00 fa ce b0 03 aa bb cc dd</pre>
|-
| 0x0010000 || ... || 0xa || <pre>09 02 2000 01 00 00 80 01
09 04 00 00 02 ff 00 00 00
07 05 02 02 08 00 00
07 05 81 02 08 00 00</pre>
|-
| 0x0014000 || ... || 0xb || <pre>09 02 3500 01 01 00 80 32
09 04 00 00 05 fe 01 02 00
07 05 04 02 08 00 00
07 05 85 02 08 00 00
07 05 06 02 08 00 00
07 05 07 02 08 00 00
07 05 88 02 08 00 00</pre>
|-
| 0x001c000 || ... || 0xc || <pre>09 02 000f 01 00 00 80</pre>
|-
| 0x001c008 || ... || 0xd || <pre>09 02 000f 01 00 00 80</pre>
|-
| 0x001c020 || ... || 0xe || <pre>09 02 1600 01 01 00 80</pre>
|-
| 0x001c040 || ... || 0xf || <pre>09 02 4d0a 01 01 00 80</pre>
|-
| 0x001c048 || ... || 0x10 || <pre>09 02 4d0a 01 01 00 80</pre>
|-
| 0x001c060 || ... || 0x11 || <pre>09 02 1200 01 01 00 80</pre>
|-
| 0x001c068 || ... || 0x12 || <pre>09 02 1200 01 01 00 80</pre>
|-
| 0x001c070 || ... || 0x13 || <pre>09 02 3000 01 01 00 80</pre>
|-
| 0x001c080 || ... || 0x14 || <pre>09 02 2000 01 01 00 80</pre>
|-
| 0x001c0a0 || ... || 0x15 || <pre>09 02 3500 01 01 00 80 3</pre>
|-
|}
http://pastie.org/private/11axjnmsy73lury2iaymkw
==== TB 2.2 update ====
<!--//TB 2.2 update and how the update data .bin is written//-->
{| class="wikitable"
|-
! 0x00000 - 0x00eff !! 0x00000 - 0x00eff
|-
| <pre>
0000000 09 02 12 00 01 00 00 80 fa 09 04 00 00 00 fe 01
0000010 02 00 00 00 00 00 00 00 fa ce b0 03 aa bb cc dd
0000020 7c 08 02 a6 48 00 00 05 7c 88 02 a6 38 84 ff f8
</pre> || <pre>
0000000 09 02 12 00 01 00 00 80 fa 09 04 00 00 00 fe 01
0000010 02 00 00 00 00 00 00 00 fa ce b0 03 aa bb cc dd
0000020 7c 08 02 a6 48 00 00 05 7c 88 02 a6 38 84 ff f8
</pre>
|-
| <pre>
0000ed0 80 00 00 00 00 7f 03 30 80 00 00 00 00 7f 8c 30
0000ee0 00 00 00 00 00 00 00 00 80 00 00 00 00 7f 03 44
0000ef0 80 00 00 00 00 7f 8c 30 00 00 00 00 00 00 00 00
</pre> || <pre>
0000ed0 80 00 00 00 00 7f 03 30 80 00 00 00 00 7f 8c 30
0000ee0 00 00 00 00 00 00 00 00 80 00 00 00 00 7f 03 44
0000ef0 80 00 00 00 00 7f 8c 30 00 00 00 00 00 00 00 00
</pre>
|-
! 0x00f00 - 0x11eff !! 0x20000 - 0x30fff
|-
| <pre>
0000f00 11 4d c0 07 90 7c 60 db fc 5c 66 c5 d2 b9 ea 18
0000f10 38 e2 81 dd aa a7 09 e6 c9 71 89 94 4c cb 26 c0
0000f20 54 00 0c 0d f5 cb 38 12 19 f8 11 5d 05 11 ef b3
</pre> || <pre>
0020000 11 4d c0 07 90 7c 60 db fc 5c 66 c5 d2 b9 ea 18
0020010 38 e2 81 dd aa a7 09 e6 c9 71 89 94 4c cb 26 c0
0020020 54 00 0c 0d f5 cb 38 12 19 f8 11 5d 05 11 ef b3
</pre>
|-
| <pre>
0011ed0 5e e3 d5 fe cc b5 4b b9 cd de c4 b5 be c2 97 91
0011ee0 4f f8 c6 84 3f 51 ab 7a 61 e6 10 8c 5b 75 2e 21
0011ef0 f0 c8 66 52 67 ed 0c 7e b9 1e ce 05 82 6f 4a 95
</pre> || <pre>
0030fd0 5e e3 d5 fe cc b5 4b b9 cd de c4 b5 be c2 97 91
0030fe0 4f f8 c6 84 3f 51 ab 7a 61 e6 10 8c 5b 75 2e 21
0030ff0 f0 c8 66 52 67 ed 0c 7e b9 1e ce 05 82 6f 4a 95
</pre>
|-
! 0x11f00 - 0x21eff !! 0x40000 - 0x4ffff
|-
| <pre>
0011f00 bd a7 dc 80 af ce a8 35 e9 51 de 8b a3 20 53 cd
0011f10 e1 6c ed 3a b9 b9 a5 02 09 04 4c 40 d4 fb 44 79
0011f20 79 a5 0a f5 c0 d4 69 f7 20 8b 6d 0b f8 31 ab 2f
</pre> || <pre>
0040000 bd a7 dc 80 af ce a8 35 e9 51 de 8b a3 20 53 cd
0040010 e1 6c ed 3a b9 b9 a5 02 09 04 4c 40 d4 fb 44 79
0040020 79 a5 0a f5 c0 d4 69 f7 20 8b 6d 0b f8 31 ab 2f
</pre>
|-
| <pre>0021ed0 ba 85 d4 f2 cc 57 4b ae 28 6a cc ed 12 73 c3 21
0021ee0 28 fd f1 ff 91 b5 bf dc 12 34 e4 e5 81 ed 00 d1
0021ef0 3b 4c 13 e9 8d b8 0e 15 07 15 cb 37 14 1e fc 12</pre> || <pre>
004ffd0 ba 85 d4 f2 cc 57 4b ae 28 6a cc ed 12 73 c3 21
004ffe0 28 fd f1 ff 91 b5 bf dc 12 34 e4 e5 81 ed 00 d1
004fff0 3b 4c 13 e9 8d b8 0e 15 07 15 cb 37 14 1e fc 12
</pre>
|-   
! 0x21f00 - 0x32eff !! 0xa0000 - 0xb0fff
|-
| <pre>
0021f00 4a e0 50 59 85 2f 3c 35 82 3a 87 45 d4 9c 02 a7
0021f10 3c 36 b9 58 e2 b6 ac cb cc a1 51 14 9e 18 b7 1c
0021f20 49 ee a9 db 86 e0 ca 20 b6 73 9e 65 66 77 85 da
</pre> || <pre>
00a0000 4a e0 50 59 85 2f 3c 35 82 3a 87 45 d4 9c 02 a7
00a0010 3c 36 b9 58 e2 b6 ac cb cc a1 51 14 9e 18 b7 1c
00a0020 49 ee a9 db 86 e0 ca 20 b6 73 9e 65 66 77 85 da
</pre>
|-
| <pre>
0032ed0 02 e9 0a 39 b3 44 a2 a1 b1 11 e1 c7 d7 16 a1 a4
0032ee0 f9 17 e0 29 e8 92 0b bd c2 90 c0 94 63 65 86 bf
0032ef0 8b cf a7 59 e5 df 80 b3 02 94 f6 02 28 f3 90 58
</pre> || <pre>
00b0fd0 02 e9 0a 39 b3 44 a2 a1 b1 11 e1 c7 d7 16 a1 a4
00b0fe0 f9 17 e0 29 e8 92 0b bd c2 90 c0 94 63 65 86 bf
00b0ff0 8b cf a7 59 e5 df 80 b3 02 94 f6 02 28 f3 90 58
</pre>
|-
! 0x32f00 - 0x44eff !! 0xc0000 - 0xd1fff
|-
| <pre>
0032f00 04 a3 9b e7 82 91 8d e5 d5 80 2b d9 d7 3c 1e c0
0032f10 61 d6 09 3a a6 1c 93 6f c5 7c 31 f8 dd cb 78 28
0032f20 6b b6 77 5a 23 b6 06 dd a8 d1 4e a6 dc fb 98 9e
</pre> || <pre>
00c0000 04 a3 9b e7 82 91 8d e5 d5 80 2b d9 d7 3c 1e c0
00c0010 61 d6 09 3a a6 1c 93 6f c5 7c 31 f8 dd cb 78 28
00c0020 6b b6 77 5a 23 b6 06 dd a8 d1 4e a6 dc fb 98 9e
</pre>
|-
| <pre>
0044ed0 92 7b 93 d8 3b 36 d8 2d ea ca 6c e6 e3 4e e1 61
0044ee0 48 9e 52 e5 0a 74 0b 1c 5b d4 76 01 13 fc 37 84
0044ef0 05 a3 8b 12 ed d4 12 f0 12 e2 50 0a 86 81 eb 5b
</pre> || <pre>
00d1fd0 92 7b 93 d8 3b 36 d8 2d ea ca 6c e6 e3 4e e1 61
00d1fe0 48 9e 52 e5 0a 74 0b 1c 5b d4 76 01 13 fc 37 84
00d1ff0 05 a3 8b 12 ed d4 12 f0 12 e2 50 0a 86 81 eb 5b
</pre>
|-
! 0x44f00 - 0x72eff !! 0x60000 - 0x8dfff
|-
| <pre>
0044f00 7a e9 9b 7e ca b6 2b ff da fe 16 be 7b 59 d2 b2
0044f10 a4 ec 11 b0 11 0c d1 ea f4 d4 3b a2 2a f4 e9 b3
0044f20 ca 86 ae 02 32 a7 19 e6 0d 6f cd 84 fc 66 c5 c2
</pre> || <pre>
0060000 7a e9 9b 7e ca b6 2b ff da fe 16 be 7b 59 d2 b2
0060010 a4 ec 11 b0 11 0c d1 ea f4 d4 3b a2 2a f4 e9 b3
0060020 ca 86 ae 02 32 a7 19 e6 0d 6f cd 84 fc 66 c5 c2
</pre>
|-
| <pre>
0072ed0 38 b8 fe 73 60 a2 7b 1d 3b bb a2 f6 3c d6 ca 0d
0072ee0 16 b4 4b 1b bc ae fc 93 27 60 70 3a be 8f b5 cd
0072ef0 99 0a 4c 65 2a ce de d6 0d c8 d2 73 fc b3 85 e2
</pre> || <pre>
008dfd0 38 b8 fe 73 60 a2 7b 1d 3b bb a2 f6 3c d6 ca 0d
008dfe0 16 b4 4b 1b bc ae fc 93 27 60 70 3a be 8f b5 cd
008dff0 99 0a 4c 65 2a ce de d6 0d c8 d2 73 fc b3 85 e2
</pre>
|-
|}
http://pastie.org/private/xqnwgptonrxonytzdstdka
== 2.3 ==
True Blue Dongle Update v2.3 - [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.3/TrueBlueUpdate-2.3.pkg /TrueBlueUpdate-2.3/TrueBlueUpdate-2.3.pkg]
* Fixed games requiring "BD Mirror"
* True Blue firmware version is now displayed on the XMB "System Information" screen
 
  PKG:  SHA1: B8A48394FF09A358CAB230823C18F871256C6A34 // MD5: 67185C448FAEE1FE262556302FB86240 // CRC32: AFF450D2 // CRC16: 21C1
<!--// The 'True Blue' team again comes thru with more support, this time with another update (v2.3), which was developed after the team was contacted by 'Paradox' in regard to problems with some of the latest games like 'Modern Warfare 3', and up-coming releases and patches, after some brain-storming and figuring out the compatibility problems the 'True Blue' team has now released the v2.3 update which will be required for all 'future' PS3 games released. //-->
=== Payload (2.3) ===
located in unself'ed eboot.bin @ offset:
  eboot      payload
  Offset(h)  Offset(h)  00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00008698  00000000  09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01  .......€ú.....þ.
    ...
  0007BD88  000736F0  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.3/payload_2.3.bin payload_2.3.bin (461.75 KB)]
  SHA1: DD8C3302F5F2394B2A0D907DE972AFB8E94DB0B5 // MD5: 7E4C3C6D7BA24375D3BE83074D882E0A // CRC32: 7D748CE8 // CRC16: 4A3B
==== lv2 dump (2.3) ====
payload @ file offset 0x8698 - 0x736F0
==== descriptors (2.3) ====
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;"
|- bgcolor="#cccccc"
! Start Offset !! End Offset !! descriptor !! Description
|-
| 0x0000000 || ... || 0x0 || <pre>09 02 1200 01 00 00 80 fa
09 04 00 00 00 fe 01 02 00
00 00 00 00 00 00 fa ce b0 03 aa bb cc dd</pre>
|-
| - || - || - || <pre>09 03 A6 4E 80 04 21
09 03 A6 E8 5F 00 08
09 03 A6 E8 5F 00 08
09 00 00 F8 41 00 28
09 03 A6 E8 49 00 08
09 00 00 F8 41 00 28 E9
09 03 A6 E8 49 00 08 4E
...
</pre>
|-
|}
== 2.4 ==
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.4/TrueBlueUpdate-2.4.pkg TrueBlueUpdate-2.4/TrueBlueUpdate-2.4.pkg]
=== Payload (2.4) ===
located in unself'ed eboot.bin @ offset:
  eboot      payload
  Offset(h)  Offset(h)  00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00008730  00000000  09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01  .......€ú.....þ.
    ...
  000A3620  0009AEFF  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.4/payload_2.4.bin payload_2.4.bin (619.75 KB)]
  SHA1: C062057BFBE4A0DF6C6C6E1B33C7561BC859C23F // MD5: 69FC4CE04DD4255A0BEEF4C2168F0AB0 // CRC32: 1C9EE18 // CRC16: 85DE
IDA DB: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.4/EBOOT_SHT_fixed.i64 EBOOT_SHT_fixed.i64 (3.01 MB)]
== 2.5 ==
=== Payload (2.5) ===
start: 8600, end: 63e00, size: 5b800
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.5/EBOOT,BIN.elf TrueBlueUpdate-2.5/EBOOT,BIN.elf]
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.5/update_data_2.5.bin TrueBlueUpdate-2.5/update_data_2.5.bin]
== 2.61 ==
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.61/TrueBlueUpdate-2.61.pkg TrueBlueUpdate-2.61.pkg]
=== Payload (2.61) ===
located in unself'ed eboot.bin @ offset:
  Offset(h)  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00008768  00000000  E4 C7 60 B6 E3 77 C2 89 B3 71 1D 06 EE 4C DF F7  äÇ`¶ãw‰³q..îLß÷
    ...
  00066F58  0005E7F0  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.61/payload_2.61.bin payload_2.61.bin (378 KB)]
  SHA1: 7CEA46601B717912D6A434CA2C164E0A9B890825 // MD5: 1114BC3061581FC592A3797B340FD545 // CRC32: B66F50FD // CRC16: B685
IDA DB: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.61/TrueBlueUpdate-2.61.idc TrueBlueUpdate-2.61.idc (203 KB)]
== 2.62 ==
=== Payload (2.62) ===
located in unself'ed eboot.bin @ offset:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00000000  E0 AE 1B 14 9D 24 05 8A D0 BB 65 D8 7F CC 1C 24  à®...$.ŠÐ»eØ.Ì.$
    ...
  0005E7F0  99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2  ™.Le*ÎÞÖ.ÈÒsü³…â
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.62/payload_2.62.bin payload_2.62.bin (378 KB)]
  SHA1: C5D37456FD5E59CFB648C82BBBE3FD95875E7C49 // MD5: 870C58F2CEC6BDB0ACF43EDD459ECD1C // CRC32: 35B2B2CA // CRC16: E3DE
== 2.7 ==
=== Payload (2.7) ===
located in unself'ed eboot.bin @ offset:
  Offset(h)  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  000087c8  00000000  E0 AE 1B 14 9D 24 05 8A D0 BB 65 D8 7F CC 1C 24  à®...$.ŠÐ»eØ.Ì.$
    ...
  00067fc8  0005F7F0  D9 5A C0 45 E8 78 E6 C6 16 0A 98 10 1B CA 52 3B  ÙZÀEèxæÆ..˜..ÊR;
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.7/TB_payload_27.bin TB_payload_27.bin (382 KB)]
  SHA1: 107A4E37471D58E79B6F8A884FF09DD3A5F83DD0 // MD5: 495970F92139F966BF78E43509BB7C38 // CRC32: FBA0FCEB // CRC16: AD81
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "http://www.psdevwiki.com/ps3/ReDRM_/_Piracy_dongles"