ReDRM / Piracy dongles: Difference between revisions
Jump to navigation
Jump to search
CrashSerious (talk | contribs) |
m (Text replacement - "http://web.archive.org/web→/http://ps3devwiki.com/files" to "https://web.archive.org/web/: http://ps3devwiki.com/files") |
||
| (30 intermediate revisions by 8 users not shown) | |||
| Line 1: | Line 1: | ||
{{Wikify}} | |||
=Description= | =Description= | ||
TrueBlue dongles are USB dongles for the PS3 which enable custom firmware 'special' functionality to launch resigned game backups. These dongles are themselves a form of DRM, as the particular format of these backups will not work without the TB dongle. Contentdisc's contain fself'ed eboot.bin's. <br /> | |||
Contentdisc's contain fself'ed eboot.bin's. <br /> | Hardware-wise, there are many similarities with [[PS3Cobra_Payload_Reverse_Engineering#Hardware_Dongle|PS3Cobra]] | ||
== | == Clarifications == | ||
* '''If the content works with the dongle, that means the original content | * '''If the content works with the dongle, that means the original content also works (without the dongle) if resigned for Firmware v3.55!''' | ||
* | * TrueBlue dongles/firmware do not support PSN (OFW and [[KaKaRoTo Kind of ´Jailbreak´]] do) | ||
* | * Special features for PS Vita are not usable (OFW and [[KaKaRoTo Kind of ´Jailbreak´]] can) | ||
* TrueBlue cannot play Firmware 3.6x+/3.7x+/4.x+ original content (it does not have the keys for it). | |||
* | * It can only play such content which is re-encrypted/resigned with the key supported by the dongle. | ||
* It can only play such content which is re-encrypted/resigned with | ** Such content was limited to already decryptable and debug eboot.bin's. | ||
** Such content | *** Titles in the wild were almost entirely released by PARADOX (patches) & PARADiSO (full pirated releases) between November 2011 and June 2012 - with groups like BORG and EHRGEIZ appearing from May through June of 2012. There was also lighttake, which sold full pre-patched pirated Blu-ray discs. It seems possible that they were involved in the TrueBlue production/distribution. Profiting from or otherwise receiving money for re-applying DRM could likely be considered a scam. | ||
*** | *** No public tools exist for 'converting' to TB format (re-encrypting/resigning) - making TB dongle users completely dependent on warez release groups like PARADOX/PARADiSO/BORG/EHRGEIZ. | ||
* Content for Firmware v3.55 and lower still works (after all, its just a MFW 3.55) - with some exceptions (in some cases it will even brick the dongle when running certain pieces of homebrew). | |||
*** | * Needs the MFW (and cannot work on OFW's, that is why there is no 'power/eject trick') | ||
* Content for | |||
* Needs the MFW (and cannot work on OFW's, that is why there is ' | |||
* Cannot be used for downgraded consoles (which rely on lv1 syscon hashcheck patches) | * Cannot be used for downgraded consoles (which rely on lv1 syscon hashcheck patches) | ||
* If you are using special | * If you are using special firmware now, they will not be compatible with this one. e.g. Incompatible with: | ||
** OtherOS++ | ** OtherOS++ | ||
** Proper MFW's | ** Proper MFW's | ||
| Line 261: | Line 256: | ||
CLK for Actel <br /> | CLK for Actel <br /> | ||
==== AMS1117 2.851049 - Low Dropout Linear Regulator ==== | ==== AMS1117 2.851049 - Low Dropout Linear Regulator ==== | ||
Datasheet: http://www.sltdigital.com/product/product_pdf/AMS1117.pdf / http://home1.cyber-labo.co.jp/board/goods/pdf/AMS1117.pdf <br /> | Datasheet: | ||
* https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Datasheets/AMS1117-.pdf | |||
* https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Datasheets/AMS1117.pdf<!--// http://www.sltdigital.com/product/product_pdf/AMS1117.pdf / http://home1.cyber-labo.co.jp/board/goods/pdf/AMS1117.pdf //--> <br /> | |||
[[:File:AMS1117 - SOT-223.png]] | [[:File:AMS1117 - SOT-223.png]] | ||
| Line 287: | Line 284: | ||
|- | |- | ||
|} | |} | ||
==== Winbond 25X16AVSIG (SPI Flash 16Mbit) ==== | |||
{{Template:Winbond 25X16AVSIG}} | |||
====Test Points==== | |||
<div style="float:right">[[File:Psjb2-Trueblue-TESTPOINTS.jpg|200px|thumb|left|PSJB2/TrueBlue - Testpoints to Winbond SPI flash]]<br /></div> | |||
There are test points on the dongle that provice full pin access to the Winbond chip, be careful soldering to them since it is easy to pull off a test point.<br> | |||
== Dongle 2.0 == | |||
Supposed to be massproduced instead of manually soldered like the 1.0 dongle. Not seen in the wild yet. | |||
== Dongle Clones == | |||
=== Jb2usb === | |||
<table width="100%" align="left"><tr> | |||
<td align="left">[[File:Jb2usb1.jpg|200px|thumb|left|Jb2usb clone dongle overview]]</td> | |||
<td align="left">[[File:Jb2usb2.jpg|200px|thumb|left|Jb2usb clone dongle board]]</td></tr></table> | |||
<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /> | |||
=== JB-King === | |||
* JB-King is a "copy-cat" clone by dongle makers in China. (some have claimed by the makers of PS3Go). Its poetic, piracy and theft of the "intellectual property" of pirates and thieves. | |||
<gallery> | |||
File:Jb-king-front.jpg|JB-King clone dongle front | |||
File:JB-King BACK.jpg|JB-King clone dongle - BACK | |||
File:JB-King_Dongle_Abkarino_DVD4Arab_01.png|tb-king clone dongle overview | |||
File:JB-King_Dongle_Abkarino_DVD4Arab_02.png|tb-king clone dongle board | |||
File:JBKing-1.jpg | |||
File:JBKing-2.jpg | |||
</gallery> | |||
=== Components === | |||
==== Winbond 25X16AVSIG (SPI Flash 16Mbit) ==== | ==== Winbond 25X16AVSIG (SPI Flash 16Mbit) ==== | ||
| Line 298: | Line 328: | ||
I - Temperature Range: Industrial (-40'C ~ 85'C) | I - Temperature Range: Industrial (-40'C ~ 85'C) | ||
G - Environment: Green Package (Lead-free, RoHS Compliant, Halogen-free (TBBA), Antimony-Oxie-free)</pre> | G - Environment: Green Package (Lead-free, RoHS Compliant, Halogen-free (TBBA), Antimony-Oxie-free)</pre> | ||
datasheet: [http://www. | datasheet: [http://www.winbond.com/NR/rdonlyres/C6366616-2CB7-49F8-A1F9-3BC363DF9480/0/W25X16A.pdf W25X16A.pdf (1.3 MB)] / https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/Datasheets/W25X16A.pdf <br /> | ||
Note: can use [http://blog.hodgepig.org/busninja/ Bus Ninja] or [http://flashrom.org/Bus_Pirate Bus Pirate] and [http://flashrom.org/Flashrom FlashROM] - <abbr title="In-System Programming (ISP)">ISP</abbr> is possible, so long as no other devices on the SPI bus are trying to access the device (in that case, you might want to cut Vcc to the FPGA or the regulator for it). | Note: can use [http://blog.hodgepig.org/busninja/ Bus Ninja] or [http://flashrom.org/Bus_Pirate Bus Pirate] and [http://flashrom.org/Flashrom FlashROM] - <abbr title="In-System Programming (ISP)">ISP</abbr> is possible, so long as no other devices on the SPI bus are trying to access the device (in that case, you might want to cut Vcc to the FPGA or the regulator for it). | ||
| Line 322: | Line 352: | ||
|- | |- | ||
|} | |} | ||
====Test Points==== | ====Test Points==== | ||
<div style="float:right">[[File:Psjb2-Trueblue-TESTPOINTS.jpg|200px|thumb|left|PSJB2/TrueBlue - Testpoints to Winbond SPI flash]] | <br> | ||
<div style="float:right">[[File:Psjb2-Trueblue-TESTPOINTS.jpg|200px|thumb|left|PSJB2/TrueBlue - Testpoints to Winbond SPI flash]]</div> | |||
<br> | |||
==== STM32 F103C8T6 : U2 ==== | |||
U2 <br /> | |||
datasheet: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Datasheets/stm32_f103c8t6.pdf stm32_f103c8t6.pdf (1.38 MB)] | |||
===== Pinout STM32 F103C8T6 LQFP48 ===== | |||
<div style="float:right">[[File:STM32 F103C8T6 - LQFP48.png|200px|thumb|left|STMicroelectronics STM32 F103C8T6 - LQFP48 package]]</div> | |||
<div style="height:250px; overflow:auto"> | |||
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;" | {| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;" | ||
|- bgcolor="#cccccc" | |- bgcolor="#cccccc" | ||
! Pin !! | ! Pin !! Function !! Notes | ||
|- | |- | ||
| 1 || | | 1 || VBAT || | ||
|- | |- | ||
| 2 || | | 2 || PC13-TAMPER-RTC || | ||
|- | |- | ||
| 3 || | | 3 || PC14-OSC32_IN || | ||
|- | |- | ||
| 4 || PC15-OSC32_OUT || | |||
| 4 || PC15-OSC32_OUT || | |||
|- | |- | ||
| 5 || PD0-OSC_IN || | | 5 || PD0-OSC_IN || | ||
| Line 727: | Line 702: | ||
= Downloads = | = Downloads = | ||
== First release (1.0/2.1) == | == First release (1.0/2.1) == | ||
* MFW: [http:// | * MFW: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Firmware/Jailbreak2.CFW.rar Jailbreak2.CFW.rar (172.34 MB)]<!--//http://www.filesonic.nl/file/2688912531/Jailbreak2.CFW.zip (password: whyudie)//--> | ||
** Alternative FW compatible with the PSJB2/TrueBlue dongle DRM lock-in : [http://rebug.me REBUG 3.55.2 TB EDITION] | ** Alternative FW compatible with the PSJB2/TrueBlue dongle DRM lock-in : [http://rebug.me REBUG 3.55.2 TB EDITION] / [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Firmware/3.55.2_TBE_Links.rar 3.55.2_TBE_Links.rar] | ||
* Dongle Updater v2.1: [http:// | * Dongle Updater v2.1: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.1/dongle-updater.pkg dongle-updater.pkg (2.1 MB)]<!--//http://www.filesonic.nl/file/2689038911/JB2.Dongle.Updater.zip (password: whyudie)//--> | ||
== Update 2.2 == | == Update 2.2 == | ||
* Dongle Updater v2.2: | * Dongle Updater v2.2: https://web.archive.org/web/*/http://ps3devwiki.com/files/TrueBlue/Updates/TrueBlueUpdate-2.2/ | ||
== FW Info (1.0/2.1) == | == FW Info (1.0/2.1) == | ||
| Line 796: | Line 772: | ||
Data length: 172890112 | Data length: 172890112 | ||
File hash : 93A7A95BFCFC263DCB4A18477062FDCC72BE47A0</pre> | File hash : 93A7A95BFCFC263DCB4A18477062FDCC72BE47A0</pre> | ||
== JBKing 1.5 update == | |||
http://www.ps3hax.net/2012/03/finally-jb-king-cracks-v2-5-update/ | |||
https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/JBKing/Updates/JBKing%202.5/ | |||
=Content discs= | =Content discs= | ||
| Line 868: | Line 849: | ||
== Paradox TB == | == Paradox TB == | ||
Note: Releases seen in the wild are full BD content prepatched for TrueBlue. We are only interested in documenting/reversing, so please don't post full links (only stripped). | Note: Releases seen in the wild are full BD content prepatched for TrueBlue. We are only interested in documenting/reversing, so please don't post full links (only stripped). | ||
* [http:// | * [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Patches/portal_2_BLUS30732_TB.rar portal_2_BLUS30732_TB.rar (78.04 MB)] | ||
=== EBOOT.BIN details === | === EBOOT.BIN details === | ||
| Line 876: | Line 857: | ||
== FW Changes (1.0/2.1) == | == FW Changes (1.0/2.1) == | ||
Compared to OFW 3.55: | Compared to OFW 3.55: | ||
[http:// | [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Firmware/analysis/ofw-vs-jb2.rar ofw-vs-jb2.rar (4.18 MB)] | ||
====EULA.xml==== | ====EULA.xml==== | ||
<pre> <str id="msg_updater_10">This update will install PS3 system software version 3.55, modified to support homebrew software and the disc dongle.</str> </pre> | <pre> <str id="msg_updater_10">This update will install PS3 system software version 3.55, modified to support homebrew software and the disc dongle.</str> </pre> | ||
| Line 904: | Line 885: | ||
only 1 function change, and a section added <br /> | only 1 function change, and a section added <br /> | ||
sub_28fe30 is replaced <small>1)</small><br /> | sub_28fe30 is replaced <small>1)</small><br /> | ||
the new section is loaded at 0x80000000007f0000 (which is where those payloads are being loaded) [http:// | the new section is loaded at 0x80000000007f0000 (which is where those payloads are being loaded) [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Firmware/analysis/lv2_kernel.bin lv2_kernel.bin (6.41 KB)] | ||
<small>note 1) : * ''the 28fe30 function is replaced with OFW code during exploit execution (which is why it is OFW, when there is no dongle). That 28fe30 function mounts dev_flash, so they are in control before even dev_flash loads. When lv2 loads dev_flash, the exploit is triggered which, among the things it does, is replace the function with the proper one to mount dev_flash, then branchs to it and boot continues.''</small> | <small>note 1) : * ''the 28fe30 function is replaced with OFW code during exploit execution (which is why it is OFW, when there is no dongle). That 28fe30 function mounts dev_flash, so they are in control before even dev_flash loads. When lv2 loads dev_flash, the exploit is triggered which, among the things it does, is replace the function with the proper one to mount dev_flash, then branchs to it and boot continues.''</small> | ||
| Line 939: | Line 920: | ||
== 2.1 == | == 2.1 == | ||
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.1/dongle-updater.pkg TrueBlueUpdate-2.1/dongle-updater.pkg] | |||
Dongle is released with 1.0, this PKG is used to update the dongle to 2.1 | Dongle is released with 1.0, this PKG is used to update the dongle to 2.1 | ||
SHA1: 4066FFEFD723FAF08EB84A62F4AA38180C40129C // MD5: 0200689D58FCA0FC51F7B738C33A5DC9 // CRC32: 4D72836 // CRC16: 8A62 | SHA1: 4066FFEFD723FAF08EB84A62F4AA38180C40129C // MD5: 0200689D58FCA0FC51F7B738C33A5DC9 // CRC32: 4D72836 // CRC16: 8A62 | ||
Plaintext visible in the unself'ed eboot.bin : http://pastebin.com/EFQczE2r (interesting note: it used /dev_hdd0/vsh/tmp.bin as temp for the payload)<br /> | Plaintext visible in the unself'ed eboot.bin : http://pastebin.com/EFQczE2r (interesting note: it used /dev_hdd0/vsh/tmp.bin as temp for the payload)<br /> | ||
| Line 953: | Line 935: | ||
002084E0 001FFFF0 EB 3B 01 F7 6F A9 CF 3C B6 EB 89 82 7D E6 7D 3B ë;.÷o©Ï<¶ë‰‚}æ}; | 002084E0 001FFFF0 EB 3B 01 F7 6F A9 CF 3C B6 EB 89 82 7D E6 7D 3B ë;.÷o©Ï<¶ë‰‚}æ}; | ||
[http:// | [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.1/TB_dongle_payload.bin TrueBlueUpdate-2.1/TB_dongle_payload.bin (2 MB)] | ||
SHA1: 43402D6FE2ECE43EBE91531EFA07C366D46DD121 // MD5: BA5AFAB174BF6003D41AC8951301B822 // CRC32: 248284D2 // CRC16: 8C78 | SHA1: 43402D6FE2ECE43EBE91531EFA07C366D46DD121 // MD5: BA5AFAB174BF6003D41AC8951301B822 // CRC32: 248284D2 // CRC16: 8C78 | ||
| Line 1,436: | Line 1,418: | ||
00000010 03 6b 2d 2c 45 d7 25 ff aa 34 b1 a8 8b 5d a7 b3 | 00000010 03 6b 2d 2c 45 d7 25 ff aa 34 b1 a8 8b 5d a7 b3 | ||
... | ... | ||
== 2.2 == | == 2.2 == | ||
True Blue Dongle Update v2.2 - Initial worldwide release | True Blue Dongle Update v2.2 - Initial worldwide release | ||
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.2/TrueBlueUpdate-2.2.pkg TrueBlueUpdate-2.2/TrueBlueUpdate-2.2.pkg] | |||
SHA1: 504D53CD6EDFA3382510CCB40CE49F802073FBD4 // MD5: A09CBCD5B3AEC31B07D974BEB4AC21FE // CRC32: 82F977CC // CRC16: 92D4 | SHA1: 504D53CD6EDFA3382510CCB40CE49F802073FBD4 // MD5: A09CBCD5B3AEC31B07D974BEB4AC21FE // CRC32: 82F977CC // CRC16: 92D4 | ||
=== Payload (2.2) === | === Payload (2.2) === | ||
| Line 1,452: | Line 1,433: | ||
0007B588 00072EF0 99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2 ™.Le*ÎÞÖ.ÈÒsü³…â | 0007B588 00072EF0 99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2 ™.Le*ÎÞÖ.ÈÒsü³…â | ||
[http:// | [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.2/TB_payload_2.2.bin payload2-2.bin (459.75 KB)] | ||
SHA1: 69953C9CF60E67E798A22C1016ABCB44A1D42CDF // MD5: F0826BA059B352BC6100647DB7EFDE5F // CRC32: 4B3C2132 // CRC16: 8181 | SHA1: 69953C9CF60E67E798A22C1016ABCB44A1D42CDF // MD5: F0826BA059B352BC6100647DB7EFDE5F // CRC32: 4B3C2132 // CRC16: 8181 | ||
| Line 2,248: | Line 2,229: | ||
== 2.3 == | == 2.3 == | ||
True Blue Dongle Update v2.3 - [http:// | True Blue Dongle Update v2.3 - [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.3/TrueBlueUpdate-2.3.pkg /TrueBlueUpdate-2.3/TrueBlueUpdate-2.3.pkg] | ||
* Fixed games requiring "BD Mirror" | * Fixed games requiring "BD Mirror" | ||
* True Blue firmware version is now displayed on the XMB "System Information" screen | * True Blue firmware version is now displayed on the XMB "System Information" screen | ||
| Line 2,255: | Line 2,236: | ||
<!--// The 'True Blue' team again comes thru with more support, this time with another update (v2.3), which was developed after the team was contacted by 'Paradox' in regard to problems with some of the latest games like 'Modern Warfare 3', and up-coming releases and patches, after some brain-storming and figuring out the compatibility problems the 'True Blue' team has now released the v2.3 update which will be required for all 'future' PS3 games released. //--> | <!--// The 'True Blue' team again comes thru with more support, this time with another update (v2.3), which was developed after the team was contacted by 'Paradox' in regard to problems with some of the latest games like 'Modern Warfare 3', and up-coming releases and patches, after some brain-storming and figuring out the compatibility problems the 'True Blue' team has now released the v2.3 update which will be required for all 'future' PS3 games released. //--> | ||
=== Payload (2.3) === | === Payload (2.3) === | ||
| Line 2,265: | Line 2,245: | ||
0007BD88 000736F0 99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2 ™.Le*ÎÞÖ.ÈÒsü³…â | 0007BD88 000736F0 99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2 ™.Le*ÎÞÖ.ÈÒsü³…â | ||
[http:// | [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.3/payload_2.3.bin payload_2.3.bin (461.75 KB)] | ||
SHA1: DD8C3302F5F2394B2A0D907DE972AFB8E94DB0B5 // MD5: 7E4C3C6D7BA24375D3BE83074D882E0A // CRC32: 7D748CE8 // CRC16: 4A3B | SHA1: DD8C3302F5F2394B2A0D907DE972AFB8E94DB0B5 // MD5: 7E4C3C6D7BA24375D3BE83074D882E0A // CRC32: 7D748CE8 // CRC16: 4A3B | ||
| Line 2,294: | Line 2,274: | ||
== 2.4 == | == 2.4 == | ||
[http:// | [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.4/TrueBlueUpdate-2.4.pkg TrueBlueUpdate-2.4/TrueBlueUpdate-2.4.pkg] | ||
=== Payload (2.4) === | === Payload (2.4) === | ||
located in unself'ed eboot.bin @ offset: | located in unself'ed eboot.bin @ offset: | ||
| Line 2,306: | Line 2,283: | ||
000A3620 0009AEFF 99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2 ™.Le*ÎÞÖ.ÈÒsü³…â | 000A3620 0009AEFF 99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2 ™.Le*ÎÞÖ.ÈÒsü³…â | ||
[http:// | [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.4/payload_2.4.bin payload_2.4.bin (619.75 KB)] | ||
SHA1: C062057BFBE4A0DF6C6C6E1B33C7561BC859C23F // MD5: 69FC4CE04DD4255A0BEEF4C2168F0AB0 // CRC32: 1C9EE18 // CRC16: 85DE | SHA1: C062057BFBE4A0DF6C6C6E1B33C7561BC859C23F // MD5: 69FC4CE04DD4255A0BEEF4C2168F0AB0 // CRC32: 1C9EE18 // CRC16: 85DE | ||
IDA DB: [http:// | IDA DB: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.4/EBOOT_SHT_fixed.i64 EBOOT_SHT_fixed.i64 (3.01 MB)] | ||
== 2.5 == | |||
=== Payload (2.5) === | |||
start: 8600, end: 63e00, size: 5b800 | |||
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.5/EBOOT,BIN.elf TrueBlueUpdate-2.5/EBOOT,BIN.elf] | |||
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.5/update_data_2.5.bin TrueBlueUpdate-2.5/update_data_2.5.bin] | |||
== 2.61 == | |||
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.61/TrueBlueUpdate-2.61.pkg TrueBlueUpdate-2.61.pkg] | |||
=== Payload (2.61) === | |||
located in unself'ed eboot.bin @ offset: | |||
Offset(h) Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
00008768 00000000 E4 C7 60 B6 E3 77 C2 89 B3 71 1D 06 EE 4C DF F7 äÇ`¶ãw‰³q..îLß÷ | |||
... | |||
00066F58 0005E7F0 99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2 ™.Le*ÎÞÖ.ÈÒsü³…â | |||
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.61/payload_2.61.bin payload_2.61.bin (378 KB)] | |||
SHA1: 7CEA46601B717912D6A434CA2C164E0A9B890825 // MD5: 1114BC3061581FC592A3797B340FD545 // CRC32: B66F50FD // CRC16: B685 | |||
IDA DB: [https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.61/TrueBlueUpdate-2.61.idc TrueBlueUpdate-2.61.idc (203 KB)] | |||
== 2.62 == | |||
=== Payload (2.62) === | |||
located in unself'ed eboot.bin @ offset: | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
00000000 E0 AE 1B 14 9D 24 05 8A D0 BB 65 D8 7F CC 1C 24 à®...$.ŠÐ»eØ.Ì.$ | |||
... | |||
0005E7F0 99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2 ™.Le*ÎÞÖ.ÈÒsü³…â | |||
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.62/payload_2.62.bin payload_2.62.bin (378 KB)] | |||
SHA1: C5D37456FD5E59CFB648C82BBBE3FD95875E7C49 // MD5: 870C58F2CEC6BDB0ACF43EDD459ECD1C // CRC32: 35B2B2CA // CRC16: E3DE | |||
== 2.7 == | |||
=== Payload (2.7) === | |||
located in unself'ed eboot.bin @ offset: | |||
Offset(h) Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
000087c8 00000000 E0 AE 1B 14 9D 24 05 8A D0 BB 65 D8 7F CC 1C 24 à®...$.ŠÐ»eØ.Ì.$ | |||
... | |||
00067fc8 0005F7F0 D9 5A C0 45 E8 78 E6 C6 16 0A 98 10 1B CA 52 3B ÙZÀEèxæÆ..˜..ÊR; | |||
[https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Updates/TrueBlueUpdate-2.7/TB_payload_27.bin TB_payload_27.bin (382 KB)] | |||
SHA1: 107A4E37471D58E79B6F8A884FF09DD3A5F83DD0 // MD5: 495970F92139F966BF78E43509BB7C38 // CRC32: FBA0FCEB // CRC16: AD81 | |||
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude> | |||
Latest revision as of 06:14, 17 April 2023
| This article is marked for rewrite/restructuring in proper wiki format. You can help PS3 Developer wiki by editing it. |
Description[edit | edit source]
TrueBlue dongles are USB dongles for the PS3 which enable custom firmware 'special' functionality to launch resigned game backups. These dongles are themselves a form of DRM, as the particular format of these backups will not work without the TB dongle. Contentdisc's contain fself'ed eboot.bin's.
Hardware-wise, there are many similarities with PS3Cobra
Clarifications[edit | edit source]
- If the content works with the dongle, that means the original content also works (without the dongle) if resigned for Firmware v3.55!
- TrueBlue dongles/firmware do not support PSN (OFW and KaKaRoTo Kind of ´Jailbreak´ do)
- Special features for PS Vita are not usable (OFW and KaKaRoTo Kind of ´Jailbreak´ can)
- TrueBlue cannot play Firmware 3.6x+/3.7x+/4.x+ original content (it does not have the keys for it).
- It can only play such content which is re-encrypted/resigned with the key supported by the dongle.
- Such content was limited to already decryptable and debug eboot.bin's.
- Titles in the wild were almost entirely released by PARADOX (patches) & PARADiSO (full pirated releases) between November 2011 and June 2012 - with groups like BORG and EHRGEIZ appearing from May through June of 2012. There was also lighttake, which sold full pre-patched pirated Blu-ray discs. It seems possible that they were involved in the TrueBlue production/distribution. Profiting from or otherwise receiving money for re-applying DRM could likely be considered a scam.
- No public tools exist for 'converting' to TB format (re-encrypting/resigning) - making TB dongle users completely dependent on warez release groups like PARADOX/PARADiSO/BORG/EHRGEIZ.
- Such content was limited to already decryptable and debug eboot.bin's.
- Content for Firmware v3.55 and lower still works (after all, its just a MFW 3.55) - with some exceptions (in some cases it will even brick the dongle when running certain pieces of homebrew).
- Needs the MFW (and cannot work on OFW's, that is why there is no 'power/eject trick')
- Cannot be used for downgraded consoles (which rely on lv1 syscon hashcheck patches)
- If you are using special firmware now, they will not be compatible with this one. e.g. Incompatible with:
- OtherOS++
- Proper MFW's
- Kmeaw, wutangrza, waninkoko, etc.
- pre 3.50 etc.
Hardware Dongle[edit | edit source]
Dongle 1.0[edit | edit source]
Components[edit | edit source]
Actel ProASIC3 A3P250 - FPGA[edit | edit source]
A3P250 = 250,000 System Gates blank = Speed Grade: Standard VQ = Package Type: Very Thin Quad Flat Pack (0.5mm pitch) G = Lead-Free Packaging: RoHS-Compliant (Green) 100 = Package Lead Count : 100 pins blank = Security Feature : no IP license blank = Temperature Range: Commercial (0°C to +70°C Ambient Temperature)
128-bit AES
1,024 bits of user flash memory
Datasheets and usermanuals: http://www.actel.com/products/pa3/docs.aspx#ds
Familyroot: http://www.actel.com/products/pa3/
Pinout A3P250 VQ100[edit | edit source]
| Pin | Function | Notes |
|---|---|---|
| 1 | GND | Ground |
| 2 | GAA2/IO118UDB3 | |
| 3 | IO118VDB3 | |
| 4 | GAB2/IO117UDB3 | |
| 5 | IO117VDB3 | |
| 6 | GAC2/IO116UDB3 | |
| 7 | IO116VDB3 | |
| 8 | IO112PSB3 | |
| 9 | GND | Ground |
| 10 | GFB1/IO109PDB3 | |
| 11 | GFB0/IO109NDB3 | |
| 12 | VCOMPLF | |
| 13 | GFA0/IO108NPB3 | |
| 14 | VCCPLF | |
| 15 | GFA1/IO108PPB3 | |
| 16 | GFA2/IO107PSB3 | |
| 17 | VCC | |
| 18 | VCCIB3 | |
| 19 | GFC2/IO105PSB3 | |
| 20 | GEC1/IO100PDB3 | |
| 21 | GEC0/IO100NDB3 | |
| 22 | GEA1/IO98PDB3 | |
| 23 | GEA0/IO98NDB3 | |
| 24 | VMV3 | |
| 25 | GNDQ | Ground |
| 26 | GEA2/IO97RSB2 | |
| 27 | GEB2/IO96RSB2 | |
| 28 | GEC2/IO95RSB2 | |
| 29 | IO93RSB2 | |
| 30 | IO92RSB2 | |
| 31 | IO91RSB2 | |
| 32 | IO90RSB2 | |
| 33 | IO88RSB2 | |
| 34 | IO86RSB2 | |
| 35 | IO85RSB2 | |
| 36 | IO84RSB2 | |
| 37 | VCC | |
| 38 | GND | Ground |
| 39 | VCCIB2 | |
| 40 | IO77RSB2 | |
| 41 | IO74RSB2 | |
| 42 | IO71RSB2 | |
| 43 | GDC2/IO63RSB2 | |
| 44 | GDB2/IO62RSB2 | |
| 45 | GDA2/IO61RSB2 | |
| 46 | GNDQ | Ground |
| 47 | TCK | |
| 48 | TDI | |
| 49 | TMS | |
| 50 | VMV2 | |
| 51 | GND | Ground |
| 52 | VPUMP | |
| 53 | NC | |
| 54 | TDO | |
| 55 | TRST | |
| 56 | VJTAG | |
| 57 | GDA1/IO60USB1 | |
| 58 | GDC0/IO58VDB1 | |
| 59 | GDC1/IO58UDB1 | |
| 60 | IO52NDB1 | |
| 61 | GCB2/IO52PDB1 | |
| 62 | GCA1/IO50PDB1 | |
| 63 | GCA0/IO50NDB1 | |
| 64 | GCC0/IO48NDB1 | |
| 65 | GCC1/IO48PDB1 | |
| 66 | VCCIB1 | |
| 67 | GND | Ground |
| 68 | VCC | |
| 69 | IO43NDB1 | |
| 70 | GBC2/IO43PDB1 | |
| 71 | GBB2/IO42PSB1 | |
| 72 | IO41NDB1 | |
| 73 | GBA2/IO41PDB1 | |
| 74 | VMV1 | |
| 75 | GNDQ | Ground |
| 76 | GBA1/IO40RSB0 | |
| 77 | GBA0/IO39RSB0 | |
| 78 | GBB1/IO38RSB0 | |
| 79 | GBB0/IO37RSB0 | |
| 80 | GBC1/IO36RSB0 | |
| 81 | GBC0/IO35RSB0 | |
| 82 | IO29RSB0 | |
| 83 | IO27RSB0 | |
| 84 | IO25RSB0 | |
| 85 | IO23RSB0 | |
| 86 | IO21RSB0 | |
| 87 | VCCIB0 | |
| 88 | GND | Ground |
| 89 | VCC | |
| 90 | IO15RSB0 | |
| 91 | IO13RSB0 | |
| 92 | IO11RSB0 | |
| 93 | GAC1/IO05RSB0 | |
| 94 | GAC0/IO04RSB0 | |
| 95 | GAB1/IO03RSB0 | |
| 96 | GAB0/IO02RSB0 | |
| 97 | GAA1/IO01RSB0 | |
| 98 | GAA0/IO00RSB0 | |
| 99 | GNDQ | Ground |
| 100 | VMV0 |
24.000 MHz Crystal[edit | edit source]
CLK for Actel
AMS1117 2.851049 - Low Dropout Linear Regulator[edit | edit source]
Datasheet:
- https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Datasheets/AMS1117-.pdf
- https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Datasheets/AMS1117.pdf
A 47 (unreferenced 5pin IC)[edit | edit source]
package: SOT5 / SOT23-5 pins: 3 x 2 (5) markings: A 47
datasheet: none (yet)
| Pin | Usage | Remarks |
|---|---|---|
| 1 | ||
| 2 | GND | Ground |
| 3 | ||
| 4 | ||
| 5 |
Winbond 25X16AVSIG (SPI Flash 16Mbit)[edit | edit source]
W - Winbond 25X - SPI Flash with 4KB sectors/64Kbyte blocks, dual output 16A - 16Mbit / 2M-byte V - Supply Voltage 2.7 to 3.6V S - Package Type : 8pin SOIC 150-mil I - Temperature Range: Industrial (-40'C ~ 85'C) G - Environment: Green Package (Lead-free, RoHS Compliant, Halogen-free (TBBA), Antimony-Oxie-free)
datasheet: W25X16A.pdf (1.3 MB) / https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/TrueBlue/Datasheets/W25X16A.pdf
Note: can use Bus Ninja or Bus Pirate and FlashROM - ISP is possible, so long as no other devices on the SPI bus are trying to access the device (in that case, you might want to cut Vcc to the FPGA or the regulator for it).
| Pin | Usage | I/O | Remarks |
|---|---|---|---|
| 1 | /CS | I | Chip Select (high=deselect, low=select) |
| 2 | DO | O | Data output |
| 3 | /WP | I | Write Protect (active low) |
| 4 | GND | Ground | |
| 5 | DIO | I/O | Serial data input/output |
| 6 | CLK | I | Serial Clock |
| 7 | /HOLD | I | Hold (high=normal/resume, low=hold/pause) |
| 8 | VCC | Vcc (min 2.7-max 3.6V @ Fr0 75MHz / min 3.0-max 3.6V @ Fastread Fr1 100MHz) |
Test Points[edit | edit source]
There are test points on the dongle that provice full pin access to the Winbond chip, be careful soldering to them since it is easy to pull off a test point.
Dongle 2.0[edit | edit source]
Supposed to be massproduced instead of manually soldered like the 1.0 dongle. Not seen in the wild yet.
Dongle Clones[edit | edit source]
Jb2usb[edit | edit source]
JB-King[edit | edit source]
- JB-King is a "copy-cat" clone by dongle makers in China. (some have claimed by the makers of PS3Go). Its poetic, piracy and theft of the "intellectual property" of pirates and thieves.
JB-King clone dongle front
JB-King clone dongle - BACK
tb-king clone dongle overview
tb-king clone dongle board
Components[edit | edit source]
Winbond 25X16AVSIG (SPI Flash 16Mbit)[edit | edit source]
W - Winbond 25X - SPI Flash with 4KB sectors/64Kbyte blocks, dual output 16A - 16Mbit / 2M-byte V - Supply Voltage 2.7 to 3.6V S - Package Type : 8pin SOIC 150-mil I - Temperature Range: Industrial (-40'C ~ 85'C) G - Environment: Green Package (Lead-free, RoHS Compliant, Halogen-free (TBBA), Antimony-Oxie-free)
datasheet: W25X16A.pdf (1.3 MB) / https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/Datasheets/W25X16A.pdf
Note: can use Bus Ninja or Bus Pirate and FlashROM - ISP is possible, so long as no other devices on the SPI bus are trying to access the device (in that case, you might want to cut Vcc to the FPGA or the regulator for it).
| Pin | Usage | I/O | Remarks |
|---|---|---|---|
| 1 | /CS | I | Chip Select (high=deselect, low=select) |
| 2 | DO | O | Data output |
| 3 | /WP | I | Write Protect (active low) |
| 4 | GND | Ground | |
| 5 | DIO | I/O | Serial data input/output |
| 6 | CLK | I | Serial Clock |
| 7 | /HOLD | I | Hold (high=normal/resume, low=hold/pause) |
| 8 | VCC | Vcc (min 2.7-max 3.6V @ Fr0 75MHz / min 3.0-max 3.6V @ Fastread Fr1 100MHz) |
Test Points[edit | edit source]
STM32 F103C8T6 : U2[edit | edit source]
U2
datasheet: stm32_f103c8t6.pdf (1.38 MB)
Pinout STM32 F103C8T6 LQFP48[edit | edit source]
| Pin | Function | Notes |
|---|---|---|
| 1 | VBAT | |
| 2 | PC13-TAMPER-RTC | |
| 3 | PC14-OSC32_IN | |
| 4 | PC15-OSC32_OUT | |
| 5 | PD0-OSC_IN | |
| 6 | PD1-OSC_OUT | |
| 7 | NRST | |
| 8 | VSSA | |
| 9 | VDDA | |
| 10 | PA0-WKUP | |
| 11 | PA1 | |
| 12 | PA2 | |
| 13 | PA3 | |
| 14 | PA4 | |
| 15 | PA5 | |
| 16 | PA6 | |
| 17 | PA7 | |
| 18 | PB0 | |
| 19 | PB1 | |
| 20 | PB2 | |
| 21 | PB10 | |
| 22 | PB11 | |
| 23 | VSS_1 | |
| 24 | VDD_1 | |
| 25 | PB12 | |
| 26 | PB13 | |
| 27 | PB14 | |
| 28 | PB15 | |
| 29 | PA8 | |
| 30 | PA9 | |
| 31 | PA10 | |
| 32 | PA11 | |
| 33 | PA12 | |
| 34 | PA13 | |
| 35 | VSS_2 | |
| 36 | VDD_2 | |
| 37 | PA14 | |
| 38 | PA15 | |
| 39 | PB3 | |
| 40 | PB4 | |
| 41 | PB5 | |
| 42 | PB6 | |
| 43 | PB7 | |
| 44 | BOOT0 | |
| 45 | PB8 | |
| 46 | PB9 | |
| 47 | VSS_3 | |
| 48 | VDD_3 |
Actel ProASIC3 A3P125 - FPGA : U3[edit | edit source]
U3
A3P125 = 125,000 System Gates blank = Speed Grade: Standard VQ = Package Type: Very Thin Quad Flat Pack (0.5mm pitch) G = Lead-Free Packaging: RoHS-Compliant (Green) 100 = Package Lead Count : 100 pins blank = Security Feature : no IP license blank = Temperature Range: Commercial (0°C to +70°C Ambient Temperature)
128-bit AES
1,024 bits of user flash memory
Datasheets and usermanuals: http://www.actel.com/products/pa3/docs.aspx#ds
Familyroot: http://www.actel.com/products/pa3/
Pinout A3P125 VQ100[edit | edit source]
| Pin | Function | Notes |
|---|---|---|
| 1 | GND | Ground |
| 2 | GAA2/IO118UDB3 | |
| 3 | IO118VDB3 | |
| 4 | GAB2/IO117UDB3 | |
| 5 | IO117VDB3 | |
| 6 | GAC2/IO116UDB3 | |
| 7 | IO116VDB3 | |
| 8 | IO112PSB3 | |
| 9 | GND | Ground |
| 10 | GFB1/IO109PDB3 | |
| 11 | GFB0/IO109NDB3 | |
| 12 | VCOMPLF | |
| 13 | GFA0/IO108NPB3 | |
| 14 | VCCPLF | |
| 15 | GFA1/IO108PPB3 | |
| 16 | GFA2/IO107PSB3 | |
| 17 | VCC | |
| 18 | VCCIB3 | |
| 19 | GFC2/IO105PSB3 | |
| 20 | GEC1/IO100PDB3 | |
| 21 | GEC0/IO100NDB3 | |
| 22 | GEA1/IO98PDB3 | |
| 23 | GEA0/IO98NDB3 | |
| 24 | VMV3 | |
| 25 | GNDQ | Ground |
| 26 | GEA2/IO97RSB2 | |
| 27 | GEB2/IO96RSB2 | |
| 28 | GEC2/IO95RSB2 | |
| 29 | IO93RSB2 | |
| 30 | IO92RSB2 | |
| 31 | IO91RSB2 | |
| 32 | IO90RSB2 | |
| 33 | IO88RSB2 | |
| 34 | IO86RSB2 | |
| 35 | IO85RSB2 | |
| 36 | IO84RSB2 | |
| 37 | VCC | |
| 38 | GND | Ground |
| 39 | VCCIB2 | |
| 40 | IO77RSB2 | |
| 41 | IO74RSB2 | |
| 42 | IO71RSB2 | |
| 43 | GDC2/IO63RSB2 | |
| 44 | GDB2/IO62RSB2 | |
| 45 | GDA2/IO61RSB2 | |
| 46 | GNDQ | Ground |
| 47 | TCK | |
| 48 | TDI | |
| 49 | TMS | |
| 50 | VMV2 | |
| 51 | GND | Ground |
| 52 | VPUMP | |
| 53 | NC | |
| 54 | TDO | |
| 55 | TRST | |
| 56 | VJTAG | |
| 57 | GDA1/IO60USB1 | |
| 58 | GDC0/IO58VDB1 | |
| 59 | GDC1/IO58UDB1 | |
| 60 | IO52NDB1 | |
| 61 | GCB2/IO52PDB1 | |
| 62 | GCA1/IO50PDB1 | |
| 63 | GCA0/IO50NDB1 | |
| 64 | GCC0/IO48NDB1 | |
| 65 | GCC1/IO48PDB1 | |
| 66 | VCCIB1 | |
| 67 | GND | Ground |
| 68 | VCC | |
| 69 | IO43NDB1 | |
| 70 | GBC2/IO43PDB1 | |
| 71 | GBB2/IO42PSB1 | |
| 72 | IO41NDB1 | |
| 73 | GBA2/IO41PDB1 | |
| 74 | VMV1 | |
| 75 | GNDQ | Ground |
| 76 | GBA1/IO40RSB0 | |
| 77 | GBA0/IO39RSB0 | |
| 78 | GBB1/IO38RSB0 | |
| 79 | GBB0/IO37RSB0 | |
| 80 | GBC1/IO36RSB0 | |
| 81 | GBC0/IO35RSB0 | |
| 82 | IO29RSB0 | |
| 83 | IO27RSB0 | |
| 84 | IO25RSB0 | |
| 85 | IO23RSB0 | |
| 86 | IO21RSB0 | |
| 87 | VCCIB0 | |
| 88 | GND | Ground |
| 89 | VCC | |
| 90 | IO15RSB0 | |
| 91 | IO13RSB0 | |
| 92 | IO11RSB0 | |
| 93 | GAC1/IO05RSB0 | |
| 94 | GAC0/IO04RSB0 | |
| 95 | GAB1/IO03RSB0 | |
| 96 | GAB0/IO02RSB0 | |
| 97 | GAA1/IO01RSB0 | |
| 98 | GAA0/IO00RSB0 | |
| 99 | GNDQ | Ground |
| 100 | VMV0 |
unreferenced 5pin IC[edit | edit source]
U4
unreferenced 3pin IC[edit | edit source]
U5
24.000 MHz Crystal[edit | edit source]
CLK for Actel
Downloads[edit | edit source]
First release (1.0/2.1)[edit | edit source]
- MFW: Jailbreak2.CFW.rar (172.34 MB)
- Alternative FW compatible with the PSJB2/TrueBlue dongle DRM lock-in : REBUG 3.55.2 TB EDITION / 3.55.2_TBE_Links.rar
- Dongle Updater v2.1: dongle-updater.pkg (2.1 MB)
Update 2.2[edit | edit source]
- Dongle Updater v2.2: https://web.archive.org/web/*/http://ps3devwiki.com/files/TrueBlue/Updates/TrueBlueUpdate-2.2/
FW Info (1.0/2.1)[edit | edit source]
PS3 System Software MFW 3.55-Dongle (Jailbreak2.CFW) filedate: juli 13 2011 2:08:58 174639 KB MD5: 43C522F8897D77B6165F95BCF3409090 SHA1: A64B010DB98996C7E53768D37D4D346F271D5950 CRC32: A32FDD1D CRC16: 6420 HMAC_SHA1: 0x88EF9FEB9BB80ABE7CF68EB3BD76148F7AD6230C Remarks: needs JB2 dongle as DRM
PUP file information Package version: 1 Image version: 47517 File count: 7 Header length: 528 Data length: 178829542 PUP file hash : 88EF9FEB9BB80ABE7CF68EB3BD76148F7AD6230C File 0 Entry id: 0x100 Filename : version.txt Data offset: 0x210 Data length: 13 File hash : 8E533875E1B43B6CBAF5E91663EB7554107B5509 File 1 Entry id: 0x101 Filename : license.xml Data offset: 0x21D Data length: 267513 File hash : B77EFE54859738385DD803E88FB5E807FF1BC6AB File 2 Entry id: 0x103 Filename : update_flags.txt Data offset: 0x41716 Data length: 5 File hash : FD7C893936FDFC668922BE6D119A462111B2BBDB File 3 Entry id: 0x200 Filename : ps3swu.self Data offset: 0x4171B Data length: 5661656 File hash : C61DDE12E75C2218214700D7D49006583F1B968B File 4 Entry id: 0x201 Filename : vsh.tar Data offset: 0x5A7AF3 Data length: 10240 File hash : D9B66E0D2845D71A67D76E7907AB06368CE61E08 File 5 Entry id: 0x202 Filename : dots.txt Data offset: 0x5AA2F3 Data length: 3 File hash : 1AA4749D0EE0D0AE937FBF73BC4B9ACD352F732A File 6 Entry id: 0x300 Filename : update_files.tar Data offset: 0x5AA2F6 Data length: 172890112 File hash : 93A7A95BFCFC263DCB4A18477062FDCC72BE47A0
JBKing 1.5 update[edit | edit source]
http://www.ps3hax.net/2012/03/finally-jb-king-cracks-v2-5-update/
https://web.archive.org/web/*/http://ps3devwiki.com/files/reDRM/JBKing/Updates/JBKing%202.5/
Content discs[edit | edit source]
EBOOT.BIN details (1.0/2.1)[edit | edit source]
SELF header[edit | edit source]
elf #1 offset: 00000000_00000090 header len: 00000000_00000a80 meta offset: 00000000_000004a0 phdr offset: 00000000_00000040 shdr offset: 00000000_002117f8 file size: 00000000_0021150c auth id: 10100000_01000003 (Unknown) vendor id: 01000002 info offset: 00000000_00000070 sinfo offset: 00000000_00000290 version offset: 00000000_00000390 control info: 00000000_000003c0 (00000000_00000100 bytes) app version: 1.0.0 SDK type: Devkit app type: NP-DRM application
Control info[edit | edit source]
control flags:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
file digest:
62 7c b1 80 8a b9 38 e3 2c 8c 09 17 08 72 6a 57 9e 25 86 e4
f1 95 cf a4 c0 04 0f c9 14 de 1f 9a 21 4e 10 ca 6b a6 8c 86
NPDRM info:
magic: 4e504400
unk0 : 00000001
unk1 : 00000003
unk2 : 00000001
content_id: IV0002-NPXS00020_00-TEST000000000001
digest: 09 37 f1 32 60 b9 70 02 76 9e e4 0f 7b 10 70 0f
invdigest: f6 c8 0e cd 9f 46 8f fd 89 61 1b f0 84 ef 8f f0
xordigest: 5c 62 a4 67 35 ec 25 57 23 cb b1 5a 2e 45 25 5b
Section header[edit | edit source]
offset size compressed unk1 unk2 encrypted 00000000_00000a80 00000000_00209dc0 [NO ] 00000000 00000000 [NO ] 00000000_00210a80 00000000_000005b0 [NO ] 00000000 00000000 [NO ] 00000000_00211030 00000000_00000000 [NO ] 00000000 00000000 [NO ] 00000000_00211030 00000000_00000000 [NO ] 00000000 00000000 [NO ] 00000000_00211030 00000000_00000000 [NO ] 00000000 00000000 [NO ] 00000000_00210df8 00000000_00000004 [NO ] 00000000 00000000 [N/A] 00000000_0020a7e0 00000000_00000020 [NO ] 00000000 00000000 [N/A] 00000000_0020a800 00000000_00000040 [NO ] 00000000 00000000 [N/A]
Encrypted Metadata[edit | edit source]
no encrypted metadata in fselfs.
ELF header[edit | edit source]
type: Executable file machine: PowerPC64 version: 1 phdr offset: 00000000_00000040 shdr offset: 00000000_00210e08 entry: 00000000_002200f0 flags: 00000000 header size: 00000040 program header size: 00000038 program headers: 8 section header size: 00000040 section headers: 28 section header string table index: 27
Content Releases[edit | edit source]
Paradox TB[edit | edit source]
Note: Releases seen in the wild are full BD content prepatched for TrueBlue. We are only interested in documenting/reversing, so please don't post full links (only stripped).
EBOOT.BIN details[edit | edit source]
...
FW analysis[edit | edit source]
FW Changes (1.0/2.1)[edit | edit source]
Compared to OFW 3.55: ofw-vs-jb2.rar (4.18 MB)
EULA.xml[edit | edit source]
<str id="msg_updater_10">This update will install PS3 system software version 3.55, modified to support homebrew software and the disc dongle.</str>
Version.txt[edit | edit source]
3.55-Dongle
CORE_OS_PACKAGE.pkg[edit | edit source]
lv1.self[edit | edit source]
One patch to lv1_map_htab (lv1 undocumented function 114) to allow for RW mapping of all RAM. So who knows how many other lv1 patches are done at runtime.
file
Offset(h) 00 01 02 03
OFW: 000F5A44 39 20 00 00 li r9,0
TB: 000F5A44 39 20 00 01 li r9,1
memory
Offset(h) 00 01 02 03
OFW: 2d5a44 39 20 00 00 li r9,0
TB: 2d5a44 39 20 00 01 li r9,1
lv2_kernel.self[edit | edit source]
http://pastie.org/private/onlbfdxjdtaddb9blu0sq
only 1 function change, and a section added
sub_28fe30 is replaced 1)
the new section is loaded at 0x80000000007f0000 (which is where those payloads are being loaded) lv2_kernel.bin (6.41 KB)
note 1) : * the 28fe30 function is replaced with OFW code during exploit execution (which is why it is OFW, when there is no dongle). That 28fe30 function mounts dev_flash, so they are in control before even dev_flash loads. When lv2 loads dev_flash, the exploit is triggered which, among the things it does, is replace the function with the proper one to mount dev_flash, then branchs to it and boot continues.
dev_flash_010.tar.aa.2010_11_27_051337[edit | edit source]
\dev_flash\vsh\module\nas_plugin.sprx[edit | edit source]
Offset(h) 00 01 02 03 OFW: 00003250 7C 60 1B 78 mr r0, r3 TB: 00003250 38 00 00 00 li r0, 0
Offset(h) 00 01 02 03 OFW: 00037350 41 9E 00 4C beq- cr7,4c TB: 00037350 60 00 00 00 nop
"standard pkg patches"
dev_flash_016.tar.aa.2010_11_27_051337[edit | edit source]
\dev_flash\vsh\resource\explore\xmb\category_game.xml[edit | edit source]
standard app_home and install package files from mfw builder.
http://pastie.org/private/ixsiyvycqmgmcdmv7swcsg
\dev_flash\vsh\resource\explore\xmb\category_video.xml[edit | edit source]
netflix removed
http://pastie.org/private/4i02xv2onvaezfiy3i56a
Dongle Updater PKG[edit | edit source]
2.1[edit | edit source]
TrueBlueUpdate-2.1/dongle-updater.pkg
Dongle is released with 1.0, this PKG is used to update the dongle to 2.1
SHA1: 4066FFEFD723FAF08EB84A62F4AA38180C40129C // MD5: 0200689D58FCA0FC51F7B738C33A5DC9 // CRC32: 4D72836 // CRC16: 8A62
Plaintext visible in the unself'ed eboot.bin : http://pastebin.com/EFQczE2r (interesting note: it used /dev_hdd0/vsh/tmp.bin as temp for the payload)
Payload (2.1)[edit | edit source]
located in unself'ed eboot.bin @ offset:
eboot payload
Offset(h) Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
000084F0 00000000 09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01 .......€ú.....þ.
...
002084E0 001FFFF0 EB 3B 01 F7 6F A9 CF 3C B6 EB 89 82 7D E6 7D 3B ë;.÷o©Ï<¶ë‰‚}æ};
TrueBlueUpdate-2.1/TB_dongle_payload.bin (2 MB)
SHA1: 43402D6FE2ECE43EBE91531EFA07C366D46DD121 // MD5: BA5AFAB174BF6003D41AC8951301B822 // CRC32: 248284D2 // CRC16: 8C78
lv2 dump (2.1)[edit | edit source]
payload decrypted @ LV2 dump 0x7f0000
descriptors (2.1)[edit | edit source]
| Start Offset | End Offset | descriptor | Description |
|---|---|---|---|
| 00000000 | 00000FFF | 0x0 | 3.41 |
| 00001000 | 00001FFF | 0x1 | 3.41 |
| 00002000 | 00002FFF | 0x2 | 3.41 |
| 00003000 | 00003FFF | 0x3 | 3.41 |
| 00004000 | 00007FFF | 0x4 | |
| 00008000 | 00008FFF | 0x5 | |
| 00009000 | 0000BFFF | 0x6 | |
| 0000C000 | 0000CFFF | 0x7 | |
| 0000D000 | 0000DFFF | 0x8 | |
| 0000E000 | 0000FFFF | 0x9 | |
| 00010000 | 00013FFF | 0xA | |
| 00014000 | 0001BFFF | 0xB | |
| 0001C000 | 0001C00F | 0xC | |
| 0001C010 | 0001C01F | 0xD | |
| 0001C020 | 0001C03F | 0xE | |
| 0001C040 | 0001C05F | 0xF | |
| 0001C060 | 0001C06F | 0x10 | |
| 0001C070 | 0001C07F | 0x11 | |
| 0001C080 | 0001C09F | 0x12 | |
| 0001C0A0 | 001FFFFF | 0x13 |
| 000A1A80 | 000B039F | 0x14 | |
| 000B03A0 | 001736FF | 0x15 | |
| 00173700 | 00189D5F | 0x16 | |
| 00189D60 | 001FFFFF | 0x17 |
descriptor 0x0 00000000 09 02 12 00 01 00 00 80 fa 09 04 00 00 00 fe 01 00000010 02 00 00 00 00 00 00 00 fa ce b0 03 aa bb cc dd ...
descriptor 0x1 00000000 09 02 12 00 01 00 00 80 fa 09 04 00 00 00 fe 01 00000010 02 00 00 00 00 00 00 00 fa ce b0 03 aa bb cc dd ...
descriptor 0x2 00000000 09 02 12 00 01 00 00 80 fa 09 04 00 00 00 fe 01 00000010 02 00 00 00 00 00 00 00 fa ce b0 03 aa bb cc dd ...
descriptor 0x3 00000000 09 02 12 00 01 00 00 80 fa 09 04 00 00 00 fe 01 00000010 02 00 00 00 00 00 00 00 fa ce b0 03 aa bb cc dd ...
descriptor 0x4 00000000 09 02 16 00 01 01 00 80 01 09 04 00 00 00 fe 01 00000010 02 00 04 21 b4 2f fe b1 b2 11 81 84 f8 81 2e 2f ...
descriptor 0x5 00000000 09 02 4d 0a 01 01 00 80 01 09 04 00 00 00 fe 01 00000010 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00000020 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00000030 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00000040 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00000050 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00000060 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00000070 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 00000080 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00000090 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 000000a0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 000000b0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 000000c0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 000000d0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 000000e0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 000000f0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 00000100 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00000110 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00000120 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00000130 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00000140 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00000150 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 00000160 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 00000170 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00000180 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00000190 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 000001a0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 000001b0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 000001c0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 000001d0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 000001e0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 000001f0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00000200 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00000210 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00000220 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00000230 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00000240 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 00000250 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00000260 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00000270 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00000280 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00000290 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 000002a0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 000002b0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 000002c0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 000002d0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 000002e0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 000002f0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00000300 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00000310 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00000320 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 00000330 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 00000340 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00000350 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00000360 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00000370 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00000380 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00000390 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 000003a0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 000003b0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 000003c0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 000003d0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 000003e0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 000003f0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00000400 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 00000410 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 00000420 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00000430 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00000440 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00000450 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00000460 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00000470 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00000480 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 00000490 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 000004a0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 000004b0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 000004c0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 000004d0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 000004e0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 000004f0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 00000500 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00000510 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00000520 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00000530 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00000540 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00000550 04 00 00 00 fe 01 02 00 00 fe 01 02 00 09 04 00 00000560 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00000570 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 00000580 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00000590 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 000005a0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 000005b0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 000005c0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 000005d0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 000005e0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 000005f0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00000600 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00000610 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00000620 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00000630 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00000640 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 00000650 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 00000660 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00000670 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00000680 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00000690 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 000006a0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 000006b0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 000006c0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 000006d0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 000006e0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 000006f0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00000700 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00000710 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00000720 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00000730 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 00000740 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00000750 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00000760 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00000770 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00000780 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00000790 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 000007a0 00 09 04 00 00 00 fe 01 00 00 00 fe 01 02 00 09 000007b0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 000007c0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 000007d0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 000007e0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 000007f0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00000800 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00000810 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 00000820 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 00000830 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00000840 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00000850 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00000860 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00000870 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00000880 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 00000890 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 000008a0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 000008b0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 000008c0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 000008d0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 000008e0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 000008f0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00000900 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 00000910 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00000920 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00000930 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00000940 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00000950 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00000960 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00000970 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 00000980 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00000990 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 000009a0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 000009b0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 000009c0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 000009d0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 000009e0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 000009f0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 00000a00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00000a10 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00000a20 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00000a30 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00000a40 00 fe 01 02 00 09 04 00 00 00 fe 01 02 88 37 f5 00000a50 49 4f df 9c 28 32 2f f0 14 cd 27 47 6a 23 81 75 ...
descriptor 0x6 0000000 09 02 4d 0a 01 01 00 80 01 09 04 00 00 00 fe 01 0000010 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 0000020 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 0000030 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 0000040 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 0000050 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 0000060 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 0000070 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 0000080 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 0000090 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00000a0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00000b0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00000c0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00000d0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00000e0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 00000f0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 0000100 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 0000110 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 0000120 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 0000130 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 0000140 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 0000150 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 0000160 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 0000170 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 0000180 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 0000190 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00001a0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00001b0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00001c0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 00001d0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 00001e0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00001f0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 0000200 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 0000210 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 0000220 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 0000230 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 0000240 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 0000250 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 0000260 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 0000270 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 0000280 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 0000290 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00002a0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00002b0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 00002c0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00002d0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00002e0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00002f0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 0000300 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 0000310 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 0000320 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 0000330 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 0000340 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 0000350 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 0000360 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 0000370 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 0000380 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 0000390 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 00003a0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 00003b0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00003c0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00003d0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00003e0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00003f0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 0000400 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 0000410 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 0000420 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 0000430 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 0000440 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 0000450 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 0000460 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 0000470 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 0000480 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 0000490 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00004a0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00004b0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00004c0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00004d0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00004e0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00004f0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 0000500 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 0000510 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 0000520 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 0000530 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 0000540 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 0000550 04 00 00 00 fe 01 02 00 00 fe 01 02 00 09 04 00 0000560 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 0000570 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 0000580 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 0000590 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00005a0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00005b0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00005c0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00005d0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 00005e0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 00005f0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 0000600 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 0000610 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 0000620 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 0000630 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 0000640 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 0000650 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 0000660 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 0000670 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 0000680 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 0000690 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00006a0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00006b0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00006c0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 00006d0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00006e0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00006f0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 0000700 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 0000710 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 0000720 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 0000730 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 0000740 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 0000750 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 0000760 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 0000770 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 0000780 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 0000790 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00007a0 00 09 04 00 00 00 fe 01 00 00 00 fe 01 02 00 09 00007b0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00007c0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00007d0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00007e0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00007f0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 0000800 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 0000810 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 0000820 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 0000830 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 0000840 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 0000850 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 0000860 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 0000870 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 0000880 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 0000890 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 00008a0 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00008b0 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00008c0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00008d0 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00008e0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00008f0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 0000900 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 0000910 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 0000920 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 0000930 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 0000940 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 0000950 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 0000960 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 0000970 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 0000980 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 0000990 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00009a0 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00009b0 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00009c0 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00009d0 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00009e0 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 00009f0 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 0000a00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 0000a10 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 0000a20 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 0000a30 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 0000a40 00 fe 01 02 00 09 04 00 00 00 fe 01 02 2e e3 7c 0000a50 d5 9b 2c 40 0a 02 39 f6 68 6a 15 37 90 2e 38 86 ...
descriptor 0x7 0000000 09 02 12 00 01 01 00 80 01 09 04 00 00 00 fe 01 0000010 02 00 66 bc a5 34 64 68 d0 6e 31 4c 8e d5 cd 44 ...
descriptor 0x8 0000000 09 02 00 00 01 01 00 80 01 09 04 00 00 00 fe 01 0000010 02 00 db e9 f4 e4 8b c0 7e 8c 61 47 ab 71 1b 08 ...
descriptor 0x9 0000000 09 02 30 00 01 01 00 80 01 09 04 00 00 00 fe 01 0000010 02 00 3e 21 00 00 00 00 fa ce b0 03 aa bb cc dd ...
descriptor 0xa 0000000 09 02 20 00 01 00 00 80 01 09 04 00 00 02 ff 00 0000010 00 00 07 05 02 02 08 00 00 07 05 81 02 08 00 00 ...
descriptor 0xb 0000000 09 02 35 00 01 01 00 80 32 09 04 00 00 05 fe 01 0000010 02 00 07 05 04 02 08 00 00 07 05 85 02 08 00 00 ...
descriptor 0xc 00000000 09 02 00 0f 01 00 00 80 09 02 00 0f 01 00 00 80
descriptor 0xd 00000000 09 02 00 0f 01 00 00 80 09 02 00 0f 01 00 00 80
descriptor 0xe 00000000 09 02 16 00 01 01 00 80 23 97 93 9c 54 80 63 58 00000010 4d d0 de c2 81 e4 2b 0b a9 d1 df 8b a6 86 03 3e
descriptor 0xf 00000000 09 02 4d 0a 01 01 00 80 09 02 4d 0a 01 01 00 80 00000010 c4 ed 19 24 d6 5a d9 40 cc ba 88 95 1c 0b 51 9b
descriptor 0x10 00000000 09 02 12 00 01 01 00 80 09 02 12 00 01 01 00 80
descriptor 0x11 00000000 09 02 30 00 01 01 00 80 aa 47 64 8a ca d1 c2 e5
descriptor 0x12 00000000 09 02 20 00 01 00 00 80 d5 77 77 85 62 ab 13 4a 00000010 aa 91 92 8c d9 96 c0 6e eb 20 9d 9e 92 a7 38 df
descriptor 0x13 00000000 09 02 35 00 01 01 00 80 8e 7f 3d 02 11 aa 2a fa 00000010 03 6b 2d 2c 45 d7 25 ff aa 34 b1 a8 8b 5d a7 b3 ...
2.2[edit | edit source]
True Blue Dongle Update v2.2 - Initial worldwide release
TrueBlueUpdate-2.2/TrueBlueUpdate-2.2.pkg
SHA1: 504D53CD6EDFA3382510CCB40CE49F802073FBD4 // MD5: A09CBCD5B3AEC31B07D974BEB4AC21FE // CRC32: 82F977CC // CRC16: 92D4
Payload (2.2)[edit | edit source]
located in unself'ed eboot.bin @ offset:
eboot payload
Offset(h) Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00008690 00000000 09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01 .......€ú.....þ.
...
0007B588 00072EF0 99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2 ™.Le*ÎÞÖ.ÈÒsü³…â
SHA1: 69953C9CF60E67E798A22C1016ABCB44A1D42CDF // MD5: F0826BA059B352BC6100647DB7EFDE5F // CRC32: 4B3C2132 // CRC16: 8181
lv2 dump (2.2)[edit | edit source]
payload @ file offset 0x8698 - 0x7b598
http://pastie.org/private/byhfezysb8iz2hed8o2hva
descriptors (2.2)[edit | edit source]
| Start Offset | End Offset | descriptor | Description |
|---|---|---|---|
| 0x0000000 | ... | 0x0 | 09 02 1200 01 00 00 80 fa 09 04 00 00 00 fe 01 02 00 00 00 00 00 00 00 fa ce b0 03 aa bb cc dd |
| 0x0001000 | ... | 0x1 | 09 02 1200 01 00 00 80 fa 09 04 00 00 00 fe 01 02 00 00 00 00 00 00 00 fa ce b0 03 aa bb cc dd |
| 0x0002000 | ... | 0x2 | 09 02 1200 01 00 00 80 fa 09 04 00 00 00 fe 01 02 00 00 00 00 00 00 00 fa ce b0 03 aa bb cc dd |
| 0x0003000 | ... | 0x3 | 09 02 1200 01 00 00 80 fa 09 04 00 00 00 fe 01 02 00 00 00 00 00 00 00 fa ce b0 03 aa bb cc dd |
| 0x0004000 | ... | 0x4 | 09 02 1600 01 01 00 80 01 09 04 00 00 00 fe 01 02 00 |
| 0x0008000 | ... | 0x5 | 09 02 4d0a 01 01 00 80 01 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 04 00 00 00 fe 01 02 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 09 04 00 00 00 fe 01 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00 fe 01 02 00 09 04 00 00 00 fe 01 02 88 37 f5 |
| 0x0009000 | ... | 0x6 | 09 02 4d0a 01 01 00 80 01 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 04 00 00 00 fe 01 02 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 09 04 00 00 00 fe 01 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 01 02 00 09 04 00 00 00 fe 00 fe 01 02 00 09 04 00 00 00 fe 01 02 2e e3 7c |
| 0x000c000 | ... | 0x7 | 09 02 1200 01 01 00 80 01 09 04 00 00 00 fe 01 02 00 |
| 0x000d000 | ... | 0x8 | 09 02 0000 01 01 00 80 01 09 04 00 00 00 fe 01 02 00 |
| 0x000e000 | ... | 0x9 | 09 02 3000 01 01 00 80 01 09 04 00 00 00 fe 01 02 00 3e 21 00 00 00 00 fa ce b0 03 aa bb cc dd |
| 0x0010000 | ... | 0xa | 09 02 2000 01 00 00 80 01 09 04 00 00 02 ff 00 00 00 07 05 02 02 08 00 00 07 05 81 02 08 00 00 |
| 0x0014000 | ... | 0xb | 09 02 3500 01 01 00 80 32 09 04 00 00 05 fe 01 02 00 07 05 04 02 08 00 00 07 05 85 02 08 00 00 07 05 06 02 08 00 00 07 05 07 02 08 00 00 07 05 88 02 08 00 00 |
| 0x001c000 | ... | 0xc | 09 02 000f 01 00 00 80 |
| 0x001c008 | ... | 0xd | 09 02 000f 01 00 00 80 |
| 0x001c020 | ... | 0xe | 09 02 1600 01 01 00 80 |
| 0x001c040 | ... | 0xf | 09 02 4d0a 01 01 00 80 |
| 0x001c048 | ... | 0x10 | 09 02 4d0a 01 01 00 80 |
| 0x001c060 | ... | 0x11 | 09 02 1200 01 01 00 80 |
| 0x001c068 | ... | 0x12 | 09 02 1200 01 01 00 80 |
| 0x001c070 | ... | 0x13 | 09 02 3000 01 01 00 80 |
| 0x001c080 | ... | 0x14 | 09 02 2000 01 01 00 80 |
| 0x001c0a0 | ... | 0x15 | 09 02 3500 01 01 00 80 3 |
http://pastie.org/private/11axjnmsy73lury2iaymkw
TB 2.2 update[edit | edit source]
| 0x00000 - 0x00eff | 0x00000 - 0x00eff |
|---|---|
0000000 09 02 12 00 01 00 00 80 fa 09 04 00 00 00 fe 01 0000010 02 00 00 00 00 00 00 00 fa ce b0 03 aa bb cc dd 0000020 7c 08 02 a6 48 00 00 05 7c 88 02 a6 38 84 ff f8 |
0000000 09 02 12 00 01 00 00 80 fa 09 04 00 00 00 fe 01 0000010 02 00 00 00 00 00 00 00 fa ce b0 03 aa bb cc dd 0000020 7c 08 02 a6 48 00 00 05 7c 88 02 a6 38 84 ff f8 |
0000ed0 80 00 00 00 00 7f 03 30 80 00 00 00 00 7f 8c 30 0000ee0 00 00 00 00 00 00 00 00 80 00 00 00 00 7f 03 44 0000ef0 80 00 00 00 00 7f 8c 30 00 00 00 00 00 00 00 00 |
0000ed0 80 00 00 00 00 7f 03 30 80 00 00 00 00 7f 8c 30 0000ee0 00 00 00 00 00 00 00 00 80 00 00 00 00 7f 03 44 0000ef0 80 00 00 00 00 7f 8c 30 00 00 00 00 00 00 00 00 |
| 0x00f00 - 0x11eff | 0x20000 - 0x30fff |
0000f00 11 4d c0 07 90 7c 60 db fc 5c 66 c5 d2 b9 ea 18 0000f10 38 e2 81 dd aa a7 09 e6 c9 71 89 94 4c cb 26 c0 0000f20 54 00 0c 0d f5 cb 38 12 19 f8 11 5d 05 11 ef b3 |
0020000 11 4d c0 07 90 7c 60 db fc 5c 66 c5 d2 b9 ea 18 0020010 38 e2 81 dd aa a7 09 e6 c9 71 89 94 4c cb 26 c0 0020020 54 00 0c 0d f5 cb 38 12 19 f8 11 5d 05 11 ef b3 |
0011ed0 5e e3 d5 fe cc b5 4b b9 cd de c4 b5 be c2 97 91 0011ee0 4f f8 c6 84 3f 51 ab 7a 61 e6 10 8c 5b 75 2e 21 0011ef0 f0 c8 66 52 67 ed 0c 7e b9 1e ce 05 82 6f 4a 95 |
0030fd0 5e e3 d5 fe cc b5 4b b9 cd de c4 b5 be c2 97 91 0030fe0 4f f8 c6 84 3f 51 ab 7a 61 e6 10 8c 5b 75 2e 21 0030ff0 f0 c8 66 52 67 ed 0c 7e b9 1e ce 05 82 6f 4a 95 |
| 0x11f00 - 0x21eff | 0x40000 - 0x4ffff |
0011f00 bd a7 dc 80 af ce a8 35 e9 51 de 8b a3 20 53 cd 0011f10 e1 6c ed 3a b9 b9 a5 02 09 04 4c 40 d4 fb 44 79 0011f20 79 a5 0a f5 c0 d4 69 f7 20 8b 6d 0b f8 31 ab 2f |
0040000 bd a7 dc 80 af ce a8 35 e9 51 de 8b a3 20 53 cd 0040010 e1 6c ed 3a b9 b9 a5 02 09 04 4c 40 d4 fb 44 79 0040020 79 a5 0a f5 c0 d4 69 f7 20 8b 6d 0b f8 31 ab 2f |
0021ed0 ba 85 d4 f2 cc 57 4b ae 28 6a cc ed 12 73 c3 21 0021ee0 28 fd f1 ff 91 b5 bf dc 12 34 e4 e5 81 ed 00 d1 0021ef0 3b 4c 13 e9 8d b8 0e 15 07 15 cb 37 14 1e fc 12 |
004ffd0 ba 85 d4 f2 cc 57 4b ae 28 6a cc ed 12 73 c3 21 004ffe0 28 fd f1 ff 91 b5 bf dc 12 34 e4 e5 81 ed 00 d1 004fff0 3b 4c 13 e9 8d b8 0e 15 07 15 cb 37 14 1e fc 12 |
| 0x21f00 - 0x32eff | 0xa0000 - 0xb0fff |
0021f00 4a e0 50 59 85 2f 3c 35 82 3a 87 45 d4 9c 02 a7 0021f10 3c 36 b9 58 e2 b6 ac cb cc a1 51 14 9e 18 b7 1c 0021f20 49 ee a9 db 86 e0 ca 20 b6 73 9e 65 66 77 85 da |
00a0000 4a e0 50 59 85 2f 3c 35 82 3a 87 45 d4 9c 02 a7 00a0010 3c 36 b9 58 e2 b6 ac cb cc a1 51 14 9e 18 b7 1c 00a0020 49 ee a9 db 86 e0 ca 20 b6 73 9e 65 66 77 85 da |
0032ed0 02 e9 0a 39 b3 44 a2 a1 b1 11 e1 c7 d7 16 a1 a4 0032ee0 f9 17 e0 29 e8 92 0b bd c2 90 c0 94 63 65 86 bf 0032ef0 8b cf a7 59 e5 df 80 b3 02 94 f6 02 28 f3 90 58 |
00b0fd0 02 e9 0a 39 b3 44 a2 a1 b1 11 e1 c7 d7 16 a1 a4 00b0fe0 f9 17 e0 29 e8 92 0b bd c2 90 c0 94 63 65 86 bf 00b0ff0 8b cf a7 59 e5 df 80 b3 02 94 f6 02 28 f3 90 58 |
| 0x32f00 - 0x44eff | 0xc0000 - 0xd1fff |
0032f00 04 a3 9b e7 82 91 8d e5 d5 80 2b d9 d7 3c 1e c0 0032f10 61 d6 09 3a a6 1c 93 6f c5 7c 31 f8 dd cb 78 28 0032f20 6b b6 77 5a 23 b6 06 dd a8 d1 4e a6 dc fb 98 9e |
00c0000 04 a3 9b e7 82 91 8d e5 d5 80 2b d9 d7 3c 1e c0 00c0010 61 d6 09 3a a6 1c 93 6f c5 7c 31 f8 dd cb 78 28 00c0020 6b b6 77 5a 23 b6 06 dd a8 d1 4e a6 dc fb 98 9e |
0044ed0 92 7b 93 d8 3b 36 d8 2d ea ca 6c e6 e3 4e e1 61 0044ee0 48 9e 52 e5 0a 74 0b 1c 5b d4 76 01 13 fc 37 84 0044ef0 05 a3 8b 12 ed d4 12 f0 12 e2 50 0a 86 81 eb 5b |
00d1fd0 92 7b 93 d8 3b 36 d8 2d ea ca 6c e6 e3 4e e1 61 00d1fe0 48 9e 52 e5 0a 74 0b 1c 5b d4 76 01 13 fc 37 84 00d1ff0 05 a3 8b 12 ed d4 12 f0 12 e2 50 0a 86 81 eb 5b |
| 0x44f00 - 0x72eff | 0x60000 - 0x8dfff |
0044f00 7a e9 9b 7e ca b6 2b ff da fe 16 be 7b 59 d2 b2 0044f10 a4 ec 11 b0 11 0c d1 ea f4 d4 3b a2 2a f4 e9 b3 0044f20 ca 86 ae 02 32 a7 19 e6 0d 6f cd 84 fc 66 c5 c2 |
0060000 7a e9 9b 7e ca b6 2b ff da fe 16 be 7b 59 d2 b2 0060010 a4 ec 11 b0 11 0c d1 ea f4 d4 3b a2 2a f4 e9 b3 0060020 ca 86 ae 02 32 a7 19 e6 0d 6f cd 84 fc 66 c5 c2 |
0072ed0 38 b8 fe 73 60 a2 7b 1d 3b bb a2 f6 3c d6 ca 0d 0072ee0 16 b4 4b 1b bc ae fc 93 27 60 70 3a be 8f b5 cd 0072ef0 99 0a 4c 65 2a ce de d6 0d c8 d2 73 fc b3 85 e2 |
008dfd0 38 b8 fe 73 60 a2 7b 1d 3b bb a2 f6 3c d6 ca 0d 008dfe0 16 b4 4b 1b bc ae fc 93 27 60 70 3a be 8f b5 cd 008dff0 99 0a 4c 65 2a ce de d6 0d c8 d2 73 fc b3 85 e2 |
http://pastie.org/private/xqnwgptonrxonytzdstdka
2.3[edit | edit source]
True Blue Dongle Update v2.3 - /TrueBlueUpdate-2.3/TrueBlueUpdate-2.3.pkg
- Fixed games requiring "BD Mirror"
- True Blue firmware version is now displayed on the XMB "System Information" screen
PKG: SHA1: B8A48394FF09A358CAB230823C18F871256C6A34 // MD5: 67185C448FAEE1FE262556302FB86240 // CRC32: AFF450D2 // CRC16: 21C1
Payload (2.3)[edit | edit source]
located in unself'ed eboot.bin @ offset:
eboot payload
Offset(h) Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00008698 00000000 09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01 .......€ú.....þ.
...
0007BD88 000736F0 99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2 ™.Le*ÎÞÖ.ÈÒsü³…â
SHA1: DD8C3302F5F2394B2A0D907DE972AFB8E94DB0B5 // MD5: 7E4C3C6D7BA24375D3BE83074D882E0A // CRC32: 7D748CE8 // CRC16: 4A3B
lv2 dump (2.3)[edit | edit source]
payload @ file offset 0x8698 - 0x736F0
descriptors (2.3)[edit | edit source]
| Start Offset | End Offset | descriptor | Description |
|---|---|---|---|
| 0x0000000 | ... | 0x0 | 09 02 1200 01 00 00 80 fa 09 04 00 00 00 fe 01 02 00 00 00 00 00 00 00 fa ce b0 03 aa bb cc dd |
| - | - | - | 09 03 A6 4E 80 04 21 09 03 A6 E8 5F 00 08 09 03 A6 E8 5F 00 08 09 00 00 F8 41 00 28 09 03 A6 E8 49 00 08 09 00 00 F8 41 00 28 E9 09 03 A6 E8 49 00 08 4E ... |
2.4[edit | edit source]
TrueBlueUpdate-2.4/TrueBlueUpdate-2.4.pkg
Payload (2.4)[edit | edit source]
located in unself'ed eboot.bin @ offset:
eboot payload
Offset(h) Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00008730 00000000 09 02 12 00 01 00 00 80 FA 09 04 00 00 00 FE 01 .......€ú.....þ.
...
000A3620 0009AEFF 99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2 ™.Le*ÎÞÖ.ÈÒsü³…â
SHA1: C062057BFBE4A0DF6C6C6E1B33C7561BC859C23F // MD5: 69FC4CE04DD4255A0BEEF4C2168F0AB0 // CRC32: 1C9EE18 // CRC16: 85DE
IDA DB: EBOOT_SHT_fixed.i64 (3.01 MB)
2.5[edit | edit source]
Payload (2.5)[edit | edit source]
start: 8600, end: 63e00, size: 5b800
TrueBlueUpdate-2.5/EBOOT,BIN.elf
TrueBlueUpdate-2.5/update_data_2.5.bin
2.61[edit | edit source]
Payload (2.61)[edit | edit source]
located in unself'ed eboot.bin @ offset:
Offset(h) Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00008768 00000000 E4 C7 60 B6 E3 77 C2 89 B3 71 1D 06 EE 4C DF F7 äÇ`¶ãw‰³q..îLß÷
...
00066F58 0005E7F0 99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2 ™.Le*ÎÞÖ.ÈÒsü³…â
SHA1: 7CEA46601B717912D6A434CA2C164E0A9B890825 // MD5: 1114BC3061581FC592A3797B340FD545 // CRC32: B66F50FD // CRC16: B685
IDA DB: TrueBlueUpdate-2.61.idc (203 KB)
2.62[edit | edit source]
Payload (2.62)[edit | edit source]
located in unself'ed eboot.bin @ offset:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000 E0 AE 1B 14 9D 24 05 8A D0 BB 65 D8 7F CC 1C 24 à®...$.ŠÐ»eØ.Ì.$
...
0005E7F0 99 0A 4C 65 2A CE DE D6 0D C8 D2 73 FC B3 85 E2 ™.Le*ÎÞÖ.ÈÒsü³…â
SHA1: C5D37456FD5E59CFB648C82BBBE3FD95875E7C49 // MD5: 870C58F2CEC6BDB0ACF43EDD459ECD1C // CRC32: 35B2B2CA // CRC16: E3DE
2.7[edit | edit source]
Payload (2.7)[edit | edit source]
located in unself'ed eboot.bin @ offset:
Offset(h) Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
000087c8 00000000 E0 AE 1B 14 9D 24 05 8A D0 BB 65 D8 7F CC 1C 24 à®...$.ŠÐ»eØ.Ì.$
...
00067fc8 0005F7F0 D9 5A C0 45 E8 78 E6 C6 16 0A 98 10 1B CA 52 3B ÙZÀEèxæÆ..˜..ÊR;
SHA1: 107A4E37471D58E79B6F8A884FF09DD3A5F83DD0 // MD5: 495970F92139F966BF78E43509BB7C38 // CRC32: FBA0FCEB // CRC16: AD81
