PS3 I did it! Offline HTML from the Browser

[NewFile]

It's possible that they first used a proprietary fork of Webcore (u know something like their own blink). That would explain the differences in behaviour.
Maybe later they decided that it was easier to compile a limited webkit core than implement new features in their engine...?.?

So it seems the case. Only test and trial will work finding out what works and what does not.

this makes me wonder how Silk could possibly work, and if so, many more apps can be manipulated for offline stuff. ultimately, this is a lot of work though just to find out haha

Indeed, Silk seems more interesting that Webkit (perhaps less useful), we say limited but it seems that most things work. By any chance you have a documentation, example source code of using the browser object? If we could figure out what can be used with window.exernal.user and window.external.system that would be gold.I think .user communicates with the process whihc launched it while .system commnicates with the system/XMB/OS (whatever we call it) itself.

this is neat, and works as you said

this also solves the silk_npflashplayer.sprx/silk_npflashplayer9.sprx debacle i was having

@sandungas would you be kind enough to update the wiki pages with the info on this thread whenever it's possible for you? We have confirm a lot of things.

here are a few interesting Silk tidbits...

using nginx/1.12.2

passing a js string var string1='Hello '; with xml/xmbl (using module_name and module_action) gets formatted to a URL style http://:var string1='Hello '; and issues a Bad Request. Using the javascript: prefix does allow this to work and set the string1 variable.

Neat! Time to search google for nginx exploits. What is this server runnng? Have you tried running xmb:// ese:// sel// and all the rest? Perhaps nginx is responsible for all those processing by plugins (just a theory)

using either bookmark.xml/history.xml you can send the same string to produce this error. this error comes from CEPhWeb.bin with ID 12038 under /vsh/resource/silk/data. Using Webkit engine would produce the 12036 error coming from webcoreapp.bin.

1203, can't seem to find that error ID in CEPhWeb for some reason. Tried Silk, Silk Webkit

Silk caches whole pages...that explains the different zip files in /dev_hdd0/home/[USER_ID]/webbrowser/silk/httpcache/ with full js/html/css in them from browsed pages, and cobra shows these being loaded

Even better. Cached files, kind of unofficial support for internal page loading. As long as cache is not cleared all is ok.

webkit handles this differently, and afaik does not read these httpcache zips, or maybe reads from /dev_hdd0/home/USER_ID/http/

but as @NewFile mentioned, alerts do work fine. tested with XML, XMBL, and normal loading, so there is limited JS support in Silk, indeed

how useful it is...who knows? haha

I support the USER_ID theory aswell.

I been creating the silkpadd wiki page http://www.psdevwiki.com/ps3/SILKPADD

Btw NewFile for the next version please compile your silkpadd editor for x86PeasantRace

Thank you for that! Will make sure to provide in x86. I think we need that .ms extraction added, and how about we start with that XML processing, seeing that you have done impressive research?

here are more CE* names found in sprx

CEBinary
CEButton
CECheckBox
CEContentPane
CECustomComponent

Would it be possible to have a look at reversing the different modules fo checking the files? I am not saying to dedicate more things to it, but perhaps you can have a better look. This assembily is not familiar wiht me but a quick look in IDA and interesting things appear. For exmaple TrendMicroPolicy.xml is first checked in hdd0 ad then proceeds in all usbs and then cf,ms and finally app_home. If not found in HDD(which we cal delete) it wil; search in USb, a lot of opportunities here.
@sandungas , a interesting thing on the debug page. After the View tab/section is genereated, a certainly debug variable is processed right away, there are some switch cases in IDA. From the looks it, the debug menu would appear in Right under the View and before the Tools section. @esc0rtd3w , perhaps whe ntime permits you can take a look, maybe we find something?

Thx, i added the CE names to the talk page, by now are mostly like a reminder to keep a record of them
I guess there is going to be some more tenths though, if the complete collection exceedes 40 or so i guess is going to be needed to make another wiki page only for this
Is also needed to try to see if there is some way to group them, so instead of a list i can convert it to a table with more info
Next thing i need to take a look is CEMenu, there are some samples in CEHtmlBrowserApp.bin and CEHtmlBrowserAppXaiWidget.bin

CEMenu is kind of similiar to CEDialog. It also seems to contain width and height, and the keyboard shortcut. The keyboard shortcut is really weird. For example, File, Open, Save, Close, with also have a few bytes for ASCII of hotkey. And it is supposed ot display such as File (F) , Open (O) , the "() " are generated in the fly.

For the example in wiki i added today i tryed to use the smallest CEDialog posible. The example in wiki is doing this:
CEDialog (root)
CERectComponent
CELabel
CEButton (with the text Ok)
CEButton (with the text Cancel)
CEButton (with the text Retry)

Someone knows where is displayed that dialog ?, inside the files is used several times but i cant imagine where appears, a photo of it could help to try to imagine how it works

We seem to be looking for a grey dialog based on the looks of it. So where do we see a grey dialog? Anyone?

Some new findings:
The CEMenu have "childrens" too, and all them uses IDs (of the same kind than the IDs in the index)

There are 2 values in the CEDialog that indicates 2 colors, seems to be the typical web "color" and "bg_color"... and are the bytes of that area (very recognizable) with either FFFFFFFFFF or FFC0C0C0FF... but are longer, are actually:
0xFFC0C0C0 - This is the background of the menues, is one of the "safe web colors" for grey, if you take one of this images and open it in photoshop and use the option "color picker" you will see the background of it is exactly #C0C0C0

Great! Well done! They seem to be hex code colors in ARGB format for sure.. How about we set up the XML format so I can start with that part aswell?

 

[sandungas]

@sandungas would you be kind enough to update the wiki pages with the info on this thread whenever it's possible for you? We have confirm a lot of things.

I cant, there are many things you both has been mentioning here that i dont get, i been mostly focused in looking at the silkpadd fileformat in a hexeditor

CEMenu is kind of similiar to CEDialog. It also seems to contain width and height, and the keyboard shortcut. The keyboard shortcut is really weird. For example, File, Open, Save, Close, with also have a few bytes for ASCII of hotkey. And it is supposed ot display such as File (F) , Open (O) , the "() " are generated in the fly.

Hmmm, width, height and keyboard shorcuts ? i will keep it in mind... there are several places where it could be indicating pixel sizes, i noticed it but by now i have not found any sample where it can be seen clearly what is each, but yes i agree a couple of the unkowns are going to be width and height
I think there is going to be other to display the dualshock button icons, not sure though

Thank you for that! Will make sure to provide in x86. I think we need that .ms extraction added, and how about we start with that XML processing, seeing that you have done impressive research?

Great! Well done! They seem to be hex code colors in ARGB format for sure.. How about we set up the XML format so I can start with that part aswell?

I think could be nice if you add extraction of HTML files too... i mean converting the html string to a file (and removing the null byte at the end in the extraction process)

For the extraction of CEDialog and CEMenu in xml format i think is a bit soon though... the problem i see is the sizes varies too much, so is not so easy to know where is needed to cut every value... and also how much to cut
It could be very useful, even if made in a innacurate way (as a temporal wayaround just to move on and fix later), but not sure if at this point it can be made in a decent way

For the other idea i mentioned about generating a "main" xml (for rebuilding purposes) i think it can be made right now, i was thinking in it and i trying to imagine how to order all the info in tags with the usefull attributes, etc... (but without the metadata that is not needed)
Im going to prepare a xml with this as a suggestion for you to comment about it

 

[sandungas]

This is the idea for the main.xml
I added everything needed for rebuilding purposes, and even a few more:

entries="9" -this is redundant because you can know how many entries there are just by counting how many childrens have the <SILKPADD> tag, i think is better to dont include it because is going to make the process of editing it more strict

hdr_unk4="0x00000000" - this ones are the bytes at the end of the header, i guess are padding, so can be removed too, btw, i added all that zeroes to it to indicate is 4 bytes long

hdr_unk2="0x0000" - this ones are the 2 bytes inmediatly after the SILKPADD magic, this ones could be good to keep a record of them, just incase

<?xml version="1.0" encoding="iso-8859-1"?>
<!-- This is a XML representation of a SILKPADD file structure that was generated by "SILKPADD editor vX.X" -->

<SILKPADD hdr_unk2="0x0000" entries="9" hdr_unk4="0x00000000">
	<String     id="10500">Text string here.</String>
	<StringHtml id="10503" src="10503.html"/>
	<CEBinary   id="10504" type="image\png" src="10504.png"/>
	<CEBinary   id="10505" type="image\gif" src="10505.gif"/>
	<CEBinary   id="10506" type="image\gifPushed" src="10506.png"/>
	<CEBinary   id="10507" type="image\ms-cursor" src="10507.cur"/>
	<CEBinary   id="10508" type="image\ms-icon" src="10508.ico"/>
	<CEDialog   id="10509" src="10509.bin"/>
	<CEMenu     id="10515" src="10515.bin"/>
</SILKPADD>

Are included all the data types and file types known, the order how appears in the list is the same that will be used at rebuilding time
The "src" attribute (used by the data extracted as a file) allows the user to rename the files with custom names, as example, if you want to rename 10504.png to exit_icon.png the user can do it manually (renaming the file and changing the "src" in the xml)
In this example im extracting HTML, CEDialog, and CEMenu as files, but later you can do this with CEDialog and CEMenu:

	<CEDialog   id="10509" unk_1="0x120" unk_2="0x8" etc="0xFFFFFFFF">
		<CERectComponent id="10510" unk_1="0x120" unk_2="0x8" etc="0xFFFFFFFF">
			<CELabel id="10511" unk_1="0x120" unk_2="0x8" etc="0xFFFFFFFF"></CELabel>
			<CEButton   id="10512" unk_1="0x120" unk_2="0x8" etc="0xFFFFFFFF">Ok</CEButton>
			<CEButton   id="10513" unk_1="0x120" unk_2="0x8" etc="0xFFFFFFFF">Cancel</CEButton>
			<CEButton   id="10514" unk_1="0x120" unk_2="0x8" etc="0xFFFFFFFF">Retry</CEButton>
		</CERectComponent>
	</CEDialog>

Way more complex... but i think is nice to have everything in the same XML
Note the first time i mentioned this in the thread i was suggesting to extract the text strings to a different xml (dedicated to text strings), but i changed my mind, everything together is better
A single xml file to rule them all

 

[esc0rtd3w]

Neat! Time to search google for nginx exploits. What is this server runnng? Have you tried running xmb:// ese:// sel// and all the rest? Perhaps nginx is responsible for all those processing by plugins (just a theory)

this CVE-2016-0746 , CVE-2016-0747 and others should affect this nginx 1.12.2 version, but needs testing.

i have not tried all of the protocols yet. i will setup entries in the PETT XML for testing later.

1203, can't seem to find that error ID in CEPhWeb for some reason. Tried Silk, Silk Webkit

here is a ZIP i made while testing ID's. its just setup for all the english errors and text to announce their ID and origin BIN file on screen. its incomplete, but useful (and easily reproduced, as i used your latest tool to make them) silk_data_id_testing.zip

having a blanket option of rewriting entries with their respected values into HTML would be a cool thing to add

If we could figure out what can be used with window.exernal.user and window.external.system that would be gold.I think .user communicates with the process whihc launched it while .system commnicates with the system/XMB/OS (whatever we call it) itself.

this also may be worth looking into. from the very beginning of exploiting the browser, there was this gem, provided as a sample from $ony...that crashes the system! window.external.system("Webbrowser.Download.StartBackground?http://www.playstation.jp/sample.mp4");

I support the USER_ID theory aswell.

i can try some things to test this later

Would it be possible to have a look at reversing the different modules fo checking the files? I am not saying to dedicate more things to it, but perhaps you can have a better look. This assembily is not familiar wiht me but a quick look in IDA and interesting things appear. For exmaple TrendMicroPolicy.xml is first checked in hdd0 ad then proceeds in all usbs and then cf,ms and finally app_home. If not found in HDD(which we cal delete) it wil; search in USb, a lot of opportunities here.

this also caught my eye. i have tested this TrendMicro XML in the past, but didnt go much into it. there may be something to it we could leverage though. The IDA stuff, just make sure you have the PS3 plugins for it to analyze SELF/SPRX. Its all PowerPC and CellBE. You can check my sig for links to some helpful things for that.

We seem to be looking for a grey dialog based on the looks of it. So where do we see a grey dialog? Anyone?

unsure exactly about that, but during testing replacing these entries, i sometimes get left with all the button, combo, etc backgrounds as all black

There are 2 values in the CEDialog that indicates 2 colors, seems to be the typical web "color" and "bg_color"... and are the bytes of that area (very recognizable) with either FFFFFFFFFF or FFC0C0C0FF... but are longer, are actually:
0xFFC0C0C0 - This is the background of the menues, is one of the "safe web colors" for grey, if you take one of this images and open it in photoshop and use the option "color picker" you will see the background of it is exactly #C0C0C0

this is a pretty cool find

I cant, there are many things you both has been mentioning here that i dont get, i been mostly focused in looking at the silkpadd fileformat in a hexeditor

i will try making a comprehensive list on my end as i go, then can post it later or can add some to the wiki, if i have time

 

[sandungas]

@NewFile im looking at the xml style i suggested and just realized i missed 2 "unknown" bytes inside CEBinary. Im going to repeat it, i guess this is my final suggestion for this xml

<?xml version="1.0" encoding="iso-8859-1"?>
<!-- This XML representation of a SILKPADD structure was generated by "SILKPADD editor vX.X" -->

<SILKPADD hdr_unk2="0x0" hdr_unk4="0x0">
	<String     id="10500">Text string here.</String>
	<StringHtml id="10503" src="10503.html"/>
	<CEBinary   id="10504" type="image\png" bin_unk2="0x0" src="10504.png"/>
	<CEBinary   id="10505" type="image\gif" bin_unk2="0x0" src="10505.gif"/>
	<CEBinary   id="10506" type="image\gifPushed" bin_unk2="0x0" src="10506.png"/>
	<CEBinary   id="10507" type="image\ms-cursor" bin_unk2="0x0" src="10507.cur"/>
	<CEBinary   id="10508" type="image\ms-icon" bin_unk2="0x0" src="10508.ico"/>
	<CEDialog   id="10509" src="CEDialog_10509.bin"/>
	<CEMenu     id="10515" src="CEMenu_10515.bin"/>
</SILKPADD>

This includes all the "unknowns" of the top layer of the silkpadd structure, by now this unknowns seems to be always zeroes, and could be paddings, but anyway i think is good to keep them
And btw, we only have this 3 "unknowns" in the silkpadd file structure, this is why i ementioned before that the file structure was easy (not pretended to be an smartass or be offensive), but is because i was talking about this "top layer" of the silkpadd structure

What is complex are a couple of the "contents" inside silkpadd (the CEDialog and CEMenu), but i always considered this files an extra
In the way i was thinking in this the priority for your tool was to extract all contents in the better way posible, and as the second priority to re/build them from scratch
With the xml format im suggesting it can be made, the xml keeps a record of all the critical details needed for rebuilding purposes (is heavilly inspired in what rcomage does btw, this was a good idea)

The silkpadd structures doesnt have weird paddings or other things that could create mistmatchs with the original silkpadd files, so im guessing at this point if you implement this "rebuild" feature silkpadd files generated by your tool are going to match 100% the originals (and if they doesnt, we need to take a peek at that file because it contains something we are missing, or we have a bug in the silkpadd editor tool)

 

[NewFile]

here are a few interesting Silk tidbits...

using nginx/1.12.2

passing a js string var string1='Hello '; with xml/xmbl (using module_name and module_action) gets formatted to a URL style http://:var string1='Hello '; and issues a Bad Request. Using the javascript: prefix does allow this to work and set the string1 variable.

I tried doing this aswell on Rebug 4.82 and it still gave one of those default errors, nothing related to nginx. Tried bookmarks and history, it simply simply not show anything to nginx. Another reference in sprx is Mithrill

I cant, there are many things you both has been mentioning here that i dont get, i been mostly focused in looking at the silkpadd fileformat in a hexeditor

You are right, some details are really obvious and clear ot understand while others can be confusing on where to put and update.

Hmmm, width, height and keyboard shorcuts ? i will keep it in mind... there are several places where it could be indicating pixel sizes, i noticed it but by now i have not found any sample where it can be seen clearly what is each, but yes i agree a couple of the unkowns are going to be width and height
I think there is going to be other to display the dualshock button icons, not sure though

Only CEMenu has keyboard shortcuts. It's just like in Windows which is really weird. CEMenu and CEDialog are quite similiar, with some differences though.
Also some strings, non HTML also contain tags, most of them have <br> which can confuse the XML format, meaing we will have to use CDATA to be to safe side I think.

I think could be nice if you add extraction of HTML files too... i mean converting the html string to a file (and removing the null byte at the end in the extraction process)

That seems ok but the only way to tell if it is a HTML file is to check for DOCTYPE string, there is no other way to identify

hdr_unk2="0x0000" - this ones are the 2 bytes inmediatly after the SILKPADD magic, this ones could be good to keep a record of them, just incase

I agree.

Are included all the data types and file types known, the order how appears in the list is the same that will be used at rebuilding time
The "src" attribute (used by the data extracted as a file) allows the user to rename the files with custom names, as example, if you want to rename 10504.png to exit_icon.png the user can do it manually (renaming the file and changing the "src" in the xml)

I would prefer the scr filename to also have the binary type in the filename. This way I know which is Menu and which is Dialog without having to go back to the xml file ot check and see. It may be more info but still helps setting things apart.

this CVE-2016-0746 , CVE-2016-0747 and others should affect this nginx 1.12.2 version, but needs testing.

i have not tried all of the protocols yet. i will setup entries in the PETT XML for testing later.

Interesting, I have tried doing some tests here but I have webman which creates it's own kind of server if we can put it that way. Mithrill and nginx are two things to keep in mind.

here is a ZIP i made while testing ID's. its just setup for all the english errors and text to announce their ID and origin BIN file on screen. its incomplete, but useful (and easily reproduced, as i used your latest tool to make them) silk_data_id_testing.zip

Great idea!

having a blanket option of rewriting entries with their respected values into HTML would be a cool thing to add

What do you mean with blanket option of rewriting entries?

this also may be worth looking into. from the very beginning of exploiting the browser, there was this gem, provided as a sample from $ony...that crashes the system! window.external.system("Webbrowser.Download.StartBackground?http://www.playstation.jp/sample.mp4");

At last an example. A good look at the sprx and we have:

Webbrowser.Ifilter
Webbrowser.Ifilter.Enable
Webbrowser.Ifilter.Disable
Webbrowser.Ifilter.Status
Webbrowser.Download
Webbrowser.Download.Start
Webbrowser.Download.StartBackground
Webbrowser.Render
Webbrowser.Render.Start
Webbrowser.Render.StartWithPointer
System.Sound
System.Sound.Play
System.Audio
System.Audio.Control

Ifilter, Sound and Audio I do not know how to user. The others can be used with window.external.system(msg) (in silk only, Webkit won't execute them)

Webbrowser.Download.Start?url of file
Will automatically open downloading of file.
Webbrowser.Download.StartBackground , does not seem to do anything. Maybe it wants a specific file type allowed for background downloading. Does not cause any freezing.

Webbrowser.Render.Start?url
This is cool, it will open a new "tab" in full screen where only PS button can exit and no pointer showing.

Webbrowser.Render.StartWithPointer?url
Same thing as obove, noticed nothing different, pointer still not shown.

I suspect that they take more parameters, especially Render.Start, i think it takes x, y , width and height.

Only these I could find, hoping for more.

this also caught my eye. i have tested this TrendMicro XML in the past, but didnt go much into it. there may be something to it we could leverage though. The IDA stuff, just make sure you have the PS3 plugins for it to analyze SELF/SPRX. Its all PowerPC and CellBE. You can check my sig for links to some helpful things for that.

Your tuts are absolutely wonderful. However, I do not have muhc time for now, and will have to resume later on.

unsure exactly about that, but during testing replacing these entries, i sometimes get left with all the button, combo, etc backgrounds as all black

That;s because the editor does not import the resources(images,icons etc), and they are not loaded. Same thing happens with the RCOs and an old version of RCOMage, which would not import images, causes the status bar and icons to be missing, and appear in bright white color. At least they do not freeze.
With grey,I was referring to these CEDialogs, and CEMenus which @sandungas have pointed out that they should be in greay, but this dialog we have no idea where is shown.

This includes all the "unknowns" of the top layer of the silkpadd structure, by now this unknowns seems to be always zeroes, and could be paddings, but anyway i think is good to keep them
And btw, we only have this 3 "unknowns" in the silkpadd file structure, this is why i ementioned before that the file structure was easy (not pretended to be an smartass or be offensive), but is because i was talking about this "top layer" of the silkpadd structure

Ok.

What is complex are a couple of the "contents" inside silkpadd (the CEDialog and CEMenu), but i always considered this files an extra
In the way i was thinking in this the priority for your tool was to extract all contents in the better way posible, and as the second priority to re/build them from scratch
With the xml format im suggesting it can be made, the xml keeps a record of all the critical details needed for rebuilding purposes (is heavilly inspired in what rcomage does btw, this was a good idea)

Yes, extract and importing should be the top priority for now. Sadly, I have little time but I plan ot update soon, create a proper and full version, and add many of the features.

 

[esc0rtd3w]

I tried doing this aswell on Rebug 4.82 and it still gave one of those default errors, nothing related to nginx. Tried bookmarks and history, it simply simply not show anything to nginx.

Interesting, I have tried doing some tests here but I have webman which creates it's own kind of server if we can put it that way. Mithrill and nginx are two things to keep in mind.

i get this nginx request error also with webman running with ftp, so not sure yet about that. you can disable webman, but for temperature sake, xai or another plugin, or hard wire fan probably recommended.

Another reference in sprx is Mithrill

hmmm, don't know what that is yet lol

Mithrill and nginx are two things to keep in mind.

yeah both of those could use some research. i havent tried any exploits yet, i did not see anything public really as far as a PoC or anything

Great idea!

What do you mean with blanket option of rewriting entries?

thanks

i meant, have the tool write an html page that displays the ID and source BIN for each entry automatically, like the id test bins

At last an example. A good look at the sprx and we have:

Webbrowser.Ifilter
Webbrowser.Ifilter.Enable
Webbrowser.Ifilter.Disable
Webbrowser.Ifilter.Status
Webbrowser.Download
Webbrowser.Download.Start
Webbrowser.Download.StartBackground
Webbrowser.Render
Webbrowser.Render.Start
Webbrowser.Render.StartWithPointer
System.Sound
System.Sound.Play
System.Audio
System.Audio.Control

hmmm...these are also interesting. we'll have to do some more sprx data mining

Your tuts are absolutely wonderful. However, I do not have muhc time for now, and will have to resume later on.

thanks again

That;s because the editor does not import the resources(images,icons etc), and they are not loaded. Same thing happens with the RCOs and an old version of RCOMage, which would not import images, causes the status bar and icons to be missing, and appear in bright white color. At least they do not freeze.
With grey,I was referring to these CEDialogs, and CEMenus which @sandungas have pointed out that they should be in greay, but this dialog we have no idea where is shown.

ok. that makes sense now

 

[NewFile]

Made some new discoveries! Updating the editor and posting updates later.

The size limit for an entry is now around 16MB.
@esc0rtd3w @bguerville
Any plans to taking another look at this offline HAN? Should be enough for everything this time. A complete package.

 

[NewFile]

Wow, it seems we can go over 4GB (yes, it's a G) size for file entry.
I do not have access to the PS3 right now, would anyone ke kind enough enough to do some testing on this?
Please let me know if you can do so, would like to test a few details before doing a new release.

 

[ayassinsayed]

Wow, it seems we can go over 4GB (yes, it's a G) size for file entry.
I do not have access to the PS3 right now, would anyone ke kind enough enough to do some testing on this?
Please let me know if you can do so, would like to test a few details before doing a new release.

I can test it if u didnt mind so did u make new progress ?


Sent from my iPhone using Tapatalk

 

[Louay]

Me too i can test it any time send me a link i will test and report you back

 

[esc0rtd3w]

Made some new discoveries! Updating the editor and posting updates later.

The size limit for an entry is now around 16MB.
@esc0rtd3w @bguerville
Any plans to taking another look at this offline HAN? Should be enough for everything this time. A complete package.

this is quite interesting. i do not think anything will be done officially for offline HAN and other tools, but that is not 100% for sure.

we currently have more *important* tasks at hand, but not to say it cannot be incorporated into tools in the future, officially. it is a great option for a lot of users, and is quite convenient

idk how @bguerville feels about it, but i would guess it is not at the top of his list lol

having said that, i do look forward to maybe experimenting a bit with your new editor when done

 

[NewFile]

New updates:

All CEBinary, CEDialog, CeMenu are extracted in a folder labeled the same as the input filename.
Inside this folder there will be a subfolder, "text", here all the strings will be extracted in the following format: ID_string.txt I perform no encoding on these strings, the raw bytes are extracted.
The Data field has been switched to Preview. It only displays the first 255 characters.
*The two last points where done on purpose, the grid view is not good for editing large amount of text and since one of those simple strings is going to be turned to a big HTML, it's better to edit the corresponding extracted file. The Preview field will give you an ideaa of the string that the entry contains.

Repacking now works properly. All CE* files are imported. Only those extracted, the extracted png, gif etc are not touched. This means that atm replacking for strings is great and you get to retain the images, but if you wish to edit the CE .bin files then you have to do it manually on the extracted files. This can be potentially changed.
Repacking works properly, tested by file comparing orginal file and the newly generated file with the same exact data.
Did some testing on the PS3, took ps3exploit site, embed the exploit .js file and good enough, with a few minor tweaks and a couple of minutes, the current site can be tweaked to run locally just fine.
The maximum entry size is 4294967295 bytes.
Note for @sandungas , in the header the size is in little endian but in the data itself the first 4 bytes for size are in big endian. Don't ask me why it's like this, it is and you can edit the wiki for the unknow fields.

Now, the editor get's a official version, v0.1!

How to:
Open a .bin file.
Files will be extracted in a folder same name as the input. Texts and data will be there. Keep the editor open.
Edit whatever of the files you need.
Click Save. A "new_"input.bin will be created.
Transfer it to dev_flash depending on what you need it, silk, silk_nas, webkit etc.


Some experiments:
Switching the ID of a string with another one of CEBinary, would simply print CEBinary on the browser, nothing else!

 

[ayassinsayed]

New updates:

All CEBinary, CEDialog, CeMenu are extracted in a folder labeled the same as the input filename.
Inside this folder there will be a subfolder, "text", here all the strings will be extracted in the following format: ID_string.txt I perform no encoding on these strings, the raw bytes are extracted.
The Data field has been switched to Preview. It only displays the first 255 characters.
*The two last points where done on purpose, the grid view is not good for editing large amount of text and since one of those simple strings is going to be turned to a big HTML, it's better to edit the corresponding extracted file. The Preview field will give you an ideaa of the string that the entry contains.

Repacking now works properly. All CE* files are imported. Only those extracted, the extracted png, gif etc are not touched. This means that atm replacking for strings is great and you get to retain the images, but if you wish to edit the CE .bin files then you have to do it manually on the extracted files. This can be potentially changed.
Repacking works properly, tested by file comparing orginal file and the newly generated file with the same exact data.
Did some testing on the PS3, took ps3exploit site, embed the exploit .js file and good enough, with a few minor tweaks and a couple of minutes, the current site can be tweaked to run locally just fine.
The maximum entry size is 4294967295 bytes.
Note for @sandungas , in the header the size is in little endian but in the data itself the first 4 bytes for size are in big endian. Don't ask me why it's like this, it is and you can edit the wiki for the unknow fields.

Now, the editor get's a official version, v0.1!

How to:
Open a .bin file.
Files will be extracted in a folder same name as the input. Texts and data will be there. Keep the editor open.
Edit whatever of the files you need.
Click Save. A "new_"input.bin will be created.
Transfer it to dev_flash depending on what you need it, silk, silk_nas, webkit etc.


Some experiments:
Switching the ID of a string with another one of CEBinary, would simply print CEBinary on the browser, nothing else!

Good tool , Thanks bro . But how took ps3exploit site, embed the exploit .js file with a few minor tweaks to run locally ? Could u explain?


Sent from my iPhone using Tapatalk

 

[NewFile]

Good tool , Thanks bro . But how took ps3exploit site, embed the exploit .js file with a few minor tweaks to run locally ? Could u explain?


Sent from my iPhone using Tapatalk

It's really simple. Some basic HTML/JS experience is needed.
Go to the official site, pick one of the options(flash,write etc) and then view the source of the page.
Copy the entire code to notepad. With the page skurve opened in the browser( PC ofc) seach for ".js" the first result open and copy all the code of the file.
Yiu can minify this code if you wish although we no longer have size limitations.
Back at notepad, add a script tag in the head section of HMTL.

Use the editor to inject. Replace the file in dev_flash.

 

[Louay]

It's really simple. Some basic HTML/JS experience is needed.
Go to the official site, pick one of the options(flash,write etc) and then view the source of the page.
Copy the entire code to notepad. With the page skurve opened in the browser( PC ofc) seach for ".js" the first result open and copy all the code of the file.
Yiu can minify this code if you wish although we no longer have size limitations.
Back at notepad, add a script tag in the head section of HMTL.

Use the editor to inject. Replace the file in dev_flash.

@NewFile meaning we just
copy the js script from external js file then
paste it in script tag in head section of html file
create a new bin or edit an existing one like silk using SILKPAD_EDITOR then
transfer it to dev_flash ?? so we no longer have size limitations meaning you don't have to obsfuctare or minify the code to make it smaller just use original html and js script code ??

 

[ayassinsayed]

It's really simple. Some basic HTML/JS experience is needed.
Go to the official site, pick one of the options(flash,write etc) and then view the source of the page.
Copy the entire code to notepad. With the page skurve opened in the browser( PC ofc) seach for ".js" the first result open and copy all the code of the file.
Yiu can minify this code if you wish although we no longer have size limitations.
Back at notepad, add a script tag in the head section of HMTL.

Use the editor to inject. Replace the file in dev_flash.

Could u make simple file please to help us to understand the whole steps ? Please Thanks


Sent from my iPhone using Tapatalk

 

[NewFile]

Could u make simple file please to help us to understand the whole steps ? Please Thanks


Sent from my iPhone using Tapatalk

Ok, I will, I really hope @esc0rtd3w @bguerville ate ok with this though! All credits to them for this. We are simply trasfer the code to one only.

so we no longer have size limitations meaning you don't have to obsfuctare or minify the code to make it smaller just use original html and js script code ??

Correct, these are optional steps, but still a good idea if possible.

 

[Louay]

Can you send me pm? i have a ps3 on cfw i can go back to ofw 4.82 and test

 

[lmn7]

Correct, these are optional steps, but still a good idea if possible.

Just saw this, IMO it's better not to minify the code because it messes with the success rate. The file copier script is very large and had to be obfuscated then Base64 encoded, for this reason the success rate is very random. I would imagine it would work better with this method, using the original script.