PS2 KELFTool (DNASLoad fork) DEPRECATED

[El_isra]

KELFTool DNASLoad fork


Special Thanks to @krHACKen for sharing the DNASLoad user header.

This KELFTool fork adds a new 'dnasload' encryption mode.
This mode creates a KELF with FMCB Kbit field and DNASLoad user header.

those KELFs can decrypt properly on both PS2 and PSX (according to krHACKen, this happens because the DNASLoad user header is whitelisted on PSX Mechacon, allowing it to decrypt on both PSX and PS2 even if the KELF is flagged as a PS2 KELF)

This KELFTool fork is shared here because it will be extremely helpfull for enyone that wants to replace the stock KELF Files provided on KELFBinder 2

 

[El_isra]

For anyone with experience who wants to see the KELF specs without checking on a PC:

C:\Users\Usuario\Desktop>kelftool_dnasload decrypt SYSTEM.XLF _.ELF
header.UserDefined     = 01 00 00 04 00 06 00 4A 00 0E 01 00 00 00 00 02
header.ContentSize     = 0X13A28
header.HeaderSize      = 0X80
header.SystemType      = 0 (SYSTEM_TYPE_PS2)
header.ApplicationType = 1 (xosdmain)
header.Flags           = 0X22C - kelf:HDR_FLAG2|HDR_FLAG3|HDR_FLAG4_3DES|HDR_FLAG9|
header.BitCount        = 0
header.MGZones         = 0XFF |All regions allowed|
header.gap             = 00 00 00
HeaderSignature        = B4 D0 7D 2D D3 87 F1 5A

Kbit                   = D9 4A 2E 56 01 6E A7 31 00 00 00 00 00 00 00 00
Kc                     = 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
BitTableSize           = 0X28
bitTable.HeaderSize    = 0X80
bitTable.BlockCount    = 2
bitTable.gap           = 00 00 00
                         Size        Signature           Flags
    bitTable.Blocks[0] = 00013A18    0000000000000000    0 (not encrypted, not signed)
    bitTable.Blocks[1] = 00000010    A6287C3E8C21D756    3 (encrypted and signed)
BitTableSignature      = D2 10 BC 13 49 98 A3 81

 

[r1vver]

What is the difference between V1 and V2 on the download page?

 

[Berion]

Feature request: for decryption of headerless XLF, could You add ELF header rebuilding?

 

[El_isra]

What is the difference between V1 and V2 on the download page?

Cant remember. the dnasload header feature and some additions made by me will be added to Upstream KELFTool probably. so this will be useles if that happens

Feature request: for decryption of headerless XLF, could You add ELF header rebuilding?

Not a thing for KELFTool. but the problem of rebuilding an ELF header is that I dont know shit about that. krHACKen can do it.

 

[Kevstah2004]

Kbit & Kc - Decrypted value is normal.
bitTable.Blocks[0] : Size - Decrypted value is reversed.
bitTable.Blocks[0] : Signature - Decrypted value is normal.
bitTable.Blocks[1] : Size - Decrypted value is reversed.
bitTable.Blocks[1] : Signature - Decrypted value is normal.

I'm still missing something to make it match krHACKen cracked KELFs though, pcsx2 goes into a loop instead of showing the magicgate info, kelftool shows the similair garbled info though with about 20-30lines with it saying the blocks are signed but not encrypted.

 

[Kevstah2004]

So HDProjectX vx.xx gives you a bittable.bin & decrypted output.elf

The bit table seems to be semi decrypted, an the decrypted fmcb elf is bigger than the base v1.8c 66kb elf vs 77kb instead.

ELF+bit table = exact size of fmcb v1.8c osdmain.

It seems as if you somehow combined the kelftool values & HDProjectX you end up with a cracked kelf, you just need to tell it that the bit table blocks aren't signed by using the unencrypted value 0 instead 2 or 3?

https://archive.org/download/ps2homebrewroms/game loaders/HD Project v2.0.7z