[Tutorial] PSN Bypass Techniques and Setting Up Development/Debugging Environment

Added some new packages. Will update OP with new links soon.

Thanks to all who submitted links. I will try and get to these to patch for NOPSN as soon as possible!

AXN-SciFi-v1.00-[NPEB00954].pkg
beIN-Sports-v1.01-[NPEB02156].pkg
Film1-v1.00-[NPEB02412].pkg <-- Missing Link. Will Update Soon!
FilmoTV-v1.00-[NPEB01925].pkg
FranceTV-Sport-v1.00-[NPEB02427].pkg
GameOne-v1.00-[NPEB01941].pkg
MEO-VideoClube-v1.00-[NPEB01906].pkg
Okko-Movies-HD-v1.03-[NPEB02373].pkg
QookTV-v2.01-[NPHA70006].pkg <-- Missing Link. Will Update Soon!
RTBF-v1.00-[NPEB01429].pkg
SiriusXM-Radio-v1.04-[NPUP31375].pkg
Sony-Entertainment-Television-v1.00-[NPEB00955].pkg
TVigle-v1.00-[NPEB01908].pkg
TVN-Player-v1.00-[NPEB01430].pkg <-- Missing Link. Will Update Soon!
Videoland-v1.02-[NPEB02218].pkg <-- Suggested by Geenzinin
 
Hi esc0rtd3w,

I went through the posts and found that you want to know if some one able to boot with resign the amazon instant video v4.01 app. I did some common things which might help you to resign this app and liberate it from PSN.

I resign the amazon instant video v4.01 (NPEB00344) app which is dully work on 4.75 firmware to lower version 4.46 with aldos ps3 tool and it boot on ps3 4.70 firmware.

Below are the step which I performed.

1. I extracted the package with pkgview
2. I used SELF tools --> resign BOOT/SELF option
3. It asked me to search any more self file then patched it.
4. I create the package with same aldos tool.

The app patched to lower firmware and boot perfectly.

Could you please try to apply your patches and resign with default aldos tool setting without changing anything.

Please ignore if it seems too lame or you have already perform these steps... I am quite new to forums, don't know much rules.... but following you from past couple of months....

Thank you so much for your great works..... People love you for your devotion and your selfless works.... :)
 
well, thank you for taking the time to check that out and post. I am 99% sure I have tried AldoTools as well as many others, but I will try again this weekend and see what I can come up with. From what I remember, it was just a matter of the EBOOT returning me back to the XMB for some reason. What firmware are you on, if I may ask?

Thanks again :glee:


EDIT: Did you try resigning the ignition.sprx file? That is most likely the target for PSN check, possibly EBOOT or other means though.
 
esc0rtd3w said:
well, thank you for taking the time to check that out and post. I am 99% sure I have tried AldoTools as well as many others, but I will try again this weekend and see what I can come up with. From what I remember, it was just a matter of the EBOOT returning me back to the XMB for some reason. What firmware are you on, if I may ask?

Thanks again :glee:


EDIT: Did you try resigning the ignition.sprx file? That is most likely the target for PSN check, possibly EBOOT or other means though.
Click to expand...

Hi esc0rtd3w,

Currently my PS3 slim 2k version is running on Habib cfw 4.70 cobra 7.10 CEX firmware. Yes I resigned ignition.sprx too...

Could you please provide me all the elf files which you patched with location... So I can try to resign it... If it worked then everyone can enjoy the glory of your liberated amazon app..... :adoration::adoration:

Thanks,
 
@Rajesh Dutta...

this Amazon Video app has lots of SPECIAL self/sprx files...
Code: 
NPEB00344\usrdir\EBOOT.BIN
NPEB00344\usrdir\bin\ignition.self
NPEB00344\usrdir\com.amazon.ignition.framework.javascript-bin\mozjs24.sprx
NPEB00344\usrdir\com.amazon.ignition.framework.player-bin\playready\cachemgr.self
NPEB00344\usrdir\data\cachemgr\cachemgr.self
NPEB00344\usrdir\lib\webkit.sprx

it also has a sdat (NPEB00344\USRDIR\data\config\spark.cfg.sdat) with this content:
Code: 
"requirePSN" : true,

i change that to "false"...lets hope it is all it needs...i also PROPER re-signed all the self/sprx files...

here is the "no psn fix pkg" with instructions inside...
Code: 
Amazon.Video.PSN.PS3.NPEB00344.v4.01.NO.PSN.FiX.zip
http://www120.zippyshare.com/v/5X1oktmU/file.html

let me know how it works...
_
 
catalinnc said:
@Rajesh Dutta...

this Amazon Video app has lots of SPECIAL self/sprx files...
Code: 
NPEB00344\usrdir\EBOOT.BIN
NPEB00344\usrdir\bin\ignition.self
NPEB00344\usrdir\com.amazon.ignition.framework.javascript-bin\mozjs24.sprx
NPEB00344\usrdir\com.amazon.ignition.framework.player-bin\playready\cachemgr.self
NPEB00344\usrdir\data\cachemgr\cachemgr.self
NPEB00344\usrdir\lib\webkit.sprx

it also has a sdat (NPEB00344\USRDIR\data\config\spark.cfg.sdat) with this content:
Code: 
"requirePSN" : true,

i change that to "false"...lets hope it is all it needs...i also PROPER re-signed all the self/sprx files...

here is the "no psn fix pkg" with instructions inside...
Code: 
Amazon.Video.PSN.PS3.NPEB00344.v4.01.NO.PSN.FiX.zip
http://www120.zippyshare.com/v/5X1oktmU/file.html

let me know how it works...
_
Click to expand...
Hi catalinnc,

I tried to follow the steps and installed all the apps as per the sequence mentioned in the zip file. But still this app is asking for PSN login.:apologetic:. I tried to press circle to see if it can bypass but nothing happened. The app resign is perfect and it boot flawlessly but it seems somehow this requirePSN is not working... :apologetic::apologetic::apologetic:

Thanks
 
catalinnc said:
@Rajesh Dutta...

this Amazon Video app has lots of SPECIAL self/sprx files...
Code: 
NPEB00344\usrdir\EBOOT.BIN
NPEB00344\usrdir\bin\ignition.self
NPEB00344\usrdir\com.amazon.ignition.framework.javascript-bin\mozjs24.sprx
NPEB00344\usrdir\com.amazon.ignition.framework.player-bin\playready\cachemgr.self
NPEB00344\usrdir\data\cachemgr\cachemgr.self
NPEB00344\usrdir\lib\webkit.sprx

it also has a sdat (NPEB00344\USRDIR\data\config\spark.cfg.sdat) with this content:
Code: 
"requirePSN" : true,

i change that to "false"...lets hope it is all it needs...i also PROPER re-signed all the self/sprx files...

here is the "no psn fix pkg" with instructions inside...
Code: 
Amazon.Video.PSN.PS3.NPEB00344.v4.01.NO.PSN.FiX.zip
http://www120.zippyshare.com/v/5X1oktmU/file.html

let me know how it works...
_
Click to expand...

That only applies to the old version that does not use Ignition Framework. There is also already several links to Spoofed NoPSN packages available, such as here and here.

EDIT: will check your fix as well and see what its about. Thanks!
 
Last edited:
@Rajesh Dutta

what are your scetool arguments for resigning EBOOT? Mine are basically default, when i use the GUI. When i use AldoTools to resign on DEX i get return to XMB and on CEX black screen. I am still testing on Rebug 4.81.2. Thanks:cool new:

scetool -l 72F990788F9CFF745725F08E4C128387 --sce-type=SELF --compress-data=TRUE --skip-sections=FALSE --key-revision=04 --self-ctrl-flags=4000000000000000000000000000000000000000000000000000000000000002 --self-auth-id=1010000001000003 --self-add-shdrs=TRUE --self-vendor-id=01000002 --self-app-version=0004000100000000 --self-type=NPDRM --self-fw-version=0003004000000000 --np-license-type=FREE --np-content-id=EP4183-NPEB00344_00-LOVEFILMFULL0100 --np-app-type=EXEC --np-real-fname="EBOOT.BIN" --encrypt "EBOOT.elf" "EBOOT.BIN"
Click to expand...
 
esc0rtd3w said:
That only applies to the old version that does not use Ignition Framewrok. There is also already several links to Spoofed NoPSN packages available, such as here and here.
Click to expand...

Yes till 3.03 version of this app requirePSN = false was the solution......

@
esc0rtd3w said:
@Rajesh Dutta

what are your scetool arguments for resigning EBOOT? Mine are basically default, when i use the GUI. When i use AldoTools to resign on DEX i get return to XMB and on CEX black screen. I am still testing on Rebug 4.81.2. Thanks:cool new:
Click to expand...

Below is my scetool argument.... seems same

scetool -l 72F990788F9CFF745725F08E4C128387 --sce-type=SELF --compress-data=TRUE --skip-sections=FALSE --key-revision=04 --self-ctrl-flags=4000000000000000000000000000000000000000000000000000000000000002 --self-auth-id=1010000001000003 --self-add-shdrs=TRUE --self-vendor-id=01000002 --self-app-version=0004000100000000 --self-type=NPDRM --self-fw-version=0003004000000000 --np-license-type=FREE --np-content-id=EP4183-NPEB00344_00-LOVEFILMFULL0100 --np-app-type=EXEC --np-real-fname="EBOOT.BIN" --encrypt "EBOOT.elf" "EBOOT.BIN"
 
esc0rtd3w said:
@Rajesh Dutta

what are your scetool arguments for resigning EBOOT? Mine are basically default, when i use the GUI. When i use AldoTools to resign on DEX i get return to XMB and on CEX black screen. I am still testing on Rebug 4.81.2. Thanks:cool new:
Click to expand...
Instead of passing all those arguments, have you tried using the --template argument with the original self as template file?
esc0rtd3w said:
@Rajesh Dutta

what are your scetool arguments for resigning EBOOT? Mine are basically default, when i use the GUI. When i use AldoTools to resign on DEX i get return to XMB and on CEX black screen. I am still testing on Rebug 4.81.2. Thanks:cool new:
Click to expand...
Instead of passing all those arguments, have you tried using the --template argument with the original self as template file? The template optional argument should be available in versions 0.2.9/0.2.14/0.3.1/0.3.2...
Here is how the syntax goes (:
Code: 
scetool --eboot_template.bin --verbose --sce-type=SELF --compress-data=TRUE --encrypt eboot.elf eboot.bin
 
Last edited:
@Rajesh Dutta i have not created any patched files yet because i never got past resigning a stock EBOOT. i have IDA files with notes still though.

@catalinnc i tried your method by installing all 3 packages in order, as well as manual extract and merge with no effect. I didn't quite understand what you were saying at first until i saw your file structure from ZIP. This method was probably obsoleted once changing to Ignition Framework, but I like how it should work!!! Thanks :grin:

@bguerville thanks! i didn't realize there was a template option!
 
Last edited:
@esc0rtd3w : can it possible, there is some issue with rebug 4.81 cfw which not let this app to boot properly.... Can you try to resign it as 4.81... like below code

scetool -l 72F990788F9CFF745725F08E4C128387 --sce-type=SELF --compress-data=TRUE --skip-sections=FALSE --key-revision=04 --self-ctrl-flags=4000000000000000000000000000000000000000000000000000000000000002 --self-auth-id=1010000001000003 --self-add-shdrs=TRUE --self-vendor-id=01000002 --self-app-version=0004000100000000 --self-type=NPDRM --self-fw-version=0004008100000000 --np-license-type=FREE --np-content-id=EP4183-NPEB00344_00-LOVEFILMFULL0100 --np-app-type=EXEC --np-real-fname="EBOOT.BIN" --encrypt "EBOOT.elf" "EBOOT.BIN"

Thanks
 
Rajesh Dutta said:
@esc0rtd3w : can it possible, there is some issue with rebug 4.81 cfw which not let this app to boot properly.... Can you try to resign it as 4.81... like below code

scetool -l 72F990788F9CFF745725F08E4C128387 --sce-type=SELF --compress-data=TRUE --skip-sections=FALSE --key-revision=04 --self-ctrl-flags=4000000000000000000000000000000000000000000000000000000000000002 --self-auth-id=1010000001000003 --self-add-shdrs=TRUE --self-vendor-id=01000002 --self-app-version=0004000100000000 --self-type=NPDRM --self-fw-version=0004008100000000 --np-license-type=FREE --np-content-id=EP4183-NPEB00344_00-LOVEFILMFULL0100 --np-app-type=EXEC --np-real-fname="EBOOT.BIN" --encrypt "EBOOT.elf" "EBOOT.BIN"

Thanks
Click to expand...

yeah, for sure a possibility. Let me look over IDA notes and make a few different EBOOT and SPRX patched files to upload with different "shot-in-the-dark" modifications. :eek new: I may just install the same CFW as you for testing.
 
esc0rtd3w said:
yeah, for sure a possibility. Let me look over IDA notes and make a few different EBOOT and SPRX patched files to upload with different "shot-in-the-dark" modifications. :eek new: I may just install the same CFW as you for testing.
Click to expand...

Sure.... I am praying any of your dark shot will work..... At the end hope is the only thing which let us move forward.....:adoration:
 
esc0rtd3w said:
yeah, for sure a possibility. Let me look over IDA notes and make a few different EBOOT and SPRX patched files to upload with different "shot-in-the-dark" modifications. :eek new: I may just install the same CFW as you for testing.
Click to expand...

please, upload your modded elfs (when ready!) and i will PROPER re-sign them...
_

L.E. i am on the phone now...tomorrow (when i have access to a PC) i will post the PROPER scetool re-sign lines for each of the self/sprx...the template method is good BUT will not allow resigning for lower CFWs (ex: if the self is signed for 475 the template method will re-sign it for 475)...
_
 
Last edited:
I just installed Habib 4.70 1.01 CFW to test and it has the same freezing black screen......so.......

@Rajesh Dutta can you upload an EBOOT.BIN and IGNITION.SPRX unmodified and re-signed for me to see if it boots?

@catalinnc what are you re-signing with? can you post a link to your scetool and script (if used)??

for the record, I have only had issues with Amazon and Hulu, which I figured out the Hulu issue long ago for re-signing, but no PSN bypass, and the Amazon app looks easier to bypass but no re-signing?!?!? :confused:


EDIT 1: I just re-installed Rebug 4.81.2 and Amazon loaded right up with re-signed EBOOT :beaten::beaten::beaten:

On to IDA again...will post updates!! :topsy turvy:


EDIT #2: I also re-signed ignition.sprx and the app loaded without issues. I guess i had some shit in the flash!!!
 
Last edited:
You must log in or register to reply here.

Similar threads

Back
Top