Run PSP Games/Homebrew as Minis on the PS3

by ps3iso on April 1, 2013

Here’s some nice info from zecoxao about running PSP Games/Homebrews (disguised as minis) on a PS3.

Cleaned up. OK, so here’s how it works:

On each mini, there are two files called ISO.BIN.EDAT and MINIS.EDAT.
There’s also another one(the game) called EBOOT.PBP

Decrypting ISO.BIN.EDAT will generate a binary that contains the following :

http://www.ps3devwiki.com/wiki/Iso.b….bin_structure

Decrypting MINIS.EDAT will generate a binary that contains almost the same, except that it is much smaller because it only contains a small header and the encrypted version key (i’m going to add the info to the wiki so don’t worry)

Now, there is a program, with included source code, based on libkirk, that does all the hard work for us and decrypts the EBOOT.PBP. just rename EBOOT.PBP to NP.PBP and it’ll decrypt the eboots contents for you

That program will also generate the header (in big endian) and the version key (exists per pbp)

Let’s take care of the MINIS.BIN first. it has a random 16 bytes of data. if we decrypt that data with this specific key using aes-cbc

Code:

62 5E 77 79 46 62 6A 37 33 6E 3A 5D 4A 6B 71 4B

we will get the version key. that takes care of MINIS.BIN and we can forge our own if we want with another eboot.

let’s go now to ISO.BIN

the header there is the same as the generated header from the decryptor, except byte swapped in some places (again, little endian in ISO.BIN and big endian in np_header.bin)

header taken care of, we go to the table (lots of ****ing hours on this one guys)

this is divided in 4 parts (cmac of block using another key, offset of block relative to np_header and size in bytes of encrypted and compressed data)

finding the block offset (tp[4] in code) and the block size (tp [5]) in the code was easy, as well as the padding bytes (tp [6] and [7]). the hard part was the cmac, which is now taken care of ( the link for the modified tool is here : http://dl.dropbox.com/u/35197530/npdpc.zip , take notice only the first block cmac is generated)

you’ll notice that in that code, there is a key in npeg.c . that is the minis1 key .
now we have proper cmacs. Very nice :D

what’s missing now is to find an iso and make it an eboot, and use the information of the eboot and put it on ISO.BIN and MINIS.BIN, then repack the edats (using KDSBest’s tool) , create a pkg and test it

for packing isos into eboots the closest we have is fake_np (also in libkirk)

for those of you who want to test these kirk tools, check the link under the minis table information

And that’s it

I guess we just have to wait a bit for a “noob-friendly” version..

Tweet this!Tweet this!


Previous post:

Next post: