在3.41韌體上執行SDK350編譯的遊戲 - 改機

http://ppt.cc/HIa0

Finally after only just over a month of waiting those owning still a
v3.41 Jailbroken PS3 console, can finally fully enjoy both worlds of
playing their own "homebrew" and still being able to enjoy the latest
and hottest of the recently released PS3 Games that were originally
complied by Sony only to work on later non-Jailbreakable v3.50 PS3
consoles.
經過將近一個月的等待，仍然沒把主機升級到3.50版韌體的玩家終於等到這一天
的來臨，終於有了兼顧執行自製程式，與享受$QNY用最新SDK350編譯完成遊戲的
方案。

TUTORIAL 教學
On how to modify Eboot.bin yourself to try to make it works!
如何自行修改Eboot.bin讓遊戲能在3.41版韌體上執行

Originally Posted by Veritas
I've actually written this a few times and promptly lost it due to
browser instability. Oops.

Anyway, this guide requires you to have some knowledge of how the
SELF and ELF file formats are laid out. I don't have a quick tool
to do this for me, but it takes maybe 5 minutes of my time to do it
by hand.
本篇教學需要讀者具備一些SELF與 ELF檔案格式知識作為基礎。暫時沒有傻
瓜工具，但親自修改大概每次也只需要花我五分鐘。

1. Open EBOOT.BIN in a hex editor of your preference.
將EBOOT.BIN檔案下載到電腦，用二進位編輯器打開。

2. In EBOOT.BIN, look at the SELF control info, if you see anything
resembling the game titleid, it's an NPDRM SELF and this guide
won't work, give up.
先移動到SELF監控資訊的部份，如果有看到遊戲ID相關的字串，那代表這
個遊戲有數位簽證的問題，本教學不適用，請左轉出去。
3. Use readself on EBOOT.BIN to get information about the encrypted
metadata sections.
使用readself讀取EBOOT.BIN，取出加密相關的資訊。

4. unself EBOOT.BIN eboot.elf
使用unself將EBOOT.BIN還原成eboot.elf。

5. Open eboot.elf in a hex editor of your preference.
再將eboot.elf用二進位編輯器打開。

6. In eboot.elf, go to every encrypted metadata section (now
decrypted), copy its data, and replace the encrypted data in
EBOOT.BIN.
移動到加密的metadata區段（現在已經解密了），將內容複製出來，換掉
EBOOT.BIN同樣的區段。

7. In EBOOT.BIN, change SELF header to indicate it's FSELF.
修改EBOOT.BIN，將SELF的標頭修改成FSELF 的標頭。

8. In EBOOT.BIN, change SELF section headers that are marked as
encrypted to say they are not encrypted.
修改EBOOT.BIN，將SELF的標頭裡面標記為加密的部份修改成不加密。

9. If the game is a newer SDK version (like GT5, which is 3.50),
in EBOOT.BIN, find the .sys_proc_param segment and change the SDK
version to something earlier, such as 3.41. This will probably
cause crashes in games that actually use newer SDK features that
are not available in earlier SDK versions.
尋找 .sys_proc_param區段，將 SDK相關的資訊由3.50改成3.41，注意：
如果遊戲有使用到SDK350才有的新函式的話，可能會造成當機。

10. Save EBOOT.BIN
儲存EBOOT.BIN

11. Cross fingers, run game, hope it works.
是看看有沒有辦法執行。

******

非常需要技術與知識的一篇教學，我也是有看沒有懂。

根據回報，目前GT5 美版(BCUS98114) 跟TOGF日版(BLJS10093) 都可以正常執行
。不急的人可以等3.50被解析完成後用更新韌體的方式執行遊戲，而且我認為這
才是正確的解決方案，這個教學的方式雖然是取巧，但還是很厲害。

x3Max 可以收一收了，到現在還在忙著把自己的產品加上防護，誰還理他們啊？

******

TOGF我測試的結果是不需要用正版光碟引導，主程式換掉後就可以直接使用免光
碟模式執行。測試平台CECH-2007 [email protected] + PSGrooPIC v2.04 DEV + Gaia
Manager 1.04.1

--

○ ____ _ _ _ _ ____ _ _ ____ _____ ____
。 ★(_ _)( \( )( \/ )( ___)( \( )(_ _)( _ )( _ \
ｏ _)(_ ) ( \ / )__) ) ( )( )(_)( ) / ● ‧
(____)(_)\_) \/ (____)(_)\_) (__) (_____)(_)\_) ★
ｏ

--