Release SCETOOL source converted for Windows

Rip Cord

Administrator
Staff member
Developer
The original source code release for SCETOOL compiles easily with gcc on linux. I made some small changes to allow compiling with Visual C++ in Windows.

Here is the source code/solution and compiled exe. Included zlib 1.2.5; it's compatible with original source. Linked with zlib static lib 32. If the linker has problem finding the zlib library (zlibstat.lib), add your source directory to the search path: Project->Properties->Linker->General: additional library directories.

Compiled with Visual C++ 2008 free edition (no registration required, no expiration date)
just open the sln file with Visual Studio to convert/load into other editions of VS; tested and working ok on VS 2010 too.


March 14 2015 Update: new link
 

Attachments

  • scetool_vs.zip
    298.4 KB · Views: 29
Last edited by a moderator:

Rip Cord

Administrator
Staff member
Developer
Thanks.

it's nice that zlib can be linked staticly, no need for dll.
 
Last edited by a moderator:

Rip Cord

Administrator
Staff member
Developer
I used the same steps to convert scetool to compile with Visual C++ 2010
Only needs a few changes:
1. In VC++ select new project, win32 console application, enter a name for the project, and make sure that create directory for solution is checked. Uncheck precompiled header. OK.
2. Set the project properties to multibyte for both debug and release configurations.
3. In the solution explorer window right click the name of the main source file and rename to main.cpp. Copy/paste all the text from the original main.cpp scetool source code into the main.cpp in your VC++ project.
4. Edit main.cpp so there is only one int main() and one closing return 0/closing brace. Comment out the line: #ifndef _DEBUG. Also right below the line #include <sys/stat.h> add an external "C" def for zlib.h:
Code:
extern "C"
{
#include "zlib.h"
};
5. Save all.
6. Copy all the header files from the original scetool source directory to the source directory of your project.
7. In the VC++ solution explorer right click the folder "header files" ->add->existing item and add all the header files you just copied to the source directory.
8. Save all.
9. In the solution explorer double click to open zconf.h. Add 2 defs right before the line #ifndef ZCONF_H:
Code:
#define ZLIB_WINAPI
#define ZLIB_INTERNAL
10. Save all.
11. From the original scetool source directory copy all the source files with extension .c and .cpp (except of course main.cpp already done) to the project source directory.
12. In the solution explorer right click the folder "source files" ->add->existing item and add all the source files you just copied to the source directory.
13. Save all.
14. Add the external "C" def for zlib.h to the source files sce.cpp and to util.cpp.
Code:
extern "C"
{
#include "zlib.h"
};
It should be the first include before all the others. Also, comment out the line #include "zlib.h" that was already there, further down the list of includes.
15. Save all.
16. Extract zlibstat.lib from the static32 folder of zlib125dll.zip and copy it to the project source folder.
17. In the project properties settings, in the linker section, for additional library directories, add the project source directory. In the input subsection of the linker section, add zlibstat.lib to the additional libraries. Click ok of course.
18. Save all.

Now it will build without errors.
 

Storm Shadow

Administrator
Staff member
Developer
Ida Pro Expert
Elite Cracker
You think it might be possible to add check off headers to pkg packages.
 

Rip Cord

Administrator
Staff member
Developer
there is a little code related to packages that is commented out. looks like he intended to include package functions.
 

Rip Cord

Administrator
Staff member
Developer
made a simple variation called scedetect.
some gui' s for scetool don't show output command, this will print a log file showing the command with commandline arguments that are passed to scetool by the gui. the log file is scedetect.txt and is created in the working directory of the gui.

instructions: look in subfolder of gui tool for scetool, backup and then replace original scetool with this version,
run gui, see command in scedetect.txt

Code:
    //scedetect code
    FILE *fp_detect;
    if ((fp_detect = fopen("scedetect.txt", "a"))==NULL) {
        printf("\nCannot create or open scedetect.txt log file...\n");
        return 1;
    }
    fprintf(fp_detect, "\n\n\n%s", argv[0]);
    for(int counter=1; counter < argc; counter++) {
        fprintf(fp_detect, " %s",argv[counter]);
    }
    if(fp_detect) fclose(fp_detect);
 

Attachments

  • scedetect.zip
    70 KB · Views: 10

Rip Cord

Administrator
Staff member
Developer
scetool places a watermark in the files that it encrypts:
Code:
encrypted with scetool
00000420 4E50 4400 0000 0001 0000 0003 0000 0001 NPD.............
00000430 5550 3030 3031 2D47 414D 4531 3131 3131 UP0001-GAME11111
00000440 5F30 302D 4741 4D45 4E41 4D45 3030 3030 _00-GAMENAME0000
00000450 3030 3031 0000 0000 0000 0000 0000 0000 0001............
00000460 7761 7465 726D 6172 6B74 726F 6C6F 6C6F watermarktrololo
00000470 4D29 0FD5 1253 AEDD 549B DA58 2612 10D0 M)...S..T..X&...
00000480 9182 CA8D 7A6D B94C 9809 88D2 568B 9439 ....zm.L....V..9
00000490 0000 0000 0000 0000 0000 0000 0000 0000 ................
"watermarktrololo"

also "SURPRIZE :D " and "IM IN UR KEYZ !!" are inserted into the keys array for encrypting self.

here some versions of scetool with the watermarking removed.
scetoolw_no_wm.exe and scetoolw_detect_no_wm.exe
scetoolw "w" == compiled for windows os
"no_wm" ==no watermark
"detect" the version in post above that saves a log file of the command used to invoke scetool
someone else can pick a better name for exe
tested only with a couple of eboots, encryption and decryption both.
 

Attachments

  • no_watermark.zip
    204.4 KB · Views: 13

Rip Cord

Administrator
Staff member
Developer
added option to print encryption parameters
Code:
G:\tools>scetoolw -p eboot.bin
scetool 0.2.9 <public build> (C) 2011-2013 by naehrwert
NP local license handling (C) 2012 by flatz
 
Encryption Parameters for eboot.bin.
Key Revision 0010
Auth-ID      1010000001000003
Vendor-ID    01000002
SELF-Type    00000008  NPDRM
APP Version  0001000000000000
FW Version  0003600000000
Control Flags    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Capability Flags 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                00 00 00 00 00 00 00 3B 00 00 00 01 00 00 20 00
when using an eboot.bin as a template to encrypt an elf but want to change one of the parameters. it's easier than looking through the regular output to find the encryption parameters.

usage:
scetoolw -p eboot.bin
or
scetoolw --print-params eboot.bin

I tested with a few eboots. If someone tests, let me know if you find any mistakes.
There's the source code. The changes are ugly, you're eyes have been warned.
 

Attachments

  • SCETOOLW_print_params.zip
    69.8 KB · Views: 10
  • params_source.zip
    123.8 KB · Views: 9

Rip Cord

Administrator
Staff member
Developer
Anyone know why scetool (official public released version by naehrwert) does not include firmware version in the control info when it's used to re-encrypt an eboot?

here's info from original game eboot:

Encryption Parameters for GOW_EBOOT.BIN:

Key Revision 0001
Auth-ID 1010000001000003
Vendor-ID 01000002
SELF-Type 00000004 APP
APP Version 0001000000000000
FW Version 0003150000000
Control Flags 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Capability Flags 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 3B 00 00 00 01 00 04 00 00

after eboot is decrypted and re-encrypted with scetool:

Encryption Parameters for GOW_EBOOT_ENCRPT.BIN:

Key Revision 0001
Auth-ID 1010000001000003
Vendor-ID 01000002
SELF-Type 00000004 APP
APP Version 0001000000000000
FW Version 0000000000000
Control Flags 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Capability Flags 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 3B 00 00 00 01 00 04 00 00
all disc boot type eboots end up with 0000 for firmware version.

here's the file information for the same eboot re-encrypted with a modded version of scetool:

Encryption Parameters for GOW_EBOOT_ENCRPT_fwfixed.BIN:

Key Revision 0001
Auth-ID 1010000001000003
Vendor-ID 01000002
SELF-Type 00000004 APP
APP Version 0001000000000000
FW Version 0003150000000
Control Flags 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Capability Flags 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 3B 00 00 00 01 00 04 00 00
Here is the modded scetool if anyone wants to test it. This mod only enables fw-version change with commandline arguments but not when using a template eboot to fill the values.
 

Attachments

  • SCETOOLW_fw.zip
    68.9 KB · Views: 13

Rip Cord

Administrator
Staff member
Developer
added another option. When using a template to re-encrypt an eboot, this allows specifying a different firmware version (in the control info) and/or key revision.

template option with official scetool:
scetool.exe -0SELF -tGOW.BIN -e GOW.ELF GOW_355_MOD.BIN

modded scetool with template options:
scetoolw_to.exe -0SELF -2000A -60003005500000000 -tGOW.BIN -e GOW.ELF GOW_355_MOD.BIN

with NPDRM eboot:
scetoolw_to.exe -0SELF -2000A -60003005500000000 -bFREE -cEXEC -fEP4321-BLES01286_00-SGWEUPATCH000001 -gEBOOT.BIN -tSWG-EBOOT.BIN -e SWG-EBOOT.ELF SWG_355_MOD.BIN

This wasn't my idea, but a feature request. Thanks for the idea. Also, I think this fixes the problem I mentioned above when using a template scetool doesn't include the firmware version in the control info.
 

Attachments

  • Template_options.zip
    70.2 KB · Views: 13

Rip Cord

Administrator
Staff member
Developer
It's easy to see the official scetool and the versions with small changes I have posted, both make some changes to the header length and the number of metadata keys.

I have compared the same eboot decrypted, then re-encrypted, then re-decrypted with both official scetool and my modded versions. The resulting elfs have been identical. Did this with a few eboots. I would appreciate a heads up if any sees any anomolies with these versions or suggestion on how to make scetool more accurate in its results.
 

Storm Shadow

Administrator
Staff member
Developer
Ida Pro Expert
Elite Cracker
Not sure if i understand , if they are identical after re encrypting, is that a problem ?
 

Rip Cord

Administrator
Staff member
Developer
Hopefully, shows that I didn't screw up scetool since the same file changes occur with official release.
 

jo3tomas

Active member
Developer
hi

could you fix encryption spu self files from games retail and npdrm

i checked all available scetool version, and all versions have problem with encryption spu self files

spu self file from retail game:
Code:
http://www38.zippyshare.com/v/48292329/file.html

regards
 

Storm Shadow

Administrator
Staff member
Developer
Ida Pro Expert
Elite Cracker
if retail sign self/sprx with free key, eg. no key

if retail update or npdrm then you bruteforce self/sprx o get devklic key /klic and sign with it
and with npdrm he must add np commands / CID with real file name.

example npdrm

Code:
scetool.exe --verbose --sce-type=SELF --np-klicensee=00000000000000000000000000000000 --compress-data=TRUE --skip-sections=FALSE --key-revision=19 --self-auth-id=1010000001000003 --self-vendor-id=01000002 --self-ctrl-flags 4000000000000000000000000000000000000000000000000000000000000002 --self-cap-flags=00000000000000000000000000000000000000000000003B0000000100002000 --self-type=NPDRM --self-fw-version=0004002000000000 --np-license-type=FREE --np-content-id=UP0006-NPUB30464_00-CRASHTRIAL0000NA --np-app-type=SPRX --self-app-version=0001000000000000 --np-real-fname=CRASH.DLL.SPRX --encrypt CRASH.DLL.SPRX.elf CRASH.DLL.SPRX

you can skip skip ctrl flags and cap flags and for retail.

Code:
scetool.exe --verbose --sce-type=SELF --compress-data=TRUE --skip-sections=FALSE --key-revision=19 --self-auth-id=1010000001000003 --self-vendor-id=01000002 --self-type=APP --self-fw-version=0004002000000000 --np-app-type=SPRX --self-app-version=0001000000000000 --np-real-fname=Game_PS3.self --encrypt Game_PS3.elf Game_PS3.self
 

jo3tomas

Active member
Developer
no difference what command i use, after encryption self is corrupted

example from file from my post above spu self - audiof.self

decryption - working fine
Code:
scetool.exe -v -d audiof.self audiof.elf

encryption your command
Code:
scetool.exe --verbose --sce-type=SELF --compress-data=FALSE --skip-sections=FALSE --key-revision=19 --self-auth-id=1010000001000003 --self-vendor-id=01000002 --self-type=APP --self-fw-version=0004002000000000 --np-app-type=SPRX --self-app-version=0001000000000000 --np-real-fname=audiof.self --encrypt audiof.elf audiof.self

i use this command earlier
Code:
 scetool.exe --sce-type=SELF --compress-data=TRUE --skip-sections=FALSE --key-revision=0004 --self-auth-id=1010000001000003 --self-vendor-id=01000002 --self-type=APP --self-app-version=0001000000000000 --self-fw-version=0003004000000000 --encrypt audiof.elf audiof.self

encrypted self is always corrupted - only 640 bytes, i tried without compression and other setting but still no result self is corrupted. i tried other spu self from far cry classic npdrm - same result, i tested earlier 6 or 7 but i can't fix properly all these files

regards
 

Storm Shadow

Administrator
Staff member
Developer
Ida Pro Expert
Elite Cracker
C:\Users\Administrator\ps3tools\ps3tools\tools\scetool>SCETOOLW_to2.exe --verbos
e --sce-type=SELF --np-klicensee=00000000000000000000000000000000 --compress-dat
a=TRUE --skip-sections=FALSE --key-revision=19 --self-auth-id=1010000001000003 -
-self-vendor-id=01000002 --self-ctrl-flags 4000000000000000000000000000000000000
000000000000000000000000002 --self-cap-flags=00000000000000000000000000000000000
000000000003B0000000100002000 --self-type=NPDRM --self-fw-version=00040020000000
00 --np-license-type=FREE --np-content-id=UP0006-NPUB30464_00-CRASHTRIAL0000NA -
-np-app-type=SPRX --self-app-version=0001000000000000 --np-real-fname=CRASH.DLL.
SPRX --encrypt audiof.elf audiof1.self

results in a 748 kb file
use the sceetool That Rip Cord made

resign file below

remember i used a different SKU ID
 

Attachments

  • audiof1.rar
    705 bytes · Views: 4

jo3tomas

Active member
Developer
check your file again, it's corrupted and have only 768 bytes

original scetool or Rip Cord scetool, no difference, i can encrypt and decrypt without error but still elf is corrupted

original elf size (audiof.elf) - 76,7 KB (bytes: 78 556)

encryption - no errors
Code:
[*] SELF built.
[*] Data compressed.
[*] Data encrypted.
[*] audiof.self written.

decryption - no errors
Code:
[*] Loaded keysets.
[*] Loaded loader curves.
[*] Loaded vsh curves.
[*] Using keyset [appldr 0x0004 03.42]
[*] Header decrypted.
[*] Data decrypted.
[*] ELF written to audiof.elf.

elf file size after encryption - 148 bytes (bytes: 148)

tool only crash when i try get info

you can compare files yourself, i upload both elf, before and after encryption
Code:
http://www13.zippyshare.com/v/2867603/file.html

regards
 

Rip Cord

Administrator
Staff member
Developer
here is the self made with makeself. It is about the right size, but I seriously doubt that it will work. This tool doesn't make selfs properly either. If you look at the self, it looks like part fself, part self.

this is the command:
makeself app 341 1.00.0 01000002 1010000001000003 0004 audiof.elf audiof_1.self

also tried with a couple other tools including self_rebuilder, but it has the same problems as makeself.
 

Attachments

  • audiof_1.zip
    75.7 KB · Views: 4
Top