PS3 Oct0xor's Project "OpenCobra" Payload

Quote (Oct0xor):
First I am going to say that this is not going to be an article, just a first blog post and some info about my recent project.

Finally I got my hands on cobra :) it was quite a lot of time since I touched this last time. There was s good things happened since then eg. I reverse engineered usercheat and true blue, had done alot ps3 and not ps3 related hacking. There was a bad things eg. BlueDiskCFW, lv0 leak, alot of devs leave the scene...

Cobra was for me really "the last" thing I have to do.

The last time when I worked on this I didnt had a dongle, and all what I had was a dump by JaiCraB. I reverse engineered it as much as possible, figure out almost all tricks, encrypton and etc. And figuare out that it reads alot of data from dongle, and I cant do much without dongle itself. Thats why I put this project to the back burner.

Well... I had never buyed anyone dongle, and I never was not going to. All my dongles was donated ( thanks again :) ) but not that time.

it was hard for me to make this decision but a few days ago cobra finally shipped to me...

3 days and now its all over. :D

Security is good enough, but not without big security risks. But it still the best crypto/obfuscation what I had seen on ps3. Sony have something to learn from this guys, especially now.

Cobra / True Blue almost identical, have the same source code, if you ever hacked 1 thing, 2nd wouldnt be a problem. The main functionality, honestly, not changed since original jb. Thats a shame. Thats why I cracking them like nuts :D

On the fourth day I taked a decision to make my own "OpenCobra" payload. only clean code without drm and garbage, to be able to port it to any new firmware, and change/add features. It taked 2 days, 3000 lines of asm, and you had seen the result.

Atm it based on 4.1 payload, plans for future is check/add new features from 4.4/5.0. Port to a new firmware (if cobra will not do this for me), and realize all nice innovations from new version of psp emu, such as better emu accuracy, 3D and etc...

In video you had seen Payload Loader. Thats the all code it has:

install_payload("OpenCobra_41.bin", PAYLOAD_OFFSET); // no comments
// install hooks
void sc8_0x9001(const char *path, const char *id) {
lv2syscall8(8, 0x9001, (u64)path, (u64)id, 0, 0, 0, 0, 0);
void sc8_0x9002(u8 flag1, u8 flag2, u8 flag3, u8 flag4) {
lv2syscall8(8, 0x9002, flag1, flag2, flag3, flag4, 0, 0, 0); // flag1 - eboot.bin encrypted/decrypted, flag2, flag3, flag4 - not real flags, its a tag related patch.
const char *path = "/dev_usb000/PSPISO/CRISIS CORE -FINAL FANTASY VII-.iso";
const char *id = "ULUS-10336";
sc8_0x9001(path, id);
sc8_0x9002(0, 0, 0, 0);

This tag related patches handled by mngr. So far I want to move it in payload. First I have to check how it handled in 4.4 / 5.0

Not sure yet when it will be released, if it will be, but we will see.

7174e18ad8c87a31.... 3.0
2005d05b1ac8a331.... 4.0
3902a14001cd4836.... 4.4
fd905abf25cdc236.... 5.0

3CFE6288B199F90A.... 3.0
5824D034A3CEED3A.... 4.0
8FA23E557693D4FE.... 4.1

If this subject will be interested for people, maybe I will write a full article about True Blue / Cobra analysis and hacking.

btw: Me and ~ some psp mysterious dark figure ~ reverse engineered algo for generating valid psp isos back to jule. But saves and alot of games dont work without patching. So cobra's patched emu much better there imho.

Subscribe for Latest News