Hacking (Question) Decrypting eboot.bin

[MDashK]

This may be a stupid question, in a way that maybe someone already tried it evidently, but:

Has anyone already tried to decrypt the eboot.bin of games following these hypothesis:

1) Copy the eboot.bin file inside any folder of the game, putting it along with game files
(Since the decryption method we use decrypts all the game files, maybe it decrypts the BIN if it's in another location that's not "running", different from the console would expect it).

or

2) I know there's some list that the console uses to know all the files related to that game?
Following the above procedure, and also adding the new BIN file location to that list. Maybe the console will grab the BIN file, thinking it's a simple game file (instead of the EXE BIN of the game) and decrypt it?


Of course, these 2 are just speculations, and the purpose of this thread is to know if someone has already tried these methods. I would try them myself, but if anyone already did, that would be wasting my time, so...

 

[Cinnamon]

Nope, tried it already. The EBOOT copied over never gets executed, meaning it won't get decrypted to run it. Also, what we bypass is the pfs decryption, the EBOOTs have several other security layers.

 

[phant0mg33k]

This may be a stupid question, in a way that maybe someone already tried it evidently, but:

Has anyone already tried to decrypt the eboot.bin of games following these hypothesis:

1) Copy the eboot.bin file inside any folder of the game, putting it along with game files
(Since the decryption method we use decrypts all the game files, maybe it decrypts the BIN if it's in another location that's not "running", different from the console would expect it).

or

2) I know there's some list that the console uses to know all the files related to that game?
Following the above procedure, and also adding the new BIN file location to that list. Maybe the console will grab the BIN file, thinking it's a simple game file (instead of the EXE BIN of the game) and decrypt it?


Of course, these 2 are just speculations, and the purpose of this thread is to know if someone has already tried these methods. I would try them myself, but if anyone already did, that would be wasting my time, so...

I'm mobile so posing a link would be nightmareish, buuuut the old bubble method used a eboot signing method using sign np expert, that was only for psp titles. Wich we really have issues with. There is a version of welcome park decrpted as well floating around and I think we could sign a eboot using it. I have yet to test this but it is how the Twitter guy basically got ARK to work

 

[senas8]

I'm mobile so posing a link would be nightmareish, buuuut the old bubble method used a eboot signing method using sign np expert, that was only for psp titles. Wich we really have issues with. There is a version of welcome park decrpted as well floating around and I think we could sign a eboot using it. I have yet to test this but it is how the Twitter guy basically got ARK to work

WOW.. this was public knowledge and we don't have a threat about this? looks promising if true.

 

[tuxdude143]

I'm mobile so posing a link would be nightmareish, buuuut the old bubble method used a eboot signing method using sign np expert, that was only for psp titles. Wich we really have issues with. There is a version of welcome park decrpted as well floating around and I think we could sign a eboot using it. I have yet to test this but it is how the Twitter guy basically got ARK to work

Except that twitter guy obviously didn't get ark to work as that tweet doesn't exist anymore and all that.

 

[Cinnamon]

He was just replacing eboot location for apps from app.db with new ones redirecting them to homebrew instead.

 

[doctorgoat]

https://twitter.com/Josh_Axey/status/765386296873201664

This is the closest thing we can do to decrypting eboots right now.