Post: PS3 unsigned FFs
Options
11-12-2012, 07:00 PM
#1
Strike Venom
Top Down Siad Barre
< 2C 1E 00 00 40 82 00 44 80 61 01 90 2C 03 00 01 40 82 00 38
> 60 00 00 00 60 00 00 00 60 00 00 00 60 00 00 00 60 00 00 00
(tested with 1.00 and 1.02 np)
The FF Format stayed almost the same, the only thing that changed is the Keypair & the header (but only a little bit).
To create valid FF's (you need to edit ff that are already there, for encryption you don't need any key) you could use You must login or register to view this content. with a changed PS3 pub key (located in FF32.dll).
I will NOT provide this key, if you want to find, look at Offset 0x149D34 (1.00 t6mp_ps3f.self) in IDA
Last edited by
Strike Venom ; 11-12-2012 at 07:42 PM.
The following 6 users say thank you to Strike Venom for this useful post:
The following user groaned FM|T xR3PMz for this awful post:
11-12-2012, 07:52 PM
#3
ExceptionHell
▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄ ▀▄
Good Job Venom ! But like BO1 dont mod or console ban :mad:
11-12-2012, 07:53 PM
#4
CentralModz819
Do a barrel roll!
After looking at the Code of Conduct, i don`t wanna do any mods.
11-12-2012, 08:07 PM
#5
GE90
< ^ > < ^ >
Originally posted by Strike
If you want to run unsigned FF's on BO you need to patch the following bytes:
(tested with 1.00 and 1.02 np)
The FF Format stayed almost the same, the only thing that changed is the Keypair & the header (but only a little bit).
To create valid FF's (you need to edit ff that are already there, for encryption you don't need any key) you could use You must login or register to view this content. with a changed PS3 pub key (located in FF32.dll).
I will NOT provide this key, if you want to find, look at Offset 0x149D34 (1.00 t6mp_ps3f.self) in IDA
< 2C 1E 00 00 40 82 00 44 80 61 01 90 2C 03 00 01 40 82 00 38
> 60 00 00 00 60 00 00 00 60 00 00 00 60 00 00 00 60 00 00 00
(tested with 1.00 and 1.02 np)
The FF Format stayed almost the same, the only thing that changed is the Keypair & the header (but only a little bit).
To create valid FF's (you need to edit ff that are already there, for encryption you don't need any key) you could use You must login or register to view this content. with a changed PS3 pub key (located in FF32.dll).
I will NOT provide this key, if you want to find, look at Offset 0x149D34 (1.00 t6mp_ps3f.self) in IDA
thats sick, hopefully they ban the fuck out of everyone that mod because i dont want the game ruined like mw2 and mw3
The following 2 users say thank you to GE90 for this useful post:
The following 2 users groaned at GE90 for this awful post:
11-13-2012, 12:59 AM
#6
Jakes625
Guest
Originally posted by Strike
If you want to run unsigned FF's on BO you need to patch the following bytes:
(tested with 1.00 and 1.02 np)
The FF Format stayed almost the same, the only thing that changed is the Keypair & the header (but only a little bit).
To create valid FF's (you need to edit ff that are already there, for encryption you don't need any key) you could use You must login or register to view this content. with a changed PS3 pub key (located in FF32.dll).
I will NOT provide this key, if you want to find, look at Offset 0x149D34 (1.00 t6mp_ps3f.self) in IDA
< 2C 1E 00 00 40 82 00 44 80 61 01 90 2C 03 00 01 40 82 00 38
> 60 00 00 00 60 00 00 00 60 00 00 00 60 00 00 00 60 00 00 00
(tested with 1.00 and 1.02 np)
The FF Format stayed almost the same, the only thing that changed is the Keypair & the header (but only a little bit).
To create valid FF's (you need to edit ff that are already there, for encryption you don't need any key) you could use You must login or register to view this content. with a changed PS3 pub key (located in FF32.dll).
I will NOT provide this key, if you want to find, look at Offset 0x149D34 (1.00 t6mp_ps3f.self) in IDA
You don't need to change anything in the fastfile. You need to modify the eboot for this. Also I have the encrypted zone block. It's encrypted with salsa20 and it doesn't use a public key like you mentioned. It uses a symmetric algo. so you will need to find that with a spu dump.
---------- Post added at 08:59 PM ---------- Previous post was at 06:08 PM ----------
Originally posted by GE90
thats sick, hopefully they ban the fuck out of everyone that mod because i dont want the game ruined like mw2 and mw3
Not to sound like a dick but you realize "actual" hackers & modders make the game better? Please note that I'm excluding skids, but we make the game better and use our creation to the fullest. Without us many of the things you see in Black Ops, MW3, and BO 2 would not exist. Do not be so quick to slander the misunderstood intentions of the developers.
Last edited by
Jakes625
; 11-13-2012 at 03:19 AM.
The following 6 users say thank you to Jakes625 for this useful post:
11-13-2012, 12:41 PM
#7
Strike Venom
Top Down Siad Barre
Originally posted by GAMER
You don't need to change anything in the fastfile. You need to modify the eboot for this. Also I have the encrypted zone block. It's encrypted with salsa20 and it doesn't use a public key like you mentioned. It uses a symmetric algo. so you will need to find that with a spu dump.
The fastfile has a different header, just at look at the bytes betwenn the magic (TAFF..) and the "2nd magic" (PH..), there's one int32 ( 00 00 00 00) missing. With public key I meant the key that is included with the game, the name is maybe a little bit misleading, I'm used to deal with asymmetric encryption, sorry for the inconvenience.
Originally posted by GAMER
Not to sound like a dick but you realize "actual" hackers & modders make the game better? Please note that I'm excluding skids, but we make the game better and use our creation to the fullest. Without us many of the things you see in Black Ops, MW3, and BO 2 would not exist. Do not be so quick to slander the misunderstood intentions of the developers.
^_^
The following user thanked Strike Venom for this useful post:
11-13-2012, 08:29 PM
#8
lishalzal
Keeper
What is the pub key that has to be changed in the FF32.dll file?
Originally posted by Strike
If you want to run unsigned FF's on BO you need to patch the following bytes:
(tested with 1.00 and 1.02 np)
The FF Format stayed almost the same, the only thing that changed is the Keypair & the header (but only a little bit).
To create valid FF's (you need to edit ff that are already there, for encryption you don't need any key) you could use You must login or register to view this content. with a changed PS3 pub key (located in FF32.dll).
I will NOT provide this key, if you want to find, look at Offset 0x149D34 (1.00 t6mp_ps3f.self) in IDA
< 2C 1E 00 00 40 82 00 44 80 61 01 90 2C 03 00 01 40 82 00 38
> 60 00 00 00 60 00 00 00 60 00 00 00 60 00 00 00 60 00 00 00
(tested with 1.00 and 1.02 np)
The FF Format stayed almost the same, the only thing that changed is the Keypair & the header (but only a little bit).
To create valid FF's (you need to edit ff that are already there, for encryption you don't need any key) you could use You must login or register to view this content. with a changed PS3 pub key (located in FF32.dll).
I will NOT provide this key, if you want to find, look at Offset 0x149D34 (1.00 t6mp_ps3f.self) in IDA
11-13-2012, 10:00 PM
#9
Jakes625
Guest
Originally posted by Strike
The fastfile has a different header, just at look at the bytes betwenn the magic (TAFF..) and the "2nd magic" (PH..), there's one int32 ( 00 00 00 00) missing. With public key I meant the key that is included with the game, the name is maybe a little bit misleading, I'm used to deal with asymmetric encryption, sorry for the inconvenience.
^_^
^_^
The fastfile doesn't have a different header?
ff.h_magic = stream.ReadString(
;
ff.version = stream.ReadInt32();
ff.u_magic = stream.ReadString(;
ff.unknown1 = stream.ReadInt32();
ff.fileName = stream.ReadString(0x20);
ff.rsaSig = stream.ReadBytes(0x100);
ff.enc_block = stream.ReadBytes((int)stream.Length - (int)stream.Position);
Then you can unencrypt that block of bytes by using CryptoTransform (salsa20) and transforming the block into a byte array.
Pretty easy, and I'm thinking the second magic is used for the initialization vector (although I'm not familiar with treyarch ff's [aside from W@W] )
11-13-2012, 10:24 PM
#10
Cmd-X
It's been awhile.
Originally posted by GAMER
Not to sound like a dick but you realize "actual" hackers & modders make the game better? Please note that I'm excluding skids, but we make the game better and use our creation to the fullest. Without us many of the things you see in Black Ops, MW3, and BO 2 would not exist. Do not be so quick to slander the misunderstood intentions of the developers.
That's not always the case, but I see where you're coming from, like some ideas from Black Ops 1 were based off mods in MW2.
Copyright © 2025, NextGenUpdate.
All Rights Reserved.
