Hacking Turn .self binary of development version of commercial game into eboot.bin

[BeautfalHorsa]

I might have a development .self executable of a pre-release/development version of a commercial PS4 game, build with the PS4 SDK for internal testing.
I might also have a package and its passcode build on the same day/same source.
Let's say I managed to play the game by repackaging as a fake pkg, I'd still need to run the .self executable as it's from a newer build that fixes some crashes and would actually make it playable (game data did not change so it will still work).

I gave a read to this:
psxhax com flat_zs-method-to-handle-ps4-fake-pkgs-self-fself-write-up.3405
and tried the tools in here:
psxhax com unfself-convert-ps4-fself-files-back-to-elf-files-by-dimosgsxr-selfutil-by-znullptr.5891
but they didn't work (they fail to produce and eboot.bin from my self), and the information in the article just confuses me.
(I couldn't post the full links, just copy/paste on google)

How would I either run the .self binary (by linking it to the pkg data) or convert it to an eboot.bin to overwrite the pkg one?

 

[godreborn]

no idea if you can convert an elf back to eboot.bin (encrypted). that's what I'm about to find out in about five minutes.

--------------------- MERGED ---------------------------

Unofficial Bloodborne 60fps patch released to the public

 

[KiiWii]

Elf = unsigned elf.
Self = signed elf.
Fself = fake signed elf.

It should be possible.

 

[godreborn]

I don't think you can make it a self, because the header is missing entirely when you dump a game. I think it's part of the decryption process. you can see them with ps3 self files. it will start sce in hex (probably stands for sony computer entertainment). it tells you which firmware and other stuff the game is for, then it will be the elf. it's also compressed using zlib I believe, so you have to decrypt it, then zlib is 78 DA in hex. that's how you know it's compressed. the vita uses the same, so I assume the ps4 also uses it. adrenaline, for example, can be decompressed with simply zip if you look for 78 DA.

--------------------- MERGED ---------------------------

btw, you'll get a warning for that in orbis. it warns you no matter what about the elf being stripped even if it's just a dump, to gengp4, to pkg. it gave me the same warning when making the bloodborne patch. it's normal, because the header is no longer present, I think.

 

[BeautfalHorsa]

I don't see any similarity between patching Bloodborne and this case.
Bloodborne stars from an eboot.bin, the mod author says you need to unencrypt it and unself it first. I'm not sure what it means, but in my case, I have .SELF file, which probably contains other stuff than the game executable only, I think it might contains a list of libraries used by the game as well, or code debugging information, as selfs are usually way bigger than bins way bigger.

Maybe just renaming the self to eboot.bin would work? Like you did with BB, but I doubt it.
Maybe I could find a way to exctract the eboot.bin from the self, as it seems to be contained in there.
If selfs are encrypted, maybe there is a key somewhere, but I doubt they are. Why would development selfs be MORE encrypted than the final eboot.bin?

And what formats are eboon.bin in? Are they renamed elf or renamed self or what? Note than i'm not talking about a fak self, as it likely comes from the official SDK.

 

[godreborn]

the eboot.bin is a self file. it's the main executable. there's no way to just dump an encrypted eboot. look at it in hex. if it starts with ELF, it's probably fake signed.

--------------------- MERGED ---------------------------

you can unfself the eboot, then look at the information in ida. that's the only way really to make sense of it.

--------------------- MERGED ---------------------------

ida costs money last time I checked, but what a lot of devs use are hacked versions that are free.

 

[BeautfalHorsa]

the eboot.bin is a self file. it's the main executable. there's no way to just dump an encrypted eboot. look at it in hex. if it starts with ELF, it's probably fake signed.

--------------------- MERGED ---------------------------

you can unfself the eboot, then look at the information in ida. that's the only way really to make sense of it.

So if it did start with ELF, then I can just rename it eboot.bin, overwrite the original one and make a new package? Even if this executable could be like 10 times larger?

 

[godreborn]

don't know if it's an eboot.bin. there are self, and I think sprx or prx files with the ps4 that are also elf files. elf files are everywhere. you might be able to build a pkg with it. I didn't have to reencrypt bloodborne after unfselfing it. no errors, and it worked. that's why I brought it up.

--------------------- MERGED ---------------------------

if it's much larger, it may have no encryption and not be compressed. I don't really know what to do with something like that, but there's an fself maker gui with fake pkg generator. I don't know how it works though or if it will even work with that.

--------------------- MERGED ---------------------------

btw, it will probably still work without it being compressed. I know it does on the ps3 anyway. I was fiddling with ps3 flash files once, and before I knew how to compress them. the hex changes still worked. it just wasted space on the flash, that's all.

 

[BeautfalHorsa]

don't know if it's an eboot.bin

With a devkit ps4, you can make normal packages with an eboot.bin and a number of prx (which are basically dlls).
You can then re-build the whole app without rebuilding the data, and launching it remotely, the new executable (.self) is copied on the console, and that contains the updated game executable and all the updated/rebuilt libraries. Basically it will use a new executable will the per-existing data from the installed pkg. That's likely why the .self is bigger. Not because it's not compressed.

 

[godreborn]

dunno, just that sony has been using zlib since the psp days and the ps3 and vita both use it too.

 

[KiiWii]

Eboot.elf = Eboot.bin. Just rename the elf.