You may download my complete setup here to run these tests yourself; it is currently for firmware 1.76 only. If you are on an older firmware and wish to update to 1.76, you may download the 1.76 PUP file and update via USB.

Of course, it would be incredibily time consuming to look at every possible way of interpreting code before every single ret instruction manually; and that's why tools exist to do this for you. The one which I use to search for ROP gadgets is rp++; to generate a text file filled with gadgets, just use:

how to crack a sprx file

DOWNLOAD: https://tweeat.com/2vG50u

Although the PS4 predominantly uses the [Signed] PPU Relocatable Executable ([S]PRX) format for modules, some string references to [Signed] Executable and Linking Format ([S]ELF) object files can also be found in the libSceSysmodule.sprx dump, such as bdj.elf, web_core.elf and orbis-jsc-compiler.self. This combination of modules and objects is similar to what is used in the PSP and PS3.

You can view a complete list of all modules available (not just those loaded by the browser) in libSceSysmodule.sprx. We can load and dump some of these through several of Sony's custom system calls, which will be explained later in this article.

Although most system calls will return 0 on success, due to the nature of the return value increasing after each time it is called, it seems like it is allocating a resource number, such as a file descriptor.

We now have a few possibilities for what this system call is doing, the most obvious being something related to the filesystem (such as a custom mkdir or open), but this doesn't seem particularly likely seeing as a resource was allocated even before we wrote any data to the pointer.

Unfortunately, due to sandboxing we don't have complete access to the file system. Trying to read files and directories that do exist but are restricted will give you error 2, ENOENT, "No such file or directory".

For HAN: Create a folder named ASSASSIN_ISO inside USRDIR folder. PKG makers may skip the ASSASSIN_ISO folder and not include it in the PKG since it's empty, to avoid this, make a dummy file inside it (in my case I named it delete_me.txt)

For HAN: Use PS3GameConvert_v0.91.For injection: use the same method of MW3:1. Before converting, move the original files of "PS3_GAME\USRDIR" (except EBOOT.BIN, default.self, and default_mp.self) to a temp folder outside the PS3_GAME folder.2. Convert the game using CFW2OFW v1.13 ("PS3_GAME\USRDIR" only containing EBOOT.BIN, default.self, and default_mp.self files).3. After the convertion, move the original files (the temp folder) to the converted folder "BLUS30377\USRDIR".4. Inject the converted files (BLUS30377 & NPUB30377) in backup using PS3Xport Tool v1.1.

STEPS:1. Copy all Disc files, except EBOOT.BIN, default.self, and default_mp.self from "/USRDIR/*" to update folder "BLES00683/USRDIR/*".2. Delete all converted files from "NPEB00683/USRDIR/*" except EBOOT.BIN from update.3. Copy default.self and default_mp.self from Disc to "NPEB00683/USRDIR/".NOTE: The game does not need be converted if you manually copied the needed files from PS3_GAME folder, excluding USRDIR.

STEPS:1. Copy all Disc files, except EBOOT.BIN, default.self, and default_mp.self from "/USRDIR/*" to update folder "BLES00687/USRDIR/*".2. Delete all converted files from "NPEB00687/USRDIR/*" except EBOOT.BIN from update.3. Copy default.self and default_mp.self from Disc to "NPEB00687/USRDIR/".NOTE: The game does not need be converted if you manually copied the needed files from PS3_GAME folder, excluding USRDIR.

If you get black screen and console freeze during game startup on HEN/HAN try this method:1. Before converting, move the original files of "PS3_GAME\USRDIR" (except EBOOT.BIN, default.self, and default_mp.self) to a temp folder outside the PS3_GAME folder.2. Convert the game using CFW2OFW v1.13 ("PS3_GAME\USRDIR" should contain EBOOT.BIN, default.self, and default_mp.self files only).3. After the conversion, move the original files (the ones inside the temp folder you made in step 1) to the converted folder "BLES00687\USRDIR". (resulting NPEB00687 folder should be small, around 19-20MB in size and BLES00684 should be around 7.15GB)4. Make the packages with Make-Backup-PKG, game package will be small (19-20MB) while patch will be the biggest one (7.15GB)

1. Move all Disc files (original files before converting) from USRDIR except EBOOT.BIN, default.self, and default_mp.self to update folder BLXXYYYYY/USRDIR/*2. then convert your game (USRDIR only contain EBOOT.BIN, default.self, and default_mp.self files)

For CFW2OFW on HAN you've got to do:1. From your original folder BLUS30838 you've to go to USRDIR and move all files execpt EBOOT.BIN, default.self, and default_mp.self to a temp folder ouside of BLUS folder, name it whatever you like, so just have in USRDIR the EBOOT.BIN, default.self, and default_mp.self files.2. Use the CFW2OFW helper v11 as usual with the PS3_GAME folder, so at the end you have 2 folders BLUS and NPUB.3. Now from the backup temp folder created in step 1, move all files to de USRDIR in the new BLUS folder that was created after CFW2OFW helper.4.-Copy from that new USRDIR the EBOOT.BIN, default.self, and default_mp.self files, that are now the updated versions, to the USRDIR inside of NPUB, so so overwrite the ones in there.5.-Proced to make de pkg files with makepkg and install as usual, at the end of all you've got GAME.pkg size like 19mb, PATCH size 8.10gb and the LIC.pkg

1. Rename PS3_Game folder to "NPUB30970"2. Decrypt EBOOT.BIN, DBZ1.BIN and DBZ3.BIN with scetool3. Open EBOOT.ELF with Hex, set it on 16 bit offset and find /dev_bdvd/PS3_GAME/USRDIR, then replace hex values [2F 64 65 76 5F 62 64 76 64 2F 50 53 33 5F 47 41 4D 45 2F 55 53 52 44 49 52 2F 4C 41 55 4E 43 48 00 00 00 00 00 00 00 00 2F 43 41 43 48 45 2E 4C 53 54] with [2F 64 65 76 5F 68 64 64 30 2F 67 61 6D 65 2F 4E 50 55 42 33 30 39 37 30 2F 55 53 52 44 49 52 2F 4C 41 55 4E 43 48 00 00 2F 43 41 43 48 45 2E 4C 53 54] and save4. Open DBZ1.ELF with Hex, set it on 16 bit offset and find /dev_bdvd/PS3_GAME/USRDIR, then replace hex values [2F 64 65 76 5F 62 64 76 64 2F 50 53 33 5F 47 41 4D 45 2F 55 53 52 44 49 52 2F 44 42 5A 31 00 00 2F 55 53 52 2F 43 41 43 48 45 2E 4C 53 54 00 00 49 6E 69 74 69 61 6C 69 7A 65 20 54 68 72 65 61 64 00 00 00 41 50 20 42 47 20 44 52 41 57 00 00 00 00 00 00 41 50 20 42 47 20 54 52 41 4E 53 20 44 52 41 57 00 00] with [2F 64 65 76 5F 68 64 64 30 2F 67 61 6D 65 2F 4E 50 55 42 33 30 39 37 30 2F 55 53 52 44 49 52 2F 44 42 5A 31 00 00 2F 55 53 52 2F 43 41 43 48 45 2E 4C 53 54 00 00 49 6E 69 74 69 61 6C 69 7A 65 20 54 68 72 65 61 64 00 00 00 41 50 20 42 47 20 44 52 41 57 00 00 41 50 20 42 47 20 54 52 41 4E 53 20 44 52 41 57] and save5. Open DBZ3.ELF with Hex, set it on 16 bit offset and find /dev_bdvd/PS3_GAME/USRDIR, then replace hex values [2F 64 65 76 5F 62 64 76 64 2F 50 53 33 5F 47 41 4D 45 2F 55 53 52 44 49 52 2F 44 42 5A 33 00 00 2F 43 41 43 48 45 2E 4C 53 54 00 00 00 00 00 00 0A 00] with [2F 64 65 76 5F 68 64 64 30 2F 67 61 6D 65 2F 4E 50 55 42 33 30 39 37 30 2F 55 53 52 44 49 52 2F 44 42 5A 33 00 00 2F 43 41 43 48 45 2E 4C 53 54 00 0A] and save6. Move the modified files to scetool folder, open CMD and typeFor EBOOT.ELF:scetool.exe --verbose --sce-type=SELF --compress-data=FALSE --skip-sections=FALSE --key-revision=04 --self-auth-id=1010000001000003 --self-vendor-id=01000002 --self-type=NPDRM --self-app-version=0001000000000000 --self-fw-version=0003004000000000 --self-add-shdrs=TRUE --np-license-type FREE --self-ctrl-flags=0000000000000000000000000000000000000000000000000000000000000000 --self-cap-flags=00000000000000000000000000000000000000000000003B0000000100040000 --np-app-type=EXEC --np-content-id=UP0105-NPUB30970_00-DRAGONBALLBUDHDC --np-klicensee=72F990788F9CFF745725F08E4C128387 --np-real-fname=EBOOT.BIN --np-add-sig=FALSE --encrypt EBOOT.ELF EBOOT.BINFor DBZ1.ELF and DBZ3.ELF (you must rename them to EBOOT.BIN and rename them to their original names after the conversion):scetool.exe --verbose --sce-type=SELF --skip-sections=FALSE --self-add-shdrs=TRUE --compress-data=FALSE --key-revision=04 --self-app-version=0001000000000000 --self-auth-id=1010000001000003 --self-vendor-id=01000002 --self-ctrl-flags=0000000000000000000000000000000000000000000000000000000000000000 --self-cap-flags=00000000000000000000000000000000000000000000003B0000000100040000 --self-type=APP --self-fw-version=0003004000000000 --encrypt EBOOT.ELF EBOOT.BIN7. Copy the new .BIN files into NPUB30970 folder8. Edit PARAM.SFO and change Category from DG (Disc Game) to HG (Harddrive Game) then save9. Pack into PKG with any PKG converter as long as it doesn't resign the eboot into 4.XXSo far the game works perfectly.

1. In PS3_GAME folder of ISO, delete the LICDIR folder, 2. Generate a new LIC.DAT for it using KDW LIC.DAT OFFLINE GENV.1.0, 3. Combine files in the SHADOW folder (within USRDIR) with hjsplit. 4. Convert PS3_GAME with new LIC.DAT using PS3GameConvert_v0.91

Download the demo (NPEB90114) and take only the EBOOT.BIN and SPUJOBS.SPRX files from it, place them in the NPEB00052 folder and rename the folder to NPEB90114, and change the PARAM.SFO to NPEB90114. NOTE: That method sounds like unlocking NPEB00052 (PSN Full Game) to play for free. Click to 'Talk' about this method.

For DTU/Inject: Game conversion not required: 1. Extract the folder PS3_GAME and rename it into BCES00129GAME, 2. Download the 1.03 update patch BCES00129 then unpack it, 3. In the folder BCES00129GAME, copy all the files from the patch except param.sfo (ie param.sfo in BCES00129GAME must remain native to the disk), 4. In the folder BCES00129GAME, edit param.sfo. Change Category DG (Disc Game) to HG (HardDrive Game) then game version number to the same version of the patch. 5. Fold BCES00129GAME and BCES00129 to the console. You're playing. All is simple 2ff7e9595c