Following up on the PS3 LV1, LV2, NAND / NOR Flash & eEID Dumper and PS3 XMB eEIDx Dumper Tool, this weekend https://twitter.com/flat_z released a PS3 eEID RKDumper PKG which allows users to dump their eid_root_key from PlayStation 3 3.55 GameOS in seconds without OtherOS.
Download: PS3 eEID_RKDumper.pkg / http://www.ps3devwiki.com/files/devtools/Cex2Dex/eEID_RKDumper/eEID_RKDumper.pkg (Mirror) / PS3 eEID_RKDumper.pkg Signed for 4.31 / PS3 eEID_Dumper.pkg Signed for 4.31 by jarmster (eid4, not eid4d.bin)
To quote: eEID_RKDumper (from GameOS) by flatz
- Install package and run it
- It will then black screen (no GUI) and restart the console automatically
- FTP (other otherwise) retrieve your eid_root_key / PCK1 from /dev_hdd0/tmp/eid_root_key
- Install eEID_RKDumper.pkg
- Unplug all USB devices
- Run eEID_RKDumper from XMB
- It will show a black screen (no GUI) for 10-15 seconds, then 3 beeps and restart the console automatically
- FTP (other otherwise) retrieve your eid_root_key / PCK1 from /dev_hdd0/tmp/eid_root_key (48 bytes)
CRC-32 (Ethernet and PKZIP): BFD3BD8A
SHA-256: 29C2DB61D8BA28E427BE2464E2B45365F2C6861B96D0C8B8EF 2E45CD4BF84D39
SHA-384: F8765BBABAE0FEE2EEEF6C807E0E6881ECFB10609536C6923E 570974C606B48DCCBB3FE62D83735266310A4B6C6D7C63
SHA-512: A2F84F53921AE28B3886FB779BC5F007C36903E6216222B6BC FDDC9C7ECCFB39E74881CDBBA45C01E11AB4187708E6620FA2 07446141411EA5AABC18AE490F30
Before starting the eEID_RKDumper from XMB, remove ALL your USB devices. Otherwise, it will freeze in a black screen and you will have to unplug the power cord from the PS3 (or turn it off using the power switch in back of the PS3 phat).
PlayStation 3 developer aldostools compared the eid_root_key (48 bytes) with the first 48 bytes of his dump_eid0.bin (obtained via linux & metldrpwn), and they are the same.
From haz367: The eEID dumper works perfect, could not get eid_root_key working on 4.21 with "dispath settings" ticked in Rebug's Toolbox(runs boot hangs after loading with the symbol on the right upper corner" = hard rest, anyone knows correct settings for eid_root_key dumper... no required here but for anyone wanted to test... let me be the noob here asking some stuff
eid4 is the bd drive part (offset 303A0 > 303CF) the 3k3y_keydumper dumps the "eid4+root_key" as "3Dump.bin" = Disc key = eid4+root_key
when using the manual way using zecoxao's tool we get an "eid3" error because of missing sha etc..correct?! on the provided 5KB "eid" then end up with "eid4&eid4d.bin" > eid4 identical as "3k3y dumper+added root_key" = Disc key?
so anyone can skip all this ^ if u have the root_key and a dump of the flash? add the "eid4+root_key" in 1 file = disc key?
EID4 0x0303A0 0x0303CF 0x30 (48 bytes)
updating the linux atm.. gonna waste some time on the wiki later on.. let's how long my patience lasts.
1st key, 0x10-0x1f - 2nd key, 0x20-0x2f
first 16 bytes is nothing?
offset 10>1f = for encrypting data key1
offset 20 - 2f = for decrypting data key2
rest = rootkey
Finally, zecoxao who has created a PS3 HDD / eEID decryption repository stating the following:
You only need the eEID and the eid_root_key. entire flash is not needed. and i don't have the slightest idea why the heck they made a pkg that only dumps eid4 (someone talked about hash comparison and they said eid4 from the program and the dump from the pkg match in comparison)
The first key is used for encrypting data sent from host to BD drive. The second key is used for decrypting data sent from BD drive to host. Two keys infact (via ps3devwiki.com/wiki/BD_Drive_Reverse_Engineering#Information_about_EID 4)
Basically, the first 16 bytes contain a key, the second 16 contain another, and the last 16 are the hash check from OMAC1. you get that by "digesting" the two keys. that's a hash function.
0x0-0xf bytes = 1st key, 0x10-0x1f - 2nd key
So, I decided to create a ps3 hdd/eEID decryption repository, just for the gist of it. Bear in mind that the code is adapted from naehrwert’s code, so it’s not 100% my code, but i did modify some things and made it so that it’d be more user-friendly. for now, it only runs on linux, and people who want to use it on windows or mac have to adapt the code (the cygwin zip i have also works for windows, but i want to improve it a bit)
Here's my repository: github.com/zecoxao/ps3_decrypt_tools
That should work on linux if you have build-essential, openssl, and libpolarssl-dev installed. just read the readme, and you're good to go. Note: gitorious didn't seem to work for me, so i decided for github instead.
More PlayStation 3 News...