Sponsored Links

Sponsored Links

Page 1 of 15 12311 ... LastLast
Results 1 to 10 of 141



  1. #1
    Forum Moderator PS3 News's Avatar
    Sponsored Links

    PS3 CEX to DEX Kit (Retail to Debug) Surfaces, Requires IDPS

    Sponsored Links
    A few weeks back we saw a video on Booting Debug on a Retail PS3 Unit via Rebug PS3 CFW, and today zeryos has made available a PS3 CEX to DEX Converter Kit (Retail to Debug) which currently requires IDPS (PlayStation ID via Sony's server in the format of request_idps.txt) by PlayStation 3 hacker "You know who" in order to fully convert a Retail PS3 console to a Debug / Test unit.

    Download: [Register or Login to view links] (pass: ps3scene) / [Register or Login to view links] (Mirror) / [Register or Login to view links] (Mirror #2)

    For those interested in the background of this PS3 CEX to DEX method, some leaked IRC logs appear to reveal that initially [Register or Login to view links] gave it to [Register or Login to view links] without [Register or Login to view links] from Sony PlayStation 3 hacker [Register or Login to view links].

    To quote from a (now removed) Tweet of [Register or Login to view links]: "BTW Mathieulh I know you gave durandal that CEX-DEX ZIP, that it wasn't you that bundled that up, and you were not supposed to do so either"

    Now that the PS3 CEX to DEX Kit has surfaced, other developers can begin to examine it and determine how to generate the required request_idps.txt file without access to Sony servers.

    Finally, according to the IRC chat logs an updated method already exists, so only time will tell if that too will surface before the IDPS issue is sorted out by PlayStation 3 developers.

    DEX to CEX Converter By "You know who"

    **WARNING** IF THIS TUTOTIAL ISN'T FOLLOWED TO THE LETTER YOU MAY BRICK, THE AUTHOR (THAT WOULD BE ME) DENIES ALL KINDS OF RESPONSABILITY SHOULD YOUR PS3 GET DAMAGED IN ANY WAYS. YOU KNOW THE RISKS **WARNING**

    Requirements:

    1. A playstation 3 on firmware 3.55 or below
    2. A dongle to go to Service mode
    3. A usb pendrive
    4. A brain
    5. The author of this little trick.
    6. Have your pc connected directly to the ps3 on ethernet with the ip set to 192.168.0.100 and the hostmask to 255.255.255.0 (make sure no firewall is running, not even windows one, this may prevent your console from connecting to the pc)

    Procedure:

    ** PART 1 **

    1. Set your console into service mode with any compatible dongle.

    2. Put the content of the converter-console folder at the root of your usb pendrive.

    3. Extract ObjectiveSuites-GetData on your PC.

    4. Put the usb pendrive on the last usb port on the right of your console.

    5. Run ObjectiveSuites.exe from ObjectiveSuites-GetData

    6. You now have a few seconds to start your console, start it.

    7. Objective Suite should display "PASS" and txt files will be created in the Temp dir. Once done, power off your console.

    8. Get ALL these txt files from your temp directory and send them to the author (me) with informations about your playstation 3 model (FAT/SLIM, CECH* model)

    ** PART 2 **

    9. You should recieve from the author (Yeah me again) a file called request_idps.txt

    10. Extract ObjectiveSuites-SetIdps on your pc.

    11. Put the request_idps.txt in your temp folder (MAKE EXTRA SURE IT'S THERE OR YOU WILL BRICK)

    12. Run ObjectiveSuites.exe from the ObjectiveSuites-SetIdps directory.

    13. Start the SAME CONSOLE YOU GOT THE TXT FILES FROM (If it's another console you WILL BRICK IT).

    14. Wait until Objective suite displays "PASS" Then power off your console, at this point your console should be a Debug one.

    ** PART 3 **

    15. You will now need to do a drive initialisation in order to use the bluray drive on your console. Put your usb pendrive on your pc, delete all the files you previously put in there, Put "Lv2Diag.self" from the "set up" directory at the root of your pendrive along with PS3UPDAT.PUP (that's 3.30 debug firmware)

    16. Put the pendrive on the usb port on the most right of your console.

    17. Power on the console, The screen will be black and the green led will stay lit, wait until it blinks and the console powers off, once it does the firmware will be installed.

    18. Put the pendrive back on pc, delete the files you put in there previously, and copy the content of the "drivefix" folder to the root of the pendrive.

    19. Put the pendrive at the usb port most on the right of your console and power it on.

    20. The drive initialisation will then occur, wait a couple of seconds, then power off the console (you may have to unplug it from the AC)

    21. Put the pendrive back onto the pc, delete the files you previously put in there, then copy the Lv2diag.self from the "finalize" folder.

    22. Put the pendrive on the usb port on the most right of your console. Power it on. Your console will power on for a few seconds then power off.

    CONGRATULATIONS YOU HAVE NOW COMPLETED ALL THE STEPS AND YOUR CONSOLE IS A FULLY FUNCTIONAL DEBUG BOX. YOU NOW JUST NEED TO POWER IT ON AND COMPLETE THE USUAL FIRST TIME SETUP PROCEDURE.

    Also today from Sony PlayStation 3 hacker Mathieulh via IRC and Twitter and Snowydew via gitbrew:

    [Mathieulh] basically this allows you to 1. dump cisd from nor
    [Mathieulh] 2. write an eid to the nor
    [Mathieulh] so basically the actual hack
    [Mathieulh] which is generating the eid to be written to the nor
    [Mathieulh] isn't part of this useless leak
    [Mathieulh] cirotheb5 it's already done without sony's servers
    [Mathieulh] do you think they don't have an auth, filtering and whatnot going on there ?
    [Mathieulh] cirotheb5 *hint* Dump your console's eid root key *hint*
    [Mathieulh] seriously...
    [Mathieulh] oh ! and you can do whatever that leak does using progskeet or otheros++
    [Mathieulh] just saying
    [Mathieulh] it's just a matter of using the dd command

    [Register or Login to view code]

    • No, you need to use hardware.
    • nothing is known, all that does is to write an eid to the nor, like that wasn't known...
    • you don't even have eid keys in this leak. All you have is some tool that writes a whole made eid to the nor....
    • It is useless unless you can generate your own eid. Good luck with that....
    • Basically the actual hack, which is, generating the eid, isn't present in this, I'll let you wonder if it exists or not.
    • Sure, dump your eid, convert to ascii and rename it. Here you go.....
    • very much so, this does nothing more than a nand programmer could do.
    • this is more likely the useless method, as in this zip is useless to begin with.
    • Our two exploits got leaked to other devs. They can either bring them to light or actually use them. We're no longer doing them. (twitter.com/#!/gitbrew/status/108732677380775936)
    • Welp, gitbrews 2 exploits are now in the wild. Have fun with them, since we're not even going to bother. (twitter.com/#!/Snowydew/status/108277307315191808)
    • They're out there now, unsure if they're being worked on. Don't really care either at this point. (twitter.com/#!/Snowydew/status/108345360300261376)

    Here is how to obtain your PS3 IDPS from RikuKH3 as detailed below:

    That's how you can easily get your console IDPS:

    1) Dump your NOR from GameOS using [Register or Login to view links]
    2) Open it in hex editor and search for IDPS using this example: ps3devwiki.com/index.php?title=IDPS

    IDPS

    The IDPS is a 16 byte value that contains console specific information. Exactly what information this stores is not completely known.

    Structure

    [Register or Login to view code]

    6th byte represents your Target ID

    8th byte represents your Motherboard_Revisions // possible sku model
    • 0x1 = CECHA (60GB Full PS2) - COK-001 + Memcard Daughterboard
    • 0x2 = CECHB (20GB Full PS2) - COK-001
    • 0x3 = CECHC (60GB Partial PS2) - COK-002 + Memcard Daughterboard
    • 0x4 = CECHE (80GB Partial PS2) - COK-002W + Memcard Daughterboard
    • 0x5 = CECHG (40GB No PS2) - SEM-001
    • 0x6 = CECHH (40GB No PS2) - DIA-001
    • 0x7 = CECHJ / CECHK (40GB/80GB No PS2) - DIA-002
    • 0x8 = CECHL / CECHM / CECHP / CECHQ (80GB/160GB No PS2) - VER-001
    • 0x9 = CECH20A / CECH20B (120GB/250GB Slim) - DYN-001
    • 0xA = CECH21A / CECH21B (120GB/250GB Slim) - SUR-001
    • 0xB = CECH25A / CECH25B (160GB/320GB Slim) - JTP-001/JSD-001

    The IDPS can be found in EID0 and EID5. Just search for first 8 bytes. For example: 00 00 00 01 00 84 00 09, where '84' is USA target ID and '09' is CECH20A slim motherboard revision). It's 16 bytes long and you find it twice. Here's example of my IDPS (below).

    Also, I compiled unself2, but it throws error when I try decrypt game update eboot: 'Error decrypting metadata: No such file or directory'. But I don't have act.dat from my ps3, maybe this is issue.

    Note from mallory: The IDPS file must be a raw binary file like all of the other key files. One way of creating it would be by typing your IDPS into a hex editor. Careful about posting your IDPS: Sony likely remembers who has what IDPS.

    For those unaware the latest multiMAN shows the PS3 console's IDPS under Information, and below is a brief guide on Changing Your PS3's IDPS via psx-updates.blogspot.com/2011/08/changing-your-ps3s-idps.html:

    Changing Your PS3's IDPS

    First off you will need a NAND/NOR reader/writer. Second, you can put your PS3 into debugger mode.

    You will need a dump of your flash or be able to access and read/write it in someway.

    You will find section 0 EID0 which will look like...

    [Register or Login to view code]

    This part you will be looking at....

    [Register or Login to view code]

    Here is your IDPS, the 6th byte in there is your Target ID, which is what kind of PS3 your's is. (Retail USA, Retail U.K., e.t.c.)

    So in this code;

    [Register or Login to view code]

    The 6th byte which is 89; 89 is equal to Retail Australia/New Zeland.

    Now say you want to put your PS3 into Debugger mode; you would have to change the 89 (which by the way, is a hexadecimal) and the code for System Debugger is... A0. Now, when you change the code it will look something like this...

    [Register or Login to view code]

    Now you will just put this back into your NAND (where the flash is located), or NOR (if you are on slim). This concludes Changing your PS3's IDPS and putting it into Debugger mode.

    Finally, we have received an e-mail from anonym0us (who appears to be LuckLuka ) stating the following:

    Hello PS3 Scene, this is another anonymous leak! I would like to be called: anon0 to prevent confusion with all the other 'anonymous' members. 2 months ago, a CEX-to-DEX came out which needed the request-idps.txt

    It was all accomplished by .SIG files and ObjectiveSuites, they are encrypted files which carry out specific commands to the PS3

    We are now bringing THREE new .SIG files which can be used with 3.73 FW to carry out certain 'tasks' Figure what it can do by yourself... And samples of many files can be found there which can aid in 3.73 getting hacked... To use ObjSuites: Put PS3 in service mode, connect PS3 to PC by ethernet cable, IP Address to 192.168.0.100
    • Copy files from objcon to root of your usb drive
    • Start ObjectiveSuites, then power the PS3
    • All info necessary will be in the temp folder in objectivesuites...

    This is a part-of-the-equation of hacking the 3.73

    Some notes: I can guarantee something: There are many exploits present when ObjSuites connects to PS3, it forms a trusting bond... ObjSuites gets LV0/LV1 access. Use this with care...

    Link: os3sig.zip (removed) / Clean PS3 files: [Register or Login to view links]

    And a bonus, Here is some software: ps2_mecha_adj.zip (removed)

    From IRC:

    10:44 anonym0us – Okay
    10:44 anonym0us – let me explain
    10:44 anonym0us – ObjectiveSuites is used in combination with a jig
    10:45 anonym0us – It allows more things to be done while PS3 is in service mode
    10:45 anonym0us – something like 2 months ago
    10:45 anonym0us – There was a leak
    10:45 anonym0us – that allowed Retail->Debug
    10:45 anonym0us – but it required a person getting request_idps.txt
    10:45 anonym0us – from Sony
    10:45 anonym0us – It was accomplished by a .SIG file
    10:46 anonym0us – .SIG files carry out commands to the PS3
    10:46 anonym0us – So
    10:46 anonym0us – I got hands on 3 more .SIG files
    10:46 anonym0us – Which report all kinds of things about the PS3
    10:46 anonym0us – But, there is another thing
    10:46 anonym0us – When ObjSuites is used with the PS3 in service mode
    10:46 anonym0us – We can exploit the PS3
    10:47 anonym0us – Sony never bothered fixing bugs between the ObjSuites-PS3 connection
    10:47 anonym0us – Reason?
    10:47 anonym0us – The original ObjSuites required a membership to SCEDevNet
    10:48 anonym0us – this is cracked
    10:48 anonym0us – So
    10:48 anonym0us – yeha
    10:48 anonym0us – yeah
    10:48 anonym0us – thats pretty much it
    10:48 anonym0us – When PS3 connects to ObjSuites
    10:48 anonym0us – you get LV0/LV1 access
    10:48 anonym0us – you get LV0/LV1 access
    10:48 anonym0us – So with a bit of tinkering
    10:48 anonym0us – You can be sure that you can get the PS3 to do what you want ot
    10:48 anonym0us – to*
    10:48 anonym0us – And thats pretty much it

    From eussNL: My thoughts:
    • First: objsuites is just the old 2.43 leaked stuff + incomplete CEXDEX - meh, old news is so exciting :/
    • Second: just someone wanting his minute wall of fame
    • Third: ObjectiveSuites is not even related to decryption of files - especially 3.73

    Facts:
    • objectivesuites is used in service mode, just as downgrader and remarry
    • only os3sig\ObjectiveSuites\xml seems deviant from cexdex
    • afaik objectivesuites runs in lv2 and uses lv1 functions. that is why I don?t see the access to lv0 for it and certainly not the 3.73 part
    • there is still the matter of servicemode - afterall, we don?t have a way to enter/exit it on 3.73

    All in all: I still have much doubts about it, both because of service mode, using objectivesuit and the source/person.

    Shortly following, butnut (*********.net/forum/threads/1731-ObjectiveSuite?p=17938#post17938) converted the request_idps.txt back to hex code.

    Download: [Register or Login to view links]

    To quote: This is the request_idps.txt from the leak converted back to hex. It appears to be an eEID from a CECHC that was released in Mexico, but it is smaller than the eEID's from the two slims I looked at, so I don't yet know if it is complete or partial.

    The numerical string at the beginning of the file is the pd_label and the same string can also be found in the CONSOLE_FINALIZE.CONF file.

    PS3 CEX to DEX Kit (Retail to Debug) Surfaces, Requires IDPS

    PS3 CEX to DEX Kit (Retail to Debug) Surfaces, Requires IDPS

    PS3 CEX to DEX Kit (Retail to Debug) Surfaces, Requires IDPS

    More PlayStation 3 News...
    Attached Thumbnails<br><br> Attached Thumbnails

    anonym0us.png  

  2. #2
    Senior Member elser1's Avatar
    Sponsored Links
    Sponsored Links
    thats kool. so then you can upggrade and downgrade as you like with the new debug downgrade pup? thanks!!

  3. #3
    Toucan Sam CJPC's Avatar
    Sponsored Links
    Sponsored Links
    Well, if the IDPS stuff is somehow reversed, this means that any < 3.55 retail console could be converted into a 100% true debug. Which would, at least until now be able to use the latest available debug updates!

  4. #4
    Well, its always like that, releasing something big, without something small which is a key fact...

  5. #5
    That just... Unbelievablely cool news! Its a dream come true! PS3 scene becoming alive again!

  6. #6

    Lightbulb

    Has any of you checked anonfiles? The leaked rar was already leaked...

  7. #7
    actually, it's cool and all... but the irc is flaming and people will leave the scene cause of this leak, we think we know who L... any ways, hope people cool off and don't leave the scene cause of this... and a shameless plug. Solar 2 very, very soon.

  8. #8
    Quote Originally Posted by DAXGr View Post
    Has any of you checked anonfiles? The leaked rar was already leaked...
    I just gave it a peek there now, it appears to be the same archive just compressed differently but unpacked they both are 168 MB (177,168,689 bytes) in size.

    Here are the related links/mirrors for it from there if anyone needs them:

    [Register or Login to view links]

    [Register or Login to view links]

    [Register or Login to view links] (dex-cex.rar 2011-08-28 08:06:13)

  9. #9
    so does that mean if i had a ps3 with this on it if its finished, then upgraded to 3.70 debug i can use the debug downgrade or am i wrong?

    thanks

  10. #10
    Assuming this gets finished or the version that doesn't require IDPS surfaces then yes you could convert your Retail PS3 to a Debug and use the downgrade PUP as mentioned above.

 
Sponsored Links

Page 1 of 15 12311 ... LastLast
Advertising - Affiliates - Contact Us - PS3 Downloads - PS3 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 3 News