Thank you I'm doing this right now.
No you can't, you must be able to use linux and 3.56+ there is no way to use it , you must downgrade first (via Flasher).
If you figure it out and it worked for you can someone write a tut for the noobs or a batch (or script for open ssl ?)
There's some little mistakes in tutorial, like:
Correct would be 0x10-0x1F EID0IV and 0x20-0x3F is EID0Key.Use AES Encrypt to Encrypt EID0 Key Seed as data with EID Root Key as Key and EID Root IV as IV. The result contains from 0x10 to 0x20 the EID0IV and contains from 0x20 to 0x40 the EID0Key
0x00-0xA7 and hash is in 0xA8-0xB7Build the CMAC (OMAC1) hash of the decrypted EID0 Section from 0x00 to 0xA8 with EID0 First Section Key as Key. The calculated hash has to be the same as the bytes in the decrypted EID0 Section from 0xA8 to 0xB8.
I did it, it works great. If you willing to try yourself, I suggest to download this flashCEX.7z/flashDEX.7z from first page and try to get the same encrypted eid0 from cex as in flashDEX.7z
To boot a game backup can we use a game .pkg like in geohot's custom firmware? And do homebrews (like file manager and FTP server) work on 3.55 DEX?
noob question: It's possible to do that with my ps3 slim ofw 4.20 ?
I think that you need to downgrade at 3.55 because you can't encrypt / decrypt on 3.60+, and you can't dump or flash the NOR without a flasher.
hi, hopefully anyone can give some feedback, tips
installed the manual ubuntu way from gitbrew guide
added the metldr from the ps3 into metldrpwn folder
transferred to root folder in ubuntu (rebug otheros - no ss patches)
it finished without a problem, and dumped couple files:Code:cd root cd metldrpwn sudo ./run.sh
debug : pastie >> http://pastie.org/4234015
does it look OK, pls anyone verify for me, or i can upload incase neededCode:PPE id (0x0000000000000001) VAS id (0x0000000000000002) lv1_construct_logical_spe (0x00000000) SPE id (0x0000000000000033) lv1_enable_logical_spe (0x00000000) lv1_set_spe_interrupt_mask(0) (0x00000000) lv1_set_spe_interrupt_mask(1) (0x00000000) lv1_set_spe_interrupt_mask(2) (0x00000000) lv1_set_spe_privilege_state_area_1_register (0x00000000) ea (0xc000000001500000) esid (0xc000000008000000) vsid (0x0000408f92c94500) lv1_get_spe_interrupt_status(0) (0x00000000) lv1_get_spe_interrupt_status(1) (0x00000000) lv1_get_spe_interrupt_status(2) (0x00000000) sleep lv1_get_spe_interrupt_status(0) (0x00000000) lv1_get_spe_interrupt_status(1) (0x00000000) lv1_get_spe_interrupt_status(2) (0x00000000) out interrupt mbox (0x0000000000000001) lv1_clear_spe_interrupt_status(2) (0x00000000) transferring EID0, ldr args and revoke list to LS waiting until MFC transfers are finished MFC transfers done out mbox (0x00000001) problem status (0x00000089) lv1_destruct_logical_spe (0x00000000)
dump 256kb (first 3 lines looks to be the eid_root_key?)
if OK, then "new file" in HxD, copy the 3 lines from dump and "paste write" into new file - save as eid_root_key.bin and move on from there?
eid0 4kb (all zero's-00)
great stuff anyhow
and thx for any help
verified.. it's correct eid_root_key .. thx to you know who you are
now the other part... any hints on this part guys... thx
is aespipe used for AES encrypt? the original guide is kinda alien like, i bet they do with a blink of an eye...., any help on the command to put in terminal like:
use AES Encrypt to Encrypt EID0 Key Seed as data with EID Root Key as Key and EID Root IV as IV
aespipe -e/ aes256 eid_section_key_seed as data? bin file? -? eid_root_key-o root_iv key
something like that right