Latest PS3 News Forum Updates

  • News
  • Posts
  • PS3 CFW
  • PS3 Files
  • PS3 Hacks
  • PS3 Help
  • PS3 Releases
  • PS3 Themes
  • PS3 Trophies
  • PS Vita Trophies
pitchapon Final Fantasy XIV: A Realm Reborn on PS3 8/27, Collector's Edition - 25m ago
pitchapon Introductions: Hello Everyone, I'm New at PS3News.com! - 27m ago
pakistanos Call Of Duty: Black Ops 2 Game Spoofer for PS3 3.55 CFW Out - 2h ago
noobtube What Are You Most Looking Forward To? - 2h ago
oVERSoLDiER PSN Games Decrypted for PS3 Custom Firmware 3.55 by DUPLEX! - 2h ago
GameDemon Latest and best CFW? - 3h ago
floaties PS3 Unbricking and Downgrading Service - 4h ago
zael91 Installing pkg files over 4gb from PS3 hdd help? - 7h ago
drdr3133 How to Check the PS3 Base Firmware Version with MinVerChk - 7h ago
Natepig Sony India Leaks Rumored PlayStation 4 / PS4 250 GB Retail Pricing - 7h ago
+ Reply to Thread
Page 4 of 4 FirstFirst ... 2 3 4
  1. 08-17-2012 #31
    pinoytechno's Avatar
    pinoytechno
    pinoytechno is offline Senior Member pinoytechno has a reputation beyond repute pinoytechno has a reputation beyond repute pinoytechno has a reputation beyond repute pinoytechno has a reputation beyond repute pinoytechno has a reputation beyond repute pinoytechno has a reputation beyond repute pinoytechno has a reputation beyond repute pinoytechno has a reputation beyond repute pinoytechno has a reputation beyond repute
    thanks for sharing this great news to us sir

    Reply With Quote Reply With Quote
  3. 08-17-2012 #32
    niwakun's Avatar
    niwakun
    niwakun is offline Senior Member niwakun has much to be proud of niwakun has much to be proud of niwakun has much to be proud of niwakun has much to be proud of niwakun has much to be proud of niwakun has much to be proud of niwakun has much to be proud of niwakun has much to be proud of niwakun has much to be proud of niwakun has much to be proud of niwakun has much to be proud of
    with these, we can use my PC to grab files from HDD? Like act.dat and rif files.

    Reply With Quote Reply With Quote
  4. 08-17-2012 #33
    Neo Cyrus's Avatar
    Neo Cyrus
    Neo Cyrus is offline Senior Member Neo Cyrus has much to be proud of Neo Cyrus has much to be proud of Neo Cyrus has much to be proud of Neo Cyrus has much to be proud of Neo Cyrus has much to be proud of Neo Cyrus has much to be proud of Neo Cyrus has much to be proud of Neo Cyrus has much to be proud of Neo Cyrus has much to be proud of Neo Cyrus has much to be proud of Neo Cyrus has much to be proud of
    It's nice to see so much progress being made recently. My hat's off to you gentlemen.

    Reply With Quote Reply With Quote
  5. 09-06-2012 #34
    Foo's Avatar
    Foo
    Foo is offline Senior Member Foo has much to be proud of Foo has much to be proud of Foo has much to be proud of Foo has much to be proud of Foo has much to be proud of Foo has much to be proud of Foo has much to be proud of Foo has much to be proud of Foo has much to be proud of Foo has much to be proud of Foo has much to be proud of

    Mounting PS3's HDD on PC via Linux

    Mounting PS3's HDD on PC via Linux by Glevand: ps3devwiki.com/wiki/Mounting_HDD_on_PC
    • The goal is to mount PS3 HDD on PC Linux and make changes to it.
    • Use device mapper for transparent encryption/decryption.
    ATA and ENCDEC keys

    Read more here: http://www.ps3news.com/ps3-hacks-jai...evand-arrives/

    Device Mapper
    • A really cool feature of Linux 2.6/3.
    • The device mapper is stackable.
    • You have to enable a couple of new kernel features like device mapper crypto, XTS crypto and so on.
    dm-bswap16
    • Swaps bytes in each 16-bit word.
    • It is necessray for HDD/VFLASH encryption/decryption.
    • Tested on Linux 3.5.3
    • GIT repo: gitorious.ps3dev.net/ps3linux/dm-bswap16
    What it should look like on a test run:
    Code:
    modprobe loop
modprobe dm_mod
modprobe dm-bswap16

dd if=/dev/zero of=test.bin bs=1K count=100

losetup /dev/loop0 ./test.bin

echo "0 200 bswap16 /dev/loop0" | dmsetup create test

ls -l /dev/mapper/test

echo "00 01 00 01 00 01" | xxd -r -p > /dev/mapper/test

# device mapper target

hexdump -C /dev/mapper/test 
00000000  00 01 00 01 00 01 00 00  00 00 00 00 00 00 00 00  |................|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00019000

# real data, as you see bytes are swapped in each 16-bit word
# device mapper allows you to do really cool things :)

hexdump -C /home/glevand/test.bin
00000000  01 00 01 00 01 00 00 00  00 00 00 00 00 00 00 00  |................|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00019000

dmsetup remove test
    On a Test with ps3da
    • Tested with Debian LiveCD and Linux 3.4.10
    • xts_aes: gitorious.ps3dev.net/ps3linux/xts_aes
    Code:
    # clear ATA and ENCDEC keys
# DO NOT DO IT WITH HDD MOUNTED !!!

ps3dm sm set_del_encdec_key 0x110
ps3dm sm set_del_encdec_key 0x111

# for now don't use ps3da device directly, dump sectors to file and bind it to loop device
# later we will use ps3da device directly when dm-bswap16 is well tested and bug free

dd if=/dev/ps3da bs=512 count=2 of=hdd_enc.bin

losetup /dev/loop1 ./hdd_enc.bin

# we have to setup device mapper bswap16 target else HDD encryption/decryption won't work properly

echo "0 2 bswap16 /dev/loop1" | dmsetup create test

# decrypt using xts_aes

cat /dev/mapper/test | ./xts_aes/xts_aes -d -k <your ATA data key> -t <your ATA tweak key> | hexdump -C
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000010  00 00 00 00 0f ac e0 ff  00 00 00 00 de ad fa ce  |................|
00000020  00 00 00 00 00 00 00 03  00 00 00 00 00 00 00 02  |................|
00000030  00 00 00 00 00 00 00 08  00 00 00 00 00 08 00 00  |................|
00000040  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 0b  |.p..............|
00000050  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000c0  00 00 00 00 00 08 00 10  00 00 00 00 03 9a 8b 2d  |...............-|
000000d0  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000000e0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000000f0  10 20 00 00 03 00 00 01  00 00 00 00 00 00 00 03  |. ..............|
00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000150  00 00 00 00 03 a2 8b 45  00 00 00 00 00 3f ff f8  |.......E.....?..|
00000160  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000170  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001e0  00 00 00 00 03 e2 8b 46  00 00 00 00 19 39 ce 0c  |.......F.....9..|
000001f0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000400
    dm-crypto
    • We don't need xts_aes application anymore.
    • Linux kernel does enctyption/decryption of data transparently for us.
    • One of the device mapper features is that it's stackable which is very useful for us.
    • VFLASH is encrypted twice. So we have to create a second DM crypto target based on the DM crypto target for HDD.
    HDD Test
    Tested on PS3 itself with Debian LiveCD and Linux kernel version 3.4.10 but you can use the same technique on a Linux PC. I was just lazy and it is easier to test on PS3.
    Code:
    # clear ATA and ENCDEC keys
# DO NOT DO IT WITH HDD MOUNTED !!!

ps3dm sm set_del_encdec_key 0x110
ps3dm sm set_del_encdec_key 0x111

# for now don't use ps3da device directly, dump sectors to file and bind it to loop device
# later we will use ps3da device directly when dm-bswap16 is well tested and bug free

dd if=/dev/ps3da bs=512 count=2 of=hdd_enc.bin

losetup /dev/loop1 ./hdd_enc.bin

# we have to setup device mapper bswap16 target else HDD encryption/decryption won't work properly

echo "0 2 bswap16 /dev/loop1" | dmsetup create test

# create key file

echo <your data key as hex string> <your tweak key as hex string> | xxd -r -p > hdd_key.bin

ls -l hdd_key.bin
-rw-r--r-- 1 root root 32 Sep  4 09:28 hdd_key.bin

# create DM crypto target
# key size is 256bit because PS3 uses XTS-AES-128 and the key is just the concatenation of the data and tweak keys.

cryptsetup create -c aes-xts-plain64 -d ./hdd_key.bin -s 256 test_crypt /dev/mapper/test

ls -l /dev/mapper/
total 0
crw------- 1 root root 10, 236 Sep  4 09:23 control
lrwxrwxrwx 1 root root       7 Sep  4 09:25 test -> ../dm-0
lrwxrwxrwx 1 root root       7 Sep  4 09:30 test_crypt -> ../dm-1

hexdump -C /dev/mapper/test_crypt
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000010  00 00 00 00 0f ac e0 ff  00 00 00 00 de ad fa ce  |................|
00000020  00 00 00 00 00 00 00 03  00 00 00 00 00 00 00 02  |................|
00000030  00 00 00 00 00 00 00 08  00 00 00 00 00 08 00 00  |................|
00000040  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 0b  |.p..............|
00000050  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000c0  00 00 00 00 00 08 00 10  00 00 00 00 03 9a 8b 2d  |...............-|
000000d0  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000000e0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000000f0  10 20 00 00 03 00 00 01  00 00 00 00 00 00 00 03  |. ..............|
00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000150  00 00 00 00 03 a2 8b 45  00 00 00 00 00 3f ff f8  |.......E.....?..|
00000160  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000170  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001e0  00 00 00 00 03 e2 8b 46  00 00 00 00 19 39 ce 0c  |.......F.....9..|
000001f0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000400

# and we don't need xts_aes tool anymore :)
# Linux does encryption/decryption for us transparently now
# now you have raw access to your encrypted PS3 HDD and you can make simple changes

# Linux device mapper is really great !!!
    VFLASH Test
    Code:
    # clear ATA and ENCDEC keys
# DO NOT DO IT WITH HDD MOUNTED !!!

ps3dm sm set_del_encdec_key 0x110
ps3dm sm set_del_encdec_key 0x111

# for now don't use ps3da device directly, dump sectors to file and bind it to loop device
# later we will use ps3da device directly when dm-bswap16 is well tested and bug free

dd if=/dev/ps3da bs=512 count=16 of=hdd_enc.bin

losetup /dev/loop1 ./hdd_enc.bin

# we have to setup device mapper bswap16 target else HDD encryption/decryption won't work properly

echo "0 16 bswap16 /dev/loop1" | dmsetup create test

# create hdd key file

echo <your hdd data key as hex string> <your hdd tweak key as hex string> | xxd -r -p > hdd_key.bin

ls -l hdd_key.bin
-rw-r--r-- 1 root root 32 Sep  4 09:28 hdd_key.bin

# create DM crypto target
# key size is 256bit because PS3 uses XTS-AES-128 and the key is just the concatenation of the data and tweak keys.

cryptsetup create -c aes-xts-plain64 -d ./hdd_key.bin -s 256 hdd_crypt /dev/mapper/hdd

# VFLASH begins at sector 8 on HDD

echo "0 8 linear /dev/mapper/hdd_crypt 8" | dmsetup create vflash

# create VFLASH key file

echo <your encdec data key as hex string> <your encdec tweak key as hex string> | xxd -r -p > vflash_key.bin

ls -l vflash_key.bin
-rw-r--r-- 1 root root 32 Sep  4 09:28 vflash_key.bin

# create DM crypto target
# key size is 256bit because PS3 uses XTS-AES-128 and the key is just the concatenation of the data and tweak keys.
# here is important to use option -p because VFLASH starts with sector 8 and encryption/decryption depends on sector number.

cryptsetup create -c aes-xts-plain64 -d ./vflash_key.bin -s 256 -p 8 vflash_crypt /dev/mapper/vflash

ls -l /dev/mapper/
total 0
crw------- 1 root root 10, 236 Sep  4 10:46 control
lrwxrwxrwx 1 root root       7 Sep  4 11:02 hdd -> ../dm-0
lrwxrwxrwx 1 root root       7 Sep  4 11:02 hdd_crypt -> ../dm-1
lrwxrwxrwx 1 root root       7 Sep  4 11:07 vflash -> ../dm-2
lrwxrwxrwx 1 root root       7 Sep  4 11:10 vflash_crypt -> ../dm-3

hexdump -C /dev/mapper/vflash_crypt
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000010  00 00 00 00 0f ac e0 ff  00 00 00 00 de ad fa ce  |................|
00000020  00 00 00 00 00 00 00 03  00 00 00 00 00 00 00 02  |................|
00000030  00 00 00 00 00 00 00 08  00 00 00 00 00 00 75 f8  |..............u.|
00000040  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000c0  00 00 00 00 00 00 78 00  00 00 00 00 00 06 3e 00  |......x.......>.|
000000d0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000000e0  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000000f0  10 20 00 00 03 00 00 01  00 00 00 00 00 00 00 01  |. ..............|
00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000150  00 00 00 00 00 06 b6 00  00 00 00 00 00 00 80 00  |................|
00000160  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000170  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001e0  00 00 00 00 00 07 36 00  00 00 00 00 00 00 04 00  |......6.........|
000001f0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000200  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000210  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000270  00 00 00 00 00 07 3a 00  00 00 00 00 00 00 c0 00  |......:.........|
00000280  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000290  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000002a0  10 80 00 00 04 00 00 01  00 00 00 00 00 00 00 03  |................|
000002b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000300  00 00 00 00 00 07 fa 00  00 00 00 00 00 00 02 00  |................|
00000310  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000320  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00001000

# now is VFLASH also decrypted
# next step is partition table
    PS3 HDD Partition Table
    • Now that we can decrypt/encrypt PS3 HDD with Linux, we want to be able to mount HDD/VFLASH regions because only then we can do changes to UFS or FAT filesystems on the HDD.
    • We have to implement PS3 HDD partition table in Linux kernel.
    • The Linux kernel with this feature will create all partition devices automatically in this case and we could mount and modify any HDD regions easily.
    • A new Linux kernel patch is necessary.
    • PS3 partition table is of size 0x1000 bytes.
    • Implemented PS3 partition support in Linux kernel. See patch 0035-ps3-partition.patch here gitorious.ps3dev.net/ps3linux/kernel-patches-35
    Test:
    Code:
    modprobe dm-bswap16

# clear ATA and ENCDEC keys
# DO NOT DO IT WITH HDD MOUNTED !!!

ps3dm sm set_del_encdec_key 0x110
ps3dm sm set_del_encdec_key 0x111

# we have to setup device mapper bswap16 target else HDD encryption/decryption won't work properly

hdd_size=`blockdev --getsize /dev/ps3da`

echo "0 $hdd_size bswap16 /dev/ps3da" | dmsetup create hdd

# create key file

echo <your data key as hex string> <your tweak key as hex string> | xxd -r -p > hdd_key.bin

ls -l hdd_key.bin
-rw-r--r-- 1 root root 32 Sep  4 09:28 hdd_key.bin

# create DM crypto target
# key size is 256bit because PS3 uses XTS-AES-128 and the key is just the concatenation of the data and tweak keys.

cryptsetup create -c aes-xts-plain64 -d ./hdd_key.bin -s 256 hdd_crypt /dev/mapper/hdd

ls -l /dev/mapper/
total 0
crw------- 1 root root 10, 236 Sep  6 11:07 control
lrwxrwxrwx 1 root root       7 Sep  6 11:09 hdd -> ../dm-0
lrwxrwxrwx 1 root root       7 Sep  6 11:12 hdd_crypt -> ../dm-1

hexdump -C /dev/mapper/hdd_crypt | head -23
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000010  00 00 00 00 0f ac e0 ff  00 00 00 00 de ad fa ce  |................|
00000020  00 00 00 00 00 00 00 03  00 00 00 00 00 00 00 02  |................|
00000030  00 00 00 00 00 00 00 08  00 00 00 00 00 08 00 00  |................|
00000040  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 0b  |.p..............|
00000050  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000c0  00 00 00 00 00 08 00 10  00 00 00 00 03 9a 8b 2d  |...............-|
000000d0  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000000e0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000000f0  10 20 00 00 03 00 00 01  00 00 00 00 00 00 00 03  |. ..............|
00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000150  00 00 00 00 03 a2 8b 45  00 00 00 00 00 3f ff f8  |.......E.....?..|
00000160  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000170  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001e0  00 00 00 00 03 e2 8b 46  00 00 00 00 19 39 ce 0c  |.......F.....9..|
000001f0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|


    Reply With Quote Reply With Quote
+ Reply to Thread
Page 4 of 4 FirstFirst ... 2 3 4

Tags for this Thread