Sponsored Links

Sponsored Links

Page 4 of 4 FirstFirst ... 234
Results 31 to 34 of 34



  1. #31
    Senior Member pinoytechno's Avatar
    Join Date
    Jan 2012
    Posts
    118
    Sponsored Links
    Sponsored Links
    thanks for sharing this great news to us sir

  2. #32
    Senior Member niwakun's Avatar
    Join Date
    Jun 2009
    Posts
    530
    Sponsored Links
    Sponsored Links
    with these, we can use my PC to grab files from HDD? Like act.dat and rif files.

  3. #33
    Senior Member Neo Cyrus's Avatar
    Join Date
    Apr 2009
    Posts
    452
    Sponsored Links
    Sponsored Links
    It's nice to see so much progress being made recently. My hat's off to you gentlemen.

  4. #34
    Senior Member Foo's Avatar
    Join Date
    Sep 2011
    Posts
    332
    Sponsored Links

    Mounting PS3's HDD on PC via Linux

    Sponsored Links
    Mounting PS3's HDD on PC via Linux by Glevand: ps3devwiki.com/wiki/Mounting_HDD_on_PC
    • The goal is to mount PS3 HDD on PC Linux and make changes to it.
    • Use device mapper for transparent encryption/decryption.

    ATA and ENCDEC keys

    Read more here: http://www.ps3news.com/ps3-hacks-jai...evand-arrives/

    Device Mapper

    • A really cool feature of Linux 2.6/3.
    • The device mapper is stackable.
    • You have to enable a couple of new kernel features like device mapper crypto, XTS crypto and so on.

    dm-bswap16
    • Swaps bytes in each 16-bit word.
    • It is necessray for HDD/VFLASH encryption/decryption.
    • Tested on Linux 3.5.3
    • GIT repo: gitorious.ps3dev.net/ps3linux/dm-bswap16

    What it should look like on a test run:
    Code:
    modprobe loop
    modprobe dm_mod
    modprobe dm-bswap16
    
    dd if=/dev/zero of=test.bin bs=1K count=100
    
    losetup /dev/loop0 ./test.bin
    
    echo "0 200 bswap16 /dev/loop0" | dmsetup create test
    
    ls -l /dev/mapper/test
    
    echo "00 01 00 01 00 01" | xxd -r -p > /dev/mapper/test
    
    # device mapper target
    
    hexdump -C /dev/mapper/test 
    00000000  00 01 00 01 00 01 00 00  00 00 00 00 00 00 00 00  |................|
    00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    00019000
    
    # real data, as you see bytes are swapped in each 16-bit word
    # device mapper allows you to do really cool things :)
    
    hexdump -C /home/glevand/test.bin
    00000000  01 00 01 00 01 00 00 00  00 00 00 00 00 00 00 00  |................|
    00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    00019000
    
    dmsetup remove test
    On a Test with ps3da
    • Tested with Debian LiveCD and Linux 3.4.10
    • xts_aes: gitorious.ps3dev.net/ps3linux/xts_aes

    Code:
    # clear ATA and ENCDEC keys
    # DO NOT DO IT WITH HDD MOUNTED !!!
    
    ps3dm sm set_del_encdec_key 0x110
    ps3dm sm set_del_encdec_key 0x111
    
    # for now don't use ps3da device directly, dump sectors to file and bind it to loop device
    # later we will use ps3da device directly when dm-bswap16 is well tested and bug free
    
    dd if=/dev/ps3da bs=512 count=2 of=hdd_enc.bin
    
    losetup /dev/loop1 ./hdd_enc.bin
    
    # we have to setup device mapper bswap16 target else HDD encryption/decryption won't work properly
    
    echo "0 2 bswap16 /dev/loop1" | dmsetup create test
    
    # decrypt using xts_aes
    
    cat /dev/mapper/test | ./xts_aes/xts_aes -d -k <your ATA data key> -t <your ATA tweak key> | hexdump -C
    00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    00000010  00 00 00 00 0f ac e0 ff  00 00 00 00 de ad fa ce  |................|
    00000020  00 00 00 00 00 00 00 03  00 00 00 00 00 00 00 02  |................|
    00000030  00 00 00 00 00 00 00 08  00 00 00 00 00 08 00 00  |................|
    00000040  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 0b  |.p..............|
    00000050  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    000000c0  00 00 00 00 00 08 00 10  00 00 00 00 03 9a 8b 2d  |...............-|
    000000d0  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    000000e0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    000000f0  10 20 00 00 03 00 00 01  00 00 00 00 00 00 00 03  |. ..............|
    00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    00000150  00 00 00 00 03 a2 8b 45  00 00 00 00 00 3f ff f8  |.......E.....?..|
    00000160  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000170  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    000001e0  00 00 00 00 03 e2 8b 46  00 00 00 00 19 39 ce 0c  |.......F.....9..|
    000001f0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    00000400
    dm-crypto
    • We don't need xts_aes application anymore.
    • Linux kernel does enctyption/decryption of data transparently for us.
    • One of the device mapper features is that it's stackable which is very useful for us.
    • VFLASH is encrypted twice. So we have to create a second DM crypto target based on the DM crypto target for HDD.

    HDD Test
    Tested on PS3 itself with Debian LiveCD and Linux kernel version 3.4.10 but you can use the same technique on a Linux PC. I was just lazy and it is easier to test on PS3.
    Code:
    # clear ATA and ENCDEC keys
    # DO NOT DO IT WITH HDD MOUNTED !!!
    
    ps3dm sm set_del_encdec_key 0x110
    ps3dm sm set_del_encdec_key 0x111
    
    # for now don't use ps3da device directly, dump sectors to file and bind it to loop device
    # later we will use ps3da device directly when dm-bswap16 is well tested and bug free
    
    dd if=/dev/ps3da bs=512 count=2 of=hdd_enc.bin
    
    losetup /dev/loop1 ./hdd_enc.bin
    
    # we have to setup device mapper bswap16 target else HDD encryption/decryption won't work properly
    
    echo "0 2 bswap16 /dev/loop1" | dmsetup create test
    
    # create key file
    
    echo <your data key as hex string> <your tweak key as hex string> | xxd -r -p > hdd_key.bin
    
    ls -l hdd_key.bin
    -rw-r--r-- 1 root root 32 Sep  4 09:28 hdd_key.bin
    
    # create DM crypto target
    # key size is 256bit because PS3 uses XTS-AES-128 and the key is just the concatenation of the data and tweak keys.
    
    cryptsetup create -c aes-xts-plain64 -d ./hdd_key.bin -s 256 test_crypt /dev/mapper/test
    
    ls -l /dev/mapper/
    total 0
    crw------- 1 root root 10, 236 Sep  4 09:23 control
    lrwxrwxrwx 1 root root       7 Sep  4 09:25 test -> ../dm-0
    lrwxrwxrwx 1 root root       7 Sep  4 09:30 test_crypt -> ../dm-1
    
    hexdump -C /dev/mapper/test_crypt
    00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    00000010  00 00 00 00 0f ac e0 ff  00 00 00 00 de ad fa ce  |................|
    00000020  00 00 00 00 00 00 00 03  00 00 00 00 00 00 00 02  |................|
    00000030  00 00 00 00 00 00 00 08  00 00 00 00 00 08 00 00  |................|
    00000040  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 0b  |.p..............|
    00000050  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    000000c0  00 00 00 00 00 08 00 10  00 00 00 00 03 9a 8b 2d  |...............-|
    000000d0  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    000000e0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    000000f0  10 20 00 00 03 00 00 01  00 00 00 00 00 00 00 03  |. ..............|
    00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    00000150  00 00 00 00 03 a2 8b 45  00 00 00 00 00 3f ff f8  |.......E.....?..|
    00000160  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000170  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    000001e0  00 00 00 00 03 e2 8b 46  00 00 00 00 19 39 ce 0c  |.......F.....9..|
    000001f0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    00000400
    
    # and we don't need xts_aes tool anymore :)
    # Linux does encryption/decryption for us transparently now
    # now you have raw access to your encrypted PS3 HDD and you can make simple changes
    
    # Linux device mapper is really great !!!
    VFLASH Test
    Code:
    # clear ATA and ENCDEC keys
    # DO NOT DO IT WITH HDD MOUNTED !!!
    
    ps3dm sm set_del_encdec_key 0x110
    ps3dm sm set_del_encdec_key 0x111
    
    # for now don't use ps3da device directly, dump sectors to file and bind it to loop device
    # later we will use ps3da device directly when dm-bswap16 is well tested and bug free
    
    dd if=/dev/ps3da bs=512 count=16 of=hdd_enc.bin
    
    losetup /dev/loop1 ./hdd_enc.bin
    
    # we have to setup device mapper bswap16 target else HDD encryption/decryption won't work properly
    
    echo "0 16 bswap16 /dev/loop1" | dmsetup create test
    
    # create hdd key file
    
    echo <your hdd data key as hex string> <your hdd tweak key as hex string> | xxd -r -p > hdd_key.bin
    
    ls -l hdd_key.bin
    -rw-r--r-- 1 root root 32 Sep  4 09:28 hdd_key.bin
    
    # create DM crypto target
    # key size is 256bit because PS3 uses XTS-AES-128 and the key is just the concatenation of the data and tweak keys.
    
    cryptsetup create -c aes-xts-plain64 -d ./hdd_key.bin -s 256 hdd_crypt /dev/mapper/hdd
    
    # VFLASH begins at sector 8 on HDD
    
    echo "0 8 linear /dev/mapper/hdd_crypt 8" | dmsetup create vflash
    
    # create VFLASH key file
    
    echo <your encdec data key as hex string> <your encdec tweak key as hex string> | xxd -r -p > vflash_key.bin
    
    ls -l vflash_key.bin
    -rw-r--r-- 1 root root 32 Sep  4 09:28 vflash_key.bin
    
    # create DM crypto target
    # key size is 256bit because PS3 uses XTS-AES-128 and the key is just the concatenation of the data and tweak keys.
    # here is important to use option -p because VFLASH starts with sector 8 and encryption/decryption depends on sector number.
    
    cryptsetup create -c aes-xts-plain64 -d ./vflash_key.bin -s 256 -p 8 vflash_crypt /dev/mapper/vflash
    
    ls -l /dev/mapper/
    total 0
    crw------- 1 root root 10, 236 Sep  4 10:46 control
    lrwxrwxrwx 1 root root       7 Sep  4 11:02 hdd -> ../dm-0
    lrwxrwxrwx 1 root root       7 Sep  4 11:02 hdd_crypt -> ../dm-1
    lrwxrwxrwx 1 root root       7 Sep  4 11:07 vflash -> ../dm-2
    lrwxrwxrwx 1 root root       7 Sep  4 11:10 vflash_crypt -> ../dm-3
    
    hexdump -C /dev/mapper/vflash_crypt
    00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    00000010  00 00 00 00 0f ac e0 ff  00 00 00 00 de ad fa ce  |................|
    00000020  00 00 00 00 00 00 00 03  00 00 00 00 00 00 00 02  |................|
    00000030  00 00 00 00 00 00 00 08  00 00 00 00 00 00 75 f8  |..............u.|
    00000040  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    000000c0  00 00 00 00 00 00 78 00  00 00 00 00 00 06 3e 00  |......x.......>.|
    000000d0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    000000e0  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    000000f0  10 20 00 00 03 00 00 01  00 00 00 00 00 00 00 01  |. ..............|
    00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    00000150  00 00 00 00 00 06 b6 00  00 00 00 00 00 00 80 00  |................|
    00000160  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000170  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    000001e0  00 00 00 00 00 07 36 00  00 00 00 00 00 00 04 00  |......6.........|
    000001f0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000200  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000210  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    00000270  00 00 00 00 00 07 3a 00  00 00 00 00 00 00 c0 00  |......:.........|
    00000280  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000290  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    000002a0  10 80 00 00 04 00 00 01  00 00 00 00 00 00 00 03  |................|
    000002b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    00000300  00 00 00 00 00 07 fa 00  00 00 00 00 00 00 02 00  |................|
    00000310  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000320  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    00001000
    
    # now is VFLASH also decrypted
    # next step is partition table
    PS3 HDD Partition Table
    • Now that we can decrypt/encrypt PS3 HDD with Linux, we want to be able to mount HDD/VFLASH regions because only then we can do changes to UFS or FAT filesystems on the HDD.
    • We have to implement PS3 HDD partition table in Linux kernel.
    • The Linux kernel with this feature will create all partition devices automatically in this case and we could mount and modify any HDD regions easily.
    • A new Linux kernel patch is necessary.
    • PS3 partition table is of size 0x1000 bytes.
    • Implemented PS3 partition support in Linux kernel. See patch 0035-ps3-partition.patch here gitorious.ps3dev.net/ps3linux/kernel-patches-35

    Test:
    Code:
    modprobe dm-bswap16
    
    # clear ATA and ENCDEC keys
    # DO NOT DO IT WITH HDD MOUNTED !!!
    
    ps3dm sm set_del_encdec_key 0x110
    ps3dm sm set_del_encdec_key 0x111
    
    # we have to setup device mapper bswap16 target else HDD encryption/decryption won't work properly
    
    hdd_size=`blockdev --getsize /dev/ps3da`
    
    echo "0 $hdd_size bswap16 /dev/ps3da" | dmsetup create hdd
    
    # create key file
    
    echo <your data key as hex string> <your tweak key as hex string> | xxd -r -p > hdd_key.bin
    
    ls -l hdd_key.bin
    -rw-r--r-- 1 root root 32 Sep  4 09:28 hdd_key.bin
    
    # create DM crypto target
    # key size is 256bit because PS3 uses XTS-AES-128 and the key is just the concatenation of the data and tweak keys.
    
    cryptsetup create -c aes-xts-plain64 -d ./hdd_key.bin -s 256 hdd_crypt /dev/mapper/hdd
    
    ls -l /dev/mapper/
    total 0
    crw------- 1 root root 10, 236 Sep  6 11:07 control
    lrwxrwxrwx 1 root root       7 Sep  6 11:09 hdd -> ../dm-0
    lrwxrwxrwx 1 root root       7 Sep  6 11:12 hdd_crypt -> ../dm-1
    
    hexdump -C /dev/mapper/hdd_crypt | head -23
    00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    00000010  00 00 00 00 0f ac e0 ff  00 00 00 00 de ad fa ce  |................|
    00000020  00 00 00 00 00 00 00 03  00 00 00 00 00 00 00 02  |................|
    00000030  00 00 00 00 00 00 00 08  00 00 00 00 00 08 00 00  |................|
    00000040  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 0b  |.p..............|
    00000050  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    000000c0  00 00 00 00 00 08 00 10  00 00 00 00 03 9a 8b 2d  |...............-|
    000000d0  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    000000e0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    000000f0  10 20 00 00 03 00 00 01  00 00 00 00 00 00 00 03  |. ..............|
    00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    00000150  00 00 00 00 03 a2 8b 45  00 00 00 00 00 3f ff f8  |.......E.....?..|
    00000160  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000170  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    *
    000001e0  00 00 00 00 03 e2 8b 46  00 00 00 00 19 39 ce 0c  |.......F.....9..|
    000001f0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|

 

Sponsored Links

Page 4 of 4 FirstFirst ... 234

Tags for this Thread

Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News