Sponsored Links

Sponsored Links

Page 8 of 21 FirstFirst ... 67891018 ... LastLast
Results 71 to 80 of 202



  1. #71
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    27,820
    Sponsored Links

    PS3 Metldr / Per Console Key0 Update, LV0 Bootloader Decrypted?

    Sponsored Links
    A few weeks back details and payloads for Dumping PS3 Per Console Keys surfaced followed by news of a PS3 Metldr Exploit, and today PlayStation 3 developer xx404xx on IRC has shared his PS3 Metldr / Per Console Key0 findings thus far.

    Included below are a [Register or Login to view links] which is loaded through lv2patcher, an [Register or Login to view links], the required EID Static Keys and more, as follows:

    [xx404xx] lol wtf you can write to metldr!!!!!!
    [xx404xx] 0x17014 - Write eEID/Write metldr Holy crap, it writes passed data to the region of FLASH memory where eEID or metldr data is stored !!! And GameOS is allowed to use this service !!! Do not experiment with this service if you don't know what it does or else your PS3 will not work anymore !!!
    [xx404xx] [Register or Login to view links]
    [xx404xx] [Register or Login to view links] I highly recommend you all go look at that
    [xx404xx] Is anyone taking a look at that paste bin? [Register or Login to view links] (via [Register or Login to view links] from lunuxx)
    [xx404xx] Here's a pic from this leaked doc i found
    [xx404xx] [Register or Login to view links]
    [xx404xx] [Register or Login to view links] there's no per console key 0 in the guide
    [xx404xx] and you need this leaked doc
    [xx404xx] ill go upload it
    [xx404xx] the per console key0 is only for my console......
    [xx404xx] but you can obtain your own lv0
    [xx404xx] im upploading the doc now
    [xx404xx] i was hesitant about leaking this
    [xx404xx] but here you go, you will need this info
    [xx404xx] [Register or Login to view links]
    [xx404xx] it has doc on the spu's
    [stronzolo] what do you think about the picture who math posted on the twitter ?
    [xx404xx] real
    [xx404xx] he already told us how he does it....
    [stronzolo] us = who ?
    [branan] everybody. His thing about metldr from a couple days ago applies to bootldr just as well
    [xx404xx] it's no secret
    [stronzolo] so why math can do it... and others can't ? what's wrong ?
    [xx404xx] lol if he didnt want other's knowing about it mabye he shouldnt tweet so many hint's.......
    [xx404xx] we can do it
    [xx404xx] read the docs
    [xx404xx] he talk's about how we dump the local storage from the spu's
    [stronzolo] 404 when do we know if your key is key 0 ?
    [xx404xx] when someone prep's a step by step guide to dump bootldr
    [xx404xx] Patent[How to dump lv0 with HW ;] that's all im going to say for know....there will be more later, and this is not a complete guide, but math gave you eveything else you need....
    [xx404xx] [Register or Login to view links]
    [XX404XX] Ik how math does the bootldr exploit
    [antikhris] do tell...
    [XX404XX] [Register or Login to view links]

    On the PS3 True Blue Dongle:

    [xx404xx] True blue is stupid
    [xx404xx] it's the fselfs
    [eussNL] its more than / just / fself, try unself one and you see what it is
    [eussNL] its DRM'ed fself
    [xx404xx] ps3 crunch is trying to make money on the new dongles......
    [eussNL] well not surprising as GaryOPA is reseller
    [xx404xx] where do you think
    [xx404xx] it came from
    [xx404xx] i dont mean drm
    [eussNL] what?
    [xx404xx] i mean the fself
    [eussNL] there are plural items
    [xx404xx] debug servers obv
    [eussNL] well, they only have limited titles so there is your clue

    From pastebin.com/rFD5ASJa: (img573.imageshack.us/img573/5026/newbitmapimage4z.png)



    BootOrder explained (Thank's wiki) VERY IMPORTANT (per_console_key_0 is not the key which will be derived, but is the key which has derived per_console_key_1) We have pck1 using the dumper, in order to obtain pck you need to dump it out of ls. In order to do that with hardware you should look into math's comment's about dumping a shared lsa.

    In order to do this with software you should either use math's bootldr exploit or you need to exploit the spe secure runtime.... (Not all that hard with the two recent exploit's)

    With Runtime Secure Boot feature, an application can run a check on itself before it is executed to verify that it has not be modified and compromised.Secure Boot is normally done only at power-on time, but the Cell BE processor can Secure Boot an application thread multiple times during runtime. (PS3'S doesn't do this right as you can see in the failoverflow vid)

    Passing execution: (img508.imageshack.us/img508/8544/eib.gif)



    Spe execution control diagram: (imageshack.us/photo/my-images/835/newbitmapimage3a.png/)



    Error Reporting: (imageshack.us/photo/my-images/193/newbitmapimage5us.png/)



    A Debug support flag set in SC EEPROM at address 0x48C50. When this flag is set, the token is read from SYSCON and decrypted, this gets passed to various modules to unlock certain functionality.

    Debug support flag is tied to EID which is supposed to be hashed and saves in SC EEPROM
    Code:
    0x48C50	0x10	Debug Support Flag
    A FSELF support flag set in SC EEPROM at address 0x48C06. When this flag is set, the token is read from SYSCON and decrypted, this gets passed to various modules to unlock certain functionality.
    Code:
    0x48C06	1	FSELF Control Flag
    cex->dex?
    Eid Rootkey(1) Dumper (Load through lv2patcher) (You need this)
    [Register or Login to view links]

    Decrypt your eid with this (You need this)
    [Register or Login to view links]
    Code:
    ## channel.h
    //Add this defines.
    
    //SPU channels.
    #define SPU_RdEventStat 0
    #define SPU_WrEventMask 1
    #define SPU_WrEventAck 2
    #define SPU_RdSigNotify1 3
    #define SPU_RdSigNotify2 4
    #define SPU_WrDec 7
    #define SPU_RdDec 8
    #define SPU_RdEventMask 11
    #define SPU_RdMachStat 13
    #define SPU_WrSRR0 14
    #define SPU_RdSRR0 15
    #define SPU_WrOutMbox 28
    #define SPU_RdInMbox 29
    #define SPU_WrOutIntrMbox 30
    
    //MFC channels.
    #define MFC_WrMSSyncReq 9
    #define MFC_RdTagMask 12
    #define MFC_LSA 16
    #define MFC_EAH 17
    #define MFC_EAL 18
    #define MFC_Size 19
    #define MFC_TagID 20
    #define MFC_Cmd 21
    #define MFC_WrTagMask 22
    #define MFC_WrTagUpdate 23
    #define MFC_RdTagStat 24
    #define MFC_RdListStallStat 25
    #define MFC_WrListStallAck 26
    #define MFC_RdAtomicStat 27
    
    //MFC DMA commands.
    #define MFC_PUT_CMD 0x20
    #define MFC_GET_CMD 0x40
    
    //MFC tag update commands.
    #define MFC_TAG_UPDATE_IMMEDIATE 0
    #define MFC_TAG_UPDATE_ANY 1
    #define MFC_TAG_UPDATE_ALL 2
    
    ## channel.c
    // Copyright 2010 fail0verflow <master@fail0verflow.com>
    // Licensed under the terms of the GNU GPL, version 2
    // http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
    
    #include <stdio.h>
    #include <string.h>
    #include <stdarg.h>
    #include <stdlib.h>
    #include <unistd.h>
    
    #include "types.h"
    #include "main.h"
    #include "config.h"
    #include "channel.h"
    
    //Channel names.
    static char *ch_names[] = 
    {
    	"SPU_RdEventStat", //0
    	"SPU_WrEventMask", //1
    	"SPU_WrEventAck", //2
    	"SPU_RdSigNotify1", //3
    	"SPU_RdSigNotify2", //4
    	"UNKNOWN", //5
    	"UNKNOWN", //6
    	"SPU_WrDec", //7
    	"SPU_RdDec", //8
    	"MFC_WrMSSyncReq", //9
    	"UNKNOWN", //10
    	"SPU_RdEventMask", //11
    	"MFC_RdTagMask", //12
    	"SPU_RdMachStat", //13
    	"SPU_WrSRR0", //14
    	"SPU_RdSRR0", //15
    	"MFC_LSA", //16
    	"MFC_EAH", //17
    	"MFC_EAL", //18
    	"MFC_Size ", //19
    	"MFC_TagID", //20
    	"MFC_Cmd", //21
    	"MFC_WrTagMask", //22
    	"MFC_WrTagUpdate", //23
    	"MFC_RdTagStat", //24
    	"MFC_RdListStallStat", //25
    	"MFC_WrListStallAck", //26
    	"MFC_RdAtomicStat", //27
    	"SPU_WrOutMbox", //28
    	"SPU_RdInMbox", //29
    	"SPU_WrOutIntrMbox" //30
    };
    
    //MFC channel values.
    static u32 _MFC_LSA;
    static u32 _MFC_EAH;
    static u32 _MFC_EAL;
    static u32 _MFC_Size;
    static u32 _MFC_TagID;
    static u32 _MFC_TagMask;
    static u32 _MFC_TagStat;
    
    //Endian swap.
    #define _BE(val) ((((val) & 0xff00000000000000ull) >> 56) | \
                      (((val) & 0x00ff000000000000ull) >> 40) | \
                      (((val) & 0x0000ff0000000000ull) >> 24) | \
                      (((val) & 0x000000ff00000000ull) >> 8 ) | \
                      (((val) & 0x00000000ff000000ull) << 8 ) | \
                      (((val) & 0x0000000000ff0000ull) << 24) | \
                      (((val) & 0x000000000000ff00ull) << 40) | \
                      (((val) & 0x00000000000000ffull) << 56))
    
    void handle_mfc_command(u32 cmd)
    {
    	printf("Local address %08x, EA = %08x:%08x, Size=%08x, TagID=%08x, Cmd=%08x\n",
    		_MFC_LSA, _MFC_EAH, _MFC_EAL, _MFC_Size, _MFC_TagID, cmd);
    #ifdef DEBUG_CHANNEL
    	getchar();
    #endif
    	
    	switch (cmd)
    	{
    	case MFC_PUT_CMD:
    		printf("MFC_PUT (DMA out of LS)\n");
    		{
    			FILE *fp = fopen("out.bin", "a+");
    			fwrite(ctx->ls + _MFC_LSA, sizeof(u8), _MFC_Size, fp);
    			fclose(fp);
    		}
    		break;
    	case MFC_GET_CMD:
    		printf("MFC_GET (DMA into LS)\n");
    		{
    			static int round = 0;
    			                         //module debug output address, set both to 0x0 for none
    			static u64 data0[2] = {_BE(0xbeef0110dead0000), _BE(0xbeef0220dead0000)};
    			static u64 data1[4] = {_BE(0xbeef0110dead0000), _BE(0xbeef0220dead0000), 
    			                       _BE(0x0000000200000000), _BE(0x0000000000000000)};
    			                                  //^-- 1,2,3,4 (device type/id, pscode, psid)
    			if(round == 0)
    				memcpy(ctx->ls + _MFC_LSA, &data0, _MFC_Size);
    			else if(round == 1)
    				memcpy(ctx->ls + _MFC_LSA, &data1, _MFC_Size);
    			else if(round == 2)
    			{
    				//Load EID0.
    				printf("loading eid...");
    				FILE *fp = fopen("EID0", "rb");
    				fread(ctx->ls + _MFC_LSA, sizeof(u8), _MFC_Size, fp);
    				fclose(fp);
    				printf("done\n");
    			}
    			round++;
    		}
    		break;
    	default:
    		printf("unknown command\n");
    	}
    }
    
    void handle_mfc_tag_update(u32 tag)
    {
    	switch (tag)
    	{
    	case MFC_TAG_UPDATE_IMMEDIATE:
    		printf("-> MFC_TAG_UPDATE_IMMEDIATE\n");
    		_MFC_TagStat = _MFC_TagMask;
    		break;
    	case MFC_TAG_UPDATE_ANY:
    		printf("-> MFC_TAG_UPDATE_ANY\n");
    		break;
    	case MFC_TAG_UPDATE_ALL:
    		printf("-> MFC_TAG_UPDATE_ALL\n");
    		break;
    	default:
    		printf("-> UNKNOWN\n");
    		break;
    	}
    	
    	_MFC_TagStat = _MFC_TagMask;
    }
    
    void channel_wrch(int ch, int reg)
    {
    	u32 r = ctx->reg[reg][0];
    	
    	printf("CHANNEL: wrch ch%d(= %s) r%d(= 0x%08x)\n", ch, (ch <= 30 ? ch_names[ch] : "UNKNOWN"), reg, r);
    #ifdef DEBUG_CHANNEL
    	getchar();
    #endif
    	
    	switch(ch)
    	{
    	case MFC_LSA:
    		_MFC_LSA = r;
    		break;
    	case MFC_EAH:
    		_MFC_EAH = r;
    		break;
    	case MFC_EAL:
    		_MFC_EAL = r;
    		break;
    	case MFC_Size:
    		_MFC_Size = r;
    		break;
    	case MFC_TagID:
    		_MFC_TagID = r;
    		break;
    	case MFC_Cmd:
    		handle_mfc_command(r);
    		break;
    	case MFC_WrTagMask:
    		_MFC_TagMask = r;
    		break;
    	case MFC_WrTagUpdate:
    		handle_mfc_tag_update(r);
    		break;
    	}
    }
    
    void channel_rdch(int ch, int reg)
    {
    	u32 r = 0;
    	
    	printf("CHANNEL: rdch ch%d(= %s) r%d\n", ch, (ch <= 30 ? ch_names[ch] : "UNKNOWN"), reg);
    #ifdef DEBUG_CHANNEL
    	getchar();
    #endif
    	
    	switch (ch)
    	{
    	case SPU_RdDec:
    		break;
    	case MFC_RdTagStat:
    		r = _MFC_TagStat;
    		break;
    	case MFC_RdAtomicStat:
    		break;
    	}
    	
    	//Set register.
    	ctx->reg[reg][0] = r;
    	ctx->reg[reg][1] = 0;
    	ctx->reg[reg][2] = 0;
    	ctx->reg[reg][3] = 0;
    }
    
    int channel_rchcnt(int ch)
    {
    	u32 r = 0;
    	
    	printf("CHANNEL: rchcnt ch%d(%s)\n", ch, (ch <= 30 ? ch_names[ch] : "UNKNOWN"));
    #ifdef DEBUG_CHANNEL
    	getchar();
    #endif
    	
    	switch (ch)
    	{
    	case MFC_WrTagUpdate:
    		r = 1;
    		break;
    	case MFC_RdTagStat:
    		r = 1;
    		break;
    	case MFC_RdAtomicStat:
    		break;
    	}
    	
    	return r;
    }
    
    ## main.c
    int main(int argc, char *argv[])
    {
    	u32 done;
    	memset(&_ctx, 0x00, sizeof _ctx);
    	ctx = &_ctx;
    	parse_args(argc, argv);
    
    	//Remove old output.
    	system("rm -f out.bin");	
    
    	//Set module parameters.
    	//PU DMA area start address.
    	//Dummy to make the module happy.
    	ctx->reg[3][0] = 0xdead0000;
    	ctx->reg[3][1] = 0xbeef0000;
    	//PU DMA area size.
    	//ctx->reg[4][0] = 0x80;
    	ctx->reg[4][1] = 0x80;
    	//PU EID area start address (first param).
    	//Dummy to make the module happy.	
    	ctx->reg[5][0] = 0xcafe0000;
    	ctx->reg[5][1] = 0xbabe0000;
    	//First param size.
    	//ctx->reg[6][0] = 0x860;
    	ctx->reg[6][1] = 0x860;
    
    	ctx->ls = malloc(LS_SIZE);
    	if (ctx->ls == NULL)
    		fail("Unable to allocate local storage.");
    	memset(ctx->ls, 0, LS_SIZE);
    
    	//Write EID master key (to start of LS).
    	u8 eid_mkey[] = {/* ... */};
    	memcpy(ctx->ls, eid_mkey, sizeof(eid_mkey));
    
    	//...
    }
    Eid static key's (You need these)

    1.00 Debug/DEX - aim_spu_module.self
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00008670  40 1C 4A A6 3B 2C 8D 44 E2 45 F0 74 DA E7 78 2A  @.J;,.DEtx*   <--- aim_compare
    00008680  36 0D 1E 8E E2 11 6B DF 6F 0D 8A 3C C1 7B E3 8F  6...ko.<{.   <--- aim_compare
    00008690  EA 48 B5 71 F4 D2 6D ED 00 00 00 00 00 00 00 00  Hqm........   <--- aim_compare
    000086A0  51 F7 8B 72 A6 47 11 CF 5C 72 32 3F B8 60 7A 00  QrG.\r2?`z.   <--- aim_iv
    000086B0  92 2B 19 8C DF 0C 07 DC CE 84 8B 69 88 2D 80 4C  +...΄i-L   <--- aim_key
    000086C0  C2 3F 19 C2 EA E1 24 4F 35 AF 17 6F 7F D3 78 51  ?.$O5.o.xQ   <--- aim_key
    000086D0  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    000086E0  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  09]ŃZ:yJ   <--- aim_ks_4
    3.15 Retail/CEX - aim_spu_module.self
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00003070  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  09]ŃZ:yJ   <--- aim_ks_4
    00003080  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    00003090  92 2B 19 8C DF 0C 07 DC CE 84 8B 69 88 2D 80 4C  +...΄i-L   <--- aim_key
    000030A0  C2 3F 19 C2 EA E1 24 4F 35 AF 17 6F 7F D3 78 51  ?.$O5.o.xQ   <--- aim_key
    000030B0  51 F7 8B 72 A6 47 11 CF 5C 72 32 3F B8 60 7A 00  QrG.\r2?`z.   <--- aim_iv
    000030C0  40 1C 4A A6 3B 2C 8D 44 E2 45 F0 74 DA E7 78 2A  @.J;,.DEtx*   <--- aim_compare
    000030D0  36 0D 1E 8E E2 11 6B DF 6F 0D 8A 3C C1 7B E3 8F  6...ko.<{.   <--- aim_compare
    000030E0  EA 48 B5 71 F4 D2 6D ED 00 00 00 00 00 00 00 00  Hqm........   <--- aim_compare
    3.41 Retail/CEX - aim_spu_module.self
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00003070  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  09]ŃZ:yJ   <--- aim_ks_4
    00003080  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    00003090  92 2B 19 8C DF 0C 07 DC CE 84 8B 69 88 2D 80 4C  +...΄i-L   <--- aim_key
    000030A0  C2 3F 19 C2 EA E1 24 4F 35 AF 17 6F 7F D3 78 51  ?.$O5.o.xQ   <--- aim_key
    000030B0  51 F7 8B 72 A6 47 11 CF 5C 72 32 3F B8 60 7A 00  QrG.\r2?`z.   <--- aim_iv
    000030C0  40 1C 4A A6 3B 2C 8D 44 E2 45 F0 74 DA E7 78 2A  @.J;,.DEtx*   <--- aim_compare
    000030D0  36 0D 1E 8E E2 11 6B DF 6F 0D 8A 3C C1 7B E3 8F  6...ko.<{.   <--- aim_compare
    000030E0  EA 48 B5 71 F4 D2 6D ED 00 00 00 00 00 00 00 00  Hqm........   <--- aim_compare
    3.55 Retail/CEX - aim_spu_module.self
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00002ED0  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  09]ŃZ:yJ   <--- aim_ks_4
    00002EE0  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    3.56 Retail/CEX - aim_spu_module.self
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00002ED0  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  09]ŃZ:yJ   <--- aim_ks_4
    00002EE0  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    1.00 Debug/DEX - appldr
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00018DF0  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
       
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00018680  AB CA AD 17 71 EF AB FC 2B 92 12 76 FA C2 13 0C  ʭ.q+.v..   <--- eid_root_key_seed_2
    00018690  37 A6 BE 3F EF 82 C7 9F 3B A5 73 3F C3 5A 69 0B  7?ǟ;s?Zi.   <--- eid_root_key_seed_2
    000186A0  08 B3 58 F9 70 FA 16 A3 D2 FF E2 29 9E 84 1E E4  .Xp.).   <--- eid_root_key_seed_2
    000186B0  D3 DB 0E 0C 9B AE B5 1B C7 DF F1 04 67 47 2F 85  ....gG/   <--- eid_root_key_seed_2
    000186C0  59 30 21 45 AC 09 B1 EF E6 9E 9B 7A 25 FF 8F 86  Y0!E.枛z%.   <--- eid_root_key_seed_1 
    000186D0  E9 F6 81 4D 37 DE 20 4D 29 72 9B 84 16 BA ED E4  .M7 M)r.   <--- eid_root_key_seed_1
    000186E0  22 70 98 65 7F 29 8C DB 6A 9B 5E 59 E4 A4 BA 2F  "pe.)j^Y䤺/   <--- eid_root_key_seed_1
    000186F0  8E 6A 74 0E 1F C1 E3 E9 35 DD D2 F6 6C DE DD 6B  jt..5lk   <--- eid_root_key_seed_1
       
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00018B70  9A DE 78 30 EB 74 24 5E C3 57 CE 4F 64 01 63 3E  x0t$^WOd.c>   <--- rvklist   0.80-3.55 PUBLIC
    00018B80  5A 80 48 FD 86 5F 9D 8F 1A 91 89 53 5A 37 62 3E  ZH_...SZ7b>   <--- rvklist   0.80-3.55 PUBLIC
    00018B90  29 21 42 74 63 A7 54 F7 00 00 00 00 00 00 00 00  )!BtcT........   <--- rvklist   0.80-3.55 PUBLIC
    00018BA0  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ]xv..²/Q.   <-- rvklist   0.80-3.55 ERK
    00018BB0  03 AF 06 FD 1C E6 DA 36 63 61 68 2C DF 59 F9 70  ...6cah,Yp   <-- rvklist   0.80-3.55 ERK
    00018BC0  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ]xv..²/Q.   <-- rvklist   0.80-3.55 ERK
    3.15 Retail/CEX - appldr
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00019210  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
       
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00018940  59 30 21 45 AC 09 B1 EF E6 9E 9B 7A 25 FF 8F 86  Y0!E.枛z%.   <--- eid_root_key_seed_1
    00018950  E9 F6 81 4D 37 DE 20 4D 29 72 9B 84 16 BA ED E4  .M7 M)r.   <--- eid_root_key_seed_1
    00018960  22 70 98 65 7F 29 8C DB 6A 9B 5E 59 E4 A4 BA 2F  "pe.)j^Y䤺/   <--- eid_root_key_seed_1
    00018970  8E 6A 74 0E 1F C1 E3 E9 35 DD D2 F6 6C DE DD 6B  jt..5lk   <--- eid_root_key_seed_1
    00018980  AB CA AD 17 71 EF AB FC 2B 92 12 76 FA C2 13 0C  ʭ.q+.v..   <--- eid_root_key_seed_2
    00018990  37 A6 BE 3F EF 82 C7 9F 3B A5 73 3F C3 5A 69 0B  7?ǟ;s?Zi.   <--- eid_root_key_seed_2
    000189A0  08 B3 58 F9 70 FA 16 A3 D2 FF E2 29 9E 84 1E E4  .Xp.).   <--- eid_root_key_seed_2
    000189B0  D3 DB 0E 0C 9B AE B5 1B C7 DF F1 04 67 47 2F 85  ....gG/   <--- eid_root_key_seed_2
    3.41 Retail/CEX - appldr
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00019930  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
       
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00018C20  59 30 21 45 AC 09 B1 EF E6 9E 9B 7A 25 FF 8F 86  Y0!E.枛z%.   <--- eid_root_key_seed_1
    00018C30  E9 F6 81 4D 37 DE 20 4D 29 72 9B 84 16 BA ED E4  .M7 M)r.   <--- eid_root_key_seed_1
    00018C40  22 70 98 65 7F 29 8C DB 6A 9B 5E 59 E4 A4 BA 2F  "pe.)j^Y䤺/   <--- eid_root_key_seed_1
    00018C50  8E 6A 74 0E 1F C1 E3 E9 35 DD D2 F6 6C DE DD 6B  jt..5lk   <--- eid_root_key_seed_1
    00018C60  AB CA AD 17 71 EF AB FC 2B 92 12 76 FA C2 13 0C  ʭ.q+.v..   <--- eid_root_key_seed_2
    00018C70  37 A6 BE 3F EF 82 C7 9F 3B A5 73 3F C3 5A 69 0B  7?ǟ;s?Zi.   <--- eid_root_key_seed_2
    00018C80  08 B3 58 F9 70 FA 16 A3 D2 FF E2 29 9E 84 1E E4  .Xp.).   <--- eid_root_key_seed_2
    00018C90  D3 DB 0E 0C 9B AE B5 1B C7 DF F1 04 67 47 2F 85  ....gG/   <--- eid_root_key_seed_2
    3.55 Retail/CEX - appldr
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    0001AD20  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
       
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00019790  59 30 21 45 AC 09 B1 EF E6 9E 9B 7A 25 FF 8F 86  Y0!E.枛z%.   <--- eid_root_key_seed_1
    000197A0  E9 F6 81 4D 37 DE 20 4D 29 72 9B 84 16 BA ED E4  .M7 M)r.   <--- eid_root_key_seed_1
    000197B0  22 70 98 65 7F 29 8C DB 6A 9B 5E 59 E4 A4 BA 2F  "pe.)j^Y䤺/   <--- eid_root_key_seed_1
    000197C0  8E 6A 74 0E 1F C1 E3 E9 35 DD D2 F6 6C DE DD 6B  jt..5lk   <--- eid_root_key_seed_1
    000197D0  AB CA AD 17 71 EF AB FC 2B 92 12 76 FA C2 13 0C  ʭ.q+.v..   <--- eid_root_key_seed_2
    000197E0  37 A6 BE 3F EF 82 C7 9F 3B A5 73 3F C3 5A 69 0B  7?ǟ;s?Zi.   <--- eid_root_key_seed_2
    000197F0  08 B3 58 F9 70 FA 16 A3 D2 FF E2 29 9E 84 1E E4  .Xp.).   <--- eid_root_key_seed_2
    00019800  D3 DB 0E 0C 9B AE B5 1B C7 DF F1 04 67 47 2F 85  ....gG/   <--- eid_root_key_seed_2
    3.56 Retail/CEX - appldr
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    0001F980  59 30 21 45 AC 09 B1 EF E6 9E 9B 7A 25 FF 8F 86  Y0!E.枛z%.   <--- eid_root_key_seed_1
    0001F990  E9 F6 81 4D 37 DE 20 4D 29 72 9B 84 16 BA ED E4  .M7 M)r.   <--- eid_root_key_seed_1
    0001F9A0  22 70 98 65 7F 29 8C DB 6A 9B 5E 59 E4 A4 BA 2F  "pe.)j^Y䤺/   <--- eid_root_key_seed_1
    0001F9B0  8E 6A 74 0E 1F C1 E3 E9 35 DD D2 F6 6C DE DD 6B  jt..5lk   <--- eid_root_key_seed_1
    0001F9C0  AB CA AD 17 71 EF AB FC 2B 92 12 76 FA C2 13 0C  ʭ.q+.v..   <--- eid_root_key_seed_2
    0001F9D0  37 A6 BE 3F EF 82 C7 9F 3B A5 73 3F C3 5A 69 0B  7?ǟ;s?Zi.   <--- eid_root_key_seed_2
    0001F9E0  08 B3 58 F9 70 FA 16 A3 D2 FF E2 29 9E 84 1E E4  .Xp.).   <--- eid_root_key_seed_2
    0001F9F0  D3 DB 0E 0C 9B AE B5 1B C7 DF F1 04 67 47 2F 85  ....gG/   <--- eid_root_key_seed_2
       
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00020D90  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    1.00 Debug/DEX - isoldr
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00010310  AB CA AD 17 71 EF AB FC 2B 92 12 76 FA C2 13 0C  ʭ.q+.v..   <--- eid_root_key_seed_2
    00010320  37 A6 BE 3F EF 82 C7 9F 3B A5 73 3F C3 5A 69 0B  7?ǟ;s?Zi.   <--- eid_root_key_seed_2
    00010330  08 B3 58 F9 70 FA 16 A3 D2 FF E2 29 9E 84 1E E4  .Xp.).   <--- eid_root_key_seed_2
    00010340  D3 DB 0E 0C 9B AE B5 1B C7 DF F1 04 67 47 2F 85  ....gG/   <--- eid_root_key_seed_2
    00010350  59 30 21 45 AC 09 B1 EF E6 9E 9B 7A 25 FF 8F 86  Y0!E.枛z%.   <--- eid_root_key_seed_1
    00010360  E9 F6 81 4D 37 DE 20 4D 29 72 9B 84 16 BA ED E4  .M7 M)r.   <--- eid_root_key_seed_1
    00010370  22 70 98 65 7F 29 8C DB 6A 9B 5E 59 E4 A4 BA 2F  "pe.)j^Y䤺/   <--- eid_root_key_seed_1
    00010380  8E 6A 74 0E 1F C1 E3 E9 35 DD D2 F6 6C DE DD 6B  jt..5lk   <--- eid_root_key_seed_1
    00010390  9A DE 78 30 EB 74 24 5E C3 57 CE 4F 64 01 63 3E  x0t$^WOd.c>   <--- rvklist   0.80-3.55 PUBLIC
    000103A0  5A 80 48 FD 86 5F 9D 8F 1A 91 89 53 5A 37 62 3E  ZH_...SZ7b>   <--- rvklist   0.80-3.55 PUBLIC
    000103B0  29 21 42 74 63 A7 54 F7 00 00 00 00 00 00 00 00  )!BtcT........   <--- rvklist   0.80-3.55 PUBLIC
    000103C0  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ]xv..²/Q.   <-- rvklist   0.80-3.55 ERK
    000103D0  03 AF 06 FD 1C E6 DA 36 63 61 68 2C DF 59 F9 70  ...6cah,Yp   <-- rvklist   0.80-3.55 ERK
    000103E0  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ]xv..²/Q.   <-- rvklist   0.80-3.55 ERK
       
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00010610  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    3.15 Retail/CEX - isoldr
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    0000F460  59 30 21 45 AC 09 B1 EF E6 9E 9B 7A 25 FF 8F 86  Y0!E.枛z%.   <--- eid_root_key_seed_1
    0000F470  E9 F6 81 4D 37 DE 20 4D 29 72 9B 84 16 BA ED E4  .M7 M)r.   <--- eid_root_key_seed_1
    0000F480  22 70 98 65 7F 29 8C DB 6A 9B 5E 59 E4 A4 BA 2F  "pe.)j^Y䤺/   <--- eid_root_key_seed_1
    0000F490  8E 6A 74 0E 1F C1 E3 E9 35 DD D2 F6 6C DE DD 6B  jt..5lk   <--- eid_root_key_seed_1
    0000F4A0  AB CA AD 17 71 EF AB FC 2B 92 12 76 FA C2 13 0C  ʭ.q+.v..   <--- eid_root_key_seed_2
    0000F4B0  37 A6 BE 3F EF 82 C7 9F 3B A5 73 3F C3 5A 69 0B  7?ǟ;s?Zi.   <--- eid_root_key_seed_2
    0000F4C0  08 B3 58 F9 70 FA 16 A3 D2 FF E2 29 9E 84 1E E4  .Xp.).   <--- eid_root_key_seed_2
    0000F4D0  D3 DB 0E 0C 9B AE B5 1B C7 DF F1 04 67 47 2F 85  ....gG/   <--- eid_root_key_seed_2
    0000F4E0  03 AF 06 FD 1C E6 DA 36 63 61 68 2C DF 59 F9 70  ...6cah,Yp   <-- rvklist   0.80-3.55 ERK
    0000F4F0  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ]xv..²/Q.   <-- rvklist   0.80-3.55 ERK
    0000F500  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ]xv..²/Q.   <-- rvklist   0.80-3.55 ERK
    0000F510  9A DE 78 30 EB 74 24 5E C3 57 CE 4F 64 01 63 3E  x0t$^WOd.c>   <--- rvklist   0.80-3.55 PUBLIC
    0000F520  5A 80 48 FD 86 5F 9D 8F 1A 91 89 53 5A 37 62 3E  ZH_...SZ7b>   <--- rvklist   0.80-3.55 PUBLIC
    0000F530  29 21 42 74 63 A7 54 F7 00 00 00 00 00 00 00 00  )!BtcT........   <--- rvklist   0.80-3.55 PUBLIC
       
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    0000F630  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    3.41 Retail/CEX - isoldr
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    0000F640  59 30 21 45 AC 09 B1 EF E6 9E 9B 7A 25 FF 8F 86  Y0!E.枛z%.   <--- eid_root_key_seed_1
    0000F650  E9 F6 81 4D 37 DE 20 4D 29 72 9B 84 16 BA ED E4  .M7 M)r.   <--- eid_root_key_seed_1
    0000F660  22 70 98 65 7F 29 8C DB 6A 9B 5E 59 E4 A4 BA 2F  "pe.)j^Y䤺/   <--- eid_root_key_seed_1
    0000F670  8E 6A 74 0E 1F C1 E3 E9 35 DD D2 F6 6C DE DD 6B  jt..5lk   <--- eid_root_key_seed_1
    0000F680  AB CA AD 17 71 EF AB FC 2B 92 12 76 FA C2 13 0C  ʭ.q+.v..   <--- eid_root_key_seed_2
    0000F690  37 A6 BE 3F EF 82 C7 9F 3B A5 73 3F C3 5A 69 0B  7?ǟ;s?Zi.   <--- eid_root_key_seed_2
    0000F6A0  08 B3 58 F9 70 FA 16 A3 D2 FF E2 29 9E 84 1E E4  .Xp.).   <--- eid_root_key_seed_2
    0000F6B0  D3 DB 0E 0C 9B AE B5 1B C7 DF F1 04 67 47 2F 85  ....gG/   <--- eid_root_key_seed_2
    0000F6C0  03 AF 06 FD 1C E6 DA 36 63 61 68 2C DF 59 F9 70  ...6cah,Yp   <-- rvklist   0.80-3.55 ERK
    0000F6D0  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ]xv..²/Q.   <-- rvklist   0.80-3.55 ERK
    0000F6E0  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ]xv..²/Q.   <-- rvklist   0.80-3.55 ERK
    0000F6F0  9A DE 78 30 EB 74 24 5E C3 57 CE 4F 64 01 63 3E  x0t$^WOd.c>   <--- rvklist   0.80-3.55 PUBLIC
    0000F700  5A 80 48 FD 86 5F 9D 8F 1A 91 89 53 5A 37 62 3E  ZH_...SZ7b>   <--- rvklist   0.80-3.55 PUBLIC
    0000F710  29 21 42 74 63 A7 54 F7 00 00 00 00 00 00 00 00  )!BtcT........   <--- rvklist   0.80-3.55 PUBLIC
       
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    0000F810  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    3.55 Retail/CEX - isoldr
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    0000F5F0  59 30 21 45 AC 09 B1 EF E6 9E 9B 7A 25 FF 8F 86  Y0!E.枛z%.   <--- eid_root_key_seed_1
    0000F600  E9 F6 81 4D 37 DE 20 4D 29 72 9B 84 16 BA ED E4  .M7 M)r.   <--- eid_root_key_seed_1
    0000F610  22 70 98 65 7F 29 8C DB 6A 9B 5E 59 E4 A4 BA 2F  "pe.)j^Y䤺/   <--- eid_root_key_seed_1
    0000F620  8E 6A 74 0E 1F C1 E3 E9 35 DD D2 F6 6C DE DD 6B  jt..5lk   <--- eid_root_key_seed_1
    0000F630  AB CA AD 17 71 EF AB FC 2B 92 12 76 FA C2 13 0C  ʭ.q+.v..   <--- eid_root_key_seed_2
    0000F640  37 A6 BE 3F EF 82 C7 9F 3B A5 73 3F C3 5A 69 0B  7?ǟ;s?Zi.   <--- eid_root_key_seed_2
    0000F650  08 B3 58 F9 70 FA 16 A3 D2 FF E2 29 9E 84 1E E4  .Xp.).   <--- eid_root_key_seed_2
    0000F660  D3 DB 0E 0C 9B AE B5 1B C7 DF F1 04 67 47 2F 85  ....gG/   <--- eid_root_key_seed_2
    0000F670  03 AF 06 FD 1C E6 DA 36 63 61 68 2C DF 59 F9 70  ...6cah,Yp   <-- rvklist   0.80-3.55 ERK
    0000F680  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ]xv..²/Q.   <-- rvklist   0.80-3.55 ERK
    0000F690  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ]xv..²/Q.   <-- rvklist   0.80-3.55 ERK
    0000F6A0  9A DE 78 30 EB 74 24 5E C3 57 CE 4F 64 01 63 3E  x0t$^WOd.c>   <--- rvklist   0.80-3.55 PUBLIC
    0000F6B0  5A 80 48 FD 86 5F 9D 8F 1A 91 89 53 5A 37 62 3E  ZH_...SZ7b>   <--- rvklist   0.80-3.55 PUBLIC
    0000F6C0  29 21 42 74 63 A7 54 F7 00 00 00 00 00 00 00 00  )!BtcT........   <--- rvklist   0.80-3.55 PUBLIC
       
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    0000F740  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    3.56 Retail/CEX - isoldr
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    0000F5F0  59 30 21 45 AC 09 B1 EF E6 9E 9B 7A 25 FF 8F 86  Y0!E.枛z%.   <--- eid_root_key_seed_1
    0000F600  E9 F6 81 4D 37 DE 20 4D 29 72 9B 84 16 BA ED E4  .M7 M)r.   <--- eid_root_key_seed_1
    0000F610  22 70 98 65 7F 29 8C DB 6A 9B 5E 59 E4 A4 BA 2F  "pe.)j^Y䤺/   <--- eid_root_key_seed_1
    0000F620  8E 6A 74 0E 1F C1 E3 E9 35 DD D2 F6 6C DE DD 6B  jt..5lk   <--- eid_root_key_seed_1
    0000F630  AB CA AD 17 71 EF AB FC 2B 92 12 76 FA C2 13 0C  ʭ.q+.v..   <--- eid_root_key_seed_2
    0000F640  37 A6 BE 3F EF 82 C7 9F 3B A5 73 3F C3 5A 69 0B  7?ǟ;s?Zi.   <--- eid_root_key_seed_2
    0000F650  08 B3 58 F9 70 FA 16 A3 D2 FF E2 29 9E 84 1E E4  .Xp.).   <--- eid_root_key_seed_2
    0000F660  D3 DB 0E 0C 9B AE B5 1B C7 DF F1 04 67 47 2F 85  ....gG/   <--- eid_root_key_seed_2
    0000F670  22 62 8A 9E C4 C4 14 D5 B3 2F 2B 4B A4 92 60 89  "b.ճ/+K`
    0000F680  DE 9A 46 1B 19 0F B3 E4 39 2D 05 7C 52 55 35 DE  ޚF...9-.|RU5
    0000F690  D5 D4 B8 ED 62 B6 CC A0 24 9A 79 77 6E 13 69 75  Ըb $ywn.iu
    0000F6A0  51 75 1B 9F 1D A5 86 38 D2 D9 9F 67 E2 0A 1D 4A  Qu..8ٟg..J   <--- rvklist   3.56 PUBLIC
    0000F6B0  45 4C 5B 04 2C D1 D0 A4 49 A2 98 98 08 00 2B A6  EL[.,ФI..+   <--- rvklist   3.56 PUBLIC
    0000F6C0  8F B5 B7 F4 B5 B4 E6 3B 00 00 00 00 00 00 00 00  .;........   <--- rvklist   3.56 PUBLIC
       
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    0000F740  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    1.00 Debug/DEX - lv1ldr
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    0001CDF0  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    0001C5D0  D9 2D 65 DB 05 7D 49 E1 A6 6F 22 74 B8 BA C5 08  -e.}Io"t.
    0001C5E0  83 84 4E D7 56 CA 79 51 63 62 EA 8A DA C6 03 26  NVyQcb.&
    0001C5F0  E2 D0 5D 40 71 94 5B 01 C3 6D 51 51 E8 8C B8 33  ]@q[.mQQ茸3
    0001C600  4A AA 29 80 81 D8 C4 4F 18 5D C6 60 ED 57 56 86  J).O.]`WV
    0001C610  AB CA AD 17 71 EF AB FC 2B 92 12 76 FA C2 13 0C  ʭ.q+.v..   <--- eid_root_key_seed_2
    0001C620  37 A6 BE 3F EF 82 C7 9F 3B A5 73 3F C3 5A 69 0B  7?ǟ;s?Zi.   <--- eid_root_key_seed_2
    0001C630  08 B3 58 F9 70 FA 16 A3 D2 FF E2 29 9E 84 1E E4  .Xp.).   <--- eid_root_key_seed_2
    0001C640  D3 DB 0E 0C 9B AE B5 1B C7 DF F1 04 67 47 2F 85  ....gG/   <--- eid_root_key_seed_2
    0001C650  59 30 21 45 AC 09 B1 EF E6 9E 9B 7A 25 FF 8F 86  Y0!E.枛z%.   <--- eid_root_key_seed_1
    0001C660  E9 F6 81 4D 37 DE 20 4D 29 72 9B 84 16 BA ED E4  .M7 M)r.   <--- eid_root_key_seed_1
    0001C670  22 70 98 65 7F 29 8C DB 6A 9B 5E 59 E4 A4 BA 2F  "pe.)j^Y䤺/   <--- eid_root_key_seed_1
    0001C680  8E 6A 74 0E 1F C1 E3 E9 35 DD D2 F6 6C DE DD 6B  jt..5lk   <--- eid_root_key_seed_1
    3.15 Retail/CEX - lv1ldr
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00019A30  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
       
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00019040  59 30 21 45 AC 09 B1 EF E6 9E 9B 7A 25 FF 8F 86  Y0!E.枛z%.   <--- eid_root_key_seed_1
    00019050  E9 F6 81 4D 37 DE 20 4D 29 72 9B 84 16 BA ED E4  ��.M7 M)r.   <--- eid_root_key_seed_1
    00019060  22 70 98 65 7F 29 8C DB 6A 9B 5E 59 E4 A4 BA 2F  "pe.)j^Y䤺/   <--- eid_root_key_seed_1
    00019070  8E 6A 74 0E 1F C1 E3 E9 35 DD D2 F6 6C DE DD 6B  jt..5lk   <--- eid_root_key_seed_1
    00019080  AB CA AD 17 71 EF AB FC 2B 92 12 76 FA C2 13 0C  ʭ.q+.v..   <--- eid_root_key_seed_2
    00019090  37 A6 BE 3F EF 82 C7 9F 3B A5 73 3F C3 5A 69 0B  7?ǟ;s?Zi.   <--- eid_root_key_seed_2
    000190A0  08 B3 58 F9 70 FA 16 A3 D2 FF E2 29 9E 84 1E E4  .Xp.).   <--- eid_root_key_seed_2
    000190B0  D3 DB 0E 0C 9B AE B5 1B C7 DF F1 04 67 47 2F 85  ....gG/   <--- eid_root_key_seed_2
    000190C0  35 9F 59 BB 8C 25 6B 91 09 3A 92 00 72 03 AB B3  5Y%k.:.r.
    000190D0  3B AD F5 AC 09 A0 DC 00 58 59 D6 F1 59 C4 F5 4F  ;. .XYYO
    000190E0  92 92 14 D8 FC CB 4C E7 09 9A CE BD FC 66 12 B9  .L.νf.
    000190F0  DA 73 ED 90 20 91 8F 4C 0A 70 3D CC F8 90 61 7B  s. .L.p=.a{
    00019100  FF D2 5E 33 40 00 91 09 58 3C 64 3D F4 A2 13 24  ^3@..X<d=.$
    00019110  D2 BC FF 74 2D 57 1A 80 DF EE 5E 24 96 D1 9C 3A  Ҽt-W.^$ќ:
    00019120  6F 25 FA 0F C6 97 64 CA C2 0F 42 69 EB 54 0F D8  o%.Ɨd.BiT.
    00019130  C1 9C 7F 98 7E DB 6E 24 4B 07 BE DE FA 1E 6C C9  .~n$K..l
    00019140  F0 85 24 D9 8C 05 65 4C C7 42 14 1E 01 F8 23 E1  $ٌ.eLB...#
    00019150  E2 D0 5D 40 71 94 5B 01 C3 6D 51 51 E8 8C B8 33  ]@q[.mQQ茸3
    00019160  4A AA 29 80 81 D8 C4 4F 18 5D C6 60 ED 57 56 86  J).O.]`WV
    00019170  D9 2D 65 DB 05 7D 49 E1 A6 6F 22 74 B8 BA C5 08  -e.}Io"t.
    00019180  83 84 4E D7 56 CA 79 51 63 62 EA 8A DA C6 03 26  NVyQcb.&
    00019190  02 08 32 92 C3 05 D5 38 BC 50 E6 99 71 0C 0A 3E  ..2.8Pq..>
    000191A0  55 F5 1C BA A5 35 A3 80 30 B6 7F 79 C9 05 BD A3  U.50.y.
    000191B0  C3 B3 B5 AA CC 74 CD 6A 48 EF AB F4 4D CD F1 6E  ótjHMn
    000191C0  37 9F 55 F5 77 7D 09 FB EE DE 07 05 8E 94 BE 08  7Uw}....
    3.41 Retail/CEX - lv1ldr
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00019D20  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
       
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00019330  59 30 21 45 AC 09 B1 EF E6 9E 9B 7A 25 FF 8F 86  Y0!E.枛z%.   <--- eid_root_key_seed_1
    00019340  E9 F6 81 4D 37 DE 20 4D 29 72 9B 84 16 BA ED E4  ��.M7 M)r.   <--- eid_root_key_seed_1
    00019350  22 70 98 65 7F 29 8C DB 6A 9B 5E 59 E4 A4 BA 2F  "pe.)j^Y䤺/   <--- eid_root_key_seed_1
    00019360  8E 6A 74 0E 1F C1 E3 E9 35 DD D2 F6 6C DE DD 6B  jt..5lk   <--- eid_root_key_seed_1
    00019370  AB CA AD 17 71 EF AB FC 2B 92 12 76 FA C2 13 0C  ʭ.q+.v..   <--- eid_root_key_seed_2
    00019380  37 A6 BE 3F EF 82 C7 9F 3B A5 73 3F C3 5A 69 0B  7?ǟ;s?Zi.   <--- eid_root_key_seed_2
    00019390  08 B3 58 F9 70 FA 16 A3 D2 FF E2 29 9E 84 1E E4  .Xp.).   <--- eid_root_key_seed_2
    000193A0  D3 DB 0E 0C 9B AE B5 1B C7 DF F1 04 67 47 2F 85  ....gG/   <--- eid_root_key_seed_2
    000193B0  35 9F 59 BB 8C 25 6B 91 09 3A 92 00 72 03 AB B3  5Y%k.:.r.
    000193C0  3B AD F5 AC 09 A0 DC 00 58 59 D6 F1 59 C4 F5 4F  ;. .XYYO
    000193D0  92 92 14 D8 FC CB 4C E7 09 9A CE BD FC 66 12 B9  .L.νf.
    000193E0  DA 73 ED 90 20 91 8F 4C 0A 70 3D CC F8 90 61 7B  s. .L.p=.a{
    000193F0  FF D2 5E 33 40 00 91 09 58 3C 64 3D F4 A2 13 24  ^3@..X<d=.$
    00019400  D2 BC FF 74 2D 57 1A 80 DF EE 5E 24 96 D1 9C 3A  Ҽt-W.^$ќ:
    00019410  6F 25 FA 0F C6 97 64 CA C2 0F 42 69 EB 54 0F D8  o%.Ɨd.BiT.
    00019420  C1 9C 7F 98 7E DB 6E 24 4B 07 BE DE FA 1E 6C C9  .~n$K..l
    00019430  F0 85 24 D9 8C 05 65 4C C7 42 14 1E 01 F8 23 E1  $ٌ.eLB...#
    00019440  E2 D0 5D 40 71 94 5B 01 C3 6D 51 51 E8 8C B8 33  ]@q[.mQQ茸3
    00019450  4A AA 29 80 81 D8 C4 4F 18 5D C6 60 ED 57 56 86  J).O.]`WV
    00019460  D9 2D 65 DB 05 7D 49 E1 A6 6F 22 74 B8 BA C5 08  -e.}Io"t.
    00019470  83 84 4E D7 56 CA 79 51 63 62 EA 8A DA C6 03 26  NVyQcb.&
    00019480  02 08 32 92 C3 05 D5 38 BC 50 E6 99 71 0C 0A 3E  ..2.8Pq..>
    00019490  55 F5 1C BA A5 35 A3 80 30 B6 7F 79 C9 05 BD A3  U.50.y.
    000194A0  C3 B3 B5 AA CC 74 CD 6A 48 EF AB F4 4D CD F1 6E  ótjHMn
    000194B0  37 9F 55 F5 77 7D 09 FB EE DE 07 05 8E 94 BE 08  7Uw}....
    3.55 Retail/CEX - lv1ldr
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00019BF0  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
       
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00019280  59 30 21 45 AC 09 B1 EF E6 9E 9B 7A 25 FF 8F 86  Y0!E.枛z%.   <--- eid_root_key_seed_1
    00019290  E9 F6 81 4D 37 DE 20 4D 29 72 9B 84 16 BA ED E4  ��.M7 M)r.   <--- eid_root_key_seed_1
    000192A0  22 70 98 65 7F 29 8C DB 6A 9B 5E 59 E4 A4 BA 2F  "pe.)j^Y䤺/   <--- eid_root_key_seed_1
    000192B0  8E 6A 74 0E 1F C1 E3 E9 35 DD D2 F6 6C DE DD 6B  jt..5lk   <--- eid_root_key_seed_1
    000192C0  AB CA AD 17 71 EF AB FC 2B 92 12 76 FA C2 13 0C  ʭ.q+.v..   <--- eid_root_key_seed_2
    000192D0  37 A6 BE 3F EF 82 C7 9F 3B A5 73 3F C3 5A 69 0B  7?ǟ;s?Zi.   <--- eid_root_key_seed_2
    000192E0  08 B3 58 F9 70 FA 16 A3 D2 FF E2 29 9E 84 1E E4  .Xp.).   <--- eid_root_key_seed_2
    000192F0  D3 DB 0E 0C 9B AE B5 1B C7 DF F1 04 67 47 2F 85  ....gG/   <--- eid_root_key_seed_2
    00019300  35 9F 59 BB 8C 25 6B 91 09 3A 92 00 72 03 AB B3  5Y%k.:.r.
    00019310  3B AD F5 AC 09 A0 DC 00 58 59 D6 F1 59 C4 F5 4F  ;. .XYYO
    00019320  92 92 14 D8 FC CB 4C E7 09 9A CE BD FC 66 12 B9  .L.νf.
    00019330  DA 73 ED 90 20 91 8F 4C 0A 70 3D CC F8 90 61 7B  s. .L.p=.a{
    00019340  FF D2 5E 33 40 00 91 09 58 3C 64 3D F4 A2 13 24  ^3@..X<d=.$
    00019350  D2 BC FF 74 2D 57 1A 80 DF EE 5E 24 96 D1 9C 3A  Ҽt-W.^$ќ:
    00019360  6F 25 FA 0F C6 97 64 CA C2 0F 42 69 EB 54 0F D8  o%.Ɨd.BiT.
    00019370  C1 9C 7F 98 7E DB 6E 24 4B 07 BE DE FA 1E 6C C9  .~n$K..l
    00019380  F0 85 24 D9 8C 05 65 4C C7 42 14 1E 01 F8 23 E1  $ٌ.eLB...#
    00019390  E2 D0 5D 40 71 94 5B 01 C3 6D 51 51 E8 8C B8 33  ]@q[.mQQ茸3
    000193A0  4A AA 29 80 81 D8 C4 4F 18 5D C6 60 ED 57 56 86  J).O.]`WV
    000193B0  D9 2D 65 DB 05 7D 49 E1 A6 6F 22 74 B8 BA C5 08  -e.}Io"t.
    000193C0  83 84 4E D7 56 CA 79 51 63 62 EA 8A DA C6 03 26  NVyQcb.&
    000193D0  02 08 32 92 C3 05 D5 38 BC 50 E6 99 71 0C 0A 3E  ..2.8Pq..>
    000193E0  55 F5 1C BA A5 35 A3 80 30 B6 7F 79 C9 05 BD A3  U.50.y.
    000193F0  C3 B3 B5 AA CC 74 CD 6A 48 EF AB F4 4D CD F1 6E  ótjHMn
    00019400  37 9F 55 F5 77 7D 09 FB EE DE 07 05 8E 94 BE 08  7Uw}....
    3.56 Retail/CEX - lv1ldr
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00019BF0  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
       
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00019280  59 30 21 45 AC 09 B1 EF E6 9E 9B 7A 25 FF 8F 86  Y0!E.枛z%.   <--- eid_root_key_seed_1
    00019290  E9 F6 81 4D 37 DE 20 4D 29 72 9B 84 16 BA ED E4  ��.M7 M)r.   <--- eid_root_key_seed_1
    000192A0  22 70 98 65 7F 29 8C DB 6A 9B 5E 59 E4 A4 BA 2F  "pe.)j^Y䤺/   <--- eid_root_key_seed_1
    000192B0  8E 6A 74 0E 1F C1 E3 E9 35 DD D2 F6 6C DE DD 6B  jt..5lk   <--- eid_root_key_seed_1
    000192C0  AB CA AD 17 71 EF AB FC 2B 92 12 76 FA C2 13 0C  ʭ.q+.v..   <--- eid_root_key_seed_2
    000192D0  37 A6 BE 3F EF 82 C7 9F 3B A5 73 3F C3 5A 69 0B  7?ǟ;s?Zi.   <--- eid_root_key_seed_2
    000192E0  08 B3 58 F9 70 FA 16 A3 D2 FF E2 29 9E 84 1E E4  .Xp.).   <--- eid_root_key_seed_2
    000192F0  D3 DB 0E 0C 9B AE B5 1B C7 DF F1 04 67 47 2F 85  ....gG/   <--- eid_root_key_seed_2
    00019300  35 9F 59 BB 8C 25 6B 91 09 3A 92 00 72 03 AB B3  5Y%k.:.r.
    00019310  3B AD F5 AC 09 A0 DC 00 58 59 D6 F1 59 C4 F5 4F  ;. .XYYO
    00019320  92 92 14 D8 FC CB 4C E7 09 9A CE BD FC 66 12 B9  .L.νf.
    00019330  DA 73 ED 90 20 91 8F 4C 0A 70 3D CC F8 90 61 7B  s. .L.p=.a{
    00019340  FF D2 5E 33 40 00 91 09 58 3C 64 3D F4 A2 13 24  ^3@..X<d=.$
    00019350  D2 BC FF 74 2D 57 1A 80 DF EE 5E 24 96 D1 9C 3A  Ҽt-W.^$ќ:
    00019360  6F 25 FA 0F C6 97 64 CA C2 0F 42 69 EB 54 0F D8  o%.Ɨd.BiT.
    00019370  C1 9C 7F 98 7E DB 6E 24 4B 07 BE DE FA 1E 6C C9  .~n$K..l
    00019380  F0 85 24 D9 8C 05 65 4C C7 42 14 1E 01 F8 23 E1  $ٌ.eLB...#
    00019390  E2 D0 5D 40 71 94 5B 01 C3 6D 51 51 E8 8C B8 33  ]@q[.mQQ茸3
    000193A0  4A AA 29 80 81 D8 C4 4F 18 5D C6 60 ED 57 56 86  J).O.]`WV
    000193B0  D9 2D 65 DB 05 7D 49 E1 A6 6F 22 74 B8 BA C5 08  -e.}Io"t.
    000193C0  83 84 4E D7 56 CA 79 51 63 62 EA 8A DA C6 03 26  NVyQcb.&
    000193D0  02 08 32 92 C3 05 D5 38 BC 50 E6 99 71 0C 0A 3E  ..2.8Pq..>
    000193E0  55 F5 1C BA A5 35 A3 80 30 B6 7F 79 C9 05 BD A3  U.50.y.
    000193F0  C3 B3 B5 AA CC 74 CD 6A 48 EF AB F4 4D CD F1 6E  ótjHMn
    00019400  37 9F 55 F5 77 7D 09 FB EE DE 07 05 8E 94 BE 08  7Uw}....
    1.00 Debug/DEX - lv2ldr
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00015120  AF AF 5E 96 AF 39 6C BB 69 07 10 82 C4 6A 8F 34  ^9li..j.4
    00015130  A0 30 E8 ED B7 99 E0 A7 BE 00 AA 26 4D FF 3A EB   0৾.&M:
    00015140  F7 92 39 20 D5 59 40 4D 00 00 00 00 00 00 00 00  9 Y@M........
    00015150  97 69 BF D1 87 B9 09 90 AE 5F EA 4E 11 0B 9C F5  iч.._N..
    00015160  94 30 3F 69 51 35 72 AB 5A E1 7C 8C 2A 18 39 D2  0?iQ5rZ|*.9
    00015170  C2 4C 28 F6 53 89 D3 BB B1 18 94 CE 23 E0 79 8F  L(Sӻ.#y.
    00015180  9A DE 78 30 EB 74 24 5E C3 57 CE 4F 64 01 63 3E  x0t$^WOd.c>   <--- rvklist   0.80-3.55 PUBLIC
    00015190  5A 80 48 FD 86 5F 9D 8F 1A 91 89 53 5A 37 62 3E  ZH_...SZ7b>   <--- rvklist   0.80-3.55 PUBLIC
    000151A0  29 21 42 74 63 A7 54 F7 00 00 00 00 00 00 00 00  )!BtcT........   <--- rvklist   0.80-3.55 PUBLIC
    000151B0  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ]xv..²/Q.   <-- rvklist   0.80-3.55 ERK
    000151C0  03 AF 06 FD 1C E6 DA 36 63 61 68 2C DF 59 F9 70  ...6cah,Yp   <-- rvklist   0.80-3.55 ERK
    000151D0  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ]xv..²/Q.   <-- rvklist   0.80-3.55 ERK
    1.00 Debug/DEX - spu_pkg_rvk_verifier.self
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00016FF0  40 1C 4A A6 3B 2C 8D 44 E2 45 F0 74 DA E7 78 2A  @.J;,.DEtx*   <--- aim_compare
    00017000  36 0D 1E 8E E2 11 6B DF 6F 0D 8A 3C C1 7B E3 8F  6...ko.<{.   <--- aim_compare
    00017010  EA 48 B5 71 F4 D2 6D ED 00 00 00 00 00 00 00 00  Hqm........   <--- aim_compare
    00017020  51 F7 8B 72 A6 47 11 CF 5C 72 32 3F B8 60 7A 00  QrG.\r2?`z.   <--- aim_iv
    00017030  92 2B 19 8C DF 0C 07 DC CE 84 8B 69 88 2D 80 4C  +...΄i-L   <--- aim_key
    00017040  C2 3F 19 C2 EA E1 24 4F 35 AF 17 6F 7F D3 78 51  ?.$O5.o.xQ   <--- aim_key
    00017050  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1 (is not in 3.15-3.56 Retail/CEX)
    00017060  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  09]ŃZ:yJ   <--- aim_ks_4
       
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00016E10  9A DE 78 30 EB 74 24 5E C3 57 CE 4F 64 01 63 3E  x0t$^WOd.c>   <--- rvklist   0.80-3.55 PUBLIC
    00016E20  5A 80 48 FD 86 5F 9D 8F 1A 91 89 53 5A 37 62 3E  ZH_...SZ7b>   <--- rvklist   0.80-3.55 PUBLIC
    00016E30  29 21 42 74 63 A7 54 F7 00 00 00 00 00 00 00 00  )!BtcT........   <--- rvklist   0.80-3.55 PUBLIC
    00016E40  03 AF 06 FD 1C E6 DA 36 63 61 68 2C DF 59 F9 70  ...6cah,Yp   <-- rvklist   0.80-3.55 ERK
    00016E50  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ]xv..²/Q.   <-- rvklist   0.80-3.55 ERK
    00016E60  41 DA 1A 8F 74 FF 8D 3F 1C E2 0E F3 E9 D8 86 5C  A..t.?..؆\   <--- spu_pkg_rvk_verifier   0.80-3.55 PUBLIC
    00016E70  96 01 4F E3 73 CA 14 3C 9B AD ED F2 D9 D3 C7 57  .Os.<W   <--- spu_pkg_rvk_verifier   0.80-3.55 PUBLIC
    00016E80  33 07 11 5C CF E0 4F 13 00 00 00 00 00 00 00 00  3..\��O.........   <--- spu_pkg_rvk_verifier   0.80-3.55 PUBLIC
    00016E90  A9 78 18 BD 19 3A 67 A1 6F E8 3A 85 5E 1B E9 FB  x..:go:^.   <--- spu_pkg_rvk_verifier   0.80-3.55 ERK
    00016EA0  56 40 93 8D 4D BC B2 CB 52 C5 A2 F8 B0 2B 10 31  V@.MRŢ+.1   <--- spu_pkg_rvk_verifier   0.80-3.55 ERK
    1.00 Debug/DEX - spu_token_processor.self
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    0000A420  40 1C 4A A6 3B 2C 8D 44 E2 45 F0 74 DA E7 78 2A  @.J;,.DEtx*   <--- aim_compare
    0000A430  36 0D 1E 8E E2 11 6B DF 6F 0D 8A 3C C1 7B E3 8F  6...ko.<{.   <--- aim_compare
    0000A440  EA 48 B5 71 F4 D2 6D ED 00 00 00 00 00 00 00 00  Hqm........   <--- aim_compare
    0000A450  51 F7 8B 72 A6 47 11 CF 5C 72 32 3F B8 60 7A 00  QrG.\r2?`z.   <--- aim_iv
    0000A460  92 2B 19 8C DF 0C 07 DC CE 84 8B 69 88 2D 80 4C  +...΄i-L   <--- aim_key
    0000A470  C2 3F 19 C2 EA E1 24 4F 35 AF 17 6F 7F D3 78 51  ?.$O5.o.xQ   <--- aim_key
    0000A480  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    0000A490  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  09]ŃZ:yJ   <--- aim_ks_4
    3.15 Retail/CEX - spu_token_processor.self
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00004840  34 18 12 37 62 91 37 1C 8B C7 56 FF FC 61 15 25  4..7b7.Va.%
    00004850  40 3F 95 A8 EF 9D 0C 99 64 82 EE C2 16 B5 62 ED  @?���..d.b
    00004860  CC 30 C4 22 91 13 DB 25 73 35 53 AF D0 6E 87 62  0".%s5Snb
    00004870  B3 72 9D 9E FA A6 D5 F3 5A 6F 58 BF 38 FF 8B 5F  r.ZoX8_
    00004880  58 A2 5B D9 C9 B5 0B 01 D1 AB 40 28 67 69 68 EA  X[ɵ..ѫ@(gih
    00004890  C7 F8 88 33 B6 62 93 5D 75 06 A6 B5 E0 F9 D9 7A  3b]u.z
    000048A0  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  09]ŃZ:yJ   <--- aim_ks_4
    000048B0  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    000048C0  92 2B 19 8C DF 0C 07 DC CE 84 8B 69 88 2D 80 4C  +...΄i-L   <--- aim_key
    000048D0  C2 3F 19 C2 EA E1 24 4F 35 AF 17 6F 7F D3 78 51  ?.$O5.o.xQ   <--- aim_key
    000048E0  51 F7 8B 72 A6 47 11 CF 5C 72 32 3F B8 60 7A 00  QrG.\r2?`z.   <--- aim_iv
    000048F0  40 1C 4A A6 3B 2C 8D 44 E2 45 F0 74 DA E7 78 2A  @.J;,.DEtx*   <--- aim_compare
    00004900  36 0D 1E 8E E2 11 6B DF 6F 0D 8A 3C C1 7B E3 8F  6...ko.<{.   <--- aim_compare
    00004910  EA 48 B5 71 F4 D2 6D ED 00 00 00 00 00 00 00 00  Hqm........   <--- aim_compare
    3.41 Retail/CEX - spu_token_processor.self
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00004840  34 18 12 37 62 91 37 1C 8B C7 56 FF FC 61 15 25  4..7b7.Va.%
    00004850  40 3F 95 A8 EF 9D 0C 99 64 82 EE C2 16 B5 62 ED  @?..d.b
    00004860  CC 30 C4 22 91 13 DB 25 73 35 53 AF D0 6E 87 62  0".%s5Snb
    00004870  B3 72 9D 9E FA A6 D5 F3 5A 6F 58 BF 38 FF 8B 5F  r.ZoX8_
    00004880  58 A2 5B D9 C9 B5 0B 01 D1 AB 40 28 67 69 68 EA  X[ɵ..ѫ@(gih
    00004890  C7 F8 88 33 B6 62 93 5D 75 06 A6 B5 E0 F9 D9 7A  3b]u.z
    000048A0  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  09]ŃZ:yJ   <--- aim_ks_4
    000048B0  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    000048C0  92 2B 19 8C DF 0C 07 DC CE 84 8B 69 88 2D 80 4C  +...΄i-L   <--- aim_key
    000048D0  C2 3F 19 C2 EA E1 24 4F 35 AF 17 6F 7F D3 78 51  ?.$O5.o.xQ   <--- aim_key
    000048E0  51 F7 8B 72 A6 47 11 CF 5C 72 32 3F B8 60 7A 00  QrG.\r2?`z.   <--- aim_iv
    000048F0  40 1C 4A A6 3B 2C 8D 44 E2 45 F0 74 DA E7 78 2A  @.J;,.DEtx*   <--- aim_compare
    00004900  36 0D 1E 8E E2 11 6B DF 6F 0D 8A 3C C1 7B E3 8F  6...ko.<{.   <--- aim_compare
    00004910  EA 48 B5 71 F4 D2 6D ED 00 00 00 00 00 00 00 00  Hqm........   <--- aim_compare
    3.55 Retail/CEX - spu_token_processor.self
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00004700  34 18 12 37 62 91 37 1C 8B C7 56 FF FC 61 15 25  4..7b7.Va.%
    00004710  40 3F 95 A8 EF 9D 0C 99 64 82 EE C2 16 B5 62 ED  @?..d.b
    00004720  CC 30 C4 22 91 13 DB 25 73 35 53 AF D0 6E 87 62  0".%s5Snb
    00004730  B3 72 9D 9E FA A6 D5 F3 5A 6F 58 BF 38 FF 8B 5F  r.ZoX8_
    00004740  58 A2 5B D9 C9 B5 0B 01 D1 AB 40 28 67 69 68 EA  X[ɵ..ѫ@(gih
    00004750  C7 F8 88 33 B6 62 93 5D 75 06 A6 B5 E0 F9 D9 7A  3b]u.z
    00004760  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  09]ŃZ:yJ   <--- aim_ks_4
    00004770  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    3.56 Retail/CEX - spu_token_processor.self
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00004700  34 18 12 37 62 91 37 1C 8B C7 56 FF FC 61 15 25  4..7b7.Va.%
    00004710  40 3F 95 A8 EF 9D 0C 99 64 82 EE C2 16 B5 62 ED  @?..d.b
    00004720  CC 30 C4 22 91 13 DB 25 73 35 53 AF D0 6E 87 62  0".%s5Snb
    00004730  B3 72 9D 9E FA A6 D5 F3 5A 6F 58 BF 38 FF 8B 5F  r.ZoX8_
    00004740  58 A2 5B D9 C9 B5 0B 01 D1 AB 40 28 67 69 68 EA  X[ɵ..ѫ@(gih
    00004750  C7 F8 88 33 B6 62 93 5D 75 06 A6 B5 E0 F9 D9 7A  3b]u.z
    00004760  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  09]ŃZ:yJ   <--- aim_ks_4
    00004770  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    3.15 Retail/CEX - spu_utoken_processor.self
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00005110  D1 CB 1C 81 AC E3 5F 3D 97 0D DE 72 3A 62 29 35  .._=.r:b)5
    00005120  51 6F 98 D0 F0 DB 3E 15 1D E2 B7 A2 E3 4B D7 36  Qo>..ⷢK6
    00005130  57 2C 98 77 47 A4 A0 A6 A1 E7 15 96 3D 0D CC CA  W,wG .=.
    00005140  28 A8 A9 4B 5B 52 94 72 EF 1A 4E FF EB 29 78 F9  (K[Rr.N)x
    00005150  9B D0 A9 D4 24 38 DB 73 1B 44 3C 9D C7 94 4A 13  Щ$8s.D<.ǔJ.
    00005160  AC 7B 40 FC A5 7D FE 33 D2 12 FB A8 6C BE BC BA  {@}3.l
    00005170  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  09]ŃZ:yJ   <--- aim_ks_4
    00005180  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    00005190  92 2B 19 8C DF 0C 07 DC CE 84 8B 69 88 2D 80 4C  +...΄i-L   <--- aim_key
    000051A0  C2 3F 19 C2 EA E1 24 4F 35 AF 17 6F 7F D3 78 51  ?.$O5.o.xQ   <--- aim_key
    000051B0  51 F7 8B 72 A6 47 11 CF 5C 72 32 3F B8 60 7A 00  QrG.\r2?`z.   <--- aim_iv
    000051C0  40 1C 4A A6 3B 2C 8D 44 E2 45 F0 74 DA E7 78 2A  @.J;,.DEtx*   <--- aim_compare
    000051D0  36 0D 1E 8E E2 11 6B DF 6F 0D 8A 3C C1 7B E3 8F  6...ko.<{.   <--- aim_compare
    000051E0  EA 48 B5 71 F4 D2 6D ED 00 00 00 00 00 00 00 00  Hqm........   <--- aim_compare
    3.41 Retail/CEX - spu_utoken_processor.self
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00005110  D1 CB 1C 81 AC E3 5F 3D 97 0D DE 72 3A 62 29 35  .._=.r:b)5
    00005120  51 6F 98 D0 F0 DB 3E 15 1D E2 B7 A2 E3 4B D7 36  Qo>..ⷢK6
    00005130  57 2C 98 77 47 A4 A0 A6 A1 E7 15 96 3D 0D CC CA  W,wG .=.
    00005140  28 A8 A9 4B 5B 52 94 72 EF 1A 4E FF EB 29 78 F9  (K[Rr.N)x
    00005150  9B D0 A9 D4 24 38 DB 73 1B 44 3C 9D C7 94 4A 13  Щ$8s.D<.ǔJ.
    00005160  AC 7B 40 FC A5 7D FE 33 D2 12 FB A8 6C BE BC BA  {@}3.l
    00005170  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  09]ŃZ:yJ   <--- aim_ks_4
    00005180  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    00005190  92 2B 19 8C DF 0C 07 DC CE 84 8B 69 88 2D 80 4C  +...΄i-L   <--- aim_key
    000051A0  C2 3F 19 C2 EA E1 24 4F 35 AF 17 6F 7F D3 78 51  ?.$O5.o.xQ   <--- aim_key
    000051B0  51 F7 8B 72 A6 47 11 CF 5C 72 32 3F B8 60 7A 00  QrG.\r2?`z.   <--- aim_iv
    000051C0  40 1C 4A A6 3B 2C 8D 44 E2 45 F0 74 DA E7 78 2A  @.J;,.DEtx*   <--- aim_compare
    000051D0  36 0D 1E 8E E2 11 6B DF 6F 0D 8A 3C C1 7B E3 8F  6...ko.<{.   <--- aim_compare
    000051E0  EA 48 B5 71 F4 D2 6D ED 00 00 00 00 00 00 00 00  Hqm........   <--- aim_compare
    3.55 Retail/CEX - spu_utoken_processor.self
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00004FD0  D1 CB 1C 81 AC E3 5F 3D 97 0D DE 72 3A 62 29 35  .._=.r:b)5
    00004FE0  51 6F 98 D0 F0 DB 3E 15 1D E2 B7 A2 E3 4B D7 36  Qo>..ⷢK6
    00004FF0  57 2C 98 77 47 A4 A0 A6 A1 E7 15 96 3D 0D CC CA  W,wG .=.
    00005000  28 A8 A9 4B 5B 52 94 72 EF 1A 4E FF EB 29 78 F9  (K[Rr.N)x
    00005010  9B D0 A9 D4 24 38 DB 73 1B 44 3C 9D C7 94 4A 13  Щ$8s.D<.ǔJ.
    00005020  AC 7B 40 FC A5 7D FE 33 D2 12 FB A8 6C BE BC BA  {@}3.l
    00005030  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  09]ŃZ:yJ   <--- aim_ks_4
    00005040  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    3.56 Retail/CEX - spu_utoken_processor.self
    Code:
    Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    00004FE0  D1 CB 1C 81 AC E3 5F 3D 97 0D DE 72 3A 62 29 35  .._=.r:b)5
    00004FF0  51 6F 98 D0 F0 DB 3E 15 1D E2 B7 A2 E3 4B D7 36  Qo>..ⷢK6
    00005000  57 2C 98 77 47 A4 A0 A6 A1 E7 15 96 3D 0D CC CA  W,wG .=.
    00005010  28 A8 A9 4B 5B 52 94 72 EF 1A 4E FF EB 29 78 F9  (K[Rr.N)x
    00005020  9B D0 A9 D4 24 38 DB 73 1B 44 3C 9D C7 94 4A 13  Щ$8s.D<.ǔJ.
    00005030  AC 7B 40 FC A5 7D FE 33 D2 12 FB A8 6C BE BC BA  {@}3.l
    00005040  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  09]ŃZ:yJ   <--- aim_ks_4
    00005050  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  ...UEEj2..   <--- eid0_iv_seed_1
    In related news, Sony PlayStation 3 hacker Mathieulh [Register or Login to view links] the following comments on what appears to be the PS3 Firmware 3.73 lv0 bootloader decrypted:

    Boot Loader SE Version 3.7.3 (Build ID: 4611,48369, Build Date: 2011-10-12_12:31:19) What's taking you so long ? [Register or Login to view links]


    Boot Loader SE Version 3.6.6 (Build ID: 4534,47762, Build Date: 2011-06-16_13:24:46) I am bored....

    Oh ! that's nothing just a little string from the 3.73 lv0....

    By the way, I won't be posting keys, I won't be posting dumps and I won't be saying how it was done, time to work gentlemen.

    It's a command prompt because I am using my own tool to decrypt selfs to elf and not the buggy unself. Not like an unself prompt couldn't be faked though.

    You can't sign lv0 on a cech-3000 sorry. No, the new bootloader uses a new keyset.

    The build number should be proof enough, as long as you can get your hands on a decrypted lv0 that is. Posting keys is not an option, posting hashes of the keys wouldn't bring you any additional proof because you have no way of verifying those, besides Sony's lawyers would claim that I'd be posting encrypted forms of the keys like they did in the fail0verflow trial, and I am not posting screenshots because lv0 contains copyrighted code.

    So unless you have any other "proof" in mind that I could post legally without fearing prosecutions, feel free to tell me about these.

    I am definitely not releasing it anyway, I've already said how I am not releasing anything anymore, EVER. I am a man of my word.

    By the way instead of demanding, people should start looking at my "pwning metldr the "easy" way" post where I gave the first steps into exploiting the bootloader and one of the required exploits and start working from that, there is no point in making demands, asking for "proofs", keys and whatnot, I won't be sharing these, so you'd better start working; I've given you a nice starting point.

    I am done talking about lv0 decryption, feel free to resume this talk once it becomes public and people can verify the strings I posted.

    Although unconfirmed, [Register or Login to view links] has Tweeted the following: Don't flame ppl!.. lv0 decrypted from my debug console!! [Register or Login to view links]

    Posted a little preview of the ps3swu.self from 4.00 - [Register or Login to view links]



    Shortly following, he Tweeted (twitter.com/#!/eitjuhh/status/144763029224038400): Found new keys in OFW 4.00 !! doesn't know which keys they are at this moment!.. but i think the new twitter.com/#!/eitjuhh/status/144763029224038400/photo/1


    bit i think they are the new klic_dec_key keys sony wrote them twice in other ofw's now 3 times?? [Register or Login to view links]

    60 00 00 00 E8 01 00 80 38 21 00 70 7C 08 03 A6 --- Second new key found!

    And he Tweeted (twitter.com/#!/eitjuhh/status/145054115750346752): Yesterday I did a second test! CFW is RUNNING ppl!!.. Tonight I will build in Peek&Poke! Video: soon, Release: Before Christmas !

    From Sony PS3 hacker xorloser (CitizenX of scene release group PARADOX) via [Register or Login to view links]:

    V3.60 and above have the secrets encrypted inside lv0, and the lv0 keys are not publicly available.

    lv0ldr loads lv0 direct from flash rather than from memory, plus nothing else is running at this stage. So trickier, but doable.

    From zecoxao comes a brief guide: How to Dump BOOTLDR Unencrypted (Decrypted)

    Things you'll need:
    • PS3 on 3.55 OTHEROS++ (this was tested on a slim, but phats are probably achievable aswell)
    • Latest linux kernel (or any of the 3.x.x kernels by glevand precompiled)
    • Knowledge of linux ( such as , creating symlinks (ln -s), editing kboot.conf, sudoing, etc)

    In case you don't have the latest kernel, but already have one installed distro: gitbrew.org/~glevand/ps3/linux/linux-3/linux-3.3.3-build.tar.bz2
    Code:
    wget that
    tar -xvf that
    cd to the discompacted folder
    and cp -R * /
    and then edit /etc/kboot.conf in the following manners
    
    Test=/boot/vmlinux root=/dev/"device here" (mine is dd1 because of Red Ribbon, so use yours accordingly)
    And now for the fun part:
    Code:
    sudo passwd (in case you haven't set a passwd for su)
    su
    ln -s /dev/ps3flashf /dev/ps3flash
    ps3-dump-bootloader > bootldr.bin
    PS: Lv0 keys are STILL encrypted, so don't complain, you have your precious bootldr there, have fun with it.

    Finally, from anonymous (via pastie.org/pastes/5090091/) comes a PS3 dump bootldr how to exploit:

    Must have a dex 3.55 real or made dex 3.55 ps3 also duel nand/nor installed chip base. In a 3.55 dex console, prepare a lv0.self with the metadata exploit. reboot. lv0 will hang since lv0.self will not run properly. bootldr will send info to lv0 before it hangs, after it decrypts it, running dex with certain switches set up like boot in dev mode Will allow this hang dump of bootldr to be saved to the local store.

    But, essentially you will have a bricked ps3 so recovery of the local store wont happen. This is where the duel nand/nor comes in handy and allows you to recover from this and replace your messed up lv0.self with the original to boot up and recover the local store dump and the decrypted bootldr. This will allow the keys to bootldr these keys cannot be changed with any update.

    We can then exploit lv0. The exploit of bootldr/lv0 will allow the ability to change the way private keys are made or give us the ability to reset up the private key fail and resign packages with any new firmwares.

    This although is just a "well tested Theory" of course.

    PS3 Metldr / Per Console Key0 Update, LV0 Bootloader Decrypted?

    PS3 Metldr / Per Console Key0 Update, LV0 Bootloader Decrypted?

    PS3 Metldr / Per Console Key0 Update, LV0 Bootloader Decrypted?

    More PlayStation 3 News...
    Attached Thumbnails<br><br> Attached Thumbnails

    newbitmapimage6k.png   newbitmapimage4z.png   eib.gif   newbitmapimage3a.png   newbitmapimage5us.png   Boot Loader SE Version 3.7.3-446806616.jpg  

    Attached Files Attached Files

  2. #72
    Toucan Sam CJPC's Avatar
    Join Date
    Apr 2005
    Posts
    2,174
    Sponsored Links
    Sponsored Links
    It's really amazing what people can come up with, and props to those who release what they did, instead of not sharing. Of course, it's going to need a bit more work and polish- not for anyone without a decent skill level. I'll admit, I got confused just reading some of it! However, it's great that the scene is moving onward, after a little bit of a speedbump!

    Also from Nodex: First lv0 then a bootldr. Here lv0 dump but one side. More pastes coming.

    ..pastes..
    lv0 dump (one side) - [Register or Login to view links] (firmware 3.73).
    lv0 stuff [Register or Login to view links]
    chain of trust/bootldr? last things maybe keys? [Register or Login to view links]
    Attached Thumbnails<br><br> Attached Thumbnails

    WHATEVER.pdf   AfpwqgOCMAAxpZi.png   Af_Mv7YCAAAhd9p.png   AgJNNUXCIAAJl09.png  
    Attached Files Attached Files

  3. #73
    Banned User CS67700's Avatar
    Join Date
    Oct 2011
    Posts
    84
    Sponsored Links
    Sponsored Links
    We're almost there boys.

  4. #74
    Junior Member 404's Avatar
    Join Date
    Sep 2010
    Posts
    13
    I will be looking into a real cex->dex now that we have this info.....

  5. #75
    Banned User
    Join Date
    Feb 2011
    Posts
    278
    Quote Originally Posted by PS3 News View Post
    By the way, I won't be posting keys, I won't be posting dumps and I won't be saying how it was done, time to work gentlemen.
    WHY does he do this? He's as good as all the fakes. Not releasing something is equal to a fake.

    Nice find to all the others who released this. Hope this comes to something useful in the near future.

  6. #76
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    27,820
    Quote Originally Posted by 404 View Post
    I will be looking into a real cex->dex now that we have this info.....
    I know that is something CJPC has always considered the "holy grail" so definitely looking forward to progress on that front as well.

    The Mathieulh lv0 bootloader decryption also looks promising even if he doesn't share it directly, as others will sort it out and make good use of it I'm sure (or another leak ). Anything to get away from the "buy yet another dongle" approach in the PS3 scene is a step in the right direction in my opinion.
    Attached Files Attached Files

  7. #77
    Senior Member HeyManHRU's Avatar
    Join Date
    Dec 2010
    Posts
    3,020
    That's the single longest post I've ever seen. I don't know what all those codes mean, but if it means something good I'm happy.

  8. #78
    Junior Member 404's Avatar
    Join Date
    Sep 2010
    Posts
    13
    Math actually did a lot of work, just because he didn't release it doesn't mean it's not his work (In reference to the metldr exploit)

    Thing's that are now possible afaik (With your per console key, more info in the doc's)

    Better Cex->Dex
    Better 3.5x cfw
    Decryption of any revision lv0

  9. #79
    Banned User
    Join Date
    Feb 2011
    Posts
    278
    yea, if the did some of it or most of it then good on him but don't go telling everyone you've got the keys but not releasing them, that's just saying your a prick and actually hate the scene.

    Everyone is after the 3.6+ keys and if he's got them and telling everyone he's just a prick for that. We've been trying to get them since 3.60 came out so if he's holding back it doesn't matter what else he releases that's what we are after and he's holding them back.

    I don't believe a word he says as I think its all lies. I can say a lot and not release anything, does that make what I say real? no, then why does everyone believe what he says?

    Oh, I have the 3.73 keys and I have a 3.73CFW but I won't release it. Do you believe me? I doubt it so why believe and listen to anything he says? I bet he probably didn't do anything with this last release, he probably stole it from someone else and just put his name on it.

    When I find something I release it. I've helped out and released more than he has as I actually release what I find and not hold back.

  10. #80
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    27,820
    Well, he isn't the only one with the ability to acquire new keys though... as I posted a week ago HERE via IRC:

    BrandonW (of TI-84/Plus PS3 JailBreak and Payload fame) confirmed he has the 3.72 keys, and stated that although he can't share them (he doesn't want to become the next GeoHot I'm sure) he is willing to teach some others how to acquire them on their own.

    So... as long as they get leaked or make their way to those who can put them to use (even if it isn't through a direct public unveil of the keys ala GeoHot to avoid legal hassles) I still think it means good things will come of it.

 

Sponsored Links
Page 8 of 21 FirstFirst ... 67891018 ... LastLast
Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News