Results 1 to 7 of 7



  1. #1
    Senior Member nathanr3269's Avatar
    Join Date
    Jan 2010
    Posts
    99

    PS3 XMB eEIDx Dumper Tool Out, Dumps eEID / EID0-EID5 via USB


    Following up on my previous release, today I present another PlayStation 3 homebrew tool called PS3 XMB eEIDx Dumper.

    Download: PS3 XMB eEIDx Dumper Tool

    This tool dumps your eEID and EID0-EID5 in your USB device from XMB without install Linux or dumping your NAND, extract it and split EID, for example

    I'm releasing this for developers who are researching, for example with CEX to DEX (Thanks to J-Martin for the logo)

    THIS TOOL IS SAFE, ONLY DUMPS
    IT DON'T ALLOW TO LOAD 3.60+ BACKUPS OR LOGIN IN PSN
    THIS TOOL IS MORE USEFUL FOR DEVELOPERS THAN TO FINAL USERS

    What does this tool
    • Dumps eEID directly from the XMB
    • Dumps EID0 directly from the XMB
    • Dumps EID1 directly from the XMB
    • Dumps EID2 directly from the XMB
    • Dumps EID3 directly from the XMB
    • Dumps EID4 directly from the XMB
    • Dumps EID5 directly from the XMB

    Install PKG file and load it, you will see the intro screen, choose "Yes" if you want to dump or "No" to exit, remember to connect an usb device before proceed and if you dont have any usb device connected it will ask for one

    Works on NAND and NOR, but in some machines the dump may be blank or erroneous.

    To know if the dump of EID is correct open your file "eEID.bin" with a hex editor, the beginning must be EXACTLY like this:
    Code:
    Offset    00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    00000000   00 00 00 06 00 00 1D D0 00 00 00 00 00 00 00 00   ...............
    00000010   00 00 00 70 00 00 08 60 00 00 00 00 00 00 00 00   ...p...`........
    00000020   00 00 08 D0 00 00 02 A0 00 00 00 00 00 00 00 01   ......*........
    00000030   00 00 0B 70 00 00 07 30 00 00 00 00 00 00 00 02   ...p...0........ 
    00000040   00 00 12 A0 00 00 01 00 00 00 00 00 00 00 00 03   ...*............
    00000050   00 00 13 A0 00 00 00 30 00 00 00 00 00 00 00 04   ...*...0........
    00000060   00 00 13 D0 00 00 0A 00 00 00 00 00 00 00 00 05   ...............
    If looks like that, then your EID0-EID5 dumps must be right.

    Thanks to ne0, ashmodeo, zarcha and J-Martin.

    IF YOU SEE ANY ERRORS PLEASE TELL ME.

    Regards

    Finally, from zecoxao: Eid0 sections: You can find this in my repo, but I'll put it here either ways for analysis:

    section 0 data:
    Code:
    00 00 00 01 00 84 00 09 14 0A 6F 42 33 AA 5E 26 
    58 AE 52 61 9C CD 58 76 89 DE 3C 77 AD 8C FE 0E
    F7 41 1C 89 9E 55 63 AA 15 56 6A 0B C4 EE A1 5E
    3D 52 49 65 8A D6 59 0D 
    
    54 F0 D8 EF B0 33 15 ED 29 24 68 38 B8 30 A0 9F 
    6C CD 78 E7 
    
    30 8E 10 0B 18 E5 44 08 E2 43 2A 13 62 EB 12 BF 
    43 DB 39 F5
    
    94 D1 00 BE 6E 24 99 1D 65 D9 3F 3D A9 38 85 8C
    EC 2D 13 30 51 F4 7D B4 28 7A C8 66 31 71 9B 31
    57 3E F7 CC E0 71 CA 8A 
    
    E2 83 E9 CA 92 2E 59 E9 AF 5B 24 DC 21 70 BF AB 
    5B 7F 30 6C 90 03 68 D6 CE F8 AE 93 38 40 AE 3D
    section 6 data:
    Code:
    00 00 00 01 00 84 00 09 14 0A 6F 42 33 AA 5E 26 
    21 46 3E E3 F9 E5 91 BD F8 8E 60 B5 CD E7 20 61 
    0C 2B EB 51 4D D8 AB 52 4D 40 B3 10 31 F5 91 DE 
    91 09 51 A3 A9 ED 91 A4 
    
    4C FD 91 39 75 72 9D 1E 88 D5 84 E4 94 13 A4 26
    0F 0C 62 A4 
    
    CD C7 1A 0D 89 83 F5 1A 8E 3D 98 6A CF DC 78 D4 
    05 FD 67 A0 
    
    06 48 5F D0 29 85 3B 55 2F 7E FD D6 7A 2D E7 A1 
    A4 E2 55 37 B2 45 9D 87 86 42 6D 5B 27 EF A5 A9 
    31 1C B8 AB AB FA 0E CE 
    
    9E 85 5B 9E 0E 9C 23 00 3A 1C 73 BB 5F 8D 30 9F 
    8B 3A 6A B8 90 FA FE CB A4 88 C6 BA AE 08 80 F5
    section A data:
    Code:
    9D 7B 52 A3 66 B4 29 3B 6A 9C 71 31 11 32 98 A7 
    87 1A 9C 7E EF 4A 42 46 CC 42 24 DE DE 26 31 3A 
    F1 40 E0 DD B7 D7 64 70 BB E7 91 7B 26 43 FD 86 
    79 13 22 44 E6 C8 E6 1F 
    
    24 54 0F 1B 61 7C BD 52 2C 33 44 EA B8 F1 34 61 
    7E 6E CC 1E 
    
    E0 2B 83 83 C6 DB E7 B3 FD 52 EA C3 AC 73 89 1E 
    39 F2 1A 51 
    
    4F 0A 2B C9 98 76 40 86 0E 22 EE 5D 86 08 7C 96 
    92 47 0B DF 59 DC 4C 1F 2E 38 F9 2C E7 B6 68 75 
    B5 9E D1 0C 9D 84 FA 6A 
     
    B5 FD DD B8 C3 BF C3 A5 92 BA 6A E9 04 EB 2B AF 
    B8 A6 B4 75 71 00 C2 11 D9 E5 DB 64 FD 6E 48 99
    Some stuff I'm wondering

    1. what is inside those 3 sections ?
    2. why is the idps in section 0 AND section 6 ?
    3. why is the last section different (in regards to idps)?
    4. what is the 4th (found) section keyseed?
    5. could eid5 (section?) seeds be in the console?
    6. how many possible keyseeds can be found? can we find all the eleven ones?

    In regards to question 1: ps3devwiki.com/wiki/Flash:Encrypted_Individual_Data_-_eEID#Typical_EID_entry_addresses_and_lengths / pastie.org/6169158#40,43,50

    So, according to this we have:

    data[0x38]
    Code:
    00 00 00 01 00 84 00 09 14 0A 6F 42 33 AA 5E 26 
    58 AE 52 61 9C CD 58 76 89 DE 3C 77 AD 8C FE 0E
    F7 41 1C 89 9E 55 63 AA 15 56 6A 0B C4 EE A1 5E
    3D 52 49 65 8A D6 59 0D
    r [0x14]
    Code:
    54 F0 D8 EF B0 33 15 ED 29 24 68 38 B8 30 A0 9F 
    6C CD 78 E7
    s [0x14]
    Code:
    30 8E 10 0B 18 E5 44 08 E2 43 2A 13 62 EB 12 BF 
    43 DB 39 F5
    common/pub [0x28]
    Code:
    94 D1 00 BE 6E 24 99 1D 65 D9 3F 3D A9 38 85 8C
    EC 2D 13 30 51 F4 7D B4 28 7A C8 66 31 71 9B 31
    57 3E F7 CC E0 71 CA 8A
    unk [0x20]
    Code:
    E2 83 E9 CA 92 2E 59 E9 AF 5B 24 DC 21 70 BF AB 
    5B 7F 30 6C 90 03 68 D6 CE F8 AE 93 38 40 AE 3D
    for section 0

    The section 0 and section 6 present my dead console's idps (i don't really know if it has been banned or not...) while the last 11th section presents different 16 bytes. the rest of the data is unknown to me.

    Section 0 data is directly related with cex-dex, at least on idps level (change tid to 82, build the mac again, replace the old mac with that one and add 8 more zeroes. then change the non encrypted idps)

    Section 6 data is related with psp, i think, since the person who told me about it found the seed on pspemu drm code. that right there is related with the "ecdsa" sony used back in the day (both with psp and ps3). it's ecdsa that allows people from psp and ps3 to obtain the "not so private" keys. i only know this because of the person. and i have complete trust in that person.

    Section A data differs from the others on idps level. the rest, i don't really know what it is... according to some little bird, if i decrypt the last 32 bytes of unk from section 6 (idstorage) using service 0x12 in the kirk iso module in emulator_drm.sprx i'll obtain the private key for the cert.

    PS3 XMB eEIDx Dumper Tool Out, Dumps eEID / EID0-EID5 via USB

    More PlayStation 3 News...

  2. #2
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    26,857

    Thumbs Up


    Nice one! I have mainpaged the news now and +Rep for the release nathanr3269!

  3. #3
    Banned User
    Join Date
    Jan 2011
    Posts
    159
    Are the dumps encrypted or unencrypted?

  4. #4
    Senior Member nathanr3269's Avatar
    Join Date
    Jan 2010
    Posts
    99
    Quote Originally Posted by ps3hen View Post
    Are the dumps encrypted or unencrypted?
    Are encrypted, for decrypt you need per_console_key_1 to decrypt EID0, and then dump the other PCK for decrypt the others EIDx (for example for CEX to DEX)

    Regards

  5. #5
    Senior Member Blade86's Avatar
    Join Date
    Dec 2010
    Posts
    210
    Quote Originally Posted by nathanr3269 View Post
    Are encrypted, for decrypt you need per_console_key_1 to decrypt EID0, and then dump the other PCK for decrypt the others EIDx (for example for CEX to DEX)
    1st of all: BIG THX, nice app!! You did it "CEX to DEX" fully??

    Are these infos enough to make it 2gether with lv2loader & rebug?

    ps3devwiki.com/index.php?title=Per_Console_Keys

    http://www.ps3news.com/ps3-hacks-jai...requires-idps/

    Cheers
    Blade

  6. #6
    Registered User marcelinho1979's Avatar
    Join Date
    Dec 2007
    Posts
    2
    Very easy to use. Tks.

  7. #7
    Member miandad's Avatar
    Join Date
    Jan 2011
    Posts
    50
    but these work on 3.55 or below.. some 1 say we can convert to 3.74 dex.. is there a way to cex to dex 3.60+!?

    sorry for bad english