Latest PS3 News Forum Updates

**nathanr3269** · 04-26-2012

Following up on my previous release, today I present another PlayStation 3 homebrew tool called PS3 XMB eEIDx Dumper.

Download: PS3 XMB eEIDx Dumper Tool

This tool dumps your eEID and EID0-EID5 in your USB device from XMB without install Linux or dumping your NAND, extract it and split EID, for example

I'm releasing this for developers who are researching, for example with CEX to DEX (Thanks to J-Martin for the logo)

THIS TOOL IS SAFE, ONLY DUMPS
IT DON'T ALLOW TO LOAD 3.60+ BACKUPS OR LOGIN IN PSN
THIS TOOL IS MORE USEFUL FOR DEVELOPERS THAN TO FINAL USERS

What does this tool

Dumps eEID directly from the XMB
Dumps EID0 directly from the XMB
Dumps EID1 directly from the XMB
Dumps EID2 directly from the XMB
Dumps EID3 directly from the XMB
Dumps EID4 directly from the XMB
Dumps EID5 directly from the XMB

Install PKG file and load it, you will see the intro screen, choose "Yes" if you want to dump or "No" to exit, remember to connect an usb device before proceed and if you don´t have any usb device connected it will ask for one

Works on NAND and NOR, but in some machines the dump may be blank or erroneous.

To know if the dump of EID is correct open your file "eEID.bin" with a hex editor, the beginning must be EXACTLY like this:

Code:

Offset    00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000   00 00 00 06 00 00 1D D0 00 00 00 00 00 00 00 00   .......Ð........
00000010   00 00 00 70 00 00 08 60 00 00 00 00 00 00 00 00   ...p...`........
00000020   00 00 08 D0 00 00 02 A0 00 00 00 00 00 00 00 01   ...Ð...*........
00000030   00 00 0B 70 00 00 07 30 00 00 00 00 00 00 00 02   ...p...0........ 
00000040   00 00 12 A0 00 00 01 00 00 00 00 00 00 00 00 03   ...*............
00000050   00 00 13 A0 00 00 00 30 00 00 00 00 00 00 00 04   ...*...0........
00000060   00 00 13 D0 00 00 0A 00 00 00 00 00 00 00 00 05   ...Ð............

If looks like that, then your EID0-EID5 dumps must be right.

Thanks to ne0, ashmodeo, zarcha and J-Martin.

IF YOU SEE ANY ERRORS PLEASE TELL ME.

Regards

Finally, from zecoxao: Eid0 sections: You can find this in my repo, but I'll put it here either ways for analysis:

section 0 data:

Code:

00 00 00 01 00 84 00 09 14 0A 6F 42 33 AA 5E 26 
58 AE 52 61 9C CD 58 76 89 DE 3C 77 AD 8C FE 0E
F7 41 1C 89 9E 55 63 AA 15 56 6A 0B C4 EE A1 5E
3D 52 49 65 8A D6 59 0D 

54 F0 D8 EF B0 33 15 ED 29 24 68 38 B8 30 A0 9F 
6C CD 78 E7 

30 8E 10 0B 18 E5 44 08 E2 43 2A 13 62 EB 12 BF 
43 DB 39 F5

94 D1 00 BE 6E 24 99 1D 65 D9 3F 3D A9 38 85 8C
EC 2D 13 30 51 F4 7D B4 28 7A C8 66 31 71 9B 31
57 3E F7 CC E0 71 CA 8A 

E2 83 E9 CA 92 2E 59 E9 AF 5B 24 DC 21 70 BF AB 
5B 7F 30 6C 90 03 68 D6 CE F8 AE 93 38 40 AE 3D

section 6 data:

Code:

00 00 00 01 00 84 00 09 14 0A 6F 42 33 AA 5E 26 
21 46 3E E3 F9 E5 91 BD F8 8E 60 B5 CD E7 20 61 
0C 2B EB 51 4D D8 AB 52 4D 40 B3 10 31 F5 91 DE 
91 09 51 A3 A9 ED 91 A4 

4C FD 91 39 75 72 9D 1E 88 D5 84 E4 94 13 A4 26
0F 0C 62 A4 

CD C7 1A 0D 89 83 F5 1A 8E 3D 98 6A CF DC 78 D4 
05 FD 67 A0 

06 48 5F D0 29 85 3B 55 2F 7E FD D6 7A 2D E7 A1 
A4 E2 55 37 B2 45 9D 87 86 42 6D 5B 27 EF A5 A9 
31 1C B8 AB AB FA 0E CE 

9E 85 5B 9E 0E 9C 23 00 3A 1C 73 BB 5F 8D 30 9F 
8B 3A 6A B8 90 FA FE CB A4 88 C6 BA AE 08 80 F5

section A data:

Code:

9D 7B 52 A3 66 B4 29 3B 6A 9C 71 31 11 32 98 A7 
87 1A 9C 7E EF 4A 42 46 CC 42 24 DE DE 26 31 3A 
F1 40 E0 DD B7 D7 64 70 BB E7 91 7B 26 43 FD 86 
79 13 22 44 E6 C8 E6 1F 

24 54 0F 1B 61 7C BD 52 2C 33 44 EA B8 F1 34 61 
7E 6E CC 1E 

E0 2B 83 83 C6 DB E7 B3 FD 52 EA C3 AC 73 89 1E 
39 F2 1A 51 

4F 0A 2B C9 98 76 40 86 0E 22 EE 5D 86 08 7C 96 
92 47 0B DF 59 DC 4C 1F 2E 38 F9 2C E7 B6 68 75 
B5 9E D1 0C 9D 84 FA 6A 
 
B5 FD DD B8 C3 BF C3 A5 92 BA 6A E9 04 EB 2B AF 
B8 A6 B4 75 71 00 C2 11 D9 E5 DB 64 FD 6E 48 99

Some stuff I'm wondering

1. what is inside those 3 sections ?
2. why is the idps in section 0 AND section 6 ?
3. why is the last section different (in regards to idps)?
4. what is the 4th (found) section keyseed?
5. could eid5 (section?) seeds be in the console?
6. how many possible keyseeds can be found? can we find all the eleven ones?

In regards to question 1: ps3devwiki.com/wiki/Flash:Encrypted_Individual_Data_-_eEID#Typical_EID_entry_addresses_and_lengths / pastie.org/6169158#40,43,50

So, according to this we have:

data[0x38]

Code:

00 00 00 01 00 84 00 09 14 0A 6F 42 33 AA 5E 26 
58 AE 52 61 9C CD 58 76 89 DE 3C 77 AD 8C FE 0E
F7 41 1C 89 9E 55 63 AA 15 56 6A 0B C4 EE A1 5E
3D 52 49 65 8A D6 59 0D

r [0x14]

Code:

54 F0 D8 EF B0 33 15 ED 29 24 68 38 B8 30 A0 9F 
6C CD 78 E7

s [0x14]

Code:

30 8E 10 0B 18 E5 44 08 E2 43 2A 13 62 EB 12 BF 
43 DB 39 F5

common/pub [0x28]

Code:

94 D1 00 BE 6E 24 99 1D 65 D9 3F 3D A9 38 85 8C
EC 2D 13 30 51 F4 7D B4 28 7A C8 66 31 71 9B 31
57 3E F7 CC E0 71 CA 8A

unk [0x20]

Code:

E2 83 E9 CA 92 2E 59 E9 AF 5B 24 DC 21 70 BF AB 
5B 7F 30 6C 90 03 68 D6 CE F8 AE 93 38 40 AE 3D

for section 0

The section 0 and section 6 present my dead console's idps (i don't really know if it has been banned or not...) while the last 11th section presents different 16 bytes. the rest of the data is unknown to me.

Section 0 data is directly related with cex-dex, at least on idps level (change tid to 82, build the mac again, replace the old mac with that one and add 8 more zeroes. then change the non encrypted idps)

Section 6 data is related with psp, i think, since the person who told me about it found the seed on pspemu drm code. that right there is related with the "ecdsa" sony used back in the day (both with psp and ps3). it's ecdsa that allows people from psp and ps3 to obtain the "not so private" keys. i only know this because of the person. and i have complete trust in that person.

Section A data differs from the others on idps level. the rest, i don't really know what it is... according to some little bird, if i decrypt the last 32 bytes of unk from section 6 (idstorage) using service 0x12 in the kirk iso module in emulator_drm.sprx i'll obtain the private key for the cert.

PS3 XMB eEIDx Dumper Tool Out, Dumps eEID / EID0-EID5 via USB

More PlayStation 3 News...

**PS3 News** · 04-26-2012

Nice one! I have mainpaged the news now and +Rep for the release nathanr3269!

**ps3hen** · 04-26-2012

Are the dumps encrypted or unencrypted?

**nathanr3269** · 04-26-2012

Originally Posted by ps3hen

Are the dumps encrypted or unencrypted?

Are encrypted, for decrypt you need per_console_key_1 to decrypt EID0, and then dump the other PCK for decrypt the others EIDx (for example for CEX to DEX)

Regards

**Blade86** · 04-26-2012

Originally Posted by nathanr3269

Are encrypted, for decrypt you need per_console_key_1 to decrypt EID0, and then dump the other PCK for decrypt the others EIDx (for example for CEX to DEX)

1st of all: BIG THX, nice app!! You did it "CEX to DEX" fully??

Are these infos enough to make it 2gether with lv2loader & rebug?

ps3devwiki.com/index.php?title=Per_Console_Keys

http://www.ps3news.com/ps3-hacks-jai...requires-idps/

Cheers
Blade

**marcelinho1979** · 05-07-2012

Very easy to use. Tks.

**miandad** · 05-07-2012

but these work on 3.55 or below.. some 1 say we can convert to 3.74 dex.. is there a way to cex to dex 3.60+!?

sorry for bad english

Latest PS3 News Forum Updates

PS3 XMB eEIDx Dumper Tool Out, Dumps eEID / EID0-EID5 via USB