Sponsored Links

Sponsored Links

PS3 3.6+ Backups on CEX (Retail) to DEX (Debug) Consoles Guide


Sponsored Links
113w ago - Following up on the PS3 CEX to DEX Conversion Method, C2D Flash Patcher, PS3Tools GUI Edition and CEX2DEX Application updates comes more guides today from both sguerrini97 and anonymous, as follows:

How to Play PS3 Backups (Less Than / Equal To) 4.11 on Debug (DEX) Consoles (roughly translated)

You will need:

  • Disc Image Generator for PlayStation 3: [Register or Login to view links]
  • The backup of your game;
  • A PS3 DEX configured as described below;
  • A Hard Disk USB vacuum (must be formatted later).

First turn on your console, connect the USB hard drive and navigate to Settings-> Debug Settings.

WARNING: with the next step you will lose ALL data on your hard disk so irreversible.

Select "HDD Format BD Emulator", choose "Quick" and press enter.
Navigate to "Boot Mode" and select "Release Mode".
Below, in "Blu-ray Disc Access" select "BD Emulator (USB)".
And below, to use the maximum speed of your HDD, select "HDD Native".

Now the console is ready to open up the hard disk drive. Connect your hard drive to your PC, Windows will tell you to format it, do not do it otherwise you'll have to format it again on the console or PS3Gen.

Start PS3Gen and open a window in the folder of your game, I will use the guide for COD: MW3. Now:

1. Enter the ID of your game;
2. If the game uses trophies, put the check mark on "Trophy";
3. In "Copyright Holder" and "Producer Name" type "SCE";
4. Select the size range in which part of your backup, the backup will occupy some HDD on the band size you choose (4.7 GB or 8.3 GB or 25GB or 50GB, no intermediate sizes, so if it will weigh 18GB 25).
5. Click on "Game Setup".

The new window is used to configure the "PARAM.SFO" and the system files of the game.

1. Click on "File-> Import File System" and select the file "PARAM.SFO" from your backup. Click on "Yes" to the window that appears.
2. Move to the tab "Content Information Files".
3. Drag ALL files in the folder "PS3_GAME" of your backups (only files not folders), and delete (right click-> delete) the PARAM.SFO and file that under "File Type" wrote "Not a file system ".
Click OK, you should not say anything and go back to the main window, write it here if you get some warning.

1. From the main window, navigate to the tab "Directory"
2. Drag the folder that you will come TROPDIR, TROPDIR the folder in the folder of your backup.
3. Drag the folder that you will come USRDIR ALL files and folders in the folder USRDIR of your backup.
4. Click on "Build".

1. On the new window, move to the third tab;
2. Select a blank image (empty) of your HDD (the number of images available will depend on the size of your HDD and the band size you choose).
3. If you want the backup "masterizzerete" is what appears in the XMB, put the tick on the box above.
4. Click on Build will start the process of "burning".
5. If you have multiple images available or want to manage images on your HDD, click on "HDD Utility" (also from Bootable principalke window using Command-> HDD Utility Emulator BD).
6. With the button "Erase Image" will delete a previously set on your HDD.
7. The button "Format HDD for BD Emulator" has the same function as the "BD Emulator Format HDD" of the PS3.
8. With the button "Set Default" will set the HDD image to be displayed in the XMB.

When you turn the console must be entered otherwise the HDD will not be detected. It should also be able to burn backups to DVD or BD, but has not been tested. The games have at least one update to be undertaken.

Here is a simple video on how to do. The required can be found here: [Register or Login to view links]





Here one sees the launch of COD: MW3:





How to Run PS3 Backups on DEX 3.6+ Tutorial

An anonymous source sent me a method to running 3.6+ backups on a DEX machine.

You will need these files:


Preparing the PS3 USB HDD:

0. Connect an external usb disc
1. Go to debug settings on your dex
2. BD Access select "BD Emulator (USB)"
3. transfer rate option select "HDD Native"
4. "Format BD Emulator HDD"

Preparing the PS Update:

1. First use PS3 Game Updater to get the newest Update pkg for the game
2. Then fire up Pkg View and extract the BCUS98295 dir into any dir -lets just call it targetdir.
3. Extract psn_package_npdrm.exe into this dir
4. Create a .txt into this dir and fill it with:

Rename the .txt file "package.conf". Where BCUS98295 is the Title ID of your game and Packageversion has to be the Number of the Patch you downloaded.

5. Run it via cmd with psn_package_npdrm.exe package.conf BCUS98295 -> this will create a new update pkg for your game -> put on usb stick an install on DEX 3.55 ( don't know if you can also install it later )

Preparing the BD Emu Disc:

0. connect external usb with your pc
1. Fire up psgen.exe
2. fill in the title id: bcus.. put disc version to 00.00, copyright holder = sce, producer name = sce, tick trophy, click setup game
3. file -> import -> load up the param.sfo, click tab content information files and drag and drop the files from ps_game without the directories -> remove files that get a grey background -> click ok
4. click tab directory and file the structure with your backed up files
5. click build
6. click for bd emulator hdd tab and select the partition you want to use

The anon source told me that MLS 2012 works with this method... Note that files with .edat update does not work with this method yet.

How to Create a PS3 PKG That Install EDATs Tutorial by aldostools

Here are the steps to create a PKG to install edats (I couldn’t find a tutorial for it, so I made this):

0. Get the make_package_npdrm.exe available in the SDK (eg. SDK 3.41) and copy it to a folder. eg. C:NPDRM

1. Create a new folder in that folder and name it with the title id of your game (eg. NPXX00999)

Note: Step 2 is no longer necessary with THIS updated batch file from aldostools.

2. Copy to that folder the edat and the PS3LOGO.DAT file. eg:

XX0999-NPXX00999_00-PURCHASEDLICENSE.edat
PS3LOGO.DAT

3. Create a new text file, paste the following text, and save it as make_edat_pkg.bat in the same folder where you copied the make_package_npdrm.exe

make_package_npdrm.exe package.conf NPXX00999
pause

4. Before you save the file, make sure that the ContentID matches the with the file name of the .edat file and the folder name near the make_package_npdrm.exe is correct.

5. Run the batch file: make_edat_pkg.bat

From phantom76 comes another variation using Cygwin as follows:

It's easier using cygwin, make_package_npdrm.exe will create the PS3LOGO.DAT, so no need to look for it or copy it across to the folder. Here's how to do it using cygwin:

1) Create a empty game/package folder (eg: NPUB12345).
2) Edit/create the .conf file, Delete all text in the .conf file and replace it with the following:

3) Type "make_package_npdrm.exe NAME_OF_YOUR.conf NPUB12345"

That's it, The License pkg should now be created.

NOTE: There is no need to place an EDAT in the folder, make_package_npdrm.exe will make the EDAT and PS3LOGO.DAT. Changing "Local" to "Free" in the .conf won't make any difference in respect to making a "Free" EDAT, The created EDAT/License Will always be create as "Local". You need a modified make_package_npdrm.exe if you want to create a "Free" EDAT/License.

Also below is a leak from what appears to be the PS3 Dev Wiki for those interested: [Register or Login to view links]


From acab: Here you go.. just insert your own dumped metldr and you are good to go..

Download: [Register or Login to view links]

This is with red ribbon rc5 liveboot.

From TomatOsaUce (via ps3crunch.net/forum/threads/4111-C2D?p=45601#post45601) comes yet another PS3 NOR guide, as follows:

I'm not good at writing tutorials so someone can feel free to make it better. This is for NOR owners only sorry NOT FOR NAND CONSOLES!

1) Get Linux prepared on your PS3 (You won't need it much but you still do for 5 minutes - Here is a modified version of Glevands tutorial)

All tools are here: gitbrew.org/~glevand/ps3/

NOTICE: All my tools should beep. If you don't get beep during one of the steps below then stop doing anything and contact me. I will help. OtherOS++ support: irc.gitbrew.org (ssl) #otheros

1. Install my latest CFW (I recommend using the OTHEROS-22GB.PUP)
2. When installation is finished, reboot in Recovery Mode (not the Backup/Restore in XMB) and choose "Restore PS3 System"
3. Now your GameOS partition should show 22GB less than usual
4. Run setup_flash_for_otheros.pkg (for all PS3 models)
5. Reboot (It's important to shut down and turn on your PS3)
6. Store dtbImage.ps3.bin on USB drive, plug it in and run install_otheros.pkg
Try different USB ports if you don't get any beeps.
7. Run boot_otheros.pkg
8. Run reboot.pkg (use the package, not manually reboot!)
9. You should be in petitboot now.
Exit from CUI to shell or switch to another virtual console.
10. Run script create_hdd_region.sh - rem to CHMOD 755
(The path to create_hdd_region.sh /tmp/petitboot/mnt/sda1/create_hdd_region.sh)
"sda1" could be "sda2" or "sdb1"/"sdb2" depending on the hdd/stick number-of-partitions
11. Reboot and boot petitboot (from GameOs start "Reboot" app)
12. Then boot red-ribbon-livecd (from the usb – see below) - it should appear in petitboot

2) Download Red Ribbon RC5 on your PC [Register or Login to view links]

3) Extract the ISO to a USB stick (with MagicISO, PowerISO, WinRAR, etc.)

4) Boot your PS3 into petitboot, plug your Linux USB stick in and choose the option to install with OtherOS++ (was the top option for me). Use default user/password (ps3/ps3)

5) Reboot to GameOS, Install and boot mmCM (With a USB Stick plugged in)
Update online via "debug mode" – (holding L2+R2 during startup) -> Update to latest online version (still 4.4.3)

6) Press [SELECT] + [START] to go to mmOS, press [CIRCLE] on ANY file and “Open in Hex”

7) Press [SELECT] to switch to LV2 memory
Then press [START] to dump
It will ask if you want to dump LV2, then LV1 just press [NO]
Third question is about the flash, press [YES]
You'll find the dump in /dev_usb000
It will look similar to 20120717-185431-FLASH-NOR-FW3.55.NORBIN

8) Copy the dump to your PC and put it in a folder with “norunpack” (have norunpack at root of C:/ drive for ease of use), rename your dump to 355CEX.NORBIN for ease of use. [Register or Login to view links] - norunpack

9) Open a command prompt and type “cd C:\norunpack” (without quotes)
Then type “norunpack 355CEX.NORBIN extracted” (without quotes)

10) Once completed, go into your newly created “extracted” folder and then into the “asecure_loader” folder to grab your dumped metldr

11) Download metldrpwn from [Register or Login to view links] & extract it.

12) Place your “metldr” file in the metldrpwn folder and copy to a USB stick

13) Boot up Linux on your PS3, plug your USB stick in

14) Copy the “metldrpwn” folder to your “Home” folder

15) Open up Terminal and type “cd metldrpwn” (without quotes)

16) Type “sudo ./run.sh” (without quotes) If it fails, type “sudo chmod +x ./run.sh” (without quotes) Then re-type “sudo ./run.sh” (without quotes)

17) Copy your newly created “dump_eid0.bin” file to your USB and plug it back into your PC

18) Copy the “dump_eid0.bin” & your “355CEX.NORBIN” into the c2d.exe folder (copy C2D.exe folder to root of C drive for ease of use)

19) Open your “dump_eid0.bin” in a hexeditor of you choosing (I used HXD) and extract your keys - keys are either at start of the file (0x00 - 0x2f) or somewhere else. You can find the right location by searching the dump. You can search for bytes 0x00-0x10 and you may find the proper erk/iv at 0xc0*** location

20) Highlight and copy your keys (3 lines) and create a new file in your hex program, paste your keys in and save it as “keys.BIN”

21) Open a command prompt and type “cd C:\c2d” (without quotes) Then type "c2d.exe keys.BIN 355CEX.NORBIN 355DEX.EID0.NORBIN" (without quotes)

22) Copy your 355DEX.EID0.NORBIN & your renamed 355CEX.EID0.NORBIN to your PS3 (FTP in mmCM or on a USB stick) mmCM will not flash unless the file ends with .EID0.NORBIN

23) Open mmOS ([SELECT] + [START]), browse to your 355DEX.EID0.NORBIN and double click on it.

24) Reboot your console and install 3.55 DEX FW

25) To switch back to retail, simply double click on your 355CEX.EID0.NORBIN, reboot and reinstall a 3.55 CFW of your preference

Here is a PS3 Debug Menu Selector and below is a How to Run Backups on DEX 3.6+ video tutorial and filepack from garrettcorn also, who notes: If you are having problems formatting your hdd in the beginning make sure your hdd is plugged into the port closest to the blu ray player! The one that is farthest right if sitting horizontal.

Download: [Register or Login to view links]





Finally, below are a few more guides to go back from DEX to CEX for those interested:

Going PS3 DEX To CEX With No Brick Risk Tutorial

Here is Tutorial to convert your Dex console to Cex, with no brick risk 100% tested on fat and slim consoles.

Before Start Tut Be Sure Your Firmware is DEX3.55.

1- rename your 16 MB cex flash to my.CEX.EID0.NORBIN for Slim Console With NOR flash and my.CEX.EID0.NANDBIN for Fat console with NAND flash

2- Overwrite the reanamed cex flash file Using multiman. (Run in filemanager of multiman)

WARNING DO NOT TURN OFF YOUR CONSOLE AFTER OVERWRITING YOUR CEX FLASH. TURNING OFF MAY CAUSE YOUR CONSOLE BRICK

3- Download And Install FactoryServiceMod.pkg but DON'T RUN: [Register or Login to view links]

4- Download Rogero CFW V3.4 and rename it to PS3UPDAT.PUP: [Register or Login to view links]

5- Download Lv2diag.self file (365Kb): [Register or Login to view links]

6- Copy Renamed Rogero CFW and Lv2diag.self to root folder of Your Cooldisk Or EXT.HDD

7- Connect Your CoolDisk Or HDD to right usb slot of your console (the one near BD drive)

8- Run FactorySerViceMode From Console after running factoryservicemode the screen goes black wait until the console turn off automaticlly.this may take 4-5 min.

9- Delete Lv2diag.self (365Kb) From cooldisk or HDD. download Lv2diag.self (4.14Kb) from the link below and copy to root folder of cooldisk or HDD. Connect it to right slot of your console: [Register or Login to view links]

There is two Lv2diag.self for this TuT, Be careful. First one is 365kb and 2nd one is 4.14kb.

10- Turn on The Console.. wait for automatic turn off.

11- eject usb drive, turn on console.

From lurkandlearn: Here's a fast and safe way to go between CEX and DEX for NOR consoles:

1. Create /PS3/UPDATE/ folder in the root of a USB flash drive and copy DEX OFW 3.55 PS3UPDAT.PUP file there.
2. Create /CEX/UPDATE/ folder there and copy CEX OFW 3.55 PS3UPDAT.PUP file there.
3. Copy your CEX and DEX flash files to the USB root.
4. Rename CEX file to _CEX and DEX file to DEX.EID0.NORBIN
5. Create a .bat file, for example CEXDEX.BAT:

6. You are ready to go CEX->DEX! If you want DEX->CEX, just run CEXDEX.BAT and you'll have CEX.EID0.NORBIN and CEX FW ready for flashing. The important thing is not to forget to turn the console off from XMB after flashing the .NORBIN file in multiman, not from multiman of by pressing the power button.





PS3 CEX-to-DEX Conversion and Rollback Tutorial by gDrive (via ps3crunch.net/forum/threads/4587-Newbie?p=50183#post50183)

Seeing as everyone is asking for a CEX-to-DEX tutorial, I've decided to post one up here - so here you go.

Part 1.1: Preparing The Flash Dump For DEX Firmware Installation

  • QA-Flag the system using REBUG's Toggle-QA
  • Use multiMAN (referred to mM hereafter) 04.04.04 or later/MemDump to dump the FLASH (I used the mM-dumped one instead, even though the MemDump/mM dumps are the same as each other, hash-wise)
  • Use flatz's EID root key application on the PS3 once installed by executing it without having any USB dongles plugged in and the key should be dumped in the "/dev_hdd0/tmp/" path
  • Use Gunner54's CEX-to-DEX application to patch the flash dump
  • Double-Click (tap) on the DEX TargetID-modified dump renamed to have ".EID0.NORBIN" or ".EID0.NANDBIN" extension in mM 04.04.04 or later in order to change the TargetID from there
  • Restart the system by:
    --- Exiting mM and returning to the XMB by pressing the PS button, and selecting "Quit Game"
    --- Selecting the "Users" menu in XMB and then shutting down the system from there
    --- Pressing the button on the PS3

Part 1.2: Installing DEX Firmware

  • Having an official 3.55 DEX firmware PUP on a USB memory dongle in the "USB:\PS3\UPDATE\PS3UPDAT.PUP" (must be named as such) directory:
    --- Install it in XMB via the "Settings" XMB menu, and then select the "System Update" option, and then;
    --- Select the "Update from storage media" option whilst having the "Turn system off automatically after update" option unchecked, providing that the option is there, then follow the instructions from there.

Part 2.1: Rolling Back to CEX

  • Having installed the official DEX 3.55 firmware now, Use mM again, but this time, use the original CEX flash dump, and select it in order to change the TargetID back to the original TargetID (mine was 87 = CEX-UK)
  • Exit mM and returning to the XMB by pressing the PS button, and select "Quit Game", and then from there, restart the system by:
    --- Selecting the "Users" menu in XMB again and then shutting down the system from there
    --- Pressing the button on the PS3.

Part 2.2: Installing CEX Firmware

  • Having the KMEAW 3.55 (CEX) firmware PUP on a USB memory dongle in the "USB:\PS3\UPDATE\PS3UPDAT.PUP" (must be named as such) directory:
    --- Install it in XMB via the "Settings" XMB menu, then select the "System Update" option, and then;
    --- Select the "Update from storage media" whilst having the "Turn system off automatically after update" option unchecked, providing that the option is there, and then follow the instructions from there.

To summarize, I had to restart my PS3 every time I had to install the firmware after the TargetID changeover and I had to install it via XMB, as it was safe enough for me to do so.

Also, to successfully revert back to CEX, make sure your console is QA-flagged, you're using the newer mM versions (CEX VERSIONS ONLY, otherwise you'll get an error) as the flash-writing capabilities are improved, AND as a safety precaution (nobody says this in their tutorials, but I do it anyway as a safety precaution), make sure you install/have already installed the official DEX 3.55 firmware WITHOUT the Downgrade Support before going back to CEX.

Note: If you are on PS3 DEX and ever get the screen (pictured below) and keep getting it after rebooting into Debug mode and it just stays there, simply open up target manager on PC and reset into software mode. Your video resolution will also go to 480p on this screen.

Hold down the Power Button until you have heard two beeps in total - one for pressing the button and another one for holding down the Power Button after a few seconds and it will be fixed.








Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 618 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

technodon's Avatar
#3 - technodon - 114w ago
i can't get metldrpwn to work, i'm using red ribbon RC5 when i type sudo insmod ./metldrpwn.ko i get error inserting './metldrpwn.ko' -1 invalid module format any help would be great..

kira30's Avatar
#2 - kira30 - 114w ago
wonder if it works and what can be achieved with this ?

AnoRelease's Avatar
#1 - AnoRelease - 114w ago
Following up on the PS3 CEX (Retail) to DEX (Debug) console IDPS updates, DexL0ve release and MultiMAN DEX Mod comes the long-awaited "holy grail" for PlayStation 3 developers, my complete PS3 CEX to DEX conversion method!

Hi Scene, Sorry for my bad English. I want to give you info you please make public. I want be anonymous. I only can say I'm from Hong Kong. I have way to get a DEX, it works and is complete nothing missing.

Manual to get a DEX (here is everything you needed) and you have a full working DEX:

  • EID0 Key Seed and EID0 Section Key Seed are hardcoded in the isoldr

EID0 Key Seed

EID0 Section Key Seed


  • If you dump they isoldr key (EID Root Key) with metldrpwn you got from 0x00 to 0x1F the EID Root Key and from 0x20 to 0x2F the EID Root IV
  • Use AES Encrypt to Encrypt EID0 Key Seed as data with EID Root Key as Key and EID Root IV as IV. The result contains from 0x10 to 0x20 the EID0IV and contains from 0x20 to 0x40 the EID0Key
  • Use AES Encrypt to Encrypt the EID0 Section Key Seed as data with the EID0Key as Key and no IV. The result will be the first 0x10 bytes of the EID0 First Section Key
  • The second 0x10 bytes of the EID0 First Section Key are only 0x00 bytes
  • EID0 is located in NAND at 0x80870 and in NOR at 0x2f070, the first 0x20 bytes of EID0 are not encrypted, at the fifth byte of EID0 (NOR example 0x2f075) your target ID is located change it to 0x82 (Debug Target ID)
  • Use AES Decrypt to decrypt the first EID0 Section (NOR example 0x2f090). The size of the first Section is 0xC0 bytes. Use the EID0 First Section Key as Key and the EID0 IV as IV
  • Build the CMAC (OMAC1) hash of the decrypted EID0 Section from 0x00 to 0xA8 with EID0 First Section Key as Key. The calculated hash has to be the same as the bytes in the decrypted EID0 Section from 0xA8 to 0xB8.
  • At 0x5 of the decrypted EID0 Section is your target id again change it to 0x82 again, 0xB8-0xC0 of the decrypted EID0 Section should be just 0x00 bytes
  • After you changed the target ID of the decrypted EID0 Section, create the CMAC hash of the new decrypted EID0 Section and write the new hash to the decrypted EID0 Section
  • Use AES Encrypt to encrypt the EID0 Section and write it back to the NOR (NAND).
  • Now install DEX Firmware with the recovery menu.

HINT: Got Petitboot on emer init go to boot gameos and do emer init again to get to the recovery menu.

You can't login to the PSN because IDPS is obviously not valid from now on.

THIS CAN BRICK YOUR CONSOLE IF NOT DONE CORRECTLY.

有志者,事竟成 “Where a will, there is way”
一不做二不休 “You start something, you have to finish it”

Note: You don't need the second 0x00 eid0 first section key of all zeros. Also from an anonymous source (via bit.ly/M2Oz4Q and lnx.lu/5yD and multiupload.co.uk/TAG2B6G8ZL and multiupload.nl/TAG2B6G8ZL) comes CEX-DEX(2).7z and from the included ReadMe file, to quote:

Download Mirrors: [Register or Login to view links] / [Register or Login to view links] / [Register or Login to view links] / [Register or Login to view links] / [Register or Login to view links] / [Register or Login to view links] / [Register or Login to view links]


From deank: It just generates the EID section that you have to overwrite in your flash - that was the whole point of all this. You have to use your data and get the region to rewrite on your own console to convert your retail PS3 (CEX) to debug/test unit (DEX). This modification to the EID allows you to install the Debug firmware and get a DEX.

From zecoxao: The problem with this is it's easily patchable... Sony will probably patch it on the next OFW... Original retail dump, flash back retail firmware, and that's it. This is basically switching back and forth from CEX to DEX by flashing DEX dump and DEX firmware and from DEX to CEX by flashing CEX dump and CEX firmware.

You can use flasher, linux or jaicrab's preloader (basically anything that flashes the dump)

Jaicrab's Preloader only works correctly on NOR's, you'll have problems with NAND's, or so I've tested (thanks to a friend of mine ) in case you need to compare:

[Register or Login to view links]
[Register or Login to view links]
[Register or Login to view links]

If people want to flash this thing so badly WITHOUT a hardware flasher, you only need linux or jaicrab's flasher (for NOR).

[Register or Login to view links]
[Register or Login to view links]

To Flash:

  • Put these two files on the root of a fat32 formatted stick.
  • Rename your DEX dump to rflash.bin
  • Execute the self with a self loader such as MultiMAN (use mmOS to go to the stick and load the self there)
  • Wait 35 minutes for the console to stop blinking and shutdown with steady red light (THIS ONLY WORKS ON NORS. YOU HAVE BEEN WARNED!)
  • Confirm if it boots (alternatively, if you have QA, DEX doesn't have QA when you do the button combo, so you can test it)
    flash 3.55 DEX firmware by recovery

PS: If I'm not dead by the next 24 hours, you know where to find me

Note: Don't flash this, this belongs to my console, so I advise you not to flash, this is just for verifying only.

From Squarepusher2: You'll have to go digging for debug eboots though if you intend on playing anything that is not a retail game on your debug PS3. And those are not easily found. I don't think end-users will get much use out of it - for devs it's a totally different story though.





Below is also a video from lordv demonstrating Battlefield 3 running on the DEX BD Emulator via USB, who states that games work fine from the BD EMU or BD-R disc (using PS3Gen) without a decrypted/Debug EBOOT. However, PS3 games won't run from DVDs in the newer DEX Firmware.





A COD: MW3 on DEX PS3 (3.55 CEX to 4.11 DEX - BD Emulator HDD) video by sguerrini97 is below as well:





It also appears as though the newer PS3 SDKs will contain the necessary development tools and login information to access Sony's developer network (NP / SP-INT) as well:

The NP communication passphrase and signature will be provided within the Server Management Tools.

Details: NP communication ID, passphrase, and signature, required for certain PSN communication services, had been provided on the DevNet thread upon the completion of the requested PlayStation Network service configurations.

From 2012/07/05 the NP Communication Passphrase and Signature will be provided within the Server Management Tools.

This change affects all the communication IDs issued after 2012/07/05. It will not be possible to access the NP communication passphrase or signature in the support issued after that date.

Only those users who have initially requested the NP communication services and was provided the files on DevNet thread will have access to the file on the request threads.

Note that the NP communication passphrase and signature are required with NP Matching 2 and Title Small Storage.

From PlayStation 3: I have found a way to access SP-INT (or developer) PSN. Those who remember, this also worked a year ago until Sony had fixed it. It is now working again for existing users. Making a new account will not work, but existing users who have made SP-INT accounts last year when it had worked can sign in (for now).

Here is how to do it:

1) Install Rebug 3.55.2 CFW. Also install the latest update package (0.7)
2) Set it to Rebug mode in Rebug Selector. Set the Rebug Menu to #2.
3) Install SEN Enabler 4.21 to spoof the firmware to 4.21.
4) Go to Debug Settings and change NP environment to 'SP-INT'.
5) Reboot PS3.
6) The PS3 will attempt to sign in to your NP (retail) PSN account and it will give an error because your NP PSN will not work on developers PSN. Now you must sign in to your SP-INT account that you made last year. Making an new account will not work.

If anyone can somehow find a way to make an new account on SP-INT, please let us know. Thank you!

From PlayStation 3 developer naehrwert (via nwert.wordpress.com/2012/07/11/eeid-cryptography/) to quote:

eEID Cryptography

When metldr is encrypted at factory, a special keyset is set in the binary before encryption. Later when an isolated loader is loaded by metldr, it will copy the keyset to LS offset 0x00000. It consists of eid_root_key and eid_root_iv. To not having to use the same key for all eEID parts, several subkeys are generated from special data called individual information seed.

These seeds are stored in the metadata header of isolated modules loaded by isoldr. When isoldr will load a module, it will call a subroutine that encrypts each seed chunk (0x40 bytes) using eid_root_key and eid_root_iv. Then the so-called individual infos are passed in registers r7 to r22 (= 0x100 bytes in total) to the loaded module where they are used further.

Usually isolated modules have a seed section of 0x100 bytes but all of them (except sb_iso_spu_module) have all zeroes but the first 0x40 bytes chunk. You can, for example, find the recently published EID0 seed in the metadata section of aim_spu_module. Appliance info manager is used to get e.g. the target ID or the PSID from EID0. This explains why the seed can also be found in isoldr directly, since that one is checking EID0 too.

As you can probably think, a fair amount of reversing time and knowledge has gone into finding this, so stop calling us *swearwords* for not releasing information that could potentially lead to more piracy, because we think that this would do more harm to the “scene” than just keeping some information in private (for now).

Also I can only encourage everyone that thinks about us this way or is greedy demanding for developers/reverse engineers to release their stuff, to fire up isoldr in IDA or disassemble it with objdump and try to reverse all this from start to end. We’ll see, who is able to pull this through on his own...

From evilsperm (via ps3crunch.net/forum/threads/4023-Method?p=45195#post45195): Here is some code if you all want to flash from petitboot: This is to R/W entire NOR or just the eEID section. Make sure to take a valid dump from gameOS as well so you can match both dumps also if you have a hardware flasher I highly advise you do, check that dump against the soft dumps to make 100% sure

How to W/R NOR from petiteboot:

READ NOR : dd if=/dev/ps3nflasha of=/tmp/petitboot/mnt/sda1/cexnor.bin bs=1024

WRITE NOR: dd if=dexnor.bin of=/dev/ps3nflasha bs=1024

READ eEID : dd if=/dev/ps3nflasha skip=$((0x2F000)) of=/tmp/petitboot/mnt/sda1/eid.bin bs=1 count=$((0x10000))

WRITE eEID: dd if=eid.bin.dex of=/dev/ps3nflasha bs=1 seek=$((0x2F000)) count=$((0x10000))

I'm not going to bother with the NAND because its a pain in the balls (and thats if you can even get it to work)

/tmp/petitboot/mnt/sda1/ is a flash dive formatted to ext4 in petitboot to make life easy when moving dumps around. you can always scp your files across also

From badhabit: For the BD playback recovery on DEX you can also use the "drivefix" lv2diag.. it can be found in the original CEX-DEX leak by youknow..

I uploaded it here if needed: [Register or Login to view links]

Manual CEXDEX converted summary - what a thrill ride hehe... massive settings there... looking good haha:

What worked for me, thx everyone!!

  • put flashdex.bin on USB stick
  • Petitboot
  • chmod 777 /dev/sda
  • umount /dev/sda
  • mount /dev/sda /tmp/petitboot/mnt/sda
  • type cd tmp/petitboot/mnt/sda
  • dd if=flashdex.bin of=/dev/ps3nflasha bs=1024
  • ENTER, blinking - for awhile... fck it broke... finally some output (in-out) and back to the prompt patience is a must
  • type ps3-flash-util -g to set/boot GameOS ( = emer init? not sure)
  • type pb-cui
  • Boot GameOS option in Petitboot
  • Boots normal into XMB feew lol...
  • QA combo not working as it should
  • Used Service Mode for final install using cex2dexkit files
  • replaced the 3.30 PUP with 355DEX alongside "lv2diag.self" from "setup" folder and put on USB stick
  • Put PS3 into FSM using dongle (pull cable out-dongle in-cable in)
  • Shutdown - Replaced dongle with USB stick ( setup Lv2Diag.self/PS3UPDAT.PUP
  • Boot Ps3 - Ps3 shutsdown
  • Replaced files with step3 "drivefix" (linked above) files on USB stick
  • Put USB into right slot
  • Boot PS3
  • On screen: Drive Init / Drive Init Fail - It needs a Original Blu-Ray movie like Remarry? and/or the 3.30 PUP to work? Please confirm anyone?
  • Pull power cable
  • Replaced USB files with "finalize" folder Lv2Diag.self file
  • Put into right slot and boot - Ps3 shuts down
  • PS3 boots a normal into DEX
  • All working except for blu-ray/dvd's = not working obvious... GAMES works fine, shame on me for not having one, need to rent one.. can someone verify it needs blu-ray and/or .30 pup thx

From svenmullet: Use mathieulh's leaked tools to get the required info, then use the new leaked algos to change it to DEX, flash back using Objsuites/FSM. You don't need a flasher or linux to do this. And don't let anyone tell you different!

Remember CrashSerious released a tool to decrypt/encrypt SIG files? Reverse what those SIG files in the math leak are doing.

Also, I recall theorizing that the serial number (yes, that sticker on the console) has something to do with PCK. All we need now is some brainiac to figure it all out (and release the info).

Actually to play PS3 3.60+ backups all you need to do is install an update for the game. Since DEX can't install retail PKG you have to downgrade to 3.55 DEX with peek and poke install the update and re upgrade.

Also ps3gen.exe will happily create image with the retail EBOOT, it just won't run because retail EBOOTs have the "run only from authenticated bd" capability flag; having installed an update for the game bypasses it.

From Lordv (via ps3devwiki.com/wiki/User_talk:Lordv) to quote:

Instead of having an edit war could we discuss it on irc? I can prove that what you write here are (un?)intentional lies.

1) What do you mean retail functionality? You can restore dvd playback and ps store to name a few by some sprx copying and xml editing. Just unpack a dex fw for 3.55 and a cex fw for 3.55 and note the differences in sprx. Then just add the correct xml keys. For example for ps store add the #seg_commerce_new key to category_psn.xml.

Answer from Mathieulh: You can't play blurays/dvds on 3.60+ DEX because you do not have the keys to craft a custom DEX firmware and the bd/dvd player app will check your console's idps target and see 0x82 and will fail one (of too many) check(s) and will issue an error code and not proceed. (not to mention 0x82 leads to an invalid region) I don't know/care about ps store but as far as I know, the DEX vsh.self will not display it

2) I did, however i can't prove it. Should you cex2dex and have latest dex fw you too will be able to sign in to PSN.

Answer from Mathieulh: You can't because your idps is NOT in sony's database, as such it will not pass PSN authentication, there is nothing you can do to fake this, you would need to use a real debug idps, end of story.

3) Can't comment on that one but would very much like a statement from whoever wrote it.

Answer from Mathieulh: This is obviously not true, however you CAN brick/ylod if you rebuild your EID wrong (the likeliness is high)

4) Do you want a video of it? Use ps3 generator tools to create a master disc or a usb image. Ever wondered what that item labeled Blu-ray Disc Access in Debug Settings did? Now you can find out.

Answer from Mathieulh: The retail selfs are signed with special capabilities that make them only able to run from original discs (Masterdiscs != Original discs, lv2 can tell the difference) That's why you need decrypted selfs/fself to run games from masterdiscs or bdemu images, forget about running your "backups" (or should I say ,warez) Because ps3gen creates masterdiscs does not mean you can magically warez on the box. You can however play originals ! (I strongly advise you to start BUYING your games, (just saying))

5) Can't comment on that one.

Answer from Mathieulh: I can comment that most of your so called affirmations are a bunch of BS. (in fact I just debunked most of them, feel free to try though and see for yourself.)

There's really no way to know if AnoRelease is really the source or a leaker, as other devs in the circle may not know of or agree with his wishes to finally release it which may be why it was done anonymously.

If he is a leaker though, it would be the same as anything that gets leaked from the Rebug PSN passphrase for CFW users to the old R:FoM exploits, it benefits some for a period of time until Sony takes action and the next hole surfaces... although those cashing in on dongles may never admit it, it's called progress and is great for real PS3 scene developers not on the Max Louarn / Paul Owen payroll.

More PlayStation 3 News...

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News