PS3 HDD Decryption PoC From a PC By Flat_z and Glevand Arrives

Category: PS3 Hacks & JailBreak By: Foo - (twitter.com)
Tags: ps3 hdd decryption poc ps3 hdd decryption from pc decrypt ps3 hdd pc flat_z glevand

40w ago - Following up on the previous work by PlayStation 3 developer Graf Chokolo, today naehrwert has announced news of a PS3 HDD decryption proof-of-concept (PoC) from a PC as a result of reverse-engineering work done by flat_z and glevand.

Download: PS3 HDD Decryption PoC / PS3 HDD Decryption PoC (Mirror)

Below are the details (via ps3devwiki.com/wiki/HDD_Encryption), to quote:

Introduction

The following information was reverse engineered from LV1, Storage Manager in LPAR1 and sb_iso_spu_module.self.
I'm able to decrypt/encrypt my PS3 HDD and VFLASH on PC now.

HDD Encryption

XTS-AES-128 is used to encrypt all data on PS3 HDD.
XTS is NOT CBC!!! It's AES-ECB with tweak XORing. AES-CBC is impractical for HDD encryption. Each sector can be encrypted/decrypted independantly from other HDD sectors.
Good paper about XTS-AES: ntnu.diva-portal.org/smash/get/diva2:347753/FULLTEXT01
VFLASH is encrypted twice. First with ENCDEC keys and then with ATA keys.
Tweak and data XTS keys are of size 32 bytes but only the first 16 bytes are used.
You can set and clear ATA keys with my Linux ps3encdec device driver which i use to test HDD/VFLASH encryption. But be careful, never set/clear ATA keys while some HDD regions/partitions are mounted !!! You will corrupt your data on your HDD !!!

Dumping ATA Keys

I modified sb_iso_spu_module.self to dump ATA keys.
ATA keys are passed as parameters to sb_iso_spu_module.self.

Program

My SPU program to dump ATA tweak and data XTS keys to PPU memory with spuisofs:

/*
 * Dump ATA keys
 *
 * Copyright (C) 2012 glevand <geoffrey.levand@mail.ru>
 * All rights reserved.
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published
 * by the Free Software Foundation; version 2 of the License.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

.text

start:

	ila		$2, 0x3dfa0
	lr		$sp, $2

	ila		$80, 0x3e000
	lr		$81, $3

	stqd		$7, 0($80)	# store upper 16bytes of ATA data key
	stqd		$8, 0x10($80)	# store lower 16bytes of ATA data key
	stqd		$9, 0x20($80)
	stqd		$10, 0x30($80)
	stqd		$11, 0x40($80)	# store upper 16bytes of ATA tweak key
	stqd		$12, 0x50($80)	# store lower 16bytes of ATA tweak key

	lr		$3, $80
	lr		$4, $81
	il		$5, 0x60
	il		$6, 0x7
	il		$7, 0x20
	brsl		$lr, 0x10	# mfc_dma_xfer

	il		$3, 0x7
	brsl		$lr, 0x28	# mfc_dma_wait

	stop		0x666		# our evil stop code 

/*
 * r3 - LSA
 * r4 - EA
 * r5 - size
 * r6 - tag
 * r7 - cmd
 */
mfc_dma_xfer:

	wrch		$ch16, $3
	wrch		$ch17, $4
	shlqbyi		$4, $4, 4
	wrch		$ch18, $4
	wrch		$ch19, $5
	wrch		$ch20, $6
	wrch		$ch21, $7

	bi		$lr

/*
 * r3 - tag
 */
mfc_dma_wait:

	il		$2, 0
	nop		$127
	hbra		2f, 1f
	wrch		$ch23, $2

1:

	rchcnt		$2, $ch23
	ceqi		$2, $2, 1
	nop		$127
	nop		$127
	nop		$127
	nop		$127
	nop		$127

2:

	brz		$2, 1b
	hbr		3f, $lr
	rdch		$2, $ch24
	il		$2, 1
	shl		$2, $2, $3
	wrch		$ch22, $2
	il		$2, 2
	wrch		$ch23, $2
	rdch		$2, $ch24
	nop		$127

3:

	bi		$lr

pastie.org/4503109

Result

[glevand@arch dump_ata_keys]$ ./dump_ata_keys ../dump_ata_keys.self ../eid4
spuisofs found at /mnt
arg1 kernel virtual address d000000000722000
shadow: spe_execution_status 7
priv2: puint_mb_R 2
shadow: spe_execution_status b
problem: spu_status_R 6660082
[glevand@arch dump_ata_keys]$ hexdump -C /mnt/arg1 
...
Here are your ATA tweak and data XTS keys
Data key is at offset 0x0 (32 bytes)
Tweak key is at offset 0x40 (32 bytes)
...

Test

To test your ATA XTS tweak and data keys, you need encrypted HDD sectors. You can either connect your HDD to PC and dump it or use my ps3vuart-tools on Linux and clear ATA keys and then dump it from ps3da. I tried both methods. But make sure you unmount all HDD regions before using ps3vuart-tools to clear your ATA keys.
I coded a small application which implements XTS-AES encryption/decryption. XTS-AES paper is a good reference how to implement it.
You have to pass the correct sector number in order to get correct results.
As you see below in my examples, i pass sector number 0 and sector 8 for VFLASH because VFLASH begins at sector 8 on HDD.
Another interesting fact is that you have to swap half-words after encrypting and before decrypting HDD sectors else you will get wrong results. This swapping is not necessary for VFLASH sectors.
Another note is that you have to decrypt VFLASH sectors with ATA keys first and then with ENCDEC keys.

Result with 1st encrypted sector from HDD:

glevand@debian:~/xts_aes$ cat ../hdd_1st_sector_enc.bin  | \
    ./xts_aes -d -k <your ATA XTS data key> -t <your ATA XTS tweak key> -s 0 -r | hexdump -C
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000010  00 00 00 00 0f ac e0 ff  00 00 00 00 de ad fa ce  |................|
00000020  00 00 00 00 00 00 00 03  00 00 00 00 00 00 00 02  |................|
00000030  00 00 00 00 00 00 00 08  00 00 00 00 00 08 00 00  |................|
00000040  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 0b  |.p..............|
00000050  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000c0  00 00 00 00 00 08 00 10  00 00 00 00 03 9a 8b 2d  |...............-|
000000d0  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000000e0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000000f0  10 20 00 00 03 00 00 01  00 00 00 00 00 00 00 03  |. ..............|
00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000150  00 00 00 00 03 a2 8b 45  00 00 00 00 00 3f ff f8  |.......E.....?..|
00000160  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000170  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001e0  00 00 00 00 03 e2 8b 46  00 00 00 00 19 39 ce 0c  |.......F.....9..|
000001f0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000200

Dumping ENCDEC Keys

VFLASH is encrypted twice. First with ENCDEC keys and then with ATA keys.
You cannot dump ENCDEC keys with sb_iso_spu_module.self. They are set in lv1ldr only (see here: gitorious.ps3dev.net/reversing/lv1ldr/trees/master).
I used a modified lv1ldr with my Linux spuldrfs driver and dumped ENCDEC keys.
XTS-AES-128 with 128bit tweak key and 128bit data key, just like ATA keys.
ENCDEC tweak and data keys are passed to lv1ldr NOT in clear text.
ENCDEC keys are computed by lv1ldr with AES-CBC-256 by encrypting 32byte seeds.
metldr passes to lv1ldr AES-CBC-256 IV and key which are used to compute ENCDEC keys.
I tested my ENCDEC keys with my ps3encdec Linux driver and set them again, and VFLASH was still working fine. As soon as i changed some bits in these keys, VFLASH could not be decrypted properly anymore It means keys are correct.

ENCDEC Key Seeds

Use the dumped ENCDEC IV and key to encrypt these seeds and you will get your ENCDEC keys for VFLASH.
You can find these seeds in lv1ldr.

Data key seed:

glevand@debian:~$ hexdump -C data1.bin
00000000  e2 d0 5d 40 71 94 5b 01  c3 6d 51 51 e8 8c b8 33  |..]@q.[..mQQ...3|
00000010  4a aa 29 80 81 d8 c4 4f  18 5d c6 60 ed 57 56 86  |J.)....O.].`.WV.|
00000020

Tweak key seed:

glevand@debian:~$ hexdump -C data2.bin
00000000  02 08 32 92 c3 05 d5 38  bc 50 e6 99 71 0c 0a 3e  |..2....8.P..q..>|
00000010  55 f5 1c ba a5 35 a3 80  30 b6 7f 79 c9 05 bd a3  |U....5..0..y....|
00000020

Program

Here is my SPU program which i used to dump ENCDEC keys:

/*
 * Dump ENCDEC keys
 *
 * Copyright (C) 2012 glevand <geoffrey.levand@mail.ru>
 * All rights reserved.
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published
 * by the Free Software Foundation; version 2 of the License.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

.text

start:

	ila		$2, 0x3dfa0
	lr		$sp, $2

	ila		$3, 0x666
	wrch		$ch30, $3

	# wait until we get message from PPU

1:

	brsl		$lr, 0x54	# in_mbox_count
	brz		$3, 1b

	brsl		$lr, 0x54	# in_mbox_read

	ila		$80, 0x3e000
	lqd		$81, 0($80)	# load PPU EA
	ila		$82, 0x0

	lqd		$83, 0($82)
	stqd		$83, 0($80)	# store upper 16bytes of ENCDEC key
	lqd		$83, 0x10($82)
	stqd		$83, 0x10($80)	# store lower 16bytes of ENCDEC key
	lqd		$83, 0x20($82)
	stqd		$83, 0x20($80)	# store ENCDEC IV

	lr		$3, $80
	lr		$4, $81
	il		$5, 0x30
	il		$6, 0x7
	il		$7, 0x20
	brsl		$lr, 0x20	# mfc_dma_xfer

	il		$3, 0x7
	brsl		$lr, 0x38	# mfc_dma_wait

	stop		0x666		# our evil stop code 

/*
 * no input parameters
 */
in_mbox_count:
	rchcnt		$3, $ch29
	bi		$lr

/*
 * no input parameters
 */
in_mbox_read:
	rdch		$3, $ch29
	bi		$lr

/*
 * r3 - LSA
 * r4 - EA
 * r5 - size
 * r6 - tag
 * r7 - cmd
 */
mfc_dma_xfer:

	wrch		$ch16, $3
	wrch		$ch17, $4
	shlqbyi		$4, $4, 4
	wrch		$ch18, $4
	wrch		$ch19, $5
	wrch		$ch20, $6
	wrch		$ch21, $7

	bi		$lr

/*
 * r3 - tag
 */
mfc_dma_wait:

	il		$2, 0
	nop		$127
	hbra		2f, 1f
	wrch		$ch23, $2

1:

	rchcnt		$2, $ch23
	ceqi		$2, $2, 1
	nop		$127
	nop		$127
	nop		$127
	nop		$127
	nop		$127

2:

	brz		$2, 1b
	hbr		3f, $lr
	rdch		$2, $ch24
	il		$2, 1
	shl		$2, $2, $3
	wrch		$ch22, $2
	il		$2, 2
	wrch		$ch23, $2
	rdch		$2, $ch24
	nop		$127

3:

	bi		$lr

pastie.org/4503119

Result

Test run with spuldrfs on Linux 3.5.1

glevand@debian:~/dump_encdec_keys$ ./dump_encdec_keys ../ps3/metldr ../dump_encdec_keys.self 
spuldrfs found at /mnt
buf1 kernel virtual address d000000004311000
buf2 kernel virtual address d000000004412000
priv2: puint_mb_R 1
problem: pu_mb_R 1
priv2: puint_mb_R 666
problem: spu_status_R 2
glevand@debian:~/dump_encdec_keys$ hexdump -C /mnt/buf2
...
Here are your ENCDEC keys
ENCDEC keys key is at offset 0x0 (32 bytes)
ENCDEC keys IV is at offset 0x20 (16 bytes)
...

Test

To test your ENCDEC XTS tweak and data keys, you need encrypted VFLASH sectors. You can dump it from ps3da starting with sector 8.
You have to pass the correct sector number in order to get correct results.
As you see below in my examples, i pass sector 8 for VFLASH because VFLASH begins at sector 8 on HDD.
The input sector was already decrypted with ATA keys.

Result with 1st encrypted sector from VFLASH:

glevand@debian:~/xts_aes$ cat ../vflash_1st_sector_enc.bin | \
    ./xts_aes -d -k <your ENCDEC data key> -t <your ENCDEC tweak key> -s 8 | hexdump -C
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000010  00 00 00 00 0f ac e0 ff  00 00 00 00 de ad fa ce  |................|
00000020  00 00 00 00 00 00 00 03  00 00 00 00 00 00 00 02  |................|
00000030  00 00 00 00 00 00 00 08  00 00 00 00 00 00 75 f8  |..............u.|
00000040  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000c0  00 00 00 00 00 00 78 00  00 00 00 00 00 06 3e 00  |......x.......>.|
000000d0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000000e0  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000000f0  10 20 00 00 03 00 00 01  00 00 00 00 00 00 00 01  |. ..............|
00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000150  00 00 00 00 00 06 b6 00  00 00 00 00 00 00 80 00  |................|
00000160  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000170  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001e0  00 00 00 00 00 07 36 00  00 00 00 00 00 00 04 00  |......6.........|
000001f0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000200

Finally, from KDSBest: The keys are on wiki why not expose them in your source code naehrwert. The key generation algo is nearly the same as the eid0 key generation algo. Seed AES Encrypt with EID Root key.

    glevand@debian:~$ hexdump -C data1.bin
    00000000 e2 d0 5d 40 71 94 5b 01 c3 6d 51 51 e8 8c b8 33 |..]@q.[..mQQ...3|
    00000010 4a aa 29 80 81 d8 c4 4f 18 5d c6 60 ed 57 56 86 |J.)....O.].`.WV.|
    00000020
    glevand@debian:~$ hexdump -C data2.bin
    00000000 02 08 32 92 c3 05 d5 38 bc 50 e6 99 71 0c 0a 3e |..2....8.P..q..>|
    00000010 55 f5 1c ba a5 35 a3 80 30 b6 7f 79 c9 05 bd a3 |U....5..0..y....|
    00000020

    D9 2D 65 DB 05 7D 49 E1 A6 6F 22 74 B8 BA C5 08
    83 84 4E D7 56 CA 79 51 63 62 EA 8A DA C6 03 26
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    C3 B3 B5 AA CC 74 CD 6A 48 EF AB F4 4D CD F1 6E
    37 9F 55 F5 77 7D 09 FB EE DE 07 05 8E 94 BE 08
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

I dunno if this works only a idea of a bored man.

mfspr r29, SPRG0
mtspr <adressInEbootSpace>, SPRG0
sc 31
mtspr r29, SPRG0

addressInEboot holds on
0x48 addressInEboot again
0xC0 any Value except 3 (maybe I read the asm wrong and it has to be 3... Try 3 or 0)
0xB0 AdressYouWantToReadInLv2 - 0x308

Should read the Adress in lv2 for you. Can someone with a PS3 that can try this... I dunno if I can write the SPRG0 with mtspr, but if that is possible you can dump lv2 with this on 3.55. I don't think Sony changed this syscall on higher FWs.

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

33 Comments - Go to Forum Thread »

#33 - Foo - 37w ago

Mounting PS3's HDD on PC via Linux by Glevand: ps3devwiki.com/wiki/Mounting_HDD_on_PC

• The goal is to mount PS3 HDD on PC Linux and make changes to it.
• Use device mapper for transparent encryption/decryption.

ATA and ENCDEC keys

Read more here: http://www.ps3news.com/ps3-hacks-jailbreak/ps3-hdd-decryption-poc-from-a-pc-by-flat-z-and-glevand-arrives/

Device Mapper

• A really cool feature of Linux 2.6/3.
• The device mapper is stackable.
• You have to enable a couple of new kernel features like device mapper crypto, XTS crypto and so on.

dm-bswap16

• Swaps bytes in each 16-bit word.
• It is necessray for HDD/VFLASH encryption/decryption.
• Tested on Linux 3.5.3
• GIT repo: gitorious.ps3dev.net/ps3linux/dm-bswap16

What it should look like on a test run:

modprobe loop
modprobe dm_mod
modprobe dm-bswap16

dd if=/dev/zero of=test.bin bs=1K count=100

losetup /dev/loop0 ./test.bin

echo "0 200 bswap16 /dev/loop0" | dmsetup create test

ls -l /dev/mapper/test

echo "00 01 00 01 00 01" | xxd -r -p > /dev/mapper/test

# device mapper target

hexdump -C /dev/mapper/test
00000000 00 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00019000

# real data, as you see bytes are swapped in each 16-bit word
# device mapper allows you to do really cool things

hexdump -C /home/glevand/test.bin
00000000 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 |................|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00019000

dmsetup remove test

On a Test with ps3da

• Tested with Debian LiveCD and Linux 3.4.10
• xts_aes: gitorious.ps3dev.net/ps3linux/xts_aes

dm-crypto

• We don't need xts_aes application anymore.
• Linux kernel does enctyption/decryption of data transparently for us.
• One of the device mapper features is that it's stackable which is very useful for us.
• VFLASH is encrypted twice. So we have to create a second DM crypto target based on the DM crypto target for HDD.

HDD Test
Tested on PS3 itself with Debian LiveCD and Linux kernel version 3.4.10 but you can use the same technique on a Linux PC. I was just lazy and it is easier to test on PS3.

# Linux does encryption/decryption for us transparently now
# now you have raw access to your encrypted PS3 HDD and you can make simple changes

# Linux device mapper is really great !!!

VFLASH Test

# clear ATA and ENCDEC keys
# DO NOT DO IT WITH HDD MOUNTED !!!

ps3dm sm set_del_encdec_key 0x110
ps3dm sm set_del_encdec_key 0x111

# for now don't use ps3da device directly, dump sectors to file and bind it to loop device
# later we will use ps3da device directly when dm-bswap16 is well tested and bug free

dd if=/dev/ps3da bs=512 count=16 of=hdd_enc.bin

losetup /dev/loop1 ./hdd_enc.bin

# we have to setup device mapper bswap16 target else HDD encryption/decryption won't work properly

echo "0 16 bswap16 /dev/loop1" | dmsetup create test

# create hdd key file

echo | xxd -r -p > hdd_key.bin

ls -l hdd_key.bin
-rw-r--r-- 1 root root 32 Sep 4 09:28 hdd_key.bin

# create DM crypto target
# key size is 256bit because PS3 uses XTS-AES-128 and the key is just the concatenation of the data and tweak keys.

cryptsetup create -c aes-xts-plain64 -d ./hdd_key.bin -s 256 hdd_crypt /dev/mapper/hdd

# VFLASH begins at sector 8 on HDD

echo "0 8 linear /dev/mapper/hdd_crypt 8" | dmsetup create vflash

# create VFLASH key file

echo | xxd -r -p > vflash_key.bin

ls -l vflash_key.bin
-rw-r--r-- 1 root root 32 Sep 4 09:28 vflash_key.bin

# create DM crypto target
# key size is 256bit because PS3 uses XTS-AES-128 and the key is just the concatenation of the data and tweak keys.
# here is important to use option -p because VFLASH starts with sector 8 and encryption/decryption depends on sector number.

cryptsetup create -c aes-xts-plain64 -d ./vflash_key.bin -s 256 -p 8 vflash_crypt /dev/mapper/vflash

ls -l /dev/mapper/
total 0
crw------- 1 root root 10, 236 Sep 4 10:46 control
lrwxrwxrwx 1 root root 7 Sep 4 11:02 hdd -> ../dm-0
lrwxrwxrwx 1 root root 7 Sep 4 11:02 hdd_crypt -> ../dm-1
lrwxrwxrwx 1 root root 7 Sep 4 11:07 vflash -> ../dm-2
lrwxrwxrwx 1 root root 7 Sep 4 11:10 vflash_crypt -> ../dm-3

hexdump -C /dev/mapper/vflash_crypt
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000010 00 00 00 00 0f ac e0 ff 00 00 00 00 de ad fa ce |................|
00000020 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 02 |................|
00000030 00 00 00 00 00 00 00 08 00 00 00 00 00 00 75 f8 |..............u.|
00000040 10 70 00 00 01 00 00 01 00 00 00 00 00 00 00 03 |.p..............|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000000c0 00 00 00 00 00 00 78 00 00 00 00 00 00 06 3e 00 |......x.......>.|
000000d0 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03 |.p..............|
000000e0 10 70 00 00 01 00 00 01 00 00 00 00 00 00 00 03 |.p..............|
000000f0 10 20 00 00 03 00 00 01 00 00 00 00 00 00 00 01 |. ..............|
00000100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000150 00 00 00 00 00 06 b6 00 00 00 00 00 00 00 80 00 |................|
00000160 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03 |.p..............|
00000170 10 70 00 00 01 00 00 01 00 00 00 00 00 00 00 03 |.p..............|
00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001e0 00 00 00 00 00 07 36 00 00 00 00 00 00 00 04 00 |......6.........|
000001f0 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03 |.p..............|
00000200 10 70 00 00 01 00 00 01 00 00 00 00 00 00 00 03 |.p..............|
00000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000270 00 00 00 00 00 07 3a 00 00 00 00 00 00 00 c0 00 |......:.........|
00000280 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03 |.p..............|
00000290 10 70 00 00 01 00 00 01 00 00 00 00 00 00 00 03 |.p..............|
000002a0 10 80 00 00 04 00 00 01 00 00 00 00 00 00 00 03 |................|
000002b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000300 00 00 00 00 00 07 fa 00 00 00 00 00 00 00 02 00 |................|
00000310 10 70 00 00 01 00 00 01 00 00 00 00 00 00 00 03 |.p..............|
00000320 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00001000

# now is VFLASH also decrypted
# next step is partition table

PS3 HDD Partition Table

• Now that we can decrypt/encrypt PS3 HDD with Linux, we want to be able to mount HDD/VFLASH regions because only then we can do changes to UFS or FAT filesystems on the HDD.
• We have to implement PS3 HDD partition table in Linux kernel.
• The Linux kernel with this feature will create all partition devices automatically in this case and we could mount and modify any HDD regions easily.
• A new Linux kernel patch is necessary.
• PS3 partition table is of size 0x1000 bytes.
• Implemented PS3 partition support in Linux kernel. See patch 0035-ps3-partition.patch here gitorious.ps3dev.net/ps3linux/kernel-patches-35

Test:

modprobe dm-bswap16

# clear ATA and ENCDEC keys
# DO NOT DO IT WITH HDD MOUNTED !!!

ps3dm sm set_del_encdec_key 0x110
ps3dm sm set_del_encdec_key 0x111

# we have to setup device mapper bswap16 target else HDD encryption/decryption won't work properly

hdd_size=`blockdev --getsize /dev/ps3da`

echo "0 $hdd_size bswap16 /dev/ps3da" | dmsetup create hdd

# create key file

echo | xxd -r -p > hdd_key.bin

ls -l hdd_key.bin
-rw-r--r-- 1 root root 32 Sep 4 09:28 hdd_key.bin

# create DM crypto target
# key size is 256bit because PS3 uses XTS-AES-128 and the key is just the concatenation of the data and tweak keys.

cryptsetup create -c aes-xts-plain64 -d ./hdd_key.bin -s 256 hdd_crypt /dev/mapper/hdd

ls -l /dev/mapper/
total 0
crw------- 1 root root 10, 236 Sep 6 11:07 control
lrwxrwxrwx 1 root root 7 Sep 6 11:09 hdd -> ../dm-0
lrwxrwxrwx 1 root root 7 Sep 6 11:12 hdd_crypt -> ../dm-1

hexdump -C /dev/mapper/hdd_crypt | head -23
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000010 00 00 00 00 0f ac e0 ff 00 00 00 00 de ad fa ce |................|
00000020 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 02 |................|
00000030 00 00 00 00 00 00 00 08 00 00 00 00 00 08 00 00 |................|
00000040 10 70 00 00 01 00 00 01 00 00 00 00 00 00 00 0b |.p..............|
00000050 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03 |.p..............|
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000000c0 00 00 00 00 00 08 00 10 00 00 00 00 03 9a 8b 2d |...............-|
000000d0 10 70 00 00 01 00 00 01 00 00 00 00 00 00 00 03 |.p..............|
000000e0 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03 |.p..............|
000000f0 10 20 00 00 03 00 00 01 00 00 00 00 00 00 00 03 |. ..............|
00000100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000150 00 00 00 00 03 a2 8b 45 00 00 00 00 00 3f ff f8 |.......E.....?..|
00000160 10 70 00 00 01 00 00 01 00 00 00 00 00 00 00 03 |.p..............|
00000170 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03 |.p..............|
00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001e0 00 00 00 00 03 e2 8b 46 00 00 00 00 19 39 ce 0c |.......F.....9..|
000001f0 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03 |.p..............|
00000200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|