62w ago - It's been awhile since the last
IDPS update, and today I've created this PS3 IDPS Viewer homebrew application based on research I'm doing and had not planned to release the tool out yet, but if someone needs it here it is (Thanks to
J-Martin for the logo).
Download:
PS3 IDPS Viewer Homebrew Application /
PS3 IDPS Viewer Homebrew Application (USB)
What does this tool?
- Displays the IDPS
- Shows Target ID
- Displays Motherboard revision
- Save your IDPS in IDPS.bin file
Note: THIS TOOL IS SAFE
When the program starts you will see the typical intro screen, if you choose "Yes" you will see the data from your PS3, if sounds three beeps indicates that it was not possible dump and show the error message, and if all went well sounds a beep and you are able to see the data.
Automatically saves the IDPS in
dev_hdd0/IDPS.bin, you must open it with a hex editor and look hexadecimal values, for example (IDPS false, I will not reveal my IDPS):
e.g Notepad
Hex Editor
00 00 00 01 00 85 00 05 87 15 A4 4D 47 64 F6 AA
The IDPS in this case would be:
00 00 00 01 00 85 00 May 87 47 64 15 A4 F6 4D AA
It has been tested on PS3 FAT, SLIM should work perfectly in also.
Regards
Finally, in related news PlayStation 3 developer
naehrwert has recently blogged (nwert.wordpress.com/2011/12/24/individual-infos/) about PS3 Individual Infos, to quote:
One of the PS3′s console specific cryptography works as follows:
At factory time there is a console specific key generated, probably from a private constant value and a console specific seed. Maybe that’s the key used for encrypting bootldr and metldr. Fact is, that metldr stores another console specific keyset (key/iv) to LS offset 0x00000.
That keyset is probably calculated from the first one. At factory time the isolated root keyset (how I call it) is used to encrypt the console’s “Individual Infos”, like eEID. But not the whole eEID is encrypted the same way, special seeds are used to calculate key/iv pairs for the different sections.
And not even that is true for every eEID section, because for e.g. EID0 another step is needed to generate the final section key(set). Each of the isolated modules using such an “Individual Info” has a special section that isoldr uses to generate the derived key(set)s.
But the generation works in a way, that the section data is encrypted with aes-cbc using the isolated root keyset, so it is not possible to calculate the isolated root keyset back from the derived key(set)s, because aes shouldn’t allow a known plaintext attack.
So far I can decrypt some of EID0′s sections, EID1, EID2 and EID4. EID5 encryption should be similar to EID0′s but I lack the generation keys for that one.
With the super charge in power and ram, what are you looking forward to most, that will be possible with PS4?
I would like to see a massively detai...
we need also update for change (psid) because some of ban in psid
Download: https://mega.co.nz/#!fEslTAjR!D6CIbF-np359h5laBbB32WSH4805jv_DVapZyDEhiyc / http://www.mirrorcreator.com/files/1ESNFR5S/IDPS_Changer_v1.1.zip_links (Mirror)
From the ReadMe File:
What do this application do?
This application will change your IDPS and optionally your MAC address into your flash dump.
How can I use it?
Just put a VALID(!) NOR/NAND dump called dump.bin and your eEID Root Key called eid_root_key.bin into the same directory, run the program and enter your new IDPS.
Your modified dump will be created as dump_patched.bin, you just have to flash it back to your console.
How can I dump my eEID Root Key?
http://www.ps3news.com/ps3-hacks-jailbreak/ps3-eeid-rkdumper-from-gameos-pkg-by-flat-z-is-now-available/
How can I dump my flash?
• Hardware flasher (E3, Teensy, Progskeet...)
• Multiman
• ...
How can I byte-reverse my dump?
Flowrebuilder: http://www.mirrorcreator.com/files/1HWLWYIY/FlowRebuilder_v.4.2.3.0.exe_links / http://www.mirrorcreator.com/files/1NYWARZT/FlowRebuilder_v.4.2.3.0.exe_links (Mirror)
4.2.3.0 Changelog:
• added support to manage NAND preloader dumps
• message user about the type of dump
• message the user if bootloader are missing
• auto-recognize if dump is normal or byte swapped and automanage them
If you byte-reverse your dump before using this application, remember to byte-reverse it back after the procedure.
CHANGELOG 1.0:
• Initial release
Finally, from haz367: proper eid0 section/part conversion so the new idps at least has correct values after it (cex2dex offsets 002F090-2F14F//omac hash)
offset 2F077/2F07F (new idps)
offsets/block: 2F090-2F14F - new values calculated/added to have valid idps change? at least better then only changing IDPS line
offset 303D7/303DF (new idps)
offset 3F040-3F045 (new mac)
tested offline and trashed with my own dumps. not needed but people deserve second change right, only need to brick another PS3 to get new idps. great share for that.
More PlayStation 3 News...
these files contains the all ps3 activity, sony's fw are 175MB of code (compressed) and they could put some checker everywhere in the firmware, if one of these checks finds out that your ps3 is running a non-original firmware sony'll know it.
the only thing we can do is locate these checks and find out a way to bypass all of them