89w ago - It's been awhile since the last IDPS update, and today I've created this PS3 IDPS Viewer homebrew application based on research I'm doing and had not planned to release the tool out yet, but if someone needs it here it is (Thanks to J-Martin for the logo).
When the program starts you will see the typical intro screen, if you choose "Yes" you will see the data from your PS3, if sounds three beeps indicates that it was not possible dump and show the error message, and if all went well sounds a beep and you are able to see the data.
Automatically saves the IDPS in dev_hdd0/IDPS.bin, you must open it with a hex editor and look hexadecimal values, for example (IDPS false, I will not reveal my IDPS):
00 00 00 01 00 85 00 05 87 15 A4 4D 47 64 F6 AA
The IDPS in this case would be: 00 00 00 01 00 85 00 May 87 47 64 15 A4 F6 4D AA
It has been tested on PS3 FAT, SLIM should work perfectly in also.
Finally, in related news PlayStation 3 developer naehrwert has recently blogged (nwert.wordpress.com/2011/12/24/individual-infos/) about PS3 Individual Infos, to quote:
One of the PS3′s console specific cryptography works as follows:
At factory time there is a console specific key generated, probably from a private constant value and a console specific seed. Maybe that’s the key used for encrypting bootldr and metldr. Fact is, that metldr stores another console specific keyset (key/iv) to LS offset 0x00000.
That keyset is probably calculated from the first one. At factory time the isolated root keyset (how I call it) is used to encrypt the console’s “Individual Infos”, like eEID. But not the whole eEID is encrypted the same way, special seeds are used to calculate key/iv pairs for the different sections.
And not even that is true for every eEID section, because for e.g. EID0 another step is needed to generate the final section key(set). Each of the isolated modules using such an “Individual Info” has a special section that isoldr uses to generate the derived key(set)s.
But the generation works in a way, that the section data is encrypted with aes-cbc using the isolated root keyset, so it is not possible to calculate the isolated root keyset back from the derived key(set)s, because aes shouldn’t allow a known plaintext attack.
So far I can decrypt some of EID0′s sections, EID1, EID2 and EID4. EID5 encryption should be similar to EID0′s but I lack the generation keys for that one.
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
Portalcake pls keep away with this warez BS. This is a Video Gaming Console HACK scene. It's not a tablet hacking scene, it's also not a smart phone hacking szene. The key word is Video GAMING Console Hack scene. And even in the smart phone hacking scene you have warez in case of applications and games it self.
Then also pls keep away with rebug. Even if you change the to time change able 2 idps's and run a dex kernel on rebug... you can't use the debugger mode, you cant use target manager, you can't use the special downgrader pup's and jump between FW's as you want, you can't use BD EMU,... should i go on ??
About the metldr exploit you mentoined: You even know that this exploit is an hardware exploit ? So you need first to find out the test points on the ps3's mainboard to inject the metldr to the SPU's Local Storage directly. Do you knowed that ? Im guess not otherwise you wouldn't talk like that.
So TRUST ME if i tell you that you would have more fun with a bootloader exploit, which is actually done and ready for release but not pulically, then with your mentoined metldr exploit.
To Blade86 No its not fake but it is only the half of the truth. I get hands on a eEID of a console that got converted and i have the eEID before and after converting to debug. So i know which EID segments have changed and what need to do.
I to time also have a debug console at home that even can play BD Movies. Any one have think about that some companys produce or develope BD Movies for Sony and that they need a debug console that can play Movies ?
I have successful moddified anergistic to accept external per_console_keys and external EID segments for testing purpose. Also i have reversed some of the ps3 modules and know the non puplic eidx_iv's needed in conclution with PCK to decrypt and encrypt specific EID segments.
Actually im working on a windows app to do all that stuff for the end user. Cause even if you can decrypt EID segments with your PCK and the non puplic eidx_iv's with the aim_spu_module.elf you cant re-encrypt them. But you can do that all on a pc if you know what to do.
If you dont believe me just hunt and search for a request_idps.txt and load it into a hex editor and you will see that it is a bit more then just patching 2 idps's.
The main draw for a debug console is simply the fact that you can freely upgrade and downgrade firmwares. I haven't checked if Rebug can enter Debugger Mode and work as a DECH for the SDK, but if it did, that's already half of the cool factor. Oh, and upgrading from 3.55 to 4.xx firmware then running a ripped game over the official BD-EMU then downgrading back to run other things, but that's stepping into the realm of warez.
Trust me, having a hardware flasher, OtherOS++ and the metldr exploit on a vanilla retail PS3 is a lot more fun than a debug PS3 on its own (a flasher-equipped debug PS3 though, OTOH...)