81w ago - This weekend Sony PlayStation 3 hacker
naehrwert has released a PS3 SCETool based on the fail0verflow tools, an Isolated SPU binary POC dubbed Friday and some EIDTool work in progress updates for PlayStation 3 developers interested in remarrying Blu-ray drives, motherboard keys, QA tokens, etc via
Twitter.
Download:
PS3 SCETool /
Friday Isolated SPU Binary POC /
PS3 SCETool v0.0.3 and VSH.Self Output /
PS3 SCETool v0.0.4
Below are the details from the ReadMe files and Tweets, as follows:
SCETool (C) 2011 by naehrwert - This tool will see more features in the future.
Notice: THIS CAN DO NOTHING NEW, IT'S CURRENTLY JUST A REWRITE OF f0f TOOLS.
Keyfile format:
[keyname]
type={SELF, PKG, SPP}
sdk_type={00, ..., 18, 8000}
version={..., 0001000000000000, ...}
self_type={LV0, LV1, LV2, APP, ISO, LDR, NPDRM}
erk=...
riv=... A sample keyfile is included.
Shout-outs: I think they know who I mean
Friday (C) 2011 by naehrwert - This is a POC for a isolated spu binary. Generate a self encrypted+signed with the metldr keys out of friday.elf. Then use friday.h to write a PPU application that loads the self by utilizing metldr and DMAs your console's EID2 to the shared SPU LS. It will generate the P and S block from it, that is used to pair the BD drive to the specific console. Yon can then DMA the blocks out from the LS and send them to the drive to remarry it to the console.
Communication with the SPU is done over in_mbox and out_mbox. MSG_OUT_* is send from the SPU code to out_mbox. MSG_IN_* should be written from the PPU to in_mbox. When MSG_OUT_READY arrives the PPU should DMA the EID2 to EID2_START and send MSG_IN_READY. When MSG_OUT_GEN_DONE arrives the PPU should DMA the blocks out from BLOCKS_START and send MSG_IN_DIE.
Note: this is UNTESTED but should just work
POC http://www.mediafire.com/?u8lvl08h1lai2nb
note: self part is only for spu yet!
scetool http://www.mediafire.com/?31r5482wy28sc9c
veeeery nice http://pastie.org/2928187
## scetool
scetool 0.0.1 (C) 2011 by naehrwert
[*] Keys loaded.
[*] Loaded keys:
Name Type SDK-Type Version
isoldr 3.50 SELF 0x0000 0x0003005000000000
isoldr 3.41 SELF 0x0000 0x0003004100000000
isoldr 1.00 SELF 0x0000 0x0001000000000000
metldr SELF 0x0000 0x0000000000000000
spp 0x00 SPP 0x0000 0x0000000000000000
pkg 0x00 PKG 0x0000 0x0000000000000000
[*] File decrypted.
[*] SCE Header:
Magic 0x53434500 [OK]
Version 0x00000002
SDK Type [Type 0]
Header Type [SELF]
Metadata Offset 0x000001B0
Header Length 0x0000000000000480
Data Length 0x0000000000012BF4
[*] Metadata Info:
Key 00000000: AC 0E 35 E4 A9 22 07 C7 09 2C 38 66 69 45 34 31
IV 00000000: 1C 7D C8 A3 EB B9 C8 9C BB E4 B6 A6 A6 49 61 C2
[*] Metadata Header:
Signature Input Length 0x0000000000000450
unknown_0 0x00000001
Section Count 0x00000003
Key Count 0x00000016
Signature Info Size 0x00000030
unknown_1 0x00000000
unknown_2 0x00000000
[*] Metadata section headers:
Idx Offset Size Type Index unk_1 SHA1 Encrypted Key IV Compressed
000 00000500 00011C20 02 00 02 00 [YES] 06 07 [NO ]
001 00012120 000000A0 02 01 02 08 [YES] 0E 0F [NO ]
002 00012EE4 00000190 01 03 02 10 [NO ] [NO ]
[*] SCE File Keys:
00000000: F9 A1 54 8A A2 E3 12 FE 3B 67 CB 5E 02 03 66 82
00000001: EF E2 22 82 00 00 00 00 00 00 00 00 00 00 00 00
00000002: F4 06 C9 67 46 0F 09 C3 54 E5 0F DB BD 63 74 A6
00000003: A9 00 9B 0D 53 B4 4E 3E F2 EB 3D 7A C3 0A 79 C3
00000004: 6A 55 C9 6F 72 DE 4E 7E 7A 0D C2 CB 27 F8 C9 9A
00000005: C3 08 9E 65 A9 DF 80 B1 7E 66 DF 6B 9D 10 33 99
00000006: 2A 3C 73 80 C6 1B 85 24 9F 95 3D BE A9 A5 63 38
00000007: CB 41 E6 46 F8 B2 6E 06 D4 1A 5B F5 08 48 28 D3
00000008: 13 07 A2 4F 1C 32 3F D7 15 47 D9 50 BF E4 11 04
00000009: 18 7F EC 72 00 00 00 00 00 00 00 00 00 00 00 00
0000000a: F4 06 C9 67 46 0F 09 C3 54 E5 0F DB BD 63 74 A6
0000000b: A9 00 9B 0D 53 B4 4E 3E F2 EB 3D 7A C3 0A 79 C3
0000000c: 6A 55 C9 6F 72 DE 4E 7E 7A 0D C2 CB 27 F8 C9 9A
0000000d: C3 08 9E 65 A9 DF 80 B1 7E 66 DF 6B 9D 10 33 99
0000000e: 2A 3C 73 80 C6 1B 85 24 9F 95 3D BE A9 A5 63 38
0000000f: CB 41 E6 46 F8 B2 6E 06 D4 1A 5B F5 08 48 28 D3
00000010: 2A AE E7 5C 8C EB 44 4A 62 F4 DF EF 77 5B 02 42
00000011: C7 5C 2D 5C 00 00 00 00 00 00 00 00 00 00 00 00
00000012: F4 06 C9 67 46 0F 09 C3 54 E5 0F DB BD 63 74 A6
00000013: A9 00 9B 0D 53 B4 4E 3E F2 EB 3D 7A C3 0A 79 C3
00000014: 6A 55 C9 6F 72 DE 4E 7E 7A 0D C2 CB 27 F8 C9 9A
00000015: C3 08 9E 65 A9 DF 80 B1 7E 66 DF 6B 9D 10 33 99
[*] SELF Header:
unknown_0 0x0000000000000003
App Info Offset 0x0000000000000070
ELF Offset 0x0000000000000090
PH Offset 0x00000000000000D0
SH Offset 0x0000000000012EE4
Section Info Offset 0x0000000000000110
SCE Version Offset 0x0000000000000150
Control Info Offset 0x0000000000000160
Control Info Size 0x0000000000000070
[*] Application info:
Auth ID [isoldr]
Vendor ID 0xFF000000
SELF Type [Secure loader]
Version 0x0003004100000000
[*] Elf32 Header:
Type [EXEC]
Machine [SPU]
Version 0x00000001
Entry 0x000259E0
PH Offset 0x00000034
SH Offset 0x00012A64
Flags 0x00000000
PH Count 0x0002
SH Count 0x000A
SHStr Idx 0x0009
[*] Elf32 Section Headers:
Idx Name Type Flags Address Offset Size ES Align LK
000 00000000 NULL ... 00000 00000 00000 00 00000 00
001 0000000B PROGBITS .AE 25800 00080 001DC 00 00001 00
002 00000022 PROGBITS .AE 259E0 00260 0F1D0 00 00008 00
003 00000028 PROGBITS .A. 34BB0 0F430 02870 00 00010 00
004 00000030 PROGBITS WA. 374A0 11CA0 00070 00 00010 00
005 00000036 PROGBITS WA. 37510 11D10 0001C 00 00004 00
006 0000003D PROGBITS WA. 3752C 11D2C 00014 00 00004 00
007 00000044 NOBITS WA. 37540 11D40 039B0 00 00010 00
008 00000049 PROGBITS ... 00000 11D40 00CD2 00 00001 00
009 00000001 STRTAB ... 00000 12A12 00052 00 00001 00
[*] Elf32 Program Headers:
Idx Type Offset VAddr PAddr FileSize MemSize Flags Align
000 LOAD 00080 25800 25800 11C20 11C20 W.E 00080
001 LOAD 11CA0 374A0 374A0 000A0 03A50 .AE 00080
http://pastie.org/private/4dflpsc66d4gngjvmxwqyq
eidtool (C) 2011 by naehrwert
Loading iso_root_keyset: done.
EID2: p_len=0x0080, s_len=0x0690
Generated blocks from EID2:
p_block 0000: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0010: C2 88 95 D0 7E 9C 7F B5 5A 02 7E E7 D5 81 3B EA
0020: 39 3A EE 41 B5 E4 1C B5 38 B9 DA 1E D0 81 60 FB
0030: A1 35 2A 13 B1 03 9C A1 EA FD CF 36 82 2B 39 01
0040: DD 9E DB 46 BF A6 79 8D 71 75 F7 9A 69 1A AC 3C
0050: A7 4C 41 10 9A 90 C2 46 74 18 35 75 37 D6 09 C4
0060: F3 BE 0F 25 89 D2 4A C5 5F 42 57 67 A5 F5 18 CC
0070: 3C 89 40 BC 5F 7D EB 58 69 D1 1C 56 BC 95 3C 5C
s_block 0000: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0010: C2 88 95 D0 7E 9C 7F B5 5A 02 7E E7 D5 81 3B EA
0020: C9 43 70 6F 98 5C 3B 68 0D C6 58 33 98 D5 B1 6E
0030: 82 E3 98 81 FC 73 1B 54 04 BD 6F F4 D6 60 E4 33
0040: ED 22 46 B0 17 D0 FB F2 3E 6E 56 2C CD CF D5 FA
0050: B2 92 A9 A0 FE 97 63 43 25 C8 E7 7E 57 65 93 A8
0060: 1A 27 C4 60 5A 4C 16 59 68 04 34 3B 60 7C 5F B2
0070: 1C 98 32 D0 83 89 7E B3 3A 3C 73 D0 DE 18 18 6A
0080: E9 B2 A7 56 1D E4 67 BB AD D6 13 54 E7 39 DD 3C
0090: 21 48 8F 82 5F C4 F9 E4 CF 0A 4B 8E 69 F2 44 7E
00A0: 12 D2 D0 29 16 67 DD 07 8F 60 2C 0A 4A 7A AF D7
00B0: D9 8E 84 96 A9 E5 EB 3A 08 FB E8 88 7F 35 1F F6
00C0: 2E 5F 59 FD A9 3F 7F F0 BB 17 F3 0C A9 6E 34 59
00D0: 9C 5E D9 9B 30 10 A5 6A 8B CD 3E FB 03 2E 3C 91
00E0: 4A AA 06 E7 BF 3C 82 69 EF C5 F7 A1 6E 1A 47 AF
00F0: F5 74 A6 B0 93 09 F7 BF C3 9E 7C 7D 16 5A 8D B6
0100: E6 90 AD C7 26 97 DB A8 52 F6 DB AB D7 FA 37 43
0110: A2 56 DF 3A C6 C8 66 F7 55 68 F1 25 CF B0 5F 02
0120: ED 0D 66 03 9B 7E 9C D9 BA 0C 6C 77 4A 32 E2 48
0130: C9 02 35 47 49 C3 4F C6 35 E5 22 FB CF D5 E0 0B
0140: 54 F0 71 B9 7A 4B D2 B0 FD 9B A2 5F 0A D0 9B A7
0150: 2B 94 ED 7C 22 51 F5 90 86 36 B5 E0 A7 2F 64 CC
0160: 79 39 22 85 3B 44 52 D7 3D A0 54 B7 D4 D3 25 F8
0170: F0 EB 6A 12 C0 E6 F0 ED 99 95 79 72 AB 98 A3 50
0180: F4 BE F5 E0 8E E8 03 6F F8 8C 54 99 39 66 A0 D0
0190: 7A B6 BD 4B 45 4D 57 DB FF 05 B6 4F C3 98 07 CA
01A0: FA 3D FF 01 C0 5F F0 02 3C 78 A8 CD 8B 67 68 86
01B0: 10 E3 5E C6 9D C3 23 5F 05 21 E8 37 1F 8C 8C FC
01C0: D2 38 C4 0F 0A 30 0C DD DA 2A 8E 91 F4 40 74 75
01D0: 2A D1 9C 3E 1C 5F 5A 30 A7 69 C4 DB 1E 7F 5A AD
01E0: D7 7E 77 74 78 01 B6 2D DE 61 7C 11 70 AB CE F7
01F0: 14 02 7B C7 67 92 95 64 51 FF 4E B8 5E 5C 84 33
0200: 20 9A F7 9A 05 3C 7F 68 49 53 A0 79 98 C1 1E E5
0210: 95 D1 DB 33 D1 96 76 D9 99 32 07 F5 F6 1A 4B D8
0220: 07 45 4F 45 3C 2A 82 88 69 DF 13 4B 6B 7C 64 28
0230: EE F7 18 E2 8A 82 8A 1E 02 E4 47 A3 40 F8 65 2B
0240: 59 2C AB C7 DC 01 9B 01 18 3B 41 B7 16 49 05 B7
0250: 9F 6C 58 79 59 18 58 A8 E4 F4 80 C4 62 BC EC AA
0260: CE EE 79 21 DA D5 99 AC B8 DE FE 4F CC 75 C9 96
0270: D6 5B AE 93 D3 2D AA F5 EA 74 E3 FF 67 CB 32 63
0280: 82 DD 83 D0 1A 0E 51 29 43 E3 56 82 79 9E 58 B3
0290: D9 2A 75 26 A0 2E 52 50 85 B1 06 65 CD 9F B3 B7
02A0: 04 EA 7E A2 1D C2 0D 36 DF 19 A2 AB AA 3F 9B AD
02B0: 8D B8 CC 68 5D B8 C3 B5 EC D7 1D 73 84 56 33 F5
02C0: 76 6F 67 2C 6D F2 84 C0 31 C9 D8 2A 0D DA 88 52
02D0: 06 C9 82 83 F3 58 1B DB EF 7D 85 68 7D 5C 94 73
02E0: B0 B8 B4 74 10 3F 60 0F EE 21 F5 BC E5 55 66 E1
02F0: 70 EA 02 9B 78 10 F3 AF 33 5C 7F 9D CD 67 09 E5
0300: 57 8E 8E 28 34 01 99 9D 61 01 DF 28 D0 1F 33 0F
0310: 83 76 4E 40 74 7D 69 72 3F 2F FC 7A D7 CC 33 DE
0320: 95 17 BF 91 6F 03 2B E0 3D 34 D6 D1 5B 12 A7 A2
0330: 89 D4 AB EB A2 93 49 4D C1 13 BB D0 4F 72 5C BD
0340: 41 1B F3 8C 24 70 B5 4C F2 31 E0 D4 B8 00 91 BF
0350: 31 42 76 60 65 DD B8 FE E8 14 FE 03 A4 FF 69 48
0360: 7E 57 90 B1 0C 93 E7 2A FF 6C BF 57 60 AB 9E E4
0370: 08 6D 63 66 E5 9B 5D 99 C6 14 14 8A 82 15 85 D0
0380: 62 D7 32 35 29 E5 4D 8C D6 4B 39 94 4D 80 52 66
0390: 69 94 A3 31 43 7A A5 F7 98 09 AB AA 5F 3C A2 B3
03A0: 64 70 86 E1 F5 D0 BB 14 3B A5 3E 45 DD 41 30 73
03B0: 91 97 5D F4 7C 56 6C 65 1D 2E 5D 6F EE 7C D2 CB
03C0: 41 3C B3 74 38 90 A4 65 0C 26 C8 17 14 35 D2 25
03D0: 45 9D 9F 6D 47 80 9F 01 2D DE 4A C1 4D FD 06 67
03E0: D1 2E 77 62 DF 08 D8 F0 B5 C0 22 37 4C 71 9A 51
03F0: DD 34 5D 22 AC 54 DC 56 81 31 0A 2C B9 2B D9 BB
0400: AF 03 A1 A5 5F D0 D5 0A 02 14 04 4D D0 92 EF EF
0410: DE 3B 58 28 B2 68 33 E2 A2 CA 08 A9 55 06 CF 50
0420: D9 BA 40 97 FB 9A 34 B5 7B BA 14 54 E4 93 AB CA
0430: D7 56 CB 9B 16 0E 48 D1 A6 76 3C 69 ED 05 BE AD
0440: 63 B2 AA 97 44 7F BC 9C 4F 33 05 16 76 F4 98 C3
0450: 6C 25 DE 43 88 A7 7A D2 32 A0 88 0E 6B 50 23 8D
0460: F3 7C B3 A3 68 3B 2C 43 3C 9F D5 0F D1 37 0D 11
0470: 93 E6 DA B4 BB 45 0F 0E C8 4C FA D8 09 28 F7 58
0480: 72 84 DA CC ED 45 20 25 EF 2B E8 EB 81 CA 26 10
0490: BB 47 8A 0E 2D 67 2B 35 95 D9 E2 59 0E C5 99 73
04A0: 6A 82 E1 CC 0C F7 39 E1 5F DB 50 2C 9E E7 FC 18
04B0: 13 96 E3 C6 1C 66 B6 7D D3 BC 4A 9F DB 1D 7C 87
04C0: 7A 8A 61 95 0C A4 C4 3B 77 DA 46 08 46 E3 52 6F
04D0: 32 CF 2A 1E 2C 99 2B 65 A2 32 86 0D 10 03 45 BF
04E0: 82 32 60 F0 0C C6 6D 6B C2 AE D0 18 2B 47 8B 83
04F0: 86 34 D8 23 0D EC 6F 7A D0 17 53 AF D5 DC F0 EF
0500: 49 D7 31 1E F1 02 D3 9C 15 D2 04 AE 44 95 7E F4
0510: 4E 32 58 94 9B 9A 8C 72 12 76 CC D0 4A B8 87 FC
0520: 2F 7F 79 1A A8 78 A1 53 83 90 90 EC FF 8D 2B 46
0530: CB A4 C9 79 E1 92 A0 FC 37 63 CD 9D 3B D7 C9 2D
0540: C7 85 C0 EE E3 E1 6A 43 31 B2 4F CA 25 71 7A 23
0550: 7F 78 D0 A2 6E FF B6 B3 14 D5 55 CB 10 64 7D 11
0560: 8D 9A 0B 26 22 3F 64 1C C0 9C C4 44 1C C3 12 43
0570: 37 51 7E E6 62 B1 F7 39 83 A3 BC 5E 5A AC 6A 1C
0580: 8F 7E A3 8D 4A E2 60 44 8E 50 EA 33 4B 12 D2 C1
0590: 22 F0 59 A1 B3 C8 97 C0 81 D7 EB 54 78 0A 9E 1C
05A0: DD 3B 3C A8 D3 EA 4A 0A 3E BF 32 A0 96 62 89 78
05B0: 55 5E 3E 2E B8 DA 86 4E 18 5E 85 99 69 EA 8F CC
05C0: 31 2C 62 BF A0 F2 B9 3F 3E AC D5 0A B3 61 01 10
05D0: 9B 45 D7 D6 B0 12 7A 76 A9 79 6F B3 1F A3 DD 56
05E0: 1E 0F 7A 16 25 EA 8C 86 D1 06 75 56 76 4F D5 5F
05F0: C2 07 92 9F A2 0F B6 D1 0E 44 B8 8F 98 8A FC A5
0600: 48 08 4C E8 F0 DC C3 B2 15 92 72 35 00 FD D0 A8
0610: 90 A4 95 6D BD D9 33 36 5A 06 32 53 82 F8 4E 8A
0620: E2 B1 F9 EE 43 96 75 27 13 CF 52 A6 C7 BF 9A 30
0630: 44 00 26 5F BC E8 97 CD 74 AE FF 3A CA 46 6D 20
0640: E4 51 35 3E B8 24 AC F9 A5 DE 70 A1 73 0D D1 78
0650: BF A5 EB 5F 25 E9 17 3F 88 50 09 B3 14 06 E7 2B
0660: 6B 4D F5 9E 5B 27 6D A1 21 F9 F9 06 4A 6C 7B F4
0670: C3 ED 96 32 08 2E 50 E4 FC F3 DD F1 2D 7F B1 1E
0680: 56 38 FE 50 0D 36 F0 FF C1 C7 6E 97 5B D7 31 B2 00 00 00 06 00 00 1D D0 00 00 00 00 00 00 00 00 00 00 00 70 00 00 08 60 00 00 00 00 00 00 00 00 00 00 08 D0 00 00 02 A0 00 00 00 00 00 00 00 01 00 00 0B 70 00 00 07 30 00 00 00 00 00 00 00 02 00 00 12 A0 00 00 01 00 00 00 00 00 00 00 00 03 00 00 13 A0 00 00 00 30 00 00 00 00 00 00 00 04 00 00 13 D0 00 00 0A 00 00 00 00 00 00 00 00 05 00 00 00 01 00 82 00 05 14 04 16 89 7A 00 AB FC 00 12 00 0B 4D 7F 52 09 69 36 EC 12 00 66 33 13 00 00 00 01 00 82 00 05 14 04 16 89 7A 00 AB FC 1F C0 CA 95 CF 0F 90 B8 BD 71 59 73 07 2B 4C 3F E5 D5 54 C2 57 7B EB 07 B6 12 6C F5 2D A5 FD 93 B8 C0 57 8E 6C 9E 97 E7 94 86 C5 DA FF D3 32 35 B3 06 EC D2 F7 FC 2F FF 31 71 9F FE 42 C9 93 D6 7C 09 6F D6 19 82 EE 2D B2 E6 1C CF 2A DF B2 7A 94 D1 00 BE 6E 24 99 1D 65 D9 3F 3D A9 38 85 8C EC 2D 13 30 51 F4 7D B4 28 7A C8 66 31 71 9B 31 57 3E F7 CC E0 71 CA 8A 59 FE 58 F0 53 18 AA 86 63 73 C1 59 D7 15 E9 11 57 84 A0 4F 3C 49 32 10 2F 3F 91 44 D0 84 75 03 DF DE 24 80 63 9A 78 38 82 E5 59 11 81 84 8D AC 00 00 00 00 00 00 00 00 DD 0B 8B 71 E5 3F 30 9F E7 12 E6 DC 0D F0 5B 71 73 AB 6F 54 E1 2A 8D 8A 1C BC 8F E7 11 17 BD 13 F6 F3 34 73 5E 6E 7B 68 28 8E E6 17 B5 1E 33 6E BD 73 99 74 EC 22 4D 86 CA 72 0F BA 5A F2 9E 60 82 D3 96 77 E4 61 37 FC 27 6F E8 5F 86 DC A8 05 C5 4E 50 F7 A5 FF 15 33 0D 26 E1 AE AB E5 4D B7 4C A6 28 82 1B 52 89 61 E2 AB CD 90 75 D2 4B 5E 97 A5 39 B7 71 45 3D 9A 24 06 AE 68 50 E1 58 B7 53 B3 AF CA DA 9A FE 16 2E AA 27 CE B7 E8 67 E2 D5 B0 C6 3C 84 62 41 C7 28 33 BC E9 64 A0 75 8E 34 0E DB FF E5 D6 01 1A EC 5D BE 1E CF 74 0E B9 66 D1 E0 68 D9 F3 DF 3F BA DE B2 A5 7A B1 0F 28 A8 D8 E0 05 73 65 94 70 87 89 6B 68 AB 69 8D 57 5C 54 16 AA 4F 62 E3 F7 1D 65 C6 C9 00 ED 30 9E 29 EA 6C 2A 16 8D 44 50 00 2D C1 86 5F 08 C0 5B EC C5 13 ED CE 5D 5C DE 0B A0 4A 72 5F FF D7 41 49 B4 48 52 FC B4 9D DD 0A 48 0B E1 CA 0F AC EF AC 19 B8 37 CF 9E 10 81 42 72 9C 7E 1C 06 6A 8C 5C DD 85 33 4A F3 F2 A8 C2 C2 92 21 4B 11 AB FB 0B 3B 50 17 F5 23 F7 C8 0A CF B3 8D 74 B0 66 39 4E 48 5B F4 46 29 0B 59 53 75 F0 EA 40 F5 C4 25 5E 18 96 A0 6D 92 5B 98 66 6E 9B 55 81 EB 13 C6 0D E2 18 AE 42 3E 77 C9 60 AF 4F 4A 60 7A 96 8A 5E 85 3A 60 7C E8 68 F1 DB 8B 15 AF C5 E7 F4 51 B9 18 E2 6F 62 BC 8C 1A A3 3B A2 96 39 AD A3 F1 B9 89 47 DE 41 F7 9B 78 39 EF 56 EF DD 96 0D 4C 41 15 D7 33 E8 0D BA 61 9E 64 1C CE 32 F5 1E 2A 37 6F F0 9C 8C 62 30 76 DC 58 FD B5 CF 65 96 49 5A 0D 92 4A 07 56 A8 B1 90 A9 E7 AF A2 FC 19 F1 24 96 3A 5E C1 83 3B 82 62 5A 28 3D D1 55 D5 D1 22 C6 D1 02 94 8D 67 95 76 4C FC 25 EA 45 69 B4 39 B7 96 E1 34 89 EC FB AF ED 05 5F 8B AC 79 5E 5E 7E AB D2 D5 0F 21 BA 98 BD 6F 26 8E 0B BA 1E CC 2E 67 9A 40 90 BE F1 48 42 14 72 E6 7A A9 22 BC 8D 53 5F 58 A5 E7 CC 68 2B 25 27 1C 33 FF B3 0E E1 3C 73 D1 73 AC DA 54 CC DA 6E 64 93 F2 0B 6A A7 61 77 83 31 71 1E ED C0 8F C1 5B F4 D9 E6 6A 21 BF 4E 8B 90 E5 E2 71 BB 52 8D 59 B3 06 15 86 D3 56 B6 3C 83 51 A4 5C E3 0A CC AB 49 FE 23 20 C6 E1 5F B5 B8 E6 09 DA 90 32 AB EE AE 42 B6 F4 5B B4 19 DB 40 2C B5 62 5D 48 63 39 53 D6 E8 6C 69 63 D0 93 6F 9A E6 49 B4 FD E6 41 49 79 BB 5A 4D 61 AD 6F 62 0F F5 BE D8 CC 86 51 F6 3C 7B B5 DE DA 74 11 1A 88 D7 8F C5 34 DF FE 40 12 AE 1E C9 71 C7 8A CB F3 E3 FE 2D 81 83 15 C5 1D 60 4D D3 F4 F6 BE 6C 80 DC CF 58 06 0B A7 C6 1D 72 33 A2 AF D9 DA 9B AA 64 E0 1E 36 7E 3A 63 6D 40 C2 09 D6 8A 09 77 C7 25 49 51 16 8D 1E DD 64 FB 87 E0 53 29 25 A8 27 3D CE 08 DD DB 89 78 0E 97 1E 9C 14 92 0B 70 F9 9B 73 6C 2E 26 33 7C 59 FE 09 BF 75 34 55 1E 42 C0 4C 5A EA EB 4B D3 14 8C
which I can generate and yes my eid4 passes the hash check
but one would need to get the aes_omac1 key to be able to check it
hmm eid4 digest is stored unencrypted
seems like there are some hardcoded eid4 fallback bytes - http://pastie.org/private/oxy580s4omh8ofbdfgj3dq
## sv_iso
eid4_fallback_0x00 FF1471C135E4593D0D27F9CAA3795BD9
eid4_fallback_0x10 DD38369F0175173CE32BEED051FD4EF3
scetool/eidtool progress is great
After swapping back in my original 160GB HDD, I was still getting the 8002F281 error. I ended up having to do a full PS3 Reset and reformat of the 160...
Download: https://github.com/spacemanspiff/oscetool/archive/master.zip / https://github.com/spacemanspiff/oscetool / https://github.com/naehrwert/scetool/archive/master.zip / https://github.com/naehrwert/scetool
To quote: OpenSCETool is a clone of scetool under an open source license. SCETool was reverse engineered and analized to produce this program, and copied his behaivour.
OpenSCETool (OSCETool) Changelogs:
Version 0.9.2
• Fixed rap/rif/idps/act.dat management. Now it works fine.
Version 0.9.1
• Fixed a segfault decrypt some SELFs.
• Added option -p to patch the sys_process_param when signing an ELF. This is the same as applying FixELF.exe before signing.
• Added support to klics.txt. If the klicensee is not specified, it is looked up in the data/klics.txt automatically (only for decrypt).
Version 0.9.0
• First commited version, compatible with SCETool 0.2.9.
Now GNU/Linux users can have a native tool too. If you want an SCETool replacement, remember to add this keys (this were in the code, you can find them in previous revisions of the code, or in flatz's rif/raf tools:
[NP_rap_initial]
type=OTHER
key=...
[NP_rap_pbox]
type=OTHER
key=...
[NP_rap_e1]
type=OTHER
key=...
[NP_rap_e2]
type=OTHER
key=....
[NP_rap_initial]
type=OTHER
key=869F7745C13FD890CCF29188E3CC3EDF
[NP_rap_pbox]
type=OTHER
key=0C030604010B0F08020700050A0E0D09
[NP_rap_e1]
type=OTHER
key=A93E1FD67C55A329B75FDDA62A95C7A5
[NP_rap_e2]
type=OTHER
key=67D45DA3296D006A4E7C537BF5538C74
Version 0.2.9
• Plaintext sections will now take less space in metadata header keys array.
• Added option to specifiy a template SELF to take configuration values from.
• Added option to override the keyset used for en-/decryption.
• Fixed NP application types.
• [Firmware Version] will now be written to control info only.
• [Application Version] will now be written to application info only.
Version 0.2.8 (intermediate release):
• Fixed minor bugs where scetool would crash.
• Added SPP parsing.
• Decrypting RVK/SPP will now write header+data to file.
Version 0.2.7:
• Added local NP license handling.
• Added option to override klicensee.
• Added option to disable section skipping (in SELF generation).
Version 0.2.5:
• Added option to use provided metadata info for decryption.
• "PS3" path environment variable will now be searched for keys/ldr_curves/vsh_curves too.
Version 0.2.4:
• Added option to display raw values.
• Moved factory Auth-IDs to (as they are on ps3devwiki now).
Version 0.2.2:
• Added options to override control/capability flags (32 bytes each).
• Fixed where a false keyset would crash scetool when decrypting a file.
• Some source level changes and optimizations.
Version 0.2.1:
• zlib is required to use scetool.
• 'sdk_type' was changed to 'revision' in data/keys.
Greetings to: you know who you are!
More PlayStation 3 News...
Download: PS3 SDAT/EDAT v3 and v4 Keys
Changelogs:
v1.25:
1. Add subfolder traversal in edat/sdat folder.
2. Fix 2G+ file handling issue (probably).
3. Fix syntax issue while handling certian edat files.
4. Re-adjust the mainmenu.
v1.2:
1. Add SDAT file supporting.
v1.1:
1. Fix Java OutOfMemory for encrypting big files.
2. Add JVM Memory config in toolcore.cfg.
v1.0 Features:
1. Decrypt and encrypt edat files on pc.
2. Fast rebuild mode.
3. Batch mode.
4. Dev Klic should be input manually at now.
Finally, from oakhead69: Hi jjkkyu, If you have based your code on my C# code which in turn is based on the port by KDSBest. There is a significant bug in the reverseByteWithSizeFIX code.
It will fail the hash check on some data blocks, hench KDSBest removed the test. More importantly when generating the hash for the data blocks during encryption, the hash will be incorrect. Hench the resulting SDAT/EDAT will be bad. I have attached some updated code below.
public static byte[] reverseByteWithSizeFIX(byte[] b)
{
int i;
byte[] b2;
if (b.Length < 0x10 && (b[b.Length - 1] & 0x80) != 0)
{
b2 = new byte[0x10];
for (i = 0; i < b.Length; i++)
{
b2[b2.Length - 1 - i] = b[i];
}
for (i = b.Length; i < 0x10; i++)
{
b2[0x10 -1 - i] = 0xff;
}
}
else
{
b2 = new byte[b.Length];
for (i = 0; i < b2.Length; i++)
{
b2[b2.Length - 1 - i] = b[i];
}
}
return b2;
}
More PlayStation 3 News...
Decrypt: vou30.edat
Content ID: EP9001-BCES00569_00-0000000000000000
Done!
Key found: 00000000000000000000000000000000
Decrypt: vou30.edat
Content ID: EP9001-BCES00569_00-0000000000000000
Done!
Key found: 72F990788F9CFF745725F08E4C128387
Decrypt: vou30.edat
Content ID: EP9001-BCES00569_00-0000000000000000
Done!
Key found: 44F8C99E9272AEAAEFA946680E1DC590
Decrypt: vou30.edat
Content ID: EP9001-BCES00569_00-0000000000000000
Done!
Key found: 8D5B3D9ACE0BAC2794A1434D92E689F7
Decrypt: vou30.edat
Content ID: EP9001-BCES00569_00-0000000000000000
Done!
Key found: 00875F084DF2B8D68AA06D55335E1276
and many more, but any key doesn't work
regards