PS3 SCETool, Friday Isolated SPU POC and EIDTool WIP Updates


125w ago - This weekend Sony PlayStation 3 hacker naehrwert has released a PS3 SCETool based on the fail0verflow tools, an Isolated SPU binary POC dubbed Friday and some EIDTool work in progress updates for PlayStation 3 developers interested in remarrying Blu-ray drives, motherboard keys, QA tokens, etc via Twitter.

Download: PS3 SCETool / Friday Isolated SPU Binary POC / PS3 SCETool v0.0.3 and VSH.Self Output / PS3 SCETool v0.0.4

Below are the details from the ReadMe files and Tweets, as follows:

SCETool (C) 2011 by naehrwert - This tool will see more features in the future.

Notice: THIS CAN DO NOTHING NEW, IT'S CURRENTLY JUST A REWRITE OF f0f TOOLS.

Keyfile format:

A sample keyfile is included.

Shout-outs: I think they know who I mean

Friday (C) 2011 by naehrwert - This is a POC for a isolated spu binary. Generate a self encrypted+signed with the metldr keys out of friday.elf. Then use friday.h to write a PPU application that loads the self by utilizing metldr and DMAs your console's EID2 to the shared SPU LS. It will generate the P and S block from it, that is used to pair the BD drive to the specific console. Yon can then DMA the blocks out from the LS and send them to the drive to remarry it to the console.

Communication with the SPU is done over in_mbox and out_mbox. MSG_OUT_* is send from the SPU code to out_mbox. MSG_IN_* should be written from the PPU to in_mbox. When MSG_OUT_READY arrives the PPU should DMA the EID2 to EID2_START and send MSG_IN_READY. When MSG_OUT_GEN_DONE arrives the PPU should DMA the blocks out from BLOCKS_START and send MSG_IN_DIE.

Note: this is UNTESTED but should just work

POC http://www.mediafire.com/?u8lvl08h1lai2nb

note: self part is only for spu yet!

scetool http://www.mediafire.com/?31r5482wy28sc9c

veeeery nice http://pastie.org/2928187

http://pastie.org/private/4dflpsc66d4gngjvmxwqyq


which I can generate and yes my eid4 passes the hash check

but one would need to get the aes_omac1 key to be able to check it

hmm eid4 digest is stored unencrypted

seems like there are some hardcoded eid4 fallback bytes - http://pastie.org/private/oxy580s4omh8ofbdfgj3dq

scetool/eidtool progress is great




Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 231 Comments - Go to Forum Thread »

Quick Reply Quick Reply

PS3 News's Avatar
#226 - PS3 News - 22w ago
Following up on his last update and previous revision, today PlayStation 3 developer JjKkYu has released TrueAncestor EDAT Rebuilder v1.90 followed by v1.91 with the changes outlined below.

Download: PS3 TrueAncestor SELF Resigner v1.91

To quote: Since many people ask me to add something new, so I did it.

TrueAncestor SELF Resigner

v1.91

1. Fix issue when resigning SELF/SPRX with all zero klicensee.

v1.90

1. Add custom sign SELF/SPRX files.
2. Add raps folder, rap file can be put here to resign local type selfs.

From ps3tools.aldostools.org/klics.txt:

More PlayStation 3 News...

suquip's Avatar
#225 - suquip - 25w ago
Thanks for the update.

PS3 News's Avatar
#224 - PS3 News - 26w ago
Following up on the previous updates and SCETool Script, today PlayStation 3 developer Habib (aka smhabib) who recently released Habib CEX 4.50 V1.03 PS3 CFW unofficially updated PS3 SCETool to version 0.3.1 for Custom Firmware users with the changes below.

Download: scetool v0.3.1.zip / SCETool v0.3.1 (with changes added) by zecoxao

To quote: Basically what it does is,it encrypts iso modules (needed for cfw creation!) with its respective indiv seeds of eid.now normal people can do amazing things.i first posted this on psx-scene but with not much details.SO HERE IT GOES WITH SRC!!!!

A short NOTE:the keys should be only edited with notepad++ to save its formating or you might get errors(latest keyset included!)

FOR N00BS: you can also use scetool --template spu_token_processor.self(original self) --sce-type=SELF --encrypt spu_token_processor.elf(modified elf) spu_token_processor.self(output modified self)

THANKS:

1. naehrwert
2. my friend anonymous dev

I SALUTE YOU BOTH!!!!!!!!!

CHANGELOG:

1. Fixed makefile
2. Added indiv seed options for creaters of cfw or for some testers

From zecoxao: Here is the tool on github (github.com/zecoxao/scetool) with all the added "changes" (which was commenting one line and uncommenting two, bravo...)

And here's an example of the new features being used: pastebin.com/Cw6uPiaJ

Check the label [Optional Header] for more information.

Finally, Habib has made available a proof-of-concept (PoC) for running syscalls based app without porting it to newer firmware with details below.

Download: POC.zip (2.18 MB)

To quote: Now I'll give you example of a Fan Control Utility being ran with my kernel and not with any other 4.50 cfw.if you try you'll simply get an error showing bad temp reading and sys_sm_get_fan_policy error. Currently source code is a lot a mess but ill be sharing it too.

Current Syscalls Added are: 386,389,409,383.

More PlayStation 3 News...

qwe123123's Avatar
#223 - qwe123123 - 32w ago
how to decrypt compressed edat? need what tools?

compressed edat: killer is dead, gundam exvs

franzes80's Avatar
#222 - franzes80 - 39w ago
Hi, new update for 4.46 eboot resigner by acid burn1 in version 0.2 (inside the archive new folder for 4.46 keys update)

Download: 4.46 EBOOT Resigner v0.2.rar

Changelog:

  • Added pkg View
  • Added inside archive folder Root for 4.46 keys update
  • Fixed and added more Keys in Keys file!
  • Fixed all MFW keys file format!













Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News