PS3 SCETool v0.2.5 by Naehrwert Out, Uses Metadata for Decryption

Category: PS3 Hacks & JailBreak By: PS3 News - (twitter.com)
Tags: ps3 scetool naehrwert ps3 metadata ps3 decryption ps3 hax ps3hax ps3 hacks

65w ago - Following up on his previous revision, today PlayStation 3 developer naehrwert has updated PS3 SCETool v0.2.5 which utilizes metadata information for decryption among the changes outlined below.

Download: PS3 SCETool v0.2.5 / ZLib1.dll File (Required)

scetool 0.2.5 public build (C) 2011-2012 by naehrwert

Setup:

/data/keys : Keyfile.
/data/ldr_curves : Loader curves (7744 bytes).
/data/vsh_curves : VSH curves (360 bytes).

Keyfile format:

 [keyname]
 type={SELF, RVK, PKG, SPP, OTHER}
 revision={00, ..., 18, 8000}
 version={..., 0001000000000000, ...}
 self_type={LV0, LV1, LV2, APP, ISO, LDR, UNK_7, NPDRM}
 key=...
 erk=...
 riv=...
 pub=...
 priv=...
 ctype=...

Keyset example:

 [metldr]
 type=SELF
 revision=00
 self_type=LDR
 erk=0000000000000000000000000000000000000000000000000000000000000000
 riv=00000000000000000000000000000000
 pub=00000000000000000000000000000000000000000000000000000000000000000000000000000000
 priv=000000000000000000000000000000000000000000
 ctype=00

NPDRM key(set) names:

[NP_tid]: Title ID OMAC1 key.
[NP_ci]: Control info OMAC1 key.
[NP_klic_free]: Free klicensee.
[NP_klic_key]: Klicensee key.
[NP_sig]: Footer signature ECDSA keyset.

Help text:

 USAGE: scetool [options] command
 COMMANDS           Parameters       Explanation
  -h, --help                         Print this help.
  -k, --print-keys                   List keys.
  -i, --print-infos file_in          Print SCE file info.
  -d, --decrypt     file_in file_out Decrypt/dump SCE file.
  -e, --encrypt     file_in file_out Encrypt/create SCE file.
 OPTIONS                Possible Values       Explanation
  -v, --verbose                               Enable verbose output.
  -r, --raw                                   Enable raw value output.
  -0, --sce-type        SELF/RVK/PKG/SPP      SCE File Type
  -1, --compress-data   TRUE/FALSE(default)   Whether to compress data or not.
  -2, --key-revision    e.g. 00,01,...,0A,... Key Revision
  -m, --meta-info                             Use provided meta info to decrypt.
  -3, --self-auth-id    e.g. 1010000001000003 Auth ID
  -4, --self-vendor-id  e.g. 01000002         Vendor ID
  -5, --self-type       LV0/LV1/LV2/APP/ISO/
                        LDR/NPDRM             SELF Type
  -6, --self-fw-version e.g. 0003004100000000 Firmware Version
  -7, --self-add-shdrs  TRUE(default)/FALSE   Whether to add ELF shdrs or not.
  -8, --self-ctrl-flags                       Override control flags.
  -9, --self-cap-flags                        Override capability flags.
  -b, --np-license-type FREE                  License Type
  -c, --np-app-type     SPRX/EXEC/UPDATE      App Type
  -f, --np-content-id                         Content ID
  -g, --np-real-fname   e.g. EBOOT.BIN        Real Filename
  -j, --np-add-sig      TRUE/FALSE(default)   Whether to add a NP sig. or not.

History:

Version 0.2.5:

Added option to use provided metadata info for decryption.
"PS3" path environment variable will now be searched for keys/ldr_curves/vsh_curves too.
Version 0.2.4:
Added option to display raw values.
Moved factory Auth-IDs to (as they are on ps3devwiki now).

Version 0.2.2:

Added options to override control/capability flags (32 bytes each).
Fixed where a false keyset would crash scetool when decrypting a file.
Some source level changes and optimizations.

Version 0.2.1:

zlib is required to use scetool.
'sdk_type' was changed to 'revision' in data/keys.

Greetings to: you know who you are!

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

215 Comments - Go to Forum Thread »

#215 - jjkkyu - 6d ago

what source do you bf from?

#214 - ps33ps - 6d ago

This tool PS3 EDAT Devklic Bruteforcer v1.1 working? i tried 6 different edats and always i got this same message ''Cannot found DevKlic''

#213 - aldostools - 6d ago

Awesome work from JjKkYu (as usual)!

Here are 2 tips to find the dev_klic even faster:

1- First try to bruteforce the edat against the list of known: ps3tools.aldostools.org/dev_klics.txt

devklic_bruteforcer.exe edat.edat dev_klics.txt

2- If the key is not found above, open the eboot.bin with scetool and show the info. Then open the ELF with HxD and cut from the offset 0 to the offset of the 3rd section.

Usually this will reduce the "devklic source file" (elf) to about a 50% or less of the original size, saving a lot of time.

#212 - PS3 News - 1w ago

Following up on his previous updates, today PlayStation 3 developer JjKkYu has released PS3 EDAT Devklic Bruteforcer v1.0 followed by v1.1 and v1.2 with details below.

Download: http://rghost.net/46717474 / http://rghost.net/46718761 / http://rghost.net/46742139

To quote: This tool is used to bruteforce devklic for edat files on pc. It supports bruteforcing from binary or text files. It only take minutes to bruteforce in an elf file, no more waiting for hours or days.

This tool is based on BuC's EDAT Devklic Validator, all credit to BuC.

Update to v1.1

• Fix a bug while bruteforce in text file.

If you meet some issue, please feedback. Thx.

Update to v1.2

Add 2 Modes:

• Short Mode: Run only 4 rounds for binary source file. This mode doesn't try all the contents from source file. But it is enough in most cases.
• Line Mode: Run only 1 round for text source file. This mode reads first 32 bytes in each line as devklic. It runs extremely fast for formatted text source file.

More PlayStation 3 News...