56w ago - Today we received word from Dutch site OmbouWnederland.nl (ConsoleWinkel) of a rumor that a Sony PS3 Blu-ray drive emulation PCB is currently in development which will allow users to unlock their PlayStation 3 console without the use of Custom Firmware or dongles.
Reportedly they have been in contact with ChinaDistrib.com who stated a team (possibly the Wasabi or Drivekey team) is working on the PS3 Blu-ray drive emulation PCB that is slated for release later this year.
They have also speculated via e-mail that the project has been kept under tight wraps due to Sony being unable to stop this new PS3 hack via Firmware updates, meaning once it becomes public Sony's legal team will be on the warpath in full force.
Below are some concept pictures (not actual finished product pictures) from their site and the details, roughly translated as follows:
"PlayStation 3 drive emulation
No hacking, no flashing, no modding. Emulation is the future. A team is currently working on a new hack for the PlayStation 3.
The Blu-ray player, Sony's PCB has been cracked and costs can thus be gekloont. The team probably Wasabi or Wiikey team is currently working on this for the board to connect to an external HDD.
This can be downloaded games played as Wasabi360 and Xkey for the XBox 360.
A major retailer in China has also indicated that this year is released."
Finally, China Distribution has replied to an e-mail from hitman43 (via modcontrol.com/Board/187984-post1.html) as follows:
i didn't know anything about this product, i don't know why people ARE thinking we are behind this device,
It is unknown whether the person responding is unaware of the rumored PS3 Blu-ray drive emulation PCB in development, or if they are simply attempting to keep things quiet and avoid any legal hassles from Sony... only time will tell for sure.
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
I would like to get a hold of them to see if i could test this and do a review on this. However when you go to their contact page nothing shows up when you type it in the areas. Oh well i guess we will have to wait and see. thanks
They are marketing it as being able to "run all your PS3 game backups in ISO format directly from any USB HDD no matter what PS3 firmware you have" according to the YouTube video, however, currently the required key extraction is limited to 3.55 or below models so if/when this materializes for 3.55+ consoles it may be useful to PlayStation 3 scene developers to examine.
Of course I'd hold off until the suckers blow their cash on it, then history will repeat itself once again with a free PS3 scene solution surfacing just like was done to the TB fixes, etc.
Their claim is that it can't be done without hardware (just like was stated and later debunked about the dongle), so why not release all the related diagrams, pin-outs/schematics, and a DIY parts list to an open source alternative for free if this is the case? They want to cash in once again is the most likely answer, however, as always good things come to those who wait.
Following up on the previous update, today Max Louarn and Paul Owen's product marketeer GaryOPA has made available a 3K3y demonstration video with details below.
Download: http://www.mirrorcreator.com/files/2DGE45CY/3k3y-keydumper-v1.rar_links / http://www.mediafire.com/?4l27o19ockqlg6l by jarmster (Note: Leave a USB stick installed when you run the app, it puts a 1kb file called 3dump.bin on the stick containing the decrypted drive keys. Run the app, triple beep + red flashing led... power down with front button = no good but it dumps the key. To get your root_key you must go back to 3.55, funny fact... when using the 3k3y dumper on 3.55 it includes the eid_root_key. ) / http://www.mirrorcreator.com/files/0ZM1MEGX/ripp3r.rar_links / http://rghost.net/43577016 / http://rghost.net/43577040 by haz367 / http://www.mirrorcreator.com/files/EPSSA85R/3K3Y_IRD_files_2013-03-15.rar_links by 3Key
3k3y Ripp3r v1.01 Setup and User Guide: Windows software for ripping/decrypting/reencrypting PS3 disks. The user manual is included in the archive.
Fixed a bug that affected encryption/decryption of very large files.
From zecoxao: I bet people didn't even touch the implementation of libeeid that naehrwert left us, and then these guys come, use flat_z's code to get the eid_root_key on hackables, and grab the necessary part of the code from http://dl.dropbox.com/u/35197530/libeeid.7z to generate the eid4_key from it and decrypt the eid4. Bunch of freaking losers.
People, if you're that desperate to get the drive key (which is in eid4) just memdump eEID, get your eid_root_key with flatz's package and use my program which is adapted from naehrwert's code. you can even see for yourselves what's happening in the code. Don't forget to rename the eEID you get from your console's NOR/NAND to eid (without an extension) and place it on eid folder. same as key and iv (split them up with a hex editor).
You can then try that program and compare your decrypted eid4 with the pkg's dump, and realize it's the same crap.
Here we can see the keys used by the ripper (taken from: ps3devwiki.com/wiki/BD_Drive_Reverse_Engineering#Program and ps3devwiki.com/wiki/BD_Drive_Reverse_Engineering#Information_about_EID4):
The keys are in eid4, and yes, we DO need to decrypt it, or else Sony would be the biggest bunch of retards.. the eid4 key is used to verify the cmac hash of the first 0x20 bytes. Naehrwert's code seems to prove this:
omac1 basically spits out the digest of the secure communication channel keys. if you compare the digest with the last 16 bytes of eid4, it should match
Corrected some info. and apparently i was mistaken when i thought that 3Dump.bin contained the eid4 ENcrypted. it contains in fact eid4 DEcrypted. You still need to auth with the bd drive. that's the part Cobra/E3 figured out. we can do this normally with hacked consoles, but not with unhacked consoles.
So the ODE dumper package dumps the DEcrypted eid4, correct? now i understand. i was confused because i thought you said the eid4 ENcrypted was the same as 3Dump.bin.
3K3y Key Dumper
Here is the Key dumping Application to on a Ps3 with CFW. This will only work for Fat consoles. You must have a FAT32 USb stick in the first port on your PS3, it will generate a file called 3Dump.bin This is what goes on your micro sd card, or loaded into the Ripper application.
Please note you need Peek and Poke enabled in your CFW to run this app, this is usually enabled by default. Cobra CFW doesn't allow you to run this file so you will need to flash to something else if you are on this.
From jarmster: The eid4 from running libeeid is a decrypted dump. The 3dump.bin is exactly the same. The eEID_Dumper.pkg dumps the encrypted eid4. And from the wiki: EID4 is of size 0x30 bytes: 0x0-0xf bytes = 1st key, 0x10-0x1f - 2nd key, 0x20-0x2f - CMAC-OMAC1 of EID4.
eid4 offset 303A0 - 303CF full nordump
first key = 0-f (key1?)
sec key = 20-2f omac hash(required just as cex2dex convert to calculate usin omac's)
now for 3dump.bin: (= encrypted eid4(0-2f)+eid_root_key(30-5f)
offset 0-1f = match original full nordump = offset 303a0-303bf (encrypted eid4)
offset 20-2f = sec key = match full nordump-encrypted eid4 = omac hash key
offset 30-5f = root_key per console key (also required to calculate+omac hash... real bdkey?
then we have zecoxao's program, it gives an erro on eid3 of missing stuff but it dumps also an "eid4d.bin"
offset 0-1f = decrypted eid4?! >>omac hash is match original nordump/encrypted eid4/3Dump.bin
should be different.. correct..?
From zadow28 on the 3K3y PKG file: pastebin.com/79V2KdTK
I'm not into VS very much, maybe the devs can have an look. It's the visual source/assembly code for the x3key ps3 software for pc. got there keys and even shows there iso disc codes, plus a lot more. I'm not an visual expert, so maybe there are some visual experts here. shows how the x3key acts like an Bulk. etc
The iso for x3key are crypted, so they only play with there tool.. the source for encrypting the iso are in there too.
From Abkarino (via Zadow28) comes the 3K3y Ripper (PC Software) hacked source code recovered, as follows:
You could build your own hardware interface to connect PS3 BD-ROM Drive to your PC to rip your games. The 3K3y special hardware is in only a cheap PATA To USB converter board with some modifications, and you can do it yourself. Also you could directly connect your PS3 Drive to your PC by soldering it to PATA bus a.k.a IDE cable and modify the power socket only. You can use the old leaked BD-ROM drive service manual for pinout (ps3devwiki.com/wiki/ODE).
This is a quick and dirty release for 3K3Y Ripper application including the full recovered source code. So you can build/modify your own version. All you will need is: .Net Framework Runtime v4.0
Message to 3K3Y Team: Do not stole glevand's work again Also do not forget to protect you applications using a good .Net protector like .Net Reactor to prevent me or any body else from recovering your codes. Hope that will help someone to do something useful in the future.
Abkarino (Mohammed Hassan)
To quote: Click the above-picture (HERE) to see a close-up view of the actual 3k3y BETA PCBoard, (the case on the PHAT PS3 used for demo, does not need to be cut-away, that was done on purpose for the video shown below), and the small black box to left is the usb hdd port, power and 3k3y LCD screen interface to select the PS3 ISO on your external USB HDD similar in style to their famous original X360key ODD emulator.
Now sit back and enjoy the video (download it http://www.mediafire.com/?rf4jxu1yizves1a) made by our Anonymous 3k3y Beta Tester (BTW, Many Thanks Whomever You Are!), as you nurse your video gaming body back into action from all those Happy New Year parties last night!
Below are a few more 3K3y videos / mirrors for those interested as well, from their page:
2013-01-03: 2 new 3k3y videos
As we are very close to shipping we decided to release 2 more product videos. We aim to have one of these great devices in your PS3 by the end of the month!
3k3y is the state of the art of PS3 drive emulation from the defacto leaders in drive emulation.
Play all PS3 games
Play all PS2/PS1 games*+
Plug n play installation
Compatible with all currently available OFW/CFW versions
Original 3k3y app for extracting drive key**
User friendly OSD interface for managing your 3k3y
Optional remote (compatible with Xk3y remote)
Powerful embedded Linux platform
Supports most popular file systems such as EXT2.3.4, Mac OS X and NTFS
Emulation and transparent passthrough modes
Both CPU and FPGA are fully in-system updatable
Sleek and beautiful Wifi interface***
Movie ISO playback+
Not manufactured in China****
* Requires compatible PS3.
** Currently fw =< 3.55 is required for extracting the drive key. After this the FW can be upgraded freely. This holds true for all ODEs, see below for more details
*** Requires Wifi dongle sold separately
**** That's why we can deliver despite CNY + This feature will be added in an upcoming firmware
Quantity 3k3y+Ripper 3k3y only Ripper Only Wifi dongle Remote
PS3 3K3y (3Key) stock available now
3K3y Fat Model version release on 2013-02-08 . Slim version will release soon
3K3y PCB Kit
3K3y Remote (optional)
3K3y Ripper PCB (optional)
Products developed by our team members, such as Xk3y, Wode, and Wiikey Fusion have outsold products in direct competition by a factor. The same thing goes for many of our other products such as Qoob and Wiikey.
The question many people are asking about it compatibility with various firmwares and PS3 models. Let us state the facts here, which are true for 3k3y as well as any other PS3 ODE:
Below is another brief update for those following:
2012-12-28: 3k3y status update
There has been some slight delays due to the holiday season, but the final hardware has now been tested, and samples will be sent to beta testers in the next few days. We anticipate that the product will start shipping in idle of January.
From ozmod: Pretty sure it will be phat only to begin with. Key extraction is still being worked on. When the forums open up, you can make your voice heard – as they are just prioritizing atm.