85w ago - Today we received word from Dutch site OmbouWnederland.nl (ConsoleWinkel) of a rumor that a Sony PS3 Blu-ray drive emulation PCB is currently in development which will allow users to unlock their PlayStation 3 console without the use of Custom Firmware or dongles.
Reportedly they have been in contact with ChinaDistrib.com who stated a team (possibly the Wasabi or Drivekey team) is working on the PS3 Blu-ray drive emulation PCB that is slated for release later this year.
They have also speculated via e-mail that the project has been kept under tight wraps due to Sony being unable to stop this new PS3 hack via Firmware updates, meaning once it becomes public Sony's legal team will be on the warpath in full force.
Below are some concept pictures (not actual finished product pictures) from their site and the details, roughly translated as follows:
"PlayStation 3 drive emulation
No hacking, no flashing, no modding. Emulation is the future. A team is currently working on a new hack for the PlayStation 3.
The Blu-ray player, Sony's PCB has been cracked and costs can thus be gekloont. The team probably Wasabi or Wiikey team is currently working on this for the board to connect to an external HDD.
This can be downloaded games played as Wasabi360 and Xkey for the XBox 360.
A major retailer in China has also indicated that this year is released."
Finally, China Distribution has replied to an e-mail from hitman43 (via modcontrol.com/Board/187984-post1.html) as follows:
i didn't know anything about this product, i don't know why people ARE thinking we are behind this device,
It is unknown whether the person responding is unaware of the rumored PS3 Blu-ray drive emulation PCB in development, or if they are simply attempting to keep things quiet and avoid any legal hassles from Sony... only time will tell for sure.
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
I have now added the PS3 3K3y Keydumper v1.00 / v1.01 for PS3 3.55-4.31 CFW to the main article for those interested alongside a note from zecoxao as follows:
Download: http://www.mirrorcreator.com/files/2DGE45CY/3k3y-keydumper-v1.rar_links / http://www.mediafire.com/?4l27o19ockqlg6l by jarmster (Note: Leave a USB stick installed when you run the app, it puts a 1kb file called 3dump.bin on the stick containing the decrypted drive keys)
3k3y Ripp3r v1.01 Setup and User Guide: Windows software for ripping/decrypting/reencrypting PS3 disks. The user manual is included in the archive.
Fixed a bug that affected encryption/decryption of very large files.
From zecoxao: I bet people didn't even touch the implementation of http://dl.dropbox.com/u/35197530/libeeid.7z that naehrwert left us, and then these guys come, use flat_z's code to get the eid_root_key on hackables, and grab the necessary part of the code from libeeid to generate the eid4_key from it and decrypt the eid4. Bunch of freaking losers.
People, if you're that desperate to get the drive key (which is in eid4) just memdump eEID, get your eid_root_key with flatz's package and use my program which is adapted from naehrwert's code. you can even see for yourselves what's happening in the code. Don't forget to rename the eEID you get from your console's NOR/NAND to eid (without an extension) and place it on eid folder. same as key and iv (split them up with a hex editor).
You can then try that program and compare your decrypted eid4 with the pkg's dump, and realize it's the same crap.
Here we can see the keys used by the ripper (taken from: ps3devwiki.com/wiki/BD_Drive_Reverse_Engineering#Program and ps3devwiki.com/wiki/BD_Drive_Reverse_Engineering#Information_about_EID4):
The keys are in eid4, and yes, we DO need to decrypt it, or else Sony would be the biggest bunch of retards.. the eid4 key is used to verify the cmac hash of the first 0x20 bytes. Naehrwert's code seems to prove this:
omac1 basically spits out the digest of the secure communication channel keys. if you compare the digest with the last 16 bytes of eid4, it should match
Corrected some info. and apparently i was mistaken when i thought that 3Dump.bin contained the eid4 ENcrypted. it contains in fact eid4 DEcrypted. You still need to auth with the bd drive. that's the part Cobra/E3 figured out. we can do this normally with hacked consoles, but not with unhacked consoles.
So the ODE dumper package dumps the DEcrypted eid4, correct? now i understand. i was confused because i thought you said the eid4 ENcrypted was the same as 3Dump.bin.
From jarmster: The eid4 from running libeeid is a decrypted dump. The 3dump.bin is exactly the same. The eEID_Dumper.pkg dumps the encrypted eid4. And from the wiki: EID4 is of size 0x30 bytes: 0x0-0xf bytes = 1st key, 0x10-0x1f - 2nd key, 0x20-0x2f - CMAC-OMAC1 of EID4.
eid4 offset 303A0 - 303CF full nordump
first key = 0-f (key1?)
sec key = 20-2f omac hash(required just as cex2dex convert to calculate usin omac's)
now for 3dump.bin: (= encrypted eid4(0-2f)+eid_root_key(30-5f)
offset 0-1f = match original full nordump = offset 303a0-303bf (encrypted eid4)
offset 20-2f = sec key = match full nordump-encrypted eid4 = omac hash key
offset 30-5f = root_key per console key (also required to calculate+omac hash... real bdkey?
then we have zecoxao's program, it gives an erro on eid3 of missing stuff but it dumps also an "eid4d.bin"
offset 0-1f = decrypted eid4?! >>omac hash is match original nordump/encrypted eid4/3Dump.bin
should be different.. correct..?
From zadow28 on the 3K3y PKG file: pastebin.com/79V2KdTK
I'm not into VS very much, maybe the devs can have an look. It's the visual source/assembly code for the x3key ps3 software for pc. got there keys and even shows there iso disc codes, plus a lot more. I'm not an visual expert, so maybe there are some visual experts here. shows how the x3key acts like an Bulk. etc
The iso for x3key are crypted, so they only play with there tool.. the source for encrypting the iso are in there too.
From Abkarino (via Zadow28) comes the 3K3y Ripper (PC Software) hacked source code recovered, as follows:
This is a quick and dirty release for 3K3Y Ripper application including the full recovered source code. So you can build/modify your own version. All you will need is: .Net Framework Runtime v4.0
Message to 3K3Y Team: Do not steal glevand's work again Also do not forget to protect you applications using a good .Net protector like .Net Reactor to prevent me or any body else from recovering your codes. Hope that will help someone to do something useful in the future.
Abkarino (Mohammed Hassan)
Finally, from 3Key: 3k3y IRD files 2013-03-15 is a collection of IRD (Iso Rebuild Data) files for 3k3y. Use them to convert PSJB game dumps to full PS3 ISO.