3k3y Ripp3r v1.01 Setup and User Guide: Windows software for ripping/decrypting/reencrypting PS3 disks. The user manual is included in the archive.
Fixed a bug that affected encryption/decryption of very large files.
From zecoxao: I bet people didn't even touch the implementation of libeeid that naehrwert left us, and then these guys come, use flat_z's code to get the eid_root_key on hackables, and grab the necessary part of the code from libeeid to generate the eid4_key from it and decrypt the eid4. Bunch of freaking losers.
People, if you're that desperate to get the drive key (which is in eid4) just memdump eEID, get your eid_root_key with flatz's package and use my program which is adapted from naehrwert's code. you can even see for yourselves what's happening in the code. Don't forget to rename the eEID you get from your console's NOR/NAND to eid (without an extension) and place it on eid folder. same as key and iv (split them up with a hex editor).
You can then try that program and compare your decrypted eid4 with the pkg's dump, and realize it's the same crap.
Here we can see the keys used by the ripper (taken from: ps3devwiki.com/wiki/BD_Drive_Reverse_Engineering#Program and ps3devwiki.com/wiki/BD_Drive_Reverse_Engineering#Information_about_EID4):
The keys are in eid4, and yes, we DO need to decrypt it, or else Sony would be the biggest bunch of retards.. the eid4 key is used to verify the cmac hash of the first 0x20 bytes. Naehrwert's code seems to prove this:
omac1 basically spits out the digest of the secure communication channel keys. if you compare the digest with the last 16 bytes of eid4, it should match
Corrected some info. and apparently i was mistaken when i thought that 3Dump.bin contained the eid4 ENcrypted. it contains in fact eid4 DEcrypted. You still need to auth with the bd drive. that's the part Cobra/E3 figured out. we can do this normally with hacked consoles, but not with unhacked consoles.
So the ODE dumper package dumps the DEcrypted eid4, correct? now i understand. i was confused because i thought you said the eid4 ENcrypted was the same as 3Dump.bin.
3K3y Key Dumper
Here is the Key dumping Application to on a Ps3 with CFW. This will only work for Fat consoles. You must have a FAT32 USb stick in the first port on your PS3, it will generate a file called 3Dump.bin This is what goes on your micro sd card, or loaded into the Ripper application.
Please note you need Peek and Poke enabled in your CFW to run this app, this is usually enabled by default. Cobra CFW doesn't allow you to run this file so you will need to flash to something else if you are on this.
From jarmster: The eid4 from running libeeid is a decrypted dump. The 3dump.bin is exactly the same. The eEID_Dumper.pkg dumps the encrypted eid4. And from the wiki: EID4 is of size 0x30 bytes: 0x0-0xf bytes = 1st key, 0x10-0x1f - 2nd key, 0x20-0x2f - CMAC-OMAC1 of EID4.
eid4 offset 303A0 - 303CF full nordump
first key = 0-f (key1?)
sec key = 20-2f omac hash(required just as cex2dex convert to calculate usin omac's)
now for 3dump.bin: (= encrypted eid4(0-2f)+eid_root_key(30-5f)
offset 0-1f = match original full nordump = offset 303a0-303bf (encrypted eid4)
offset 20-2f = sec key = match full nordump-encrypted eid4 = omac hash key
offset 30-5f = root_key per console key (also required to calculate+omac hash... real bdkey?
then we have zecoxao's program, it gives an erro on eid3 of missing stuff but it dumps also an "eid4d.bin"
offset 0-1f = decrypted eid4?! >>omac hash is match original nordump/encrypted eid4/3Dump.bin
should be different.. correct..?
From zadow28 on the 3K3y PKG file: pastebin.com/79V2KdTK
I'm not into VS very much, maybe the devs can have an look. It's the visual source/assembly code for the x3key ps3 software for pc. got there keys and even shows there iso disc codes, plus a lot more. I'm not an visual expert, so maybe there are some visual experts here. shows how the x3key acts like an Bulk. etc
The iso for x3key are crypted, so they only play with there tool.. the source for encrypting the iso are in there too.
From Abkarino (via Zadow28) comes the 3K3y Ripper (PC Software) hacked source code recovered, as follows:
You could build your own hardware interface to connect PS3 BD-ROM Drive to your PC to rip your games. The 3K3y special hardware is in only a cheap PATA To USB converter board with some modifications, and you can do it yourself. Also you could directly connect your PS3 Drive to your PC by soldering it to PATA bus a.k.a IDE cable and modify the power socket only. You can use the old leaked BD-ROM drive service manual for pinout (ps3devwiki.com/wiki/ODE).
This is a quick and dirty release for 3K3Y Ripper application including the full recovered source code. So you can build/modify your own version. All you will need is: .Net Framework Runtime v4.0
Message to 3K3Y Team: Do not stole glevand's work again Also do not forget to protect you applications using a good .Net protector like .Net Reactor to prevent me or any body else from recovering your codes. Hope that will help someone to do something useful in the future.
Abkarino (Mohammed Hassan)
To quote: Click the above-picture (HERE) to see a close-up view of the actual 3k3y BETA PCBoard, (the case on the PHAT PS3 used for demo, does not need to be cut-away, that was done on purpose for the video shown below), and the small black box to left is the usb hdd port, power and 3k3y LCD screen interface to select the PS3 ISO on your external USB HDD similar in style to their famous original X360key ODD emulator.
Now sit back and enjoy the video (download it HERE) made by our Anonymous 3k3y Beta Tester (BTW, Many Thanks Whomever You Are!), as you nurse your video gaming body back into action from all those Happy New Year parties last night!
Below are a few more 3K3y videos / mirrors for those interested as well, from their page:
2013-01-03: 2 new 3k3y videos
As we are very close to shipping we decided to release 2 more product videos. We aim to have one of these great devices in your PS3 by the end of the month!
3k3y is the state of the art of PS3 drive emulation from the defacto leaders in drive emulation.
Play all PS3 games
Play all PS2/PS1 games*+
Plug n play installation
Compatible with all currently available OFW/CFW versions
Original 3k3y app for extracting drive key**
User friendly OSD interface for managing your 3k3y
Optional remote (compatible with Xk3y remote)
Powerful embedded Linux platform
Supports most popular file systems such as EXT2.3.4, Mac OS X and NTFS
Emulation and transparent passthrough modes
Both CPU and FPGA are fully in-system updatable
Sleek and beautiful Wifi interface***
Movie ISO playback+
Not manufactured in China****
* Requires compatible PS3.
** Currently fw =< 3.55 is required for extracting the drive key. After this the FW can be upgraded freely. This holds true for all ODEs, see below for more details
*** Requires Wifi dongle sold separately
**** That's why we can deliver despite CNY + This feature will be added in an upcoming firmware
Quantity 3k3y+Ripper 3k3y only Ripper Only Wifi dongle Remote
1k and up USD63 USD52 USD13 USD10 USD20
500pcs USD67 USD55 USD15 USD10 USD22
250pcs USD70 USD60 USD15 USD12 USD25
100pcs USD75 USD65 USD16 USD14 USD27
Retail Price: US $129.00 ( Ripoff Markup! )
PS3 3K3y (3Key) stock available now
3K3y Fat Model version release on 2013-02-08 . Slim version will release soon
3K3y PCB Kit
3K3y Remote (optional)
3K3y Ripper PCB (optional)
Products developed by our team members, such as Xk3y, Wode, and Wiikey Fusion have outsold products in direct competition by a factor. The same thing goes for many of our other products such as Qoob and Wiikey.
The question many people are asking about it compatibility with various firmwares and PS3 models. Let us state the facts here, which are true for 3k3y as well as any other PS3 ODE:
Currently a firmware <= 3.55 is required for drive key extraction. We are very close to completing a relatively user friendly hardware method for extracting keys from PS3's on any firmware. Until we have it working in a commercial environment we will not promote this as a feature, even though it is very likely to happen in the immediate future.
As of now there are no PS3 ODEs that works with a PS3 that cannot be put on 3.55 firmware for key dumping. Period.
3k3y was developed for the fat ps3, which is supported out of the box. Now when the hardware is finished we will start working on adapter boards for the Slim models which do not have the drive controller integrated on the motherboard.
Once that is done we will look into whether is it possible to make an adapter board for the Slims with integrated controller that can be installed with a reasonable effort.
Due to the size constraints and different interface (SATA instead of PATA) we have developed a super small hardware especially for the Super Slim model. Final testing and release will commence once we have hardware key extraction working.
ISO file format
3k3y, as well as any other sane ODE uses a full ISO file. Scene releases were in this format up until the jailbreak dongle came along. Currently it is more popular to release the decrypted file system, as it may be smaller than a full ISO.
However, decrypted file system backups lacks essential data necessary to emulate the disk properly and are very easy for Sony to detect on PSN. In fact Sony has made a public statement warning PSN users about this. We are currently looking into the possibility of creating software to recreate the ISO from decrypted dumps, but this is WIP.
This is an essential feature as the full ISO is needed. We have high speed hardware that connects to Mac or PC and dumps a full size ISO in no time. Its right here and now.
An upcoming firmware for 3k3y will include in-system disk ripping, but disk ripping with 3k3y or any other ODE will be extremely slow compared to using our dedicated hardware.
To avoid delays and missing out on sales please contact us ASAP. Both 3k3y and Xk3y are time consuming and labor intensive to manufacture. We need timely forecasts to avoid disappointments.
Additionally, the first 3K3y ODE iSO release appears to have surfaced under the name PlayStation.All-Stars.Battle.Royale.READNFO.ISO.PS3-TL with details below from the PS3 NFO file:
\\__ ___/| |
| | | |
| | | |___
|____| |_______ \\
PlayStation All-Stars Battle Royale is free-for-all brawler showcasing the best and brightest of PlayStation\'s characters and worlds. From Kratos to Sly Cooper, Sweet Tooth to Parappa the Rapper, Sony characters from all over the gaming spectrum are brought together in a fighting adventure that\'s both easy to play, and hard to master. Take the battle online for competitive multiplayer action, or go head to head with a group of friends on the couch and prove once and for all who\'s really the best!
This ISO is for use on a ODE (Optical Drive Emulator) like a 3k3y which will be released soon and enable playing of backups on all
Ripped using 3k3y Ripper application. Full ISO, not recreated from scene release.
Please note that tools that will recreate an ISO from a scene release might be handy, but will probably not be safe as it will be missing
vital information that Sony can detect online.
Please be careful when these tools are released.
Greets to: JCJK & 3k3y team.
JCJK & 3k3y team
From CaptainCPS-X: Size difference between old ISOs and new ISOs - From my experience coding my personal (unreleased) disc reading library for Windows, from what I understand, I will assume that the size difference its because the ISO is not really created following the ISO9660/MODE1/2048 (+UDF/Joliet/...) standard, but probably created as ISO9660/MODE1/2352 (+UDF/Joliet/...) or BIN (binary). So each sector will have 'synchronization data', and 'Error Check Data', found on Discs to allow recovery / re-creation of sector data in case of Disc Surface damages and such.
Such 'extra' data located on ISO/MODE1/2352 BIN (binary) disc images is not so evident on regular old school CD (700mb) images, size of the ISO/MODE1/2048 version of it will always be less. I bet they didn't even include a .CUE file as well, since they are "probably" not following any standard.
Anyway, ISO9660 disc images in binary form should always be named .BIN and include a .CUE file. There is a probability that I am wrong, maybe it is some kind of new ISO that doesn't follow any Standards (I really doubt it ), but I will try to acquire the released "ISO" to verify it myself. I hope that if my theory is right, these release groups choose to release future disc images as BIN/CUE, just to avoid any confusion with already circulating ISOs.
Reason to Release new "ISO"s - I doubt that the reason of releasing such "ISO"s is because Sony could detect regular ISO/MODE1/2048 (LOL ). The Cobra Optic Drive Emulator, was probably designed to read data as the real BD-Drive reads it, so when it cannot find the original 'synchronization data', 'header', 'error check data', etc... it will most probably give read error.
Just to confirm my point, I made a custom disc image following ISO9660/MODE1/2352 standard of "BCES01435-[PlayStation All-Stars Battle Royale]", and the resulting size is 6.75 GB, very similar indeed to the one released by "TL" group. If I made the custom disc image as ISO9660/MODE1/2048 then the resulting size would be approx. 5.84 GB.
I just need to acquire one piece of the release made by "TL" and I will be able to confirm if the ISO is a BIN named and published incorrectly without proper CUE. The difference between their size is approx. 13.48% [ ((6.75 - 5.84) / 6.75) * 100 ]. So if this difference rate is same in all PS3 disc images ripped as ISO/MODE1/2352, then a 40 GB game would have approx. 5.39 GB more when saved as BIN/CUE. SeeYa!
Still can't get too excited at tearing apart a PS3 console, soldering tiny wires inside and requiring additional hardware to play PS3 games with the advent of PlayStation 3 Custom Firmware a few years ago though.
From zadow28 on the 3K3y PKG file: pastebin.com/79V2KdTK
I'm not into VS very much, maybe the devs can have an look. It's the visual source/assembly code for the x3key ps3 software for pc. got there keys and even shows there iso disc codes, plus a lot more. I'm not an visual expert, so maybe there are some visual experts here. shows how the x3key acts like an Bulk etc.
Finally, HERE is a 3K3y PS3Dec (alternative encryptor/decryptor) from bubba (aka red_meryl) for those interested!
From 3Key: 3k3y IRD files 2013-03-15 is a collection of IRD (Iso Rebuild Data) files for 3k3y. Use them to convert PSJB game dumps to full PS3 ISO.
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
Yeah it can be patched, specially that BD drive had it's own firmware and it is highly updatable every PS3 update, unlike xbox360 and Wii which is not really that feasible to update with.
as far as I know, 3key intercept the communication between the BD drive and the PS3's Motherboard. If 3Key emulates the blu-ray drive itself by making a copy of the BD Drive's firmware with everything, then it's highly unlikely to be patched via software.
Just because it isn't stupid-proof, doesn't mean its crap. DEX allows you to do much more and its brick can be recovered by using a Flasher, actually, you can easily avoid it by reading tutorials and not being mentally challenged.
you forgot the important thing. You cant run unsigned code on Official Firmware, also it makes the private keys we have in 3.55 or lower blocked. So how the hell they can execute it, you are even required to downgrade to 3.55 just to grab the BD keys.
Well unless you are in DEX, maybe all of those doesn't matter anymore since you can execute signed and unsigned codes.