Page 4 of 67 FirstFirst ... 3451454 ... LastLast
Results 31 to 40 of 663

Thread: PS3 CEX (Retail) to DEX (Debug) Conversion Method is Released!

  1. #31
    sguerrini97 Guest
    Thank you I'm doing this right now.

  2. #32
    soitre Guest
    Thank you rikukh3, it helped me a lot.

  3. #33
    GotNoUsername Guest
    No you can't, you must be able to use linux and 3.56+ there is no way to use it , you must downgrade first (via Flasher).

    If you figure it out and it worked for you can someone write a tut for the noobs or a batch (or script for open ssl ?)

  4. #34
    rikukh3 Guest
    There's some little mistakes in tutorial, like:

    Use AES Encrypt to Encrypt EID0 Key Seed as data with EID Root Key as Key and EID Root IV as IV. The result contains from 0x10 to 0x20 the EID0IV and contains from 0x20 to 0x40 the EID0Key
    Correct would be 0x10-0x1F EID0IV and 0x20-0x3F is EID0Key.

    Build the CMAC (OMAC1) hash of the decrypted EID0 Section from 0x00 to 0xA8 with EID0 First Section Key as Key. The calculated hash has to be the same as the bytes in the decrypted EID0 Section from 0xA8 to 0xB8.
    0x00-0xA7 and hash is in 0xA8-0xB7

    I did it, it works great. If you willing to try yourself, I suggest to download this flashCEX.7z/flashDEX.7z from first page and try to get the same encrypted eid0 from cex as in flashDEX.7z

  5. #35
    sguerrini97 Guest
    To boot a game backup can we use a game .pkg like in geohot's custom firmware? And do homebrews (like file manager and FTP server) work on 3.55 DEX?

  6. #36
    sangimed Guest
    noob question: It's possible to do that with my ps3 slim ofw 4.20 ?

  7. #37
    sguerrini97 Guest
    I think that you need to downgrade at 3.55 because you can't encrypt / decrypt on 3.60+, and you can't dump or flash the NOR without a flasher.

  8. #38
    haze67 Guest

    Stick Out Tongue great hack.. kinda hard to pull off.. lol

    hi, hopefully anyone can give some feedback, tips

    installed the manual ubuntu way from gitbrew guide
    added the metldr from the ps3 into metldrpwn folder
    transferred to root folder in ubuntu (rebug otheros - no ss patches)

    in terminal:
    cd root
    cd metldrpwn
    sudo ./
    it finished without a problem, and dumped couple files:
    debug : pastie >>
    PPE id (0x0000000000000001) VAS id (0x0000000000000002)
    lv1_construct_logical_spe (0x00000000)
    SPE id (0x0000000000000033)
    lv1_enable_logical_spe (0x00000000)
    lv1_set_spe_interrupt_mask(0) (0x00000000)
    lv1_set_spe_interrupt_mask(1) (0x00000000)
    lv1_set_spe_interrupt_mask(2) (0x00000000)
    lv1_set_spe_privilege_state_area_1_register (0x00000000)
    ea (0xc000000001500000) esid (0xc000000008000000) vsid (0x0000408f92c94500)
    lv1_get_spe_interrupt_status(0) (0x00000000)
    lv1_get_spe_interrupt_status(1) (0x00000000)
    lv1_get_spe_interrupt_status(2) (0x00000000)
    lv1_get_spe_interrupt_status(0) (0x00000000)
    lv1_get_spe_interrupt_status(1) (0x00000000)
    lv1_get_spe_interrupt_status(2) (0x00000000)
    out interrupt mbox (0x0000000000000001)
    lv1_clear_spe_interrupt_status(2) (0x00000000)
    transferring EID0, ldr args and revoke list to LS
    waiting until MFC transfers are finished
    MFC transfers done
    out mbox (0x00000001)
    problem status (0x00000089)
    lv1_destruct_logical_spe (0x00000000)
    does it look OK, pls anyone verify for me, or i can upload incase needed

    dump 256kb (first 3 lines looks to be the eid_root_key?)
    if OK, then "new file" in HxD, copy the 3 lines from dump and "paste write" into new file - save as eid_root_key.bin and move on from there?

    eid0 4kb (all zero's-00)

    great stuff anyhow

    and thx for any help

  9. #39
    glack Guest

  10. #40
    haze67 Guest
    verified.. it's correct eid_root_key .. thx to you know who you are

    now the other part... any hints on this part guys... thx

    is aespipe used for AES encrypt? the original guide is kinda alien like, i bet they do with a blink of an eye...., any help on the command to put in terminal like:

    use AES Encrypt to Encrypt EID0 Key Seed as data with EID Root Key as Key and EID Root IV as IV

    aespipe -e/ aes256 eid_section_key_seed as data? bin file? -? eid_root_key-o root_iv key
    something like that right

Page 4 of 67 FirstFirst ... 3451454 ... LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts