Thread: PS3 HDD controller manipulation
PS3 HDD controller manipulation
Ok, if you're like me - You may have already thought that the PS3 HDD would've been easier to pry open if it wasn't encrypted.
So I've looked at this from a different angle:
Instead of decryption, why not control the HDD externally?
Since the PS3 tells the HDD where to go, and what to search for, I thought about taking some wires over to the HDD controller board and messing around.
We may be able to inject "data" onto the hard drive already, but we haven't been able to run it.
Let's say this is our HDD table:
Ok, our music.mp3 could be what we've "injected"
So while our HDD is still in the PS3, we could have some external wires from it at the same time.
We tell the PS3 to load music.mp3 INSTEAD of folder1/data.pkg
We could not only manipulate HDD commands, but also PROBABLY pick up data patters, meaning the PS3's "LOOK HERE, OR THERE" commands.
Possibly leading to full decryption or similar.
This seems all to easy but I do not have the tools to do this.
But I'll see what I can get on ebay guys, I'll keep you posted.
PS3 decryption key -------(cable)------- HDD controller --- HDD platters
The data on the platters is encrypted. To "inject" data onto the them, wouldn't you would have to go back to the start of the line (PS3 decryption key) ?
If a HDD Controller would be the one who de- /encrypt everything, we would have the key by now for that.
The de-/ encryption takes place before you can even think about messing with your wires.
Another factor you have to think about is the SATA bus, how fast should your external wire+controller combination be in the end to inject data into the dataflow... you know how fast SATA is, dont you?
Here is what I meant.
Sorry, I must've said it the wrong way.
We "inject" data by simply using our way of copying from a thumbdrive onto the HDD, and it's decrypted during startup.
I wasn't actually saying inject data through the HDD controller, I'm saying controlling the HDD itself using the controller and some external wires.
I've made a diagram of what I mean below:
Do you even know what you are talking about here? I am glad your enthusiastic but seriously.
Seriously do what you gotta do ionbladez!
Quick question ionbladez as they were talking about this thread on IRC today... you mention being able to control the PS3 HDD externally and "full decryption" but what is your goal exactly?
As I'm sure you're aware the NDT/KnightSolidus apps can do that, and as all PS3 HDD's are interchageable once decrypted if (for example) a HDD-related exploit was found then we could create an image that would work for all PS3s... meaning end-users would just have to encrypt it for their consoles.
Of course no such exploit exists unfortunately, so the above is just a wild example.
Well, plain and simple.
We're going to take control of what the HDD does instead of the PS3,
That's what I'm talking about.
We have full control over the HDD just as much as the PS3 does.
We can send commands to it JUST LIKE the PS3.
There is no patch for hardware control, They would never be able to detect one read from another on the PS3.
This is what I mean: Control the HDD externally, and let the PS3 read/write where WE WANT IT TO.
Anyone get it so far?
lol, I know it can be done, so let's not give up hope.
BTW: MY proxy is still sitting around, haven't had time this week, but I will tomorrow or Tuesday for sure.
Just an idea as im not expert, or hell even a novice when it comes to decryption. could it be possible by intercepting data coming and going to the hdd; to send a series of known files to the hdd by copying them from a flash device in the XMB, and compare the original to the encrypted files to learn the encryption?
or do we already know they just dont have the ability?
It wouldn't be that easy - We'd have to see exactly where the files are placed on the harddrive as well as length,
Like: Sector, Block, etc. Even the PS3's hdd index is encrypted. So we couldn't mess with that if we wanted to..