Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: PS3 HDD controller manipulation

  1. #1
    ionbladez Guest

    Cool PS3 HDD controller manipulation

    Ok, if you're like me - You may have already thought that the PS3 HDD would've been easier to pry open if it wasn't encrypted.

    So I've looked at this from a different angle:

    Instead of decryption, why not control the HDD externally?

    Since the PS3 tells the HDD where to go, and what to search for, I thought about taking some wires over to the HDD controller board and messing around.

    We may be able to inject "data" onto the hard drive already, but we haven't been able to run it.

    Let's say this is our HDD table:


    Ok, our music.mp3 could be what we've "injected"

    So while our HDD is still in the PS3, we could have some external wires from it at the same time.
    We tell the PS3 to load music.mp3 INSTEAD of folder1/data.pkg

    We could not only manipulate HDD commands, but also PROBABLY pick up data patters, meaning the PS3's "LOOK HERE, OR THERE" commands.

    Possibly leading to full decryption or similar.

    This seems all to easy but I do not have the tools to do this.

    But I'll see what I can get on ebay guys, I'll keep you posted.

  2. #2
    DSpider Guest
    Quote Originally Posted by ionbladez View Post
    We may be able to inject "data" onto the hard drive already, but we haven't been able to run it.
    How can you "inject" data into an ecrypted HDD with some external wires from it ?

    PS3 decryption key -------(cable)------- HDD controller --- HDD platters

    The data on the platters is encrypted. To "inject" data onto the them, wouldn't you would have to go back to the start of the line (PS3 decryption key) ?

  3. #3
    iCEQB Guest
    If a HDD Controller would be the one who de- /encrypt everything, we would have the key by now for that.
    The de-/ encryption takes place before you can even think about messing with your wires.

    Another factor you have to think about is the SATA bus, how fast should your external wire+controller combination be in the end to inject data into the dataflow... you know how fast SATA is, dont you?

  4. #4
    ionbladez Guest

    Here is what I meant.

    Sorry, I must've said it the wrong way.

    We "inject" data by simply using our way of copying from a thumbdrive onto the HDD, and it's decrypted during startup.

    I wasn't actually saying inject data through the HDD controller, I'm saying controlling the HDD itself using the controller and some external wires.

    I've made a diagram of what I mean below:

  5. #5
    plains203 Guest
    Do you even know what you are talking about here? I am glad your enthusiastic but seriously.

  6. #6
    semitope Guest
    Quote Originally Posted by plains203 View Post
    Do you even know what you are talking about here? I am glad your enthusiastic but seriously.
    Who cares if he knows what he is talking about? Seeming like everybody has an equal chance of hacking this thing now anyway. My theory I am working with now involves water and a lightening strike. The latter is hard to control but I am still hoping. Should be able to decrypt everything when I am done..

    Seriously do what you gotta do ionbladez!

  7. #7
    Join Date
    Apr 2005


    Quick question ionbladez as they were talking about this thread on IRC today... you mention being able to control the PS3 HDD externally and "full decryption" but what is your goal exactly?

    As I'm sure you're aware the NDT/KnightSolidus apps can do that, and as all PS3 HDD's are interchageable once decrypted if (for example) a HDD-related exploit was found then we could create an image that would work for all PS3s... meaning end-users would just have to encrypt it for their consoles.

    Of course no such exploit exists unfortunately, so the above is just a wild example.

  8. #8
    ionbladez Guest
    Well, plain and simple.

    We're going to take control of what the HDD does instead of the PS3,

    That's what I'm talking about.

    We have full control over the HDD just as much as the PS3 does.

    We can send commands to it JUST LIKE the PS3.

    There is no patch for hardware control, They would never be able to detect one read from another on the PS3.

    This is what I mean: Control the HDD externally, and let the PS3 read/write where WE WANT IT TO.

    Anyone get it so far?

    lol, I know it can be done, so let's not give up hope.

    BTW: MY proxy is still sitting around, haven't had time this week, but I will tomorrow or Tuesday for sure.

  9. #9
    grudge1981 Guest


    Just an idea as im not expert, or hell even a novice when it comes to decryption. could it be possible by intercepting data coming and going to the hdd; to send a series of known files to the hdd by copying them from a flash device in the XMB, and compare the original to the encrypted files to learn the encryption?

    or do we already know they just dont have the ability?

  10. #10
    ionbladez Guest
    It wouldn't be that easy - We'd have to see exactly where the files are placed on the harddrive as well as length,

    Like: Sector, Block, etc. Even the PS3's hdd index is encrypted. So we couldn't mess with that if we wanted to..

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts