PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

April 10, 2013 // 12:44 am - Following up on the PS3 IDPS Proj3ct, today PlayStation 3 developer Joris (aka JorisD33) has made available PS3 IDPS Changer version 1.1 followed by v1.3 and IDPSet v0.6 and some updates with details below.

Download: PS3 IDPS Changer v1.1 / PS3 IDPS Changer v1.1 (Mirror) / PS3 IDPS Changer v1.3 / IDPS_Changer.zip (Latest Version) / idpstool.pkg / IDPSet_v0.6.pkg (IDPSTool and IDPSet by Zar to change PS3 IDPS) / IDPSet_v0.62.pkg / IDPSet_v0.75.pkg / IDPSet_v0.76.pkg / IDPSet_v0.77.pkg / IDPSet_0.78.pkg / IDPSet_v0.79.pkg / IDPSet_v0.80.pkg / IDPSet_0.82.pkg / IDPSet_v0.83.pkg / IDPSet_v0.84.pkg / IDPSet_v0.85.pkg / IDPSet_v0.86.pkg / IDPSet_v0.87.pkg by Zarh / EIDROOT.rar by Joonie

From the ReadMe File: What do this application do?

This application will change your IDPS and optionally your MAC address into your flash dump.

How can I use it?

Just put a VALID(!) NOR/NAND dump called dump.bin and your eEID Root Key called eid_root_key.bin into the same directory, run the program and enter your new IDPS.

Your modified dump will be created as dump_patched.bin, you just have to flash it back to your console.

How can I dump my eEID Root Key?

http://www.ps4news.com/ps3-hacks-jailbreak/ps3-eeid-rkdumper-from-gameos-pkg-by-flat-z-is-now-available/

How can I dump my flash?

  • Hardware flasher (E3, Teensy, Progskeet...)
  • Multiman
  • ...



How can I byte-reverse my dump?

Flowrebuilder: FlowRebuilder v.4.2.3.0.exe / FlowRebuilder v.4.2.3.0.exe (Mirror)

4.2.3.0 Changelog:

  • added support to manage NAND preloader dumps
  • message user about the type of dump
  • message the user if bootloader are missing
  • auto-recognize if dump is normal or byte swapped and automanage them

If you byte-reverse your dump before using this application, remember to byte-reverse it back after the procedure.

CHANGELOG 1.0:

  • Initial release

From haz367: proper eid0 section/part conversion so the new idps at least has correct values after it (cex2dex offsets 002F090-2F14F//omac hash)

offset 2F077/2F07F (new idps)

offsets/block: 2F090-2F14F - new values calculated/added to have valid idps change? at least better then only changing IDPS line

offset 303D7/303DF (new idps)

offset 3F040-3F045 (new mac)

tested offline and trashed with my own dumps. not needed but people deserve second change right, only need to brick another PS3 to get new idps. great share for that.

Update: PS3 IDPS Changer v1.3 Changelog: Here is the latest version of this sweet little app. I had troubles using all versions prior and now I have permanently installed new IDPS on over 30 systems. Make sure you have openssl installed via cygwin, enable XP SP2 compatibility on openssl.exe. Then grant admin access to openssl.exe as well as IDPS Changer then drop these files in the cygwin directory to ensure all the needed dll files are present.

Name your eEID Root Key - eid_root_key.bin (obtained via FW 3.55)
Name your NOR/NAND dump - dump.bin

Then place these in the cygwin folder as well with the other stuff we just installed/added

Then simply run the IDPS Changer.exe and follow instructions, this also allows changing of your MAC address. After the app is done simply rename the dump_patched.bin to the following depending on your flash type NAND or NOR.

Nor model = CEX-FLASH.FULL.EID0.NORBIN

Nand model = CEX-FLASH.FULL.EID0.NANDBIN

Once you have named the file copy on to a flash drive and open mM and go to mMOS then open the drive with the newly patched dump. Double click on it and wait for it to install. Once done reboot your system and go back to mM and the settings and look at your new MAC/IDPS on your freshly unbanned PS3.

Update #2: IDPSTool become IDPSet v0.6 is now available (linked above) by Zar from the PS3Gunz French site.

With this new version, you can permanently change your console IDPS (NAND and NOR). You just have to run IDPSet on your CFW (with Eid Root Key and valid IDPS on your USB key).

Finally, Zarh made available IDPSet v0.62 PKG with the following updates and further revisions:

  • added the default paths of FLATZ's eid_root_key dumpers
  • added a check of eid_root_key
  • and now it's display the region matching with the target ID
  • fix name of dumps

IDPSet v0.75 / v0.76 Changelog:

  • Support fw 4.65
  • New UI
  • Remove PSID stuff (it's useless)
  • Remove Save/load to/from file (it's useless)
  • New option: Convert to DEX/CEX only for rebug
  • New option : "Dump eid_root_key" only for cex fw: 4.65, 4.53, 4.50, 4.46, 4.21 to "/dev_usb000/eid_root_key" else "/dev_hdd0/tmp/eid_root_key"

IDPSet v0.77 Changelog:

  • better check on rebug firmware
  • added swap kernel in ros1 too
  • added check if syscall lv2 peek&poke are available

IDPSet v0.78 Changelog:

Indeed, sorry i forgot to tell you v0.78 is out.. I hope this one will be the last update

IDPSet v0.79 Changelog:

Hi, I have updated IDPSet to v0.79: Changelog since last official release of v0.62

  • Add : version nb in TITLE
  • Add : progress bar
  • Add : nouveau UI
  • Removed : all PSID stuff
  • Removed : save/load from/to file
  • Add : "dump eid_root_key" only for 421C, 450C, 446C, 453C, 465C (ty flatz and zecoxao)
  • Add : "Convert to DEX/CEX" only for rebug
  • Add : "Make CEX/DEX dumps" is faster
  • Add : support fw 4.65 (4.66 too btw)

Previous changes from v0.62:

  • Added the default paths of FLATZ's eid_root_key dumpers
  • Added a check of eid_root_key
  • And now it's display the region matching with the target ID
  • Fix name of dumps

The idps.bin and eid_root_key must be in the root of the USB.

Known issue:

Dumps & the root_key file have the attribut "system", i don't know why, and i don't know how to remove it with the ps3 system. But here the cmd to remove it with windows.

[Register or Login to view code]

I've made a batch for the lazy ones: remove_attrib.bat. Just put this file in the root of usb and click on it. it will remove all the attributes.

Thanks to all testers.

PS: If someone know why these files have this fcking "system" attribute or how i can remove it, plz help me

IDPSet v0.80 Changelog:

Thanks to badboy and matsumoto, i have updated to v0.80:

Changelog v0.80:

  • The dumps no longer have the attribute "system"

Changelog v0.82:

I have updated IDPSet to v0.82 thanks to baileyscream and jonnyjaeger

NEW Changelog - version 0.82:

  • Fix: No more freeze when making CEX&DEX dumps with a DEX system

Changelog v0.83 (JAN/3/15):

  • Fix: random freeze

I fixed random freezes described by Tactik-knife. Thanks.

Changelog v0.84 (FEB/21/15):

  • Added: Swap of "software_update_plugin.sprx"

Changelog v0.85 (JUL/26/15):

  • Added: Background image (a PNG is: /USRDIR/BG.PNG)
  • Added: Homebrew is compatible with fw 4.70 and 4.75
  • Added: The dumper for the root key is compatible with fw 4.70C, 4.70D and 4.75

This is just a little update to support new firmware.

Changelog v0.86 (JUL/27/15):

  • fix: no more freeze when you dump your key for firmware under 4.65.

FYI. I wasn't in hurry because you still can do it wit the rebug toolbox (that's also why i didn't ported it to every fw) but just to have something proper, I think I solved this issue with this update, can you try ?

Changelog v0.87 (SEP/23/15): (adds 4.75 DEX support)

  • Added : fw independent
  • Added : root key dumper 4.75D (thanks to Joonie who ported it)
  • Added : more message in the log to be more aware of what's going on and also to allow me to know precisely what's causing some 'random' freeze (thanks to your feedbacks ofc)

Note:

  • The root key dumper and Converter are not fw independent
  • We can't write PSP IDPS in the EID0 without bricking the system.


PS3 IDPS Changer v1.1 Homebrew Application is Now Available

PS3 IDPS Changer v1.1 Homebrew Application is Now Available

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew.



#26 - PS4 News - October 15, 2012 // 8:04 pm
PS4 News's Avatar
Following up on the previous PS3 IDPS update, today PlayStation 3 homebrew developer Rnd (aka RndRandomizer) has released a Request IDPS Generator version 1.0.0.0 with details below.

Download: PS3 Request IDPS Generator v1.0.0.0

From the ReadMe file: REQUEST IDPS Generator - v1.0.0.0 - Rnd

v1.0.0.0:

  • Initial Release

Features:

  • Generate a request_idps file
  • Get PerConsole Data (board ID, cid, ecid, kiban ID, ckp2_data, ckp_management_id)

Usage:

Just get your NAND/NOR dump and drop it in this application.

No more need for re-flashing the whole dump in order to convert EID.

Simply it makes it easier to use it with ObjectiveSuites-SetIdps and you dont have to gether it from Sony's server.

Put request_idps.txt in Temp folder in ObjectiveSuites, to set your request_idps and you are done with flashing the new EID.

I'm not responsible for ANY DAMAGE it may cause! USE AT YOUR OWN RISK!

P.S. If somebody has a script to get the EID with ObjectiveSuites, I would be very kind if you could let me know, I will update the application.

Sincerely,
Rnd

Contact me at RndRandomizer

Finally, from zecoxao: Found it, now we can make our own request_idps files

request_idps.txt (hex) info by Scorpion2k7

name Start offset Size (byte)

per_console_serial 0 8
header 8 96

- Header structure

bytes description
4 number of file (5)
4 lenght of entire file (value-8)
8 unknown (00 03 00 04 00 00 00 00)
(file table)
4 file position 1 (value-8)
4 file lenght 1
8 file id 1
4 file position 2 (value-8)
4 file lenght 2
8 file id 2
...
...

- File info

File 1 - 16 bytes - 00 12 00 02 00 00 00 00 00 00 00 00 00 00 00 00
File 2 - 2144 bytes - EID0
File 3 - 128 bytes - EID2 PBLOCK
File 4 - 48 bytes - EID4
File 5 - 2560 - EID5

Finally, below is a brief guide from Abkarino as follows:

1 - Dump you NAND/NOR flash using a memDump tool or Hardware flasher if you have a higher firmware.
2 - Drag this dump into Request IDPS generator tool to generate the request_idps.txt file.
3 - Set your PC IP Address to: 192.168.0.100 and sub net mask to 255.255.255.0.
4 - Enter a FSM using any dongle/software method you like.
5 - Connect your PS3 to your PC directly using Ethernet cable.
6 - Find the old leaked CEX2DEX conversion tools that contains ObjectiveSuite-SetIDPS.
7 - copy all files from conversion folder into flash drive and put it in the right USB slot in your PS3.
8 - in your PC start copy the generated request_idps.txt into the TEMP folder inside the ObjectiveSuite-SetIDPS folder.
9 - Start ObjectiveSuite.exe then power up your PS3.
10 - Wait for about 1 min and you will see a "PASS" message in ObjectiveSuite.
11 - Now turn off your console.
12 - Flash any 3.55 CFW DEX.
13 - While in FSM remarry your BD Drive using 3.30 DEX PUP + 3.55 Remarry tools from Wiki.
14 - Exit from FSM and now you have a fully functional DEX machine.

From eussNL via IRC: patch SSL, use REQUEST IDPS Generator, lay back bored (since what happens with SetIDPS isn't really a true conversion, because you just write your own EID to the NOR/NAND).

More PlayStation 3 News...

#25 - cfwprophet - March 28, 2012 // 3:17 am
cfwprophet's Avatar
PCK is EID key. Let me explain: per_console_key_1 = eid_root_key / per_console_key_2 = eid0_key and so on.

You wont need to enter something into the app. Just put the files into the folder of the app and hit some buttons. To time it will be pck and a dump of your nand/nor or the eeid it self. The tool will guid you truth the whole process how to optain those two files and have everything you need inside like the cygwin installer or the dump_flash.pkg.

It will be automated and userfrindly as much as it can.

For sure i will release also the source code and all files i have used and i will post new infos and keys not puplic released yet.

#24 - 1one - March 26, 2012 // 3:48 pm
1one's Avatar
Cfwprophet,

Are we going to have to enter our console eid root key into your GUI tool to get the pck?

#23 - cfwprophet - March 26, 2012 // 1:08 pm
cfwprophet's Avatar
I will release when everything is done and user frindly. I dono see a reason to release ACID CFW when it in first was a Retail/Debug hybried and now im working on the convertion of Retail to Debug Consoles. So i will release ACID CFW together with the convertion tool for cex2dex tool and do a reall full functional Debug CFW.

To time im testing a lot of stuff and coding the idps-tool app together with end user gui version. the Tool will be able to guid you truth the whole process and have a lot of buttons so you mostly only need to do a click and get your pck calculated, eid decrypted - patched and re- encrypted and a request_idps.txt generated.

Im working alone cause it seems the most coders of the scene are not interested in to help and others who allready also know what to do wont tell and also wont help us.

But just be a bit patient and i will do my job as good as i can and at it the end a lot of users will be surprissed what a debug ps3 in conclution with target manager and a few tricks will be possible.

#22 - Blade86 - March 24, 2012 // 3:09 pm
Blade86's Avatar
Thank you so much for answering me. !!BIG THX!!

At all the peace-breakers: I cannot share the bad mood in here... Even if cfwprophet doesnt give you/us your/our wished tools there is no need to front him.

At least they (cfwprophet, nabnab) take their time 2 EXPLAIN the users, why a method is not what it looks like. With their knowledge, they acctually dont need to waste their time in helping us, especially when the most of the users cannot do anything with the infos.

BUT there are some users, for whom their effort is a BIG help, so plz let them "talk"

I just cannot see it, why 1 team (our scene) cannot hold together and just wanted to bring some peace in here..

Cheers
Blade

#21 - Portalcake - March 22, 2012 // 1:06 am
Portalcake's Avatar
Quote Originally Posted by cfwprophet View Post

Then also pls keep away with rebug. Even if you change the to time change able 2 idps's and run a dex kernel on rebug... you can't use the debugger mode, you cant use target manager, you can't use the special downgrader pup's and jump between FW's as you want, you can't use BD EMU,... should i go on ??

About the metldr exploit you mentoined: You even know that this exploit is an hardware exploit ? So you need first to find out the test points on the ps3's mainboard to inject the metldr to the SPU's Local Storage directly. Do you knowed that ? Im guess not otherwise you wouldn't talk like that.

So TRUST ME if i tell you that you would have more fun with a bootloader exploit, which is actually done and ready for release but not pulically, then with your mentoined metldr exploit.

Sorry, didn't know that Rebug CEX wasn't as full-featured as a real DEX, outside of the things pirates would drool over.
Also, PM.

#20 - ps3hen - March 22, 2012 // 12:42 am
ps3hen's Avatar
Quote Originally Posted by 1one View Post
Cfwprophet, would you mind sharing your tool or the source code

Do you have a irc channel?

He said it's not finished.

#19 - ashmodeo - March 22, 2012 // 12:23 am
ashmodeo's Avatar
Quote Originally Posted by cfwprophet View Post
Changing the target ID for what ?

As i have told in a other post: Simply changing the TargetID in the EID do not lead into a full debug console. The TargetID is spread in the segments of whole EID and they are in encrypted form. The both idps we can view without decrypting the EID segments do not lead into a full functional debug fw.

Yes you can run dex kernel and install debug fw but again it doesn't lead into a reall debug console.

Again no offence to you im just a bit frustrated of the scene. Im still working on the full convertion and make good steps. It wasn't that hard to figuer out what to do and how to do. I just don't understand the whole scene with releasing stuff that is nearly unnesessary for the end user.

No offense to you but what are your issues about having this release? this is not a competition or something like that. In the end what the end user choose to do with this tool is up to the end user choice so what is the point about always questioning the purpose of this tool when it's obviously clear what you can do with this and what you cannot?

#18 - 1one - March 21, 2012 // 11:49 pm
1one's Avatar
Cfwprophet, would you mind sharing your tool or the source code

Do you have a irc channel?

#17 - cfwprophet - March 21, 2012 // 11:32 pm
cfwprophet's Avatar
I will release when its time for.

About hot air:


Anything else you sayed is not worth to comment.