PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

March 20, 2011 // 7:13 pm - This weekend PlayStation 3 hacker Graf Chokolo has disabled the PS3 internal HDD encryption, opening the door to possibilities such as dual-boot PS3 Firmware and using the decrypted PS3 HDD in another console.

Download: ps3dm-utils GIT repository: git:// / linux hv scripts GIT repository: git://

To quote: Even without having a PS3 to work with, graf_chokolo is really active in distributing updates and fixes to his PS3 Linux gits. The latest one comes with an interesting update as you can see from his post below. Maybe one step further to a dual boot PS3 FW?

Guys, take a look at "ps3dm_sm set_del_def_encdec_key" command. You can disable/enable virtual FLASH/internal HDD encryption with that And by patching HV process 9 (which sets ATA keys before loading GameOS) you can disable it permanently. It means you could swap your internal HDD and use it on another PS3. But you have to restore the content on it after disabling encryption because all data will be encrypted of course.

Soon i will implement ENCDEC device driver for PS3 Linux and you will be able to experiment with ATA encryption. ENCDEC device is responsible for VFLASH/HDD encryption on PS3.

For more details, see my HV page here:

ps3dm-utils GIT repository: git://

linux hv scripts GIT repository: git://

And thanks to PS3 Linux fans who help me to test my ps3dm-utils Huge thanks to you guys. I can have fun with PS3 even without having one actually

And thanks to Dukio for his support with this blog and GIT repository.

PS3 Internal HDD Encryption is Disabled by Graf Chokolo

PlayStation Follow us on Twitter, Facebook and join us at our new site WWW.PSXHAX.COM!

#35 - erickwanderson - January 8, 2015 // 1:32 am
erickwanderson's Avatar
4.66 works?

#34 - acousticlinux - January 7, 2015 // 10:01 am
acousticlinux's Avatar
This is very helpful since I thought I lost my game saves after my fatboy crapped out

#33 - Foo - September 7, 2012 // 2:17 am
Foo's Avatar
Mounting PS3's HDD on PC via Linux by Glevand:

  • The goal is to mount PS3 HDD on PC Linux and make changes to it.
  • Use device mapper for transparent encryption/decryption.

ATA and ENCDEC keys

Read more here:

Device Mapper

  • A really cool feature of Linux 2.6/3.
  • The device mapper is stackable.
  • You have to enable a couple of new kernel features like device mapper crypto, XTS crypto and so on.


  • Swaps bytes in each 16-bit word.
  • It is necessray for HDD/VFLASH encryption/decryption.
  • Tested on Linux 3.5.3
  • GIT repo:

What it should look like on a test run:

[Register or Login to view code]

On a Test with ps3da

  • Tested with Debian LiveCD and Linux 3.4.10
  • xts_aes:

[Register or Login to view code]


  • We don't need xts_aes application anymore.
  • Linux kernel does enctyption/decryption of data transparently for us.
  • One of the device mapper features is that it's stackable which is very useful for us.
  • VFLASH is encrypted twice. So we have to create a second DM crypto target based on the DM crypto target for HDD.

HDD Test
Tested on PS3 itself with Debian LiveCD and Linux kernel version 3.4.10 but you can use the same technique on a Linux PC. I was just lazy and it is easier to test on PS3.

[Register or Login to view code]


[Register or Login to view code]

PS3 HDD Partition Table

  • Now that we can decrypt/encrypt PS3 HDD with Linux, we want to be able to mount HDD/VFLASH regions because only then we can do changes to UFS or FAT filesystems on the HDD.
  • We have to implement PS3 HDD partition table in Linux kernel.
  • The Linux kernel with this feature will create all partition devices automatically in this case and we could mount and modify any HDD regions easily.
  • A new Linux kernel patch is necessary.
  • PS3 partition table is of size 0x1000 bytes.
  • Implemented PS3 partition support in Linux kernel. See patch 0035-ps3-partition.patch here


[Register or Login to view code]

#32 - Neo Cyrus - August 18, 2012 // 1:16 am
Neo Cyrus's Avatar
It's nice to see so much progress being made recently. My hat's off to you gentlemen.

#31 - niwakun - August 17, 2012 // 5:48 am
niwakun's Avatar
with these, we can use my PC to grab files from HDD? Like act.dat and rif files.

#30 - pinoytechno - August 17, 2012 // 5:19 am
pinoytechno's Avatar
thanks for sharing this great news to us sir

#29 - PS4 News - August 17, 2012 // 3:24 am
PS4 News's Avatar
I have now promoted the news to the main page and +Rep for the update Foo!

#28 - Foo - August 17, 2012 // 2:50 am
Foo's Avatar
Following up on the previous work by PlayStation 3 developer Graf Chokolo, today naehrwert has announced news of a PS3 HDD decryption proof-of-concept (PoC) from a PC as a result of reverse-engineering work done by flat_z and glevand.

Download: PS3 HDD Decryption PoC / PS3 HDD Decryption PoC (Mirror)

Below are the details (via, to quote:


  • The following information was reverse engineered from LV1, Storage Manager in LPAR1 and sb_iso_spu_module.self.
  • I'm able to decrypt/encrypt my PS3 HDD and VFLASH on PC now.

HDD Encryption

  • XTS-AES-128 is used to encrypt all data on PS3 HDD.
  • XTS is NOT CBC!!! It's AES-ECB with tweak XORing. AES-CBC is impractical for HDD encryption. Each sector can be encrypted/decrypted independantly from other HDD sectors.
  • Good paper about XTS-AES:
  • VFLASH is encrypted twice. First with ENCDEC keys and then with ATA keys.
  • Tweak and data XTS keys are of size 32 bytes but only the first 16 bytes are used.
  • You can set and clear ATA keys with my Linux ps3encdec device driver which i use to test HDD/VFLASH encryption. But be careful, never set/clear ATA keys while some HDD regions/partitions are mounted !!! You will corrupt your data on your HDD !!!

Dumping ATA Keys

  • I modified sb_iso_spu_module.self to dump ATA keys.
  • ATA keys are passed as parameters to sb_iso_spu_module.self.


My SPU program to dump ATA tweak and data XTS keys to PPU memory with spuisofs:

[Register or Login to view code]


[Register or Login to view code]


  • To test your ATA XTS tweak and data keys, you need encrypted HDD sectors. You can either connect your HDD to PC and dump it or use my ps3vuart-tools on Linux and clear ATA keys and then dump it from ps3da. I tried both methods. But make sure you unmount all HDD regions before using ps3vuart-tools to clear your ATA keys.
  • I coded a small application which implements XTS-AES encryption/decryption. XTS-AES paper is a good reference how to implement it.
  • You have to pass the correct sector number in order to get correct results.
  • As you see below in my examples, i pass sector number 0 and sector 8 for VFLASH because VFLASH begins at sector 8 on HDD.
  • Another interesting fact is that you have to swap half-words after encrypting and before decrypting HDD sectors else you will get wrong results. This swapping is not necessary for VFLASH sectors.
  • Another note is that you have to decrypt VFLASH sectors with ATA keys first and then with ENCDEC keys.

Result with 1st encrypted sector from HDD:

[Register or Login to view code]

Dumping ENCDEC Keys

  • VFLASH is encrypted twice. First with ENCDEC keys and then with ATA keys.
  • You cannot dump ENCDEC keys with sb_iso_spu_module.self. They are set in lv1ldr only (see here:
  • I used a modified lv1ldr with my Linux spuldrfs driver and dumped ENCDEC keys.
  • XTS-AES-128 with 128bit tweak key and 128bit data key, just like ATA keys.
  • ENCDEC tweak and data keys are passed to lv1ldr NOT in clear text.
  • ENCDEC keys are computed by lv1ldr with AES-CBC-256 by encrypting 32byte seeds.
  • metldr passes to lv1ldr AES-CBC-256 IV and key which are used to compute ENCDEC keys.
  • I tested my ENCDEC keys with my ps3encdec Linux driver and set them again, and VFLASH was still working fine. As soon as i changed some bits in these keys, VFLASH could not be decrypted properly anymore It means keys are correct.

ENCDEC Key Seeds

  • Use the dumped ENCDEC IV and key to encrypt these seeds and you will get your ENCDEC keys for VFLASH.
  • You can find these seeds in lv1ldr.

Data key seed:

[Register or Login to view code]

Tweak key seed:

[Register or Login to view code]


Here is my SPU program which i used to dump ENCDEC keys:

[Register or Login to view code]


  • Test run with spuldrfs on Linux 3.5.1

[Register or Login to view code]


  • To test your ENCDEC XTS tweak and data keys, you need encrypted VFLASH sectors. You can dump it from ps3da starting with sector 8.
  • You have to pass the correct sector number in order to get correct results.
  • As you see below in my examples, i pass sector 8 for VFLASH because VFLASH begins at sector 8 on HDD.
  • The input sector was already decrypted with ATA keys.

Result with 1st encrypted sector from VFLASH:

[Register or Login to view code]

Finally, from KDSBest: The keys are on wiki why not expose them in your source code naehrwert. The key generation algo is nearly the same as the eid0 key generation algo. Seed AES Encrypt with EID Root key.

[Register or Login to view code]

I dunno if this works only a idea of a bored man.

[Register or Login to view code]

Should read the Adress in lv2 for you. Can someone with a PS3 that can try this... I dunno if I can write the SPRG0 with mtspr, but if that is possible you can dump lv2 with this on 3.55. I don't think Sony changed this syscall on higher FWs.

More PlayStation 3 News...

#27 - matt101 - March 25, 2011 // 5:31 pm
matt101's Avatar
With Graf_Chokolo working on a 3.55 HV CFW with Dual Boot is it possible to dualboot ofw+cfw... that be a nice option... if at all possible... just a thought...

#26 - barrybarryk - March 25, 2011 // 3:22 am
barrybarryk's Avatar
yeah the amount is BS but Sony know that they'll never get a ruling for the full amount. As far as I know it's only a civil suit, they're just trying to send a message. But a very very bad message at that.

It's the same in the geohot case, that's pretty much solely based around the public publishing of the keys not the actual obtaining of the keys.

But now we're way off topic lol.