PS3 IDPS Viewer Tool Homebrew Application is Released

Discussion in 'PS3 Hacks / JailBreak' started by nathanr3269, Mar 19, 2012.

Tags: Add Tags
  1. nathanr3269

    nathanr3269 Guest

    It's been awhile since the last IDPS update, and today I've created this PS3 IDPS Viewer homebrew application based on research I'm doing and had not planned to release the tool out yet, but if someone needs it here it is (Thanks to J-Martin for the logo).

    Download: PS3 IDPS Viewer Homebrew Application / PS3 IDPS Viewer Homebrew Application (USB)

    What does this tool?
    • Displays the IDPS
    • Shows Target ID
    • Displays Motherboard revision
    • Save your IDPS in IDPS.bin file
    Note: THIS TOOL IS SAFE

    When the program starts you will see the typical intro screen, if you choose "Yes" you will see the data from your PS3, if sounds three beeps indicates that it was not possible dump and show the error message, and if all went well sounds a beep and you are able to see the data.

    Automatically saves the IDPS in dev_hdd0/IDPS.bin, you must open it with a hex editor and look hexadecimal values, for example (IDPS false, I will not reveal my IDPS):

    e.g Notepad
    Code:
    .....…..‡.¤MGdöª
    Hex Editor
    Code:
    00 00 00 01 00 85 00 05 87 15 A4 4D 47 64 F6 AA
    The IDPS in this case would be: 00 00 00 01 00 85 00 May 87 47 64 15 A4 F6 4D AA

    It has been tested on PS3 FAT, SLIM should work perfectly in also.

    Regards

    Finally, in related news PlayStation 3 developer naehrwert has recently blogged (nwert.wordpress.com/2011/12/24/individual-infos/) about PS3 Individual Infos, to quote:

    One of the PS3′s console specific cryptography works as follows:

    At factory time there is a console specific key generated, probably from a private constant value and a console specific seed. Maybe that’s the key used for encrypting bootldr and metldr. Fact is, that metldr stores another console specific keyset (key/iv) to LS offset 0x00000.

    That keyset is probably calculated from the first one. At factory time the isolated root keyset (how I call it) is used to encrypt the console’s “Individual Infos”, like eEID. But not the whole eEID is encrypted the same way, special seeds are used to calculate key/iv pairs for the different sections.

    And not even that is true for every eEID section, because for e.g. EID0 another step is needed to generate the final section key(set). Each of the isolated modules using such an “Individual Info” has a special section that isoldr uses to generate the derived key(set)s.

    But the generation works in a way, that the section data is encrypted with aes-cbc using the isolated root keyset, so it is not possible to calculate the isolated root keyset back from the derived key(set)s, because aes shouldn’t allow a known plaintext attack.

    So far I can decrypt some of EID0′s sections, EID1, EID2 and EID4. EID5 encryption should be similar to EID0′s but I lack the generation keys for that one.

    [imglink=http://www.ps4news.com/images/ps3-idps-viewer-tool-homebrew-application-is-released-30301-1.jpg|PS3 IDPS Viewer Tool Homebrew Application is Released]http://www.ps4news.com/images.php?sm=1&f=ps3-idps-viewer-tool-homebrew-application-is-released-30301-1.jpg&w=500&h=400[/imglink]
    [imglink=http://www.ps4news.com/images/ps3-idps-viewer-tool-homebrew-application-is-released-30301-2.jpg|PS3 IDPS Viewer Tool Homebrew Application is Released]http://www.ps4news.com/images.php?sm=1&f=ps3-idps-viewer-tool-homebrew-application-is-released-30301-2.jpg&w=500&h=400[/imglink]
    More PlayStation 3 News...
     
  2. cfwprophet

    cfwprophet Guest

    No offence to you but whats the purpose of it ?

    What can the end user do with it ?
     
  3. nathanr3269

    nathanr3269 Guest

    It's a simple tool for dump your IDPS without dump your flash or use multiMAN for it and see data (e.g Change Target ID or other data)

    There is a mistake in the first post, where is 00 00 00 01 00 85 00 May 87 47 64 15 A4 F6 4D AA should be 00 00 00 01 00 85 00 05 87 15 A4 4D 47 64 F6 AA, i don't know what happened...

    Regards
     
  4. cfwprophet

    cfwprophet Guest

    Changing the target ID for what ?

    As i have told in a other post: Simply changing the TargetID in the EID do not lead into a full debug console. The TargetID is spread in the segments of whole EID and they are in encrypted form. The both idps we can view without decrypting the EID segments do not lead into a full functional debug fw.

    Yes you can run dex kernel and install debug fw but again it doesn't lead into a reall debug console.

    Again no offence to you im just a bit frustrated of the scene. Im still working on the full convertion and make good steps. It wasn't that hard to figuer out what to do and how to do. I just don't understand the whole scene with releasing stuff that is nearly unnesessary for the end user.
     
  5. Foo

    Foo Guest

    This is brilliant. That is... if it works like you say.

    Yea, this tool isn't really for the enduser because what will because what would an enduser do with it?
     
  6. nathanr3269

    nathanr3269 Guest

    I created this tool because i'm researching with Target ID, i changed it but not with this program (and see if is ok with IDPS Viewer), i have other to do that but PS3 crashes. This tool is for that people who are trying to change this byte to other and see if all is ok

    This tool only DUMPS, is not able to write at the moment (PS3 crashes)

    Regards
     
  7. admin

    admin Administrator Staff Member

    Thanks for the release nathanr3269, I have promoted the news to the main page now as well and +Rep! :)
     
  8. shummyr

    shummyr Guest

    Awesome tool, and thankyou for sharing :D, best of luck in your studies :D
     
  9. peaceland

    peaceland Guest

    Thanks for sharing, really good resource!
     
  10. Blade86

    Blade86 Guest

    nathanr3269: 1st of all: BIG THX!!

    Are you on rebug3.55.2, qa-flagged & loaded dex-lv2kernel.self???

    Perhaps that's, why it crashes after changing...

    Cheers
    Blade...
     
  11. nathanr3269

    nathanr3269 Guest

    Because i changed while it's encrypted, is good to see people who my program is useful for them :)

    I've done other PKG, this ONLY save your dump to your USB, remember to connect it before to launch IDPS Viewer

    Download: IDPS Viewer (USB)

    Regards
     
  12. cfwprophet

    cfwprophet Guest

    You can not change a encrypted byte. This will brake the whole data segment. There for it is a encryption to secure data and not being able to altare it without decrypt it before.

    This is also the reason why some EID segments need to be decrypted, patched and re-encrypted again. To change a single byte will change the whole data segments encrypten.
     
  13. nathanr3269

    nathanr3269 Guest

    I repeat what i said before, i changed that encrypted byte to see what happens, nothing else, nothing more.

    Regards
     
  14. Portalcake

    Portalcake Guest

    The main draw for a debug console is simply the fact that you can freely upgrade and downgrade firmwares. I haven't checked if Rebug can enter Debugger Mode and work as a DECH for the SDK, but if it did, that's already half of the cool factor. Oh, and upgrading from 3.55 to 4.xx firmware then running a ripped game over the official BD-EMU then downgrading back to run other things, but that's stepping into the realm of warez.

    Trust me, having a hardware flasher, OtherOS++ and the metldr exploit on a vanilla retail PS3 is a lot more fun than a debug PS3 on its own (a flasher-equipped debug PS3 though, OTOH...)
     
  15. Blade86

    Blade86 Guest

    Ohh sorry for my missunderstanding and thank you soo much for answering such a silly question. (to both nathanr3269 & cfwprophet)

    was this a fake? http://www.ps4news.com/ps3-hacks-ja...x-kit-retail-to-debug-surfaces-requires-idps/

    Portalcake: How u use the meldr exploit? Are u able to use it 4 decrypting something special??? Please enlighten me why OtherOS++ & metldr-exploit its better than debug, thank you mate...

    Cheers
    Blade
     
  16. cfwprophet

    cfwprophet Guest

    Portalcake pls keep away with this warez BS. This is a Video Gaming Console HACK scene. It's not a tablet hacking scene, it's also not a smart phone hacking szene. The key word is Video GAMING Console Hack scene. And even in the smart phone hacking scene you have warez in case of applications and games it self.

    Then also pls keep away with rebug. Even if you change the to time change able 2 idps's and run a dex kernel on rebug... you can't use the debugger mode, you cant use target manager, you can't use the special downgrader pup's and jump between FW's as you want, you can't use BD EMU,... should i go on ?? ;)

    About the metldr exploit you mentoined: You even know that this exploit is an hardware exploit ? So you need first to find out the test points on the ps3's mainboard to inject the metldr to the SPU's Local Storage directly. Do you knowed that ? Im guess not otherwise you wouldn't talk like that.

    So TRUST ME if i tell you that you would have more fun with a bootloader exploit, which is actually done and ready for release but not pulically, then with your mentoined metldr exploit. ;)

    To Blade86 No its not fake but it is only the half of the truth. I get hands on a eEID of a console that got converted and i have the eEID before and after converting to debug. So i know which EID segments have changed and what need to do.

    I to time also have a debug console at home that even can play BD Movies. Any one have think about that some companys produce or develope BD Movies for Sony and that they need a debug console that can play Movies ? ;)

    I have successful moddified anergistic to accept external per_console_keys and external EID segments for testing purpose. Also i have reversed some of the ps3 modules and know the non puplic eidx_iv's needed in conclution with PCK to decrypt and encrypt specific EID segments.

    Actually im working on a windows app to do all that stuff for the end user. Cause even if you can decrypt EID segments with your PCK and the non puplic eidx_iv's with the aim_spu_module.elf you cant re-encrypt them. But you can do that all on a pc if you know what to do.

    If you dont believe me just hunt and search for a request_idps.txt and load it into a hex editor and you will see that it is a bit more then just patching 2 idps's. ;)
     
  17. Longshot

    Longshot Guest

    Hell CFW why can't you just keep quite once in a while instead on rambling and dissing others ? You want to be respected from each and everyone if one follows your posts carefully, but in the same moments you bash onto others in a sort of "friendly" manner. Anyway even your friendly phrases are annoying most of the time.

    You are also talking that ALL they guys who do at least put out some stuff are stupid with doing the work they do because NO one needs this stuff. Maybe some guys do it for for fun, some things are just playstuff and wont be useful for anyone that doesn't mean YOU have to bash around telling them "god are you stupid go away with your useless stuff".

    We don't tell you to shut up and stay away with your useless ramblings, you just show some silly videos with horrible english... showing nothing much at all !!!! and go on how easy most of the stuff would be, that YOU can do this YOU know that others cant do this can't do that... but all that comes up from you is nothing more then putting out crap at others in one way or another.

    You compare math with nabnab and expect they are the same... if one would read carefully one could see that the english nabnab uses differs not that much from yours... so i would suggest you and nabnab are the same... but that would be well acting like yourself, and thats something that is not needed anywhere i would suppose. Why can't you just be quiet if you think that something is not worthy of YOU... maybe others like that stuff.

    And it gets boring to read weeks after weeks that you are accomplishing so much without showing any real facts or results in that matter... Remember that you said quite a while ago ..month i assume that BETA of your so long estimated CFW will be out in 2 WEEKS... well looks like that hot air...

    Now you say your work on retail to full debug...well all that comes is talk with some info one could google with a brain ! And you go on at others what the heck they do ? that they do nothing ? well they have at least something not just talk talk talk... and they don't get at you saying things like that do they ?

    And the PS3 is not for everyone just a GAMING console... maybe you should wake up yourself that not all kids want to play only !
    if you would know what a real hacker would say bout that bs.... a hack modifies something to the extent that it does something it couldn't do before... in the case of gamingconsoles one thing is MAYBE playing games !... but thats ONLY one thing.
     
  18. cfwprophet

    cfwprophet Guest

    I will release when its time for.

    About hot air:

    [​IMG]
    [​IMG]

    Anything else you sayed is not worth to comment.
     
  19. 1one

    1one Guest

    Cfwprophet, would you mind sharing your tool or the source code :)

    Do you have a irc channel?
     
  20. ashmodeo

    ashmodeo Guest

    No offense to you but what are your issues about having this release? this is not a competition or something like that. In the end what the end user choose to do with this tool is up to the end user choice so what is the point about always questioning the purpose of this tool when it's obviously clear what you can do with this and what you cannot?