HDD Keys generating scripts

Discussion in 'General PS3 Discussion' started by Berion, Sep 14, 2016.

  1. 7,843
    6,517
    647
    bguerville

    bguerville Moderator

    Joined:
    Feb 25, 2015
    Messages:
    7,843
    Likes Received:
    6,517
    Trophy Points:
    647
    Location:
    Earth
    Can you test this makefile to see if it works better?

    Code:
     
    obj-m := dm-bswap16.o
    
    KDIR  := /lib/modules/$(shell uname -r)/build
    
    all:
    	$(MAKE) -C $(KDIR) M=$(PWD) modules
    
    clean:
    	$(MAKE) -C $(KDIR) M=$(PWD) clean
    	$(RM) Module.markers modules.order
    
    Be careful with tabbing on lines after all: or clean: in the makefile, for instance, when you write

    all:
    $(MAKE).....
    $(RM).....
    There must be a tab on the second line before $(MAKE) & on the 3rd line before $(RM).
    Don't use one or several spaces instead, only a tab will be recognised by the compiler.
     
    kozarovv likes this.
  2. 7,843
    6,517
    647
    bguerville

    bguerville Moderator

    Joined:
    Feb 25, 2015
    Messages:
    7,843
    Likes Received:
    6,517
    Trophy Points:
    647
    Location:
    Earth
    There are various folders used by the system to look for included header files.
    version.h might not be in the generic headers folder... It could be in /usr/include/linux/ for instance...
    You could use this command to locate it...
    Code:
    find / -name version.h
     
    Last edited: Oct 1, 2016
  3. 2,105
    1,994
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,105
    Likes Received:
    1,994
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    Errors are exactly the same with new Makefile as in old one.

    Find app doesn't find all version.h, only junk (which is strange), because when I doing this by Nemo, I see several more results (in attachment in last post on first page).
    Code:
    sudo find / -name version.h
    /var/lib/dkms/virtualbox-guest/5.0.4/build/include/VBox/version.h
    /var/lib/dkms/virtualbox/5.0.4/build/include/VBox/version.h
    /lib/firmware/carl9170fw/include/shared/version.h
     

    Attached Files:

  4. 7,541
    5,613
    872
    kozarovv

    kozarovv Super Moderator

    Joined:
    Nov 8, 2014
    Messages:
    7,541
    Likes Received:
    5,613
    Trophy Points:
    872
    Home Page:
    Are you have linux-source downloaded? (apt-get source linux-source) Ps. I'm recommending not use VM to building kernel.

    And your problem is more generic that dm-swap makefile related. (edit: I think is like that)
    Browse sites like this for tips. https://help.ubuntu.com/community/Kernel/Compile

    I try to help when i boot later linux PC (also mint btw.)
     
    Last edited: Oct 2, 2016
  5. 7,843
    6,517
    647
    bguerville

    bguerville Moderator

    Joined:
    Feb 25, 2015
    Messages:
    7,843
    Likes Received:
    6,517
    Trophy Points:
    647
    Location:
    Earth
    I agree with kozarovv. It would look like the problem doesn't have anything to do with the bswap16 project but rather with Linux itself.
    You need to look into kernel modules compilation, Google it, check dependencies & other requirements.
    Something seems to be missing but we don't get enough information from the compilation output to know what it is... Or at least, I don't see it...
    Like kozzy, I may have a quick look later on on my PC... Will let u know...
     
  6. 2,105
    1,994
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,105
    Likes Received:
    1,994
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    It's not inside vm, I just using vbox on Mint so this is why is there. ;]

    I cannot install linux-source because i got:
    Code:
    Zmieniono wybrany pakiet źródłowy na "linux-meta" z "linux-source"
    "Source package is changed from linux-source to linux-meta"

    When I type the same but with replaced by linux-meta none of the package was found.

    When I type sudo apt-get install linux-source, it downloading automatically only "linux-source-3.13" (when I rename to my version it's not found).

    Yes, we can be 100% sure that this isn't related to bswap16 but I don't like other Linux distributions and I will be very glad if someone find a solution because my Linux knowledge is quite poor. Meanwhile I'll try other families like OpenSUSE or Manjaro.

    But VBox compile one for himself when I installing him. Isn't a proof that kernel module compilation is possible and fine?
     
  7. 2,105
    1,994
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,105
    Likes Received:
    1,994
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    Ok, I'm back to the topic. :) I've fixed script to keys generating for Slims (only) and they are now the same as 'Decrypt Tools' and 'Build HDD and VFLASH Keys'.

    ps3hdd_keygen.png

    Thanks to @123ducky123 I found bswap16 port to works with nbdcpp. So I compiled it successfully on Mint 18.3.

    Could someone help me mount HDD image instead of real device?
     

    Attached Files:

    kozarovv likes this.
  8. 2,105
    1,994
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,105
    Likes Received:
    1,994
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    I have updated script, based on informations from @3141card.

    v1.1
    - merged Fat key generating option with Slims as they both are the same
    - fixed Fat key generating
    - added seeds for Arcades
    - added fake keys generating test
     

    Attached Files:

    Last edited: Sep 21, 2018
    kozarovv and sandungas like this.
  9. 2,105
    1,994
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,105
    Likes Received:
    1,994
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    Finally! I have mount PS3 HDD. however... only HDD from CECH-2504. For CECHL04 still have no success... This means that key generation is wrong or decryption for Fats is wrong. At least in L04 model case. :|

    Below is mini tutorial how to do this on Linux Mint 18.2 (should work for newer to):
    1. Run script above and generate HDD Key from EID Root Key.
    2. Create folder in Your home path "ps3" and put into it another one called "dev_hdd0", put HDD Key and apps (remember to add them executable attribute) into ps3 dir and leave ps3hdd0 empty.
    3. Open terminal and be a root (by typing "sudo su").
    4. Type "lsblk" to determine Your PS3 HDD.
    5. Run both applications (in attachment) and point Your PS3 HDD (in my case is sda, in example below is sdx, so change it of course)
    Code:
    '/home/user/ps3/makedev' '/home/user/ps3/bswap16' /dev/sdx
    You should be informed that nbd-client works. If not, You did something wrong...
    6. Go back to terminal and type (of course change user to match Yours):
    Code:
    cryptsetup create -c aes-xts-plain64 -d /home/user/ps3/hdd_key.bin -s 256 ps3hdd_crypt /dev/nbd0
    If there is no errors, type:
    Code:
    kpartx -a /dev/mapper/ps3hdd_crypt
    7. Now You should start see in filemanager (Nemo, Nautilus, Dolphin, whatever You using) a mountable partitions but don't do this as it will end failed. Instead type in terminal:
    Code:
    mount -t ufs -o ufstype=ufs2,ro /dev/dm-2 /home/user/ps3/dev_hdd0
    8. Now, You can use filemanger (with root privileges!) just going to ps3_hdd0 dir (all data should be visible).
    9. Remember to unmount the file system before You turn of the computer. It is sufficient to click right mouse button in fm to unmount.
    10. To remove all mappings type:
    Code:
    kpartx -d /dev/mapper/ps3hdd_crypt && cryptsetup remove ps3hdd_crypt && ./stop-nbd0
    ps3hdd_dec_1.png ps3hdd_dec_2.png

    BTW: dm-3 is dev_hdd1 (ordinary FAT32 partition, can be mounted without any magic, just click on it) and dm-1 a dev_flash2 (needs vflash key decryption, tutorial above doesn't covering this up).

    - - -

    So... I need Your help! All of You but I hope I can summon some peoples to be involved. ^^"
    @sandungas @einsteinx2 (BTW, thanks for Your tutorial, it helps me a lot :D). I want create complex noob friendly tutorial covering up all models, Linux (with writing!) and Windows (read only of course). For PSX-Place and wiki itself (there are chaos on hdd decryption page, sorry but this is true ;]).

    1. Could You retrieve ERK from Fat, generate HDD Key and try above tutorial? You don't need creates maps etc. just after map nbd0, make image of first sectors (they should be decrypted and byteswapped, which means no random Hiroshima but most of data filled by zeroes).
    Code:
    dd if=/dev/nbd0 of=/home/user/evilshit.img bs=2M count=1
    This test will tell me if You decrypted Your Fat or not.

    2. Noob question: how to change loop device id on the fly? In example from "/dev/loop0" to "/dev/loop9"? ;p
     

    Attached Files:

    jbtheworld likes this.
  10. 62
    5
    12
    jbtheworld

    jbtheworld Forum Noob

    Joined:
    Sep 15, 2018
    Messages:
    62
    Likes Received:
    5
    Trophy Points:
    12
    Gender:
    Male
    Occupation:
    Game & file hoarder, cracker, serial applicator
    Location:
    Where the bitches and my ps3 be
    Hi there. Am i right in thinking this thing your working on, would enable one to access and mount their ps3 internal hdd on a Windows pc running a Linux terminal? or just linux?

    Sorry i am a noob, if u can point me to how i can create a thread, i will start one as i am now looking to excite and interest C DEVS with the idea of getting more working ways to access PS3 internal HDDS, plugged in externally on ps3 and maybe with a modded irisman file manager or something like that, mounting said HDD and copying and pasting important data off of it,
    or a modded super improved ps3 hdd reader, or relevant to this post "a super tweaked noob friendly linux and pc method"
    I think whoever creates such a useful tool will be a hero to millions!
    There are literally millions of people out there with "long lost corrupted or YLODd HDDs with gamesaves, isos, files etc theyd love back"


    As you may remember last week i was having trouble with an internal hdd that wouldnt boot any longer after updating rebug cfw to 4.82 and messing around with webman i had installed prior and didnt work right after the cfw update, something went awry and caused the hdd to freeze after about 10-15sec before it can reach xmb or before any safe mode options to fix it would also freeze about 10-15sec in.

    In this thread below i was talking [email protected]DeViL303 and @bguerville and @pinky and others who guided me how to get my erk & so on with mounting the drive,
    but i had no joy in the end as i got an error when inputting the eid i had no valid hdd.
    I had a dream of wishing there was more ways of getting back into these hdds and got bguerville quite interested,
    however i have no programming and real modding knowledge, and itd be something someone
    http://www.psx-place.com/threads/webman-mod-freezing-ps3.18171/page-2#post-137756

    I tried the following:
    installing a new 1.5tb hdd in ps3 and putting rebug 4.82 on it, and extracting ERK and copying to external,
    copying it into ps3 hdd reader (several versions - approx 5) with the freezing hdd plugged in the pc,
    and getting an error "no valid hdd found"
    The HDD hasnt been initiliased, i did it via using an enclosure, and it installed drivers for the enclosure,
    and didnt offer any format offers etc, yet the eid root key from the same PS3 with the same 4.82 firmware,
    and dumped eid using the new hdd with all same stuff didnt get the freezing HDD to mount on pc.
    I dont know why, maybe it was corrupted too badly in some sort of way, or it eid doesnt match somehow.
    I also tried it plugged into a sata cable on a desktop pc, and got same error.
    Either way, now years of work is lost, and im back to installing isos one by one and lost many important game saves,
    and welcome work on tools that can access these drives !
    I plugged it into the ps3 externally, even after being told i may see something but wont be able to mount it and access it,
    i noticed in multiman when toggled as a pfs driver the internal hdd mounted as PFS!!
    But when trying to go into it, it doesnt access and go any further.... But this could be exploited for access somehow!? lol
    Its an idea anyway!!!

    Check out bguervilles comments at end of the above thread link, in response to my wishes and dreams...
    and pass the word around if u like, about the concept of improving hdd reader, improving linux methods,
    and most of all getting the ps3 itself to read an internal drive plugged in externally ..... and keep up the good work!
     
    Last edited: Sep 24, 2018
    Algol likes this.
  11. 2,105
    1,994
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,105
    Likes Received:
    1,994
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    I don't have Windows 10 with WSL and don't even cygwin environment but I doubt it will works. Those "systems" are crippled (especially WSL).

    The ultimate goal of this research is to:
    - mount UFS2 partitions with write privileges (well, three but 3rd is just FAT32 used for cache)
    - create noob friendly tutorial
    - doing everything in Live environment (instead to installed)
    - works with all PS3 from You can get ERK

    No it cannot. This option is for reading NTFS contents on MBR; totally different logic.

    For the rest questions I answered in Your thread. ;]
     
    jbtheworld likes this.
  12. 62
    5
    12
    jbtheworld

    jbtheworld Forum Noob

    Joined:
    Sep 15, 2018
    Messages:
    62
    Likes Received:
    5
    Trophy Points:
    12
    Gender:
    Male
    Occupation:
    Game & file hoarder, cracker, serial applicator
    Location:
    Where the bitches and my ps3 be
    Sounds like your working on something good !!!
    UFS2 Write priviledges hey. Nice !! I will look out for when your research comes to fruition & see if my drive that isnt reading on ps3 hdd reader even with the ERK from the same ps3 will mount with what you r working on.
     
  13. 2,105
    1,994
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,105
    Likes Received:
    1,994
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    TBH it is not my research. It is already researched and works. I just assembling dispersed knowledge and tools to something user friendly. ;) Let me put it that way: there are scientists and science popularizers. First group making progress (or at least trying to make), second "translate it" to non-science peoples to help them understand the world. Unfortunately, I'm only the popularizer kind. Without the first group, I know nothing, like John Snow. ;p
     
    jbtheworld likes this.
  14. 62
    5
    12
    jbtheworld

    jbtheworld Forum Noob

    Joined:
    Sep 15, 2018
    Messages:
    62
    Likes Received:
    5
    Trophy Points:
    12
    Gender:
    Male
    Occupation:
    Game & file hoarder, cracker, serial applicator
    Location:
    Where the bitches and my ps3 be
    Well i solved it! Seems the ps3 reader files may need to go in the right dir structure as i saw a thread of aldo saying where they go,
    and ran as admin and bam! Mounted in 2secs, recklessly ramming it into my laptop in an enclosure for one last test before i went to bed.
    Literally all you guys comments and suggestions did this!
    The way i was advised to install a new hdd on ps3 to get in rebug toolbox and get the ps3 EID root key was pure gold,
    Stumbling on Aldos comment on another thread about file structure for ps3 hdd reader was massive help,
    as was your reminding to run as Administrator, it wont work if not an Admin!! Yay i have full pc access to the drive
    Cheers to you !!!
     
    Berion likes this.
  15. 62
    5
    12
    jbtheworld

    jbtheworld Forum Noob

    Joined:
    Sep 15, 2018
    Messages:
    62
    Likes Received:
    5
    Trophy Points:
    12
    Gender:
    Male
    Occupation:
    Game & file hoarder, cracker, serial applicator
    Location:
    Where the bitches and my ps3 be
    Keep up that research Berion...
    I may need myself a way to write (or delete) data on the ps3 hdd im going through...
    I notice that theres the boot_plugins.txt in the root directory of dev_hdd0,
    and one of u champs was saying to try delete that within the xmb with a button command combo,
    and also try uninstall webman mod from in the xmb with a button command combo,
    since this drive wont boot to the xmb anymore now,
    there must be some theoretical or actual way in linux to delete this file,
    and potentially it may boot again on the ps3 :)) LOL

    Im pulling data from the drive now, and im a tote noob,
    i did manage to read another post from yer mate Uniqueusername about restoring saves and trophies,
    im reading it but like a full noob,
    but for me i dont care about trophies,
    and my saves are all i care about, and i seem to have retreived them all by backing up dev_hdd/home/
    I can see the folder savedata in there and so i will copy and paste it into the new ps3 hdd (which has no games yet),
    I use rebugs fake save game data owner option anyway for many years,
    so it doesnt matter what save i get as long as i got that feature turned on :)
    it will work everytime. so handy for any save game out there, just dump em all in off a usb and load the game and play,
    no one by one missioning req'd ha ha ha.

    I wonder what other files i should be backing up also??
    i got nfi which really other than any game backups/isos & save games,
    and tbh im keen to keep it simple!!
     
  16. 2,105
    1,994
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,105
    Likes Received:
    1,994
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    I found that cryptosetup cannot map PS3 HDD if loop0 is occupied. User will get misleading error: "Requested offset is beyond real size of device /dev/nbd0.". So this eliminate live sessions as they use loop0 (+in some cases loop1) and I don't know how to remap them on the fly (if possible). I didn't find in manual anything about it. Is there any Linux master here (@bguerville ? :D)?

    If someone want works on sector by sector image it is possible by set loop slot higher than zero, in example:
    Code:
    losetup loop1 /home/user/ps3hdd.img
    @jbtheworld That's topic about keys, scripts and mounting HDD. Create new thread with those question or find related topic using search option. ;)
     
  17. 62
    5
    12
    jbtheworld

    jbtheworld Forum Noob

    Joined:
    Sep 15, 2018
    Messages:
    62
    Likes Received:
    5
    Trophy Points:
    12
    Gender:
    Male
    Occupation:
    Game & file hoarder, cracker, serial applicator
    Location:
    Where the bitches and my ps3 be
    @jbtheworld That's topic about keys, scripts and mounting HDD. Create new thread with those question or find related topic using search option. ;)[/QUOTE]

    Yeah, i was thinking i should do that. Apologies for any jacking of your thread, and thanks for all yer help legend
     
  18. 2,105
    1,994
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,105
    Likes Received:
    1,994
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    1. I need Your help guys. I cannot figure out what I doing wrong. :|

    Slim CECH-2504 HDD - successfully decryption and mounting dev_hdd0
    Slim CECH-2504 HDD - unsuccessfully decryption dev_vflash
    Slim CECHL04 HDD - unsuccessfully decryption dev_hdd0
    Slim CECHL04 HDD - unsuccessfully decryption dev_vflash

    For Slim user partition I'm using (this works):
    Code:
    cryptsetup create -c aes-xts-plain64 -d /home/mint/ps3/hdd_key_SLIM.bin -s 256 ps3hdd /dev/nbd0 && kpartx -a /dev/mapper/ps3hdd
    But for dev_flash2 it doesn't:
    Code:
    cryptsetup create -c aes-xts-plain64 -d /home/mint/ps3/vflash_key_SLIM.bin -s 256 -p 8 ps3vflash /dev/nbd0 && kpartx -a /dev/mapper/ps3vflash
    I see garbage in hexdump view, which means decryption is wrong or key generation is wrong.

    For Fat non of above works (also garbage data) and I'm trying even "aes-cbc-essiv:sha256" instead to "aes-xts-plain64".

    Could You try on your HDDs?

    2. If dm-2 is dev_hdd0 (UFS2) and dm-3 is dev_hdd1 (FAT32), does dm-1 should be vflash right? So why it needs different procedure?
     

    Attached Files:

    Last edited: Oct 22, 2018
  19. 5,381
    4,924
    472
    sandungas

    sandungas Moderator Developer

    Joined:
    Dec 31, 2014
    Messages:
    5,381
    Likes Received:
    4,924
    Trophy Points:
    472
    Location:
    Babylon 20xxE series
    Maybe what im going to say is wrong, but this is what i understood from the last talks with 3141card

    For PS3 models with the dev_flash inside hdd (a virtual "VFLASH") you need to decrypt 2 layers, and in 2 different ways:

    dev_flash PS3 FAT NOR
    Top layer - AES-CBC-192 (ata_key1, IV=0)
    Bottom layer - AES-XTS-128 (encdec_key1, encdec_key2)
    dev_flash PS3 SLIM NOR
    Top layer - AES-XTS-128 (ata_key1, ata_key2)
    Bottom layer - AES-XTS-128 (encdec_key1, encdec_key2)

    This 2 encryption layers are represented in this table with an "arrow up" (for the encryption layer on top), and a "arrow down" (for the encryption layer at bottom)
    http://www.psdevwiki.com/ps3/Talk:Harddrive#HDD_partitions



    Edit:
    And for dev_hdd0 is only 1 encryption layer, but different by FAT/SLIM series

    dev_hdd0 PS3 all FATS
    AES-CBC-192 (ata_key1, IV=0)
    dev_hdd0 PS3 all SLIMS
    AES-XTS-128 (ata_key1, ata_key2)
     
    Last edited: Oct 22, 2018
    Algol and Berion like this.
  20. 133
    194
    72
    3141card

    3141card Developer

    Joined:
    Oct 13, 2014
    Messages:
    133
    Likes Received:
    194
    Trophy Points:
    72
    Location:
    Germany
    Don't forget that vflash region is encrypted twice.
    1. 16-bit swap,
    2. decrypt vflash region with ata key, (first layer)
    3. decrypt vflash region again with vflash key, (second layer)

    you was faster, @sandungas :)
     
    Berion and sandungas like this.

Share This Page