PS4 HDD reading

Discussion in 'General PS4 Discussion.' started by Berion, Sep 18, 2018.

  1. 2,453
    2,437
    372
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,453
    Likes Received:
    2,437
    Trophy Points:
    372
    Gender:
    Male
    Location:
    Poland
    Based on the video tutorial, I've made config file for cryptmount. To bad that I'm on 5.55, but should be ok. :( Key can be dumped by OrbisMAN. In theory partition should be mounted read only, but without kernel flag set for rw, UFS2 it always be mounted with ro, even if in config is set rw.

    Please, let me know if this works (and for what exactly partitions).

    Code:
    # Add to the configuration file "/ect/cryptmount/cmtab" below script.
    # Use "cryptmount -m ps4hdd" for mounting and "cryptmount -u ps4hdd" for unmounting.
    # Device will be mounted as "/dev/mapper/ps4hdd".
    # Filesystem will be mounted in "/home/<user>/ps4/hdd/".
    # For CUH-1xxx models remove ivoffset parram.
    # For CUH-2xxx up to CUH-7xxx use "ivoffset=111669149696".
    
    ps4hdd {
       dev=/dev/sdd27
       dir=/home/user/ps4/hdd/
       flags=user,nofsck
       fstype=ufs
       mountoptions=ro,noatime,noexec,ufstype=ufs2
       cipher=aes-xts-plain64
       ivoffset=111669149696
       keyfile=/home/user/ps4/eap_key.bin
       keyformat=raw
    }
    
     
    Last edited: Aug 1, 2019
  2. 2,453
    2,437
    372
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,453
    Likes Received:
    2,437
    Trophy Points:
    372
    Gender:
    Male
    Location:
    Poland
    Fun fact: :)
    If You have Psxitarch Linux v2, loader will automatically dump EAP Key and put it to "/etc/cryptsetp/eap_hdd_key.bin". So it is enough to just copy it into pendrive or something - so no need for OrbisMAN.

    Mini dump from partition 27 of CUCH-1116a HDD, decrypted on Linux Mint v19.1 on PC:
    ps4hdd_p27dec.png
     
    esc0rtd3w, Yugonibblit and atreyu187 like this.
  3. 1,206
    2,932
    397
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    1,206
    Likes Received:
    2,932
    Trophy Points:
    397
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    very cool :cool:

    it works! tested on 5.05 HDD with Kali

    i wanted to try this mounting later on another console to dump files from HDD on newer FW after dumping key on 5.05 and sacrificing a console to newest FW update
     

    Attached Files:

    Berion likes this.
  4. 2,453
    2,437
    372
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,453
    Likes Received:
    2,437
    Trophy Points:
    372
    Gender:
    Male
    Location:
    Poland
    That was my plan too long ago, but for the key collection still missing PFS key and full IDPS on 5.xx. But anyway, I never have hacked console because kexploits always was published year or so after the latest firmware...
     
    esc0rtd3w likes this.
Tags:

Share This Page