PS4 HDD reading

Discussion in 'General PS4 Discussion.' started by Berion, Sep 18, 2018.

  1. 2,061
    1,944
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,061
    Likes Received:
    1,944
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    Based on the video tutorial, I've made config file for cryptmount. To bad that I'm on 5.55, but should be ok. :( Key can be dumped by OrbisMAN. In theory partition should be mounted read only, but without kernel flag set for rw, UFS2 it always be mounted with ro, even if in config is set rw.

    Please, let me know if this works (and for what exactly partitions).

    Code:
    # Add to the configuration file "/ect/cryptmount/cmtab" below script.
    # Use "cryptmount -m ps4hdd" for mounting and "cryptmount -u ps4hdd" for unmounting.
    # Device will be mounted as "/dev/mapper/ps4hdd".
    # Filesystem will be mounted in "/home/<user>/ps4/hdd/".
    # For CUH-1xxx models remove ivoffset parram.
    # For CUH-2xxx up to CUH-7xxx use "ivoffset=111669149696".
    
    ps4hdd {
       dev=/dev/sdd27
       dir=/home/user/ps4/hdd/
       flags=user,nofsck
       fstype=ufs
       mountoptions=ro,noatime,noexec,ufstype=ufs2
       cipher=aes-xts-plain64
       ivoffset=111669149696
       keyfile=/home/user/ps4/eap_key.bin
       keyformat=raw
    }
    
     
    Last edited: Aug 1, 2019
  2. 2,061
    1,944
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,061
    Likes Received:
    1,944
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    Fun fact: :)
    If You have Psxitarch Linux v2, loader will automatically dump EAP Key and put it to "/etc/cryptsetp/eap_hdd_key.bin". So it is enough to just copy it into pendrive or something - so no need for OrbisMAN.

    Mini dump from partition 27 of CUCH-1116a HDD, decrypted on Linux Mint v19.1 on PC:
    ps4hdd_p27dec.png
     
    esc0rtd3w, Yugonibblit and atreyu187 like this.
  3. 1,163
    2,791
    397
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    1,163
    Likes Received:
    2,791
    Trophy Points:
    397
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    very cool :cool:

    it works! tested on 5.05 HDD with Kali

    i wanted to try this mounting later on another console to dump files from HDD on newer FW after dumping key on 5.05 and sacrificing a console to newest FW update
     

    Attached Files:

    Berion likes this.
  4. 2,061
    1,944
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,061
    Likes Received:
    1,944
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    That was my plan too long ago, but for the key collection still missing PFS key and full IDPS on 5.xx. But anyway, I never have hacked console because kexploits always was published year or so after the latest firmware...
     
    esc0rtd3w likes this.
Tags:

Share This Page