DLC-1 for version 2025-10-29:
Dependancies:
Code:
sudo apt install binwalk
sudo apt install ent
I changed the way how key is retrieving from OrbisOS Kernel dump. Instead reading from fixed addresses, now script seeking specific header pattern and by calculating entropy for data below it, dumps possible EAP HDD Key. This means that false positives are inevitable (and in most cases will be at least few of them). This cannot be done in different way because header isn't unique and there is no way to determine by using just only kernel, which is real key and which something else.
On picture above, you can see two blind shots. From which only one is real. All can be found in keys dir. Usually, the last one is the real one but not always. I don't know if key position depend of South Bridge type or due to ASLR (AFAIK kernel is taken from RAM, not from decrypted kernel partition), so for know, best approach is such guessing work.
To test key, just rename chosen one to "eap_hdd_key.bin" and try PS4 HDD Mounter script (choose read only mode). If nothing will be decrypted, then use PS4 HDD Unmounter script (it also removing decryption mappers, mandatory step) and try with different guessed key.
If script will not find any matches, you will need to decrease entropy threshold value. By default I used 4.75. The higher the better chance to not find anything, the lower the more false positives will be found. If you getting to much, try 4.8. Best key I had in samples was at entropy level 5.0, and lowest on 4.75. Key is unique per console, so it is kind of random.
Good luck.
PS: Tested on kernel dumps from fw 5.00 up to 13.00 from various of South Bridges. In all cases, key was found. :]
