PS3 [Tutorial] HDD mounting and decryption on Linux

Discussion in 'Tutorials & Guides' started by Berion, Mar 30, 2019.

  1. 30
    13
    32
    Laith

    Laith Member

    Joined:
    May 3, 2018
    Messages:
    30
    Likes Received:
    13
    Trophy Points:
    32
    Gender:
    Male
    Ah, sorry about that. I was actually planning to make a wiki tutorial on the /r/ps3homebrew subreddit about my findings either way.
     
    Berion likes this.
  2. 5
    2
    5
    Hadobedo

    Hadobedo Forum Noob

    Joined:
    Nov 3, 2018
    Messages:
    5
    Likes Received:
    2
    Trophy Points:
    5
    Hey, I hate to revive this thread but I'm in a similar situation as @Laith was in. I have a jailbroken PS3 HDD here that tried to update OTA a while back and is stuck in an update loop. I popped in an empty HDD into the PS3 and reinstalled Rebug and everything on the PS3 functioned as normal, albeit without the data from the original HDD I pulled out. I got the eid_root_key from the PS3 and am able to browse the HDD just fine but can't write with PS3 HDD GUI on Windows (obviously) but I see that through this method you can get some r/w access, at least on dev_hdd1. On dev_hdd1 I can see that there is a PS3UPDATE folder like what Laith saw. I somehow was able to hit delete on the PS3UPDATE folder by running some rw command on Linux but now whenever I tried to access dev_hdd1 while mounted I get an Input/Output error and when trying to access the folder and PS3 HDD GUI on Windows crashes whenever I try to click the PS3UPDATE folder. I don't have the PS3 that corresponds with the HDD in front of me, but maybe that is enough to stop it from trying to update? (wishful thinking :p, I think I may have fucked it up) Worst case I'm making a backup of dev_hdd0 which can be read fine.

    TL;DR, can someone help me get r/w on dev_hdd1 while on Linux Mint 18.2? I have everything mounted as read right now.

    Cheers!
     
  3. 2,098
    1,990
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,098
    Likes Received:
    1,990
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    Try some tools for scanning. Maybe FAT32 on dev_hdd1 is now broken (for some reason).

    However, I strongly recommending to not making any changes anywhere on PS3HDD outside PS3 until You have copy of Your data. You are stepping on unknown ground (no one testing all scenarios and no one knows for sure if all filesystems sticking to standards, and that's the reasons why it is not fully safe).

    BTW: There is nothing wrong to dig up old thread, until You have something worth to say to add, and that's Your case, so don't worry. ;)
     
    Last edited: Aug 30, 2019
    Hadobedo likes this.
  4. 5
    2
    5
    Hadobedo

    Hadobedo Forum Noob

    Joined:
    Nov 3, 2018
    Messages:
    5
    Likes Received:
    2
    Trophy Points:
    5
    I backed up everything from the drive (except dev_hdd1 ofc) so I'm gonna see if I can do anything to fix it, worst case I just manually transfer everything :p Would you know of any scanning tools that I could use? gparted shows the HDD as completely unallocated
     
  5. 2,098
    1,990
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,098
    Likes Received:
    1,990
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    Because You cannot choose device. Device is encrypted, and with custom partition table which this app also don't understand (even if You give him unencrypted disk). You thinking about it in Windows ways. ;) I'll try explain it in chain of hell below.

    Linux see PS3HDD as any other HDD, the device, as "/dev/sdx". It is encrypted so every tool will understand it as empty (because for them is random data without any structure which can recognize as partition table and file system tables). On top of that, PS3 using BE, not LE, so all bytes are in reverse order.

    What Network Block Device Client (nbd-client) is doing with bswap16, is translating on the fly LE to BE and expose it as network device (in our case, local network, "/dev/nbdx"). So from this point, this specific device is the same encrypted HDD but seen as device with "normal byte order" instead to "sdx".

    Next step is creating mapper by cryptsetup which (also on the fly) decrypting it by provided keys and by specified algorithm. This app exposing it as mapper name which You have chose (in case of my tutorial, I chose "ps3hdd"). So exposed another device family are mappers on "/dev/mapper/ps3hdd/" which is a device; and numbers after it are found understood partitions. And mappers are the virtual devices on which You can work (mounting them, managing data, fixing them etc. etc).

    Last step is mouting filesystems from partitions as some folder in host file system (i.e I chose mount mapper with ps3 user partition as "/home/mint/ps3/dev_hdd0/" but can be any of course i.e "/home/hadobedo/idkwtf/"). And here, all is done by kpartx and mount.

    Windows automatically mounting every found partitions from all mass storage device and giving them alphabet letters. If he doesn't find it, then doesn't show it in Explorer, and any talks with it can be achieved only by lower level interactions. In example HDD Reader is doing everything alone himself because build-in tools in Windows are very basic and cannot provide such functionality as in Linux above (all those tools, except bswap16, are standalone Linux software).

    - - -

    About fixing/scanning FAT32 on Linux: maybe try this (and remember what I'm writing above :P):
    https://askubuntu.com/questions/147228/how-to-repair-a-corrupted-fat32-file-system
     
    Last edited: Aug 30, 2019
    sandungas likes this.
  6. 5
    2
    5
    Hadobedo

    Hadobedo Forum Noob

    Joined:
    Nov 3, 2018
    Messages:
    5
    Likes Received:
    2
    Trophy Points:
    5
    Thanks for the detailed writeup! It helped my understanding of this whole thing. For scanning the FAT32, what would the mountpoint be? Would it be /home/mint/ps3/dev_hdd1 instead of /dev/sdc1 as written in the tutorial? I'll give a few paths a try.
     
  7. 5
    2
    5
    Hadobedo

    Hadobedo Forum Noob

    Joined:
    Nov 3, 2018
    Messages:
    5
    Likes Received:
    2
    Trophy Points:
    5
    Yoo! I think I managed to delete the PS3UPDATE folder!! I think by me accidentally corrupting the PS3UPDATE folder by doing some rm command on it or something, and then running sudo dosfsck -w -r -l -a -v -t /dev/mapper/ps3hdd3, it deleted the PS3UPDATE folder and I no longer see it on Windows via PS3 HDD GUI or Linux! I'm gonna put in the HDD into the PS3 whenever I get the chance, and I'll report back (probably not for a few days though.)

    Thanks dude!
     
  8. 2,098
    1,990
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,098
    Likes Received:
    1,990
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    I'm not sure if fixing (if we assume that it is broken) file system should be mounted. Should You try first just mapper (which one depend of Your model because different model series have or have not VFLASH partition with it's "sub-partitions", because this changing also order). But if HDD Reader (and it's GUI) now recognize it, it is a good sign. Good luck. ^^
     
  9. 2,098
    1,990
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,098
    Likes Received:
    1,990
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    Soon I'll show You a better method for mounting PS3HDD. No more old Linux versions dependent, no more any of nbd-client or bswap16 standalone app. All works also from Live type distribution (no more installing Linux is mandatory). Thanks to unknown developer who recreate bswap16 for us as kernel module as it was in the beginning. :)

    ps3hdd_bs16ko.jpg
     
    Hadobedo, sandungas and Algol like this.
  10. 5
    2
    5
    Hadobedo

    Hadobedo Forum Noob

    Joined:
    Nov 3, 2018
    Messages:
    5
    Likes Received:
    2
    Trophy Points:
    5
    The deletion of the PS3UPDATE folder worked! After deleting the folder, I was able to put the PS3 HDD back into the PS3, it asked me to reinstall the FW so I reinstalled REBUG 4.84 and everything worked as if nothing happened. Thank you so much for this tutorial! I'm also interested in seeing how you're gonna mount the PS3 HDD with this new method :o
     
    sandungas and Berion like this.
  11. 2,098
    1,990
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,098
    Likes Received:
    1,990
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    In first post, I have attached reuploaded old tutorial (fixed few cosmetics) plus new tutorial. Additional, I also uploaded some interesting tools from few developers which want to be stayed anonymous (maybe one one of them would reveal himself later). I deleted old archive named "PS3 Decryption Tools v2" because there bunch of dirs, scripts and one app - so I decided to split everything into his own category.

    bswap16 (kernel module)
    Not uploaded yet but I already uploaded tutorial based on this method. Source code will be provided to.

    bswap16 (for nbd-client)
    This is bswap16 standalone app which is used with nbd-client. Currently this is obsolete method but I keep it just in case (and also old tutorial which based on this method). Source included.

    dm-bswap16 (source only)
    This is old graf_chocolo bswap16 for ancient kernels. I never compiled it with success so I attach it in matter of legacy tool.

    Fuse-UFS2+ BE build-003
    This is fork of fuse-ufs but cannot be used as trustworthy tool. Have many limitations and to be fair, it is unfinished and currently abandoned. Maybe in future someone will add full UFS2 support. Source included.

    HDD Reader for Linux
    This is unofficial port of HDD Reader Windows version but enriched by file replacing feature and in addition arcade models support (so it is not full write capability but better than nothing and easier than mounting/decryption by hand and fighting with ufs.ko so it is the best gift today for the community :D).


    None of those tools are mine. I'm not a programmer, just modest scene popularizer. I'm just releasing them based of the authors permission.
     
    Last edited: Sep 8, 2019
    sandungas likes this.
  12. 2,098
    1,990
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,098
    Likes Received:
    1,990
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    bswap16-ecb
    Missing kernel module added. Compiled binary will only works with Linux Mint 19.2 64bit default kernel (4.15-0-54-generic). Source included but it is very easy to compile. I have added alternative make file in case Your distro complain about path to linux-headers. Depended of libelf-dev.

    - - -

    @gmipf Could You try use new method with -rw ufs.ko insead of old nbd? It is still need of course decryption as old way but maybe such translation causes file corruptions. Blind shoot anyway. ;0
     
  13. 2,098
    1,990
    272
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,098
    Likes Received:
    1,990
    Trophy Points:
    272
    Gender:
    Male
    Location:
    rom0:/
    I have added a "quick guide" in TXT for those who doesn't need tutorials and can be feed by terminal inputs. ;)

    About Fuse-UFS fork: Forgot to mention that You can rename or delete files/folders but not create or copy new (and with limited recurrence level).

    fuseufs2pbe.jpg

    I'll try look for better solution like i.e some *BSD. The main problem is conversion to Little Endian. Maybe a good solution would be putting out decrypted UFS2 mapper as network block device and connect to it on some live session BSD?
     
  14. 133
    193
    72
    3141card

    3141card Developer

    Joined:
    Oct 13, 2014
    Messages:
    133
    Likes Received:
    193
    Trophy Points:
    72
    Location:
    Germany

Share This Page