PS3 [Tutorial] HDD mounting and decryption on Linux

Discussion in 'Tutorials & Guides' started by Berion, Mar 30, 2019.

  1. 7,556
    7,034
    797
    sandungas

    sandungas Moderator Developer

    Joined:
    Dec 31, 2014
    Messages:
    7,556
    Likes Received:
    7,034
    Trophy Points:
    797
    Location:
    Babylon 20xxE series
    Eruil, the forum have a text corrector that is breaking your pastes a bit, everytime you write a @ the text corrector is replacing it automatically by [email protected]

    In this case, because you are copying big chunks of text from terminal the best solution is if you enclose them with [code][/code], this way:


    ---------------
    Edit:
    Damn, the forum text corrector is catching it from inside the code... then the alternative is to do what i did in the first line of this post, by using [plain][/plain], this way:
    [email protected]




    ---------------
    Edit3:
    Just add an space next to it, the forum thinks is an email, but if you add spaces in between then it ignores it
    @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
     
    Last edited: Apr 22, 2020
    Eruil EOL and Berion like this.
  2. 25
    6
    7
    Eruil EOL

    Eruil EOL Forum Noob

    Joined:
    Apr 5, 2020
    Messages:
    25
    Likes Received:
    6
    Trophy Points:
    7
    Gender:
    Male
    with an optimized 1% space .img

    root/Ryzentosh:/home/eruil/ps3# ./find_ps3_ufs2_byte_locations.sh superblock.img
    Minimum free space already configured to 1%
    Optimization type already set to SPACE

    with a non optimized superblock.img (ive made some tests in 3 other hdds, just to make some experiments)

    root/Ryzentosh:/home/eruil# cd /home/eruil/ps3
    root/Ryzentosh:/home/eruil/ps3# ./find_ps3_ufs2_byte_locations.sh superblock.img
    Minimum free space byte location: 65599
    Optimiation type byte location: 65667

    i dumped all data in my hdd , formatted and tested optimization with bswap16.ko and it ran smooth. i though that i had a problem when i unmounted hdd with einys tools. now its working fine


    "---------------
    Edit3:
    Just add an space next to it, the forum thinks is an email, but if you add spaces in between then it ignores it
    @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @"

    no worries sandungas, i replaced @ with /

    Berion:

    stat --printf="%s" /home/eruil/ps3/superblock.img >> /home/eruil/ps3/test_output.txt
    created the test_output.txt file . it only shows = 131072
     
    Last edited: Apr 22, 2020
    sandungas likes this.
  3. 2
    0
    30
    bel3atar

    bel3atar Member

    Joined:
    Nov 8, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    30
    Interesting.
    Too bad it's in polish
     
  4. 2,888
    2,756
    372
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,888
    Likes Received:
    2,756
    Trophy Points:
    372
    Gender:
    Male
    Location:
    Poland
    @bel3atar If someone could donate me enough $ for professional translator (I don't know how much it costs in Poland but if someone is interested, I can make some research), I don't see a problem to attach it in English. For free, no one want to do it (and I'm fine with that because text is hard and quite long).
     
    Last edited: Apr 27, 2020
  5. 25
    6
    7
    Eruil EOL

    Eruil EOL Forum Noob

    Joined:
    Apr 5, 2020
    Messages:
    25
    Likes Received:
    6
    Trophy Points:
    7
    Gender:
    Male
    You can use google translator and spend some time to translate it. Or you can donate some money to berion
     
    Last edited: Apr 28, 2020
  6. 17
    3
    57
    Wildfire1

    Wildfire1 Member

    Joined:
    Apr 15, 2018
    Messages:
    17
    Likes Received:
    3
    Trophy Points:
    57
    Gender:
    Male
    Has anyone tried using the WSL to try this and see if it works or not? Also which distro of Ubuntu should I go with?
     
  7. 2,888
    2,756
    372
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,888
    Likes Received:
    2,756
    Trophy Points:
    372
    Gender:
    Male
    Location:
    Poland
    Linux Mint 19.2 or 19.3 works for sure on real hardware (attached compiled modules are for default kernel in 19.2, if You want use another, You must compile it from attached source).

    But I don't have Windows 10 so I cannot check if WSL or WSL2 allow any distro, and if not limited raw access to real devices. You can be pioneer. ;)
     
    Last edited: May 4, 2020
  8. 17
    3
    57
    Wildfire1

    Wildfire1 Member

    Joined:
    Apr 15, 2018
    Messages:
    17
    Likes Received:
    3
    Trophy Points:
    57
    Gender:
    Male
    I think Linux Mint uses a version of Ubuntu but not sure which one as I'll have to do some testing.

    Sent from my SM-G981U using Tapatalk
     
  9. 2,888
    2,756
    372
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,888
    Likes Received:
    2,756
    Trophy Points:
    372
    Gender:
    Male
    Location:
    Poland
    Yes. Mint 19.x is equivalent of Ubuntu 18.x LTS.
     
  10. 17
    3
    57
    Wildfire1

    Wildfire1 Member

    Joined:
    Apr 15, 2018
    Messages:
    17
    Likes Received:
    3
    Trophy Points:
    57
    Gender:
    Male
    With WSL2 I can install Ubuntu 18.04 LTS but as far as I can tell its terminal only. I may try to do some tests here soon and report back in a while.
     
  11. 2,888
    2,756
    372
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,888
    Likes Received:
    2,756
    Trophy Points:
    372
    Gender:
    Male
    Location:
    Poland
    I saw that mounted file systems are (or will be?) displaying in Explorer like standard windows partitions.

    Thanks. I'll be waiting for the feedback.
     
  12. 1
    0
    5
    artiko17

    artiko17 Forum Noob

    Joined:
    May 5, 2020
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    5
    Gender:
    Male
    Hi berion... First of all, many Thanks for your hard work with tutorial on how to reclaim up to 8% of reserved ps3 hard disk space... Unfornetly i have problem with that tutorial. Secound I am From Poland like you, and i will prefer talk in my native... BUT anyway I have a problem with 10 line of your tutorial.

    http://puu.sh/FFSHG.png

    Here is like it looks. I have cechl04 ps3 system. I done everything step by step, and i do not really understand what is wrong. I am using ubuntu 16.04.6LTS system.

    In theory I have to decrypt the drive, before i create decrypted device, but did your script do not do this?


    BTW, disc is connected to virtual machine as sdb - connected via usb, like in your example
     
  13. 2,888
    2,756
    372
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,888
    Likes Received:
    2,756
    Trophy Points:
    372
    Gender:
    Male
    Location:
    Poland
    @artiko17 Witam rodaka.

    I'm not the author of script for unlocking 8% of reserved free space on UFS2. ;) I'm the author of tutorial about PS3 HDD decrypting.

    Do not use bswap16 for nbd client. It will no longer works with current versions of nbd client and demand from You to be installed because loop0 must be free. Current solution is flexible and easy, thanks to bswap16-ecb kernel module which replaced nbd.

    Besides that, You choose wrong algo (but this is my fault, I made mistake in older versions of tutorial; FATs on NOR using AES CBC, not XTS). Also current keygen version don't using "hdd_key.bin" file name but "ata_key.bin" (just cosmetics in this case).

    Download tutorial from first post (I have updated it two weeks ago) and adapt changes.

    Operations needed:
    1. conversion from Big Endian to Little Endian (that's why we need bswap16)
    2. creating mapper with decrypted device (that's why we need cryptsetup)
    3. creating mappers with partitions (that's why we need kpartx)

    Disk not disc. In English it's similar write and pronounce but they are two different things. ;) Disc can be i.e optical like i.e DVD, disk is i.e metal disk like HDD.

    If Linux see it at the end of this chain, then it should be no problem.
     
    Last edited: May 6, 2020
  14. 5
    0
    30
    zetsurin

    zetsurin Member

    Joined:
    Feb 1, 2019
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    30
    Thanks so much for these tutorials. I have been patching the protections from my PS3-based arcade games for preservation purposes but the worlkflow I need to do so takes hours. If I can manage to mount and directly modify my drives it would be a huge help for my preservation efforts (I just know my HDDs must be about to die soon!)

    I am running on Ubuntu 20.04, and have compiled bswap16-ecb for my kernel. However when I do the following, I am only seeing the very first byte swapped only.

    The commands I ran:

    Code:
    sudo su
    insmod bswap16.ko
    cryptsetup create -c bswap16 -d /dev/zero ps3hdd-bs /dev/sdb
    
    And this is my test output to determine if the bytes are being swpped. As you can see in ps3hdd-bs, only the first pair of bytes are ever swapped. Any ideas what I might be able to try?

    Code:
    [email protected]:/home/user/Work/PS3# hexdump -C /dev/sdb | head -8
    00000000  41 ac e4 32 21 a2 44 49  f9 42 35 d2 54 8f 44 45  |A..2!.DI.B5.T.DE|
    00000010  5a 67 4e ca ec f3 5c f9  ae e5 f7 76 e6 d2 f2 fd  |ZgN...\....v....|
    00000020  55 20 4a fc 65 32 ce 13  42 1a bd 7a 79 43 42 89  |U J.e2..B..zyCB.|
    00000030  09 6b 12 18 3a 38 bd 6c  0c 0e f8 57 06 50 f0 c4  |.k..:8.l...W.P..|
    00000040  bb c1 30 fc 7f 96 f6 20  97 b3 2e 6c df ec f0 69  |..0.... ...l...i|
    00000050  7a ac a6 6c ec e3 cd b2  99 a5 89 0d f2 1b 05 2c  |z..l...........,|
    00000060  4b a2 b0 b4 a6 6a 99 37  9b 96 b4 a9 2b 37 a4 ef  |K....j.7....+7..|
    00000070  55 40 59 69 1c 9c 72 31  05 96 d6 b2 7d c0 28 b8  |[email protected]}.(.|
    
    [email protected]:/home/user/Work/PS3# hexdump -C /dev/mapper/ps3hdd-bs | head -8
    00000000  ac 41 73 48 46 13 68 e6  06 b0 2b 77 ba 86 11 cb  |.AsHF.h...+w....|
    00000010  23 1f 90 29 bd 26 15 af  b9 57 d8 12 25 90 1b 20  |#..).&...W..%.. |
    00000020  d2 a8 a9 6a 78 99 76 fc  d4 51 38 a7 fe 03 f0 01  |...jx.v..Q8.....|
    00000030  29 80 11 79 2a 22 56 85  b3 60 5b f6 a8 51 c2 a0  |)..y*"V..`[..Q..|
    00000040  31 7f 47 f1 a6 83 5f 60  45 b7 fb 9d c2 b3 b6 1c  |1.G..._`E.......|
    00000050  5c 13 16 0a 45 80 5e 2e  68 2b 94 2c 92 ff de 1e  |\...E.^.h+.,....|
    00000060  a7 67 ff 12 da 12 91 f3  0f ac 32 22 83 82 c4 93  |.g........2"....|
    00000070  e4 ba 3c 19 c5 75 2d ee  e4 34 b7 40 16 cf c5 e8  |..<[email protected]|
    
     
  15. 2,888
    2,756
    372
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,888
    Likes Received:
    2,756
    Trophy Points:
    372
    Gender:
    Male
    Location:
    Poland
    @zetsurin
    You're welcome. ^^

    That's strange. I never experienced such error before and don't even have idea why module doesn't swapping data beyond first 2B. I'm sorry but I don't know. You can try live distro (i.e older Ubuntu on which for sure it works, or all Mint 18.x up to 19.x which also works, tested by myself). That's poor help, I know.

    - - -
    Meanwhile, I have updated Windows 10 to insider line to have WSL2 and I don't know how to run it with generic kernel. Original MS kernel source doesn't have full module source and compilation of course failed

    I have created in home dir ".wslconfig" with below magic but VM doesn't boot and prints timeout:
    Code:
    [wsl2]
    kernel=D:\test\vmlinuz-5.4.0-26-generic
    memory=4GB
    processors=2
    Any ideas? :)
     
    Last edited: May 23, 2020
  16. 5
    0
    30
    zetsurin

    zetsurin Member

    Joined:
    Feb 1, 2019
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    30
    @Berion, I tried to rewrite bswap16 as a compression stream instead of a crypto stream just out of curiosity, but didn't get anywhere.

    I actually set up a blank install of Mint 18.2 and bswap is working fine.

    By the way, for my Namco System 357 key, I used a version of the key generator which had arcade support, this yielded 32-byte keys. However, this would not decrypt for me. What I needed to do was generate a key as such:

    Code:
    cat ata_data_and_tweak_key.bin ata_data_and_tweak_key.bin > arcade_key.bin
    
    And now I see it is correctly decrypting:

    Code:
    # hexdump -C /dev/mapper/ps3hdd | head -8
    00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    00000010  00 00 00 00 0f ac e0 ff  00 00 00 00 de ad fa ce  |................|
    00000020  00 00 00 00 00 00 00 03  00 00 00 00 00 00 00 02  |................|
    00000030  00 00 00 00 00 00 00 08  00 00 00 00 00 08 00 00  |................|
    00000040  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 0b  |.p..............|
    00000050  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
    00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
    
    So all good now :)

    BTW, regarding WSL (this applies to 1 or 2), it has no support for loop devices at all. Just worth keeping in mind. Under Windows, I think a minimal VirtualBox install is probably going to be the most reliable.

    EDIT: To be precise (and to help anyone reading this in the future to save them time), the exact contents of the ata_key.bin needed for Namco System 357 needs to be:

    Code:
    5F 20 A2 1E D1 2F F6 42 5B 62 FD E0 D1 88 1C 84
    64 13 1B E7 6B 28 CE 9A 73 5D 4A 1C 88 FE DF 07
    5F 20 A2 1E D1 2F F6 42 5B 62 FD E0 D1 88 1C 84
    64 13 1B E7 6B 28 CE 9A 73 5D 4A 1C 88 FE DF 07
    
    And it is configured just like a phat PS3 with aes-cbc-null 192 bit
     
    Last edited: May 24, 2020
  17. 2,888
    2,756
    372
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,888
    Likes Received:
    2,756
    Trophy Points:
    372
    Gender:
    Male
    Location:
    Poland
    @zetsurin But this is exactly key which is output from my script. Did You generate it using keygen script on newest Ubuntu or also on Mint 18.2? If You open script (v1.8b), You can see uncommented i.e ATA Key in Arcade section which is exactly the same (and the same should be generated from eid_root_key_arcade.bin).

    Could You try also VFLASH? Because I didn't test it myself (if this model even have NOR Flash instead to 2x128MiB of NAND, I don't know).

    And big thanks for the report.
     
  18. 5
    0
    30
    zetsurin

    zetsurin Member

    Joined:
    Feb 1, 2019
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    30
    @Berion, I ran the script on Ubuntu 20.04. Perhaps I was using an old version or something.

    I tried VFLASH, it works fine for this machine. I think this model is NAND as it doesn't have xRegistry present in the HDD VFLASH. It's based on the phattest of phat PS3s :)
     
  19. 2,888
    2,756
    372
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,888
    Likes Received:
    2,756
    Trophy Points:
    372
    Gender:
    Male
    Location:
    Poland
    If it have NAND, then it haven't VFLASH which is replacement of eFlash area from NAND but on HDD.

    Normally, xRegistry.sys is on "dev_flash2/etc/" but I never saw GECR systems so who knows, maybe it is somewhere else.
     

Share This Page