Editing Mounting HDD on PC

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
[[Category:OtherOS]]
=Introduction=
=Introduction=


Line 7: Line 6:
=ATA and ENCDEC Keys=
=ATA and ENCDEC Keys=


''Main Article [[HDD Encryption]]''
See http://www.ps3devwiki.com/wiki/HDD_Encryption


=Device Mapper=
=Device Mapper=
Line 112: Line 111:
</pre>
</pre>


==dm-crypt==
==dm-crypto==


* We don't need xts_aes application anymore.
* We don't need xts_aes application anymore.
Line 298: Line 297:
* Implemented PS3 partition support in Linux kernel. See patch '''0035-ps3-partition.patch''' here http://gitorious.ps3dev.net/ps3linux/kernel-patches-35
* Implemented PS3 partition support in Linux kernel. See patch '''0035-ps3-partition.patch''' here http://gitorious.ps3dev.net/ps3linux/kernel-patches-35
* Use kpartx tool to reread partition table.
* Use kpartx tool to reread partition table.
==Structure==
<pre>
#define MAX_ACL_ENTRIES 8
#define MAX_PARTITIONS 8
#define MAGIC1 0x0FACE0FFULL
#define MAGIC2 0xDEADFACEULL
struct p_acl_entry {
u64 laid;
u64 rights;
};
struct d_partition {
u64 p_start;
u64 p_size;
struct p_acl_entry p_acl[MAX_ACL_ENTRIES];
};
struct disklabel {
u8 d_res1[16];
u64 d_magic1;
u64 d_magic2;
u64 d_res2;
u64 d_res3;
struct d_partition d_partitions[MAX_PARTITIONS];
u8 d_pad[0x600 - MAX_PARTITIONS * sizeof(struct d_partition)- 0x30];
};
</pre>


==kpartx==
==kpartx==
Line 335: Line 305:
* We need a patch which adds PS3 partition table support.
* We need a patch which adds PS3 partition table support.
* Official GIT repo: http://git.opensvc.com/multipath-tools/.git
* Official GIT repo: http://git.opensvc.com/multipath-tools/.git
* '''PS3 partition table support is upstream now, you don't have to patch it anymore !!!'''


===Patching and Building===
===Patching and Building===
Line 351: Line 320:


<pre>
<pre>
sudo ./kpartx/kpartx -l /dev/ps3da
glevand@debian:~/multipath-tools$ sudo ./kpartx/kpartx -l /dev/ps3da
ps3da1 : 0 524288 /dev/ps3da 8
ps3da1 : 0 524288 /dev/ps3da 8
ps3da2 : 0 60459821 /dev/ps3da 524304
ps3da2 : 0 60459821 /dev/ps3da 524304
Line 417: Line 386:
000001f0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000001f0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000200  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
# create device mapper partitions with kpartx
kpartx-ps3 -l /dev/mapper/hdd_crypt
hdd_crypt1 : 0 524288 /dev/mapper/hdd_crypt 8
hdd_crypt2 : 0 60459821 /dev/mapper/hdd_crypt 524304
hdd_crypt3 : 0 4194296 /dev/mapper/hdd_crypt 60984133
hdd_crypt4 : 0 423218700 /dev/mapper/hdd_crypt 65178438
kpartx-ps3 -a /dev/mapper/hdd_crypt
ls -l /dev/mapper/
total 0
crw------- 1 root root 10, 236 Sep  7 01:09 control
lrwxrwxrwx 1 root root      7 Sep  7 01:11 hdd -> ../dm-0
lrwxrwxrwx 1 root root      7 Sep  7 01:11 hdd_crypt -> ../dm-1
lrwxrwxrwx 1 root root      7 Sep  7 01:12 hdd_crypt1 -> ../dm-2            <---------- VFLASH
lrwxrwxrwx 1 root root      7 Sep  7 01:12 hdd_crypt2 -> ../dm-3            <---------- GameOS UFS2
lrwxrwxrwx 1 root root      7 Sep  7 01:12 hdd_crypt3 -> ../dm-4            <---------- FAT32 region
lrwxrwxrwx 1 root root      7 Sep  7 01:12 hdd_crypt4 -> ../dm-5            <---------- OtheroS++ HDD region
# create VFLASH key file
echo <your encdec data key as hex string> <your encdec tweak key as hex string> | xxd -r -p > vflash_key.bin
ls -l vflash_key.bin
-rw-r--r-- 1 root root 32 Sep  4 09:28 vflash_key.bin
# create DM crypto target
# key size is 256bit because PS3 uses XTS-AES-128 and the key is just the concatenation of the data and tweak keys.
# here is important to use option -p because VFLASH starts with sector 8 and encryption/decryption depends on sector number.
cryptsetup create -c aes-xts-plain64 -d ./vflash_key.bin -s 256 -p 8 vflash_crypt /dev/mapper/hdd_crypt1
hexdump -C /dev/mapper/vflash_crypt | head -23
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000010  00 00 00 00 0f ac e0 ff  00 00 00 00 de ad fa ce  |................|
00000020  00 00 00 00 00 00 00 03  00 00 00 00 00 00 00 02  |................|
00000030  00 00 00 00 00 00 00 08  00 00 00 00 00 00 75 f8  |..............u.|
00000040  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000c0  00 00 00 00 00 00 78 00  00 00 00 00 00 06 3e 00  |......x.......>.|
000000d0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000000e0  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000000f0  10 20 00 00 03 00 00 01  00 00 00 00 00 00 00 01  |. ..............|
00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000150  00 00 00 00 00 06 b6 00  00 00 00 00 00 00 80 00  |................|
00000160  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000170  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001e0  00 00 00 00 00 07 36 00  00 00 00 00 00 00 04 00  |......6.........|
000001f0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000200  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000210  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
# create device mapper partitions with kpartx
kpartx-ps3 -l /dev/mapper/vflash_crypt
vflash_crypt1 : 0 30200 /dev/mapper/vflash_crypt 8
vflash_crypt2 : 0 409088 /dev/mapper/vflash_crypt 30720
vflash_crypt3 : 0 32768 /dev/mapper/vflash_crypt 439808
vflash_crypt4 : 0 1024 /dev/mapper/vflash_crypt 472576
vflash_crypt5 : 0 49152 /dev/mapper/vflash_crypt 473600
vflash_crypt6 : 0 512 /dev/mapper/vflash_crypt 522752
kpartx-ps3 -a /dev/mapper/vflash_crypt
ls -l /dev/mapper/
total 0
crw------- 1 root root 10, 236 Sep  7 01:09 control
lrwxrwxrwx 1 root root      7 Sep  7 01:11 hdd -> ../dm-0
lrwxrwxrwx 1 root root      7 Sep  7 01:11 hdd_crypt -> ../dm-1
lrwxrwxrwx 1 root root      7 Sep  7 01:12 hdd_crypt1 -> ../dm-2
lrwxrwxrwx 1 root root      7 Sep  7 01:12 hdd_crypt2 -> ../dm-3
lrwxrwxrwx 1 root root      7 Sep  7 01:12 hdd_crypt3 -> ../dm-4
lrwxrwxrwx 1 root root      7 Sep  7 01:12 hdd_crypt4 -> ../dm-5
lrwxrwxrwx 1 root root      7 Sep  7 01:15 vflash_crypt -> ../dm-6
lrwxrwxrwx 1 root root      7 Sep  7 01:17 vflash_crypt1 -> ../dm-7
lrwxrwxrwx 1 root root      7 Sep  7 01:17 vflash_crypt2 -> ../dm-8
lrwxrwxrwx 1 root root      7 Sep  7 01:17 vflash_crypt3 -> ../dm-9
lrwxrwxrwx 1 root root      8 Sep  7 01:17 vflash_crypt4 -> ../dm-10
lrwxrwxrwx 1 root root      8 Sep  7 01:17 vflash_crypt5 -> ../dm-11
lrwxrwxrwx 1 root root      8 Sep  7 01:17 vflash_crypt6 -> ../dm-12
Now we can mount any PS3 HDD regions on PC :)
Linux kernel device mapper is a really great feature.
# mount UFS2 partition
mount -t ufs -o ufstype=ufs2,ro /dev/mapper/hdd_crypt2 /mnt/
ls -l /mnt/
total 16
drwx-----x 5 root root 512 Dec 31  2008 crash_report
drwx------ 3 root root 512 Dec 31  2008 drm
drwxr-xr-x 6 root root 512 Dec 31  2008 game
drwx------ 3 root root 512 Dec 31  2008 home
drwx------ 3 root root 512 Dec 31  2008 mms
drwx------ 5 root root 512 Dec 31  2008 tmp
drwx------ 2 root root 512 Jun 17  2009 vm
drwx------ 5 root root 512 Jul 15  2009 vsh
umount /mnt
mount /dev/mapper/vflash_crypt4 /mnt/
ls -l /mnt/
total 1
drwxr-xr-x 6 root root 512 Jul 15  2009 data-revoke
</pre>
</pre>
=Making Changes to cell_ext_os_area VFLASH Region=
* Here is one of the use cases for your dumped HDD and VFLASH keys.
* It's the VFLASH region where petitboot is stored.
* Useful for OtherOS++ users.
* You will need it if you flash bad petitboot which doesn't boot and just hangs.
* You have to connect your HDD to your PC, e.g. with SATA-2-USB adapter.
* We will clear OtherOS boot flag and GameOS will boot again.
* We don't have to decrypt VFLASH, only HDD, because cell_ext_os_area is NOT encrypted with VFLASH key, only with HDD key.
* I tested everything myself, it's safe to use.
<pre>
modprobe dm_mod
insmod dm-bswap16
# On my PC, sdd is the PS3 HDD connected through SATA-USB adapater
hdd_size=`blockdev --getsize /dev/sdd`
echo "0 $hdd_size bswap16 /dev/sdd" | dmsetup create hdd
echo <your data key as hex string> <your tweak key as hex string> | xxd -r -p > hdd_key.bin
cryptsetup create -c aes-xts-plain64 -d ./hdd_key.bin -s 256 hdd_crypt /dev/mapper/hdd
kpartx-ps3 -a /dev/mapper/hdd_crypt
# cell_ext_os_area starts at offset 0xe740000 on VFLASH
# first dump os area parameters
# it begins at offset 0xe740200
dd if=/dev/mapper/hdd_crypt1 of=params.bin bs=1 count=512 skip=$((0xe740200))
# now clear the boot flag
# just make the first 4 bytes in params.bin all 0s
# now we write it back
dd of=/dev/mapper/hdd_crypt1 if=params.bin bs=1 count=512 seek=$((0xe740200))
sync
# clean up everything before disconnecting PS3 HDD
kpartx-ps3 -d /dev/mapper/hdd_crypt
dmsetup remove hdd_crypt
dmsetup remove hdd
# now GameOS should boot and you can flash a new petitboot :)
# you also could write new petitboot image to VFLASH :)
</pre>
=Further Work=
* Encryption/decryption of HDD on FreeBSD using geli framework.


=Links=
=Links=
Line 594: Line 396:
* http://lxr.free-electrons.com/source/block/partitions/
* http://lxr.free-electrons.com/source/block/partitions/
* http://backreference.org/2010/09/25/access-partitions-in-non-disk-block-devices-with-kpartx/
* http://backreference.org/2010/09/25/access-partitions-in-non-disk-block-devices-with-kpartx/
* https://www.dan.me.uk/blog/2012/05/05/full-disk-encryption-in-freebsd-9-x-well-almost/
{{Linux}}<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)