Editing Spuisofs

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
[[Category:OtherOS]]
[[Category:Linux]]
=Introduction=
=Introduction=


Line 5: Line 5:
* spuisofs can execute only isolated SPU modules which are decrypted by isoldr.
* spuisofs can execute only isolated SPU modules which are decrypted by isoldr.
* I used this driver e.g. to dump my EID0 key and my ATA keys.
* I used this driver e.g. to dump my EID0 key and my ATA keys.
* GIT repo: http://gitorious.ps3dev.net/ps3linux/spuisofs
* spuisofs.tar.gz: http://www.multiupload.nl/0U1ZIZN6PG
 
=Features=
 
* MFC data segment faults are handled by the driver. That means you do not have to worry about it.
* Large data buffers which can be used for data exchange between SPU and PPU.
* Data buffers are not physically continuous which eliminates the RAM allocation problem.
* Full access to all SPU registers from user-space.


=Mounting=
=Mounting=
Line 48: Line 41:
* Use the computed EID0 key and the dumped IV to decrypt EID0 data at offset 0x7A0 of size 0xC0.
* Use the computed EID0 key and the dumped IV to decrypt EID0 data at offset 0x7A0 of size 0xC0.
* dump_eid0_key.tar.gz: http://www.multiupload.nl/T3ZFSG057P
* dump_eid0_key.tar.gz: http://www.multiupload.nl/T3ZFSG057P
* See also http://www.ps3devwiki.com/wiki/Making_Isolated_SPU_Modules_and_Loaders


==EID0 Key Seed==
==EID0 Key Seed==
Line 244: Line 236:


* I modified fdm_spu_module.self to dump EID2 key and IV.
* I modified fdm_spu_module.self to dump EID2 key and IV.
* fdm_spu_module.self is a very simple isolated SPU module, it just decrypts EID2 and writes the reult to PPU memory buffer.
* EID2 is encrypted with AES-CBC-256.
* EID2 is encrypted with AES-CBC-256.
* Use the dumped IV and key to decrypt EID2.
* Use the dumped IV and key to decrypt EID2.
* dump_eid2_key.tar.gz: http://www.multiupload.nl/D5GKYOZRAU
* dump_eid2_key.tar.gz: http://www.multiupload.nl/D5GKYOZRAU
==Information about EID2==
* EID2 has 2 blocks: type 1 (P-block) and type 2 (S-block).
* At offset 0 you will find the header of size 0x20.
* Type 1 block starts at offset 0x20 and the size of the block is at offset 0x0 in the header (2 bytes).
* Type 2 block starts at offset 0x20 + sizeof block1 and the size of the block is at offset 0x2 in the header (2 bytes).
* Note that EID2 have another encryption level, it can be decrypted with DES, key and IV can be found in the leaked JIG kernel.


==SPU Program==
==SPU Program==
Line 383: Line 366:
...
...
</pre>
</pre>
=More Examples=
See here:
* http://gitorious.ps3dev.net/ps3linux/aim
* http://gitorious.ps3dev.net/ps3linux/spp_verifier
{{Linux}}<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)