Bluedisk EID0 reDRM: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
Line 98: Line 98:
=== nonbound eid0 firmware ===
=== nonbound eid0 firmware ===
To remove eid0 binding, replace the [[Iso module|aim_spu_module.self]] from unpatched OFW 4.25 one (tested, it works).
To remove eid0 binding, replace the [[Iso module|aim_spu_module.self]] from unpatched OFW 4.25 one (tested, it works).
==== Rogero CEX-4.21 CFW ====
{{warning|content=This CFW does not have LV1(/syscon) checks disabled and cannot be installed on Downgraded PS3 consoles unless you have [http://www.ps3devwiki.com/wiki/Downgrading_with_Hardware_flasher#Dehashing Dehashed/Reset Syscon] properly.
<br>
<span style="background-color:white; color:red;"><strong>WARNING: Many claimed they have bricked from this CFW and Rogero has deleted the links to this CFW. INSTALL AT YOUR OWN RISK!
If you happen to brick, [http://www.ps3devwiki.com/wiki/Downgrading_with_Hardware_flasher#Patch_the_dump_.26_Reflash_it_to_the_console basic downgrader patching] should debrick it (if you have a [http://www.ps3devwiki.com/wiki/Validating_flash_dumps Validated] flash dump). </span></strong>}}
<br><br>
Links: <strike>[http://www.mediafire.com/?hrvvaqh7l5gzss9 Rogero_CEX4.21_v1.PUP] / [http://www.sendspace.com/file/49iddc mirror1] / [http://www.mirrorcreator.com/files/01MFETUN/Rogero_CEX4.21_v1.PUP_links other mirrors links]</strike>
<div class="NavFrame collapsed">
<div class="NavHead">
hash file information
</div>
<div class="NavContent">
* CRC-16: 05E4  / CRC-32: AE88016F
* SHA-1: 5B8F488D977CFB2E3E0B5C3362F0275C840443B0
* SHA-256: C1EAE5CD430B2186C221638EF594A477323C12FCFC2DB0C28E64B621BCF4979D
* SHA-384: 36ED4C291EC5AA983EA5E44D710FB1C33B25CF8E503B1C957ACFC3CB0F069894DCD0E336891024D82211988B620E9558
* SHA-512: 435F276733499E228F38866D3BAC07FD442A3BF698898A7412392E6C1D44934DB914E2324BBCB43A0E422405012B64901D713CC2D7E26D4B84B10B96A3DA9E9E
* MD-2: 12D0DB8C096C8A8E2D7117B0681CCCCA
* MD-4: 3AC6AC81B971919B4CAF0DEDBF3B24E1
* MD-5: 418B6D659BA7201B04247618929E73FF
* Size: 192 MB (201,814,594 bytes)
</div>
</div>
v1.00 info:
* This is a 4.21CFW spoofed to version 4.25 to allow SEN access
* It can be used as a normal System Update from any 3.55 OFW/CFW/MFW
* It was tested using a hardware flasher and no bricks or any problems at all were encountered
* It can run games signed with Keys up to version 4.21 without any Eboot/Sprx patching needed
* Games must be loaded from Disc Icon (with Original game in BD) and not from app_home
* Current 3.55 homebrew application can't be loaded on this CFW, applications must be re-signed properly.
* Downgrading back to 3.55 is always possible using hardware flashers and will be tested soon using software methods.
Credits to eussNL and the PS3DevWiki for the valuable and always up-to-date source of information.
Credits to Deank for his continuous efforts on Multiman and many other PS3 tools/fixes.
<span style="background-color:white; color:red;"><strong>You need to already be on 3.55 OFW to install this. Installing from any firmware other than 3.55 OFW will simply not work.</strong></span>
Source: http://www.tortuga-cove.com/forums/viewtopic.php?t=3636&p=8516#p8516


== Compatibility ==
== Compatibility ==

Revision as of 18:12, 25 November 2012


Description

Bluedisk is a modified frankenstein firmware, with 4.21 and 4.25 files. The PS3 needs to be already running 3.55 to "upgrade" to 'Bluedisk', and user should send EID0 and a CDKEY before getting a download link. It has a non Sony DRM mechanism, locking it to the perconsole unique eid0 via serverside injected aim iso module, which was rendered useless within half an hour of the release. The same day a nonDRM version was released, while the server of Bluedisk was no longer capable of handling the traffic and cdkey handing out was suspended.

Bluedisk release

XMB eEID Dumper and MM4.25

Link : XMB eEID Dumper and MM4.25.zip

XMB eEID Dumper.pkg

MM4.25.pkg

Old version of MultiMan (2.08, last open source version) patched to work on this CFW.

CFWUpgrader ver1.01 and manual

Link : CFWUpgrader ver1.01 and manual.zip

CFW Upgrader and downgrade manual.pdf

CFWUpgrader.exe

BlueDiskThingy.png

When you enter your credentials and press "CDKey Check" it generates a file called CFWUpgrader.exe.txt. I used Senaxx's info and it was probably wrong but it generate this log:

ERROR:PatchClient:Could not open I/O for 67.198.173.122:8090
Traceback (most recent call last):
  File "PatchClient.pyo", line 29, in verifykey
  File "protobuf\socketrpc\service.pyo", line 114, in <lambda>
  File "protobuf\socketrpc\service.pyo", line 157, in call
  File "google\protobuf\service_reflection.pyo", line 267, in <lambda>
  File "google\protobuf\service_reflection.pyo", line 284, in _StubMethod
  File "protobuf\socketrpc\channel.pyo", line 192, in CallMethod
  File "protobuf\socketrpc\channel.pyo", line 292, in tryToRunCallback
RpcError: Could not open I/O for 67.198.173.122:8090
Traceback (most recent call last):
  File "main.py", line 104, in doverifykey
AttributeError: 'NoneType' object has no attribute 'ret'

When I clicked download it added this to the file:

AttributeError: 'NoneType' object has no attribute 'ret'
ERROR:PatchClient:Could not open I/O for 67.198.173.122:8090
Traceback (most recent call last):
  File "PatchClient.pyo", line 43, in login
  File "protobuf\socketrpc\service.pyo", line 114, in <lambda>
  File "protobuf\socketrpc\service.pyo", line 157, in call
  File "google\protobuf\service_reflection.pyo", line 267, in <lambda>
  File "google\protobuf\service_reflection.pyo", line 284, in _StubMethod
  File "protobuf\socketrpc\channel.pyo", line 192, in CallMethod
  File "protobuf\socketrpc\channel.pyo", line 292, in tryToRunCallback
RpcError: Could not open I/O for 67.198.173.122:8090
Traceback (most recent call last):
  File "main.py", line 123, in dologin
AttributeError: 'NoneType' object has no attribute 'desc'

Downgrade firmwares

* cfw3.55checkoff MD-5: 8BCF7AB97EE4B9D9F74ECDF9FA9E59A8
* 3.55 Rogero CEX v2 MD-5: 8BCF7AB97EE4B9D9F74ECDF9FA9E59A8

So no need to re-download "cfw3.55checkoff" if you have Rogero CEX 3.55 v2 (Source : GraVoX959 on ps3hax)

Firmwares / EID0.BIN / CD Keys

Firmware

  • 4.21 CoreOS
  • 4.25 Spoof/dev_flash for NP/SEN

PS3UPDAT.PUP

Firmware EID0.BIN CD Key
4.25 CFW based on EID0 Senaxx.rar EID.rar 9E8302C692EEFBD1
4.25 CFW based on EID0 bubba.rar
N/A 0CB52A87B221BC50
4.25 CFW based on EID0 Luckystar.rar N/A C0B7431B5073CC52

Other CD Keys

  • FA73FDEF3A3949DE
  • 1C24792552F19D59
  • 45A76B28633A4B82

reDRM mechanism / eid0 binding

Analysis

eid0 is checked in aim_spu_module.self (Source : https://twitter.com/naehrwert/status/260356650257498113)

The check is basically a:

if(memcmp(eid0_section0, first_encrypt_0x10_bytes, 0x10)!=0)fail();

nonbound eid0 firmware

To remove eid0 binding, replace the aim_spu_module.self from unpatched OFW 4.25 one (tested, it works).

Compatibility

Its MFW 4.2x, so all OFW 4.2x signed content should work.

Games

Do not start games from APP_HOME, to prevent "EAUTHFAIL - 0x80010017 - Failure in authorizing SELF. Program authentication fail (Error starting BluRay game)"

Homebrew

3.60 or 3.60+ signed EBOOTs are working. 3.41/3.55 signed homebrews must be resigned with 3.60+ keys.