Bluedisk EID0 reDRM: Difference between revisions
mNo edit summary |
|||
(32 intermediate revisions by 9 users not shown) | |||
Line 1: | Line 1: | ||
== Description == | |||
Bluedisk is a modified frankenstein firmware, with 4.21 and 4.25 files. The PS3 needs to be already running 3.55 to "upgrade" to 'Bluedisk', and user should send EID0 and a CDKEY before getting a download link. It has a non Sony DRM mechanism, locking it to the perconsole unique eid0 via serverside injected aim iso module, which was rendered useless within half an hour of the release. The same day a nonDRM version was released, while the server of Bluedisk was no longer capable of handling the traffic and cdkey handing out was suspended. | |||
== XMB eEID Dumper and MM4.25 | == Bluedisk release == | ||
http://www.sendspace.com/file/q8rk8b | === XMB eEID Dumper and MM4.25 === | ||
Link : [http://www.sendspace.com/file/q8rk8b XMB eEID Dumper and MM4.25.zip] | |||
=== XMB eEID Dumper.pkg === | ==== XMB eEID Dumper.pkg ==== | ||
=== MM4.25.pkg === | ==== MM4.25.pkg ==== | ||
Old version of [[MultiMan]] (2.08, last open source version) patched to work on this CFW. | |||
== CFWUpgrader ver1.01 and manual | === CFWUpgrader ver1.01 and manual === | ||
http://www.sendspace.com/file/2mysue | Link : [http://www.sendspace.com/file/2mysue CFWUpgrader ver1.01 and manual.zip] | ||
=== CFW Upgrader and downgrade manual.pdf === | ==== [http://www.slideshare.net/slideshow/embed_code/14857769 CFW Upgrader and downgrade manual.pdf] ==== | ||
=== CFWUpgrader.exe === | ==== CFWUpgrader.exe ==== | ||
[[File:BlueDiskThingy.png]] | |||
When you enter your credentials and press "CDKey Check" it generates a file called ''CFWUpgrader.exe.txt''. I used Senaxx's info and it was probably wrong but it generate this log: | |||
<pre>ERROR:PatchClient:Could not open I/O for 67.198.173.122:8090 | |||
Traceback (most recent call last): | |||
File "PatchClient.pyo", line 29, in verifykey | |||
[http://www.sendspace.com/file/ | File "protobuf\socketrpc\service.pyo", line 114, in <lambda> | ||
[http:// | File "protobuf\socketrpc\service.pyo", line 157, in call | ||
File "google\protobuf\service_reflection.pyo", line 267, in <lambda> | |||
File "google\protobuf\service_reflection.pyo", line 284, in _StubMethod | |||
File "protobuf\socketrpc\channel.pyo", line 192, in CallMethod | |||
File "protobuf\socketrpc\channel.pyo", line 292, in tryToRunCallback | |||
RpcError: Could not open I/O for 67.198.173.122:8090 | |||
Traceback (most recent call last): | |||
File "main.py", line 104, in doverifykey | |||
AttributeError: 'NoneType' object has no attribute 'ret' | |||
</pre> | |||
When I clicked download it added this to the file: | |||
<pre>AttributeError: 'NoneType' object has no attribute 'ret' | |||
ERROR:PatchClient:Could not open I/O for 67.198.173.122:8090 | |||
Traceback (most recent call last): | |||
File "PatchClient.pyo", line 43, in login | |||
File "protobuf\socketrpc\service.pyo", line 114, in <lambda> | |||
File "protobuf\socketrpc\service.pyo", line 157, in call | |||
File "google\protobuf\service_reflection.pyo", line 267, in <lambda> | |||
File "google\protobuf\service_reflection.pyo", line 284, in _StubMethod | |||
File "protobuf\socketrpc\channel.pyo", line 192, in CallMethod | |||
File "protobuf\socketrpc\channel.pyo", line 292, in tryToRunCallback | |||
RpcError: Could not open I/O for 67.198.173.122:8090 | |||
Traceback (most recent call last): | |||
File "main.py", line 123, in dologin | |||
AttributeError: 'NoneType' object has no attribute 'desc' | |||
</pre> | |||
=== Downgrade firmwares === | |||
* [http://www.sendspace.com/file/d9pe9v 4.25TO3.55 CFW] [http://www.mediafire.com/?1iwd6c811pgpats 4.25TO3.55 CFW]<br /> | |||
* [http://www.sendspace.com/file/zfzeo6 CFW3.55CHECKOFF]<br /> | |||
<pre> | |||
* cfw3.55checkoff MD-5: 8BCF7AB97EE4B9D9F74ECDF9FA9E59A8 | |||
* 3.55 Rogero CEX v2 MD-5: 8BCF7AB97EE4B9D9F74ECDF9FA9E59A8 | |||
</pre> | |||
So no need to re-download "cfw3.55checkoff" if you have Rogero CEX 3.55 v2 (Source : [http://www.ps3hax.net/showpost.php?p=455374&postcount=330 GraVoX959 on ps3hax])<br /> | |||
== Firmwares / EID0.BIN / CD Keys == | |||
=== Firmware === | |||
* 4.21 CoreOS | * 4.21 CoreOS | ||
* 4.25 Spoof/dev_flash for NP/SEN | * 4.25 Spoof/dev_flash for NP/SEN | ||
=== | === PS3UPDAT.PUP === | ||
[http://www.sendspace.com/file/ | {| class="wikitable collapsible" | ||
[http:// | |- | ||
!Firmware !! EID0.BIN !! CD Key | |||
|- | |||
| [http://www.mediafire.com/?jxu0d97sflb5717 4.25 CFW based on EID0 Senaxx.rar] <!--// http://67.198.173.122/webeditor/PS3UPDAT_9E8302C692EEFBD1.PUP //--> || [http://www.mediafire.com/?1ib0c9b3b3mrld7 EID.rar] || 9E8302C692EEFBD1 | |||
|- | |||
| [http://www.sendspace.com/file/xx9qal 4.25 CFW based on EID0 bubba.rar] <!--// http://67.198.173.122/webeditor/PS3UPDAT_0CB52A87B221BC50.rar //--> <br /> || N/A || 0CB52A87B221BC50 <!--// bubba //--> | |||
|- | |||
| [http://kuai.xunlei.com/d/TJAKBXYICPTO 4.25 CFW based on EID0 Luckystar.rar] <!--// http://67.198.173.122/webeditor/PS3UPDAT_A33BB116F4D71DAD(CE95EC2457008FCC).PUP//--> || N/A || C0B7431B5073CC52 <!--// LuckyStar //--> | |||
|- | |||
|} | |||
=== Other CD Keys === | |||
* FA73FDEF3A3949DE <!--// http://bbs.duowan.com/thread-29221529-1-1.html //--> | |||
* 1C24792552F19D59 <!--// http://bbs.duowan.com/thread-29221529-1-1.html //--> | |||
* 45A76B28633A4B82 <!--// http://bbs.duowan.com/thread-29221529-1-1.html //--> | |||
== reDRM mechanism / eid0 binding == | == reDRM mechanism / eid0 binding == | ||
=== Analysis === | |||
eid0 is checked in [[Iso module|aim_spu_module.self]] (Source : https://twitter.com/naehrwert/status/260356650257498113) | |||
https://twitter.com/naehrwert/status/260356650257498113 | |||
The check is basically a: <pre>if(memcmp(eid0_section0, first_encrypt_0x10_bytes, 0x10)!=0)fail();</pre> | |||
To remove eid0 binding, replace the | === nonbound eid0 firmware === | ||
To remove eid0 binding, replace the [[Iso module|aim_spu_module.self]] from unpatched OFW 4.25 one (tested, it works). | |||
== Compatibility == | == Compatibility == | ||
Line 57: | Line 104: | ||
=== Homebrew === | === Homebrew === | ||
3.60 or 3.60+ | 3.60 or 3.60+ signed EBOOTs are working. 3.41/3.55 signed homebrews must be resigned with 3.60+ keys. | ||
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude> |
Latest revision as of 19:58, 5 February 2014
Description[edit | edit source]
Bluedisk is a modified frankenstein firmware, with 4.21 and 4.25 files. The PS3 needs to be already running 3.55 to "upgrade" to 'Bluedisk', and user should send EID0 and a CDKEY before getting a download link. It has a non Sony DRM mechanism, locking it to the perconsole unique eid0 via serverside injected aim iso module, which was rendered useless within half an hour of the release. The same day a nonDRM version was released, while the server of Bluedisk was no longer capable of handling the traffic and cdkey handing out was suspended.
Bluedisk release[edit | edit source]
XMB eEID Dumper and MM4.25[edit | edit source]
Link : XMB eEID Dumper and MM4.25.zip
XMB eEID Dumper.pkg[edit | edit source]
MM4.25.pkg[edit | edit source]
Old version of MultiMan (2.08, last open source version) patched to work on this CFW.
CFWUpgrader ver1.01 and manual[edit | edit source]
Link : CFWUpgrader ver1.01 and manual.zip
CFW Upgrader and downgrade manual.pdf[edit | edit source]
CFWUpgrader.exe[edit | edit source]
When you enter your credentials and press "CDKey Check" it generates a file called CFWUpgrader.exe.txt. I used Senaxx's info and it was probably wrong but it generate this log:
ERROR:PatchClient:Could not open I/O for 67.198.173.122:8090 Traceback (most recent call last): File "PatchClient.pyo", line 29, in verifykey File "protobuf\socketrpc\service.pyo", line 114, in <lambda> File "protobuf\socketrpc\service.pyo", line 157, in call File "google\protobuf\service_reflection.pyo", line 267, in <lambda> File "google\protobuf\service_reflection.pyo", line 284, in _StubMethod File "protobuf\socketrpc\channel.pyo", line 192, in CallMethod File "protobuf\socketrpc\channel.pyo", line 292, in tryToRunCallback RpcError: Could not open I/O for 67.198.173.122:8090 Traceback (most recent call last): File "main.py", line 104, in doverifykey AttributeError: 'NoneType' object has no attribute 'ret'
When I clicked download it added this to the file:
AttributeError: 'NoneType' object has no attribute 'ret' ERROR:PatchClient:Could not open I/O for 67.198.173.122:8090 Traceback (most recent call last): File "PatchClient.pyo", line 43, in login File "protobuf\socketrpc\service.pyo", line 114, in <lambda> File "protobuf\socketrpc\service.pyo", line 157, in call File "google\protobuf\service_reflection.pyo", line 267, in <lambda> File "google\protobuf\service_reflection.pyo", line 284, in _StubMethod File "protobuf\socketrpc\channel.pyo", line 192, in CallMethod File "protobuf\socketrpc\channel.pyo", line 292, in tryToRunCallback RpcError: Could not open I/O for 67.198.173.122:8090 Traceback (most recent call last): File "main.py", line 123, in dologin AttributeError: 'NoneType' object has no attribute 'desc'
Downgrade firmwares[edit | edit source]
* cfw3.55checkoff MD-5: 8BCF7AB97EE4B9D9F74ECDF9FA9E59A8 * 3.55 Rogero CEX v2 MD-5: 8BCF7AB97EE4B9D9F74ECDF9FA9E59A8
So no need to re-download "cfw3.55checkoff" if you have Rogero CEX 3.55 v2 (Source : GraVoX959 on ps3hax)
Firmwares / EID0.BIN / CD Keys[edit | edit source]
Firmware[edit | edit source]
- 4.21 CoreOS
- 4.25 Spoof/dev_flash for NP/SEN
PS3UPDAT.PUP[edit | edit source]
Firmware | EID0.BIN | CD Key |
---|---|---|
4.25 CFW based on EID0 Senaxx.rar | EID.rar | 9E8302C692EEFBD1 |
4.25 CFW based on EID0 bubba.rar |
N/A | 0CB52A87B221BC50 |
4.25 CFW based on EID0 Luckystar.rar | N/A | C0B7431B5073CC52 |
Other CD Keys[edit | edit source]
- FA73FDEF3A3949DE
- 1C24792552F19D59
- 45A76B28633A4B82
reDRM mechanism / eid0 binding[edit | edit source]
Analysis[edit | edit source]
eid0 is checked in aim_spu_module.self (Source : https://twitter.com/naehrwert/status/260356650257498113)
The check is basically a:
if(memcmp(eid0_section0, first_encrypt_0x10_bytes, 0x10)!=0)fail();
nonbound eid0 firmware[edit | edit source]
To remove eid0 binding, replace the aim_spu_module.self from unpatched OFW 4.25 one (tested, it works).
Compatibility[edit | edit source]
Its MFW 4.2x, so all OFW 4.2x signed content should work.
Games[edit | edit source]
Do not start games from APP_HOME, to prevent "EAUTHFAIL - 0x80010017 - Failure in authorizing SELF. Program authentication fail (Error starting BluRay game)"
Homebrew[edit | edit source]
3.60 or 3.60+ signed EBOOTs are working. 3.41/3.55 signed homebrews must be resigned with 3.60+ keys.