Cex2Dex: Difference between revisions
Jump to navigation
Jump to search
(rebug 4.70+ cex2dex) |
m (links fixed, the files doesnt exists though) |
||
| Line 1: | Line 1: | ||
= Files = | = Files = | ||
http://www. | http://www.psdevwiki.com/files/devtools/Cex2Dex/ | ||
== LibeEID == | == LibeEID == | ||
* [http://www. | * [http://www.psdevwiki.com/files/devtools/Cex2Dex/libeeid/ libeeid] [http://mir.cr/1VENKUSQ mirror] | ||
== c2d == | == c2d == | ||
* [http://www. | * [http://www.psdevwiki.com/files/devtools/Cex2Dex/c2d/ c2d] [http://mir.cr/DY6DAA4W mirror] | ||
== cex2dex == | == cex2dex == | ||
* [http://www. | * [http://www.psdevwiki.com/files/devtools/Cex2Dex/CEX2DEX/ CEX2DEX] [http://mir.cr/0WPZNP5Z mirror] | ||
== GUI for the console handicapped == | == GUI for the console handicapped == | ||
| Line 16: | Line 16: | ||
== dump_rootkey == | == dump_rootkey == | ||
alternative for the 'acquire PCK1' step, without need for OtherOS/Linux. | alternative for the 'acquire PCK1' step, without need for OtherOS/Linux. | ||
* [http://www. | * [http://www.psdevwiki.com/files/devtools/Cex2Dex/dump_rootkey dump_rootkey] [http://mir.cr/BLLYCG2B mirror] | ||
(needs 3.41, the [http://www. | (needs 3.41, the [http://www.psdevwiki.com/files/firmware/MFW-CEX/Downgrader/341-downgrader.pup 341-downgrader.pup] works fine). | ||
== gameos method explained == | == gameos method explained == | ||
| Line 51: | Line 51: | ||
== eEID_RKDumper == | == eEID_RKDumper == | ||
alternative for the 'acquire PCK1' step, without need for OtherOS/Linux. | alternative for the 'acquire PCK1' step, without need for OtherOS/Linux. | ||
* [http://www. | * [http://www.psdevwiki.com/files/devtools/Cex2Dex/eEID_RKDumper/ eEID_RKDumper] [https://www.mirrorcreator.com/files/Y1FDUGXG/eEID_RKDumper.rar_links mirror] / [https://mega.co.nz/#!uo9BiB7T!hh_p-uOAXQ_KKwse39fxYO60-lu_1nuRx8G_O-KkuLE mirror] | ||
(works fine on 3.55, e.g. [http://www. | (works fine on 3.55, e.g. [http://www.psdevwiki.com/files/firmware/MFW-CEX/Downgrader/Rogero-V3.7/ Rogero V3.7] ([http://www.tortuga-cove.com/forums/viewtopic.php?f=127&t=525&p=879#p879 mirror] / {{MD5|8f8166b25d6bed891f292c77de5c4b28}}) | ||
Howto: | Howto: | ||
| Line 74: | Line 74: | ||
* If needed, because console is now on 3.56+, don't forget to patch CoreOS and Revoke too -> [[Downgrading with Hardware flasher#Patch_the_dump_.26_Reflash_it_to_the_console|Downgrading patches]] | * If needed, because console is now on 3.56+, don't forget to patch CoreOS and Revoke too -> [[Downgrading with Hardware flasher#Patch_the_dump_.26_Reflash_it_to_the_console|Downgrading patches]] | ||
* write back to flash -> [[Hardware flashing]] or on linux : ''[[Dev_Tools#nor_write.sh|dd if=nor.bin of=/dev/ps3nflasha bs=1024]]'' | * write back to flash -> [[Hardware flashing]] or on linux : ''[[Dev_Tools#nor_write.sh|dd if=nor.bin of=/dev/ps3nflasha bs=1024]]'' | ||
* PSgrade/JIG toggle -> [[http://www. | * PSgrade/JIG toggle -> [[http://www.psdevwiki.com/files/PSGrade/ files/PSGrade]] | ||
* service mode reinstall [[System_Software|Firmware]] belonging to that [[Target ID]] -> [[Downgrading with PSgrade Dongle]] | * service mode reinstall [[System_Software|Firmware]] belonging to that [[Target ID]] -> [[Downgrading with PSgrade Dongle]] | ||
* remarry BDdrive -> [[http://www. | * remarry BDdrive -> [[http://www.psdevwiki.com/files/lv2diag/remarry/ files/lv2diag/remarry]] | ||
* [[QA_Flagging#Toggle_QA_-_rebug.me|QA-toggle]] + [[QA_Flagging#Getting_the_QA_flag_menu|combo button]] -> [[QA Flagging]] | * [[QA_Flagging#Toggle_QA_-_rebug.me|QA-toggle]] + [[QA_Flagging#Getting_the_QA_flag_menu|combo button]] -> [[QA Flagging]] | ||
* leave service mode -> [[http://www. | * leave service mode -> [[http://www.psdevwiki.com/files/lv2diag/3.55%20downgrader/FILE2/ lv2diag.self FILE2]] | ||
* either enjoy XMB or a new brick | * either enjoy XMB or a new brick | ||
Revision as of 17:50, 25 March 2017
Files
http://www.psdevwiki.com/files/devtools/Cex2Dex/
LibeEID
c2d
cex2dex
GUI for the console handicapped
http://www.ps3hax.net/2012/07/ps3tools-gui-edition-v2-6-released-cex-2-dex-added/ download mirror
dump_rootkey
alternative for the 'acquire PCK1' step, without need for OtherOS/Linux.
(needs 3.41, the 341-downgrader.pup works fine).
gameos method explained
#include <ppu-types.h>
#include <ppu-lv2.h>
/*! IIM interface syscall. */
#define SYSCALL_IIM_IF 868
/*! IIM interface. */
#define IIM_IF(cmd, a1, a2, a3, a4) \
do{ lv2syscall5(SYSCALL_IIM_IF, (u64)(cmd), (u64)(a1), (u64)(a2), (u64)(a3), (u64)(a4)); }while(0)
/*! IIM_GET_DATA. */
#define IIM_GET_DATA 0x17002
/*! EID0 index. */
#define EID0_IDX 0
int main(int argc, const char **argv)
{
u8 eid0[0x1000];
u64 size;
FILE *fp;
//Get EID0.
IIM_IF(IIM_GET_DATA, EID0_IDX, eid0, sizeof(eid0), &size);
//Dump to usb or wherever you like...
return 0;
}
Source: http://pastie.org/4365689 by naehrwert
eEID_RKDumper
alternative for the 'acquire PCK1' step, without need for OtherOS/Linux.
(works fine on 3.55, e.g. Rogero V3.7 (mirror / MD5:8F8166B25D6BED891F292C77DE5C4B28)
Howto:
- install package and run it
- It will then black screen (no GUI) and restart the console automatically
- FTP (other otherwise) retrieve your eid_root_key / PCK1 from /dev_hdd0/tmp/eid_root_key
Guide(s)
In short: changing Target ID of console inside decrypted eEID0
Semi Guide / Shortlist
- dump metldr -> Dumping Metldr
- acquire PCK1 -> EID root key
- dump flash -> Dev_Tools#Memdump Memdump 0.1 or (NOR only) on linux : dd if=/dev/ps3nflasha of=nor.bin
- Check flashdump -> Validating flash dumps
- extract EID0 section -> eidsplitter, manual extract or on linux : ps3dm_iim /dev/ps3dmproxy get_data 0x0 > EID0.bin
- decrypt EID0 using proper LibeEID (or any other proper eEID crypto tool)
- edit Target ID
- encrypt/rehash EID0 using proper LibeEID (or any other proper eEID crypto tool)
- paste inside flash dump -> [HxD] or any Hexeditor / binairy copy method
- If needed, because console is now on 3.56+, don't forget to patch CoreOS and Revoke too -> Downgrading patches
- write back to flash -> Hardware flashing or on linux : dd if=nor.bin of=/dev/ps3nflasha bs=1024
- PSgrade/JIG toggle -> [files/PSGrade]
- service mode reinstall Firmware belonging to that Target ID -> Downgrading with PSgrade Dongle
- remarry BDdrive -> [files/lv2diag/remarry]
- QA-toggle + combo button -> QA Flagging
- leave service mode -> [lv2diag.self FILE2]
- either enjoy XMB or a new brick
Full Rebug 4.70+ Guide
(WARNING BEFORE DOING THIS SAVE YOUR IDPS(CID) AND PSID TO PUT ON CONSOLE FOR STEP 14)
- 1.INSTALL REBUG 4.70+ REX(CEX)
- 2.ONCE INSTALLED GOTO PACKAGE MANAGER>INSTALL PACKAGE FILES>SYSTEM STORAGE
- 3.INSTALL REBUG PACKAGE FILE FROM STEP 2
- 4.OPEN REBUG TOOLBOX
- 5.GOTO UTILITIES TAB
- 6.SCROLL DOWN TO DUMP EID ROOT KEY(PS3 WILL REBOOT)
- 7.ONCE REBOOTED OPEN REBUG TOOLBOX AGAIN
- 8.GOTO DEX/CEX COLUMN
- 9.REWRITE TARGET ID IN FLASH
- 10.SWAP LVL2 KERNAL
- 11.PS3 WILL REBOOT AGAIN
- 12.OPEN REBUG TOOLBOX AND GOTO SELECTOR AND CHOOSE DEBUG MENU DEX
- 13.ENABLE COBRA(THIS WILL AUTOMATICALLY ENABLE WEBMAN )
- 14.PUT IDPS AND PSID BACK ON PS3
