Cex2Dex: Difference between revisions
Jump to navigation
Jump to search
(rebug 4.70+ cex2dex) |
m (Text replacement - "color:red" to "color:red!important") |
||
(4 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
= Files = | = Files = | ||
http://www. | |||
http://www.psdevwiki.com/files/devtools/Cex2Dex/ | |||
== LibeEID == | == LibeEID == | ||
* [http://www. | |||
* [http://www.psdevwiki.com/files/devtools/Cex2Dex/libeeid/ libeeid] [http://mir.cr/1VENKUSQ mirror] | |||
== c2d == | == c2d == | ||
* [http://www. | |||
* [http://www.psdevwiki.com/files/devtools/Cex2Dex/c2d/ c2d] [http://mir.cr/DY6DAA4W mirror] | |||
== cex2dex == | == cex2dex == | ||
== GUI for | * [http://www.psdevwiki.com/files/devtools/Cex2Dex/CEX2DEX/ CEX2DEX] [http://mir.cr/0WPZNP5Z mirror] | ||
http://www.ps3hax.net/2012/07/ps3tools-gui-edition-v2-6-released-cex-2-dex-added/ | |||
== GUI for handicapped console == | |||
* [http://www.ps3hax.net/2012/07/ps3tools-gui-edition-v2-6-released-cex-2-dex-added/] [http://www.mediafire.com/?9du5uysk1cr49tc download] [http://mir.cr/EBMAVDNH mirror] | |||
== dump_rootkey == | == dump_rootkey == | ||
== | Alternative for the 'acquire PCK1' step, without need for OtherOS/Linux. | ||
< | |||
* [http://www.psdevwiki.com/files/devtools/Cex2Dex/dump_rootkey dump_rootkey] [http://mir.cr/BLLYCG2B mirror] | |||
(needs 3.41, the [http://www.psdevwiki.com/files/firmware/MFW-CEX/Downgrader/341-downgrader.pup 341-downgrader.pup] works fine). | |||
== eEID_RKDumper == | |||
Alternative for the 'acquire PCK1' step, without need for OtherOS/Linux. | |||
* [http://www.psdevwiki.com/files/devtools/Cex2Dex/eEID_RKDumper/ eEID_RKDumper] [https://www.mirrorcreator.com/files/Y1FDUGXG/eEID_RKDumper.rar_links mirror] / [https://mega.co.nz/#!uo9BiB7T!hh_p-uOAXQ_KKwse39fxYO60-lu_1nuRx8G_O-KkuLE mirror] | |||
(works fine on 3.55, e.g. [http://www.psdevwiki.com/files/firmware/MFW-CEX/Downgrader/Rogero-V3.7/ Rogero V3.7] ([http://www.tortuga-cove.com/forums/viewtopic.php?f=127&t=525&p=879#p879 mirror] / {{MD5|8f8166b25d6bed891f292c77de5c4b28}}) | |||
Howto: | |||
* Install package and run it. | |||
* It will then black screen (no GUI) and restart the console automatically. | |||
* Using FTP (or by other means) retrieve your eid_root_key / PCK1 from /dev_hdd0/tmp/eid_root_key | |||
= GameOS method explained = | |||
<source lang="C"> | |||
#include <ppu-types.h> | |||
#include <ppu-lv2.h> | #include <ppu-lv2.h> | ||
Line 46: | Line 67: | ||
return 0; | return 0; | ||
}</ | } | ||
</source> | |||
Source: [https://web.archive.org/web/20141119004757/http://pastie.org/4365689 code by naehrwert] | |||
= Guide(s) = | = Guide(s) = | ||
In short: changing [[ | |||
In short: changing the [[Product Code]] of the PS3 inside decrypted [[Flash#eEID|eEID0]]. | |||
== Semi Guide / Shortlist == | == Semi Guide / Shortlist == | ||
* | |||
* | * Dump metldr -> [[Dumping_Metldr#Howto_use|Dumping Metldr]] | ||
* | * Acquire PCK1 -> [[Per_Console_Keys#per_console_root_key_1_.2F_EID_root_key|EID root key]] | ||
* Dump flash -> [[Dev_Tools#Memdump Memdump 0.1]] or (NOR only) on linux: [[Dev_Tools#nor_dump.sh|dd if=/dev/ps3nflasha of=nor.bin]] | |||
* Check flashdump -> [[Validating flash dumps]] | * Check flashdump -> [[Validating flash dumps]] | ||
* | * Extract EID0 section -> eidsplitter, manual extract or on linux: [[Dev_Tools#dump_EID0.sh|ps3dm_iim /dev/ps3dmproxy get_data 0x0 > EID0.bin]] | ||
* | * Decrypt EID0 using proper [[Cex2Dex#LibeEID|LibeEID]] (or any other proper eEID crypto tool) | ||
* | * Edit [[Product Code]]. | ||
* | * Encrypt/rehash EID0 using proper [[Cex2Dex#LibeEID|LibeEID]] (or any other proper eEID crypto tool) | ||
* | * Paste inside flash dump -> [[http://mh-nexus.de/en/hxd/ HxD]] or any hexadecimal editor / binary copy method | ||
* If needed, because console is now on 3.56+, don't forget to patch CoreOS and Revoke too -> [[Downgrading with Hardware flasher#Patch_the_dump_.26_Reflash_it_to_the_console|Downgrading patches]] | * If needed, because console is now on 3.56+, don't forget to patch CoreOS and Revoke too -> [[Downgrading with Hardware flasher#Patch_the_dump_.26_Reflash_it_to_the_console|Downgrading patches]] | ||
* | * Write back to flash -> [[Hardware flashing]] or on linux: [[Dev_Tools#nor_write.sh|dd if=nor.bin of=/dev/ps3nflasha bs=1024]] | ||
* PSgrade/JIG toggle -> [[http://www. | * PSgrade/JIG toggle -> [[http://www.psdevwiki.com/files/PSGrade/ files/PSGrade]] | ||
* | * Service Mode reinstall [[System_Software|Firmware]] belonging to that [[Product Code]] -> [[Downgrading with PSgrade Dongle]] | ||
* | * Remarry BD drive -> [[http://www.psdevwiki.com/files/lv2diag/remarry/ files/lv2diag/remarry]] | ||
* [[QA_Flagging#Toggle_QA_-_rebug.me|QA-toggle]] + [[QA_Flagging#Getting_the_QA_flag_menu|combo button]] -> [[QA Flagging]] | * [[QA_Flagging#Toggle_QA_-_rebug.me|QA-toggle]] + [[QA_Flagging#Getting_the_QA_flag_menu|combo button]] -> [[QA Flagging]] | ||
* | * Leave Service Mode -> [[http://www.psdevwiki.com/files/lv2diag/3.55%20downgrader/FILE2/ lv2diag.self FILE2]] | ||
* | * Either enjoy DEX XMB or a brick. | ||
== Full Rebug 4.70+ Guide == | == Full Rebug 4.70+ Guide == | ||
<big>'''<span style="color:red">(WARNING BEFORE DOING THIS SAVE YOUR IDPS | |||
<big>'''<span style="color:red!important">(WARNING BEFORE DOING THIS SAVE YOUR IDPS AND OPENPSID TO PUT ON CONSOLE FOR STEP 14)'''</span></big> | |||
''' | ''' | ||
* 1.INSTALL REBUG 4.70+ REX(CEX) | * 1.INSTALL REBUG 4.70+ REX (CEX) | ||
* 2.ONCE INSTALLED GOTO PACKAGE MANAGER>INSTALL PACKAGE FILES>SYSTEM STORAGE | * 2.ONCE INSTALLED GOTO PACKAGE MANAGER>INSTALL PACKAGE FILES>SYSTEM STORAGE | ||
* 3.INSTALL REBUG PACKAGE FILE FROM STEP 2 | * 3.INSTALL REBUG PACKAGE FILE FROM STEP 2 | ||
* 4.OPEN REBUG TOOLBOX | * 4.OPEN REBUG TOOLBOX | ||
* 5.GOTO UTILITIES TAB | * 5.GOTO UTILITIES TAB | ||
* 6.SCROLL DOWN TO DUMP EID ROOT KEY(PS3 WILL REBOOT) | * 6.SCROLL DOWN TO DUMP EID ROOT KEY (PS3 WILL REBOOT) | ||
* 7.ONCE REBOOTED OPEN REBUG TOOLBOX AGAIN | * 7.ONCE REBOOTED OPEN REBUG TOOLBOX AGAIN | ||
* 8.GOTO DEX/CEX COLUMN | * 8.GOTO DEX/CEX COLUMN | ||
* 9.REWRITE | * 9.REWRITE PRODUCT CODE IN FLASH | ||
* 10.SWAP LVL2 KERNAL | * 10.SWAP LVL2 KERNAL | ||
* 11.PS3 WILL REBOOT AGAIN | * 11.PS3 WILL REBOOT AGAIN | ||
* 12.OPEN REBUG TOOLBOX AND GOTO SELECTOR AND CHOOSE DEBUG MENU DEX | * 12.OPEN REBUG TOOLBOX AND GOTO SELECTOR AND CHOOSE DEBUG MENU DEX | ||
* 13.ENABLE COBRA(THIS WILL AUTOMATICALLY ENABLE WEBMAN ) | * 13.ENABLE COBRA (THIS WILL AUTOMATICALLY ENABLE WEBMAN) | ||
* 14.PUT IDPS AND | * 14.PUT IDPS AND OPENPSID BACK ON PS3''' | ||
{{ | {{Custom Firmware}}<noinclude>[[Category:Main]]</noinclude> |
Latest revision as of 03:43, 1 July 2023
Files[edit | edit source]
http://www.psdevwiki.com/files/devtools/Cex2Dex/
LibeEID[edit | edit source]
c2d[edit | edit source]
cex2dex[edit | edit source]
GUI for handicapped console[edit | edit source]
dump_rootkey[edit | edit source]
Alternative for the 'acquire PCK1' step, without need for OtherOS/Linux.
(needs 3.41, the 341-downgrader.pup works fine).
eEID_RKDumper[edit | edit source]
Alternative for the 'acquire PCK1' step, without need for OtherOS/Linux.
(works fine on 3.55, e.g. Rogero V3.7 (mirror / MD5:8F8166B25D6BED891F292C77DE5C4B28
)
Howto:
- Install package and run it.
- It will then black screen (no GUI) and restart the console automatically.
- Using FTP (or by other means) retrieve your eid_root_key / PCK1 from /dev_hdd0/tmp/eid_root_key
GameOS method explained[edit | edit source]
#include <ppu-types.h>
#include <ppu-lv2.h>
/*! IIM interface syscall. */
#define SYSCALL_IIM_IF 868
/*! IIM interface. */
#define IIM_IF(cmd, a1, a2, a3, a4) \
do{ lv2syscall5(SYSCALL_IIM_IF, (u64)(cmd), (u64)(a1), (u64)(a2), (u64)(a3), (u64)(a4)); }while(0)
/*! IIM_GET_DATA. */
#define IIM_GET_DATA 0x17002
/*! EID0 index. */
#define EID0_IDX 0
int main(int argc, const char **argv)
{
u8 eid0[0x1000];
u64 size;
FILE *fp;
//Get EID0.
IIM_IF(IIM_GET_DATA, EID0_IDX, eid0, sizeof(eid0), &size);
//Dump to usb or wherever you like...
return 0;
}
Source: code by naehrwert
Guide(s)[edit | edit source]
In short: changing the Product Code of the PS3 inside decrypted eEID0.
Semi Guide / Shortlist[edit | edit source]
- Dump metldr -> Dumping Metldr
- Acquire PCK1 -> EID root key
- Dump flash -> Dev_Tools#Memdump Memdump 0.1 or (NOR only) on linux: dd if=/dev/ps3nflasha of=nor.bin
- Check flashdump -> Validating flash dumps
- Extract EID0 section -> eidsplitter, manual extract or on linux: ps3dm_iim /dev/ps3dmproxy get_data 0x0 > EID0.bin
- Decrypt EID0 using proper LibeEID (or any other proper eEID crypto tool)
- Edit Product Code.
- Encrypt/rehash EID0 using proper LibeEID (or any other proper eEID crypto tool)
- Paste inside flash dump -> [HxD] or any hexadecimal editor / binary copy method
- If needed, because console is now on 3.56+, don't forget to patch CoreOS and Revoke too -> Downgrading patches
- Write back to flash -> Hardware flashing or on linux: dd if=nor.bin of=/dev/ps3nflasha bs=1024
- PSgrade/JIG toggle -> [files/PSGrade]
- Service Mode reinstall Firmware belonging to that Product Code -> Downgrading with PSgrade Dongle
- Remarry BD drive -> [files/lv2diag/remarry]
- QA-toggle + combo button -> QA Flagging
- Leave Service Mode -> [lv2diag.self FILE2]
- Either enjoy DEX XMB or a brick.
Full Rebug 4.70+ Guide[edit | edit source]
(WARNING BEFORE DOING THIS SAVE YOUR IDPS AND OPENPSID TO PUT ON CONSOLE FOR STEP 14)
- 1.INSTALL REBUG 4.70+ REX (CEX)
- 2.ONCE INSTALLED GOTO PACKAGE MANAGER>INSTALL PACKAGE FILES>SYSTEM STORAGE
- 3.INSTALL REBUG PACKAGE FILE FROM STEP 2
- 4.OPEN REBUG TOOLBOX
- 5.GOTO UTILITIES TAB
- 6.SCROLL DOWN TO DUMP EID ROOT KEY (PS3 WILL REBOOT)
- 7.ONCE REBOOTED OPEN REBUG TOOLBOX AGAIN
- 8.GOTO DEX/CEX COLUMN
- 9.REWRITE PRODUCT CODE IN FLASH
- 10.SWAP LVL2 KERNAL
- 11.PS3 WILL REBOOT AGAIN
- 12.OPEN REBUG TOOLBOX AND GOTO SELECTOR AND CHOOSE DEBUG MENU DEX
- 13.ENABLE COBRA (THIS WILL AUTOMATICALLY ENABLE WEBMAN)
- 14.PUT IDPS AND OPENPSID BACK ON PS3
|