Talk:IDPS: Difference between revisions
m (→IDPS Examples: examples reordered chronologically) |
m (→IDPS Examples: this IDPS was not real... mashed up lot of time ago as an example ---> http://www.ps3devwiki.com/index.php?title=Talk:IDPS&diff=4778&oldid=1784) |
||
| Line 13: | Line 13: | ||
|- | |- | ||
| <code>00 00 00 01 00 84 00 08 14 0B 80 7A 2E 4F AA C7</code> || 84 - Retail USA || 08 - VER-001 || | | <code>00 00 00 01 00 84 00 08 14 0B 80 7A 2E 4F AA C7</code> || 84 - Retail USA || 08 - VER-001 || | ||
|- | |- | ||
| <code>00 00 00 01 00 87 00 08 14 01 B7 A7 1F C8 3A EA</code> || 87 - Retail United Kingdom || 08 - VER-001 || | | <code>00 00 00 01 00 87 00 08 14 01 B7 A7 1F C8 3A EA</code> || 87 - Retail United Kingdom || 08 - VER-001 || | ||
| Line 43: | Line 41: | ||
|- | |- | ||
|} | |} | ||
*Speculation: there are too much 0x14's in the 9th byte... this doesnt seems to be a coincidence (another values valid for this byte seems to be 0x10, 0x03, 0x04, and 0xF4) | |||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
Revision as of 21:15, 9 November 2012
IDPS Examples
| IDPS | TargetID | Mobo Rev. | |
|---|---|---|---|
00 00 00 01 00 81 00 01 03 FF FF FF 18 43 C1 4D |
81 - Reference Tool / DECR | 01 - COK-001 | Static Dummy IDPS |
00 00 00 01 00 84 00 01 04 00 F3 44 AC 4F 8D 2F |
84 - Retail USA | 01 - COK-001 | |
00 00 00 01 00 87 00 07 10 00 A3 15 8F 61 36 85 |
87 - Retail United Kingdom | 07 - DIA-002 | |
00 00 00 01 00 89 00 08 14 01 01 06 1B 91 1C 5C |
89 - Retail Australia/New Zealand | 08 - VER-001 | |
00 00 00 01 00 84 00 08 14 0B 80 7A 2E 4F AA C7 |
84 - Retail USA | 08 - VER-001 | |
00 00 00 01 00 87 00 08 14 01 B7 A7 1F C8 3A EA |
87 - Retail United Kingdom | 08 - VER-001 | |
00 00 00 01 00 85 00 08 10 05 52 88 E8 AF 75 0D |
85 - Retail Europe | 08 - VER-001 | |
00 00 00 01 00 85 00 08 F4 01 AA 02 51 EE 33 7B |
85 - Retail Europe | 08 - VER-001 | |
00 00 00 01 00 85 00 09 10 1B 69 BD CA CC BE 85 |
85 - Retail Europe | 09 - DYN-001 | |
00 00 00 01 00 84 00 09 10 1C B0 13 5F 2C 17 AF |
84 - Retail USA | 09 - DYN-001 | |
00 00 00 01 00 85 00 0A 14 05 67 A0 79 37 DC 17 |
85 - Retail Europe | 0A - SUR-001 | |
00 00 00 01 00 87 00 0B 14 0C 84 81 81 33 FA 68 |
87 - Retail United Kingdom | 0B - JTP-001/JSD-001 | |
00 00 00 01 00 85 00 0B 10 18 EC 96 E4 A8 BE EF |
85 - Retail Europe | 0B - JTP-001/JSD-001 | |
00 00 00 01 00 89 00 0B 14 00 EF DD CA 25 52 66 |
89 - Retail Australia/New Zealand | 0B - JTP-001/JSD-001 | |
00 00 00 01 00 89 00 0B 14 05 18 95 D3 EE D0 76 |
89 - Retail Australia/New Zealand | 0B - JTP-001/JSD-001 | |
00 00 00 01 00 87 00 0B 14 0E 71 DF 87 E5 A2 4D |
87 - Retail United Kingdom | 0B - JTP-001 | |
00 00 00 01 00 8C 00 0C 14 0E 7D FA F1 5F 9F 3F |
8C - Retail Russia | 0C - KTE-001 | |
00 00 00 01 00 87 00 0C 14 06 C3 90 35 41 45 18 |
87 - Retail United Kingdom | 0C - KTE-001 |
- Speculation: there are too much 0x14's in the 9th byte... this doesnt seems to be a coincidence (another values valid for this byte seems to be 0x10, 0x03, 0x04, and 0xF4)
| IDPS | TargetID | Mobo Rev. | |
|---|---|---|---|
00 00 00 01 00 82 00 01 xx xx xx xx xx xx xx xx |
82 - Debug/DEX | 01 - COK-001 | |
00 00 00 01 00 8A 00 01 xx xx xx xx xx xx xx xx |
8A - Retail Malaysia | 01 - COK-001 | |
00 00 00 01 00 8B 00 01 xx xx xx xx xx xx xx xx |
8B - Retail Taiwan | 01 - COK-001 | |
00 00 00 01 00 83 00 01 xx xx xx xx xx xx xx xx |
83 - Retail Japan | 01 - COK-001 | |
00 00 00 01 00 86 00 04 xx xx xx xx xx xx xx xx |
86 - Retail Korea | 04 - COK-002 | |
00 00 00 01 00 88 00 04 xx xx xx xx xx xx xx xx |
88 - Retail Mexico | 04 - COK-002 | |
00 00 00 01 00 8D 00 0C xx xx xx xx xx xx xx xx |
8D - Retail China | 0C - KTE-001 | unreleased |
00 00 00 01 00 8E 00 xx xx xx xx xx xx xx xx xx |
8E - Retail Hong Kong | - | ? |
IDPS rms blogtext
You’re probably wondering: “What the hell is this sequence of bytes?”. This is the IDPS, a sequence of bytes which determine console type. This structure is relatively undocumented until now, anyway. The IDPS is contained in EID0. EID0 is on the console internal flash as the file eEID and has multiple sections. I had made a splitter application to make your life easier a long time ago. Now, EID is decrypted by metldr, and is passed over to the isolated loader, which may pass it to a self. We can see this in graf_chokolo’s original payload. The IDPS is also used in various other parts of the system which could be of interest to you, but I will not discuss those right now. The IDPS itself, isn’t decrypted.
The IDPS contains your target ID, motherboard? and BD? revision. The IDPS shown at the beginning of this article is the dummy IDPS, the one that’s used when your IDPS fails to be decrypted. That IDPS belongs to a DECR-1000A. The one below belongs to a European PS3, and the one below that belongs to a Australian/NZ PS3.
Source: http://rmscrypt.wordpress.com/2011/05/16/idps-what-the-hell-is-that-thing/
Note: The Reference Tool IDPS from above is static. aim_iso uses it. Retail/3.55 doesn't have it.
Change HWID
Theory: If you give a slim console a fat IDPS, would that console have 3.15 OtherOS functionality?
I would say it would, because most likely the check is done in firmware to either en/disable that option. However, it would still require a console that can be downgraded to that version (only CECH-20../DYN-001, because CECH-21../SUR-001 use different drivers for RSX). So classic OtherOS on a CellBE 45nm/RSX 40nm would be impossible (ofcourse you can use OtherOS++).
[Homebrew-App] PS3 Model Detection
http://www.ps3hax.net/2011/01/homebrew-app-ps3-model-detection/
Dumping PS3 Model Data: - PS3 System Target ID: 0x85 (Retail - Europe) - PS3 Motherboard Revision: 0x0B (JTP-001 Motherboard, Revision 1) - PS3 BD-Laser Revision: 0x04 (KES-400, SACD supported) Probable Model: CECH-2504A Raw Model Data: Byte 0: 0x00 Byte 1: 0x01 Byte 2: 0x00 Byte 3: 0x85 Byte 4: 0x00 Byte 5: 0x0B Byte 6: 0x00 Byte 7: 0x04 Byte 7: 0x04
[Homebrew-App] IDPS Viewer
http://www.tortuga-cove.com/hacking/31-ps3/8396-released-idps-viewer
- Displays the IDPS
- Shows Target ID
- Displays Motherboard revision
- Save IDPS (16 bytes from EID) in dev_hdd0/IDPS.bin file