Talk:IDPS: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
m (→‎IDPS Examples: this IDPS was not real... mashed up lot of time ago as an example ---> http://www.ps3devwiki.com/index.php?title=Talk:IDPS&diff=4778&oldid=1784)
Line 42: Line 42:
|}
|}
*Speculation: there are too much 0x14's in the 9th byte... this doesnt seems to be a coincidence (another values valid for this byte seems to be 0x10, 0x03, 0x04, and 0xF4)
*Speculation: there are too much 0x14's in the 9th byte... this doesnt seems to be a coincidence (another values valid for this byte seems to be 0x10, 0x03, 0x04, and 0xF4)
<!--// 00 00 00 01 00 84 00 01 10 19 15 0C 45 9F 1C 2A  CECHA / bootldr 2A 2A / metldr 0E D6
00 00 00 01 00 84 00 02 10 01 15 ED DE D8 06 8B  CECHB / bootldr 2A 2A / metldr 0E D6
00 00 00 01 00 8A 00 01 10 00 52 BC C7 11 6D B2  CECHA / bootldr 2A 3F / metldr 0E DD
00 00 00 01 00 85 00 03 10 11 62 95 56 FF DB FD  CECHC / bootldr 2A 3F / metldr 0E DD
00 00 00 01 00 85 00 03 10 00 3D F9 65 97 B6 EA  CECHC / bootldr 2A 37 / metldr 0E DA
00 00 00 01 00 84 00 01 10 1B 23 A2 EA C6 4D D0  CECHA / bootldr 2A 37 / metldr 0E DA
00 00 00 01 00 87 00 05 F4 01 E9 4F 17 DB D9 5D  CECHG / bootldr 2E 8C / metldr 0E 77
00 00 00 01 00 85 00 05 04 00 33 A3 44 9D 57 2B  CECHG / bootldr 2E 8C / metldr 0E 77
00 00 00 01 00 85 00 05 10 01 5F 01 12 FF 56 4F  CECHG / bootldr 2E 8C / metldr 0E 77
00 00 00 01 00 85 00 05 14 02 F7 06 9F 10 B6 22  CECHG / bootldr 2E 8C / metldr 0E 77
00 00 00 01 00 87 00 05 10 02 3A 2D 53 AF 66 28  CECHG / bootldr 2E 8C / metldr 0E 77
00 00 00 01 00 84 00 05 F4 00 41 86 55 9B D3 52  CECHG / bootldr 2E 8C / metldr 0E 77
00 00 00 01 00 8C 00 05 10 00 D1 F3 55 2D DA BC  CECHG / bootldr 2E F4 / metldr 0E 88
00 00 00 01 00 87 00 05 10 0A EE 67 DD 75 86 DA  CECHC / bootldr 2E F4 / metldr 0E 88 (C type not an error!)
00 00 00 01 00 85 00 05 14 0E F0 DF DC DD 5E 56  CECHG / bootldr 2E F4 / metldr 0E 88 //-->


{| class="wikitable sortable"
{| class="wikitable sortable"

Revision as of 21:22, 9 November 2012

IDPS Examples

IDPS TargetID Mobo Rev.
 00 00 00 01 00 81 00 01 03 FF FF FF 18 43 C1 4D   81 - Reference Tool / DECR 01 - COK-001 Static Dummy IDPS
 00 00 00 01 00 84 00 01 04 00 F3 44 AC 4F 8D 2F  84 - Retail USA 01 - COK-001
 00 00 00 01 00 87 00 07 10 00 A3 15 8F 61 36 85  87 - Retail United Kingdom 07 - DIA-002
 00 00 00 01 00 89 00 08 14 01 01 06 1B 91 1C 5C  89 - Retail Australia/New Zealand 08 - VER-001
 00 00 00 01 00 84 00 08 14 0B 80 7A 2E 4F AA C7  84 - Retail USA 08 - VER-001
 00 00 00 01 00 87 00 08 14 01 B7 A7 1F C8 3A EA  87 - Retail United Kingdom 08 - VER-001
 00 00 00 01 00 85 00 08 10 05 52 88 E8 AF 75 0D  85 - Retail Europe 08 - VER-001
 00 00 00 01 00 85 00 08 F4 01 AA 02 51 EE 33 7B  85 - Retail Europe 08 - VER-001
 00 00 00 01 00 85 00 09 10 1B 69 BD CA CC BE 85  85 - Retail Europe 09 - DYN-001
 00 00 00 01 00 84 00 09 10 1C B0 13 5F 2C 17 AF  84 - Retail USA 09 - DYN-001
 00 00 00 01 00 85 00 0A 14 05 67 A0 79 37 DC 17   85 - Retail Europe 0A - SUR-001
 00 00 00 01 00 87 00 0B 14 0C 84 81 81 33 FA 68  87 - Retail United Kingdom 0B - JTP-001/JSD-001
 00 00 00 01 00 85 00 0B 10 18 EC 96 E4 A8 BE EF  85 - Retail Europe 0B - JTP-001/JSD-001
 00 00 00 01 00 89 00 0B 14 00 EF DD CA 25 52 66  89 - Retail Australia/New Zealand 0B - JTP-001/JSD-001
 00 00 00 01 00 89 00 0B 14 05 18 95 D3 EE D0 76  89 - Retail Australia/New Zealand 0B - JTP-001/JSD-001
 00 00 00 01 00 87 00 0B 14 0E 71 DF 87 E5 A2 4D  87 - Retail United Kingdom 0B - JTP-001
 00 00 00 01 00 8C 00 0C 14 0E 7D FA F1 5F 9F 3F  8C - Retail Russia 0C - KTE-001
 00 00 00 01 00 87 00 0C 14 06 C3 90 35 41 45 18  87 - Retail United Kingdom 0C - KTE-001
  • Speculation: there are too much 0x14's in the 9th byte... this doesnt seems to be a coincidence (another values valid for this byte seems to be 0x10, 0x03, 0x04, and 0xF4)


IDPS TargetID Mobo Rev.
 00 00 00 01 00 82 00 01 xx xx xx xx xx xx xx xx  82 - Debug/DEX 01 - COK-001
 00 00 00 01 00 8A 00 01 xx xx xx xx xx xx xx xx  8A - Retail Malaysia 01 - COK-001
 00 00 00 01 00 8B 00 01 xx xx xx xx xx xx xx xx  8B - Retail Taiwan 01 - COK-001
 00 00 00 01 00 83 00 01 xx xx xx xx xx xx xx xx  83 - Retail Japan 01 - COK-001
 00 00 00 01 00 86 00 04 xx xx xx xx xx xx xx xx  86 - Retail Korea 04 - COK-002
 00 00 00 01 00 88 00 04 xx xx xx xx xx xx xx xx  88 - Retail Mexico 04 - COK-002
 00 00 00 01 00 8D 00 0C xx xx xx xx xx xx xx xx  8D - Retail China 0C - KTE-001 unreleased
 00 00 00 01 00 8E 00 xx xx xx xx xx xx xx xx xx  8E - Retail Hong Kong - ?

IDPS rms blogtext

You’re probably wondering: “What the hell is this sequence of bytes?”. This is the IDPS, a sequence of bytes which determine console type. This structure is relatively undocumented until now, anyway. The IDPS is contained in EID0. EID0 is on the console internal flash as the file eEID and has multiple sections. I had made a splitter application to make your life easier a long time ago. Now, EID is decrypted by metldr, and is passed over to the isolated loader, which may pass it to a self. We can see this in graf_chokolo’s original payload. The IDPS is also used in various other parts of the system which could be of interest to you, but I will not discuss those right now. The IDPS itself, isn’t decrypted.

The IDPS contains your target ID, motherboard? and BD? revision. The IDPS shown at the beginning of this article is the dummy IDPS, the one that’s used when your IDPS fails to be decrypted. That IDPS belongs to a DECR-1000A. The one below belongs to a European PS3, and the one below that belongs to a Australian/NZ PS3.

Source: http://rmscrypt.wordpress.com/2011/05/16/idps-what-the-hell-is-that-thing/

Note: The Reference Tool IDPS from above is static. aim_iso uses it. Retail/3.55 doesn't have it.

Change HWID

Theory: If you give a slim console a fat IDPS, would that console have 3.15 OtherOS functionality?

I would say it would, because most likely the check is done in firmware to either en/disable that option. However, it would still require a console that can be downgraded to that version (only CECH-20../DYN-001, because CECH-21../SUR-001 use different drivers for RSX). So classic OtherOS on a CellBE 45nm/RSX 40nm would be impossible (ofcourse you can use OtherOS++).

[Homebrew-App] PS3 Model Detection

http://www.ps3hax.net/2011/01/homebrew-app-ps3-model-detection/

Dumping PS3 Model Data:

- PS3 System Target ID:     0x85	(Retail - Europe)
- PS3 Motherboard Revision: 0x0B	(JTP-001 Motherboard, Revision 1)
- PS3 BD-Laser Revision:    0x04	(KES-400, SACD supported)

Probable Model: CECH-2504A

Raw Model Data:

  Byte 0:		0x00
  Byte 1:		0x01
  Byte 2:		0x00
  Byte 3:		0x85
  Byte 4:		0x00
  Byte 5:		0x0B
  Byte 6:		0x00
  Byte 7:		0x04
  Byte 7:		0x04

[Homebrew-App] IDPS Viewer

http://www.tortuga-cove.com/hacking/31-ps3/8396-released-idps-viewer

  • Displays the IDPS
  • Shows Target ID
  • Displays Motherboard revision
  • Save IDPS (16 bytes from EID) in dev_hdd0/IDPS.bin file