Mounting HDD on PC
Jump to navigation
Jump to search
Introduction
- The goal is to mount PS3 HDD on PC Linux and make changes to it.
- Use device mapper for transparent encryption/decryption.
ATA and ENCDEC Keys
See http://www.ps3devwiki.com/wiki/HDD_Encryption
Device Mapper
- A really cool feature of Linux 2.6/3.
- The device mapper is stackable.
- You have to enable a couple of new kernel features like device mapper crypto, XTS crypto and so on.
dm-bswap16
- Swaps bytes in each 16-bit word.
- It is necessray for HDD/VFLASH encryption/decryption.
- Tested on Linux 3.5.3
GIT repo: http://gitorious.ps3dev.net/ps3linux/dm-bswap16
Test
modprobe loop modprobe dm_mod modprobe dm-bswap16.ko dd if=/dev/zero of=test.bin bs=1K count=100 losetup /dev/loop0 ./test.bin echo "0 200 bswap16 /dev/loop0" | dmsetup create test ls -l /dev/mapper/test echo "00 01 00 01 00 01" | xxd -r -p > /dev/mapper/test # device mapper target hexdump -C /dev/mapper/test 00000000 00 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00019000 # real data, as you see bytes are swapped in each 16-bit word # device mapper allows you to do really cool things :) hexdump -C /home/glevand/test.bin 00000000 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00019000 dmsetup remove test
Test with ps3da
- Tested with Debian LiveCD and Linux 3.4.10
- xts_aes: http://gitorious.ps3dev.net/ps3linux/xts_aes
# clear ATA and ENCDEC keys # DO NOT DO IT WITH HDD MOUNTED !!! ps3dm sm set_del_encdec_key 0x110 ps3dm sm set_del_encdec_key 0x111 # for now don't use ps3da device directly, dump sectors to file and bind it to loop device # later we will use ps3da device directly when dm-bswap16 is well tested and bug free dd if=/dev/ps3da bs=512 count=2 of=hdd_enc.bin losetup /dev/loop1 ./hdd_enc.bin # we have to setup device mapper bswap16 target else HDD encryption/decryption won't work properly echo "0 2 bswap16 /dev/loop1" | dmsetup create test # decrypt using xts_aes cat /dev/mapper/test | ./xts_aes/xts_aes -d -k <your ATA data key> -t <your ATA tweak key> | hexdump -C 00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000010 00 00 00 00 0f ac e0 ff 00 00 00 00 de ad fa ce |................| 00000020 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 02 |................| 00000030 00 00 00 00 00 00 00 08 00 00 00 00 00 08 00 00 |................| 00000040 10 70 00 00 01 00 00 01 00 00 00 00 00 00 00 0b |.p..............| 00000050 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03 |.p..............| 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 000000c0 00 00 00 00 00 08 00 10 00 00 00 00 03 9a 8b 2d |...............-| 000000d0 10 70 00 00 01 00 00 01 00 00 00 00 00 00 00 03 |.p..............| 000000e0 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03 |.p..............| 000000f0 10 20 00 00 03 00 00 01 00 00 00 00 00 00 00 03 |. ..............| 00000100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000150 00 00 00 00 03 a2 8b 45 00 00 00 00 00 3f ff f8 |.......E.....?..| 00000160 10 70 00 00 01 00 00 01 00 00 00 00 00 00 00 03 |.p..............| 00000170 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03 |.p..............| 00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 000001e0 00 00 00 00 03 e2 8b 46 00 00 00 00 19 39 ce 0c |.......F.....9..| 000001f0 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03 |.p..............| 00000200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000400
dm-crypto
- We don't need xts_aes application anymore.
- Linux kernel does enctyption/decryption of data transparently for us.
- One of the device mapper features is that it's stackable which is very useful for us.
- VFLASH is encrypted twice. So we have to create a second DM crypto target based on the DM crypto target for HDD.
Test
- Tested on PS3 istelf with Debian LiveCD and Linux kernel version 3.4.10 but you can use the same technique on a Linux PC. I was just lazy and it is easier to test on PS3.
# clear ATA and ENCDEC keys # DO NOT DO IT WITH HDD MOUNTED !!! ps3dm sm set_del_encdec_key 0x110 ps3dm sm set_del_encdec_key 0x111 # for now don't use ps3da device directly, dump sectors to file and bind it to loop device # later we will use ps3da device directly when dm-bswap16 is well tested and bug free dd if=/dev/ps3da bs=512 count=2 of=hdd_enc.bin losetup /dev/loop1 ./hdd_enc.bin # we have to setup device mapper bswap16 target else HDD encryption/decryption won't work properly echo "0 2 bswap16 /dev/loop1" | dmsetup create test # create key file echo <your data key as hex string> <your tweak key as hex string> | xxd -r -p > hdd_key.bin ls -l hdd_key.bin -rw-r--r-- 1 root root 32 Sep 4 09:28 hdd_key.bin # create DM crypto target # key size is 256bit because PS3 uses XTS-AES-128 and the key is just the conctentation of the data and tweak keys. cryptsetup create -c aes-xts-plain64 -d ./hdd_key.bin -s 256 test_crypt /dev/mapper/test ls -l /dev/mapper/ total 0 crw------- 1 root root 10, 236 Sep 4 09:23 control lrwxrwxrwx 1 root root 7 Sep 4 09:25 test -> ../dm-0 lrwxrwxrwx 1 root root 7 Sep 4 09:30 test_crypt -> ../dm-1 hexdump -C /dev/mapper/test_crypt 00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000010 00 00 00 00 0f ac e0 ff 00 00 00 00 de ad fa ce |................| 00000020 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 02 |................| 00000030 00 00 00 00 00 00 00 08 00 00 00 00 00 08 00 00 |................| 00000040 10 70 00 00 01 00 00 01 00 00 00 00 00 00 00 0b |.p..............| 00000050 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03 |.p..............| 00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 000000c0 00 00 00 00 00 08 00 10 00 00 00 00 03 9a 8b 2d |...............-| 000000d0 10 70 00 00 01 00 00 01 00 00 00 00 00 00 00 03 |.p..............| 000000e0 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03 |.p..............| 000000f0 10 20 00 00 03 00 00 01 00 00 00 00 00 00 00 03 |. ..............| 00000100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000150 00 00 00 00 03 a2 8b 45 00 00 00 00 00 3f ff f8 |.......E.....?..| 00000160 10 70 00 00 01 00 00 01 00 00 00 00 00 00 00 03 |.p..............| 00000170 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03 |.p..............| 00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 000001e0 00 00 00 00 03 e2 8b 46 00 00 00 00 19 39 ce 0c |.......F.....9..| 000001f0 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03 |.p..............| 00000200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000400 # and we don't need xts_aes too anymore :) # Linux does encryption/decryption for us transparently now
PS3 HDD Partition Table
- Now that we can decrypt/encrypt PS3 HDD with Linux, we want to be able to mount HDD/VFLASH regions because only then we can do changes to UFS or FAT filesystems on the HDD.
- We have to implement PS3 HDD partition table in Linux kernel.
- The Linux kernel with this feature will create all partition devices automatically in this case and we could mount and modify any HDD regions easily.
- A new Linux kernel patch is necessary.