Cex2Dex
Jump to navigation
Jump to search
Files
http://www.psdevwiki.com/files/devtools/Cex2Dex/
LibeEID
c2d
cex2dex
GUI for handicapped console
dump_rootkey
Alternative for the 'acquire PCK1' step, without need for OtherOS/Linux.
(needs 3.41, the 341-downgrader.pup works fine).
eEID_RKDumper
Alternative for the 'acquire PCK1' step, without need for OtherOS/Linux.
(works fine on 3.55, e.g. Rogero V3.7 (mirror / MD5:8F8166B25D6BED891F292C77DE5C4B28
)
Howto:
- Install package and run it.
- It will then black screen (no GUI) and restart the console automatically.
- Using FTP (or by other means) retrieve your eid_root_key / PCK1 from /dev_hdd0/tmp/eid_root_key
GameOS method explained
#include <ppu-types.h>
#include <ppu-lv2.h>
/*! IIM interface syscall. */
#define SYSCALL_IIM_IF 868
/*! IIM interface. */
#define IIM_IF(cmd, a1, a2, a3, a4) \
do{ lv2syscall5(SYSCALL_IIM_IF, (u64)(cmd), (u64)(a1), (u64)(a2), (u64)(a3), (u64)(a4)); }while(0)
/*! IIM_GET_DATA. */
#define IIM_GET_DATA 0x17002
/*! EID0 index. */
#define EID0_IDX 0
int main(int argc, const char **argv)
{
u8 eid0[0x1000];
u64 size;
FILE *fp;
//Get EID0.
IIM_IF(IIM_GET_DATA, EID0_IDX, eid0, sizeof(eid0), &size);
//Dump to usb or wherever you like...
return 0;
}
Source: code by naehrwert
Guide(s)
In short: changing the Product Code of the PS3 inside decrypted eEID0.
Semi Guide / Shortlist
- Dump metldr -> Dumping Metldr
- Acquire PCK1 -> EID root key
- Dump flash -> Dev_Tools#Memdump Memdump 0.1 or (NOR only) on linux : dd if=/dev/ps3nflasha of=nor.bin
- Check flashdump -> Validating flash dumps
- Extract EID0 section -> eidsplitter, manual extract or on linux : ps3dm_iim /dev/ps3dmproxy get_data 0x0 > EID0.bin
- Decrypt EID0 using proper LibeEID (or any other proper eEID crypto tool)
- Edit Product Code.
- Encrypt/rehash EID0 using proper LibeEID (or any other proper eEID crypto tool)
- paste inside flash dump -> [HxD] or any Hexeditor / binairy copy method
- If needed, because console is now on 3.56+, don't forget to patch CoreOS and Revoke too -> Downgrading patches
- Write back to flash -> Hardware flashing or on linux : dd if=nor.bin of=/dev/ps3nflasha bs=1024
- PSgrade/JIG toggle -> [files/PSGrade]
- Service mode reinstall Firmware belonging to that Product Code -> Downgrading with PSgrade Dongle
- Remarry BDdrive -> [files/lv2diag/remarry]
- QA-toggle + combo button -> QA Flagging
- Leave service mode -> [lv2diag.self FILE2]
- Either enjoy XMB or a new brick.
Full Rebug 4.70+ Guide
(WARNING BEFORE DOING THIS SAVE YOUR IDPS AND OPENPSID TO PUT ON CONSOLE FOR STEP 14)
- 1.INSTALL REBUG 4.70+ REX (CEX)
- 2.ONCE INSTALLED GOTO PACKAGE MANAGER>INSTALL PACKAGE FILES>SYSTEM STORAGE
- 3.INSTALL REBUG PACKAGE FILE FROM STEP 2
- 4.OPEN REBUG TOOLBOX
- 5.GOTO UTILITIES TAB
- 6.SCROLL DOWN TO DUMP EID ROOT KEY (PS3 WILL REBOOT)
- 7.ONCE REBOOTED OPEN REBUG TOOLBOX AGAIN
- 8.GOTO DEX/CEX COLUMN
- 9.REWRITE PRODUCT CODE IN FLASH
- 10.SWAP LVL2 KERNAL
- 11.PS3 WILL REBOOT AGAIN
- 12.OPEN REBUG TOOLBOX AND GOTO SELECTOR AND CHOOSE DEBUG MENU DEX
- 13.ENABLE COBRA (THIS WILL AUTOMATICALLY ENABLE WEBMAN)
- 14.PUT IDPS AND OPENPSID BACK ON PS3
|