Editing Mounting HDD in Linux

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
Unlike PS3, where every part of per-console security (including the HDD) is dictated by the eid_root_key, PS4 has two per-console keys for the HDD, one handled by SAMU (we cannot obtain this key at this moment) and the other handled by the [[Southbridge]] which can be obtained.
* Unlike the ps3, where every part of perconsole security (including the HDD) is dictated by the eid_root_key, the ps4 has two perconsole keys for the HDD, one is handled by SAMU (we cannot obtain this key atm) and the other is handled by the South Bridge / AEOLIA / BELIZE (which we can obtain)


Here are described the steps to mount a PS4 HDD on PC using the cryptmount utility on Linux.
* Here I describe the steps to mount your hdd on the pc using the cryptmount utility on Linux


= Partitions that can be mounted =
= Setup =


* preinst, preinst2, system, system(b), system_ex, system_ex(b) cannot be mounted as they use a key hidden in SAMU not eap_hdd_key. Cryptmount returns error device-mapper ioctl when trying with fstype=tmpfs.
* EAP HDD Key (check in your kernel dump and in hxxps://github.com/Ps3itaTeam/ps4-kexec/blob/master/magic.h kern_off_eap_hdd_key offset)
* eap_vsh, update, user and eap_user can be mounted using cryptmount and eap_hdd_key.
* Linux Distro (i'm using xubuntu live for this)
* eap_kern can be read directly without mounting but anyway it remains an encrypted file that is decrypted by PS4 OS.
* cmtab file
* sda13 cannot be mounted for now. Investigation neeeded. It might be system_data partition and so would behave as system and system_ex. It might also be swap partition.
* sda17 and sda19 can be mounted with fstype=tmpfs but they are void. Investigation neeeded.
* app_reserved can be mounted with fstype=tmpfs but it is void. Investigation neeeded.


= Setup =
== Step by Step Guide (CUH-1000 and CUH-1100) ==


== Prerequisites ==
* cmtab file can be as follows (example for xubuntu live)


* Per-console PS4 EAP HDD Key (check in your kernel dump and in https://github.com/Ps3itaTeam/ps4-kexec/blob/master/magic.h kern_off_eap_hdd_key offset)
<pre>
* A PC running a Linux Distribution (ex: ubuntu, xubuntu live) that supports cryptmount
# /etc/cryptmount/cmtab - encrypted filesystem information for cryptmount
# try 'man 8 cryptmount' or 'man 5 cmtab' for more details
user {
    dev=/dev/sda27
    dir=/home/xubuntu/Desktop/user
    flags=user,nofsck


== Getting eap_hdd_key.bin ==
    fstype=ufs mountoptions=ro,noatime,noexec,ufstype=ufs2


You have to put the eap_hdd_key.bin file anywhere you want according to the cmtab file (see cmtab section below).
    cipher=aes-xts-plain64
    keyfile=/home/xubuntu/Desktop/eap.bin
    keyformat=raw
}
</pre>


=== From kernel dump ===
* if your key in the kernel dump looks like this:


* If your EAP HDD Key in the kernel dump looks like this:
<pre>
<pre>
D2 60 86 B3 8B D2 D3 5A EC 76 DB DE 50 30 00 40
D2 60 86 B3 8B D2 D3 5A EC 76 DB DE 50 30 00 40
Line 32: Line 37:


* then the correct key will be:
* then the correct key will be:
<pre>
<pre>
40 00 30 50 DE DB 76 EC 5A D3 D2 8B B3 86 60 D2
40 00 30 50 DE DB 76 EC 5A D3 D2 8B B3 86 60 D2
Line 37: Line 43:
</pre>
</pre>


==== Linux command ====
* after the key file eap.bin is created and the user folder is also created in the Desktop, install cryptmount
 
<pre>
objcopy -I binary -O binary --reverse-bytes=16 dump.bin keys.bin
</pre>
 
=== From sflash ===
 
The keys.bin produced by hdd_script.py v2 will produce the keys in the right order! Just use keys.bin as eap_hdd_key.bin
 
== Installing cryptmount ==


<pre>
<pre>
Line 53: Line 49:
</pre>
</pre>


== Settuping cmtab ==
* and then mount your partition


* Add write permission on cmtab file:
<pre>
<pre>
sudo chmod 777 /etc/cryptmount/cmtab
sudo cryptmount user
</pre>
</pre>


=== cmtab for CUH-1000 and some CUH-1100 ===
== == Step by Step Guide (CUH-1200 and above) ==


* cmtab file can be as follows:
* In this case the cmtab will have a small change
<pre>
<pre>
# /etc/cryptmount/cmtab - encrypted filesystem information for cryptmount
# /etc/cryptmount/cmtab - encrypted filesystem information for cryptmount
Line 70: Line 65:
     dir=/home/xubuntu/Desktop/user
     dir=/home/xubuntu/Desktop/user
     flags=user,nofsck
     flags=user,nofsck
    fstype=ufs mountoptions=ro,noatime,noexec,ufstype=ufs2
    cipher=aes-xts-plain64
    keyfile=/home/eap_hdd_key.bin
    keyformat=raw
}
</pre>
=== cmtab for some CUH-1100 and later models ===


* In this case the cmtab file must have a small change:
<pre>
# /etc/cryptmount/cmtab - encrypted filesystem information for cryptmount
# try 'man 8 cryptmount' or 'man 5 cmtab' for more details
user {
    dev=/dev/sda27
    dir=/home/username/Desktop/user
    flags=user,nofsck
     fstype=ufs mountoptions=ro,noatime,noexec,ufstype=ufs2
     fstype=ufs mountoptions=ro,noatime,noexec,ufstype=ufs2
    cipher=aes-xts-plain64
    ivoffset=111669149696
    keyfile=/home/eap_hdd_key.bin
    keyformat=raw
}
</pre>
* where ivoffset = (dev_no - 1) << 32
* here it is: (27 - 1) << 32 = 111669149696
=== Adapting cmtab ===
* Change "username" to your Linux user name.
* Change sda27 to sdb27 or sdc27, etc... according to where HDD is currently mounted.
* Change sda27 to sda1 or sda2 or etc... according to the partition you want to mount. Don't forget to change ivoffset and fstype accordingly.
== Final steps ==
* Create "user" folder on Linux Desktop.
* Remove write permission on cmtab file:
<pre>
sudo chmod 644 /etc/cryptmount/cmtab
</pre>
* Mount PS4 "user" partition:
<pre>
sudo cryptmount user
</pre>
= Sample cmtab =
<pre>
# /etc/cryptmount/cmtab - encrypted filesystem information for cryptmount
# try 'man 8 cryptmount' or 'man 5 cmtab' for more details


eap_vsh {
    dev=/dev/sda7
    dir=/home/username/Desktop/eap_vsh
    flags=user,nofsck
    fstype=msdos mountoptions=ro,noatime,noexec
    cipher=aes-xts-plain64
    ivoffset=25769803776
    keyfile=/home/eap_hdd_key.bin
    keyformat=raw
}
sda17 {
    dev=/dev/sda17
    dir=/home/username/Desktop/sda17
    flags=user,nofsck
    fstype=tmpfs mountoptions=ro,noatime,noexec
    cipher=aes-xts-plain64
    ivoffset=68719476736
    keyfile=/home/eap_hdd_key.bin
    keyformat=raw
}
sda19 {
    dev=/dev/sda19
    dir=/home/username/Desktop/sda19
    flags=user,nofsck
    fstype=tmpfs mountoptions=ro,noatime,noexec
    cipher=aes-xts-plain64
    ivoffset=77309411328
    keyfile=/home/eap_hdd_key.bin
    keyformat=raw
}
update {
    dev=/dev/sda25
    dir=/home/username/Desktop/update
    flags=user,nofsck
    fstype=msdos mountoptions=ro,noatime,noexec
    cipher=aes-xts-plain64
    ivoffset=103079215104
    keyfile=/home/eap_hdd_key.bin
    keyformat=raw
}
user {
    dev=/dev/sda27
    dir=/home/username/Desktop/user
    flags=user,nofsck
    fstype=ufs mountoptions=ro,noatime,noexec,ufstype=ufs2
     cipher=aes-xts-plain64
     cipher=aes-xts-plain64
     ivoffset=111669149696
     ivoffset=111669149696
    keyfile=/home/eap_hdd_key.bin
    keyformat=raw
}


eap_user {
     keyfile=/home/xubuntu/Desktop/eap.bin
    dev=/dev/sda29
    dir=/home/username/Desktop/eap_user
    flags=user,nofsck
    fstype=ufs mountoptions=ro,noatime,noexec,ufstype=ufs2
    cipher=aes-xts-plain64
    ivoffset=120259084288
     keyfile=/home/eap_hdd_key.bin
    keyformat=raw
}
 
app_reserved {
    dev=/dev/sda31
    dir=/home/username/Desktop/app_reserved
    flags=user,nofsck
    fstype=tmpfs mountoptions=ro,noatime,noexec
    cipher=aes-xts-plain64
    ivoffset=128849018880
    keyfile=/home/eap_hdd_key.bin
     keyformat=raw
     keyformat=raw
}
}
</pre>
</pre>


= Files management =
* where iv offset is a number of partition - 1 << 32
 
* here it'll be (27-1)<<32=111669149696
== Read-only ==
 
UFS filesystem only allows to be mounted as read-only on Debian and Ubuntu. To enable read-write mounting, it is needed to either compile Linux kernel with ufs write flag enabled or to share the raw partition from Debian/Ubuntu to FreeBSD/equivalent running in a virtual machine (ex: VirtualBox).
 
This is not easy to setup, so better use a PS4 kernel exploit to get write access on PS4, and for example use FTP to conveniently write to the desired partition.
 
== root owner ==
 
When partitions are mounted to folders using cryptmount, these folders and files are owned by root. This can be annoying because it is required to use sudo to be able to open or copy most files and to open some folders.
 
To remove this annoyance, it is possible to change owner of folders and files to your user.
<pre>
sudo chown -R username mount_folder
</pre>
 
But it is not possible to apply this on the cryptmount folder directly. It is firstly needed to make a copy of the mount folder to a folder on the PC HDD.
<pre>
sudo cp -R /home/username/Desktop/mount_folder /home/username/mount_folder
sudo chown -R username /home/username/mount_folder
</pre>
 


{{Linux}}
{{Linux}}
<noinclude>[[Category:Main]]</noinclude>
<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS4 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS4 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "http://www.psdevwiki.com/ps4/Mounting_HDD_in_Linux"