Bluedisk EID0 reDRM
Description
Bluedisk CFW is a 4.25CFW (truly, a 4.21CFW spoofed to 4.25) DRM-Infected released by the "Bluedisk/Red Power" team. PS3 need to be already running CFW v3.55 to upgrade to 'Bluedisk-CFW', and user should send EID0 and a CDKEY before getting a download link. This CFW was "cracked" just a day after (details in the reDRM mechanism section).
Bluedisk release
XMB eEID Dumper and MM4.25
Link : XMB eEID Dumper and MM4.25.zip
XMB eEID Dumper.pkg
MM4.25.pkg
Old version of MultiMan (2.08, last open source version) patched to work on this CFW.
CFWUpgrader ver1.01 and manual
Link : CFWUpgrader ver1.01 and manual.zip
CFW Upgrader and downgrade manual.pdf
CFWUpgrader.exe
When you enter your credentials and press "CDKey Check" it generates a file called CFWUpgrader.exe.txt. I used Senaxx's info and it was probably wrong but it generate this log:
ERROR:PatchClient:Could not open I/O for 67.198.173.122:8090 Traceback (most recent call last): File "PatchClient.pyo", line 29, in verifykey File "protobuf\socketrpc\service.pyo", line 114, in <lambda> File "protobuf\socketrpc\service.pyo", line 157, in call File "google\protobuf\service_reflection.pyo", line 267, in <lambda> File "google\protobuf\service_reflection.pyo", line 284, in _StubMethod File "protobuf\socketrpc\channel.pyo", line 192, in CallMethod File "protobuf\socketrpc\channel.pyo", line 292, in tryToRunCallback RpcError: Could not open I/O for 67.198.173.122:8090 Traceback (most recent call last): File "main.py", line 104, in doverifykey AttributeError: 'NoneType' object has no attribute 'ret'
When I clicked download it added this to the file:
AttributeError: 'NoneType' object has no attribute 'ret' ERROR:PatchClient:Could not open I/O for 67.198.173.122:8090 Traceback (most recent call last): File "PatchClient.pyo", line 43, in login File "protobuf\socketrpc\service.pyo", line 114, in <lambda> File "protobuf\socketrpc\service.pyo", line 157, in call File "google\protobuf\service_reflection.pyo", line 267, in <lambda> File "google\protobuf\service_reflection.pyo", line 284, in _StubMethod File "protobuf\socketrpc\channel.pyo", line 192, in CallMethod File "protobuf\socketrpc\channel.pyo", line 292, in tryToRunCallback RpcError: Could not open I/O for 67.198.173.122:8090 Traceback (most recent call last): File "main.py", line 123, in dologin AttributeError: 'NoneType' object has no attribute 'desc'
Downgrade firmwares
* cfw3.55checkoff MD-5: 8BCF7AB97EE4B9D9F74ECDF9FA9E59A8 * 3.55 Rogero CEX v2 MD-5: 8BCF7AB97EE4B9D9F74ECDF9FA9E59A8
So no need to re-download "cfw3.55checkoff" if you have Rogero CEX 3.55 v2 (Source : GraVoX959 on ps3hax)
Firmwares / EID0.BIN / CD Keys
Firmware
- 4.21 CoreOS
- 4.25 Spoof/dev_flash for NP/SEN
PS3UPDAT.PUP
| Firmware | EID0.BIN | CD Key |
|---|---|---|
| 4.25 CFW based on EID0 Senaxx.rar | EID.rar | 9E8302C692EEFBD1 |
| 4.25 CFW based on EID0 bubba.rar |
N/A | 0CB52A87B221BC50 |
| 4.25 CFW based on EID0 Luckystar.rar | N/A | C0B7431B5073CC52 |
Other CD Keys
- FA73FDEF3A3949DE
- 1C24792552F19D59
- 45A76B28633A4B82
reDRM mechanism / eid0 binding
Analysis
eid0 is checked in aim_spu_module.self (Source : https://twitter.com/naehrwert/status/260356650257498113)
The check is basically a:
if(memcmp(eid0_section0, first_encrypt_0x10_bytes, 0x10)!=0)fail();
nonbound eid0 firmware
To remove eid0 binding, replace the aim_spu_module.self from unpatched OFW 4.25 one (tested, it works).
Rogero CEX-4.21 CFW
Links : Rogero_CEX4.21_v1.PUP / mirror1 / other mirrors links
hash file information
- CRC-16: 05E4 / CRC-32: AE88016F
- SHA-1: 5B8F488D977CFB2E3E0B5C3362F0275C840443B0
- SHA-256: C1EAE5CD430B2186C221638EF594A477323C12FCFC2DB0C28E64B621BCF4979D
- SHA-384: 36ED4C291EC5AA983EA5E44D710FB1C33B25CF8E503B1C957ACFC3CB0F069894DCD0E336891024D82211988B620E9558
- SHA-512: 435F276733499E228F38866D3BAC07FD442A3BF698898A7412392E6C1D44934DB914E2324BBCB43A0E422405012B64901D713CC2D7E26D4B84B10B96A3DA9E9E
- MD-2: 12D0DB8C096C8A8E2D7117B0681CCCCA
- MD-4: 3AC6AC81B971919B4CAF0DEDBF3B24E1
- MD-5: 418B6D659BA7201B04247618929E73FF
- Size : 192 MB (201,814,594 bytes)
v1.00 info :
- This is a 4.21CFW spoofed to version 4.25 to allow SEN access
- It can be used as a normal System Update from any 3.55 OFW/CFW/MFW
- It was tested using a hardware flasher and no bricks or any problems at all were encountered
- It can run games signed with Keys up to version 4.21 without any Eboot/Sprx patching needed
- Games must be loaded from Disc Icon (with Original game in BD) and not from app_home
- Current 3.55 homebrew application can't be loaded on this CFW, applications must be re-signed properly.
- Downgrading back to 3.55 is always possible using hardware flashers and will be tested soon using software methods.
Credits to eussNL and the PS3DevWiki for the valuable and always up-to-date source of information. Credits to Deank for his continuous efforts on Multiman and many other PS3 tools/fixes.
You need to already be on 3.55 OFW to install this. Installing from any firmware other than 3.55 OFW will simply not work
Source: http://www.tortuga-cove.com/forums/viewtopic.php?t=3636&p=8516#p8516
Compatibility
Its MFW 4.2x, so all OFW 4.2x signed content should work.
Games
Do not start games from APP_HOME, to prevent "EAUTHFAIL - 0x80010017 - Failure in authorizing SELF. Program authentication fail (Error starting BluRay game)"
Homebrew
3.60 or 3.60+ signed EBOOTs are working. 3.41/3.55 signed homebrews must be resigned with 3.60+ keys.