Cex2Dex: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
(29 intermediate revisions by 7 users not shown)
Line 1: Line 1:
= Files =
= Files =
http://www.ps3devwiki.com/files/devtools/Cex2Dex/
 
http://www.psdevwiki.com/files/devtools/Cex2Dex/


== LibeEID ==
== LibeEID ==
* [http://www.ps3devwiki.com/files/devtools/Cex2Dex/libeeid/ libeeid]
 
* [http://www.psdevwiki.com/files/devtools/Cex2Dex/libeeid/ libeeid] [http://mir.cr/1VENKUSQ mirror]


== c2d ==
== c2d ==
* [http://www.ps3devwiki.com/files/devtools/Cex2Dex/c2d/ c2d]


* [http://www.psdevwiki.com/files/devtools/Cex2Dex/c2d/ c2d] [http://mir.cr/DY6DAA4W mirror]
== cex2dex ==
* [http://www.psdevwiki.com/files/devtools/Cex2Dex/CEX2DEX/ CEX2DEX] [http://mir.cr/0WPZNP5Z mirror]
== GUI for handicapped console ==
* [http://www.ps3hax.net/2012/07/ps3tools-gui-edition-v2-6-released-cex-2-dex-added/] [http://www.mediafire.com/?9du5uysk1cr49tc download] [http://mir.cr/EBMAVDNH mirror]
== dump_rootkey ==
Alternative for the 'acquire PCK1' step, without need for OtherOS/Linux.
* [http://www.psdevwiki.com/files/devtools/Cex2Dex/dump_rootkey dump_rootkey]  [http://mir.cr/BLLYCG2B mirror]
(needs 3.41, the [http://www.psdevwiki.com/files/firmware/MFW-CEX/Downgrader/341-downgrader.pup 341-downgrader.pup] works fine).
== eEID_RKDumper ==
Alternative for the 'acquire PCK1' step, without need for OtherOS/Linux.
* [http://www.psdevwiki.com/files/devtools/Cex2Dex/eEID_RKDumper/ eEID_RKDumper] [https://www.mirrorcreator.com/files/Y1FDUGXG/eEID_RKDumper.rar_links mirror] / [https://mega.co.nz/#!uo9BiB7T!hh_p-uOAXQ_KKwse39fxYO60-lu_1nuRx8G_O-KkuLE mirror]
(works fine on 3.55, e.g. [http://www.psdevwiki.com/files/firmware/MFW-CEX/Downgrader/Rogero-V3.7/ Rogero V3.7] ([http://www.tortuga-cove.com/forums/viewtopic.php?f=127&t=525&p=879#p879 mirror] / {{MD5|8f8166b25d6bed891f292c77de5c4b28}})
Howto:
* Install package and run it.
* It will then black screen (no GUI) and restart the console automatically.
* Using FTP (or by other means) retrieve your eid_root_key / PCK1 from /dev_hdd0/tmp/eid_root_key
= GameOS method explained =
<source lang="C">
#include <ppu-types.h>
#include <ppu-lv2.h>
/*! IIM interface syscall. */
#define SYSCALL_IIM_IF 868
/*! IIM interface. */
#define IIM_IF(cmd, a1, a2, a3, a4) \
do{ lv2syscall5(SYSCALL_IIM_IF, (u64)(cmd), (u64)(a1), (u64)(a2), (u64)(a3), (u64)(a4)); }while(0)
/*! IIM_GET_DATA. */
#define IIM_GET_DATA 0x17002
/*! EID0 index. */
#define EID0_IDX 0
int main(int argc, const char **argv)
{
u8 eid0[0x1000];
u64 size;
FILE *fp;
//Get EID0.
IIM_IF(IIM_GET_DATA, EID0_IDX, eid0, sizeof(eid0), &size);
//Dump to usb or wherever you like...
return 0;
}
</source>
Source: [https://web.archive.org/web/20141119004757/http://pastie.org/4365689 code by naehrwert]


= Guide(s) =
= Guide(s) =
In short: changing [[Target ID]] of console inside decrypted [[Flash#eEID|eEID0]]
 
In short: changing the [[Product Code]] of the PS3 inside decrypted [[Flash#eEID|eEID0]].


== Semi Guide / Shortlist ==
== Semi Guide / Shortlist ==
* dump metldr -> [[Dumping_Metldr#Howto_use|Dumping Metldr]]
 
* acquire PCK1 -> [[Per_Console_Keys#per_console_root_key_1_.2F_EID_root_key|EID root key]]
* Dump metldr -> [[Dumping_Metldr#Howto_use|Dumping Metldr]]
* dump flash -> [[Dev_Tools#Memdump Memdump 0.1]] or (NOR only) on linux : '' [[Dev_Tools#nor_dump.sh|dd if=/dev/ps3nflasha of=nor.bin]]''
* Acquire PCK1 -> [[Per_Console_Keys#per_console_root_key_1_.2F_EID_root_key|EID root key]]
* Dump flash -> [[Dev_Tools#Memdump Memdump 0.1]] or (NOR only) on linux: [[Dev_Tools#nor_dump.sh|dd if=/dev/ps3nflasha of=nor.bin]]
* Check flashdump -> [[Validating flash dumps]]
* Check flashdump -> [[Validating flash dumps]]
* extract EID0 section -> eidsplitter, manual extract or on linux : ''[[Dev_Tools#dump_EID0.sh|ps3dm_iim /dev/ps3dmproxy get_data 0x0 > EID0.bin]]''
* Extract EID0 section -> eidsplitter, manual extract or on linux: [[Dev_Tools#dump_EID0.sh|ps3dm_iim /dev/ps3dmproxy get_data 0x0 > EID0.bin]]
* decrypt EID0 using proper [[Cex2Dex#LibeEID|LibeEID]] (or any other proper eEID crypto tool)
* Decrypt EID0 using proper [[Cex2Dex#LibeEID|LibeEID]] (or any other proper eEID crypto tool)
* edit [[Target ID]]
* Edit [[Product Code]].
* encrypt/rehash EID0 using proper [[Cex2Dex#LibeEID|LibeEID]] (or any other proper eEID crypto tool)
* Encrypt/rehash EID0 using proper [[Cex2Dex#LibeEID|LibeEID]] (or any other proper eEID crypto tool)
* paste inside flash dump -> [[http://mh-nexus.de/en/hxd/ HxD]] or any Hexeditor / binairy copy method
* Paste inside flash dump -> [[http://mh-nexus.de/en/hxd/ HxD]] or any hexadecimal editor / binary copy method
* If needed, because console is now on 3.56+, don't forget to patch CoreOS and Revoke too -> [[Downgrading with Hardware flasher#Patch_the_dump_.26_Reflash_it_to_the_console|Downgrading patches]]
* If needed, because console is now on 3.56+, don't forget to patch CoreOS and Revoke too -> [[Downgrading with Hardware flasher#Patch_the_dump_.26_Reflash_it_to_the_console|Downgrading patches]]
* write back to flash -> [[Hardware flashing]] or on linux : ''[[Dev_Tools#nor_write.sh|dd if=nor.bin of=/dev/ps3nflasha bs=1024]]''
* Write back to flash -> [[Hardware flashing]] or on linux: [[Dev_Tools#nor_write.sh|dd if=nor.bin of=/dev/ps3nflasha bs=1024]]
* PSgrade/JIG toggle -> [[http://www.ps3devwiki.com/files/PSGrade/ files/PSGrade]]
* PSgrade/JIG toggle -> [[http://www.psdevwiki.com/files/PSGrade/ files/PSGrade]]
* service mode reinstall [[System_Software|Firmware]] belonging to that [[Target ID]] -> [[Downgrading with PSgrade Dongle]]
* Service Mode reinstall [[System_Software|Firmware]] belonging to that [[Product Code]] -> [[Downgrading with PSgrade Dongle]]
* remarry BDdrive -> [[http://www.ps3devwiki.com/files/lv2diag/remarry/ files/lv2diag/remarry]]
* Remarry BD drive -> [[http://www.psdevwiki.com/files/lv2diag/remarry/ files/lv2diag/remarry]]
* [[QA_Flagging#Toggle_QA_-_rebug.me|QA-toggle]] + [[QA_Flagging#Getting_the_QA_flag_menu|combo button]] -> [[QA Flagging]]
* [[QA_Flagging#Toggle_QA_-_rebug.me|QA-toggle]] + [[QA_Flagging#Getting_the_QA_flag_menu|combo button]] -> [[QA Flagging]]
* leave service mode -> [[http://www.ps3devwiki.com/files/lv2diag/3.55%20downgrader/FILE2/ lv2diag.self FILE2]]
* Leave Service Mode -> [[http://www.psdevwiki.com/files/lv2diag/3.55%20downgrader/FILE2/ lv2diag.self FILE2]]
* either enjoy XMB or a new brick
* Either enjoy DEX XMB or a brick.
 
== Full Rebug 4.70+ Guide ==
 
<big>'''<span style="color:red">(WARNING BEFORE DOING THIS SAVE YOUR IDPS AND OPENPSID TO PUT ON CONSOLE FOR STEP 14)'''</span></big>
 
'''
* 1.INSTALL REBUG 4.70+ REX (CEX)
* 2.ONCE INSTALLED GOTO PACKAGE MANAGER>INSTALL PACKAGE FILES>SYSTEM STORAGE
* 3.INSTALL REBUG PACKAGE FILE FROM STEP 2
* 4.OPEN REBUG TOOLBOX
* 5.GOTO UTILITIES TAB
* 6.SCROLL DOWN TO DUMP EID ROOT KEY (PS3 WILL REBOOT)
* 7.ONCE REBOOTED OPEN REBUG TOOLBOX AGAIN
* 8.GOTO DEX/CEX COLUMN
* 9.REWRITE PRODUCT CODE IN FLASH
* 10.SWAP LVL2 KERNAL
* 11.PS3 WILL REBOOT AGAIN
* 12.OPEN REBUG TOOLBOX AND GOTO SELECTOR AND CHOOSE DEBUG MENU DEX
* 13.ENABLE COBRA (THIS WILL AUTOMATICALLY ENABLE WEBMAN)
* 14.PUT IDPS AND OPENPSID BACK ON PS3'''
 
 
{{Custom Firmware}}<noinclude>[[Category:Main]]</noinclude>

Revision as of 02:56, 26 May 2020

Files

http://www.psdevwiki.com/files/devtools/Cex2Dex/

LibeEID

c2d

cex2dex

GUI for handicapped console

dump_rootkey

Alternative for the 'acquire PCK1' step, without need for OtherOS/Linux.

(needs 3.41, the 341-downgrader.pup works fine).

eEID_RKDumper

Alternative for the 'acquire PCK1' step, without need for OtherOS/Linux.

(works fine on 3.55, e.g. Rogero V3.7 (mirror / MD5:8F8166B25D6BED891F292C77DE5C4B28)

Howto:

  • Install package and run it.
  • It will then black screen (no GUI) and restart the console automatically.
  • Using FTP (or by other means) retrieve your eid_root_key / PCK1 from /dev_hdd0/tmp/eid_root_key

GameOS method explained

#include <ppu-types.h>
#include <ppu-lv2.h>

/*! IIM interface syscall. */
#define SYSCALL_IIM_IF 868
/*! IIM interface. */
#define IIM_IF(cmd, a1, a2, a3, a4) \
	do{ lv2syscall5(SYSCALL_IIM_IF, (u64)(cmd), (u64)(a1), (u64)(a2), (u64)(a3), (u64)(a4)); }while(0)

/*! IIM_GET_DATA. */
#define IIM_GET_DATA 0x17002
/*! EID0 index. */
#define EID0_IDX 0

int main(int argc, const char **argv)
{
	u8 eid0[0x1000];
	u64 size;
	FILE *fp;
	
	//Get EID0.
	IIM_IF(IIM_GET_DATA, EID0_IDX, eid0, sizeof(eid0), &size);
	
	//Dump to usb or wherever you like...
	
	return 0;
}

Source: code by naehrwert

Guide(s)

In short: changing the Product Code of the PS3 inside decrypted eEID0.

Semi Guide / Shortlist

Full Rebug 4.70+ Guide

(WARNING BEFORE DOING THIS SAVE YOUR IDPS AND OPENPSID TO PUT ON CONSOLE FOR STEP 14)

  • 1.INSTALL REBUG 4.70+ REX (CEX)
  • 2.ONCE INSTALLED GOTO PACKAGE MANAGER>INSTALL PACKAGE FILES>SYSTEM STORAGE
  • 3.INSTALL REBUG PACKAGE FILE FROM STEP 2
  • 4.OPEN REBUG TOOLBOX
  • 5.GOTO UTILITIES TAB
  • 6.SCROLL DOWN TO DUMP EID ROOT KEY (PS3 WILL REBOOT)
  • 7.ONCE REBOOTED OPEN REBUG TOOLBOX AGAIN
  • 8.GOTO DEX/CEX COLUMN
  • 9.REWRITE PRODUCT CODE IN FLASH
  • 10.SWAP LVL2 KERNAL
  • 11.PS3 WILL REBOOT AGAIN
  • 12.OPEN REBUG TOOLBOX AND GOTO SELECTOR AND CHOOSE DEBUG MENU DEX
  • 13.ENABLE COBRA (THIS WILL AUTOMATICALLY ENABLE WEBMAN)
  • 14.PUT IDPS AND OPENPSID BACK ON PS3


PS3UPDAT.PUP
Other Entries
Modifications
Tools
CFW Releases
Retrieved from "http://www.psdevwiki.com/ps3/index.php?title=Cex2Dex&oldid=56262"