Hacking PS3 New Hack, Change any console to Dev Console

[kingcolex]

Heres the original Source before i put a wall of txt: http://psx-scene.com/forums/content/cex-dex-method-guide-leaked-confirmed-real-but-cautious-2404/

This has been verified as real and working and this may be the big hack of the time, Rumors are that dev consoles can run the newest games (with the newest dev FW) and dont need signed code.

Hi Scene Sorry for my bad English. I want to give you info you pls make public. I want be anonymous. I only can say I’m from Hong Kong. I have way to get a dex, it works and is complete nothing missing​

Manual to get a dex (here is everything you needed) and you have a full working dex​

EID0 Key Seed and EID0 Section Key Seed are hardcoded in the isoldr​

EID0 Key Seed​

AB CA AD 17 71 EF AB FC 2B 92 12 76 FA C2 13 0C​

37 A6 BE 3F EF 82 C7 9F 3B A5 73 3F C3 5A 69 0B​

08 B3 58 F9 70 FA 16 A3 D2 FF E2 29 9E 84 1E E4​

D3 DB 0E 0C 9B AE B5 1B C7 DF F1 04 67 47 2F 85​

EID0 Section Key Seed​

2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF​

If you dump they isoldr key (EID Root Key) with metldrpwn you got from 0x00 to 0x1F the EID Root Key and from 0x20 to 0x2F the EID Root IV​

use AES Encrypt to Encrypt EID0 Key Seed as data with EID Root Key as Key and EID Root IV as IV​

the result contains from 0x10 to 0x20 the EID0IV​

and contains from 0x20 to 0x40 the EID0Key​

use AES Encrypt to Encrypt the EID0 Section Key Seed as data with the EID0Key as Key and no IV​

the result will be the first 0x10 bytes of the EID0 First Section Key​

the second 0x10 bytes of the EID0 First Section Key are only 0x00 bytes​

EID0 is located in NAND at 0x80870 and in NOR at 0x2f070​

the first 0x20 bytes of EID0 are not encrypted​

at the fifth byte of EID0 (NOR example 0x2f075) your target ID is located change it to 0x82 (Debug Target ID)​

use AES Decrypt to decrypt the first EID0 Section (NOR example 0x2f090). The size of the first Section is 0xC0 bytes. Use the EID0 First Section Key as Key and the EID0 IV as IV​

Build the CMAC (OMAC1) hash of the decrypted EID0 Section from 0x00 to 0xA8 with EID0 First Section Key as Key. The calculated hash has to be the same as the bytes in the decrypted EID0 Section from 0xA8 to 0xB8.​

At 0x5 of the decrypted EID0 Section is your target id again change it to 0x82 again​

0xB8-0xC0 of the decrypted EID0 Section should be just 0x00 bytes​

after you changed the target ID of the decrypted EID0 Section, create the CMAC hash of the new decrypted EID0 Section and write the new hash to the decrypted EID0 Section​

use AES Encrypt to encrypt the EID0 Section and write it back to the NOR (NAND).​

Now install dex Firmware with the recovery menu.​

HINT: Got Petitboot on emer init go to boot gameos and do emer init again to get to the recovery menu.​

You can’t login to the PSN because IDPS is obviously not valid from now on.​

THIS CAN BRICK YOUR CONSOLE IF NOT DONE CORRECTLY.​

有志者，事竟成 “Where a will, there is way”​

一不做二不休 „You start something, you have to finish it”​

 

[Clarky]

suddenly the PS3 scene become very interesting again, thanks for pointing out the news

 

[Qtis]

Also:

UPDATE:

PS3Hax's zecoxao has confirmed this method working, and has also stated the following about requirements.

btw, you can use flasher, linux or jaicrab's preloader (basically anything that flashes the dump)

jaicrab's preloader only works correctly on NOR's, you'll have problems with NAND's, or so i've tested (thanks to a friend of mine )
​

But again, I am going to advise users to wait until other developers look into this method before jumping into it. Chances are there may be a user friendly option available one day soon.

It still needs a flasher or other method.

 

[daxtsu]

From what I understand this will enable you to have homebrew on newer firmware, but not lv1/lv2 peek/poke backups(PKG backups probably still work?). But you'll be able to run original disks with homebrew, so it's a win-win either way.

 

[Deleted User]

awesome but there is still a brick risk and i dont have a flasher

 

[Qtis]

A few more clarifications:

From zecoxao: The problem with this is it's easily patchable... Sony will probably patch it on the next OFW... Original retail dump, flash back retail firmware, and that's it. This is basically switching back and forth from CEX to DEX by flashing DEX dump and DEX firmware and from DEX to CEX by flashing CEX dump and CEX firmware.

Also:

You can't login to the PSN because IDPS is obviously not valid from now on.

Better source is the original post location http://www.ps3news.com/forums/ps3-hacks-jailbreak/how-cex2dex-work-123592.html

 

[BrightNeko]

so just what does this mean, what is a flasher, and all the other noob questions

 

[Magsor]

so just what does this mean, what is a flasher, and all the other noob questions

It just mean its not for noobs

 

[mehrab2603]

Converted my CEX to DEX. Can freely upgrade and downgrade firmwares now just using the normal update procedure, so I can play new games plus enjoy all the homebrew
Also wanted to mention that, automated tools have been released to make the conversion much easier than the op method. Still needs a bit of work though.
Surprised this hasn't been frontpaged as this is a huge breakthrough in the PS3 scene, possibly as big as the original jailbreak.

 

[notmeanymore]

Even if Sony patches this with the next firmware, I would be happy to be able to play backups of the last year or more of game releases.

 

[rehevkor]

Sounds interesting.. but I think I'll stick with my 3.55 CFW for the forseeable. I managed to brick this thing once already.

 

[Joe88]

Even if Sony patches this with the next firmware, I would be happy to be able to play backups of the last year or more of game releases.

backups wont work on it, its just for homebrew and no psn access on top of that

 

[mehrab2603]

Even if Sony patches this with the next firmware, I would be happy to be able to play backups of the last year or more of game releases.

backups wont work on it, its just for homebrew and no psn access on top of that

Backups work on it. Do a bit of research before you post. Not with multiman, but there is a way. You're right about PSN though. But then again, CFWs don't have PSN atm either.

 

[Joe88]

Even if Sony patches this with the next firmware, I would be happy to be able to play backups of the last year or more of game releases.

backups wont work on it, its just for homebrew and no psn access on top of that

Backups work on it. Do a bit of research before you post. Not with multiman, but there is a way. You're right about PSN though. But then again, CFWs don't have PSN atm either.

I dont see any proof of backups running since its missing all the stuff backup loaders need to run
supposedly someone got a heavily modified game backup running on it

 

[mehrab2603]

Even if Sony patches this with the next firmware, I would be happy to be able to play backups of the last year or more of game releases.

backups wont work on it, its just for homebrew and no psn access on top of that

Backups work on it. Do a bit of research before you post. Not with multiman, but there is a way. You're right about PSN though. But then again, CFWs don't have PSN atm either.

I dont see any proof of backups running since its missing all the stuff backup loaders need to run
supposedly someone got a heavily modified game backup running on it

lol I myself am running backup of Mass Effect 2. Don't need to mod anything either.
And there have been people confirming other games like FF13-2, BF3 etc working.

 

[matt382]

I hope this leads to more homebrew development. I probably won't hack my PS3 till there's full PS2 emulation and risk free online, although I doubt that would be anytime soon

 

[ichidansan]

So, couldnt we with this convert to the dev console type, then just install the CFW for 3.41/3.55? and then just use all the homebrew with that, and just wait for the psn hacks that allow older CFW to get access?

 

[Magsor]

Even if Sony patches this with the next firmware, I would be happy to be able to play backups of the last year or more of game releases.

backups wont work on it, its just for homebrew and no psn access on top of that

Backups work on it. Do a bit of research before you post. Not with multiman, but there is a way. You're right about PSN though. But then again, CFWs don't have PSN atm either.

Do your homeworks. CFW can have PSN.

 

[mehrab2603]

Even if Sony patches this with the next firmware, I would be happy to be able to play backups of the last year or more of game releases.

backups wont work on it, its just for homebrew and no psn access on top of that

Backups work on it. Do a bit of research before you post. Not with multiman, but there is a way. You're right about PSN though. But then again, CFWs don't have PSN atm either.

Do your homeworks. CFW can have PSN.

Which CFW has PSN?
afaik Sony changed the latest passphrase and made 4.21 update mandatory so the recent PSN access methods work no longer.

 

[BrightNeko]

someone should make a guide for this thing. >> including downgrading.