[PS3] CEX to DEX, connecting the dots

[wraggster]

I’m a bit late on the “CEX to DEX” news, but sometimes it’s better to be late, in order to have a good overview of something.



If you’ve been following the PS3 scene sites this week, you’ve probably seen that a new “hack” was released, that has been nicknamed “CEX to DEX”. Later on, PS3 dev naehrwert explained the process on how the information was obtained, although most scene websites failed to make a connection between his quite complex technical explanation and the leak. Most of them treated that as two pieces of unrelated information.

In this article I’ll try to connect the dots, but please bear with me as I am still an external observer of the PS3 scene, being myself stuck in 4.11 (damn you, Uncharted 3!)

Why this is interesting for the end users

Ok, first of all, what is this hack useful for, in other words, what does it do?

Let’s start with the basics. Retail PS3 units (the ones we buy in stores) are codenamed CEX. Debug PS3 units are codenamed DEX. What this hack does is allow any Retail unit (CEX) to be converted into a Debug unit (DEX). A DEX unit lets you, among other things, install a Debug firmware on the PS3 through the recovery menu (you can’t do that on a CEX PS3).

A Debug firmware is interesting because it allows to run official blu rays as well as unsigned content. This means homebrews, but also potentially unsigned official games. In theory a 4.21 Debug firmware could run backups of newer games (3.6+), which is where it gets interesting (currently AFAIK the only way to do that is to use one of the piracy dongles, and it only works for a few games).

There is of course a “catch” to this: 3.6+ games backups would need to be not signed, and such things are not easy to find on the internets (if they can be found at all).

So in theory this release could be good for pirates, and bad for dongles, but practically it doesn’t change much on that front.

However, this opens something new for people who have been on 3.55 CFW and don’t want to upgrade: the possibility to run official 3.6+ Blu rays.

So let me summarize here. A 4.xx Debug firmware can:
•run unsigned < 3.55 game backups (those are apparently easy to find) (a 3.55 CFW can do that)
•run unsigned eboots (homebrews) (a 3.55 CFW can do that)
•run unsigned 3.6+ game backups (a 3.55 CFW can’t do that, but those are impossible to find anyways)
•run all official (legit blu ray) games up to 4.xx (a 3.55 CFW can only run up to 3.55! That’s the interesting bit)
•Upgrade and downgrade at will between all versions of Debug firmwares

And please don’t quote me on that, as this is just my understanding of what a debug firmware allows, but I can’t confirm this myself as I don’t have a CFW. I’m just gathering the bits of information I’ve read here and there. But my understanding is, a 4.xx debug firmware gives you the best of both OFW and CFW: 3.6+ games and homebrews

What this cannot do

Since in order to convert your console from CEX to DEX, some per-console specific information needs to be obtained directly from your ps3, this is not a magical solution if you are currently stuck on a 3.6+ official firmware. You would still need to downgrade to a 3.55 CFW first (in order to run the tools necessary for the hack) using a hardware chip, and then run the hack from there to install a Debug firmware.

In other words, Going through 3.55 is a necessary step of this hack.

It is also worth noting that by running a Debug unit, you lose access to the PSN (which you can get back by installing a clean flash back).

Ok, let’s do this thing, where are the tools?

Ok, so, if you have a 3.55 console (if not, you need to downgrade, read the paragraph above!), you might want to try and convert your own console into a Debug version. For now, no “easy” tool is available to do this, sadly, and if you mess things up you could end up with a brick (also, do not try to get somebody else to send you their modified Flash, some of the encryption keys involved are specific to each console!). It is strongly recommended that you have a hardware flasher (and a clean dump of your flash) handy in case you mess things up..

If you’re lucky enough to have a 16MB NOR console (that’s the recent PS3 FAT and all PS3 Slim, see details here), you can use the tool C2D by andbey0nd to ease the process. It will build the stuff to flash for you, but you still have to provide the EID root key (obtained with metldrpwn)

If you’re a developer, you might want to download libeeid here, and use the sample provided as a base to build your own tool.

But ironically, the easiest way for now seems to follow the leaked guide below and do it manually.


Hi Scene Sorry for my bad English. I want to give you info you pls make public. I want be anonymous. I only can say I’m from Hong Kong. I have way to get a dex, it works and is complete nothing missing

Manual to get a dex (here is everything you needed) and you have a full working dex

EID0 Key Seed and EID0 Section Key Seed are hardcoded in the isoldr

EID0 Key Seed
AB CA AD 17 71 EF AB FC 2B 92 12 76 FA C2 13 0C
37 A6 BE 3F EF 82 C7 9F 3B A5 73 3F C3 5A 69 0B
08 B3 58 F9 70 FA 16 A3 D2 FF E2 29 9E 84 1E E4
D3 DB 0E 0C 9B AE B5 1B C7 DF F1 04 67 47 2F 85

EID0 Section Key Seed
2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF

If you dump they isoldr key (EID Root Key) with metldrpwn you got from 0×00 to 0x1F the EID Root Key and from 0×20 to 0x2F the EID Root IV

use AES Encrypt to Encrypt EID0 Key Seed as data with EID Root Key as Key and EID Root IV as IV

the result contains from 0×10 to 0×20 the EID0IV

and contains from 0×20 to 0×40 the EID0Key

use AES Encrypt to Encrypt the EID0 Section Key Seed as data with the EID0Key as Key and no IV

the result will be the first 0×10 bytes of the EID0 First Section Key

the second 0×10 bytes of the EID0 First Section Key are only 0×00 bytes

EID0 is located in NAND at 0×80870 and in NOR at 0x2f070

the first 0×20 bytes of EID0 are not encrypted

at the fifth byte of EID0 (NOR example 0x2f075) your target ID is located change it to 0×82 (Debug Target ID)

use AES Decrypt to decrypt the first EID0 Section (NOR example 0x2f090). The size of the first Section is 0xC0 bytes. Use the EID0 First Section Key as Key and the EID0 IV as IV

Build the CMAC (OMAC1) hash of the decrypted EID0 Section from 0×00 to 0xA8 with EID0 First Section Key as Key. The calculated hash has to be the same as the bytes in the decrypted EID0 Section from 0xA8 to 0xB8.

At 0×5 of the decrypted EID0 Section is your target id again change it to 0×82 again

0xB8-0xC0 of the decrypted EID0 Section should be just 0×00 bytes

after you changed the target ID of the decrypted EID0 Section, create the CMAC hash of the new decrypted EID0 Section and write the new hash to the decrypted EID0 Section

use AES Encrypt to encrypt the EID0 Section and write it back to the NOR (NAND).

Now install dex Firmware with the recovery menu.

HINT: Got Petitboot on emer init go to boot gameos and do emer init again to get to the recovery menu.

You can’t login to the PSN because IDPS is obviously not valid from now on.

THIS CAN BRICK YOUR CONSOLE IF NOT DONE CORRECTLY.

有志者，事竟成 “Where a will, there is way”
一不做二不休 „You start something, you have to finish it”

The connection with naehrwert

This hack was revealed as a leak. It seems obvious (based on his recent blog post) that naehrwert was part of the people working on all the reversing work required to access this information. It is likely that this information was part of a larger scale work, and obviously for these devs the leak was not a good piece of news. I can relate, getting your work leaked at the most inappropriate time is never good. This is probably what pushed later on an “anonymous” dev to publish the work that led to this hack in the first place, in the form of a C library that any dev can now use (libeeid, download link below).

Then again, as I described above, I don’t see why this could lead to anymore piracy than there is already on the PS3 (3.6+ games are still “safe” until somebody can publicly decrypt them), so the excuses about this work leading to piracy are probably just words. On the other hand, as naehrwert mentioned, I can picture an army of noobs asking questions on how they can pirate 3.6+ games on DEX machines from now on

The Technical details

So how does that hack work? Ok, I’m trying to dumb that down as much as possible here: there are special locations in the flash memory of the PS3 that indicate if the unit is a Retail machine or a Debug machine. Reading/Writing this information requires to both know where it is located and how to decrypt/encrypt it. How this information was found is what naehrwert explains in his blog post (note: Finding and understanding this required dozens – hundreds? – of hours of reverse engineering of some parts of the PS3 firmware, which also explains why some people are pissed about that leak.).

The information lies in the Appliance Info Manager module, a module in charge of …describing the specs of the current unit, I assume, given its name.

The encryption/decryption keys are all inferred from the eid0 key seeds for this specific module. These key seeds were obtained by reading the metadata of the module, as explained by naehrwert. From there, the whole process explained in the leak is just a series of decrypt / replace / encrypt data, based on the algorithms that were reverse engineered.

The key point here is that the Target ID of the unit is replaced with 0×82 (you’ll see that number a lot in the leaked CEX to DEX hack), which symbolizes a Debug unit. The target ID is a key identifying the type of a unit, as described here.

Speaking of TargetID, the holy grail of the Debug units is 0×81, the DECR unit which apparently can also decrypt anything we want. Those are suspected to require specific hardware and firmwares however…and the legend says that some scene devs own one.

Conclusion

Until this week, people who legitimately wanted to stay on a Custom Firmware for homebrew reasons could not play recent PS3 games they owned. With such a technique, they now have a possibility to run their 3.6+ blu rays without sacrificing homebrew. As far as I can tell, this does not “bring more piracy to the PS3″, for now. It just allows more legitimate use of the PS3 for honest homebrew users.

http://wololo.net/2012/07/14/ps3-cex...ting-the-dots/

http://ps3devwiki.com/files/devtools/Cex2Dex/libeeid.7z