Now Everyone Who Is Mod-Savvy Can (Probably) Enjoy A DIY DEX Machine
WARNING: IF YOU WANT TO TRY THIS IN ITS CURRENT FORM, THEN DO SO AT YOUR OWN RISK, AS YOUR PS3 CAN BE BRICKED IF YOU MESS UP - PS3CRUNCH OR ANY NEWS-POSTING SITES SHALL NOT BE HELD RESPONSIBLE FOR ANY DAMAGE CAUSED DUE TO IDIOCY/SHEER INCOMPETENCE - HOWEVER, THE NOT-SO-MOD-SAVVY PS3 OWNERS ARE ADVISED TO NOT TRY THIS UNTIL A USER-FRIENDLY SOLUTION HAS BEEN MADE/CREATED OR THE CEX-TO-DEX CONVERSION HAS BEEN DONE BY SOMEONE WHO IS TECHNICALLY SAVVY!
An anonymous member on PS3NEWS has recently posted up a CEX-to-DEX Conversion Guide so that everyone can now modify an ordinary retail PS3 for use with debug firmwares, which can allow you to run unsigned PKG files (and is ideal for those who use DEX PS3s for development-related reasons) and also allow any game to be played regardless of what firmware keys they are signed with (although Squarepusher stated on the PS3Hax thread that "you would need debug EBOOTs for newer games").
Originally Posted by Some Anonymous Hong Kong-Based Weirdo on PS3NEWS
Hi Scene Sorry for my bad English. I want to give you info you pls make public. I want be anonymous. I only can say Im from Hong Kong. I have way to get a dex, it works and is complete nothing missing
Manual to get a dex (here is everything you needed) and you have a full working dex
EID0 Key Seed and EID0 Section Key Seed are hardcoded in the isoldr
EID0 Key Seed
AB CA AD 17 71 EF AB FC 2B 92 12 76 FA C2 13 0C
37 A6 BE 3F EF 82 C7 9F 3B A5 73 3F C3 5A 69 0B
08 B3 58 F9 70 FA 16 A3 D2 FF E2 29 9E 84 1E E4
D3 DB 0E 0C 9B AE B5 1B C7 DF F1 04 67 47 2F 85
EID0 Section Key Seed
2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF
If you dump they isoldr key (EID Root Key) with metldrpwn you got from 0×00 to 0x1F the EID Root Key and from 0×20 to 0x2F the EID Root IV
use AES Encrypt to Encrypt EID0 Key Seed as data with EID Root Key as Key and EID Root IV as IV
the result contains from 0×10 to 0×20 the EID0IV and contains from 0×20 to 0×40 the EID0Key
Use AES Encrypt to Encrypt the EID0 Section Key Seed as data with the EID0Key as Key and no IV
the result will be the first 0×10 bytes of the EID0 First Section Key
the second 0×10 bytes of the EID0 First Section Key are only 0×00 bytes
EID0 is located in NAND at 0×80870 and in NOR at 0x2f070
the first 0×20 bytes of EID0 are not encrypted
at the fifth byte of EID0 (NOR example 0x2f075) your target ID is located change it to 0×82 (Debug Target ID)
use AES Decrypt to decrypt the first EID0 Section (NOR example 0x2f090). The size of the first Section is 0xC0 bytes. Use the EID0 First Section Key as Key and the EID0 IV as IV
Build the CMAC (OMAC1) hash of the decrypted EID0 Section from 0×00 to 0xA8 with EID0 First Section Key as Key. The calculated hash has to be the same as the bytes in the decrypted EID0 Section from 0xA8 to 0xB8.
At 0×5 of the decrypted EID0 Section is your target id again change it to 0×82 again
0xB8-0xC0 of the decrypted EID0 Section should be just 0×00 bytes
after you changed the target ID of the decrypted EID0 Section, create the CMAC hash of the new decrypted EID0 Section and write the new hash to the decrypted EID0 Section
use AES Encrypt to encrypt the EID0 Section and write it back to the NOR (NAND).
Now install dex Firmware with the recovery menu.
HINT: Got Petitboot on emer init go to boot gameos and do emer init again to get to the recovery menu. However, you cant login to the PSN because IDPS is obviously not valid from now on.
THIS CAN BRICK YOUR CONSOLE IF NOT DONE CORRECTLY.
有志者,事竟成 Where a will, there is way 一不做二不休 You start something, you have to finish it
Additionally, zecoxao from PS3Hax has confirmed this, and here's what he had to say:
Originally Posted by zecoxao on PS3Hax
btw, you can use flasher, linux or jaicrab's preloader (basically anything that flashes the dump)aicrab's preloader only works correctly on NOR's, you'll have problems with NAND's, or so i've tested (thanks to a friend of mine )
UPDATE #1: Another anonymous party has released another tidbit of information, which compliments the first leak and is also important for the process - see below:
UPDATE #2: A developer who goes by the andbey0nd alias has released a "brick-proof" CEX-to-DEX conversion tool, which simplifies the CEX-to-DEX conversion process and significantly minimizes the brick risk - see below:
Originally Posted by C2D.EXE Readme from Pastie
c2d.exe (win32 app)
===================
Requires:
* OpenSSL 1.0.1 installed in c:\openssl or d:\openssl (http://slproweb.com/download/Win32Op...ght-1_0_1c.exe)
* EID root key (per_console_key) obtained with metldrpwn * CEX (NOR) flash dump
* Extract c2d.rar in a local folder (c:\c2d or d:\c2d)
Also note that with this program, you will need to provide the correct EID key in order for the (valid) DEX flash file to be created, otherwise, the DEX flash file will not be created, and as stated, you CANNOT have a NAND dump at the ready as the program doesn't support NAND dumps.
UPDATE #3:evilsperm has posted some code to make your life a little easier when flashing your NOR without a hardware flasher, which simplifies the CEX-to-DEX conversion process even further - see below:
USE THIS METHOD AT YOUR OWN RISK! IF YOU BRICK ITS YOUR OWN FAULT!
MAKE SURE YOU HAVE A VALID NOR DUMP! IF YOU HAPPEN TO BRICK YOU WILL NEED A HARDWARE FLASHER TO RECOVER BUT YOU MUST HAVE A VALID NOR DUMP!
Here is some code if you all want to flash from petitboot:
This is to R/W entire NOR or just the eEID section.
Make sure to take a valid dump from gameOS as well so you can match both dumps also if you have a hardware flasher I highly advise you do, check that dump against the soft dumps to make 100% sure :P
Im not going to bother with the NAND because its a pain in the balls (and thats if you can even get it to work) :P
/tmp/petitboot/mnt/sda1/ is a flash dive formatted to ext4 in petitboot to make life easy when moving dumps around. you can always scp your files across also :P
Thanks go to: pete_uk (News Update #1) & acab/zadow28 (News Update #2/Contributions for C2D, alongside andbey0nd)
Thread rules: No masturbatory aid/dongle-themed discussion and no childish bitching/drama-whoring on this thread - failure to comply with this warning will result in either a closed thread AND POSSIBLY AN INFRACTION OR A BAN - YOU HAVE BEEN WARNED!
calo
Not yet though, as some people have already questioned the usefulness of this hack at its current state.
Speaking of this, GraVoX also stated that the anonymously-developed Batman TB EBOOT was produced on a DEX machine (which is true), so for certain users, this might be useful indeed.
first off zecoxao is a ra-tard dont listen to a thing he says, he couldn't dev his way into or out of a vagina
and yes you can brick very easily...
if you dont have a hardware flasher and you brick your a dumb ass
In the current state of this tut good luck because I know there is gonna be a shit ton of bricks
Also I just have to go on record and say the releaser of this is a total fuckin cunt! (already have a very good idea on who it was)
sony will now very easily patch new dex pups to make sure you cant install on converts :P
so you can all go thank him on that front.
On a side not if you brick cuz your a dumb shit and cant follow the millions of directions that will follow in the next few days on how to pull this off dont clutter the threads with your retard ways because I will ban you :P
This cex>dex conversion is useless for 99.999999999999999999% of the entire PS3 user base, and if you think your gonna get PSN access after converting think again :P (even if you update to 4.xx dex)
PSN on your convert wont happen in this lifetime or the next :P
Also I just have to go on record and say the releaser of this is a total fuckin cunt! (already have a very good idea on who it was)
sony will now very easily patch new dex pups to make sure you cant install on converts :P
so you can all go thank him on that front.
Here we go again, more ps3 scene drama to the rescue. No offence my friend, but most of us users that are left in the dark can care less if something is patched that we would not have had the chance to use in the first place, so your rant is kinda moot. But keep up the good work on that rebug stuff is it? Not sure dont use it but i think i saw your handle plastered on it.
It shows you have no clue what this is and how damaging its going to be...
If you were in the dark (and looks like you still are) then why bother posting?
evilsperm
Oh and may I add that if any shit kicks off on this thread, then I'll be closing it and by the way, there's a warning message on there, in which anyone shouldn't be able to miss that.
To make a clarification for the hundreds of the people who will post on this thread. After a successful conversion, what "features" that they may be used too, will become unavailable? (I see a long thread incoming with "why can't i do this now" "why doesn't my game work" "why doesn't my pkgs work now" "why can't i connect online" "why doesn't my TB work now") And, is there a viable process to convert back to CEX when people realize this helps 0.1% of people? Since the real benefits of a DEX machine are so limited to the 99%. I was hoping you could post a short and sweet list for the millions of people who won't realize what there doing. (Not a tutorial on how to do the conversion process) I'm not knowledgeable enough in this specific area to try and convince people to not do the conversion, unless theres some future super breakthrough in the future that requires it.
Edit: I'm just hoping for a semi-technical explanation for you to deter people. You have a knack for conveying an expert level of expertise, in a way that most people can understand.
[LEAKED] CEX-to-DEX Conversion Method
Originally Posted by Some Anonymous Hong Kong-Based Weirdo on PS3NEWS
Reply With Quote
