Main purpose of this toolkit is helping with internal HDD decryption and mounting. Of course You can find here few more magical scripts but mainly it was designed to calculate decryption keys and automate whole painful process of mounting ALL partitions with read & write.
Those who wants know how to do it manually without any scripts, should read my tutorial, and those smart asses who don’t need tutorials, should just look for attached quick guide in above forum thread.
If You are interesting only to read data, and do not care about access to some raw partitions, just use PS3 HDD Reader written by 3141card (aka Picard). It is far way easier to use!
PS3 HDD & NAND Keygen: allows to calculate ATA, VFLASH and FLASH keys from ERK.PS3 HDD Mounter: allows to create mappers and mount filesystems.PS3 HDD Mounter (Read Only): - like above but read only only, as name suggest. ;)PS3 HDD Umounter: allows to unmount filesystems and remove mappers.PS3 HDD Reporter: helping troubleshooting in case You have problems to mount stuff.PS3 HDD Tasker: allows to various tasks HDD related.PS3 HDD Backuper: allows to backup important data from HDD.PS3 HDD Dumper: allows to dump HDD, partitions or sub-partitions.PS3 NAND Mounter: allows to create mappers and mount filesystems from eFlash.PS3 NAND Umounter:allows to unmount filesystems and remove mappers.PS3 ODD Keygen: allows to create Drive Key or extract EID Root Key from Drive Key.PS3 LV1 & LV2 Crawler: allows to extract Open PSID key from LV1 or LV2 memory dump.PS3 KO Manager: allows to automate kernel modules compiling and loading.Unattended*: are scripts for people who knows what they doing. :PYou need EID Root Key (or ERK in short) for most of operations. It is one of two most important keys which You can get from Your console and the one which is very tightly secured by console itself. You see, ERK is first 48 bytes in metldr. The problem here is that meta loader is encrypted by some unknown key (probably by hypothetically Cell key) so not only cannot be decrypted outside PS3 but also cannot be retrieved without tricking PS3 to expose it in already decrypted form from SPU (and this is what metldrpwn doing and all GameOS level exploits).
So for now to get this precious, You need LV1 access and working console - in other words, You need CFW installed (HAN or HEN in current forms doesn’t exploiting HV) and fully functional PS3 (no luck for dead one). ERK can be dumped on OtherOS via metldrpwn (to be precise, dumped whole metldr) or on GameOS via Rebug Toolbox on Rebug CFW (Rex/D-Rex/Lite) or Evilnat toolbox on Evilnat CFW.
All above listed scripts needs some dumps, keys and kernel modules to operate. Depend of task, You need put different files in specified directories.
eid_root_key.bin filename.nand.bin, nand_decr.bin or nor.bin filenames.lv1.bin or lv2.bin filenames.Run PS3 KO Manager, compile and load modules. Then PS3 HDD Mounter and “follow the damn train CJ”. ;) After You are done, remember to run PS3 HDD Umounter if You don’t want format HDD after back to the console. :P
If for some reason You cannot mount stuff, run PS3 HDD Reporter and paste under some forums whole output. This will show the others what was decrypted etc. and where the script didn’t do magic for You.
If You want remove OtherOS bootloader (in case You cannot for various of reasons boot to GameOS); if You want increase available space on dev_hdd0/ (this operation will break all restoring options in Factory Mode (aka Recovery)); if You want change maximum size of HDD (in case when Your HDD exceed supported size like i.e. 2TB); if You want backup PS3PT to be prepared for Windows disk initialization. Then run PS3 HDD Tasker.
Run PS3 KO Manager, compile and load modules. Then PS3 NAND Mounter and… well, You can for now decrypt eFlash and dump it to a file for data recovery and forensic tools (like e.g.IsoBuster or DMDE). The problem here is on NANDs eFlash, using not standard FAT12 and FAT16 (instead to NORs VLASH) which are unsupported by most of known to me tools, including Linux kernel vfat module. Eventually there is a factor which about I don’t know, so enlighten me if You have some more informations about it!
For cleaning loop and mapper, run PS3 NAND Umounter.
Drive key is in use for ODDE and 1:1 BD-ROM disc images decryption on PC. Rather not very useful today, however it contains ERK which can be extracted, so still can be useful while someone has dumped it on CFW 3.55, later his console died, he wanted data back but didn’t read ERK when he have still chance. In such case, Drive Key will be his salvation.
Run PS3 ODD Keygen.
Open PSID is in use to secure System Backup unprotected archives (those which are protected, using IDPS and this is the reason why data from them cannot be restored on different PS3).
Run PS3 LV1 & LV2 Crawler.
What are Fat, Slim and Super Slim models and what NAND, NOR and eMMC means? Fat models are those huge PS3s. First series have 256MB NAND Flash memory, while newer have 16MB NOR Flash memory. Slims are the newer and they were shipped only with NOR chips. Newest models are Super Slim and they can be with NOR chip as older or 16GB eMMC. It is important to chose proper model to both: keys generating and mounting.
Q: Are You the author of the method, tools and shit?
A: Obviously NO. I’m humble Graphic Artist and IT Specialist, not a Programmer, Reverse Engineer or even Linux master hiding in basement. I’m a Prometheus who brings You the fire, just remember to not burn someone else with it. ;)
Q: Can I use toolkit for pirating games?
A: No…
Q: Can I use it in WSL2?
A: Yes.
Q: Can I use it on FreeBSD?
A: I’m not familiar with BSD family. If You can find there equivalent of loading kernel modules, multipath-tools with support PS3PT (PS3 using custom partition table), kpartx, lsblk, mappers and dmcrypt (Geli?) - only then You can port and use the scripts. However, last time when I exposed decrypted UFS2 partition, I wasn’t able to mount this filesystem (tried on GhostBSD). So it is really hard to judge for me, ask someone experienced with FreeBSD.
Berion
2023-11-10