Post: PS3 Per Console KEYs
Options
The following 3 users say thank you to braindead for this useful post:
10-26-2011, 10:14 PM
#21
Stack0verfl0w
Computer engineer
Originally posted by GE90
so how hard would it be to make a CFW out of this? I'm not a leech I already have a Jailbroken PS3, I'm just wondering
It would be easy as tieing shoe if you obtain key.
10-26-2011, 10:30 PM
#24
Stack0verfl0w
Computer engineer
Originally posted by GE90
Are you gonna try this?
Yes for researching purposing but for real. With this we will have a golden age.
10-26-2011, 11:29 PM
#28
braindead
Bounty hunter
Yes it is quit a good news yesterday. With this Console Key you have the option to decrypt the bootldr. This is the last step to make your console 100% open. Especially it is not patchable from Sony. Give the DevĀ“s a little bit more time and soon we will have all we need!
For more specific of EID Encrypting and Decrypting here is the dicuss from Dev KAZ( math*****) also from Ps3devwiki below:
EID crypto is very complicated, it is done so on purpose. first of all EID0 isn't decrypted with one key, and one
algorithm alone. it is decrypted in several parts which use different algos and keys. the keys are all derivations
of a per console key (per_console_key_1)which is stored inside metldr and copied by it to sector 0 and never
leaves isolation. that same key is a derivation of the per console key (per_console_key_0) used to encrypt metldr
and the bl in the first place as well.
isoldr clears that key from sector 0 before jumping to the isolated module. but before doing so it encrypts it
with another keyset and stores it in a buffer so that the isolated module can use the new crafted key. since the
operation is AES, if you know that keyset you can decrypt the crafted key and get the eid root key without pwning
a loader or metldr through an isolated module. that is not like you really need it because you can already use the
crafted key to decrypt some of eid0, but not all of it. and the crafted key also uses the first elf section to be
built as in your isolated module will have a small section which only contains a key. and that key is used as another
layer by isoldr to encrypt the buffer with it. so basically you have 2 encryption layers over the root key. the final
key then decrypts a specific part of the EID.
eid crypto is actually done smart. that is because most of it originally comes from the cell bootrom, as in they
reuse the same algo used for metldr binaries and bl in the eid crypto, including some of the keys and the steps.
and you cannot decrypt all of the eid sections unless you gathered every single keys and steps. and there are a
lot then you still have to figure out wtf it is you decrypted because eid is actually full of keys.
Source: You must login or register to view this content.
For more specific of EID Encrypting and Decrypting here is the dicuss from Dev KAZ( math*****) also from Ps3devwiki below:
EID crypto is very complicated, it is done so on purpose. first of all EID0 isn't decrypted with one key, and one
algorithm alone. it is decrypted in several parts which use different algos and keys. the keys are all derivations
of a per console key (per_console_key_1)which is stored inside metldr and copied by it to sector 0 and never
leaves isolation. that same key is a derivation of the per console key (per_console_key_0) used to encrypt metldr
and the bl in the first place as well.
isoldr clears that key from sector 0 before jumping to the isolated module. but before doing so it encrypts it
with another keyset and stores it in a buffer so that the isolated module can use the new crafted key. since the
operation is AES, if you know that keyset you can decrypt the crafted key and get the eid root key without pwning
a loader or metldr through an isolated module. that is not like you really need it because you can already use the
crafted key to decrypt some of eid0, but not all of it. and the crafted key also uses the first elf section to be
built as in your isolated module will have a small section which only contains a key. and that key is used as another
layer by isoldr to encrypt the buffer with it. so basically you have 2 encryption layers over the root key. the final
key then decrypts a specific part of the EID.
eid crypto is actually done smart. that is because most of it originally comes from the cell bootrom, as in they
reuse the same algo used for metldr binaries and bl in the eid crypto, including some of the keys and the steps.
and you cannot decrypt all of the eid sections unless you gathered every single keys and steps. and there are a
lot then you still have to figure out wtf it is you decrypted because eid is actually full of keys.
Source: You must login or register to view this content.
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
