Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
Status
Not open for further replies.

XxZer0ModZxX

Developer
Contributor
Cex-2-Dex Tutorial [XxZer0ModZxX]


** MAKE SURE THERE ISN'T A DISC INSERTED IN YOUR PS3 !!
** [MUST BE ON 3.55-CFW]

Tutorial
=====


1) On 3.55-CFW, Install the eEID_RKDumper, XxZer0ModZxX Awesome FileManager 2.0.pkg, REBUG-TOOLBOX-02.01.02.pkg.

2) Ont the XMB run eEID_RKDumper (ps1ight).

3) Once back on the XMB, Open XxZer0ModZxX Awesome FileManager 2.0 and copy eid_root_key from dev_hdd0/tmp/ to your USB.

4) Now install 4.21.2 REBUG [REX]. (trough XMB)

5) After run REBUG-TOOLBOX-02.01.02.

6) Now export 'flash to file', make sure the USB is in the right slot! (Slim=2-Fat=2or4)

7) Install OpenSSL on your computer and rename the installation folder to OpenSSL not OpenSLL - Win32.

8) Now put the NORBIN/NANDBIN file, which you got from the 'export flash' and your eid_root_key into the c2d folder.

9) Rename the NORBIN/NANDBIN file to flashCEX.bin and add .bin to your eid_root_key. (example eid_root_key.bin)

10) Open CMD in that directory and type/copy/paste the following code:

-- c2d.exe eid_root_key.bin flashCEX.bin flashDEX.bin 82 (space between -- c2d)

** Use SHIFT + Right Click in the folder c2d to load cmd prompt from there.

== It should bé like -> ....\c2d>'space'[code here]


** Also in map/options Uncheck Hide extensions for known file types.

** If you dont change.. it gives error ..-1 because the file would be like eid_root_key.bin.bin

11) Now press enter and you should have another file created in the c2d folder called 'flashDEX.bin'.

12) Rename the flashCEX.bin to CEX-FLASH.EID0.NORBIN/NANDBIN and rename flashDEX.bin to DEX-FLASH.EID0.NORBIN/NANDBIN
and put them on the root of your USB.
Now put the USB back in the right slot of your PS3.

13) Open REBUG-TOOLBOX-02.01.02 and 'rewrite the target ID in flash' then click yes to both.
Reboot your PS3, go back to REBUG-TOOLBOX-02.01.02 and click swap lv2 kernal.
System wil now reboot and your on DEX/CFW.

Credits : XxZer0ModZxX

Download: (what you need)
  • 4.21.2 REBUG [REX]
  • c2d
  • eEID_RKDumper
  • OpenSSL
  • REBUG-TOOLBOX-02.01.02
  • XxZer0ModZxX 3.55-CFW
  • XxZer0ModZxX Awesome FileManager 2.0
  • CEX2DEX Tut [Zer0].txt
Cex-2-Dex Tutorial [Zer0].7z (377.5 MB)
 
Nice guide @XxZer0ModZxX!

Here's an update for those following as well, to quote from ConsoleHax.com on running PS3 OFW DEX / TESTKIT firmware on RETAIL PS3 Consoles thanks to an Anonymous PS3 dev for sharing the method:

BEWARE! Must read before continuing! This method teaches you to convert your Retail PlayStation 3 to a full DEX, allowing you to install and use official DEX firmwares.

Only a select number of people have used this method before, it was never really released for the public. Because Sony doesn’t really seem to care for the PlayStation 3 and PlayStation 3 scene at the moment we decided to document this method in a detailed guide. Without Thibobo (who wrote this guide) and Anonymous knowledge, time and patience this guide would not have existed.

Pro's for running OFW DEX Firmware:
  • Target Manager works better and most of the debug features are 100% functional;
  • A converted console has almost 0 differences with an official testkit (unless the HDMI controller that can switch on/off HDCP).
Con's for running OFW DEX Firmware:
  • At the time of writing it is not possible to access PlayStation Network because the latest DEX OFW PUP file has not been leaked. (This can change in the future if someone with acces decides to share it [You know who you are :)])
  • You risk a brick during converting if you don’t follow the exact steps.
WARNING! Following this method is NOT without risks!
  • If you flash an eID that is not properly modified you end up with a bricked console!
  • When using this DechA section0 the min.version lowers, but the true min ver of your console still counts, if your true min.version is not respected = BRICK!
  • If you convert on a 3.56 minimum firmware console there is no way back to partial DEX or CEX (unless you have a backup of your partial DEX / CEX flash and flash it with a hardware flasher).
What if I end up bricking my console?

You can recover your console by flashing the NAND / NOR with a proper backup of your flash memory.

This tutorial is written by @Thibobo (Follow him here) with the help of Anonymous.

Requirements
It doesn’t matter which firmware is installed on your PlayStation 3, we recommend using the latest Rebug like us.

Requirements:
  • PlayStation 3
  • USB Flash Drive (fat32)
  • Hex Editor (Download here)
  • Rebug REX 4.82.2 (CEX) Custom Firmware installed (Rebug Toolbox is included or just install it with Package Installer)
  • Cygwin (Download here) or a Linux computer
  • Eeid Flasher PKG (Download here)
Step 1: CEX 2 DEX
Converting from CEX to DEX is done on your PlayStation 3 console, please follow the exact steps as shown in this video. If you’re already on DEX skip this step.

Step 2: Dumping eID Rootkey + Flash Memory to USB
This is done on your PlayStation 3 console on the latest Rebug CFW with MultiMan 4.82 BASE (Download here), follow the exact steps as shown in this video:

Step 3: Extract Encrypted eID from your Flash Dump
NOTE: This step can differ depending on the type of dump (NOR / Full NAND or Partial NAND). Take into account the following offsets.


PS3 CEX-2-DEX Guide Tutorial 1.png

(If you have a NAND console and dumped with MultiMan you have a partial NAND Dump)

  1. Open the dump on your USB Flash Drive with a HEX Editor
  2. Click Edit Select Block
  3. Enter the offset that matches your type of flash dump
  4. Copy the block (CTRL+C) and create a new file in your Hex Editor.
  5. Paste it (CTRL+V) and Save the file on your Desktop named eid without giving it an extension (Backup this somewhere safe!) It should look like this:
PS3 CEX-2-DEX Guide Tutorial 2.png

PS3 CEX-2-DEX Guide Tutorial 3.png

PS3 CEX-2-DEX Guide Tutorial 4.png

Step 4: Decrypting your eID
  1. Download ps3_decrypt_tools here
  2. Extract the ZIP and open the ps3_decrypt_tools-master folder
  3. Double click on the data folder and copy + replace the eid_root_key file that you dumped earlier.
  4. Go back and double click on the eid folder now copy + replace the eid file you created earlier.
  5. (In this tutorial we are now using Linux to compile the program unique to your eid and rootkey, you can also use Cygwin on Windows for this step)
  6. Copy the modified ps3_decrypt_tools folder to your Linux (Virtual Machine)
  7. Open terminal inside the folder and type make to compile the program with your unique eid and rootkey
  8. If done correctly, a new version of the tool has been built. Run it with using the command ./decrypt_tools
  9. Decrypt by selecting Option 1 (Type 1 and press enter)
PS3 CEX-2-DEX Guide Tutorial 5.png

PS3 CEX-2-DEX Guide Tutorial 6.png

PS3 CEX-2-DEX Guide Tutorial 7.png

PS3 CEX-2-DEX Guide Tutorial 8.png

PS3 CEX-2-DEX Guide Tutorial 9.png

Congratulations! You have now successfully decrypted your eID!

Step 5: Replace eid0decrypted.section_0.bin + Re Encrypting the eID!

This step teaches you to replace eid0decrypted.section_0.bin with one from an official Testkit.
  1. Download the DECH A eid0decrypted.section_0.bin file (here)
  2. Copy/Paste + Replace the downloaded file to the eid folder here:
  3. Navigate to the root of the ps3_decrypt_tools-master and run it again, this time choose option 2 to re encrypt.
  4. If done correctly the encrypted files should be displayed in the eid folder
PS3 CEX-2-DEX Guide Tutorial 10.png

PS3 CEX-2-DEX Guide Tutorial 11.png

PS3 CEX-2-DEX Guide Tutorial 12.png

Step 6: Replace IDPS
This step teaches you to replace the IDPS from your eID with the IDPS found in the eid0decrypted.section_0.bin file.
  1. Grab the following files and open them in a hex editor (eid / eid0decrypted.section_0.bin and eid0encrypted.section_0.bin
  2. Take the first 16 bytes offset (0x0-0xF) from eid0decrypted.section_0.bin and copy them
  3. Open eid and paste + replace them in offset (0x70-0x7f) / Size(0x10
  4. Open eid0encrypted.section_0.bin select everything (offset (0x0-0xBF) and copy it (CTRL + C)
  5. Paste (and replace) it in eid at offset (0c90)
  6. Close and save the files -> You’re done here! Moving on to the final step!
PS3 CEX-2-DEX Guide Tutorial 13.png

PS3 CEX-2-DEX Guide Tutorial 14.png

PS3 CEX-2-DEX Guide Tutorial 15.png

PS3 CEX-2-DEX Guide Tutorial 16.png

PS3 CEX-2-DEX Guide Tutorial 17.png

Step 7: Finalizing + Flashing your modified eeid.bin
This is done on your PlayStation 3 (make sure to attach the USB Flash Drive with the modified file + Flasher PKG to the console). Follow the exact steps as shown in this video:

WOW! It was a hell of a ride, but if done correctly you now have an Official DEX Firmware installed on a Retail console!

Converting back to standard CEX or DEX Custom Firmware?

Follow this video tutorial to convert your DEX Firmware console back to a CEX or DEX Custom Firmware:

CREDITS!
This tutorial is written by @Thibobo (Follow him here) with the help of Anonymous.
It requires cfw, so all models under cech3XXX.

Download: Full-DEX-conversion-tutorial-ENG.pdf (1.95 MB)
From zecoxao: Converting to True DEX: Python Way

Required Tools:

  • python2
  • ecdsa python module
  • pycryptodome module
  • verify_eid.py file (provided in the zip)
  • donor file (provided in the zip) (WARNING, contains DECH-A idps minver! do NOT push your luck by by going below the previous idps minver!)
  • advanced tools (provided in the zip)
  • eid_root_key (get this either with flatz's dumper or rebug toolbox's embedded dumper)
  • eid file (you can get this by running advanced tools->dump_eeid and renaming eeid.bin to eid)
Steps:

1- Place ALL of the files required in the same folder
The structure MUST BE: folder:
Code:
   --------eid
   --------eid_root_key
   --------donor
   --------verify_eid.py
2- Run the script:
Code:
python2 verify_eid.py
3- Make sure that the ECDSA values are VALID (if the idps is INVALID and the CMAC is INVALID, they'll be VALID later)
4- rerun the script
5- Make sure that ALL 3 values are VALID
6- Install Advanced Tools
7- Place your newly modified eid in the root of usb stick. rename it to eeid.bin
8- Run Advanced Tools->Flash EEID
9- Congratulations! You're now on full DEX system! You can now go to any DEX OFW without siren beep (validation brick)

Tools:
it's another way. the entire section 0 leaf from a debug console gets into the section 0 leaf from a retail console. the header gets also updated with the new idps, and of course the cmac is forged to prevent bricking. this effectively makes the console behave as a DECH
you can also do this trick for anything. for example if you have swapped the target id to 0xA0 and you flash the leaf using this method, you can convert to arcade (and you could use an arcade cfw and do nasty stuff with it :p)
using an entire arcade leaf effectively lets you install any arcade ofw
Convert PS3 IDPS EID0 Leaf from CEX to True DEX
 
Status
Not open for further replies.
Back
Top