Hello,
I hope you can help me or have a hint.
I have a PS4 Slim CUH-2216a with firmware 8.03
I know that there is currently no jailbreak for this firmware!
Nevertheless, I wanted to deal with this topic.
That's why I disassembled the PS4, unsoldered the NOR chip (MX25L25635FZ2I-10G) and dumped it via hardware. The sflash0 dump is exactly 32MB - 0x20000000 bytes in size (read out several times!).
Then I created an Ubuntu 18.04 VM with VirtualBox so that I can mount the 500GB HDD. For this I extracted the eap_hdd_key into the keys.bin with the hdd_script.py V3 from the flash0 dump.
Up to this point there were no error messages. I also have the BwE PS4 NOR Validator. Have the NOR dump checked again. Here, too, everything seems to be right.
Then I tried to mount the HDD with cryptmount. I have it with both ioffset
as well as without ioffset tried
Nevertheless I get the following error message:
The HDD works without any problems in the PS4, so I first rule out a defective partition.
UFS Explorer Pro under Win 10 also only brings garbage data after the encrypted one.
Where am I wrong or what am I doing wrong?
Thanks for help!
I hope you can help me or have a hint.
I have a PS4 Slim CUH-2216a with firmware 8.03
I know that there is currently no jailbreak for this firmware!
Nevertheless, I wanted to deal with this topic.
That's why I disassembled the PS4, unsoldered the NOR chip (MX25L25635FZ2I-10G) and dumped it via hardware. The sflash0 dump is exactly 32MB - 0x20000000 bytes in size (read out several times!).
Then I created an Ubuntu 18.04 VM with VirtualBox so that I can mount the 500GB HDD. For this I extracted the eap_hdd_key into the keys.bin with the hdd_script.py V3 from the flash0 dump.
Up to this point there were no error messages. I also have the BwE PS4 NOR Validator. Have the NOR dump checked again. Here, too, everything seems to be right.
Then I tried to mount the HDD with cryptmount. I have it with both ioffset
Code:
************************************************** *******
# / etc / cryptmount / cmtab - encrypted filesystem information for cryptmount
# try 'man 8 cryptmount' or 'man 5 cmtab' for more details
user {
dev = / dev / sda27
dir = / ps4hdd
flags = user, nofsck
fstype = ufs mountoptions = ro, noatime, noexec, ufstype = ufs2
cipher = aes-xts-plain64
ivoffset = 111669149696
keyfile = / home / ps4hdd / Desktop / ps4 / keys.bin
keyformat = raw
}
************************************************** *******
Code:
************************************************** *******
# / etc / cryptmount / cmtab - encrypted filesystem information for cryptmount
# try 'man 8 cryptmount' or 'man 5 cmtab' for more details
user {
dev = / dev / sda27
dir = / ps4hdd
flags = user, nofsck
fstype = ufs mountoptions = ro, noatime, noexec, ufstype = ufs2
cipher = aes-xts-plain64
keyfile = / home / ps4hdd / Desktop / ps4 / keys.bin
keyformat = raw
}
************************************************** *******
Code:
sudo cryptmount -m user
[cryptmount-mount]: / ps4hdd: wrong fs type, bad option, bad superblock on / dev / mapper / user, missing codepage or helper program, or other error.
UFS Explorer Pro under Win 10 also only brings garbage data after the encrypted one.
Code:
Cipher algorithm: AES
Cipher block chaining: XTS
"Salt" method: Plain number, 64bit
Key length: 256
Block size: 512
Secret Key: key.bin code in HEX
Thanks for help!