Naehrwert Tells The World About eEID, And Gives A Wag Of The Finger

July 13, 2012

Developer and all around nice guy naehrwert is getting a little fed up with the PS3 community trolls, but despite this had decided to enlighten us with more info related to eEID.

Earlier on his twitter naehrwert posted a link to what he has named “eEID Cryptgraphy” to help explain what he has learned from the PS3 metldr and the process in which certain files are encrypted.  I know there are developers out there who are going to benefit from it.

When metldr is encrypted at factory, a special keyset is set in the binary before encryption. Later when an isolated loader is loaded by metldr, it will copy the keyset to LS offset 0x00000. It consists of eid_root_key and eid_root_iv. To not having to use the same key for all eEID parts, several subkeys are generated from special data called individual information seed. These seeds are stored in the metadata header of isolated modules loaded by isoldr. When isoldr will load a module, it will call a subroutine that encrypts each seed chunk (0x40 bytes) using eid_root_key and eid_root_iv. Then the so-called individual infos are passed in registers r7 to r22 (= 0x100 bytes in total) to the loaded module where they are used further. Usually isolated modules have a seed section of 0x100 bytes but all of them (except sb_iso_spu_module) have all zeroes but the first 0x40 bytes chunk. You can, for example, find the recently published EID0 seed in the metadata section of aim_spu_module. Appliance info manager is used to get e.g. the target ID or the PSID from EID0. This explains why the seed can also be found in isoldr directly, since that one is checking EID0 too.

Now on the other side of things he Is getting fed up with the kind of activity that has driven developers away from the PS3 scene and just about every other  scene.  Some people out there have gotten it into their heads that the developers have been, as naehrwert puts it, “not releasing information that could potentially lead to more piracy,” this is simply not the case.  Developers are working for free.  So those of you who are out there harassing the developers and generally just out giving the scene a bad name it needs to end.  Nothing good will come from childlike behavior and I agree with naehrwert 100% and his challenge to those of you who can’t patiently wait for a release to simply grab your PS3 and  “fire up isoldr in IDA or disassemble it with objdump and try to reverse all this from start to end.”

All of that said I know it’s not everyone who is doing this and for the most part the PS3 scene is full of good people, but if we want to keep the developers around, and who knows, bring in some new ones we need to maintain the health of the community and police it ourselves.  If this comes off a little preachy then I apologize but it’s been a long time coming.


Tweet this!Tweet this!

Previous post:

Next post: