[zecoxao]

Originally Posted by moogie depends on what you convert the console to. I am assuming to a debug unit. you would be able to use the features of a debug unit (obviously) such as RSX Profiling Debug, Target Manager etc, debug's are able to execute FSELF's, (fake-signed) an FSELF is neither signed nor encrypted, you do not need keys to FSELF an executable. There are a number of way's of doing CEX-DEX, the one you are attempting, is editing the target id in the IDPS field of EID0 and EID5, to decrypt eEID, you will need to get the per console keys: eid_root_key, eid0_key You can get eid_root_key from either dumping metldr, or dumping the local storage of sector 0 when said key get's copied to it, you can achieve that by patching isoldr to do so. You can obtain eid0_key through AES from eid_root_key. You will also need some static keys that can be found in aim_spu_module.self and appldr. Once you have all that, you will also need the EID algorithm to correctly re-encrypt eEID. Links: Per Console Keys - PS3 Development Wiki Dumping Metldr - PS3 Development Wiki Patched isoldr.self to dump the local storage of sector 0 static keys

hi moogie and thanks for fueling this up, i thought people forgot about this option, turns out they didn't know how valuable it is xD