Talk:Dumping Metldr: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
No edit summary
mNo edit summary
 
(3 intermediate revisions by 3 users not shown)
Line 1: Line 1:
The exact steps should work on a CECH250.A shouldn't they? I first did the steps manually, then ran the script but both resulted in seemingly encrypted garbage (no strings found and nor were erk or the riv saved on 0x00-0x20), I'm using the 3.55checkoff.pup from the "Downgrading with NOR flasher" talk page which seemed to have the SS patches because that is how I retrieved my eid0. --[[User:Afiser|Afiser]] 01:46, 2 January 2012 (CST)
The exact steps should work on a CECH250.A shouldn't they? I first did the steps manually, then ran the script but both resulted in seemingly encrypted garbage (no strings found and nor were erk or the riv saved on 0x00-0x20), I'm using the 3.55checkoff.pup from the "Downgrading with NOR flasher" talk page which seemed to have the SS patches because that is how I retrieved my eid0. --[[User:Afiser|Afiser]] 01:46, 2 January 2012 (CST)
<br /><br />
<br /><br />
-----------------------------------------------------------------------------------
Metldr dump can be achieved without using Otheros++:
Metldr dump can be achieved without using Otheros++:
* Install Red Ribbon (even on external HD).
* Install Red Ribbon (even on external HD).
* Enable SS patches.
* Enable SS patches.
* Follow the rest of steps.
* Follow the rest of steps.
--[[User:granberro|granberro]] 00:00 17 January 2012 (GMT)
--[[User:granberro|granberro]] 00:00 17 January 2012 (GMT)
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------


You need:
Partial sauce: http://pastie.org/private/n5sircpme0xklnlrdhmlpg
 
1 CFW 3.55 Otheros Special ++ [http://www.megaupload.com/?d=Y6BF6NBD]
 
2 A Linux like Red Ribb0n. [http://sourceforge.net/projects/redribbon/files/red_ribbon_rc5.rar/download]
 
3 Graf Chokolo´s latest kernel.
 
--DUMP--
3.1 You can use this app in GAMEOS.
Then dump your flash and save in a usb device.
 
3.2 Unpack the dump, you´ll need ps3tools (NORUNPACK and PUPUNPACK)[http://gotbrew.org/ps3tools.tar.gz]
 
When you have compiled only have to run and use (this omitted and assumes that you already have configured the keys):
 
NORUNPACK YOUR_DUMP.BIN FOLDER-WHERE-UNPACK
 
You´ll need a unpacked copy of OFW to extract other files you can use this fw (3.55)
[http://www.multiupload.com/EF6WZ6PU4K]
 
like this:
PUPUNPACK PS3UPDATE.PUP FOLDER
 
3.3 Now you´ve unpack your flash´dump & FW. These are the files you must depart.
 
NAND/NOR FLASH:
 
METLDR inside of Asecure Loader.
eEID (Need to use the eid splitter to separate the eEID in 0,1,2,3,4,5) and we need the EID0 so also I explain how to do:
 
First, when you have your eEID it´s time to download "eid splitter"tool from RMS [http://www.megaupload.com/?d=OJ4C4CE1] (You´ll need GCC version "gcc eEID-SPLIT.c")
 
when downloaded and compiled, now you can use to your eEID.
"eEID-SPLIT Your_eEID"
 
At finish you´ve "0,1,2,3,4,5", six files i.e. six files have to rename them respectively EID0,EID1,EID2,EID3,EID4,EID5 and READY!.
 
I recommend: you must save all your EID in a safe. It´s your insurance as brick.
 
----------------------------
 
Now you need:
 
<code>isoldr
RL_FOR_PROGRAM.img
default.spp</code>
 
And of course We need tools that allow us to make the dump.
spp_verifier.self >[http://gitbrew.org/git/spp_verifier_direct.tar.gz]
 
 
appldr-metldrexploit350.self >[http://gitbrew.org/metldr838exploit.tar.gz]
 
Well, now in the directory where you unpacked metldr838exploit.tar.gz you have to use these commands:
 
<code>insmod ./metldrpwn.ko ''(Install Mathieulh´s Exploit Module)''
 
cat metldr > /proc/metldrpwn/metldr
 
cat appldr-metldrexploit350.self > /proc/metldrpwn/mathldr
 
cat RL_FOR_PROGRAM.img > /proc/metldrpwn/rvkprg
 
cat eid0 > /proc/metldrpwn/eid0
 
echo 1 > /proc/metldrpwn/run
 
cat /proc/metldrpwn/debug</code>
 
Congratulations! Now you have a unique dump of your system METLDR.


cp /proc/metldrpwn/dump /home/user/"DUMP´s NAME"
== dumps ==


Now yo can find yoy famoys private keys in the first 3 offsets.
metldr CECH-C: https://mega.co.nz/#!BkUiBSRJ!O03LDdg79NzlbXLF0W3U4Fbupv35mKYwaH551CDd26s

Latest revision as of 14:34, 12 September 2014

The exact steps should work on a CECH250.A shouldn't they? I first did the steps manually, then ran the script but both resulted in seemingly encrypted garbage (no strings found and nor were erk or the riv saved on 0x00-0x20), I'm using the 3.55checkoff.pup from the "Downgrading with NOR flasher" talk page which seemed to have the SS patches because that is how I retrieved my eid0. --Afiser 01:46, 2 January 2012 (CST)

Metldr dump can be achieved without using Otheros++:

  • Install Red Ribbon (even on external HD).
  • Enable SS patches.
  • Follow the rest of steps.

--granberro 00:00 17 January 2012 (GMT)

Partial sauce: http://pastie.org/private/n5sircpme0xklnlrdhmlpg

dumps[edit source]

metldr CECH-C: https://mega.co.nz/#!BkUiBSRJ!O03LDdg79NzlbXLF0W3U4Fbupv35mKYwaH551CDd26s

Retrieved from "http://www.psdevwiki.com/ps3/index.php?title=Talk:Dumping_Metldr&oldid=29995"