Now you can dump rootkey without Linux, @willemse21 brought this news to the board. Nice to see more progress being made on this topic. Needless to say use it at your own RISK. Don’t ask about a n00b tutorial, as far as i know nobody is doing it, hence we are in *testing* stances. When something *foolproof* and noob friendly arises you will see it posted.
dump_rootkey – 2012 by naehrwert
=== How-to ===
[1] Install asbestos_ldr.g.pkg on your PS3 (a firmware with lv2 peek/poke is
required to run it).
[2] Compile the client (make sure PS3HOST in main.cpp points to your PS3).
[3] Make sure you got your metldr in ‘./data’ as ‘metldr’.
[4] A prebuilt ‘dumper’ is included in ‘./data’ (dumper.elf and build.bat is
included too if you want to change parameters).
[5] Start asbestos_ldr on your PS3.
[6] Start the client on your PC.
[7] Unicorns!=== Asbestos License ===
Copyright (C) 2010-2011 Hector Martin “marcan” SPU mailbox threshold interrupt
[INFO] Interrupt status (2, application) = 0000000000000011
[INFO] -> SPU mailbox threshold interrupt
[INFO] -> mailbox interrupt
[INFO] Mailbox value = 1
[INFO] -> Dumper loaded.
[INFO] Transferring eid_root_key to buffer…finished.
[INFO] Dumping eid_root_key…done.
[INFO] SPU status = 0×00000081
[INFO] Destructing spe…done.
[INFO] Press any key to exit…Download Link:Â http://www.sendspace.com/file/dxdmat
Pastie:Â http://pastie.org/4301209
To quote:
Something interesting that wrote @JonahUK:
You will still need to do some manual editing for the conversion but this is still great news.
@PsDev response:
Nope, once root key is dumped you’re good, just run flash and root key my/gunner tool (Depending on flash) and then validation will be done, just re-flash to you’re now DEX flash and it will still boot into gameOS just now update to 4.11 DEX FW or any DEX FW
Source:
https://twitter.com/naehrwert
07-22-2012
02:08 PM
Also:
07-22-2012
02:13 PM
I just love the way new methods and stuff appear all the time. Makes the scene feel "alive" like old times... Thank you [MENTION=208169]willemse21[/MENTION] for the topic, and thank you @naehrwert for the good work, like always.
07-22-2012
02:14 PM
07-22-2012
02:17 PM
07-22-2012
02:17 PM
@naehrwert
wow, youre so fast in developing this.. BIG THANKS for that..
i guess you did not need any metldr dumps as requested in a other thread?
if still needed.. no prop wanna test the ps3 app for dumping it ;-)
07-22-2012
02:20 PM
Is this the per console key or the actual ps3 rootkey?
07-22-2012
02:28 PM
so if i got it right all we have to do to get our root key is to install asbestos run an ftp client and we are ok right?
07-22-2012
02:29 PM
hm, for compiling the PC-Side i have to install something like gcc or visual studio...
can you "outsource" the PS3 IP-Adress as a parameter in a config file?
So everyone can use it more flexible???
07-22-2012
02:29 PM
What commands would I use to compile this? $ make *client_name_here*
07-22-2012
02:31 PM
not posix, but unix... whatever xD
07-22-2012
02:32 PM
07-22-2012
02:33 PM
07-22-2012
02:42 PM
Alright so can we use windows to do this?
I don't have a computer so I can't see download files
Sent from my SPH-M580 using Tapatalk 2
07-22-2012
02:43 PM
07-22-2012
02:49 PM
It's C++ source code, so you could use Microsoft Visual C++ 2010 Express (it's free
to compile a client.
Someone will soon make an .exe with a GUI which asks for your PS3's IP addy, it will become relatively foolproof... I hope.
07-22-2012
03:04 PM
Has anyone actually gotten this to work?
I changed IP of the PS, and changed the IP in the main.cpp file. The program built fine (using "sudo sh ./build.sh") I could ping the PS3 in the XMB, but when I loaded up the asbestos.g.pkg file, the screen went black, and no more ping.
I ran the program dump_rootkey, and it printed one line:
07-22-2012
03:33 PM
07-22-2012
03:57 PM
07-22-2012
04:02 PM
kmeaw,rogero they all should do the job
...thx anyway
its just connecting....nothing more..hard reset to quit app, yes i block it internet access, only ps3ip allowed..to bad..maibe someone else has more luck
07-22-2012
04:03 PM
thx naehrwert good to know you are in the ps3 scene.
07-22-2012
04:04 PM
kmeaw,rogero they all should do the job
...thx anyway..wait lets try again 
its just connecting....nothing more..hard reset to quit app, yes i block it internet access, only ps3ip allowed..to bad..maibe someone else has more luck
07-22-2012
05:06 PM
My results are at http://pastie.org/4302552
The ps3 app just hangs on blackscreened ps3 and you can't ping it. I guess that's the problem?
Also dump_rootkey doesn't compile on gcc, i needed to use g++ but get the same results you guys do..
07-22-2012
05:16 PM
Too bad im not the only one who cant get the root_key from this metod... I've tried with Kmeaw (need to hard reset and then Rebuild Databese in Recovery Menu every time i run asbestos_ldr on KMEAW) and CFW355-OTHEROS++-SPECIAL.
But i only get
[INFO] Connecting to 'ip_adress'...ok.
Damn.
07-22-2012
05:17 PM
07-22-2012
05:24 PM
I tried to compile a version with mingw for win32 as well, but this didn't compile as mingw's gcc requires a large number of path modifications to even run 'gcc.exe' from the commandline. Or i'm missing something
I don't think the compiling is the cause of the problem. The rpc server seems to be, as it seems to 'just blackscreen' and you can't even ping the ps3 after that. I need to use the ps3's hardware power switch to get it back up again..
07-22-2012
06:08 PM
I think someone forgot to add a couple ULL to the end of some important numbers, and it's causing some issues. But hey, I can't even get the .g.pkg to install without getting an error
edit:/ nix that (well those two errors on line 243 still need to be resolved by adding a ULL), the client doesn't seem to care if it finds a ps3 with rpc server at all when it does connect, it will always say ok even with wildly wrong IP addresses. The package don't like me either way (80029564), not that I need it as I already did this process weeks ago anyway on my own steam.
07-22-2012
06:37 PM
07-22-2012
06:40 PM
i can't wait for proper working tutorial on this....
07-22-2012
06:50 PM
Frontpaged
07-22-2012
06:58 PM
4.11 NO CFW = Fake
which would mean there is 4.11 cfw
07-22-2012
07:01 PM
07-22-2012
07:08 PM
prolly this is the error we are facing off!?
[3] Make sure you got your metldr in ‘./data’ as ‘metldr’.
where can we get this without linux?
07-22-2012
07:10 PM
OK, I had to repackage it a couple different ways but once I got it to install it worked great. The ps3 is a slim running 3.41 hermes cfw, when the app starts the PS3 black screened, I then ran the client after editing in my PS3's IP (edit: and copying a metldr extracted from my NOR dump over to the folder as instructed), compiled under cygwin using the supplied .sh script which is really just a gcc command (I added the ULL to those two vars to fix any problems that 'int is not a long' causes under windows) and got:
I'm a happy camper now, with a RPC server I can just run like an app. Sure beats going back to those old graf dongle payloads
tul: follow the info deank posted to use multiman to take a dump of your console flash, and use one of the existing tools to extract the crypted metdlr - that is all you need to do to get metldr for this.
btw, this is the fix for line 243:
07-22-2012
08:06 PM
hi thnx for the reply, and i did already extracted metldr and puted it in data folder, still no luck in the process, it just show connecting 192.168..... ok and hangs in there.
im using kmeaw and ubuntu in vmware, still dump win32app gave same result.
07-22-2012
08:14 PM
a video would be much better for us noob
07-22-2012
08:54 PM
My little contribution...
Using dump_rootkey on Ubuntu 12.04
1- Extracting :
sudo apt-get install p7zip
p7zip -d dump_rootkey.7z
2- Edit PS3HOST in main.cpp with the IP of your ps3 :
cd dump_rootkey/
gedit main.cpp
edit :
#define PS3HOST "169.254.0.2" <- your PS3 ip
save
3- Compile :
sudo apt-get --reinstall install build-essential
chmod +x build.sh
sudo ./build.sh
4- Extract the metldr from your flash dump and copy your metldr in 'data' dir as 'metldr' :
(Get your flash dump with mmOs or memdump_0.01-FINAL and extract METLDR with CEX2DEX Application)
5- Run :
./dump_rootkey
enjoy
07-22-2012
08:56 PM
Hey, the Scene Status up on top finally changed....
07-22-2012
08:59 PM
tul: my guess is you are simply not able to see your PS3 from your PC. Check for routing issues or similar things like firewall blocking the app, it's not on the same port as FTP for example.
I'm off, good luck anyone trying this... all I can really say is it's easy and it works to grab the key.
07-22-2012
09:31 PM
To get this to compile is VS 2010 alter the header of main.cpp
#define _ERROR(...) printf("[ERROR] " __VA_ARGS__) #define _INFO(...) printf("[INFO] " __VA_ARGS__) #pragma comment(lib, "ws2_32.lib")Watching the traffic in network monitor I can see that if the console is sitting at XMB and I start the app, there are two ARPs and then a UDP packet sent from my pc, no reply as expected.
If I fire up the RPC and then start the app on the pc I see the two ARPs but never an outgoing UDP packet because the ARP comes back empty handed. I'm going to try another router, it seems that once the RPC is active I start to get IPv6 DHCP requests on the network (router does not support that)
Update: Attempted with another router running open-wrt, same story.
07-22-2012
09:33 PM
sorry to be the noob here, but how big of a deal is this? just glancing through the most recent posts it would seem that we are on the verge of making the complete breakthrough of cfw? am i wrong, still a ways to go? could someone clue me in?
07-22-2012
09:48 PM
07-22-2012
10:55 PM
success in compiling with cygwin after fixing the source.. thnx cory1492 for your fix..
but i only get this:
INFO] Connecting to '192.168.1.104'...ok.
i think it is an timing problem.. the dump_rootkey.exe opens a random UDP-Port (above 60000 i think) on the PC... but the PS3 is not able to connect back
maybe my wlan is the problem or the acess-point..
to tired now to watch ahead... maybe fixing tomorrow.. soooo close to it ;-)
07-22-2012
11:39 PM
Can I extract metldr from 4.11 nor backup and use it in this app?
Im using Downgraded PS3 and I have nor backup from FW4.11 is its metldr same as 3.55's metldr ?
if not Please someone direct me to extract metldr from my 3.55 cfw
07-22-2012
11:52 PM
* Create a dump of your NOR/NAND (use multiMAN to create a .NORBIN/.NANDBIN file - USB connected as /dev_usb000 required) - To dump flash: mmOS->Select any file->Open in HEX viewer->[SELECT]->[START]->DUMP LV2(NO)->DUMP LV1(NO)->DUMP FLASH(YES) * Transfer to your PC and unpack it with norunpack.exe or cex2dex to a folder and grab "metldr" from the "asecure_loader" folder * Put "metldr" into the "metldrpwn" folder on your USBnorunpack.exe lot_of_numbers_FLASH-NOR-FW3.55.NORBIN metldr
07-22-2012
11:52 PM
mmOS->Select any file->Open in HEX viewer->[SELECT]->[START]->DUMP LV2(NO)->DUMP LV1(NO)->DUMP FLASH(YES)
Transfer the dumped file of the NOR or NAND flash (copied to the USB) to your PC, and use norunpack.exe:
norunpack.exe flash.BIN extract_folder
In the extract_folder you will find the "metldr" (59KB) inside the folder "asecure_loader".
An alternative method to extract "metldr" is using the CEX2DEX application by Gunner54.
You first have to downgrate to 3.55 (DEX or CEX), to apply any flash patch using multiMAN.
07-22-2012
11:53 PM
No Linux, but you have to compile ****...
07-23-2012
12:01 AM
I think "No Linux" referred to PS3 not PC
It took me 10 minuets too run/setup/install Ubuntu on VMware and 5 minuets to compile, yet again cygwin or Microsoft Visual Studio is on windows if you have time to work with.
************* [ - Post Merged - ] *************
Im already downgraded and was looking for way do get metldr in 3.55 with your post there is noting left unanswered
07-23-2012
12:26 AM
07-23-2012
12:35 AM
I get error about free up flash memory at least 16 mg and put it in dev_usb try again my flash is empty just one pkg and the rest of ~14gig emptiness!!! any Ideas?
07-23-2012
01:33 AM
hi guys,
it is modified and compiled for windows using cygwin:
http://www.ps3-infos.fr/forum/applic...ps3-t3267.html
you need to provide the ip as parameter
07-23-2012
01:55 AM
thanks loliloz, here is a mirror for those lazy to register:
http://disk.karelia.pro/fast/7WzfCmJ...r%20Attila.zip
07-23-2012
02:31 AM
Hi, sorry for the n00b question before trying this program.... once i dump the root key, how can I change to DEX without linux? Thanks
07-23-2012
02:53 AM
Cheers [MENTION=43448]kokotas[/MENTION]
07-23-2012
03:15 AM
Is this a full dex convert if so is my slim gonna be worth $2000
How many units will be going on ebay lol
07-23-2012
03:17 AM
Naerwehrt pointed out asbestos will ask your router for an IP by DHCP .. and listen on that IP. So you guys should check your router's DHCP client table or sniff the assignment with Wireshark to find out on which IP your PS3 is active.
Thanks!
I'm at work right now so i can't confirm if it works, but it seems to me that is the reason the client never connects. I couldn't ping the IP i had assigned to the PS3 after running Asbestos, so it must have gotten a new one at that point
If it works, someone kindly confirm
07-23-2012
03:22 AM
07-23-2012
03:33 AM
not working((
07-23-2012
03:35 AM
07-23-2012
03:36 AM
dump_rootkey.exe 192.168.0.1
07-23-2012
03:37 AM
Ок thanks)))
07-23-2012
03:52 AM
************* [ - Post Merged - ] *************
well i can confirm thats not the case, i checked my router dhcp and no new dhcp ip was found, also check straight connection wiht only a simple switch, and even also by wlan address, none of them works :S
to be covering all possibilitys, i have tried with ubuntu compilation and with windows compilations, none of them :S
07-23-2012
05:13 AM
Asbestos doesn't seem to run on rebug, it goes black screen, no ip is requested, have to do a hard reset too.
07-23-2012
05:15 AM
Reading this, i believe we need to set up addition dhcp/tftp server with rootfs + kernel.
Naerwehrt didn't say this would work off-the-bat as-is. I guess we'll need to boot from a nfs share to get a minimal linux running. Also at this point i'm not sure if we can use netrpc as soon as the kernel is booted, or even if no kernel is booted
See http://marcansoft.com/blog/2010/10/a...nux-as-gameos/
And some people wrote a semi-coherent step-by-step guide to boot: http://mrgatz85.blogspot.nl/2010/10/...os-hybrid.html
We should really be seeing some dhcp-related chatter from the ethernet port after running the asbestos pkg.. nobody has a sniffer handy to confirm? (still at work here..)
07-23-2012
06:17 AM
I found something which is odd I think, Whatever IP I write, it'll say :
PS : I used the modified exe by Atilla ( you'll see in the Screenshot )
07-23-2012
06:24 AM
Wasn't asbestOS for 3.41? could that be why it fails?
EDIT: tried accessing PS3devwiki, but cant, to confirm it..
07-23-2012
06:31 AM
07-23-2012
06:51 AM
07-23-2012
06:54 AM
someone try on 3.41? cant hurt can it?
07-23-2012
06:55 AM
I don't want to quote myself, but if people read my two lasts posts in this topic, you still use linux, so the topic title is wrong, and this won't work as-is. Some more steps are needed.
Asbestos ldr kills gameos and loads a kernel by tftp from a server you provided it with by dhcp. The whole procedure should go a little like this:
1. Install PKG
2. Setup PC with linux (virtual machine) which runs NFS export with your linux filesystem.
3. Setup TFTP server, to server kernel to the PS3
4. Setup DHCP server, to assign IP to the PS3, and provide tftp server address (from #3)
5. Patch linux kernel to use NFS as root filesystem (from #2)
- Run the installed asbestos app.
- The ps3 will 'warm boot' and get rid of gameOS
- It will get an IP and the tftp server adress by DHCP
- It will load the kernel from the TFTP server & boot it.
- The kernel will boot, and try to mount the rootfs from NFS
- Linux is now ready to be used
- Run exploit
So technically, there is no 'linux installed' on the ps3, but your still booting it up. By network.
07-23-2012
06:57 AM
This is a wild guess, since I have no knowledge on ps3 stuff. I took a look on build_dumper.bat and changed the self-fw-version from 0003004100000000 to 0003005500000000, and run the dumper again using scetool. This is the file it produced:
http://disk.karelia.pro/fast/6YARoen/dumper
Can't hurt to give it a shot now, can it?
07-23-2012
07:04 AM
07-23-2012
07:30 AM
The original files are confirmed as working on 3.41 'hermes' on another ps3 news site. You don't need to have nfs/tftp setup it seems, so my assumption seems to be wrong. Guess all it needs is a proper dhcp.
Unconfirmed on 3.55 (rebug/kmeaw etc.) still.
07-23-2012
07:31 AM
07-23-2012
07:43 AM
naehrwert has confirmed that asbestos pkg only works in 3.41
He has posted the source of asbestos to change the offset for people to adapt it to other firmware versions: http://t.co/61ApHQni
07-23-2012
07:44 AM
Check naehrwert's latest tweets. Looks like it was compiled for 3.41. He provided the source, so if you change lv2 offsets, etc, it should work for 3.55.
07-23-2012
07:44 AM
lol..don't get me wrong but by the time we have it up&running u have it dumped via linux..used the redribbon way..this simply aint working on 355
tryed everyting in the topic, cygwin/wubi-linux..all the same..thx fo sharing...
07-23-2012
07:47 AM
Looking forward to an updated one complied, once this is incorporated into [MENTION=114607]deank[/MENTION]'s cexdex tutorial this is going to be uber simple :D
07-23-2012
07:54 AM
According to this page, I think this should be the right changes. http://www.ps3devwiki.com/wiki/LV2_F...s_and_Syscalls
#define LV2_SYSCALL_TABLE 0x8000000000346570ULL
#define LV2_MEMCPY 0x800000000007C3A4ULL
Edit: You may also have to change the syscall to match your mfw. They're also listed on that page.
07-23-2012
07:54 AM
07-23-2012
08:12 AM
sure..if it worked out of the can
small fix afteral for 355 if re-compiled?
we noobs have to wait a litlle 
or get of our lazy ass... 
edited the dumper.bat to 355 and with scetool build another one, unself'd with scetool and repacked it but the eboot.bin is way to small..the repack noob
great share nontheless!!
07-23-2012
08:40 AM
http://www.sendspace.com/file/54r98m
asbestos_ldr_retail_355.elf and
asbestos_ldr_retail_341.elf
07-23-2012
08:46 AM
Can somebody compile it to an pkg File? Would be way better to manage I think.
07-23-2012
08:48 AM
07-23-2012
08:59 AM
multiman not run elf((
07-23-2012
09:16 AM
Video tut for elf -> eboot here:
PS3 3.55-geohot EBOOT patching and packaging TUTORIAL - YouTube
Or use any of the public tools/gui stuff for it
07-23-2012
09:16 AM
http://www.ps3hax.net/2012/07/make-p...bzero-dezigns/ could this be used to make pkg and launch it on kmeaw/rebug 3.55?
07-23-2012
09:27 AM
If you create an EBOOT from the elf first, yes.
make_self_npdrm EBOOT.ELF EBOOT.BIN <GAME/PATCHID>
07-23-2012
10:10 AM
[MENTION=7808]Asure[/MENTION] did you manage to get 3.55 version working?
07-23-2012
10:12 AM
It is not working on kmeaw 3.55 and I guess naehrwert knows that the stage2 is different for 3.55 (the elfs he provided differ only with the memcpy/syscall11 offsets). Kudos to Hermes/ArielX/marcan for creating the loader almost 2 years ago.
07-23-2012
10:19 AM
i compiled the elf to pkg file, not at home, will test it as soon as i arrive, meanwhile of some1 wnat to give a shot.
07-23-2012
10:21 AM
07-23-2012
10:27 AM
07-23-2012
10:27 AM
07-23-2012
10:31 AM
07-23-2012
10:34 AM
can you make sence out of this one 9 minuets ago provided by naehrwert instead on elf file!!!
07-23-2012
10:40 AM
07-23-2012
10:42 AM
07-23-2012
10:43 AM
07-23-2012
10:44 AM
07-23-2012
10:48 AM
07-23-2012
10:54 AM
Well, Naehrwert is gonna teach us all a little bit in "do the s*** by yourself".
He has thrown out an .pup where he knew it´s only working in 3.41... the scene figured that out.
He has provided an .ELF which needed to get a .pup... the scene figured out... but, noone knew (understood) what´s inside the .ELF.
I think the next step will be: de-compile the .ELF, change the base2, re-compile and doing a .pup again.
I wonder if that will be the final move....
Btw.: I like the way he´s doing that.
07-23-2012
10:57 AM
Im using downgraded PS3 and its flash is kind of messed up enough last tutorial includes whiping hard installing linux and other stuff is there any hope that this one make clean convert without bricking my PS3?
another question is it even possible that any of these methods work on Downgraded PS3(ROGERO cfw 3.55)?
07-23-2012
10:59 AM
07-23-2012
10:59 AM
************* [ - Post Merged - ] *************
07-23-2012
11:09 AM
07-23-2012
11:10 AM
Ok, I spoke with Naehr on IRC and he has this to say:
07-23-2012
11:14 AM
Hо мы пpойдем с тобою пyть чеpез тyман!
Hо мы пpойдем с тобою пyть чеpез тyман!
Hо мы пpойдем опасный пyть чеpез тyман!
07-23-2012
11:17 AM
07-23-2012
11:17 AM
http://e3-tech.net/download/E3%20CFW...W%20manual.rar
07-23-2012
11:20 AM
07-23-2012
11:26 AM
07-23-2012
11:26 AM
07-23-2012
11:28 AM
07-23-2012
11:29 AM
I didn't know a QA Flagged PS3 could do that. I'll have to look into that. That the 1st I've heard of such.
07-23-2012
11:30 AM
he must have a binnepretje seeing this topic..funny guys.. haha
no problem, i have tryed to repack it errors out with 80029533 and in the meantime dumped 2 rootkeys, let's sit this one out... 
07-23-2012
11:33 AM
thnx for making this clear.. so thats the point i cant follow any more
have compiled the client, portet the 3.55-elf to a EBOOT.BIN and packed it up to a pkg file..
this file installed but the PS3 falls back to XMB without any error...
so i know i have to wait since one of the programmers which have no problem in fixing asbestos+loader for 3.55 will give us the ready-2-go pkg for 3.55
btw... learned so much in this process :-)
thnx for that at all devs here...
07-23-2012
11:35 AM
Right, that's it, i'm QA flagging & back to 3.41.
07-23-2012
11:39 AM
damm, so i guess i have no chance besides wiping the entire disk :S
07-23-2012
11:43 AM
07-23-2012
11:57 AM
07-23-2012
12:09 PM
07-23-2012
12:52 PM
Can you not use kmeaw's BootOS and LV2 Patcher to do the same thing? IIRC, that supports 3.55
07-23-2012
01:14 PM
07-23-2012
01:22 PM
got the same idea.. have bootos 2.01 and lv2-v9 installed..
but know? i can install debian or any other linux distro... thats the beginning...
what is to do do get the rpc-server running with this 2 progs??
/edit
ok 1 step closer.. so i can install Red Ribbon with the livecd-version and dont have to format my internal hdd cause installing
on USB-Stick...
But... completely without this step is the final we all want :-)
/edit off
07-23-2012
02:26 PM
Got my rootkey. Now looking at the other pasties (apr 29th?) that popped up recently.
07-23-2012
02:39 PM
does this work with 256nand phat on 3.55 ?
07-23-2012
02:43 PM
07-23-2012
02:49 PM
- Install all the stuff required for psl1ght (took ages to compile..)
- Install psl1ght itself
- Patch the asbestos loader & kernel
- Figure out the second stage stuff so it boots on 3.55 (needs a skilled dev, i'm just a linux guy..)
07-23-2012
02:52 PM
Hopefully someone will make a KMEAW version one day soon.
07-23-2012
02:56 PM
Oh man. I downgraded from 3.55KMEAW to 3.41Hermes and now I cannot install arbestos_ldr.g.pkg.... It throws an error. I think you have to install it in 3.55 before downgrading... Now I'll upgrade to 3.55 again, install, and downgrade to 3.41
07-23-2012
02:58 PM
07-23-2012
03:00 PM
I can install other pkgs in 3.41CFW from the Install Package menu but installing the arbestos pkg thows an error 80029564...
07-23-2012
03:17 PM
I've got the same problem as you klaxnex, what we need to do in order to install this package ?
07-23-2012
03:19 PM
I'm now in 3.55 and I installed asbestos pkg perfectly!!! This is weird hehe
Now QA and downgrade again to 3.41....
07-23-2012
03:23 PM
All I had to do was extract the package and rebuild it, I think the .g. mean geohot type package or something, and hermes' firmware does not care for those at all. My guess is naehrwert is using some slick mfw 3.41 or oos++ 3.41.
07-23-2012
03:24 PM
hehe..same error here
Qaflag console
OtherOS special pup
back to 3.41
rammed the hermes payload on the good old x3maxie
bam..error..we must be doing something wrong
atm.grabbing Hermes PS3 Custom Firmware 3.41 with Payload 4
can someone refresh my mind..one install OFW341 and using a donlge with hermes payload to JB right? it's the same as installing the above firmware?
atm..it isn't faster....miepmiepzoef..
thx for the awsome share though
edit: ok..repacking it..thx!
07-23-2012
03:28 PM
Here is a command line version of dump_rootkey utility. Just type dump_rootkey your_ps3_ip_address to connect.
Added: repacked .pkg for 3.41
PS: Uploaded to http://www.sendspace.com/file/zbh5pn http://www.sendspace.com/file/58spws
07-23-2012
03:33 PM
07-23-2012
03:36 PM
Oh and i didn't grab hermes 3.41, just rolled my own with MFW builder. I did flash 3.41 ofw first, but probably could have gone directly to 3.41+peekpoke, that's all that was needed.
When i was back on 3.41 ofw i thought 'crap, no more htc desire with hacked bootmenu+jailbreak on it..' hehehe.
07-23-2012
03:39 PM
To get the "metldr", just dump your flash with the latest build of multiMAN:
mmOS->Select any file->Open in HEX viewer->[SELECT]->[START]->DUMP LV2(NO)->DUMP LV1(NO)->DUMP FLASH(YES)
i dont even get dump lv2 dump lv1 dump flash ? lol on the latest version of multiman ???
07-23-2012
03:48 PM
07-23-2012
03:50 PM
07-23-2012
03:52 PM
Ups, upload release build, try this one: http://www.sendspace.com/file/zbh5pn http://www.sendspace.com/file/58spws
07-23-2012
03:56 PM
cheers :D b-) (( ---DEFAULTDNB ---))
07-23-2012
03:57 PM
HTC desire...blackberry FTW j/k
anyway...after repacking it installed fine(PKG Toolkit GUI)
http://dl.dropbox.com/u/19078406/UP0...1122223333.pkg
ok..let's roll another one and move on, let's see if its working
07-23-2012
04:09 PM
I cannot dump flash with Multiman 04.04.03.
I've tried in normal and debug mode (L2+R2).
I'm in CFW3.41.
1. I have USB pendrive in the right usb connection (dev_usb0)
2. I open a file in HEX Viewer
3. I press SELECT (LV2 View)
4. I press START.
5. It exports GameOS (DATE-HOUR-LV2-FW3.41.BIN) and it asks me to export HV LV1 (I say no). The file (LV2) is exported in /dev_hdd0 ????
I don't know what I'm doing wrong...
07-23-2012
04:35 PM
I'm having the same problem as you. I dont see an option to dump flash.
07-23-2012
04:38 PM
Thanks to naehrwert
eid_rootkey dumped on 3.41/hermes-psgroove payload with "repacked" PKG
repacked cuse the original won't install atleast on my setup..connected PS3>PC via router..no special settings..dumped it right away using the original package with edited "main.cpp(use notepad++ or someting) and the correction made/posted by [MENTION=11165]cory1492[/MENTION] =
run Cygwin.bat
cd dump_rootkey
./build.sh
unicorns
07-23-2012
04:40 PM
Use MemDump from ps3devwiki, is easier ...
-Usage:
Place the necessary pkg file in the root of an empty USB flash dongle, and install like any
other pkg.
1. Place pkg on USB flash dongle.
2. Select “memdump” icon.
3. Select type of dump to perform once loaded :
✕ Dump FLASH storage
Download
07-23-2012
05:01 PM
Thanks jrtux. It worked!!
Dumped flash storage with the tool you said and later I extracted metldr with CEX-DEX-Gunner54 tool.
I've placed metldr in /data directory in dump_rootkey directory.
1. Execute asbestos_ldr in PS3. Black screen
2. Execute in a cmd (windows): dump_rootkey.exe 192.168.2.104
And it only says:
[INFO] Connecting to '192.168.2.104'...OK
I have the PS3 connected by wifi and the PS3 IP is in DMZ router...
Remember I'm in 3.41CFW. Can anyone help me?
Thanks in advance
07-23-2012
05:04 PM
07-23-2012
05:06 PM
I promise you all I'm not that nerd, but I don't know why I have problems in every step...
Hehe uvekilledkenny. Maybe one day we'll see unicorns too
07-23-2012
05:10 PM
It also doesn't work on 3.55 at this point.
Maybe the news post could be edited to reflect this.
Only 3.41+peek/poke works for this atm.
07-23-2012
05:21 PM
Thanks Asure. Connected wired ps3 and pc to router and it dumped eid_root_key.bin!!!
07-23-2012
05:24 PM
memdump.gnpdrm.pkg
memdump.npdrm.pkg
which to use?
07-23-2012
05:28 PM
07-23-2012
05:31 PM
07-23-2012
05:51 PM
For your info:
I have updated Multiman (before the servers seems to be down) and installed it when in debug mode. Although it has the same version as the one that I had installed, now dumping flash works!!!
07-23-2012
07:04 PM
read something about fixing NAND flashing... didnt tried yet..
see here
http://www.ps3hax.net/showpost.php?p...&postcount=246
07-23-2012
08:51 PM
So just to make sure, this will definitely not work on CFW 3.55. If not, why?
07-23-2012
09:01 PM
07-23-2012
09:03 PM
07-23-2012
09:20 PM
..........
07-23-2012
09:26 PM
Any ideas?
07-23-2012
10:50 PM
Did someone repacked AbsentOS on 3.55 I', Using downgraded PS3 and I cant mess with firmware like other users!!
07-23-2012
11:42 PM
I compiled the asbestos stage2 for 3.55 with toolchain as naehrwert commented on twitter.
"@naehrwert
this is the modified stage2 I'm using (I guess you can change the entry and compile this yourself) http://www.sendspace.com/file/2064nl"
build resulted in:
stage2_raw.bin
stage2_raw.elf
stage2_raw.lzma
Download
07-24-2012
02:46 AM
07-24-2012
02:57 AM
Great work thank you [MENTION=203760]jrtux[/MENTION]. It would be great if someone could do a kmeaw tutorial for this
07-24-2012
03:56 AM
thanks [MENTION=203760]jrtux[/MENTION]! tried to compile(&test) asbestos loader with ur stage2,
dump_rootkey returns "[INFO] Ping...[bad reply size (-1)]" ->i think i did smth wrong w/ stage2
black screen only
stage2(3.55 mod).h
07-24-2012
04:30 AM
07-24-2012
04:51 AM
right noob here trying this c2d see after i get the flash from that memdump ? what happens next ? lol do i open the flash in CEX2DEX_BY_GUNNER54 ?
07-24-2012
05:03 AM
[MENTION=220152]MakinaCore[/MENTION]: When you've done the memdump, run the cex2dex from gunnar54 and extract metldr. Then use that file with this exploit. Are you on 3.41?
07-24-2012
05:23 AM
the first 3.55 pkg did not work...
hope that a talented dev can fix it..
thinking of going back to 3.41 to get the root-key.. dont wanna change my internal hdd its mostly full and too much data-jongling work to do ;-)
[MENTION=7808]Asure[/MENTION] you have downgraded to 3.41? what did i need to go back? i will make my own 3.41 with mfw for peek/poke.. must i use the qa-flags thing to go back?
my cfw now is a 3.55 buildt with mfw (only the things i need peek/poke/paket installation) thats it..
07-24-2012
05:59 AM
no m8 am on 3.55 ??
07-24-2012
06:04 AM
07-24-2012
06:08 AM
My ps3 is on 3.41 ofw + dongle hermas 4 p. Does anyone know what to setting Dump rootkey naehrwert in pc,ps3 win xp ftp client ...Does anyone know to write a guide for stupid people..
07-24-2012
06:49 AM
- Install Memdump
- Install the Asbestos ldr
- Dump with memdump to USB, use PC & cex2dex to get 'metldr' extracted from that dump.
At this point you can't do the exploit because the Asbestos ldr doesn't work. Time to downgrade, it's pretty easy.
- Follow this Tutorial to goto 3.41 ofw.
- Use MFW Builder to make a 3.41 pup that has peek/poke
- Install that on top of 3.41ofw using recovery menu.
- Now the asbestos ldr works, and you can do the exploit by network.
Probably you can also install your mfw-built 3.41cfw+peekpoke directly, but i'm told that for safety reasons it's better to flash 3.41 ofw first.
My box is still on 3.41 peekpoke btw, it didn't convert it to DEX yet. I have two ps3's so i can play my original games anyway, and abuse the data transfer function between the two :0
07-24-2012
06:51 AM
[MENTION=7808]Asure[/MENTION], when you downgraded did you lose your data off your internal HDD? did it get affected in anyway?
07-24-2012
07:02 AM
[MENTION=198164]zizoux[/MENTION] : that error is not having "gcc" installed
07-24-2012
07:02 AM
Probably not all apps/games would run, but at least Asbestos and Memdump ran perfectly, they seem to be signed with keys that work on 3.41/3.55 (geohot fake npdrm?). Or it might have been an option in MFW builder to allow unsigned eboots to run..i checked every option to allow peek/poke/unsigned code execution hehehe..
If you have everything set up before hand, the downgrade and dump doesn't take long, and then you finally have that coveted key. Also you don't need to re-use memdump again if you already did that and have metldr file. I wasted ~14 minutes or so to dump the whole nand/lv/eid stuff again on 3.41 but it wasn't needed, the extracted metldr file was the same from both dumps (duh!).
I'm wondering still what we can do with the SDK and live debugging over network, won't that get us keys?
07-24-2012
07:12 AM
07-24-2012
07:20 AM
hehe..i bet he did
but we don't give up so easely right 
anyone ported to 3.55? can't seem to get it working..any tips on compiling..gonna look into that..need to setup PS1LIGHT in cygwin if thats even possible....if anyone have info/links pls do post
07-24-2012
08:03 AM
this even right ? got it from cex2dex by gunner
- Loading Flash Dump...
- METLDR Address : 0x00000817
- METLDR Size : 0x0000E920
flash_eEID_35500.bin << got that from memdump ? this correct
07-24-2012
09:04 AM
can some1 write their connection settings plz
i'm on 3.41 hermes and can connect to ftp server but still no results with this program
07-24-2012
09:52 AM
07-24-2012
11:03 AM
07-24-2012
11:10 AM
07-24-2012
11:17 AM
My router has only one ethernet port, so i connected my ps3 to the pc but it didn't work.
07-24-2012
11:37 AM
Short tut on how i did it.
On PC:
Extract the dump_rootkey.7z (or the precompiled dump_rootkey modifie par Attila) to c:
Put the metldr in the c:\dump_rootkey\data folder (read below on how you get this file)
PS3:
Get your flash dump with memdump_0.01-FINAL, and extract the metldr with cex2dex etc etc etc, and put it in the data folder on the pc as i explained earlier
Install the asbestos_ldr.g.pkg from Naehrwert´s original download (dump_rootkey.7z)
As i was on 3.55 kmeaw and could downgrade i just got the 3.41 OFW (just google "ofw 3.41 download" and you will find it fast) and ran it through mfw builder 0.2
The settings i used:
Patch LV1 hypervisor
Patch LV2 kernel
Patch package installer
Patch application launcher
Went into recovery on the ps3 and flashed the mfw 3.41
Started the asbestos loader after boot up and then started dump_rootkey on my pc with the right ip and as promised: UNICORNS!
[INFO] Connecting to '192.168.2.186'...ok.
[INFO] Ping...ok.
[INFO] VAS ID = 0x000000000000000B
[INFO] map_lpar_memory_region(data): res = 0
[INFO] Copying files out...done.
[INFO] Constructing SPE...done. (res = 0)
[INFO] priv2 0x00004C0001260000
[INFO] problem 0x00004C0001240000
[INFO] LS 0x00004C0001200000
[INFO] shadow 0x0000300000025000
[INFO] ID 0x0000000000000002
[INFO] Setting up SPE...done.
[INFO] map_lpar_memory_region(shadow) : res = 0
[INFO] map_lpar_memory_region(problem) : res = 0
[INFO] map_lpar_memory_region(priv2) : res = 0
[INFO] map_lpar_memory_region(ls) : res = 0
[INFO] set_spe_privilege_state_area_1_register : res = 0
[INFO] Starting SPE in isolation mode...done.
[INFO] Interrupt status (2, application) = 0x0000000000000011
[INFO] -> SPU mailbox threshold interrupt
[INFO] -> mailbox interrupt
[INFO] Mailbox value = 1
[INFO] -> Dumper loaded.
[INFO] Transferring eid_root_key to buffer...finished.
[INFO] Dumping eid_root_key...done.
[INFO] SPU status = 0x00000081
[INFO] Requesting SPE isolation exit and stop.
[INFO] Destructing SPE...done.
[INFO] Press any key to exit...
Hope this helps some of you (atleast you that CAN downgrade)
07-24-2012
11:45 AM
07-24-2012
11:51 AM
07-24-2012
11:57 AM
what about loading only 3.41 kernel with lv2loader on 3.55 and run the script and pkg?
07-24-2012
11:59 AM
ps3 must be connected to pc ONLY via ROUTER. without it nothing will work.
07-24-2012
12:00 PM
Ok, maybe a little off topic, but I dumped my flash using multiman on a usb stick and I can't seem to get windows to "see" it. I've ticked the hidden file option in the control panel. The displacement for the file is there. Easeus partition manager can see the file, but I can't do anything with it.
07-24-2012
12:01 PM
07-24-2012
12:02 PM
07-24-2012
12:05 PM
07-24-2012
12:06 PM
07-24-2012
12:23 PM
07-24-2012
12:26 PM
07-24-2012
12:31 PM
Now compiled the stage1 and stage2 from the original source of asbestos:
stage1.elf
stage2_native.elf
stage2_raw.elf
stage2_raw.lzma
From original source:
Download
From Naehrwert source:
Download
07-24-2012
12:31 PM
Now for the downgrade option do u hav to QA flag? I don't want to go through that right now and find tut. Is there another way?
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
12:31 PM
try dumping it again
07-24-2012
12:33 PM
07-24-2012
12:35 PM
07-24-2012
12:38 PM
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
01:34 PM
Got everything up and running and played around abit.
Used Itskamel 3.55 Dex, as devwiki is slower then frozen honey, now that everyone is downloading fw files like crazy again.
Gonna install rogero when it is done so i can upgrade/downgrade as a i want. Got a couple of games (retail, with the plastic wrapper still on!) that i have been waiting to play.
Well, the info:
Had to delete some trophys for some games (like gt5) while others (Uncharted 1) worked right away. Multiman, Blackbox etc are all working fine. Everything that was on the hdd is still on the hdd and working...
07-24-2012
01:40 PM
it seems that windows has a prob with the created dump-files..
************* [ - Post Merged - ] *************
[MENTION=7808]Asure[/MENTION]
thnx for the short tut :-)
its not the easy way when you got 3.55 but much more easier then the linux thing on the internal hdd... and it cost less time, you lose NO data on hdd :-)
with 3.15 i have installed linux on the PS3..ok got it running, fixed a lot of things (display size, buffer...) it was not the fastest..
if i need linux for something i fire up the vmplayer :-)
07-24-2012
01:59 PM
We should be able to get the rootkey by connecting ps3 to via ethernet?
I believe many of us don't have router with multiple ports.
07-24-2012
02:07 PM
Just got my key
I just let the ps3 set the connection settings automatically, (easy option) go system information for the ip, compiled again on ubuntu and unicorns finally.
48 bytes .bin, thats right, right?
07-24-2012
02:09 PM
http://d.pr/f/jChh (core_os_package.pkg from 3.41 cfw,idk how to unpack it)
07-24-2012
02:18 PM
alright i downgraded (all files stay intact)
got the dump (connected via ethernet and easy options to connect)
by running compiled client
now what is the next step to convert
used cex2dex to get rflash.bin
now what
07-24-2012
02:23 PM
could someone test this for me before i flash it ?
https://www.yousendit.com/download/ QlVpRGw1YUlENlJFQmNUQw
try get the metlrd and compile it haha :-" ??? please
07-24-2012
02:27 PM
Rename it to my-DEX-flash.EID0.NORBIN (should be 16384kb) and place on usb.
Then google for "multiman 20120722" and install this.
Goto mmOS and then navigate to your usb and double click on your my-DEX-flash.EID0.NORBIN. You get to accept install three times. Reboot
Flash your dex fw from within xmb
07-24-2012
02:33 PM
Is my ps3 supposed to freeze at blackscreen after i run asbestos?
07-24-2012
02:34 PM
Will try
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
02:34 PM
07-24-2012
02:37 PM
Successfully flashed, will proceed to install dex fw now.
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
02:40 PM
So having router with multiple ports is the only way to obtain keys atm.
07-24-2012
02:45 PM
and if you wanna know exactly:
- you can use a normal switch for connecting
- a cross wired ethernet-cable without a router or switch (Pc<--cable-->PS3)
- wlan is maybe also working.. its better to use wired connection
************* [ - Post Merged - ] *************
Networking Basics:
give the PS3 manal this:
IP: 192.168.0.1
SUB: 255.255.255.0
and your PC:
IP: 192.168.0.2
SUB: 255.255.255.0
gateway and dns is not the point for that..
if you have set.. open dos box and ping 192.168.0.1 if it works you have build a little P2P-Ethernet with 2 members
07-24-2012
02:57 PM
Thanks but I've been trying to get the keys by using this method since yesterday. lol
a cross wired ethernet-cable without a router or switch (Pc<--cable-->PS3)
I don't think I'm doing anything wrong. This is why I've been trying to tell that a router with multiple ethernet ports is the only way to obtain rootkey
07-24-2012
03:01 PM
it only works with 3.41 peek poke fw (not booting with a dongle/ a patched 3.41..)
07-24-2012
03:06 PM
I'm on 3.41 MFW.
Tried 3.41 custom fw with payload4
07-24-2012
03:13 PM
169.*.*.* is NOT a valid ip...
"When your computer is configured to get an IP address from a DHCP server, but is unable to find a DHCP server the APIPA service will assign itself a 169.x.x.x IP address, and checks for a DHCP server periodically."
Your pc3 isn´t talking to your pc, even though the cable is present, unless you set up a dhcp server on your pc or manually configure your pc and ps3 and hook them up directly.
Keep trying with the 169.* address, it wont change the fact that it will NEVER work...
Get a switch or router if you do not know how to manually configure the network on the pc/ps3
07-24-2012
03:23 PM
On startup, asbestos ldr wipes ps3 memory and that's why it blackscreens.
It then brings up ethernet port again and tries to get an IP by DHCP.
So you need to run at least a DHCP server on your PC if you have no router.. y u have no routor?
No router solution:
Try http://tftpd32.jounin.net/ installing this, then check the 'dhcp server' tab to see which it assigned to your ps3. you should see another dhcp request pop by when you launch asbestos ldr.. and then use that IP to connect with the exploit tool.
07-24-2012
04:11 PM
I think I'm going nuts.
It doesn't show anything AT ALL. Just server interface numbers are changing and I've tried all of them.
07-24-2012
04:15 PM
If you configure your PC as a router (share internet option on the ethernet interface) then a DHCP server is activated. That is if you are using Windows.
07-24-2012
04:32 PM
whaha this is funny [MENTION=198164]zizoux[/MENTION] some basic sjit there :D you'll figure it out
07-24-2012
04:38 PM
Thanks for your efforts guys.
justforyou@
Lol you're right.
07-24-2012
04:49 PM
As far as I know there are two things missing from this guide:
Please, someone have pity on us non-programmer types, and give a version which runs on MSDOS or better yet a GUI!
1) A pre-compiled version of dump_rootkey - Right now, you need to compile you own version with your PS3's IP address in one of the files.
2) A asbestos_ldr.pkg that runs on 3.55 CEX. The current version ONLY runs on 3.41 or lower. I know your can downgrade, but surely someone can create a package that runs on 3.55? Pretty please?
If these two issues can be addressed, I promise to write up a super-n00b guide so everyone can enjoy CEX-2-DEX goodness!
07-24-2012
04:58 PM
Also there are other issues to address like will it work over wifi and well that's all I can think of right now lol
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
05:02 PM
07-24-2012
05:11 PM
isn't there something we can do with asbestos.pkg/lv2-9.pkg for 3.5? tested some diff ways..no luck there
asbestos_ldr_355_retail.elf works or not or is re-compiling required?
hope someone comes up with 355fix
07-24-2012
05:25 PM
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
05:30 PM
Can someone modify the utility so that a multiport router wouldn't be neccessary please?
Direct PC-PS3 connection would be super nice.
07-24-2012
05:33 PM
I setup a Ubuntu virtual machine, so if anyone wants, I can compile the dump_rootkey program for with their own PS3 IP addresses so all they need to do is run it. All we need now is the 3.55 asbestos_ldr.pkg
07-24-2012
05:39 PM
If I do a QA Flagged downgrade to 3.41 do I need to go to OFW first or can I just go to say Rebug 3.41?
07-24-2012
05:46 PM
U stay
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
06:02 PM
cant downgrade don't know how to make a pkg file stuck just have to wait...
07-24-2012
06:29 PM
success..
couldnt wait until 355 version so i downgraded to 3.41 and all is fine..
got my eid_root_key.bin (length: 48 Byte)
07-24-2012
06:53 PM
when i try to run dump_rootkey.exe on my pc it opens for a split second and the closes again. If some one would be able to help me it would be much appreciated
07-24-2012
06:54 PM
The first person who makes a video will be a legend
07-24-2012
07:00 PM
as i read that ....rofl.....
07-24-2012
07:10 PM
Not the hole process
From 3,41 and on
07-24-2012
07:18 PM
07-24-2012
07:22 PM
"Well alot of people will be crying after bricks"
That is the fun part.
07-24-2012
07:31 PM
I am on Hermes 3.41 CFW with peek/poke.
I have tried all these asbestos.pkg's but some of them gave error when I try to install from "Install package files" menu.
- Should the asbestos_ldr.g.pkg be specific to my PS3 IP?
- I have extracted my metldr. What should be the file name?
- I have windows so which dump_rootkey.exe should I use or do I have to make (my ps3 IP is 192.168.1.5) ?
07-24-2012
07:36 PM
But ill try to help. The file name should be metldr. Put it in the data folder. Open command prompt. Drag the dump_rootkey.exe into command prompt. Beforre u press enter, press space after it says rootkey.exe and type in ur ps3 ip adress. Before u press enter run asbestos package on ps3, it shud be black screen. Now press enter on command prompt. It shud work
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
07:37 PM
Also use the original asbestos from original download. Also I wudnt use hermes, make ur own mfw.
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
07:44 PM
07-24-2012
07:47 PM
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
07:48 PM
Rep me or thank me if I help
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
07:51 PM
07-24-2012
07:53 PM
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
07:56 PM
- Asbestos_ldr_g.pkg : Running on 3.41 CFW
- Dump_rootkey.exe : compiled for windows (if required my ps3 ip 192.168.1.5)
07-24-2012
08:01 PM
The already compiled dump_rootkey.exe shud work. Look through this forum u shud find it if u don't have it. Then use my directions that I posted earlier on how to run it. If u don't know how to downgrade google q&a downgrade tutorial ps3hax.
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
08:07 PM
07-24-2012
08:33 PM
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
08:49 PM
could any one help with this error
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Andy>C:\dump_rootkey\dump_rootkey.exe 92.30.157.212
[INFO] Connecting to '92.30.157.212'...ok.
[INFO] Ping...ok.
[INFO] VAS ID = 0x000000000000000B
[INFO] map_lpar_memory_region(data): res = 0
[ERROR] Could not open './data/metldr'.
[ERROR] Could not open './data/dumper'.
3 [main] dump_rootkey 2984 exception::handle: Exception: STATUS_ACCESS_VIO
LATION
743 [main] dump_rootkey 2984 open_stackdumpfile: Dumping stack trace to dump
_rootkey.exe.stackdump
C:\Users\Andy>
.................................................................................................
I have the my metldr in the data folder and so is the dumper. i am also on 3.41 mfw
with the suggested patches. I dont know what could be wrong. Can any one help?
07-24-2012
08:52 PM
Still on square one:
I am on 3.41 MFW with peek/poke.
I have tried all these asbestos_ldr.g.pkg's but some of them gave error when I try to install from "Install package files" menu.( naehrwert 's pachake file cannot be installed but some on the thread seems good but don't know if they are for me)
- Should the asbestos_ldr.g.pkg be specific to my PS3 IP?
- I have windows so which dump_rootkey.exe should I use or do I have to make (my ps3 IP is 192.168.1.5) ? There are so many ones on the thread but some stuck on "Ip adress ..OK" screen, some stuck on "PING..." screen.
07-24-2012
08:52 PM
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
08:56 PM
[MENTION=119271]andrewrich[/MENTION]
Which dump_rootkey.exe do you use? Is it a specially compiled for the IP adress? And which asbestos_ldr.g.pkg you are using?
07-24-2012
09:09 PM
Which dump_rootkey.exe do you use? = dump_rootkey modifie par Attila.zip
which asbestos_ldr.g.pkg you are using? = the original one
ok mate tried that and it did not work here is a pic to see if you can see anything wrong.
07-24-2012
09:45 PM
Ill try to help u more. Once I get home. But right now try to use cd to the directory and then drag the exe and type in ip and enter. Btw are u using ethernet or wifi
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
09:46 PM
[MENTION=119271]andrewrich[/MENTION]
open a cmd-window
then type cd dump_rootkey /* to switch in that dir */
then run the prog and all should be fine..
the program use relative paths so you MUST change in the dir where the exe is...
/sleepmode on
07-24-2012
09:56 PM
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Andy>cd c:/
c:\>cd dump_rootkey
c:\dump_rootkey>dump_rootkey.exe 92.30.157.212
[INFO] Connecting to '92.30.157.212'...ok.
[INFO] Ping...ok.
[INFO] VAS ID = 0x000000000000000B
[INFO] map_lpar_memory_region(data): res = 0
[INFO] Copying files out...done.
[INFO] Constructing SPE...done. (res = 0)
[INFO] priv2 0x00004C00012E0000
[INFO] problem 0x00004C00012C0000
[INFO] LS 0x00004C0001280000
[INFO] shadow 0x0000300000026000
[INFO] ID 0x0000000000000002
[INFO] Setting up SPE...done.
[INFO] map_lpar_memory_region(shadow) : res = 0
[INFO] map_lpar_memory_region(problem) : res = 0
[INFO] map_lpar_memory_region(priv2) : res = 0
[INFO] map_lpar_memory_region(ls) : res = 0
[INFO] set_spe_privilege_state_area_1_register : res = 0
[INFO] Starting SPE in isolation mode...done.
[INFO] Interrupt status (2, application) = 0x0000000000000011
[INFO] -> SPU mailbox threshold interrupt
[INFO] -> mailbox interrupt
[INFO] Mailbox value = 1
[INFO] -> Dumper loaded.
[INFO] Transferring eid_root_key to buffer...finished.
[INFO] Dumping eid_root_key...done.
[INFO] SPU status = 0x00000081
[INFO] Requesting SPE isolation exit and stop.
[INFO] Destructing SPE...done.
[INFO] Press any key to exit...
************* [ - Post Merged - ] *************
you really helped me out there thanks.
will prob be thanking you later on when i get stuck again, its just a matter of time lol
07-24-2012
10:01 PM
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
10:06 PM
oh and one more thing if you don't mind
before i do this can i all ways go back to cex if i want to if so would i just install from xmb
07-24-2012
10:31 PM
I think u can. I'm not hundred percent sure though
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
10:37 PM
07-24-2012
11:02 PM
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
11:15 PM
07-24-2012
11:17 PM
Sent from my SPH-M580 using Tapatalk 2
07-24-2012
11:23 PM
Can someone explain to me what I may be doing wrong while trying to downgrade to 3.41. I installed OtherOS for QA... Installed QA Extra, Ran qa Extra, got the beeps, tested the button combo and was working. shutdown PS3, started it up with proper way to get into recovery menu, but in stead of loading recovery menu it boots me into Petiboot (Installed from something else I did before).
I also tried Using Rebug 3.55 and using there QA tool, installed and ran it, it worked, shutdown, loaded up into Recovery menu fine but when it searched for the update on my thumbdrive it says corrupt (I re-downloaded file and tried again to make sure it wasn't my file.
any help in why this isn;t working for me would be great.
07-24-2012
11:36 PM
Copy your newly created “dump_eid0.bin” file to your USB and plug it back into your PC
28.
Copy the “dump_eid0.bin” & your “355CEX.NORBIN” into the c2d.exe folder (copy C2D.exe folder to root of C drive for ease of use)
29.
Open your “dump_eid0.bin” in a hexeditor of you choosing (I used HXD) and extract your keys - keys are either at start of the file (0x00 - 0x2f) or somewhere else. You can find the right location by searching the dump. You can search for bytes 0x00-0x10 and you may find the proper erk/iv at 0xc0*** location
30.
Highlight and copy your keys (3 lines) and create a new file in your hex program, paste your keys in and save it as “keys.BIN”
.......................................................................................................................
so i am guessing i must of skipped getting my keys which i will probably need to make the dex flash
07-25-2012
12:00 AM
Sent from my SPH-M580 using Tapatalk 2
07-25-2012
12:02 AM
Sent from my SPH-M580 using Tapatalk 2
07-25-2012
12:05 AM
07-25-2012
12:12 AM
07-25-2012
12:14 AM
Alright, get the original cex2dex by gunnerhd. And use that.. it'll work for sure
Sent from my SPH-M580 using Tapatalk 2
07-25-2012
12:14 AM
Remember to thank me /rep me
Sent from my SPH-M580 using Tapatalk 2
07-25-2012
01:39 AM
has anyone figured out a way to compile the pkg for 3.55? or figure out if there is another app that might work for it? I ask as it seems my slim can only downgrade to 3.50 so this pkg is a no go for me...
07-25-2012
01:56 AM
Here goes:
Tools you need:
C2D
or
CEX2DEX
Memdump_0.01-FINAL
To read and save a flash dump to your USB
Multiman 20120722 (link is from deanks tutorial)
To install/flash EIDO when your dex flashdump is done
OFW 3.41
OFW 3.41 Mirror
MFW 3.41
MFW 3.41 Mirror
MFW 3.41 Mirror
MFW 3.41 Mirror
This is the pup i myself used, with the patches added, use if you trust me..
Get OFW and do it yourself otherwise
MFW builder 0.2
To make your ofw 3.41 into a mfw 3.41
Dump_rootkey modifie par Attila
No need to compile dump_rootkey as it is done for you in this zip
Use like this: c:\dump_rootkey\dump_rootkey 192.168.2.186
Optional:
http://rebug.me/toggle-qa/
On the PS3:
Lets start with installing memdump (PLACE USB IN SLOT NEAREST TO POWER IN THE FRONT) and dump the flash with X.
On NOR (AND THIS IS A NOR GUIDE ONLY) it should take like 5 seconds.
On PC:
When done take the dump to the pc and copy it to the CEX2DEX folder and start the program, load the flash*.bin and extract metldr.
SAVE A BACKUP OF YOUR UNTOUCHED FLASH!!!
Take the metldr and copy it to the data folder in the dump_rootkey folder on your PC
On the PS3:
I presume you are on CFW 3.55 for this AND CAN DOWNGRADE TO 3.41. MAKE SURE YOU CAN BEFORE CONTINUING
Install the asbestos_ldr.pkg
Install the 20120722 version of multiman (do not try and upgrade from within MM, wont work) Just google for it
Prepare so you can downgrade easy (qa toogle´d machines are far faster, so I went this road.) How YOU downgrade is up to you, and if you do not know how, then stop right now and DO NOT CONTINUE before you are 100% sure what you do!
On PC:
Start mfw builder and load your OFW 3.41
Tick these options:
On the PS3:
When it is in XMB check your IP and then launch asbestos_ldr
On PC:
Start a cmd window and cd to your dump_rootkey folder
Issue command; dump_rootkey 192.168.*.*
*=PS3 ip
Unicorns! (FINALLY!)
In the dump_rootkey folder you now have eid_root_key.bin
Copy this to your CEX2DEX folder and rename it to dump (no file extension) and put it in the metldr dump row. (Notice your flash*.bin should also be loaded)
Save as my-DEX-flash.EID0.bin
Close CEX2DEX
Rename your my-DEX-flash.EID0.bin to my-DEX-flash.EID0.NORBIN and place on usb.
On the PS3:
Insert usb and start multiman.
Navigate to your "my-DEX-flash.EID0.NORBIN" and double-click on it. You should get a 3x yes/no promt (choose yes on all to flash the dex eido part)
Should give you a Success and then you reboot.
Now you can flash a DEX fw from XMB (I used Itskamel´s 3.55, but will go to rogero so i can downgrade with ease)
You are now on a DEX PS3...
w00t?
If you screw up, do not come and blame me. No one is forcing you to do this....
07-25-2012
01:59 AM
Thanks for the tut
07-25-2012
02:07 AM
07-25-2012
02:10 AM
cd = change directory
ie: "cd c:\dump_rootkey" takes you directly to this folder
This is really really basic stuff. No offense, but are you sure you know what you are doing?! Think twice, one screw up and you might have a brick...
07-25-2012
02:12 AM
Oops sorry, I forgot
If I do what you described, nothing can go wrong, right?
Never mind, I'll use linux.
07-25-2012
02:17 AM
The big risk is if you flash the WHOLE nor. Just flash the eido parts (with multiman or linux) and you minimize the risk!
No 100% guarantee, on any method!
07-25-2012
02:19 AM
It's just a question, I'm sure I'm going to double click, with multiman.
07-25-2012
02:21 AM
multiman do not
07-25-2012
02:23 AM
07-25-2012
02:31 AM
Anyway, how about dumping the local storage afterwards?
http://www.ps3hax.net/showpost.php?p...9&postcount=48
07-25-2012
02:48 AM
07-25-2012
03:33 AM
http://www.mediafire.com/?ng5os9oqgtttpaw
i made the edit of dump_rootkey.exe before i relized attila did it, lol pack includes prettyy much everything needed for this method.. go for it.. you brick your fault lol.
this is not for the simple minded sorry but its not..
use the includes bat file to run the dump_key just replace with your ip.
07-25-2012
03:42 AM
07-25-2012
03:53 AM
Finally I was able to dump the rootkey.
I used cmd instead of cygwin.bat and also gave ps3 a IP addres.
directly connected to pc. No router.
07-25-2012
04:19 AM
PS3 is 192.168.1.5
PC is 192.168.1.2
Router is 192.168.1.1
I tried all the dump_rootkey exe files,
But stuck at :
c:\test\>dump_rootkey 192.168.1.5
connecting to 192.168.1.5 . OK
07-25-2012
04:57 AM
assuming u have everything ready(341 lv2 peek/poke)
then this should work fine
http://dl.dropbox.com/u/19078406/dump_rootkey.rar
drop "metldr" from console into "data"
if not..pls check ur connection between PS3/router, make sure nothing is blocked or add the trusted ip's to dump_rootkey in firewall and ping must be allowed, each setup is diff..if it fails check ur firewall/router settings, it worked out of the box for me connected to the wired router
07-25-2012
06:39 AM
Is eid_root_key.bin 1kb?
It's supposed to be 256kb but it dumps 1kb
07-25-2012
07:51 AM
So guys... Nothing for 3.55 cfw? Is there a working version for us on 3.55?
07-25-2012
08:14 AM
I would love a KMEAW version
07-25-2012
08:24 AM
And told me i can downgrade to 3.15 or somewhere there
http://www.ps3hax.net/2011/07/offici...ate-on-jfw-dh/
07-25-2012
09:57 AM
I am good to go, right?
07-25-2012
10:32 AM
Load flash, load dump, click cex2dex. Save new bin and check window for "cmac dex: pass"
Shouldn´t even give you a option to save a new bin if the dump file is incorrect, now when i think about it, so just try and then follow the rest of my guide a page or two back...
07-25-2012
10:56 AM
when i try to flash my-DEX-flash.EID0 in mmOS
''error writing to flash EID0''
flashing doesn't start att all
edit: I think I should install multiMAN ver 04.04.03 BASE CEX DEX
07-25-2012
11:00 AM
20120721 gives error on writing the eido
07-25-2012
11:09 AM
07-25-2012
11:16 AM
PS3/UPDATE/UPDATE.PUP
07-25-2012
11:19 AM
07-25-2012
11:24 AM
Just a little self bump:
http://www.ps3hax.net/showpost.php?p...&postcount=284
Updated my guide with downloads etc etc.
This is for those who can downgrade to 3.41
07-25-2012
11:44 AM
07-25-2012
01:11 PM
Oh that's great, how about mini tutorial about how to do it without router?
07-25-2012
01:31 PM
I did it like this
i.e:
IP: 192.168.2.7
Default router: 192.168.2.1
Mask: 255.255.255.0
Dns1: 4.2.2.2
dns2: 4.2.0.0
If you still cannot see, set them as auto
Should you see the ps3 address under the dhcp server tab
Launch asbestos
Open CMD.
type
cd desktop (If your dump_rootkey folder is on desktop)
cd dump_rootkey
dump_rootkey Your-Ps3's-IP
thats pretty much it
07-25-2012
01:41 PM
Thank you.
May I connect PC-PS3 with the cable that connects my adsl router and PC (there is "cat 5 patch" mark on it)?
PS: my router has only one port so I cannot use it for this method.
07-25-2012
01:52 PM
Can someone please upload a 3.41 PUP with peek + poke etc as I'm trying to gather all the files necessary for MFW builder, but all sources are dead including git-hacks.
07-25-2012
01:59 PM
http://www.ps3hax.net/downloads.php?do=file&id=407
07-25-2012
02:12 PM
Can this be done if you connect to the PS3 through a router BRIDGE?
07-25-2012
02:12 PM
07-25-2012
02:26 PM
07-25-2012
02:33 PM
Thanks JayDee78 for your guide. I am now on DEX!
07-25-2012
02:40 PM
JayDee78 does your 3.41 mfw multipload link work? i get redirected to some internet vs hollywood site
07-25-2012
02:44 PM
I modified the exploit a tiny bit, to dump 4096 bytes. There's part of the dumper code still inside when it dumps the eid0 root key it seems. (offset at 0x180 the dumper code starts)
There is also a bunch of unknown data at 0x30 - 0x180
I wonder if this somehow can be used (in some shape or form) with lv0 from 3.60 for example.
07-25-2012
02:46 PM
Works here...
07-25-2012
02:50 PM
07-25-2012
09:16 PM
JayDee78 i am also getting the internet vs hollwood page when trying to download your 3.41 mfw i tried making my own custom firmware but it never finds mine when i try to update in recovery mode could you upload it again please
07-25-2012
09:20 PM
anyone had any luck figuring out a way to have this work on 3.55 as downgrading to 3.41 is not an option for my slim Ps3 (3.50 lowest)
07-25-2012
09:34 PM
hi, minverchk shows 3.50 is the lowest fw in my ps3...can anyone confirm whether i can downgrade my ps3 frm 3.55 to 3.41 using http://www.ps3hax.net/2011/06/qa-fla...3-15-tutorial/ this method or any other method plz...because i cant afford another ps3
07-25-2012
09:39 PM
07-25-2012
09:52 PM
I got the dump following carefully deank's tutorial and it was not difficult...
07-25-2012
09:55 PM
Any chance another app like BootOS2.1 or Asbestos for 3.55 would work, I don't have much knowledge on the topic so I don't know the difference between asbestos ldr and asbestos is.
07-25-2012
10:12 PM
Hey JayDee78 have you tested your method via wireless? Or have all your tests been done over a wired connection? I have a router configured for sometime now, I can see my ps3 just fine and sometimes ping it's IP on FlashFXP to tranfers some files every now and then and would like to know if anyone here have sucessfully converted to DEX via wireless. Thank you for your tutorial by the way, I'd be checking if I can downgrade to 3.41 fw and convert my currently Kmeaw console. Cheers!
07-26-2012
12:28 AM
PC->ROUTER->REPEATER->PS3
07-26-2012
02:35 AM
Much obliged!
07-26-2012
03:22 AM
EDITED
whats the best firmware to get QA FLAGGING TO WORK ?
i have tryed that special CFW other os++ does not work ? any help thanks
07-26-2012
04:08 AM
I do dont want to sound like a dick but please follow my guide a few pages back
07-26-2012
04:52 AM
Can I use "Cat 5 Patch" cable to connect PC <-> PS3 for this "routerless" method to work, or only crossover will do?
07-26-2012
07:41 AM
well iam trying to downgrade 3.55 to 3.41 and the dam QA flag wont beep ? any help ?
07-26-2012
08:55 AM
07-26-2012
09:35 AM
WE NEED SOLUTION TO USE THIS METHOD WITHOUT FCKING ROUTER!!!
!!!PS3 <-cable-> PC !!! it's wont work!
07-26-2012
09:38 AM
Did you try what zizoux wrote? :
07-26-2012
09:44 AM
07-26-2012
09:47 AM
[MENTION=236189]RageNigga[/MENTION] Have you tried crossover cable?
07-26-2012
09:55 AM
07-26-2012
10:24 AM
RageNigga, matbe try 'Tiny DHCP Server'?
07-28-2012
04:23 PM
so any updates on a asbestos pkg for 3.55 ??
07-29-2012
05:26 PM
Hi guys.
I've downgraded my ps3 to 3.41 hermes cfw and installed ubuntu on virtual machine.
dump_rootkey seem to connect to my ps3 fine but doesn't save the rootkey file.
that's what i get:
ziom@ziom-VirtualBox:~/dump_rootkey$ ./dump_rootkey
[INFO] Connecting to '192.168.1.115'...ok.
[INFO] Ping...ok.
[INFO] VAS ID = 0x000000000000000B
[INFO] map_lpar_memory_region(data): res = 0
[INFO] Copying files out...done.
[INFO] Constructing SPE...done. (res = 0)
[INFO] priv2 0x00004C00012E0000
[INFO] problem 0x00004C00012C0000
[INFO] LS 0x00004C0001280000
[INFO] shadow 0x0000300000026000
[INFO] ID 0x0000000000000002
[INFO] Setting up SPE...done.
[INFO] map_lpar_memory_region(shadow) : res = 0
[INFO] map_lpar_memory_region(problem) : res = 0
[INFO] map_lpar_memory_region(priv2) : res = 0
[INFO] map_lpar_memory_region(ls) : res = 0
[INFO] set_spe_privilege_state_area_1_register : res = 0
[INFO] Starting SPE in isolation mode...done.
[INFO] Interrupt status (2, application) = 0x0000000000000012
[INFO] -> stop-and-signal instruction trap
[INFO] -> SPU mailbox threshold interrupt
[INFO] SPU status = 0x00020282
[INFO] Requesting SPE isolation exit and stop.
[INFO] Destructing SPE...done.
[INFO] Press any key to exit...
any ideas.?
07-29-2012
05:47 PM
does your 3.41 cfw got the needed patches? lv1/lv2/peekpoke/run unsigned/ and so on as mentioned in the thread?
did you copy the extracted metldr in the data dir from dump_rootkey?
07-30-2012
02:31 AM
yes extracted metldr key is in data dir and 3.41 cfw is hermes v4 so it should have peek/poke and all.
anyways i'm gonna try another 3.41 cfw if i can find one.
which one shoul i try.?
************* [ - Post Merged - ] *************
ok i tried 3.41 MFW made by JayDee78 in post 284 with same resoults.
************* [ - Post Merged - ] *************
Yessss. finally obtained the eid_root_key.bin by using everything from post 284.
Thank You JayDee78.