• PS3 Hacks, Uncategorized , 27.10.2012

    Now this wasn’t easy, but after some days i managed to dump the lv2.
    Thats here http://www.ps3hax.net/showthread.php?t=44817

    I have managed to dump the lv1 also.

    and that is more important.
    Made two links since this isent something sony like.

    Regards.

    http://rghost.net/41199807

    http://www.sendspace.com/file/tnd5y9

    Last word
    Screw those, holding the secrets.

    Discuss in Forums (85)


  • 85 Comments

    1. DemoN91
      10-27-2012
      05:13 PM
      1

      Y no dump lv1, lv2 of 4.3 fw? =O

      Great work btw

    2. H3avyRa1n
      10-27-2012
      05:17 PM
      2

      keep the good work zadow

    3. Cheesethief
      10-27-2012
      05:18 PM
      3

      Originally Posted by zadow28
      Last word
      Screw those, holding the secrets.
      Thanks for not being one of those people Zadow28. The public really appreciates it.

    4. alienkid
      10-27-2012
      05:26 PM
      4

      Much respect [MENTION=210007]zadow28[/MENTION]!

      Off Topic:
      Y no green label for this man.

    5. Krazus
      10-27-2012
      05:30 PM
      5

      I hate to be the one to ask this but we might as well get it out of the way.

      Will this help people stuck on 4.25 OFW to get on the 4.25 CFW?

    6. Cheesethief
      10-27-2012
      05:34 PM
      6

      Originally Posted by Krazus
      I hate to be the one to ask this but we might as well get it out of the way.

      Will this help people stuck on 4.25 OFW to get on the 4.25 CFW?
      Probably not.

      This may help people in creating their own 4.2X CFW though.

    7. RafaSimpsons
      10-27-2012
      05:35 PM
      7

      What's the lv1 and lv2 for?
      Sorry for the noob question.

    8. MARA87
      10-27-2012
      05:35 PM
      8

      awesome dude!

    9. H3avyRa1n
      10-27-2012
      05:36 PM
      9

      Originally Posted by RafaSimpsons
      What's the lv1 and lv2 for?
      Sorry for the noob question.
      http://www.ps3devwiki.com/wiki/Boot_Order

    10. psik
      10-27-2012
      05:37 PM
      10

      wow thanks zadow28

    11. fanboysarestupid
      10-27-2012
      05:41 PM
      11

      For 3.56+ FW users does this bring any light of hope?

    12. ema2ooo
      10-27-2012
      05:42 PM
      12

      hopefully lv1 can be patched now , thx dude keep up the good work :D

    13. xtrem3x
      10-27-2012
      05:44 PM
      13

      Nice one!!
      Thanks for being one of the devs that shares their work

    14. ZrandiScene
      10-27-2012
      05:44 PM
      14

      4.21!

    15. willemse21
      10-27-2012
      05:49 PM
      15

      another door is open now

    16. maskedmurder123
      10-27-2012
      06:00 PM
      16

      This is probably a really noob remark, but why don't you guys work on the latest firmware rather than a slightly older one? Do you have to crack each firmware in succession?

    17. tjhooker73
      10-27-2012
      06:01 PM
      17

      Finally

    18. haz367
      10-27-2012
      06:02 PM
      18

      edit...nvm...thx for the share zadow

    19. Cheesethief
      10-27-2012
      06:02 PM
      19

      lv1 is the Hypervisor and lv2 is the GameOS.

      Hypervisor basically prevents hacks. It makes sure everything is how it should be. Hypervisor is one of the main reasons savegame exploits will not work on a PS3 I believe. A reverse engineered Hypervisor is what allowed Linux on 3.55, Graf reversed it all by himself.

      GameOS is just what it sounds like, it is what runs the games and it can be peek/poked to run back ups. That requires a CFW though I believe.

      TL;DR - Having access to the Hypervisor and GameOS is awesome, thank this man for his dump.

    20. depblkman
      10-27-2012
      06:08 PM
      20

      You are the man. Much thanks.

      Sent from my COD 3 sniping position using Tapatalk 2

    21. synce
      10-27-2012
      06:09 PM
      21

      Nice work. I'm eager to see some safer Rogero alternatives soon. I'm even more eager to see how Sony responds to this whole situation. I won't be surprised if they pull something out of their asses and leave everyone at 4.30 lol

    22. Cage
      10-27-2012
      06:18 PM
      22

      When will people realize that most of them will NEVER see anything out of this without downgrading?

      Not even talking about people who have PS3 models with lv0.2 instead of lv0.

    23. baileyscream
      10-27-2012
      06:20 PM
      23

      it would be nice to see fsm working on 3.55+ console's but i have a feeling this wont happen for a long time.

      still it would be nice

    24. klbarnes1
      10-27-2012
      06:46 PM
      24

      Does anyone know if their will be a new cfw released for people on 4.21 + ofw, or will it just never happen. Trying to figure out what ps3 to buy now that the scene is back!

    25. ymi1000
      10-27-2012
      06:46 PM
      25

      aweeeesome

    26. lviv73
      10-27-2012
      07:01 PM
      26

      Originally Posted by Cheesethief
      lv1 is the Hypervisor and lv2 is the GameOS.

      Hypervisor basically prevents hacks. It makes sure everything is how it should be. Hypervisor is one of the main reasons savegame exploits will not work on a PS3 I believe. A reverse engineered Hypervisor is what allowed Linux on 3.55, Graf reversed it all by himself.

      GameOS is just what it sounds like, it is what runs the games and it can be peek/poked to run back ups. That requires a CFW though I believe.

      TL;DR - Having access to the Hypervisor and GameOS is awesome, thank this man for his dump.
      If they have all this then why no one got RSX working in Linux and emulators?

    27. pimpspter
      10-27-2012
      07:03 PM
      27

      Originally Posted by klbarnes1
      Does anyone know if their will be a new cfw released for people on 4.21 + ofw, or will it just never happen. Trying to figure out what ps3 to buy now that the scene is back!
      We can't predict the future but all of this is substantial progress in that direction. I believe the problem lies in e fact that we still can't sign our firmwares to be installable by those on the newer official firmwares even although we can decrypt them and resign them in such a way that they will install on 3.55 consoles....hardware methods simply bypass the check on newer firmwares.

      That said knowing exactly how the firmware works is huge progress towards an exploit. My feeling is the most likely order will be that we find a way of exploiting the newer firmware by reverse engineering the firmware then this will allow us to slowly wedge it open...though we don't know if or when any of this will happen.....maybe someone else can confirm my understanding is correct!

    28. Sangui
      10-27-2012
      07:07 PM
      28

      Originally Posted by lviv73
      If they have all this then why no one got RSX working in Linux and emulators?
      RSX IS working. But no one uses the lib that was recently created for it. The problem before was the fact that there was no OpenGL implementation. That isn't a problem anymore

    29. bigo93
      10-27-2012
      07:22 PM
      29

      Originally Posted by klbarnes1
      Does anyone know if their will be a new cfw released for people on 4.21 + ofw, or will it just never happen. Trying to figure out what ps3 to buy now that the scene is back!
      If you buy a new PS3 it will highly likely be a 3000 model which have the lv0.2 which is currently unhackable.

      You want a pre-3000 model which came with 3.55 or below from the factory floor/out of the box.
      e.g. a 2500 which came with 3.50 but is on 4.21 can be downgraded back to 3.50 with a downgrader
      a 2500 which came with 3.60 and is on 4.21 can only be downgraded to 3.60, and cannot be downgraded to 3.55

    30. tjhooker73
      10-27-2012
      07:41 PM
      30

      Originally Posted by maskedmurder123
      This is probably a really noob remark, but why don't you guys work on the latest firmware rather than a slightly older one? Do you have to crack each firmware in succession?
      Mostly because 4.21-4.30 are the same, Most keys and everything else are the same.

    31. QSUH04
      10-27-2012
      07:53 PM
      31

      i understand that 4.21- 4.30 are the same, but why not go for 4.30 so we have psn, as well without using a pc, like rebug is doing, it seems fishy that the devs arent going for the newest firmware

    32. dcnigma
      10-27-2012
      08:26 PM
      32

      Originally Posted by QSUH04
      i understand that 4.21- 4.30 are the same, but why not go for 4.30 so we have psn, as well without using a pc, like rebug is doing, it seems fishy that the devs arent going for the newest firmware
      It a anti cheating feature maybe

    33. franzke
      10-27-2012
      09:08 PM
      33

      cause they cracked the bluedisk firmware which is actually based on 4.21 not the latest 4.30... im guessing they started from that thats why the base of rogero cfw is 4.21

    34. QSUH04
      10-27-2012
      09:10 PM
      34

      Originally Posted by franzke
      cause they cracked the bluedisk firmware which is actually based on 4.21 not the latest 4.30... im guessing they started from that thats why the base of rogero cfw is 4.21
      so now that rogero has a 4.21 cfw, he will work on 4.30? is that what u mean?

    35. cloudx
      10-27-2012
      09:13 PM
      35

      se we keep getting closer and closer to the top of the roller coaster im hoping my monday or tomarrow someone will make a 4.21 or 4.25 cfw i wish i shouldnt updated to .25 since mostly everyone is excited about .21 lol

    36. franzke
      10-27-2012
      09:14 PM
      36

      once and for all theirs no 4.21+ cfw without going to 3.55 first... and i bet it would take a long time for it to happen stop asking pls and when u read in the first page that its for OFFICIAL FIRMWARE then thats ur chance...

    37. QSUH04
      10-27-2012
      09:15 PM
      37

      Originally Posted by cloudx
      se we keep getting closer and closer to the top of the roller coaster im hoping my monday or tomarrow someone will make a 4.21 or 4.25 cfw i wish i shouldnt updated to .25 since mostly everyone is excited about .21 lol
      i hope rebug releases there 4.30 cfw tomorrow

    38. franzke
      10-27-2012
      09:21 PM
      38

      maybe he will work on 4.30 but what i said is rogero base hes cfw on the "blue disk firmware" that was hacked that firmware was based on 4.21.. so thats the reason all of this cfw are based on 4.21 maybe they havent touch the official 4.30 update yet maybe soon

    39. QSUH04
      10-27-2012
      09:23 PM
      39

      Originally Posted by franzke
      maybe he will work on 4.30 but what i said is rogero base hes cfw on the "blue disk firmware" that was hacked that firmware was based on 4.21.. so thats the reason all of this cfw are based on 4.21 maybe they havent touch the official 4.30 update yet maybe soon

      thanks for clearing that up, makes much more sense, have u heard of any newd regarding team rebug?

    40. baargle
      10-27-2012
      09:44 PM
      40

      Originally Posted by QSUH04
      thanks for clearing that up, makes much more sense, have u heard of any newd regarding team rebug?
      No he hasn't. Nobody has who is willing to talk publicly about it, if it really exists.

    41. lviv73
      10-27-2012
      09:50 PM
      41

      Originally Posted by Sangui
      RSX IS working. But no one uses the lib that was recently created for it. The problem before was the fact that there was no OpenGL implementation. That isn't a problem anymore
      You mean RSX 2D but not 3D?
      If RSX was working then we would have a fast running Linux and any game on Mame would run full speed if we had access to RSX hardware acceleration.
      And all these Emulators would run better then they do right now.

      Are you sure that whole RSX is cracked and not just 2D acceleration?

      It just makes no sense when original Xbox could run games like Mortal Kombat 3 and War Gods flwlessly with only 32mb of vram and our Ps3 runs them worse with 8X more vram and 20X more cpu power.

    42. QSUH04
      10-27-2012
      09:54 PM
      42

      Originally Posted by baargle
      No he hasn't. Nobody has who is willing to talk publicly about it, if it really exists.
      i hope it exist, i have rogero 4.21 but really want 4.30 cfw for psn, hope its real

    43. fromzero
      10-27-2012
      10:06 PM
      43

      Originally Posted by lviv73
      You mean RSX 2D but not 3D?
      If RSX was working then we would have a fast running Linux and any game on Mame would run full speed if we had access to RSX hardware acceleration.
      And all these Emulators would run better then they do right now.

      Are you sure that whole RSX is cracked and not just 2D acceleration?

      It just makes no sense when original Xbox could run games like Mortal Kombat 3 and War Gods flwlessly with only 32mb of vram and our Ps3 runs them worse with 8X more vram and 20X more cpu power.
      Because someone needs to write the dynamic recomplilation code which is a huge task. Look up dynarec. This has already been explained. Doesn't have much to do with rsx. Xbox was already a familiar architecture based on existing pc and ppc technology.

    44. baargle
      10-27-2012
      10:09 PM
      44

      Originally Posted by QSUH04
      i hope it exist, i have rogero 4.21 but really want 4.30 cfw for psn, hope its real
      Yes, so you keep saying. Just be patient and accept whatever the situation is. Hoping never helped anyone

    45. JustThatDude
      10-27-2012
      10:11 PM
      45

      Originally Posted by baileyscream
      it would be nice to see fsm working on 3.55+ console's but i have a feeling this wont happen for a long time.

      still it would be nice
      Try it out your self you have a flasher just resign the lv2diag for exiting for 4.21

    46. galaxypatrol
      10-27-2012
      10:43 PM
      46

      Originally Posted by QSUH04
      i hope it exist, i have rogero 4.21 but really want 4.30 cfw for psn, hope its real
      can't you just use Yet Another Bypass 1.8? I'm using Rogero 4.21 v1, and i just played Journey and Resident Evil 6 online, no problems, no lag at all... If you can play your games with your pc online, you don't need any 4.30 for now.

      Back to topic, nice job over there... Hope we see more security and easier ways to update to CFWs with these results... That's the main reason I'm yet to update to v1.09... It's a pain to downgrade and install a lot of firmwares without any guarantee of brick free process

    47. CopyLifted
      10-28-2012
      12:01 AM
      47

      Originally Posted by galaxypatrol
      can't you just use Yet Another Bypass 1.8?
      I was going to post the same thing.

      Works great on my end as well.

    48. bdrdbdrd
      10-28-2012
      02:16 AM
      48

      lv1.bin relase what the next step peek poke?
      4.21ofw to cfw 4.21 diret instal without downgrade?
      sorry for my english

    49. YOUSS84
      10-28-2012
      05:35 AM
      49

      lv1.bin relase what the next step peek poke?
      4.21ofw to cfw 4.21 diret instal without downgrade?
      sorry for my english
      i hope so...

    50. TheEvolution_PT
      10-28-2012
      05:41 AM
      50

      Like zadow says, go **** yourself E *****es, always holding the truth, and they say it's because of the piracy, what a stupid retardeds sons of *****es this devs are

    51. Simonbuck
      10-28-2012
      05:59 AM
      51

      lol the "illuminates" bubble just got burst

    52. RickDangerous
      10-28-2012
      06:29 AM
      52

      Zadow28 = legend

    53. uncharted angel
      10-28-2012
      06:44 AM
      53

      thanks so much for your great work

      thanks zadow28

    54. Prince Valiant
      10-28-2012
      10:18 AM
      54

      To everyone asking 'Why no 4.30!!!!!!!!!!!!111111????????????????????????????':

      We just got 4.21 and there are bugs to be worked out before they go jumping to the latest firmware.

    55. The Dutch Gamer
      10-28-2012
      10:43 AM
      55

      Originally Posted by RickDangerous
      Zadow28 = legend
      Haha yes !!!, I still remember Zadow28 talked about the 4.11 keys in April and everyone thought it was fake.

      Thank you [MENTION=210007]zadow28[/MENTION] for all your hard work you've done in the past few months.

      Restecp !

    56. poorguy
      10-28-2012
      10:56 AM
      56

      Respect for [MENTION=210007]zadow28[/MENTION].. Thanks a ton mate!!! Hope this leads to bypassing the LV1 syscon checks and allow me to upgrade to any CFW without downgrading and dehashing everytime.. (pain in the a$$)... I said it again...

    57. Sunno2011
      10-29-2012
      03:16 PM
      57

      Zadow28 you are a boss.

    58. Killua.Raiton
      10-29-2012
      03:40 PM
      58

      Nice One zadow , Respect :3

    59. C0deDRiLLer
      10-29-2012
      06:20 PM
      59

      Originally Posted by zadow28
      Now thiswasn�teasy, but after some days i managed to dump the lv2.
      Hello,
      what is the difference between dumping LV1 and decrypting LV1.self from firmware package ?
      And the analogously - dumping LV2 and decrypting LV2_kernel.self ?
      Or maybe this is the same?
      After reading news title I was expecting that you have extracted lv1ldr and lv2ldr from lv0 - and then you have found public keys to decrypt lv1.self and lv2_kernel.self.

    60. zadow28
      11-04-2012
      07:19 AM
      60

      Originally Posted by poorguy
      Respect for [MENTION=210007]zadow28[/MENTION].. Thanks a ton mate!!! Hope this leads to bypassing the LV1 syscon checks and allow me to upgrade to any CFW without downgrading and dehashing everytime.. (pain in the a$$)... I said it again...
      i actuellly managed to dump the sysrom also.
      Dont know much about it though.
      but here it is.

      http://rghost.net/41339141


      Also the hypervisor is found in the dump.
      use the PS3_HV_Dump.idc in ida pro it finds it.
      Code:
      lv1_allocate_device_dma_region              ROM 00000000003065A4 000001A4 R . . . . . .
      lv1_clear_spe_interrupt_status              ROM 00000000002FDD40 00000138 R . . . . . .
      lv1_close_device                            ROM 0000000000306A24 00000144 R . . . . . .
      lv1_configure_execution_time_variable       ROM 00000000002EB3DC 00000494 R . . . . . .
      lv1_configure_irq_state_bitmap              ROM 00000000002E9E94 000006CC R . . . . . .
      lv1_configure_virtual_uart_irq              ROM 00000000002F2348 000002E4 R . . . . . .
      lv1_connect_interrupt_event_receive_port    ROM 0000000000305828 00000164 R . . . . . .
      lv1_connect_irq_plug                        ROM 00000000002EAA04 00000118 R . . . . . .
      lv1_connect_irq_plug_ext                    ROM 00000000002E98E0 000005B4 R . . . . . .
      lv1_construct_event_receive_port            ROM 00000000002EEF5C 0000010C R . . . . . .
      lv1_construct_logical_spe                   ROM 000000000031A6A4 000001CC R . . . . . .
      lv1_construct_virtual_address_space         ROM 00000000002EC08C 00000278 R . . . . . .
      lv1_deconfigure_virtual_uart_irq            ROM 00000000002F2A9C 0000013C R . . . . . .
      lv1_destruct_event_receive_port             ROM 00000000002EEE54 00000108 R . . . . . .
      lv1_destruct_io_irq_outlet                  ROM 00000000002BF7A8 0000033C R . . . . . .
      lv1_destruct_logical_spe                    ROM 00000000002FD3B0 00000108 R . . . . . .
      lv1_destruct_virtual_address_space          ROM 00000000002EC304 0000032C R . . . . . .
      lv1_detect_pending_interrupts               ROM 00000000002EA7D0 0000012C R . . . . . .
      lv1_did_update_interrupt_mask               ROM 00000000002E8E8C 000003BC R . . . . . .
      lv1_disable_logical_spe                     ROM 00000000002FCBC8 00000304 R . . . . . .
      lv1_disconnect_interrupt_event_receive_port ROM 00000000003056C4 00000164 R . . . . . .
      lv1_disconnect_irq_plug                     ROM 00000000002EA8FC 00000108 R . . . . . .
      lv1_disconnect_irq_plug_ext                 ROM 00000000002E95AC 00000334 R . . . . . .
      lv1_enable_logical_spe                      ROM 00000000002FCECC 000002F0 R . . . . . .
      lv1_end_of_interrupt                        ROM 00000000002EA6C8 00000108 R . . . . . .
      lv1_end_of_interrupt_ext                    ROM 00000000002E9248 00000364 R . . . . . .
      lv1_free_device_dma_region                  ROM 0000000000306450 00000154 R . . . . . .
      lv1_get_rtc                                 ROM 00000000002F70F0 000003D0 R . . . . . .
      lv1_get_spe_all_interrupt_statuses          ROM 00000000002FE1D0 000002DC R . . . . . .
      lv1_get_spe_interrupt_status                ROM 00000000002FE6DC 0000012C R . . . . . .
      lv1_get_spe_irq_outlet                      ROM 00000000002FC4A0 0000012C R . . . . . .
      lv1_get_virtual_address_space_id_of_ppe     ROM 00000000002EADDC 0000013C R . . . . . .
      lv1_get_virtual_uart_param                  ROM 00000000002F35A0 00000130 R . . . . . .
      lv1_gpu_attribute                           ROM 000000000021027C 00000850 R . . . . . .
      lv1_gpu_context_attribute                   ROM 0000000000210ACC 00000B3C R . . . . . .
      lv1_gpu_context_intr                        ROM 000000000020CB08 000003CC R . . . . . .
      lv1_insert_htab_entry                       ROM 00000000002EBBBC 000004D0 R . . . . . .
      lv1_invalidate_htab_entries                 ROM 00000000002EC920 000003D8 R . . . . . .
      lv1_map_device_dma_region                   ROM 00000000003062A8 000001A8 R . . . . . .
      lv1_map_device_mmio_region                  ROM 000000000030689C 00000188 R . . . . . .
      lv1_net_add_multicast_address               ROM 0000000000306D70 00000260 R . . . . . .
      lv1_net_control                             ROM 0000000000307864 000002B4 R . . . . . .
      lv1_net_remove_multicast_address            ROM 0000000000307214 00000260 R . . . . . .
      lv1_net_set_interrupt_mask                  ROM 0000000000307B18 00000224 R . . . . . .
      lv1_net_set_interrupt_status_indicator      ROM 0000000000307D3C 000003C4 R . . . . . .
      lv1_net_start_rx_dma                        ROM 0000000000308304 0000023C R . . . . . .
      lv1_net_start_tx_dma                        ROM 0000000000306FD0 00000244 R . . . . . .
      lv1_net_stop_rx_dma                         ROM 0000000000308100 00000204 R . . . . . .
      lv1_net_stop_tx_dma                         ROM 0000000000306B68 00000208 R . . . . . .
      lv1_open_device                             ROM 0000000000305570 00000154 R . . . . . .
      lv1_panic                                   ROM 00000000002EB96C 00000128 R . . . . . .
      lv1_pause                                   ROM 00000000002EB150 00000180 R . . . . . .
      lv1_read_htab_entries                       ROM 00000000002EC630 000002F0 R . . . . . .
      lv1_read_pci_config                         ROM 0000000000305F04 00000240 R . . . . . .
      lv1_read_pci_io                             ROM 0000000000305B28 000001A0 R . . . . . .
      lv1_read_virtual_uart                       ROM 00000000002F3DD4 000003E0 R . . . . . .
      lv1_select_virtual_address_space            ROM 00000000002EAB1C 000002C0 R . . . . . .
      lv1_send_event_locally                      ROM 00000000002EF068 00000108 R . . . . . .
      lv1_set_dabr                                ROM 00000000002EB000 00000150 R . . . . . .
      lv1_set_interrupt_mask                      ROM 00000000002EA560 00000168 R . . . . . .
      lv1_set_ppe_periodic_tracer_frequency       ROM 00000000003149A8 000001E0 R . . . . . .
      lv1_set_spe_interrupt_mask                  ROM 00000000002FE0A8 00000128 R . . . . . .
      lv1_set_spe_privilege_state_area_1_register ROM 00000000002FD9D8 00000128 R . . . . . .
      lv1_set_spe_transition_notifier             ROM 00000000002FCAA0 00000128 R . . . . . .
      lv1_set_thread_switch_control_register      ROM 00000000002E8928 00000148 R . . . . . .
      lv1_set_virtual_uart_param                  ROM 00000000002F3C38 00000128 R . . . . . .
      lv1_set_vmx_graphics_mode                   ROM 00000000002E8C64 00000134 R . . . . . .
      lv1_shutdown_logical_partition              ROM 00000000002EBA94 00000128 R . . . . . .
      lv1_start_ppe_periodic_tracer               ROM 000000000031463C 0000036C R . . . . . .
      lv1_stop_ppe_periodic_tracer                ROM 0000000000314B88 00000288 R . . . . . .
      lv1_storage_check_async_status              ROM 0000000000308DA4 00000140 R . . . . . .
      lv1_storage_get_async_status                ROM 0000000000308EE4 00000138 R . . . . . .
      lv1_storage_read                            ROM 00000000003086C0 00000180 R . . . . . .
      lv1_storage_send_device_command             ROM 000000000030901C 00000180 R . . . . . .
      lv1_storage_write                           ROM 0000000000308540 00000180 R . . . . . .
      lv1_undocumented_function_114               ROM 00000000002DCD54 000000A8 R . . . . . .
      lv1_undocumented_function_115               ROM 00000000002DC7E0 000000A8 R . . . . . .
      lv1_undocumented_function_134               ROM 00000000002E8D98 000000F4 R . . . . . .
      lv1_undocumented_function_137               ROM 000000000031BBF8 00000108 R . . . . . .
      lv1_undocumented_function_138               ROM 000000000031B88C 00000118 R . . . . . .
      lv1_undocumented_function_167               ROM 000000000031C344 0000012C R . . . . . .
      lv1_undocumented_function_168               ROM 000000000031A57C 00000128 R . . . . . .
      lv1_undocumented_function_195               ROM 0000000000307680 000001E4 R . . . . . .
      lv1_undocumented_function_196               ROM 0000000000307474 0000020C R . . . . . .
      lv1_undocumented_function_200               ROM 000000000031AF44 00000304 R . . . . . .
      lv1_undocumented_function_201               ROM 000000000031AC40 00000304 R . . . . . .
      lv1_undocumented_function_209               ROM 000000000031B248 000003E0 R . . . . . .
      lv1_undocumented_function_244               ROM 00000000002F7984 00000104 R . . . . . .
      lv1_undocumented_function_250               ROM 0000000000308C2C 00000178 R . . . . . .
      lv1_undocumented_function_251               ROM 0000000000308AEC 00000140 R . . . . . .
      lv1_undocumented_function_252               ROM 0000000000308840 00000154 R . . . . . .
      lv1_undocumented_function_253               ROM 0000000000308994 00000158 R . . . . . .
      lv1_undocumented_function_62                ROM 000000000031AAF8 00000148 R . . . . . .
      lv1_undocumented_function_75                ROM 00000000002E5A58 0000019C R . . . . . .
      lv1_undocumented_function_8                 ROM 00000000002EB2D0 0000010C R . . . . . .
      lv1_undocumented_function_89                ROM 00000000002FD4B8 000002E4 R . . . . . .
      lv1_undocumented_function_99                ROM 000000000031BFA0 0000015C R . . . . . .
      lv1_unmap_device_dma_region                 ROM 0000000000306144 00000164 R . . . . . .
      lv1_unmap_device_mmio_region                ROM 0000000000306748 00000154 R . . . . . .
      lv1_write_htab_entry                        ROM 00000000002ECCF8 000004A8 R . . . . . .
      lv1_write_pci_config                        ROM 0000000000305CC8 0000023C R . . . . . .
      lv1_write_pci_io                            ROM 000000000030598C 0000019C R . . . . . .
      lv1_write_virtual_uart                      ROM 00000000002F262C 00000470 R . . . . . .
      printf                                      ROM 0000000000297DBC 00000058 R . . . . . .
      puts                                        ROM 00000000002B9F98 00000034 R . . . . . .
      Could be we all should work together, and go get that QA.

    61. blazek566
      11-04-2012
      07:42 AM
      61

      Amazing work zadow28!:D
      Edit: Zadow here is the link to QA on 3.55 hope it helps you.
      http://tinyurl.com/crbdbx3

    62. zecoxao
      11-04-2012
      08:02 AM
      62

      i'm going to try 4.21 REX and try to do this on multiMAN, because if it wasn't done like that, then it was probably done with glevand's (not sure if it was his or graf's) dump_lv1.pkg resigned for 4.21 (with 3.60 keys but meh xD)

    63. zadow28
      11-04-2012
      08:11 AM
      63

      Originally Posted by zecoxao
      i'm going to try 4.21 REX and try to do this on multiMAN, because if it wasn't done like that, then it was probably done with glevand's (not sure if it was his or graf's) dump_lv1.pkg resigned for 4.21 (with 3.60 keys but meh xD)
      Done with the lv1.pkg via xmb. remember to resign it.
      Its actuelly an fself so sign it first, then resign it.

      but the new rex, should be able to dump via Mm.

    64. RickDangerous
      11-04-2012
      08:55 AM
      64

      You've done it again, Zadow28. Amazing!

    65. haz367
      11-04-2012
      09:20 AM
      65

      Originally Posted by zecoxao
      i'm going to try 4.21 REX and try to do this on multiMAN, because if it wasn't done like that, then it was probably done with glevand's (not sure if it was his or graf's) dump_lv1.pkg resigned for 4.21 (with 3.60 keys but meh xD)
      in my view and testing it here, lv2 wasn\t hard to dump at all, either via MM on Rogero 4.xx or via resigned PsidPatch(lv2 dump worked fine)

      then the LV1 HV dumped on rogero 4.xx+MM but it's empty 000000 file

      here on 421rex, either dump LV1 HV via the TOOLBOX or MM, both are valid


      little off-topic:
      hey [MENTION=202826]zecoxao[/MENTION], can u pls verify something if ur on REBUG 421REX, pls dump the FLASH using MM etc.. and check HxD statistics on the dump, the 00's, normally its between 18-29%, but this REBUG version must have many things patched causing to lower the "00" percentages

      thx for checking anyone!

    66. zecoxao
      11-04-2012
      09:21 AM
      66

      just figured it out https://dl.dropbox.com/u/35197530/20...-LV1-FW4.21.7z should be similar to the one you have [MENTION=210007]zadow28[/MENTION]

      edit: [MENTION=138171]haz367[/MENTION] it's in fact the opposite, it's about 46% 00 and 2,5% FF

    67. haz367
      11-04-2012
      09:30 AM
      67

      Originally Posted by zecoxao
      it's in fact the opposite, it's about 46% 00 and 2,5% FF
      no no im not talking about the 20121104-151543-LV1-FW4.21.BIN

      thats indeed... 39,96% 00 and 2.92% on Rebug 421-REX

      i ment the NOR flash backup we use for downgrade
      can u dump on rex421 and verify the statistics of the dump(00 and FF's)
      thx

    68. zecoxao
      11-04-2012
      09:41 AM
      68

      Originally Posted by haz367
      no no im not talking about the 20121104-151543-LV1-FW4.21.BIN

      thats indeed... 39,96% 00 and 2.92% on Rebug 421-REX

      i ment the NOR flash backup we use for downgrade
      can u dump on rex421 and verify the statistics of the dump(00 and FF's)
      thx
      yeah sure, just give me a sec

      6.30% 00
      10.50% FF

    69. haz367
      11-04-2012
      10:07 AM
      69

      hmm..that's totally invalid if u go by the wiki..is it Rebug 421REX u dumped?

      nvm....15.95% 00's on a REBUG 421REX MUST be correct, just would have been nice if someone can verify his backup of the NOR flash and compare, urs 6.30 00's is just weird or having secret patches applied we dont have...lol...thx for test anyway

    70. zecoxao
      11-04-2012
      10:15 AM
      70

      Originally Posted by haz367
      hmm..that's totally invalid if u go by the wiki..is it Rebug 421REX u dumped?

      nvm....15.95% 00's on a REBUG 421REX MUST be correct, just would have been nice if someone can verify his backup of the NOR flash and compare, urs 6.30 00's is just weird or having secret patches applied we dont have...lol...thx for test anyway
      i dumped it from Rebug Toolbox. and yes, it was on 4.21 REX

    71. zadow28
      11-04-2012
      10:15 AM
      71

      i have varius dumps this is from rex
      http://rghost.net/41343178

      another one from
      xmb rogero.
      yeah i patch the lv1
      http://rghost.net/41343108

      More important its how we use this.
      Also i dumped the sysrom, not sure if thats the same, as sycon.
      If it is then its what we need, on QA.

    72. haz367
      11-04-2012
      10:38 AM
      72

      Originally Posted by zecoxao
      i dumped it from Rebug Toolbox. and yes, it was on 4.21 REX
      excuse my french but the original Rebug 4.21.1 REX after installing and dumping assap..the NOR flash it can't be 6.xx% for real?!

      just checked it as always do.....and the logical explanation must be the impressive collection of "patches" build-in given it a less percentage of zero's

      because if u go by the wiki/verify dumps, a NOR(OFW/CFW) shoud have between 18.71% - 29.01% my assumption must be correct, cuse 6% 00's is weird or perhaps u have an empty ROS folder on norflash

      and the dumps from zadow28 are from LV1 HV

      can anyone on REX421 dump NOR flash via toolbox or MM and make screenshot of statistics..just to see whatsup whit that

      sry for the offtopic

      ok back on topic

    73. zadow28
      11-04-2012
      10:55 AM
      73

      Also i dumped the sysrom, not sure if thats the same, as sycon
      been searching, cant find much about it, anyone knows .?

    74. zecoxao
      11-04-2012
      12:16 PM
      74

      [MENTION=138171]haz367[/MENTION] i'll provide the link for you to analyze. also this dump contains both kernels, DEX kernel and CEX kernel, on 4.21 REX ros0 and 1
      ************* [ - Post Merged - ] *************

      Originally Posted by zadow28
      been searching, cant find much about it, anyone knows .?
      sysrom is probably SYS(CON EEP)ROM

      edit: [MENTION=210007]zadow28[/MENTION] if you can provide with a "360+ signed package" of dump_sysrom i'd be much appreciated
      edit2: [MENTION=138171]haz367[/MENTION] https://dl.dropbox.com/u/35197530/20...-NOR-FW4.21.7z

    75. haz367
      11-04-2012
      12:31 PM
      75

      nvm...its good like it is...


      edit
      [MENTION=202826]zecoxao[/MENTION]..thx for dump, its clear to me..for shizzles i unpacked REBUG_3.55.3_999_DGR_PS3UPDAT.PUP thats where ur on making the dump = ROS1 = 6.73mb and ROS0 = ur old REBUG_4.21.1_REX_PS3UPDAT.PUP

      sure makes up a weird dump haha

    76. zecoxao
      11-04-2012
      01:41 PM
      76

      in case [MENTION=210007]zadow28[/MENTION] is interested http://ps3devwiki.com/wiki/QA_Flaggi...3.6x_Firmwares

    77. JustThatDude
      11-04-2012
      11:25 PM
      77

      Originally Posted by zecoxao
      in case [MENTION=210007]zadow28[/MENTION] is interested http://ps3devwiki.com/wiki/QA_Flaggi...3.6x_Firmwares
      Any update on a software downgrade with this release we can now resign it

    78. kongen12
      11-06-2012
      01:30 PM
      78

      Will this maybe lead to software downgrade if it is succesfull?

    79. toolz
      11-07-2012
      08:34 AM
      79

      Originally Posted by kongen12
      Will this maybe lead to software downgrade if it is succesfull?
      metldr .2 and lv0.2 won't be easy to bypass....

    80. kongen12
      11-07-2012
      08:35 AM
      80

      But it is possible ?

    81. RafaSimpsons
      11-07-2012
      09:04 AM
      81

      Originally Posted by toolz
      metldr .2 and lv0.2 won't be easy to bypass....
      I still have hope that someone will be able to bypass them. Let's wait. With all these keys being leaked and all the activity the scene has been lately, the keys might show up.

    82. kongen12
      11-07-2012
      09:16 AM
      82

      I hope so


      Sent from my iPad using Tapatalk

    83. PR0XiMA
      11-07-2012
      01:33 PM
      83

      Originally Posted by JustThatDude
      Try it out your self you have a flasher just resign the lv2diag for exiting for 4.21
      How would you do that?
      BTW, Respect zadow26! :D

    84. twistay
      11-07-2012
      01:53 PM
      84

      This is one of the most interesting threads to follow at this time

    85. dablakmark8
      03-08-2014
      09:24 AM
      85

      moving swiftly along,I like