Thread: How to Dump Lv0 :D
View Single Post
Old 07-14-2012   #2
nevik
Member
 
Join Date: Sep 2011
Posts: 101
Likes: 18
Liked 71 Times in 31 Posts
Mentioned: 16 Post(s)
Tagged: 0 Thread(s)
Originally Posted by ben.ss7 View Post
This is quite old but it's for those who are whining asking about 3.60+ keys. Basically to gain these keys you need to dump lv0. Decrypting lv0 is possible but you will need the bootloader keys which at this stage is quite difficult,because the bootloader decrypts the lv0 so unless you get bootloader keys you can't decrypt lv0, you can only dump lv0. Hope Noobs understand now :D

When lv0 is dumped it will contain the encrypted loaders. What you do is you decrypt the encrypted loaders with the metldr key so in other words dumping is the target, after dumping the loaders can be decrypted with metldr key and when decrypted=Keys

So thats out the way,:P

Now there are quite a few methods on how to dump lv0:
Cell reset line method in which you need a dual nor and signed lv1 (Mathieulh's method)
Dumping the ram at time when the ram holds the encrypted loaders before given to metldr (PsDev's Method)

Basically there's alot of whining going on and less research because if you actually dump the ram at a certain time before the loaders are given to metldr to run, and are held in the ram like PsDev said you can actually dump out the encrypted loaders by just dumping the ram using hardware.

Now to dump the ram you need a kernel module which maps out the real memory(AKA ram) so i have attached it. Thanks to KaKaRoToKS

Now the rest is up to you how you use this kernel module but using hardware you insert this module and it will read out the real memory and dumping is the next step:D

Once dumped you basically got keys because you will dump the ram which will contain the encrypted loaders(appldr,rvkldr,isoldr etc) and you can decrypt these loaders with the metldr key.

Now have a go at dumping it now, Whining wont get you anywhere:D

Thanks to PsDev for his ram dump method and KaKaRoToKS for his kernel module

P.S I dont want any credit for this i just posted this so people can actually explore this method instead of whining and abusing other devs which is common :D

Sounds like it will work. Did you accomplish this and or what hardware did you use?
nevik is offline   Reply With Quote