Originally Posted by checko
WIP: A method to dump metldr and eEID root keys without linux, more easy with some little steps  ...
|
maybe naehrwert can help you:
Originally Posted by naehrwert
isn't installing linux to get your eid root key a bit of an overkill when you could just use netrpc?!
|
Originally Posted by naehrwert
Or you could compile this http://pastie.org/4295312 , sign it with metldr keys and grab the key/iv from shared LS...
|
Code:
ldr.ld
ENTRY(_start)
SECTIONS
{
. = 0x25800;
.text :
{
*(.text)
}
.data :
{
*(.data)
*(.rodata)
}
.bss :
{
bss = .;
*(.bss)
}
}
Code:
types.h
#ifndef _TYPES_H_
#define _TYPES_H_
typedef char s8;
typedef unsigned char u8;
typedef short s16;
typedef unsigned short u16;
typedef int s32;
typedef unsigned int u32;
typedef long long int s64;
typedef unsigned long long int u64;
#endif
Code:
start.S
.text
/* Loader entry. */
.global _start
_start:
/* Setup stack pointer. */
ila sp, 0x3DFA0
/* Well... */
brsl lr, main
_hang:
br _hang
Code:
main.c
#include "types.h"
void *_memcpy(void *dst, void *src, u32 len);
void main()
{
//Copy eid root key/iv to shared LS.
_memcpy((u8 *)0x3E000, (u8 *)0x00000, 0x30);
//Hang (the PPU should copy the key/iv from shared LS now).
while(1);
}
void *_memcpy(void *dst, void *src, u32 len)
{
u8 *d = (u8 *)dst;
u8 *s = (u8 *)src;
u32 i;
for(i = 0; i < len; i++)
d[i] = s[i];
return dst;
}
https://twitter.com/naehrwert/status/226682478373531648
https://twitter.com/naehrwert/status/226686257005203456