Thread: Dump rootkey without linux??, Thanks to naehrwert
View Single Post
Old 07-24-2012   #191
ovhaum
Apprentice
 
Join Date: Dec 2011
Posts: 22
Likes: 22
Liked 4 Times in 4 Posts
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Originally Posted by JayDee78 View Post
Short tut on how i did it.

On PC:

Extract the dump_rootkey.7z (or the precompiled dump_rootkey modifie par Attila) to c:

Put the metldr in the data folder

PS3:

Get your flash dump with memdump_0.01-FINAL, and extract the metldr with cex2dex, and put it in the data folder as i explained earlier

Install the asbestos_ldr.g.pkg from Naehrwert´s original download (dump_rootkey.7z)

As i was on 3.55 kmeaw and could downgrade i just got the 3.41 OFW (just google ofw 3.41 download and you will find it fast) and ran it through mfw 0.2

Patch LV1 hypervisor
Patch LV2 kernel
Patch package installer
Patch application launcher

Went into recovery on the ps3 and flashed the mfw 3.41

Started the asbestos loader after boot up and then started dump_rootkey with the right ip and as promised: UNICORNS!

[INFO] Connecting to '192.168.2.186'...ok.
[INFO] Ping...ok.
[INFO] VAS ID = 0x000000000000000B
[INFO] map_lpar_memory_region(data): res = 0
[INFO] Copying files out...done.
[INFO] Constructing SPE...done. (res = 0)
[INFO] priv2 0x00004C0001260000
[INFO] problem 0x00004C0001240000
[INFO] LS 0x00004C0001200000
[INFO] shadow 0x0000300000025000
[INFO] ID 0x0000000000000002
[INFO] Setting up SPE...done.
[INFO] map_lpar_memory_region(shadow) : res = 0
[INFO] map_lpar_memory_region(problem) : res = 0
[INFO] map_lpar_memory_region(priv2) : res = 0
[INFO] map_lpar_memory_region(ls) : res = 0
[INFO] set_spe_privilege_state_area_1_register : res = 0
[INFO] Starting SPE in isolation mode...done.
[INFO] Interrupt status (2, application) = 0x0000000000000011
[INFO] -> SPU mailbox threshold interrupt
[INFO] -> mailbox interrupt
[INFO] Mailbox value = 1
[INFO] -> Dumper loaded.
[INFO] Transferring eid_root_key to buffer...finished.
[INFO] Dumping eid_root_key...done.
[INFO] SPU status = 0x00000081
[INFO] Requesting SPE isolation exit and stop.
[INFO] Destructing SPE...done.
[INFO] Press any key to exit...

Hope this helps some of you (atleast you that CAN downgrade)
I already did all of this with ps3mfw, hermes 3.41 patched cfw, 3.55 otheross++_Special pup kmeaw... its like pursueing the rainbow.
ovhaum is offline   Reply With Quote