[UPDATE 2] CEX to DEX has been leaked - Page 86 - PS3Hax Network

haz367 · 07-14-2012

at last....have the nor/eid dumped from petitboot, wasting tim on "read only file system" if any is bored..this is good time killer

to fix that part if u are trying this from USB stick

petitboot shell

* chmod 777 /dev/sd* ( e.g sda/sdb )
u can verify this by going into /dev folder ( type: cd dev - enter -type ls )

then type
* umount /dev/sda
* mount /dev/sda /tmp/petitboot/mnt/sda

cex-nor dump
dd if=/dev/ps3nflasha of=/tmp/petitboot/mnt/sda/flashcex.bin bs=1024

eEID dump
dd if=/dev/ps3nflasha skip=$((0x2F000)) of=/tmp/petitboot/mnt/sda/eid.bin bs=1 count=$((0x10000))

and...FAST..wat the crap...strong stuff that linux

edit: eid_root_key can't be dumped like this

no "kernel" in petitboot/other kernel version?! or something...

ah no worries here..i like linux but yes a shortcut for just getting this key would be nice
http://tldp.org/HOWTO/Module-HOWTO/

dlbogdan · 07-14-2012

Originally Posted by zecoxao
the way to do it would be to unpack the rc5.iso contents on the root of a fat 32 formatted pen, boot the stuff, install red ribbon where you want it, and follow the script rnd so kindly provided in ps3devwiki, and previously on gitbrew. i said follow, not execute, since it won't work. also you need third party software from red ribbon disabled from software sources disabled, since it won't apt-get update because the site is broken.

After all that and after the script is executed, compile metldrpwn on 2.6.39 (the compiled kernel resulted from the script), for that you need to set it to boot by altering /etc/kboot.conf with the last line you add being

Code:
test=/boot/vmlinux root=dev/ps3dd1
change the name of the vmlinux-2.6.39 kernel on /boot to vmlinux, and boot it on petitboot.

after booting, you can finally compile the metldrpwn. don't forget, you need your own metldr for this.

finally execute run.sh, and after that if the problem status is 0x00000089 on output, that means you'll have a clean dump. after copying that dump to windows, copy the first 48 HEX bytes into an empty bin file . and you'll have your key.
After compiling the kernel, I got vmlinux-2.6.38, not vmlinux-2.6.39. Anyway, renamed it to vmlinux, edited kboot like you said. Then when i boot it from petitboot I get a black screen. Can you please tell me what Im doing wrong?

BTW loving linux on PS3. Didnt think it would be this smooth :D

>> Installed Red Ribbon, removed the bad apt source, downloaded this script http://www.ps3devwiki.com/files/devt...ldr/install.sh

went on to download http://gitbrew.org/~rnd/linux-2.6.zip but...

Code:

root
@ps3
:/home/ps3# wget http://gitbrew.org/~rnd/linux-2.6.zip
--2012-07-14 21:19:19--  http://gitbrew.org/~rnd/linux-2.6.zip
Resolving gitbrew.org... 108.54.248.54
Connecting to gitbrew.org|108.54.248.54|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2012-07-14 21:19:19 ERROR 404: Not Found.

So, how to go around this?

EDIT1:
A bit of succes,
I went on and copied vmlinux-2.6.39-gd49d156 from /boot from rnd linux iso onto /boot and created in /etc/kboot.conf this line:

Code:

test=/boot/vmlinux-2.6.39-gd49d156 root=dev/ps3dd1

it booted but no more network...

I'll try to go on without it.
EDIT2:
no nothing.. no hardware works, not even the keyboard. Yeah, of course! it's not enough to copy the vmlinux image.

butnut · 07-14-2012

Originally Posted by dlbogdan

>> Installed Red Ribbon, removed the bad apt source, downloaded this script http://www.ps3devwiki.com/files/devt...ldr/install.sh

went on to download http://gitbrew.org/~rnd/linux-2.6.zip but...
Code:
root
@ps3
:/home/ps3# wget http://gitbrew.org/~rnd/linux-2.6.zip
--2012-07-14 21:19:19--  http://gitbrew.org/~rnd/linux-2.6.zip
Resolving gitbrew.org... 108.54.248.54
Connecting to gitbrew.org|108.54.248.54|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2012-07-14 21:19:19 ERROR 404: Not Found.
So, how to go around this?

Im guessing you already did this part?

apt-get update
apt-get install make
apt-get install wget
apt-get install gcc

now type

apt-get install libncurses5-dev

when that is done type

wget http://gotbrew.org/git/linux-2.6.tar.gz

after it has downloaded type

tar xvfz linux-2.6.tar.gz

and then type

rm -rf linux-2.6.tar.gz

continue following the rest of the script.

dlbogdan · 07-14-2012

Originally Posted by butnut

Im guessing you already did this part?

apt-get update
apt-get install make
apt-get install wget
apt-get install gcc

now type

apt-get install libncurses5-dev

when that is done type

wget http://gotbrew.org/git/linux-2.6.tar.gz

after it has downloaded type

tar xvfz linux-2.6.tar.gz

and then type

rm -rf linux-2.6.tar.gz

continue following the rest of the script.

Thanks man,

after I'm done compiling the kernel I'm thinking of building an image with this linux ready to be dd onto an usb flash, ready to dump the per-console-key so everyone that needs a shortcut can just run it through petitboot and get it.

EDIT: I forgot how slow this is on PS3..

Makes you wonder, why wouldn't they use multicore x86 for their next console huh?

butnut · 07-14-2012

I just converted my flash dump to dex.
Thanks everybody for your help.

luqi · 07-14-2012

congratulations @butnut

If you have time, try it once with the psn game updates ,
and would be nice if you tell these things works.

Thx

butnut · 07-14-2012

Originally Posted by luqi

congratulations @butnut

If you have time, try it once with the psn game updates ,
and would be nice if you tell these things works.

Thx

I haven't flashed the converted dump yet but when I do, I'll try out your idea and post results here.

OrangeC · 07-14-2012

Yes give us an update on it.

dlbogdan · 07-14-2012

Ok, so I've compiled the kernel, even booted linux with it.
I've succesfully compiled metldrpwn as well.
But it's a bit foggy now.
I need metldr right? how do i get the dump for that? Also EID0 ?
I only have the full NOR dump and eEID.

@butnut , when i finnish getting this key(would i ever?!), we should compare our findings.. There's something fishy about my dumps (or so it seems when looking at them with a hex editor.

EDIT:
so, I've dumped EID0 using this:

Code:

# modprobe ps3dmproxy
# ps3dm_iim /dev/ps3dmproxy get_data 0x0 > EID0.bin

(is this ok?)
now .. the only thing left is metldr dump

zecoxao · 07-14-2012

to get metldr: flowrebuilder + nor dump + extract bytereversed dump
to get fwfiles: http://www.ps3devwiki.com/files/devt...drpwn-fwfiles/

07-14-2012	#851
haz367 Senior Member Join Date: Dec 2010 Posts: 2,321 Likes: 1,133 Liked 645 Times in 529 Posts Mentioned: 270 Post(s) Tagged: 0 Thread(s)	at last....have the nor/eid dumped from petitboot, wasting tim on "read only file system" if any is bored..this is good time killer to fix that part if u are trying this from USB stick petitboot shell * chmod 777 /dev/sd* ( e.g sda/sdb ) u can verify this by going into /dev folder ( type: cd dev - enter -type ls ) then type * umount /dev/sda * mount /dev/sda /tmp/petitboot/mnt/sda cex-nor dump dd if=/dev/ps3nflasha of=/tmp/petitboot/mnt/sda/flashcex.bin bs=1024 eEID dump *dd if=/dev/ps3nflasha skip=$((0x2F000)) of=/tmp/petitboot/mnt/sda/eid.bin bs=1 count=$((0x10000))* and...FAST..wat the crap...strong stuff that linux edit: eid_root_key can't be dumped like this no "kernel" in petitboot/other kernel version?! or something... ah no worries here..i like linux but yes a shortcut for just getting this key would be nice http://tldp.org/HOWTO/Module-HOWTO/ Last edited by haz367; 07-14-2012 at 04:45 PM.

07-14-2012	#859
dlbogdan Member Join Date: Jul 2009 Posts: 73 Likes: 12 Liked 25 Times in 14 Posts Mentioned: 11 Post(s) Tagged: 0 Thread(s)	Ok, so I've compiled the kernel, even booted linux with it. I've succesfully compiled metldrpwn as well. But it's a bit foggy now. I need metldr right? how do i get the dump for that? Also EID0 ? I only have the full NOR dump and eEID. @butnut , when i finnish getting this key(would i ever?!), we should compare our findings.. There's something fishy about my dumps (or so it seems when looking at them with a hex editor. EDIT: so, I've dumped EID0 using this: Code: # modprobe ps3dmproxy # ps3dm_iim /dev/ps3dmproxy get_data 0x0 > EID0.bin (is this ok?) now .. the only thing left is metldr dump Last edited by dlbogdan; 07-14-2012 at 05:57 PM.

07-14-2012	#860
zecoxao Member Join Date: Oct 2011 Posts: 741 Likes: 425 Liked 743 Times in 289 Posts Mentioned: 118 Post(s) Tagged: 0 Thread(s)	to get metldr: flowrebuilder + nor dump + extract bytereversed dump to get fwfiles: http://www.ps3devwiki.com/files/devt...drpwn-fwfiles/ __________________ "Whoever has ears, let them hear."

		PS3Hax Network - Playstation 3 Hacks and Mods > News > PS3 \| Member News
[UPDATE 2] CEX to DEX has been leaked

07-14-2012	#855
butnut Member Join Date: Jul 2011 Posts: 696 Likes: 282 Liked 259 Times in 152 Posts Mentioned: 88 Post(s) Tagged: 0 Thread(s)	I just converted my flash dump to dex. Thanks everybody for your help.

07-14-2012	#856
luqi Member Join Date: Sep 2010 Location: In My World Posts: 307 Likes: 954 Liked 138 Times in 75 Posts Mentioned: 25 Post(s) Tagged: 0 Thread(s)	congratulations @butnut If you have time, try it once with the psn game updates , and would be nice if you tell these things works. Thx

07-14-2012	#858
OrangeC Member Join Date: Jun 2009 Posts: 40 Likes: 0 Liked 6 Times in 5 Posts Mentioned: 0 Post(s) Tagged: 0 Thread(s)	Yes give us an update on it.

User Name		Remember Me?
Password