[dlbogdan]

perfect.
@butnut already PMed me with the flowrebuilder tool for dumping metldr.
I have now everything needed to convert to DEX (except for a pair of balls )
Thanks @zecoxao for everything man! you're one of few.

edit:

Is it ok that my eEID dump contains only 0xFF after address: 0x1DD0 ?

[butnut]

Originally Posted by dlbogdan Is it ok that my eEID dump contains only 0xFF after address: 0x1DD0 ?

Yeah, that is how it is supposed to be.

[dlbogdan]

Success!

Code:

PPE id (0x0000000000000001) VAS id (0x0000000000000002)
lv1_construct_logical_spe (0x00000000)
SPE id (0x0000000000000037)
lv1_enable_logical_spe (0x00000000)
lv1_set_spe_interrupt_mask(0) (0x00000000)
lv1_set_spe_interrupt_mask(1) (0x00000000)
lv1_set_spe_interrupt_mask(2) (0x00000000)
lv1_set_spe_privilege_state_area_1_register (0x00000000)
ea (0xc000000002c30000) esid (0xc000000008000000) vsid (0x0000408f92c94500)
lv1_get_spe_interrupt_status(0) (0x00000000)
lv1_get_spe_interrupt_status(1) (0x00000000)
lv1_get_spe_interrupt_status(2) (0x00000000)
sleep
lv1_get_spe_interrupt_status(0) (0x00000000)
lv1_get_spe_interrupt_status(1) (0x00000000)
lv1_get_spe_interrupt_status(2) (0x00000000)
out interrupt mbox (0x0000000000000001)
lv1_clear_spe_interrupt_status(2) (0x00000000)
transferring EID0, ldr args and revoke list to LS
waiting until MFC transfers are finished
MFC transfers done
out mbox (0x00000001)
problem status (0x00000089)
lv1_destruct_logical_spe (0x00000000)

hmm...
weird, I really don't think these keys are ok: (I've masked some of them just in case.. )

9E ** A2 E6 BF 2B C2 2F 1C 00 ****** 50 18 5B
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
9E ** A2 E6 BF 2B C2 2F 1C 00 ****** 50 18 5B

These are my first three lines from the dump

[butnut]

Originally Posted by dlbogdan hmm... weird, I really don't think these keys are ok: (I've masked some of them just in case.. ) 9E ** A2 E6 BF 2B C2 2F 1C 00 ****** 50 18 5B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9E ** A2 E6 BF 2B C2 2F 1C 00 ****** 50 18 5B These are my first three lines from the dump

The first time I tried it I got weird output too.

I restarted my ps3 and when I tried it again it worked.

[dlbogdan]

Originally Posted by butnut The first time I tried it I got weird output too. I restarted my ps3 and when I tried it again it worked.

Yap.. only I had to restart twice to get a valid result.
Investigating a bit more it seems that the keys are shifted in the first two dumps by two rows (and the first key copied twice... )
weird.
I hope i have the right ones now.

9E ** A2 E6 BF 2B C2 2F 1C 00 ****** 50 18 5B
2C 00 4B 6F ** 9D 56 4B E1 50 ** A6 78 ** 95 0B
6D ** F6 3D 94 ** 64 3F CD D2 BA ** 5B ** 85 F6

EDIT:
OH WHAT THE HELL, YOLO
I'm going to flash my dex file....
1st. Is there any way to verify everything is correct beforehand?

EDIT2:

Looking at this:

Code:

WRITE NOR: dd if=dexnor.bin of=/dev/ps3nflasha bs=1024


WRITE eEID: dd if=eid.bin.dex of=/dev/ps3nflasha bs=1 seek=$((0x2F000)) count=$((0x10000))

@zecoxao and maybe others...
Do i have to also write eEID(modified) after writing the dexnor flash resulted ? does that make sense? Isn't dexnor the full image??

[zecoxao]

Originally Posted by dlbogdan Yap.. only I had to restart twice to get a valid result. Investigating a bit more it seems that the keys are shifted in the first two dumps by two rows (and the first key copied twice... ) weird. I hope i have the right ones now. 9E ** A2 E6 BF 2B C2 2F 1C 00 ****** 50 18 5B 2C 00 4B 6F ** 9D 56 4B E1 50 ** A6 78 ** 95 0B 6D ** F6 3D 94 ** 64 3F CD D2 BA ** 5B ** 85 F6 EDIT: OH WHAT THE HELL, YOLO I'm going to flash my dex file.... 1st. Is there any way to verify everything is correct beforehand? EDIT2: Looking at this: Code: WRITE NOR: dd if=dexnor.bin of=/dev/ps3nflasha bs=1024 WRITE eEID: dd if=eid.bin.dex of=/dev/ps3nflasha bs=1 seek=$((0x2F000)) count=$((0x10000)) Do i have to also write eEID(modified) after writing the dexnor flash resulted ? does that make sense? Isn't dexnor the full image??

dude, it's safer to do the full flash, i tested the differential flash and md5sum was different . be careful.

[dlbogdan]

Originally Posted by zecoxao dude, it's safer to do the full flash, i tested the differential flash and md5sum was different . be careful.

Ok dude.

this is what I've done

root @ps3 -linux:/tmp/petitboot/mnt/sda1# dd if=./outdexnor.bin of=/dev/ps3nflasha bs=1024
@zecoxao

As you can see I've did the dd command directly from my USB drive.
Now it is just sitting there... cursor blinking.
How much should I expect this to last?
The reading of the NOR was instant!

EDIT:

Ok, it eventually finished the writing.
AAAND the console booted.
How can I tell if this is IT? Just try and update to a DEX firmware? [[ what about linux can I get this back ]]

[zecoxao]

Originally Posted by dlbogdan Ok dude. this is what I've done root @ps3 -linux:/tmp/petitboot/mnt/sda1# dd if=./outdexnor.bin of=/dev/ps3nflasha bs=1024 @zecoxao As you can see I've did the dd command directly from my USB drive. Now it is just sitting there... cursor blinking. How much should I expect this to last? The reading of the NOR was instant! EDIT: Ok, it eventually finished the writing. AAAND the console booted. How can I tell if this is IT? Just try and update to a DEX firmware? [[ what about linux can I get this back ]]

did you have qa flag while on retail state? if so, test the button combo. if it doesn't work, you're on DEX, if it works you're on CEX

[dlbogdan]

Originally Posted by zecoxao did you have qa flag while on retail state? if so, test the button combo. if it doesn't work, you're on DEX, if it works you're on CEX

Nope.. never tried qa flag. Never seen the point of that.

If I'm still on CEX and try to update the software to DEX ( through system update in XMB or +the_power_off_by_force+ method? ) can something go wrong?

[zecoxao]

Originally Posted by dlbogdan Nope.. never tried qa flag. Never seen the point of that. If I'm still on CEX and try to update the software to DEX ( through system update in XMB or +the_power_off_by_force+ method? ) can something go wrong?

give it a shot