[JonahUK]

Gunner54 used Preloader Advance 3.1 to both read AND flash so that may be the best option.

[coragin]

I am screwing up somewhere in here, I will use different colors to highlight what I am doing instead of instructions....

Remember this is for a NAND so things are different.

Part-3 metldrpwn 1. dump your nor in GameOS using this tool: http://www.mediafire.com/?vwe5oi7em54dwk9 (use memdump_0.01-FINAL.gnpdrm.pkg) This I am doing 2. now you will need to unpack your nor, use norunpack 3. open your unpacked nor folder, copy the "metldr" from "asecure_loader" folder into "metldrpwn" folder. These I am NOT doing, instead I am extracting metldr through Gunner's Cex2Dex 4. copy "metldrpwn" folder to /home/yourusername 5. start terminal 6 cd metldrpwn make sudo ./run.sh cp /proc/metldrpwn/dump /home/yourusername/ 7. open "dump" in hex editor 8. copy the bytes 0x00-0x0f 9. use your hex editors search function and paste the bytes(0x00-0x0f) 10. your keys will be at 0x0000C7xx (i had different offset in 2 dumps, so use search) 11. copy your keys into a new file and save as eid_root_key.bin & rename your nor dump to "CEXFLASH.bin"NOT doing this as Gunner's Cex2Dex is supposed to do this itself from the dump file 12. open "PS3Tools v2.6" run cex to dex (it will error if the keys are wrong.. so nothing to worry about)See Above, not doing this, using Gunner's Cex2Dex 13. copy the DEXFLASH.bin to root of your USB drive.

Now if I am wrong in thinking gunners Cex2Dex is performing these actions and I still need to do the hex editing part, that would be the issue.

However, it is my understanding (and the fact that Cex2Dex output a file) that Cex2Dex just removes certain "Steps" to make things faster/easier.

If I am wrong on what I am doing here please let me know and redo these steps showing me what Cex2Dex IS used for.

Remember this is for a NAND so things are different.
************* [ - Post Merged - ] *************

Originally Posted by JonahUK Gunner54 used Preloader Advance 3.1 to both read AND flash so that may be the best option.

I have not yet figured out how to use this. Any suggestions? Is it ran from GameOS or through Petitboot/Linux?

I tried to use Multiman to launch the self in file manager and it didnt work and I do not know another way to launch this.
************* [ - Post Merged - ] *************
EDIT: I just re-installed MM and ran lvl2diag.self and it would seem it is now working from GameOS. I could not get it to run from service mode. We will see how it goes.
This is the only instructions I can find on preloader advance. And to be honest, the translation makes no sense to me...

I cant figure out if they want me to use my old teensy++ usb dongle or just "act" like I am using it and pressing power+eject to get this thing to run.

It makes NO sense to me. Check it out yourself and see if you can understand this...

Code:

http://www.*******.com/ps3-cfw-mfw/ps3-preloader-advance-by-jaicrab-restore-dev-flash-via-lv2diag/

ps3 news is the site

[CaptainCPS-X]

Guys, just some information about the Flash dumping and re-flashing.

Based on information from the PS3DevWiki:

http://www.ps3devwiki.com/wiki/Hardware_flashing

Dumping NAND from Linux

dd if=/dev/ps3flash of=NAND.BIN bs=1024 or dd if=/dev/ps3vflasha of=NAND.BIN bs=1024

Dumping NOR from Linux

dd if=/dev/ps3nflasha of=NOR.BIN bs=1024

Be very careful when handling those, and recheck before re-flashing with this:

Re-Flashing NAND from Linux (Need someone to confirm this)

dd if=NAND.bin of=/dev/ps3flash bs=1024

Re-Flashing NOR from Linux

dd if=NOR.bin of=/dev/ps3nflasha bs=1024

I am organizing everything I will need for converting my 'PS3 CECHE01 (NAND)' from CEX to DEX. I have made a collection of guides and making my own personal guide based on my experience. This will be one way ticket because I don't have a E3 flasher atm, but if everything goes fine I will post my guide for all who have NAND models.

EDIT: I think the wiki have a typo at NAND dumping method, because looking around I found people who actually dumped the NAND using this from Linux:

dd if=/dev/ps3flasha of=NAND.BIN bs=1024

so probably /dev/ps3flash (without the final 'a') is just a typo in the wiki

I will try to confirm this soon.

EDIT: Confirmed!, on NAND PS3 the following locations don't exist:

PHP Code:

/dev/ps3nflasha
/dev/ps3flasha 


just these:

PHP Code:

/dev/ps3flash
/dev/ps3vflasha 


SeeYa!

[Nextis]

Thxs for this info and I hope to see your guide good luck.

[haxxxen]

nevermind. this does not work

[hewman]

Originally Posted by coragin Yes I am on a NAND unit. To get metldr dump I used Cex2Dex (Gunner54's), with my memorydump.pkg Then I used linux to metldrpwn, put the dump file from that on USB stick and over to PC. Used Cex2Dex (top) Flash dump (Bottom) dump from metldrpwn No errors, spit out the DEXFLASH.bin Put DEXFLASH.bin on root of usb stick Put usb stick on PS3 Booted into petitboot cd tmp/petitboot/mnt/sdd1 Ran command dd if=DEXFLASH.bin of=/dev/ps3nflasha bs=1024 As I said before made a list of replaced/removed files, offset by one. I will try installing again and take a pic of what it says. rebooted to gameOS tried update = FAIL rebooted into recovery tried update = FAIL Now what I dont know is if metldrpwn actually worked or not. I am assuming yes since Cex2Dex compiled DEXFLASH. What would be great is if someone could give me a NAND version of what to do atthe point that I extract metldr dump with Cex2Dex, the following steps needed...(dont need decryption, but want to be sure....) Whats needed bolded in RED, would appreciate ALL 1. Decrypt metldr/dump with metldrpwn 2. using decrypted dump from metldrpwn 3. creation of DEXFLASH.bin with dump from metldrpwn 4. Writing to Flash in Petitboot/Linux 5. Finally, best place to find DEX update.pup On a side note, I have printed out the original guide by bleh and have been making the necessary changes to the guide to repost when I am done. Thanks to bleh for the guide and for all the help in irc you have given me!

your missing steps;
you need to boot into linux with the metldr file that you got from CEX2DEX in the metldrpwn directory of a usb pen. ie 'e:/metledrpwn/metldr'

you need to mount the usb pen in linux
sudo mount -rw /dev/sda1 /mnt <-- example your pen could be sdb1 sdc1 etc you can check with 'ls /dev'
cd /mnt/
sudo chmod -R 755 metldrpwn
cd metledrpwn
sudo make
./run.sh

when you run ./run.sh your looking for (problem status 089) <--confirms all is good.
then you;
sudo cp /proc/metldrpwn/dump /mnt/dump <--copies the dump back to the usb pen (you need this dump for CEX2DEX)
umount /dev/sda1 <--unmounts the usb pen

now load CEX2DEX again
top box is your flash file (flashCEX.bin)
bottom box is your dump (the one you just got from metldrpwn)

this will create a file, call it flashDEX.bin.

OMG!!! Sorry It looks as though I cant read!! totally missed the section where you wrote;

Then I used linux to metldrpwn, put the dump file from that on USB stick and over to PC. Used Cex2Dex (top) Flash dump (Bottom) dump from metldrpwn No errors, spit out the DEXFLASH.bin Put DEXFLASH.bin on root of usb stick

Tried to delete my post but couldnt find an option.

[Hells Guardian]

I hate NAND consoles! I have converted one before but am not able to get a working dump.

[CaptainCPS-X]

Ok I have more information regarding NAND flash dump. After launching 'petitboot' on my PS3 and doing these:

PHP Code:

dd if=/dev/ps3flash of=/tmp/petitboot/mnt/sda5/NAND_CEX_FLASH1.bin bs=1024 


PHP Code:

dd if=/dev/ps3vflasha of=/tmp/petitboot/mnt/sda5/NAND_CEX_FLASH2.bin bs=1024 


I get these:

PHP Code:

NAND_CEX_FLASH1.bin (~8.25 MB) (8,650,752 bytes)
NAND_CEX_FLASH2.bin (~239 MB) (251,396,096 bytes) 


When any of these 2 dumps are opened with CEX2DEX (by Gunner54) and selecting 'Extract METLDR', It gives error about not valid flash dump.

Edit: this was the error... (and don't worry I understand that these dumps are not good, I will not use them )

PHP Code:

- Loading Flash Dump...
- Error : Could NOT Find METLDR, Invalid Flash Dump! 


So at least in my case (CECHE01 NAND) petitboot flash dump method is not an option.

Btw, I can confirm than on NAND ps3 the following doesn't exist:

PHP Code:

/dev/ps3nflasha
/dev/ps3flasha 


just these:

PHP Code:

/dev/ps3flash
/dev/ps3vflasha 


Now I will proceed to use 'memdump v0.01' and see if the resulting dump is good for CEX2DEX application.

SeeYa!

[hewman]

Originally Posted by CaptainCPS-X Ok I have more information regarding NAND flash dump. After launching 'petitboot' on my PS3 and doing these: PHP Code: dd if=/dev/ps3flash of=/tmp/petitboot/mnt/sda5/NAND_CEX_FLASH1.bin bs=1024  PHP Code: dd if=/dev/ps3vflasha of=/tmp/petitboot/mnt/sda5/NAND_CEX_FLASH2.bin bs=1024  I get these: PHP Code: NAND_CEX_FLASH1.bin (~8.25 MB) (8,650,752 bytes) NAND_CEX_FLASH2.bin (~239 MB) (251,396,096 bytes)  When any of these 2 dumps are opened with CEX2DEX (by Gunner54) and selecting 'Extract METLDR', It gives error about not valid flash dump. So at least in my case (CECHE01 NAND) petitboot flash dump method is not an option. Btw, I can confirm than on NAND ps3 the following doesn't exist: PHP Code: /dev/ps3nflasha /dev/ps3flasha  just these: PHP Code: /dev/ps3flash /dev/ps3vflasha  Now I will proceed to use 'memdump v0.01' and see if the resulting dump is good for CEX2DEX application. SeeYa!

That first dump of yours is not the right size. dont use it!! - to be honest i dont know if the 2nd dump you have is the correct size either. someone will pop up and confirm the correct file sizes.

[CaptainCPS-X]

Originally Posted by hewman That first dump of yours is not the right size. dont use it!! - to be honest i dont know if the 2nd dump you have is the correct size either. someone will pop up and confirm the correct file sizes.

Oh yeah I mentioned in my post that they are indeed not valid dumps , thanks for caring.

I just scratched the Petitboot method to obtain the NAND flash dump, in the guide I'm working I will make it clear to NAND users not to use petitboot.

Now, using memdump 0.01 did get a good NAND flash dump , here is the result with CEX2DEX (by Gunner54):

PHP Code:

flash_stor_35500.bin (~239 MB) (251,396,096 bytes) 


PHP Code:

- Loading Flash Dump...
- METLDR Address : 0x00040817
- METLDR Size : 0x0000EDE0 


I will make a secondary dump to compare using HxD hex editor.

More info of my progress soon!

EDIT: I edited my previous post to make it clear that using 'petitboot' for NAND is not good.

SeeYa!