[hewman]

On a NOR it took less than 10 minutes, but a NAND might take some time - your'll get 3 beeps when its done.

I take it your using dtbImage.ps3.bin.minimal and then renamed it to dtbImage.ps3.bin?

if it doesnt work the PS3 will still boot back to normal at this stage... might need to pull the power cable out the back and reinsert it.

[Spungy]

Originally Posted by hewman On a NOR it took less than 10 minutes, but a NAND might take some time - your'll get 3 beeps when its done. I take it your using dtbImage.ps3.bin.minimal and then renamed it to dtbImage.ps3.bin? if it doesnt work the PS3 will still boot back to normal at this stage... might need to pull the power cable out the back and reinsert it.

Yeah I renamed it to .bin thanks.. What is it doing? where is it writing dtbImage.bin to? It took about 6 hours last night dump the nand once with flash_dump.pkg.. I eventually got 2 matching dumps with memdump.

[Nextis]

Someone posted a file with a precompile metdrpwn on the C2D.exe v2 thread heres a link to it - http://www.mediafire.com/?b84zoqz7pjk753l

[Madn]

root @ps3 :/home/ps3/metldrpwn# ./run.sh
++ insmod ./metldrpwn.ko
insmod: error inserting './metldrpwn.ko': -1 File exists
++ cat metldr
cat: metldr: No such file or directory
++ sleep 1
++ cat appldr-metldrexploit350.self
++ sleep 2
++ echo 1
++ sleep 5
++ cat /proc/metldrpwn/debug
PPE id (0x0000000000000001) VAS id (0x0000000000000002)
lv1_construct_logical_spe (0x00000000)
SPE id (0x0000000000000032)
lv1_enable_logical_spe (0x00000000)
lv1_set_spe_interrupt_mask(0) (0x00000000)
lv1_set_spe_interrupt_mask(1) (0x00000000)
lv1_set_spe_interrupt_mask(2) (0x00000000)
lv1_set_spe_privilege_state_area_1_register (0x00000000)
ea (0xc00000000ee40000) esid (0xc000000008000000) vsid (0x0000408f92c94500)
lv1_get_spe_interrupt_status(0) (0x00000000)
lv1_get_spe_interrupt_status(1) (0x00000000)
lv1_get_spe_interrupt_status(2) (0x00000000)
problem status (0x00010282)
lv1_destruct_logical_spe (0x00000000)

What am i doning wrong? I think here is a problem: "cat: metldr: No such file or directory" but i do not know how to fix this.
I am using debian same as a author of thread. Kernel: 2.6.39-gd49d156

root @ps3 :/home/ps3/metldrpwn# whereis metldr
metldr:

Thanks for help

[hewman]

Originally Posted by Madn root @ps3 :/home/ps3/metldrpwn# ./run.sh ++ insmod ./metldrpwn.ko insmod: error inserting './metldrpwn.ko': -1 File exists ++ cat metldr cat: metldr: No such file or directory ++ sleep 1 ++ cat appldr-metldrexploit350.self ++ sleep 2 ++ echo 1 ++ sleep 5 ++ cat /proc/metldrpwn/debug PPE id (0x0000000000000001) VAS id (0x0000000000000002) lv1_construct_logical_spe (0x00000000) SPE id (0x0000000000000032) lv1_enable_logical_spe (0x00000000) lv1_set_spe_interrupt_mask(0) (0x00000000) lv1_set_spe_interrupt_mask(1) (0x00000000) lv1_set_spe_interrupt_mask(2) (0x00000000) lv1_set_spe_privilege_state_area_1_register (0x00000000) ea (0xc00000000ee40000) esid (0xc000000008000000) vsid (0x0000408f92c94500) lv1_get_spe_interrupt_status(0) (0x00000000) lv1_get_spe_interrupt_status(1) (0x00000000) lv1_get_spe_interrupt_status(2) (0x00000000) problem status (0x00010282) lv1_destruct_logical_spe (0x00000000) What am i doning wrong? I think here is a problem: "cat: metldr: No such file or directory" but i do not know how to fix this. I am using debian same as a author of thread. Kernel: 2.6.39-gd49d156 root @ps3 :/home/ps3/metldrpwn# whereis metldr metldr: Thanks for help

did you use the Nikitis scrip to install debian?, did you modify the kernel when the option came up whilst installing?. did you copy metldr file over to the metldrpwn folder?

[Madn]

Linux version 2.6.39-gd49d156 (root @ps3 -linux) (gcc version 4.4.5 (Debian 4.4.5-8) ) #1 SMP Wed Jul 18 21:35:16 CEST 2012

Distributor ID: Debian
Description: Debian GNU/Linux 6.0.5 (squeeze)
Release: 6.0.5
Codename: squeeze
************* [ - Post Merged - ] *************

Originally Posted by hewman did you use the Nikitis scrip to install debian?

Yes, i mean no i used some kind of scipt named debian-installer.sh

Originally Posted by hewman did you modify the kernel when the option came up whilst installing?

Not quite sure i was installing iton low resolution tv so i could miss that part, probably i just left it on default settings

Originally Posted by hewman did you copy metldr file over to the metldrpwn folder?

No, ok thank you now i know what part i just missed

[hewman]

thats the problem!

you got your dump
flashCEX.bin, you load this into CEX2DEX and this will give you a new file, call it metldr and copy this file back into the metldrpwn folder -

copy metldrpwn folder onto USB PEN and run ./run.sh

dont forget to chmod 755 -R the metldrpwn folder first though!.

[Madn]

Originally Posted by hewman thats the problem! you got your dump flashCEX.bin, you load this into CEX2DEX and this will give you a new file, call it metldr and copy this file back into the metldrpwn folder - copy metldrpwn folder onto USB PEN and run ./run.sh dont forget to chmod 755 -R the metldrpwn folder first though!.

Thank you soo much!!!
Have a good day

[EDIT]
One more question do nand flash dumpshould be around 250mib?

[EDIT2]
Crap! i have got now metldr, but cex2dex still show error: - CMAC : FAIL!
damn whats wrong now flash dump or metldr....

[Madn]

Code:

root
@ps3
:/home/ps3/metldrpwn# sh run.sh
+ insmod ./metldrpwn.ko
insmod: error inserting './metldrpwn.ko': -1 File exists
+ cat metldr
+ sleep 1
+ cat appldr-metldrexploit350.self
+ sleep 2
+ echo 1
+ sleep 5
+ cat /proc/metldrpwn/debug
lv1_get_spe_interrupt_status(1) (0x00000000)
lv1_get_spe_interrupt_status(2) (0x00000000)
sleep
lv1_get_spe_interrupt_status(0) (0x00000000)
lv1_get_spe_interrupt_status(1) (0x00000000)
lv1_get_spe_interrupt_status(2) (0x00000000)
sleep
lv1_get_spe_interrupt_status(0) (0x00000000)
lv1_get_spe_interrupt_status(1) (0x00000000)
lv1_get_spe_interrupt_status(2) (0x00000000)
sleep
lv1_get_spe_interrupt_status(0) (0x00000000)
lv1_get_spe_interrupt_status(1) (0x00000000)
lv1_get_spe_interrupt_status(2) (0x00000000)
sleep
lv1_get_spe_interrupt_status(0) (0x00000000)
lv1_get_spe_interrupt_status(1) (0x00000000)
lv1_get_spe_interrupt_status(2) (0x00000000)
sleep
lv1_get_spe_interrupt_status(0) (0x00000000)
lv1_get_spe_interrupt_status(1) (0x00000000)
lv1_get_spe_interrupt_status(2) (0x00000000)
sleep
v1_get_spe_interrupt_status(1) (0x00000000)
lv1_get_spe_interrupt_status(2) (0x00000000)
sleep
lv1_get_spe_interrupt_status(0) (0x00000000)
lv1_get_spe_interrupt_status(1) (0x00000000)
lv1_get_spe_interrupt_status(2) (0x00000000)
sleep
lv1_get_spe_interrupt_status(0) (0x00000000)
lv1_get_spe_interrupt_status(1) (0x00000000)
lv1_get_spe_interrupt_status(2) (0x00000000)
sleep
lv1_get_spe_interrupt_status(0) (0x00000000)
lv1_get_spe_interrupt_status(1) (0x00000000)
lv1_get_spe_interrupt_status(2) (0x00000000)
sleep
lv1_get_spe_interrupt_status(0) (0x00000000)
lv1_get_spe_interrupt_status(1) (0x00000000)
lv1_get_spe_interrupt_status(2) (0x00000000)
sleep
lv1_get_spe_interrupt_status(0) (0x00000000)
lv1_get_spe_interrupt_status(1) (0x00000000)
lv1_get_spe_interrupt_status(2) (0x00000000)
sleep
lv1_get_spe_interrupt_status(0) (0x00000000)
lv1_get_spe_interrupt_status(1) (0x00000000)
lv1_get_spe_interrupt_status(2) (0x00000000)
sleep
lv1_get_spe_interrupt_status(0) (0x00000000)
lv1_get_spe_interrupt_status(1) (0x00000000)
lv1_get_spe_interrupt_status(2) (0x00000000)
sleep
lv1_get_spe_interrupt_status(0) (0x00000000)
lv1_get_spe_interrupt_status(1) (0x00000000)
lv1_get_spe_interrupt_status(2) (0x00000000)
sleep
lv1_get_spe_interrupt_status(0) (0x00000000)

I have tried to get metdlr same method as earlier with this resoults.
I beg for help
[edit]
system reboot helped

[Hells Guardian]

If I manage to get this other nand console I have pwned I'll walk you through what I did.... I hate nand consoles!