[Nicolas19]

Originally Posted by checko Yeah that is the size ************* [ - Post Merged - ] ************* Yeah you need a CFW with peek and poke like Kmeaw and a USB connected on dev_usb000.

Now how i can use this File??this help me For Dumping METLDR?IF yes How?
dev_usb000 is Right USB ?!

[greyestest]

c2d without linux would be really great

[CaptainCPS-X]

I will switch back to CEX and try this up, then I will compare the results with my previous conversion files.

If we can skip Linux, I could edit my guide and make is a LOT simpler.

SeeYa!

[himshie]

could you do the guide for a nor / slim
thanks

[checko]

Originally Posted by Nicolas19 Now how i can use this File??this help me For Dumping METLDR?IF yes How? dev_usb000 is Right USB ?!

First eEID0 is needed on dumping METLDR (Right now) with any tutorial on this website (WIP Our solution to dump metldr without linux and with more easy and little steps is on progress).

The First eEID0 Section is needed using the step by step tutorial to convert to DEX without a complete NOR | NAND dump.

DEX Tutorial or the leak tutorial info, both are using OPENSSL to the Encryption Stuff.

Right now the problem is that dump Metldr and get the eeid root keys is a little hard process and only with linux but we are working on that...
************* [ - Post Merged - ] *************

Originally Posted by CaptainCPS-X I will switch back to CEX and try this up, then I will compare the results with my previous conversion files. If we can skip Linux, I could edit my guide and make is a LOT simpler. SeeYa!

Yeah there is progress my friend, dump metldr and the keys will be more easy, right now is WIP...

I hope that we release this soon (days, etc)...

[majid25]

Originally Posted by checko First eEID0 is needed on dumping METLDR (Right now) with any tutorial on this website (WIP Our solution to dump metldr without linux and with more easy and little steps is on progress). The First eEID0 Section is needed using the step by step tutorial to convert to DEX without a complete NOR | NAND dump. DEX Tutorial or the leak tutorial info, both are using OPENSSL to the Encryption Stuff. Right now the problem is that dump Metldr and get the eeid root keys is a little hard process and only with linux but we are working on that... ************* [ - Post Merged - ] ************* Yeah there is progress my friend, dump metldr and the keys will be more easy, right now is WIP... I hope that we release this soon (days, etc)...

Please, take your time with all of this there is no rush. You guys are doing a big favor to the scene here, keep up the good work

[himshie]

i think i will wait this out so i don't have to format my drive

[Medox]

Originally Posted by checko WIP: A method to dump metldr and eEID root keys without linux, more easy with some little steps ...

maybe naehrwert can help you:

Originally Posted by naehrwert isn't installing linux to get your eid root key a bit of an overkill when you could just use netrpc?!

Originally Posted by naehrwert Or you could compile this http://pastie.org/4295312 , sign it with metldr keys and grab the key/iv from shared LS...

Code:

ldr.ld

ENTRY(_start)

SECTIONS
{
	. = 0x25800;
	.text :
	{
		*(.text)
	}
	.data :
	{
		*(.data)
		*(.rodata)
	}
	.bss :
	{
		bss = .;
		*(.bss)
	}
}

Code:

types.h

#ifndef _TYPES_H_
#define _TYPES_H_

typedef char s8;
typedef unsigned char u8;
typedef short s16;
typedef unsigned short u16;
typedef int s32;
typedef unsigned int u32;
typedef long long int s64;
typedef unsigned long long int u64;

#endif

Code:

start.S

.text

/* Loader entry. */
.global _start
_start:
	/* Setup stack pointer. */
	ila sp, 0x3DFA0
	
	/* Well... */
	brsl lr, main

	_hang:
		br _hang

Code:

main.c

#include "types.h"

void *_memcpy(void *dst, void *src, u32 len);

void main()
{
	//Copy eid root key/iv to shared LS.
	_memcpy((u8 *)0x3E000, (u8 *)0x00000, 0x30);
	//Hang (the PPU should copy the key/iv from shared LS now).
	while(1);
}

void *_memcpy(void *dst, void *src, u32 len)
{
	u8 *d = (u8 *)dst;
	u8 *s = (u8 *)src;
	u32 i;
	
	for(i = 0; i < len; i++)
		d[i] = s[i];
	
	return dst;
}

https://twitter.com/naehrwert/status/226682478373531648
https://twitter.com/naehrwert/status/226686257005203456

[checko]

Originally Posted by Medox maybe naehrwert can help you: Code: ldr.ld ENTRY(_start) SECTIONS { . = 0x25800; .text : { *(.text) } .data : { *(.data) *(.rodata) } .bss : { bss = .; *(.bss) } } Code: types.h #ifndef _TYPES_H_ #define _TYPES_H_ typedef char s8; typedef unsigned char u8; typedef short s16; typedef unsigned short u16; typedef int s32; typedef unsigned int u32; typedef long long int s64; typedef unsigned long long int u64; #endif Code: start.S .text /* Loader entry. */ .global _start _start: /* Setup stack pointer. */ ila sp, 0x3DFA0 /* Well... */ brsl lr, main _hang: br _hang Code: main.c #include "types.h" void *_memcpy(void *dst, void *src, u32 len); void main() { //Copy eid root key/iv to shared LS. _memcpy((u8 *)0x3E000, (u8 *)0x00000, 0x30); //Hang (the PPU should copy the key/iv from shared LS now). while(1); } void *_memcpy(void *dst, void *src, u32 len) { u8 *d = (u8 *)dst; u8 *s = (u8 *)src; u32 i; for(i = 0; i < len; i++) d[i] = s[i]; return dst; } https://twitter.com/naehrwert/status/226682478373531648 https://twitter.com/naehrwert/status/226686257005203456

thanks but we have it right now ready, long before naehrwert said this.

[itskamel]

another demonhades production huh? well seeing as to all the past stuff that has gone on i will belive it when i see it. not trying to down anyone but this is just the way it is.