[calo]

Originally Posted by hellsing9 Frontpaged

off subject but ur sig is funny.

4.11 NO CFW = Fake

which would mean there is 4.11 cfw

[hellsing9]

Originally Posted by calo off subject but ur sig is funny. 4.11 NO CFW = Fake which would mean there is 4.11 cfw

It's a booby trap If someone clicks the sig that don't know will *learn* something about 4.11 CFW, no MAGIC 4.11 cfw for the moment. It's a list of fakes among other data to spot a faker.

[tul]

prolly this is the error we are facing off!?
[3] Make sure you got your metldr in ‘./data’ as ‘metldr’.

where can we get this without linux?

[cory1492]

OK, I had to repackage it a couple different ways but once I got it to install it worked great. The ps3 is a slim running 3.41 hermes cfw, when the app starts the PS3 black screened, I then ran the client after editing in my PS3's IP (edit: and copying a metldr extracted from my NOR dump over to the folder as instructed), compiled under cygwin using the supplied .sh script which is really just a gcc command (I added the ULL to those two vars to fix any problems that 'int is not a long' causes under windows) and got:

Code:

C:\cygwin\home\Cory\PS3test\dump_rootkey>dump_rootkey.exe
[INFO] Connecting to '192.168.2.110'...ok.
[INFO] Ping...ok.
[INFO] VAS ID = 0x000000000000000B
[INFO] map_lpar_memory_region(data): res = 0
[INFO] Copying files out...done.
[INFO] Constructing SPE...done. (res = 0)
[INFO] priv2   0x00004C00013E0000
[INFO] problem 0x00004C00013C0000
[INFO] LS      0x00004C0001380000
[INFO] shadow  0x0000300000028000
[INFO] ID      0x0000000000000002
[INFO] Setting up SPE...done.
[INFO] map_lpar_memory_region(shadow) : res = 0
[INFO] map_lpar_memory_region(problem) : res = 0
[INFO] map_lpar_memory_region(priv2) : res = 0
[INFO] map_lpar_memory_region(ls) : res = 0
[INFO] set_spe_privilege_state_area_1_register : res = 0
[INFO] Starting SPE in isolation mode...done.
[INFO] Interrupt status (2, application) = 0x0000000000000010
[INFO] -> SPU mailbox threshold interrupt
[INFO] Interrupt status (2, application) = 0x0000000000000011
[INFO] -> SPU mailbox threshold interrupt
[INFO] -> mailbox interrupt
[INFO] Mailbox value = 1
[INFO] -> Dumper loaded.
[INFO] Transferring eid_root_key to buffer...finished.
[INFO] Dumping eid_root_key...done.
[INFO] SPU status = 0x00000081
[INFO] Requesting SPE isolation exit and stop.
[INFO] Destructing SPE...done.
[INFO] Press any key to exit...

I reflashed from 4.11 dex back to hermes to test this easy way to get the RPC server going that doesn't involve installing asbestos and not only does the RPC server work a treat, I can also confirm this release dumped the same EID root key that I had obtained previously via a metldr dump.

I'm a happy camper now, with a RPC server I can just run like an app. Sure beats going back to those old graf dongle payloads thanks naehrwert or marcan, whoever made that pkg!

tul: follow the info deank posted to use multiman to take a dump of your console flash, and use one of the existing tools to extract the crypted metdlr - that is all you need to do to get metldr for this.

btw, this is the fix for line 243:

Code:

	spu_slb_set_entry(&ctxt, priv2_addr, 0, 0x8000000018000000ULL, 0x0000800000001400ULL);

it was missing ULL and many (well mostly just windows/32bit ones really) compilers will treat it as a 32bit value instead of a 64bit value when you forget that.

[tul]

hi thnx for the reply, and i did already extracted metldr and puted it in data folder, still no luck in the process, it just show connecting 192.168..... ok and hangs in there.
im using kmeaw and ubuntu in vmware, still dump win32app gave same result.

[veesowavy]

a video would be much better for us noob

[jrtux]

My little contribution...

Using dump_rootkey on Ubuntu 12.04

1- Extracting :
sudo apt-get install p7zip
p7zip -d dump_rootkey.7z

2- Edit PS3HOST in main.cpp with the IP of your ps3 :
cd dump_rootkey/
gedit main.cpp
edit :
#define PS3HOST "169.254.0.2" <- your PS3 ip
save

3- Compile :
sudo apt-get --reinstall install build-essential
chmod +x build.sh
sudo ./build.sh

4- Extract the metldr from your flash dump and copy your metldr in 'data' dir as 'metldr' :
(Get your flash dump with mmOs or memdump_0.01-FINAL and extract METLDR with CEX2DEX Application)

5- Run :
./dump_rootkey

enjoy

[TRoN_1]

Hey, the Scene Status up on top finally changed....

[cory1492]

tul: my guess is you are simply not able to see your PS3 from your PC. Check for routing issues or similar things like firewall blocking the app, it's not on the same port as FTP for example.

I'm off, good luck anyone trying this... all I can really say is it's easy and it works to grab the key.

[KitsunePaws]

To get this to compile is VS 2010 alter the header of main.cpp

Code:

#define _ERROR(...) printf("[ERROR] " __VA_ARGS__)
#define _INFO(...) printf("[INFO] " __VA_ARGS__)
#pragma comment(lib, "ws2_32.lib")

I'm having connection issues though



Watching the traffic in network monitor I can see that if the console is sitting at XMB and I start the app, there are two ARPs and then a UDP packet sent from my pc, no reply as expected.

If I fire up the RPC and then start the app on the pc I see the two ARPs but never an outgoing UDP packet because the ARP comes back empty handed. I'm going to try another router, it seems that once the RPC is active I start to get IPv6 DHCP requests on the network (router does not support that)

Update: Attempted with another router running open-wrt, same story.