How to dump the bootldr - Page 6 - PS3Hax Network

Bereuza · 10-26-2012

Shouldn't leave mate... a brain like yours will always be looking for the next puzzle. Why not focus on 3k/4k models? It's people like you that pushes the scene forward. Thank you very much killing the snake and showing the stick hehe. Cheers!

capostef · 10-26-2012

Originally Posted by zecoxao

@JuanNadie , since noone asks, i will. Which kernel was used to load the ps3peekpoke2 module?

edit: never mind i just dumped it.

where is the dump?

garrettcorn · 10-26-2012

@JuanNadie respect! Best of luck, are you going to be working on any other device in the future?

andreus · 10-26-2012

i usually don't comment a lot, but this i have to comment!

@JuanNadie , you really made it! What a genius you are!

I hope you don't leave the scene, but if you leave i'm glad for you also and hope all users are too!

I only have one thing to say you:
Thanks for your endless hours you certanily spent trying to reach this point! You deserve a good place in this world not for what you've done for the ps3 scene, but for i suspect you are as a person...

If you leave or not, it's you're choice, and i hope all people respect it as i will.
Hope you all have all the luck and success!!v You deserve it!

zecoxao · 10-26-2012

Originally Posted by capostef

where is the dump?

it's on twitter xD it only has the alphabet, not the keys. my specific console didn't have the luck to get them xD

capostef · 10-26-2012

Originally Posted by zecoxao

it's on twitter xD it only has the alphabet, not the keys. my specific console didn't have the luck to get them xD

upps didnt see it, good work and the next step??? keep on working..

r07f1 · 10-26-2012

Originally Posted by zecoxao

it's on twitter xD it only has the alphabet, not the keys. my specific console didn't have the luck to get them xD

neither did mine mate... guess it must be addapted 355DEX CECH2004A btw

redcfw · 10-27-2012

Thanks JuanNadie, do so many good works .

as I know, many peoples working hard for the scene, some release it, some not.

FF13 CFW fix -- 100% exploited trueblue LV2, with VM step tracing bldr1&2
act.dat&rif algo -- someone has got it few years ago --from PSP

here is some step debugging code

loc_19C: # CODE XREF: scePspNpDrmInitFromGameIdMs4+94j
jal sceNpDrmVerifyAct
move $a0, $a1
bltz $v0, loc_288
move $a1, $v0
jal sceNpDrmVerifyRif
move $a0, $s0
bltz $v0, loc_288
move $a1, $v0
lui $a2, (KeyMac_2310 >> 16)
addiu $a1, $sp, 0x40+var_30
addiu $a0, $s0, 0x40
la $a2, KeyMac_2310
jal DecryptDataWithHashMac

# End of function RotR4Byte
# Segment type: Pure data
.data # .rodata
KeyHash_22D8: .word 0x9D9E3D07, 0x2F3BFDA8, 0x2E931863, 0x64A657F8 # 0
# DATA XREF: scePspNpDrmInitFromGameIdMs4+15Co
HashVrAct_22E8: .word 0xAB02762, 0xB06F8502, 0x67870841, 0x18A0E019 # 0
# DATA XREF: sceNpDrmVerifyAct+8o
# sceNpDrmVerifyAct+14o ...
.word 0xB9EE9132, 0xBF6A736E, 0xE90EF781, 0xDE0D1B16 # 4
.word 0x1A7626B0, 0x5BC87BFF # 8
KeyMac_2310: .word 0x5E4B7DDA, 0x534F9A49, 0x4AA1C1B1, 0x3B448474 # 0
# DATA XREF: scePspNpDrmInitFromGameIdMs4+C4o
# scePspNpDrmInitFromGameIdMs4+D4o
KeyVdoHash_2320:.word 0xCD5B20E8, 0x30355711, 0x16ED8DBE, 0xF66A9382 # 0
# DATA XREF: sceNpDrmVideoKey_driver_77743584+DCo
# sceNpDrmVideoKey_driver_77743584+E0o
aFlash2Act_dat: .ascii "flash2:/act.dat"<0>
# DATA XREF: sceNpDrmVideoKey_driver_77743584+48o
byte_2340: .byte 0x5E # DATA XREF: DecryptWithPsID+8o
# DecryptWithPsID+40r

JuanNadie · 10-27-2012

@zecoxao : What you posted it the content of the buffers used by the program. I though I have changed that so the second argument was the dump. THE ACTUAL DUMP IS at dump.bin.

If the algo worked if should say "interrupt:".

If for your bootloader version didn't work try changing line 799:
correctPacket(0x40, 0, 0);

increase the 0x40 to something bigger

I edited the first message to the reflect it.

@marcan 42, perdona el malentendido. Vosotros fuisteis los que abristeis el camino. De hecho me alegra saber que lo que pensamos para el bug es similar a lo que pensasteis vosotros. Una pena lo de la demanda

Thanks to all of you... I really didn't expect this response. I don't think that I deserve it. Thanks to all the devs that decided to publish their info on ps3devwiki. That's the real exploit of the scene... so much info that I doubt no one comprehend it fully. I haven't posted the names of the other people that worked in this cause I don't know if they want to be credited (if you want tell me and it will be added). The bug wouldn't had been found with out their work. They (and other members of their group) are what really keep moving the scene.

Toufik · 10-27-2012

And what can we do with the bootldr ?

		PS3Hax Network - Playstation 3 Hacks and Mods > PS3Hax > PS3 \| Technical Development and Coding Area
How to dump the bootldr

10-26-2012	#51
Bereuza Member Join Date: Jan 2012 Posts: 93 Likes: 91 Liked 19 Times in 16 Posts Mentioned: 2 Post(s) Tagged: 0 Thread(s)	Shouldn't leave mate... a brain like yours will always be looking for the next puzzle. Why not focus on 3k/4k models? It's people like you that pushes the scene forward. Thank you very much killing the snake and showing the stick hehe. Cheers!

10-26-2012	#53
garrettcorn Member Join Date: Feb 2011 Location: America Posts: 143 Likes: 67 Liked 28 Times in 21 Posts Mentioned: 6 Post(s) Tagged: 0 Thread(s)	@JuanNadie respect! Best of luck, are you going to be working on any other device in the future?

10-26-2012	#54
andreus Apprentice Join Date: Aug 2011 Posts: 4 Likes: 2 Liked 5 Times in 3 Posts Mentioned: 4 Post(s) Tagged: 0 Thread(s)	i usually don't comment a lot, but this i have to comment! @JuanNadie , you really made it! What a genius you are! I hope you don't leave the scene, but if you leave i'm glad for you also and hope all users are too! I only have one thing to say you: Thanks for your endless hours you certanily spent trying to reach this point! You deserve a good place in this world not for what you've done for the ps3 scene, but for i suspect you are as a person... If you leave or not, it's you're choice, and i hope all people respect it as i will. Hope you all have all the luck and success!!v You deserve it!

10-27-2012	#59
JuanNadie Homebrew Developer Join Date: Oct 2011 Posts: 20 Likes: 11 Liked 369 Times in 19 Posts Mentioned: 68 Post(s) Tagged: 0 Thread(s)	@zecoxao : What you posted it the content of the buffers used by the program. I though I have changed that so the second argument was the dump. THE ACTUAL DUMP IS at dump.bin. If the algo worked if should say "interrupt:". If for your bootloader version didn't work try changing line 799: correctPacket(0x40, 0, 0); increase the 0x40 to something bigger I edited the first message to the reflect it. @marcan 42, perdona el malentendido. Vosotros fuisteis los que abristeis el camino. De hecho me alegra saber que lo que pensamos para el bug es similar a lo que pensasteis vosotros. Una pena lo de la demanda Thanks to all of you... I really didn't expect this response. I don't think that I deserve it. Thanks to all the devs that decided to publish their info on ps3devwiki. That's the real exploit of the scene... so much info that I doubt no one comprehend it fully. I haven't posted the names of the other people that worked in this cause I don't know if they want to be credited (if you want tell me and it will be added). The bug wouldn't had been found with out their work. They (and other members of their group) are what really keep moving the scene.

10-27-2012	#60
Toufik Apprentice Join Date: Jan 2012 Posts: 18 Likes: 6 Liked 3 Times in 2 Posts Mentioned: 0 Post(s) Tagged: 0 Thread(s)	And what can we do with the bootldr ?

User Name		Remember Me?
Password