[Abkarino]

@JuanNadie You are the Legend now :D
Congratulation for your great work.
I hope to see you doing some progress in newer models 3K and 4K also
Also i think that your theory about improving the bootloader exploit can be implemented using hardware device like a glitcher device used to hack Xbox360 console.

[zecoxao]

@JuanNadie , i get

Code:

Interrupt: 5

so, supposedly it worked, but when i go check my dump, i only see zeroes

edit: here's the last part of the log:

Code:

Reading header
00016025 - 00D8: 0x000002400008C000 -> 0x3E000 13 01 00 08 00 00 80 1C 00 00 00 00 00 08 00 08 00 00 00 00 16 FF 02 5E FF FF FD C3 00 03 F0 00 (0x20)
Reading data 7 
Exploiting
-0x13-0x01-0x00-0x08-0x00-0x00-0x80-0x1C-0x00-0x00-0x00-0x00-0x00-0x40-0x00-0x40-0x00-0x00-0x00-0x00-0x16-0xFF-0x02-0x5E
Package CHK: FD53
CHK OFFSET 18RESPONSE: 13 01 00 08 00 00 80 1C 00 00 00 00 00 40 00 40 00 00 00 00 16 FF 02 5E 00 00 FD 53 00 03 F0 00 
00016353 - 00D9: 0x000002400008DFF4 <- 0x3E004 00 09 00 09 (0x4)
00016410 - 00DA: 0x000002400008E100 <- 0x3E000 00 00 00 01 (0x4)
Interrupt: 5
STATUS 89
CHECK 1
Unexpected interrupt class 1.[0000000000000008]. MFC PUT INTERRUPT
LSA CMP ADDR 3E000. Dir 1. QIDX: 1 [0x3E00080000001]
Entry 0. EA:000002400008D004. LS:3E014. Size: 003 (003). Command: 20. QW: 0
[0000000402000000][000002400008D000][F804018021000000][000002C400000A00]
Unexpected interrupt class 1.[0000000000000008]
ENDING MAIN LOOP: 
CHECK 2
Unexpected interrupt class 2.[0000000000000011]
STATUS 89
MFCCNTL 10000004000

[zodd44]

@JuanNadie : Firstly, thanks for your wonderful work

I am trying to make it work on my ps3 slim (red ribbon) but i get dump.bin with zereos .
Here is my log:

Code:

...
RESPONSE: 13 01 00 08 00 00 80 1C 00 00 00 00 00 08 00 08 00 00 00 00 16 FF 02 5E FF FF FD C3 
00045822 - 00D2: 0x000002400008CFF2 -> 0x3E002 00 09 (0x2)
00045883 - 00D3: 0x000002400008DFF6 -> 0x3E006 00 08 (0x2)
00045937 - 00D4: 0x000002400008CFF6 -> 0x3E006 00 09 (0x2)
00045997 - 00D5: 0x000002400008CFF2 -> 0x3E002 00 09 (0x2)
00046051 - 00D6: 0x000002400008DFF6 -> 0x3E006 00 08 (0x2)
00046111 - 00D7: 0x000002400008C000 -> 0x3E000 13 01 00 08 00 00 80 1C 00 00 00 00 00 08 00 08 (0x10)
Reading header
00046200 - 00D8: 0x000002400008C000 -> 0x3E000 13 01 00 08 00 00 80 1C 00 00 00 00 00 08 00 08 00 00 00 00 16 FF 02 5E FF FF FD C3 00 03 F0 00 (0x20)
Reading data 7 
Exploiting
-0x13-0x01-0x00-0x08-0x00-0x00-0x80-0x1C-0x00-0x00-0x00-0x00-0x00-0x41-0x00-0x41-0x00-0x00-0x00-0x00-0x16-0xFF-0x02-0x5E
Package CHK: FD51
CHK OFFSET 18RESPONSE: 13 01 00 08 00 00 80 1C 00 00 00 00 00 41 00 41 00 00 00 00 16 FF 02 5E 00 00 FD 51 00 03 F0 00 
00064427 - 00D9: 0x000002400008DFF4 <- 0x3E004 00 09 00 09 (0x4)
00064514 - 00DA: 0x000002400008E100 <- 0x3E000 00 00 00 01 (0x4)
Interrupt: 5
STATUS 89
CHECK 1
Unexpected interrupt class 1.[0000000000000008]. MFC PUT INTERRUPT
LSA CMP ADDR 3E000. Dir 1. QIDX: 1 [0x3E00080000001]
Entry 0. EA:000002400008D004. LS:3E014. Size: 003 (003). Command: 20. QW: 0
[0000000402000000][000002400008D000][F804018021000000][000002C400000A00]
Unexpected interrupt class 1.[0000000000000008]
ENDING MAIN LOOP: 
CHECK 2
Unexpected interrupt class 2.[0000000000000011]
STATUS 89
MFCCNTL 10000004000

I tried to increase the first parameter of function "Correctpacket(0x40...)" but there is only zeroes in dump.bin

update: ok i managed to make it work , just initialise variables "unsigned int value = 0; unsigned int index = 0;" line 982

[zecoxao]

Originally Posted by zodd44 @JuanNadie : Firstly, thanks for your wonderful work I am trying to make it work on my ps3 slim (red ribbon) but i get dump.bin with zereos . Here is my log: Code: ... RESPONSE: 13 01 00 08 00 00 80 1C 00 00 00 00 00 08 00 08 00 00 00 00 16 FF 02 5E FF FF FD C3 00045822 - 00D2: 0x000002400008CFF2 -> 0x3E002 00 09 (0x2) 00045883 - 00D3: 0x000002400008DFF6 -> 0x3E006 00 08 (0x2) 00045937 - 00D4: 0x000002400008CFF6 -> 0x3E006 00 09 (0x2) 00045997 - 00D5: 0x000002400008CFF2 -> 0x3E002 00 09 (0x2) 00046051 - 00D6: 0x000002400008DFF6 -> 0x3E006 00 08 (0x2) 00046111 - 00D7: 0x000002400008C000 -> 0x3E000 13 01 00 08 00 00 80 1C 00 00 00 00 00 08 00 08 (0x10) Reading header 00046200 - 00D8: 0x000002400008C000 -> 0x3E000 13 01 00 08 00 00 80 1C 00 00 00 00 00 08 00 08 00 00 00 00 16 FF 02 5E FF FF FD C3 00 03 F0 00 (0x20) Reading data 7 Exploiting -0x13-0x01-0x00-0x08-0x00-0x00-0x80-0x1C-0x00-0x00-0x00-0x00-0x00-0x41-0x00-0x41-0x00-0x00-0x00-0x00-0x16-0xFF-0x02-0x5E Package CHK: FD51 CHK OFFSET 18RESPONSE: 13 01 00 08 00 00 80 1C 00 00 00 00 00 41 00 41 00 00 00 00 16 FF 02 5E 00 00 FD 51 00 03 F0 00 00064427 - 00D9: 0x000002400008DFF4 <- 0x3E004 00 09 00 09 (0x4) 00064514 - 00DA: 0x000002400008E100 <- 0x3E000 00 00 00 01 (0x4) Interrupt: 5 STATUS 89 CHECK 1 Unexpected interrupt class 1.[0000000000000008]. MFC PUT INTERRUPT LSA CMP ADDR 3E000. Dir 1. QIDX: 1 [0x3E00080000001] Entry 0. EA:000002400008D004. LS:3E014. Size: 003 (003). Command: 20. QW: 0 [0000000402000000][000002400008D000][F804018021000000][000002C400000A00] Unexpected interrupt class 1.[0000000000000008] ENDING MAIN LOOP: CHECK 2 Unexpected interrupt class 2.[0000000000000011] STATUS 89 MFCCNTL 10000004000 I tried to increase the first parameter of function "Correctpacket(0x40...)" but there is only zeroes in dump.bin update: ok i managed to make it work , just initialise variables "unsigned int value = 0; unsigned int index = 0;" line 982

thanks bro :D

[sbmotoracer]

I just wanted to say thank you to all the devs who brought us the bootloader JuanNadie and all the other devs

I also wanted to say Thank you to all the devs who got us here (JuanNadie,KDSBest,naehrwert,cfwprophet,etc). :-)

[proletarian]

After lurking for over two years, I registered just so i can say thank you especially to JuanNadie, but also all the other devs who have knowledge I lack. There are many more important things in life than ps3 development. However your efforts genuinely make my life more enjoyable. The least I can do is register and give thanks.

[afiser13]

can´t seem to compile the kernel module, it errors out like this

Code:

/home/afiser/Downloads/bootldrexploit/ps3peekpoke2/lv1peekpoke.c:101: error: implicit declaration of function ‘lv1_undocumented_function_114’
/home/afiser/Downloads/bootldrexploit/ps3peekpoke2/lv1peekpoke.c:123: error: implicit declaration of function ‘lv1_undocumented_function_115’

am I missing a header file or something?

EDIT: got it to work.

Red Ribbon RC5 didn't have the kernel headers installed. Used RC6 instead and the kernel module compiled fine. I also had to change the CorrectPacket(0x40, 0, 0) to CorrectPacket(0x50, 0, 0) and I had to initialize the variables @zodd44 suggested a few posts above this one.

[zecoxao]

Originally Posted by afiser13 can´t seem to compile the kernel module, it errors out like this Code: /home/afiser/Downloads/bootldrexploit/ps3peekpoke2/lv1peekpoke.c:101: error: implicit declaration of function ‘lv1_undocumented_function_114’ /home/afiser/Downloads/bootldrexploit/ps3peekpoke2/lv1peekpoke.c:123: error: implicit declaration of function ‘lv1_undocumented_function_115’ am I missing a header file or something?

it looks like you're not using an otheros++-like pup with the necessary lv1 peek-poke functions. i may be wrong by stating this though

[afiser13]

Originally Posted by zecoxao it looks like you're not using an otheros++-like pup with the necessary lv1 peek-poke functions. i may be wrong by stating this though

I'm using OtherOS++ with SS Patches on red ribbon rc5. I'm not seeing those two functions being declared in any of the source code or includes which is why it is giving me that error I believe. Could you upload your kernel binary? Which Linux kernel version are you using?

[zecoxao]

Originally Posted by afiser13 I'm using OtherOS++ with SS Patches on red ribbon rc5. I'm not seeing those two functions being declared in any of the source code or includes which is why it is giving me that error I believe. Could you upload your kernel binary? Which Linux kernel version are you using?

i used the one packed on red ribbon rc6. heh, you may be right. it's probably the kernel.