HOw to dump the lv0 - PS3Hax Network

PsDev · 12-02-2011

First i will be explaining this in a way anyone with basic PS3 knowledge will be able to understand, lets get started.(hehe)

Click here to see full text

the bootldr holds the lv0 yes, the lv0 encapsulate the other ldrs (lv1, lv2, appldr, rvkldr, isoldr, ect.); sense 3.56^. But usually the chain of trust would go like metldr>other ldrs, and the metldr would run the loaders. But after 3.55 the lv0 has been copy the ldrs to the Ram then they are given to the metldr to exucute with out ever being held by the metldr. Now if you use a kernal module you can map out the ps3 real memory Using hardware you can dump Ram. By dumping the ram your getting a decrypted version of lv0 with all the ldrs in it. And you got keys.

Concept in boot order.

Cell INIT-> get encrypted bootldr off NAND/NOR flash, then the Ram will Initialises. This is when it will load the bootldr into a isolated spu, secure boot will decrypt the bootldr and verifies and executes. Now this is where the magic happens. Now the bootldr will decrypt the lv0 and it will get copy to the Ram (With loaders) before the Ram will run the loaders to the metldr

The metldr will always have to boot the ldrs too cause it is per console encrypted sony cant go change that out of no where.

Follow me on twitter at RealPsDev

autechre · 12-02-2011

What the hell ? Is this for real ? Its decrypted to the ram ? Need confirmation as this is holy **** ..... If this is for real ... then you deserve a prize.

PsDev · 12-02-2011

Originally Posted by autechre

What the hell ? Is this for real ? Its decrypted to the ram ? Need confirmation as this is holy **** ..... If this is for real ... then you deserve a prize.

well yeah all the ldrs are copy to the ram then gave to the metldr.

autechre · 12-02-2011

then how to dump the ram, through /dev/fmem or other linux software ?

PsDev · 12-02-2011

Originally Posted by autechre

then how to dump the ram, through /dev/fmem or other linux software ?

Hardware. You will need skills

autechre · 12-02-2011

Originally Posted by PsDev

Hardware. You will need skills

Ah both of which I regrettably lack. But this is very interesting indeed. Excellent work my friend.

yozh · 12-02-2011

well thats the tricky part, the hardware must be sniffin the RAM when th PS is off then when you turn the ps3 on itll dump the data stored on RAM, i guess that process take a few seconds or less.

a lot of skills are needed,

Pockets69 · 12-02-2011

ok i will have to apologize for saying its bull... since i have spoken to him i have more of a clear idea of his attempts... and he is no random guy popping out and saying hey look at me... now with that being said... i don't know if that concept is perfect... i mean the ldrs in the ram part and the kernel module to map the ram... what kernel module are you talking about?
if you can elaborate on that??

PsDev · 12-02-2011

Originally Posted by Pockets69

ok i will have to apologize for saying its bull... since i have spoken to him i have more of a clear idea of his attempts... and he is no random guy popping out and saying hey look at me... now with that being said... i don't know if that concept is perfect... i mean the ldrs in the ram part and the kernel module to map the ram... what kernel module are you talking about?
if you can elaborate on that??

KaKaRoToKS made one a while back when the ram had the lv1 and lv0 in it. used from same purpose as what I am talking about but know using it (Would need to be changed) would help a little more but still need hardware to dump ram after the real memory is mapped out though. I know there is a much easier way of dumping the lv0 (still hard) But i dont know it
************* [ - Post Merged - ] *************

Originally Posted by Pockets69

ok i will have to apologize for saying its bull... since i have spoken to him i have more of a clear idea of his attempts... and he is no random guy popping out and saying hey look at me... now with that being said... i don't know if that concept is perfect... i mean the ldrs in the ram part and the kernel module to map the ram... what kernel module are you talking about?
if you can elaborate on that??

you should move this to news

TizzyT · 12-02-2011

No this shouldn't be moved to news as this is still un-verified. I see that you are trying and open about the method and how its "supposed" to work but I will continue to call bull (no offense just a figure of speech) as using hardware to dump ram from the console is crazy since the XMC controls the clock and I'd figure you would need to somehow sync with that to get a proper dump if one at all. I only did some searching but your method either seems very difficult or almost impossible. Can you go into more detail??? I mean I really would like you to in a sense school me right now lol.

12-02-2011	#1
PsDev Homebrew Developer Join Date: Dec 2011 Posts: 158 Likes: 38 Liked 376 Times in 75 Posts Mentioned: 117 Post(s) Tagged: 0 Thread(s)	How to dump the lv0 First i will be explaining this in a way anyone with basic PS3 knowledge will be able to understand, lets get started.(hehe) Click here to see full text the bootldr holds the lv0 yes, the lv0 encapsulate the other ldrs (lv1, lv2, appldr, rvkldr, isoldr, ect.); sense 3.56^. But usually the chain of trust would go like metldr>other ldrs, and the metldr would run the loaders. But after 3.55 the lv0 has been copy the ldrs to the Ram then they are given to the metldr to exucute with out ever being held by the metldr. Now if you use a kernal module you can map out the ps3 real memory Using hardware you can dump Ram. By dumping the ram your getting a decrypted version of lv0 with all the ldrs in it. And you got keys. Concept in boot order. Cell INIT-> get encrypted bootldr off NAND/NOR flash, then the Ram will Initialises. This is when it will load the bootldr into a isolated spu, secure boot will decrypt the bootldr and verifies and executes. Now this is where the magic happens. Now the bootldr will decrypt the lv0 and it will get copy to the Ram (With loaders) before the Ram will run the loaders to the metldr The metldr will always have to boot the ldrs too cause it is per console encrypted sony cant go change that out of no where. Follow me on twitter at RealPsDev Last edited by PsDev; 01-23-2012 at 02:05 PM. Reason: Title "Capital O" Error.

12-02-2011	#8
Pockets69 Senior Member Join Date: Jan 2008 Location: Lisbon, Portugal Posts: 6,681 Likes: 2,087 Liked 2,449 Times in 1,389 Posts Mentioned: 138 Post(s) Tagged: 0 Thread(s)	ok i will have to apologize for saying its bull... since i have spoken to him i have more of a clear idea of his attempts... and he is no random guy popping out and saying hey look at me... now with that being said... i don't know if that concept is perfect... i mean the ldrs in the ram part and the kernel module to map the ram... what kernel module are you talking about? if you can elaborate on that?? __________________ <eussNL> judge: ´so why did you torrent 5 million AVI of women moaning´ <eussNL> <TizzyT> i dont judge if it sounds good i listen

12-02-2011	#10
TizzyT Homebrew Developer Join Date: Jul 2011 Location: USA-Unfortunately Sucks A$$ Posts: 1,839 Likes: 1,008 Liked 811 Times in 477 Posts Mentioned: 160 Post(s) Tagged: 0 Thread(s)	No this shouldn't be moved to news as this is still un-verified. I see that you are trying and open about the method and how its "supposed" to work but I will continue to call bull (no offense just a figure of speech) as using hardware to dump ram from the console is crazy since the XMC controls the clock and I'd figure you would need to somehow sync with that to get a proper dump if one at all. I only did some searching but your method either seems very difficult or almost impossible. Can you go into more detail??? I mean I really would like you to in a sense school me right now lol. __________________ If you are going to promote TB at least do it right!!!, or better yet DON'T!!!

		PS3Hax Network - Playstation 3 Hacks and Mods > PS3 Support and Tutorials > PS3 \| Tutorials > PS3 Jailbreak and CFW Tutorials
HOw to dump the lv0

12-02-2011	#2
autechre Member Join Date: Sep 2010 Posts: 32 Likes: 11 Liked 5 Times in 5 Posts Mentioned: 0 Post(s) Tagged: 0 Thread(s)	What the hell ? Is this for real ? Its decrypted to the ram ? Need confirmation as this is holy **** ..... If this is for real ... then you deserve a prize.

12-02-2011	#7
yozh Member Join Date: Jun 2008 Posts: 75 Likes: 5 Liked 15 Times in 9 Posts Mentioned: 2 Post(s) Tagged: 0 Thread(s)	well thats the tricky part, the hardware must be sniffin the RAM when th PS is off then when you turn the ps3 on itll dump the data stored on RAM, i guess that process take a few seconds or less. a lot of skills are needed,

User Name		Remember Me?
Password