[H3avyRa1n]

dump bootldr how to exploit

Must have a dex 3.55 real or made dex 3.55 ps3 also duel nand/nor installed chip base. In a 3.55 dex console, prepare a lv0.self with the metadata exploit. reboot. lv0 will hang since lv0.self will not run properly. bootldr will send info to lv0 before it hangs, after it decrypts it, running dex with certain switches set up like boot in dev mode Will allow this hang dump of bootldr to be saved to the local store. But, essentially you will have a bricked ps3 so recovery of the local store wont happen. This is where the duel nand/nor comes in handy and allows you to recover from this and replace your messed up lv0.self with the original to boot up and recover the local store dump and the decrypted bootldr. This will allow the keys to bootldr these keys cannot be changed with any update. We can then exploit lv0. The exploit of bootldr/lv0 will allow the ability to change the way private keys are made or give us the ability to reset up the private key fail and resign packages with any new firmwares.

this although is just a "well tested Theory" of course

SOURCE

[DEFAULTDNB]

Very interesting! Thanks for the info @H3avyRa1n

[budzio]

any volunteer to try that method?

[tjhooker73]

I Am stunned at how easy this is, This means we can make an exploit for bootldr and make a CFW For any Firmware :O This is pretty similar to the ?Metlr? Exploit that ?PSGrade (3.21 dongle)? ?Used?

[H3avyRa1n]

Originally Posted by budzio any volunteer to try that method?

I would but I don't have a flasher in case this "well tested theory" goes, well, not as expected.

[cfwprpht]

Uhm.....you want to use a lv0 with a exploit in it without the abbility to resign this lv0 ??

And all this just to dump the lv0 static keys which you will need before to replace on your console ??

Uhm....sry but you can't replace your lv0 with a hacked/exploit able one unless you have the static keys to do so but the problem here is you do that to get the static keys.

Or have i missunderstood something here ?

[baargle]

I notice the words "well tested Theory", that means this works guaranteed - That or the person who wrote it can't speak english properly, let's just hope @hellsing9 didn't write it and it could actually be more than a collection of words.

Well tested theory......

Doesn't really make sense, a well "tested theory" is a working solution and no longer just a theory.

[tjhooker73]

Originally Posted by cfwprpht Uhm.....you want to use a lv0 with a exploit in it without the abbility to resign this lv0 ?? And all this just to dump the lv0 static keys which you will need before to replace on your console ?? Uhm....sry but you can't replace your lv0 with a hacked/exploit able one unless you have the static keys to do so but the problem here is you do that to get the static keys. Or have i missunderstood something here ?

lv0.self with the metadata exploit

I haven't heard of this one, But I assume You just need to change the metadata.
************* [ - Post Merged - ] *************
More Input on this would be Appreciated...

[ryant001]

Originally Posted by tjhooker73 I Am stunned at how easy this is, This means we can make an exploit for bootldr and make a CFW For any Firmware :O This is pretty similar to the ?Metlr? Exploit that ?PSGrade (3.21 dongle)? ?Used?

Math did say that the bootldr suffered from fails similar to the metldr and we know that some devs already have a working exploit and managed to get the keys so i wouldn't completely dismiss this "well tested theory" as fake for now.
Maybe some good guy finally decided to share the exploit with us?

[itskamel]

Random Pastie saves the scene.