Editing Dumping Bootldr

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
{{Wikify}}
[[Category:Software]]{{Wikify}}


==Requirements==
==Requirements==
Line 5: Line 5:
* OtherOS++ with SS Patches
* OtherOS++ with SS Patches
* Linux Kernel with glevand's/graf's patches (red ribbon rc6 will do the trick, since it has the embedded kernel)
* Linux Kernel with glevand's/graf's patches (red ribbon rc6 will do the trick, since it has the embedded kernel)
* [[https://mega.co.nz/#!QcQ2wZDJ!tu1NuOJpFIrlDV-EEqGM8mgdfNCC9cwqOnGK2012CaQ the exploit]] / [[https://mega.co.nz/#!A0U0mKpS!lxiLg37pruRhVsFttUgsMLGx4mBKj80PDycnaJ8SttQ version ports]]
* https://dl.dropbox.com/u/35197530/bootldrexploit.7z the exploit and the lv1 peek poke from Juan (already corrected in this case)
* NOR console with a NOR dump (the exploit isn't adapted to NAND consoles yet, [[Talk:Hypervisor_Reverse_Engineering#MMIO_.2F_Memorymap|no MMIO available]])
* NOR console with a NOR dump (the exploit isn't adapted to NAND consoles yet)


==How to==
==How to==


<ol>
* Start a normal session from red ribbon (or any other distro you might have)
<li>Start a normal session from red ribbon (or any other distro you might have)</li>
* Extract the contents of bootldrexploit to your home folder
<li>Extract the contents of bootldrexploit to your home folder</li>
* Open your terminal and type as root:
<li>Open your terminal and type as root:</li>
{{keyboard|content=cd bootldrexploit/ps3peekpoke}}
* Compile the lv1 peek poke kernel module:
{{keyboard|content=make}}
* Insert the lv1 peek poke kernel module:
{{keyboard|content=insmod ps3peekpoke.ko}}
{{keyboard|content=cd ../btldr8}}
* Compile the exploit
{{keyboard|content=make}}
* Make a nor dump by typing
{{keyboard|content=dd if=/dev/ps3nflasha of=nor.bin bs=1024}}
* Execute the exploit
{{keyboard|content=./lv0Decrypt 0 nor.bin buffer.bin}}
* It should show the status as status A0082. This means you've succeeded. check your dump for the keys.
{{keyboard|content=hexdump -C dump.bin > test}}
{{keyboard|content=nano test}}


{{keyboard|content=<syntaxhighlight lang="bash">cd bootldrexploit/ps3peekpoke</syntaxhighlight>}}
* copy your dump to a safe place
 
<li>Compile the lv1 peek poke kernel module:</li>
 
{{keyboard|content=<syntaxhighlight lang="bash">make</syntaxhighlight>}}
 
<li>Insert the lv1 peek poke kernel module:</li>
 
{{keyboard|content=<syntaxhighlight lang="bash">insmod ps3peekpoke.ko</syntaxhighlight>}}
 
<li>Change directory to the exploit dir</li>
 
{{keyboard|content=<syntaxhighlight lang="bash">cd ../btldr8</syntaxhighlight>}}
 
<li>Compile the exploit</li>
 
{{keyboard|content=<syntaxhighlight lang="bash">make</syntaxhighlight>}}
 
<li>Make a nor dump by typing</li>
 
{{keyboard|content=<syntaxhighlight lang="bash">dd if=/dev/ps3nflasha of=nor.bin bs=1024</syntaxhighlight>}}
 
<li>Execute the exploit</li>
 
{{keyboard|content=<syntaxhighlight lang="bash">./lv0Decrypt 0 nor.bin buffer.bin</syntaxhighlight>}}
 
<li>It should show the status as status A0082. This means you've succeeded. check your dump for the keys.</li>
 
{{keyboard|content=<syntaxhighlight lang="bash">hexdump -C dump.bin > test</syntaxhighlight>}}
 
{{keyboard|content=<syntaxhighlight lang="bash">nano test</syntaxhighlight>}}
 
</ol>
 
==Notes==
 
* for the latest version of red ribbon, don't forget to also change dir to /usr/src/[your linux headers folder]/ and type make modules_prepare
 
* in the eventual case you get status 89 no matter what you do, replace the function writeResponsePackageChecksum with this one : http://pastie.org/private/fyirapl8w78j462ggxmsyw
 
 
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)