Editing Talk:Dumping Metldr
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
The exact steps should work on a CECH250.A shouldn't they? I first did the steps manually, then ran the script but both resulted in seemingly encrypted garbage (no strings found and nor were erk or the riv saved on 0x00-0x20), I'm using the 3.55checkoff.pup from the "Downgrading with NOR flasher" talk page which seemed to have the SS patches because that is how I retrieved my eid0. --[[User:Afiser|Afiser]] 01:46, 2 January 2012 (CST) | The exact steps should work on a CECH250.A shouldn't they? I first did the steps manually, then ran the script but both resulted in seemingly encrypted garbage (no strings found and nor were erk or the riv saved on 0x00-0x20), I'm using the 3.55checkoff.pup from the "Downgrading with NOR flasher" talk page which seemed to have the SS patches because that is how I retrieved my eid0. --[[User:Afiser|Afiser]] 01:46, 2 January 2012 (CST) | ||
<br /><br /> | <br /><br /> | ||
Metldr dump can be achieved without using Otheros++: | Metldr dump can be achieved without using Otheros++: | ||
* Install Red Ribbon (even on external HD). | * Install Red Ribbon (even on external HD). | ||
* Enable SS patches. | * Enable SS patches. | ||
* Follow the rest of steps. | * Follow the rest of steps. | ||
--[[User:granberro|granberro]] 00:00 17 January 2012 (GMT) | --[[User:granberro|granberro]] 00:00 17 January 2012 (GMT) | ||
-------------------------------------- | You need: | ||
1 CFW 3.55 Otheros Special ++ [http://www.megaupload.com/?d=Y6BF6NBD] | |||
2 A Linux like Red Ribb0n. [http://sourceforge.net/projects/redribbon/files/red_ribbon_rc5.rar/download] | |||
3 Graf Chokolo´s latest kernel. | |||
--DUMP-- | |||
3.1 You can use this app in GAMEOS. | |||
Then dump your flash and save in a usb device. | |||
3.2 Unpack the dump, you´ll need ps3tools (NORUNPACK and PUPUNPACK)[http://gotbrew.org/ps3tools.tar.gz] | |||
When you have compiled only have to run and use (this omitted and assumes that you already have configured the keys): | |||
NORUNPACK TU_DUMP.BIN FOLDER-WHERE-UNPACK | |||
You´ll need a unpacked copy of OFW to extract other files you can use this fw (3.55) | |||
[http://www.multiupload.com/EF6WZ6PU4K] | |||
like this: | |||
PUPUNPACK PS3UPDATE.PUP FOLDER | |||
3.3 Now you´ve unpack your flash´dump & FW. These are the files you must depart. | |||
NAND/NOR FLASH: | |||
METLDR inside of Asecure Loader. | |||
eEID (Need to use the eid splitter to separate the eEID in 0,1,2,3,4,5) and we need the EID0 so also I explain how to do: | |||
First, when you have your eEID it´s time to download "eid splitter"tool from RMS [http://www.megaupload.com/?d=OJ4C4CE1] (You´ll need GCC version "gcc eEID-SPLIT.c") | |||
when downloaded and compiled, now you can use to your eEID. | |||
"eEID-SPLIT Your_eEID" | |||
At finish you´ve "0,1,2,3,4,5", six files i.e. six files have to rename them respectively EID0,EID1,EID2,EID3,EID4,EID5 and READY!. | |||
I recommend: you must save all your EID in a safe. It´s your insurance as brick. | |||
---------------------------- | |||
Now you need: | |||
isoldr | |||
RL_FOR_PROGRAM.img | |||
default.spp | |||
And of course We need tools that allow us to make the dump. | |||
spp_verifier.self > [http://gotbrew.org/git/spp_verifier_direct.tar.gz] | |||
appldr-metldrexploit350.self > [http://gotbrew.org/metldr838exploit.tar.gz] | |||
Well, now in the directory where you unpacked metldr838exploit.tar.gz you have to use these commands: | |||
insmod ./metldrpwn.ko ''(Install Mathieulh´s Exploit Module)'' | |||
cat metldr > /proc/metldrpwn/metldr | |||
cat appldr-metldrexploit350.self > /proc/metldrpwn/mathldr | |||
cat RL_FOR_PROGRAM.img > /proc/metldrpwn/rvkprg | |||
cat eid0 > /proc/metldrpwn/eid0 | |||
echo 1 > /proc/metldrpwn/run | |||
cat /proc/metldrpwn/debug | |||
Congratulations! Now you have a unique dump of your system METLDR. | |||
cp /proc/metldrpwn/dump /home/user/"DUMP´s NAME" | |||
Now yo can find yoy famoys private keys in the first 3 offsets. |