Dumping Bootldr: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
mNo edit summary
(Attempt to create a good tutorial in how to make a bootldr dump)
Line 1: Line 1:
[[Category:Software]]{{Wikify}}
[[Category:Software]]{{Wikify}}
==Requirements==
* OtherOS++ with SS Patches
* Linux Kernel with glevand's/graf's patches (red ribbon rc6 will do the trick, since it has the embedded kernel)
* https://dl.dropbox.com/u/35197530/bootldrexploit.7z the exploit and the lv1 peek poke from Juan (already corrected in this case)
* NOR console with a NOR dump (the exploit isn't adapted to NAND consoles yet)
==How to==
* Start a normal session from red ribbon (or any other distro you might have)
* Extract the contents of bootldrexploit to your home folder
* Open your terminal and type as root:
{{keyboard|content=cd bootldrexploit/ps3peekpoke}}
* Compile the lv1 peek poke kernel module:
{{keyboard|content=make}}
* Insert the lv1 peek poke kernel module:
{{keyboard|content=insmod ps3peekpoke.ko}}
{{keyboard|content=cd ../btldr8}}
* Compile the exploit
{{keyboard|content=make}}
* Make a nor dump by typing
{{keyboard|content=dd if=/dev/ps3nflasha of=nor.bin bs=1024}}
* Execute the exploit
{{keyboard|content=./lv0Decrypt 0 nor.bin buffer.bin}}
* It should show the status as status A0082. This means you've succeeded. check your dump for the keys.
{{keyboard|content=hexdump -C dump.bin > test}}
{{keyboard|content=nano test}}
* copy your dump to a safe place

Revision as of 15:31, 8 November 2012

Requirements

  • OtherOS++ with SS Patches
  • Linux Kernel with glevand's/graf's patches (red ribbon rc6 will do the trick, since it has the embedded kernel)
  • https://dl.dropbox.com/u/35197530/bootldrexploit.7z the exploit and the lv1 peek poke from Juan (already corrected in this case)
  • NOR console with a NOR dump (the exploit isn't adapted to NAND consoles yet)

How to

  • Start a normal session from red ribbon (or any other distro you might have)
  • Extract the contents of bootldrexploit to your home folder
  • Open your terminal and type as root:
Type This
cd bootldrexploit/ps3peekpoke
  • Compile the lv1 peek poke kernel module:
Type This
make
  • Insert the lv1 peek poke kernel module:
Type This
insmod ps3peekpoke.ko
Type This
cd ../btldr8
  • Compile the exploit
Type This
make
  • Make a nor dump by typing
Type This
dd if=/dev/ps3nflasha of=nor.bin bs=1024
  • Execute the exploit
Type This
./lv0Decrypt 0 nor.bin buffer.bin
  • It should show the status as status A0082. This means you've succeeded. check your dump for the keys.
Type This
hexdump -C dump.bin > test
Type This
nano test
  • copy your dump to a safe place