Dumping Metldr: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
m (Text replacement - "http://web.archive.org/web→‎/http://ps3devwiki.com/files" to "https://web.archive.org/web/: http://ps3devwiki.com/files")
 
(40 intermediate revisions by 14 users not shown)
Line 1: Line 1:
==Howto use==
{{Wikify}}
ohai ill tell you guys howto use mathldr<br/>
 
(i like to call it that, its kinda catchy)<br/>
files main: https://web.archive.org/web/*/http://ps3devwiki.com/files/devtools/dump-metldr/
 
== source/basis ==
[http://www.phrack.org/issues.html?issue=66&id=13&mode=txt archives/66/p66_0x0d_Power cell buffer overflow_by_BSDaemon.txt] [http://www.kernelhacking.com/rodrigo/docs/Cell-phrack.txt]
 
== How to use ==
 
ohai I'll tell you guys how to use mathldr<br/>
(I like to call it that, it's kinda catchy)<br/>
this is pretty safe (if you know what you are doing, and do it right)<br/>
this is pretty safe (if you know what you are doing, and do it right)<br/>
just dont go crazy with it, its possible mess your eid up if you attempt to rehash it and flash or attempt in any way to replace your eid<br/>
just don't go crazy with it, it's possible mess your eid up if you attempt to rehash it and flash or attempt in any way to replace your eid<br/>
if you plan on rehashing your EID make sure to have a flasher and a good backup of your flash handy<br/>
if you plan on rehashing your EID make sure to have a flasher and a good backup of your flash handy<br/>
you can decrypt eid with root keys and static keys in the wiki key talk page<br/>
you can decrypt eid with root keys and static keys in the wiki key talk page<br/>
the static keys: http://pastie.org/private/qwndjafrtkvhe9cikbxhg
The static keys: http://web.archive.org/web/20150910133656/http://pastie.org/private/qwndjafrtkvhe9cikbxhg
 
=== Prerequisites ===


===prerequisites===
<ol>
<ol>
<li>otheros++ with ss patches<br/> (yes the ones that cause trophy errors, just update when you wanna play games again and dont complain)</li>
<li>otheros++ with ss patches<br/> (yes the ones that cause trophy errors, just update when you wanna play games again and dont complain)</li>
<li>linux on your ps3 (im using ubuntu 10.10)</li>
<li>linux on your ps3 (im using ubuntu 10.10)</li>
<li>a unpacked copy of your flash (which you can obtain by using glevands dumpflash.pkg<br/> http://gitbrew.org/~glevand/ps3/pkgs/dump_flash.pkg), you need:
<li>a unpacked copy of your flash (which you can obtain by using glevands [https://web.archive.org/web/*/http://ps3devwiki.com/files/flash/Tools/USB%20Flash%20Dump/ dump_flash.pkg]<br/>), you need:
<ul>
<ul>
<li>metldr (aka asecure)</li>
<li>metldr (aka asecure)</li>
<li><strike>EID0</strike> (not needed, commented out in run.sh) (if used, you will need to split eid from your flash http://www.ps3devwiki.com/index.php?title=Dev_Tools#dump_EID0.sh)</li>
<li><strike>EID0</strike> (not needed, commented out in run.sh) (if used, you will need to split eid from your flash [[Dev_Tools#dump_EID0.sh|dump_EID0.sh]]; use 'modprobe ps3dmproxy' if needed)</li>
</ul>
</ul>
and an unpacked copy of ofw (e.g. [http://www.multiupload.com/EF6WZ6PU4K 3.55]), you will need the following files from these:
and an unpacked copy of OFW (e.g. [https://web.archive.org/web/*/http://ps3devwiki.com/files/firmware/OFW-CEX/3.55/ 3.55 OFW-CEX]), you will need the following files from these:
<ul>
<ul>
<li>isoldr</li>
<li>isoldr</li>
Line 25: Line 34:
<li>and obviously appldr-metldrexploit350.self from the files</li></ul>
<li>and obviously appldr-metldrexploit350.self from the files</li></ul>
</li>
</li>
<li>ps3tools http://www.ps3devwiki.com/index.php?title=Dev_Tools#fail0VERFLOW (to unpack your nor and the ofw ie norunpack and pupunpack)</li>
<li>ps3tools [[Dev_Tools#fail0VERFLOW|fail0VERFLOW]] (to unpack your nor and the ofw ie norunpack and pupunpack)</li>
<li>latest gitbrew linux kernel</li>
<li>latest gitbrew linux kernel</li>
<li>a desire to quit *****ing and complaining and get off your ass.</li>
<li>a desire to quit *****ing and complaining and get off your ass.</li>
Line 34: Line 43:


=== Step by Step instuctions ===
=== Step by Step instuctions ===
you can do this over ssh or on console I prefer ssh because my girlfriend likes to watch tv alot.<br/>
 
Precompiled metldrpwn : https://web.archive.org/web/*/http://ps3devwiki.com/files/devtools/dump-metldr/metldrpwn.zip
 
you can do this over ssh or on console.<br/>
 
Note: don't forget to provide EID0 and RL_FOR_PROGRAM.img if you do manually, instead of the run.sh file where they are commented out


<ol>
<ol>
<li>ssh into the ps3<li>
<li>ssh into the ps3</li>
<li>download the files:
<li>download the files:
<pre>wget http://gotbrew.org/metldr838exploit.tar.gz</pre></li>
{{keyboard|content=<syntaxhighlight lang="bash">wget https://web.archive.org/web/*/http://ps3devwiki.com/files/devtools/dump-metldr/metldrpwn.zip</syntaxhighlight>}}</li>
<li>untar the files:
<li>untar the files:
<pre>tar -xvf metldr838exploit.tar.gz</pre></li>
{{keyboard|content=<syntaxhighlight lang="bash">unzip metldrpwn.zip</syntaxhighlight>}}</li>
<li>enter the directory and compile:
<li>enter the directory and compile:
<pre>cd metldr838exploit && make</pre></li>
{{keyboard|content=<syntaxhighlight lang="bash">cd metldrpwn && make</syntaxhighlight>}}</li>
<li>run the following commands now:
<li>run the following commands now:
<pre>insmod ./metldrpwn.ko
{{keyboard|content=<syntaxhighlight lang="bash">
insmod ./metldrpwn.ko
cat metldr > /proc/metldrpwn/metldr
cat metldr > /proc/metldrpwn/metldr
cat appldr-metldrexploit350.self > /proc/metldrpwn/mathldr
cat appldr-metldrexploit350.self > /proc/metldrpwn/mathldr
Line 51: Line 66:
cat eid0 > /proc/metldrpwn/eid0
cat eid0 > /proc/metldrpwn/eid0
echo 1 > /proc/metldrpwn/run
echo 1 > /proc/metldrpwn/run
cat /proc/metldrpwn/debug</pre></li>
cat /proc/metldrpwn/debug
</syntaxhighlight>}}</li>
<li>there now you have a dump check it out:
<li>there now you have a dump check it out:
<pre>hd /proc/metldrpwn/dump  | less</pre></li>
{{keyboard|content=<syntaxhighlight lang="bash">hd /proc/metldrpwn/dump  | less</syntaxhighlight>}}</li>
<li>now copy the dump somewhere or youll lose it:
<li>now copy the dump somewhere or youll lose it:
<pre>cp /proc/metldrpwn/dump /home/username/</pre></li>
{{keyboard|content=<syntaxhighlight lang="bash">cp /proc/metldrpwn/dump /home/username/</syntaxhighlight>}}</li>
</ol>
</ol>
now you have a copy in your home directory for safe keeping<br/>
now you have a copy in your home directory for safe keeping<br/>
congrats youve completed about < 10 mins of actual work<br/>
congrats you've completed about < 10 mins of actual work<br/>
<br/>
<br/>
there you go keys are in 0x00 to 0x20 (first 3 lines)<br/>
there you go: keys are in 0x00 to 0x20 (first 3 lines)<br/>
[QUOTE]
'''So now you get code execution on metldr at the best time possible because your code executes right after metldr copies the root keys from 0x00 to 0x30, which means you get to dump these too. (Although they are hardcoded in metldr's code anyway)'''[/QUOTE]


example:<br/>
::'''So now you get code execution on metldr at the best time possible because your code executes right after metldr copies the root keys from 0x00 to 0x30, which means you get to dump these too. (Although they are hardcoded in metldr's code anyway)'''
erk: #<br/>
 
  00000000 66 4d ee 51 65 6f 68 28 38 98 83 ea df ea 90 04 |fM.Qeoh(8.......|<br/>
==== example ====
  00000010 01 f3 79 09 d6 a6 52 d9 ea 6d ef 04 51 69 ec 7b |..y...R..m..Qi.{|<br/>
 
riv: <br/>
  00000000 66 4d ee 51 65 6f 68 28 38 98 83 ea df ea 90 04 |fM.Qeoh(8.......|   // erk/key
  00000020 7d 6a 3a e5 37 ba 48 4c fe bd 26 5c f5 b1 28 1f |}j:.7.HL..&\..(.|<br/>
  00000010 01 f3 79 09 d6 a6 52 d9 ea 6d ef 04 51 69 ec 7b |..y...R..m..Qi.{|   // erk/key
  00000020 7d 6a 3a e5 37 ba 48 4c fe bd 26 5c f5 b1 28 1f |}j:.7.HL..&\..(.|   // riv
the first 2 lines are erk the 3rd is riv<br/>
the first 2 lines are erk the 3rd is riv<br/>
and together they are eid0 like captain ****in planet<br/>
and together they are eid0 root key<br/>
 
==== example with hardcoded version of minver 3.50+ console ====
 
Rare example of eid_root_key with min version hardcoded into it.  Found in some rare <!--// minver 3.50 revisionkey 00 00 0E 92  C3 26 6E 4B BB 28 2E 76 B7 67 70 95 //--> 2501A's (believed to possibly be in 3.60+ as well, but unable to verify.)
00000000  F5 CC 0B 7F 4D 00 31 07 F2 BC 57 A4 B5 C3 8B E1  |õÌ..M.1.ò¼W¤µÃ‹á|  // erk/key
00000010  78 A9 CD BC 73 21 5A 5B 9D E0 B2 7B 13 BE 4D 21  |x©Í¼s!Z[.à²{.¾M!|  // erk/key
00000020  A7 72 F8 74 BE A9 E6 52 B3 D9 A6 85 05 69 D9 C7  |§røt¾©æR³Ù¦….iÙÇ|  // riv
00000030  00 03 00 50 00 00 00 00 32 7F FF 80 32 7F FF    |...P....2.ÿ€2.ÿ |  // min version/jump ladder
the last line contains min version hardcoded in first 8 bytes, and last 8 bytes is jump code beginning.  (only difference.)


btw this does not mean you get 3.60 keys etc or newer games but it will help you get some nifty things to do some <br/>new stuff.... also please be advised that if you are on 3.60+ you will need to downgrade with a flasher to<br/> do this, also if you have a unit that shipped from the factory with the metldr.2 (new metldr) your sol at<br/> the moment
btw this does not mean you get 3.60 keys etc or newer games but it will help you get some nifty things to do some <br/>new stuff.... also please be advised that if you are on 3.60+ you will need to downgrade with a flasher to<br/> do this, also if you have a unit that shipped from the factory with the metldr.2 (new metldr) your sol at<br/> the moment
theres also a nifty program on the dev tools page to turn your hex into key its called hex2key<br />
theres also a nifty program on the dev tools page to turn your hex into key its called hex2key<br />
oh thanx math<br />
thanx anon leaker<br />
thanx gitbrew and glevand<br />


===some good reading on the subject for further understanding:===
Example of eid_root_key with hardcoded version from minver 3.56+ console
00000000  BF 85 81 FF 99 E8 CB A8 32 DF 41 00 66 C9 5F C7
00000010  4B A8 EE A8 9A 68 8E 15 81 1E 54 ED A8 EB 06 4C
00000020  EB BF C3 41 4A 9E DF B0 ED A0 86 68 03 3D AD 87
00000030  00 03 00 56 00 00 00 00 32 7F FF 80 32 7F FF 80
 
=== Some good reading on the subject for further understanding ===
 
[[File:Ps3-cryptochain.png|300px|thumb|left|3.56 and older Chain of Trust]]
[[File:Ps3-cryptochain.png|300px|thumb|left|3.56 and older Chain of Trust]]
http://www.ps3devwiki.com/images/e/ed/Ps3-cryptochain.png<br/>
* [[Boot Order]]
http://www.ps3devwiki.com/index.php?title=Boot_Order<br/>
* [[Dev Tools]]
http://www.ps3devwiki.com/index.php?title=Dev_Tools<br/>
* [[Flash]] / [[Talk:Flash]]
http://www.ps3devwiki.com/index.php?title=Flash<br/>
* [[IDPS]] / [[Talk:IDPS]]
http://www.ps3devwiki.com/index.php?title=Talk:Flash<br/>
* [[Per Console Keys]] / [[Talk:Per Console Keys]]
http://www.ps3devwiki.com/index.php?title=IDPS<br/>
* [[Hypervisor Reverse Engineering]]
http://www.ps3devwiki.com/index.php?title=Talk:IDPS<br/>
* [[Talk:Keys]]
http://www.ps3devwiki.com/index.php?title=Per_Console_Keys<br/>
* [[Synergistic Processing Unit %28SPU%29|Synergistic Processing Unit (SPU)]] / [[Talk:Synergistic Processing Unit %28SPU%29|Talk:Synergistic Processing Unit (SPU)]]
http://www.ps3devwiki.com/index.php?title=Talk:Per_Console_Keys<br/>
* [[SPU Isolated Modules Reverse Engineering]] / [[Talk:SPU Isolated Modules Reverse Engineering]]
http://www.ps3devwiki.com/index.php?title=Hypervisor_Reverse_Engineering<br/>
http://www.ps3devwiki.com/index.php?title=Talk:Keys<br/>
http://www.ps3devwiki.com/index.php?title=Synergistic_Processing_Unit_%28SPU%29<br/>
http://www.ps3devwiki.com/index.php?title=Talk:Synergistic_Processing_Unit_%28SPU%29<br/>
http://www.ps3devwiki.com/index.php?title=SPU_Isolated_Modules_Reverse_Engineering<br/>
http://www.ps3devwiki.com/index.php?title=Talk:SPU_Isolated_Modules_Reverse_Engineering<br/>


== Mathieulh's explaination ==
(needs cleanup)
<br><br>
Because some ungrateful person leaked my metldr exploit files I will now be explaining how it actually works, because of course the person that leaked these files has no idea of how they actually work


== Math's explaination ==
(needs cleanup)
Because some ungrateful person leaked my metldr exploit files I will now be explaining how it actually works, see this as my ultimate release of all times for an ungrateful scene (and scenes in the future)


That's about how I am pissed off right now, because of course the person that leaked these files has no idea of how they actually work.
<br><br>
<br><br>
How to pwn metldr the "easy" way:<br>
How to "pwn metldr" the "easy" way:<br>
This is most likely how geohot exploited it in the first place, this takes (give or take) about 10 minutes to be performed. (yeah, not so much of a "I hacked the ps3 all on my own work", especially not when it partially relies on Segher's work, one of the reason geohot never shared the way he exploited metldr to anyone)
This is most likely how geohot exploited it in the first place, this takes (give or take) about 10 minutes to be performed. (yeah, not so much of a "I hacked the ps3 all on my own work", especially not when it partially relies on Segher's work, one of the reason geohot never shared the way he exploited metldr to anyone)
<br><br>
<br><br>
I will assume here, that you do not have the loader keys that were made readily available by geohot. This little tutorial also assumes that you have a working .self generating tool
I will assume here, that you do not have the loader keys that were made readily available by geohot. This little tutorial also assumes that you have a working .self generator tool
<br><br>
<br><br>
Now You want to gain code execution to metldr, you know that metldr loads loaders to its own space, but you cannot run a loader because the loader needs to be signed and even though you know about the sign fail that Segher introduced at the CCC, you cannot use it because you don't have decrypted signatures to calculate a private key and to get signatures you need keys which you are currently trying to dump, so far you are stuck in a chicken and egg scenario.
Now You want to gain code execution to metldr, you know that metldr loads loaders to its own space, but you cannot run a loader because the loader needs to be signed and even though you know about the signature fail that Segher introduced at the CCC, you cannot use it because you don't have decrypted signatures to calculate a private key and to get signatures you need keys which you are currently trying to dump, so far you are stuck in a chicken and egg scenario.
<br><br>
<br><br>
The question is, do you really need keys to get a decrypted signature ?  
The question is, do you really need keys to get a decrypted signature ?  
Well the real answer is no, thanks to a nifty fail that sony left in in metldr (and the bootloader), you can have the ldr to decrypt the metadata for you, isn't that neat ?
Well the real answer is no, thanks to a nifty bug that sony left in metldr, you can have the loader to decrypt the metadata for you, isn't that neat ?
<br><br>
<br><br>
Here's how it works:
Here's how it works:
Line 118: Line 140:
STEP I)
STEP I)
<br><br>
<br><br>
In a self file, at address 0x0C a value is used to calculate where the metadata is going to be decrypted, the "offset" is at self header + 0x0C
In a self file, at address 0x0C a value is used to calculate where the metadata is going to be decrypted, the "offset" is located at self header + 0x0C
its the "meta header offset" in the SCE structure, it takes the SCE offset + that value, so what you have to do is to have a calculation that is equal to 0x3E01F0 which happens to be where metldr copies over the shared metadata from the mailbox (which is sent over by the ppu), the trick is to have metldr to decrypt the metadata located at.
its the "meta header offset" in the SCE structure, it takes the SCE offset + that value, so what you have to do is to have a calculation that is equal to 0x3E1F0 which happens to be where metldr copies over the shared metadata from the mailbox (which is sent over by the ppu), the trick is to have metldr to decrypt the metadata located in the shared Local Store.
So basically you have to <br>
So basically you have to <br>
1) set the offset += 0x2000<br>
1) set the offset += 0x2000<br>
dump shared lsa<br>
dump shared lsa (located at 0x3E000 in ls)<br>
and keep increasing 0x2000<br>
and keep increasing 0x2000<br>
until somewhere in the shared lsa changes 0x40 byte<br>
until somewhere in the shared lsa, 0x40 byte change<br>
2) when it changes 0x40 bytes, you can add/subtract the proper amount to make it decrypt the proper locations<br>
2) when it changes 0x40 bytes, you can add/subtract the proper amount to make it decrypt the proper locations<br>
3) then dump shared lsa and we have decrypted header<br>
3) then dump the shared lsa and you have a decrypted header<br>
knowing that metldr uses SCE header 0xECF0, you could calculate it knowing the address 0x3E01F0 - 0xECF0 = the value you would patch at SCE header + 0x0C<br>
knowing that metldr uses SCE header 0xECF0, you could calculate it knowing the address 0x3E1F0 - 0xECF0 = the value you would patch at SCE header + 0x0C<br>
<br>
<br>
   ROM:0000F6C0 D2 68 87 E6 metadata_erk: .int 0xD26887E6 ; DATA XREF: ROM:0000F178o
   ROM:0000F6C0 D2 68 87 E6 metadata_erk: .int 0xD26887E6 ; DATA XREF: ROM:0000F178o
Line 145: Line 167:
Now what ?<br>
Now what ?<br>
<br>
<br>
Well Your first reflex would be to sign a loader and use it to dump whatever is in your Isolated Local Store, the first thing you will notice is that you have a bit of metldr's code as a leftover, after a few seconds of disassembly you will figure it's actually some piece of code that clears metldr's code and registers and jumps to some address which is matches your signed loader's entrypoint.
Well Your first reflex would be to sign a loader and use it to dump whatever is part of the Isolated Local Store, the first thing you will notice is that you have a bit of metldr's code as a leftover, after a bit of disassembly you will notice that it's actually some piece of code that clears metldr's code and registers and jumps to some address which matches your signed loader's entrypoint.
<br>
<br>
This seems like a more than likely candidate to exploit, as in your goal would be to overwrite that piece of code with your own, that way you would have the whole metldr code right before the point where everything gets cleared out.
This seems a more than likely candidate to exploit, as your goal would be to overwrite that piece of code with your own, that way you would have the whole metldr code right before the point where everything gets cleared out.
<br>
<br>
Let's try to do just that, from your previous dump, you obviously know that the clear code is located from 0x400 to 0x630, (0x410 being where metldr jumps when it clears) your first attempt would naturally be to have a loader section to load at 0x400, well not so surprisingly, it fails, because you are not without a brain (at least you aren't supposed to be if you're reading and understanding this), you will assume that it is likely that metldr checks if you aren't loading your loader/self section below a certain address, which considering you know the loaders' entrypoint is most likely to be 0x12C00, this assumption is in fact correct as metldr will make sure you cannot load any loader at 0x12BFF and below, seems like a huge let down...
Let's try to do just that, from your previous dump, you should obviously know that the clear code is located from 0x400 to 0x630, (0x410 being where metldr jumps when it clears) your first attempt would naturally be to have a loader section to load at 0x400, unsurprisingly, it fails, because you are not without a brain (at least you aren't supposed to be if you're reading and understanding this), you will assume that it is likely that metldr checks if you aren't loading your loader/self section below a certain address, which considering you know the loaders' entrypoint is most likely to be 0x12C00, this assumption is in fact correct as metldr will make sure you cannot load any loader at 0x12BFF and below, seems like a huge let down...
<br>
<br>
Well, maybe not, because yet again, you are not without a brain, you check out the hardware properties for the Local Store, and you find out that the memory wraps around (memory is a donut as someone once said at some ccc conference).
Well, maybe not, should you check out the hardware properties for the Local Store, you would find out that the memory wraps around (memory is a donut as someone once said at some CCC conference).
<br>
<br>
So what happens when you load your loader at let's say from 0x3F000 to 0x40000+some address? (like 0x40410 for example) ?<br>
So what happens when you load your loader at let's say from 0x3F000 to 0x40000+some address? (like 0x40410 for example) ?<br>
Line 163: Line 185:
   ROM:00000410 32 7F FF 80 br sub_40C
   ROM:00000410 32 7F FF 80 br sub_40C
<br>
<br>
this is what the exploit that got leaked (yeah that's not really their work eh but you figured that much by now did you not? ) does.<br>
this is what the exploit that got leaked (yeah that's not really their work eh but you figured that much by now, did you not? ) does.<br>
It overwrites from 0x000 to 0x480 because I originally loaded the section o size 0x880 to 0x3FC00<br>
It overwrites from 0x000 to 0x480 because I originally loaded the section of size 0x880 to 0x3FC00<br>
<br>
<br>
So now you get code execution on metldr at the best time possible because your code executes right after metldr copies the root keys from 0x00 to 0x30, which means you get to dump these too. (Although they are hardcoded in metldr's code anyway)<br>
So now you get code execution on metldr at the best time possible because your code executes right after metldr copies the root keys from 0x00 to 0x30, which means you get to dump these too. (Although those are hardcoded in metldr's code anyway)<br>
<br>
<br>


Here you go, you have a metldr dump !<br>
Here you go, you have a metldr dump !<br>


Now as a final line, I'd like to say screw leakers, screw the scene, and this is my last contribution to it EVER. It seems I can't even trust fellow developers to keep my work safe and not leaking it. (Not like any of them would have been able to tell you how all this even works in the first place)
Now as a final line, I'd like to say this is my last contribution to this scene. It seems I can't even trust fellow developers to keep my work safe.
<br>
<br>
So long, everyone. <br>
So long, everyone. <br>
Remember, don't ever bite the hands that feed you.<br>
Remember, don't ever bite the hands that feed you.<br>
<br>
<br>
P.S. Oh! and btw, if you talented enough to make hardware to dump the shared lsa, you can decrypt any lv0 using this technique.
 
<br>
'''Old partial/incomplete source: http://lan.st/showthread.php?t=4025'''
This is all based on the content of this link: http://lan.st/showthread.php?t=4025<br>
(Link now deprecated)
 
 
 
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude>

Latest revision as of 06:07, 17 April 2023

files main: https://web.archive.org/web/*/http://ps3devwiki.com/files/devtools/dump-metldr/

source/basis[edit | edit source]

archives/66/p66_0x0d_Power cell buffer overflow_by_BSDaemon.txt [1]

How to use[edit | edit source]

ohai I'll tell you guys how to use mathldr
(I like to call it that, it's kinda catchy)
this is pretty safe (if you know what you are doing, and do it right)
just don't go crazy with it, it's possible mess your eid up if you attempt to rehash it and flash or attempt in any way to replace your eid
if you plan on rehashing your EID make sure to have a flasher and a good backup of your flash handy
you can decrypt eid with root keys and static keys in the wiki key talk page
The static keys: http://web.archive.org/web/20150910133656/http://pastie.org/private/qwndjafrtkvhe9cikbxhg

Prerequisites[edit | edit source]

  1. otheros++ with ss patches
    (yes the ones that cause trophy errors, just update when you wanna play games again and dont complain)
  2. linux on your ps3 (im using ubuntu 10.10)
  3. a unpacked copy of your flash (which you can obtain by using glevands dump_flash.pkg
    ), you need:
    • metldr (aka asecure)
    • EID0 (not needed, commented out in run.sh) (if used, you will need to split eid from your flash dump_EID0.sh; use 'modprobe ps3dmproxy' if needed)

    and an unpacked copy of OFW (e.g. 3.55 OFW-CEX), you will need the following files from these:

    • isoldr
    • RL_FOR_PROGRAM.img (not needed, commented out in run.sh)
    • spp_verifier.self
    • default.spp
    • and obviously appldr-metldrexploit350.self from the files
  4. ps3tools fail0VERFLOW (to unpack your nor and the ofw ie norunpack and pupunpack)
  5. latest gitbrew linux kernel
  6. a desire to quit *****ing and complaining and get off your ass.
  7. motivation (see prerequisite #6)

Step by Step instuctions[edit | edit source]

Precompiled metldrpwn : https://web.archive.org/web/*/http://ps3devwiki.com/files/devtools/dump-metldr/metldrpwn.zip

you can do this over ssh or on console.

Note: don't forget to provide EID0 and RL_FOR_PROGRAM.img if you do manually, instead of the run.sh file where they are commented out

  1. ssh into the ps3
  2. download the files:
    Type This
    wget https://web.archive.org/web/*/http://ps3devwiki.com/files/devtools/dump-metldr/metldrpwn.zip
    
  3. untar the files:
    Type This
    unzip metldrpwn.zip
    
  4. enter the directory and compile:
    Type This
    cd metldrpwn && make
    
  5. run the following commands now:
    Type This
    insmod ./metldrpwn.ko
    cat metldr > /proc/metldrpwn/metldr
    cat appldr-metldrexploit350.self > /proc/metldrpwn/mathldr
    cat RL_FOR_PROGRAM.img > /proc/metldrpwn/rvkprg
    cat eid0 > /proc/metldrpwn/eid0
    echo 1 > /proc/metldrpwn/run
    cat /proc/metldrpwn/debug
    
  6. there now you have a dump check it out:
    Type This
    hd /proc/metldrpwn/dump  | less
    
  7. now copy the dump somewhere or youll lose it:
    Type This
    cp /proc/metldrpwn/dump /home/username/
    

now you have a copy in your home directory for safe keeping
congrats you've completed about < 10 mins of actual work

there you go: keys are in 0x00 to 0x20 (first 3 lines)

So now you get code execution on metldr at the best time possible because your code executes right after metldr copies the root keys from 0x00 to 0x30, which means you get to dump these too. (Although they are hardcoded in metldr's code anyway)

example[edit | edit source]

00000000 66 4d ee 51 65 6f 68 28 38 98 83 ea df ea 90 04 |fM.Qeoh(8.......|    // erk/key
00000010 01 f3 79 09 d6 a6 52 d9 ea 6d ef 04 51 69 ec 7b |..y...R..m..Qi.{|    // erk/key
00000020 7d 6a 3a e5 37 ba 48 4c fe bd 26 5c f5 b1 28 1f |}j:.7.HL..&\..(.|    // riv

the first 2 lines are erk the 3rd is riv
and together they are eid0 root key

example with hardcoded version of minver 3.50+ console[edit | edit source]

Rare example of eid_root_key with min version hardcoded into it.  Found in some rare  2501A's (believed to possibly be in 3.60+ as well, but unable to verify.)
00000000  F5 CC 0B 7F 4D 00 31 07 F2 BC 57 A4 B5 C3 8B E1  |õÌ..M.1.ò¼W¤µÃ‹á|  // erk/key
00000010  78 A9 CD BC 73 21 5A 5B 9D E0 B2 7B 13 BE 4D 21  |x©Í¼s!Z[.à²{.¾M!|  // erk/key
00000020  A7 72 F8 74 BE A9 E6 52 B3 D9 A6 85 05 69 D9 C7  |§røt¾©æR³Ù¦….iÙÇ|  // riv
00000030  00 03 00 50 00 00 00 00 32 7F FF 80 32 7F FF     |...P....2.ÿ€2.ÿ |  // min version/jump ladder

the last line contains min version hardcoded in first 8 bytes, and last 8 bytes is jump code beginning. (only difference.)

btw this does not mean you get 3.60 keys etc or newer games but it will help you get some nifty things to do some
new stuff.... also please be advised that if you are on 3.60+ you will need to downgrade with a flasher to
do this, also if you have a unit that shipped from the factory with the metldr.2 (new metldr) your sol at
the moment theres also a nifty program on the dev tools page to turn your hex into key its called hex2key

Example of eid_root_key with hardcoded version from minver 3.56+ console
00000000  BF 85 81 FF 99 E8 CB A8 32 DF 41 00 66 C9 5F C7 
00000010  4B A8 EE A8 9A 68 8E 15 81 1E 54 ED A8 EB 06 4C 
00000020  EB BF C3 41 4A 9E DF B0 ED A0 86 68 03 3D AD 87 
00000030  00 03 00 56 00 00 00 00 32 7F FF 80 32 7F FF 80

Some good reading on the subject for further understanding[edit | edit source]

3.56 and older Chain of Trust

Mathieulh's explaination[edit | edit source]

(needs cleanup)

Because some ungrateful person leaked my metldr exploit files I will now be explaining how it actually works, because of course the person that leaked these files has no idea of how they actually work




How to "pwn metldr" the "easy" way:
This is most likely how geohot exploited it in the first place, this takes (give or take) about 10 minutes to be performed. (yeah, not so much of a "I hacked the ps3 all on my own work", especially not when it partially relies on Segher's work, one of the reason geohot never shared the way he exploited metldr to anyone)

I will assume here, that you do not have the loader keys that were made readily available by geohot. This little tutorial also assumes that you have a working .self generator tool

Now You want to gain code execution to metldr, you know that metldr loads loaders to its own space, but you cannot run a loader because the loader needs to be signed and even though you know about the signature fail that Segher introduced at the CCC, you cannot use it because you don't have decrypted signatures to calculate a private key and to get signatures you need keys which you are currently trying to dump, so far you are stuck in a chicken and egg scenario.

The question is, do you really need keys to get a decrypted signature ? Well the real answer is no, thanks to a nifty bug that sony left in metldr, you can have the loader to decrypt the metadata for you, isn't that neat ?

Here's how it works:

STEP I)

In a self file, at address 0x0C a value is used to calculate where the metadata is going to be decrypted, the "offset" is located at self header + 0x0C its the "meta header offset" in the SCE structure, it takes the SCE offset + that value, so what you have to do is to have a calculation that is equal to 0x3E1F0 which happens to be where metldr copies over the shared metadata from the mailbox (which is sent over by the ppu), the trick is to have metldr to decrypt the metadata located in the shared Local Store. So basically you have to
1) set the offset += 0x2000
dump shared lsa (located at 0x3E000 in ls)
and keep increasing 0x2000
until somewhere in the shared lsa, 0x40 byte change
2) when it changes 0x40 bytes, you can add/subtract the proper amount to make it decrypt the proper locations
3) then dump the shared lsa and you have a decrypted header
knowing that metldr uses SCE header 0xECF0, you could calculate it knowing the address 0x3E1F0 - 0xECF0 = the value you would patch at SCE header + 0x0C

 ROM:0000F6C0 D2 68 87 E6 metadata_erk: .int 0xD26887E6 ; DATA XREF: ROM:0000F178o

for example in CECHA , the address you want to decrypt it to is 0x3E1F0
so it should be 0x3E1F0 - 0xF6C0

Once you get the decrypted header, you have the key to decrypt the rest of the metadata. Here you go, you have your decrypted signature.

So far so good, now what's next ?

STEP II)

Contrary to popular beliefs, you do not need to know the public key to calculate the private key, you just need two decrypted signature, you now know how to dump these, so let's assume you just did, now all you have to do is to bruteforce the curve type by constantly reloading a self to metldr, the curve type being only 1 byte, that would be 64 possibilities.
CONGRATULATION, you just signed a loader !

Now what ?

Well Your first reflex would be to sign a loader and use it to dump whatever is part of the Isolated Local Store, the first thing you will notice is that you have a bit of metldr's code as a leftover, after a bit of disassembly you will notice that it's actually some piece of code that clears metldr's code and registers and jumps to some address which matches your signed loader's entrypoint.
This seems a more than likely candidate to exploit, as your goal would be to overwrite that piece of code with your own, that way you would have the whole metldr code right before the point where everything gets cleared out.
Let's try to do just that, from your previous dump, you should obviously know that the clear code is located from 0x400 to 0x630, (0x410 being where metldr jumps when it clears) your first attempt would naturally be to have a loader section to load at 0x400, unsurprisingly, it fails, because you are not without a brain (at least you aren't supposed to be if you're reading and understanding this), you will assume that it is likely that metldr checks if you aren't loading your loader/self section below a certain address, which considering you know the loaders' entrypoint is most likely to be 0x12C00, this assumption is in fact correct as metldr will make sure you cannot load any loader at 0x12BFF and below, seems like a huge let down...
Well, maybe not, should you check out the hardware properties for the Local Store, you would find out that the memory wraps around (memory is a donut as someone once said at some CCC conference).
So what happens when you load your loader at let's say from 0x3F000 to 0x40000+some address? (like 0x40410 for example) ?

Well, it WORKS!
You could put the section at 0x3F000, if you made the length 0x1414 and the last instruction branches "up" to the dump code

 ROM:000008AC 33 7F 6C 80 brsl lr, cleanup_and_jump_entry
 ROM:000008B0 32 00 11 80 br loc_93C
 ROM:00000410 cleanup_and_jump_entry: ; CODE XREF: main+4Cp
 ROM:00000410 32 7F FF 80 br sub_40C


this is what the exploit that got leaked (yeah that's not really their work eh but you figured that much by now, did you not? ) does.
It overwrites from 0x000 to 0x480 because I originally loaded the section of size 0x880 to 0x3FC00

So now you get code execution on metldr at the best time possible because your code executes right after metldr copies the root keys from 0x00 to 0x30, which means you get to dump these too. (Although those are hardcoded in metldr's code anyway)

Here you go, you have a metldr dump !

Now as a final line, I'd like to say this is my last contribution to this scene. It seems I can't even trust fellow developers to keep my work safe.
So long, everyone.
Remember, don't ever bite the hands that feed you.

Old partial/incomplete source: http://lan.st/showthread.php?t=4025 (Link now deprecated)