Dumping Bootldr: Difference between revisions

Revision as of 15:31, 8 November 2012

OtherOS++ with SS Patches
Linux Kernel with glevand's/graf's patches (red ribbon rc6 will do the trick, since it has the embedded kernel)
https://dl.dropbox.com/u/35197530/bootldrexploit.7z the exploit and the lv1 peek poke from Juan (already corrected in this case)
NOR console with a NOR dump (the exploit isn't adapted to NAND consoles yet)

cd bootldrexploit/ps3peekpoke

make

insmod ps3peekpoke.ko

cd ../btldr8

make

dd if=/dev/ps3nflasha of=nor.bin bs=1024

./lv0Decrypt 0 nor.bin buffer.bin

It should show the status as status A0082. This means you've succeeded. check your dump for the keys.

hexdump -C dump.bin > test

nano test

@@ Line 1: / Line 1: @@
 [[Category:Software]]{{Wikify}}
+==Requirements==
+* OtherOS++ with SS Patches
+* Linux Kernel with glevand's/graf's patches (red ribbon rc6 will do the trick, since it has the embedded kernel)
+* https://dl.dropbox.com/u/35197530/bootldrexploit.7z the exploit and the lv1 peek poke from Juan (already corrected in this case)
+* NOR console with a NOR dump (the exploit isn't adapted to NAND consoles yet)
+==How to==
+* Start a normal session from red ribbon (or any other distro you might have)
+* Extract the contents of bootldrexploit to your home folder
+* Open your terminal and type as root:
+{{keyboard|content=cd bootldrexploit/ps3peekpoke}}
+* Compile the lv1 peek poke kernel module:
+{{keyboard|content=make}}
+* Insert the lv1 peek poke kernel module:
+{{keyboard|content=insmod ps3peekpoke.ko}}
+{{keyboard|content=cd ../btldr8}}
+* Compile the exploit
+{{keyboard|content=make}}
+* Make a nor dump by typing
+{{keyboard|content=dd if=/dev/ps3nflasha of=nor.bin bs=1024}}
+* Execute the exploit
+{{keyboard|content=./lv0Decrypt 0 nor.bin buffer.bin}}
+* It should show the status as status A0082. This means you've succeeded. check your dump for the keys.
+{{keyboard|content=hexdump -C dump.bin > test}}
+{{keyboard|content=nano test}}
+* copy your dump to a safe place