Dumping Bootldr: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
No edit summary
Line 5: Line 5:
* OtherOS++ with SS Patches
* OtherOS++ with SS Patches
* Linux Kernel with glevand's/graf's patches (red ribbon rc6 will do the trick, since it has the embedded kernel)
* Linux Kernel with glevand's/graf's patches (red ribbon rc6 will do the trick, since it has the embedded kernel)
* [[https://mega.co.nz/#!QcQ2wZDJ!tu1NuOJpFIrlDV-EEqGM8mgdfNCC9cwqOnGK2012CaQ the exploit]]
* [[https://mega.co.nz/#!QcQ2wZDJ!tu1NuOJpFIrlDV-EEqGM8mgdfNCC9cwqOnGK2012CaQ the exploit]] / [[https://mega.co.nz/#!A0U0mKpS!lxiLg37pruRhVsFttUgsMLGx4mBKj80PDycnaJ8SttQ version ports]]
* NOR console with a NOR dump (the exploit isn't adapted to NAND consoles yet, [[Talk:Hypervisor_Reverse_Engineering#MMIO_.2F_Memorymap|no MMIO available]])
* NOR console with a NOR dump (the exploit isn't adapted to NAND consoles yet, [[Talk:Hypervisor_Reverse_Engineering#MMIO_.2F_Memorymap|no MMIO available]])



Revision as of 00:28, 22 June 2014

Requirements

  • OtherOS++ with SS Patches
  • Linux Kernel with glevand's/graf's patches (red ribbon rc6 will do the trick, since it has the embedded kernel)
  • [the exploit] / [version ports]
  • NOR console with a NOR dump (the exploit isn't adapted to NAND consoles yet, no MMIO available)

How to

  1. Start a normal session from red ribbon (or any other distro you might have)
  2. Extract the contents of bootldrexploit to your home folder
  3. Open your terminal and type as root:
  4. Type This
    cd bootldrexploit/ps3peekpoke
  5. Compile the lv1 peek poke kernel module:
  6. Type This
    make
  7. Insert the lv1 peek poke kernel module:
  8. Type This
    insmod ps3peekpoke.ko
  9. Change directory to the exploit dir
  10. Type This
    cd ../btldr8
  11. Compile the exploit
  12. Type This
    make
  13. Make a nor dump by typing
  14. Type This
    dd if=/dev/ps3nflasha of=nor.bin bs=1024
  15. Execute the exploit
  16. Type This
    ./lv0Decrypt 0 nor.bin buffer.bin
  17. It should show the status as status A0082. This means you've succeeded. check your dump for the keys.
  18. Type This
    hexdump -C dump.bin > test
    Type This
    nano test