Demonhades : Using DEX without Linux. Always a step ahead of the competition

[Xx--AIDAN--xX]

As many of you know (again) the fuzz that the Cex>Dex method, created. Now it’s turn of demonhades crew to bring an EID0 Dumper for JBM 3.55, MA 3.56 and (you can read the whole article) for more references. The first MAIN step or objective from the *demonios* it’s to not have to depend on Linux to do the conversion. (Aka = DEX). Then you have another app called ConfEditor PS3 for TheGrid, that let’s you mess around more with flags among other powerful as risky ones to use. The only NEGATIVE that i find in all of this, it’s that you have to use the JBM (From DH) to achieve this kind of things. Well it’s time to play!, if you want to know more i will do a better *to english* translation, since i fetched this from





This weekend Spanish PlayStation 3 developers at DemonHades have made available a PS3 eEID0 Dumper for JBM 3.55, MA 3.56 and PlayStation 3 CFW 3.55 alongside a ConfEditor for TheGrid. To quote, : (I had to translate the all damn thing again because google translate) eEID0 Dumper by BlackDeath to JBM 3.55, MA 3.56 and CFW 3.55

Hello pals, after the filtered method of CEX2DEX the team decided to investigate in this new field for certain users and not so much for other. That’s why we are working to make an *easier* method in order to switch to DEX without needing linux.
Today i present you the EID0 dumper created by BlackDeath, this app will let us dump all the EID0 or the first section of CEX, ONLY using or running a PKG and having connected a pendrive in dev_usb000. The instructions are on screen and easy to follow:

START: Used to dump all the EID0.
SQUARE: Just to dump the first section of the EID0 (eid0_1st_Section_CEX.bin).
X (EX): To dump the ciphered METLDR to the USB and ready to go (plug and play) for the exploit and get the dump from deciphered METLDR (mentioned in early staged of this guide)

If you are in CFW 3.55 (normal) you have to launch the pkg from video.

Needless to say i leave you the download link that works in ANY CFW 3.55 (PEEK | POKE LV2) As well in MA.

Blackdeath says:
This last version now allow us to dump the METLDR (ciphered) from our consoles if you use the X (EX) button and you will obtain the already ciphered METLDR, ready to make a deciphered dump along with they *keys* using the exploit (later).

We will keep on working on this *area* just to achieve the need to use linux, ergo the next step is dump the METLDR without doing so many things in linux, quite the contrary our objective is to achieve a quick, easy to use method to dump it.

eEID0 is needed for make the process of dumping the metldr (as you all know, and only the first section of the eEID0). The result was this tool, which is needed to do the proper conversion from DEX to TEST.

(Old Version)
(New Version)
Thanks BlackDeath, Checko, Tito01 and DemonHades From checko: WIP: A method to dump metldr and eEID root keys without linux, more easy with some little steps .. maybe naehrwert can help you. To quote from his Twitter (via twitter.com/naehrwert/status/226682478373531648 and twitter.com/naehrwert/status/226686257005203456): Isn’t installing linux to get your eid root key a bit of an overkill when you could just use netrpc?! Or you could compile this pastie.org/4295312, sign it with metldr keys and grab the key/iv from shared LS…

ldr.ld

ENTRY(_start)

SECTIONS
{
. = 0x25800;
.text :
{
*(.text)
}
.data :
{
*(.data)
*(.rodata)
}
.bss :
{
bss = .;
*(.bss)
}
}
types.h

#ifndef _TYPES_H_
#define _TYPES_H_

typedef char s8;
typedef unsigned char u8;
typedef short s16;
typedef unsigned short u16;
typedef int s32;
typedef unsigned int u32;
typedef long long int s64;
typedef unsigned long long int u64;

#endif
start.S

.text

/* Loader entry. */
.global _start
_start:
/* Setup stack pointer. */
ila sp, 0x3DFA0

/* Well... */
brsl lr, main

_hang:
br _hang
main.c

#include "types.h"

void *_memcpy(void *dst, void *src, u32 len);

void main()
{
//Copy eid root key/iv to shared LS.
_memcpy((u8 *)0x3E000, (u8 *)0x00000, 0x30);
//Hang (the PPU should copy the key/iv from shared LS now).
while(1);
}

void *_memcpy(void *dst, void *src, u32 len)
{
u8 *d = (u8 *)dst;
u8 *s = (u8 *)src;
u32 i;

for(i = 0; i < len; i++)
d[i] = s[i];

return dst;
}
ConfEditor PS3 for TheGrid by RacingLocura07 Our partner and developer RacingLocura07 (UsaveME) leaves us on this occasion the conf editor ps3, this application allows you to enable or disable patches, plugins or create flags without using a PC, all from the PS3 itself in a simple and fast :

Displays a list of flags
Displays list of patch-dynamic
Displays a list of plugins
Allows you to export to the root of the usb, the. Cfg file to test it before storing.
List of flags:

Matheros (direct or normal)
dumper-ram
debug
dev_flash (dumper / restore)
sc35/36 +8 (more compatible)
100% Fan speed (fan at 100%)

source

[annern55]

Shadow, there is probably not going to be a 3.56+ jailbreak.
It was easy to make a 3.55 jailbreak because all you had to to was creating the firmware patches and calculate the keys. But sony patched that way to get the keys, so they changed the keys and made them 10 times more secure then the 3.55 ones. So getting the 3.56+ keys is like a mission impossible, unless some kind of sick nurd find a security exploit in the ps3 private database, and encrypting all the information in the ps3s database, which got alot more safe after Anonymous hacked ps3.
I'd rather just buy a ps3 with a lower firmware than 3.55 from ebay or any sites like that.
All the ps3s with 20gb, 40gb, 60gb, 80gb,90gb,120gb is on a lower firmware than 3.55

[nick_417x]

Shadow, there is probably not going to be a 3.56+ jailbreak.
It was easy to make a 3.55 jailbreak because all you had to to was creating the firmware patches and calculate the keys. But sony patched that way to get the keys, so they changed the keys and made them 10 times more secure then the 3.55 ones. So getting the 3.56+ keys is like a mission impossible, unless some kind of sick nurd find a security exploit in the ps3 private database, and encrypting all the information in the ps3s database, which got alot more safe after Anonymous hacked ps3.
I'd rather just buy a ps3 with a lower firmware than 3.55 from ebay or any sites like that.
All the ps3s with 20gb, 40gb, 60gb, 80gb,90gb,120gb is on a lower firmware than 3.55

If your not a dumb ass they have released the 4.11 keys -_-

[annern55]

Hahaha, I think you are the dumbass here, the 4.11 isn't released, if you really believe all that youtube shit you shouldn't be here.

[spudeeelad]

So, if I understand this right, this is just a easier method to go from cex to dex?
And 1 more question about the comment "Joe-Rockin" posted, is there possible to use this without e3 flasher/progskeet? Is a e3 flasher/progskeet just good to have since there is a high chance of bricking the ps3?

Sorry for asking so much I am new to jailbreaking.

This is NOT jailbreaking. It is converting your PS3 from a retail one to a developer one. It allows many of the same features as a jailbreak, but is not actually doing anything to OFW thus is not a jailbreak.

[annern55]

spudeeelad, actually I just miswrote, I do really know that this isn't a jailbreak, but you didn't answer my question, do you need a e3 flasher or just good to have in case your bricking your ps3?

[spudeeelad]

spudeeelad, actually I just miswrote, I do really know that this isn't a jailbreak, but you didn't answer my question, do you need a e3 flasher or just good to have in case your bricking your ps3?

E3 is not compulsory, but it is advised to have one because if you brick your PS3, it may be unrecoverable. With E3, you're 99% likely to be able to recover it.

---------- Post added at 04:02 PM ---------- Previous post was at 04:01 PM ----------

E3 is not compulsory, but it is advised to have one because if you brick your PS3, it may be unrecoverable. With E3, you're 99% likely to be able to recover it.

Oh, it's not just about bricking either. Even if you did successfully convert to DEX, you may never be able to get out of this mode and back on to CEX and OFW.

[annern55]

Okey, So I can install packages even if I update a ps3 thats non-jailbroken to dex?
I need a quick answer.

[joe-rockin]

the one i was talking about is the 4.20 dex pup. which can be done on 4.20 ofw without anything kind of like geohots 3.55 jailbreak the only problem is theres a high chance of bricking and if you do it you can brick your console who nows you might actually work nut progskeet/e3 flasher is just a backup incase the ps3 does vrick as witj them you can un brick but you can do it without them just its risky

[annern55]

Alright, thanks for clearing things out for me, I just got 1 more question.
All you have to do is to put the 4.20 dex pup into a folder called f.ex: a map named 4.20 dex and then a folder named PS3 with capital letters and a folder named UPDATE with capital letters, inside that put the .pup file plug into ps3, update via storage media/recovery mode then I'm done?
Thanks for the answers.