LinkBack URL
About LinkBacks
Demonhades : Using DEX without Linux. Always a step ahead of the competition
Register To Reply
0
As many of you know (again) the fuzz that the Cex>Dex method, created. Now it’s turn of demonhades crew to bring an EID0 Dumper for JBM 3.55, MA 3.56 and (you can read the whole article) for more references. The first MAIN step or objective from the *demonios* it’s to not have to depend on Linux to do the conversion. (Aka = DEX). Then you have another app called ConfEditor PS3 for TheGrid, that let’s you mess around more with flags among other powerful as risky ones to use. The only NEGATIVE that i find in all of this, it’s that you have to use the JBM (From DH) to achieve this kind of things. Well it’s time to play!, if you want to know more i will do a better *to english* translation, since i fetched this from
This weekend Spanish PlayStation 3 developers at DemonHades have made available a PS3 eEID0 Dumper for JBM 3.55, MA 3.56 and PlayStation 3 CFW 3.55 alongside a ConfEditor for TheGrid. To quote, : (I had to translate the all damn thing again because google translate) eEID0 Dumper by BlackDeath to JBM 3.55, MA 3.56 and CFW 3.55
Hello pals, after the filtered method of CEX2DEX the team decided to investigate in this new field for certain users and not so much for other. That’s why we are working to make an *easier* method in order to switch to DEX without needing linux.
Today i present you the EID0 dumper created by BlackDeath, this app will let us dump all the EID0 or the first section of CEX, ONLY using or running a PKG and having connected a pendrive in dev_usb000. The instructions are on screen and easy to follow:
START: Used to dump all the EID0.
SQUARE: Just to dump the first section of the EID0 (eid0_1st_Section_CEX.bin).
X (EX): To dump the ciphered METLDR to the USB and ready to go (plug and play) for the exploit and get the dump from deciphered METLDR (mentioned in early staged of this guide)
If you are in CFW 3.55 (normal) you have to launch the pkg from video.
Needless to say i leave you the download link that works in ANY CFW 3.55 (PEEK | POKE LV2) As well in MA.
Blackdeath says:
This last version now allow us to dump the METLDR (ciphered) from our consoles if you use the X (EX) button and you will obtain the already ciphered METLDR, ready to make a deciphered dump along with they *keys* using the exploit (later).
We will keep on working on this *area* just to achieve the need to use linux, ergo the next step is dump the METLDR without doing so many things in linux, quite the contrary our objective is to achieve a quick, easy to use method to dump it.
eEID0 is needed for make the process of dumping the metldr (as you all know, and only the first section of the eEID0). The result was this tool, which is needed to do the proper conversion from DEX to TEST.
(Old Version)
(New Version)
Thanks BlackDeath, Checko, Tito01 and DemonHades From checko: WIP: A method to dump metldr and eEID root keys without linux, more easy with some little steps .. maybe naehrwert can help you. To quote from his Twitter (via twitter.com/naehrwert/status/226682478373531648 and twitter.com/naehrwert/status/226686257005203456): Isn’t installing linux to get your eid root key a bit of an overkill when you could just use netrpc?! Or you could compile this pastie.org/4295312, sign it with metldr keys and grab the key/iv from shared LS…
ldr.ld
ENTRY(_start)
SECTIONS
{
. = 0x25800;
.text :
{
*(.text)
}
.data :
{
*(.data)
*(.rodata)
}
.bss :
{
bss = .;
*(.bss)
}
}
types.h
#ifndef _TYPES_H_
#define _TYPES_H_
typedef char s8;
typedef unsigned char u8;
typedef short s16;
typedef unsigned short u16;
typedef int s32;
typedef unsigned int u32;
typedef long long int s64;
typedef unsigned long long int u64;
#endif
start.S
.text
/* Loader entry. */
.global _start
_start:
/* Setup stack pointer. */
ila sp, 0x3DFA0
/* Well... */
brsl lr, main
_hang:
br _hang
main.c
#include "types.h"
void *_memcpy(void *dst, void *src, u32 len);
void main()
{
//Copy eid root key/iv to shared LS.
_memcpy((u8 *)0x3E000, (u8 *)0x00000, 0x30);
//Hang (the PPU should copy the key/iv from shared LS now).
while(1);
}
void *_memcpy(void *dst, void *src, u32 len)
{
u8 *d = (u8 *)dst;
u8 *s = (u8 *)src;
u32 i;
for(i = 0; i < len; i++)
d[i] = s[i];
return dst;
}
ConfEditor PS3 for TheGrid by RacingLocura07 Our partner and developer RacingLocura07 (UsaveME) leaves us on this occasion the conf editor ps3, this application allows you to enable or disable patches, plugins or create flags without using a PC, all from the PS3 itself in a simple and fast :
Displays a list of flags
Displays list of patch-dynamic
Displays a list of plugins
Allows you to export to the root of the usb, the. Cfg file to test it before storing.
List of flags:
Matheros (direct or normal)
dumper-ram
debug
dev_flash (dumper / restore)
sc35/36 +8 (more compatible)
100% Fan speed (fan at 100%)
source
Originally Posted by 08keelr
Copyright © 2008-2013, NextGenUpdate. All Rights Reserved. -