Latest PS3 News Forum Updates

**spunkybunny** · 11-09-2011

Well there was this hacker group in Romania that made viruses. They ended up turning around and now have a virus defender software.

They could've kept going making viruses and shut down the whole internet they were that good but no, they now kill the viruses they first created. They know how to make them so they are perfect to be the ones to stop them.

The best programmers started off as hackers. So its stupid not to hire good hackers.

Didn't Facebook hire GeoHot? And Microsoft gave him a Windows phone. He must've done something right for 2 big companies to be interested in him. He's proven he's a good hacker by hacking the so called unhackable console. Sony's stupidest move was to sue him and not hire him.

Thats also the problem with Sony. They are run by stupid people with too much money.

**kablooey** · 11-09-2011

Mtldr

**dragonsan** · 11-09-2011

Specially, i wouldnt mind a 3.70cfw because then i could use my wireless ps3 headset with the ps3 and we won't need to bother with the patching of the eboots.

but i'm against all kinds of psn hack. i think anyone who uses cfw shouldn't go online.

**alwayshungry** · 11-09-2011

So what your saying is Hackers are bad and you don't want them on your side, well that is stupid, I would rather have them on my side then fighting with them.

**Bartholomy** · 11-09-2011

Don't ask to me, ask to Sony japan

Obiously, it's stupid fight someone who can make you be a leader. Maybe PSN mess never happend now. Maybe Our ps3 was a perfect unhackable console, and 3.41CFW was never going to happen. Nah, better the nephew of Mashimoto

**chr15m** · 11-09-2011

Here is a layman's guide to doing yourself by lunuxx via ps3devwiki.com/index.php?title=Talk:Dumping_Metldr

How to Use:

Ohai I'll tell you guys howto use mathldr (I like to call it that, its kinda catchy) This is pretty safe (if you know what you are doing, and do it right) just dont go crazy with it, its possible mess your eid up if you attempt to rehash it and flash or attempt in any way to replace your eid. If you plan on rehashing your EID make sure to have a flasher and a good backup of your flash handy.

You can decrypt eid with root keys and static keys in the wiki key talk page. The static keys: http://pastie.org/pastes/2819949/text?key=qwndjafrtkvhe9cikbxhg

Prerequisites:

1. otheros++ with ss patches (yes the ones that cause trophy errors, just update when you wanna play games again and dont complain)
2. linux on your ps3 (im using ubuntu 10.10)
3. a unpacked copy of your flash (which you can obtain by using glevands dumpflash.pkg via: gitbrew.org/~glevand/ps3/pkgs/dump_flash.pkg) and an unpacked copy of ofw you will need the following files from these:

metldr
isoldr
RL_FOR_PROGRAM.img
EID0 (you will need to split eid from your flash ps3devwiki.com/index.php?title=Dev_Tools#dump_EID0.sh)

dump_EID0.sh

This script will dump your EID0.

Code:

echo Dumping EID0
ps3dm_iim /dev/ps3dmproxy get_data 0x0 > EID0.bin

dump_EID4.sh

This script will dump your EID4.

Code:

echo Dumping EID4
ps3dm_iim /dev/ps3dmproxy get_data 0x4 > EID4.bin

get_EID0_size.sh

This script will get the size of your EID0.

Code:

echo EID0 size:
ps3dm_iim /dev/ps3dmproxy get_data_size 0x0

get_EID4_size.sh

This script will get the size of your EID4.

Code:

echo EID4 size:
ps3dm_iim /dev/ps3dmproxy get_data_size 0x4

get_metldr_size.sh

This script will get the size of metldr.

Code:

echo metldr size:
ps3dm_iim /dev/ps3dmproxy get_data_size 0x1000

nor_dump.sh

Code:

echo Dumping nor
dd if=/dev/ps3nflasha of=nor.bin

dump_ram.sh

This script will dump your ram.

Code:

echo Dumping ram
dd if=/dev/ps3ram of=ps3ram.bin

dump_vram.sh

This script will dump your vram.

Code:

echo Dumping vram
dd if=/dev/ps3vram of=ps3vram.bin

spp_verifier.self
default.spp
and obviously appldr-metldrexploit350.self from the files

4. ps3tools: ps3devwiki.com/index.php?title=Dev_Tools#fail0VERFLOW (to unpack your nor and the ofw ie norunpack and pupunpack)

http://git-hacks.com/ps3free/ps3tools
unself_gnpdrm.c source & unself_gnpdrm.exe Win32 compile : unself_gnpdrm.rar

5. latest gitbrew linux kernel
6. a desire to quit whining and complaining and get off your rear.
7. motivation (see prerequisite #6)

Step by Step Instuctions:

You can do this over ssh or on console I prefer ssh because my girlfriend likes to watch tv a lot.

1. ssh into the ps3
2. download the files

Code:

wget [url]http://gotbrew.org/metldr838exploit.tar.gz

3. untar the files

Code:

tar -xvf metldr838exploit.tar.gz

4. enter the directory and compile

Code:

cd metldr838exploit.tar.gz; make

5. run the following commands now:

Code:

insmod ./metldrpwn.ko
cat metldr > /proc/metldrpwn/metldr
cat appldr-metldrexploit350.self > /proc/metldrpwn/mathldr
cat RL_FOR_PROGRAM.img > /proc/metldrpwn/rvkprg
cat eid0 > /proc/metldrpwn/eid0
echo 1 > /proc/metldrpwn/run
cat /proc/metldrpwn/debug

There now you have a dump check it out:

Code:

hd/proc/metldrpwn/dump | less

Now copy the dump somewhere or youll lose it:

Code:

cp /proc/metldrpwn/dump /home/username/

Now you have a copy in your home directory for safe keeping, congrats you've completed about < 10 mins of actual work.

There you go keys are in 0x00 to 0x20 (first 3 lines) So now you get code execution on metldr at the best time possible because your code executes right after metldr copies the root keys from 0x00 to 0x30, which means you get to dump these too. (Although they are hardcoded in metldr's code anyway)

Example:

Code:

erk: #
00000000 66 4d ee 51 65 6f 68 28 38 98 83 ea df ea 90 04 |fM.Qeoh(8.......|
00000010 01 f3 79 09 d6 a6 52 d9 ea 6d ef 04 51 69 ec 7b |..y...R..m..Qi.{|
riv:
00000020 7d 6a 3a e5 37 ba 48 4c fe bd 26 5c f5 b1 28 1f |}j:.7.HL..&\..(.|

The first 2 lines are erk the 3rd is riv and together they are eid0 like captain freakin planet

Btw this does not mean you get 3.60 keys etc or newer games but it will help you get some nifty things to do some new stuff... also please be advised that if you are on 3.60+ you will need to downgrade with a flasher to do this, also if you have a unit that shipped from the factory with the metldr.2 (new metldr) your sol at the moment theres also a nifty program on the dev tools page to turn your hex into key its called hex2key.

hexkey2bin.c (http://pastie.org/pastes/1430104/text)
hex2key.c edit (http://pastie.org/pastes/2834445/text)

oh thanks math
thanks anon leaker
thanks gitbrew and glevand

**mm4dsc** · 11-09-2011

Sony's network services got hacked because Sony ignored the first rule of computer security. Vigilance. They were running old software with known exploits. It doesn't matter how good a "hacker" you are, if you are running old software, it makes it easier for someone, somewhere to break into your system(s).

**lindwurm** · 11-09-2011

Hmmm i think that logic friend

, any corporate need someone with good curriculum vitae to take a strategic position and more important that person is trustworthy. If we talk about hacker, what about china? most of the equipment we have have been made in china,not just because to cut their cost but more important is to avoid being hack and having mass produce of clone.

For sony itself i think that's one of their strategic plan in marketing,they create a gap in their system to make it vulnerable from hacker... Look at their sales after their console being hack,it exceed their market expectation and always become leader in console war.

most importantly they can produce more and more console to the market. They use console hack as an excuse and play a good clean company by using the law to calm the game dev or any of their affiliates. everything just like their stakeholder wants...

**itwalksamongus** · 11-09-2011

mathldr

**young blade** · 11-09-2011

Whahahaha... REALLY!!! This must be the best post I've seen this whole Year!!!