PS3 NAND Dump Extractor released!

Category: PlayStation 3 & PSN News By: CJPC - (ps3news.com)
Tags: ps3 firmware nand dump self encrypted mainman extractor

281w ago - Tonight mainman has released the PS3 NAND Dump Extractor/Unpacker that has been in the works for awhile!

Download: PS3 NAND Dump Extractor

It comes with a Windows and Linux binary as well as source code, and those without an Infectus Mod can still experiment with it using the following 'dumpable dumps' files (via PS3 Infectus) available in iRC EFnet #PS3News when merged:

samsungk9f1g08uoa_a-_www.PS3News.com_.rar [54.2 MB (56,925,643 bytes)]

samsungk9f1g08uoa_b_usb-_www.PS3News.com_.rar [54.4 MB (57,066,577 bytes)]

From the ReadMe file: This tool is used to interleave, then byteswaps both dumps of the PS3 NAND. Upon completion, it creates a 'user readable' file.

This file is then scanned by the tool, and the flash files are extracted to a folder. This folder is named PS3Nand-XXX.XXXX, where XXX.XXXX is the SDK Version magic in the flash (usually the version number of the firmware)

.B .A usually works, however in some cases .A .B order is required.

Please post any feedback in our PlayStation 3 Dev Chat Forum HERE!

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

27 Comments - Go to Forum Thread »

#27 - ggparallel - 281w ago

Originally Posted by CJPC

Its a marker, not put there by us, but by Sony. It was there in our original dumps, we think its some sort of flag to mark the start of the data below it. However at the moment it is just a hypothesis.

Also, yes some of those files are encrypted (even more than a SELF), makes it a bit more secure!

It's also a fixed position in different dumps , and few after you have the FS descriptor and the files ( relocated ). As CJPC told files are encrypted on NAND so don't expect to find ( apart few parts ) clear text or a lot of strings.

My iphotesys , ad speculation , is that PS3 search for that fixed address during the boot process , it is still not clear to me if the code loaded during the ringbus configuration on cell resides on NAND or on another chip ( the toshiba thing. ) and at which stage this fixed address is used.

#26 - CJPC - 281w ago

Originally Posted by einzwei

at offset 03F80010 in merged NAND file I found this: 000000000FACE0FF00000000DEADBEEF ---- FACE0FF and DEADBEEF constants.

What is it? is it some mark leaved by owner of dumped PS3? (securing identifiable personal data presumably?) or is it some constants leaved by $ony developers?

Please, clear this question in order not to give a false leads to people who makes research

#25 - einzwei - 281w ago

Originally Posted by gladiac

lol, very nice find

. I think it looks the same on my machine as an your's (but it does not look bad to me) -> That is what I did:

What do you mean by that? Have you dumped your own NAND? or did you download it from the internet?

#24 - gladiac - 281w ago

Originally Posted by einzwei

lol, very nice find

. I think it looks the same on my machine as an your's (but it does not look bad to me) -> That is what I did:

gladiac@savvy:~/Downloads/ps3nandex/PS3_NAND_Dump_Extractor$ ./nandextract ../nand_dump/samsungk9f1g08uoa_b_usb.bin ../nand_dump/samsungk9f1g08uoa_a.bin out
Tool by mainman, assisted by PS3News.com Developers
Start Interleaving
Output file is present on filesystem.. skipping interleave
Interleaving done.
Start Loader function
nandfs_header FILES: num files 19 - unknown e0ff6f00
Press any key to continue
File: creserved_0 size: 262144 offset 0x000003a0
File: sdk_version size: 8 offset 0x000403a0
File: lv1ldr size: 146228 offset 0x00040400
File: lv2ldr size: 113204 offset 0x00063f80
File: isoldr size: 82292 offset 0x0007fa00
File: appldr size: 129368 offset 0x00093b80
File: default.spp size: 7456 offset 0x000b34d8
File: lv0 size: 291608 offset 0x000b5200
File: lv1.self size: 1449416 offset 0x000fc580
File: lv2_kernel.self size: 1546016 offset 0x0025e348
File: spu_pkg_rvk_verifier.self size: 107548 offset 0x003d7a68
File: spu_token_processor.self size: 46940 offset 0x003f1e84
File: sc_iso.self size: 142776 offset 0x003fd5e0
File: aim_spu_module.self size: 39528 offset 0x00420398
File: spp_verifier.self size: 61388 offset 0x00429e00
File: mc_iso_spu_module.self size: 61520 offset 0x00438dcc
File: me_iso_spu_module.self size: 71932 offset 0x00447e1c
File: sv_iso_spu_module.self size: 101560 offset 0x00459718
File: sb_iso_spu_module.self size: 52888 offset 0x004723d0

SDK Version: 150.000
+ (0x009403c0) dumped :creserved_0
+ (0x009803c0) dumped :sdk_version
+ (0x00980420) dumped :lv1ldr
+ (0x009a3fa0) dumped :lv2ldr
+ (0x009bfa20) dumped :isoldr
+ (0x009d3ba0) dumped :appldr
+ (0x009f34f8) dumped :default.spp
+ (0x009f5220) dumped :lv0
+ (0x00a3c5a0) dumped :lv1.self
+ (0x00b9e368) dumped :lv2_kernel.self
+ (0x00d17a88) dumped :spu_pkg_rvk_verifier.self
+ (0x00d31ea4) dumped :spu_token_processor.self
+ (0x00d3d600) dumped :sc_iso.self
+ (0x00d603b8) dumped :aim_spu_module.self
+ (0x00d69e20) dumped :spp_verifier.self
+ (0x00d78dec) dumped :mc_iso_spu_module.self
+ (0x00d87e3c) dumped :me_iso_spu_module.self
+ (0x00d99738) dumped :sv_iso_spu_module.self
+ (0x00db23f0) dumped :sb_iso_spu_module.self

And this is what I got:

gladiac@savvy:~/Downloads/ps3nandex/PS3_NAND_Dump_Extractor/PS3Nand-150.000$ ls -la
total 4704
drwxr-xr-x 2 gladiac gladiac 4096 2008-01-01 14:34 .
drwxr-xr-x 3 gladiac gladiac 4096 2008-01-01 14:34 ..
-rw-r--r-- 1 gladiac gladiac 39528 2008-01-01 14:34 aim_spu_module.self
-rw-r--r-- 1 gladiac gladiac 129368 2008-01-01 14:34 appldr
-rw-r--r-- 1 gladiac gladiac 262144 2008-01-01 14:34 creserved_0
-rw-r--r-- 1 gladiac gladiac 7456 2008-01-01 14:34 default.spp
-rw-r--r-- 1 gladiac gladiac 82292 2008-01-01 14:34 isoldr
-rw-r--r-- 1 gladiac gladiac 291608 2008-01-01 14:34 lv0
-rw-r--r-- 1 gladiac gladiac 146228 2008-01-01 14:34 lv1ldr
-rw-r--r-- 1 gladiac gladiac 1449416 2008-01-01 14:34 lv1.self
-rw-r--r-- 1 gladiac gladiac 1546016 2008-01-01 14:34 lv2_kernel.self
-rw-r--r-- 1 gladiac gladiac 113204 2008-01-01 14:34 lv2ldr
-rw-r--r-- 1 gladiac gladiac 61520 2008-01-01 14:34 mc_iso_spu_module.self
-rw-r--r-- 1 gladiac gladiac 71932 2008-01-01 14:34 me_iso_spu_module.self
-rw-r--r-- 1 gladiac gladiac 52888 2008-01-01 14:34 sb_iso_spu_module.self
-rw-r--r-- 1 gladiac gladiac 142776 2008-01-01 14:34 sc_iso.self
-rw-r--r-- 1 gladiac gladiac 8 2008-01-01 14:34 sdk_version
-rw-r--r-- 1 gladiac gladiac 61388 2008-01-01 14:34 spp_verifier.self
-rw-r--r-- 1 gladiac gladiac 107548 2008-01-01 14:34 spu_pkg_rvk_verifier.self
-rw-r--r-- 1 gladiac gladiac 46940 2008-01-01 14:34 spu_token_processor.self
-rw-r--r-- 1 gladiac gladiac 101560 2008-01-01 14:34 sv_iso_spu_module.self

creserved_0 (filled up with FF)
isoldr (SCE in header)
lv1ldr (SCE in header)
lv1.self (filled up with FF until 0x83A40 followed by 00 until 0xC3A40 again followed by FF until 0x103A60 followed by crap)
lv2ldr (SCE in header)
sdk_version (has the version information of the dump)

All the .self files seem to be encrypted or something. So far, this looks good to me, but I'm not a professional so I can also be wrong.

cheers

#23 - einzwei - 281w ago

Page 1 of 6 12 3 4 5 6 ›LAST »

Related PS3 News and PS3 CFW Hacks or JailBreak Articles

• NIS America Announces Mugen Souls Officially Hits PSN Tuesday
• Black Ops II Uprising Out Today: Mob of the Dead, 4 New Maps
• Ratchet & Clank: Full Frontal Assault Updates from Insomniac Games
• Hands on with The Last of Us on PlayStation 3: Whatever It Takes
• Remember Me: New Art, Interactive Journal and Director PS3 Q&A
• Atomic Ninjas Storm PS3 and PlayStation Vita Later This Year

PlayStation 3 Links
• Contact Us E-Mail
• PS3 Affiliates
• PS3 CFW & MFW
• PS3 Debug Firmware
• PS3 Decrypted PSN Links for CFW
• PS3 Downloads
• PS3 EBOOT.BIN Original File Links
• PS3 Firmware
• PS3 Game Releases List
• PS3 Guides & Tutorials
• PS3 Hacking Guides and Tutorials
• PS3 Hacks & JailBreak
• PS3 Help & Support
• PS3 JailBreak Game Compatibility List
• PS3 JB2 / True Blue (TB) Game Links
• PS3 multiMAN Updates
• PS3 News Forums
• PS3 News Site FAQ
• PS3 News Site Advertising FAQ
• PS3 News Site Posting FAQ
• PS3 News Site Privacy FAQ
• PS3 News Site Rules
• PS3 News Site Tag Cloud
• PS3 News Site Terms
• PS3 Resources
• PS3 Reviews
• PS3 Save Files Repository
• PS3 Themes
• PS3 Trophies List
• PS3 Videos
• PS Vita Trophies List

PlayStation 3 News Discussions

a little help recqired plzzz - 55s ago

there will be no change in ur game, my means y will not lose any game or save data , only cfw will change in ur ps3 console , but ya u should have cfw...

By Yrathore with

1 Comment »

Introductions: Hello Everyone, I'm New at PS3News.com! - 6m ago

new user here ..

...

By wacko1234 with

6985 Comments »

a little help recqired plzzz - 2h ago

i am on 3.55 cfw and want to go to 4.4cfw , if i do so will my backed up games on my ps3's hard dive will be lost/deleted or will it be retained ? plz...

By mughal1990 with

1 Comment »

PS3 Fan Control Utility v0.3 for 4.31 and 4.40 CFW CEX is Released - 3h ago

There's no such thing as DREX firmware, D-REX is REX but installable on DEX firmware. Once you install D-REX, you end up on REX. So this sentence s...

By mschumacher69 with

18 Comments »

Latest PlayStation 3 Trophies