14w ago - Following up on the
previous Sony PS3 Debug / Test leak, today the PlayStation 3 DEX Firmware 4.30 PUP has surfaced with details below.
Download:
Sony PS3 Debug / Test (DEX) Firmware 4.30 Update /
Sony PS3 Debug / Test (DEX) Firmware 4.30 Update (Mirror) /
Sony PS3 Debug / Test (DEX) Firmware 4.30 Update (Mirror #2) /
Sony PS3 Debug / Test (DEX) Firmware 4.30 Update (Mirror #3) /
dex 4.30 xmb_plugin.30.rar by
DANNY G
Warning: According to PlayStation 3 developer
soniciso as posted
HERE, PS3 CEX to DEX converted units will brick when the OFW 4.30 DEX update is installed so be cautious!
PUP Hashes
MD5: 2B8F823526634F1D04A7F61261EEE850
SHA1: DD96D7D4DA85F0AAB41F7B82D348572B889A39C1
CRC32: BDCAD908
CRC16: 04A1
HMAC_SHA1: 0xF1CA59DB50C7D9B86175B95EBBF1A39D0F1AB3AE
About 4.30 DEX
4.30 DEX: Do *NOT* install this on a converted machine, it will result in a brick. There is a check on eid0(!) in lv1ldr, that will trigger a panic (fun fact: it's impossible to generate the checked data yourself, so no cex2dex without ugly patches anymore).
PUP Information
PUP file information
Package version: 1
Image version: 99999
File count: 9
Header length: 656
Data length: 186813495
PUP file hash : F1CA59DB50C7D9B86175B95EBBF1A39D0F1AB3AE
File 0
Entry id: 0x100
Filename : version.txt
Data offset: 0x290
Data length: 5
File hash : 1E49F1F42C18AC829E29A1CABA8404073A8631FE
File 1
Entry id: 0x101
Filename : license.xml
Data offset: 0x295
Data length: 308970
File hash : 5003EBF1548E8F002545561B74BBF5C470EE92C7
File 2
Entry id: 0x103
Filename : update_flags.txt
Data offset: 0x4B97F
Data length: 5
File hash : 65A0A6DA7FDB7F7A93C50F2439F6D5FE4C55AF74
File 3
Entry id: 0x200
Filename : ps3swu.self
Data offset: 0x4B984
Data length: 5669536
File hash : 401FD78D850CF1EB797A5E4F96FB86BF429E5877
File 4
Entry id: 0x201
Filename : vsh.tar
Data offset: 0x5B3C24
Data length: 10240
File hash : D9B66E0D2845D71A67D76E7907AB06368CE61E08
File 5
Entry id: 0x202
Filename : dots.txt
Data offset: 0x5B6424
Data length: 3
File hash : 1AA4749D0EE0D0AE937FBF73BC4B9ACD352F732A
File 6
Entry id: 0x300
Filename : update_files.tar
Data offset: 0x5B6427
Data length: 175083520
File hash : 884BF69AC877FD054FD3DC92C88AF439FBA32FD6
File 7
Entry id: 0x501
Filename : spkg_hdr.tar
Data offset: 0xACAF427
Data length: 71680
File hash : AA3090A65BBAFFFB306B2FA8EE600C689B6F030F
File 8
Entry id: 0x601
Filename : ps3swu2.self
Data offset: 0xACC0C27
Data length: 5669536
File hash : 1677EC061EDA6AD3D50C12B47599220E931A8552
As always, keep in mind these PUP updates will currently NOT install on a retail PS3, and so they are intended for examination and comparison purposes only.
We have 100% confirmed that running this updater on a retail PS3 will not damage it, however, it will give the following error before the installation completes: The data type is not supported. (8002F029)
587 Comments - Go to Forum Thread »
Hi, new here. Just purchased Kessen III (Vintage) and stumbled across this site while looking for a way to get Samurai Warriors and Samurai Warriors ...
...
Metldrpwn
Dear all,
Many of you may have heard about Metldrpwn which allows to obtain Perconsole Key set.
I bet some of you have not gone for it because of many things to install and do, like linux and etc.
Well, since now, you won't have to do all that, the only thing you will need to have/install is Otheros (Petitboot) and that's it, the image of the FULL LINUX distro with glevand's kernel patches and all is in this tutorial.
So, let me tell what you have to do in order to pwn your metldr and get you perconsole keys faster:
1. Install Petitboot
Only these steps from the orginial glevand's tutorial are needed:
1. Install my latest CFW (gitbrew.org/~glevand/ps3/cfw/)
2. When installation is finished, reboot in Recovery Mode (not the Backup/Restore in XMB) and choose "Restore PS3 System"
3. Now your GameOS should use only the half of your HDD (Currently working on a better approach)
4. Run setup_flash_for_otheros.pkg (gitbrew.org/~glevand/ps3/pkgs/setup_flash_for_otheros.pkg - for all PS3 models)
5. Reboot (It's important to shut down and turn on your PS3)
6. Store dtbImage.ps3.bin (gitbrew.org/~glevand/ps3/petitboot/dtbImage.ps3.bin) on USB drive, plug it in and run install_otheros.pkg (gitbrew.org/~glevand/ps3/pkgs/install_otheros.pkg - NAND owners should use dtbImage.ps3.bin.minimal, rename it to dtbImage.ps3.bin). Try different USB ports if you don't get any beeps.
7. Run boot_otheros.pkg (gitbrew.org/~glevand/ps3/pkgs/boot_otheros.pkg)
8. Run reboot.pkg (gitbrew.org/~glevand/ps3/pkgs/reboot.pkg - use the package, not manually reboot!)
9. You should be in petitboot now.
3.15 stock firmware (OFW) users:
Put petitboot on a memory stick
mkdir -p /media/usbstick/PS3/otheros/
wget http://www.kernel.org/pub/linux/kernel/people/geoff/cell/ps3-petitboot/ps3-petitboot-09.11.30-cui.bld
ren ps3-petitboot-09.11.30-cui.bld otheros.bld
cp ./otheros.bld /media/usbstick/PS3/otheros/otheros.bld
2. Boot Linux
1. Download my distro of Linux (gitbrew.org/~rnd/Linux-2.6.39-Rnd.iso)
2. Unpack in the root of your USB stick/or burn the image to a DVD
3. Plug in your USB/Insert the disc in your PS3 and you should see 2 different boot options, boot the first one
Login details (there are 2 of them, ps3 and root):
Username: root
Password: root
Username: ps3
Password: ps3
If you need to mount a usb stick, I made a dir for that /dev/usb
Here is the mount command:
mount /dev/disk/by-label/NAMEOFYOURUSB /dev/usb/
So now you can access your USB by going here /dev/usb/
3. Metldrpwn part:
Step by Step instuctions
Precompiled metldrpwn : Here (ps3devwiki.com/files/devtools/dump-metldr/metldrpwn.zip)
you can do this over ssh or on console.
Note: don't forget to provide EID0 and RL_FOR_PROGRAM.img if you do manually, instead of the run.sh file where they are commented out
1. ssh into the ps3
2. download the files:
3. untar the files:
4. enter the directory and compile:
5. run the following commands now:
insmod ./metldrpwn.ko
cat metldr > /proc/metldrpwn/metldr
cat appldr-metldrexploit350.self > /proc/metldrpwn/mathldr
cat RL_FOR_PROGRAM.img > /proc/metldrpwn/rvkprg
cat eid0 > /proc/metldrpwn/eid0
echo 1 > /proc/metldrpwn/run
cat /proc/metldrpwn/debug
6. there now you have a dump check it out:
7. now copy the dump somewhere or youll lose it:
now you have a copy in your home directory for safe keeping, congrats you've completed about < 10 mins of actual work.
there you go keys are in 0x00 to 0x20 (first 3 lines)
So now you get code execution on metldr at the best time possible because your code executes right after metldr copies the root keys from 0x00 to 0x30, which means you get to dump these too. (Although they are hardcoded in metldr's code anyway)
example:
00000000 66 4d ee 51 65 6f 68 28 38 98 83 ea df ea 90 04 |fM.Qeoh(8.......| // erk/key
00000010 01 f3 79 09 d6 a6 52 d9 ea 6d ef 04 51 69 ec 7b |..y...R..m..Qi.{| // erk/key
00000020 7d 6a 3a e5 37 ba 48 4c fe bd 26 5c f5 b1 28 1f |}j:.7.HL..&\..(.| // riv
the first 2 lines are erk the 3rd is riv and together they are eid0 root key
btw this does not mean you get 3.60 keys etc or newer games but it will help you get some nifty things to do some new stuff.... also please be advised that if you are on 3.60+ you will need to downgrade with a flasher to do this, also if you have a unit that shipped from the factory with the metldr.2 (new metldr) your sol at the moment theres also a nifty program on the dev tools page (ps3devwiki.com/wiki/Dev_Tools) to turn your hex into key its called hex2key:
hexkey2bin.c: http://pastie.org/1430104
hex2key.c edit: http://pastie.org/2834445
If you have any further questions don't hesitate to contact me,
Sincerely,
Rnd