PSX-SCENE Forum Discussion for Sony PlayStation/PsOne/PS2/PS3/PSP/PS VITA

  • Naehrwert Releases PS3 Dump Rootkey Code

      
    by
    Tranced
    Published on 07-22-2012 11:40 PM
    48 Comments Comments
    Following his Quick CoreOS Image Tool then his eEID Cryptography discussion PlayStation 3 developer naehrwert has released PS3 Dump_Rootkey code together with a little "how to" for those of you wanting to get your PS3's eid root key without installing Linux on your PS3.


    About dump_rootkey - 2012 by naehrwert:
    From the README - How to:
    1. Install asbestos_ldr.g.pkg on your PS3 (a firmware with lv2 peek/poke is required to run it).
    2. Compile the client (make sure PS3HOST in main.cpp points to your PS3).
    3. Make sure you got your metldr in './data' as 'metldr'.
    4. A prebuilt 'dumper' is included in './data' (dumper.elf and build.bat is included too if you want to change parameters).
    5. Start asbestos_ldr on your PS3.
    6. Start the client on your PC.
    7. Unicorns!
    From @naehrwert via pastie
    Code:
    [INFO] Connecting...ok.
[INFO] Ping...ok.
[INFO] VAS ID = 0x000000000000000b
[INFO] map_lpar_memory_region(data): res = 0
[INFO] Copying files out...done.
[INFO] Constructing SPE...done. (res = 0)
[INFO] priv2   0x00004c00016e0000
[INFO] problem 0x00004c00016c0000
[INFO] LS      0x00004c0001680000
[INFO] shadow  0x000030000002e000
[INFO] ID      0x0000000000000002
[INFO] Setting up SPE...done.
[INFO] map_lpar_memory_region(shadow) : res = 0
[INFO] map_lpar_memory_region(problem) : res = 0
[INFO] map_lpar_memory_region(priv2) : res = 0
[INFO] map_lpar_memory_region(ls) : res = 0
[INFO] set_spe_privilege_state_area_1_register: res = 0
[INFO] Starting SPE in isolation mode...done.
[INFO] Interrupt status (2, application) = 0000000000000010
[INFO] -> SPU mailbox threshold interrupt
[INFO] Interrupt status (2, application) = 0000000000000011
[INFO] -> SPU mailbox threshold interrupt
[INFO] -> mailbox interrupt
[INFO] Mailbox value = 1
[INFO] -> Dumper loaded.
[INFO] Transferring eid_root_key to buffer...finished.
[INFO] Dumping eid_root_key...done.
[INFO] SPU status = 0x00000081
[INFO] Destructing spe...done.
[INFO] Press any key to exit...
    You will need to compile the client yourself using MS Visual C++ since it needs your PS3's IP address. That is until someone wants to create a EXE that prompts for your IP.

    Download: Dump_Rootkey

    Source: @naehrwert

    PSX-SCENE: The Pinnacle Scene Xenocracy
    Categories:
    1. Custom Firmware
    2. PS3 Apps
    3. PS3 Jailbreak
    4. Downgrading
    5. PS3 Dev
    Tags : naehrwert, ps3, ps3 cex to dex, ps3 cex2dex, ps3 cfw, ps3 dump rootkey, ps3 eid rootkey, ps3 hacks
    Comments 48 Comments
    1. RUT Dark Ronin's Avatar
      RUT Dark Ronin - 07-23-2012, 01:09 PM
      vronz, metldrpwn is not involved, as you can see. This method is completely different. AsbestOS gains you access to almost anything inside PS3, but meanwhile we haven't it to work under 3.55, just for 3.41. Either way, it needs to be ported fully, not just loader.
    1. Tranced's Avatar
      Tranced - 07-23-2012, 01:13 PM
      My previous post suggests this ^^ not fully perhaps but a step closer
    1. vronz's Avatar
      vronz - 07-23-2012, 01:39 PM
      if it's working on 3.41 then that's not an issue, because QA flagging 3.55 allows to downgrade to 3.41 and that's quite more easy than installing Linux. however, what still bugs me is that in "metldrpwn" exploit instructions it's said if you have firmware lower than 3.55 you need to update to 3.55, because the exploit is expecting such firmware. so, the whole solution just doesn't add up, i.e. "metldrpwn" exploit works on 3.55 only and Asbestos loader on 3.41 only. so, i'm very confused now. i guess we all are waiting on input from developers.
    1. kAs1m's Avatar
      kAs1m - 07-23-2012, 01:51 PM
      Quote Originally Posted by vronz View Post
      if it's working on 3.41 then that's not an issue, because QA flagging 3.55 allows to downgrade to 3.41 and that's quite more easy than installing Linux. however, what still bugs me is that in "metldrpwn" exploit instructions it's said if you have firmware lower than 3.55 you need to update to 3.55, because the exploit is expecting such firmware. so, the whole solution just doesn't add up, i.e. "metldrpwn" exploit works on 3.55 only and Asbestos loader on 3.41 only. so, i'm very confused now. i guess we all are waiting on input from developers.
      It's not metldrpwn, Naehrwert method uses different exploit.
    1. vronz's Avatar
      vronz - 07-23-2012, 02:45 PM
      Quote Originally Posted by kAs1m View Post
      It's not metldrpwn, Naehrwert method uses different exploit.
      i see, it seems i got it wrong, in any case i'm still waiting for 3rd party confirmations that naehrwert method is working.
    1. Cody Hake's Avatar
      Cody Hake - 07-23-2012, 03:41 PM
      Using Rebug 3.41.3, the asbestos_ldr pkg does not want to install. Gives me 80029564 error. Is Rebug missing a patch I need?
    1. aihooo4444's Avatar
      aihooo4444 - 07-23-2012, 04:07 PM
      Quote Originally Posted by Cody Hake View Post
      Using Rebug 3.41.3, the asbestos_ldr pkg does not want to install. Gives me 80029564 error. Is Rebug missing a patch I need?
      Same problem if anyone figures this out let me no or do i need to be on a different 3.41 cfw
    1. Cody Hake's Avatar
      Cody Hake - 07-23-2012, 04:25 PM
      I remade the package with a little fiddling into a debug package, it installs now.

      Now that the client can see my ps3 ill make my dump and extract metldr to see if i have any errors and report back.
    1. kAs1m's Avatar
      kAs1m - 07-23-2012, 04:31 PM
      How to check if there is some errors in dump? Is there any way to verify the key?
      PS
      And what to do next, after i'll get the key? Should i just convert my CEX flash dump to DEX using c2d.exe and decrypted key *.bin?
    1. aihooo4444's Avatar
      aihooo4444 - 07-23-2012, 04:59 PM
      Quote Originally Posted by Cody Hake View Post
      I remade the package with a little fiddling into a debug package, it installs now.

      Now that the client can see my ps3 ill make my dump and extract metldr to see if i have any errors and report back.
      hey can you send it to me my email is aihooo444 at yahoo
    1. Cody Hake's Avatar
      Cody Hake - 07-23-2012, 05:14 PM
      Successfully dumped eid0 using this. CEX 2 DEX by GUNNER54 successfully converted cex dump to dex. prepairing to flash. will write back soon.


      Quote Originally Posted by aihooo4444 View Post
      hey can you send it to me my email is aihooo444 at yahoo
      If flashing goes as planned I will repackage it and upload it so anyone having this issue can work around using Linux.
    1. kAs1m's Avatar
      kAs1m - 07-23-2012, 05:37 PM
      Quote Originally Posted by Cody Hake View Post
      Successfully dumped eid0 using this. CEX 2 DEX by GUNNER54 successfully converted cex dump to dex. prepairing to flash. will write back soon.




      If flashing goes as planned I will repackage it and upload it so anyone having this issue can work around using Linux.
      I hope everything will be fine. Can you share your experience of converting via new method? Maybe you could write some guide, if you will have time?
    1. Cody Hake's Avatar
      Cody Hake - 07-23-2012, 05:59 PM
      All went well, I made another backup using jaicrab to compare to the dex flash made by GUNNER54's program. They match, so writing worked fine.

      I will write a small tutorial, that avoids petitboot and linux shortly.

      !!!USE AT YOUR OWN RISK. I AM NOT LIABLE FOR ANY BRICKS USING MY PKG!!!

      Naehrwert's original PKG: asbestos_ldr g pkg
      My PKG: asbestos_ldr pkg

      I have sent the link to a mod, as I am not able to post links yet.
    1. aihooo4444's Avatar
      aihooo4444 - 07-23-2012, 06:06 PM
      Quote Originally Posted by Cody Hake View Post
      All went well, I made another backup using jaicrab to compare to the dex flash made by GUNNER54's program. They match, so writing worked fine.

      I will write a small tutorial, that avoids petitboot and linux shortly.

      !!!USE AT YOUR OWN RISK. I AM NOT LIABLE FOR ANY BRICKS USING MY PKG!!!

      Naehrwert's original PKG: asbestos_ldr g pkg
      My PKG: asbestos_ldr pkg

      I have sent the link to a mod, as I am not able to post links yet.
      can send one to my email
    1. Cody Hake's Avatar
      Cody Hake - 07-23-2012, 06:14 PM
      I have sent you the rar file which includes the edited package. The tutorial is not done.

      Edit: PsDev has the basic lowdown on using this on Page 1 comments. Using the Tutorial that's been posted already for CEX2DEX on NAND and his information should get you going on the right track with a little bit of thought.
    1. aihooo4444's Avatar
      aihooo4444 - 07-23-2012, 06:51 PM
      Quote Originally Posted by Cody Hake View Post
      I have sent you the rar file which includes the edited package. The tutorial is not done.

      Edit: PsDev has the basic lowdown on using this on Page 1 comments. Using the Tutorial that's been posted already for CEX2DEX on NAND and his information should get you going on the right track with a little bit of thought.
      freezing on after connecting to ip ok will not ping
    1. Cody Hake's Avatar
      Cody Hake - 07-23-2012, 07:06 PM
      Using 3.41.3 Rebug?
    1. aihooo4444's Avatar
      aihooo4444 - 07-23-2012, 07:18 PM
      figured it out cant be connected with wireless
    1. Cody Hake's Avatar
      Cody Hake - 07-23-2012, 07:19 PM
      Ah, yea that'll do it. Wired connections only folks.
    1. Freesty's Avatar
      Freesty - 07-24-2012, 04:07 AM
      This don`t work for me, or i doing something wrong.
      can somebody write step by step what i need to do on PC.
      i have connected directly pc with ps3 with cable and have settings on pc:10.1.1.1
      and on ps3 10.1.1.2. is this correct?
    Page 2 of 3 FirstFirst 1 2 3 LastLast

  • Daily Digest


    Want to receive the latest PSX info in your email?

    Sign up for our Daily Digest!


    Want to learn more about the team keeping you up to date with the latest scene news?

    Read about them now!

    Check out our Developer bios, too!

  • Recent Threads

    uaeboss616

    help me with turn off automatically:(

    Thread Starter: uaeboss616

    hello guys my problem is my ps3 turn off automatically after i downgrade my ps3 by e3 flasher and jailbroken my ps3 turn on 10 sec then turn off automatically

    Last Post By: uaeboss616 Today, 04:15 AM Go to last post
    nova89

    Is it possible on ps3 add a radio station ?

    Thread Starter: nova89

    So I'm bored of the eflc sound track since massive b was removed I now only listen to electro choc and ever since gta iv was released I wanted msx fm

    Last Post By: nova89 Today, 02:13 AM Go to last post
    arsenal553

    CXD2973GB Heatspreader

    Thread Starter: arsenal553

    Hello everyone,

    I have a launch model PS3 i got for a bargain because the owner said it overheated every 3 min. He was right so i decided

    Last Post By: arsenal553 Today, 01:44 AM Go to last post
    pelvicthrustman

    PS2 Controller Remapper

    Thread Starter: pelvicthrustman


    PS2 Controller Remapper




    PS2 Controller Remapper is a tool designed to arbitrarily remap a PS2 game's controls

    Last Post By: pelvicthrustman Yesterday, 10:05 PM Go to last post
    lordsnipe

    Free MC Boot 1.8b - 75004 PAL - Black Screen

    Thread Starter: lordsnipe

    Hi all,

    I'm new to this Free MC Boot, but have come across an issue that hopefully someone can help out with.

    I have two PS2s

    Last Post By: SP193 Today, 12:40 AM Go to last post
    DaBOSS54320

    Tutorial for using E3 flasher without limited edition.

    Thread Starter: DaBOSS54320

    I have necessary items to use the flasher, however tutorials i found used the limited edition, with the station thing you put your hard drive into. i

    Last Post By: froid_san Today, 01:19 AM Go to last post

  • Recent Comments

    bitsbubba

    {Guide} Install multiMAN Themes via a PKG File

    me neither really, isn't this a step backwards, I thought thm was a package file. why switch thm to... Go to last post

    bitsbubba Today 02:47 AM
    tnh531

    Fan Control Utility v1.7 Relased CFW 4.41 Supported!!

    Can anyone help, which setting is best for my phat ps3. i am a little confuse about the modes. Go to last post

    tnh531 Today 12:52 AM
    condorstrike

    {Guide} Install multiMAN Themes via a PKG File

    also, that was one of the tricks I used, to make Solar run by itself on a timer without user input... Go to last post

    condorstrike Yesterday 11:57 PM
    STLcardsWS

    {Guide} Install multiMAN Themes via a PKG File

    BahumatLord
    That what i usually use.

    Yea my bad its not the eboot, but there are requirements.... Go to last post

    STLcardsWS Yesterday 11:57 PM
    condorstrike

    {Guide} Install multiMAN Themes via a PKG File

    I've been doing this for years, no... Eboots are not needed, I always did my stuff manually in... Go to last post

    condorstrike Yesterday 11:52 PM
    makaveli07

    PSChannel v1.10 Released - Added Language Support

    so i finally figured out that i had to get it signed for 4.40 rogero and after doing that it is... Go to last post

    makaveli07 Yesterday 11:48 PM
    BahumatLord

    {Guide} Install multiMAN Themes via a PKG File

    EBOOTs aren't needed to make a pkg. You should never include an eboot unless you need to replace... Go to last post

    BahumatLord Yesterday 11:47 PM
    makaveli07

    Fan Control Utility v1.7 Relased CFW 4.41 Supported!!

    hey guys my ps3 Phat LED changed yellow is that normal what does it indicate ? the CPU temp is... Go to last post

    makaveli07 Yesterday 11:44 PM
    STLcardsWS

    {Guide} Install multiMAN Themes via a PKG File

    condorstrike

    Wont the Package fail to make if no eboot is present? Or are there tools im over... Go to last post

    STLcardsWS Yesterday 11:43 PM
    condorstrike

    {Guide} Install multiMAN Themes via a PKG File

    ic :), also that's the reason I never used Eboots on these types of Pkgs, there's no need for it. ;) Go to last post

    condorstrike Yesterday 09:58 PM