PS3 PS3 4.81 IDPS Dumper eMMC (Only for 12Gb models) Testing and Research Area

Discussion in 'PS3 Jailbreaks / CFW' started by esc0rtd3w, Nov 12, 2017.

Thread Status:
Not open for further replies.
  1. 230
    553
    103
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    230
    Likes Received:
    553
    Trophy Points:
    103
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    ATTENTION:
    We now have a SuperSlim 4201A To Test Privately and No Longer Need Public Dumps For Now. If This Changes, This Thread or Another Will Be Opened!

    Thank You To All Who Already Submitted Dumps :D

    UPDATE: v0.2.1 Released:
    http://www.psx-place.com/threads/up...-4-81-ofw-compatible-by-team-ps3xploit.15398/



    Original Thread:
    We have started doing the initial research for testing eMMC models. We are looking for people willing to spend a little time testing various device ids until we find the correct one.If you have one of these 12Gb models below running on emmc, then you can test for us!!

    CECH-40xxA
    CECH-42xxA
    CECH-43xxA

    ** THE CONSOLE MODEL MUST HAVE AN "A" AT THE END TO QUALIFY **[
    thanks @kozarovv

    The 1st 7 bytes of a real IDPS will be this: 00 00 00 01 00 8X 00 <-- Country

    16 bytes & 256kb Tests Currently Available!

    idpsDumper.png

    • Please post your results here so we have a better idea of how to progress.

      Try looking for strings that have JavaScript or HTML in them to verify where the data is coming from; ie userland or other memory areas. You can also look for other known strings found in flash. If the data is not your IDPS (see above example) then feel free to post it. If you are unsure about the data, you may PM one of us and we can safely look at it, if you would like.

      When finished, check the 1st 2 bytes of the idps.bin file in a hex editor, and if they are FD7E or garbage data, then the test FAILED!

      The 1st 7 bytes of a real IDPS will be this: 00 00 00 01 00 8X 00 <-- Country

      The test may not finish and freeze. If this happens, select a different button and try again.

      You may also report the test not working at all or other strange things that may happen!

      These tests are read-only, so no damage can be done to the console :eek:

      ** removed **

      The tests will be updated as things are discovered!

      Thank You to all the testers :D


    Related Articles to the PS3Xploit Project:
     
    Last edited by a moderator: Nov 13, 2017
  2. 31
    22
    8
    shadowpractice3

    shadowpractice3 Member

    Joined:
    Nov 11, 2017
    Messages:
    31
    Likes Received:
    22
    Trophy Points:
    8
    Will test : CECH4004

    0x1000000000000001 = Still working, always restarting POC.
     
    Last edited: Nov 12, 2017
    esc0rtd3w likes this.
  3. 5,514
    3,359
    123
    kozarovv

    kozarovv Super Moderator

    Joined:
    Nov 8, 2014
    Messages:
    5,514
    Likes Received:
    3,359
    Trophy Points:
    123
    Home Page:
    Full PS3 model code is important here. So if you post result make sure you add last character (A,B, or C) after CECH-4XXX. An this test is for owners of 4XXX series consoles with A at the end.

    You can test it on other ps3 only if previous version resulted in IDPS started with: FD7E
    In any other cases there is no need to try this version.

    Summary: TEST Version only for:
    • CECH-40xxA
    • CECH-42xxA
    • CECH-43xxA
     
  4. 31
    22
    8
    shadowpractice3

    shadowpractice3 Member

    Joined:
    Nov 11, 2017
    Messages:
    31
    Likes Received:
    22
    Trophy Points:
    8
    CECH-4304A. Forgot the 3.
     
    Amaan Khan, DeViL303 and esc0rtd3w like this.
  5. 31
    22
    8
    shadowpractice3

    shadowpractice3 Member

    Joined:
    Nov 11, 2017
    Messages:
    31
    Likes Received:
    22
    Trophy Points:
    8
    0x01000000000002 = Same as the first one
    0x01000000000003 and 0x010000000000004 are the same as the first one.
     
    Last edited: Nov 12, 2017
    esc0rtd3w likes this.
  6. 230
    553
    103
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    230
    Likes Received:
    553
    Trophy Points:
    103
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    you can put them all in one post :-p
    And same as first one is not a good way to describe it, just tell us FAIL if first 2 bytes are FD7E or PASS if it isn't.
     
    Amaan Khan likes this.
  7. 9
    6
    3
    EmojiFX

    EmojiFX New Member

    Joined:
    Nov 12, 2017
    Messages:
    9
    Likes Received:
    6
    Trophy Points:
    3
    Gender:
    Male
    Restart your PS3 and your server, then start both up and fill the Server adress and port in your web browser. For me first i waited 20 mins but now if i do it it takes 30-60 seconds.
     
    esc0rtd3w likes this.
  8. 3
    7
    3
    t3hl34d3r

    t3hl34d3r New Member

    Joined:
    Nov 12, 2017
    Messages:
    3
    Likes Received:
    7
    Trophy Points:
    3
    Gender:
    Male
    cech-4004a TEST1:
    1st button (0x1000000000000001) dump: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    2nd button(0x01000000000002) dump: 00 00 00 63 00 72 00 00 00 3B 00 00 00 00 00 00
    3rd button(0x01000000000003) dump: 00 1A 00 00 00 00 00 00 00 00 00 00 00 02 00 00
    4th button(0x010000000000004) dump: 0B 44 00 00 00 05 40 00 00 01 03 84 D8 F8 00 00
    5th button(0x010000000000005) dump: 00 3B 00 20 00 6A 00 51 00 75 00 65 00 72 00 79
    6th button(0x010000000000006) dump: 00 33 00 31 00 20 00 47 00 4D 00 54 00 61 00 00
    7th button(0x010000000000009) dump: 00 00 FF FF FF FE 00 00 00 00 FF FF FF FE 80 48
    8th button(0x010000000000010) dump: ED 60 80 1D D6 78 00 00 00 00 80 2E 36 50 00 00
    9th button(0x010300000000000) dump: 00 00 00 00 00 02 00 00 00 00 80 40 03 B0 00 00
    10th button(0x101000000000010) dump: 00 00 80 1A 27 E8 80 31 77 C0 00 00 00 00 00 00

    DONE! Hope It helps! Thank you esc0rtd3w and the others in the team!
     
    Last edited: Nov 12, 2017
  9. 31
    22
    8
    shadowpractice3

    shadowpractice3 Member

    Joined:
    Nov 11, 2017
    Messages:
    31
    Likes Received:
    22
    Trophy Points:
    8
    Well I already did and nothing happens. I'm using XAMPP with Apache.
     
    esc0rtd3w likes this.
  10. 31
    22
    8
    shadowpractice3

    shadowpractice3 Member

    Joined:
    Nov 11, 2017
    Messages:
    31
    Likes Received:
    22
    Trophy Points:
    8
    When I say this, it means that I couldn't make one file. It always says "Restarting POC. Please wait"
     
    esc0rtd3w likes this.
  11. 230
    553
    103
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    230
    Likes Received:
    553
    Trophy Points:
    103
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    this is based on same code as original dumper and will loop accordingly until finished or freeze! :D

    we are working on a 256k test here shortly to try out.....hang tight!! :onthego:
     
  12. 31
    22
    8
    shadowpractice3

    shadowpractice3 Member

    Joined:
    Nov 11, 2017
    Messages:
    31
    Likes Received:
    22
    Trophy Points:
    8
    Oh well haha, you know what ? I've retried the first test I've made, and at one moment it said something other than Restarting POC and then it did the same thing as before.
     
    esc0rtd3w likes this.
  13. 31
    22
    8
    shadowpractice3

    shadowpractice3 Member

    Joined:
    Nov 11, 2017
    Messages:
    31
    Likes Received:
    22
    Trophy Points:
    8
    Damn you have a lot of results right there.
     
  14. 3
    7
    3
    t3hl34d3r

    t3hl34d3r New Member

    Joined:
    Nov 12, 2017
    Messages:
    3
    Likes Received:
    7
    Trophy Points:
    3
    Gender:
    Male
    Just trying to help :)
     
    esc0rtd3w likes this.
  15. 31
    22
    8
    shadowpractice3

    shadowpractice3 Member

    Joined:
    Nov 11, 2017
    Messages:
    31
    Likes Received:
    22
    Trophy Points:
    8
    Here's what I had @esc0rtd3w

    /Debug?dbg=Found+usb_fp_rosdump+at%3A+0x802c2ee2
    /Debug?dbg=0x802c2ee2+was+added+to+used_offsets+array
    /Debug?dbg=Searching+memory+range+for+gadgets+string+offset....
    /Debug?dbg=Restarting+POC...+Please+wait...

    And there we go again.
     
  16. 31
    22
    8
    shadowpractice3

    shadowpractice3 Member

    Joined:
    Nov 11, 2017
    Messages:
    31
    Likes Received:
    22
    Trophy Points:
    8
    Yeah that's really good at least you have results xD mine is still running.
     
    esc0rtd3w likes this.
  17. 3
    7
    3
    t3hl34d3r

    t3hl34d3r New Member

    Joined:
    Nov 12, 2017
    Messages:
    3
    Likes Received:
    7
    Trophy Points:
    3
    Gender:
    Male
    Dont worry, its not a race :D The more info the devs have the better (I guess)
     
    esc0rtd3w likes this.
  18. 230
    553
    103
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    230
    Likes Received:
    553
    Trophy Points:
    103
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    for all testers:

    The 1st 7 bytes of a real IDPS will be this: 00 00 00 01 00 8X 00 <-- Country

    Try looking for strings that have JavaScript or HTML in them to verify where the data is coming from; ie userland or other memory areas. You can also look for other known strings found in flash. If the data is not your IDPS (see above example) then feel free to post it. If you are unsure about the data, you may PM one of us and we can safely look at it, if you would like.

    Additional tests have also been posted for 16 bytes and 256kb <-- filename for 16 bytes file is mis-labled as kb

    Thank You :welcoming:
     
    Last edited: Nov 12, 2017
    dasinking and DeViL303 like this.
  19. 31
    22
    8
    shadowpractice3

    shadowpractice3 Member

    Joined:
    Nov 11, 2017
    Messages:
    31
    Likes Received:
    22
    Trophy Points:
    8
    7th one does not seems good.
    1st button also.
    The 9th one however is pretty interesting. 003B0
     
    esc0rtd3w likes this.
  20. 31
    22
    8
    shadowpractice3

    shadowpractice3 Member

    Joined:
    Nov 11, 2017
    Messages:
    31
    Likes Received:
    22
    Trophy Points:
    8
    2nd file from esc0rt : Might have a good thing.

    The second one linked gave me a lot of "Found usb_ropdump" for the first button : 0x010000000001

    Found+usb_fp_rosdump+at a lot of addresses.
     
    Last edited by a moderator: Nov 12, 2017
Thread Status:
Not open for further replies.

Share This Page