PS3 [UPDATE] IDPS Dumper (PS3 NAND / NOR ) - 4.81/4.82 OFW Compatible by Team PS3Xploit

Discussion in 'PS3 News' started by STLcardsWS, Nov 11, 2017.

By STLcardsWS on Nov 11, 2017 at 10:41 AM
  1. 6,195
    3,891
    123
    STLcardsWS

    STLcardsWS Administrator

    Joined:
    Sep 18, 2014
    Messages:
    6,195
    Likes Received:
    3,891
    Trophy Points:
    123
    {UPDATE v0.2.3 Released(See tab)}
    Following the official announcement of the PS3Xploit news (4.81 OFW Exploit), the devs behind the project have fulfilled the promises of releasing the IDPS Dumper for OFW 4.81/4.82 as this release is ready for the public. Now there is many more things being worked surrounding the overall project but this IDPS Dumper works on all models of the PS3 (NOR and NAND, note 12 GB EMMC will be supported soon in an updated release) and no reason not to release this tool. Since PS3 firmware 4.70 Sony had blocked flatz IDPS extracting tool (IDPS Stealer) and there has not been a known way to obtain the IDPS on OFW (4.70 +) consoles , but now this tool can now obtain your PS3's ID, which can have various uses, the tool has been confirmed to work on SuperSlim models by the team. . If you have not read the previous details about the PS3Xploit project, then checkout this official thread to get the firsthand information about this ambitious PS3 project.


    capture_0.2.3.jpg
    (UPDATE v0.2.3)


    • UPDATE v0.2.3- IDPS Dumper for 4.82 OFW
      • Added 4.82 Support
      • Removed all extra requirements like JQuery..
      • Removed the need for string relocations to improve the initial memory search process & overall trigger times.

    • UPDATE v0.2.3- IDPS Dumper for 4.81 OFW

      • Removed all extra requirements like JQuery..
      • Removed the need for string relocations to improve the initial memory search process & overall trigger times.



    • UPDATE v0.2.1a- IDPS Dumper for 4.81 OFW

      we have some more exciting news to bring you!! :cheerful:

      We have been working very hard to bring eMMC support for the newest SuperSlims CECH-40xxA, CECH-42xxA , CECH-43xxA and that has happened. :D

      The team would like to present a nice little update to the 4.81 IDPS Dumper now supporting eMMC hardware revision consoles!!

      Please report any issues you have while using this new version on any of the flash types, NAND, NOR, and eMMC.

      Thank You to all :cool:

      v0.2.1a
      • Added eMMC SuperSlim Support (CECH-40xxA, CECH-42xxA , CECH-43xxA)
      • Misc Tweaks To Exploit
      • Small typo on index.html pointed out by @Turranius - Fixed

      How to use this:
      *** MAKE SURE TO RUN AS ADMINISTRATOR ***
      install python to use server.py or another HTTP server of your choosing on both Windows and Linux!​

      On windows - Install any of these optional HTTP servers:

      On linux:
      • install python for your distribution using apt-get, yum, and similar commands.
      • make script executable using "chmod a+x server.py" or "chmod 775 server.py" or "chmod 777 server.py"
      • execute python script using "/usr/bin/python $exploitFolder/server.py" or "./server.py"

      Update
      on Android: (
      instructions from @No0bZiLLa)
      • I can confirm this does work if using an http server on Android. what i did was downloaded the zip (on my phone) and extracted it and then download something like Simple HTTP Server and point the server to the folder that contains index.html. once you do that just reload the server and make a note of what the ip:port is. then just go to ps3, type in ip:port (eg 192.168.2.7:12345) as specified in simple http server and then select the appropriate button for your system.


      Then run (for python):

      • On windows - windows.bat
      • On linux - linux.sh


      Usage Tips:

      1) Try using a LAN connection or a solid WiFi connection during exploitation. A weak signal can cause problems.
      2) If the exploit takes more than 5 minutes to work, reload page, browser, or restart console and try again.
      3) If you are using a LAN connection and experience network issues, make sure all cables to router are in working order.​



    • IDPS Dumper Release (v0.2 - After Leak Release)
      ok....the moment all of you have been waiting for......i assume :cheerful:
      • File: ps3_481_idps_dumper-PS3XPloit.zip
      • MD5 Hash: FFDA70AB2D1677886083F99185C54FE3
      • SHA-256 Hash: 852BDB301753C4F4A7E946188E850D3D325EEAA259B61AE2B5AE31320B2F292B

      enjoy this release from our team :victorious: we will be working hard to add eMMC support as soon as possible!!


      The documentation will be updated as time goes on. There is a readme.txt file included with basic setup and usage instructions.

      Please stay tuned for future tools and releases :D

      and once again, THANK YOU to everyone involved bringing this all together, without all of you, none of this would have happened!!!

      Additional details from @bguerville
      "The idps dumper will create a file on usb000 then beep 3 times & shutdown in all cases, even if flash memory read fails. emmc should not make a difference to this. You will get garbage in idps.bin in that case.

      Js errors with a black page message on ps3 should not happen. If ever it did, just report & in the meantime keep relaunching the exploit. Nobody has had this issue in dozens of tests though.

      And clearing cache or cookies is totally unnecessary with the exploit & the wk js interpreter. Between runs garbage collection will take care of cleaning up what is needed, the job it does is always sufficient".


    It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically....

    So in short, never use the browser or set a homepage you cancel before running the exploit!
    If you need to, set the homepage to 'blank', close the browser then reopen it to start the idps dumper.

    Set-up Steps:
    1. Setup a small Web server on pc or smartphone. The Python http server is not required for most users, it was provided for developers. Since v0.2.3, all other extra requirements have been removed. Don't come to us for explanations about how to run a http server though. Google it.
    2. Extract the files in your http server root folder.
    3. Put a fat32 USB key in port closest to BD Drive (/dev_usb000).
    4. Open the ps3 browser & write the ip address of your server (and the port if not 80).
    5. Run until ps3 beeps & shutdown. The idps should be on your USB drive as idps.bin.
    - Downloads -
    • MD5 Hash: 3c2e1582f52e1002a12ad280f426d0c6
    • SHA-256 Hash: 1c49eabd64275171a60c90f0f06f503b7055f4ff863f87e7960d41464d127443
    • MD5 Hash: 71dd906e585bf470f84f9d4fb10c1f37
    • SHA-256 Hash: d4bffe2b7d08c1dda275590229f86903f1db487e9a78364d6a025c3734cd8f68
     

    Attached Files:

    Last edited: Nov 19, 2017 at 1:25 PM

Comments

Discussion in 'PS3 News' started by STLcardsWS, Nov 11, 2017.

    1. E7ite
      E7ite
      I did. It says install any of the servers, which i installed server.py and i tried the mini one as well. Then it says if on windows, run windows.bat, which after i do, it just pops up for not even a second and goes away. And I know i am supposed to put USB in right-most port, but do i copy anything to the USB or just plug it in?


      Sent from my iPhone using Tapatalk
      esc0rtd3w likes this.
    2. esc0rtd3w
    3. bguerville
      bguerville
      Once & for all. Steps are simple.

      1. Setup a small Web server on pc or smartphone. Python http server provided is not required in particular. Since v0.2.3, all other extra requirements have been removed. Don't come to us for explanations about how to run a http server though. Google it.
      2. Extract the files in your http server root folder.
      3. Put a fat32 USB key in port closest to BD Drive.
      4. Open the ps3 browser & write the ip address of your server (and the port if not 80)
      5. Run until ps3 beeps & shutdown. The idps should be on your USB drive as idps.bin.
      No0bZiLLa, esc0rtd3w and smikk like this.
    4. Turranius
      Turranius
      Little text inconsistency in 0.2.3 .index.html says
      Code:
      Supports OFW and CFW CEX Firmware
      Supports Phat Models Axx/Bxx/Cxx/Exx/Gxx/Hxx/Jxx/Kxx/Lxx/Mxx/Pxx/Qxx
      Supports Slim Models 2xxx/3xxx
      Supports SuperSlim Models 4xxx [eMMC Hardware Revisions Also Now Supported!]
      
      idps_nor.html then says

      Code:
      Supports OFW and CFW CEX Firmware
      Supports Phat Models Hxx/Jxx/Kxx/Lxx/Mxx/Pxx/Qxx
      Supports Slim Models 2xxx/3xxx
      Supports SuperSlim Models 4xxx [Excluding 40xxA/42xxA/43xxA]
      
      Very high prio to correct? Just kidding =)
      Last edited: Nov 15, 2017
      bguerville likes this.
    5. bguerville
      bguerville
      Thanks for flagging the typo up... It will be fixed.
      esc0rtd3w and amaandeep.nz like this.
    6. Turranius
      Turranius
      I found my issue with infinite loops, never beeping!

      Make sure to delete any homepage set in the browser on the PS3!

      Start the browser
      Click triangle, select Tools and "Home Page"
      Go down and select "Use Blank Page" / OK.
      Restart the browser

      Then give it a go. The previous 2 machines I had problems with found the cids within a minute =)

      If this was already written somewhere and I missed it, I'm going to shoot myself. In Hindsight, I should have tested this the first thing I did as it makes perfect sense that you do not want a bunch of crap from the default homepage in memory.
    7. bguerville
      bguerville
      That is actually a very good point you are making & I never thought to ask you...

      It's essential not to flood the memory with junk before running the exploit. The reason for this is that due to javascript core memory usage limitations we are scanning several times a small range of memory (a few Mb) to find some essential data in RAM, if the memory is flooded then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically despite JS garbage collection which should normally have already occurred.

      So in short, never use the browser or set a homepage you cancel before running the exploit!
      If you need to, set the homepage to blank, close the browser then reopen it to start the idps dumper.

      Btw I corrected the typos & re-uploaded the archives. :)
      Last edited: Nov 15, 2017
    8. esc0rtd3w
      esc0rtd3w
      this was done on purpose because it is only showing the compatible current flash type after the button is clicked

      the NOR page is NOT compatible with eMMC and only shows Hxx-4xxx, excluding 3 model variations

      NAND page only shows Axx - Gxx and eMMC page only shows the 3 eMMC models

      also the banner text only shows current running flash type.

      either way is fine, but i thought it flowed together better that way :cool:
      Last edited: Nov 15, 2017
      DeViL303, amaandeep.nz and bitsbubba like this.
    9. Misledz
      Misledz
      Actually in regards to that, I have a superslim CECH4003C 500GB model and no matter how many times I tried with emmc method it never worked, kept getting a idps file but in hex it always showed up as a blank file. Then bitcrush suggested NOR method and in 10 seconds it dumped the idps file, double checked it with HxD and turns out it's a legit dump file and the information checks out when using the idps wiki page.
    10. bguerville
      bguerville
      Maybe you should read the exploit documentation before acting... eMMC models hardware revision is 4xxxA & your console is 4xxxC. eMMC models are 12Gb.
      Sakimotor and esc0rtd3w like this.
    11. amaandeep.nz
      amaandeep.nz
      You have nor lol

      Sent from my SCL-L02 using Tapatalk
      esc0rtd3w likes this.
    12. chris
      chris
      Is it possible to load the webpage from the usb drive itself?
      like point the PS3 browser there or something?
      esc0rtd3w likes this.
    13. amaandeep.nz
      amaandeep.nz
      -LINK REMOVED-

      there have been discussion and noone should use any links that people are serving. it is a security risk and you stand the chance of having your idps copied/stolen or having your console bricked and much more.
      - No0bZiLLa


      Sent from my SCL-L02 using Tapatalk
      Last edited by a moderator: Nov 15, 2017
      esc0rtd3w and chris like this.
    14. bguerville
      bguerville
      You should be extremely careful with hosted exploits. There is no way to tell whether or not a few gadgets may have been added to the ROP chain to steal your data before the ps3 shuts down.
      While it may seem convenient, there is no way to protect yourself from such an attack. You would not even know it had happened.
      Last edited by a moderator: Nov 15, 2017
    15. esc0rtd3w
      esc0rtd3w
      not that i am aware of, and have tested several ways of doing so. the PS3 browser is very restricted in terms of things that you would think SHOULD work lol
      chris likes this.
    16. chris
      chris
      Burned disc maybe?

      EDIT: I have no problem setting up a host, just brainstorming
    17. ranjith
      ranjith
      Use of idps.bin plz tell me bguerville
    18. haznpapo
      haznpapo
      same result
    19. Sakimotor
      Sakimotor
      Run cmd as admin from Windows Menu, then type the following command : "cd C:\*your folder*"

      then, when your directory will be set, just type "windows.bat"
      esc0rtd3w and haznpapo like this.
    20. Furkan_TR
      Furkan_TR
      I did it. 4.81 CFW Super Slim. And gave me the idps.bin file as output. And the size is 16 bytes. is this normal? Interesting to have 16 bytes. Very small. Is this normal?

Share This Page