PS3 PS3 4.81 IDPS Dumper eMMC (Only for 12Gb models) Testing and Research Area

Status
Not open for further replies.
shadowpractice3 said:
Here's what I had @esc0rtd3w

/Debug?dbg=Found+usb_fp_rosdump+at%3A+0x802c2ee2
/Debug?dbg=0x802c2ee2+was+added+to+used_offsets+array
/Debug?dbg=Searching+memory+range+for+gadgets+string+offset....
/Debug?dbg=Restarting+POC...+Please+wait...

And there we go again.
Click to expand...
normal...no need to post it :)

maybe ease up on the multiple posts!! i know its from excitement!! but its cool to put all your thoughts together in a single or maybe 2 posts after some minutes have passed and other replies have been made.
 
t3hl34d3r said:
cech-4004a TEST1:
1st button (0x1000000000000001) dump: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2nd button(0x01000000000002) dump: 00 00 00 63 00 72 00 00 00 3B 00 00 00 00 00 00
3rd button(0x01000000000003) dump: 00 1A 00 00 00 00 00 00 00 00 00 00 00 02 00 00
4th button(0x010000000000004) dump: 0B 44 00 00 00 05 40 00 00 01 03 84 D8 F8 00 00
5th button(0x010000000000005) dump: 00 3B 00 20 00 6A 00 51 00 75 00 65 00 72 00 79
6th button(0x010000000000006) dump: 00 33 00 31 00 20 00 47 00 4D 00 54 00 61 00 00
7th button(0x010000000000009) dump: 00 00 FF FF FF FE 00 00 00 00 FF FF FF FE 80 48
8th button(0x010000000000010) dump: ED 60 80 1D D6 78 00 00 00 00 80 2E 36 50 00 00
9th button(0x010300000000000) dump: 00 00 00 00 00 02 00 00 00 00 80 40 03 B0 00 00
10th button(0x101000000000010) dump: 00 00 80 1A 27 E8 80 31 77 C0 00 00 00 00 00 00

DONE! Hope It helps! Thank you esc0rtd3w and the others in the team!
Click to expand...

Please try again with the 256kb dumper.
In particular test 1 which looks like the most promising of the bunch so far.. Flash should begin with some 00s.. But try them all, there might have been a mistake in esc0rtd3w's file the first time round. I hope he checked this time. Lol

Don't post all your results because if it works your idps could be in there.. Just check the data, it should contain strings of some CoreOS files etc...
You are also likely to find FACE00F & DEADBEEF strings as well.
 
Last edited:
bguerville said:
Please try again with the 256kb dumper.
In particular test 1 which looks like the most promising of the bunch so far.. Flash should begin with some 00s.. But try them all, there might have been a mistake in esc0rtd3w's file the first time round. I hope he checked this time. Lol
Click to expand...
indeed i had some issues with putting the correct size on the 2nd 16 byte test filename, haha. :D

to clear things up a bit

the actual files and sizes should be the correct ones.

original post has also been updated with this information.
 
Last edited:
esc0rtd3w said:
normal...no need to post it :)

maybe ease up on the multiple posts!! i know its from excitement!! but its cool to put all your thoughts together in a single or maybe 2 posts after some minutes have passed and other replies have been made.
Click to expand...

Oh yes sorry xD. Well now I can only wait since i only see "USB dump found" and then nothing happens.
Cannot use the server.py since I have Python3...

I have nothing yet...
 
esc0rtd3w said:
you can put them all in one post :-p
And same as first one is not a good way to describe it, just tell us FAIL if first 2 bytes are FD7E or PASS if it isn't.
Click to expand...
Can You tell what is the use of this IDPS dumper please reply I'm new in here and don't know what these tools do and Want to jailbreak my ps3 superslim 4.81 12gb model 4208A
 
Amaan Khan said:
So can u tell me what is the use of IDPS
Click to expand...
see the PSDevWiki here

basically says this

zGVgszX.png



The actual uses of the IDPS are various and range from logging into PSN network (please no PSID hate mail :-p we all know the drill), unbanning a console, to using it for licensing , etc........and maybe new uses will be found for it :cool:
 
Last edited:
192.168.0.** - - [12/Nov/2017 22:51:48] code 400, message Bad HTTP/0.9 request type ("\x16\x03\x01\x007\x01\x00\x003\x03\x01Z\x08\xc2r!'Oz\xb1\xc2P\x83\x17]\x1d\x11\xecj\xfd\x19\xa9&\xc8\x1c\x08\x9d\x1f\xba\xea\xbc)\x82\x00\x00")
192.168.0.** - - [12/Nov/2017 22:51:48] " 7 3┬r!'Oz▒┬Pâ]ýj²®&╚Ø║Û╝)é 5 / " 400 -

This is what I have with Python...
 
@kozarovv I have seen that but even then I briefly looked through exploit.js and didn't find a 4.81 specific part so I still wanted to try it out.
Also until 4.81 exploiting offers more than a certain something that only works until 4.66 I'd rather not lose that just for maybe getting my idps.
 
I have a 4301A I can test tomorrow evening after I drive to Florida, it has a 300GB hardrive put in after I bought it, should I take it out so it uses the 12GB flash memory
 
LittleStinky said:
@kozarovv I have seen that but even then I briefly looked through exploit.js and didn't find a 4.81 specific part so I still wanted to try it out.
Also until 4.81 exploiting offers more than a certain something that only works until 4.66 I'd rather not lose that just for maybe getting my idps.
Click to expand...
You might not need this exploit to get your idps, try idpstealer it should work on 4.66 I think.

To get the exploit to work on 4.66 is not very difficult, there are 10 offsets to change in the js strings. It would take about 30/45mn to do.
But I don't intend to do it at this stage sorry. When the time comes for proper release (Q1 2018), we will be looking at making a multi fw version.
 
@bguerville
The Problem is I formatted my PS3 once for injection and lost my account this way, spoofing to latest firmware could result in a ban so I would rather not do that.
Thanks for the reply anyway.
 
Last edited:
Status
Not open for further replies.

Similar threads

Back
Top