aki el usuario lunuxx de ps3hax explica como hacer el xploit,si alguien lo traduce estaria bien:
ohai ill tell you guys howto use mathldr
(i like to call it that, its kinda catchy)
this is pretty safe
just dont go crazy with it, your only gonna mess your eid up if you attemp to rehash it and flash or attempt in any way to replace your eid
you can decrypt eid with root keys and static keys in the wiki key page
prerequisites:
1. otheros++ with ss patches (yes the ones that cause trophy errors, just update when you wanna play games again and dont complain)
2. linux on your ps3 (im using ubuntu 10.10)
3. a unpacked copy of your flash (which you can obtain by using glevands dumpflash.pkg gitbrew.org/~glevand/ps3/pkgs/dump_flash.pkg) and an unpacked copy of ofw you will need the following files from these:
metldr
isoldr
RL_FOR_PROGRAM.img
EID0 (you will need to split eid from your flash
http://www.ps3devwiki.com/index.php?...s#dump_EID0.sh)
spp_verifier.self
default.spp
and obviously appldr-metldrexploit350.self from the files
3. latest gitbrew linux kernel
4. a desire to quit *****ing and complaining and get off your ass.
5. motivation (see prerequisite #4)
************************************************************************************************************
you can do this over ssh or on console I prefer ssh because my girlfriend likes to watch tv alot.
1. ssh into the ps3
2. download the files
a. wget
http://gotbrew.org/metldr838exploit.tar.gz3. untar the files
a. tar -xvf metldr838exploit.tar.gz
4. enter the directory and compile
a. cd metldr838exploit.tar.gz; make
5 run the following commands now:
insmod ./metldrpwn.ko
cat metldr > /proc/metldrpwn/metldr
cat appldr-metldrexploit350.self > /proc/metldrpwn/mathldr
cat RL_FOR_PROGRAM.img > /proc/metldrpwn/rvkprg
cat eid0 > /proc/metldrpwn/eid0
echo 1 > /proc/metldrpwn/run
cat /proc/metldrpwn/debug
there now you have a dump check it out:
hd /proc/metldrpwn/dump | less
now copy the dump somewhere or youll lose it:
cp /proc/metldrpwn/dump /home/username/
now you have a copy in your home directory for safe keeping
congrats youve completed about < 10 mins of actual work
there you go keys are in 0x00 to 0x20 (first 3 lines)
So now you get code execution on metldr at the best time possible because your code executes right after metldr copies the root keys from 0x00 to 0x30, which means you get to dump these too. (Although they are hardcoded in metldr's code anyway)
example:
erk: #
00000000 66 4d ee 51 65 6f 68 28 38 98 83 ea df ea 90 04 |fM.Qeoh(8.......|
00000010 01 f3 79 09 d6 a6 52 d9 ea 6d ef 04 51 69 ec 7b |..y...R..m..Qi.{|
riv:
00000020 7d 6a 3a e5 37 ba 48 4c fe bd 26 5c f5 b1 28 1f |}j:.7.HL..&\..(.|
the first 2 lines are erk the 3rd is riv
and together they are eid0 like captain ****in planet
btw this does not mean you get 3.60 keys etc or newer games but it will help you get some nifty things to do some new stuff.... also please be advised that if you are on 3.60+ you will need to downgrade with a flasher to do this, also if you have a unit that shipped from the factory with the metldr.2 (new metldr) your sol at the moment
oh thanx math
thanx anon leaker