[Tutorial] How To Dump The bootldr By JuanNadie

October 27, 2012

No one in their right mind can question JuanNadie‘s dedication to the PS3 scene, im sure 90% of the scene have used his tools and been very glad of them, unfortunately some recent events in the scene have questioned JuanNadie‘s reasons to want to stay in the scene and sadly he has decided to leave, but he has left this parting gift:

DUMPING THE BOOTLDR

As you know the bootldr is one of the two loaders that are signed per console and it was the only part of the system that haven’t been hacked.

Once you load it the same way as metldr (via SigNotify) it would start requesting different addresses that we don’t control. You can take a look on my user page to the dma sequence that it produces.

As you see it access a lot of different addresses and we don’t have control of any of them so the first objective was to control the input/output.

The sandbox:

The objective was to redirect the flows of data to our controlled buffers so we know what is written or read. To achieve that a driver was created.

This driver performs two fu………

To read the full article visit JuanNadies thread here:
How to dump the bootldr

I want to personally thanks Juannadie for everything he has done in the scene and wish him well in whatever he does in the future, i hope you all do the same.

Tweet this!Tweet this!

Previous post:

Next post: