Post: How to dump the lv0
Options
12-05-2011, 04:23 AM
#1
Xx--AIDAN--xX
One Man Army
the bootldr holds the lv0 yes, the lv0 encapsulate the other ldrs (lv1, lv2, appldr, rvkldr, isoldr, ect.); sense 3.56^. But usually the chain of trust would go like metldr>other ldrs, and the metldr would run the loaders. But after 3.55 the lv0 has been copy the ldrs to the Ram then they are given to the metldr to exucute with out ever being held by the metldr. Now if you use a kernal module you can map out the ps3 real memory Using hardware you can dump Ram. By dumping the ram your getting a decrypted version of lv0 with all the ldrs in it. And you got keys.
Concept in boot order.
Cell INIT-> get encrypted bootldr off NAND/NOR flash, then the Ram will Initialises. This is when it will load the bootldr into a isolated spu, secure boot will decrypt the bootldr and verifies and executes. Now this is where the magic happens. Now the bootldr will decrypt the lv0 and it will get copy to the Ram (With loaders) before the Ram will run the loaders to the metldr
The metldr will always have to boot the ldrs too cause it is per console encrypted sony cant go change that out of no where.
source You must login or register to view this content.
The following user thanked Xx--AIDAN--xX for this useful post:
The following 2 users groaned at Xx--AIDAN--xX for this awful post:
The following 2 users say thank you to ichris26 for this useful post:
12-05-2011, 05:01 AM
#5
jr3277
Banned
lol okay I know just about enough to hurt myself, simple file mods like make say a 1.07 game update say its a 1.13 or ad someone else mod file that they worked hard on in a game i did do that vsh spoof when it came out like 5 months ago but I keep it simple and let the pros handle the hard stuff. If you want to know how to build an 11s car I am you man lol
12-05-2011, 12:18 PM
#6
SirBlazeAlot
I ROCK like a fossil
Originally posted by xX
First i will be explaining this in a way anyone with basic PS3 knowledge will be able to understand, lets get started.(hehe)
the bootldr holds the lv0 yes, the lv0 encapsulate the other ldrs (lv1, lv2, appldr, rvkldr, isoldr, ect.); sense 3.56^. But usually the chain of trust would go like metldr>other ldrs, and the metldr would run the loaders. But after 3.55 the lv0 has been copy the ldrs to the Ram then they are given to the metldr to exucute with out ever being held by the metldr. Now if you use a kernal module you can map out the ps3 real memory Using hardware you can dump Ram. By dumping the ram your getting a decrypted version of lv0 with all the ldrs in it. And you got keys.
Concept in boot order.
Cell INIT-> get encrypted bootldr off NAND/NOR flash, then the Ram will Initialises. This is when it will load the bootldr into a isolated spu, secure boot will decrypt the bootldr and verifies and executes. Now this is where the magic happens. Now the bootldr will decrypt the lv0 and it will get copy to the Ram (With loaders) before the Ram will run the loaders to the metldr
The metldr will always have to boot the ldrs too cause it is per console encrypted sony cant go change that out of no where.
source You must login or register to view this content.
the bootldr holds the lv0 yes, the lv0 encapsulate the other ldrs (lv1, lv2, appldr, rvkldr, isoldr, ect.); sense 3.56^. But usually the chain of trust would go like metldr>other ldrs, and the metldr would run the loaders. But after 3.55 the lv0 has been copy the ldrs to the Ram then they are given to the metldr to exucute with out ever being held by the metldr. Now if you use a kernal module you can map out the ps3 real memory Using hardware you can dump Ram. By dumping the ram your getting a decrypted version of lv0 with all the ldrs in it. And you got keys.
Concept in boot order.
Cell INIT-> get encrypted bootldr off NAND/NOR flash, then the Ram will Initialises. This is when it will load the bootldr into a isolated spu, secure boot will decrypt the bootldr and verifies and executes. Now this is where the magic happens. Now the bootldr will decrypt the lv0 and it will get copy to the Ram (With loaders) before the Ram will run the loaders to the metldr
The metldr will always have to boot the ldrs too cause it is per console encrypted sony cant go change that out of no where.
source You must login or register to view this content.
First of all: You have no idea whatsoever what the FUC.K your talking about. So next time, before posting something that has already been posted, just to try to get rep/thanks: Just do us ALL the favor and...
Stop:
Fill the bathtub
Get in
Drop radio in water while plugged in
we ALL PROFIT
The following user thanked SirBlazeAlot for this useful post:
12-05-2011, 03:02 PM
#7
jr3277
Banned
Originally posted by SirBlazeAlot
First of all: You have no idea whatsoever what the FUC.K your talking about. So next time, before posting something that has already been posted, just to try to get rep/thanks: Just do us ALL the favor and...
Stop:
Fill the bathtub
Get in
Drop radio in water while plugged in
we ALL PROFIT[/QUOTE lol
Stop:
Fill the bathtub
Get in
Drop radio in water while plugged in
we ALL PROFIT
[/QUOTE lol
The following 2 users say thank you to #Robert G. III for this useful post:
12-05-2011, 09:16 PM
#9
SirBlazeAlot
I ROCK like a fossil
12-05-2011, 11:58 PM
#10
Alexis Rhodes
#get rekt
Originally posted by xX
First i will be explaining this in a way anyone with basic PS3 knowledge will be able to understand, lets get started.(hehe)
the bootldr holds the lv0 yes, the lv0 encapsulate the other ldrs (lv1, lv2, appldr, rvkldr, isoldr, ect.); sense 3.56^. But usually the chain of trust would go like metldr>other ldrs, and the metldr would run the loaders. But after 3.55 the lv0 has been copy the ldrs to the Ram then they are given to the metldr to exucute with out ever being held by the metldr. Now if you use a kernal module you can map out the ps3 real memory Using hardware you can dump Ram. By dumping the ram your getting a decrypted version of lv0 with all the ldrs in it. And you got keys.
Concept in boot order.
Cell INIT-> get encrypted bootldr off NAND/NOR flash, then the Ram will Initialises. This is when it will load the bootldr into a isolated spu, secure boot will decrypt the bootldr and verifies and executes. Now this is where the magic happens. Now the bootldr will decrypt the lv0 and it will get copy to the Ram (With loaders) before the Ram will run the loaders to the metldr
The metldr will always have to boot the ldrs too cause it is per console encrypted sony cant go change that out of no where.
source You must login or register to view this content.
the bootldr holds the lv0 yes, the lv0 encapsulate the other ldrs (lv1, lv2, appldr, rvkldr, isoldr, ect.); sense 3.56^. But usually the chain of trust would go like metldr>other ldrs, and the metldr would run the loaders. But after 3.55 the lv0 has been copy the ldrs to the Ram then they are given to the metldr to exucute with out ever being held by the metldr. Now if you use a kernal module you can map out the ps3 real memory Using hardware you can dump Ram. By dumping the ram your getting a decrypted version of lv0 with all the ldrs in it. And you got keys.
Concept in boot order.
Cell INIT-> get encrypted bootldr off NAND/NOR flash, then the Ram will Initialises. This is when it will load the bootldr into a isolated spu, secure boot will decrypt the bootldr and verifies and executes. Now this is where the magic happens. Now the bootldr will decrypt the lv0 and it will get copy to the Ram (With loaders) before the Ram will run the loaders to the metldr
The metldr will always have to boot the ldrs too cause it is per console encrypted sony cant go change that out of no where.
source You must login or register to view this content.
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
