PS3 [UPDATE] - PS3Xploit NOR Dumper - New Ports for lower OFW (4.21/4.41/4.45/4.46 & More)

The NOR Dumper was released alongside the NOR / NAND Flash Writer, which for understandable reason got the bulk of the attention ,but a tool to dump the NOR Flash is always handy and can also be for console's on lower firmware's as well. This release shown by team ps3xploit's @esc0rtd3w are ports to various OFW so far as of writing (4.21 / 4.41 / 4.45) have been ported to go along with the 4.82/4.81 NOR Dumper. For most PS3 User's this will not interest you / be of any use for you. If you have to ask, then its nothing you will be needing. ​

-STLcardsWS​

Release Details

• 
  
  * ALL OF THESE ARE READ-ONLY *
  
  These are going to be USELESS to most people, as it is basically only for those who want a NOR Flash Dump of their current OFW without upgrading the firmware.​
  
  
  These are all going to be based off the v1.0 Dumper as a Base.
  
  Original Dumper and Writer Thread Here
  
  Supports All 4.xx OFW
  [ 4.00, 4.10, 4.11, 4.20, 4.21, 4.25, 4.30, 4.31, 4.40, 4.41, 4.45, 4.46 ]
  [ 4.50, 4.53, 4.55, 4.60, 4.65, 4.66, 4.70, 4.75, 4.76, 4.78, 4.80, 4.81, 4.82 ]
  
  ​
  We have posted some ports to other firmware versions for the NOR Dumper Tool.
  
  Every release is tested on its corresponding Official Firmware and all notes are posted below.
  
  If anyone has any issues, please report them here. Thank You
  
  
  Sample From 4.81 CEX (For Advanced Users Only)
  For anyone that wants to make their own ports, you can refer to this for an example of what to look for in IDA or other debugging tools. For a more detailed gadget list for 4.81 CEX, see here and for a short video demonstration click here. Also, if anyone is interested in finishing the 3.xx chains, please see this.
  
  TOC: 0x6F5520 <-- set in r2
  

  gadget1: seg001:000D9684 sc <-- lands here to make syscall
  gadget1: seg001:000D9688 ld r0, 0x80+arg_10(r1) <-- search for this in IDA (easier to find)
  gadget2: seg001:00097604 mr r1, r11 <-- initial stack control
  gadget3: seg001:0060E59C lwz r11, 0xC0+var_4C(r1) <-- set params
  gadget4: seg001:0019D3B0 ld r3, 0xA0+var_20(r1) <-- set params
  gadget5: seg001:0042C774 lwz r3, 0(r31) <-- syscall made after here
  gadget6: seg001:00423B14 bl _Export_stdc_fopen <-- usb dump actions
  gadget7: seg001:00627BF8 addi r9, r1, 0xB0+var_40 <-- set params
  gadget8: seg001:000C5234 li r4, 0xA <-- init shutdown request

  
  
  
  Update - New Video‏ (by @esc0rtd3w)
  [PS3 Debugging/ROP] Porting PS3Xploit NOR Dumper Chain To Lower Firmware
  
  
  

The Files (For All Users)
* 4.00 uses a non-webkit User Agent string (bypassed) and will return JS error most times. Gadget offsets are correct.
* 4.4x/4.50 dumps tested ok, but had to host at a private server to get past 80710092 and 80710541 errors.
* 4.53/4.55/4.6x displays 80710102 error when trying to run local, and above errors when ran remote.

* Please Check Dumps After Complete To Make Sure Not All 00's *

Multi FW Version (Supports All 4.xx In One Tool)

4.xx Multi OFW Port: NOR_dumper_release_1.0__Multi_4.xx-PS3Xploit.zip
MD5 Hash: E6D5C6581C39914326A9A211BB217D12


Single FW Versions:

4.00 OFW Port: NOR_dumper_release_1.0__4.00_OFW_ONLY-PS3Xploit.zip *see notes*
MD5 Hash: FFECAFD9EC4698466E13D12F1DE2C183

4.10 OFW Port: NOR_dumper_release_1.0__4.10_OFW_ONLY-PS3Xploit.zip
MD5 Hash: 47FFC95F728D99AF02551E52B0EB9B42

4.11 OFW Port: NOR_dumper_release_1.0__4.11_OFW_ONLY-PS3Xploit.zip
MD5 Hash: F5C0FD17548543C7694F434509405B95

4.20 OFW Port: NOR_dumper_release_1.0__4.20_OFW_ONLY-PS3Xploit.zip
MD5 Hash: B9ECCE0A96DEF2EA66B74C0800526229

4.21 OFW Port: NOR_dumper_release_1.0__4.21_OFW_ONLY-PS3Xploit.zip
MD5 Hash: 2B3912AAEB47C3D6D6B0FC9AE2E8E9D0

4.25 OFW Port: NOR_dumper_release_1.0__4.25_OFW_ONLY-PS3Xploit.zip
MD5 Hash: 9C462179637E0DCC74DA7B5D7ADA7298

4.30 OFW Port: NOR_dumper_release_1.0__4.30_OFW_ONLY-PS3Xploit.zip
MD5 Hash: 1EBE5B039DF766E69F6A5994D7FFC246

4.31 OFW Port: NOR_dumper_release_1.0__4.31_OFW_ONLY-PS3Xploit.zip
MD5 Hash: 503945089BF252553ADB61828F844BC6

4.40 OFW Port: NOR_dumper_release_1.0__4.40_OFW_ONLY-PS3Xploit.zip
MD5 Hash: B277BFCB6292557BB6D6DB808461642A

4.41 OFW Port: NOR_dumper_release_1.0__4.41_OFW_ONLY-PS3Xploit.zip
MD5 Hash: 77F9DBEEC3E849D91A84F436AAE9AE39

4.45 OFW Port: NOR_dumper_release_1.0__4.45_OFW_ONLY-PS3Xploit.zip
MD5 Hash: A5D65C62B8C906DFE44CA536D9767EA2

4.46 OFW Port: NOR_dumper_release_1.0__4.46_OFW_ONLY-PS3Xploit.zip
MD5 Hash: 0D10C9CEE01CD40BC9931AB5FC244949

4.50 OFW Port: NOR_dumper_release_1.0__4.50_OFW_ONLY-PS3Xploit.zip
MD5 Hash: EB202FD65A9B91A5FB9716D36E48DB80

4.53 OFW Port: NOR_dumper_release_1.0__4.53_OFW_ONLY-PS3Xploit.zip
MD5 Hash: E866BACBA9FC1501CFD3CF926B013607

4.55 OFW Port: NOR_dumper_release_1.0__4.55_OFW_ONLY-PS3Xploit.zip
MD5 Hash: 3012A56985352BD2B892CD6AD9D9D5E4

4.60 OFW Port: NOR_dumper_release_1.0__4.60_OFW_ONLY-PS3Xploit.zip
MD5 Hash: 099BA1AA41ABCD63D07016AD34F445B5

4.65 OFW Port: NOR_dumper_release_1.0__4.65_OFW_ONLY-PS3Xploit.zip
MD5 Hash: 670335EEF5586C7AAF4D672853784263

4.66 OFW Port: NOR_dumper_release_1.0__4.66_OFW_ONLY-PS3Xploit.zip
MD5 Hash: 856596111B5DC11CDE5F30B419AB28F3

4.70 OFW Port: NOR_dumper_release_1.0__4.70_OFW_ONLY-PS3Xploit.zip
MD5 Hash: DBAFDD5E66DCC3099F1FCE6F8C31E96F

4.75 OFW Port: NOR_dumper_release_1.0__4.75_OFW_ONLY-PS3Xploit.zip
MD5 Hash: 500976B9054FCCBD8F26B0F3C7B3FB5C

4.76 OFW Port: NOR_dumper_release_1.0__4.76_OFW_ONLY-PS3Xploit.zip
MD5 Hash: 9E1EB1F5349A498A472876414B084B13

4.78 OFW Port: NOR_dumper_release_1.0__4.78_OFW_ONLY-PS3Xploit.zip
MD5 Hash: 3EB9C05F32237FCFBDCBF0436E2EF2FB

4.80 OFW Port: NOR_dumper_release_1.0__4.80_OFW_ONLY-PS3Xploit.zip
MD5 Hash: A799E0DCC3C86353722598F2C4B1C3B1

 

There is also an idps dumper available if you don't want to search in the 16Mb dump...

to anyone trying to get dump info.
I found an old program called dumpstatistics ran the dump got all console info.

 

Hello guys.
ahmmmp i am a newbie here.
i just wanted to ask if i ever how to jailbreak an 3.56 + version of PS3 ?
like superslim or Late Slim Models?

 

Hello guys.
ahmmmp i am a newbie here.
i just wanted to ask if i ever how to jailbreak an 3.56 + version of PS3 ?
like superslim or Late Slim Models?

You cannot jailbreak your console for the moment as there is no existing jailbreak solution for 3xxx or 4xxx models.

Maybe in the future, you need to wait... If you don't want to wait, get an earlier ps3 console model..

And btw your post is off topic here, this is a flash dumper thread... Next time, please create your own thread or post in an existing thread which topic matches your question.

 

just asking ... hmmm how to use dumper?
and what is the use for 3xxx?

 

just asking ... hmmm how to use dumper?
and what is the use for 3xxx?

It may change but currently its only real use on 3xxx is to get the per console ids such as idps, console id etc...
Whether it's of use to you in particular I cannot say...

 

i have cech 3012A but i don't know what to do with this ps3.
hmmm can we chat in private?

 

i have cech 3012A but i don't know what to do with this ps3.
hmmm can we chat in private?

There is nothing you can really do on 3xxx except use the 4.70 injection hack to play backups or install a Cobra ODE hardware kit. Check the appropriate threads for info about it.
If you have more questions create your own thread please.
Sorry but we can't chat in private...

 

i have questions. find my post thanks