PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

385w ago - Tonight mainman has released the PS3 NAND Dump Extractor/Unpacker that has been in the works for awhile!

Download: PS3 NAND Dump Extractor

It comes with a Windows and Linux binary as well as source code, and those without an Infectus Mod can still experiment with it using the following 'dumpable dumps' files (via PS3 Infectus) available in iRC EFnet #PS3News when merged:

samsungk9f1g08uoa_a-_www.PS3News.com_.rar [54.2 MB (56,925,643 bytes)]

samsungk9f1g08uoa_b_usb-_www.PS3News.com_.rar [54.4 MB (57,066,577 bytes)]

From the ReadMe file: This tool is used to interleave, then byteswaps both dumps of the PS3 NAND. Upon completion, it creates a 'user readable' file.

This file is then scanned by the tool, and the flash files are extracted to a folder. This folder is named PS3Nand-XXX.XXXX, where XXX.XXXX is the SDK Version magic in the flash (usually the version number of the firmware)

.B .A usually works, however in some cases .A .B order is required.

Please post any feedback in our PlayStation 3 Dev Chat Forum HERE!


Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew PS4 Downloads.




#27 - ggparallel - 385w ago
ggparallel's Avatar
Quote Originally Posted by CJPC View Post
Its a marker, not put there by us, but by Sony. It was there in our original dumps, we think its some sort of flag to mark the start of the data below it. However at the moment it is just a hypothesis.

Also, yes some of those files are encrypted (even more than a SELF), makes it a bit more secure!

It's also a fixed position in different dumps , and few after you have the FS descriptor and the files ( relocated ). As CJPC told files are encrypted on NAND so don't expect to find ( apart few parts ) clear text or a lot of strings.

My iphotesys , ad speculation , is that PS3 search for that fixed address during the boot process , it is still not clear to me if the code loaded during the ringbus configuration on cell resides on NAND or on another chip ( the toshiba thing. ) and at which stage this fixed address is used.

#26 - CJPC - 385w ago
CJPC's Avatar
Quote Originally Posted by einzwei View Post
at offset 03F80010 in merged NAND file I found this: 000000000FACE0FF00000000DEADBEEF ---- FACE0FF and DEADBEEF constants.

What is it? is it some mark leaved by owner of dumped PS3? (securing identifiable personal data presumably?) or is it some constants leaved by $ony developers?

Please, clear this question in order not to give a false leads to people who makes research


Its a marker, not put there by us, but by Sony. It was there in our original dumps, we think its some sort of flag to mark the start of the data below it. However at the moment it is just a hypothesis.

Also, yes some of those files are encrypted (even more than a SELF), makes it a bit more secure!

#25 - einzwei - 385w ago
einzwei's Avatar
Quote Originally Posted by gladiac View Post
lol, very nice find . I think it looks the same on my machine as an your's (but it does not look bad to me) -> That is what I did:

What do you mean by that? Have you dumped your own NAND? or did you download it from the internet?

#24 - gladiac - 385w ago
gladiac's Avatar
Quote Originally Posted by einzwei View Post
at offset 03F80010 in merged NAND file I found this: 000000000FACE0FF00000000DEADBEEF ---- FACE0FF and DEADBEEF constants.

What is it? is it some mark leaved by owner of dumped PS3? (securing identifiable personal data presumably?) or is it some constants leaved by $ony developers?

Please, clear this question in order not to give a false leads to people who makes research

lol, very nice find . I think it looks the same on my machine as an your's (but it does not look bad to me) -> That is what I did:


[Register or Login to view code]



And this is what I got:

[Register or Login to view code]




[Register or Login to view code]


All the .self files seem to be encrypted or something. So far, this looks good to me, but I'm not a professional so I can also be wrong.

cheers

#23 - einzwei - 385w ago
einzwei's Avatar
at offset 03F80010 in merged NAND file I found this: 000000000FACE0FF00000000DEADBEEF ---- FACE0FF and DEADBEEF constants.

What is it? is it some mark leaved by owner of dumped PS3? (securing identifiable personal data presumably?) or is it some constants leaved by $ony developers?

Please, clear this question in order not to give a false leads to people who makes research

#22 - einzwei - 385w ago
einzwei's Avatar
Ha ha, I see now :^) There is a comment in source file:
"until now, the correct file extracted are:

+ (0x009403c0) dumped :creserved_0

+ (0x009803c0) dumped :sdk_version

+ (0x00980420) dumped :lv1ldr

+ (0x009a3fa0) dumped :lv2ldr


maybe "+ (0x009bfa20) dumped :isoldr" is 'trunked'


others are not valid because they aren't stored sequencially

from my hardcoded FILESDATA_OFFSET.

To guess where they are now we need more forensics work."

So, we have to figure out correct offsets ourselves! That's an interesting thing to accomplish! Besides, there is a chance to understand something about why there are some files at (seemingly) correct places and why there are others

#21 - DaDemon - 386w ago
DaDemon's Avatar
Hey all, I've been looking into some things going on with my Ps3 lately and have found some weird crashes happening on my ps3. Don't worry not here to complain.

I'm here to offer my Playstation up for running code and such. I've been on the IRC channels for a few months and have talked to some of the scene members and such and have been talking and am currently with a group just running different things on the playstation trying to find some little things that make the playstation tick.

If anyone has anything they want me to try out just let me know because I'm doing stuff by my self currently trying to learn as much as i can and if anyone wants me to try something out let me know.

#20 - einzwei - 386w ago
einzwei's Avatar
Like I said earlier - I use those dumps released here. Also I use a windows version of program.

Here is what i do:
D:\>ps3nandex.exe samsungk9f1g08uoa_b_usb.bin samsungk9f1g08uoa_a.bin zzzout
and here is the output:
Tool by mainman, assisted by PS3News.com Developers
Start Interleaving
Interleaving done.
Start Loader function
nandfs_header FILES: num files 19 - unknown e0ff6f00
Press any key to continueFile: creserved_0 size: 262144 offset 0x000003a0
File: sdk_version size: 8 offset 0x000403a0
File: lv1ldr size: 146228 offset 0x00040400
File: lv2ldr size: 113204 offset 0x00063f80
File: isoldr size: 82292 offset 0x0007fa00
File: appldr size: 129368 offset 0x00093b80
File: default.spp size: 7456 offset 0x000b34d8
File: lv0 size: 291608 offset 0x000b5200
File: lv1.self size: 1449416 offset 0x000fc580
File: lv2_kernel.self size: 1546016 offset 0x0025e348
File: spu_pkg_rvk_verifier.self size: 107548 offset 0x003d7a68
File: spu_token_processor.self size: 46940 offset 0x003f1e84
File: sc_iso.self size: 142776 offset 0x003fd5e0
File: aim_spu_module.self size: 39528 offset 0x00420398
File: spp_verifier.self size: 61388 offset 0x00429e00
File: mc_iso_spu_module.self size: 61520 offset 0x00438dcc
File: me_iso_spu_module.self size: 71932 offset 0x00447e1c
File: sv_iso_spu_module.self size: 101560 offset 0x00459718
File: sb_iso_spu_module.self size: 52888 offset 0x004723d0

SDK Version: 150.000
+ (0x009403c0) dumped :creserved_0
+ (0x009803c0) dumped :sdk_version
+ (0x00980420) dumped :lv1ldr
+ (0x009a3fa0) dumped :lv2ldr
+ (0x009bfa20) dumped :isoldr
+ (0x009d3ba0) dumped :appldr
+ (0x009f34f8) dumped :default.spp
+ (0x009f5220) dumped :lv0
+ (0x00a3c5a0) dumped :lv1.self
+ (0x00b9e368) dumped :lv2_kernel.self
+ (0x00d17a88) dumped :spu_pkg_rvk_verifier.self
+ (0x00d31ea4) dumped :spu_token_processor.self
+ (0x00d3d600) dumped :sc_iso.self
+ (0x00d603b8) dumped :aim_spu_module.self
+ (0x00d69e20) dumped :spp_verifier.self
+ (0x00d78dec) dumped :mc_iso_spu_module.self
+ (0x00d87e3c) dumped :me_iso_spu_module.self
+ (0x00d99738) dumped :sv_iso_spu_module.self
+ (0x00db23f0) dumped :sb_iso_spu_module.self

#19 - CJPC - 386w ago
CJPC's Avatar
So B, then A. And you are using the dumps that were released yesterday? Also, are you using windows, or linux?

#18 - einzwei - 386w ago
einzwei's Avatar
I do B then A - like it's written in readme. and that produces such results. I also tried A then B (just in case) - but that combination doesn't work for me - i've got error message and no files got written.