METLDR dumped by Darkvolt - 改機
By Lucy
at 2011-11-21T21:41
at 2011-11-21T21:41
Table of Contents
http://goo.gl/voLCS
有個叫做黑暗伏特(Darkvolt)的人也把METLDR給讀了出來,並發現裡頭有geohot
給的root key,而且到3.73版都還沒換。
以下為留言板文章,文法跟拼字錯誤就順手修正了:
As I work I'll be realeasing more stuff.
不要轉台,我還會釋出更多好康的。
Saying this is not worthy... Hehehe explanation:
有人酸我是在做白工,哼哼,看了就知道:
We have a decrypted metldr here, if you see it a little, you will see
it is an normal elf without the header.
解了密的metldr在此,如果你仔細觀察的話,你會發現是個沒有檔頭的 elf檔。
It contains the root keys that geohot published and a couple of 0x30
added from 3.50 and ahead, and it STILL USES IT!
內含geohot已經開的管理員金鑰,並且從3.50版本中加了一些0x30的值,總之這
個金鑰目前還有效!
Having the metldr in elf, we can put it the header and upload it in
anergistic using it as unselfer for loaders!
拿到了 elf格式的metldr之後,我們就可以補上缺少的檔頭,然後丟進anergistic
模擬器〔譯註: glevand的self模擬器〕,把這個模擬器當作是解密工具。
The metldr is still used in 3.74 (already exists a dubug) and 3.73
retail, too.
這個版本的metldr直到3.74( Debug版韌體)都還在用,當然3.73零售版韌體也
不例外。
The difference of charge is that in before, the metldr used to take
the files from coreos, but now it deliveres them to lv0 via ram and
close us the acces to the file. BUT WE CAN DECRYPTED IT with the root
keys from the metldr added if we have the file... .
跟以前不同的地方在於,以前metldr直接從coreos的區塊讀檔案,現在是利用記
憶體傳址的方式把檔案傳給 lv0,然後關閉我們存取該段位址的權限。儘管如此
,我們還是能透過root key去把metldr解出來,而且拿到解密的版本後……
The lv0 can be decrypted if we fix the of math exploit to charge
the bootldr and decrypte the metadata from the header from lv0 and
with this decrypte the rest of the spaces with their loaders..
就自然可以把 lv0解出來,然後要是能夠再進一步修正Mathieulh公佈的bootldr
漏洞,並且把lv0 檔頭裡的資料全部解出來,就能購自由存取SONY社記得所有
loader了。
It isn't worthy? hehe
這樣還算是做白工嗎?哼哼
Edit to add, if you compare an ISOLDR from 3.55 with the metldr, you
will realize that they are almost the same, I mean the isoldr
contains the updates for the metldr (virtuals of course).
若把3.55韌體的isoldr跟metldr相比較,會發覺其實幾乎是一模一樣的,我是說
isoldr裡頭也有metldr的更新(當然是障眼法)
And that in 3.60+ it also is inside of the lv0, so it can update
every time the initial metldr boots with the new couple of keys the
already have... .
在3.60+ 版本的韌體中,在 lv0裡頭也有一份,所以縱使使用原始的metldr開機
稍後也能夠再追加其他的金鑰。
uploading the metldr in anergistic...
http://pastie.org/private/2kijry6y7jwoiwsepqqcbq
--
《天龍人轉職技能開發樹 Skill and Occupation Tree of Sky Dragoners》持續更新ing
┌→勞委會┌→新北市/立法院
┌裝熟──看報──比爛┐┌哽咽┴─告密┬┴無視─→總統府/台北市/文建會
囧mm ┤ ┌→農委會┌──┘└──┐┌──┘┌→桃園縣/台中市/交通部
└裝死┴─跳針┬┴硬拗─┬轉彎┘└震怒─┴白賊─→行政院/外交部
└→加油讚└→體委會/財政部/監察院
--
有個叫做黑暗伏特(Darkvolt)的人也把METLDR給讀了出來,並發現裡頭有geohot
給的root key,而且到3.73版都還沒換。
以下為留言板文章,文法跟拼字錯誤就順手修正了:
As I work I'll be realeasing more stuff.
不要轉台,我還會釋出更多好康的。
Saying this is not worthy... Hehehe explanation:
有人酸我是在做白工,哼哼,看了就知道:
We have a decrypted metldr here, if you see it a little, you will see
it is an normal elf without the header.
解了密的metldr在此,如果你仔細觀察的話,你會發現是個沒有檔頭的 elf檔。
It contains the root keys that geohot published and a couple of 0x30
added from 3.50 and ahead, and it STILL USES IT!
內含geohot已經開的管理員金鑰,並且從3.50版本中加了一些0x30的值,總之這
個金鑰目前還有效!
Having the metldr in elf, we can put it the header and upload it in
anergistic using it as unselfer for loaders!
拿到了 elf格式的metldr之後,我們就可以補上缺少的檔頭,然後丟進anergistic
模擬器〔譯註: glevand的self模擬器〕,把這個模擬器當作是解密工具。
The metldr is still used in 3.74 (already exists a dubug) and 3.73
retail, too.
這個版本的metldr直到3.74( Debug版韌體)都還在用,當然3.73零售版韌體也
不例外。
The difference of charge is that in before, the metldr used to take
the files from coreos, but now it deliveres them to lv0 via ram and
close us the acces to the file. BUT WE CAN DECRYPTED IT with the root
keys from the metldr added if we have the file... .
跟以前不同的地方在於,以前metldr直接從coreos的區塊讀檔案,現在是利用記
憶體傳址的方式把檔案傳給 lv0,然後關閉我們存取該段位址的權限。儘管如此
,我們還是能透過root key去把metldr解出來,而且拿到解密的版本後……
The lv0 can be decrypted if we fix the of math exploit to charge
the bootldr and decrypte the metadata from the header from lv0 and
with this decrypte the rest of the spaces with their loaders..
就自然可以把 lv0解出來,然後要是能夠再進一步修正Mathieulh公佈的bootldr
漏洞,並且把lv0 檔頭裡的資料全部解出來,就能購自由存取SONY社記得所有
loader了。
It isn't worthy? hehe
這樣還算是做白工嗎?哼哼
Edit to add, if you compare an ISOLDR from 3.55 with the metldr, you
will realize that they are almost the same, I mean the isoldr
contains the updates for the metldr (virtuals of course).
若把3.55韌體的isoldr跟metldr相比較,會發覺其實幾乎是一模一樣的,我是說
isoldr裡頭也有metldr的更新(當然是障眼法)
And that in 3.60+ it also is inside of the lv0, so it can update
every time the initial metldr boots with the new couple of keys the
already have... .
在3.60+ 版本的韌體中,在 lv0裡頭也有一份,所以縱使使用原始的metldr開機
稍後也能夠再追加其他的金鑰。
uploading the metldr in anergistic...
http://pastie.org/private/2kijry6y7jwoiwsepqqcbq
--
《天龍人轉職技能開發樹 Skill and Occupation Tree of Sky Dragoners》持續更新ing
┌→勞委會┌→新北市/立法院
┌裝熟──看報──比爛┐┌哽咽┴─告密┬┴無視─→總統府/台北市/文建會
囧mm ┤ ┌→農委會┌──┘└──┐┌──┘┌→桃園縣/台中市/交通部
└裝死┴─跳針┬┴硬拗─┬轉彎┘└震怒─┴白賊─→行政院/外交部
└→加油讚└→體委會/財政部/監察院
--
Tags:
改機
All Comments
By Carolina Franco
at 2011-11-26T01:32
at 2011-11-26T01:32
By Robert
at 2011-11-30T18:16
at 2011-11-30T18:16
By Carol
at 2011-12-02T20:43
at 2011-12-02T20:43
By Sierra Rose
at 2011-12-04T13:05
at 2011-12-04T13:05
Related Posts
改回官方版本的方法
By Andrew
at 2011-11-21T20:52
at 2011-11-21T20:52
KaKaRoTo announces jailbreak for 3.73
By Jake
at 2011-11-21T20:16
at 2011-11-21T20:16
無法執行IOS
By Olive
at 2011-11-21T18:27
at 2011-11-21T18:27
Showtime-3.3.264: Decoration fixes
By Emily
at 2011-11-21T10:55
at 2011-11-21T10:55
請問一下星之卡比白頻的問題
By Olive
at 2011-11-20T13:20
at 2011-11-20T13:20