PS3 4.89 Jailbreaking - PS3 CFW (Custom Firmware Capable Models) Status + Warnings

[PS3MASTERS]

So you admit that the clone is Chinesium quality, yet you claim we are doing "informational terrorism"?

You don't know how to interpret texts.

What I said: Yes, there are issues with SOME people. And with other people it works WITHOUT PROBLEMS. What do you understand: "Chinese quality and kkk"

The warnings have been placed several times on this site, even by the developer of the (stolen) tool himself.

There are no facts to discuss here as nobody knows how the stolen tool is implemented, which changes were made to it in order to make it "work", which checks are in place and how they are done (if any), if there is some sort of malware inside (to steal console IDs), etc.

Too many uncertainties from a closed-source, untested, unreliable, stolen tool.

Closed source? LOL. You know bgtoolset itself is closed source, right? Nothing prevents there being something there that you don't know or don't want.

Also, the Russian version I used is an EXACT copy of a dump made in the original tool. You can check it here: It's exactly the same.

https://github.com/ajgon/bgtoolset

Oh God, I'll repeat it again: the unofficial clones are based on a reverse engineering of the original bgtoolset. The person that made the copy says in the readme that it only considers the happy path. The clone sites don't mention this note or give any warning.

It sometimes works because it is an incomplete copy of bgtoolset. That is the problem. It not works all the times like the original bgtoolset.

Because you survived playing the Russian roulette, doesn't mean that it's safe to play. This analogy applies to these clones.

It is our responsibility to give proper information and warnings. If you decide to put your PS3 on risk to get CFW with an incomplete tool, it's your decision and it may result in a bricked console.

In my opinion, it doesn't worth to take the risk when HEN provides >90% of the same features and it's proven to be very safe.

Yes. This is the point. You're right.

I was referring to others who are religiously PREACHING as if one should avoid the Russian tool at all costs, as if it were an ABSOLUTE EVIL and a mortal sin.

When in fact, suffice it to say: It works for some and not for others. In case of problems, this can damage your device.

 

[atreyu187]

Oh God, I'll repeat it again: the unofficial clones are based on a reverse engineering of the original bgtoolset. The person that made the copy says in the readme that it only considers the happy path. The clone sites don't mention this note or give any warning.

It sometimes works because it is an incomplete copy of bgtoolset. That is the problem. It not works all the times like the original bgtoolset.

Because you survived playing the Russian roulette, doesn't mean that it's safe to play. This analogy applies to these clones.

It is our responsibility to give proper information and warnings. If you decide to put your PS3 on risk to get CFW with an incomplete tool, it's your decision and it may result in a bricked console.

In my opinion, it doesn't worth to take the risk when HEN provides >90% of the same features and it's proven to be very safe.

Probably a bit closer to 98% but I get the point. The only terror I ever see is folks whining about they should have by now or it's not coming. Honestly I would have just pulled myself from it and let everyone use hardware flashers again a long time ago.

 

[Louay]

@aldostools don't explain too much i hate those who don't really understand the risks if one want to use clone site they use on their own will and no one take responsibility

 

[kostirez1]

Also, the Russian version I used is an EXACT copy of a dump made in the original tool. You can check it here: It's exactly the same.

This is factually wrong. The (Russian) code is modified in a very sloppy way to remove firmware version checks. Another thing is that this repo isn't "original" in any way to begin with. And in fact, the person who is "maintaining" this clone refused to take it down after there were reports of bricked consoles. Not to mention that it is in a direct violation of the license.

Can you imagine how many times we could have had opensource and actually working alternatives if it wasn't for BGToolset clones? The fact that there are multiple PS3s bricked daily with tools that are known to cause problems, and yet it is near impossible to find testers for new tools.

 

[GuilloteTesla]

Closed source? LOL. You know bgtoolset itself is closed source, right? Nothing prevents there being something there that you don't know or don't want.

Also, the Russian version I used is an EXACT copy of a dump made in the original tool. You can check it here: It's exactly the same.

It's closed-source because you don't know what's been uploaded to the web server. You can pinpoint any Github repo you like, it doesn't mean that code is exactly the same used on the online (stolen) toolsets out there (which we can't check as it is a closed-source).

And that dump made is the incomplete, stolen version from bguerville, which the developer himself already confirmed is incomplete and doesn't have the security checks in place.

In other words, a hack that can (and most probably will) cause bricks.

 

[aldostools]

Also, the Russian version I used is an EXACT copy of a dump made in the original tool. You can check it here: It's exactly the same.

The Russian clone (and the other clones) are based on that INCOMPLETE dump. Definitively you didn't read the README on that (illegal) repository. I invite you to read it again directly from github:

• It's not a full dump, I only focused on happy path, of flashing PS3. Memory editor probably wouldn't work, logs are also not reliable. Original toolset uses *.php files, which (for obvious reasons) I couldn't dump, so most of them are just plain HTML output of the scripts. The file.php is my dummy, minimal implementation which makes all this stuff work.

The dump on that github repository is illegal because the source code was reversed without authorization of bguerville, who invested his time, money and resources on research and providing a world-class service free of charge; and he expressed clearly that he wanted the project to be closed.

Making the incomplete dump a public service is simply irresponsible and "terrorism" (using your own words).

 

[NiQ]

The Russian clone (and the other clones) are based on that INCOMPLETE dump. Definitively you didn't read the README on that (illegal) repository. I invite you to read it again directly from github:

• It's not a full dump, I only focused on happy path, of flashing PS3. Memory editor probably wouldn't work, logs are also not reliable. Original toolset uses *.php files, which (for obvious reasons) I couldn't dump, so most of them are just plain HTML output of the scripts. The file.php is my dummy, minimal implementation which makes all this stuff work.

The dump on that github repository is illegal because the source code was reversed without authorization of bguerville, who invested his time, money and resources on research and providing a world-class service free of charge; and he expressed clearly that he wanted the project to be closed.

Making the incomplete dump a public service is simply irresponsible and "terrorism" (using your own words).

I'd say yes and no about this one.
You're mostly right cause it just seems to be a dump of the files on bgtoolset with a few patches. If it had been a reimplementation based on clean reversing of bgtoolset it would've been perfectly legit.

 

[aldostools]

I'd say yes and no about this one.
You're mostly right cause it just seems to be a dump of the files on bgtoolset with a few patches. If it had been a reimplementation based on clean reversing of bgtoolset it would've been perfectly legit.

I see your point, but in this case the dump isn't a reimplantation.

At least the repo could be a reference for a legit reimplantation (if sometime happens).

 

[STLcardsWS]

I used the Russian copy and everything worked wonderfully! PS3 SLIM 2511A

I am watching many here doing psychological terrorism:

"your PS3 will brick for sure"

"your PS3 is going to explode"

"your PS3 will become a bomb in Putin's service"

Let's get to the facts:

[1] There are many people who are unlocking through Russian bgtoolset and having success
[2] There are people who had problems performing the procedure through the Russian bgtoolset
[3] The causes of these problems still need further investigation. Some models may be incompatible(FATs). People may be clicking on the wrong things during the procedure.

So, this forum, whose main objective is to bring information to the PS3 public, should, firstly, inform and discuss the facts seriously. Instead of just spreading disinformation and doing informational terrorism.

Sorry i have to shout because some just can't understand it.

Let's do get to the facts..

• The person who knows more about the bguerville PS3 Toolset is the person who its named after and the creator bguerville. If the developer who created it and the only one who knows the code behind it. Say that its problematic with the INCOMPLETE re-implentation and will cause ISSUE's, He warned us when they started to popup. WE HAVE SEEN MANY BRICKS REPORTS HERE AND ELSEWHERE.. WE HAVE ALSO SEEN CASES LIKE YOURS WHERE IT WILL WORK, BUT YOU ARE TAKING A RISK OF A BRICK OR CLEAN INSTALL.. NOT WORTH THE RISK FOR PEOPLE OR A SCENE WHEN THERE IS ALTERNATIVES
• YES THEY HAVE PROBLEMS BECAUSE ITS INCOMPLETE AND HAS MANY ERRORS THAT OCCUR RANDOMLY DEPENDING ON SITUATIONS
• NO IT DOES NOT NEED INVESTIGATING BECAUSE WE ALREADY KNOW THE ISSUE's ITS NOT THE REAL TOOLSET ITS INCOMPLETE. THEREFORE ITS DOESNT WORK RIGHT.
• THE REAL TOOLSET IS DUMMY PROOF AND WILL NOT PERFORM ACTIONS UNLESS CONDITIONS ARE MEET, OR WHEN VARIOUS ELEMENTS ARE VERIFIED.
• WHO KNOWS MORE ABOUT THESE SITUATIONS THE DEVELOPER'S WHO CREATE THE STUFF AND THE PEOPLE WHO HAVE BEEN COVERING THIS STUFF FOR 10+ YEARS OR THE RANDOM GUY WHO DOES ONE CONSOLE AND THINK HE KNOWS IT ALL... ???

WE HAVE DISCUSSED THE FACTS AND BEEN THE ONLY ONES PROVIDING THE TRUTH AND AWARENESS..

MASS BRICKS IN A SCENE, YOU MIGHT AS WELL KISS THAT SCENE GOOD BYE.. HOW DOES BREAKING CONSOLE HELP A SCENE GROW? SEEMS LIKE IT WOULD DO THE OPPOSITE..

i hope that helps

 

[RoboKing's Cosmos]

Let's hope those alternatives aren't the only ones to implement ERK for Metldr2 and that bgtoolset will adapt to it. I've used the original bgtoolset on my old CECH L and it was interesting to see how CFW works compared to HEN (Which is what I was used to before trying out CFW)

 

[NiQ]

Let's hope those alternatives aren't the only ones to implement ERK for Metldr2 and that bgtoolset will adapt to it. I've used the original bgtoolset on my old CECH L and it was interesting to see how CFW works compared to HEN (Which is what I was used to before trying out CFW)

Softmods for metldr.2 will probably never happen. The only way to install CFW on a metldr.2 console which was not debunked (i.e., it's in the "hey, this could work" stage, not even PoC) would require hardmodding (modchip like), in which case bgtoolset would be pointless because you'd just flash it with a hardware flasher.
All this talk is just about waiting for bgtoolset to come back so we can flash CFW on supported (metldr) models without a risk of bricking them.

 

[RoboKing's Cosmos]

Softmods for metldr.2 will probably never happen. The only way to install CFW on a metldr.2 console which was not debunked (i.e., it's in the "hey, this could work" stage, not even PoC) would require hardmodding (modchip like), in which case bgtoolset would be pointless because you'd just flash it with a hardware flasher.
All this talk is just about waiting for bgtoolset to come back so we can flash CFW on supported (metldr) models without a risk of bricking them.

Well if the hard mod works I guess I might give it a try, even though I don't have Teensy but an E3 NOR flasher which is useless compared to the new method for metldr 2 and it's still a NOR but Metldr2 capable. I kinda don't want to spend extra money on another method of hard modding compared to the one that already exists for nor

 

[NiQ]

Well if the hard mod works I guess I might give it a try, even though I don't have Teensy but an E3 NOR flasher which is useless compared to the new method for metldr 2 and it's still a NOR but Metldr2 capable. I kinda don't want to spend extra money on another method of hard modding compared to the one that already exists for nor

I doubt it'll ever happen. I mean, someone may eventually do it as part of the "we do what we must because we can" motto, but I doubt anyone would mass-produce them cause they'd probably cost more than a 2nd hand CFW capable console.

 

[RoboKing's Cosmos]

I doubt it'll ever happen. I mean, someone may eventually do it as part of the "we do what we must because we can" motto, but I doubt anyone would mass-produce them cause they'd probably cost more than a 2nd hand CFW capable console.

There's a chance that there will be a new patch for metldr2 if that's true I might have to risk it with e3 to see if it works fine.

 

[NiQ]

There's a chance that there will be a new patch for metldr2 if that's true I might have to risk it with e3 to see if it works fine.

An E3 won't help you here. E3 only writes data to the NOR, but since you can't sign it properly metldr.2 will refuse to load it and you'll end up with a brick (at least until you restore the OFW with your E3).
The possible exploit that was discussed earlier is a type of race condition - Basically what happens is that the system (I think SYSCON in this case) reads one of the boot stages twice instead of once, i.e., it reads it once and validates it but instead of keeping it in memory, it reads the data from the bus again before it is executed. The concept is that if you modify the memory between the first read and the second read you can (maybe) execute arbitrary code at lv0.
The problem is that the time difference between the two reads is a couple of milliseconds at most - You will need a custom chip with its own super-precise clock to overwrite the data in memory in that small time frame - and this has to be done every time the console boots. This is most definitely not something that can be done with a stock E3.

 

[RoboKing's Cosmos]

An E3 won't help you here. E3 only writes data to the NOR, but since you can't sign it properly metldr.2 will refuse to load it and you'll end up with a brick (at least until you restore the OFW with your E3).
The possible exploit that was discussed earlier is a type of race condition - Basically what happens is that the system (I think SYSCON in this case) reads one of the boot stages twice instead of once, i.e., it reads it once and validates it but instead of keeping it in memory, it reads the data from the bus again before it is executed. The concept is that if you modify the memory between the first read and the second read you can (maybe) execute arbitrary code at lv0.
The problem is that the time difference between the two reads is a couple of milliseconds at most - You will need a custom chip with its own super-precise clock to overwrite the data in memory in that small time frame - and this has to be done every time the console boots. This is most definitely not something that can be done with a stock E3.

so that can't be written at all and e3 just has to be useless in this scenario. damn. no updates no use of that flasher with the clip on. forced to use the newer one.

 

[RoboKing's Cosmos]

hopefully @zecoxao 's friend zer0tolerence will test an e3 as well (which could be a potential brick risk however with the other flasher and back up capabilities should be fine)

 

[ajgon]

Hi, I'm the author of (now unfamous) bgtoolset dump.

I'll be honest with you - if I was aware, what mess this will cause, I wouldn't make this dump in a first place. My biggest mistake was making this public, I honestly wanted just to preserve this, because I learned countless times, that sites come and go, and stuff like that should be preserved. That's why I included info in the README, that I'm not the author, you should always support original creators (I included BTC links), you should never use this unless you know what you're doing etc., etc.

I thought, that spinning this is up is not an easy task, will be enough barrier for anybody, except people determined enough, to even try mess with it. I was obviously wrong. I think, the so-called "russian clone" is not basing on my dump, but was dumped from scratch by another persion, when toolset was alive. This doesn't make me less guilty though, since other clones are.

I'm really sorry for what I did, I didn't mean harm to this community. I just wasn't aware about the backslash, until accidently this thread popped in google when I was searching for something else (I have nothing in common with hack scene, so wasn't aware about discords, posts etc.). I will remove repository completely, I know the milk has been spilled, but I hope that this would at least slow down the damage I did.

 

[aldostools]

I think, the so-called "russian clone" is not basing on my dump, but was dumped from scratch by another persion, when toolset was alive

You're wrong about that. If you add "README.md" to the URL of the russian site you will find the README from your github.

They only personalized your dump for 4.89, translated the text to Russian and replaced the QR codes with ones for their pockets.

That site only has the nofsm for 4.89 and removed the checks for other previous FW versions. Making that site extremely dangerous.

You did it wrong... but what Russians did (and other cloners) is worse -one year later. You at least didn't put the code as a public service.

It is valiant from you to recognize that you did it wrong. However, removing the repository now doesn't solve the damage already made.

 

[RoboKing's Cosmos]

I'm guessing soft modding Metldr2 will be impossible for a long while after discovery on hard modding? @aldostools @GuilloteTesla