PS3 4.89 Jailbreaking - PS3 CFW (Custom Firmware Capable Models) Status + Warnings

NiQ said:
Well, it was the disappearance of bgtoolset that prompted the current effort in the first place.
Click to expand...

I don't think so. Indeed, I started working on the feature for wMM even when bgtoolset was alive.
Maybe I'm wrong, but I think it helped to inspire kostirez1 to build his own solution.

My personal reason was that ps3xploit flash writer was abandoned on 4.85 in favor of bgtoolset (which is more robust and secure).

My concern was that bgtoolset is closed code and built on a custom framework that use ROP and several other exploits.
It is a great solution and the way that bguerville prefer. I respect his decision.

However, in my opinion a software flasher using standard tools like psl1ght or PS3SDK offers more flexibility in development (even when it's limited to run on HEN).

I also look forward for lmn7's ps3xploit flash writer for 4.89. It's also great to have options.

BTW I should credit to bguerville and littlebalup for all the help and information provided in the development.
 
aldostools said:
I don't think so. Indeed, I started working on the feature for wMM even when bgtoolset was alive.
Maybe I'm wrong, but I think it helped to inspire kostirez1 to build his own solution.

My personal reason was that ps3xploit flash writer was abandoned on 4.85 in favor of bgtoolset (which is more robust and secure).

My concern was that bgtoolset is closed code and built on a custom framework that use ROP and several other exploits.
It is a great solution and the way that bguerville prefer. I respect his decision.

However, in my opinion a software flasher using standard tools like psl1ght or PS3SDK offers more flexibility in development (even when it's limited to run on HEN).

I also look forward for lmn7's ps3xploit flash writer for 4.89. It's also great to have options.

BTW I should credit to bguerville and littlebalup for all the help and information provided in the development.
Click to expand...
Will the old e3 nor hardware flasher still be useful after discovery of cfw on metldr2 super slim? Or will there be no update for the flasher? Teensy feels kinda too advanced for me.
 
RoboKing's Cosmos said:
Will the old e3 nor hardware flasher still be useful after discovery of cfw on metldr2 super slim? Or will there be no update for the flasher? Teensy feels kinda too advanced for me.
Click to expand...
As far as I know, none of the software flashers being worked won't let apply the nofsm_patch on ps3 models with metldr2. If the keys are found, then they could be flashed too.
 
aldostools said:
As far as I know, none of the software flashers being worked won't let apply the nofsm_patch on ps3 models with metldr2. If the keys are found, then they could be flashed too.
Click to expand...
If I understand correctly the new glitch allows arbitrary code execution at lv0. Doesn't it mean you can completely replace metldr with a custom loader?
 
NiQ said:
If I understand correctly the new glitch allows arbitrary code execution at lv0. Doesn't it mean you can completely replace metldr with a custom loader?
Click to expand...

Which "new glitch"?. There is no known way to break metldr.2 yet and release the keys (which are scrambled on each boot). It's not possible to flash a CFW console flash dump into non CFW console (remember, most of the PS3 main components are signed with unique keys during manufacturing, and each console only works with the components that were assigned to it at the factory).

What MikeM64 did with his lv0ldr exploit is a PoC of a hardware implementation from the old software exploit from JuanNadie, based on the "man in the middle" strategy which intercepts the data packets sent and recieved between the Syscon and the SouthBridge of the PS3.

By this concept, MikeM64 got a dump of lv0ldr from metldr.2. Much more work needs to be done, as this was tested on a CECH-25xx non CFW capable console (CECH-3xxx should be similar and CECH-4xxx could be as well but I have some doubts).
 
Anyone with an access to hardware flasher who could test my PS3HEN based patcher? The current version looks to be stable enough, only some code style related things are left to be ironed out.

If anyone is interested, I could send them a pkg in the next 12 hours or so.
 
kostirez1 said:
Anyone with an access to hardware flasher who could test my PS3HEN based patcher? The current version looks to be stable enough, only some code style related things are left to be ironed out.

If anyone is interested, I could send them a pkg in the next 12 hours or so.
Click to expand...

You should post your own thread for the project, this is not the thread for such development discussions and about the project.
 
raidriar said:
Is somebody is actively working on cracking metldr2??? I thought it was impossible to break without extra hardware
Click to expand...
Right now CFW on metldr2 is impossible. Even if you use E3 to write CFW to the NOR, you can't sign it properly and it won't boot.

A while ago someone posted a race condition that was used to dump the syscon and said it might be possible to use that to execute code at lv0, however nobody's developed it to a working PoC so far and even if it someone does manage to get it working you'd still need (1) An E3 to flash the CFW to begin with and (2) Some sort of chip to trigger that glitch every time the system is started - which would probably code more than a phat or CFW-compatible slim PS3.
 
NiQ said:
Right now CFW on metldr2 is impossible. Even if you use E3 to write CFW to the NOR, you can't sign it properly and it won't boot.

A while ago someone posted a race condition that was used to dump the syscon and said it might be possible to use that to execute code at lv0, however nobody's developed it to a working PoC so far and even if it someone does manage to get it working you'd still need (1) An E3 to flash the CFW to begin with and (2) Some sort of chip to trigger that glitch every time the system is started - which would probably code more than a phat or CFW-compatible slim PS3.
Click to expand...
Right, that's what I thought.
 
larry12222 said:
ill risk them cuz theres no official ones..
Click to expand...
HEN works for most things. there is a thread HERE about the differences between it and CFW. if you don't need the advanced features that CFW gives immediately, consider using HEN untill the official tool come back.
 
I used the Russian copy and everything worked wonderfully! PS3 SLIM 2511A

I am watching many here doing psychological terrorism:

"your PS3 will brick for sure"

"your PS3 is going to explode"

"your PS3 will become a bomb in Putin's service"

Let's get to the facts:

[1] There are many people who are unlocking through Russian bgtoolset and having success
[2] There are people who had problems performing the procedure through the Russian bgtoolset
[3] The causes of these problems still need further investigation. Some models may be incompatible(FATs). People may be clicking on the wrong things during the procedure.

So, this forum, whose main objective is to bring information to the PS3 public, should, firstly, inform and discuss the facts seriously. Instead of just spreading disinformation and doing informational terrorism.
 
PS3MASTERS said:
So, this forum, whose main objective is to bring information to the PS3 public, should, firstly, inform and discuss the facts seriously. Instead of just spreading disinformation and doing informational terrorism.
Click to expand...

The warnings have been placed several times on this site, even by the developer of the (stolen) tool himself.

There are no facts to discuss here as nobody knows how the stolen tool is implemented, which changes were made to it in order to make it "work", which checks are in place and how they are done (if any), if there is some sort of malware inside (to steal console IDs), etc.

Too many uncertainties from a closed-source, untested, unreliable, stolen tool.
 
PS3MASTERS said:
I used the Russian copy and everything worked wonderfully! PS3 SLIM 2511A

I am watching many here doing psychological terrorism:

"your PS3 will brick for sure"

"your PS3 is going to explode"

"your PS3 will become a bomb in Putin's service"

Let's get to the facts:

[1] There are many people who are unlocking through Russian bgtoolset and having success
[2] There are people who had problems performing the procedure through the Russian bgtoolset
[3] The causes of these problems still need further investigation. Some models may be incompatible(FATs). People may be clicking on the wrong things during the procedure.

So, this forum, whose main objective is to bring information to the PS3 public, should, firstly, inform and discuss the facts seriously. Instead of just spreading disinformation and doing informational terrorism.
Click to expand...
Oh God, I'll repeat it again: the unofficial clones are based on a reverse engineering of the original bgtoolset. The person that made the copy says in the readme that it only considers the happy path. The clone sites don't mention this note or give any warning.

It sometimes works because it is an incomplete copy of bgtoolset. That is the problem. It not works all the times like the original bgtoolset.

Because you survived playing the Russian roulette, doesn't mean that it's safe to play. This analogy applies to these clones.

It is our responsibility to give proper information and warnings. If you decide to put your PS3 on risk to get CFW with an incomplete tool, it's your decision and it may result in a bricked console.

In my opinion, it doesn't worth to take the risk when HEN provides >90% of the same features and it's proven to be very safe.
 
You must log in or register to reply here.

Similar threads

Back
Top