PS3 First time working with PS3. What CFW options are available?

K

KoroKoro

Forum Noob
Hi guys, first time posting.
So I recently bought my first PS3 last month (2nd hand), and wanted to start messing with homebrew. I've mainly been into retro stuff so the PS3 is now the newest console I have.
It's a slim CECH2002B with firmware 4.88. It's been sitting on my desk and I hadn't touched it since... I only just started messing with it this weekend, but it seems i've timed it perfectly as bgtoolset is now no longer available...
Since I've only just started with PS3, I was wondering if there are any other work arounds? Clearly there's an ocean of information out there, but i guess you could say i can't see my way out of through the jungle as I haven't paid paid much attention to this scene.
I think PS3HEN is an option? though I'm not sure if this gives me complete control over the hardware?
I can see that CFW 4.89 Evilnat will install on OFW 3.55. Please excuse my ignorance, but this doesn't require bgtoolset, and just installs via native OS update?
So I started looking into downgrading OFW, and looks like i'd need to remove and flash a bios rom chip. I'm fine with surface mount soldering etc, though I don't have the specific flashing hardware.
Instead of investing a lot in that hardware, is it possible to pre flashed chips that I can install myself?
Or is there another better method that I don't know about?
Thanks all :)
 
Well it mostly depends on whether you need PSN access or not. If you need PSN, the only CFW based on the latest 4.89 firmware is Evilnat's, and it seems to work fine. Some people claim it's buggy but that's mainly due to 4.89 OFW being a little buggy itself. You can also install Evilnat's 4.88 and fake 4.89. Please note that there is always a risk of a ban if you're connecting to PSN using a modded console.
If you don't need PSN the best option is probably Rebug REX 4.84.2 or Evilnat's unofficial Rebug with Cobra 8.3, either way I'm not aware of any single player games that require a higher firmware version.

At this point in time unfortunately bgtoolset is down and the best course of action would be to wait until it's back up. You can also install HEN until bgtoolset comes back up and switch to CFW when that happens. HEN does not give you complete control but it allows you to play homebrew and backups and is probably good enough as a temporary solution until bgtoolset is back online. Indeed you can use a hardware flasher to downgrade your PS3 to 3.55 but obviously messing with the hardware could result in a brick.
3.55 or lower can be switched to CFW without any exploit, just install it as you would install any firmware update.
If you already have a CFW then downgrading is very simple, just enable the QA flag, which can be done via the custom firmware tools menu on Evilnat's CFW, the Rebug Tools app on Rebug or other homebrew tools on other CFW, then you can downgrade the same way you install firmware updates. Mind that the lowest firmware version you can downgrade to is the version it originally shipped with. I think in your case it's 3.00.
 
@KoroKoro You didn't understand or someone wrongly explained it to You.
  1. HEN is for people who cannot install CFW, as models with new boot loader cannot have it. Eventually for people who don't need full control over system.
  2. You can install CFW from USB only on OFW 3.55 or older. OFW 3.56 and newer needs exploiting, and here what ps3xploit doing the job for such cases - whatever it leads to install HEN or install patches allowing install CFW.
  3. You can install any CFW in any version over any CFW (QA flag set is needed for older versions than installed) from USB, internal HDD (debug VSH needed) or network (mitm attack needed).
 
Thanks guys... I'm starting to get the picture.
I don't think I need PSN as I'm not interested in online play, or anything online. I'm perfectly happy with offline single player (as i can't dedicate time to 'get good').
Preferably I think i'd rather have full control over the hardware, but it sounds like I won't be able to install CFW unless I pull it apart and flash it manually. In the mean time, i could dip my toes in and try out Hen temporarily just for fun.
I've seen a few people say that (just wait for bgtoolset to go back online)... Though I wasn't sure if I should wait, or just buy the flashing tools now. From some posts I got the impression that it maybe discontinued?
I'm not sure what the risk of 'bricking' is, but i'm not too bad with soldering. I've installed n64 hdmi, wiidual, dreamcast hdmi, nes hdmi. i've also successfully replaced VDP2 in my sega saturn (120pin, epoxied under the chip and lead free solder used from the factory).
Admittedly, my biggest challenge would be with the software... I'd probably do something stupid by not having the correct file headers etc... Though when people say "brick", to me says that it is 100% permanently dead and irreparable. Does the PS3 have some kind of anti-tamper suicide security or something?
 
If current ssl and xpassphrase is known. It is rather curiosity than something useful.

@KoroKoro Just wait for bgtoolset be available but if You are ok with soldering, then You can go with hardware way (or maybe still You can use flasher from ps3xploit? I dunno, depend of OFW version because I don't know if this tool was updated since 4.84). But be sure dumps are proper as there will be no second chance. If Your NOR dump is valid, then You can always have a way to restore it as long as chip is not dead or have bad blocks.
 
Thanks guys for the replies. Heaps of great info.

Though when you guys say "there is no second chance", do you mean it just becomes unbootable? or does it actually damage the hardware to the point that burning my own firmware chip would be impossible? I've not learned everything about the PS3, but fears like capcoms cps2 suicide battery comes to mind... Is there no destructive hardware security i should know about? Or maybe some encrypted keys I'd need to somehow extract first before attempting to swap firmware chips or something? In my mind it would kind of be nice to have the original unmodified bios chip extracted for safe keeping as a backup in the event of messing something up.

I don't want to seem pushy, and I know it's only been a few weeks, but are the plans to rehost bgtoolset certain at this point? Where would be the best page be to see updates announced?
 
It means that if Your flash memory dumps be corrupted somehow and You got real flash memory corrupted, then console die in a state beyond any repair (it will be possible only to revive it if You exchange NAND/NOR and syscon and maybe Cell and RSX too, I dunno, I'm far to be hardware expert).

In example scenario: You reading dump for hack console, but this dump is broken, You don't know that, patching this dump and writing back to PS3. And poof, dead meat because You don't have valid dump to reflash it again, and You cannot get one from another console.
 
That sounds like a headache, if not impossible to fix. But Instead of trying to mess with dumps and crossing my fingers every time I flash the firmware, Can't I just source and replace with my own compatible eeprom chip, and remove my OFW chip and keep as a backup without writing to it at all? Or do replacement eeproms not exist? Or not that simple as changing out bios chips like other older consoles i've worked on?
Edit, also can't I test my bios dump in an emulator or something, and check if the file headers and footers are correct in a hex editor before I start writing to the console? Seems like a bit of a blind leap of faith...
 
KoroKoro said:
I've seen a few people say that (just wait for bgtoolset to go back online)... Though I wasn't sure if I should wait, or just buy the flashing tools now. From some posts I got the impression that it maybe discontinued?
I'm not sure what the risk of 'bricking' is, but i'm not too bad with soldering. I've installed n64 hdmi, wiidual, dreamcast hdmi, nes hdmi. i've also successfully replaced VDP2 in my sega saturn (120pin, epoxied under the chip and lead free solder used from the factory).
Admittedly, my biggest challenge would be with the software... I'd probably do something stupid by not having the correct file headers etc... Though when people say "brick", to me says that it is 100% permanently dead and irreparable. Does the PS3 have some kind of anti-tamper suicide security or something?
Click to expand...
Thats because one of the features of the bgtoolset is to work as a flasher (allows read and write access to the contents of the flash chip soldered in your motherboard)
Basically, the first thing you should do in bgtoolset is a "flash dump", the flash type of your PS3 model is a NOR (and 16mb size), save that file as if it where gold
In PS3 slang we dont use much the words bios or eeprom. Is the flash contents what matters, so having that file (specially if it contains 100% official data not damaged or patched unnofficially) could help a lot incase of problems

After that is when you need to apply a custom patch to the flash with the bgtoolset. This patch allows to install a CFW... so after applying it you can just reboot the PS3 and install a custom .PUP from USB
KoroKoro said:
Though when you guys say "there is no second chance", do you mean it just becomes unbootable? or does it actually damage the hardware to the point that burning my own firmware chip would be impossible? I've not learned everything about the PS3, but fears like capcoms cps2 suicide battery comes to mind... Is there no destructive hardware security i should know about? Or maybe some encrypted keys I'd need to somehow extract first before attempting to swap firmware chips or something? In my mind it would kind of be nice to have the original unmodified bios chip extracted for safe keeping as a backup in the event of messing something up.

I don't want to seem pushy, and I know it's only been a few weeks, but are the plans to rehost bgtoolset certain at this point? Where would be the best page be to see updates announced?
Click to expand...
I guess he means mostly that there is only one chance to get a flash dump with 100% official data (inmediatly before applying any custom patch), but in the practise it doesnt matters much, the 16mb of the dump are divided in around 10mb+ for files (that udpates for every firmware installed) + a lot of unique identifyers and "metadata" using encryptions, etc...
The files doesnt matters because are generic (incase of corruption we can regenerate them)... is the other stuff what is critical
KoroKoro said:
That sounds like a headache, if not impossible to fix. But Instead of trying to mess with dumps and crossing my fingers every time I flash the firmware, Can't I just source and replace with my own compatible eeprom chip, and remove my OFW chip and keep as a backup without writing to it at all? Or do replacement eeproms not exist? Or not that simple as changing out bios chips like other older consoles i've worked on?
Edit, also can't I test my bios dump in an emulator or something, and check if the file headers and footers are correct in a hex editor before I start writing to the console? Seems like a bit of a blind leap of faith...
Click to expand...
Is more simple, in the worst scenario (lets say one day your flash chip burns a hole in the middle) you can buy a new flash chip... buy a teensy (to write in it)... and use the data from the flash dump you made to restore it
 
Firmware is written on NAND or NOR (depend of model), not EEPROM.

This is one the reasons why You should limiting writing to the bare minimum but in case of hacking also better way is to hot patching instead writing again whole chip after file patching. Anyway, as Sandungas said, You must dump NAND/NOR anyway, and do this few times, compare their checksums (e.g MD5) - should all be the same. If they will not be, it means dumping is not reliable for some reason and this will be first warning for You to example check pendrive condition. Second, You can additionally check dump by some app to count some statistics, which not tell You everything is ok, but will bring You a closer to be sure.

And no, You cannot just replace NAND/NOR just like that. Not alone. I'm not sure if with SysCon too but maybe also with Cell and RSX too. And again, I'm not sure if can be filled by data for another console or it must be Yours (which You could no longer have it if it is corrupted - both in backup and on a chip(s)).

In summary, what I have in mind, is if Your e.g NOR dump is bad dump, and You patch it and write back to the chip, You will kill the console. So it is very important to be sure everything is ok, and to keep the flash backup in safe space (just in case one day You would need it).
 
Berion said:
Firmware is written on NAND or NOR (depend of model), not EEPROM.
Click to expand...
Gotcha... sorry, brain fart on my part... I'm still living in the 90s :p

Berion said:
This is one the reasons why You should limiting writing to the bare minimum but in case of hacking also better way is to hot patching instead writing again whole chip after file patching. Anyway, as Sandungas said, You must dump NAND/NOR anyway, and do this few times, compare their checksums (e.g MD5) - should all be the same. If they will not be, it means dumping is not reliable for some reason and this will be first warning for You to example check pendrive condition. Second, You can additionally check dump by some app to count some statistics, which not tell You everything is ok, but will bring You a closer to be sure.
Click to expand...
Good idea. I'm beginning to understand how all the pieces fit together... I hope :p
Though with the dumping method, is that done specifically from within the PS3 software or externally on the PC using a chip flashing tool? Because I don't see how I can make a dump considering that bgtoolset is no longer available. Either way it looks like I'd need to de-solder the chip anyway to write the patched firmware...

Berion said:
And no, You cannot just replace NAND/NOR just like that. Not alone. I'm not sure if with SysCon too but maybe also with Cell and RSX too. And again, I'm not sure if can be filled by data for another console or it must be Yours (which You could no longer have it if it is corrupted - both in backup and on a chip(s)).
Click to expand...
Though, just so I understand this correctly, the CFW is a patch applied on top of my existing OFW, which is unique to only my console, correct?

Berion said:
In summary, what I have in mind, is if Your e.g NOR dump is bad dump, and You patch it and write back to the chip, You will kill the console. So it is very important to be sure everything is ok, and to keep the flash backup in safe space (just in case one day You would need it).
Click to expand...
Again, just to confirm, there is no emulator or other PC software tools to confirm my new patched firmware is corrupted or just patched incorrectly, before testing it on real hardware? It seems like there are a few steps where a fault could occur, so maybe it could make troubleshooting a bit trickier...?

Lastly, i suspect this idea would be an unnecessary expense, but would it be wise to try writing to a new spare NAND/NOR flash chip and just remove/keep the original OFW chip as a spare backup? i.e. just in case something goes wrong (like a bad pin connection when writing etc)... Or is it not that simple to just swap hardware out like that 'willy nilly'?
 
Not no longer but temporary not available. Just wait. :P If You are not patience, then You can use Flash Writer from tools on ps3xploit site but I'm not if it covering fw past 4.84 (probably or not yet); or use stolen bgtoolset from another host site (but no one knows if it is exact clone or not); or use flasher like Teensy etc. (but I'm not hardware expert, maybe there are better/different hardware flashing method).

Not exactly. OFW is the same on all same models, but chip/chips not only contains OFW. ;) And the rest stuff is per console because of cryptography involved.

No emulator. Just app for statistics counters to detecting anomaly. BwE NOR Validator (for NOR dumps of course)? I dunno, never used any of them (never needed, started from OFW 3.55 on which I could install CFW from pendrive :P without voodoo as needed for newer fw).

No, You cannot change chip with fw. If You did, as I said You need also exchange other chips.
 
You must log in or register to reply here.

Similar threads

Back
Top