IMPORTANT UPDATE (MARCH-2019) v3.0.1 was released providing support for 4.84 HFW (a new hybrid firmware that restores PS3Xploit for 4.84 OFW user's (See Link to HFW))
.There has been alot of development going on around the PS3 since the discoveries of the PS3Xploit (webkit exploit) on 4.81 OFW, first we seen the IDPS dumper (4.81/2 OFW) released with some big news & hope to come along with it, like a Flash Writer (downgrader) for OFW, so if you have been reluctant to buy a Hardware Flasher such as the E3 Flasher and bust open your PS3, but have been wanting to get your PS3 FAT(PHAT) Console and your Downgradable PS3 SLIM Models (up to & including 25xx models with minimum installable version <= 3.56) on Custom Firmware, then here is your chance with a 100% SOFTWARE SOLUTION thanks to the work of PS3Xploit Team ( @bguerville, @esc0rtd3w & W) along with contributions from new team member @habib to help expedite this release. Essentially what this Software Solution does is write a patch to the CoreOS (on NOR/NAND Chip) and when the PS3 Console is then rebooted you can install a Custom Firmware directly, So downgrading back to 3.55 is not required in the process, rather "Direct OFW to CFW patching" is done to allow for Custom Firmware Installation. Since this exploit is executed from 4.82 OFW, you can only install to a 4.82 CFW, HOWEVER if you wish to use an earlier firmware such as REBUG 4.81 for example, once on 4.82 CFW you must TOGGLE QA using a toggle tool, which allows CFW user's to freely switch CFW version from past and present. Read more about this in the Frequently Asked Question (FAQ) and more info in the details provided:
UPDATE - View Public Warning (Beware of Imposter's)
Flash Writer Compatible with these PS3 Models:
Supports FAT Models CECHAxx/Bxx/Cxx/Exx/Gxx/Hxx/Jxx/Kxx/Lxx/Mxx/Pxx/Qxx
Supports SLIM Models 2xxx (minver 3.56 or lower ONLY, check with >>> minverchk.pup - SEE FAQ TAB for USAGE )
-
PS3 OFW 4.82 NAND/NOR FLASH WRITER v1.0WARNING: USE THE PROVIDED flsh.hex AS IS. DON'T PATCH IT OR MODIFY IT OR YOU WILL BRICK *****
***** IMPORTANT DETAILS BELOW -- AVOIDING A BRICK *****
-
Verify flsh.hex file on a flash drive and in the far right USB slot!
- 4.82 flsh.hex MD5: 8E156C99101BF36EC3EDB832982AE46D
- DO NOT USE ON CFW (Custom Firmware) (Only Supports OFW)
- DO NOT USE ON PS3 Models 3xxx/4xxx (aka SuperSlims / Late Slim models) you will brick those console.
- USE ONLY ON 4.82 OFW
PLEASE READ FIRST:
- It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically..
- So in short, never use the browser or set a homepage you cancel before running the exploit!
- If you need to, set the homepage to 'blank', close the browser then reopen it to start the flash writer.
v1.0.0 - Initial Release
- Supports Direct OFW to CFW patching for All Phat and 2xxx Slim (minver 3.56 Dec 2010 and lower)
- the NOR/NAND writer will just copy 3Mb of CoreOS data to both ros0 & ros1 in the flash memory.
- There is only one version released for 4.82. The same hex patch file can be used on nor & nand.
- It's as safe as possible, with a check for usb device & patch file making the exploit hang instead of corrupting flash if file is not found.
- In case of corruption (extremely rare but could always happen), it's only a partial brick because no per console info ever gets erased so a hardware flasher could still be used if ever a recovery reboot was impossible.
Usage Tips:
1) Try using a LAN connection or a solid WiFi connection during exploitation. A weak signal can cause problems.
2) If the exploit takes more than 5 minutes to work, reload page, browser, or restart console and try again.
3) If you are using a LAN connection and experience network issues, make sure all cables to router are in working order.
Steps:
1. Setup a small Web server on pc or smartphone. A custom miniweb application (from: https://sourceforge.net/projects/miniweb/files/) with small changes to the JaveScript, and supplied to host files if you would like to use it. Don't come to us for explanations about how to run a http server though. Google it.
2. Extract the files from release to your http server root folder.
2a- To use the miniweb.exe server, it is necessary to create a folder: htdocs3. Copy the "flsh.hex" file from release folder to root of flash drive.
2b- The files *.html and *.js included in the zip files should be copied/moved to htdocs
4. Put a FAT32 USB key in port closest to BD Drive (/dev_usb000).
5. DOUBLE-CHECK your flash drive on XMB to make sure it shows up under Music, Photos, Videos, etc.
6. Open the PS3 browser File Address window, write the IP address of your server (and the port if not 80) & press the Start button.
7. Select the appropriate button for your console and wait for PS3 to power down. DO NOT STOP THE PROCESS ONCE STARTED!!
8. Once PS3 has powered down, reboot console and install CFW matching OFW version. If installing through XMB does not work, boot to recovery and install. -
Verify flsh.hex file on a flash drive and in the far right USB slot!
-
PS3 4.81/4.82 NAND/NOR Flash Dumper v1.0
THE CORRECT FIRMWARE VERSION BETWEEN 4.81 and 4.82 IS AUTOMATICALLY SELECTED!
UPDATE - ALSO Ported to earlier Official Firmware >>> Link
PLEASE READ FIRST:
- It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically....
- So in short, never use the browser or set a homepage you cancel before running the exploit! If you need to, set the homepage to 'blank', close the browser then reopen it to start the flash writer.
v1.0.0 - Initial Release.
- Supports Dumping NOR on both 4.81 & 4.82.
- bguerville tried to produce a release that was easy to port & he succeeded. Anyone able to search for offsets in IDA can add support to any firmware version in the dumper in a matter of minutes.
- For technical reasons, the Full NAND dumper release is postponed. We will now be focusing on self execution & if we succeed there will be no need for the extra ROP work to do the NAND dumper. If we fail, I will finish it in ROP.
- A lot of time has been invested into making the javascript + UI more efficient, as well as the trigger phase faster & more stable. I hope you enjoy the result.
1) Try using a LAN connection or a solid WiFi connection during exploitation. A weak signal can cause problems.
2) If the exploit takes more than 5 minutes to work, reload page, browser, or restart console and try again.
3) If you are using a LAN connection and experience network issues, make sure all cables to router are in working order.
Steps:
1. Setup a small Web server on pc or smartphone. A custom miniweb application (from: https://sourceforge.net/projects/miniweb/files/) with small changes to the JaveScript, and supplied to host files if you would like to use it. Don't come to us for explanations about how to run a http server though. Google it.
2. Extract the files from release to your http server root folder.
2a- To use the miniweb.exe server, it is necessary to create a folder: htdocs3. Put a FAT32 USB key in port closest to BD Drive (/dev_usb000).
2b- The files *.html and *.js included in the zip files should be copied/moved to htdocs
4. DOUBLE-CHECK your flash drive on XMB to make sure it shows up under Music, Photos, Videos, etc.
5. Open the PS3 browser File Address window, write the IP address of your server (and the port if not 80) & press the Start button.
6. The dumper will detect the firmware version of your console automatically & setup the code appropriately so there is only one version for both 4.81 & 4.82. Run until ps3 beeps & shutdown. The flash dump should be a 16MB file on your USB drive as dump.hex. -
Frequently Asked Questions & Additional Notes
Any Noob Friendly Guides for OFW to CFW? APRROVED BY TEAM PS3Xploit
- TEXT Tutorial: -- PS3 developer @aldostools, has written a very simple and easy to understand TuT, you can view via this link >>>> http://www.psx-place.com/threads/ps...-aldostools-a-simple-rebug-cfw-install.15610/
-
VIDEO Tutorial - A very nice Video Tutorial by MrMario2011
Will this jailbreak my SuperSlim?
- NO, (PS3Xploit has strong possibility to eventually evolve into a HEN style exploit (that aspect will take some additional development and time, at this time PS3Xploit exploit has not evolved enough)
Is my Model Compatible & Which Writer does my console need (NOR or NAND)?
Can I install a CFW before 4.82, such as Rebug 4.81 or an earlier CFW?
- Yes, however you must Toggle QA Flag. Once the Token is activated you have the ability to then freely jump CFW versions. (see below for details)
How do I Toggle QA Flag?
- When on a CFW download & install >>> QA TOGGLER (Standalone), (Note: Will just show a black screen then
reboot the PS3and returns to xmb. A Restart is Required. After toggling QA, cfw syscalls will be disabled (meaning your CFW patches will be disabled until the next boot, so a reboot is required after the Toggler exits back to the XMB.) Additional Info about Q/A flag can be seen here ( & also @ PS3Devwiki)
Should i use the "999 Downgrader" vs "Toggle QA" to install a different CFW?
- No, installing the "999 downgrader" PUP can cause various issues like on a 3.56 minver console, it will brick the console, simply just Toggle the Q/A Flag and play it safe and is so simple to move from CFW versions (up and down from version to version).
How do i know for sure if my PS3 Model is compatible ?
- You must have a PS3 Console that has a Factory Firmware of 3.56 and below.
- To check, its easy with this simple tool for OFW, Download minverchk.rar
- Then place the .pup file on a FAT32 USB Flash Drive in a PS3/UPDATE folder (create path if needed)
- Now on the PS3 XMB goto Setting ->> System Update >>> Update via Media Storage
- Once shown on the list select the PUP and install, shortly after there will be a message showing the factory firmware the console was shipped,
- For this we want 3.56 and below.
- ANYTHING HIGHER THEN 3.56 IS NOT ABLE INSTALL A CFW. Sorry this will not work for your console, but there could be a HEN (Homebrew Enabler) possible for running homebrew, but additional research and time is needed for achievement, additional details can be read here.
What is the basic purpose of the Writer & Dumper Tools Release?
- The dumper is to get a backup of the nor chip
- The writer is to jailbreak your console. (Adding a patch to OFW to allow CFW installation)
Do I have to setup my own web server or can (has) someone host this?
- For best results and security it's advised/recommended to setup a local web-server to execute the webkit exploit, The best Unofficial Host we have found is from developer RED and his page: http://redthetrainer.com/ps3/
How to go from Ferrox 4.82 to Rebug 4.81?
- .Question Raised Here , OR alternatively you can uses this UNOFFICIAL modified version of REBUG 4.81.2, that will install on 4.82 (without QA FLAG as it contains an edit to the syscon version) >>>> (View Tweet & Download Link)
Where can i find the latest 4.82 CFW?
- This thread in the psx-place.com forums.
Where can i find PS3 Homebrew?
New to PS3 CFW Community (Have CFW now installed and want to know a bit more)?
- Here is a thread being started in the forums, An Intro to CFW & PS3 Homebrew . Covers various basic of firmware types and some essential apps. The thread is a WIP so expect additional items to be added.
Q: my console just froze and nothing's happening for over 10 minutes
PSX-Place Member @lord3490 provided some extra FAQs, to which the PS3Xploit team also added information.
-
A: turn off console, the exploit failed.
- 1. Make sure you got the correct file on USB thumb drive and it's formatted to fat32.
- 2. Use an ethernet cable connection instead of WiFi.
- 3. Double check your local Web server configuration & logs to see if it is not simply failing to send files to the ps3. A http server could fail for many reasons, bad configuration, bad permissions, Windows firewall options, AV software, router settings etc....
- 4. Clean browser cache
- 5. Set ps3 browser homepage to about:blank (or to your exploit Web page)
- 6. Restart Browser
- 7. Try again
Q: the console shut down and beeped when using the exploit, however I'm getting an error when trying to install cfw?
-
A: there are a couple of possible reasons for that:
- 1. Did you make sure you flashed the correct file (nand/nor)? See q/a above
- 2. Try different 4.82 CFWs and make sure the md5 is correct after copying to fat32 thumb drive.
- 3. Try a different USB thumb drive or reformat it.
- 4. Install OFW 4.82 two times in a row then apply the patch using the PS3Xploit flash writer & finally install a 4.82 CFW. That should always solve the issue.
- 5. As a last resort, make a backup and format internal HDD (I just read that solved the problem for one user).
Q: when will there be a CFW or a HEN type of hack for newer ps3 models?
- CFW (Custom Firmware): Not Possible
-
HEN (Homebrew Enabler): you may be able to use homebrew (even backup managers) later on. The devs are working on it and they won't be faster or release it earlier because you ask. The PS Vita / PlayStation TV use a HEN exploit (HENkaku) to give you a idea on what a HEN is for those of you who have followed the Vita Scene.
- Keep dropping by this forum and you won't miss it once it's there. You will here it first from psx-place.com the official home of the PS3Xploit Team
Q: okay, I got a cfw installed. What do I do now?
- A: Read. There is a lot of information on this forum. Use search function for specific topics and check out this thread >> An Intro to CFW & PS3 Homebrew to get started.
Q: where can I download games?
- A: From PSN, for anything else you may want to read the forums rules! psx-place.com
--------------------------------------------------------
dIMPORTANT UPDATE (MARCH-2019) v3.0.1 was released providing support for 4.84 HFW (a new hybrid firmware that restores PS3Xploit for 4.84 OFW user's (See Link to HFW)
d
Courtesy of Team PS3Xploit:
W (Javascript, Research & Testing)
[COLOR=#003366]@esc0rtd3w[/COLOR] (Debugging, Research & Testing)
[COLOR=#003366]@habib[/COLOR] (ROP & Debugging)
[COLOR=#003366]@bguerville[/COLOR] (ROP/Javascript & Debugging)
Last edited:
.
