PS3 Ps3Xploit Tools v2.0 - Improved Flash Writers & Dumpers (Even easier to install CFW on 4.82 OFW )

UPDATE 04-02-2020
These tools have been superseded by the BG Toolset
** www.** ** www.ps3xploit.net > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com) > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com > Domain no Longer owned by team** (NEW URL = http://ps3toolset.com)/bgtoolset/










UPDATE (OCT. 11 2018) - With the release of OFW 4.83 portions of PS3Xploit have been patched, The team is looking at workarounds, STAY ON 4.82, DO NOT UPDATE TO 4.83 AT THIS TIME:
IMPORTANT UPDATE (MARCH-2019) v3.0.1 was released providing support for 4.84 HFW (a new hybrid firmware that restores PS3Xploit for 4.84 OFW user's (See Link to HFW)
dI will start this off with NO you can not jailbreak your PS3 SuperSlim Console's (seems to be a popular question), however that does not mean the Ps3Xploit Team, (bguerville, esc0rtd3w, habib & W), has not been hard at work, with this new release of Ps3Xploit v2.0.. In this release all the tools (IDPS Dumper, Flash Dumper & Flash Writer) have seen significant improvements and now performing the task such as installing a Custom Firmware on your 4.82 OFW PS3 (with flash writer) has been made even easier and very stable thanks to the team's new checks implemented and progression of the exploit. The Flash and IDPS dumper are also much improved. All the details are provided below please read all the spoiler and tabs before asking any questions.
-STLcardsWS​

PS3Xploit_Tools_v2.jpg


PS3Xploit 2.0 Tools Now LIVE!!
Ps3Xploit 2.0 Release >> IMPORTANT DETAILS << FLASH DUMPER TOOL FLASH WRITER IDPS DUMPER

  • Included Tools
    • 4.XX IDPS DUMPER
    • 4.XX FLASH DUMPER (USB Edition)
    • 4.XX FLASH DUMPER (HDD Edition)
    • 4.82 NOR/NAND WRITER (USB Edition)
    • 4.82 NOR/NAND WRITER (HDD Edition)
    Ps3Xploit Tools Changelogs
    v2.0
    • Freeze issues - Fixed
    • Occasional bad dumps - Fixed
    • No beeps & shutdown. Replaced by a graceful ROP chain exit & return to browser. This gives the opportunity to the user to dump after patching & validate the dump with littlebalup's py checker. As long as the user does not shutdown/restart, it's still possible to recover from bad patching.
    • Support for usb port 0,1,6 + sd/cf/ms cards.
    • Multi firmware support on all dumpers (4.10+) & DEX support on 4.81.
    • HDD editions for all dumpers & flash writer where a picture file placeholder is used for read/write operations.
    • Javascript refactoring for performance & efficiency.
    • **ps3xploit.com >Domain no Longer owned by team** (ps3xploit.me =new) will host the 2.0 update, no need for 3rd party sites.

    v1.0 (Thanksgiving 2017 Release)
    • Supports Direct OFW to CFW patching for All Phat and 2xxx Slim (minver 3.56 Dec 2010 and lower)
    • the NOR/NAND writer will just copy 3Mb of CoreOS data to both ros0 & ros1 in the flash memory.
    • There is only one version released for 4.82. The same hex patch file can be used on nor & nand.
    • It's as safe as possible, with a check for usb device & patch file making the exploit hang instead of corrupting flash if file is not found.
    • In case of corruption (extremely rare but could always happen), it's only a partial brick because no per console info ever gets erased so a hardware flasher could still be used if ever a recovery reboot was impossible



  • Frequency Asked Questions

    Will this jailbreak my SuperSlim?
    • NO,The Flasher Writer Tool is not Supported on the SuperSlim and a some very late Slim models, Howeever, PS3Xploit has a strong possiablity to eventually evolve into a HEN style exploit (that aspect will take some additional development.)

    Which PS3Xploits Tools are Compatible with my PS3 Console?
    FAT SLIM SuperSlim


    • 9199-7853467153566ba1908c9b32aa331bb5.jpg.png
      Check this sticker on the back of your PS3 to view your PS3 Model.
      Flash Writer Model Compatibility (PHAT):
      • CECH-A01 (NAND)
      • B (NAND)
      • C (NAND)
      • E (NAND)
      • G (NAND)
      • H (NOR)
      • J (NOR)
      • K (NOR)
      • L (NOR)
      • M (NOR)
      • P (NOR)
      • Q (NOR)

      All DUMPER (FLASH/IDPS) & FLASH WRITER TOOLS are Supported for this model.


    • 9200-4361b3a6a7359ffe524f966d4eeca4bc.jpg.png
      Check this sticker on the back of your PS3 to view your PS3 Model.

      ***IMPORTANT***
      You must pay very close attention to your PS3 SLIM Models depending on when the PS3 SLIM was manufactured will determine if your console can install CFW (Flasher Writer Compatibility).

      For the 25XX series or even if your unsure about any of the models it is reccomnded you run the minverchk PUP >> (DOWNLOAD) & (How to use Minverchk) its a simply utility that show the factory installed firmware on your ps3 and for the CECH-25XX model if the utility shows 3.56 or lower you are compatible but if it shows 3.60 and higher that means your are NOT compatible to use the Flash Writer (CFW enabler for 4.82 CFW)

      • Flash Writer Model Compatibility (SLIM):
        • 20XX NOR
        • 21XX NOR
        • 25XX NOR (3.56 minver. and Lower)
      • NOT COMPATIBLE (SLIM):
        • 25XX NOR (3.60 and Higher)
        • 3XXX NOR


      All DUMPER (FLASH/IDPS) TOOLS are Supported for this model.



    • 9203-5ab5229a0530b0274c59419c8b4f8987.jpg
      Check this sticker on the back of your PS3 to view your PS3 Model.
      • FLASH WRITER NOT COMPATIBLE (SUPERSLIM):
        • 4XXXA EMMC
        • 4XXXB NOR
        • 4XXXC NOR
      All DUMPER (FLASH/IDPS) TOOLS are Supported for this model.


    Where can i find official info and details?
    • Official Website (Exploit Hosting / Info) @ ** http://www.**ps3xploit.com >Doma...no Longer owned by team** (ps3xploit.me =new)
    • Official Ps3Xploit Forum (Support/News/Info): @ http://www.psx-place.com/forums/PS3Xploit/
    Warning: Known Limitation
    • Due to the lack of proper checks after exiting the ROP chain, it is possible in some cases to obtain a success message despite an operation failure. For instance, if you choose a path where no device is plugged in, a dumper page will still display a success message despite the fact the dump save could not work. This limitation has already been addressed, the added operation checks will be part of an update to these PS3Xploit tools which will be released in the coming weeks, that update will be final, no more will come after it


  • FLASH Dumper's Help

    USB EDITION HDD EDITION

    • PS3 4.xx NAND/NOR/EMMC FLASH DUMPER v2.0
      All PS3 models supported
      All 4.10+ CEX CFW/OFW supported
      4.81 DEX CFW/OFW supported

      IMPORTANT NOTES:
      • It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically....
      • So in short, never use the browser or use a homepage you cancel before running the exploit!
      • It is recommended to set your homepage temporarily to the exploit page you wish to use to ensure there is no memory flooding messing with the exploit initialization stage.
      Steps:
      1. Open the browser & browse to the **ps3xploit.com >Domain no Longer owned by team** (ps3xploit.me =new) website, go to the page of the exploit you need. Set the current page as browser homepage. Don't launch the exploit initialization. Close the browser.
      2. Open the browser. The exploit page will load automatically. Choose your dump path option.
      3. Press the exploit initialization button & wait until initialization succeeds. If it fails, follow the refresh/reload instructions on screen.
      4. Trigger the exploit by pressing the dump button.
      5. On success, validate your dump with the py checker tool.

    • PS3 4.xx NAND/NOR/EMMC FLASH DUMPER - HDD EDITION v2.0

      All PS3 models supported
      All 4.10+ CEX CFW/OFW supported
      4.81 DEX CFW/OFW supported

      IMPORTANT NOTES:
      • It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically....
      • So in short, never use the browser or use a homepage you cancel before running the exploit!
      • It is recommended to set your homepage temporarily to the exploit page you wish to use to ensure there is no memory flooding messing with the exploit initialization stage.
      Steps:
      1. Open the browser & browse to the **ps3xploit.com >Domain no Longer owned by team** (ps3xploit.me =new) website, go to the page of the exploit you need. Set the current page as browser homepage. Don't launch the exploit initialization. Close the browser.
      2. Open the browser. The exploit page will load automatically. Download the dump.jpg placeholder file to your PS3 System Storage using the provided link as instructed on screen.
      3. Press the exploit initialization button & wait until initialization succeeds. If it fails, follow the refresh/reload instructions on screen.
      4. Trigger the exploit by pressing the dump button.
      5. On success, retrieve the dump file from the PS3 XMB Photo section, rename it appropriately to dump.hex or whatever & validate your dump with the py checker tool.


    Usage Tips:
    • Try using a LAN connection or a solid WiFi connection during exploitation. A weak signal can cause problems.
    • If the exploit takes more than 5 minutes to work, reload page, browser, or restart console and try again.
    • ]If you are using a LAN connection and experience network issues, make sure all cables to router are in working order.



  • USB EDITION HDD EDITION

    • PS3 OFW 4.82 NAND/NOR FLASH WRITER v2.0
      ***** IMPORTANT DETAILS BELOW -- AVOIDING A BRICK *****
      WARNING: USE ONLY THE PROVIDED flash_482.hex AS IS. DON'T PATCH IT OR MODIFY IT OR YOU WILL BRICK *****
      • Verify flash_482.hex file on a flash drive and in the selected USB slot!
        • flash_482.hex MD5: d05be52f8d21700052fbd1fc0174acae
      • DO NOT USE ON CFW (Custom Firmware) (Only Supports OFW)
      • DO NOT USE ON PS3 Models 3xxx/4xxx (aka late Slim or Superslim models), you would brick those consoles.
      • ON SLIM 2xxx Consoles, always use MinVerChck PUP to ensure that the minimum installable firmware version is < 3.60, if ever the minimum version is >3.56, using the flash writer would partially brick your console!
      • USE ONLY ON 4.82 OFW

      IMPORTANT NOTES:
      • It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to ps3 javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded due to previous browsing then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically..
      • So in short, never use the browser or use a homepage you cancel before running the exploit!
      • It is recommended to set your homepage temporarily to the exploit page you wish to use to ensure there is no memory flooding messing with the exploit initialization stage.

      Steps:
      For best results with flash writer, here are the recommended steps.
      1. Install OFW 4.82 twice on the console you wish to flash to avoid the potential corruption error during CFW installation.
      2. Open the browser & browse to the **ps3xploit.com >Domain no Longer owned by team** (ps3xploit.me =new) website, go to the page of the exploit you need. Set the current page as browser homepage. Don't launch the exploit initialization. Close the browser.
      3. Open the browser. The exploit page will load automatically. Choose your path option.
      4. Press the exploit initialization button & wait until initialization succeeds. If it fails, follow the refresh/reload instructions on screen.
      5. Trigger the exploit by pressing the patch button.
      6. On success, load the **ps3xploit.com >Domain no Longer owned by team** (ps3xploit.me =new) flash dumper, dump the flash memory & validate it with py checker tool. Do NOT restart the console if ever the validation tool gives you errors/warnings on both ros0 & ros1 or you risk to partially brick your console. Report your problem instead.
      7. When you are satisfied with the dump validation, restart your console & install a 4.82 CFW.


    • PS3 OFW 4.82 NAND/NOR FLASH WRITER - HDD EDITION v2.0
      ***** IMPORTANT DETAILS BELOW -- AVOIDING A BRICK *****
      WARNING: USE ONLY THE PROVIDED flash_482.jpg AS IS. DON'T PATCH IT OR MODIFY IT OR WILL BRICK *****
      • YOU
      • Download flash_482.jpg file to PS3 System Storage!
        • flash_482.jpg MD5: d05be52f8d21700052fbd1fc0174acae
      • DO NOT USE ON CFW (Custom Firmware) (Only Supports OFW)
      • DO NOT USE ON PS3 Models 3xxx/4xxx (aka SuperSlims / Late Slim models), you would brick those consoles.
      • ON SLIM 2xxx Consoles, always use MinVerChck PUP to ensure that the minimum installable firmware version is < 3.60, if ever the minimum version is >3.56, using the flash writer would partially brick your console!
      • USE ONLY ON 4.82 OFW

      IMPORTANT NOTES:
      • It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to ps3 javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded due to previous browsing then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically..
      • So in short, never use the browser or use a homepage you cancel before running the exploit!
      • It is recommended to set your homepage temporarily to the exploit page you wish to use to ensure there is no memory flooding messing with the exploit initialization stage.
      Steps:
      For best results with flash writer, here are the recommended steps.
      1. Install OFW 4.82 twice on the console you wish to flash to avoid the potential corruption error during CFW installation.
      2. Open the browser & browse to the **ps3xploit.com >Domain no Longer owned by team** (ps3xploit.me =new) website, go to the page of the exploit you need. Set the current page as browser homepage. Don't launch the exploit initialization. Close the browser.
      3. Open the browser. The exploit page will load automatically. Download the patch file flash_482.jpg to your PS3 System Storage using the provided link on screen.
      4. Press the exploit initialization button & wait until initialization succeeds. If it fails, follow the refresh/reload instructions on screen.
      5. Trigger the exploit by pressing the patch button.
      6. On success, load the **ps3xploit.com >Domain no Longer owned by team** (ps3xploit.me =new) flash dumper, dump the flash memory & validate it with py checker tool. Do NOT restart the console if ever the validation tool gives you errors/warnings on both ros0 & ros1 or you risk to partially brick your console. Report your problem instead.
      7. When you are satisfied with the dump validation, restart your console & install a 4.82 CFW.

    Usage Tips:
    • Try using a LAN connection or a solid WiFi connection during exploitation. A weak signal can cause problems.
    • If the exploit takes more than 5 minutes to work, reload page, browser, or restart console and try again.
    • ]If you are using a LAN connection and experience network issues, make sure all cables to router are in working order.

  • PS3 4.xx IDPS DUMPER v2.0

    All PS3 models supported
    All 4.10+ CEX CFW/OFW supported
    4.81 DEX CFW/OFW supported

    IMPORTANT NOTES:
    • It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically....
    • So in short, never use the browser or use a homepage you cancel before running the exploit!
    • It is recommended to set your homepage temporarily to the exploit page you wish to use to ensure there is no memory flooding messing with the exploit initialization stage.
    Steps:
    1. Open the browser & browse to the **ps3xploit.com >Domain no Longer owned by team** (ps3xploit.me =new) website, go to the page of the exploit you need. Set the current page as browser homepage. Don't launch the exploit initialization. Close the browser.
    2. Open the browser. The exploit page will load automatically. Choose your dump path option.
    3. Press the exploit initialization button & wait until initialization succeeds. If it fails, follow the refresh/reload instructions on screen.
    4. Trigger the exploit by pressing the dump button.
    5. On success, check your idps dump with an hex editor.

Source Code & Downloads:
NOR/NAND/EMMC/IDPS 4.xx Dumpers v2.0 Update
NOR/NAND 4.82 Flash Writer v2.0 Update
flash_482.hex (already included in the Flash Writer 2.0 archive) MD5: d05be52f8d21700052fbd1fc0174acae
MinVerChck PUP

IMPORTANT UPDATE (MARCH-2019) v3.0.1 was released providing support for 4.84 HFW (a new hybrid firmware that restores PS3Xploit for 4.84 OFW user's (See Link to HFW)

Exploits now hosted @ **ps3xploit.com >Domain no Longer owned by team** (ps3xploit.me =new)
Official Support Forum: psx-place.com/forums/PS3Xploit/
 
Last edited:
Click to expand...
bguerville
gosseux said:
any idea how to check the file then ? :(

edit: I googled javascript md5 function and I found this https://github.com/emn178/js-md5 and this https://github.com/blueimp/JavaScript-MD5 and many other pages
Click to expand...
Js does not have access to local files which means you would probably need to implement 2 chains, one that loads the binary file into a js variable placeholder (3Mb big), exit gracefully back to js for checks, then trigger another rop chain to do the process in case of md5 comparison success.
It's probably feasible but it's a fair amount of work & 3Mb is a very big variable, it may or not be an issue.
 
gosseux
bguerville said:
Js does not have access to local files which means you would probably need to implement 2 chains, one that loads the binary file into a js variable placeholder (3Mb big), exit gracefully back to js for checks, then trigger another rop chain to do the process in case of md5 comparison success.
It's probably feasible but it's a fair amount of work & 3Mb is a very big variable, it may or not be an issue.
Click to expand...
in fact only the first chain is needed because the web page must be closed to clear memory for the xploit. So the steps would be download jpg, check jpg close browser. I am just suggesting things to help. You already spend lot of time on this project. If it's not easy to do well don't waste time on these features. You should be proud of what you already did, if you're not we are !
 
bguerville
gosseux said:
in fact only the first chain is needed because the web page must be closed to clear memory for the xploit. So the steps would be download jpg, check jpg close browser. I am just suggesting things to help. You already spend lot of time on this project. If it's not easy to do well don't waste time on these features. You should be proud of what you already did, if you're not we are !
Click to expand...
Thanks.
It may not be necessary to clear memory for a second chain, an extra couple of jump string might be sufficient to do all in one go.
Anyway, I will look into the js md5 libraries & see whether or not it would be complicated to implement such a check on a 3Mb file. If not, I might add it to v3.
 
Last edited:
U
Is there a good thorough documentation on how the exploit works?
Maybe somebody could explain in a nutshell?
For example the flash write routines are made with rop, I guess you cannot use internal functions?
And maybe a few words on flash_482.hex, how does it make cfw installation possible.
(I have an idea on PS3 security, watched every fail0verflow video I could find.)
 
gosseux
flash_482.jpg is considered corrupted by the ps3. Is there another extension to prevent this ?
if yes, an online md5 checker can be use after download

btw, a small triangle should be added to the flasher pages on the links like in the dumper pages
 
R
bguerville said:
I am adding all the checks I can in v3. You will get the details when it's out.
But a complete foolproof solution that checks absolutely everything in its own, from file integrity to patch integrity will not happen, or at least I won't be making it.
V3 will be final, it will be as good as I can reasonably make it then I am moving on to another project full time. If people want to take the tools project over from there, they are welcome to, the source is always avalable .
Click to expand...

Hi, new to the forum some really cool work here being done and the only forum you can actually trust. I have a quick question regarding the V3, because it is the final release, will this release have support for the super slims as i have one? Or should i sell and try to get a ps3 phat.
 
sandungas
While reading your suggestions im thinking in a more simple safety check to the flash_482.hex file
The idea is to make a sum of all the bytes by cummulating all them

Lets say we have a file with size 8 bytes and contents: 0x00100000000000EF
The total sum is 0x10 + 0xEF = 0xFF

Another file with size 8 bytes and contents: 0x1020304050607080
The total sum is 0x10 + 0x20 + 0x30 + 0x40 + 0x50 + 0x60 + 0x70 + 0x80 = 0x1A0

------------------
Is a low accuracy check... but you are checking all the bytes of the file flash_482.hex
 
bguerville
gosseux said:
flash_482.jpg is considered corrupted by the ps3. Is there another extension to prevent this ?
if yes, an online md5 checker can be use after download

btw, a small triangle should be added to the flasher pages on the links like in the dumper pages
Click to expand...
All ps3 supported picture file extensions will give you the same corrupted media title, the ps3 cannot get a thumbnail or media info from an invalid media file. And it should be the same for Audio/Video extensions in their respective column.
Is there a way around that?
Not an obvious one in any case.
 
bguerville
Riyaadh said:
Hi, new to the forum some really cool work here being done and the only forum you can actually trust. I have a quick question regarding the V3, because it is the final release, will this release have support for the super slims as i have one? Or should i sell and try to get a ps3 phat.
Click to expand...
v3 will NOT support superslims.
And the ps3xploit tools will NEVER enable CFW on post 3.56 consoles.
Slim 3xxx & Superslim consoles will most likely NEVER be CFW compatible anyway.
There is no point waiting or hoping, it's NOT going to happen. At best, there might be a future hack enabling you to run homebrews & backups etc..but it won't be a CFW per se.
If you want CFW, get yourself a slim 2xxx.
 
esc0rtd3w
gosseux said:
Maybe a new feature to identify ps3 model and minver ? (for ps3 with bad stickers)
Click to expand...
for the time being, the tutorial files do support MinVer check for checking on models that may have a bad sticker. a standalone minver checker would be simple to do if the demand was high enough, until we could get it into v3.
 
bguerville
unseen said:
Is there a good thorough documentation on how the exploit works?
Maybe somebody could explain in a nutshell?
For example the flash write routines are made with rop, I guess you cannot use internal functions?
And maybe a few words on flash_482.hex, how does it make cfw installation possible.
(I have an idea on PS3 security, watched every fail0verflow video I could find.)
Click to expand...
No fully detailed documentation for various reasons among which:
1. Nobody sufficiently skilled has ever expressed any interest whatsoever in contributing to or modifying the code.
2. The webkit tutorial already explains the workings of the exploit really, not the flash writer in particular but overall. That's where anybody interested should start.
3. It takes time to write proper documentation, I am spending mine on development, not on doc writing that is likely to serve no other purpose than provide some difficult reading to a handful of curious ppl.
Sorry.
 
bguerville
esc0rtd3w said:
for the time being, the tutorial files do support MinVer check for checking on models that may have a bad sticker. a standalone minver checker would be simple to do if the demand was high enough, until we could get it into v3.
Click to expand...
A separate tool would serve no purpose & be redundant when we already have the MinVerChk pup.
As to adding it to v3, we will see...
 
bguerville
errorfree said:
Dumper tested on super slim 4004A - dump OK, idps OK, nor flash not tested because excluding 4xxx-a message.
Click to expand...
Rev A consoles (12Gb) do not use NOR, they use emmc. The flash writer is not compatible with any console past slim 25xx models, nor or emmc, which are all cfw incompatible.
You did well to heed the warning or you would have fully bricked your console given the fact that no hardware flasher support emmc.
 
R
bguerville said:
v3 will NOT support superslims.
And the ps3xploit tools will NEVER enable CFW on post 3.56 consoles.
Slim 3xxx & Superslim consoles will most likely NEVER be CFW compatible anyway.
There is no point waiting or hoping, it's NOT going to happen. At best, there might be a future hack enabling you to run homebrews & backups etc..but it won't be a CFW per se.
If you want CFW, get yourself a slim 2xxx.
Click to expand...
Thank you for the response, needed that clarity. Keep up the awsome work
 
errorfree
bguerville said:
Rev A consoles (12Gb) do not use NOR, they use emmc. The flash writer is not compatible with any console past slim 25xx models, nor or emmc, which are all cfw incompatible.
You did well to heed the warning or you would have fully bricked your console given the fact that no hardware flasher support emmc.
Click to expand...

There are many emmc programmers, but I'm not crazy enought to buy all of then for 200$+ per piece, and desolder/solder many times bga just to test it... because one compatible PS3 is just 100$. :)
 
bguerville
errorfree said:
There are many emmc programmers, but I'm not crazy enought to buy all of then for 200$+ per piece, and desolder/solder many times bga just to test it... because one compatible PS3 is just 100$. :)
Click to expand...
Sure, technically speaking it's feasible to write to emmc however in practice I doubt that 99.99% of people are able to use the required hardware, do the soldering (no clip) & use whatever software, all without dedicated help or documentation whatsoever...
 
dazzaXx
Noticed a slight issue, i don't know if anyone else has reported this so sorry if it already has been. Whilst dumping the NAND on a CECHC03 after patching, the py checker tool stated that the ROS0 Hash failed the check with the version of it being Unknown. Whereas the ROS1 was in fact the PS3Xploit 4.82 flash i used before hand. After flashing and dumping multiple times it always gave me the same ROS0 Hash error. I decided to risk it and proceed with installing Rebug 4.82.1 LITE, to my suprise when it booted, it was successfully jailbroken. I know the ROS0 is the the system software version as after i installed Rebug and dumped again, both ROS0 and ROS1 were fine stating what versions they were.

Just thought i'd share in case anyone else had the problem, but bare in mind if you decide to yolo it and do what i did and it doesnt work, dont blame me for it lol.

P.S. Once i installed 4.82 Rebug, i was able to downgrade toggling the QA Flag and installing 4.81.2 Rebug REX, successfully converting it from CEX to DEX via eid_root_key dumping, LV2 Kernel Swapping, etc. then installing the D-REX version of the 4.81.2 Rebug.
 
Last edited:
bguerville
dazzaXx said:
Noticed a slight issue, i don't know if anyone else has reported this so sorry if it already has been. Whilst dumping the NAND on a CECHC03 after patching, the py checker tool stated that the ROS0 Hash failed the check with the version of it being Unknown. Whereas the ROS1 was in fact the PS3Xploit 4.82 flash i used before hand. After flashing and dumping multiple times it always gave me the same ROS0 Hash error. I decided to risk it and proceed with installing Rebug 4.82.1 LITE, to my suprise when it booted, it was successfully jailbroken. I know the ROS0 is the the system software version as after i installed Rebug and dumped again, both ROS0 and ROS1 were fine stating what versions they were.

Just thought i'd share in case anyone else had the problem, but bare in mind if you decide to yolo it and do what i did and it doesnt work, dont blame me for it lol.

P.S. Once i installed 4.82 Rebug, i was able to downgrade toggling the QA Flag to 4.81.2 Rebug and successfully converting it from CEX to DEX.
Click to expand...

When you patch CoreOS, you will get the currently inactive ros corrupted & the active ros valid. It is perfectly normal as already explained in this thread.
 
pink1
bguerville said:
All ps3 supported picture file extensions will give you the same corrupted media title, the ps3 cannot get a thumbnail or media info from an invalid media file. And it should be the same for Audio/Video extensions in their respective column.
Is there a way around that?
Not an obvious one in any case.
Click to expand...
With a jpg you can put your payload before the last 2 bytes (FF D9) and the ps3 will still read it.
So with this one from the dumper you'd start at 0x1EA0 and skip the last 2 bytes.
 

Attachments

You must log in or register to reply here.

Similar threads

Featured content

Trending content

Latest posts

Back
Top