PS3 4.81 STARBUCKS COBRA 7.40 CFW by Habib

Discussion in 'PS3 News' started by habib, Dec 8, 2016.

By habib on Dec 8, 2016 at 3:46 AM
  1. 364
    396
    73
    habib

    habib Developer

    Joined:
    Oct 13, 2014
    Messages:
    364
    Likes Received:
    396
    Trophy Points:
    73
    The PlayStation 3 Custom Firmware developer who has a focus on bringing new features to CFW is here with a new release for 4.81. Developer @habib has released 4.81 STARBUCKS COBRA 7.40 CFW , with an updated COBRA payload that has some interesting advancements such as a new syscall (15) added to execute any LV2 Internal function, as habib explains this will allow devs to execute their own payload at a specific address. Other details and feature about Cobra 7.40 update can be seen in the "Cobra 7.40" tab. Other features such as Cinavia protection removed so you can digitalize your personal collection without intrusion this handles all content from HDD, BDMV & BDVD, Habib cover's the new additions in the details provided..
    -STLcardsWS​
    4.81_habib_Cobra_starbucks.png


    • 4.81 STARBUCKS [w/ COBRA v7.40] CFW
      by @habib

      CHANGELOG:
      1. MADE OUT OF 4.81 OFW
      2. HAVE INSTALL PACKAGE FILES AND APP_HOME
      3. HAVE reActPSN COMPATIBILITY
      4. PATCHED LV0 TO DISABLE ECDSA CHECK
      5. PATCHED LV2 TO ADD PEEK/POKE SUPPORT
      6. PATCHED LV1 TO DISABLE LV2 PROTECTION
      7. PATCHED LV1 TO ADD PEEK/ POKE SUPPORT
      8. IT CAN RUN GAMES SIGNED WITH KEYS UP TO 4.81
      9. CAN BE UPDATED OVER ANY CFW.
      10. CAN BE UPDATED OVER 3.55 OFW
      11. NOT ADDED NO BT/BD PATCHES
      12. RSOD BYPASS
      13. REACTPSN OFFLINE PATCH ADDED
      14. BETTER SYSTEM STABILITY
      15. REMOVED CINAVIA DRM FOR HDD CONTENT
      16. REMOVED CINAVIA FOR BDMV
      17. REMOVED CINAVIA FOR BDVD
      18. QA FLAG ENABLED BY DEFAULT IF PS3 WAS QA ON 3.55
      19. COBRA 7.40
      20. SYSTEM ACTS AS A COMPLETELY NORMAL CFW WHEN COBRA DISABLED
      21. FSELF COMPATIBILITY ADDED
      22. PATCHED DOWNLOAD PLUGIN FOR DEX PKGS(FOR E.G XMBPD)
      23. ENCHANCED REMOTE PLAY
      24. REMOTE PLAY SFO FLAG OBSOLETE
      25. NO EPILEPSY WARNING
      26. SYSCALL 15 ADDED TO EXECUTE ANY LV2 INTERNAL FUNCTION​
      UPDATE (v1.01) - day zero 1.01 update released.
      • fixed ps2 issue and whats new psn

      wanna buy me cookie?

    • COBRA 7.40 Changes:
      1. stage0_base updated for faster boot timings
      2. no more debug texts overwritten for devs
      3. syscall 15 added
      4. updates hashes to cobra internally​

      UPDATE HASH:
      • Make a text file named hash_recheck.txt
      • inside the file put new hashes in format filename:hash per line(e.g vsh.self:a0000101002e6534)
      • paste this file at /dev_hdd0/hash_recheck.txt
      • reboot ps3 and then reboot again
      SYSCALL 15:
      • allows calling of any lv2 internal function like internal memcpy to dump lv2. e.g(memcpy(dst, source, size, symbol);)
      • this also allows developers to execute their own payload at an address e.g you paste payload at 0x3d98 and then execute through sc15
      • example has been attached with new include file named "sc10_15.h"
      OTHER CHANGES COMPARED:
      • with ALL the current cobra cfw released they have a stage0 bug which overwrites another function stack, which could cause instability
      • one i checked didnt had hdd cinavia patched, this has it done

    Download: 4.81 STARBUCKS COBRA v7.40
    MD5:15660d36c3aa5197c97c87643acdca3c
     
    Last edited by a moderator: Dec 8, 2016

Comments

Discussion in 'PS3 News' started by habib, Dec 8, 2016.

    1. baileyscream
      baileyscream
      That was it yes
      Qa didn't always work after the change. Sometimes toggle had to be re-run.
      But it didn't always turn off
      This was before you made your toggle's
      It was when I was doing simplifying the cex -dex conversion steps using idpset before it was put into toolbox
      so it was the target part of the idps that was changing not the rest.

      So I understand it that it reads the idps
      Puts it inside the token
      Sets the token in place
      Token matches the idps of the console and shows the debug settings
      So when it stops matching the debug settings don't show



      Sent from my iPhone using Tapatalk
      bguerville, Joonie and DeViL303 like this.
    2. baileyscream
      baileyscream
      Habibs toggles are looking at eid5

      Rebug 355 toggle and the option in toolbox may be also be looking at eid5 also but I think there looking at eid0
      But either way you change both when you perm change your idps
      And you change just eid0 when you change target for dex conversion
      (So with that in mind it makes more sense that toolbox is also looking at eid5)

      But yes
      Permanently change your idps and it resets the toggle


      Sent from my iPhone using Tapatalk
      bguerville likes this.
    3. Joonie
      Joonie
      Eid5 has never been used for token verification according to CMX


      Sent from my iPhone using Tapatalk
      bguerville likes this.
    4. habib
      habib
      signature is generated separately and is entirely different.
      token consists:
      1.idps
      2.flags
      3.hmac
      4.signature.
      and then it is encrypted and stored in eeprom and the bit to check the flag is set on
      I'm not entirely sure that qa would work in dex or if idps is changed, I think it wont because eid0 section0 idps wont match with the one set in token

      and I THINK setting qa in dex with dex idps will cause brick, idk if true
    5. habib
      habib
      untrue
      idps is encrypted in eid0
      no one saw unencrypted eid5 but Its almost certain to have idps inside too
      Last edited: Dec 11, 2016
    6. Joonie
      Joonie
      Well the only way to brick = 4.30+ ofw on converted retail, but @zecoxao and I did weird stuff with dex leaves that allowed my retail to install dex ofw 4.30+


      Sent from my iPhone using Tapatalk
    7. habib
      habib
      because of lv1ldr patch
    8. Joonie
      Joonie
      Yeah but dex ofw 4.30+ doesn't have it patched, weird thing though, I've never got brick while on cex ofws, regardless of its qa token being legit or not (perma idps change)


      Sent from my iPhone using Tapatalk
    9. baileyscream
      baileyscream
      I know that's why you need the eeid key

      Yes eid5 has idps. When you change your idps in idpset you can save to just eid0 or both eid0 & eid5
      Then you can use eid5's idps to get online as a cex console on dex console
      If you don't save it to eid5 then when you try to get online with eid5 your still banned.
      Or have I misunderstood your reply completely? It's very late for us both ;)


      Sent from my iPhone using Tapatalk
    10. WTF-IGO
      WTF-IGO
      Hi Guyz.

      I have read the whole thread.
      I have tried to reproduce the thing with "QA-Flag, QA-Re-flag"...


      My PS3-System:

      - PS3 Slim 2K:
      - CECH-2504
      - Date-Code: 0D
      - Motherboard: JSD-001
      - Intact PS3-NOR-CHIP --> No RSoD
      - Mod: E3-Flasher with E3-Linker
      - 2 valid IPDS's (one in PS3-NOR and the second for PSN Patch 2015.11/A)
      - 2 local users, for each user a valid PSN-Axx
      - REBUG_4.80.1_REX_COBRA_7.3 (currently: CEX-Mode & COBRA-Mode)
      - Twice CFW-Installation: (ROS0: 480.000 & ROS1: 480.000)
      - Done with "Custom Firmware Tools": "Check File System" & "Rebuild Database"
      - Latest WebMan-Mod (Full)
      - Latest MultiMan

      I am thinking, that there is a potentially bug with QA-Toggle.
      @jonnie. Maybe there would be another (better, more logically) possibility, i don't know.


      I will try it to explain:

      When i disable "Toggle QA Flag" in Rebug Toolbox, i can still see the "Debug Settings" and the activated "System Update Debug" but i can't see "Update via System Storage" and "Delete Update Data on System Storage".

      When i enable "Toggle QA Flag" in Rebug Toolbox, i can see all these functions, as you guyz allready said.

      Ok, we can change the "XMB Operation Mode" from "Debug" to "Retail" in Rebug Toolbox. Then the "Debug Settings" will optically disappear. Then we are able to make the button combo (Network-Settings) after every new boot and "Debug Settings" come optically back (together with "Edy Viewer" and "Install Package Files").


      Sorry for my bad english...

      Greetingz to you, Guyz.
      Last edited: Dec 11, 2016
    11. baileyscream
      baileyscream
      And the images of your consoles hardware help how?
      No offence but come on there is no need for the post bloat


      Sent from my iPhone using Tapatalk
    12. Joonie
      Joonie
      Debug vsh has that debug setting auto enabled, regardless of qa flagging, however system update debug doesn't work properly when it's not toggled.

      Basically you won't be able to update from pups inside dev_hdd0


      The thing about debug setting is not a bug at all


      Sent from my iPhone using Tapatalk
      DeViL303 and pinky like this.
    13. WTF-IGO
      WTF-IGO
      I have deleted the images.
    14. WTF-IGO
      WTF-IGO
      Yes, i understand. Thanks.
    15. habib
      habib
      You cant change eid5 except the idps header
      And i dont think eid5 is ever used in ps3
      I think eid0 section 0 idps changing alone will allow you to go online
    16. habib
      habib
      That brick occurs when console has dex target id and eid0 section 0 ecdsa check is failed ;)
    17. ext10
      ext10
      Yes, the first one, i saw that it was enabled. I changed it when noobzilla suggested to disable it and enable it again.
      bitsbubba and DeViL303 like this.
    18. DeViL303
      DeViL303
      Yeah that's what I thought. Seems this has happened to a few people.
      ext10 likes this.
    19. Joonie
      Joonie
      Yeah but you don't know what @zecoxao did to make that ecdsa check passed on my retail converted xD last ofw I tested was DEX OFW 4.78


      Sent from my iPhone using Tapatalk
    20. habib
      habib
      Id actually love to hear on that lol

      EDIT:
      A legit leaf from dex
      Obviously would work due to ecdsa sig true
      Last edited: Dec 12, 2016

Share This Page