PS3 Ps3Xploit - An Expert's Guide from OFW to CFW (by aldostools) + A Simple Rebug CFW Install

Discussion in 'PS3 News' started by STLcardsWS, Nov 28, 2017.

By STLcardsWS on Nov 28, 2017 at 10:20 PM
  1. 7,610

    STLcardsWS Administrator

    Sep 18, 2014
    Likes Received:
    Trophy Points:
    Since the release of Ps3Xploit (NOR /NAND Flash Writer) that allowed for some PS3 Consoles to install CFW directly from 4.82 OFW there has been some user's having issue understanding the installation process, mostly from not reading or overthinking the steps. Sometimes is just needs to be explained a bit differently so new users understand some steps a bit more clearly. Plus, Thibobo has made a minor edit to 4.81.2 REBUG REX so the CFW be installed from 4.82 after executing the Ps3Xploit (without toggling QA) .Below you will see two tabs, the first one if the guide by Aldostools with the 2nd one being information about REBUG REX 4.81.2, the CFW of choice for many in the homebrew community. Its long history of being a safe stable & reliable firmware makes it an easy choice,with innovation behind the CFW in every release as well.. While it can be a very complexed firmware , it can also be very simple (standard like) CFW. To keep simple, its an easy, Just don't install the Rebug Toolbox (pkg) if that is what you pefer, but if you want to unlock the potential, install the REBUG TOOLBOX and you can toggle various settings & patches (more info on the CFW features can be found @ Hopefully this post and guide will make your OFW to CFW transition a bit more enjoyable..


    • UPDATE:
      THIS GUIDE IS for PS3XPLOIT V1, the process/exploit has changed & Improved for PS3Xploit v2.0, please view v2.0 before proceeding: >>>> LINK to v2.0

    • PS3 Developer @aldostools has provided a great tutorial that is extremely Noob Friendly written by an experienced and very knowledge PS3 developer so no better person to get you started on your CFW Journey.

      A First confirm with MinChkVer PUP that your console is compatible.
      • If your console is Super Slim or if it shows a min version equal to 3.60 or higher, your console is NOT compatible, and you will brick your console if you continue with the following steps.
      • If it shows 3.56 or a lower version, you can continue.

      B MAKE SURE that you put flsh.hex in the root of a pendrive and you inserted it in the port closest to the BD drive and that that the external device is visible on XMB on the music/video/picture column.

      • If the device does not show, the PS3 will freeze when you run the exploit. Restart the console and everything will be fine.
      • For a safest process, verify that the MD5 of flsh.hex on your USB is 8E156C99101BF36EC3EDB832982AE46D

      C Server Setup:

      1-Extract the zip file of NAND/NOR Writer for 4.82 in a folder on the desktop
      2-Open the folder and create a new folder named: htdocs
      3-Select the files "nand-482.html", "nor-482.html" and "xp_rel_writer10.js", CUT the files and PASTE them inside the folder htdocs
      4-Run miniweb.exe server. Allow access it if your firewall prompts for it.
      5- Access the server from the PS3 browser using the IP shown as host in the server window. Example:

      Or skip all these steps and simply use from the PS3 browser.

      D Set the url for the nand or nor html as home page of the PS3 browser, clean the cache, close the browser and open it again.

      E Click the button and wait until the process complete and the PS3 shutsdown. It should take no more than 10 minutes. DO NOT STOP the process once it starts.

      If it takes more than 10 minutes or show success without turn off, restart the console and repeat the process.

      F If success, put any CFW 4.82 or Rebug 4.81.2 with Syscon 4.82 (See Next Tab for Additional Rebug CFW details) on PS3/UPDATE/PS3UPDAT.PUP in your usb drive an install it from XMB or recovery.

      • Remember to eject any DISC from the Bluray drive before install CFW.
      • Once in CFW, enable the QA Flags... it will be useful if you need to change CFW later.
      • Also install Rebug Toolbox and get your eid_root_key as one of the first things.
      • Create a new user without PSN and set it as default user. It will prevent accidental auto-login that could cause a ban from PSN.
      • Never login to PSN with syscalls enabled... Always use SEN Enabler, PSNpatch or webMAN MOD to disable the syscalls before play online.
      • Do not cheat if you go online and enjoy CFW!

    • This is an UNOFFICIAL RE-RELEASE of 4.81.2 REBUG REX,
      Thibobo edited the version syscon from 4.81 to 4.82 so PUP could easily install for user's o 4.82 after exploiting vi PS3Xploit's webkit hack.

      • Unofficial Feature: Firmware Syscon Version edited to 4.82 - (Allows for installation on 4.82, useful for installing from 4.82 after executing PS3Xploit + Nor/Nand Writer ) - Thibobo
      • FEATURE – Dual LV2 Kernels CEX/DEX - (Swap your EID0/LV2 kernel using Rebug Toolbox in seconds)\
      • FEATURE – ALL Retail functions available in CEX mode - (No need to install different firmware)
      • FEATURE – ALL Debug functions available in DEX mode - (No need to install different firmware)
      • FEATURE – FULL ProDG Connectivity in DEX mode - (Full Support on both Normal mode and Cobra mode)
      • FEATURE – QA Token compatibility
      • FEATURE – OtherOS++ support enabled - (Use Rebug Toolbox to Boot OtherOS with different LV1 patches)
      • FEATURE – Package Manager - (Replacement for the standard ‘Install Package Files’ option)
      • FEATURE – FSELF compatibility - (Fake Signed ELF is supported on both CEX and DEX modes.)
      • INCLUDED – Rebug Toolbox 2.02.12 *UPDATED - (Install included Rebug Toolbox or higher for full compatibility)
      • PATCHED – Appldr: LV2 memory hash check is disabled - (Memory protection on LV2 is disabled in higher level)
      • PATCHED – LV1: Disable System Integrity Check - (Safe to use with mismatched COREOS/SYSCON versions or if PS3 is not QA enabled)
      • PATCHED – LV1: Undocumented function 114 - (Allow mapping of protected memory)
      • PATCHED – LV1: Skip all ACL Checks - (Needed to allow booting of OtherOS)
      • PATCHED – LV1: Peek and Poke support - (Unused LV1 call 182 and 183)
      • PATCHED – LV2: Peek and Poke support - (LV2 Syscall 6 and 7)
      • PATCHED – LV2: Peek and Poke support for LV1 - (LV2 Syscall 8 and 9)
      • PATCHED – LV2: LV1 CALL System call - (LV2 Syscall 10)
      • PATCHED – LV2: Allow execution of any LV2 internal function *NEW - (LV2 Syscall 15)
      • PATCHED – LV2: IDPS dump support without LV2 Peek *NEW- (LV2 Syscall 870)
      • PATCHED – Recovery: Prevent accidental OFW update while on Recovery mode
      • PATCHED – VSH: Allow Unsigned act.dat and *.rif files
      • PATCHED – VSH: Auto unlocks c00 demo contents *NEW
      • PATCHED – VSH: Disable Unlinking/Deleting of act.dat - (Improved patches applied)
      • PATCHED – VSH: Disable NEW PSP DRM Check - (Allowing unsigned PSP pkg contents on 4.75 or higher CFW)
      • PATCHED – VSH: Disable Epilepsy Warning for Faster Boot-Up Speed
      • PATCHED – VSH: XMB notification removal *NEW - (Fake Save Data Owner and Game Quit: No Request Event will not be displayed)
      • FUN FEATURE – Fake Save Data Owner - (Use Game Saves from ANY Owner)
      • FUN FEATURE – In Game Screenshot - (Allows taking screenshots in Game)
      • FUN FEATURE – Disabled flag check in PARAM for Remote Play - (For better compatibility with remote play, custom flags in PARAM is recommended)
      • FUN FEATURE – Lock/Unlock Trophies (Offline only)
      • FEATURE – Cinavia protection fully disabled - (Supports optical media/bd iso, AACS must be decrypted)
      • FEATURE – Full BD/DVD Playback support on both CEX/DEX mode - (BD/DVD movies can now be played on DEX mode, major thanks to mysis!)
      • FEATURE – COBRA 7.5 *UPDATED - (Disabled by default, Toolbox required to enable)
      • FEATURE – 1.45.09 MOD REBUG EDITION *UPDATED - (Full Webman intergration supports both CEX/DEX 4.81)
      • FEATURE – XMB CFW settings v0.1a - (XMB icons for simple CFW tasks available via REBUG TOOLBOX 2.02.12)
      • FEATURE – XMBM+ Compatibility - (XMB Manager Plus developed by Team XMBM now supported via standalone pkgs.)

      Extremely well written and explanation of these features can be found on Rebug's Official website @

    Note if using REBUG TOOLBOX (for advanced options on REBUG REX CFW) use the updated version for 4.82 Firmware you can download the latest release here from @Joonie 's (Team Rebug Developer) Github >>

    Source(s): /
    Additional info on CFW @
    Last edited: Feb 18, 2018
    Fredo, xval, svotib and 12 others like this.


Discussion in 'PS3 News' started by STLcardsWS, Nov 28, 2017.

    1. aldostools
    2. Constantine
      Hi what of ofw 4.82 on PS3 cech 3xxxB please you people should help us....thanks in advanced
    3. RandQalan
      I am going to warn you so you do not do what other have done
      one chance the hen may come sometime but leave the devs alone or you will get ban
      If when it happens it will be news here so stay tuned and do not post over and over the same?
      Warning to all in this post that want hen for unhackable slims and supper slims.
      lord3490 and bguerville like this.
    4. Constantine
      Sorry I did not know sorry we are patient thanks
    5. Spawn
      I guess a DEX pup is hard to come by, as most units are CEX, right?

      It's a shame that $ony doesn't give the option to choose pup file when downloading from PC.. :(
    6. umart666
      DEX is development image,so if someone from sony doesn't leak it,we won't get it.same as the keys for superslims.

      these days dex is almost same as more advanced regular cfw's.
    7. DeViL303
      The DEX pup is not really like keys for superslims though, the DEX pup has to be distributed by Sony to every developer with a DEX console, The private keys for signing metldr2 are never shared with anyone anywhere ever. So we will get the DEX pup after a while but we wont get the keys.
      bitsbubba likes this.
    8. bitsbubba
      So I got bored and updated my PS3 to 4.82 OFW. This time I ran the exploit on Linux Mint running miniweb with wine. Mind you Linux shows my wifi at 68%, miniweb looking directly at nor.html because I renamed it index.html. I'm back on Rebug 4.81.2
    9. RandQalan
      You just had to try something dangerous :bitsbubba::D
      bitsbubba likes this.
    10. smf
      Eventually we'll be able to factor the keys. We just need cpu power to increase at an exponential rate.
    11. pinky
      I think you can get the keys with an oscillator and looking at the white noise. I don't think many people care to try.
    12. pinky
      I take that back. someone did try. I think his name was something like modRob. I have no idea what came of that. he may have been trying to get the keys for the super slim or he may have been trying to get the keys for higher firmware. I'm not really sure. he was looking at the noise though. ;)
    13. Amits
      I have PS3 Slim CECH 2001A model
      so can i install this cfw in my model or not?
    14. pinky
      yes. you can even use minverchk to check the lowest downgradable firmware. if it says 3.56 or lower, which yours will, it can use the exploit.
      Amits likes this.
    15. 1986panzi1986
      this model does not need to use minver. it can be use exploit.

      Sent from my SM-C5010 using Tapatalk
    16. bitsbubba
      minver is just a precaution in cas they are not sure of their model and or base FW
      pinky likes this.
    17. pinky
      that's actually why I mentioned it. you could use psdevwiki for minimum firmware, but that might not be totally accurate. in fact, there's an assumed firmware version for several super slim models followed by a question mark.
    18. 1986panzi1986
      thanks @bitsbubba

      can u tell me what kind of file on ferrox xmb logo is it Gim or Png?
    19. bitsbubba
      coldbootss is one of @pinky's areas of expertise & I believe he answered you in another thread
    20. pinky
      yes, you can get d2g and g2d in my ps3 tutorials thread. if you want to create a coldboot or extract one, that's there for you.

Share This Page