PS3 Ps3Xploit - An Expert's Guide from OFW to CFW (by aldostools) + A Simple Rebug CFW Install

Discussion in 'PS3 News' started by STLcardsWS, Nov 28, 2017.

By STLcardsWS on Nov 28, 2017 at 10:20 PM
  1. 7,606

    STLcardsWS Administrator

    Sep 18, 2014
    Likes Received:
    Trophy Points:
    Since the release of Ps3Xploit (NOR /NAND Flash Writer) that allowed for some PS3 Consoles to install CFW directly from 4.82 OFW there has been some user's having issue understanding the installation process, mostly from not reading or overthinking the steps. Sometimes is just needs to be explained a bit differently so new users understand some steps a bit more clearly. Plus, Thibobo has made a minor edit to 4.81.2 REBUG REX so the CFW be installed from 4.82 after executing the Ps3Xploit (without toggling QA) .Below you will see two tabs, the first one if the guide by Aldostools with the 2nd one being information about REBUG REX 4.81.2, the CFW of choice for many in the homebrew community. Its long history of being a safe stable & reliable firmware makes it an easy choice,with innovation behind the CFW in every release as well.. While it can be a very complexed firmware , it can also be very simple (standard like) CFW. To keep simple, its an easy, Just don't install the Rebug Toolbox (pkg) if that is what you pefer, but if you want to unlock the potential, install the REBUG TOOLBOX and you can toggle various settings & patches (more info on the CFW features can be found @ Hopefully this post and guide will make your OFW to CFW transition a bit more enjoyable..


    • UPDATE:
      THIS GUIDE IS for PS3XPLOIT V1, the process/exploit has changed & Improved for PS3Xploit v2.0, please view v2.0 before proceeding: >>>> LINK to v2.0

    • PS3 Developer @aldostools has provided a great tutorial that is extremely Noob Friendly written by an experienced and very knowledge PS3 developer so no better person to get you started on your CFW Journey.

      A First confirm with MinChkVer PUP that your console is compatible.
      • If your console is Super Slim or if it shows a min version equal to 3.60 or higher, your console is NOT compatible, and you will brick your console if you continue with the following steps.
      • If it shows 3.56 or a lower version, you can continue.

      B MAKE SURE that you put flsh.hex in the root of a pendrive and you inserted it in the port closest to the BD drive and that that the external device is visible on XMB on the music/video/picture column.

      • If the device does not show, the PS3 will freeze when you run the exploit. Restart the console and everything will be fine.
      • For a safest process, verify that the MD5 of flsh.hex on your USB is 8E156C99101BF36EC3EDB832982AE46D

      C Server Setup:

      1-Extract the zip file of NAND/NOR Writer for 4.82 in a folder on the desktop
      2-Open the folder and create a new folder named: htdocs
      3-Select the files "nand-482.html", "nor-482.html" and "xp_rel_writer10.js", CUT the files and PASTE them inside the folder htdocs
      4-Run miniweb.exe server. Allow access it if your firewall prompts for it.
      5- Access the server from the PS3 browser using the IP shown as host in the server window. Example:

      Or skip all these steps and simply use from the PS3 browser.

      D Set the url for the nand or nor html as home page of the PS3 browser, clean the cache, close the browser and open it again.

      E Click the button and wait until the process complete and the PS3 shutsdown. It should take no more than 10 minutes. DO NOT STOP the process once it starts.

      If it takes more than 10 minutes or show success without turn off, restart the console and repeat the process.

      F If success, put any CFW 4.82 or Rebug 4.81.2 with Syscon 4.82 (See Next Tab for Additional Rebug CFW details) on PS3/UPDATE/PS3UPDAT.PUP in your usb drive an install it from XMB or recovery.

      • Remember to eject any DISC from the Bluray drive before install CFW.
      • Once in CFW, enable the QA Flags... it will be useful if you need to change CFW later.
      • Also install Rebug Toolbox and get your eid_root_key as one of the first things.
      • Create a new user without PSN and set it as default user. It will prevent accidental auto-login that could cause a ban from PSN.
      • Never login to PSN with syscalls enabled... Always use SEN Enabler, PSNpatch or webMAN MOD to disable the syscalls before play online.
      • Do not cheat if you go online and enjoy CFW!

    • This is an UNOFFICIAL RE-RELEASE of 4.81.2 REBUG REX,
      Thibobo edited the version syscon from 4.81 to 4.82 so PUP could easily install for user's o 4.82 after exploiting vi PS3Xploit's webkit hack.

      • Unofficial Feature: Firmware Syscon Version edited to 4.82 - (Allows for installation on 4.82, useful for installing from 4.82 after executing PS3Xploit + Nor/Nand Writer ) - Thibobo
      • FEATURE – Dual LV2 Kernels CEX/DEX - (Swap your EID0/LV2 kernel using Rebug Toolbox in seconds)\
      • FEATURE – ALL Retail functions available in CEX mode - (No need to install different firmware)
      • FEATURE – ALL Debug functions available in DEX mode - (No need to install different firmware)
      • FEATURE – FULL ProDG Connectivity in DEX mode - (Full Support on both Normal mode and Cobra mode)
      • FEATURE – QA Token compatibility
      • FEATURE – OtherOS++ support enabled - (Use Rebug Toolbox to Boot OtherOS with different LV1 patches)
      • FEATURE – Package Manager - (Replacement for the standard ‘Install Package Files’ option)
      • FEATURE – FSELF compatibility - (Fake Signed ELF is supported on both CEX and DEX modes.)
      • INCLUDED – Rebug Toolbox 2.02.12 *UPDATED - (Install included Rebug Toolbox or higher for full compatibility)
      • PATCHED – Appldr: LV2 memory hash check is disabled - (Memory protection on LV2 is disabled in higher level)
      • PATCHED – LV1: Disable System Integrity Check - (Safe to use with mismatched COREOS/SYSCON versions or if PS3 is not QA enabled)
      • PATCHED – LV1: Undocumented function 114 - (Allow mapping of protected memory)
      • PATCHED – LV1: Skip all ACL Checks - (Needed to allow booting of OtherOS)
      • PATCHED – LV1: Peek and Poke support - (Unused LV1 call 182 and 183)
      • PATCHED – LV2: Peek and Poke support - (LV2 Syscall 6 and 7)
      • PATCHED – LV2: Peek and Poke support for LV1 - (LV2 Syscall 8 and 9)
      • PATCHED – LV2: LV1 CALL System call - (LV2 Syscall 10)
      • PATCHED – LV2: Allow execution of any LV2 internal function *NEW - (LV2 Syscall 15)
      • PATCHED – LV2: IDPS dump support without LV2 Peek *NEW- (LV2 Syscall 870)
      • PATCHED – Recovery: Prevent accidental OFW update while on Recovery mode
      • PATCHED – VSH: Allow Unsigned act.dat and *.rif files
      • PATCHED – VSH: Auto unlocks c00 demo contents *NEW
      • PATCHED – VSH: Disable Unlinking/Deleting of act.dat - (Improved patches applied)
      • PATCHED – VSH: Disable NEW PSP DRM Check - (Allowing unsigned PSP pkg contents on 4.75 or higher CFW)
      • PATCHED – VSH: Disable Epilepsy Warning for Faster Boot-Up Speed
      • PATCHED – VSH: XMB notification removal *NEW - (Fake Save Data Owner and Game Quit: No Request Event will not be displayed)
      • FUN FEATURE – Fake Save Data Owner - (Use Game Saves from ANY Owner)
      • FUN FEATURE – In Game Screenshot - (Allows taking screenshots in Game)
      • FUN FEATURE – Disabled flag check in PARAM for Remote Play - (For better compatibility with remote play, custom flags in PARAM is recommended)
      • FUN FEATURE – Lock/Unlock Trophies (Offline only)
      • FEATURE – Cinavia protection fully disabled - (Supports optical media/bd iso, AACS must be decrypted)
      • FEATURE – Full BD/DVD Playback support on both CEX/DEX mode - (BD/DVD movies can now be played on DEX mode, major thanks to mysis!)
      • FEATURE – COBRA 7.5 *UPDATED - (Disabled by default, Toolbox required to enable)
      • FEATURE – 1.45.09 MOD REBUG EDITION *UPDATED - (Full Webman intergration supports both CEX/DEX 4.81)
      • FEATURE – XMB CFW settings v0.1a - (XMB icons for simple CFW tasks available via REBUG TOOLBOX 2.02.12)
      • FEATURE – XMBM+ Compatibility - (XMB Manager Plus developed by Team XMBM now supported via standalone pkgs.)

      Extremely well written and explanation of these features can be found on Rebug's Official website @

    Note if using REBUG TOOLBOX (for advanced options on REBUG REX CFW) use the updated version for 4.82 Firmware you can download the latest release here from @Joonie 's (Team Rebug Developer) Github >>

    Source(s): /
    Additional info on CFW @
    Last edited: Feb 18, 2018
    Fredo, xval, svotib and 12 others like this.


Discussion in 'PS3 News' started by STLcardsWS, Nov 28, 2017.

    1. 1986panzi1986
      this one i mean PhotoGrid_1512625819836.jpg

      Sent from my SM-C5010 using Tapatalk
    2. pinky
      that's probably the clock icon. that's in system_plugin.rco.
    3. bitsbubba
      ohh seems he's got a pic within the wave, @pinky thoughts
    4. pinky
      the credit goes to @eXtreme . we were both trying to find the clock. he found it. he made a mod from it. the hard part is getting the x and y coordinates to work. if you install a package, the image pulsates. that's what I assume is going on here.
    5. 1986panzi1986
      i found on system_plugin.rco after i extracted.

      Sent from my SM-C5010 using Tapatalk
    6. pinky
      yes, it's called busy. check if that's the icon.
    7. smf
      Unless someone has put a different motherboard in a CECH 2001A case.

      I'd always use minverchk. It's quick and easy, if you can't handle doing it then you don't have the necessarily skils anyway.
      sandungas likes this.
    8. 1986panzi1986
      sounds good......

      Sent from my SM-C5010 using Tapatalk
    9. 1986panzi1986
      thats it.....but i don't know if it Gim or Png.....

      Sent from my SM-C5010 using Tapatalk
    10. pinky
      png turns to gim with gimconvert. it's a part of rco mage. I believe gim convert is part of the sony sdk. I don't know why it would be considering the sdk is given to devs who have no business knowing the inner workings of the ps3. they should only know what's needed. however, the software development kits have been the death of so many consoles.
    11. smf
      Isn't it used for building custom themes that ship on a lot of games?
      sandungas likes this.
    12. pinky
      don't know. the main file for a full coldboot is a gtf file. both g2d and d2g are sdk files. the main file, dds, is a raf, so it's a gtf. it could be for that reason.
    13. bguerville
      This is completely off topic.
      Can you guys not create a thread or use an appropriate one?
    14. Mario95BG
      when I have gone to the CFW before with the web exploit but after this I go back to OFW do I need to do the webexploit again if I want to put CFW again? or it si enabled to go directly to CFW ?
    15. smf
      If you install OFW then you need to use the exploit again.
    16. timewarpgamer
      [edit] Third time was the charm. Exploited! [/edit]

      First off, many thanks to the devs who have made this possible. I've always wanted to soft mod my old PS3 so I can play my own game backups with ease. But I'm having a little trouble getting this exploit to work, despite carefully following the instructions on this forum.

      I'm on 4.82, with CXX phat, wired to ethernet, verified md5 hash of exploit, see the usb on photos/videos/etc, have Internet home page set to redthetrainer for nand, and the exploit appears to kick off rapidly every time once I click with "SUCCESS..." at the bottom, but then I wait 15 minutes and nothing else happens, the console never powers down. Then manually power down, and give it another try. So far no dice with two tries. Is there anything else I can try or am I doing something wrong? Or do I need to repeat the above process until this works?
      Last edited: Dec 13, 2017
      lord3490 and aldostools like this.
    17. cyborg-boy
      It worked on my slim ps3 2504B slim model I installed rebug 4.82 lite edition thanks for the tutorial ^_^
    18. 1986panzi1986
      u r welcome......this is da place to be

      Sent from my SM-C5010 using Tapatalk
    19. Ninernut49
      Just want to say thanks to all the folks involved with PSX-Place and to those responsible for the first CFW and this latest exploit. I have done four 4.82 exploits for friends with appropriate consoles with great success. I have noticed that a 1GB FAT32 formatted thumb drive works best if the only file on it is flsh.hex. Please read the OP as it is a foolproof way of doing this hack. I am awestruck as to all the people who can't read instructions and still try to stumble their way into the PS3 CFW world. BTW...I've been a looong time stalker, first time poster.I thought it was finally time to finally post a comment. This site is bar-none the best PS3 Mod site around....maybe I can help out in the future....sorry if this isn't the right place to post this message....I'm a noob when it comes to forums...

      One question I have for helping friends with future upgrades...can I set up a direct PC to PS3 connection to do this hack? Would it possibly increase the chance of success on the first try? I just did a friends CECHE01 and it shutdown with beeps within three seconds. I have done two CECH 25XX and they both flashed after the second try. One was with a fuller USB drive and the second was with a 1GB USB drive with only the flsh.hex file on it. Another friends console was a FAT CECHK01 and it took three tries with a loaded USB drive( was my first try...) Is there any reason why I shouldn't do a direct connection? Anyway, thanks for this and all you guys do....
      sandungas likes this.
    20. marek256
      Hey guys, thanks for this tutorial. I am plannng to exploit one PHAT but I wouldlike to ask what you meant with "restarting" PS3 if nothing happens after 10-15 minutes of showing success on the exploit. How do you mean to restart PS3? Do you mean to power it off via controller and to start again or to force turn off via button and start over? Thanks in advance

Share This Page