PS3 Ps3Xploit Tools v2.0 - Improved Flash Writers & Dumpers (Even easier to install CFW on 4.82 OFW )

Discussion in 'PS3 News' started by esc0rtd3w, Jan 24, 2018.

By esc0rtd3w on Jan 24, 2018 at 2:56 AM
  1. 748
    1,677
    247
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    748
    Likes Received:
    1,677
    Trophy Points:
    247
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    UPDATE (OCT. 11 2018) - With the release of OFW 4.83 portions of PS3Xploit have been patched, The team is looking at workarounds, STAY ON 4.82, DO NOT UPDATE TO 4.83 AT THIS TIME:

    I will start this off with NO you can not jailbreak your PS3 SuperSlim Console's (seems to be a popular question), however that does not mean the Ps3Xploit Team, (bguerville, esc0rtd3w, habib & W), has not been hard at work, with this new release of Ps3Xploit v2.0.. In this release all the tools (IDPS Dumper, Flash Dumper & Flash Writer) have seen significant improvements and now performing the task such as installing a Custom Firmware on your 4.82 OFW PS3 (with flash writer) has been made even easier and very stable thanks to the team's new checks implemented and progression of the exploit. The Flash and IDPS dumper are also much improved. All the details are provided below please read all the spoiler and tabs before asking any questions.
    -STLcardsWS​

    PS3Xploit_Tools_v2.jpg

    PS3Xploit 2.0 Tools Now LIVE!!

    • Included Tools
      • 4.XX IDPS DUMPER
      • 4.XX FLASH DUMPER (USB Edition)
      • 4.XX FLASH DUMPER (HDD Edition)
      • 4.82 NOR/NAND WRITER (USB Edition)
      • 4.82 NOR/NAND WRITER (HDD Edition)
      Ps3Xploit Tools Changelogs
      v2.0
      • Freeze issues - Fixed
      • Occasional bad dumps - Fixed
      • No beeps & shutdown. Replaced by a graceful ROP chain exit & return to browser. This gives the opportunity to the user to dump after patching & validate the dump with littlebalup's py checker. As long as the user does not shutdown/restart, it's still possible to recover from bad patching.
      • Support for usb port 0,1,6 + sd/cf/ms cards.
      • Multi firmware support on all dumpers (4.10+) & DEX support on 4.81.
      • HDD editions for all dumpers & flash writer where a picture file placeholder is used for read/write operations.
      • Javascript refactoring for performance & efficiency.
      • ps3xploit.com will host the 2.0 update, no need for 3rd party sites.

      v1.0 (Thanksgiving 2017 Release)
      • Supports Direct OFW to CFW patching for All Phat and 2xxx Slim (minver 3.56 Dec 2010 and lower)
      • the NOR/NAND writer will just copy 3Mb of CoreOS data to both ros0 & ros1 in the flash memory.
      • There is only one version released for 4.82. The same hex patch file can be used on nor & nand.
      • It's as safe as possible, with a check for usb device & patch file making the exploit hang instead of corrupting flash if file is not found.
      • In case of corruption (extremely rare but could always happen), it's only a partial brick because no per console info ever gets erased so a hardware flasher could still be used if ever a recovery reboot was impossible



    • Frequency Asked Questions

      Will this jailbreak my SuperSlim?
      • NO,The Flasher Writer Tool is not Supported on the SuperSlim and a some very late Slim models, Howeever, PS3Xploit has a strong possiablity to eventually evolve into a HEN style exploit (that aspect will take some additional development.)

      Which PS3Xploits Tools are Compatible with my PS3 Console?



      • 9199-7853467153566ba1908c9b32aa331bb5.jpg.png
        Check this sticker on the back of your PS3 to view your PS3 Model.
        Flash Writer Model Compatibility (PHAT):
        • CECH-A01 (NAND)
        • B (NAND)
        • C (NAND)
        • E (NAND)
        • G (NAND)
        • H (NOR)
        • J (NOR)
        • K (NOR)
        • L (NOR)
        • M (NOR)
        • P (NOR)
        • Q (NOR)

        All DUMPER (FLASH/IDPS) & FLASH WRITER TOOLS are Supported for this model.


      • 9200-4361b3a6a7359ffe524f966d4eeca4bc.jpg.png
        Check this sticker on the back of your PS3 to view your PS3 Model.

        ***IMPORTANT***
        You must pay very close attention to your PS3 SLIM Models depending on when the PS3 SLIM was manufactured will determine if your console can install CFW (Flasher Writer Compatibility).

        For the 25XX series or even if your unsure about any of the models it is reccomnded you run the minverchk PUP >> (DOWNLOAD) & (How to use Minverchk) its a simply utility that show the factory installed firmware on your ps3 and for the CECH-25XX model if the utility shows 3.56 or lower you are compatible but if it shows 3.60 and higher that means your are NOT compatible to use the Flash Writer (CFW enabler for 4.82 CFW)

        • Flash Writer Model Compatibility (SLIM):
          • 20XX NOR
          • 21XX NOR
          • 25XX NOR (3.56 minver. and Lower)
        • NOT COMPATIBLE (SLIM):
          • 25XX NOR (3.60 and Higher)
          • 3XXX NOR


        All DUMPER (FLASH/IDPS) TOOLS are Supported for this model.



      • 9203-5ab5229a0530b0274c59419c8b4f8987.jpg
        Check this sticker on the back of your PS3 to view your PS3 Model.
        • FLASH WRITER NOT COMPATIBLE (SUPERSLIM):
          • 4XXXA EMMC
          • 4XXXB NOR
          • 4XXXC NOR

        All DUMPER (FLASH/IDPS) TOOLS are Supported for this model.


      Where can i find official info and details?
      Warning: Known Limitation
      • Due to the lack of proper checks after exiting the ROP chain, it is possible in some cases to obtain a success message despite an operation failure. For instance, if you choose a path where no device is plugged in, a dumper page will still display a success message despite the fact the dump save could not work. This limitation has already been addressed, the added operation checks will be part of an update to these PS3Xploit tools which will be released in the coming weeks, that update will be final, no more will come after it


    • FLASH Dumper's Help


      • PS3 4.xx NAND/NOR/EMMC FLASH DUMPER v2.0
        All PS3 models supported
        All 4.10+ CEX CFW/OFW supported
        4.81 DEX CFW/OFW supported


        IMPORTANT NOTES:
        • It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically....
        • So in short, never use the browser or use a homepage you cancel before running the exploit!
        • It is recommended to set your homepage temporarily to the exploit page you wish to use to ensure there is no memory flooding messing with the exploit initialization stage.
        Steps:
        1. Open the browser & browse to the ps3xploit.com website, go to the page of the exploit you need. Set the current page as browser homepage. Don't launch the exploit initialization. Close the browser.
        2. Open the browser. The exploit page will load automatically. Choose your dump path option.
        3. Press the exploit initialization button & wait until initialization succeeds. If it fails, follow the refresh/reload instructions on screen.
        4. Trigger the exploit by pressing the dump button.
        5. On success, validate your dump with the py checker tool.

      • PS3 4.xx NAND/NOR/EMMC FLASH DUMPER - HDD EDITION v2.0

        All PS3 models supported
        All 4.10+ CEX CFW/OFW supported
        4.81 DEX CFW/OFW supported


        IMPORTANT NOTES:
        • It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically....
        • So in short, never use the browser or use a homepage you cancel before running the exploit!
        • It is recommended to set your homepage temporarily to the exploit page you wish to use to ensure there is no memory flooding messing with the exploit initialization stage.
        Steps:
        1. Open the browser & browse to the ps3xploit.com website, go to the page of the exploit you need. Set the current page as browser homepage. Don't launch the exploit initialization. Close the browser.
        2. Open the browser. The exploit page will load automatically. Download the dump.jpg placeholder file to your PS3 System Storage using the provided link as instructed on screen.
        3. Press the exploit initialization button & wait until initialization succeeds. If it fails, follow the refresh/reload instructions on screen.
        4. Trigger the exploit by pressing the dump button.
        5. On success, retrieve the dump file from the PS3 XMB Photo section, rename it appropriately to dump.hex or whatever & validate your dump with the py checker tool.


      Usage Tips:
      • Try using a LAN connection or a solid WiFi connection during exploitation. A weak signal can cause problems.
      • If the exploit takes more than 5 minutes to work, reload page, browser, or restart console and try again.
      • ]If you are using a LAN connection and experience network issues, make sure all cables to router are in working order.




      • PS3 OFW 4.82 NAND/NOR FLASH WRITER v2.0
        ***** IMPORTANT DETAILS BELOW -- AVOIDING A BRICK *****
        WARNING: USE ONLY THE PROVIDED flash_482.hex AS IS. DON'T PATCH IT OR MODIFY IT OR YOU WILL BRICK *****
        • Verify flash_482.hex file on a flash drive and in the selected USB slot!
          • flash_482.hex MD5: d05be52f8d21700052fbd1fc0174acae
        • DO NOT USE ON CFW (Custom Firmware) (Only Supports OFW)
        • DO NOT USE ON PS3 Models 3xxx/4xxx (aka late Slim or Superslim models), you would brick those consoles.
        • ON SLIM 2xxx Consoles, always use MinVerChck PUP to ensure that the minimum installable firmware version is < 3.60, if ever the minimum version is >3.56, using the flash writer would partially brick your console!
        • USE ONLY ON 4.82 OFW

        IMPORTANT NOTES:
        • It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to ps3 javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded due to previous browsing then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically..
        • So in short, never use the browser or use a homepage you cancel before running the exploit!
        • It is recommended to set your homepage temporarily to the exploit page you wish to use to ensure there is no memory flooding messing with the exploit initialization stage.

        Steps:
        For best results with flash writer, here are the recommended steps.
        1. Install OFW 4.82 twice on the console you wish to flash to avoid the potential corruption error during CFW installation.
        2. Open the browser & browse to the ps3xploit.com website, go to the page of the exploit you need. Set the current page as browser homepage. Don't launch the exploit initialization. Close the browser.
        3. Open the browser. The exploit page will load automatically. Choose your path option.
        4. Press the exploit initialization button & wait until initialization succeeds. If it fails, follow the refresh/reload instructions on screen.
        5. Trigger the exploit by pressing the patch button.
        6. On success, load the ps3xploit.com flash dumper, dump the flash memory & validate it with py checker tool. Do NOT restart the console if ever the validation tool gives you errors/warnings on both ros0 & ros1 or you risk to partially brick your console. Report your problem instead.
        7. When you are satisfied with the dump validation, restart your console & install a 4.82 CFW.


      • PS3 OFW 4.82 NAND/NOR FLASH WRITER - HDD EDITION v2.0
        ***** IMPORTANT DETAILS BELOW -- AVOIDING A BRICK *****
        WARNING: USE ONLY THE PROVIDED flash_482.jpg AS IS. DON'T PATCH IT OR MODIFY IT OR WILL BRICK *****
        • YOU
        • Download flash_482.jpg file to PS3 System Storage!
          • flash_482.jpg MD5: d05be52f8d21700052fbd1fc0174acae
        • DO NOT USE ON CFW (Custom Firmware) (Only Supports OFW)
        • DO NOT USE ON PS3 Models 3xxx/4xxx (aka SuperSlims / Late Slim models), you would brick those consoles.
        • ON SLIM 2xxx Consoles, always use MinVerChck PUP to ensure that the minimum installable firmware version is < 3.60, if ever the minimum version is >3.56, using the flash writer would partially brick your console!
        • USE ONLY ON 4.82 OFW

        IMPORTANT NOTES:
        • It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to ps3 javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded due to previous browsing then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically..
        • So in short, never use the browser or use a homepage you cancel before running the exploit!
        • It is recommended to set your homepage temporarily to the exploit page you wish to use to ensure there is no memory flooding messing with the exploit initialization stage.
        Steps:
        For best results with flash writer, here are the recommended steps.
        1. Install OFW 4.82 twice on the console you wish to flash to avoid the potential corruption error during CFW installation.
        2. Open the browser & browse to the ps3xploit.com website, go to the page of the exploit you need. Set the current page as browser homepage. Don't launch the exploit initialization. Close the browser.
        3. Open the browser. The exploit page will load automatically. Download the patch file flash_482.jpg to your PS3 System Storage using the provided link on screen.
        4. Press the exploit initialization button & wait until initialization succeeds. If it fails, follow the refresh/reload instructions on screen.
        5. Trigger the exploit by pressing the patch button.
        6. On success, load the ps3xploit.com flash dumper, dump the flash memory & validate it with py checker tool. Do NOT restart the console if ever the validation tool gives you errors/warnings on both ros0 & ros1 or you risk to partially brick your console. Report your problem instead.
        7. When you are satisfied with the dump validation, restart your console & install a 4.82 CFW.

      Usage Tips:
      • Try using a LAN connection or a solid WiFi connection during exploitation. A weak signal can cause problems.
      • If the exploit takes more than 5 minutes to work, reload page, browser, or restart console and try again.
      • ]If you are using a LAN connection and experience network issues, make sure all cables to router are in working order.

    • PS3 4.xx IDPS DUMPER v2.0

      All PS3 models supported
      All 4.10+ CEX CFW/OFW supported
      4.81 DEX CFW/OFW supported

      IMPORTANT NOTES:
      • It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically....
      • So in short, never use the browser or use a homepage you cancel before running the exploit!
      • It is recommended to set your homepage temporarily to the exploit page you wish to use to ensure there is no memory flooding messing with the exploit initialization stage.
      Steps:
      1. Open the browser & browse to the ps3xploit.com website, go to the page of the exploit you need. Set the current page as browser homepage. Don't launch the exploit initialization. Close the browser.
      2. Open the browser. The exploit page will load automatically. Choose your dump path option.
      3. Press the exploit initialization button & wait until initialization succeeds. If it fails, follow the refresh/reload instructions on screen.
      4. Trigger the exploit by pressing the dump button.
      5. On success, check your idps dump with an hex editor.

    Source Code & Downloads:
    NOR/NAND/EMMC/IDPS 4.xx Dumpers v2.0 Update
    NOR/NAND 4.82 Flash Writer v2.0 Update
    flash_482.hex (already included in the Flash Writer 2.0 archive) MD5: d05be52f8d21700052fbd1fc0174acae
    MinVerChck PUP


    Exploits now hosted @ ps3xploit.com
    Official Support Forum: psx-place.com/forums/PS3Xploit/
     
    Last edited by a moderator: Oct 12, 2018

Comments

Discussion in 'PS3 News' started by esc0rtd3w, Jan 24, 2018.

    1. nCadeRegal
      nCadeRegal
      it is recommended to always take a dump before flashing anything to your console. That way worst case scenario you have a clean backup to restore if all goes bad. If you didnt there is still a possibility to recover.
      UniqueUserName and solstic3 like this.
    2. bguerville
      bguerville
      As the patch only overwrites CoreOS data, the dump prior to patching is not extremely useful in most cases either with v1 or v2.

      On v1, the dump after patching is not useful either because the shutdown ensures that the patch was fully applied & if something went wrong you cannot dump anyway because you cannot start the console anymore.

      However on v2, the dump after patching is most important. It allows users to verify that the patching was done properly.
      If the dump validation fails, you can double check your steps & files then reapply some patch to avoid any brick situation.
      solstic3, Fredo and pink1 like this.
    3. Nameless32
      Nameless32
      ******* Checks completed *******
      Total number of checks = 156
      Number of dangers = 0
      Number of warnings = 1
      Following check(s) returned a WARNING!
      009.05 ROS1 Hash

      All checks done in 3.96 seconds.

      with my check have returned this waring.

      i dunno if i can install a CFW without problems....

      what is this " ROS1 Hash " ?

      any help ?

      PS: this is from a dump after write the " flash_482.hex " with PS3Xploit 2.0
    4. habib
      habib
      It’s fine. One ros gets corrupted in the process, safe to install cfw
      alegoh likes this.
    5. Nameless32
    6. GDF68
      GDF68
      cheers just read back a few posts, I only flashed with v1 yesterday morning and never did a dump , so can now just do a dump now using v2 cheers
    7. jolek
      jolek
      What about peoples who use small Web server ("miniweb.exe") on pc or smartphone?
      Ver 2.0 should also be compatible with it?
      Currently this file is not in the archive.
      bguerville likes this.
    8. bguerville
      bguerville
      We are not providing any Web server application with the tools archive anymore, users should make their own choices regarding the Web server solution they wish to rely on. If setting up a server is too bothersome then use ps3xploit.com.

      Regarding miniweb, be warned that the HDD editions of the 2.0 dumper & writer will not work properly when you try to download a jpeg picture file.
      Am not exactly sure why the file download request fails tbh, il assume it's permission related but I have not investigated the problem to confirm.
      Last edited: Jan 25, 2018
      jolek likes this.
    9. Cornchip
      Cornchip
      Looks like fun. Wish I had to do the PS3 Exploit all over again. Good job guys.:applause:
      bguerville likes this.
    10. jolek
      jolek
      There is also a chance that someone can make a guide with list of preferred apps (to make web server), etc.
      For me setting up a server is not bothersome, it's just safer (more stable),
      than using my "lagging" internet access.

      You mean "dump.jpg" in dumper and "flash_482.jpg" in writer?
      I can only view "dump.jpg" without a problem in Win XP and Mint 18.3.
      "flash_482.jpg" cannot be loaded with none of my default picture viewer.

      BTW thanks again @bguerville for help and additional information's.
      UniqueUserName likes this.
    11. bguerville
      bguerville
      dump.jpg is a picture file serving as placeholder.
      flash_482.jpg is just a renamed flash_482.hex file therefore not a picture at all.

      I was saying that miniweb won't respond successfully to the jpeg file download request from the ps3 browser, for one reason or another. On the other hand, the python server we use for development does not have any problems with serving those jpg files to the ps3 browser.
      Like I said I did not investigate further.
      Last edited: Jan 25, 2018
      jolek likes this.
    12. Gerar_0032
      Gerar_0032
      Hello friend, excellent work you are doing.
      But I have a problem with this xploit, the screen remains black when loading some games and I have already selected the BD emulator option but this does not solve it. I await your help response and thank you in advance.
    13. bguerville
      bguerville
      If you rebooted & installed a CFW successfully after using the ps3xploit flash writer, you don't need ps3xploit support but CFW/homebrew support. In this case, you should create a new thread & give details about your current CFW, used homebrews.. to get further help.
      Last edited: Jan 25, 2018
      UniqueUserName likes this.
    14. littlebalup
      littlebalup
      On windows I had very good results with Fenix server during tests. It's lighweight and very easy to setup : https://github.com/coreybutler/fenix/releases

      Normal.
      dump.jpg is a real jpg image file. Once downloaded on the console, the content of that file will be overwriten with your flash memory data during dump. Then you'll have to copy the
      dump.jpg from your console to your PC and rename it as dump.hex.

      flash_482.jpg is flash_482.hex renamed with jpg extention. So it's a fake jpg image only to alow to transfer patch data to PS3 internal HDD. That's why you can't load it as an image and why the PS3 see it as damaged data.
      UniqueUserName, jolek and bitsbubba like this.
    15. bguerville
      bguerville
      And btw we have also noticed during testing that downloading a picture file using a link seems to freeze Dpad, ie it won't move browser focus anymore, only the analog stick still works fine. Not sure why this happens or even if it happens on all fw/browser versions...
    16. jbuck1975
      jbuck1975
      Can't get super slim 4201a to dump. Local hosting tried the differt html files. Cleared cookies, etc...
      Shows usb found at a location the with numbers and letters. Then a bunch of not founds. The found then not. After it finishes it says failed.
      Was going to try and contribute.
    17. bguerville
      bguerville
      The nand & emmc dumpers are using a very big js stack frame string to achieve the 239x1Mb read operations necessary to extract the flash data to RAM.
      As a result, the js string is trickier to locate in memory due to the increased memory range it can be found in, consequently the exploit initialization success rate is lower than in all the other tools.
      You need to close/open the browser to try again but it will eventually initialize.
      1. You must set the exploit page as homepage.
      2. With nand/emmc dumpers, don't refresh the page or try again without reloading, if the initialization fails, close the browser & open it again.

      If you have the same problems initializing the idps dumper or the nor dumper (without triggering it of course) however then something in the steps you follow is wrong somehow. Those should initialize fine on most attempts.

      And btw if you don't want to see the Debug output on screen, you can edit the first line of the ps3xploit_v20.js file to change.
      Code:
      var debug=true;
      to
      Code:
      var debug=false;
      Last edited: Jan 25, 2018
      UniqueUserName likes this.
    18. Saul Calderon
      Saul Calderon
      when i run the ipds dumper xploit, it initializes, and when i try to dump ipds to usb my ps3 freezes. If somebody can help me that would be great
    19. Saul Calderon
      Saul Calderon
      Same thing also happened with v1
    20. unseen
      unseen
      I often see, that after the exploit successfully patches the flash, and the system is restarted, the file system gets corrupted or something. It's asking you to confirm the file system check and restore. What is the right thing to do here?

Share This Page