PS3 Ps3Xploit Tools v2.0 - Improved Flash Writers & Dumpers (Even easier to install CFW on 4.82 OFW )

Discussion in 'PS3 News' started by esc0rtd3w, Jan 24, 2018.

By esc0rtd3w on Jan 24, 2018 at 2:56 AM
  1. 659
    1,544
    103
    esc0rtd3w

    esc0rtd3w Developer

    Joined:
    Mar 10, 2017
    Messages:
    659
    Likes Received:
    1,544
    Trophy Points:
    103
    Gender:
    Male
    Occupation:
    Hacker
    Location:
    OHIO, USA
    Home Page:
    I will start this off with NO you can not jailbreak your PS3 SuperSlim Console's (seems to be a popular question), however that does not mean the Ps3Xploit Team, (bguerville, esc0rtd3w, habib & W), has not been hard at work, with this new release of Ps3Xploit v2.0.. In this release all the tools (IDPS Dumper, Flash Dumper & Flash Writer) have seen significant improvements and now performing the task such as installing a Custom Firmware on your 4.82 OFW PS3 (with flash writer) has been made even easier and very stable thanks to the team's new checks implemented and progression of the exploit. The Flash and IDPS dumper are also much improved. All the details are provided below please read all the spoiler and tabs before asking any questions.
    -STLcardsWS​

    PS3Xploit_Tools_v2.jpg

    PS3Xploit 2.0 Tools Now LIVE!!

    • Included Tools
      • 4.XX IDPS DUMPER
      • 4.XX FLASH DUMPER (USB Edition)
      • 4.XX FLASH DUMPER (HDD Edition)
      • 4.82 NOR/NAND WRITER (USB Edition)
      • 4.82 NOR/NAND WRITER (HDD Edition)

      Ps3Xploit Tools Changelogs
      v2.0
      • Freeze issues - Fixed
      • Occasional bad dumps - Fixed
      • No beeps & shutdown. Replaced by a graceful ROP chain exit & return to browser. This gives the opportunity to the user to dump after patching & validate the dump with littlebalup's py checker. As long as the user does not shutdown/restart, it's still possible to recover from bad patching.
      • Support for usb port 0,1,6 + sd/cf/ms cards.
      • Multi firmware support on all dumpers (4.10+) & DEX support on 4.81.
      • HDD editions for all dumpers & flash writer where a picture file placeholder is used for read/write operations.
      • Javascript refactoring for performance & efficiency.
      • ps3xploit.com will host the 2.0 update, no need for 3rd party sites.

      v1.0 (Thanksgiving 2017 Release)
      • Supports Direct OFW to CFW patching for All Phat and 2xxx Slim (minver 3.56 Dec 2010 and lower)
      • the NOR/NAND writer will just copy 3Mb of CoreOS data to both ros0 & ros1 in the flash memory.
      • There is only one version released for 4.82. The same hex patch file can be used on nor & nand.
      • It's as safe as possible, with a check for usb device & patch file making the exploit hang instead of corrupting flash if file is not found.
      • In case of corruption (extremely rare but could always happen), it's only a partial brick because no per console info ever gets erased so a hardware flasher could still be used if ever a recovery reboot was impossible



    • Frequency Asked Questions

      Will this jailbreak my SuperSlim?
      • NO,The Flasher Writer Tool is not Supported on the SuperSlim and a some very late Slim models, Howeever, PS3Xploit has a strong possiablity to eventually evolve into a HEN style exploit (that aspect will take some additional development.)

      Which PS3Xploits Tools are Compatible with my PS3 Console?



      • 9199-7853467153566ba1908c9b32aa331bb5.jpg.png
        Check this sticker on the back of your PS3 to view your PS3 Model.
        Flash Writer Model Compatibility (PHAT):
        • CECH-A01 (NAND)
        • B (NAND)
        • C (NAND)
        • E (NAND)
        • G (NAND)
        • H (NOR)
        • J (NOR)
        • K (NOR)
        • L (NOR)
        • M (NOR)
        • P (NOR)
        • Q (NOR)

        All DUMPER (FLASH/IDPS) & FLASH WRITER TOOLS are Supported for this model.


      • 9200-4361b3a6a7359ffe524f966d4eeca4bc.jpg.png
        Check this sticker on the back of your PS3 to view your PS3 Model.

        ***IMPORTANT***
        You must pay very close attention to your PS3 SLIM Models depending on when the PS3 SLIM was manufactured will determine if your console can install CFW (Flasher Writer Compatibility).

        For the 25XX series or even if your unsure about any of the models it is reccomnded you run the minverchk PUP >> (DOWNLOAD) & (How to use Minverchk) its a simply utility that show the factory installed firmware on your ps3 and for the CECH-25XX model if the utility shows 3.56 or lower you are compatible but if it shows 3.60 and higher that means your are NOT compatible to use the Flash Writer (CFW enabler for 4.82 CFW)

        • Flash Writer Model Compatibility (SLIM):
          • 20XX NOR
          • 21XX NOR
          • 25XX NOR (3.56 minver. and Lower)
        • NOT COMPATIBLE (SLIM):
          • 25XX NOR (3.60 and Higher)
          • 3XXX NOR


        All DUMPER (FLASH/IDPS) TOOLS are Supported for this model.



      • 9203-5ab5229a0530b0274c59419c8b4f8987.jpg
        Check this sticker on the back of your PS3 to view your PS3 Model.
        • FLASH WRITER NOT COMPATIBLE (SUPERSLIM):
          • 4XXXA EMMC
          • 4XXXB NOR
          • 4XXXC NOR

        All DUMPER (FLASH/IDPS) TOOLS are Supported for this model.


      Where can i find official info and details?
      Warning: Known Limitation
      • Due to the lack of proper checks after exiting the ROP chain, it is possible in some cases to obtain a success message despite an operation failure. For instance, if you choose a path where no device is plugged in, a dumper page will still display a success message despite the fact the dump save could not work. This limitation has already been addressed, the added operation checks will be part of an update to these PS3Xploit tools which will be released in the coming weeks, that update will be final, no more will come after it


    • FLASH Dumper's Help


      • PS3 4.xx NAND/NOR/EMMC FLASH DUMPER v2.0
        All PS3 models supported
        All 4.10+ CEX CFW/OFW supported
        4.81 DEX CFW/OFW supported


        IMPORTANT NOTES:
        • It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically....
        • So in short, never use the browser or use a homepage you cancel before running the exploit!
        • It is recommended to set your homepage temporarily to the exploit page you wish to use to ensure there is no memory flooding messing with the exploit initialization stage.
        Steps:
        1. Open the browser & browse to the ps3xploit.com website, go to the page of the exploit you need. Set the current page as browser homepage. Don't launch the exploit initialization. Close the browser.
        2. Open the browser. The exploit page will load automatically. Choose your dump path option.
        3. Press the exploit initialization button & wait until initialization succeeds. If it fails, follow the refresh/reload instructions on screen.
        4. Trigger the exploit by pressing the dump button.
        5. On success, validate your dump with the py checker tool.

      • PS3 4.xx NAND/NOR/EMMC FLASH DUMPER - HDD EDITION v2.0

        All PS3 models supported
        All 4.10+ CEX CFW/OFW supported
        4.81 DEX CFW/OFW supported


        IMPORTANT NOTES:
        • It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically....
        • So in short, never use the browser or use a homepage you cancel before running the exploit!
        • It is recommended to set your homepage temporarily to the exploit page you wish to use to ensure there is no memory flooding messing with the exploit initialization stage.
        Steps:
        1. Open the browser & browse to the ps3xploit.com website, go to the page of the exploit you need. Set the current page as browser homepage. Don't launch the exploit initialization. Close the browser.
        2. Open the browser. The exploit page will load automatically. Download the dump.jpg placeholder file to your PS3 System Storage using the provided link as instructed on screen.
        3. Press the exploit initialization button & wait until initialization succeeds. If it fails, follow the refresh/reload instructions on screen.
        4. Trigger the exploit by pressing the dump button.
        5. On success, retrieve the dump file from the PS3 XMB Photo section, rename it appropriately to dump.hex or whatever & validate your dump with the py checker tool.


      Usage Tips:
      • Try using a LAN connection or a solid WiFi connection during exploitation. A weak signal can cause problems.
      • If the exploit takes more than 5 minutes to work, reload page, browser, or restart console and try again.
      • ]If you are using a LAN connection and experience network issues, make sure all cables to router are in working order.




      • PS3 OFW 4.82 NAND/NOR FLASH WRITER v2.0
        ***** IMPORTANT DETAILS BELOW -- AVOIDING A BRICK *****
        WARNING: USE ONLY THE PROVIDED flash_482.hex AS IS. DON'T PATCH IT OR MODIFY IT OR YOU WILL BRICK *****
        • Verify flash_482.hex file on a flash drive and in the selected USB slot!
          • flash_482.hex MD5: d05be52f8d21700052fbd1fc0174acae
        • DO NOT USE ON CFW (Custom Firmware) (Only Supports OFW)
        • DO NOT USE ON PS3 Models 3xxx/4xxx (aka late Slim or Superslim models), you would brick those consoles.
        • ON SLIM 2xxx Consoles, always use MinVerChck PUP to ensure that the minimum installable firmware version is < 3.60, if ever the minimum version is >3.56, using the flash writer would partially brick your console!
        • USE ONLY ON 4.82 OFW

        IMPORTANT NOTES:
        • It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to ps3 javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded due to previous browsing then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically..
        • So in short, never use the browser or use a homepage you cancel before running the exploit!
        • It is recommended to set your homepage temporarily to the exploit page you wish to use to ensure there is no memory flooding messing with the exploit initialization stage.

        Steps:
        For best results with flash writer, here are the recommended steps.
        1. Install OFW 4.82 twice on the console you wish to flash to avoid the potential corruption error during CFW installation.
        2. Open the browser & browse to the ps3xploit.com website, go to the page of the exploit you need. Set the current page as browser homepage. Don't launch the exploit initialization. Close the browser.
        3. Open the browser. The exploit page will load automatically. Choose your path option.
        4. Press the exploit initialization button & wait until initialization succeeds. If it fails, follow the refresh/reload instructions on screen.
        5. Trigger the exploit by pressing the patch button.
        6. On success, load the ps3xploit.com flash dumper, dump the flash memory & validate it with py checker tool. Do NOT restart the console if ever the validation tool gives you errors/warnings on both ros0 & ros1 or you risk to partially brick your console. Report your problem instead.
        7. When you are satisfied with the dump validation, restart your console & install a 4.82 CFW.


      • PS3 OFW 4.82 NAND/NOR FLASH WRITER - HDD EDITION v2.0
        ***** IMPORTANT DETAILS BELOW -- AVOIDING A BRICK *****
        WARNING: USE ONLY THE PROVIDED flash_482.jpg AS IS. DON'T PATCH IT OR MODIFY IT OR WILL BRICK *****
        • YOU
        • Download flash_482.jpg file to PS3 System Storage!
          • flash_482.jpg MD5: d05be52f8d21700052fbd1fc0174acae
        • DO NOT USE ON CFW (Custom Firmware) (Only Supports OFW)
        • DO NOT USE ON PS3 Models 3xxx/4xxx (aka SuperSlims / Late Slim models), you would brick those consoles.
        • ON SLIM 2xxx Consoles, always use MinVerChck PUP to ensure that the minimum installable firmware version is < 3.60, if ever the minimum version is >3.56, using the flash writer would partially brick your console!
        • USE ONLY ON 4.82 OFW

        IMPORTANT NOTES:
        • It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to ps3 javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded due to previous browsing then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically..
        • So in short, never use the browser or use a homepage you cancel before running the exploit!
        • It is recommended to set your homepage temporarily to the exploit page you wish to use to ensure there is no memory flooding messing with the exploit initialization stage.
        Steps:
        For best results with flash writer, here are the recommended steps.
        1. Install OFW 4.82 twice on the console you wish to flash to avoid the potential corruption error during CFW installation.
        2. Open the browser & browse to the ps3xploit.com website, go to the page of the exploit you need. Set the current page as browser homepage. Don't launch the exploit initialization. Close the browser.
        3. Open the browser. The exploit page will load automatically. Download the patch file flash_482.jpg to your PS3 System Storage using the provided link on screen.
        4. Press the exploit initialization button & wait until initialization succeeds. If it fails, follow the refresh/reload instructions on screen.
        5. Trigger the exploit by pressing the patch button.
        6. On success, load the ps3xploit.com flash dumper, dump the flash memory & validate it with py checker tool. Do NOT restart the console if ever the validation tool gives you errors/warnings on both ros0 & ros1 or you risk to partially brick your console. Report your problem instead.
        7. When you are satisfied with the dump validation, restart your console & install a 4.82 CFW.

      Usage Tips:
      • Try using a LAN connection or a solid WiFi connection during exploitation. A weak signal can cause problems.
      • If the exploit takes more than 5 minutes to work, reload page, browser, or restart console and try again.
      • ]If you are using a LAN connection and experience network issues, make sure all cables to router are in working order.

    • PS3 4.xx IDPS DUMPER v2.0

      All PS3 models supported
      All 4.10+ CEX CFW/OFW supported
      4.81 DEX CFW/OFW supported

      IMPORTANT NOTES:
      • It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically....
      • So in short, never use the browser or use a homepage you cancel before running the exploit!
      • It is recommended to set your homepage temporarily to the exploit page you wish to use to ensure there is no memory flooding messing with the exploit initialization stage.
      Steps:
      1. Open the browser & browse to the ps3xploit.com website, go to the page of the exploit you need. Set the current page as browser homepage. Don't launch the exploit initialization. Close the browser.
      2. Open the browser. The exploit page will load automatically. Choose your dump path option.
      3. Press the exploit initialization button & wait until initialization succeeds. If it fails, follow the refresh/reload instructions on screen.
      4. Trigger the exploit by pressing the dump button.
      5. On success, check your idps dump with an hex editor.

    Source Code & Downloads:
    NOR/NAND/EMMC/IDPS 4.xx Dumpers v2.0 Update
    NOR/NAND 4.82 Flash Writer v2.0 Update
    flash_482.hex (already included in the Flash Writer 2.0 archive) MD5: d05be52f8d21700052fbd1fc0174acae
    MinVerChck PUP


    Exploits now hosted @ ps3xploit.com
    Official Support Forum: psx-place.com/forums/PS3Xploit/
     
    Last edited by a moderator: Apr 14, 2018

Comments

Discussion in 'PS3 News' started by esc0rtd3w, Jan 24, 2018.

    1. yellowsnow4free
      yellowsnow4free
      Wow! I was beginning to think the day would never come where I could softmod my PS3 without a hardware flasher.

      I don't play mine much (I don't have it hooked up permanently) but I think next time I do I'll softmod it first! (for the fan mod, among other reasons).

      Looking forward to more updates on this method in the meantime :)
      esc0rtd3w likes this.
    2. Punkstilerocks
      Punkstilerocks
      HI all, i want to share an info that all of you dev already now but still here it goes. Min ver on PS3 is directly connected with the PSID and/or IDPS (i ve changed them both on my regular slim). Changing permanently the PSID and/or IDPS, WILL change the min version on the PS3. So if somehow is to be possible to edit those on PS3 super slim on ofw 4.82 with valid ones from the regular slim, then jailbreaking the ps3 super slim should be possible. (if thats the main reason why ps3 super slim cant be jailbroken)
    3. bitsbubba
      bitsbubba
      MinVer is not the issue with superslim and late slim models, the issue is Metldr2 which Sony implemented on those model. And I believe itns only PAID that affects the MinVer as that is all I've ever changed to change my MinVer
    4. bguerville
      bguerville
      We obviously considered this already but it's extremely unlikely it would work for any purpose.
      It's not that simple. You seem to forget the hardware revisions. The minimum fw version reflects hardware revisions, it is not just a feature s#ny implemented to stop people from installing old fw, it indicates to the OS what hardware is in use in order to adapt the software needs.
      Last edited: Jan 30, 2018
    5. bguerville
      bguerville
      There will only be one more update on these tools, it will be a final version. You can expect it in the next coming weeks.
      lord3490 likes this.
    6. unseen
      unseen
      Pls help, I got ROS0 hash error after applying the patch.
      Another program, PS3DumpChecker.exe claims that both ROS0 and 1 hashes are corrupt.
      What should I do? Reflash the 4.82 OFW?
      Last edited: Jan 30, 2018
      kaister likes this.
    7. bguerville
      bguerville
      I see ros0 corrupted & ros1 valid.
      The inactive ros is corrupted that's completely normal. Ros1 is your active ROS & is fine.
      Other validation tools are not updated to work with ps3xploit, only littlebalup"s python tools are.
      It means the patching was successful & you can proceed with reboot & installing cfw.
      bitsbubba likes this.
    8. unseen
      unseen
      Thank you.
      I made a compare between the dump and the flash_482.hex, and found that the patch was written at addresses: C01E0 and 7C01E0.
      Are these 2 addresses the ROS0 and ROS1?
      The last 16 bytes of the patch at the first address is wrong. Everything else is the same.
      At address 3C0600 instead of:
      it is:
      If it's ok,than I will restart and apply the CFW?
      Last edited: Jan 30, 2018
    9. habib
      habib
      Yes it’s safe.
      One ros gets corrupted in process which is normal.
      The thing to compare would be that 3mb of data written matches that on flash_482.hex
    10. gosseux
      gosseux
      I have a cechg on rebug lite 4.82, wmm full is installed. I tried to dump using nand dumper several times but only get partial dumps of different sizes. I tried with different usb thumb drive. I also tried to dump using hdd version. I can only initialize hdd exploit if I disable cfw syscall. I dump twice the size is the same but the md5 is different. ! The check tool does not report any error on both dumps
    11. littlebalup
      littlebalup
      On NAND consoles dumps will be different each time because a part of the dump contains system partitions like dev_flash, etc and some data inside those are continuously updated (xregistry...).
      So if you compare your dumps in HxD, your dumps should be the same except from 0xD6CE070 to 0xD7233FF if I'm right.
      It is probably the same case with EMMC, maybe at different adresses.
      gosseux, sandungas and bguerville like this.
    12. Nebz
      Nebz
      So I have an OG LAUNCH MODEL Phat ps3, I installed the files on a usb drive as guides told me, i'm on the current firmware, i went to the redtrainer site... picked the NAND option as i have one. I clicked the "initialize exploitation" after five failed attempts It was succsesful.. then it says to proceed to patch nand flash... then i click the "Patch NAND flash memory" It froze on me twice before but hasn't froze this time but the process is going on an hour now... It notes the patch operation should only take a few minutes. Any ideas?
    13. falah1989
      falah1989
      done with slim CECH2501A
      the methoed v2 so easy
      thank you so much
      bguerville likes this.
    14. bguerville
      bguerville
      You are not actually saying which version of the exploit you are using. v1.0.or v2.0. v1.0 could freeze randomly however v2.0 would only freeze if something is wrong with the setup.
      And why would you go to a 3rd party website for starters anyway? You do what you want of course but that makes no sense to me especially that in the end you are asking us for support, not the 3rd party!
    15. Zoilus
      Zoilus
      on this new v2.0 update......for those people having issues with this reading the 482.hex file off of their usb, can you just put the 482.jpg file where it belongs via your usb, remove the usb, and using local server like miniweb...run the "index nor / nand hdd html" from the browser without being connected to the internet just through your home network like you would if the file was on your usb?

      or when you're online and you pick one of the hdd.html options, at the time when you initialize is it downloading something or using something located in your servers like a file we don't have that then allows you once done to run the patch? or is it the same .js file that comes with the exploit ...meaning doing what i described above would work via the local server method?
    16. bguerville
      bguerville
      Everything online is the same as what you can find in the local file archive available for download.
      If one sets up the files locally one can download the jpg file from the local Web server, there is no need for USB for this step.
      Except that miniweb server seems to have problems with serving picture files somehow. Use another server.
      bitsbubba likes this.
    17. Nebz
      Nebz
      After you do the final dump and final check, if you get a warning in the python check, how do you correct and fix it?
      Last edited: Feb 1, 2018
    18. bguerville
      bguerville
      If you have one ros corrupted & the other one is valid, then patching was fine & there is nothing to fix.
      If, and only if, both ros0 & ros1 are corrupted then you have a problem.
      bitsbubba likes this.
    19. Nebz
      Nebz
      So that's how it's supposed to be? It'll be fine to move on to the next step? I'll include an edited screenshot.

      Attached Files:

    20. bguerville
      bguerville
      Yes that's perfectly fine, the active ROS is ros1. Corruption of inactive ros0 hash is absolutely normal. It is safe to reboot & install cfw.

Share This Page