PS3 4.81 STARBUCKS COBRA 7.40 CFW by Habib

The PlayStation 3 Custom Firmware developer who has a focus on bringing new features to CFW is here with a new release for 4.81. Developer @habib has released 4.81 STARBUCKS COBRA 7.40 CFW , with an updated COBRA payload that has some interesting advancements such as a new syscall (15) added to execute any LV2 Internal function, as habib explains this will allow devs to execute their own payload at a specific address. Other details and feature about Cobra 7.40 update can be seen in the "Cobra 7.40" tab. Other features such as Cinavia protection removed so you can digitalize your personal collection without intrusion this handles all content from HDD, BDMV & BDVD, Habib cover's the new additions in the details provided..
​

-STLcardsWS​

​

Starbucks 4.81 About COBRA v7.40

• 
  
  
  4.81 STARBUCKS [w/ COBRA v7.40] CFW
  by @habib​
  
  CHANGELOG:
  
  1. MADE OUT OF 4.81 OFW
  2. HAVE INSTALL PACKAGE FILES AND APP_HOME
  3. HAVE reActPSN COMPATIBILITY
  4. PATCHED LV0 TO DISABLE ECDSA CHECK
  5. PATCHED LV2 TO ADD PEEK/POKE SUPPORT
  6. PATCHED LV1 TO DISABLE LV2 PROTECTION
  7. PATCHED LV1 TO ADD PEEK/ POKE SUPPORT
  8. IT CAN RUN GAMES SIGNED WITH KEYS UP TO 4.81
  9. CAN BE UPDATED OVER ANY CFW.
  10. CAN BE UPDATED OVER 3.55 OFW
  11. NOT ADDED NO BT/BD PATCHES
  12. RSOD BYPASS
  13. REACTPSN OFFLINE PATCH ADDED
  14. BETTER SYSTEM STABILITY
  15. REMOVED CINAVIA DRM FOR HDD CONTENT
  16. REMOVED CINAVIA FOR BDMV
  17. REMOVED CINAVIA FOR BDVD
  18. QA FLAG ENABLED BY DEFAULT IF PS3 WAS QA ON 3.55
  19. COBRA 7.40
  20. SYSTEM ACTS AS A COMPLETELY NORMAL CFW WHEN COBRA DISABLED
  21. FSELF COMPATIBILITY ADDED
  22. PATCHED DOWNLOAD PLUGIN FOR DEX PKGS(FOR E.G XMBPD)
  23. ENCHANCED REMOTE PLAY
  24. REMOTE PLAY SFO FLAG OBSOLETE
  25. NO EPILEPSY WARNING
  26. SYSCALL 15 ADDED TO EXECUTE ANY LV2 INTERNAL FUNCTION​
  UPDATE (v1.01) - day zero 1.01 update released.
  
  • fixed ps2 issue and whats new psn
  
  wanna buy me cookie?
  
  • btc:1GuLwCtL15gudk4MszwJLLUbLJ2QBeAt8f
• 
  COBRA 7.40 Changes:
  
  1. stage0_base updated for faster boot timings
  2. no more debug texts overwritten for devs
  3. syscall 15 added
  4. updates hashes to cobra internally​
  
  UPDATE HASH:
  
  • Make a text file named hash_recheck.txt
  • inside the file put new hashes in format filename:hash per line(e.g vsh.self:a0000101002e6534)
  • paste this file at /dev_hdd0/hash_recheck.txt
  • reboot ps3 and then reboot again
  SYSCALL 15:
  
  • allows calling of any lv2 internal function like internal memcpy to dump lv2. e.g(memcpy(dst, source, size, symbol)
  • this also allows developers to execute their own payload at an address e.g you paste payload at 0x3d98 and then execute through sc15
  • example has been attached with new include file named "sc10_15.h"
  OTHER CHANGES COMPARED:
  
  • with ALL the current cobra cfw released they have a stage0 bug which overwrites another function stack, which could cause instability
  • one i checked didnt had hdd cinavia patched, this has it done

Download: 4.81 STARBUCKS COBRA v7.40
MD5：15660d36c3aa5197c97c87643acdca3c
​

 

the token consists of idps
also i think i made it so idps is read from eid5, not sure if qa will even work after idps change

That was it yes
Qa didn't always work after the change. Sometimes toggle had to be re-run.
But it didn't always turn off
This was before you made your toggle's
It was when I was doing simplifying the cex -dex conversion steps using idpset before it was put into toolbox
so it was the target part of the idps that was changing not the rest.

So I understand it that it reads the idps
Puts it inside the token
Sets the token in place
Token matches the idps of the console and shows the debug settings
So when it stops matching the debug settings don't show



Sent from my iPhone using Tapatalk

 

So to be clear guys, using idpset to set a different idps permanently in eid5 WOULD disable QA as a direct result for sure?

Habibs toggles are looking at eid5

Rebug 355 toggle and the option in toolbox may be also be looking at eid5 also but I think there looking at eid0
But either way you change both when you perm change your idps
And you change just eid0 when you change target for dex conversion
(So with that in mind it makes more sense that toolbox is also looking at eid5)

But yes
Permanently change your idps and it resets the toggle


Sent from my iPhone using Tapatalk

 

Habibs toggles are looking at eid5

Rebug 355 toggle and the option in toolbox may be also be looking at eid5 also but I think there looking at eid0
But either way you change both when you perm change your idps
And you change eid0 when you change target for dex conversion
(So with that in mind it makes more sense that toolbox is also looking at eid5)

But yes
Permanently change your idps and it resets the toggle


Sent from my iPhone using Tapatalk

Eid5 has never been used for token verification according to CMX


Sent from my iPhone using Tapatalk

 

It does work xD the signature is ignored anyways, it toggles and does its feature regardless


Sent from my iPhone using Tapatalk

signature is generated separately and is entirely different.
token consists:
1.idps
2.flags
3.hmac
4.signature.
and then it is encrypted and stored in eeprom and the bit to check the flag is set on
I'm not entirely sure that qa would work in dex or if idps is changed, I think it wont because eid0 section0 idps wont match with the one set in token

and I THINK setting qa in dex with dex idps will cause brick, idk if true

 

Habibs toggles are looking at eid5

Rebug 355 toggle and the option in toolbox may be also be looking at eid5 also but I think there looking at eid0
But either way you change both when you perm change your idps
And you change just eid0 when you change target for dex conversion
(So with that in mind it makes more sense that toolbox is also looking at eid5)

But yes
Permanently change your idps and it resets the toggle


Sent from my iPhone using Tapatalk

untrue
idps is encrypted in eid0
no one saw unencrypted eid5 but Its almost certain to have idps inside too

 

signature is generated separately and is entirely different.
token consists:
1.idps
2.flags
3.hmac
4.signature.
and then it is encrypted and stored in eeprom and the bit to check the flag is set on
I'm not entirely sure that qa would work in dex or if idps is changed, I think it wont because eid0 section0 idps wont match with the one set in token

and I THINK setting qa in dex with dex idps will cause brick, idk if true

Well the only way to brick = 4.30+ ofw on converted retail, but @zecoxao and I did weird stuff with dex leaves that allowed my retail to install dex ofw 4.30+


Sent from my iPhone using Tapatalk

 

Well the only way to brick = 4.30+ ofw on converted retail, but @zecoxao and I did weird stuff with dex leaves that allowed my retail to install dex ofw 4.30+


Sent from my iPhone using Tapatalk

because of lv1ldr patch

 

because of lv1ldr patch

Yeah but dex ofw 4.30+ doesn't have it patched, weird thing though, I've never got brick while on cex ofws, regardless of its qa token being legit or not (perma idps change)


Sent from my iPhone using Tapatalk

 

untrue
idps is encrypted in eid0
no one saw unencrypted eid5 but Its almost certain to have idps inside too

I know that's why you need the eeid key

Yes eid5 has idps. When you change your idps in idpset you can save to just eid0 or both eid0 & eid5
Then you can use eid5's idps to get online as a cex console on dex console
If you don't save it to eid5 then when you try to get online with eid5 your still banned.
Or have I misunderstood your reply completely? It's very late for us both


Sent from my iPhone using Tapatalk

 

Hi Guyz.

I have read the whole thread.
I have tried to reproduce the thing with "QA-Flag, QA-Re-flag"...


My PS3-System:

- PS3 Slim 2K:
- CECH-2504
- Date-Code: 0D
- Motherboard: JSD-001
- Intact PS3-NOR-CHIP --> No RSoD
- Mod: E3-Flasher with E3-Linker
- 2 valid IPDS's (one in PS3-NOR and the second for PSN Patch 2015.11/A)
- 2 local users, for each user a valid PSN-Axx
- REBUG_4.80.1_REX_COBRA_7.3 (currently: CEX-Mode & COBRA-Mode)
- Twice CFW-Installation: (ROS0: 480.000 & ROS1: 480.000)
- Done with "Custom Firmware Tools": "Check File System" & "Rebuild Database"
- Latest WebMan-Mod (Full)
- Latest MultiMan

I am thinking, that there is a potentially bug with QA-Toggle.
@jonnie. Maybe there would be another (better, more logically) possibility, i don't know.


I will try it to explain:

When i disable "Toggle QA Flag" in Rebug Toolbox, i can still see the "Debug Settings" and the activated "System Update Debug" but i can't see "Update via System Storage" and "Delete Update Data on System Storage".

When i enable "Toggle QA Flag" in Rebug Toolbox, i can see all these functions, as you guyz allready said.

Ok, we can change the "XMB Operation Mode" from "Debug" to "Retail" in Rebug Toolbox. Then the "Debug Settings" will optically disappear. Then we are able to make the button combo (Network-Settings) after every new boot and "Debug Settings" come optically back (together with "Edy Viewer" and "Install Package Files").


Sorry for my bad english...

Greetingz to you, Guyz.

 

And the images of your consoles hardware help how?
No offence but come on there is no need for the post bloat


Sent from my iPhone using Tapatalk

 

Hi Guyz.

I have read the whole thread.
I have tried to reproduce the thing with "QA-Flag, QA-Re-flag"...


My PS3-System:
View attachment 7530 View attachment 7531 View attachment 7532 View attachment 7533 View attachment 7534 View attachment 7535 View attachment 7536 View attachment 7537 View attachment 7538 View attachment 7539 View attachment 7540 View attachment 7541
- PS3 Slim 2K:
- CECH-2504
- Date-Code: 0D
- Motherboard: JSD-001
- Intact PS3-NOR-CHIP --> No RSoD
- 2 valid IPDS's (one in PS3-NOR and the second for PSN Patch 2015.11/A)
- 2 local users, for each user a valid PSN-Axx
- Mod: E3-Flasher with E3-Linker
- REBUG_4.80.1_REX_COBRA_7.3 (currently: CEX-Mode & COBRA-Mode)
- Latest WebMan-Mod (Full)
- Latest MultiMan

I am thinking, that there is a potentially bug with QA-Toggle.
@jonnie. Maybe there would be another (better, more logically) possibility, i don't know.


I will try it to explain:

When i disable "Toggle QA Flag" in Rebug Toolbox, i can still see the "Debug Settings" and the activated "System Update Debug" but i can't see "Update via System Storage" and "Delete Update Data on System Storage".

When i enable "Toggle QA Flag" in Rebug Toolbox, i can see all these functions, as you guyz allready said.

Ok, we can change the "XMB Operation Mode" from "Debug" to "Retail" in Rebug Toolbox. Then the "Debug Settings" will optically disappear. Then we are able to make the button combo (Network-Settings) after every new boot and "Debug Settings" come optically back (together with "Edy Viewer" and "Install Package Files").


Sorry for my bad english...

Greetingz to you, Guyz.

Debug vsh has that debug setting auto enabled, regardless of qa flagging, however system update debug doesn't work properly when it's not toggled.

Basically you won't be able to update from pups inside dev_hdd0


The thing about debug setting is not a bug at all


Sent from my iPhone using Tapatalk

 

And the images of your consoles hardware help how?
No offence but come on there is no need for the post bloat


Sent from my iPhone using Tapatalk

I have deleted the images.

 

Debug vsh has that debug setting auto enabled, regardless of qa flagging, however system update debug doesn't work properly when it's not toggled.

Basically you won't be able to update from pups inside dev_hdd0


The thing about debug setting is not a bug at all


Sent from my iPhone using Tapatalk

Yes, i understand. Thanks.

 

I know that's why you need the eeid key

Yes eid5 has idps. When you change your idps in idpset you can save to just eid0 or both eid0 & eid5
Then you can use eid5's idps to get online as a cex console on dex console
If you don't save it to eid5 then when you try to get online with eid5 your still banned.
Or have I misunderstood your reply completely? It's very late for us both


Sent from my iPhone using Tapatalk

You cant change eid5 except the idps header
And i dont think eid5 is ever used in ps3
I think eid0 section 0 idps changing alone will allow you to go online

 

Yeah but dex ofw 4.30+ doesn't have it patched, weird thing though, I've never got brick while on cex ofws, regardless of its qa token being legit or not (perma idps change)


Sent from my iPhone using Tapatalk

That brick occurs when console has dex target id and eid0 section 0 ecdsa check is failed

 

So was it saying it was already enabled in your case and you assumed it was enabled, fair assumption, or did you not check it and assume it was enabled but really it was disabled and said it was disabled?

Yes, the first one, i saw that it was enabled. I changed it when noobzilla suggested to disable it and enable it again.

 

Yes, the first one, i saw that it was enabled. I changed it when noobzilla suggested to disable it and enable it again.

Yeah that's what I thought. Seems this has happened to a few people.

 

That brick occurs when console has dex target id and eid0 section 0 ecdsa check is failed

Yeah but you don't know what @zecoxao did to make that ecdsa check passed on my retail converted xD last ofw I tested was DEX OFW 4.78


Sent from my iPhone using Tapatalk

 

Yeah but you don't know what @zecoxao did to make that ecdsa check passed on my retail converted xD last ofw I tested was DEX OFW 4.78


Sent from my iPhone using Tapatalk

Id actually love to hear on that lol

EDIT:
A legit leaf from dex
Obviously would work due to ecdsa sig true