CFW Evilnat 4.91.2 released
Changelog
- Patched DEX kernel to bypass ambulance beep brick (DEX kernel loaded with CEX TargetID)
- Options [Convert to CEX/DEX] upgraded with more security to avoid issues
- Options [Enable/Disable Support for DEX OFW] upgraded with more security to avoid issues
- Added info about current external Cobra mode in [Cobra Information]
- Reverted original PlayStation Home message in XMB (Thanks to @DeViL303)
- Fixed error 80710A06 while downloading PKGs/webMAN MODs update from the XMB with VSH DEX
- Fixed xai_plugin italian translation (Thanks to Weeddaa3)
- Updated xai_plugin updater to v1.5
- Available xai_plugin update from the XMB
- Updated xai_plugin's "Enable FTP" and "Disable FTP" options with newer FTP server
- Added option "Show BD Drive Information" in [Basic Tools] in xai_plugin
- Updated PS1 and PS2 emulators
- Added option "Show PS3 Information" (Requested by Luanteles)
- The option "Cobra Information" now shows current stage2 and syscall 8
- Added PS1 and PS2 emulators researched and developed by mrjaredbeta and kozarovv
- Fixed Extended Download Plugin icons and xml files
- Fixed ".ntfs[PS3ISO]" format in Cobra while loading encrypted ISOs
- Added Extended Download Plugin by DeViL3O3
- Reverted CEX game_ext_plugin.sprx instead DEX to avoid issues with PS Plus
- Fixed external kernel check when using the option [Swap Kernel] in PEX/D-PEX
- Fixed random blackscreen while enabling QA Flags
- Updated advanced QA Flags (thanks to Zecoxao and Soul)
- Fixed 0x800299D2 error code and blackscreen (Blu-ray/DVD playback in CEX/DEX mode)
It's been many months of development, research and testing, but it's finally here
Apart from the improvements mentioned above, I will talk about the most important ones for me, but I want to add more things and features in future releases like rap2bin - bin2rap by
@esc0rtd3w in Cobra 8.5, try to patch DVD Movie region completely and more
All tests about to bypass "ambulance beep brick" while DEX kernel is loaded with CEX TargetID have been successfully completed and it is working fine, thanks to
@Pusch3l for testing it!
To patch it, you need to decrypt
4.84 DEX lv2_kernel.self and patch the following:
Offset: 0x283A7C
Original Value: 0xE86219787C0802A6
Replace with: 0x386000004E800020
(return 0)
This will replace the whole function to return 0 instead of making the PS3 beep and shut down, making it no longer brick when converting to CEX without changing the Kernel. This function is only present on DEX Kernels
The error code
80710A06 is a
SSL connect handshake error, DEX VSH does not have any reference to a valid certificate authority (CA) from the file CA_LIST.cer
This is the data I have researched:
- Github and other URLs: Uses DigiCert Global Root G2 in CA_LIST.cer, in this case to download PKGs from Github
- DEX vsh.self file has no reference to this certificate (CEX does have it)
- We need to add DigiCert Global Root G2 hardcoded in DEX vsh.self in an offset with enough space
If we open DEX vsh.self (4.84) in a HEX Editor and we go to the offset 0x703A20, we can see info about the last CA available in CA_LIST.cer (Security Communication RootCA3) in 4.84 DEX.
Offset 0x703A20 - Value 0x6A8EA0: Reference to
/dev_flash/data/cert/CA_LIST.cer
Offset 0x703A24 - Value 0x372B: Offset where starts the certificate in CA_LIST.cer, in this case Security Communication RootCA3 (-----BEGIN CERTIFICATE-----)
Offset 0x703A28 - Value 0x0x07D0: Certificate size
Offset 0x703A2C - Value 0xBC3436AAEB3459A7AAB55B5614467BB7E3B43AB5: SHA1 hash (Thanks to
@aldostools for checking it)
Offset 0x703A40 - Value 0x6F7454B3: Unknown (CRC32?)
Luckily, the next 0x28 bytes in offset 0x703A50 are available and are enough to be able to add the reference
It would look like this:
Now with
DigiCert Global Root G2 data added, Github/Github.io pages (example: Unnoficial Flash Writer) and downloads (example: webMAN MOD or xai_plugin update) are now working again, I have only tested it there, if any error appears please contact me
Download
