PS3 Interested in Developing a Simple PS3 CFW (Educational Purpose)

[ChompMike]

Hey everyone!

I'm really interested in creating a simple CFW for educational purposes and would love to exchange ideas with experienced developers.

A bit about me: I got into PS3 modding in 2013 at 12 years old, downgraded my PS3 with an E3 Flasher, and installed Rogero 4.50 as my first CFW. I later experimented with DEX (Rebug 4.46 D-REX), studied PS3's flash files, and learned a lot along the way. However, life took me in a different direction, and I ended up studying economics. Now, at 24, I'm finally coming back to what I love—software and development.

My goal isn't to replace existing great CFWs (shoutout to Evilnat for his amazing work), but to better understand the system, even if it means bricking a console or facing major challenges.
I know this is a long and complex journey, but I'm willing to put in the time and effort. If any experienced developers have guidance, resources, or advice on how to start, I'd greatly appreciate it.

Looking forward to learning from you all!

 

[esc0rtd3w]

You could try playing around with MFW builder to start. It will give you a good idea of the various patches, etc.

The pros, like @Evilnat and @Joonie do the process manually, which is quite complex if you dont know what you're doing. Its beyond me.

 

[ChompMike]

Hello esc0rtd3w! Thank you for replying!

The pros, like @Evilnat and @Joonie do the process manually, which is quite complex if you dont know what you're doing. Its beyond me.

I'd like to dive deep into the manual process, to better understand the whole process, from the extraction of the .pup file, to patching the necessary files, adding custom plugins (xai, cobra) etc.

My first goal is to simply create a cfw with just the basics, meaning the execution of unsigned code (homebrew, backups), reveal the install package files and app_home folders, and allow the installation of any fw via storage media (like any cfw bypasses this check).

Of course, i'll try the MFW builder as you said, even though i have a bad experience with it, an experience i didn't mention in order to not make the initial post very long: i ended with a brick, but that was back when i was 14 years old so i wasn't mature enough to do proper research on the matter.

Thanks again!

 

[SpyroMancer]

I would like to do that too
Problem is that mfw builder has no recent tutorials.

I can't find a recent one that uses an official update from Sony, with steps to make it as a standard cfw.

 

[aldostools]

I suggest the following path:

0- Read all you can about PS3 on psdevwiki.com (psdevwiki is my shepherd; I shall not want )
1- Get MFW builder and try to build simple CFWs based on the patches already provided by the tool.
(To save some time and prevent some bricks, test the generated CFW using RPCS3 before install it on a real PS3)
2- Study the FW structure decrypting the PUP with PUAD GUI
(Specially CoreOS, dev_flash files, tar files, syscon, spkg, UPL, etc.)
3- Learn how to unself, patch self files and resign selfs using scetool and other tools.
4- Learn and understand about syscalls, LV1 (hypervisor), LV2 (kernel), vsh
Use psdevwiki.com, leaked documentation from official SDK, etc.
5- Modify the selfs yourself and apply them the your PUP or directly to dev_flash, CoreOS, etc.
(Here is a good set of patches to try. https://www.psdevwiki.com/ps3/Patches)
6- Learn and understand about internal flash memory of PS3, ros0/ros1 areas, flash writer, etc.
https://www.psdevwiki.com/ps3/Flash
https://github.com/littlebalup/PyPS3tools
https://ps3toolset.com
https://github.com/aldostools/flashwriter
7- Learn and understand how to create HFW and dual boot firmwares.
8- Learn and understand about Cobra payload
https://github.com/Evilnat/Cobra-PS3
9- Learn and understand about PS3HEN payload
https://github.com/ps3xploit
https://github.com/PS3Xploit/PS3HEN

Once you domain all these topics, you will be at 10% of the level of Joonie, Evilnat, Bguerville, etc.

 

[ChompMike]

Hello Aldo! First of all, thank you for everything you've done (and still doing) for the PS3 scene!

Besides step 3, which i tested it with vsh (self -> elf -> self, just for testing, without tweaking anything) i have to do lots of studying!

I've though about testing it in rpcs3, but i didn't know if it would be a good way to tell if the fw is bootable, mostly because i've had the impression that it depends on the PS3 model, so thanks for mentioning that!

Once you domain all these topics, you will be at 10% of the level of Joonie, Evilnat, Bguerville, etc.

About that, i think you've meant 1% of their level

I'll be back when i do everything you've mentioned. Many thanks!!!

I suggest the following path:

1- Get MFW builder and try to build simple CFWs based on the patches already provided by the tool.
(To save some time and prevent some bricks, test the generated CFW using RPCS3 before install it on a real PS3)

Hello! So, i've tried to build a CFW out of OFW, using MFW builder, but i always encounter errors in the process, such as "couldn't patch applrd - or lv0 -, patchtool.exe - or scetool.exe - failed (invalid argument)".

I tried with 4.91 OFW and 3.55 OFW (because i thought that MFW builder is outdated and couldn't patch certain versions after some point), but i encountered the same issue.

Note that i had the latest ps3keys folder (up to 4.91), and named the path properly.

Any help would be great at this point.

Eventually, i've got it working, created a CFW out of OFW 3.55, and i tested it on RPCS3. The outcome was for the rpcs3 to display "The PS3 application has likely crashed...", so i guess i messed up with the patches. I'll test them more, until i figure which one are supposed to be applied.

Last but not least, i've dedicated my whole day studying PS3 Dev Wiki, specifically the patches section as you mentioned, because for the last month i've been studying lot's of things on PS3 Dev Wiki [file formarts mostly (e.g self & sprx files) and some things from the system software and development sections of the site].

I've also extracted the 4.91 OFW PUP using PUAD to see the FW structure, and i've noticed that the program gives you the ability to decrypt the contents immediately, without the use of an other tool (e.g scetool, if im correct), so you end up with decrypted files that you can work right on (e.g lv0). Also, i've noticed that there is a lv0.2 file, which i guess is ignored by the PS3's that are earlier than December 2010 (25xxB, exlcuding the particular batches that could be jailbroken, like mine, which is CECH-2504B, 0C).

TL : DR;
Created a CFW out of OFW 3.55, but it doesn't work. I'll test the patches to figure out which ones should be applied.

Until next time!

Ok, so... here i am again, with more news regarding the MFW builder. First of all, it seems that the problem wasn't the 3.55 CFW, but the fact that RPCS3 doesn't support such a low version (i think the lowest it can be installed is 4.82). The way i figured this out is by install the 3.55 OFW, and then the 4.50 OFW. So i tried again with 4.91, and it worked! Well, kinda...

Here's the thing:

1) The Install Package Files and the app_home folders are present, but they are on top of everything else in the Game column

2) When i launched VSH, there was lots of flickering, and the aspect ratio was disproportionate (like the display had a stroke). I had to go over to settings and select the HDMI option, something that not only isn't necessary in rpcs3, but it is strongly adviced to not mess with the display settings!

3) Something is really off. As you can see in the picture above, the wave of the XMB doesn't work properly. This happens after running multiMAN (see below). After rebooting RPCS3, the wave is just fine

(for some reason, i can't see the pics while editing the post, so here is the link for the second screen shot: https://prnt.sc/gs9LQHkBeyD1).

The good thing is that i can install pkg files when i put them in dev_usb000 folder in rpcs3 (which mimicates the usb port of a PS3), but when i try to run them, i end up with an error code (80010002), even though i've selected the patch to run unsigned code. I don't really know though if it could be the case that i'm trying to run the homebrew apps through the emulator.

My goal for now is to figure out what has gone wrong, and after that, i'll see the patches that make the CFW (MFW) run like a usual simple CFW, so i can study the applied patches and do them manually in the extracted 4.91 PUP.

Hey everyone! I'm here to report my progress on the matter, if anyone would like to know!

So, as i've said previously, i made a build of a 4.91 MFW out of OFW, which had some problems, but it was something to get me going (trying to figure what pacthes should be applied).

Then i moved a bit further, and tried to apply the same patches manually, with the help of my dear friend, Google and PS Dev Wiki...
Of course, i don't have the experience to seek the hex values that need to be patched on my own, but at least i've got the idea how the process goes manually, and applied the known patches that already exist.

Now i'm at the stage that i've left some files unpatched, just to try to patch them on my own (i guess i won't be able to figure out the necessary patches right on, but i have to try). Then i'll move to the repack of the pup and install on RPCS3 for testing.

Any further tip would be really appreciated guys!

P.S: I'm posting updates here in order to avoid cluttering the main wall of the starting line. I trust this is acceptable.

 

[SpyroMancer]

Hello Aldo! First of all, thank you for everything you've done (and still doing) for the PS3 scene!

Besides step 3, which i tested it with vsh (self -> elf -> self, just for testing, without tweaking anything) i have to do lots of studying!

I've though about testing it in rpcs3, but i didn't know if it would be a good way to tell if the fw is bootable, mostly because i've had the impression that it depends on the PS3 model, so thanks for mentioning that!



About that, i think you've meant 1% of their level

I'll be back when i do everything you've mentioned. Many thanks!!!



Hello! So, i've tried to build a CFW out of OFW, using MFW builder, but i always encounter errors in the process, such as "couldn't patch applrd - or lv0 -, patchtool.exe - or scetool.exe - failed (invalid argument)".

I tried with 4.91 OFW and 3.55 OFW (because i thought that MFW builder is outdated and couldn't patch certain versions after some point), but i encountered the same issue.

Note that i had the latest ps3keys folder (up to 4.91), and named the path properly.

Any help would be great at this point.

Eventually, i've got it working, created a CFW out of OFW 3.55, and i tested it on RPCS3. The outcome was for the rpcs3 to display "The PS3 application has likely crashed...", so i guess i messed up with the patches. I'll test them more, until i figure which one are supposed to be applied.

Last but not least, i've dedicated my whole day studying PS3 Dev Wiki, specifically the patches section as you mentioned, because for the last month i've been studying lot's of things on PS3 Dev Wiki [file formarts mostly (e.g self & sprx files) and some things from the system software and development sections of the site].

I've also extracted the 4.91 OFW PUP using PUAD to see the FW structure, and i've noticed that the program gives you the ability to decrypt the contents immediately, without the use of an other tool (e.g scetool, if im correct), so you end up with decrypted files that you can work right on (e.g lv0). Also, i've noticed that there is a lv0.2 file, which i guess is ignored by the PS3's that are earlier than December 2010 (25xxB, exlcuding the particular batches that could be jailbroken, like mine, which is CECH-2504B, 0C).

TL : DR;
Created a CFW out of OFW 3.55, but it doesn't work. I'll test the patches to figure out which ones should be applied.

Until next time!

Ok, so... here i am again, with more news regarding the MFW builder. First of all, it seems that the problem wasn't the 3.55 CFW, but the fact that RPCS3 doesn't support such a low version (i think the lowest it can be installed is 4.82). The way i figured this out is by install the 3.55 OFW, and then the 4.50 OFW. So i tried again with 4.91, and it worked! Well, kinda...

Here's the thing:

1) The Install Package Files and the app_home folders are present, but they are on top of everything else in the Game column

2) When i launched VSH, there was lots of flickering, and the aspect ratio was disproportionate (like the display had a stroke). I had to go over to settings and select the HDMI option, something that not only isn't necessary in rpcs3, but it is strongly adviced to not mess with the display settings!

3) Something is really off. As you can see in the picture above, the wave of the XMB doesn't work properly. This happens after running multiMAN (see below). After rebooting RPCS3, the wave is just fine

(for some reason, i can't see the pics while editing the post, so here is the link for the second screen shot: https://prnt.sc/gs9LQHkBeyD1).

The good thing is that i can install pkg files when i put them in dev_usb000 folder in rpcs3 (which mimicates the usb port of a PS3), but when i try to run them, i end up with an error code (80010002), even though i've selected the patch to run unsigned code. I don't really know though if it could be the case that i'm trying to run the homebrew apps through the emulator.

My goal for now is to figure out what has gone wrong, and after that, i'll see the patches that make the CFW (MFW) run like a usual simple CFW, so i can study the applied patches and do them manually in the extracted 4.91 PUP.

Hey everyone! I'm here to report my progress on the matter, if anyone would like to know!

So, as i've said previously, i made a build of a 4.91 MFW out of OFW, which had some problems, but it was something to get me going (trying to figure what pacthes should be applied).

Then i moved a bit further, and tried to apply the same patches manually, with the help of my dear friend, Google and PS Dev Wiki...
Of course, i don't have the experience to seek the hex values that need to be patched on my own, but at least i've got the idea how the process goes manually, and applied the known patches that already exist.

Now i'm at the stage that i've left some files unpatched, just to try to patch them on my own (i guess i won't be able to figure out the necessary patches right on, but i have to try). Then i'll move to the repack of the pup and install on RPCS3 for testing.

Any further tip would be really appreciated guys!

P.S: I'm posting updates here in order to avoid cluttering the main wall of the starting line. I trust this is acceptable.

Very interesting thread.

Ρε φίλος, δικός μας εισαι; Χαχχαχα . Καλησπέρα. Στείλε μήνυμα αν ψήνεις για να βγάλουμε καμία άκρη. Προσπάθησα να σου στείλω, αλλά δεν με άφηνε.

Hey friend, are you one of ours? Hahahaha. Good evening. Send a message if you're baking so we can figure something out. I tried to send you one, but it wouldn't let me.

 

[ChompMike]

Ρε φίλος, δικός μας εισαι; Χαχχαχα . Καλησπέρα. Στείλε μήνυμα αν ψήνεις για να βγάλουμε καμία άκρη. Προσπάθησα να σου στείλω, αλλά δεν με άφηνε.

Hello fellow compatriot! Add me on PSN to have a nice talk!

I don't see where there is an option to send a message, so I'm writing to you here hahaha! If you want, add me on PSN. MikelDaGod let's talk from PS4/PS5. PS. I'm also writing this in English so that people can know what we're writing.

Καλησπέρα συμπατριώτη! Δεν βλέπω που υπάρχει η επιλογή για αποστολή μηνύματος, οπότε σου γράφω εδώ πέρα χαχαχ! Αν θες βάλε με στο PSN. MikelDaGod να τα πούμε από PS4/PS5. ΥΓ. Το γράφω και στα Αγγλικά ώστε να μπορούν οι άνθρωποι να ξερουν τι γράφουμε.

Good evening fellow countryman! I don't see where there is an option to send a message, so I'm writing to you here hahaha! If you want, add me on PSN. MikelDaGod let's talk from PS4/PS5. PS. I'm also writing this in English so that people can know what we're writing.​

Moderator edit: Please also include an English translation in future posts, as seen above. Google Translate which I used here, is fine. I know earlier posts in the thread have been in English, but it's just so it allows other members to understand every post Thank you.

 

[Charles_n_town]

afaik, rpcs3 isn't the best way to test out a new cfw, because I don't believe it uses the core os of the firmware package, which would probably be the highest degree of a brick.

 

[ChompMike]

afaik, rpcs3 isn't the best way to test out a new cfw, because I don't believe it uses the core os of the firmware package, which would probably be the highest degree of a brick.

I guess you are right. Did a little research when i saw your comment and it seems that RPCS3 only loads the dev_flash of the firmware you install, so if you the mess up while patching the core os, you'll probably not be able to tell. I guess i'll have to get a new e3 flasher when i'm done with my little project to test it on my PS3 for real.

Btw, since i'm here, i'd like to ask a question to the developers, if they see this message. As i've said before, i'm currently it the stage of having the lv2.elf (decrypted) under inspection. I'm examining it in Ghidra, and it's really hard to tell what should be patched, especially when i have the lv2 as the starting point (since i did everything else using known patches from the internet, without analyzing the elf files further). Should i be looking for things to disable (replacing a value with 60 00 00 00 for example to disable a check) or(/and) something else? What the code should be looking like? I know this kinda defeats the purpose of creating MY OWN custom firmware, and honestly, congrats to the developers that figure all that on their own, but the first step for me is to learn the process of applying what you know you should apply, not to know what you apply. This is gonna be step 2, in which i should be asking minimum to none questions.

PS to the moderators: I'm sorry about the last comment. Next time, i'll provide a full translation of what i'm saying

 

[Charles_n_town]

A lot of patches are on a page on psdevwiki. I think they're on the mfw builder page, but it's been a while. I also don't know if it has all of them you'll need.