PS3 Ps3Xploit - An Expert's Guide from OFW to CFW (by aldostools) + A Simple Rebug CFW Install

Since the release of Ps3Xploit (NOR /NAND Flash Writer) that allowed for some PS3 Consoles to install CFW directly from 4.82 OFW there has been some user's having issue understanding the installation process, mostly from not reading or overthinking the steps. Sometimes is just needs to be explained a bit differently so new users understand some steps a bit more clearly. Plus, Thibobo has made a minor edit to 4.81.2 REBUG REX so the CFW be installed from 4.82 after executing the Ps3Xploit (without toggling QA) .Below you will see two tabs, the first one if the guide by Aldostools with the 2nd one being information about REBUG REX 4.81.2, the CFW of choice for many in the homebrew community. Its long history of being a safe stable & reliable firmware makes it an easy choice,with innovation behind the CFW in every release as well.. While it can be a very complexed firmware , it can also be very simple (standard like) CFW. To keep simple, its an easy, Just don't install the Rebug Toolbox (pkg) if that is what you pefer, but if you want to unlock the potential, install the REBUG TOOLBOX and you can toggle various settings & patches (more info on the CFW features can be found @ www.rebug.me). Hopefully this post and guide will make your OFW to CFW transition a bit more enjoyable..

(VIEW TABS BELOW)

​

>>>>>>>> UPDATE (IMPORTANT) <<<<<<<<<<< Step 1 - Exploiting your PS3 with PS3Xploit Step 2 - Installing REBUG REX CFW

• 
  
  UPDATE:
  THIS GUIDE IS for PS3XPLOIT V1, the process/exploit has changed & Improved for PS3Xploit v2.0, please view v2.0 before proceeding: >>>> LINK to v2.0​
• 
  
  PS3 Developer @aldostools has provided a great tutorial that is extremely Noob Friendly written by an experienced and very knowledge PS3 developer so no better person to get you started on your CFW Journey. ​
  
  A First confirm with MinChkVer PUP that your console is compatible.
  
  • If your console is Super Slim or if it shows a min version equal to 3.60 or higher, your console is NOT compatible, and you will brick your console if you continue with the following steps.
  • If it shows 3.56 or a lower version, you can continue.
  
  B MAKE SURE that you put flsh.hex in the root of a pendrive and you inserted it in the port closest to the BD drive and that that the external device is visible on XMB on the music/video/picture column.
  
  • If the device does not show, the PS3 will freeze when you run the exploit. Restart the console and everything will be fine.
  • For a safest process, verify that the MD5 of flsh.hex on your USB is 8E156C99101BF36EC3EDB832982AE46D
  
  C Server Setup:
  
  1-Extract the zip file of NAND/NOR Writer for 4.82 in a folder on the desktop
  2-Open the folder and create a new folder named: htdocs
  3-Select the files "nand-482.html", "nor-482.html" and "xp_rel_writer10.js", CUT the files and PASTE them inside the folder htdocs
  4-Run miniweb.exe server. Allow access it if your firewall prompts for it.
  5- Access the server from the PS3 browser using the IP shown as host in the server window. Example: http://192.168.1.123:8000​
  
  
  Or skip all these steps and simply use http://redthetrainer.com/ps3/ from the PS3 browser.​
  
  D Set the url for the nand or nor html as home page of the PS3 browser, clean the cache, close the browser and open it again.
  
  E Click the button and wait until the process complete and the PS3 shutsdown. It should take no more than 10 minutes. DO NOT STOP the process once it starts.
  
  If it takes more than 10 minutes or show success without turn off, restart the console and repeat the process.
  
  F If success, put any CFW 4.82 or Rebug 4.81.2 with Syscon 4.82 (See Next Tab for Additional Rebug CFW details) on PS3/UPDATE/PS3UPDAT.PUP in your usb drive an install it from XMB or recovery.
  
  • 
    
  • Remember to eject any DISC from the Bluray drive before install CFW.
    
  • Once in CFW, enable the QA Flags... it will be useful if you need to change CFW later.
    
  • Also install Rebug Toolbox and get your eid_root_key as one of the first things.
    
  • Create a new user without PSN and set it as default user. It will prevent accidental auto-login that could cause a ban from PSN.
    
  • Never login to PSN with syscalls enabled... Always use SEN Enabler, PSNpatch or webMAN MOD to disable the syscalls before play online.
    
  • Do not cheat if you go online and enjoy CFW!
• 
  
  
  
  This is an UNOFFICIAL RE-RELEASE of 4.81.2 REBUG REX,
  Thibobo edited the version syscon from 4.81 to 4.82 so PUP could easily install for user's o 4.82 after exploiting vi PS3Xploit's webkit hack.​
  
  
  
  ​
  FEATURES FOR REBUG REX 4.81.2
  
  • Unofficial Feature: Firmware Syscon Version edited to 4.82 - (Allows for installation on 4.82, useful for installing from 4.82 after executing PS3Xploit + Nor/Nand Writer ) - Thibobo
    
  • FEATURE – Dual LV2 Kernels CEX/DEX - (Swap your EID0/LV2 kernel using Rebug Toolbox in seconds)\
  • FEATURE – ALL Retail functions available in CEX mode - (No need to install different firmware)
  • FEATURE – ALL Debug functions available in DEX mode - (No need to install different firmware)
  • FEATURE – FULL ProDG Connectivity in DEX mode - (Full Support on both Normal mode and Cobra mode)
  • FEATURE – QA Token compatibility
  • FEATURE – OtherOS++ support enabled - (Use Rebug Toolbox to Boot OtherOS with different LV1 patches)
  • FEATURE – Package Manager - (Replacement for the standard 'Install Package Files' option)
  • FEATURE – FSELF compatibility - (Fake Signed ELF is supported on both CEX and DEX modes.)
  • INCLUDED – Rebug Toolbox 2.02.12 *UPDATED - (Install included Rebug Toolbox or higher for full compatibility)
  • PATCHED – Appldr: LV2 memory hash check is disabled - (Memory protection on LV2 is disabled in higher level)
  • PATCHED – LV1: Disable System Integrity Check - (Safe to use with mismatched COREOS/SYSCON versions or if PS3 is not QA enabled)
  • PATCHED – LV1: Undocumented function 114 - (Allow mapping of protected memory)
  • PATCHED – LV1: Skip all ACL Checks - (Needed to allow booting of OtherOS)
  • PATCHED – LV1: Peek and Poke support - (Unused LV1 call 182 and 183)
  • PATCHED – LV2: Peek and Poke support - (LV2 Syscall 6 and 7)
  • PATCHED – LV2: Peek and Poke support for LV1 - (LV2 Syscall 8 and 9)
  • PATCHED – LV2: LV1 CALL System call - (LV2 Syscall 10)
  • PATCHED – LV2: Allow execution of any LV2 internal function *NEW - (LV2 Syscall 15)
  • PATCHED – LV2: IDPS dump support without LV2 Peek *NEW- (LV2 Syscall 870)
  • PATCHED – Recovery: Prevent accidental OFW update while on Recovery mode
  • PATCHED – VSH: Allow Unsigned act.dat and *.rif files
  • PATCHED – VSH: Auto unlocks c00 demo contents *NEW
  • PATCHED – VSH: Disable Unlinking/Deleting of act.dat - (Improved patches applied)
  • PATCHED – VSH: Disable NEW PSP DRM Check - (Allowing unsigned PSP pkg contents on 4.75 or higher CFW)
  • PATCHED – VSH: Disable Epilepsy Warning for Faster Boot-Up Speed
  • PATCHED – VSH: XMB notification removal *NEW - (Fake Save Data Owner and Game Quit: No Request Event will not be displayed)
  • FUN FEATURE – Fake Save Data Owner - (Use Game Saves from ANY Owner)
  • FUN FEATURE – In Game Screenshot - (Allows taking screenshots in Game)
  • FUN FEATURE – Disabled flag check in PARAM for Remote Play - (For better compatibility with remote play, custom flags in PARAM is recommended)
  • FUN FEATURE – Lock/Unlock Trophies (Offline only)
  • FEATURE – Cinavia protection fully disabled - (Supports optical media/bd iso, AACS must be decrypted)
  • FEATURE – Full BD/DVD Playback support on both CEX/DEX mode - (BD/DVD movies can now be played on DEX mode, major thanks to mysis!)
  • FEATURE – COBRA 7.5 *UPDATED - (Disabled by default, Toolbox required to enable)
  • FEATURE – 1.45.09 MOD REBUG EDITION *UPDATED - (Full Webman intergration supports both CEX/DEX 4.81)
  • FEATURE – XMB CFW settings v0.1a - (XMB icons for simple CFW tasks available via REBUG TOOLBOX 2.02.12)
  • FEATURE – XMBM+ Compatibility - (XMB Manager Plus developed by Team XMBM now supported via standalone pkgs.)
  
  Extremely well written and explanation of these features can be found on Rebug's Official website @ www.rebug.me ​

Download(s):

Spoiler: Old Links -- See v2

• CFW - 4.81.2REBUG REX ( UNOFFICIAL - Syscon Version changed to 4.82
  • MD5: UNKNOWN (Use at your Risk)
• PS3Xploit - NOR/NAND Flash Writer Files/Info (via link)

Note if using REBUG TOOLBOX (for advanced options on REBUG REX CFW) use the updated version for 4.82 Firmware you can download the latest release here from @Joonie 's (Team Rebug Developer) Github >> github.com/Joonie86​

Source(s): twitter.com / psx-place.com
Additional info on CFW @ www.rebug.me​

 

Hey guys, thanks for this tutorial. I am plannng to exploit one PHAT but I wouldlike to ask what you meant with "restarting" PS3 if nothing happens after 10-15 minutes of showing success on the exploit. How do you mean to restart PS3? Do you mean to power it off via controller and to start again or to force turn off via button and start over? Thanks in advance

As far I can tell... you can hold the power button on the front of the console until it turns off. Then you can turn it back on doing the same thing...hold the power button until it turns back on. That has been what I've done when the PS3 seems to freeze. I'm a little weary when it comes to doing the hard power off with the switch on the back.

 

Hey guys, thanks for this tutorial. I am plannng to exploit one PHAT but I wouldlike to ask what you meant with "restarting" PS3 if nothing happens after 10-15 minutes of showing success on the exploit. How do you mean to restart PS3? Do you mean to power it off via controller and to start again or to force turn off via button and start over? Thanks in advance

It really depends on what kind of of freeze you get, some have been able to hold the power button down until it turned off while others had to pull the plug.

 

I got a cechK with a broken bluray drive but i'm not on 4.82 ofw (and i dont want to update to 4.82 because I know it will loop).
Are there files to run this exploit on older OFW?

 

No it's not possible without:
1. changing 9 offsets in the javascript to port the writer to another fw version
2. crafting a compatible flsh.hex file

Given the brick risk associated to the slightest mistake, I would say it is not to be attempted lightly without a hardware flasher handy...

 

I got a cechK with a broken bluray drive but i'm not on 4.82 ofw (and i dont want to update to 4.82 because I know it will loop).
Are there files to run this exploit on older OFW?

Which version are you on?

 

Hey guys, I am try to follow this guide but this is a third time that the PS3 stay freeze on step E, what can I do to solve this?
thanks in advance

 

Hey guys, I am try to follow this guide but this is a third time that the PS3 stay freeze on step E, what can I do to solve this?
thanks in advance

Did you set up your own server (step c) or did you use the online server?
It's recommended to use a server on the same lan.
Also try different USB thumb drives (freshly formated as fat32) and only flsh.hex on it.

 

It keeps freezing after the successful exploit screen... Tried 3 times now

 

It keeps freezing after the successful exploit screen... Tried 3 times now

try to use orginal usb flash....i had same error after change usb flash everything went fine

Sent from my SM-C5010 using Tapatalk

 

It keeps freezing after the successful exploit screen... Tried 3 times now

I had to try it about 6 times on 1 console until it worked, did the same to another one that worked first try (same server, lan, ...)
Also remember to clear cache and restart browser each time and set exploit page to default homepage.

 

I had to try it about 6 times on 1 console until it worked, did the same to another one that worked first try (same server, lan, ...)
Also remember to clear cache and restart browser each time and set exploit page to default homepage.

Guess I'll keep trying then.. Thanks for telling

 

Guess I'll keep trying then.. Thanks for telling

All users who reported constant failures (after a dozen tries) realised they neglected something so make 100% sure that you follow absolutely all prerequisites & all steps correctly. Like using a local web server, on lan & not WiFi, use the exploit page as homepage & restarting the browser after a failed attempt... etc...

You could also try this tweak & see if it helps.
http://www.psx-place.com/index.php?posts/98575
Anyway keep trying, it will eventually work.

Alternatively, wait for the coming update roll out which will solve all outstanding issues.

 

Heh, used RED's hosted exploit and worked first try

 

Heh, used RED's hosted exploit and worked first try

Then you most likely had a problem with your local http server setup...

Anyway, it's done now...

 

Yea... probably was that.. Anyways thanks for this

 

My system somehow got OFW'd to 481 - probably a kid. I have been waiting for a good way to downgrade or flash it for awhile now. I have ran through the new Xploit tutorial and it worked like a champ only to find out that I'm still getting "corrupt data" messages on any CFW that I try to load. Tried Safe mode with ALL rebugs 4.8X. What the hell? I thought this worked? I read through everything 3 times and with my Phat "L" series this should work - will not load any FW, just says corrupt in Safe/recovery mode or in the XMB. Any help would be much appreciated...thanks!

PS3 Phat CHKLXX
FW 4.81
(corrupt data msg on everything, MM, rebug, ect)

 

My system somehow got OFW'd to 481 - probably a kid. I have been waiting for a good way to downgrade or flash it for awhile now. I have ran through the new Xploit tutorial and it worked like a champ only to find out that I'm still getting "corrupt data" messages on any CFW that I try to load. Tried Safe mode with ALL rebugs 4.8X. What the hell? I thought this worked? I read through everything 3 times and with my Phat "L" series this should work - will not load any FW, just says corrupt in Safe/recovery mode or in the XMB. Any help would be much appreciated...thanks!

PS3 Phat CHKLXX
FW 4.81
(corrupt data msg on everything, MM, rebug, ect)

you have to be on 4.82

 

you have to be on 4.82

So I literally need to update to OFW 4.82 then do the web server xploit, then load a rebug 4.82?
I don't know why I didn't see that...much appreesh bitsbub!

 

My system somehow got OFW'd to 481 - probably a kid. I have been waiting for a good way to downgrade or flash it for awhile now. I have ran through the new Xploit tutorial and it worked like a champ only to find out that I'm still getting "corrupt data" messages on any CFW that I try to load. Tried Safe mode with ALL rebugs 4.8X. What the hell? I thought this worked? I read through everything 3 times and with my Phat "L" series this should work - will not load any FW, just says corrupt in Safe/recovery mode or in the XMB. Any help would be much appreciated...thanks!

PS3 Phat CHKLXX
FW 4.81
(corrupt data msg on everything, MM, rebug, ect)

Like bitsbubba, I am confused by your explanations.
You realise that you first need to patch ofw 4.82 then install a 4.82 CFW successfully on top, right?
If the issue is that you cannot install the 4.82 cfw due to corrupted data message then you should try to do the following steps.
1. Install 4.82 ofw TWICE in a row.
2. Use the ps3xploit flash writer
3. Install 4.82 cfw.

 

So I literally need to update to OFW 4.82 then do the web server xploit, then load a rebug 4.82?
I don't know why I didn't see that...much appreesh bitsbub!

or the Rebug 4.81.2 (syscon 4.82) posted above