GuilloteTesla
Moderator
Thank you @aldostools. Indeed, once you are in HEN you can debug and log every step of the exploit stages. One barrier at a time.
PS3 PS3Xploit Flash Writer [aka CFW Installer] - (Supports All PS3 Fat Models & Most Slim Models)
- Thread starter STLcardsWS
- Start date
I think a software solution for installing CFW is probably the best path forward compared to updating the old flash writer, if users need to install HFW anyway then it's much easier to write the flash patch using homebrew than ROP.
Most of those checks are already implemented in my version of the flash writer and the ones that aren't are redundant (i.e there's no need to check flash type because if the wrong one is chosen then the patch won't be applied, metldr check is superfluous due to minimum firmware version check, etc). Admittedly, the patch file verification in the unofficial writer is lacking, but Webkit is extremely limited by nature so there's not much I can do.
Just for fun I decided to see if I could adapt the old flash writer to write the minimum noFSM patch (5.5MB) as you suggested, and I've now done this. The same issue remains however, while everything looks correct it requires a lot of testing to be sure there are no issues.
Yes, some checks are redundant on purpose in case one of the previous checks fail.
The first sector of ROS needs a special treatment due the first bytes belong to the previous segment. Same happens with the last sector of ROS if you decide to write the full 7MB.
Can you explain this in detail? I've seen what appears to be the same ROS header repeating twice but I'm confused about it, what exactly needs to be done?
I've also seen in the ROP chain that it seems to be reading some segment of the flash and inserting it into the patch data but I'm not sure exactly what is happening.
I tried to document the patch process in detail here;
https://github.com/aldostools/webMA...cddaa624a74bc/include/feat/rospatch.h#L96-L98
That part of the code reads the first sector of nofsm patch preserving the first 0x10 bytes of ROS0 area in flash for NOR (0x30 for NAND). Actually it only reads 0x200 - 0x10 bytes from nofsm patch.
Maybe this private message from @littlebalup may explain it better:
NOTE: That message was before I fixed the current code.
Last edited:
Okay, so the ROS header (first 0x10 bytes in the first sector of ROS for NOR) needs to be read from internal flash and replace (or prepend?) the first 0x10 bytes in the nofsm patch? So the last 0x10 bytes of the first sector from the nofsm patch isn't included in the first write? The image does not load for me.I tried to document the patch process in detail here;
https://github.com/aldostools/webMA...cddaa624a74bc/include/feat/rospatch.h#L96-L98
That part of the code reads the first sector of nofsm patch preserving the first 0x10 bytes of ROS0 area in flash for NOR (0x30 for NAND). Actually it only reads 0x200 - 0x10 bytes from nofsm patch.
Maybe this private message from @littlebalup may explain it better:
NOTE: That message was before I fixed the current code.
STLcardsWS
Administrator
Sometimes a thread and older method just needs a popup
carr
Member
Hi guys! Don't really a good theread, I hope it can stay, or just tell me where to go to have info on this one? 
Just received 2 older (L04; G04) versions of these babies, and started to think how will i install cfw 4.89 on them after the site **ps3xploit.com >Domain no Longer owned by team** (ps3xploit.me =new)(?) is down? Any help much appretiated!
I used to use the 4,88 video from the same guy, but since the video been shared, our cfw site is not available, and the dns sites are down too. 
Thank you in advance!
Love ya'll!!!
edit:
Made it by this guys tutorial and working in correct order. [EDIT: Removed by Mods]
Just received 2 older (L04; G04) versions of these babies, and started to think how will i install cfw 4.89 on them after the site **ps3xploit.com >Domain no Longer owned by team** (ps3xploit.me =new)(?) is down? Any help much appretiated!
Thank you in advance!
Love ya'll!!!
edit:
Made it by this guys tutorial and working in correct order. [EDIT: Removed by Mods]
Last edited by a moderator:
i know you are trying to help, but please don't link to unofficial clones. all are incomplete and some are dangerous. bricks have been reported (even though other people report success).
You think this flash writer can be updated to support 4.89? At this point I don't think we can rely on bgtoolset ever coming back.
I've already updated the JS to use 4.89 offsets which is trivial, and works as expected. The problem is the new patch file sent to me by @littlebalup needs rigorous testing, on various PS3 models. Unless it can be tested properly, this likely won't ever be updated completely.
If anyone with a flasher wants to test it, feel free to contact me. But considering up to this point nobody has done so, I highly doubt that anyone will be willing to in the future.
There are quite a lot of people willing to use Russian clones that are probably a lot riskier. You could just have them be test subjects assuming they unconditionally agree not to complain. Better have a tool that has a 30% chance of bricking your console than a hack that has a 60% chance of bricking it imho.
Similar threads
-
PS3Xploit Flash Writer (4.93 HFW Req)- Started by Evilnat
- Replies: 10
-
-
-
PS3 qCFW - Arrives to Slim (2500-3000) & SuperSlim (4000-NOR) PlayStation 3 Models
- Started by STLcardsWS
- Replies: 265