32w ago - Following up on the
PS3 Factory 3.56 with Flasher news, French PlayStation 3 developer
raymanvtwo has shared a way to install
Rebug PS3 CFW 4.21.1 on any version PS3, however, it requires a PS3 Hardware Flasher,
will format your HDD and may result in a
permanently bricked console so be WARNED!
Below is a rough translation of the process, as follows: You will need just a flash, great care, attention and rigor.
This method will format the hard drive of your PS3, make sure to recover your important data. Also, you incur a risk of irreversible brick in case of bad handling. Neither I nor PS3-Addict can not be held responsible. If you are not able to follow this tutorial to the letter, thank you spend your way!
Firstly, ensure the validity of your dump, flow rebuilder is the best in the field. Also check that all your fichiez is a different size of 0 bytes (including bootloader_0). If there is a problem, it will help you out.
Now that you have your dump, to see if the offset 200 if you or IFI FI.I with HxD as hexadecimal editor. If you IFI, go to the next step. If you FI.I, open flow rebuilder Select "Byte reverse and extract a NOR dump file." and then made your dump "execute operation". If you get an error is that your dump is not good. Before you dump, you must make new bytes reversed under penalty brick your PS3 but it will be easily retrievable.
Now, you need winskeet and patch (
here and
here or mirrored
here). Winskeet open, go to the tab "patch" in "input file", select your dump file and select the patch. Txt file previously downloaded the archive. Made apply and save your dump patched.
patch1 : OFFSET 0C0010 LEGHT 6FFFE0
patch2 : OFFSET 7C0010 LEGHT 6FFFE0
patch3 : OFFSET 80000 LEGHT 20000
patch4 : OFFSET A0000 LEGHT 20000
patch5 : OFFSET 40000 LEGHT 20000
patch6 : OFFSET 60000 leght 20000
Now write your dump patched (do not forget to do it again if you had reversed bytes FI.I at the top). Now your PS3 Decomposition Systems is no longer able to work, do not worry, this is normal. Go to the recovery menu (it may be that your PS3 shuts herself at the first attempt, the second should succeed). Install CFW Rebug 4.21.1 (available via the "system update").
If after several attempts you are unable to install Rebug CFW 4.21.1, format the HDD, then reinstall the switch on the PS3. On a USB drive to FAT32, put the. Rebug 4.21.1 CFW PUP (available
here and
here) in x: \ PS3 \ update and rename it to PS3UPDAT.PUP. You will get a message asking to connect a controller and press the PS button, then follow the plug your USB drive, make sure there is no disc in the drive BR, then press START and SELECT at the same time for 3s and follow the instructions to install your CFW. Enjoy.
PS: This method has been tested with the Rebug CFW 4.21.1, if you use another CFW, it will be at your own risk. This method has been tested on a PS3 with the metldr "anti CFW 3.55", it should work on any console. Thank you to give me a feedback on the effectiveness of this method and possible problem. Thank you also include PS-addict and I and keep the links given in this tutorial if you publish on your sites this method.
Finally, thank you to the work of the "Three Musketeers" and the Rebug team has allowed me to patch my PS3.
From
Cyberskunk: Tested on my 3K series.. DOES NOT WORK (didn't think it would)..
From
Rogero: Tested here also on a 3K machine, didn't work, it bricked... metldr .2 and lv0.2 won't be easy to bypass....
im new to this site iv just started to look into doing a jailbreak on my ps3 so if any one can piont me in the rite direction
it would be very helpfu...
Why do you want to use a iphone 3gs? is it possible? is possible to use this guide for every ps3 with avery ofw?
Thanks in advice
An easy way is to try to install Rogero 4.30. I did and it came up with a message "This PS3 can only use a firmware above 3.72" or something similar to that.
Check it out! > pastie.org/private/3np6uj6md1occbctdeir6a
Since the LV0 keys have now been leaked, I believe I can now share this info with you, to help out those who are trying to build their own 4.x CFW :
The NPDRM ECDSA signature in the SELF footer is checked by lv2. It first asks appldr to tell it whether or not the signature is to be checked, and appldr will only set the flag if the SELF is a NPDRM with key revision from 3.56+ (the ones without private keys). This means that the SELF files signed with the new 3.56+ keys still don't have their ecdsa checked (probably to speed up file loading).
If appldr says the ecdsa signature must be checked, then lv2 will verify it itself, and return an error if it's not correct. There are many ways to patch this check out.
1 - Patch out the check for the key revision in appldr
2 - Patch out the "set flag to 1" in appldr if the key revision is < 0xB
3 - Patch out the code in lv2 that stores the result from appldr
4 - Patch out the actual sigcheck function from lv2.
5 - Ignore the result of the ecdsa from lv2.
Here is one of the patches (the 4th one, patching out the check function from lv2) :
In memory 0x800000000005A2A8, which corresponds to offset 0x6a2a8 in lv2_kernel.elf, replace :
e9 22 99 90 7c 08 02 a6
With :
38 60 00 00 4e 80 00 20
This is for the 4.21 kernel (that was the latest one when I investigated this), I will leave it as an exercise to the reader to find the right offsets for the 4.25 and upcoming 4.30 kernel files.
And here's another bit of info... in 4.21 lv2, at memory address 0x800000000005AA98 (you figure out the file offset yourself), that's where lv2 loads the 'check_signature_flag' result from appldr, so if you prefer implementing method 3 above, just replace the 'ld %r0, flag_result_from_appldr' by 'ld %r0, 0' and you got another method of patching it out. Either solutions should work just the same though.
Enjoy homebrew back on 4.x CFW....
p.s: Thanks to flatz and glu0n who helped reversed this bit of info.
M