108w ago - Today Spanish PlayStation 3 developer DemonHades has released the first version of their JFW DH MA-1 3.56 PS3 Custom Firmware alongside a video of it in action below.
Note: Before installing, barrybarryk warns users who install JFW DH MA-1 3.56 PS3 CFW they will not be able to downgrade without a hardware flasher... so be aware it's primarily intended for those stuck on a 3.56 base.
To quote, roughly translated: PS3 MA-1 3.56 is the first PS3 Custom Firmware version 3.56. This custom (its most basic) was ready for about 7 or 8 months, but it was not until now when I decided to publish it.
It has nothing to do with the recently published exploit the metldr, although the appearance is imminent futures higher firmwares, for which he wants to try, here it is.
First of all thanks:
Graf_Chokolo, for their great work.
A Demonhades, for its testing, its great strength.
A JaiCrab, for their help.
A Lara, for making me laugh a day.
People who have tested this 3.56 MA-1, thank you very much.
To all that s @ s who donated for a flasher, no firmware ell @ s this far along would not exist as such.
A Varicella by their selfless help.
A M.E.M, do not forget and forgive.
Tod @ s @ s that I forget that by mistake, apologize.
As the first version, it only takes the most basic functions of a custom firmware, now I'll explain. Also explain the changes performed in the 3.56 Sony, and as in its release notes, which argued as a simple patch was not just a patch.
Support PEEK / POKE lv2, using the typical SYSCALL 6 and 7 for compatibility with existing homebrew.
Support PEEK / POKE lv1 native SYSCALL using 10 and 11 respectively. These are used as SYSCALL
than the lv2, the devs just have to use them as you would those of lv1 lv2 but affecting.
Load unsigned applications, FSELF format natively. That is, a normal application or npdrm
FSELF valid format worked directly. (No touch-memory copy in the lv2).
Load logically signed applications, both official and unofficial signature valid.
Support for applications up to version 3.56.
Use of all SYSCALL system, provided that the product no later verify mode, QA, etc.
No need to modify the PARAM.SFO in the event that hypothetically would use a application that requests
a version higher than 3.56 in either npdrm / normal application / or application running from the bdemu.
Installation of Retail and Debug PKG since the PKG Install option.
System settings in the XMB QA hacked. Now you can open the options using the normal combo without
QA flag is active or a valid token or existing on your machine. Any options changed is maintained
in the system registry settings.
This QA system hack allows any SPRX to call the XMB to check this information hacked receive information, such as the nas_plugin.sprx, which in the case of DEX would permit installed without any patch of PKG Retail. As always be careful you do with those options, this is the safest way to have the QA without be QA, and not have to modify the EEPROM in any recalculated appearance or tokens of any kind. Here I have to thank Sony for making the security of your token only be in one byte and not in those
FIX: Patch to allow loading of applications for (avoids errors 0x80010009)
FIX: Patch to avoid checking the firmware version of the application against the version of firmware stored in the memory of lv2 (avoid the error 0x80010019)
FIX: Patch to avoid the error 0x8001003C (allows loading of applications that request more internally than the current version)
FIX: Patch to avoid the error 0x8001003D
FIX: Patch to avoid the error 0x8001003E (using hdd patch and have no disc inserted)
FIX: Enables the use of all SYSCALL, avoiding generic error 0x80010003.
CHANGES IN THE LV2 3.56:
FIX: Patching a new security check that prevents updater mode, it could launch an application unsigned with the minimum key 0xD (3.56), avoiding the error 0x80010009. NOTE: See NOTE AT THE END OF THIS README
FIX: otherwise is used to integrate the new SYSCALL 6, 7, 10, 11 at lv2.
Added support for PEEK / POKE NATIVE at lv1. The method used to integrate these new hypercalls not use hypercall existing one, but really any hypercall not used in the system is a peek or poke depending on the case. To interact with PEEK / POKE, lv2 use SYSCALL of 10 and 11 respectively.
Changes in the hypercall mmap (114). In the 3.56 Sony made significant changes in this hypercall to avoid the use that was being given to the lv1 to lv2 mapping. Now this hypercall checks that the key argument has not been modified, are checked mapping ranges
(Someone who understands this will realize how dangerous it is that you map the critical thing, and do not speak of lv1) the hypercall code is divided into sub-functions into chunks for rolling the analysis. 3.56 In this version of this hypercall MA has not been touched, but having the support of PEEK / POKE in lv1 mapping is no longer necessary. In a later version is not ruled out such a check hypercall it's not complicated really, just it was not necessary for this version.
Changes in the hypercall unmap (115), similar to mmap, its code shared between subfunctions.
FIX: Added some patches to avoid integrity checks lv1 / LV0.
FIX: Added patches in the SPM and the DM to enable the use of any service. The patch is different, smaller, the SS patch exists (this is no longer compatible with 3.56), in my testings my patch does not produce any kind of problem with trophies, or saved games, etc..
TODO: Delete the problem of not being able to downgrade to a version lower than 3.56. Currently not possible down from 3.56 after upgrading to the.
FIX: Patch to override the check ECDSA digital signature. Now an application with an invalid signature signed will be considered valid.
For example, "sign" an application without having the proper private key to generate a proper signature.
FIX: Patch that removes the hash check of the application segments. A hash will be considered invalid
FIX: Patch to override that you can not use FSELF retail consoles. This patch is different from that in ps3devwiki, the patch is on that page about this subject brickea machines has a problem metadata to decrypt the encrypted executables retail.
FIX: Patch to override the protection added in 3.55 (in the case of applications npdrm / normal, previously only was in charge of the RVK) which prevents applications can be used above the indicated version in the firmware today. That is, in a hypothetical case, a game trying to throw in a 3.60 3.56.
FIX: Patch to override the protection auth check the applications (added in 3.56), this check detects programs created public tools as they always put the same auth, auth superior one.
FIX: Patch to remove the protection from the white list of authorized programs, added in 3.56. Now you can use all applications as 3.55 and below.
The lv2 is protected by a hash in lv1, in case you want to play an offset that encompassed in the range of protection, this would produce a panic check off the system. To avoid this problem, use the tool that is attached to this package before using poke modify lv2. Why not to implement this patch directly is because not everyone is dev, and that can not be touched lv2 is safe for the user.
Of course the source code of this program is included, so a dev can see how using the POKE lv1 patched the problem.
You can now enter service mode, and use the lv2diag as before, but this has a potential danger. The 3.56 now makes it impossible to make a downgrade to less than 3.56, meaning that if you are in the 3.56 in him are, if you have time you tried to cancel out a version that checks the update manager. The problem is a programming error that allows updating Lv2Diag.self, the failure is that No checks that the update is in the usb or to verify that this is valid, the program formats the flash 1.2 and 3. That is, if then fails, your system would not have died partially flashes, still work ROS can use a lv2diag active again, but who Forewarned is forearmed. Lv2diag Beware!
Attached to this package is an updated application to extract the nodes of a dump of lv1 is an update of the application made by Graf Chokolo, now has support for versions 3.15, 3.41, 3.55 and 3.56 in one program. Useful to display the nodes extracted from your dump.
The firmware finished graphic will be added when finished JFW 3.41 itself.
In the package adds an application, I do not think there publicly, to put the product model directly from the XMB, acts as a toggle, in the event that you can use the product as simply so I removed the product.
As a final note to remember that this is the first version of the firmware, so constructive criticism are welcome. As I suppose that due to this publication where patches are appldr, many variants will come out of it, just remember that the first publication was this.
Do not bite the hand that feeds you, today is like tomorrow is a 3.56 higher, or maybe not.
3.56 MA-1 Installation Instructions
Assuming you want to upgrade to this version from 3.55 and below, the following steps.
1. Download the CEX 3.56 VERSION 2 from somewhere.
2. Apply the patch with included xdelta to patch on the official PUP VERSION 3.56 2.
3. Install the product using PUP by lv2diag mode, or through the XMB.
In the future, take a version for people stuck in the 3.56 flasher.
ORIGINAL VERSION 2 3.56 MD5 CEX (for reference): 2a52196399a4b96ea568aafa65d1a27e
MA-1 3.56 PUP MD5 (for reference): efe066e4836393c8bf60a5cc6804ddc3
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
Today Chekco of DemonHades has posted (via demonhades.org/foro/viewtopic.php?t=6968&f=297#p54149) some JFW DH status details below, roughly translated:
Well hell, after the triumphant return of DemonHades (Triumphal say something ) I decided to post something that was due to publish a long farewell to the Web, because we're going to cheat, much to demon has returned and such, but this is equal to or more dead than before, so as a farewell and funeral of the Web we are publishing the JFW 3.41.
If if as you read, the CFW who had to leave for a long time and stubbornness of your dear master demon DH did not go. So without further ado I leave you with the link to download the CFW and its Tolos (Manager, usaveme and others) just say that a certain person once told me that a cfw had to be free, well that's something I do not agree.
But if they wanted their work free jaicrab since all that thought it was demon JFW were wrong and the only themes I jaicrab little more but I think the pup, blipi, the manager, the openpstore mario, is that this is something that would need to see cast long ago that if this was not released at the time were by the manipulations of a certain person.. Links ..
PS The v2 is the best work, thanks to jaicrab, blipi, FLIPI. mario, and other people who worked alongside this be for nothing then remained in. CAREFULLY: BOATS AND TEAM I was the most controversial developer in the DH team
This weekend Spanish PlayStation 3 developers at DemonHades have made available a PS3 eEID0 Dumper for JBM 3.55, MA 3.56 and PlayStation 3 CFW 3.55 alongside a ConfEditor for TheGrid.
To quote, roughly translated: eEID0 Dumper by BlackDeath to JBM 3.55, MA 3.56 and CFW 3.55
Hello friends, after the method of filtration CEX2DEX the team decided to investigate this new field (for some) and not so much for others, that is why we are working to bring you the easiest method to move to Linux without requiring DEX.
Today I present created by the dumper EID0 blackdeath with which we can dump all EID0 or directly CEX first section with only launch a pkg and have connected a USB port on dev_usb000, the instructions are on screen and are easy:
START: To dump all EID0.
SQUARE: To dump the first section of EID0 directly (eid0_1st_Section_CEX.bin).
X (EQUIS): To dump metldr (Encryption) to USB and be prepared to exploit and get the dump of the decrypted metldr in subsequent steps.
If you are in Normal 3.55 cfw release the pkg from video.
BlackDeath says: This latest version now allows you to dump the metldr (encryption) on your console if usais the X button and you will have your ready to dump metldr encryption decryption keys used together with her exploit later.
Tell them to keep working this issue need not linux as the next step is to dump the metldr without having to make so many things in linux but a quick and easy dump.
The eEID0 is necessary for the process dump metldr As you know, and only the first section of eEID0 (That we get directly to this tool) is required for Conversion to a unit DEX / TEST.
No more here I leave the download link, works both on any CFW 3.55 (PEEK | POKE LV2) as in MA:
http://www.mediafire.com/?eblfgmmwrmjl8sw (Old Version)
http://www.mediafire.com/?32dca82c31470qa (New Version)
Thanks BlackDeath, Checko, Tito01 and DemonHades
From checko: WIP: A method to dump metldr and eEID root keys without linux, more easy with some little steps .. maybe naehrwert can help you. To quote from his Twitter (via twitter.com/naehrwert/status/226682478373531648 and twitter.com/naehrwert/status/226686257005203456):
Isn't installing linux to get your eid root key a bit of an overkill when you could just use netrpc?!
Or you could compile this pastie.org/4295312, sign it with metldr keys and grab the key/iv from shared LS...
Our partner and developer RacingLocura07 (UsaveME) leaves us on this occasion the conf editor ps3, this application allows you to enable or disable patches, plugins or create flags without using a PC, all from the PS3 itself in a simple and fast
Displays a list of flags
Displays list of patch-dynamic
Displays a list of plugins
Allows you to export to the root of the usb, the. Cfg file to test it before storing.
List of flags:
Matheros (direct or normal)
dev_flash (dumper / restore)
sc35/36 +8 (more compatible)
100% Fan speed (fan at 100%)
Any questions you have you can reply in this thread, thanks to RacingLocura07, tito1, adriansfc92 as Cheko. Conf editor and this works both as the 3.56 MA JBM 3.55
Finally, in related PS3 homebrew news today PsyOil has made available a http://www.psyoil.info/pup/Pup%20down.zip for those interested stating:
On a click of a button a command prompt window will start downloading (from the PS3 Dev Wiki) the PUP to the same directory as the program. Do not delete wget.exe or else the pups will not download!
Its pretty simple, list of firmwares (OFW) on click they download to the directory your placed the two files in.
Now, you're probably wonder why someone would ever need this. I download and delete pups very often, so I made this program to make it a bit easy to find a PUP right away.. Making a CEX/DEX downloader soon.
Update: he has now released the http://www.psyoil.info/pup/cex-sex%20downloader.zip followed by a http://psyoil.info/pup/sexdexcex.zip stating the following:
Once again, I suck at GUI programs. I've made a command prompt version of the same program, where you just enter the name of the firmware version exmp “4.10″ and it starts downloading the firmware on command (4.10p for patch pups) Should I just release that or stick to the ghetto lookin’ GUI?
Shortly following he also made available a http://psyoil.info/pup/Pup%20extractor.zip stating, to quote:
Very simple and straight forward, place pup within the same folder as the extractor! Credit to HSReina for df.exe
Also, I've included a simple command prompt app:
Enter "pu.exe PS3UPDAT.PUP PS3UPDAT" to extract the pup.
Enter "df" to extract Dev_flash from the pup
Here is http://psyoil.info/pup/shop%20converter%20PUP.zip as well by PsyOil with the details below, as follows:
Sony shop PUP, just patched promo_flags/update_flags. anyways, this is just a basic pup that will convert your PS3 into a SHOP Ps3. (not advertising as a jailbreak or a CFW) its just a basic MFW.
Remember after unlocking through security settings, the package installer is NOT for homebrews but only for installing demos. The second PUP is a file that'll convert your SHOP PS3 into a retail PS3. Remember, these still apply! (scei.co.jp/ps3-eula/ps3_eula_en.html)
like natepig said its google translaters interpretation thats hard to follow. i'm sure if you understand spanish and saw the original it would be fine. i just remember all the kafuffle last time with his fw so i'll just wait and see what they release whenever it may happen and check it then but like i said rebug is the go..
Agreed, really can't stand that translation... It's like garble of noun and verb squished together... really don't get what they are trying to say... it's becoming like a joke each time I read news from JFW... or JBM (they changed names again? what else can they not do beside really having a real cfw out)!?