Sponsored Links

Sponsored Links

SKFU Progress on PS3 Custom Firmware, More Debug Options

Sponsored Links
225w ago - Today SKFU has updated his blog (linked above) with a follow-up to his previous work and shared some new information and progress regarding PS3 custom firmware.

He was able to add several more working debug options to JailBroken retail PS3 consoles, such as Title Store preview in the network section.

To quote: "While the USB Loader by JaicraB has some trouble rebooting all correctly it seems for a final CFW we need to overwrite dev_flash instead just loading live from USB mass storage.

Some things you can already do for a nice working CFW:

1. Replace all in "/vsh/module + /sys/external + /sys/internal" with the content of a 3.41 debug dev_flash.

2. In "/vsh/resource/explore/xmb/category_game.xml" add this in the "view id=root" Items section

[Register or Login to view links]

This will bring the "/app_home/GAME" and "Install PKG" options back.

3. In "/vsh/resource/explore/xmb/category_psn.xml" switch "root" and "tool_root".

This will add Title Store previews in the network section.

4. In "/sys/external" you grab liblv2dbg_for_dex from a debug unit and rename it liblv2dbg_for_cex. Replace liblv2dbg_for_cex with your new one and also add the debug liblv2dbg_for_dex.

Now you also have the debug options enabled. I don't know how to show up the debug options icon yet, but you can modify the settings via the registry.

How2 Handle Debug Options Without Icon

All information should be free. So here another part of the Custom Firmware research.

My previous post already explained some changes they enable. One nice one I didn't mention yet is, that it activates the Debug Options.

The options are enabled now, just the icon is missing. But there is a different way you can handle them. As we already knew, the xregistry.sys (dev_flash2/etc) stores all actual settings.

With the changes mentioned in last post, if you tried those; you may have noticed a debug message in the upper right corner. This actually proves the debug options are unlocked to use.

Just extract the xregistry.sys now and find the debug options. Activate them with a 1 instead a 0. I didn't test all so far, but seems most is fine.

Needa give credits to iQD, KrisAbsinthe, Stoker25 and Comgenie."

Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene and PlayStation 4 scene updates and fresh homebrew PS3 Downloads. Enjoy!
Sponsored Links
Sponsored Links

Comments 23 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles.
#23 - WheedWhack3R - 215w ago
WheedWhack3R's Avatar
OK Major update on my part when it comes to Blu-Ray fixes on ps3! First let me say I can not fix it with my current tools as it is actually a HDCP/AACS problem. I compared slim consoles with my fat one and found only the fat ones are affected so far.

I searched diligently for for anything I could find and discovered that the Blu-Ray fails because the copy protection is disabled and the decryption keys do not line up. I tried region free Blu-Ray discs and one from every region yet none played.

I ruled the region coding out because it can play region A when it has no BD+,AACS,HDCP, ect. Even after replacing devflash 0,2,and 3 and trying different PUP files It is clear that The PS3 refuses to enable "VFLASH" when updating because the decryption keys do not match and it "(re)-disables" Blu-Ray every time it is Up/Downgraded.

Every Update_log.txt reveals that to be true. A script or payload that hooks the .PUP file before it is loaded and forces the correct flag to update the BD-Player DRM may be possible but it is unlikely. The DRM keys are specific to each console if I am not mistaken. Understanding it Like that, I have little hope of a new modified .PUP to fix this.

I think a new psgroove payload that can work around AACS/HDCP is in order at this point. The only other solution is a payload that blocks the internal BD player and loads a completely home brew one in its place. If anyone has any input or wants to try to make such a payload I will be the test subject.

Non-working Fat CECH-E01 below:
manufacturing updating start
PackageName = /dev_usb000/PS3UPDAT.PUP
settle polling interval success
vflash is disabled...
boot from nand flash...
creating flash regions...
create storage region: (region id = 2)
format partition: (region_id = 2, CELL_FS_IOS:BUILTIN_FLSH1, CELL_FS_FAT)
create storage region: (region id = 3)
format partition: (region_id = 3, CELL_FS_IOS:BUILTIN_FLSH2, CELL_FS_FAT)
create storage region: (region id = 4)
format partition: (region_id = 4, CELL_FS_IOS:BUILTIN_FLSH3, CELL_FS_FAT)
create storage region: (region id = 5)
create storage region: (region id = 6)
taking a while...
start Updating Proccess
Initialize elapsed time = 43 msec
check UPL
Check UPL elapsed time = 38 msec
check Package Size
get package size elapsed time = 7 msec
start Updating Package
Update packages num = 19
Update packages total size = 107506567
Update Package Revoke list
read package revoke list package (576 bytes) elapsed = 9 msec
update package revoke list elapsed = 109 msec
Update Package Revoke list done(0x8002f000)
Update Core OS Package
read core os package (4051692 bytes) elapsed = 267 msec
update core os package elapsed = 160 msec
Update Core OS Package done(0x8002f14b)
update package elapsed time = 546 msec
Updating or Verifying failure 0x8002f14b
UpMng.UpdatePackage() failure
manufacturing updating FAILURE(0x8002f14b)
Total Elapsed time = 1644 msec

Working slim below:
Bul-ray Disc Player Revoke
read bdp revoke package (1905 bytes) elapsed = 25 msec
decrypt and verify bdp revoke package elapsed = 47 msec
write bdp revoke package elapsed = 48 msec
flush_cache() SUCCESS
compare bdprevoke package elapsed = 61 msec
Bul-ray Disc Player Revoke done(0x8002f000)
Update Program Revoke list
read program revoke list package (736 bytes) elapsed = 24 msec
update program revoke list elapsed = 4491 msec
Update Program Revoke list done(0x8002f000)

I hope this helps! PS I'll give $50 to the first universal fix that I can verify works on my fatty.

#22 - CJPC - 217w ago
CJPC's Avatar
Quote Originally Posted by carlocooxx View Post
where can i find the debug dev_flash ?

That is the catch - short of dumping it yourself, you will have a hard time finding it, as those with debug boxes do not want to leak it (and have the value of their consoles go down the drain).

And, if you have one, you will be faced with the same dilemma!

#21 - carlocooxx - 217w ago
carlocooxx's Avatar
where can i find the debug dev_flash ?

#20 - xcjzerox - 224w ago
xcjzerox's Avatar
I agree, the only thing they need to work on is making not jailbroken anymore so we won't turn on our consoles to jailbreak it. i feel like at some point im gointo break my ps3.

Great job hope everything comes into play =D

#19 - cfwprophet - 224w ago
cfwprophet's Avatar
Ok i will embend the files into ps3 acid and upload the new version (hopefully) the next hours.

A lot of things have changed or are new like a progress bar for specific things.. also i have embended more sdk tools and rest i iwll tell when i put it on the web.

#18 - farenheit - 225w ago
farenheit's Avatar
PS3 Firmware 3.15 Flash Dump: this is not my dump but someone has uploaded

I just copy flash0 1 2 of my fat 3.15 if you would like:

[Register or Login to view links]

[Register or Login to view links]

Pass : ps3

#17 - iloveyou - 225w ago
iloveyou's Avatar
Yes, there are some personal infos in the sys file. But you can change them or delete them with xregistry.sys Editor v0.7 which you can get here in Forum.

[Register or Login to view links]

If someone would upload the debug_flash, it would be nice

#16 - Koneesha - 225w ago
Koneesha's Avatar
Is there any personal info in the registry, and how would I extract it. I wouldn't mind helping a little.

#15 - hayman - 225w ago
hayman's Avatar
wow great, i hope they will make a custom that has all 3D update of 3.5.. will be great.

#14 - Xcellerator - 225w ago
Xcellerator's Avatar
I've been thinking about SKFU's CFW Research and came up with this: [Register or Login to view links]
Well, here it is, some PS3 Downgrade Speculation.

OK, well I got think after SKFU's post when he said "We need to find a way to edit the flash directly..."
so I came up with this.

When the PS3 updates, it follows 2 main steps:

1) It copies data from PS3UPDAT.PUP to the HDD.
2) It then sets a boot flag to an "Update Phase/Mode" and then restarts and updates the flash.
If we copy our own update data to HDD, in the correct spot (I assume, it would be the contents of the PUP file, but this will need further research...), and if we can then get the PS3 to change it's boot flag, we could get it to install any Firmware we like. The spoofing side of things comes from editing the SDKHeader.bin in the PUP contents.

So, how do edit the bootflags, is the main question?

It wouldn't be a kind of PS3 GParted LiveCD...
We know that users 'could' edit bootflags (or certain ones) through the DefaultOS option in Firmwares 3.15 and below. They must be stored in the Registry (xRegistry.sys in /dev_flash2/). I'll need someone with Firmware 3.15 or below to tell me the Registry 'Key', so it can be added to a PS3 registry over 3.15...

If we can get the bootflag setting for this update phase/mode, we could make our PS3 write whatever firmware we wanted to the flash, including 3.41 on top of 3.41 with the firmware ID of 3.50, so the PS3 can go online. Does this mean that we could, in theory make the PS3 boot a OS from External HDD? Possibly boot our own flash from it (already done with JaiCraB's Firmware Loader, but still could have interesting possibilities!)

But how do we know the PS3 uses bootflags?

When I was messing with JaiCraB's Firmware Loader, when it messed up, it gave the HDD error message (anyone who's used it will know what I'm talking about!). Anyway, first time this happened to me, I switched off my PS3 and turned it on. The message still came up! Once I followed it through and restarted how it told me to, the PS3 booted up GameOS normally. At the time I thought nothing of it, but when I started thinking about this method, this makes bootflags of some sort seem like an obvious conclusion...

So, to recap!
I need someone with firmware 3.15 or below with jailbreak abilities, to tell me the 'Key' in xRegistry.sys for the DefaultOS menu, so it can be changed on firmware ABOVE 3.15...

All the best,


Sponsored Links

Sponsored Links

Advertising - Affiliates - Contact Us - PS3 Downloads - PS3 Forums - Privacy Statement - Site Rules - Top - © 2015 PlayStation 3 News