[hellsing9]

Hi, i present myself on this community showing what i been working in the darkness.

You may ask what this is all about?.
Well it's about my CFW 4.31 FULL 4.31, nothing about spoof's. It's ported to 4.31. And..

I give you along with the Os also my (personal) multiTOOL called "core" it's only a self that loads at console startup.
If it's available on right USb port of our PS3 "/dev_usb000/" that among other things this will allow to dump console flash.
Also activates QA flags (on 4.31 = directly) and exits and start on factory mode.

Here some specs:

lv1 CoreOS hash deactivated for downgraded consoles.
lv1 183/182 undocumented ( lv1 peek / poke )
lv1 Otheros ++
VSH: nas_plugin ( all pkgs can get installed , explore_plugin y game_ext plugin to show the install package and erase that annoying warning message of *epilepsy* (though this is automatic while with QA flag)
and patches VSH for rif / rap with fakesign.)
default.spp: added that memory extra on gameOS for otherOs.
lv2 peek / poke , syscall 6 / 7 ,
lv2 lv1 peek / poke ( opcional syscall 8 / 9 via core)
Payload Hermes with ported SC 36
APPLDR: lv2 memory hash desactived from appldr ( no need to patch on lv1 ) , dev_flash whitelist deactivated ( loads any keyset from dev_flash ) and ECDSA deactivated.
ISOLDR : ECDSA deactivated
SPP_VERIFIER: ECDSA deactivated
spu_utoken_processor : ECDSA deactivated ( qa flag )


Here you have the payload to include on C for our managers with fixes and hook.

http://pastie.org/private/cxg8xvohjbh99q45jw ( payload with sc36 )

http://pastie.org/private/rbmvhgepnwlisvqm1zvchq (lv2 lv1 calls)


Now let's talk about = Core.

It's AIO (all in one) tool. This CFW at startup search on dev_usb000 if theres a files called cellftp.self and other called copy_script.txt. Also i activated *search function* you can deactivate if you want so just doing this:

You have to put an original 4.31 sys_init_osd.self inside dev_flash/sys/internal/HERE and that will stop it for search it.

So i developed a homebrew called core, that allows to end user have more options and tools.

Remember though that the self has to be on your pendrive root along with copy_script.txt and flags folder with the flags ( functions ) that you want inside.

When your PS3 starts up will search for it and execute it. It will leave a log on root called core.log.

I will mention the more important ones and tomorrow i will explain a little more:

BD emu flag = Is for if you don't have blu-ray drive or just don't work npdrm if you activate this flag, the PS3 will behave as if it have the drive installed.

Enableqa = Activates those QA flag directly on 4.31 ..

Dump nand

Dump nor

Dump lv2

Dump full ram

etc..

Changelog:

,
dM
MMr
4MMML .
MMMMM. xf
. M6MMM .MM-
Mh.. +MM5MMM .MMMM
.MMM. .MMMMML. MMMMMh
)MMMh. MM5MMM MMMMMMM
3MMMMx. MMM3MMf xnMMMMMM
*MMMMM MMMMMM. nMMMMMMP
*MMMMMx MMMM5M .MMMMMMM=
*MMMMMh NMMMMM JMMMMMMP
MMMMMM IMMMMM. dMMMMMM .
MMMMMM MMMM .MMMMMM .nnMP
.. *MMMMx MMM dMMMM .nnMMMMM*
MMn... 'MMMMr 'MM MMM .nMMMMMMM*
4MMMMnn.. *MMM MM MMP .dMMMMMMM
^MMMMMMMMx. *ML M .M* .MMMMMM**
*PMMMMMMhn. *x > M .MMMM**
**MMMMhx/.h/ .=*
.3P ...
nP *MMnx


core 2.6.5

changelog 2.6.5:

Added toggle_recovery flag = Warning PHAT wipe.

Fixed 6 flags.

Erased that epilepsy warning.

Core 2.6.0

Changelog 2.6.0:

añadida flag para limpiar restos de flag's de otheros ( usar en casos de problemas al entrar recovery )

Added flag to clean otherOS flag's ( use in case that you have problem to enter into recovery).


Changelog 2.5.0:

Added otherOS.

Fixed dumpnandflash flag, now dumps bootloader also to have a full vital backup of your PS3.

============================

OtherOS boot Tutorial:

1) Start core only with setup_flash_for_otheros flag, when you hear a double beep means that's the process went well. If you don't listened nothing = check log.

2) Then put dtbImage.ps3.bin (the one who corresponds to your CONSOLE)
If it's Nand = dtbImage.ps3.bin.nand
If it's NOR = dtbImage.ps3.bin.nor
You have to rename it to = dtbImage.ps3.bin and paste it on the your pendrive root in this case we will use install_otheros flag.

3) This will boot up and you will hear 2 beeps, if you don't listened. Again, check the log. Something failed.

4) Once we done this, shutdown your PS3 and use boot_otheros flag. On boot you will see petitboot on your screen.

Thanks hermes, i used your cosunpkg and cospkg to align of CoreOs AND payload with sc36.

Links about all i mentioned above :

http://pastie.org/5913506

Mirror thanks to "palestina" http://ul.to/0mp1pmbl

BD Emu function is integrated also on one CFW 3.55 that im currently uploading. This comes handy for example if you want to dump your root key.


Here =
hilo_cfw-3-55-otheros-cex-bdemu-sin-controladora-integrado_1862166

To created our own CFW, just open delta patcher. On original file choose 4.31 OFW from here:

http://dus01.ps3.update.playstation....d/PS3UPDAT.PUP

On xdelta patch, hit the patch and apply with check checksum option and keep original file tilted. This will create other file called *NEW.PUP being * name of the OFW you use.

PUP Hashes should be:

Code:

CRC32: 203E06EC
MD5: AD09B0CB3C09CFCCAB578E4E85969830
SHA-1: 7258E1BB84ED6E8AB0F6325A0199B65F82C7ADEF

Note:

THIS IS NOT A CONSOLE BRICKER.
This method was in the shadows for some time and was tested and all systems that allow this.

I think on give core src once i polish it. Honestly im ashamed about some much comments on this code xD

Enjoy it.
I will keep you guys posted on this thread for next 3 days.

Now Rogero come and copy this xDDDDDD (Joke)

Code:

int main(void)
{
int gilipollas;
int ret;
int size;
gilipollas = 1;
crearmundo();
ret = crearpersona();
if (ret==gilipollas)
{
strlen(gilipollas,size); // midiendo al tipo de gilipollas
palizapakeaprenda(size, "entre muchos\r\n");
}
}

This *code* above have spanish slang, it's a joke made by the author of this article on code format. I didn't translated it for obvious reasons because it's useless. It's like writting *Hello world* with my spanish slang on it, google translate or any other online translator will give any kind of weird results.

Translation made by Hellsing9

Regards

Source = EOL

Dev = MiralaTijera

Saludos a los amigos de EOL

[Read More]

[maneo]

Thanks for the news!!! What does this mean for end users at the moment?

[hellsing9]

Originally Posted by maneo Thanks for the news!!! What does this mean for end users at the moment?

Welcome. (Only translated the article when i was mentioned).
For the end user? Just wait and see what happens next.

He said that in the next 3 days he will keep updating with more info about this CFW.
So i will keep an eye open on this one.
Thing is that this CFW is not a console bricker is good news.

[playerkp420]

We wouldn't be able to read half the news, if it wasn't for your @hellsing9 . At least I couldn't read even the translated page of this news earlier.

Thanks.

[hellsing9]

Originally Posted by playerkp420 We wouldn't be able to read half the news, if it wasn't for your @hellsing9 . At least I couldn't read even the translated page of this news earlier. Thanks.

Welcome.
Google translate is a nightmare to translate from spanish to english.
I didn't translate whole changelog though...but if it's needed just let me know.

Whole article mostly written with spanish slang so i changed some structures on some sentences to make it feel more *easy to follow* in english.

Google or yahoo translators are good to get an idea of wtf the article is about but if someone don't take some of his/her time translating it to english many words, terms, etc get lost in the process.

Hope someone find it usefull and investigate further, i will wait for those 3 days to make another translation of his research.

[advocatusdiaboli]

doom3ified

Code:

int main( void ) {
	int gilipollas;
	int ret;
	int size;
	gilipollas = 1;
	crearmundo();
	ret = crearpersona();
	if( ret == gilipollas ) {
		strlen( gilipollas, size ); // midiendo al tipo de gilipollas
		palizapakeaprenda( size, "entre muchos\r\n" );
	}
}

[hellsing9]

Originally Posted by advocatusdiaboli doom3ified Code: int main( void ) { int gilipollas; int ret; int size; gilipollas = 1; crearmundo(); ret = crearpersona(); if( ret == gilipollas ) { strlen( gilipollas, size ); // midiendo al tipo de gilipollas palizapakeaprenda( size, "entre muchos\r\n" ); } }

Spanish joke in code

Translated:

Code:

int main( void ) {
	int moron;
	int ret;
	int size;
	moron = 1;
	createworld();
	ret = createperson();
	if( ret == moron ) {
		strlen( moron, size ); // measuring type of moron
		*****slaptoforhimtolearn( size, "withothers\r\n" );
	}
}

Could be moron, stupid, numbskull, etc. Just some inside joke.

[matttayyyy]

I made the patched .pup but it wont install from the xmb on 3.70, do i need to be in fsm and does this make it possible to exit fsm?

[playerkp420]

Originally Posted by matttayyyy I made the patched .pup but it wont install from the xmb on 3.70, do i need to be in fsm and does this make it possible to exit fsm?

Ummm. I think you have to already be on 3.55, or a 4.xx CFW, to install this.

[BobbyBlunt]

Originally Posted by matttayyyy I made the patched .pup but it wont install from the xmb on 3.70, do i need to be in fsm and does this make it possible to exit fsm?

Ummm have you failed to read every single jailbreak tutorial, warning, and the thousands of member sigs that say you need to be on 3.55 to install a MFW. If you put that PS3 into FSM good luck getting it back out