[Proper Translation] = CFW 4.31 OtherOS++ real no spoof, qaflag, bd emu.

by ps3iso on January 31, 2013

This is proper translation made by me to understand what’s CFW 4.31 by MiralaTijera features:

Hi, i present myself on this community showing what i been working in the darkness.

You may ask what this is all about?.
Well it’s about my CFW 4.31 FULL 4.31, nothing about spoof’s. It’s ported to 4.31. And..

I give you along with the Os also my (personal) multiTOOL called “core” it’s only a self that loads at console startup.
If it’s available on right USb port of our PS3 “/dev_usb000/” that among other things this will allow to dump console flash.
Also activates QA flags (on 4.31 = directly) and exits and start on factory mode.

Here some specs:

lv1 CoreOS hash deactivated for downgraded consoles.
lv1 183/182 undocumented ( lv1 peek / poke )
lv1 Otheros ++
VSH: nas_plugin ( all pkgs can get installed , explore_plugin y game_ext plugin to show the install package and erase that annoying warning message of *epilepsy* (though this is automatic while with QA flag)
and patches VSH for rif / rap with fakesign.)
default.spp: added that memory extra on gameOS for otherOs.
lv2 peek / poke , syscall 6 / 7 ,
lv2 lv1 peek / poke ( opcional syscall 8 / 9 via core)
Payload Hermes with ported SC 36
APPLDR: lv2 memory hash desactived from appldr ( no need to patch on lv1 ) , dev_flash whitelist deactivated ( loads any keyset from dev_flash ) and ECDSA deactivated.
ISOLDR : ECDSA deactivated
SPP_VERIFIER: ECDSA deactivated
spu_utoken_processor : ECDSA deactivated ( qa flag )

Here you have the payload to include on C for our managers with fixes and hook.

http://pastie.org/private/cxg8xvohjbh99q45jw ( payload with sc36 )

http://pastie.org/private/rbmvhgepnwlisvqm1zvchq (lv2 lv1 calls)

Now let’s talk about = Core.

It’s AIO (all in one) tool. This CFW at startup search on dev_usb000 if theres a files called cellftp.self and other called copy_script.txt. Also i activated *search function* you can deactivate if you want so just doing this:

You have to put an original 4.31 sys_init_osd.self inside dev_flash/sys/internal/HERE and that will stop it for search it.

So i developed a homebrew called core, that allows to end user have more options and tools.

Remember though that the self has to be on your pendrive root along with copy_script.txt and flags folder with the flags ( functions ) that you want inside.

When your PS3 starts up will search for it and execute it. It will leave a log on root called core.log.

I will mention the more important ones and tomorrow i will explain a little more:

BD emu flag = Is for if you don’t have blu-ray drive or just don’t work npdrm if you activate this flag, the PS3 will behave as if it have the drive installed.

Enableqa = Activates those QA flag directly on 4.31 ..

Dump nand

Dump nor

Dump lv2

Dump full ram

etc..

Changelog:

,
dM
MMr
4MMML .
MMMMM. xf
. M6MMM .MM-
Mh.. +MM5MMM .MMMM
.MMM. .MMMMML. MMMMMh
)MMMh. MM5MMM MMMMMMM
3MMMMx. MMM3MMf xnMMMMMM
*MMMMM MMMMMM. nMMMMMMP
*MMMMMx MMMM5M .MMMMMMM=
*MMMMMh NMMMMM JMMMMMMP
MMMMMM IMMMMM. dMMMMMM .
MMMMMM MMMM .MMMMMM .nnMP
.. *MMMMx MMM dMMMM .nnMMMMM*
MMn… ‘MMMMr ‘MM MMM .nMMMMMMM*
4MMMMnn.. *MMM MM MMP .dMMMMMMM
^MMMMMMMMx. *ML M .M* .MMMMMM**
*PMMMMMMhn. *x > M .MMMM**
**MMMMhx/.h/ .=*
.3P …
nP *MMnx

core 2.6.5

changelog 2.6.5:

Added toggle_recovery flag = Warning PHAT wipe.

Fixed 6 flags.

Erased that epilepsy warning.

Core 2.6.0

Changelog 2.6.0:

añadida flag para limpiar restos de flag’s de otheros ( usar en casos de problemas al entrar recovery )

Added flag to clean otherOS flag’s ( use in case that you have problem to enter into recovery).

Changelog 2.5.0:

Added otherOS.

Fixed dumpnandflash flag, now dumps bootloader also to have a full vital backup of your PS3.

============================

OtherOS boot Tutorial:

1) Start core only with setup_flash_for_otheros flag, when you hear a double beep means that’s the process went well. If you don’t listened nothing = check log.

2) Then put dtbImage.ps3.bin (the one who corresponds to your CONSOLE)
If it’s Nand = dtbImage.ps3.bin.nand
If it’s NOR = dtbImage.ps3.bin.nor
You have to rename it to = dtbImage.ps3.bin and paste it on the your pendrive root in this case we will use install_otheros flag.

3) This will boot up and you will hear 2 beeps, if you don’t listened. Again, check the log. Something failed.

4) Once we done this, shutdown your PS3 and use boot_otheros flag. On boot you will see petitboot on your screen.

Thanks hermes, i used your cosunpkg and cospkg to align of CoreOs AND payload with sc36.

Links about all i mentioned above :

http://pastie.org/5913506

Mirror thanks to “palestina” http://ul.to/0mp1pmbl

BD Emu function is integrated also on one CFW 3.55 that im currently uploading. This comes handy for example if you want to dump your root key.

Here =
hilo_cfw-3-55-otheros-cex-bdemu-sin-controladora-integrado_1862166

To created our own CFW, just open delta patcher. On original file choose 4.31 OFW from here:

http://dus01.ps3.update.playstation….d/PS3UPDAT.PUP

On xdelta patch, hit the patch and apply with check checksum option and keep original file tilted. This will create other file called *NEW.PUP being * name of the OFW you use.

PUP Hashes should be:

Code:

CRC32: 203E06EC
MD5: AD09B0CB3C09CFCCAB578E4E85969830
SHA-1: 7258E1BB84ED6E8AB0F6325A0199B65F82C7ADEF

Note:

THIS IS NOT A CONSOLE BRICKER.
This method was in the shadows for some time and was tested and all systems that allow this.

I think on give core src once i polish it. Honestly im ashamed about some much comments on this code xD

Enjoy it.
I will keep you guys posted on this thread for next 3 days.

Now Rogero come and copy this xDDDDDD (Joke)

Code:

int main(void)

int gilipollas;
int ret;
int size;
gilipollas = 1;
crearmundo();
ret = crearpersona();
if (ret==gilipollas)

strlen(gilipollas,size); // midiendo al tipo de gilipollas
palizapakeaprenda(size, "entre muchosrn");

}

This *code* above have spanish slang, it’s a joke made by the author of this article on code format. I didn’t translated it for obvious reasons because it’s useless. It’s like writting *Hello world* with my spanish slang on it, google translate or any other online translator will give any kind of weird results.

Translation made by Hellsing9

Regards

Tweet this!Tweet this!


Previous post:

Next post: