Softmod PS3 on latest OFW (4.82)

Kyle2100 · April 10, 2018

IMPORTANT: A 2.0 update has been released
Official support for v1.0 in this thread has come to an end.

There has been alot of development going on around the PS3 since the discoveries of thePS3Xploit (webkit exploit) on 4.81 OFW, first we seen the IDPS dumper (4.81/2 OFW) released with some big news & hope to come along with it, like a Flash Writer (downgrader) for OFW, so if you have been reluctant to buy a Hardware Flasher such as the E3 Flasher and bust open your PS3, but have been wanting to get your PS3 FAT(PHAT) Console and your Downgradable PS3 SLIM Models (up to & including 25xx models with minimum installable version <= 3.56) on Custom Firmware, then here is your chance with a 100% SOFTWARE SOLUTION thanks to the work of PS3Xploit Team ( @bguerville, @esc0rtd3w & W)along with contributions from new team member @habib to help expedite this release. Essentially what this Software Solution does is write a patch to the CoreOS (on NOR/NAND Chip) and when the PS3 Console is then rebooted you can install a Custom Firmware directly, So downgrading back to 3.55 is not required in the process, rather "Direct OFW to CFW patching" is done to allow for Custom Firmware Installation. Since this exploit is executed from 4.82 OFW, you can only install to a 4.82 CFW, HOWEVER if you wish to use an earlier firmware such as REBUG 4.81 for example, once on 4.82 CFW you must TOGGLE QA using a toggle tool, which allows CFW user's to freely switch CFW version from past and present. Read more about this in the Frequently Asked Question (FAQ) and more info in the details provided:

UPDATE - View Public Warning

Flash Writer Compatible with these PS3 Models:
Supports FAT ModelsCECHAxx/Bxx/Cxx/Exx/Gxx/Hxx/Jxx/Kxx/Lxx/Mxx/Pxx/Qxx
Supports SLIM Models 2xxx (minver 3.56 or lower ONLY, check with >>> minverchk.pup - SEE FAQ TAB for USAGE )

4.82 NAND / NOR WRITER

NOR FLASH DUMPER

F.A.Q & Additional Notes.

PS3 OFW 4.82 NAND/NOR FLASH WRITER v1.0
***** IMPORTANT DETAILS BELOW -- AVOIDING A BRICK *****
WARNING: USE THE PROVIDED flsh.hex AS IS. DON'T PATCH IT OR MODIFY IT OR YOU WILL BRICK *****
Verify flsh.hex file on a flash drive and in the far right USB slot!
4.82 flsh.hex MD5: 8E156C99101BF36EC3EDB832982AE46D

DO NOT USE ON CFW (Custom Firmware) (Only Supports OFW)

DO NOT USE ON PS3 Models 3xxx/4xxx (aka SuperSlims / Late Slim models) you will brick those console.

USE ONLY ON 4.82 OFW

PLEASE READ FIRST:
It's essential not to flood the browser memory with junk before running the exploit. The reason for this is that due to javascript core memory usage limitations we are scanning several times a small range of browser memory (a few Mb) to find some essential data in RAM, if the memory is flooded then the range to scan becomes much larger & the probabilities that our data is found in the smaller range decrease dramatically..

So in short, never use the browser or set a homepage you cancel before running the exploit!

If you need to, set the homepage to 'blank', close the browser then reopen it to start the flash writer.

v1.0.0 - Initial Release
Supports Direct OFW to CFW patching for All Phat and 2xxx Slim (minver 3.56 Dec 2010 and lower)

the NOR/NAND writer will just copy 3Mb of CoreOS data to both ros0 & ros1 in the flash memory.

There is only one version released for 4.82. The same hex patch file can be used on nor & nand.

It's as safe as possible, with a check for usb device & patch file making the exploit hang instead of corrupting flash if file is not found.

In case of corruption (extremely rare but could always happen), it's only a partial brick because no per console info ever gets erased so a hardware flasher could still be used if ever a recovery reboot was impossible.

Usage Tips:
1) Try using a LAN connection or a solid WiFi connection during exploitation. A weak signal can cause problems.
2) If the exploit takes more than 5 minutes to work, reload page, browser, or restart console and try again.
3) If you are using a LAN connection and experience network issues, make sure all cables to router are in working order.

Steps:
1. Setup a small Web server on pc or smartphone. A custom miniweb application (from: https://sourceforge.net/projects/miniweb/files/) with small changes to the JaveScript, and supplied to host files if you would like to use it. Don't come to us for explanations about how to run a http server though. Google it.

2. Extract the files from release to your http server root folder.
2a- To use the miniweb.exe server, it is necessary to create a folder: htdocs
2b- The files *.html and *.js included in the zip files should be copied/moved to htdocs
3. Copy the "flsh.hex" file from release folder to root of flash drive.

4. Put a FAT32 USB key in port closest to BD Drive (/dev_usb000).

5. DOUBLE-CHECK your flash drive on XMB to make sure it shows up under Music, Photos, Videos, etc.

6. Open the PS3 browser File Address window, write the IP address of your server (and the port if not 80) & press the Start button.

7. Select the appropriate button for your console and wait for PS3 to power down. DO NOT STOP THE PROCESS ONCE STARTED!!

8. Once PS3 has powered down, reboot console and install CFW matching OFW version. If installing through XMB does not work, boot to recovery and install.

Downloads:
NOR Dumper for 4.81/4.82

NAND/NOR Writer for 4.82

UPDATE (JAN 2017)
VERSION 2.0 HAS BEEN RELEASED & NOW EVEN EASIER TO USE) >>> LINK <<<

Courtesy of Team PS3Xploit:
W (Javascript, Research & Testing)
@esc0rtd3w (Debugging, Research & Testing)
@habib (ROP & Debugging)
@bguerville (ROP/Javascript & Debugging)