CFW.4.81.PS3.Jailbreak

Sbenny.com is trusted by 1,313,285 happy users since 2014.
Register

Struppi

✞ Out Of The Dark ✞
Member for 5 years



CFW 4 81 PS3 Jailbreak

Knowledge is power. You can't use something unless you understand it.

INDEX:
What is a cid ?
What is red screen of death (R.S.O.D)?
What is an EBOOT.BIN and how does it work ?
What exactly is a jailbreak ?
How do game keys work ?
What is spoofing ?
The difference between CEX and DEX.
What are devs and who are they ?
Why do I need to hide the system calls and delete history ?
The dev_blind.
Downgrade/jailbreak compatible models explained.
What causes YLOD (yellow light of death) ?
Keeping the ps3 cool.
The ps3 flash(The nor dump)
The ros0 and ros1.
What is downgrading ?
What is cfw.
About banning.
The lv2 kernel.
A short history of cfw.

WHAT IS A CID ?
A ps3 has 3 forms of identification1.idps 2.psid 3.mac address.
A mac address is self explanitory, every device that connects to the internet has a mac address.
The psid is used for games in various ways, for example save data has your idps in, that's why you have to use react psn to use save data on a different ps3 than the original it was saved on (or another method).
When a ps3 signs into psn sonys server will check your ps3s idps (only that id), it then decides whether or not you are allowed access to play on psn. There's a black list, it compares your cid to the blacklist and if your cid isn't on there then your granted access.
Sony will ban a ps3 if they know two ps3s are using the same cid or if you are using cfw so it's important to delete history and hide the cfw system calls before signing in. (I've heard that companies like rockstar report ps3s to sony and they in turn ban you but I personally haven't looked into this so I suppose it's just assumption).
Don't assume you will never get mac banned from psn or a game, COD ghosts were mac banning with a dedicated server and I've heard of people getting mac banned from BO3, if your idps doesn't get you back online you may be mac banned or ccapi doesn't always set the idps correctly even tho it says it has.
NOTE: When you sign into psn you connect to the sony server, they then give you a "ticket" which says you are ok to be online (not banned) that stays with you as you connect to game servers, I'm not sure how this "ticket" attaches to you (mac, idps, psid, temp data) but thios could explain how you get banned from game servers and i8n turn get banned from psn sometimes (just speculation).

WHAT IS RED SCREEN OF DEATH (R.S.O.D)?
Red screen of death can be caused in two ways, the first and less common is when changing vsh files from one cfw version to another, Zofmodz gets it sometimes when playing with vsh files.
The second and most common (most likely the cause of 99.9 of occurences) is bad sectors in the nor chip, sectors in the nor chip get corrupted with bad information, this means that when the ps3 starts up and it draws information from the flash (the nor chip) it is corrupted and cannot start hence rsod.
Two options:
You can either install a rsod bypass cfw which doesnt fis the problem it just bypasses it, or you can downgrade and run a rsod pkg fix, what this pkg does it attempt to section off the bad sectors so that the ps3 does not encounter them at boot up.

WHAT IS AN EBOOT.BIN AND HOW DOES IT WORK ?
The eboot is inside every game or every games update data, it is the file that makes all the other files for that game work together.
Think of it like this, the game files are the orchestra and the EBOOT is the conducter.
So thats why if you have a problem loading a game it's usually cuz the eboot is bad, if the eboot doesn't match the other files or is bad in some
way (like patched wrong) then the game cannot run, usually resulting in black screen.

WHAT EXACTLY IS A JAILBREAK ?
If you gain access to an operating system via a jail exploit it's called a jailbreak, keeping things simple, it's an exploit of an operating system that allows the user to use the system in a different way than it was intended (example, a ps3 does a poor job of adjusting it's own fan due to decibel level laws, a jailbroken ps3 allows you to not only monitor the temperature of a ps3 but also adjust it so that you can keep the system cooler than the ps3 itself would do).

HOW DO GAME KEYS WORK ?
A game has an EBOOT.BIN which is like the conductor of the orchestra, it brings all the game files together to make the game run, a bad eboot would mean that the game will not run correctly.
There are files inside the game data that are signed to a certtain version (example, advanced warfare is signed to 4.65), the game will only work on cfw/ofw that is the same version as the signed files.
If you have a game that is signed to 4.65 then it will not work on a lower cfw from disc.
Game managers like webman or multiman or irisman resign the files so that they can be played on lower cfw (Shout out to DEAN K creater of multiman and a pioneer developer in cfw aplications).

WHAT IS SPOOFING ?
There is a lot of confusion about spoofing, people seem to think that spoofing is always needed, this is not necessarily true.
To get online with cex cfw your ps3 needs to be at the latest version (example, at this time to get online your ps3 needs to be 4.76) if nyou are on 4.50 cfw you can "spoof the version" to 4.76 which will make the ps3 think it is on 4.76, this will lket you sign into psn cuz when you go to sign in your ps3 will tell psn that you are on 4.76.
With dex this is different as dex runs from the psn passphrase which changes every so often, so the passphrase is the same now as it was at 4.70 so 4.70 dex still goes online.
To be honest my knowledge of this process is limited as I haven't had time to look into it and fully understand it, that being said a lot of people have done some really good work with the processes.

THE DIFFERENCE BETWEEN CEX AND DEX.
This is always a heated discussion as only someone who doesn't have a preferance can be objective. I'm guilty of it myself, I prefer cex for modding as it's easier to problem solve, there are less variables (and ccapi wired is just as good as tmapi :p ).
In simple terms cex cfw is made from standard sony full release retail ofw and dex is made from their sdk release developer ofw which is used by game developers when they are making games and developing software.
I've used hundreds of ps3s and put both cex cfw and dex cfw onto CECH and DECH consoles, If you only want to mod then use cex and if possible develop your own mods for the cfw, if you want to develop software for ps3 then use dex (in debugger mode), this will allow you to run files on a ps3 via tmapi from a pc to test the legitimacy of a file (whether it will work or not).
Some people feel dex is better but dex was made from dex ofw which was designed to run on a DECH machine and not everyone has a DECH machine (I do :p), so the general "best choise for a CECH "retail" machine is cex cfw as the ps3 will run it smoother (just my opinion but I've tested both types of cfw on hundreds of both types of machines).
There are multiple reasons for this, the main being that my DECH console has more ram memory than any of my CECH consoles.

WHAT ARE DEVS AND WHO ARE THEY ?
Devs are people who develop software for a system (namely for this document ps3).
You have white colar like treyarch and rockstar (who do great work).
Then you have people on the cfw scene like ROGERO and HABIB (anyone who doesn't know rogero, shame on you).
To develop software for ps3 you would use a combination of various languages, here is a list of some that I use to make cfw and packages (homebrew), html, c, c++, python, there will be more languages but I get bye with only these.
KARAKOTO and GRAFF CHOKOLO are two of the biggest names you should know, without those two a lot of things would not be possible.
People like ROGERO, HABIB, THE REBUG TEAM, THE ITA TEAM, ZOFMODZMYSELF, FERROX, EVILNAT bring you cfw and packages but others have paved the way for that (check out the shout outs list at the bottom of this document).

WHY DO I NEED TO DELETE THE HISTORY AND DISABLE THE CFW SYSTEM CALLS ?
I tell my customers to delete their temporary history and disable the cfw system calls before signing into psn.
Most electrical devices keep a temporary memory (record) of what's happened on that device, the ps3 is no different, it keeps a record of what you've been doing on the ps3 (what apps or games have been loaded), this would tell sony what you've been doing (best to delete the info so they can't read what you've been up to).
The ps3 system uses system calls to run it's processes, without getting too technical it talks to itself to operate, these system calls are mostly what sony have put in there to make the ps3 function and we just "hijack" them to make the ps3 do what we want but there are some system calls that have been created and added by people to do extra things that we need (example, to run pirate games), if sony sees these extra system calls they would know that you are using cfw.

THE DEV_BLIND.
The ps3 has a flash memory, this is like the brain of the ps3 (dev_flash)when cfw/ofw is installed the flash files are saved to the "brain".
If you want to install new versions of a flash file then you have to use the dev_blind.
This will copy the files you want to change and then change them durinmg the reboot process.
That's why if you try to copy straight to the dev_flash the ps3 will crash/freeze.

DOWNGRADE/JAILBREAK COMPATIBLE MODELS EXPLAINED.
All fat ps3s can be downgraded.
CECH-A to CECH-G are nand models (they have their flash memory saved onto two nand chips).
CECH-H to CECH-P are nor models (they have their flsh saved on one nor chip).
Slim ps3s that are part of the CECH-2xxx models are all nor models, all can be jailbroken but not all can go to 3.55 as some are 3.56 minimum versions, which means that they can only go down to 3.56.
Any ps3 that has a minimum version of 3.55 can be downgraded to 3.55, 3.56 models can be downgraded to 3.56 or above (see my you tube video, how to downgrade a 3.56 minimum version ps3).
THE REASON WHY:
All ps3s that have a 3.60 minimum version (super slims and CECH-3xxx models) are protected by metldr2, this security cannot be decrypted without sonys private keys, that's why they cannot be downgraded or jailbroken.
A ps3 can be jailbroken on 3.55 or with the metldr security disabled (with a hardware flasher) because we have the 3.55 and metldr keys, this is because sony messed up, an algebra equation generates the private key and it was meant to generate a random number but it always generated the same number (props to fail0verflow for figuring this out), so if it's always the same you can work it out by using the equation.
I can't see them making the same mistake again.

WHAT CAUSES YLOD (YELLOW LIGHT OF DEATH) ?
There are many casues, the most common is the solder balls underneath the gpu/rsx chip that connect the chip to the motherboard either crack (so don't make proper contact) or they bridge with the ball next to them (they melt into eachother). This should be fixed by reballing the chip.
HAIRDRYERS OR TOWEL TRICKS DO NOT HELP.
A few other causes can be:
a faulty part on the motherboard,
bad hard drive,
bad power cable (from wall to ps3),
bad power switch at the back (fats only),
Generally the yellow light indicates that there is a problem somewhere in the system, it's not always easy to find the problem.
It is an intermitent problem, you may do something and it works again but the problem comes and goes so it is most likely playing tricks on you.

KEEPING THE PS3 COOL.
High temperatures is the main cause of a lot of the ps3s problems/ hardware failure, I recommend some sort or hardware fan mod or a fan control package however a hardware fan mod will always be superior to a fan control pkg/ software mod.
Ideally a ps3 should live below 50 degrees but a lot don't, the danger temperature is 70, as long as your ps3 never hits 70 it's not too bad but the lower the better.

THE PS3 FLASH (THE NOR DUMP)
The flash on a retail un jailbroken standard console is a cex flash. You will edit this flash image in order to downgrade and jailbreak a ps3.
Once a system has converted to dex the flash is then dex flash and cannot be patched like normal.
The flash of the ps3 is where the consoles data is kept, the data that the console needs to be able to start up (boot).
There are 3 types of data in the flash:
per firmware
per model
per console
The per console data is very important as it has each ps3s keys (each ps3 has different info), without the per console data the console cannot start and is ultimayely bricked forever.
The flash data is paired (matches) with the data on the cpu chip and the syscon, all 3 have are a set, that's why the flash from one console can't be put onto another, unless you also swap the cpu and the syscon. (That's how to jailbreak a 3000 model)

THE ROS0 AND ROS1.
The ros are the version the ps3 is on, one is the last update that was made from xmb and the other is the last update that was made from safe mode.
After a ps3 has been hardware flashed the ps3 cannot be updated to the lower ros only the higher.
If the ps3 is on ros0 4.76 and ros1 4.75 and you patch the dump to anything but 4.76 then the system cannot start due to the ros mismatch, if you patch the dump to 4.76 the console will boot to xmb.
Both methods can be used to downgrade and jailbreak, if you mismatch the ros the ps3 will boot into safe mode saying the system cannot start, you can just update as normal.

WHAT IS DOWNGRADING.
Downgrading is the process of taking a ps3 from a firmware version to a lower firmware version. For example going from 4.76 to 3.55.
This is done like this:
1. Use a hardware flasher to get a dump of the ps3 flash.
2. Patch the dump to disable the ps3s security.
3. Flash the new patched dump to the ps3.
4. Install a 3.55 downgrader (normally rogero 999 downgrader).
5. Toggle qa which resets the syscon.
6. Install 3.55 ofw or cfw (then the console can be "jailbroken" by installing the latest cfw).

There is a method which involves just going straight to the latest version of cfw without downgrading, to do this skip steps 4,5 and 6 and just install the latest cfw/ the version the ps3 asks for, then toggle qa and your good to go.
I have released toggle qa for 4.76 and will release more versions when and if people ask for it.
I personally like to go back to 3.55, in my experience it causes less problems long term but if qa is toggled not just flagged then both methods are sound.

WHAT IS CFW ?
cfw-Custom Firmware is the ps3s operating system, iphone has ios, pc's have windows, custom firmware is made from ofw (official sony firmware) and only has security disabled and in many cfw's the look has been changed.
Installing cfw onto a ps3 can only be done if it has been hardware flashed to disable the security or if the ps3 is on 3.55, this is because we have the keys from 3.55.

The security keys, sony were meant to make an algorythm (algebra equation) that generates a random number but the number always generated the same so once you work out the math you get the private key,
all firmware that is installed onto the ps3 must have sonys private signature key for the ps3 to accept it along with other checks, each file in the cfw must be signed also in order for it to run.

ABOUT BANNING.
In truth nobody but sony themselves actually know all the in's and out's of banning but there is some stuff that we have managed to figure out due to, ida pro, wireshark, tmapi debugger and various other programs.
At one time your ps3 sent a log to sony, this log contained what your ps3 had loaded up, so if you had loaded up say multiman or ccapi then that would be in your log, if certain system calls that we add to cfw were used, they would be in the log, I even read in sonys t'c and c's that they reserve the right for themselves or their affiliates to look into your filesystem.
If sony received a log that looked suspicious they add you to a ban que, you may not get banned straight away and it may not be for a week but at some point their system will ban you.
Banning on games is slightly different,
You sign into psn,
sony verify your ps3 is ok then they attach a ticket to you, this ticket comes with you when you go to a games servers (the game server doesn't verify you the ticket does), if you have been caught by the game server modding/hacking then they will ask sony to restrict access to their server from your ps3 (you get told your banned when you try to go on the game).
If your ps3 is banned from psn all together then that's for one reason, your cid has been used by another system, if 2 ps3s sign into psn with the same id then they know you are using cfw and are deceiving them, so they ban you.
Technically sony must have proof of you using cfw in order to ban you so either your ps3 sent a log to them or your cid signed in from 2 ps3s at once,
It's a sad fact but people can steal your cid in many ways and I fear it will only get worse.

THE LV2 KERNEL.
The lv2 kernel (game os) is essentially the core of the operating system.
It handles the communacation between the user and the processor.
The differnce between cex and dex lv2 is system calls, a dex lv2 has certain system calls that a cex lv2 doesn't.
The user asks the ps3 to do something, the lv2 relays the message to the processor, the processor agrees to do what it was asked (or not) then relays the message back to the lv2 that it is initiating the process.
That sums it up (without getting into the ram and handing back memory lol).
In short there are certain things that dex can do that cex can't but not many people I know use these functions and calls.

A SHORT HISTORY OF CFW.
It all started with GEOHOT trying to break the security and find a jailbreak for the ps3 like he did for the iphone. I remember him tweeting that the security was too tight and he was giving up.
Then fail0verflow, a group of german hackers decided they wanted to exploit the ps3 in order to run linux on it, they discovered something that would turn out to be sonys epic fail.
Sony had used a "randomised" algebra equation that "set" their private key, this key was needed in order to get past or disable the ps3s security.
Epic fail, the equation always returned the same result, so work out the equation and you have the answer.
So once this was released to the public geohot decided to give it another go and low and behold he figured out how to sign files to get the ps3 to accept them.
It was a good start, I remember people sharing their findings, creating ground breaking software for ps3 and there was a general we beat the big boys feeling.
At 3.56 sony changed the way the security worked, changing round the boot up process, changing the signings, adding metldr2, anything they could to stop the exploit of their console and to a degree they succeeded.
No console with metldr2 can be decrypted, modded, hacked or have it's security disabled.
But ways to disable the security on older models and downgrade them were released, sony had only won half the battle. The ps3 was mostly still exploitable.
(I bet the guy who created the algebra equation for the private key is in mr sonys dungeon lol).

So when the exploit popped up developers like the rebug team, the ita team and rogero jumped on it releasing cfw and spoofs.
I remember a time when rogero kept everyone online with no gaps for months, everytime sony put out an update rogero released a spoofed cfw.
For me rogero is the greatest ps3 dev, others have for example created system calls and done things that are more "reputable" but just for taking sonys own ofw and modding the hell out of it rogero was the man.
If you've never heard of rogero then shame on you.
At the time of writing this there hasn't been a sony ps3 update for about 6 months (strange), I've heard rumours that they don't plan anymore updates, maybe or maybe not.
As many devs are leaving the scene one by one things seem to be slowing down.





Download Link:
Sign Up for Free or Login to view this content. Since you're viewing the AMP-accelerated version of our website which doesn't store login cookies, please scroll to the bottom of this page and click on the "View Non-AMP Version" button first, thanks!
Downloaded 2 times
 
Top