Hi,
I’ve got some great news for those of you who have not updated your PS3 firmware! I have just succeeded in adding Firmware 3.01 support into PSFreedom. I’ve pushed the latest code to github and you can now download the source and compile PSFreedom for 3.01.
For now, you will need to edit config.h and change the FIRMWARE_3_41 into FIRMWARE_3_01, then recompile. However, I will soon add support for dynamically choosing the target firmware version by simply doing a :
echo 3.01 > /proc/psfreedom/fw_version
I will soon add support for firmware 3.10 and 3.15, so be patient, and you will be rewarded. I would like to thank Klutsh as well as Philippe Hug who helped me achieve this port to 3.01.
The new payload changes are available in the PL3 github and any project/port that is also using PL3 should automatically gain support for the 3.01 firmware.
You will also be able to enjoy some new ‘tools’ in PL3 that will allow you to dump the LV2 kernel as well as the decrypted ELF files of the XMB and other configuration files it uses. The ethernet dumping is also now compatible with PS3 Slim models.
Update:
Philhug and I have worked together recently to make PL3 compatible with 3.15, and it is now done, working and ready for you to use. I have just pushed the latest changes to github, so just update both PSFreedom and PL3, and define FIRMWARE_3_15 in PSFreedom’s config.h and recompile. You will then be able to enjoy your unrestricted PS3 on 3.15 firmwares. Enjoy!
Update 2:
I have just added support for firmware 3.10 to PL3. You can get it by upgrading to the latest git version of PL3. There are however some changes in there that might break PSFreedom, so wait until I update PSFreedom tomorrow to be compatible with the latest PL3 changes!
I have also added a HOWTO file that explains the steps required to port PSFreedom to an exploitable firmware. Enjoy
I would like to thank, again, those who have donated. For the others, you can still donate, if you appreciate the work I’ve done.
Enjoy!
KaKaRoTo
ok you found out how to change to how it works on a firmware…good, but if you know how to do that why don’t you make a 3.50fw compible? it makes sense…
because 3.50 fixes the exploit, you need an exploitable firmware to be able to add support for it..
I compiled PSFreedom for N900 using the 3.15 firmware config option, and when I tried to use the exploit, nothing happened.
Kakaroto, I’d like to give my most sincere thanks for your work.
Like many people I want to be able to run Linux on my PS3, and thanks to your efforts I can now run homebrew as well.
Thanks again and take care,
Rob
This is driving me crazy.
Does anyone have a compiled version of PSFreedom for iPod Touch 1g that has Hermes v2 or 3, or 3.15 support
The level of resistance that you deal with physically in the work out center and the challenge that you deal with in existence can only build a strong character
Hi kakaroto, sorry for my english, i use your lv2 analyzer idc file to disasemble de lv2 kernel. If i load de lv2 in 0x0000000000000000 it work fine, but the reference of the sting to a function is not property.
You can modifi the idc file to detect the syscall and toc to run lv2 in 0x8000000000000000. Because is the real memory of lv2.
actually if i run lv2 in 0x8000000000000000 the script file dont detect any syscall and toc tables.
thx
Hi, I´m working to port your latest branch to psgroopic. I was having problems (ps didnt want to boot, init black screen). Cause your prior version was working right I´ve decided to rollin´ back to find what was the problem. I´ve found that this was the problematic change:
http://github.com/kakaroto/PL3/commit/1d5a9fc587c027b10a54bb10670edfc7d1333608?locale=en
I´ve reverted and now it is working fine. Could you tell me why¿?¿
Best regards 🙂
@haute: yeah, it’s not going to work, I just load it at 0x00.. if you load it at 0x80.., then IDA will just not work right.. scrollbars will even stop working, so it’s better not to bother with that…
@JIM: humm.. I admit it’s untested, but i just spent 10 minutes looking at that change, and it makes no sense that it would stop working… are you sure that only that specific change breaks it ?
Anyway to implement Hermes new payload with yours for 3.15 fw support?
Hi,
I have some questions regarding your HOWTO:
Do you have to mod your hardware in order to port to versions prior 3.01?
If that’s so, I assume that Linux + the toolkit is required too?
Or is this a method involving only the usb hub?
Thank you for your help!
no modding required, if you read the HOWTO, you’d have realized it by now.
Thanks, I read it for third time now, but I’m not very savvy at this point. I’ll try harder and read more and hopefully will be able to contribute.
I think you find the mistake.
http://github.com/kakaroto/PL3/commit/f90b8deb72de794115c90fc3221404b2a556c007
Cool….. thanks for credits ;p
I managed to dump my FW (2.76), then dump the first set of elfs using the payload_dump_elfs_X_YZ – neat!
And now, I’m stuck =( Seems the 2.76 elf1 is quite different, and I can’t find one of the offsets in it since I don’t have a 3.41 (or any of the supported firmwares) elf1 file. Could someone dump the “a0556f3d002cb8fd” and “6b70280200020017” files from a 3.41 system?
@fearhq: nice! 🙂 so I guess the HOWTO is useful after all, hehe..
How did you get the elfs dump without a 3.41 dump? it’s almost impossible to figure out the right offsets without comparing, and if you can’t compare, you can’t patch the right functions needed to dump the elfs…
anyways, for the elf1/elf2, if the search string I suggested in the HOWTO doesn’t work, then you’d need to compare the actual functions…
I can’t provide you with 3.41 elfs since those files are sony’s property/copyright, and i can’t share them (also, I don’t have 3.41 anymore).
Let me know how it goes..
Good luck!
@kakaroto Yes, the HOWTO was very useful, though it definitely doesn’t take 2 hours to port to a new firmware (at least not for me 😉 )
I actually had access to a 3.41 LV2 dump, but I don’t have access to a 3.41 box (or any supported firmware) to dump the elf1/elf2 files. Is there a way for me to extract them based on the LV2 dump? (my guess is no, else you would not go to the trouble of writing new payloads to get them)
After this is done, I’ll have some updates you can apply to PL3 and Jevinskie can apply to PSGroove (minor bugs)
I’ll take any help I can get to figure out the elf1/elf2 offsets =)
@fearhq: try to maybe contact me on IRC, I’ll see if I can help.
You’ll find me as KaKaRoTo on Freenode and EFNet.
I have a question was just wondering, if there is any way to get the psn spoof on a 3.01 ps3. I have two devices that I can use to jailbreak my ps3. I have an android with psfmod, so I should be able to load a bin, or a ti-84 plus silver edition.
So I was wondering where could I find the bin or 8xv for 3.01 psn spoof, would really like to play cod black ops
Pingback: A time for giving - klutsh.com