Post: CFW 4.31 OtherOS++ real no spoof, qaflag, bd emu
Options
02-09-2013, 04:09 PM
#1
paki4life
Brute
this can not be installed on 4.31 it has to be done on 3.55
CFW 4.31 by MiralaTijera
This has been translated in to English from Spanish
Hi, i present myself on this community showing what i been working in the darkness.
You may ask what this is all about?.
Well it’s about my CFW 4.31 FULL 4.31, nothing about spoof’s. It’s ported to 4.31. And..
I give you along with the Os also my (personal) multiTOOL called “core” it’s only a self that loads at console startup.
If it’s available on right USb port of our PS3 “/dev_usb000/” that among other things this will allow to dump console flash.
Also activates QA flags (on 4.31 = directly) and exits and start on factory mode.
Here some specs:
lv1 CoreOS hash deactivated for downgraded consoles.
lv1 183/182 undocumented ( lv1 peek / poke )
lv1 Otheros ++
VSH: nas_plugin ( all pkgs can get installed , explore_plugin y game_ext plugin to show the install package and erase that annoying warning message of *epilepsy* (though this is automatic while with QA flag)
and patches VSH for rif / rap with fakesign.)
default.spp: added that memory extra on gameOS for otherOs.
lv2 peek / poke , syscall 6 / 7 ,
lv2 lv1 peek / poke ( opcional syscall 8 / 9 via core)
Payload Hermes with ported SC 36
APPLDR: lv2 memory hash desactived from appldr ( no need to patch on lv1 ) , dev_flash whitelist deactivated ( loads any keyset from dev_flash ) and ECDSA deactivated.
ISOLDR : ECDSA deactivated
SPP_VERIFIER: ECDSA deactivated
spu_utoken_processor : ECDSA deactivated ( qa flag )
Here you have the payload to include on C for our managers with fixes and hook.
You must login or register to view this content. ( payload with sc36 )
You must login or register to view this content. (lv2 lv1 calls)
Now let’s talk about = Core.
It’s AIO (all in one) tool. This CFW at startup search on dev_usb000 if theres a files called cellftp.self and other called copy_script.txt. Also i activated *search function* you can deactivate if you want so just doing this:
You have to put an original 4.31 sys_init_osd.self inside dev_flash/sys/internal/HERE and that will stop it for search it.
So i developed a homebrew called core, that allows to end user have more options and tools.
Remember though that the self has to be on your pendrive root along with copy_script.txt and flags folder with the flags ( functions ) that you want inside.
When your PS3 starts up will search for it and execute it. It will leave a log on root called core.log.
I will mention the more important ones and tomorrow i will explain a little more:
BD emu flag = Is for if you don’t have blu-ray drive or just don’t work npdrm if you activate this flag, the PS3 will behave as if it have the drive installed.
Enableqa = Activates those QA flag directly on 4.31 ..
Dump nand
Dump nor
Dump lv2
Dump full ram
etc..
Changelog:
,
dM
MMr
4MMML .
MMMMM. xf
. M6MMM .MM-
Mh.. +MM5MMM .MMMM
.MMM. .MMMMML. MMMMMh
)MMMh. MM5MMM MMMMMMM
3MMMMx. MMM3MMf xnMMMMMM
*MMMMM MMMMMM. nMMMMMMP
*MMMMMx MMMM5M .MMMMMMM=
*MMMMMh NMMMMM JMMMMMMP
MMMMMM IMMMMM. dMMMMMM .
MMMMMM MMMM .MMMMMM .nnMP
.. *MMMMx MMM dMMMM .nnMMMMM*
MMn… ‘MMMMr ‘MM MMM .nMMMMMMM*
4MMMMnn.. *MMM MM MMP .dMMMMMMM
^MMMMMMMMx. *ML M .M* .MMMMMM**
*PMMMMMMhn. *x > M .MMMM**
**MMMMhx/.h/ .=*
.3P …
nP *MMnx
core 2.6.5
changelog 2.6.5:
Added toggle_recovery flag = Warning PHAT wipe.
Fixed 6 flags.
Erased that epilepsy warning.
Core 2.6.0
Changelog 2.6.0:
aƱadida flag para limpiar restos de flag’s de otheros ( usar en casos de problemas al entrar recovery )
Added flag to clean otherOS flag’s ( use in case that you have problem to enter into recovery).
Changelog 2.5.0:
Added otherOS.
Fixed dumpnandflash flag, now dumps bootloader also to have a full vital backup of your PS3.
============================
OtherOS boot Tutorial:
1) Start core only with setup_flash_for_otheros flag, when you hear a double beep means that’s the process went well. If you don’t listened nothing = check log.
2) Then put dtbImage.ps3.bin (the one who corresponds to your CONSOLE)
If it’s Nand = dtbImage.ps3.bin.nand
If it’s NOR = dtbImage.ps3.bin.nor
You have to rename it to = dtbImage.ps3.bin and paste it on the your pendrive root in this case we will use install_otheros flag.
3) This will boot up and you will hear 2 beeps, if you don’t listened. Again, check the log. Something failed.
4) Once we done this, shutdown your PS3 and use boot_otheros flag. On boot you will see petitboot on your screen.
Thanks hermes, i used your cosunpkg and cospkg to align of CoreOs AND payload with sc36.
Links about all i mentioned above :
You must login or register to view this content.
Mirror thanks to “palestina” You must login or register to view this content.
BD Emu function is integrated also on one CFW 3.55 that im currently uploading. This comes handy for example if you want to dump your root key.
Here =
hilo_cfw-3-55-otheros-cex-bdemu-sin-controladora-integrado_1862166
To created our own CFW, just open delta patcher. On original file choose 4.31 OFW from here:
[url]https://dus01.ps3.update.playstation….d/PS3UPDAT.PUP[/url]
On xdelta patch, hit the patch and apply with check checksum option and keep original file tilted. This will create other file called *NEW.PUP being * name of the OFW you use.
PUP Hashes should be:
Code:
CRC32: 203E06EC
MD5: AD09B0CB3C09CFCCAB578E4E85969830
SHA-1: 7258E1BB84ED6E8AB0F6325A0199B65F82C7ADEF
The following user groaned paki4life for this awful post:
[/b]
02-15-2013, 07:46 PM
#12
KCTryhards
Guest
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
