CabConModding
Facebook
Twitter
youtube
Discord
Contact us
RSS
Menu
CabConModding
Home
New
Top
Premium
Rules
FAQ - Frequently Asked Questions
Games
Fornite
Call of Duty: Black Ops 3
Clash of Clans
Grand Theft Auto 5
Apex Legends
Assassin’s Creed Origins
Forums
Premium
Latest posts
What's new
Latest posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Log in
Register
What's new
Premium
Latest posts
Menu
Log in
Register
Navigation
Install the app
Install
More options
Dark Theme
Contact us
Close Menu
Forums
Console Section
PS3
Modding Content
PS3 Toolset by bguerville: A powerful collection of tools fueled by new PS3 exploit
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="NordCFW" data-source="post: 53265" data-attributes="member: 101324"><p>"The <strong>PS3 Toolset</strong> is a repository project for tools built upon a new ps3 exploitation framework I have been working on for a while. More tools should be added to this repository with time.</p><p>I hope you enjoy using them as much as I enjoy making them <img src="/styles/default/xenforo/smilies.emoji/people/wink.emoji.svg" class="smilie" loading="lazy" alt=":wink:" title="Wink :wink:" data-shortname=":wink:" />"</p><p>- <a href="https://www.psx-place.com/members/2198/" target="_blank">@bguerville</a></p><p></p><p><strong>Project Timeline:</strong></p><ul> <li data-xf-list-type="ul"><strong>End 2018</strong>, Sony patches one of the bugs the ps3xploit tools exploited to gain ROP execution. (4.83 OFW release)</li> <li data-xf-list-type="ul"><strong>Beginning 2019, </strong>I begin to look for a replacement exploit & the release of ps3xploit tools 3.0 is postponed.</li> <li data-xf-list-type="ul"><strong>Spring 2019,</strong> I rewrite most of the 3.0 framework to leverage the new capabilities gained with the new exploits.</li> <li data-xf-list-type="ul"><strong>Summer 2019,</strong> realizing the potential of the newly written 4.0 framework to create flexible & powerful tools, I decide to cancel the 3.0 release altogether & scrap the 3.0 framework.</li> <li data-xf-list-type="ul"><strong>Beginning 2020,</strong> I am releasing this "Toolset" project, as a repository for the tools created around my 4.0 framework that I deem release worthy, each tool being accessible in a toolset tab. This project is the fruit of many sleepless hours during many months, it showcases only part of the 4.0 framework capabilities though, there is still room for more surprises later... <img src="/styles/default/xenforo/smilies.emoji/people/wink.emoji.svg" class="smilie" loading="lazy" alt=":wink:" title="Wink :wink:" data-shortname=":wink:" /><br /> The initial release, contains a couple <strong>userland tools,</strong> a fully featured <strong>Flash Memory Manager </strong>& a <strong>Memory Editor </strong><em><strong>(</strong>mostly for development & research purposes<strong>).</strong></em> A<strong> file explorer tool </strong>should be added to the repository soon, it will be the last userland tool I write for the foreseeable future</li> </ul><p><strong>General Information about the PS3 Toolset</strong></p><ul> <li data-xf-list-type="ul">Toolset supports all ps3 models & official firmware versions from 4.82 to 4.86 (cex & dex) *some ps3 models have exclusive features/tools (note: toolset tools will also work from CFW)<br /> </li> <li data-xf-list-type="ul">PS3 Toolset is executed from the PS3's Web-Browser by visiting the following URL (SSL): <a href="https://www.ps3xploit.net/bgtoolset/" target="_blank">https://www.ps3xploit.net/bgtoolset</a><br /> </li> <li data-xf-list-type="ul">PS3 Browser Requirements<ul> <li data-xf-list-type="ul"><em><strong>JavaScript</strong> (Enabled from browser settings)</em></li> <li data-xf-list-type="ul"><em><strong>Cookies</strong> (Enabled from browser settings)</em></li> <li data-xf-list-type="ul"><em><strong>Flash Plugin</strong> (Enabled, but this one has a few caveats that may need explaining, the good news being that the toolset will detect the issue and let you know how to proceed (if there is an issue), see further explanations below)</em><ul> <li data-xf-list-type="ul">If ever in the past, you agreed to load the Flash Player plugin when prompted and checked the checkbox "Do not show again", you should have no issue & will never even see the plugin popup.<br /> </li> <li data-xf-list-type="ul">If you never before checked the "Do not show again" checkbox, you will be greeted with a popup asking you to allow the Flash player plugin. If you agree to load the plugin, the PS3 toolset should continue to load. Note that if you take more than 15s to agree when prompted by the popup, you will get a PS3 Toolset warning about the plugin being disabled even if you finally agreed to load the plugin, just refresh the page when prompted.<br /> </li> <li data-xf-list-type="ul">If ever you got the Flash Player plugin popup in the past & selected NO and checked the checkbox "Do not show again", the Flash Player plugin will be permanently disabled, consequently the PS3 Toolset will not be able to load. Unfortunately there seems to be no official way to reset this setting in the browser. The PS3 toolset does have automatic detection of this issue and some instructions are given. Currently the easiest workaround is to create a new user profile on the XMB, when launching the toolset on the new profile, you will be greeted with the browser pop-up asking to allow the flash plugin. However it has been found that in some cases, a new user profile is not sufficient to reset the Flash Player plugin status. I hope that other devs & advanced users will look into this situation while I continue working on new tools, if nobody does, I might end up looking into the problem after the next tool release. </li> </ul></li> </ul></li> <li data-xf-list-type="ul">You are free to use the tools in this project at your own risk. Keep in mind that no official support is provided, if you experience any kind of problem & find yourself in need of help, I strongly recommend that you turn to the <a href="https://www.psx-place.com/forums/PS3Xploit/" target="_blank">PS3Xploit sub-forum on psx-place.com</a> for support & guidance..<br /> </li> <li data-xf-list-type="ul">It is highly recommended that you adjust the console's System Time settings properly to avoid any time related issues with the browser and/or the Flash Player plugin.</li> <li data-xf-list-type="ul">To avoid potential crashes, you should never attempt to close the browser while toolset operations are in progress, especially when the browser exit confirmation setting is turned off.<br /> </li> <li data-xf-list-type="ul">PS3 Toolset only loads tools & features compatible for your console, this means no accidental use of a feature not compatible with your system.<br /> </li> <li data-xf-list-type="ul">No local/offline version is planned & the source code will remain closed for the time being.</li> </ul><p><strong>Requirements and Features</strong></p><p><strong></strong></p><p><strong>Requirements</strong></p><ul> <li data-xf-list-type="ul"><em>PS3 Console (Any Model) running 4.82 - 4.86 (CEX/DEX) Firmware<br /> </em></li> <li data-xf-list-type="ul"><em>Internet Connection to access Toolset from PS3's Internet Browser.<br /> </em></li> <li data-xf-list-type="ul"><em>PS3 Browser Flash Player 9 Plugin enabled (View General Information section for additional info)<br /> </em></li> <li data-xf-list-type="ul"><em>PS3 Browser Javascript enabled<br /> </em></li> <li data-xf-list-type="ul"><em>PS3 Browser Cookies enabled</em></li> </ul><p></p><p><strong>Quick Overview of Toolset (v1.0.19) Capabilities:</strong></p><p><em><strong>All Models</strong></em></p><ul> <li data-xf-list-type="ul"><em>Display console's IDPS</em></li> <li data-xf-list-type="ul"><em>Detects Console's CFW Compatibility + Factory Installed Firmware </em></li> <li data-xf-list-type="ul"><em>Detects Internal Flash Type of console: NOR / NAND / eMMc ect...</em></li> <li data-xf-list-type="ul"><em>Detects console & firmware information</em></li> <li data-xf-list-type="ul"><em>Take's a Full dump (backup purposes) of Internal Flash</em></li> <li data-xf-list-type="ul">Memory Editor tool<em> (R&D tool)</em></li> </ul><p><em><strong>Custom Firmware (CFW) compatible Models Only</strong></em></p><ul> <li data-xf-list-type="ul"><em>Patching of OFW Flash (Flash Memory Patch) for Custom Firmware Installations. </em></li> </ul><p><em><strong>Userland Tools</strong></em></p><p><strong>1.The Memory Editor tool v1.1</strong></p><p><img src="https://www.psx-place.com/attachments/upload_2020-2-21_22-23-34-png.24178/" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><ul> <li data-xf-list-type="ul"><em>The tool maps up all the currently loaded sprx modules segments (text & data) & allows you to browse them as well as the 2 vsh segments and the browser memory container. Users can also edit the memory as they see fit in all writable memory segments. <strong>This is mostly a R&D tool.</strong></em></li> <li data-xf-list-type="ul">-<strong> Notice</strong>- issues caused by RAM synchronisation. The memory editor is not a live debugger, it cannot pause lv2 or userland threads execution. Consequently, the RAM can be modified by the various threads executing in userland between the moment the memory editor tool takes a snapshot of a ram range to create the hex table to display on screen & the moment the table is actually displayed on screen.This means that on rare occasions the values displayed on screen might be different from those actually in RAM. This is especially true for specific memory areas such as the browser container memory.<ul> <li data-xf-list-type="ul">There is no easy way to solve this issue, even the debugging deci3 syscalls available only in DEX would not help us much because while it would enable us to take properly synchronised snapshots of the RAM, displaying the data on screen would still require running js code in the browser, which would modify the RAM & lead to the same synchronisation problem we currently face without using the deci3 syscalls.</li> <li data-xf-list-type="ul">I implemented code to color out the detected table cells found to be unsynced with RAM so there is as little ambiguity as possible. The text of such detected table cells is set to 'undefined'.</li> </ul></li> </ul><p><strong>2. Flash Memory Manager v1.2 tool</strong></p><p><img src="https://www.psx-place.com/attachments/upload_2020-2-21_22-24-9-png.24179/" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><ul> <li data-xf-list-type="ul">Compatible with all PS3 models (patching flash options exclusive to CFW compatible models)</li> <li data-xf-list-type="ul">FMM displays basic Flash Memory data in a tree.</li> <li data-xf-list-type="ul">Clicking on appropriate tree nodes reveals context menu entries to launch the tool's features.</li> <li data-xf-list-type="ul">Among other things, the manager can dump the Flash memory to file on any natively writable partition mounted on the console.</li> <li data-xf-list-type="ul"><strong>To patch (for cfw installation)</strong> a console using the no-fsm method, users must first load a patch file in memory. That file will be checked first & if found valid, the context menu entry to apply the patch will be enabled.</li> </ul><p><strong>There are 2 ways to acquire the correct patch file to flash.</strong></p><p><strong>1.</strong> it can be downloaded to disk first then loaded into memory from file & finally applied to the system</p><p> - or -</p><p><strong>2.</strong> it can be loaded via https directly to memory without using disk storage, the data is checked in RAM then if found valid, users can decide to apply it (from the unlocked menu, once file is validated by the toolset automatically).</p><ul> <li data-xf-list-type="ul">After applying a patch, the FMM automatically dumps the 2 ROS regions it just overwrote to double check that patching was properly done.</li> <li data-xf-list-type="ul">Progress dialogs keep the user informed of current operations & outcomes. User logs are provided in the various progress dialogs.</li> </ul><p><strong>3. Logs v1.0 Tool</strong></p><p><strong><img src="https://www.psx-place.com/attachments/ps-png.24323/" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></p><p><strong>Technically the <strong>log section</strong> is also a tool of this Toolset. Its tab contains all the logs, warnings, errors & debug output of the toolset & its different tools.</strong></p><p><strong></strong></p><ul> <li data-xf-list-type="ul"><strong>Whenever something goes wrong, it's the first place to look & screenshots can be used to identify problems.</strong></li> <li data-xf-list-type="ul"><strong>I also included a UDP broadcast similar to Cobra's. Users can use socat to listen on UDP to the Toolset broadcast. However for the moment, only some data gets broadcasted but not the entire contents of the log tab because of the performance impact. With the file explorer release, I plan implement a few changes to this feature as well, the UDP broadcast will be done in a separate thread & all logged data should be broadcasted to UDP.</strong></li> </ul><p><strong></strong></p><p><strong>[SPOILER="Link"]</strong></p><p><strong><strong>From the PS3 web browser you can access the toolset @: (SSL only)</strong></strong></p><p><strong><strong><a href="https://www.ps3xploit.net/bgtoolset" target="_blank">PS3 Toolset by @bguerville</a></strong></strong></p><p><strong><strong>Update (4) - Issues has been resolved and FMM has been updated to</strong></strong></p><p><strong><strong><strong>v1.0.22. A fix for the handful of ppl with NAND consoles who are stuck unable to install another firmware at</strong></strong></strong></p><p><strong><strong><strong><a href="https://www.ps3xploit.net/bgtoolset/fix_nand.php" target="_blank">PS3 Toolset by @bguerville</a></strong></strong></strong></p><p><strong><strong>Instructions here for NAND ISSUE:</strong></strong></p><p><strong><a href="https://www.psx-place.com/threads/bg-toolset-user-issues-and-dump-submissions.28868/" target="_blank">[BG Toolset] User Issues and Dump Submissions</a></strong></p><p><strong>[/SPOILER]</strong></p><p><strong></strong></p><p><strong>Source:<a href="https://www.psx-place.com/threads/update-4-ps3-toolset-by-bguerville-a-powerful-collection-of-tools-fueled-by-new-ps3-exploit.28658/" target="_blank">PS3 - [UPDATE 4] PS3 Toolset by bguerville: A powerful collection of tools fueled by new PS3 exploit</a></strong></p></blockquote><p></p>
[QUOTE="NordCFW, post: 53265, member: 101324"] "The [B]PS3 Toolset[/B] is a repository project for tools built upon a new ps3 exploitation framework I have been working on for a while. More tools should be added to this repository with time. I hope you enjoy using them as much as I enjoy making them ;-)" - [URL='https://www.psx-place.com/members/2198/']@bguerville[/URL] [B]Project Timeline:[/B] [LIST] [*][B]End 2018[/B], Sony patches one of the bugs the ps3xploit tools exploited to gain ROP execution. (4.83 OFW release) [*][B]Beginning 2019, [/B]I begin to look for a replacement exploit & the release of ps3xploit tools 3.0 is postponed. [*][B]Spring 2019,[/B] I rewrite most of the 3.0 framework to leverage the new capabilities gained with the new exploits. [*][B]Summer 2019,[/B] realizing the potential of the newly written 4.0 framework to create flexible & powerful tools, I decide to cancel the 3.0 release altogether & scrap the 3.0 framework. [*][B]Beginning 2020,[/B] I am releasing this "Toolset" project, as a repository for the tools created around my 4.0 framework that I deem release worthy, each tool being accessible in a toolset tab. This project is the fruit of many sleepless hours during many months, it showcases only part of the 4.0 framework capabilities though, there is still room for more surprises later... ;-) The initial release, contains a couple [B]userland tools,[/B] a fully featured [B]Flash Memory Manager [/B]& a [B]Memory Editor [/B][I][B]([/B]mostly for development & research purposes[B]).[/B][/I] A[B] file explorer tool [/B]should be added to the repository soon, it will be the last userland tool I write for the foreseeable future [/LIST] [B]General Information about the PS3 Toolset[/B] [LIST] [*]Toolset supports all ps3 models & official firmware versions from 4.82 to 4.86 (cex & dex) *some ps3 models have exclusive features/tools (note: toolset tools will also work from CFW) [*]PS3 Toolset is executed from the PS3's Web-Browser by visiting the following URL (SSL): [URL='https://www.ps3xploit.net/bgtoolset/']https://www.ps3xploit.net/bgtoolset[/URL] [*]PS3 Browser Requirements [LIST] [*][I][B]JavaScript[/B] (Enabled from browser settings)[/I] [*][I][B]Cookies[/B] (Enabled from browser settings)[/I] [*][I][B]Flash Plugin[/B] (Enabled, but this one has a few caveats that may need explaining, the good news being that the toolset will detect the issue and let you know how to proceed (if there is an issue), see further explanations below)[/I] [LIST] [*]If ever in the past, you agreed to load the Flash Player plugin when prompted and checked the checkbox "Do not show again", you should have no issue & will never even see the plugin popup. [*]If you never before checked the "Do not show again" checkbox, you will be greeted with a popup asking you to allow the Flash player plugin. If you agree to load the plugin, the PS3 toolset should continue to load. Note that if you take more than 15s to agree when prompted by the popup, you will get a PS3 Toolset warning about the plugin being disabled even if you finally agreed to load the plugin, just refresh the page when prompted. [*]If ever you got the Flash Player plugin popup in the past & selected NO and checked the checkbox "Do not show again", the Flash Player plugin will be permanently disabled, consequently the PS3 Toolset will not be able to load. Unfortunately there seems to be no official way to reset this setting in the browser. The PS3 toolset does have automatic detection of this issue and some instructions are given. Currently the easiest workaround is to create a new user profile on the XMB, when launching the toolset on the new profile, you will be greeted with the browser pop-up asking to allow the flash plugin. However it has been found that in some cases, a new user profile is not sufficient to reset the Flash Player plugin status. I hope that other devs & advanced users will look into this situation while I continue working on new tools, if nobody does, I might end up looking into the problem after the next tool release. [/LIST] [/LIST] [*]You are free to use the tools in this project at your own risk. Keep in mind that no official support is provided, if you experience any kind of problem & find yourself in need of help, I strongly recommend that you turn to the [URL='https://www.psx-place.com/forums/PS3Xploit/']PS3Xploit sub-forum on psx-place.com[/URL] for support & guidance.. [*]It is highly recommended that you adjust the console's System Time settings properly to avoid any time related issues with the browser and/or the Flash Player plugin. [*]To avoid potential crashes, you should never attempt to close the browser while toolset operations are in progress, especially when the browser exit confirmation setting is turned off. [*]PS3 Toolset only loads tools & features compatible for your console, this means no accidental use of a feature not compatible with your system. [*]No local/offline version is planned & the source code will remain closed for the time being. [/LIST] [B]Requirements and Features Requirements[/B] [LIST] [*][I]PS3 Console (Any Model) running 4.82 - 4.86 (CEX/DEX) Firmware [/I] [*][I]Internet Connection to access Toolset from PS3's Internet Browser. [/I] [*][I]PS3 Browser Flash Player 9 Plugin enabled (View General Information section for additional info) [/I] [*][I]PS3 Browser Javascript enabled [/I] [*][I]PS3 Browser Cookies enabled[/I] [/LIST] [B]Quick Overview of Toolset (v1.0.19) Capabilities:[/B] [I][B]All Models[/B][/I] [LIST] [*][I]Display console's IDPS[/I] [*][I]Detects Console's CFW Compatibility + Factory Installed Firmware [/I] [*][I]Detects Internal Flash Type of console: NOR / NAND / eMMc ect...[/I] [*][I]Detects console & firmware information[/I] [*][I]Take's a Full dump (backup purposes) of Internal Flash[/I] [*]Memory Editor tool[I] (R&D tool)[/I] [/LIST] [I][B]Custom Firmware (CFW) compatible Models Only[/B][/I] [LIST] [*][I]Patching of OFW Flash (Flash Memory Patch) for Custom Firmware Installations. [/I] [/LIST] [I][B]Userland Tools[/B][/I] [B]1.The Memory Editor tool v1.1[/B][I][/I] [IMG]https://www.psx-place.com/attachments/upload_2020-2-21_22-23-34-png.24178/[/IMG] [LIST] [*][I]The tool maps up all the currently loaded sprx modules segments (text & data) & allows you to browse them as well as the 2 vsh segments and the browser memory container. Users can also edit the memory as they see fit in all writable memory segments. [B]This is mostly a R&D tool.[/B][/I] [*]-[B] Notice[/B]- issues caused by RAM synchronisation. The memory editor is not a live debugger, it cannot pause lv2 or userland threads execution. Consequently, the RAM can be modified by the various threads executing in userland between the moment the memory editor tool takes a snapshot of a ram range to create the hex table to display on screen & the moment the table is actually displayed on screen.This means that on rare occasions the values displayed on screen might be different from those actually in RAM. This is especially true for specific memory areas such as the browser container memory. [LIST] [*]There is no easy way to solve this issue, even the debugging deci3 syscalls available only in DEX would not help us much because while it would enable us to take properly synchronised snapshots of the RAM, displaying the data on screen would still require running js code in the browser, which would modify the RAM & lead to the same synchronisation problem we currently face without using the deci3 syscalls. [*]I implemented code to color out the detected table cells found to be unsynced with RAM so there is as little ambiguity as possible. The text of such detected table cells is set to 'undefined'. [/LIST] [/LIST] [B]2. Flash Memory Manager v1.2 tool[/B] [IMG]https://www.psx-place.com/attachments/upload_2020-2-21_22-24-9-png.24179/[/IMG] [LIST] [*]Compatible with all PS3 models (patching flash options exclusive to CFW compatible models) [*]FMM displays basic Flash Memory data in a tree. [*]Clicking on appropriate tree nodes reveals context menu entries to launch the tool's features. [*]Among other things, the manager can dump the Flash memory to file on any natively writable partition mounted on the console. [*][B]To patch (for cfw installation)[/B] a console using the no-fsm method, users must first load a patch file in memory. That file will be checked first & if found valid, the context menu entry to apply the patch will be enabled. [/LIST] [B]There are 2 ways to acquire the correct patch file to flash. 1.[/B] it can be downloaded to disk first then loaded into memory from file & finally applied to the system - or - [B]2.[/B] it can be loaded via https directly to memory without using disk storage, the data is checked in RAM then if found valid, users can decide to apply it (from the unlocked menu, once file is validated by the toolset automatically). [LIST] [*]After applying a patch, the FMM automatically dumps the 2 ROS regions it just overwrote to double check that patching was properly done. [*]Progress dialogs keep the user informed of current operations & outcomes. User logs are provided in the various progress dialogs. [/LIST] [B]3. Logs v1.0 Tool [IMG]https://www.psx-place.com/attachments/ps-png.24323/[/IMG] Technically the [B]log section[/B] is also a tool of this Toolset. Its tab contains all the logs, warnings, errors & debug output of the toolset & its different tools. [/B] [LIST] [*][B]Whenever something goes wrong, it's the first place to look & screenshots can be used to identify problems.[/B] [*][B]I also included a UDP broadcast similar to Cobra's. Users can use socat to listen on UDP to the Toolset broadcast. However for the moment, only some data gets broadcasted but not the entire contents of the log tab because of the performance impact. With the file explorer release, I plan implement a few changes to this feature as well, the UDP broadcast will be done in a separate thread & all logged data should be broadcasted to UDP.[/B] [/LIST] [B] [SPOILER="Link"] [B]From the PS3 web browser you can access the toolset @: (SSL only) [URL="https://www.ps3xploit.net/bgtoolset"]PS3 Toolset by @bguerville[/URL] Update (4) - Issues has been resolved and FMM has been updated to [B]v1.0.22. A fix for the handful of ppl with NAND consoles who are stuck unable to install another firmware at [URL="https://www.ps3xploit.net/bgtoolset/fix_nand.php"]PS3 Toolset by @bguerville[/URL][/B] Instructions here for NAND ISSUE:[/B] [URL="https://www.psx-place.com/threads/bg-toolset-user-issues-and-dump-submissions.28868/"][BG Toolset] User Issues and Dump Submissions[/URL] [/SPOILER] Source:[URL="https://www.psx-place.com/threads/update-4-ps3-toolset-by-bguerville-a-powerful-collection-of-tools-fueled-by-new-ps3-exploit.28658/"]PS3 - [UPDATE 4] PS3 Toolset by bguerville: A powerful collection of tools fueled by new PS3 exploit[/URL][/B] [/QUOTE]
Verification
Post reply
Forums
Console Section
PS3
Modding Content
PS3 Toolset by bguerville: A powerful collection of tools fueled by new PS3 exploit
CabConModding is now on facebook! Check the latest Updates, the Site Status and much more now!
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
Accept
Learn more…
Top