| #36352 posted 2019-03-08 @ 15:34 GMT |
4.84.1 Starbuged + Cobra v8.00 CFW
Starbuged = Starbucks Release + Rebug Seasoning​
FEATURES: (Contains Rebug Lite + Cobra v8.00 features)
FEATURE COBRA 8.00 (Enabled by default)
Background running plugins at boot time (sprx)
ISO Support: PS1/PS2/PS3/PSP/DVD/BluRay (Split ISO support on FAT32 drives)
Network Support: PS1/PS3/DVD/BluRay /PKGs
Blu Ray Movie region free functionality NTFS HDD Support (prepNTFS, or multiMAN Required to scan contents)
PS2 ISO Support for BC (HW) / non-BC (SW) Consoles
Syscall 11 Cobra lv1 Peek
Syscall 15 Allow execution of any LV2 internal function
PSNPatch stealth plugin support
***ISO rips are required to get 100% support, for ex) after disabling syscalls, games like Call of Duty will not be able to play unless you use ISO rips, please DO NOT expect everything to be fully functional when you are disabling the built-in features from COBRA. Folder rips are NOT compatible with PSNPatchs stealth mode due to its ability to disable COBRAs disc-less feature for folder JB rips****
PS3MAPI support, allows you to attach process on both CEX/DEX via its own API app.
Backup Protection Removal, Add full PS3 Backup support on all multiMAN/sMAN/webMAN,IRIS manager forks and Managunz.
Allow modification on Syscall 6/7/8/9/10/11/15.
Burned/Burnt optical media support for PS1/PS3 Games on All models
Homebrew blocker blocks homebrew access while Syscalls are disabled
New in v8.00 Run payload with Kernel privileges - Added option to run payload with kernel privileges like ps vita skprx. this is a big thing! one can make hooks, printf to socat, do whatever they feel like they need to do. at the current time only one payload is supported at a time. in the future i might increase this
New in v8.00 Boot times speed improved - as there is no stage1.
New in v8.00 PS2 bc and semi bc consoles wont load iso when cobra disabled - disable cobra using opcode)
FEATURE Full Polish support for XMB/PS2 Emu (Provide full Polish character support)
FEATURE Cinavia protection fully disabled (Supports optical media/bd iso, AACS must be decrypted)
FEATURE Homebrew store compatibility (Downloading debug signed packages is now available on retail CFW.)
FEATURE PSN/SEN Accessibility (PSN /SEN Accessible , until the next OFW update)
FEATURE XMBM+ Compatibility (XMB Manager Plus developed by Team XMBM now supported via standalone pkgs.)
FEATURE HAN Toolbox Compatibility (HAN Toolbox Support added for testing HAN Signed pkgs on CFW)
FEATURE Enhanced Remote Play (This unlocks the limitation of working apps/games for remote play, by disabling SFO flag check)
FEATURE In Game Screenshot (Allows taking screenshots in Game
FEATURE QA Token compatibility
FEATURE OtherOS++ support enabled (Use Rebug Toolbox to Boot OtherOS with different LV1 patches)
FEATURE Package Manager (Replacement for the standard Install Package Files option)
FEATURE FSELF compatibility (Fake Signed ELF is supported)
FEATURE (Optional) Toolbox 02.03.00
TOGGLE XMB CFW SETTINGS Enable or Disable mysiss XMB CFW settings plugin v0.1. The feature is available via Network Column on XMB after Enabled.
TOGGLE COBRA MODE: COBRA mode ACTIVE by default, this option can toggle COBRA mode to enable COBRA 8.00 payload on boot
TOGGLE QA: Enable/Disable QA flag. Enable for easy downgrade and other extra features on all 3.55-4.84 CFW.
TOGGLE RECOVERY MODE: Enable/Disable Recover Mode flag. When enabled your PS3 will reboot in to Recovery Mode.
LOAD LV2 KERNEL: Load lv2_kernel.self.[KERNEL_NAME] from USB or /dev_hdd0
BACKUP/RESTORE XREGISTRY: Backup or Restore the PS3 system settings from USB
RESIZE VFLASH/NAND REGIONS: Resize VFLASH/NAND Region 5 to allow install of OtherOS.
INSTALL PETITBOOT: Install Petitboot to VFLASH/NAND Region 5 from USB.
SET GAMEOS BOOT FLAG: Sets the GameOS boot flag. Use this if your PS3 is having trouble booting PS2 titles after running OtherOS or is accidentally sending you back to OtherOS when trying to enter recovery mode.
CREATE PACKAGES FOLDER ON PS3: Create /dev_hdd0/packages folder or your PS3 to be used with Package Manager.
EXPORT HYPERVISOR LV1 MEMORY: Save LV1 memory to dev_usb000 or dev_usb006 or dev_hdd0 if usb is not found.
EXPORT GAMEOS LV2 MEMORY: Save LV2 memory to dev_usb000 or dev_usb006 or dev_hdd0 if usb is not found.
EXPORT FLASH TO FILE: Backup your current NOR/NAND to file on dev_usb000. Takes about 45secs for NAND
DUMP EID ROOT KEY: Dump your eid root key.
FEATURE XMB CFW settings v0.1a (Optional)
XMB Icons for various CFW tasks, available in Network Column (on XMB) Simply sele ct and the task is executed!
Settings Toggle COBRA
Dump Tools Klicense, File Secure ID, IDPS, Disc Hash keyService Tools Display Minimum Downgrade FW Version, Rebuild Database, Check File System, Entering Recovery Mode (NOR Models Only)
Advanced Service Tools Entering FSM (!!!DO NOT Install FW while on FSM that may lead RSOD!!!), Remarry BD drive and RSOD fix
PATCHED Appldr: LV2 memory hash check is disabled (Memory protection on LV2 is disabled in higher level)
PATCHED LV1: Disable System Integrity Check (Safe to use with mismatched COREOS/SYSCON versions or if PS3 is not QA enabled)
PATCHED LV1: Undocumented function 114 (Allow mapping of protected memory)
PATCHED LV1: Skip all ACL Checks (Needed to allow booting of OtherOS)
PATCHED LV1: Peek and Poke support (Unused LV1 call 182 and 183)
PATCHED LV2: Peek and Poke support (LV2 Syscall 6 and 7)
PATCHED LV2: Peek and Poke support for LV1 (LV2 Syscall 8 and 9)
PATCHED LV2: LV1 CALL System call (LV2 Syscall 10)
PATCHED LV2: Allow execution of any LV2 internal function (LV2 Syscall 15)
PATCHED Recovery: Prevent accidental OFW update while on Recovery mode
PATCHED VSH: Allow Unsigned act.dat and *.rif files
PATCHED VSH: Disable NEW PSP DRM Check (Allowing unsigned PSP pkg contents on 4.75 or higher CFW)
PATCHED VSH: Disable Epilepsy Warning for Faster Boot-Up Speed
TOOLBOX 02.03.00 Changes
1.Added option to load a payload in kernel, with toolchain provided! its like ps3 got skprx thing going on now
2.Cobra disables support 8.00 standard for which ps2 semi bc and bc wont load iso on cobra off instead of optical media
Cobra 8.00 (changes from v7.55) - Released 3-3-19
1.Added option to run payload with kernel privileges like ps vita skprx. this is a big thing! one can make hooks, printf to socat, do whatever they feel like they need to do. at the current time only one payload is supported at a time. in the future i might increase this
#define SYSCALL8_OPCODE_DISABLE_COBRA_STAGE 0x6A13
#define SYSCALL8_OPCODE_RUN_PAYLOAD 0x6CDF
static int run_payload(uint8_t *payload, int size)
system_call_3(8, SYSCALL8_OPCODE_RUN_PAYLOAD, (uint64_t)payload, size);
static int disable_cobra()
2.Boot times are VASTLY improved there is no stage1.
3.PS2 bc and semi bc consoles wont load iso when cobra disabled(disable cobra using opcode)
4.Enabled cobra by default cause even rebug NEED cobra enable first boot to initialize 100%​
COBRA 8.01: small version increment, massive overhaul
Added support for dynamic memory payloads, 5 of them can be started from "/dev_hdd0/boot_plugins_kernel.txt"
toolchain updated to support dynamic address loading.
For applications, you can also mount em, and unmount em separately
this poc will read payload.bin from usb000, execute it and write memory residence location in file in hdd0/residence and then unloads the plugin.​
alternatively you can copy payload.bin and boot_plugins_kernel.txt in hdd0, restart and voila!
this is true dynamic loading, just like prx!
src of payload.bin is included with the cfw download
ofcourse safety features are included, plugins wont load till vsh appear, you can go to recovery mode, rebuild database to remove the boot_plugins_kernel.txt
in a program, with residence memory location acquired, one can send arguments to the payload using syscall 15
#define SYSCALL8_OPCODE_RUN_PAYLOAD_DYNAMIC 0x6CE1
#define SYSCALL8_OPCODE_UNLOAD_PAYLOAD_DYNAMIC 0x6CE3
int plugin_kernel_dynamic(uint8_t *payload, int size, uint64_t *residence)
lv2syscall4(8, SYSCALL8_OPCODE_RUN_PAYLOAD_DYNAMIC, (uint64_t)payload, size, (uint64_t)residence);
int plugin_kernel_dynamic_unload(uint64_t residence)
lv2syscall2(8, SYSCALL8_OPCODE_UNLOAD_PAYLOAD_DYNAMIC, residence);
uint8_t *buf=(uint8_t *)malloc(size);
sysFsOpen("/dev_usb000/payload.bin", SYS_O_RDONLY, &fd, NULL, 0);
sysFsRead(fd, buf, size, &nread);
As the name suggests, this seems a bit "bugged"...
Anyone tried it?
[ This message was edited by modrobert on 2019-03-08 @ 15:36 GMT ]
_____________________________ ____________ __________________ /\________
\ __________________ \ _____/____/ _ \ /_ /
/ / | l/ _/ ____) _/ _ \ \/ cREAM /
/______________l_______/ \______________\_______| \_ /________/
-+--Mo!-------------- \________/ ------------------- l_______/_____\ -----+-