EurAsiayour console hacking resource
Select topic
  Create an account Home  ·  Your Account  ·  Online Shop  ·  Forums  ·  Downloads new  ·  Wiki  
Main Menu
· Home
· About Us
· Downloads
· Forums
· Info Pages
· Members List
· Online Shop
· PDA - AvantGo
· Private Messages
· Search Stories
· Statistics
· Stories Archive
· Submit Story
· Top 10
· Topics
· Upload
· Web Links
· Wiki
· Your Account
· Switch to HTTPS!

Online Shop
Credit Card


EurAsia Online Shop

new products
· X360ACE V5
· R4i Gold 3DS Plus
· NS-Atmosphere
· PsNee modchip PSX
· Mars Pro GM-816HD
· EurAsia File Collection 2017
· Matrix Infinity 2.0
· Modbo 5.0
· Screwdriver GC/SNES
· X360ACE V3
· E3 NOR Flasher
· Corona Postfix Adapter V2
· SuperCIC cart key
· SuperCIC SNES kit
· Gateway 3DS
· X360ACE V1
· 3k3y 3KR (SATA)
· Mtx Glitcher v1

complete price list

Tor Hidden Service
Tor Project
EurAsia Onion URL: wrqgfbrcgttkp6pi.onion

Who's Online
There are currently 561 guest(s) and 10 member(s) online.

alex24 - cakey - duduke - heldma1m - linskiller - MagicWolf - oll100 - schizojoe - slimeB0y - Todi

Welcome honored guest. You can register for free by clicking here.

Site Protection

Hot Wikis
· Xbox One Dev Mode
· PS4 Exploit using Raspberry Pi
· Switch Key List
· PS4 firmware updates
· 3k3y nokeys ISO tutorial
· 3DS game fw updates
· 3k3y microSD recovery
· PS3 SKU Models
· PS3 Metldrpwn
· Xk3y microSD recovery
· Xbox360 motherboards
· Xbox360 Reset Glitch Hack
· PS3 Blu-ray Drive
· Homemade Sputnik360
· PS3 BD drive swap
· PSP Crypto Keys
· PS3_Crypto_Keys
· PS3 Hypervisor RE
· PS3 Dongle User Guide
· PSGroove tutorial
· Xecuter LT Fakir
· PS3 YLOD Fix
· NSMB Modchip Tutorial
· PS3 Glitch Hack
· Xbox360NoDvdRom
· Ps3FactoryRestore
· Free60JtagHack
· Ps3HddDecrypt
· WiiKey2EjectFix
· SaveMiiFree
· WiiHwDiagram
· Ps3OsRels
· PandoraNoHomebrewPsp
· GcOsMultiGameWiiHowTo
· Xbox360LinuxBurn
· Xbox360EraserFix
· Xbox360Kernel
· Xbox360DisasmXtreme
· Ps2HdlPatchTutorial
· Ps2VersionTable
· XboxErrorCodes
· XboxVersionTable
· GameCubeLaserTweak
· ModchipSolderingGuide
· PspUmdIsoHaxorLinux

RSS Feed
News & Downloads & Wiki


Hosted By


Respected Sites
· Home of the Hitmen
· radare
· gc-forever
· English Amiga Board
· GXArena OFW Repo
· WiiBrew
· WiiUBrew
· 3DBrew
· SwitchBrew
· Games and Consoles
· Console Wizard
· GameCube Linux
· Xbox Linux
· XboxHacker.Net
· bunnie's blog
· uCON64
· PDRoms
· ASSEMbler





Electronic Frontier Foundation
Amnesty International

Nectarine Radio

Demovibes Radio


Total Page Views
We received
page views since June 2002

Moderated by: Robert

EurAsia : Index » » PS3 » » STARBUGED CFW 4.84 by Habib
New Topic   Post Reply
Author STARBUGED CFW 4.84 by Habib


Registered: 2003-10-17
From: Bangkok
Messages: 6535
Status: Offline
 _#36352 posted 2019-03-08 @ 15:34 GMT   
4.84.1 Starbuged + Cobra v8.00 CFW
Starbuged = Starbucks Release + Rebug Seasoning​

FEATURES: (Contains Rebug Lite + Cobra v8.00 features)

FEATURE – COBRA 8.00 (Enabled by default)
Background running plugins at boot time (sprx)
ISO Support: PS1/PS2/PS3/PSP/DVD/BluRay (Split ISO support on FAT32 drives)
Network Support: PS1/PS3/DVD/BluRay /PKGs
Blu Ray Movie region free functionality NTFS HDD Support (prepNTFS, or multiMAN Required to scan contents)
PS2 ISO Support for BC (HW) / non-BC (SW) Consoles
Syscall 11 – Cobra lv1 Peek
Syscall 15 – Allow execution of any LV2 internal function
PSNPatch stealth plugin support
***ISO rips are required to get 100% support, for ex) after disabling syscalls, games like Call of Duty will not be able to play unless you use ISO rips, please DO NOT expect everything to be fully functional when you are disabling the built-in features from COBRA. Folder rips are NOT compatible with PSNPatch’s stealth mode due to its ability to disable COBRA’s disc-less feature for folder JB rips****
PS3MAPI support, allows you to attach process on both CEX/DEX via its own API app.
Backup Protection Removal, Add full PS3 Backup support on all multiMAN/sMAN/webMAN,IRIS manager forks and Managunz.
Allow modification on Syscall 6/7/8/9/10/11/15.
Burned/Burnt optical media support for PS1/PS3 Games on All models
Homebrew blocker – blocks homebrew access while Syscalls are disabled
New in v8.00 Run payload with Kernel privileges - Added option to run payload with kernel privileges like ps vita skprx. this is a big thing! one can make hooks, printf to socat, do whatever they feel like they need to do. at the current time only one payload is supported at a time. in the future i might increase this
New in v8.00 Boot times speed improved - as there is no stage1.
New in v8.00 PS2 bc and semi bc consoles wont load iso when cobra disabled - disable cobra using opcode)

FEATURE – Full Polish support for XMB/PS2 Emu (Provide full Polish character support)
FEATURE – Cinavia protection fully disabled (Supports optical media/bd iso, AACS must be decrypted)
FEATURE – Homebrew store compatibility (Downloading debug signed packages is now available on retail CFW.)
FEATURE – PSN/SEN Accessibility (PSN /SEN Accessible , until the next OFW update)
FEATURE – XMBM+ Compatibility (XMB Manager Plus developed by Team XMBM now supported via standalone pkgs.)
FEATURE – HAN Toolbox Compatibility (HAN Toolbox Support added for testing HAN Signed pkgs on CFW)
FEATURE – Enhanced Remote Play (This unlocks the limitation of working apps/games for remote play, by disabling SFO flag check)
FEATURE – In Game Screenshot (Allows taking screenshots in Game
FEATURE – QA Token compatibility
FEATURE – OtherOS++ support enabled (Use Rebug Toolbox to Boot OtherOS with different LV1 patches)
FEATURE – Package Manager (Replacement for the standard ‘Install Package Files’ option)
FEATURE – FSELF compatibility (Fake Signed ELF is supported)

FEATURE (Optional) Toolbox 02.03.00
TOGGLE XMB CFW SETTINGS Enable or Disable mysis’s XMB CFW settings plugin v0.1. The feature is available via Network Column on XMB after Enabled.
TOGGLE COBRA MODE: COBRA mode ACTIVE by default, this option can toggle COBRA mode to enable COBRA 8.00 payload on boot
TOGGLE QA: Enable/Disable QA flag. Enable for easy downgrade and other extra features on all 3.55-4.84 CFW.
TOGGLE RECOVERY MODE: Enable/Disable Recover Mode flag. When enabled your PS3 will reboot in to Recovery Mode.
LOAD LV2 KERNEL: Load lv2_kernel.self.[KERNEL_NAME] from USB or /dev_hdd0
BACKUP/RESTORE XREGISTRY: Backup or Restore the PS3 system settings from USB
RESIZE VFLASH/NAND REGIONS: Resize VFLASH/NAND Region 5 to allow install of OtherOS.
INSTALL PETITBOOT: Install Petitboot to VFLASH/NAND Region 5 from USB.
SET GAMEOS BOOT FLAG: Sets the GameOS boot flag. Use this if your PS3 is having trouble booting PS2 titles after running OtherOS or is accidentally sending you back to OtherOS when trying to enter recovery mode.
CREATE PACKAGES FOLDER ON PS3: Create /dev_hdd0/packages folder or your PS3 to be used with Package Manager.
EXPORT HYPERVISOR LV1 MEMORY: Save LV1 memory to dev_usb000 or dev_usb006 or dev_hdd0 if usb is not found.
EXPORT GAMEOS LV2 MEMORY: Save LV2 memory to dev_usb000 or dev_usb006 or dev_hdd0 if usb is not found.
EXPORT FLASH TO FILE: Backup your current NOR/NAND to file on dev_usb000. Takes about 45secs for NAND
DUMP EID ROOT KEY: Dump your eid root key.

FEATURE – XMB CFW settings v0.1a (Optional)
XMB Icons for various CFW tasks, available in Network Column (on XMB) Simply sele ct and the task is executed!
Settings – Toggle COBRA
Dump Tools – Klicense, File Secure ID, IDPS, Disc Hash keyService Tools – Display Minimum Downgrade FW Version, Rebuild Database, Check File System, Entering Recovery Mode (NOR Models Only)
Advanced Service Tools – Entering FSM (!!!DO NOT Install FW while on FSM that may lead RSOD!!!), Remarry BD drive and RSOD fix

PATCHED – Appldr: LV2 memory hash check is disabled (Memory protection on LV2 is disabled in higher level)
PATCHED – LV1: Disable System Integrity Check (Safe to use with mismatched COREOS/SYSCON versions or if PS3 is not QA enabled)
PATCHED – LV1: Undocumented function 114 (Allow mapping of protected memory)
PATCHED – LV1: Skip all ACL Checks (Needed to allow booting of OtherOS)
PATCHED – LV1: Peek and Poke support (Unused LV1 call 182 and 183)
PATCHED – LV2: Peek and Poke support (LV2 Syscall 6 and 7)
PATCHED – LV2: Peek and Poke support for LV1 (LV2 Syscall 8 and 9)
PATCHED – LV2: LV1 CALL System call (LV2 Syscall 10)
PATCHED – LV2: Allow execution of any LV2 internal function (LV2 Syscall 15)
PATCHED – Recovery: Prevent accidental OFW update while on Recovery mode
PATCHED – VSH: Allow Unsigned act.dat and *.rif files
PATCHED – VSH: Disable NEW PSP DRM Check (Allowing unsigned PSP pkg contents on 4.75 or higher CFW)
PATCHED – VSH: Disable Epilepsy Warning for Faster Boot-Up Speed

TOOLBOX 02.03.00 Changes

1.Added option to load a payload in kernel, with toolchain provided! its like ps3 got skprx thing going on now
2.Cobra disables support 8.00 standard for which ps2 semi bc and bc wont load iso on cobra off instead of optical media

Cobra 8.00 (changes from v7.55) - Released 3-3-19
1.Added option to run payload with kernel privileges like ps vita skprx. this is a big thing! one can make hooks, printf to socat, do whatever they feel like they need to do. at the current time only one payload is supported at a time. in the future i might increase this


static int run_payload(uint8_t *payload, int size)
system_call_3(8, SYSCALL8_OPCODE_RUN_PAYLOAD, (uint64_t)payload, size);
return (int)p1;

static int disable_cobra()
return (int)p1;

2.Boot times are VASTLY improved there is no stage1.
3.PS2 bc and semi bc consoles wont load iso when cobra disabled(disable cobra using opcode)
4.Enabled cobra by default cause even rebug NEED cobra enable first boot to initialize 100%​

COBRA 8.01: small version increment, massive overhaul

Added support for dynamic memory payloads, 5 of them can be started from "/dev_hdd0/boot_plugins_kernel.txt"
toolchain updated to support dynamic address loading.
For applications, you can also mount em, and unmount em separately!zkZzUIQY!TJP8KTS940I70JHU_QB7vUyHmNVoqJpRKJcEGHeQpZ0
this poc will read payload.bin from usb000, execute it and write memory residence location in file in hdd0/residence and then unloads the plugin.​

alternatively you can copy payload.bin and boot_plugins_kernel.txt in hdd0, restart and voila!

this is true dynamic loading, just like prx!
src of payload.bin is included with the cfw download

ofcourse safety features are included, plugins wont load till vsh appear, you can go to recovery mode, rebuild database to remove the boot_plugins_kernel.txt

in a program, with residence memory location acquired, one can send arguments to the payload using syscall 15


int plugin_kernel_dynamic(uint8_t *payload, int size, uint64_t *residence)
lv2syscall4(8, SYSCALL8_OPCODE_RUN_PAYLOAD_DYNAMIC, (uint64_t)payload, size, (uint64_t)residence);
int plugin_kernel_dynamic_unload(uint64_t residence)
lv2syscall2(8, SYSCALL8_OPCODE_UNLOAD_PAYLOAD_DYNAMIC, residence);
int main()
sysFSStat stat;
int fd;
uint64_t nread;
sysLv2FsStat("/dev_usb000/payload.bin", &stat);
uint64_t size=stat.st_size;
uint8_t *buf=(uint8_t *)malloc(size);
sysFsOpen("/dev_usb000/payload.bin", SYS_O_RDONLY, &fd, NULL, 0);
sysFsRead(fd, buf, size, &nread);
uint64_t residence;
FILE *fp=fopen("/dev_hdd0/residence","wb");
return 0;


As the name suggests, this seems a bit "bugged"...

Anyone tried it?

[ This message was edited by modrobert on 2019-03-08 @ 15:36 GMT ]
  _____________________________ ____________     __________________ /\________
  \    __________________      \      _____/____/     _    \       /_        /
 /     /       |       l/     _/    ____)     _/      _     \     \/  cREAM /
/______________l_______/       \______________\_______|      \_   /________/
 -+--Mo!-------------- \________/ ------------------- l_______/_____\ -----+-

 Profile  pm  www    Quote
New Topic   Post Reply
Jump To

All trademarks and copyrights on this page are owned by their respective owners.
Comments and forum messages are owned by the Poster.