PS3HEN: A Homebrew ENabler (& more) for SuperSlim & all nonCFW PS3 Consoles !!!
Quote:
Huge news for nonCFW compatible PS3 Models (SuperSlims and late Slim Models) as anonymous developer's have dropped a huge bombshell with the release of PS3HEN. Just recently we seen the release of HFW (Hybrid Firmware) for the PS3, proving once again that the development scene is still alive and kicking to bring a new window of exploration to 4.84 by bringing back a patched webkit (from 4.82) in a rather clever approach. Which restored the PS3Xploit Tools for 4.84 for both Custom Firmware Compatible Models (for CFW installs) and for nonCFW models that utilized the less powerful etHANel (aka HAN) exploit that with today's news will be an obsolete hack with the emergence of the PlayStation3 first HEN or otherwise known as a Homebrew ENabler. So, yes that means SuperSlim Console's and late Slims PS3 Models (aka nonCFW models) can now FINALLY enjoy PS3 Homebrew at last, but that is not all this PS3HEN release brings to the table. As there is a number of CFW patches / features that come along for the ride as well, while not on quite par with CFW functionality completely it does provide a number of functions that is very exciting and very close to a CFW experience (especially with homebrew support)..Some additional features include things like Boot-Plugin Support, BDISO Support, Cinavia patches are just a few of the features/patches you can see outlined in the release notes:
Spoiler:
What is HEN?:
HEN stands for Homebrew ENabler. it also consists of many more new functions relatively close to a Custom Firmware (CFW)
How does it work?:
Spoiler: Official Instruction
Noob Friendly Instructions (Added by psx-place.com thanks @Louay)
Install HFW 4.84.2 (Found here) from Official firmware 4.84
Then use HAN Installer to get Package Manger in XMB Game colmun
Copy the 2 BINs (PS3HEN.bin + stackframe.bin) from download file (of PS3HEN v1.0.0) along with HENTAI.pkg to root of USB
Install the HENTAI PKG via Package Manager on the XMB
Use HEN Enabler @ ps3xploit.com website (there is offline see @esc0rtd3w twitter post or next tab)
Now HEN is Enabled launch your chosen homebrew and run if it give you 80010017 then re use HEN Enabler cause it didn't activate properly
FEATURES (as of v1.00):
ManaGunz backup manager works best for jb rips(ISO not supported)!
MULTIMAN works too but compatibility is not the same.
PSXISO Support is there!!!!
BD/DVD Region patches
BDISO support(stutter with xmb, use showtime)
BOOT-PLUGINS WORK location "/dev_usb000/boot_plugins_nocobra.txt"(Use webman original one and not the mod one. also disable content scan on boot in settings)
Discless games work with disc icon!
Syscall 6 added
Syscall 7 added (address>0x8000000000352230) and disabled overwriting syscall 0->15
Syscall 15 added
Syscall 8 opcodes added for detection HEN and for advanced lv2 poke(read DEVELOPER SECTION)
Whole kernel memory RWX (execute kernel payload like this at high locations or hook syscalls etc)
PS3MAPI support for modding
Debug PKG install
Homebrew resigned for 3.55 and less support!
Homebrew Root Flags enabled!
HAN PKG insall support
PSN Connectivity
All process executed after HEN have rwx permissions!
HAN Enabled by default!
CFW PATCHES RUNNING ON PS3HEN:
CFW settings
Retail/DEBUG pkg installation
Unlink to Delete
Remote play with PC
Download debug pkg on retail
Remote play ignores SFO check
Cinavia protection
videoplayer_plugin
DVD region check (not cracking RCE)
REBUG themed RCO & XML
AIO copy
NOTES:
if you get error 80010017 launching homebrew that simply means HEN failure, restart console and try again!(restart is important!)
also try deleting cache, browsing data, cookies and the likes from browser, make the exploit page the home page
Added by psx-place (via @esc0rtd3w) - without boot_plugins_nocobra.txt file on usb000 it wont load WebMan at /dev_hdd0/plugins/webftp_server.sprx (/boot_plugins_nocobra.txt/file) Note: its actually not a problem or an issue. it prevents bad plugins from running - msg source
DEVELOPERS:
#define SYSCALL8_OPCODE_IS_HEN 0x1337
using this if return 0x1337 its hen
ADVANCED POKE:syscall8(0x7003, addr, value);
this allows poking any location in lv2 memory BUT you have to restore original value before exiting to another application or exiting to xmb.USE WISELY OTHERWISE PS3 SHUTS DOWN
BDMIRROR:Managunz FTW!(please use Cobra payload because by default its MULTIMAN)
NOTE:mounting dev_blind will actually mount dev_flash. change files directly from dev_flash instead or hdd0/plugins/CFW/
Kernel Mode returns 0x53434500 on success to user webkit 0x8a000000. its good to measure HEN success. right now hen is already close to or is 100%
WARNINGS
DO NOT UNDER ANY CIRCUMSTANCES ENABLE FSM (Factory Service Mode) ON A PS3 WITH PS3HEN! - Source
CONNECTION TO PSN SHOULD BE DONE AT YOUR OWN RISK. DISABLING CFW SYSCALLS MAY NOT HIDE YOUR HEN WHILE ON PSN (a popular method used by CFW user's may not be suited for PS3HEN user's)
DO NOT INSTALL CCAPI (ControlConsole API)
PS3: Progress on Slim/Super Slim hardware hacks. Fresh hopes for a full-fledged CF
Quote:
PlayStation scene dev Zecoxao has shared a screenshot of a work-in-progress series of tools by MikeM64, designed to hack the PS3 (Slim and Super Slim in particular) further.
PS3 Super Slim mitm hack. What is it, and what’s the big deal?
Quote:
Hacking your PS3 nowadays is reasonably easy with the likes of PS3xploit and PS3HEN, but there are limitations for new models, in particular the PS3 Super Slim. Namely, the latter Slim and Super Slim haven’t been “fully” hacked, and cannot run PS3xploit, which is a full Custom Firmware. The latter Slim and Super Slim are “limited” to PS3HEN, which has a few limitations compared to a full Custom Firmware.
In practice, most people running PS3HEN (PS3 Homebrew ENabler) won’t feel any difference to running a Custom Firmware, except for the fact that PS3HEN has to be re-launched at every reboot of the console, while a Custom firmware is a much more permanent solution, which also gives complete control over the console.
Again, although in practice the differences between a HEN and a CFW are minimal, the latter PS3 Slim and Super Slim models are the “last man standing” against hacks that would give tinkerers full control over the PS3.
This is where the recent work from MikeM64, as demonstrated by Zecoxao, comes into play. People equipped with the right hardware and modchips can run these tools to try and “trick” the console through a man-in-the-middle attack, letting the console believe its boot sequence is properly secure, when in fact the hacker has injected a slightly different payload, giving them partial control of the system.
The required hardware is “simple” (but the skills involved are not) , namely an Arty-S7 50 (although MikeM64 states this could easily be ported to any Arty A series) and the accompanying generic cables.
This of course doesn’t look easy, but if no software flaws are found, this design could probably be miniaturized into a fairly simple modchip.
This whole endeavor appears to validate a theory that was mentioned almost ten years ago by PS3 Homebrew dev JuanNadie, back in the ps3hax days.
The ultimate goal is to get a CFW running on the console, but before that, to be able to dump the boot programs of the console, and possibly find software flaws in them, to avoid having to rely on hardware hacks.
Quote:
stage 2 of mitm (dumping lv0ldr) is now complete. should be a matter of time until lv0ldr is dumped from CECH-3000
Signature/Avatar nuking: none (can be changed in your profile)
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
