September 22, 2008 // 2:50 am
- Well this week we have some exciting news
that we hinted about
First, a small technical explanation. We were not able to modify any data on the PS3's flash chips due to the ECC. The ECC is a checksum basically, that ensures whatever data is in the block is not changed or corrupted, and if it is it errors.
So, the problem was since when we tried to alter data, the ECC would then in turn be invalid, causing errors, making the system not boot.
We did develop a way around this, however, it was time consuming and quite slow. We used the PS3 to write data to the flash, then dump it, with its proper ECC, then rewrite to where we needed it. This would take hours on end! We were not able to regenerate the ECC since we did not know the proper algorithm.
But now, we can!!
After multiple tests done by NDT
to see what the ECC algorithm was when the block was filled with some magic data, our very own RPS
was able to reverse the algorithm!
What does this mean? Simple, we are now able to in minutes properly edit a flash dump, regenerate the ECC and flash it onto the PS3 in order to experiment with flash changes. Using this, we have already found where the encrypted keys are stored for SELF's, PKG's, and BD Pairing among other things, more on that in the weeks to come.
's ECC regeneration code into his newest FlowRebuilder, which will be posted next week!
Finally, this has already saved one PS3! Hacked2123
's PS3, which bit the dust long ago due to a bad flash was recently fixed thanks to RPS
's ECC Regeneration code which was built into NDT
's newest FlowRebuilder!
His PS3 had bad data that did not match the ECC data, resulting in a plethora of issues. However, as described here
, it is now fixed!
Stay tuned next week for the release of NDT
's newest FlowRebuilder, and lots more!