Results 1 to 7 of 7

Thread: PS3 Booting Debug Firmware Guide

  1. #1
    hacksawz12 Guest

    Post PS3 Booting Debug Firmware Guide

    PS3 Booting Debug Firmware Guide

    Here's how to do it, not sure if it matters, as it's been out here for quite a while now..

    Note, this should not be attempted unless you know what you are doing, as it could lead to bricks

    1. Get otheros++ running on 3.41 or 3.55, I used 3.41 but 3.55 should work as well.

    2. boot linux, and dump your nor flash, with
    Code:
    dd if=/dev/ps3nflasha of=nor.bin
    3. ensure that /dev/ps3dmproxy exits, if not look here - ps3devwiki.com/index.php?title=OtherOS%2B%2B#ps3dm-utils

    4. download and compile ps3dm-utils..

    5. dump your ipds, with
    Code:
    ./ps3dm_aim /dev/ps3dmproxy get_dev_id
    6. now open your nor dump with a hex editor searching for your ipds, you should find it twice, replace the 6th byte with 82 on both of them

    7. Flash the nor.
    Code:
    dd if=modifiednor.bin of=/dev/ps3nflasha
    This takes a while..

    8. Prepare a flash drive for service mode, with the 3.41 debug firmware - do not flash a higher firmware - as well as a lv2diag.self

    9. Finally, flash that as if you were downgrading, and you are now on a full debug firmware...

    NOTE- all of the info on how to do this was found on ps3 dev wiki, so if you run into problems, you'd wanna look there.

  2. #2
    Join Date
    Apr 2005
    Posts
    23,636
    I have moved this to the guide section now, and +Rep for sharing hacksawz12!

  3. #3
    1one Guest
    So no need for a flasher

  4. #4
    ps3hen Guest
    I thought you had to change more than the IDPS to get a full debug. But if people say this works then maybe I was hearing bs.

    If this only needs a flasher to change your IDPS, could someone with the latest hardware revision, use like a progskeet to change their IDPS to debug and install debug firmware? Or is downgrading to a debug FW in Factory Service Mode the only way to install debug FW?

  5. #5
    Foo Guest
    Target ID.

  6. #6
    cfwprophet Guest
    No ps3hen your right

    IDPS is more then twice in the complett EID. It's also in encrypted form in EID0 segment. Additional to get a FULL DEBUG converted ps3 you need a bit more then simply patching thoes 2 idps called here.

    But its to time one of my main project's which i working on so i wont tell to much for now.

    Mainly you need to reverse engineer a few of the ps3's modules to get all EID segment iv's, per_console_root_key_seed's, to understand how to decrypt and encrypt eid segment parts with PCK and iv's, how to calculate PCK with root_key_seed's, how to generate a request_idps.txt, and then write a pc app to share with the community.

    Even if you use anergistic and the ps3 embended modules you then cant re-encrypt the eid segments.

    So this post is heard but doesn't NOT lead into a fully working debug ps3.

  7. #7
    Ezio Guest
    Quote Originally Posted by cfwprophet View Post
    IDPS is more then twice in the complett EID. It's also in encrypted form in EID0 segment. Additional to get a FULL DEBUG converted ps3 you need a bit more then simply patching thoes 2 idps called here.
    Yeah, you're right, mate.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •