PlayStation 3 Flash ECC Algorithm Reversed!!
Well this week we have some exciting news that we hinted about last week.
First, a small technical explanation. We were not able to modify any data on the PS3's flash chips due to the ECC. The ECC is a checksum basically, that ensures whatever data is in the block is not changed or corrupted, and if it is it errors.
So, the problem was since when we tried to alter data, the ECC would then in turn be invalid, causing errors, making the system not boot.
We did develop a way around this, however, it was time consuming and quite slow. We used the PS3 to write data to the flash, then dump it, with its proper ECC, then rewrite to where we needed it. This would take hours on end! We were not able to regenerate the ECC since we did not know the proper algorithm.
But now, we can!!
After multiple tests done by NDT to see what the ECC algorithm was when the block was filled with some magic data, our very own RPS was able to reverse the algorithm!
What does this mean? Simple, we are now able to in minutes properly edit a flash dump, regenerate the ECC and flash it onto the PS3 in order to experiment with flash changes. Using this, we have already found where the encrypted keys are stored for SELF's, PKG's, and BD Pairing among other things, more on that in the weeks to come.
Furthermore, NDT implemented RPS's ECC regeneration code into his newest FlowRebuilder, which will be posted next week!
Finally, this has already saved one PS3! Hacked2123's PS3, which bit the dust long ago due to a bad flash was recently fixed thanks to RPS's ECC Regeneration code which was built into NDT's newest FlowRebuilder!
His PS3 had bad data that did not match the ECC data, resulting in a plethora of issues. However, as described here, it is now fixed!
Stay tuned next week for the release of NDT's newest FlowRebuilder, and lots more! More PlayStation 3 News...
Sweet news indeed, and looking forward to the public release of NDT's PS3 FlowRebuilder update next week!
Nice.. very cool news indeed on this project.
Are you saying you can make custom firmwares now and rebuild them? Sounds like the begining of homebrew am I right or what can we accomplish with rebuilding firmwares?
Please explain a little further thanks!
I don't suppose it matters, but if we (the team) is interested, I just got back in contact with a user with a firmware 1.00 system. I think the only qualification for us getting a hold of it would be installing the Infectus on it. (Him providing shipping, chip, and system; us providing the professional service) This being strictly done for a win-win situation... if you all feel so.
Feel free to delete this if you feel it compromising, and reply as necessary, I will understand vague responses.
yes! great news!!
for what I understood u can flash a CFW into a PS3 and it'd bypass the ECC...
stay calm. i think we will see a lot of things in this week.. and they will bring us a lot of things soon.
NDT thanks for your hard work!
Are we now talking a simple way to dump the flash or does this still need the flash chips to be removed? Is there any restriction on the code version installed on the ps3? Can it still be dumped with all versions of fw?? sooo excited!!! Can't wait to see the outcome of this major leap.
I fear that it's not possible yet to modify the files on the flash, since we would break their digital signature.
But I would be glad to be proved wrong about that. Any DEV?