05-05-2008 #1CJPC Guest
PS3 Debug/TEST to Retail Flash Progress and More!
We mentioned in previous Site News posts that we're working on converting a Retail PS3 into a Debug PS3.. and we have some updated news on the process to share today.
For starters, we had quite a delay. Our PS3 Devs have been using an expensive external programmer to do the job, however, these dumps differed than the dumps from the Infectus chip. It was quite a puzzling issue indeed.. which was the proper dump?!
After many hours of examination spanning over a few weeks time, it turns out the external programmer was the culprit! The software that the manufacturer provided had a flaw in it that would drop certain bytes, resulting in a corrupt dump missing OOB 64 bytes of data. Luckily our PS3 Devs managed to find and correct the initial problem, so a big THANKS to them!
Once that was sorted, testing began by modifying both the IPL and METLDR.. however, the initial detection byte test failed [received (8002F169) before the install completes, versus the standard: "data type is not supported" (8002F029) mismatched PUP error] although the reprogram worked fine. A retail PUP file currently will not install either.
Needless to say, they are now trying other detection bytes and will continue to share their progress. Below is a picture of the work one of our PS3 Devs did- he wired up an external flash socket to his PS3. This allows for quick removal, reflashing, and retesting of the flash to test different scenarios. He plans to install a second flash socket this week, to facilitate in replacing the entire flash, versus just certain areas.
In other PS3 Dev news, I have been working on some PS3 Debug game patches for OOKAMIDJ which automatically install the games to the PS3 HDD patching them appropriately to run from there.
Finally, although we can't say much yet.. a bit of speculation if you will. We may have found in an earlier PS3 flash version the kernel memory was not seperated from the application memory, meaning it may be possible since kernel memory isn't protected (access restricted) to dump it.. more to come!
More PlayStation 3 News...
05-05-2008 #2corsomalo Guest
what's about the new project to "turn" PS3 retail/debug
do you believe it's a way for us? and it is the same hardware too...
you write some info about the different sector after dump from infectus to nand chip!! So if we compare both of them we could see difference between your "debug" nand and "retail" nand chip?
05-05-2008 #3CJPC Guest
Well, simply put there are too many. Namely because files are at different positions etc, not to mention many files differ so a compare just does not cut it. There are established patterns in the retail and dev flashes, and by comparing them we can see what needs to be targeted!
05-05-2008 #4Takavach Guest
i think this work is very difficult, because i think dear cjpc must compare to flash file dumped than retail and debug and find position separate information from each ps3 and replace information flash ps3 retail to debug and put into flash retail ps3 (like drive key and cpu key xbox360).
this is my think but i am not pro like cjpc he know better...
thanks and good luck
05-05-2008 #5moneyslap03 Guest
this sounds really good, but how are we actually gonna get the debug/test unit to a retail will that take place after the keyvault project?
- Join Date
- Apr 2005
If it works out, users would be able to update their Retail consoles with Debug Firmware the same as you would update using Retail Firmware. However, that "clean" of a solution wouldn't come right away... initially there would be more complicated methods (likely involving soldering an Infectus Mod).
Obviously this is all speculation for now, until the PS3 Devs report they actually have it working.
05-06-2008 #7moneyslap03 Guest
yeah i see what you mean but personally i think putting a update on ps3 wouldnt necessarily work as in compiling a pup file to update, it would obviously give us a error thats like saying your gonna throw a custom firmware on a psp not hacked yet see what i mean but we all just gonna have to wait.
05-06-2008 #8parkerparker Guest
is the dev machine's nand encrypted? like the retail?
there was mention of a hole in previous versions?
05-06-2008 #9RexVF5 Guest
One question about the process of doing this: do they (devs) just go blindly changing bytes and trying to find a way to make the updating process succeed? Or they have some means of "debugging" - i.e. some clues as what to change to make it work? Cause if it is the first option this can be very, very long till (and if ever) they reach the ultimate goal
05-06-2008 #10CJPC Guest
Besides the fact that their products are a joke, no that wont work. Aside from the fact that we don't know any pin outs for the system (Who's got a service manual they want to share?), even if we did it does not work that way. On a 360 etc, that just allows the drive to be reflashed - reflashing the PS3's drive wont help us, since we don't have anything to replace it with.
Rex - There are some sections in the flash that we know what they do, and we can extrapolate changes based off comparing multiple retail dumps, and TEST dumps.
Parker - Yes, its encrypted. We all wish it was not!