    PS3 Firmware Tool 1.00 Sneak Peek

    Over the past few weeks, mainman has been working on a tool, with the assistance of our other PS3 Devs. This tool creates user-readable files from the PS3 flash dumps.

    PS3's have two flashes, the firmware is spanned across both ot them. On boot they are interleaved and byte swapped. This tool recreates the process which interleaves and byte swaps the flashes.

    This tool then creates a folder named PS3Nand-XXX.XXXX, where XXX.XXXX is the contents of "sdk_version", which is a file that stores the firmware revision of the PS3.

    Upon completing that, the tool extracts every file from the flash, into said folder. Alas, all of the files (list below) are encrypted, but they are interesting nevertheless.

    However if a PS3 was upgraded, it keeps a copy of the older flash as well. Say you are on 1.50, and upgrade to 1.60, it keeps 1.50 on there, and adds 1.60. The second firmware in this case, is not dumped (yet).

    There are still a few bugs, it does not extract both firmware versions on a PS3, like the previous mentioned case. It also searches as a start for a fixed position, so it may not work with all dumps. We have had the most success with Infectus dumps, which you can get at Hardstore.

    This tool is still a work in progress, if you have any useful information to add, post it in our PS3 Dev Forum. We are also looking for additional PS3 Flash dumps, if you have some, drop by on EFnet #PS3News.

    From a 40GB PAL 1.50 Box:
    -rw-rw-r-- 1 nulluser nulluser 39528 2007-12-19 19:32 aim_spu_module.self
    -rw-rw-r-- 1 nulluser nulluser 129368 2007-12-19 19:32 appldr
    -rw-rw-r-- 1 nulluser nulluser 262144 2007-12-19 19:32 creserved_0
    -rw-rw-r-- 1 nulluser nulluser 7456 2007-12-19 19:32 default.spp
    -rw-rw-r-- 1 nulluser nulluser 82292 2007-12-19 19:32 isoldr
    -rw-rw-r-- 1 nulluser nulluser 291608 2007-12-19 19:32 lv0
    -rw-rw-r-- 1 nulluser nulluser 146228 2007-12-19 19:32 lv1ldr
    -rw-rw-r-- 1 nulluser nulluser 1449416 2007-12-19 19:32 lv1.self
    -rw-rw-r-- 1 nulluser nulluser 1546016 2007-12-19 19:32 lv2_kernel.self
    -rw-rw-r-- 1 nulluser nulluser 113204 2007-12-19 19:32 lv2ldr
    -rw-rw-r-- 1 nulluser nulluser 61520 2007-12-19 19:32 mc_iso_spu_module.self
    -rw-rw-r-- 1 nulluser nulluser 71932 2007-12-19 19:32 me_iso_spu_module.self
    -rw-rw-r-- 1 nulluser nulluser 52888 2007-12-19 19:32 sb_iso_spu_module.self
    -rw-rw-r-- 1 nulluser nulluser 142776 2007-12-19 19:32 sc_iso.self
    -rw-rw-r-- 1 nulluser nulluser 8 2007-12-19 19:32 sdk_version
    -rw-rw-r-- 1 nulluser nulluser 61388 2007-12-19 19:32 spp_verifier.self
    -rw-rw-r-- 1 nulluser nulluser 107548 2007-12-19 19:32 spu_pkg_rvk_verifier.self
    -rw-rw-r-- 1 nulluser nulluser 46940 2007-12-19 19:32 spu_token_processor.self
    -rw-rw-r-- 1 nulluser nulluser 101560 2007-12-19 19:32 sv_iso_spu_module.self

    Any update on this? Will this be ever published? Could you publish source code?

    I believe they are working on a Win32 version now (only have a Linux version) and then it should be publically released.

    I have been wondering if you guys have come up with a way to brake the update, making the PS3 downgrade to the former firmware, have anyone else been thinking about that?

    If you have an Infectus Mod (some of the Devs do) and have previously backed up your PS3 flash then you can 'downgrade' back to your original Firmware.

    As for trying to spoof updates it's been suggested and investigated many times, but it all comes down to multiple layers of encryption... so easier said than done basically.

    On a brighter note, the Windows binary of their app is completed, tested, and working... so it should be released along with a 'dumpable dump' [Infectus PS3 dump] soon.

    is it possible to download an earlier firmware image from the PSN (or elsewhere?) and then flash it with infectus?

    Sadly, no. Each is console-specific so any FW files/dumps (even official Sony ones) won't work to downgrade a PS3 with the Infectus Mod.

    The only way to do it is to dump one from your machine, and then restore to it (via Infectus) when desired on the same machine.

