05-29-2008 #1NDT Guest
PS3 saves the actual FW version and doesn't allow downgrade
Ok, my test continued, i can now clearly admit that PS3 save somehow the FW version that's installed and doesn't allow a downgraded firmware.
I got cold dumps from firmware versions 2.30 (i got 4 different dumps at different days to be sure) and i did the same for 2.35.
I tried to flash back 2.30 and the console turns on, read from HDD and then suddenly turns OFF with the red light blinking, when i flash 2.35 firmware it begin to works correctly.
I repeated this test on another console too and the result is the same.
I removed the HDD, the BD-ROM, the battey and the result is still the same (without these accessories and fw 2.35 console boots!).
So i can now state that the console write the latest firmware somewhere... but i still don't know where
05-29-2008 #2idone Guest
Did you try after flashing 2.30 to boot without the hdd attached?
Did you try immediatly after flashing previous firmware to power off with the switch in back so the ps3 does not write to the nand when powering down? then power back on to see results.
just some ideas i had. I will find a power supply soon enough and begin some testing myself.
05-30-2008 #3NDT Guest
Yes i tried, i had the same your ideas, then i even disconnected the battery.
After my experiments it seems PS3 use Efuse technology by IBM, if so it should change the encryption key every time it change firmware version, then it should be impossible to restore an old dump (because of key change).
05-30-2008 #40xeffe Guest
If efuses are used in the ps3 they are not burned every time you update your ps3 since a firmware downgrade with a dump was possible with earlier firmwares.
But if you put this asside they could only burn efuses when it is a critical update...
I just wonder why they didn't burn a fuse then when they fixed the RSX-Bug.
05-30-2008 #5RexVF5 Guest
According to what I have read EFUSE allows for reconfiguration of circuitry of the chip - i.e fine-tune the logic or fix some bugs (think of Pentium DIV bug). Using EFUSE to encrypt some stuff is in my opinion far-fetched and would be extremely expensive to achieve something for which there are better alternatives that are proven already (read: cryptography). Also according to Wikipedia EFUSE is employed in Cell processors in PS3. So do not let your imagination run too wild...
05-30-2008 #6NDT Guest
05-30-2008 #7idone Guest
I have dumped every fw from 1.32 to 2.10 on which i currently stand.
I have some ideas that i will be trying but not untill i have aquired a power supply because every idea has a high probability of causing a brick if not successful.
Hardstore's video claimed to successfully downgrade from 1.60 to 1.50 without a problem. After reading a little (because i dont have one) it seems the 360 blows a efuse with every update, and who is to say for sure that whoever wrote that on the wiki is correct?
And the fact that NDT's downgrade test got as far as the ps3 accessing the HDD before failing to blinking red also makes me question the efuse theory. It would seem to me that by the time the ps3 has accessed the hdd that the nand has already been accessed and found ok by what ever is decrypting it. (if you connect the usb of infectus to pc and start the programmer before powering on the ps3 the ps3 will fail at reading the nand and blink red before the hdd is ever accessed)
Who knows though... more testing needs to be done.
05-30-2008 #8SiZMiK Guest
NDT, If anyone finds where the firmware is stored on the ps3, you will bro. Good luck.
05-31-2008 #9RexVF5 Guest
P.S.: No offense was meant in my previous post...
05-31-2008 #100xeffe Guest
Since I've get the feeling that I lack some information I'd like to ask which downgrades/Firmwaremods of the PS3 Firmware (Retail/Test/Debug) are confirmed to work (or not to work):
via Infectus with an previous retail PS3 hot dump: 1.6 to 1.5 (the youtube video from hardstore)
via PS3 Retail to Debug Firmware HDD swap trick:
<1.80 to 1.80debug partial
<2.01 to 2.15debug partial (see XVISTAMAN2005s post)
I also lack infromation about the cold dumps... what do you need to do them (I read somwhere in the comments on the frontside that you need to solder four extra cables but I didn't find any diagrams regarding this)