Some PlayStation 3 Service Mode Details!
Over the months there has been a lot of inaccurate information circulating in regards to how exactly the PlayStation 3's Service Mode works, and as promised in our previous Dev updates here are some of the facts to help separate the rumors and speculation.
It is a fairly simple process as follows.. For starters, the PS3 is powered off, and a special USB dongle, known as the Jig, is connected. The PS3 is then turned on, and then off, once it has detected the Jig.
After this occurs, the PS3 is then turned back on, into "Service" Mode. From here, the PS3 is re-flashed using a Firmware Update on a USB stick, specifically designed to only install from the Service Mode. Once the PS3 is re-flashed with the software, it is then used in conjunction with a PC running customized software, specifically the DEX.exe and CEX.exe's.
There are a multitude of special PS3 firmwares, basically three major ones. The first is a Core System, followed by the Service System, then finishing it off with the Final Software.. usually Retail.
From the CEX/DEX PC side software, just about anything can be done: Copying, transfer and resigning of box-specific items like PSN games, user profiles, etc.
Furthermore, the systems can be re-flashed to any software version as well. The system's keys can also be "rearranged", such as the marrying of the PS3's BD-ROM Drive (or controller) with the mainboard. Needless to say, this can do a lot more than a simple "Recovery Menu", as it can change firmware and more.
Over the last few months we have also compared the flash dumps (pictured below) done by our very own courier of a PS3 in Service Mode with a Retail (and a Debug) and found that the systems are primarily alike, however the Bootloader 1 of the Service Mode PS3 differs than that of the other systems. Work is still being done by the resident PS3 Devs in trying to pinpoint exactly why this is the case.
Finally, we have a correction to make to our previous PS3 Dev update as follows: it should read that the older PS3 consoles utilized dual (2x128MB) 48-pin chips totaling 256MB versus 512MB. To make it a bit more confusing, most PS3's actually use two 1 Gigabit flashes (for a total of 2 Gigabits), however, in actuality its only 256 (2x128) Mega Bytes. These things tend to get lost in translation from Italian to English at times! To add onto that, the new PS3's use a 128 Mega Bit flash, for a total dump of 16 Mega Bytes!
We would have corrected this on the same day, but by the time it was discovered the post was linked throughout the Internet with only a few users even noticing the typo.. so we opted to mention the correction in our next update instead of leaving users with a dead link- our apologies!
One last tidbit of news - Even on a Debug PS3 console, that can downgrade from any Firmware back to 1.00 via the System Software, it can't via swapping flashes.
Our first thought went to EFUSES, however, on a closer examination this may not be the case as we are currently in the process of examining the PS3's power supply to trace out where the power for the efuse blowing "mechanism" may reside- stay tuned! More PlayStation 3 News...
Nice update as always, keep up the good work guys!
This is crazy! .. like a pandora USB Drive hope they release it for creation at some stage.. maybe not soon - so we can all have Custom Firmware
Great work guys!
Though a little confusing
great job guys, but I thought we could already write FW or even a CFW using infectus.
the problem is writing the CFW itself, or am I wrong?
As of now, there are two 'little' problems: find a way to replicate this jig-s and find a copy of these cex/dex.
So, can you now tell where is the very first bootloader located?
I as well had thought the same thing about the infectus doing the same or similiar thing as to writting custom firmware, So between these two what would be the differences?
Last I heard the source wanted $500... so not bad price-wise at all. There are some other factors in the equation though, but at the risk of being yelled at I can't go into it further for now. However, rest assured we are doing everything we can to pursue it, and the source is completely legitimate, as proven numerous times in the past so credibility is a non-issue.