12-14-2009 #1CJPC Guest
Sony PS3 Slim CECH-2000 System Flash Dumped!
Here is a little piece of news we skipped over when our PS3 Reference Tool arrived.
One of our resident PS3 DEV's CouRieR extracted the flash of a PS3 Slim (CECH-2000) European console with Firmware 2.75 a few months back by removing the chip, and dumping it with an external reader along the lines of the BeeProg.
The chip, a Samsung K8Q2815UQB, is a 128 Megabit flash chip. The dump, which weighs in at 16.0 MB (16,777,728 bytes), is quite similiar to that of a later model PS3 with the smaller flash.
Earlier generation Fat PS3's, those that sported dual 1 Gigabit flashes, had two copies of the PS3 firmware along with a full AES filesystem (for /dev_flash) on the flash.
The PS3 Slims, like later generation Fat's, have the AES filesystem (/dev_flash) on the Hard Disk Drive, and mounted virtually (like a loopback) with only one copy of the firmware.
Both the Fat and Slim PS3 systems feature everything that one would expect: a bootloader, corresponding core operating system LV1/LV2 SELF's, along with corresponding isolated SPU code - all encrypted of course.
Since everything is encrypted, and tied per box, the Slim's flash is really no different from that of a Fat PS3 - makes you really wonder what the "hardware differences" that made OtherOS incompatible were.
Finally, for those who'd like to take a peek, here is the PlayStation 3 Slim's FileList Dump Log!
Next week we will share some exciting PS3 Service Mode information, specifically on what we got in the mail a few days back! Then we will take a tour of the PS3 TOOL XMB as promised last week.
More PlayStation 3 News...
- Join Date
- Apr 2005
Very cool news as always, especially considering the PS3 Slim console is the only version that Sony is making these days.
12-14-2009 #3Rob777 Guest
keep up the excellant work devs, at least you guys have learnt a hell of a lot that you wouldn't of otherwise known.
12-14-2009 #4shummyr Guest
this is good thanks for the info, can't wait to hear more!
12-14-2009 #5Takavach Guest
thank you boss cjpc for this news
a few days ago i want to repair a ps3 40gb and i saw that have 2 chip (K9f1g08u0a) and size of this chip is 135.168 kb size , i remove it and dump it.
i want to say that , and thanks to you for this news.
12-14-2009 #6Poopsqueege Guest
That is awesome! That would be incredible if you can convert a slim to run other os...
12-14-2009 #7mihaiolimpiu Guest
Wow, the flash is dumped... I thought Infectus could do that already? (I think not a complete dump - but I wasn't that keen to find out the truth).
Just a thought... The HDD is already decrypted (somewhat)... could we use something along those lines to decrypt the Flash?! (maybe a unique key?).
I know my questions sound dumb (probably are) but I have no idea of how the encryption system works (for now)!
12-14-2009 #8CJPC Guest
Alas no, on both the flash, and HDD, the flash filesystem itself is stored as an encrypted file essentially, so even decrypting the HDD will get you a still encrypted file (for the flash filesystem). Multiple layers of encryption - secure, just not good for us!
12-14-2009 #9semitope Guest
Is there anyone who's bothered trying to decrypt these things for any period of time? I'd ask geohot to have a go, he doesn't seem to have a prob brute forcing... but he's a rude little... so ask nicely I would
12-14-2009 #10mihaiolimpiu Guest
Yes, indeed that is a problem. Maybe we should concentrate on the BD-DRive firmware. Any news on that front? I know the chip itself is BGA but still... someone with proper tools could do it right?
I'm willing to help in wiring the whole chip to a reader if someone is willing to donate a fried board!