Thread: PS3 downgrade? (Re-Written)
PS3 downgrade? (Re-Written)
Ok, I have wrote about this before, but had little time to write and nobody was able to understand my theory.
So, here is a rewritten one that hopefully makes more sense.
Right now it is possible to use InFeCtuS to downgrade a PS3.
This is done by copying the NAND chips to a file so you can write the file back to the NAND chips when you want to go back to your previous firmware.
The PSP was hacked so someone could take advantage of the tiff exploit and swap index.dat from flash0 to the index.dat from the 1.00 firmware, tricking the PSP into launching the 1.50 update EBOOT. (index.dat tells the PSP it's firmware # so if replaced with the index.dat from the 1.0 firmware the PSP thinks it has firmware 1.0)
But, what if someone made a program that could change individual files on the NAND chips?
Could this be done on a PS3? If you could replace a file that gives the PS3 it's firmware number with an older one wouldn't the PS3 launch the Sony updater that is older than the PS3's current firmware?
Main question: How can we replace the firmware no file if we have no access to it.
The best way for a downgrade would be like you said the same for the PSP so a Tiff exploit in the PS3's Photo browser
We do have access to the NAND chips with the use of infectus. I know it sounds pointless to do this since infectus can downgrade the PS3 out of the box, but taking this approach will allow you to downgrade even if you never previousoly backed-up the PS3's NAND chips.
to change files in the nand you need to be able to decrypt, encrypt and sign the package which only sony can do
True, but my theroy involves taking a signed file from a ps3 with an older firmware and copying it to a ps3 with a newer firmware, so the file would still be signed by Sony.
this is not easy as you may think .... first of all you need to have full access to the NAND chip aka read/write , the only thing we are able to do now is to read it.
second thing is that we need to decrypt it.. and some other things.
We do have full read/write abilities with the use of a mod chip called InFeCtuS. Although, it may be possible that Sony signs every file in the NAND chips with a unique number, but this has never been tried so it is unknown how the data is signed.
yes there is a 'PS3 NAND Dump Extractor' in the downloads section under PS3 Homebrew/Utils
If this theory worked 100%, wouldn't it not be far fetched to replace the firmware number file with one from a test/debug firmware, so you could install a newer test/debug firmware on the PS3 with no problem?
I think I have found something that will crack the PS3 wide oped
If you used my theory and grabbed the PS3's index.dat from a 1.50 Test PS3 and used this file to replace your retail PS3's index.dat and then tried to start the leaked 1.80.pup test firmware, wouldn't the installer start because the PS3 thinks it is test FW 1.5? (please note index.dat is the name of the PSP's file that determines the FW #, but since the PSP and PS3's FW are similar the PS3 probably has a file like this) Dev'ers should be made aware of this!
Edit: By the way, for people who don't know why you should have test FW, Test FW allows unsigned code to run.
By the way, I just read the "PS3 NAND Extractor Update & More!" story by CJPC and he explained that with some game modifying he was able to get games to run from the hard dive (external and internal)(on test PS3's only). This makes this theory more urgent for people like CJPC to look into.
Edit: I was searching, and I stumbled across this thread. I don't mean to say I told you so, but I did.