December 20, 2009 // 11:14 pm
- We finally managed to obtain a fully operational Service Mode PlayStation 3 system, so PS3 Dev work is in progress. As it came a few days ago, we have not had too much time to play with it yet, but will soon!
We did some work on one from flurix
a while back
, but alas, the unit did not function fully. Luckily, this unit we got works perfectly.
For a little background, it is a CECHA00
unit, which makes it a 60gb Japaneese PS3 model, first generation - full of backwards compatability, card readers and WiFi!
It appears to be a returned unit, as it was packed in a CECHE box, and had a false CECHE serial on it. From what we know to date, the first thing that happens when a unit hits Sony is to be reset into PS3 Service Mode
via the PS3 USB JIG
After this, the serial number on the back is scanned. We assume at this point they realized it was false, and sent it back, not repaired. Since it was sent back, it was still, luckily, in Service Mode - letting us obtain of it!
Our project goal is to be able to turn this unit into a full blown PS3 Test/Debug
unit, as it would help if everyone had access to a development unit in order to fully explore the PS3. Of course putting
a retail PS3 into a Service Mode console is another beast to tackle before that happens.
The PS3 Service Mode
Systems do not utilize a hard disk drive, they totally fail to detect it (as we know) so installing a PUP the normal way is out of the question (it fails).
However, there is another way to install a PUP. We had time to briefly experiment with some PUPs, and at the moment a FULL Debug PUP installs perfectly, but fails to boot. We believe this is due to the Core OS package in the PUP.
With a little creative trickery (that will be detailed in a later post) on the PUP itself, we were able to get the Service Mode unit to install a Hybrid Debug Firmware, just like XVISTAMAN2005
's PS3 HDD swap method
that Sony later blocked
We can use the same creative trickery to downgrade the unit as well, however, the issue becomes that the Core OS is retail, and has to be the same software version. This is where we are at after a few days with the Service Mode unit.
We are currently looking into ways to bypass this one last flaw - and after that, we may be able to successfully downgrade units, as well as install Debug Firmware on them.
The next step is to install hardware to facilitate the dumping of the NAND. This will allow us to change the firmware, then dump and compare the NAND images to see if the Target ID in the EID changes - if it does, this method will prove to be very, very useful!