December 2, 2010 // 7:10 am - A few weeks back we saw a video of PS Downgrade in action, and today ANTONIOPS at Spanish site (linked above) has posted up some videos showing PS3 Debug Firmware v2.15 being installed via PSDowngrade on a 40GB Retail version 3.41 console followed by running a PS Store demo.

Normally PlayStation 3 service boxes require a proper downgrade PUP file, however, comparing the SHA1 hash of the released PUP confirms it contains nothing special (just the old 3.41) so there appears to be something 'interesting' taking place when downgrading via PS Downgrade.

To quote, roughly translated: The noise you hear when you turn on the PS3 is the reader who is half repaired.

The Debug firmware I've installed the firmware downgrade PSDowngrade 3.41 to 2.15 Debug.

At the moment can only run signed code, such as a PS Store demo.

Those interested can check out the videos below!

Finally, in related news comes a brief guide from gliitch on installing PS3 Debug Firmware v1.0 on a Retail Console:

[ROoT] Level2Diag.self(1)/UPDAT.PUP(DEBUG1.0)

Put your PS3 into service mode, then once its powered down, plug in your usb stick with the files. it takes about 4 or so minutes to complete.

Wait for it to finish, and then turn the PS3 back on O_0 and vollia! 1.0 Debug on a retail PS3. Now, there isn't much point in doing this as it doesn't really have anything on it.

You can update straight back to FW 3.41 via usb by [RoOT] PS3/UPDAT.PUP/

Videos: Debug Firmware on Retail PS3 via PS Downgrade Demo

#41 - DeViL303 - December 3, 2010 // 1:37 am
That is because your partial dump probably does not contain the resource folder contents, this is where the rco files and xmls that contain parameters for install pkg and app_home are stored.

Just wanted evilsperm to know that Mounting debug 3.41 dev_flash using firmloader will 100% not stop the install package files and app_home icons from loading. if you use the resource folder from acidCFW0.002 you will see!

#40 - F1R3WALL - December 3, 2010 // 12:55 am
They most likely have a JIG setting that will trigger on P.O.S.T (before firmware is loaded) and suck down the firmware update via LAN/USB.

Remember the payload isn't a JIG, it just emulates part of one.

#39 - cfwprophet - December 3, 2010 // 12:52 am
to mushy409: Na i meant you with that.Your questions are much better then "Yes we Can" !! Who is he Obama? We want facts not only "yes we can"

to all: They are totally diff. The psp's service mode will be activated with the service JIG aka pandora.Its a battery device wich have a tiny pcb with neard little chips on it.A chip send 0 (or F dont remember exectly) bytes to console and the psp will start in service mode.After that you need a magic memory stick with a special code on it to be able to direct talk to the NAND flash.

As result you can writte a fw to the system even if it is totally screwed and not boot able.

Till to a specific version the psp doesnt really have a security system that would be comparison able to the ps3.A whole time have run and cfw was available till sony decided to use a new cpu that only accept signed update.pbp's.And even then it could never be comparised to the multi security system of the ps3.

The black beauty have a system where one will run over the other.If only one lv does not run the whole system does not run.Beside that we know that the service JIG for the ps3 need a working running os to be able to unbrick a ps3.The JIG will boot the ps3 into service mode with lv2diag.self.Now you have the abbility to install either 1.0 or 1.5 special_downgrader.pup's.This both files gave the console the rights to install ANY fw you want.

But if lv1 is not running you cant use even this special lv2diag.self.Beside that lv2diag.self is not everything you see.Our beloved xmb and everything visible is loaded from dev_flash wich is placed on a flash chip on mobo of ps3.The retail lv2.self is also on a flash chip but on a seperated one. If you now screw up the whole dev_flash your console then will not be bootable.And even then the JIG could not unbrick in case you dont have a working bootinbg os.

Maybe the embended retail service mode of ps3 can fix that but i'm doubt. Sure sony will have a way to fully unbrick a con but we doesnt know that. Even the Wii couldnt be fixed from a fullbrick till today. And nintendos last gen hero for sure dont have such a crazy security sys like the ps3.

Its possible that sony can activate a special service mode via lan port that will work on a totally other way and have the ability to flash both clean onboard flashes.But we dont know to time how they do that.

On the Wii there also was a disk the gay fish disk. A kind of service disk that also was able to boot a app even with fullbricked sys and than you was able to install some new fw.But the disk couldnt be hacked. At the end we was able to boot this apps via a special os which was loaded from virtual nand (nand img on usb or sd).

#38 - TheShroomster - December 2, 2010 // 11:57 pm
Here is my question. the PSP has been hacked to pieces. how similar are the PSP and PS3? not hardware wise but in the way they run. they have almost identical xmb's and the ps3 plays many psp ports (minis included).

#37 - mushy409 - December 2, 2010 // 10:14 pm
This is actually quite interesting... Would also be interesting to see if a FULL brick console can still be recovered with the JIG hardware. I would imagine it would be possible - how would sony deal with the console if it was sent for repairs? They'd hook it up with a JIG and program new firmware (LAN/USB etc...)

As CFWProphet said, without the basic LV1 - nothing else would run without this essential loader.

Just speculation, maybe the PS3 has some sort of basic boot rom that allows basic hardware I/O, which could be triggered by the lack of firmware (or corrupt etc) & JIG response...?

I know the PSP is a different console, but from what I remember even with a completely screwed firmware, or if you actually REPLACE the NAND with a brand new (blank) device - then you're in the same boat, no firmware/loaders to initialise basic hardware. The Pandora battery (& magic memstick ) would boot the system enough to be able to reflash.

Correct me if I'm wrong (or just tell me to shut up).

#36 - DeViL303 - December 2, 2010 // 9:56 pm
If this method is proven to completely convert a retail PS3 to PS3test then it will make any retail PS3 worth as much as a PS3test, better sell them quick guys!!

Big question is can the PS3 be upgraded with debug firmware after doing this once? is it a complete conversion?

#35 - evilsperm - December 2, 2010 // 9:24 pm
don't get your hopes up on this... those of you who have been in the scene for the past few years have already known we can install debug over retail but it muffes everything up, it was a hybrid install that what 100% useless.

I'm sure it's a step in the right direction but I don't think much will come of just downgrading to debug unless some flag are set.

Cyberskunk and myself have a partial dump of 3.41 debug dump and we have found out some very interesting things when using the firmware loader, as in it removes the install pkg and app_home as well as homebrew not running. This means that when moving to the firmloader offsets look like they are getting overwritten thus losing the jailbreak for the most part.

#34 - playforfun - December 2, 2010 // 9:09 pm
very interesting for all want to have a debug

It's weird he used 2.15 instead of debug fw more recent, maybe because this one have something more... I wonder if:

he can upgrade his console to another debug fw more recent
he can use bd emulation
he can use target manager

these point can provide more elements about this special downgrade

#33 - cfwprophet - December 2, 2010 // 9:04 pm
Ok to all this "Sure it can unbrick from FullBrick" guys. You even really understand what Full Brick means?

No one of you ever have tested it and the most of the users are not really in in the ps3 thingy but you all want to claim "sure" ?

What about you got a FullBrick and the USB driver of the PS3 are gone and not usable anymore.

How do you want to unbrick truth a USB device?Your the magican and can put the new FW truth a not uswable USB driver via USB device onto the PS3?

One level higher:
You have a fullbricked PS3 and no lv1 running in case its tottaly screwed.How you want to use lv2diag.self?
You even ever heard something about its called scurity system?Or maybe you know better then all hackers,modders and devers from the sceene that lv2 can runn without lv1?

For what have sony implemented a one over the other security system? There for we don't need lv1 to run lv2diag.self?

#32 - DeViL303 - December 2, 2010 // 7:34 pm
That would be great! Im hoping for a unbricker anyway ,dont need any downgrades! got all my ps3s on 3.41 or below except my online one which I dont want to downgrade. Also be interesting to see if this downgrade will work on 3.60 or whatever sonys next release is, probably 3.51!

I assume sony will revoke all service dongle IDs and maybe completly change the way service mode works, hopefully PSjailbreak team or the scene can keep up with them.