The above video goes away if you are a member and logged in, so log in now!
Ideas on ripping the 3.50 firmware
Ideas on ripping the 3.50 firmware –
Ok, I'm new to the PS3 and it's inner workings, but with my experiences with 360, I have some ideas.
So, with the USB Firmware Loader app, we can load any firmware off of the USB right? The thing preventing loading 3.50 is that we don't have a copy of the firmware.
Now, I don't know about NAND dumping the PS3, but seeing how it isn't done, I'm guessing it's either hard or impossible, so we'll skip that.
Next, I thought of maybe seeing how the updater program decrypt/extracts the updates. But then I found out that the loader is encrypted. Maybe we can use Backup Manager's method of decrypting executables to decrypt the firmware updater software and disassemble it?
Another idea: The reason why nobody cares about game exploits (save file buffer overflow, etc) is because, unlike the PSP, the PS3 (and 360) limits what an game can do, so exploiting it is useless. But with the release of the file manager and FTP program, I guess reading /dev_flash is within the boundaries of a PS3 game? If so, would it be possible to exploit a game to dump /dev_flash?
Thanks for reading.
The PS3 nand has been dumped several times by sever people , the problem with the 3.50 or any firmware above that is even if someone dumped the nand over there ps3 it will not work on someone elses when a ps3 firmware is installed to the ps3 it creates a key for it that will only make it bootable on that ps3 , example being if you take the nand from one ps3 and soldier it into another it will not work.
Sounds like the Nan chip probably has an individual ID code or something to its ps3. Just another thing sony put in to prevent downgrading
Oh, so is that what the /dev_flash/data/cert folder is for? I'm guessing every firmware version has different ones (in addition to every system version)?
Originally Posted by DeadPixel99
1) Are system files (not resources, because I know people edit those) signed? Let's say I take the module for connecting to PSN from 3.50 and put it in my 3.41 system, will it be rejected because the hash doesn't match?
2) Does anyone know if different people's same files are the same? If I copy a friend's /dev_flash/vsh/module/auth_plugin.sprx (or something), is it the same file as my own or do they encrypt it with your key or something?
Because for most cases, myself (and I guess most others) only want newer firmware versions to use PSN.
So you don't have any ideas? Thread title is a little misleading
I did have ideas. They just turned out to not work (because I'm a dumbass). It would be misleading if I said "How to rip 3.50" or something.
Originally Posted by robo989
I just got my second ps3 to day, EU 320GB Slim.
My old one is a US 60GB Fat.
The first thing i did when i got it, was to update the FW from 3.40 to 3.41.
Then i instaled the FTPserver, and copyed every thing from the new ps3.
Then i compared the dev_flash on Fat one with the Slim one, and guess what...
They are identical 177*360*300 byte
Then i copyed the dev_flash from the Slim one to usb stick and plugged it in to the Fat one, and started the Firm Loader. And guess again, it worked
So no, there are no magical code that locks the extracted files to your ps3.
At least not on FW 3.41...
My suggestion is to add a Firm loader function in PSgroove, make it mount the usb as the dev_flash in the memory.
From what i could see while updating to WF 3.41, the ps3 did not restart it self, it just exited the xmb, and started the FW update "OS".
And we will be able to update the FW on the usb mounted dev_flash.
My other solution is a litle more drastic, but might work. Hook up the nand to a usb controller, and plug it in to a JBPS3, then use FTPserver to copy the files.
Edit: They are identical in size, but not identical... I have tried to compress them with winrar and check the MD5 check sums, but the compressed size did not end up as the same. Then i tried to zip them with windows. They ended up with the same size, but the MD5 Check sum's where not the same. So there are some small differences between the US FW and the EU FW.
Tomorrow i will try to compare every file, to see witch are differnent.
Last edited by Red 13; 09-28-2010 at 02:22 AM.
Choose some random binary files (/sys/internal or /vsh/module) and do a binary diff between two same files. If they are the same, then maybe we CAN run 3.50 from the USB using someone else's dump.
I just finished hash checking all the files in dev_flash on the US Fat, white the EU Slim one. They are IDENTICAL, all the MD5 checksums match up.