ATTENTION: 05/23 Anonymous hackers release PDF theory for dual firmware PS3 - Could lead to 3.6x+ key decryption/CFW!

[xtrem3x]

This may only need doing 1 time, by 1 PS3 owner/hacker.
Once done they can dump the keys from the original nand so someone can make a CFW.

[eiamhere69]

Didn't a certain talented hacker manage to disable and re-enable the hard drive encryption. Don't know much about it as I haven't used otheros, and won't until all hardware is available to it (as I have neither the skills nor the knowlege to do anything worthwhile with it).

The second I saw this posted I thought of an old story from a sientific researcher (Stan Deyo). This researcher and a team of others were approached by the government and shown a video of some guy (madcap inventor) who created an ani-gravity device.

Thsi guy whizzed all over on the video, using speed and movements never seen before, clearly sophisticated technology. However, toward the end of the video, he plummeted to The ground (and died). It was explained that all his research was in his head (almost as smart as Graf) and was destroyed when he died

The researchers accepted the proposal to develop this concept.
After a long time the researchers were ready to present their project. It was absolutely huge, and only hovered inches from the ground - but it worked.

After demonstrating, the guy from the video (madcap inventor) walks in. The researchers are told that sometimes we convince ourselves so much that something isn't possible. The researchers, by means of the video, had this barrier removed, and were able to work to their full potential.

I'd like to think that this applies, but unfortunately it seems that only the bare minimum of info. is supplied, most (if not all of which), is available elsewhere. I'm sure this method would have been one of the first thought of by hackers, but like I said earlier, I'm dumb, so what do I know.

Sorry about the spiel

[sandungas]

Three questions:

1) What is the "attack" supposed to be, exactly?

2) To regularly use this for swtichable firmware, wouldn't you also need switchable HDDs so that the components on the HDD match the ones in the flash?

3) Hasn't someone already tried this technique? It's not exactly a brilliant new innovation, generally speaking.

1) If im not wrong the attack is based on the idea of make a "hot swap" with the flash chips. When you have firmware1 running from flash1 and loaded in ram---> then you switch to flash2 with access to firmware2 files
Theorically... the ps3 has no idea of the swap done, so firmware2 files are treated as firmware1 files

2) There is no need for additionall hardware components to "hot sawp" a HDD
The only problem i see is with software that needs to unmount the filesystem before disconnecting to avoid corruption (but maybe the ps3 hdd filesystem has no problem with this)

3) I personally think that this was tryed from day 1, even before jailbreak, but i have no idea of the problems/limitations
Maybe nowadays is more usefull in conjunction with other development done, but i agree, is good as a concept but no much news (no offense)

....stacking chips would cause overheating like crazy.

There is no intense read/write to the flash when normal firmware operation, i think there is no overheating problems
The most intense write on the flash is when updating firmware, an easy temperature test with a sensor on the top of the flash can clear if this is a real problem but i guess that cant reach more than 50º

Not sure this makes much sense to me. Wouldn't you have to read the orig nand/nor first just to write to the second one in order for it to boot the second one? Is it posible with other os++ to read write nand/nor?I didnt think you could but things are evolving faster than I keep up with. if it is then maybe this makes sense. Otherwise if going to use infectus or something, whats the point couldnt you just read your nand/nor before and after upgrade and flash it to whatever you wanted? Maybe two hard drives to match the flash you chose- one at 3.55 one at say 3.61. I havent been following things to closely but just seems kinda crazy idea with encryption and console specific files on the nand/nor

thanks Slynk for breaking it down

There is a development payload released by graf choklolo that is able to make a full raw dump of the whole flash contents to a externall usb device as a file
Unfortunately... nobody addapted this to make a simple "flash dumper payload" for the finall user with 2 simple functions: read & write whole nand
But technically can be done when booting from a payload (actually it can be done with this payload, but is not an easy task for a non programmer guy)

An alternative is to make this read/writes from linux... but this is not a secure way, because it depends of linux, and linux depends of one of your flashes... so with corrupted flashes there is no way to restore his contents and the console is bricked

Either way... chokolo payload depends of some flash files/strcture to boot so actually there is no other solution to unbrick ps3 other than norflasher, norflasher project is a bit abandoned, and there is no commercial cheap norflasher

I thought that NAND consoles had two NAND chip interleaved for an emulated NOR, wouldn't that mean that you needed two NAND chips + switch resistor setups to switch?

FAT ps3 has 2 chip flashes (NAND type) whose blocks data are interleaved by the "starship" chip
The ps3 dont knows that there are 2 flash chips... it only access to the starship, and the starship manages the interleaved data transparently
The info in this .pdf about the fat NOR is not complete, the access is more complicated that what is explained there

The resistors probably are there because they are lifting one of the flash chips legs
When lifting the leg of the onboard flash, you are disconnecting all the trace with suplementary components of this trace
This resistors probably are in the originall design as a pullup (or pulldown) to keep the state of this leg "stable" so is needed to add this resistor to "mimic" the originall onboard design

Btw... this trace (CE = chip enable) comes from "southbridge" (source) and goes directly to the flash (target), they suggested to lift the leg of the flash, but maybe there are other alternatives to intercept this trace, this needs a bit of patiente and imagination when inspecting the board
I.e. if there is a component in the middle of this trace the easyest solution is to remove this component to place the switch there and to add this component externally
Another alternative is to cut the trace with a knife blade and solder the switch in the southbridge leg

Bwt2... usually solder pads are holes, and traverse the motherboard to the other side
Flash (target) has easy solder points in the opposite side of the motherboard (the ones used by norflasher)
Soutbridge (source) probably uses BGA solder points, so no transverse motherboard holes and no easy solder points, but probably there are other alternative solder points in this area

what would be ideal, is someone mod the nand/nor interface to the flash card slots. xD cards are nothing but a nand flash chip with no controller inside them. It would then just be a matter of finding cards with the same kind of nand flash in them.

I bought a bunch of xD cards back in the day, when I bought an infectus, but never did more then play around with it outside of my ps3. Unfortunately I could never get the infectus to recognize the nands in the xD cards I have.

Smartmedia XD cards are flash "NAND type" chips without a controller as you said, but cant be used on slim
I imagine that sony uses the same ones in other devices (tvs?) but a card would be perfect because can be read/write from the pc with a card reader, and this will make possible to add a card slot for flash chips in the ps3

QFT.

Seriously, this is not a new idea.

Hell, I still have a dual nand wired to both of my 360s.

The pdf is a joke, its like a highschool project, no real research has been done. There is still the limitation of the syscon.

If you could just swap back and forward between FW version, why havent people simply been flashing OFW/CFW 3.55 down from 3.6? - because you cant.

In fact is not a new idea, the only thing i see that needed a bit of research "reversing" the traces of the motherboard is the use of this resistors, so i guess this resistors are ok (i cant test all this, but the addition of this resistors seems not to be an idea that comes from "the air", it must be copyed from a technicall manual or by reversing traces)
On the other side... it lacks some info when talking about the fat ps3 and the starship

I also did this mod in the xbox360 by adding a smartmedia XD card slot, and i had 5 xd cards with different "firmwares", and i was able to swap cards/firmwares easily, all the people that tested this knows that there are severall big "indirect" problems

The first and most important one... is that the southbridge is fully working when the console is in standby
When you connect the main power cord, the console enters in standby, northbridge and southbridge are fully working, and all the peripheral devices (flash, usb controller, sata controller, etc...) are detected and the southbridge knows the presence of them
In the .pdf they talk about removing some kind of protections from syscon (syscon is what i call southbridge in PC terms) maybe this can be done, im not sure, by now seems to be a road end

The second and not less important is when you "hot swap" flash chips there is a high risk of data coruption in both flash chips
This was mostly because peolple (and me too) used mechanicall switches, and humans has a high failure ratio when fast-switching
An slow switch or severall switchs in a row can cause interferences/problems that randomly writes data to the chips = brick

So this tests are very dangerous without a way to read/write flash chips externally (norflasher)

Sorry for the wall of text :P

[defyboy]

1) If im not wrong the attack is based on the idea of make a "hot swap" with the flash chips. When you have firmware1 running from flash1 and loaded in ram---> then you switch to flash2 with access to firmware2 files
Theorically... the ps3 has no idea of the swap done, so firmware2 files are treated as firmware1 files

This would not work, All parts of the firmware is loaded into memory then verified by the upper parts of the firmware. This is called the chain of trust and the keys for this have changed.

2) There is no need for additionall hardware components to "hot sawp" a HDD
The only problem i see is with software that needs to unmount the filesystem before disconnecting to avoid corruption (but maybe the ps3 hdd filesystem has no problem with this)

The issue is that a Hard disk is encrypted.

3) I personally think that this was tryed from day 1, even before jailbreak, but i have no idea of the problems/limitations
Maybe nowadays is more usefull in conjunction with other development done, but i agree, is good as a concept but no much news (no offense)

Dual Firmware - PS3 Development Wiki

FAT ps3 has 2 chip flashes (NOR type) whose blocks data are interleaved by the "starship" chip
The ps3 dont knows that there are 2 flash chips... it only access to the starship, and the starship manages the interleaved data transparently
The info in this .pdf about the fat NOR is not complete, the access is more complicated that what is explained there

There are 2 NAND chips on the early FAT PS3's up to CECHG, the "Starship 2" chip handles interleaving and wear levelling and provides a single coherent NOR interface to the southbridge. CECHH and up, including all slim models have a single 16MB NOR Flash.

The resistors probably are there because they are lifting one of the flash chips legs
When lifting the leg of the onboard flash, you are disconnecting all the trace with suplementary components of this trace
This resistors probably are in the originall design as a pullup (or pulldown) to keep the state of this leg "stable" so is needed to add this resistor to "mimic" the originall onboard design

That's exactly what they are, Pulldown resistors. It will make certain that the chip is disabled unless selected.

Btw... this trace (CE = chip enable) comes from "southbridge" (source) and goes directly to the flash (target), they suggested to lift the leg of the flash, but maybe there are other alternatives to intercept this trace, this needs a bit of patiente and imagination when inspecting the board
I.e. if there is a component in the middle of this trace the easyest solution is to remove this component to place the switch there and to add this component externally
Another alternative is to cut the trace with a knife blade and solder the switch in the southbridge leg

There is not on my board, The pad is much to small to cut with a blade.

In fact is not a new idea, the only thing i see that needed a bit of research "reversing" the traces of the motherboard is the use of this resistors, so i guess this resistors are ok (i cant test all this, but the addition of this resistors seems not to be an idea that comes from "the air", it must be copyed from a technicall manual or by reversing traces)
On the other side... it lacks some info when talking about the fat ps3 and the starship

They are just pulldown resistors, this is something most people know. They aren't even totally necessary.

The first and most important one... is that the southbridge is fully working when the console is in standby
When you connect the main power cord, the console enters in standby, northbridge and southbridge are fully working, and all the peripheral devices (flash, usb controller, sata controller, etc...) are detected and the southbridge knows the presence of them
In the .pdf they talk about removing some kind of protections from syscon (syscon is what i call southbridge in PC terms) maybe this can be done, im not sure, by now seems to be a road end

The southbridge is completly powered off in standby, as are all the peripherals. Syscon is the only component that receives power during standby.

The second and not less important is when you "hot swap" flash chips there is a high risk of data coruption in both flash chips
This was mostly because peolple (and me too) used mechanicall switches, and humans has a high failure ratio when fast-switching
An slow switch or severall switchs in a row can cause interferences/problems that randomly writes data to the chips = brick

There is only a single switch on the #CE line, this would not cause any issues. If you are stupid enough to flick the switch whilst updating, this modification is not for you.

Just to verify for everybody:
This is not an exploit in any way, this won't even work unless you make heavy modifications to the firmware. It will not allow execution of unsigned code and will not lead to the discovery of 3.56+ keys.

This is why people haven't bothered doing it.

[ufcpride]

Great idea, but i'm sure this would be just another 'Undiluted Platinum' like on the PSP.

I still have my PSP1000 with Undiluted Platinum, its a dust gathering doorstop at the moment, but fully functional, just the Undiluted Platinum boys vanished from the scene when DA turned up!

i'm all for this, but dont want to be in a situation where i mod/solder a chip, only to be faced with having the decission to remove it when support goes out the window!

[Shrek]

I can just imagine a meeting at Sony, young up and coming arse licker talking to one of the Sony bosses..

Sony boss... Who the hell managed to get the ps3 dual booting firmwares

employee...'no one'

Sony boss... What do you mean no one

employee...'no one did it boss'

Sony boss...Well why the hell are we sitting around here talking about it

lol

[Shrek]

On a serious note...

When the ps3 connects the info on the ps3 is sent to Sony.

When you dual boot with either fw, how would you stop that info being sent ? It wouldnt make your ps3 any safer thinging you would just boot into ofw as it would still send info from anything you have installed or ran from the cfw, wouldnt it ?

[cookie42]

I can just imagine a meeting at Sony, young up and coming arse licker talking to one of the Sony bosses..

Sony boss... Who the hell managed to get the ps3 dual booting firmwares

employee...'no one'

Sony boss... What do you mean no one

employee...'no one did it boss'

Sony boss...Well why the hell are we sitting around here talking about it

lol

Lol, pretty much my opinion of this "news" thread.
Someone had an idea, and hasn't thought it through completely, or even tested if it worked and it made it as "news", and he/she even has the cheek to ask other people to test it first.

Edit: I should point out, I am always grateful for useful information being shared, but this really was not worthy of "news". Post it on ps3devwiki, it is in no way news.

Edit again: I misread Shrek's post, I missed the brackets around 'no one' and assumed he was making a jab at this being news, and people getting excited when it doesn't really mean anything... It's late, ok...

[sandungas]

FAT ps3 has 2 chip flashes (NOR type)

Sorry, this was a typo when writing, i had to say NAND ones i will edit my mesage to avoid misunderstandings to other users

There is not on my board, The pad is much to small to cut with a blade.

Talking about the CE trace... the ps3 motherboard is multilayer, maybe this trace is "hidden" in a internall layer after the pad (this is what i understand after reading what you said about the pad), but needs to "go out" to a externall layer in the southbridge side
Im not saying that this trace can be intercepted easily because i never looked at it, but i think this deserves further research, because the dificult of the mod depends 95% of this trace

There is only a single switch on the #CE line, this would not cause any issues. If you are stupid enough to flick the switch whilst updating, this modification is not for you.

In xbox360 the swapping must be done with the power cord unplugged because of the standby problem i explained
I thought ps3 was similar because security reasons (mostly to avoid modchips) but i must admit that i ignore what components are working in standby in ps3

Is needed to take in count residual electricity (from capacitors) that feeds the chips after disconnecting power... this was one of the corruption problems with xbox360 when doing this
People unpluged power cord... then switch... but the residual electricity was feeding the flash... so they corrupted the whole thing
This happened to me, and im paranoid with security measures to avoid mistakes... so is a bit random, i cant even be sure about my problem was because residual electricity because as i said im paranoid and very carefull, but this is the only explain i found

[SaferSephy]

guys guys...i'm sorry maybe i don't remember correctly but didn't mathieulh have the 3.60 keys?

why doesn't he leak them to some anon group instead of having to read these things?