NDT is the GOD of PS3 NANDs!!!!!!!!!! - Page 3 - PS3 NEWS - PlayStation 3 News

**cfwprophet** · 09-23-2008

Sure bd fw is stored on the drive self but the ps3 fw also include the bd fw of youre drive.Its a kind of security there for the drive get hacked like on the 360 im guess. Without a tool to resign the data of the ps3 os we cant use a hacked or a replacment drive if the fw dont mach to the ps3´s bd fw.

So i think that the nand ecc tool maybe can do more magic as the most people to this time understand...

**sekemc** · 09-23-2008

If those encrypted keys can be cracked for the SELF's and PKG's then we would have a nice opening. The issue is getting the signed packages onto the PS3 now that Sony has fixed all methods of transferring PKG files to the PS3 from PC. I wonder if the keys to finding the firmware signature can also be found in the flash. Then we can have a signed firmware that could be downloaded and trick the PS3 into updating to a potential CFW.

**cfwprophet** · 09-24-2008

uhm... i think you have something misunderstood !!!

Quote:

First, a small technical explanation. We were not able to modify any data on the PS3's flash chips due to the ECC. The ECC is a checksum basically, that ensures whatever data is in the block is not changed or corrupted, and if it is it errors.

So, the problem was since when we tried to alter data, the ECC would then in turn be invalid, causing errors, making the system not boot.

We did develop a way around this, however, it was time consuming and quite slow. We used the PS3 to write data to the flash, then dump it, with its proper ECC, then rewrite to where we needed it. This would take hours on end! We were not able to regenerate the ECC since we did not know the proper algorithm.

But now, we can!!

After multiple tests done by NDT to see what the ECC algorithm was when the block was filled with some magic data, our very own RPS was able to reverse the algorithm!

What does this mean? Simple, we are now able to in minutes properly edit a flash dump, regenerate the ECC and flash it onto the PS3 in order to experiment with flash changes. Using this, we have already found where the encrypted keys are stored for SELF's, PKG's, and BD Pairing among other things, more on that in the weeks to come.

**Transient** · 09-24-2008

Quote:

Originally Posted by cfwprophet

uhm... i think you have something misunderstood !!!

That's right. I've seen a lot of people mistaking ECC (Error Correction Code) for an encryption key or signing certificate. ECC is a check to make sure the data hasn't changed. If only a very small amount of data is changed (eg. 1 bit) then the ECC can correct the error.

Normally this is used for detecting and correcting errors in critical hardware (eg. hospital equipment, satellites, servers, etc).

For example, say you have some data in your computer [01010101] and a cosmic ray comes and strikes it causing a bit to change [01000101]. ECC would be able to detect this change and put it back to it's original state. If the number of errors is too great however [11101110], then it cannot be corrected (crash).

In Sony's case, I imagine they'd use this for two reasons: 1) to protect against your PS3's flash from accidentally being corrupted and 2) to inhibit intentional modifications.

Anyway, it's great to hear the dead PS3 is back alive!

**bow2long** · 09-24-2008

NDT rocks totally!

**NDT** · 09-24-2008

It's right ECC means Error Correcting Code, normally reed solomon is used in such cases, in the PS3 it's a custom one.

**merci2ui** · 09-24-2008

with other words, the ps3 is "complete" hacked. Is this right?

**mark786** · 09-24-2008

Does this mean we can now edit the what is written to the flash of a retail PS3? Also I hear ps3news has found the location of keys to the PKG and PUP files? What are the next steps need to extract these keys? Also, even if we have obtained the keys, what does this really mean? Can we now edit PKG files and have them run PS3s without any errors? How do we transfer these (edited) files over to the PS3?

Sorry for so many questions, but I remember reading a long time ago on Ps3news that there were talk going on about obtaining a Debug PS3 Console. It was referred to as a (the big leagues) in comparison to a TEST PS3 console. Any luck getting one?

**cfwprophet** · 09-24-2008

uhh......men keep cool

The NAND ECC tool allowes to resign the flash data of the NAND from our retail ps3´s. Yes this means that a guy who will be smart enough to patch data of his retail ps3´s fw could now with the ecc tool resign the whole fw and flash it back to the ps3 nand chip.

And for the location of the keys and the other things be patient and wait till the news will be released

**djg** · 09-25-2008

Will this allow the DVD region check to be removed?

The only thing my PS3 cannot do that I want is play both my region 4 and region 1 DVDs. As I'm in Australia region coding is technically illegal as our High Court has ruled it to be anti-competative. Bypassing region coding is NOT illegal here as a result. I'd love to be able to mod the firmware on my PS3 to leave it exactly as it is other than to be able to play my collection of region 1 DVDs. What are my chances of this in the near future?