... But as I wrote...If the challenge/response is static, there is no need for all this
Neither am I... And I stopped updating on 3.00
I would bet on both. But then, I haven't been following the whole thing that much since Geohot's hack.
If you look through the exploit in the first packet, there is relative coding like this here:
this might be a good thing if we want to adapt this exploit to other FWs.
3ac: fb 81 00 80 std r28,128(r1)
3b0: fb a1 00 88 std r29,136(r1)
3b4: fb e1 00 98 std r31,152(r1)
3b8: fb 41 00 70 std r26,112(r1)
3bc: fb 61 00 78 std r27,120(r1)
But then there is also "absolute" coding like this:
The values after .long are probably addresses which are firmware dependent and would have to be changed depending on the FW version. Again I am guessing here...
150: 00 04 90 e0 .long 0x490e0
154: e8 82 0f 08 ld r4,3848(r2)
158: 00 04 90 e4 .long 0x490e4
15c: e8 7c 00 20 ld r3,32(r28)
160: 00 04 90 e8 .long 0x490e8
164: f8 64 00 00 std r3,0(r4)
168: 00 04 f0 a8 .long 0x4f0a8
Maybe some people with more knowledge of the PS3 internals could help here to analyse the exploit and share the results.