Sponsored Links

Sponsored Links

Results 1 to 10 of 10



  1. #1
    Contributor NDT's Avatar
    Join Date
    May 2005
    Posts
    119
    Sponsored Links

    Exclamation PS3 saves the actual FW version and doesn't allow downgrade

    Sponsored Links
    Ok, my test continued, i can now clearly admit that PS3 save somehow the FW version that's installed and doesn't allow a downgraded firmware.

    I got cold dumps from firmware versions 2.30 (i got 4 different dumps at different days to be sure) and i did the same for 2.35.

    I tried to flash back 2.30 and the console turns on, read from HDD and then suddenly turns OFF with the red light blinking, when i flash 2.35 firmware it begin to works correctly.

    I repeated this test on another console too and the result is the same.

    I removed the HDD, the BD-ROM, the battey and the result is still the same (without these accessories and fw 2.35 console boots!).

    So i can now state that the console write the latest firmware somewhere... but i still don't know where

  2. #2
    Banned User
    Join Date
    Jan 2007
    Posts
    414
    Sponsored Links
    Sponsored Links
    Did you try after flashing 2.30 to boot without the hdd attached?

    Did you try immediatly after flashing previous firmware to power off with the switch in back so the ps3 does not write to the nand when powering down? then power back on to see results.

    just some ideas i had. I will find a power supply soon enough and begin some testing myself.


    peace
    idone tlu

  3. #3
    Contributor NDT's Avatar
    Join Date
    May 2005
    Posts
    119
    Sponsored Links
    Sponsored Links
    Yes i tried, i had the same your ideas, then i even disconnected the battery.

    After my experiments it seems PS3 use Efuse technology by IBM, if so it should change the encryption key every time it change firmware version, then it should be impossible to restore an old dump (because of key change).

  4. #4
    Contributor 0xeffe's Avatar
    Join Date
    Apr 2008
    Posts
    13
    If efuses are used in the ps3 they are not burned every time you update your ps3 since a firmware downgrade with a dump was possible with earlier firmwares.

    But if you put this asside they could only burn efuses when it is a critical update...
    I just wonder why they didn't burn a fuse then when they fixed the RSX-Bug.


    Effe

  5. #5
    Contributor RexVF5's Avatar
    Join Date
    Dec 2007
    Posts
    185
    According to what I have read EFUSE allows for reconfiguration of circuitry of the chip - i.e fine-tune the logic or fix some bugs (think of Pentium DIV bug). Using EFUSE to encrypt some stuff is in my opinion far-fetched and would be extremely expensive to achieve something for which there are better alternatives that are proven already (read: cryptography). Also according to [Register or Login to view links] EFUSE is employed in Cell processors in PS3. So do not let your imagination run too wild...

  6. #6
    Contributor NDT's Avatar
    Join Date
    May 2005
    Posts
    119
    Quote Originally Posted by RexVF5 View Post
    EFUSE is employed in Cell processors in PS3. So do not let your imagination run too wild...
    I really don't understand what i quoted.

    You say it's used in PS3 Cell then that my imagination run too wild ...while i stated the same :P

  7. #7
    Banned User
    Join Date
    Jan 2007
    Posts
    414
    Quote Originally Posted by 0xeffe View Post
    I just wonder why they didn't burn a fuse then when they fixed the RSX-Bug.


    Effe
    Have you verified this? Have you successfully went from 2.10 to 2.01 from a dump?

    I have dumped every fw from 1.32 to 2.10 on which i currently stand.
    I have some ideas that i will be trying but not untill i have aquired a power supply because every idea has a high probability of causing a brick if not successful.

    Hardstore's video claimed to successfully downgrade from 1.60 to 1.50 without a problem. After reading a little (because i dont have one) it seems the 360 blows a efuse with every update, and who is to say for sure that whoever wrote that on the wiki is correct?

    And the fact that NDT's downgrade test got as far as the ps3 accessing the HDD before failing to blinking red also makes me question the efuse theory. It would seem to me that by the time the ps3 has accessed the hdd that the nand has already been accessed and found ok by what ever is decrypting it. (if you connect the usb of infectus to pc and start the programmer before powering on the ps3 the ps3 will fail at reading the nand and blink red before the hdd is ever accessed)

    Who knows though... more testing needs to be done.

    peace

  8. #8
    Contributor SiZMiK's Avatar
    Join Date
    Apr 2007
    Posts
    68
    NDT, If anyone finds where the firmware is stored on the ps3, you will bro. Good luck.

  9. #9
    Contributor RexVF5's Avatar
    Join Date
    Dec 2007
    Posts
    185
    Quote Originally Posted by NDT View Post
    I really don't understand what i quoted.

    You say it's used in PS3 Cell then that my imagination run too wild ...while i stated the same :P
    Now that I read your original post and my reply I don't know what I was replying to (especially the part about the cryptography) However my feeling is that to check a version of firmware in FLASH against some hidden constant somewhere, use of the EFUSE is still bit of a science fiction. But I may be totally. However my feeling is there may be some other (small) flash somewhere or something similar that would allow storing the version number. EFUSE use just doesn't feel proabable to me - but it i only my feeling.

    P.S.: No offense was meant in my previous post...

  10. #10
    Contributor 0xeffe's Avatar
    Join Date
    Apr 2008
    Posts
    13
    Since I've get the feeling that I lack some information I'd like to ask which downgrades/Firmwaremods of the PS3 Firmware (Retail/Test/Debug) are confirmed to work (or not to work):

    retail PS3:
    via Infectus with an previous retail PS3 hot dump: 1.6 to 1.5 (the youtube video from hardstore)
    via PS3 Retail to Debug Firmware HDD swap trick:

    <1.80 to 1.80debug partial
    <2.01 to 2.15debug partial (see XVISTAMAN2005s post)

    I also lack infromation about the cold dumps... what do you need to do them (I read somwhere in the comments on the frontside that you need to solder four extra cables but I didn't find any diagrams regarding this)

    0xeffe

 

Sponsored Links

Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News