Sponsored Links

Sponsored Links

Page 1 of 9 123 ... LastLast
Results 1 to 10 of 83



  1. #1
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    28,384
    Sponsored Links

    SKFU on PS3 Registry Research and PS3 USB Custom Firmware

    Sponsored Links
    Earlier today we reported on a preliminary PS3 flash and registry entry analysis from DemonHades and RichDevX, and now SKFU (linked above) has shared his input thus far.

    To quote: Since PS3News released their PS3 FTP application I did some research on the PS3's registry.

    The registry and it's backup are stored on dev_flash2 as xRegistry.sys.

    The header

    BC AD AD BC 00 00 00 90 00 00 00 02 BC AD AD BC

    The entries

    Every entry has a fronttag which is 5 bytes long. I'll describe:

    56 41 00 11 01

    This is an example value:

    /setting/parental

    Behind the value theres a 1 byte close mark:

    00

    The 5 bytes

    The first 4 bytes are a unique but random number. Every value has it to be identified and found by the system as there is no special pattern. An sprx(?) finds every value by this 4 bytes.

    56 41 00 11

    The 5th byte can be 00, 01 or 02. 00 tagged values are actually activated/used by the VSH, 01 ones not. The 02 seems to mean "DO NEVER UNLOCK". For example the QA Mode is tagged with 02.

    00 == unlocked/used/activated
    01 == locked/unused/inactive
    02 == never ment to be unlocked


    Stop footer

    The registry has a

    AA BB CC DD EE

    after the last value. Here the system stops to search for values.

    Single values without tag

    Some values are behind the stop tag spreaded randomly in the file it seems. I have no clue how the system finds those yet but here are some I found:

    - your local username
    - your language (f.e. eng for english)
    - your PS3 system name
    - URL to the information board online stored files
    - HDD serial
    - Board name
    - your PSN username + password
    - your WIFI network key
    - your local IP
    - your PSID
    - path to local user pic

    You can modify all those values as long as you don't change its size or adress. For example the local user pic is loaded from:

    /dev_flash/vsh/resource/explore/user/000.png

    But you can redirect it to load from USB for example:

    /dev_usb/vsh/resource/explore/user/12345.png

    The Cool Stuff

    The retail PS3's registry contains all values to unlock the settings which are possible on a test/debug PS3 and even more like QA mode. We can enable those via the registry, but we won't see any effect in the XMB.

    That is because we just UNLOCKED it, but different files on dev_flash handle what we can actually SEE in the XMB. So we need to modify them also to fully use debug options on a retail and more.

    This can be done by mounting the dev_flash from USB. We need to do this as we can not write to the original dev_flash. So once we can load our customized dev_flash from USB and have modiified our registry, we have a nice way to load a our custom firmwares.

    The Crash Report

    The registry can contain an crash report which is seperatly splitted with another registry header as explained above. It contains system error messages, for example if you muck up your registry

    PS3 Live USB CFW Theory

    While the Jailbreak just changes mountpoints it should be possible to do the same for other places than the BDD, aswell.

    For the JB, the drive is remounted @ HDD. So why not mount the dev_flash from USB?

    Surely this is possible and I hope to see some action here soon!

    So we would have a good solution to test and run custom firmwares as the brick risk is equal zero, because we can just unplug the USB device and the dev_flash is mounted as common - unchanged.

    SKFU on PS3 Registry Research and PS3 USB Custom Firmware

    More PlayStation 3 News...

  2. #2
    Senior Member adrianc1982's Avatar
    Join Date
    May 2008
    Posts
    428
    Sponsored Links
    Sponsored Links
    So ps3jailbreak will soon be obsolete hehehe.

  3. #3
    Forum Moderator PS3 News's Avatar
    Join Date
    Apr 2005
    Posts
    28,384
    Sponsored Links
    Sponsored Links
    At least the paid versions probably, as I'm sure in coming weeks/months the scene will take over and exceed whatever "perks" the paid JailBreak solutions have for free.

  4. #4
    Contributor Breach's Avatar
    Join Date
    Feb 2010
    Posts
    17
    Once the floodgates are open, down come the walls.

  5. #5
    Senior Member spark32's Avatar
    Join Date
    Mar 2008
    Posts
    207
    hell yeah! This is sick dogg.

  6. #6
    Banned User
    Join Date
    Sep 2007
    Posts
    476
    Quote Originally Posted by adrianc1982 View Post
    So ps3jailbreak will soon be obsolete hehehe.
    Doubtful.. You still need the jailbreak to trigger the exploit to run unsigned code.

    I think it will be quite a few months until another exploit is found (if one ever is) and even then its anyones guess if we will need a device to trigger it.

    I do think that Sk8fu has a sound idea though and it will be pretty amazing to see this happen.
    Last edited by evilsperm; 09-09-2010 at 01:51 AM

  7. #7
    Contributor bernzburnz's Avatar
    Join Date
    Feb 2007
    Posts
    28

    Damn

    Much respect to all putting in time to crack this beast. Can't wait for CFW online!

  8. #8
    Contributor tjay17's Avatar
    Join Date
    Apr 2010
    Posts
    421
    This just gets better and better.

  9. #9
    Junior Member Starlight's Avatar
    Join Date
    Apr 2005
    Posts
    5,280

    Thumbs Up

    Sounds promising and hopefully they will find more on this, but next to remain to be seen is what sony is going to do and if they can shut down this exploit as the ps3 has been one tough cookie to crack so far and if it is sony will most likely be on the hunt to close it down, well time will tell and good luck to all hackers/developers on this project..may the force be with you..

  10. #10
    Junior Member zant's Avatar
    Join Date
    Sep 2010
    Posts
    93
    cant wait for custom firmware! And better yet, NO brick possibility? Couldn't ask for more! now i got to find a CECHA01 to keep permanently offline.

 

Sponsored Links
Page 1 of 9 123 ... LastLast
Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News