96w ago - Following up on his previous update, PlayStation 3 hacker No_One has now announced that the PS3 3.60 Slim NOR Flash has been dumped via PNM board socket and the 3.6x keys may be coming soon.
To quote: Hi mates, I'm going to be on vacations for 3 weeks. I just wanted to tell you that PNM project will be stopped during this period.
But, i've some great news for you. I successfully dumped a 3.60 NOR flash using one of the socket ! The second socket has been validated too. We are not far from our main goal : "jailbreak again the PS3" !
Here are some snapshots:
host console with a new feature (NOR FLASH details...)
PNM with a NOR Flash on Socket #1
an extract of the 3.60 NOR dump as a proof
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
I'm new to the forum but i was wondering if anyone has tried to format their flash and knows what happens? does it then look for a software image on the system or does it brick (no assumptions please)? secondly what might happen if you took the flash memory off and tried to over-write it.
I know formatting and overwriting it isn't possible as this point with the PS3 but it doesn't mean it cant be done else ware. I could plug it into my cisco router and y-modem the CFW. I'm just worried there's a fail safe before i brick my ps3.
Quotes from Gehot and Fail0verflow may lead to something :
"The complete console is compromised - there is no recovery from this," said pytey, a member of the fail0verflow group of hackers, who revealed the initial exploit at the Chaos Communication Congress in Berlin in December.
Sony updated its consoles to block the software and took legal action against distributors in many countries.
However, according to pytey, it may not be so easy to fix the problem this time.
"The only way to fix this is to issue new hardware," he said. "Sony will have to accept this."
In the end, the flaw that allowed them to crack the system was a basic cryptographic error that allowed them to compute the private key, held by Sony, he said.
"Sony uses a private key, usually stored in a vault at the company's HQ, to mark firmware as valid and unmodified, and the PS3 only needs a public key to verify that the signature came from Sony.
"Applied correctly, it would take billions of years to derive the private key from the public key, or to make a signature without knowing the private key, even when you have all the computational power in the world at your disposal."
But the team found that Sony had made a "critical mistake" in how it implemented the security.
"The signing recipe requires that a random number be used as part of the calculation, with the caveat that that number must be truly random and not predictable in any way," the team said.
"However, Sony wrote their own signing software, which used a constant number for each signature."
This allowed the team to use "simple algebra" to uncover Sony's secret key, without access to it.
"This is supposed to be the most secret of secret of secrets - it's the Crown jewels," said pytey.
Using a similar technique he was able to extract the entire master key for the system, which he subsequently publish online along with a demonstration of it in action.
However, he has not released the method he used to extract the key.
Looking at those images and judging by the small number of wires connected to the switch... It seems as though he has disabled the on-board chip, hooked up both new NANDs to the same points and uses the aformentioned switch to switch between the two...