To quote: 05/23/2011 For Immediate Release: The beginning of dual-firmware PS3: PS3_Ed2.pdf The technique outlined in the .PDF will help people learn more about 3.6x firmwares.
The solution relies on the implementation of a second NOR/NAND Flash. Some technical limitations have been identified. But time will help us to remove them.
The information in the document is still theoretical for the moment, however please post results from your testing.
We believe knowledge and information wants to be free. Learn what you can and help contribute to making the PS3 scene a better place. Released by No_One.
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
I'm new to the forum but i was wondering if anyone has tried to format their flash and knows what happens? does it then look for a software image on the system or does it brick (no assumptions please)? secondly what might happen if you took the flash memory off and tried to over-write it.
I know formatting and overwriting it isn't possible as this point with the PS3 but it doesn't mean it cant be done else ware. I could plug it into my cisco router and y-modem the CFW. I'm just worried there's a fail safe before i brick my ps3.
Quotes from Gehot and Fail0verflow may lead to something :
"The complete console is compromised - there is no recovery from this," said pytey, a member of the fail0verflow group of hackers, who revealed the initial exploit at the Chaos Communication Congress in Berlin in December.
Sony updated its consoles to block the software and took legal action against distributors in many countries.
However, according to pytey, it may not be so easy to fix the problem this time.
"The only way to fix this is to issue new hardware," he said. "Sony will have to accept this."
In the end, the flaw that allowed them to crack the system was a basic cryptographic error that allowed them to compute the private key, held by Sony, he said.
"Sony uses a private key, usually stored in a vault at the company's HQ, to mark firmware as valid and unmodified, and the PS3 only needs a public key to verify that the signature came from Sony.
"Applied correctly, it would take billions of years to derive the private key from the public key, or to make a signature without knowing the private key, even when you have all the computational power in the world at your disposal."
But the team found that Sony had made a "critical mistake" in how it implemented the security.
"The signing recipe requires that a random number be used as part of the calculation, with the caveat that that number must be truly random and not predictable in any way," the team said.
"However, Sony wrote their own signing software, which used a constant number for each signature."
This allowed the team to use "simple algebra" to uncover Sony's secret key, without access to it.
"This is supposed to be the most secret of secret of secrets - it's the Crown jewels," said pytey.
Using a similar technique he was able to extract the entire master key for the system, which he subsequently publish online along with a demonstration of it in action.
However, he has not released the method he used to extract the key.
Looking at those images and judging by the small number of wires connected to the switch... It seems as though he has disabled the on-board chip, hooked up both new NANDs to the same points and uses the aformentioned switch to switch between the two...