Sponsored Links

Sponsored Links

SKFU on PS3 Registry Research and PS3 USB Custom Firmware


Sponsored Links
219w ago - Earlier today we reported on a preliminary PS3 flash and registry entry analysis from DemonHades and RichDevX, and now SKFU (linked above) has shared his input thus far.

To quote: Since PS3News released their PS3 FTP application I did some research on the PS3's registry.

The registry and it's backup are stored on dev_flash2 as xRegistry.sys.

The header

BC AD AD BC 00 00 00 90 00 00 00 02 BC AD AD BC

The entries

Every entry has a fronttag which is 5 bytes long. I'll describe:

56 41 00 11 01

This is an example value:

/setting/parental

Behind the value theres a 1 byte close mark:

00

The 5 bytes

The first 4 bytes are a unique but random number. Every value has it to be identified and found by the system as there is no special pattern. An sprx(?) finds every value by this 4 bytes.

56 41 00 11

The 5th byte can be 00, 01 or 02. 00 tagged values are actually activated/used by the VSH, 01 ones not. The 02 seems to mean "DO NEVER UNLOCK". For example the QA Mode is tagged with 02.

00 == unlocked/used/activated
01 == locked/unused/inactive
02 == never ment to be unlocked


Stop footer

The registry has a

AA BB CC DD EE

after the last value. Here the system stops to search for values.

Single values without tag

Some values are behind the stop tag spreaded randomly in the file it seems. I have no clue how the system finds those yet but here are some I found:

- your local username
- your language (f.e. eng for english)
- your PS3 system name
- URL to the information board online stored files
- HDD serial
- Board name
- your PSN username + password
- your WIFI network key
- your local IP
- your PSID
- path to local user pic

You can modify all those values as long as you don't change its size or adress. For example the local user pic is loaded from:

/dev_flash/vsh/resource/explore/user/000.png

But you can redirect it to load from USB for example:

/dev_usb/vsh/resource/explore/user/12345.png

The Cool Stuff

The retail PS3's registry contains all values to unlock the settings which are possible on a test/debug PS3 and even more like QA mode. We can enable those via the registry, but we won't see any effect in the XMB.

That is because we just UNLOCKED it, but different files on dev_flash handle what we can actually SEE in the XMB. So we need to modify them also to fully use debug options on a retail and more.

This can be done by mounting the dev_flash from USB. We need to do this as we can not write to the original dev_flash. So once we can load our customized dev_flash from USB and have modiified our registry, we have a nice way to load a our custom firmwares.

The Crash Report

The registry can contain an crash report which is seperatly splitted with another registry header as explained above. It contains system error messages, for example if you muck up your registry ;-)

PS3 Live USB CFW Theory

While the Jailbreak just changes mountpoints it should be possible to do the same for other places than the BDD, aswell.

For the JB, the drive is remounted @ HDD. So why not mount the dev_flash from USB?

Surely this is possible and I hope to see some action here soon!

So we would have a good solution to test and run custom firmwares as the brick risk is equal zero, because we can just unplug the USB device and the dev_flash is mounted as common - unchanged.



Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 82 Comments - Go to Forum Thread »

• Please Register at PS3News.com or Login to make comments on Site News articles. Thanks!

vandalj's Avatar
#67 - vandalj - 219w ago
Quote Originally Posted by laggmaster View Post
i don't think you guys are getting what i'm saying if you read the TOS the last few times you updated your firmware (all except that last one, 3.42, which didnt tell you anything when you updated it, atleast they didnt even show me the TOS) you would know that sony can scan your console any time they want as long as your connected to PSN.

They don't magically 'scan' your PS3, however they can send a request for information to the PS3 and the PS3 handles the request and replies, with the proper modifications to certain system files (aka Custom Firmware) the PS3 can then send the proper/acceptable message back as if it was an updated virgin PS3. As noted in one of the Math's tweets when you log (or attempt to) into PSN it sends system information and some logs, and either authenticates you with PSN successfully or rejects you.

So yeah just because they can doesn't mean they'll be able to find anything once proper patching measures have been taken.

MorPs3Kng's Avatar
#66 - MorPs3Kng - 219w ago
Quote Originally Posted by laggmaster View Post
there are tools to bypass firmware updates so you can still play online but if you attempt to go online with a jailbreak it is still posible for sony to ban you as you are using a jailbreak jig...


At this time Sony has blocked those. Hopefully a workaround is found in not too long.

laggmaster's Avatar
#65 - laggmaster - 219w ago
Quote Originally Posted by coobot View Post
Can't you just fool their servers into thinking you have 3.42 installed?

there are tools to bypass firmware updates so you can still play online but if you attempt to go online with a jailbreak it is still posible for sony to ban you as you are using a jailbreak jig... as long as they can detect the exploit they can ban you... that is if you connect to there servers... and the firmware bypass trick only works untill sony blocks it again, just like they did with 3.15 and previous firmwares... we were able to access by bypassing for a time then they shut us down server side...

i don't think you guys are getting what i'm saying if you read the TOS the last few times you updated your firmware (all except that last one, 3.42, which didnt tell you anything when you updated it, atleast they didnt even show me the TOS) you would know that sony can scan your console any time they want as long as your connected to PSN.

syphonlord's Avatar
#64 - syphonlord - 219w ago
Dug my custom firmware psp out the other week and was playing acopy game online with no problems not that,now my youngest son is always playin multiplayer maybe just lucky not botherd really about it getting banned.

(think they fixed this issue with the psps trying to connect to the network with custom firmware...)

coobot's Avatar
#63 - coobot - 219w ago
Can't you just fool their servers into thinking you have 3.42 installed?

Sponsored Links

Sponsored Links
Sponsored Links

Sponsored Links







Advertising - Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News