170w ago - Earlier today we reported on a preliminary PS3 flash and registry entry analysis from DemonHades and RichDevX, and now SKFU (linked above) has shared his input thus far.
To quote: Since PS3News released their PS3 FTP application I did some research on the PS3's registry.
The registry and it's backup are stored on dev_flash2 as xRegistry.sys.
BC AD AD BC 00 00 00 90 00 00 00 02 BC AD AD BC
Every entry has a fronttag which is 5 bytes long. I'll describe:
56 41 00 11 01
This is an example value:
Behind the value theres a 1 byte close mark:
The 5 bytes
The first 4 bytes are a unique but random number. Every value has it to be identified and found by the system as there is no special pattern. An sprx(?) finds every value by this 4 bytes.
56 41 00 11
The 5th byte can be 00, 01 or 02. 00 tagged values are actually activated/used by the VSH, 01 ones not. The 02 seems to mean "DO NEVER UNLOCK". For example the QA Mode is tagged with 02.
00 == unlocked/used/activated
01 == locked/unused/inactive
02 == never ment to be unlocked
The registry has a
AA BB CC DD EE
after the last value. Here the system stops to search for values.
Single values without tag
Some values are behind the stop tag spreaded randomly in the file it seems. I have no clue how the system finds those yet but here are some I found:
- your local username
- your language (f.e. eng for english)
- your PS3 system name
- URL to the information board online stored files
- HDD serial
- Board name
- your PSN username + password
- your WIFI network key
- your local IP
- your PSID
- path to local user pic
You can modify all those values as long as you don't change its size or adress. For example the local user pic is loaded from:
But you can redirect it to load from USB for example:
The Cool Stuff
The retail PS3's registry contains all values to unlock the settings which are possible on a test/debug PS3 and even more like QA mode. We can enable those via the registry, but we won't see any effect in the XMB.
That is because we just UNLOCKED it, but different files on dev_flash handle what we can actually SEE in the XMB. So we need to modify them also to fully use debug options on a retail and more.
This can be done by mounting the dev_flash from USB. We need to do this as we can not write to the original dev_flash. So once we can load our customized dev_flash from USB and have modiified our registry, we have a nice way to load a our custom firmwares.
The Crash Report
The registry can contain an crash report which is seperatly splitted with another registry header as explained above. It contains system error messages, for example if you muck up your registry ;-)
PS3 Live USB CFW Theory
While the Jailbreak just changes mountpoints it should be possible to do the same for other places than the BDD, aswell.
For the JB, the drive is remounted @ HDD. So why not mount the dev_flash from USB?
Surely this is possible and I hope to see some action here soon!
So we would have a good solution to test and run custom firmwares as the brick risk is equal zero, because we can just unplug the USB device and the dev_flash is mounted as common - unchanged.
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
No in all reality custom firmware would probably block sony FW updates, but not allow access to PSN services to avoid console bans...
we would probably be forced to use xlink kai or some other method of connecting and playing with each other... but that only works for games with LAN compatability...
ultimately i would like to see someone create a custom psn server that would emulate psn and allow people to play all thier games online with each other (providing that they are on hacked ps3s) but unfortunately that would require someone to have the code for the original psn servers...
imo the most logical way to proceed would be to just reroute the paths to the original files for everything that we want to change.
for example instead of booting from /dev_flash/ have it boot from /dev_cflash/ on the hd or something, where we could have our custom files etc. this should be easily accomplished with the current jailbreak exploit since it already reroutes the blu ray mount path.
this reminds me of devhook for the psp...something like that for the ps3 would definitely be a step in the right direction, as im sure sony will implement new games requiring higher firmwares to play
It will eliminate the need to update to Sony's 3.42 and onward, however there's still work to be done like decrypting Sony's PUP files, repacking them, and then modifying the update procedure to pass the repacked update.
The wheels are definitely in motion now, and it's only a matter of time.
Hi All! I'am SysAdmin, but very bad programmer (and lazy too)) I have some ideas about this theme....(Simply i'am want all ability of PS3 Linux)
1. I think if made homebrew on a Linux Kernel PPC.
2. Get root right on PS3.
3. Kill XMB processes or made a "XMB sandbox" with all process control. Role of this sandbox like a HV (root on Host System), and XMB on Guest System.
Update FW from PSN? - no problem! In a XMB Guest System ALL dev_% emulated, but hv-devices (bdr, usb, lan, wi-fi, cardreader and etc.) have transparent access from XMB Guest. (if #1 will soon come, i'am start work on #2, that my profile
Sounds really fantastic? I'm not think that... I'm think realistic!