Many people have been wondering exactly what the differences are between Development and Retail PlayStation 3 Systems, and we figured now would be a great time to clarify these along with reporting some new findings.
Aside from the different hardware revisions of the PS3's motherboard, the systems are virtually the same as mentioned in previous posts. We have examined multiple PS3 TEST's, Retail PS3's, Demo Unit PS3's, and even Factory Mode PS3's, and found that there are no hardware differences between them at all.
Mind you, there are differences, but they are due to the hardware revision, not due to the systems themselves. To make that more clear, the units are identical to their counterparts of the same hardware revision.
So, the question is- what's the difference? Software!
We all know the difference is in the software, and after examining countless dumps from these systems, on top of flash dumps given to us by you, our loyal re... More »
Over the months there has been a lot of inaccurate information circulating in regards to how exactly the PlayStation 3's Service Mode works, and as promised in our previous Dev updates here are some of the facts to help separate the rumors and speculation.
It is a fairly simple process as follows.. For starters, the PS3 is powered off, and a special USB dongle, known as the Jig, is connected. The PS3 is then turned on, and then off, once it has detected the Jig.
After this occurs, the PS3 is then turned back on, into "Service" Mode. From here, the PS3 is re-flashed using a Firmware Update on a USB stick, specifically designed to only install from the Service Mode. Once the PS3 is re-flashed with the software, it is then used in conjunction with a PC running customized software, specifically the DEX.exe and CEX.exe's.
There are a multitude of special PS3 firmwares, basically three major ones. The first is a Core System, followed by the Service Sys... More »
1ra2 of PS3Gen (linked above) has discovered something quite interesting with the new PS3 Firmware 2.50. In the new firmware, a "hidden" Restore Menu has been added.
To access it, while the PS3 is in standby, hold the power button like you are doing a reset, but keep holding it down until there are two beeps, and you then can access it.
Now, don't get me wrong, I'm always a fan of any hidden menu, be it in a TV, a PS3, or even a washing machine. However this is more for the technically inept. A video of it is below:
Lets go over the options available. For those who can not read French, from top to bottom:
1. Restart System
2. Restore Default Settings
3. Restore File System
4. Rebuild Database
5. Restore PS3 System
6. System Update
Restart System and System update are quite self explanatory, you can restart the system or upgrade the PS3's f... More »
We recently purchased a new 80GB PlayStation 3 console, and our very own PS3 Dev Courier dissected his new system.
The item that peaked his interest the most was that it had one single 56-pin Flash chip, the S29GL128N90TFIR2, and was 128MB in size in contrast to older PS3 consoles utilizing dual (2x256MB) 48-pin chips totaling 512MB. So, he bought a new adapter, and some blank chips and proceeded to pull the 56-pin flash, and dumped it.
To our surprise, he was unable to dump more than 16MB of it! At first, we believed that the other blocks in the flash were protected via password, however there was something else brewing.
He took the 16MB dump that was made and flashed it onto a completly blank chip, and reinstalled it in the PS3.
To our surprise, it worked!
Now, if you recall, newer version PS3 Firmwares have ask... More »
From ReadMe: PS3 NAND FLOW REBUILDER v3.50 (including ECC Algo by RPS).
This tool allows to unscramble the blocks of a PS3 dumps ordering them in a way that the dumps become readable and extractable!
It also allow you to re-scramble back to the original order once you modified the data you wants, then from now on it include the ECC recalculation algorithm that was private until today.
It's for study and tests purposes, for experienced people only (devs) that this way can manage the files inside the flashes and patch sensible areas.
Well this week we have some exciting news that we hinted about last week.
First, a small technical explanation. We were not able to modify any data on the PS3's flash chips due to the ECC. The ECC is a checksum basically, that ensures whatever data is in the block is not changed or corrupted, and if it is it errors.
So, the problem was since when we tried to alter data, the ECC would then in turn be invalid, causing errors, making the system not boot.
We did develop a way around this, however, it was time consuming and quite slow. We used the PS3 to write data to the flash, then dump it, with its proper ECC, then rewrite to where we needed it. This would take hours on end! We were not able to regenerate the ECC since we did not know the proper algorithm.
But now, we can!!
After multiple tests done by NDT to see what the ECC... More »
Recently xorloser has released a PS3 NID Attack Tool for other PS3 Devs. To quote:
NidAttack was a tool created to work out PRX export/import names by dictionary attack. A PRX file is a DLL file for Playstation consoles; (Playstation Relocatable eXecutable ... maybe)
NidAttack was initially created by others to work out PSP export/import names and I have just altered it slightly to also calculate PS3 names.
Included is an xml database of all exports from PRX files found in the PS3 v2.30 system flash. Also present is a file with NIDs for just the unknown names, so these are the ones to use NidAttack on.
This is just a short post to let everyone know we're still alive. Its been a quiet summer, most people were off on vacation (or on holiday, for our friends across the pond), including many of our own PS3 Devs.
However, the summer is over and we all went back to work in full force on the PS3, adding some new and very talented Devs along the way who will be helping out!
For starters, our very own ggparallel spent the past month or so along with NDT testing countless edited PS3 Firmwares on the PS3, and has been able to drastically refine our knowledge of the PS3's bootup procedure.
Below is a clear flowchart of the current theory of operation, the basic procedure is the same as we previously posted, that the system is booted in a "chain" so to speak. LV0 loads lv1ldr, which loads lv1.self (the Hypervisor).
(28) 
