CFW on PS3 3000/4000?

B

BOLNICHKA39

Member

Attachments

  • Screenshot_20220511-092133.jpg
    Screenshot_20220511-092133.jpg
    565.8 KB · Views: 474
Berion said:
All PS3 consoles are flashable, but not all can be patched to install CFW.

And probably yes, if some exploit will be found in the future (easier to look from the bottom instead from the top ;]).
Click to expand...
I am not an English speaker so there are spelling issues. I meant that 3000/4000 consoles are not literally not flashable, but in the sense that cfw cannot be flashed on them. It's a pity that such a find was discovered only at the very end of the console's life. 10 years ago, this would have been super news
 
Look at this in other way: :) everything discovered in "active market life period" leads to changes blocking hacks (via firmware and/or hardware revision, like i.e disabled OSD Update in PS2 fw 2.30 in last models). So if anything will be found leading to CFW, it stays unpatched for almost every people and PS3 consoles forever - especially that Sony preparing to cut off PS3 from SEN for good like i.e PSP case, and from day to day players doesn't care about updates, even if they are/will be released.

So it is fantastic news TBH, nothing really to regret.

I don't have any of those "cursed models" but I'm mostly interested in getting ERK on them, especially on eMMC series to see how they solved "VHDD".
 
Berion said:
Look at this in other way: :) everything discovered in "active market life period" leads to changes blocking hacks (via firmware and/or hardware revision, like i.e disabled OSD Update in PS2 fw 2.30 in last models). So if anything will be found leading to CFW, it stays unpatched for almost every people and PS3 consoles forever - especially that Sony preparing to cut off PS3 from SEN for good like i.e PSP case, and from day to day players doesn't care about updates, even if they are/will be released.

So it is fantastic news TBH, nothing really to regret.

I don't have any of those "cursed models" but I'm mostly interested in getting ERK on them, especially on eMMC series to see how they solved "VHDD".
Click to expand...
Can you elaborate on the last sentence? What is VHDD?
 
@BOLNICHKA39 When Sony moved from 256MiB of NAND Flash memory to 16MiB of NOR Flash, they added additional partition on HDD which contains everything from eFlash section on NAND back then (plus some other stuff). It is called VFLASH (virtual flash). It is partition and simultaneously a device image (have its own partition table and partitions).

When Sony introduced models with "14GiB" of internal memory flash, they don't selling it with HDD and it doesn't have NAND or NOR Flash. Everything they have put on 16GiB eMMC. And to avoid increasing cost of R&D + QA, I believe (so it is not confirmed by anyone), they back to NAND design but with additional region which imitating HDD (so let's call it VHDD) just like they did with VFLASH (just inverse the idea).

But until we get the ERK (and in assumption encryption keys are calculated the same way and using the same IV and seeds, using the same algorithms as on Slims 25xx) we don't really know that. Since I'm passionate of data forensics of mass storage devices, I'm super interested in this.

This is how it looks like on fat and slim models with NOR (NAND don't have "ps3vflash" so "ps3hdd1" is in that case ps3hdd2, and 3 is 2 if I remember correct (I'm to lazy to look into my own tutorial to check ;p)):
https://www.psx-place.com/threads/tutorial-hdd-mounting-and-decryption-on-linux.23308/

tutorial_ps3hdd_mnt_linux_devmap-png.25488
 
Last edited:
Berion said:
Look at this in other way: :) everything discovered in "active market life period" leads to changes blocking hacks (via firmware and/or hardware revision, like i.e disabled OSD Update in PS2 fw 2.30 in last models). So if anything will be found leading to CFW, it stays unpatched for almost every people and PS3 consoles forever - especially that Sony preparing to cut off PS3 from SEN for good like i.e PSP case, and from day to day players doesn't care about updates, even if they are/will be released.

So it is fantastic news TBH, nothing really to regret.

I don't have any of those "cursed models" but I'm mostly interested in getting ERK on them, especially on eMMC series to see how they solved "VHDD".
Click to expand...
In any case, I heard that shortly after the release of ps4, Sony disbanded the ps3 team and therefore, after the release of hen for ps3, new software updates were released, but they could not completely close the vulnerability, because there were no those programmers who knew the architecture of the console well and could work with her. Therefore, even then it would be possible not to be afraid of eliminating the vulnerability. But those are just my thoughts.) In any case, the news is great and I look forward to following the development!)
 
Berion said:
@BOLNICHKA39 When Sony moved from 256MiB of NAND Flash memory to 16MiB of NOR Flash, they added additional partition on HDD which contains everything from eFlash section on NAND back then (plus some other stuff). It is called VFLASH (virtual flash). It is partition and simultaneously a device image (have its own partition table and partitions).

When Sony introduced models with "14GiB" of internal memory flash, they don't selling it with HDD and it doesn't have NAND or NOR Flash. Everything they have put on 16GiB eMMC. And to avoid increasing cost of R&D + QA, I believe (so it is not confirmed by anyone), they back to NAND design but with additional region which imitating HDD (so let's call it VHDD) just like they did with VFLASH (just inverse the idea).

But until we get the ERK (and in assumption encryption keys are calculated the same way and using the same IV and seeds, using the same algorithms as on Slims 25xx) we don't really know that. Since I'm passionate of data forensics of mass storage devices, I'm super interested in this.

This is how it looks like on fat and slim models with NOR (NAND don't have "ps3vflash" so "ps3hdd1" is in that case ps3hdd2, and 3 is 2 if I remember correct (I'm to lazy to look into my own tutorial to check ;p)):
https://www.psx-place.com/threads/tutorial-hdd-mounting-and-decryption-on-linux.23308/

tutorial_ps3hdd_mnt_linux_devmap-png.25488
Click to expand...
It seems I understand what you mean. I'm not as advanced in this regard as you, but I'm sure that there will be no problems with EMMC, and indeed problems with memory, because I'm sure that if hen gives functionality almost at the cfw level, now it's possible to make a payload with a working protection system, and it doesn't even bypass the protection, but it does so that the system thinks that this code is completely official and passes all license checks, and this, in theory, should make it possible to get direct access to the memory and firmware data. It may even be possible to make changes to fw that, after the change, will still be considered fully official by the console. Or it is possible to automatically replace the system files with cfw after starting the system, and thus boot into cfw from ofw. But I'm just an amateur, so I'm probably talking nonsense)
 
Berion said:
@BOLNICHKA39 When Sony moved from 256MiB of NAND Flash memory to 16MiB of NOR Flash, they added additional partition on HDD which contains everything from eFlash section on NAND back then (plus some other stuff). It is called VFLASH (virtual flash). It is partition and simultaneously a device image (have its own partition table and partitions).

When Sony introduced models with "14GiB" of internal memory flash, they don't selling it with HDD and it doesn't have NAND or NOR Flash. Everything they have put on 16GiB eMMC. And to avoid increasing cost of R&D + QA, I believe (so it is not confirmed by anyone), they back to NAND design but with additional region which imitating HDD (so let's call it VHDD) just like they did with VFLASH (just inverse the idea).

But until we get the ERK (and in assumption encryption keys are calculated the same way and using the same IV and seeds, using the same algorithms as on Slims 25xx) we don't really know that. Since I'm passionate of data forensics of mass storage devices, I'm super interested in this.

This is how it looks like on fat and slim models with NOR (NAND don't have "ps3vflash" so "ps3hdd1" is in that case ps3hdd2, and 3 is 2 if I remember correct (I'm to lazy to look into my own tutorial to check ;p)):
https://www.psx-place.com/threads/tutorial-hdd-mounting-and-decryption-on-linux.23308/

tutorial_ps3hdd_mnt_linux_devmap-png.25488
Click to expand...

That "VHDD" likes to die very often. I've found at least 3 SS with that fault. So the only option you have when that happens is to put a HDD. Luckily everything on that flash is safe except that partition, as you can go in safe mode without an issue. If you select the option "internal storage", the console literally will turn off after some seconds, like some cases of GLOD.
 
Berion said:
eMMC are often poor brothers of SSD so it is expecting of short life. Sony: "For the players!" :D
Click to expand...
But i guess it should use some kind of automatic bad block remapping, there is a controller inside the eMMC, im not sure of his purpose (probably is doing some kind of protocol conversion) but in my oppinion that feature for automatic bad block remapping should be another of his tasks
And in this case is not like in the mechanical HDDs where there is a limited amount of sectors availables to be remapped (and when you get rid of them the HDD cant fix any more phisical damaged sectors)
Being a flash storage (eMMC is based on NAND flash type) i guess there is no limit in the amount of sectors that could be remapped... so is just a matter of starting decreasing the size of that "Virtual HDD" region as much as needed and as many times as needed

I mean... in the paper what im saying sounds technically posible... but it seems is not completly failproof
 
@sandungas I don't know how it works on eMMC in PS3 but in case of "standard SSD" there is the same mechanism as on HDD with "backup sectors". Additionally there is something like over-provisioning which maybe it is parallel solution to the one what S.M.A.R.T counting. Yet for sure, remapping not works from i.e remapping less used blocks to damaged on SSD (and TBH why not? Sounds like great functionality expanding significantly device life). Quit interesting anyway! I hope one day we could decrypt those beats.
 
Maybe or maybe not will someone pickup on this but as of right now cannot cfw 3k/4k or even nobd them either. you'd be lucky to even get a replacement for those consoles.
 
[QUOTE = "RoboKing's Cosmos، post: 369199، member: 133928"] ربما أو ربما لا يستطيع شخص ما التقاط هذا ولكن اعتبارًا من الآن لا يمكنه cfw 3k / 4k أو حتى لا يمكنه ذلك أيضًا. ستكون محظوظًا حتى لو حصلت على بديل لوحدات التحكم هذه. [/ QUOTE]
I mean what do you mean. Is it likely that we will get CFW on these units soon? I did not understand your response
 
baky said:
[QUOTE = "RoboKing's Cosmos، post: 369199، member: 133928"] ربما أو ربما لا يستطيع شخص ما التقاط هذا ولكن اعتبارًا من الآن لا يمكنه cfw 3k / 4k أو حتى لا يمكنه ذلك أيضًا. ستكون محظوظًا حتى لو حصلت على بديل لوحدات التحكم هذه. [/ QUOTE]
I mean what do you mean. Is it likely that we will get CFW on these units soon? I did not understand your response
Click to expand...
We'll get CFW on those as soon as pigs fly.
 
You must log in or register to reply here.

Similar threads

Back
Top