(adsbygoogle = window.adsbygoogle || []).push({}); All credit is given to dospiedras1973 from elotrolado. This is his thread (i translated most of it ) Sources below!!

Ok, the purpose of this thread is to inform people on what we need to be able to do a cfw for 3.56+...

Step 1: Understanding how the system was first set up. (3.55> A security fail on Sony's part allowed us to be able to extract the keys from the PS3 FW using simple algebraic equations. Both the public and private keys could be generated which allowed us to decrypt and re-encrypt the PS3 firmware and modify it to run unsigned code. This security flaw was fixed in PS3 FW 3.56+
Ever since 3.56, the keys were changed and the private and public keys could not be calculated which is why we don't have a cfw for 3.56+. Also, the way we sign and validate pups has been thrown away with a new system that checks and verifies headers with a new system called spkg which is controlled by a module in coreos called spu_pkg_rvk_verifier.self, found in core_os_package.pkg

Step 2: Old System Boot
bootldr -> lv0
metldr ->lv1ldr,lv1,lv2ldr
lv2->lv2_kernel->vsh

New System Boot:
bootldr->lv0->Is sent to an isolated spu and decrpyted, lv1ldr lv1 lv2ldr is sent to ram decrypted, they then are loaded to->lv1ldr->lv1->lv2ldr->lv2
lv2->lv2_kernel->vsh
METLDR is not used...

Step 3:As Stated above, The new method is stored in the ram, decrypted. Is there a way to dump it? Yes, with dual boot :-D That is, installing 2 nor flashes or 4 nands (i think the 4 nands was a typo) and a switch to choose between them.

Now, with the switch in position 1, turn on and update the console to 3.61. Updated ok? Good.
Now, turn off the console and turn on with our flash #2 which we have on 3.55 but oops, surprise! its not starting...
Why? Simple, In syscon there is an eeprom that holds the last functional HASH from coreos that was installed (The latest was 3.61, remember).

Solution? Factory Mode, the mode on the console (if the jig) skips the syscon hash checks and use whatever has been installed on coreos, perfect. We need to drastically modify our 3.55 nand, replace lvl1 by a small code to dump the ram to a predetermined place and get the loaders and public keys.

Another Problem, when the ps3 is turned off the ram is cleared, if changing from 3.61 to 3.55. Solution? Yes.
Use a port on the processor that communicates with syscon called the cell reset line.
if we have our nand in position 1 and 3.60 loaded in the menu and give a pulse to the line of 60ns processor restarts, BUT NOT THE RAM, then quickly changed the switch to position 2 and voila your code will dump all the loaders and the rest of the ram 3.60 or 3.61 if done correctly.

If there are any errors advise me.

UPDATE: We cant get into factory mode on 3.60 so before updating to 3.60 on one nand, put it into factory mode on 3.55 or else there's no going back.

Original Source: You must login or register to view this content.
Boot order: You must login or register to view this content.
Pup verification: You must login or register to view this content.
**Credits to dospiedras1973 as he created this**

post 99 getting closing

Because of the number of leechers who do this:

Topic Title: 3.66/3.70 CFW?!

"Hi gaiz, well I wuz lookin round teh forum and I noticed that u guyz had cfw for 3.55 but not for 3.70 so can sum1 send me the link to download the new cfw plz guys thanks "

Now, this gets repeated numerous times a day, and gets ****ing annoying. That's why this was posted.

No. It won't. Lol.

Now it's possible to play catherine in 3.55 you know?

Yup basically, this section is full of leechers, who want 3.60+ CFW so they can hack MW2 and impress all their friends with their 1337 skills.

Guys, anything is possible, there's always a flaw to a program, you just need to figure out how you can manipulate it and use it against sony.