(adsbygoogle = window.adsbygoogle || []).push({}); All credit is given to dospiedras1973 from elotrolado. This is his thread (i translated most of it ) Sources below!!

Ok, the purpose of this thread is to inform people on what we need to be able to do a cfw for 3.56+...

Step 1: Understanding how the system was first set up. (3.55> A security fail on Sony's part allowed us to be able to extract the keys from the PS3 FW using simple algebraic equations. Both the public and private keys could be generated which allowed us to decrypt and re-encrypt the PS3 firmware and modify it to run unsigned code. This security flaw was fixed in PS3 FW 3.56+
Ever since 3.56, the keys were changed and the private and public keys could not be calculated which is why we don't have a cfw for 3.56+. Also, the way we sign and validate pups has been thrown away with a new system that checks and verifies headers with a new system called spkg which is controlled by a module in coreos called spu_pkg_rvk_verifier.self, found in core_os_package.pkg

Step 2: Old System Boot
bootldr -> lv0
metldr ->lv1ldr,lv1,lv2ldr
lv2->lv2_kernel->vsh

New System Boot:
bootldr->lv0->Is sent to an isolated spu and decrpyted, lv1ldr lv1 lv2ldr is sent to ram decrypted, they then are loaded to->lv1ldr->lv1->lv2ldr->lv2
lv2->lv2_kernel->vsh
METLDR is not used...

Step 3:As Stated above, The new method is stored in the ram, decrypted. Is there a way to dump it? Yes, with dual boot :-D That is, installing 2 nor flashes or 4 nands (i think the 4 nands was a typo) and a switch to choose between them.

Now, with the switch in position 1, turn on and update the console to 3.61. Updated ok? Good.
Now, turn off the console and turn on with our flash #2 which we have on 3.55 but oops, surprise! its not starting...
Why? Simple, In syscon there is an eeprom that holds the last functional HASH from coreos that was installed (The latest was 3.61, remember).

Solution? Factory Mode, the mode on the console (if the jig) skips the syscon hash checks and use whatever has been installed on coreos, perfect. We need to drastically modify our 3.55 nand, replace lvl1 by a small code to dump the ram to a predetermined place and get the loaders and public keys.

Another Problem, when the ps3 is turned off the ram is cleared, if changing from 3.61 to 3.55. Solution? Yes.
Use a port on the processor that communicates with syscon called the cell reset line.
if we have our nand in position 1 and 3.60 loaded in the menu and give a pulse to the line of 60ns processor restarts, BUT NOT THE RAM, then quickly changed the switch to position 2 and voila your code will dump all the loaders and the rest of the ram 3.60 or 3.61 if done correctly.

If there are any errors advise me.

UPDATE: We cant get into factory mode on 3.60 so before updating to 3.60 on one nand, put it into factory mode on 3.55 or else there's no going back.

Original Source: You must login or register to view this content.
Boot order: You must login or register to view this content.
Pup verification: You must login or register to view this content.
**Credits to dospiedras1973 as he created this**

1. 
   

ohhhhhhh thats how you do it..okay imma go make one real quick brb

Everyone already knows this....well at least they should by now:fyea:

Tell this to the kids who want to hack Mw2. They'll rage from the site that they know barely any of the words.

This is an Exploits and Hacks Forum, not a news forum. Why are you posting this here?

how is this news at all? He just explaining why we can't have a 3.56+ custom firmware. may not be the best explanation.. but it will keep those leeches away from the site ps3 exploit section asking for a 3.70 cfw everyday.

T.T thanks guys lol

I just want 3.60 CFW because I want to play games like shadows of the damned, catherine, and soon deus ex human revolution. WTF? I think I'm going to have to buy deus ex.

OMG... Why, even... Its so old..

Old, but nice as a *******er to show why sony fails