PS3 v3.70 downgrade method released!

[TLSS_N]

modrobert writes: "Dospiedras1973 over at elotrolado.net (Google translated to English) has posted a method how to downgrade PS3 fat and slim models with original firmware v3.70 to kmeaw CFW v3.55 by changing the NOR flash contents. Here's a brief summary of the steps involved; dump the NOR flash using a hardware flasher (Eg. NORway on Teensy++ 2.0, Progskeet or Infectus), modify the dump to enable factory service mode, write the modified binary back to NOR flash, downgrade to CFW v3.55 kmeaw."[/p]

Spoiler: Updated translation

Hello everyone, i finally got it, we have a downgrader for slims consoles , this time a bit different that i did with fat models, i made it by the two flashers, progskeet and teensy ++,dope

ÂÂÂÂWe need:
ÂÂÂÂfat or slim console with nor updated to 3.70 “DO NOT TRY With ANOTHER VERSION”Solution to write and read the nor of the console ( flasher progskeet or teensy + +)
ÂÂÂÂhxd program (which I use to edit hex)
ÂÂÂÂFlowRebuilder v.4.1.3.2
ÂÂÂÂa cold beer (this is important)
ÂÂÂÂHttp://pastebin.com/yuvJ5Leh Downgrade.bin

ÂÂÂÂFirst we dump our NOR with a flasher, the file size must be “16,777,216 bytes” no byte more or a byte less, take several to be absolutely sure of what you do..get the dump “example jakemcallister.bin”and we have to get it in flowrebuilder to make it readable,the option is called bytereverse dump and extract

ÂÂÂÂwe do it and we will have a file but the extension will be bin.REV open it with the hxd and take out our personal data of the console EID, BOOTLOADER, CSID and METLDR

ÂÂÂÂno need to put more data
ÂÂÂÂWe get it with the following way:in this case we get our METLDR in our prepatched image for downgrade attached in this tutorial
ÂÂÂÂinside the folder where flowrebuilder had placed our.rev also has created another folder called “nameofthedump.EXT”in there are our personal files of our console and we need to get some to place em inside the pre-patched image that i attached

ÂÂÂÂOpen the hxd and open downgrade.bin and the metldr file that is inside the folder asecure_loader, we pick the tab on the hxd metldr and copy all the HEX content to get in inside the downgrade.bin
ÂÂÂÂpress control + g and write “820?thats the position of the metldr right click on the first line of the position 820
ÂÂÂÂAnd choose “paste writing” and in the same way we introduce the other ones
ÂÂÂÂthe files to get in are
ÂÂÂÂ:METLDR: offset“810? size “E960?
ÂÂÂÂBOOTLOADER_0 Offset“FC0000? size “40000?
ÂÂÂÂEID: Offset “2F000? size “10000?
ÂÂÂÂCISD: Offset“3F000? size “800?

ÂÂÂÂthen we take the downgrade.bin with the saved changes and we get in flowrebuilder with the option bytereverse dump and extract
ÂÂÂÂThis time the program will give us a error, but is a normal error, in fact is okay and will give us a file called downgrade.bin.REV

ÂÂÂÂAnd thats the file you have to get in in the “flash” console
ÂÂÂÂif all went well at writing ,turn on the console and you will see in the screen press the ps button or in English push ps button, DONT PRESS ANYTHING, turn off the console and put it in factory service mode, once done we need to put the correct file system for 3.55 lv2diag of jaicrab without reader and a special cfw

ÂÂÂÂlv2diag:http://www.logic-sunrise.com/telecharge … icrab.html
ÂÂÂÂcfw: http://pastebin.com/03MFDLGV turn onthe console with the usbstick with these two files in the right usb port (in the last) of the console and it will shut down for 10 / 15 minutes, turn on the console without any usb connected to verify that you did it correctly it will take you to xmb,
ÂÂÂÂIf all went well turn off the console and put your lv2diag
ÂÂÂÂFILE2 of this pack:http://pastebin.com/gGETcxMR

ÂÂÂÂthe console will turn on for 20 seconds will turn off itself and CONGRATULATIONS you have your console in functional 100% and kmeaw cfw 3.55 100%

ÂÂÂÂThanks to
ÂÂÂÂ:D iGiTaLAnGeL (Tester with progskeet)
ÂÂÂÂGlevand & mfw builder team (cfw)
ÂÂÂÂNDT (Assistant) is a very good person
ÂÂÂÂJaiCraB (lv2diag without reader)
ÂÂÂÂRobs1 (my guide with the nor flash)
ÂÂÂÂEussNL (his great support in the wiki that I use every day PS3DEVWIKI.COM)
ÂÂÂÂDefyboy (for creating ps3devwiki)
ÂÂÂÂTo the whole channel darkps3 from irc-hispano.org for their support and many hours of testing we have hit hard mother****ers!
ÂÂÂÂDemonHades (because if you had not post on your website with the lie you said about me, I had not met DigitalAngel or uf6667and these two helped me a lot)

ÂÂÂÂand finally to the people who asked me in private to place a donate paypal button

ÂÂÂÂgreetings and from now on i will resume my work with the dual nand and that dump 3.6x that gives me so many problems hehehe

ÂÂÂÂIve updated the position of METLDR that was misplaced offset 810 ” e960?size

Source

 

[airpirate545]

is this real life

 

[Nathan Drake]

is this real life

Is this just fantasy?

On topic: Interesting stuff.

 

[jan777]

Ahh. good that the ps3 scene is still alive.

but this method is not noob-friendly, so.. wont be much use to most of the community.

 

[TLSS_N]

Ahh. good that the ps3 scene is still alive.

but this method is not noob-friendly, so.. wont be much use to most of the community.

I wonder if they dropped this just to screw with sony.

Sony:"ps3 now 50 dollars cheaper"!

Hackers:"ps3 hack incoming, get your systems while you can"!!

 

[ChaosBoi]

Hm. Will this work on a bricked 3.56 (By this I mean the PS3's inability to read HDDs)? Or will I have to have a working PS3 that can get into the XMB?

 

[Hydreigon]

Hmm..interesting... I'm still curious as to why you would need a beer, though.

 

[Heran Bago]

Hmm..interesting... I'm still curious as to why you would need a beer, though.

It's pretty hard to do the rest of the process without the beer. Ever used a soldering iron?

 

[FireGrey]

Question, do you need any of those special crap that you have to buy?
Or can i just use any old USB

 

[Langin]

Question, do you need any of those special crap that you have to buy?
Or can i just use any old USB

Yeah I also want to know this

 

[raulpica]

Question, do you need any of those special crap that you have to buy?
Or can i just use any old USB

Yeah I also want to know this

Obviously you need a soldering iron of exceptional quality (trust me, those pesky solderings for the NOR are hell to newbies) and a really steady hand.

You also need an Infectus/Teensy++ or some other way to dump the NOR.

Here's a nice pic. And this is just the Teensy++ part.

Spoiler

The NOR solder points are EVEN worse.

Spoiler

Remember, you have to be HIGHLY skilled to do this. Otherwise you're 100% certain of killing your PS3 in the process.

 

[FireGrey]

Then why bother if it's this complicated?
Sheesh i like Wii hacking more.
Stupid sony why did they have to patch everything up

 

[Langin]

Waaaaahhhh -.- thanks for the info Raulpica!

Damn I am not going to do this.

 

[Cyan]

There's a good es-en translation on PS3hax.net : http://www.ps3hax.net/2011/08/downgrade-fo...-firmware-3-70/
(they just need to fix a link, check the elotrolado source if you want the modified lv2diag to disable bluray. Attention, don't use LV2diag on unmodified NOR, you can't exit service mode on 3.56+).


If it's becoming more popular, like being the only method to hack the PS3 past 3.55, I guess there will be solderless modchips.
There's already a project for the Progskeet solderless, you still need to solder the programmer chipset to the "chipset hat", but it's far less complicated.
It will certainly become a real no solder if there are high demands.

 

[FAST6191]

Then why bother if it's this complicated?
Sheesh i like Wii hacking more.
Stupid sony why did they have to patch everything up

If there was going to be a post to induce a *twitch* this would probably do it.
It might look complicated but someone well versed in soldering could pull that off easily enough (personally I would fire up the hot air station). Just for reference you can buy a teensy with header pins on it and although I am not 100% certain most of those solder points look like pads or vias- no trace or pin soldering.
Wii stuff- I am kind of shocked hardware methods did not take off there (a quick scan of the stuff done in that world says it would be quite easy).
As for Sony- a company attempting to protect their devices... say it ain't so.


Anyhow great news. I am not sure I want to "sacrifice" my teensy for that (although to be fair I am using mine mainly as a toy) but it is good to know it can be done.

 

[Cyan]

Then why bother if it's this complicated?
Sheesh i like Wii hacking more.
Stupid sony why did they have to patch everything up

Also, I would like to add that hacking became popular only this generation with DS and Wii, because it's sooo easy.
Buy a flashcard, done.
connect HDD to Wii, done.
People of every age are doing it (I know 5-7 years old kids, and 80+ years old gramps using flashcards).

Old console's hack needed modchips, PS2 has something like 15~20 wires, etc.
now hackers try to make it easier, like swap magic, Mcboot, etc. but few years ago it was only the "hard way".
PS3 is just back to sources.

 

[shakirmoledina]

the guys here are temp are fast... i just read yest that the info will be posted soon and wow its here today
they were stressing on using the progskeet and hopefully even the new so-called unhackable ps3 will be hackable with this hardware

i still wish to wait for a software method for downgrade over any hardware one thats because ppl charge 100$ for softmod on ps3 (hardly anyone knows about it here) so u can imagine the hardware mod cost

 

[TLSS_N]

Hm. Will this work on a bricked 3.56 (By this I mean the PS3's inability to read HDDs)? Or will I have to have a working PS3 that can get into the XMB?

I am not sure about this, I saw a while back a way to unbrick ps3's but, I am not sure if this will work with that method. Might try connecting to irc and asking.

 

[Lube_Skyballer]

is this real life

Is this just fantasy?

Caught in a landslide
No escape from reality



(lol. just couldn't resist

)

 

[KingAsix]

There's is no point of my hacking my PS3 unless I can play online with it without me getting ban or some ish. Though if I can reverse this I MAY give it a shot