Results 1 to 2 of 2

Thread: PS3 3.6x downgrade is now possible

  1. #1
    CDWells's Avatar
    CDWells is offline -Hacks Neophyte
    Join Date
    Jun 2011
    Rep Power

    Default PS3 3.6x downgrade is now possible


    I rarely post about the PS3, but this one is pretty big news since Sony managed to salvage their console from perpetual hacking, with their firmware 3.6 which seemed to fix some of the major issues in their security system.
    user dospiedras1973 of the Elotrolado forums shared a series of tools/techniques allowing anybody to downgrade a 3.6x PS3 (apparently, this works for the latest 3.66 too) back to a more CFW-friendly Firmware such as 3.55. This techique also allows to repair bricks from a failed waninkoko install.
    The technique involves using the InFeCtuS modchip, and is described in the source below. Some additional English help can be found on, but be warned that this is not an easy hack! Nevertheless hardware is always the first step, and if you have the guts it means you don’t have to stay on 3.6x

    Here is a full English translation by user Ghaleon B from ps3-hacks:

    Hello, I’ve been working on this project nearly for two months now and now that I got this working, I’m making this public so everyone can use it,this tutorial is for 256mb NAND flash consoles, It doesn’t mean that it doesn’t work on the 16mb model, It’s actually modified in a similar way as NOR flash models, but due to my fat 80gb with 16mb being busted, I haven’t been able to to test and verify.
    With infectus, we extract our NAND flash0.bin and flash1.bin and like Lukin’s tutorial for repairing bad NANDS, we do the same process until we have our 256mb flashfinal.bin dump file.
    We are going to open this file with a simple hex editor and search for this part:
    “00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0″
    You’ll see that there’s a very similar line just below, I find this data in offset 000C0020, depending on the NAND, results may vary and now the party begins
    we replace INCLUDING THAT LINE with the archive 1patchcos.bin if we use hxd put in the first 0 of that line -> Left click and paste writing, before you must have opened 1patchcos.bin on the hxd and copy in hex all it’s contents in order to paste it..
    Now were gonna search for the second archive to patch we search on the hxd in the dump file for this part:
    “00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40″
    Then we use the same patching method from the first archive to patch this one but with 2patchtrvk.bin and replace all the content including:
    “00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40″
    then with flowrebuilder, we use the “re-scramble” option on this dump to get our new flash0.ECC.bin and flash1.ECC.bin and we flash the result, when were finished, you’ll notice that the PS3 powers up but has a pretty black screen, now we get our “Jig” device, put the PS3 in Factory Service mode, load the typical lv2diag with the pup file that you want.
    Note: the first pup that you use will say as the minimal version, which you’ll be able to downgrade later, if you want to downgrade from 3.55 to 3.41, INSTALL 3.41 FIRST!!!, otherwise you have to do the ENTIRE procedure AGAIN!!
    then use lv2diag file 2 to exit service mode and DONE.
    NOTE:this method also works for Waninkoko’s brick including sem-001 motherboards (tested)
    Thanks to:
    the entire channel #darkps3 in the Hispanic irc for supporting me for so long
    austaquio32 for donating the infectus so I could carry on with my project
    Nodial2ne for his/her help localizing the archives in the nand
    robs1 for helping me during the process with ideas making this possible
    and everyone who was patient and didn’t harass me in private xD
    pack : -
    I’ve been unemployed for 4 years, whoever uninterested wants to donate something can contact me privately (sorry, but I got 2 kids and thePS3 doesn’t put bread on the table xD)
    or give me a job
    PS3′s that this method works on (Thanks pdnked):
    PS3 Fat:
    CECHA = 256MB
    CECHB = 256MB
    CECHC = 256MB
    CECHE = 256MB
    CECHG = 256MB

  • #2
    Demonchild's Avatar
    Demonchild is offline #thatguy -Hacks Titan
    Join Date
    Dec 2007
    Rep Power


    Posted already...

    Sent from my LG-P999 using Tapatalk

    Guide for M33 firmwares | Install DCv8 |PS3 Hacking Thread

    PSP: 6.60 PRO-B10 | PS3: 4.30 | Xbox: LT+ v3.0 [Li-On] | G2x: CM 7.2 Nightly

  • Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts