Building Custom Firmware for PS3

Jan 05, 2011

The 27th Chaos Communication Congress revealed the Epic Programming Fail on the PlayStation 3 security. Finally it turned out that Sony's ECDSA algorithm for signing apps use a random number generator which always returns the same number (No, I'm not kidding). The fail0verflow team, who found out this fail, used the following famous xkcd comic to describe Sony's ECDSA algorithm.

Random Number

fail0verflow demonstrated their work on AsbestOS, which is a bootloader for ps3 using which you can boot Linux on it. Currently this needs some wiring and soldering works but they have promised to release an easy to use tool sometime next month.

But kakaroto(the hacker behind aMsn and PL3 payload for psgroove) wasn't patient enough. He went on to develop some tools to create custom firmware for ps3. You can find the custom firmware generator code from here. Currently it works on Linux and Mac. For those who doesn't know how to use these tools, the following steps would help.

First of all checkout the tools developed by fail0verflow team and build it. You might need to install build-essential and zlib1g-dev packages if you are using Ubuntu (use sudo apt-get install).

mkdir ~/src
cd ~/src
git clone git://git.fail0verflow.com/ps3tools.git
cd ps3tools
make

Now checkout the firmware generator code from kakaroto's GitHub repository and use the official firmware update (PS3UPDAT.PUP) to create the CFW.

mkdir ~/.ps3
cd ~/.ps3
git clone https://github.com/kakaroto/ps3keys.git .
cd ~/src
git clone https://github.com/kakaroto/ps3utils.git
cd ps3utils
make
./create_cfw.sh PS3UPDAT.PUP CFW.PUP

You can rename this CFW.PUP to PS3UPDAT.PUP and copy it to PS3->UPDATE directory of your pendrive and update the ps3 from the XMB. Still, this CFW does nothing but shows the Install Application option on XMB. You still have to wait until the homebrews are signed and repackaged with the retail .pkg format to install on this firmware.

Codeception

Building Custom Firmware for PS3

Links