That's a great idea, but how would you switch out the "index.dat"?

mdog wrote:

but since the PSP and PS3's FW are similar

How?

If they were similar, we wouldnt be taking about how to hack the firmware would we?

Last edited by Joss (2008-01-22 04:05:32)

Lets not get ahead of ourselves here.

Update
I just read the "PS3 NAND Extractor Update & More!" story by CJPC and he explained that with some game modifying he was able to get games to run from the hard dive (external and internal)(on test PS3's only). This makes this theory more urgent for people like CJPC to look into.

lol, true. I think video proof is in order.

In order to flash DevKIT firmware to the PS3, you would need to resign the package.  When the firmware is done, is it signed, and also done a MD5 hash, along with the public Key.  When or IF you change 1 bit, just ONE BIT in side the pak, the MD5 is no longer valid, and the Firmware won't install. 

So, say you unpak a normal firmware, and put in DevKIT firmware, it won't work.  Sony made sure this can't be done conventionally, as in using their system update to do it.

The only way would be to use a flash kit, to force the firmware to be flashed into the NAND chips. This is similar to how MOD CHIPS are done, like with XBOX1, when you flash the on-board TSOP. You still got to know what goes where, because each flash or EEPROM usually has four banks, hence the nickname of EEPROM being called an E-square.  Most EEPROMs with four banks will contain the same information, so you can switch banks as a backup.  However, new O/Ss have seperate code in each bank, that is trigger/switched by the mainbaord when needed.  The XB1 Version 1.0 - 1.2 had 1 MB flash, with four banks.  Versions there up to V1.5 had 256k flash, and V1.6 and up they REMOVED the flash, and put the bios in ROM.  The 1.3 to v1.5 are CAKE to flash, two wire jumpers, and that's it!!  The 1.0 to 1.2 are not as easy, you need more jumpers, and another chip MFG required one more jumper.  Then, you could install a switch to boot STOCK or MOD by using the switch to change banks before powering up...  This is where Infectus comes in, and is not unlike the Modchip types used for XB1 that were soldered to the LPC bus.  This will do the same thing, except does not take over the PS3 functions, just allows for access and writing.

Another example of what they could use BANK switching for; boot start-up code, switch banks, then from the Chip, switch banks, then load the O/S from the other bank.  Once that is done, you can switch banks again to load the GUI, and so on.  The default bank can either have non classified code, or nothing at all.  This makes it a little harder for people to hack, because you need to put things where they belong.  It is only a matter of a few more steps, and the use of jumpers to switch banks, because the primary boot code will not be in the default bank, it WILL need triggered.  Or, the flash hit will have to switch banks for you, and all that stuff.

What you need to do FIRST, is WIKI EEPROM and read how they work...  Flash is the same, except it is a specific type of EEPROM that is erased FIRST, then programmed in large blocks; in early flash the entire chip had to be erased at once.  NAND FLASH uses tunnel injection for writing and tunnel release for erasing. NAND flash memory forms the core of the removable USB interface storage devices known as USB flash drives, as well as most memory card formats available today.

http://en.wikipedia.org/wiki/EEPROM
http://en.wikipedia.org/wiki/Flash_memory