Softmod

Last updated

A softmod is a method of using software to modify the intended behavior of hardware, such as video cards, sound cards, or game consoles in a way that can overcome restrictions of the firmware, or install custom firmware. [1]

Contents

Video card softmods

Video cards that can be modified using software to faster versions (without regard to clock speed) usually contain mostly the same hardware. Softmodding a card should not include changing the video card's BIOS, as that is a BIOS flash.[ citation needed ] Currently only four softmods are known,[ citation needed ] a Radeon 9500 NP to a 9500 Pro (128 bit) or 9700 (256 bit), a Radeon 9800SE (with 256-bit L-shaped memory layout on the PCB) to a Radeon 9800 Pro, a GeForce 6200 to a 6600, and a GeForce 6800NU to a 6800GT. The act of a softmod usually enables pixel rendering pipelines, though may also include other enhancements. A softmodded card may not always reach the same performance as the real card it has been changed to, but the difference should be very little; and generally not noticeable. The softmodding is not guaranteed to always work; sometimes the pipelines have been disabled for a reason, e.g., a defect that produces artifacts when enabled.

Softmods for Xbox

Softmods for Xbox used to include a font exploit installed through exploits in savegame code for MechAssault , Splinter Cell , 007: Agent Under Fire , and Tony Hawk's Pro Skater 4 . Usage of the Splinter Cell or Tony Hawk's Pro Skater 4 disc is generally recommended as any version of the game will run the exploit, whereas certain production runs of Mechassault and Agent Under Fire are needed to use the exploit. Originally, via a piece of software called "MechInstaller" created by members of the Xbox-linux team, an additional option could be added to the Xbox Dashboard for booting Linux. The Font-hack works by exploiting a buffer underflow in the Xbox font loader which is part of the dashboard. Unfortunately, since the Xbox requires the clock to be valid and the dashboard itself is where you set the clock there is problem if the RTC backup capacitor discharges. The Xbox will detect that the clock isn't set and therefore force the dashboard to be loaded which then promptly reboots due to the buffer overflow exploit. Upon restarting, the Xbox detects the clock is invalid and the process repeats. This became known as the infamous "clockloop". [2]

Softmod for Xbox 360

There is no whole-system (that will allow full root access and installing homebrew) softmod for Xbox 360 consoles. However, ways were found to modify the firmware of the DVD drive of the console. This allows the system to play games from "backup" (non-original) game discs. This requires opening of the console but no additional hardware such as a modchip is permanently installed into the system. Microsoft responded by introducing console ban system. If the data stream from the DVD drive indicated signs of unauthorized use, Microsoft would permanently ban the console from using Xbox Live service. The ban never expires and can only be fixed by purchasing another console. Other measures, such as introducing new hardware revisions to prevent modifications and checking/updating the drive firmware during dashboard updates, have been made too.

Softmods for PlayStation Portable

Much like the Xbox, it is possible to softmod almost any PSP. Using various exploits (such as the TIFF exploit or specially crafted savegames from games such as Grand Theft Auto: Liberty City Stories , Lumines , and later GripShift ) or original unprotected firmware, the user can run a modified version of the PSPs updater, that will install custom firmware. This newer firmware allows the booting of ISOs, as well as running unauthorized (homebrew) code. A popular way of running homebrew code to softmod the PSP is by using the Infinity method.

Softmods for PlayStation Vita

Softmods for Wii

Wii softmodding is also closely related to the methods used to softmod Xboxes and PSPs. The first known method of loading unsigned code on a Wii (without a hardware mod) is known as the Twilight hack. This allowed users to run unsigned .dol/.elf files. The exploit was superseded by the development of Bannerbomb, which allows a user to run unsigned code on the console without relying on an exploit within a game. Bannerbomb works by using a malformed banner to inject a loader program into the Wii Menu program in memory. As the Wii Menu crashes, an unsigned executable is executed. Bannerbomb was superseded by Letterbomb, which uses a glitch in the Wii Message Board to crash the Wii Menu and load the .dol/elf file, allowing the user to install the Homebrew Channel.

These types of exploits have enabled the development and use of third-party homebrew applications, such as the Homebrew Channel, third-party games, media players, and many others. It can also be used to launch game backups, and opened the door to videogame copyright infringement. The Wii homebrew community generally discourages the use of the term "softmod" to refer to Wii homebrew in general, as it is considered to have negative connotations due to its association with copyright violation. As hardware modifications do not help the use of third-party software due to the console's security architecture, software modification is implied whenever homebrew software is in use. The term is therefore used to refer to software modifications that perform the same function as existing hardware modifications, that is, those that enable the use of copied games.

Softmods for Wii U

The Wii U can be softmodded with various exploits. As of February 2024 the easiest way to softmod a Wii U is by using the DNSpresso exploit which leverages several bugs in the network stack, and achieves kernel access, in addition to having a specially crafted SD card inserted. This works on the latest firmware revisions. This in turn can be used to install CFW (custom firmware). Currently the most supported CFW is Aroma. Other choices of CFW are Mocha, Haxchi, and Tiramasu.

Softmodding a Wii U allows users to run homebrew, load game backups, bypass region checks, and change fan and CPU/GPU speeds. Notably, the Wii U is backwards compatible with Wii games (vWii), however softmodding also unlocks backwards compatibility with GameCube games like its predecessor, as the hardware required to emulate is present on the motherboard - despite this, Nintendo did not implement GameCube disc reading for the Wii U, effectively disabling this backwards compatibility.

USB storage can be used to store games; this is the only way to store and play Wii U games outside of the internal memory. Wii and GameCube games can be played if stored on the specially crafted SD card used to softmod the Wii U, or if they are stored on USB storage.

Previously, a few Virtual DS games could be exploited with specially crafted savegames to install a permanent CFW which is active as soon as the console powers on. However, after the eShop closure this method is now impossible to do unless the game was downloaded pre closure.

Softmods for PlayStation / PsOne

The original PlayStation can be softmodded with the TonyHax exploit. [3] The exploit is compatible with all North American and European consoles except the launch model (SCPH-100x), but is not compatible with Japanese consoles. It is also compatible with early versions of the PlayStation 2 (SCPH-3900x or older), although only for booting PS1 discs. TonyHax can be booted either with a gamesave exploit (usually Tony Hawk's Pro Skater 2, 3, or 4, hence the name, but several other games are also supported), or except on the PS2, directly from a specially-flashed memory card. The exploit allows the console to boot homebrew, foreign-region games, and CD-R copies. Some PlayStation models are partially incompatible (slow load times, skipping audio and video) with phthalocyanine CD-Rs, preferring the older standard cyanine discs. TonyHax is not a permanent exploit; the drive is re-locked when the console is powered off or rebooted, requiring the user to re-load the exploit every time a CD-R or foreign game is booted.

An older method was to boot an original legitimate disc with the lid close sense button held down, quickly swap the disc with a CD-R copy or foreign disc, remove that disc and reinsert the original, and then swap for the CD-R or foreign disc again. This had to be carefully timed, and if done incorrectly could damage the drive or disc(s).

Softmods for PlayStation 2

The PlayStation 2 has various methods of achieving a softmod.

Disc swapping was used early on to bypass the PlayStation 2 copy protection, by taking advantage of certain trigger discs such as 007: Agent Under Fire or Swap Magic, homebrew could be loaded. This was done by inserting the trigger disc, blocking the lid open sensor then hotswapping with a homebrew disc. Although difficult to execute correctly, the universality of the method was often used in order to softmod.

One of the earliest softmods developed - the Independence Exploit - allows the PlayStation 2 to run homebrew by exploiting a buffer overflow in the BIOS code responsible for loading original PlayStation games. This method, however, only works on models V10 and lower, excluding the PlayStation 2 slim, while still requiring a disc to be burned. [4]

FreeMcBoot is an exploit that works on all models except the SCPH-9000x series with BIOS v2.30 and up. [5] It requires no trigger disc and is able to directly load ELFs from the memory card.

Fortuna, Funtuna, and Opentuna are another form of memory card exploit. Unlike FreeMcBoot, they will work on the SCPH-9000x model, and they are compatible with third-party memory cards that do not support MagicGate.

HD Loader is an exploit for PS2 models with the hard drive peripheral.

FreeDVDBoot is an exploit discovered in 2020 that requires burning a disc image loaded with a payload onto a DVD-R. It is compatible with a range of PlayStation 2 models and works by exploiting a buffer overflow in the PS2's DVD video functionality. [6]

MechaPwn [7] is an exploit that permanently unlocks the DVD drive of the slim PS2 (and some later revisions of the fat PS2), allowing PS1 and PS2 discs from any region to be booted. PS1 CD-R copies can be booted directly from the PS2's built-in menu; PS2 CD-R/DVD-R copies require additional software to bypass the PlayStation 2 logo check.

Softmods for PlayStation 3

The PlayStation 3 has a couple of methods to achieve a softmod. They rely on WebKit vulnerabilities in the PS3 Web Browser. All models of PS3 can be softmodded regardless of model.

Consoles that have factory installed (minimum firmware) of version 3.55 or less can be exploited to be flashed with custom firmware (unofficial firmware). This includes all "fat" and "slim" 20xx and 21xx models. Slim 25xx models may be exploitable, but only if their date code is 0D or less; sometimes date code 1A consoles may be on factory installed 3.55, however this should not be relied on. Slim 30xx and all "super slim" models cannot be exploited. These guidelines assume a console has not been taken to Sony to be serviced, as Sony may update the factory installed firmware. Custom firmware can be flashed using either a modchip or a WebKit exploit, which patches the current firmware and forces the console to "downgrade" which in ordinary circumstances would not be possible. Custom firmware grants complete control over the console, having access to LV0 (bootloader), LV1 (hypervisor), and LV2 (kernel). This allows users to run homebrew, load game backups, bypass region checks, change fan and CELL/RSX speeds, grant access to root keys, as well as run PS2 ISOs on unsupported backwards compatible models. Some custom firmware implementations reinstate features Sony removed such as "OtherOS".

Another popular softmod is PS3HEN. This softmod uses a WebKit exploit to install a signed file through the PS3 Web Browser, then uses another WebKit exploit as well as kernel exploit which grants LV2 kernel access when executed. As opposed to custom firmware, this is a tether softmod meaning PS3HEN has to be activated every time the console is powered on, however it supports all models of PS3 consoles. Users on official firmware 4.84 or later need to install hybrid firmware (another type of unofficial firmware), as Sony only removed the WebKit entry point but hybrid firmware reinstates it. This softmod shares a lot of custom firmware features - users can run homebrew, load backups of games, bypass region checks, and change fan speeds. The unofficial PS2 backwards compatibility is diminished as users can only run PS2 Classics encrypted PKGs instead of ISOs. The hypervisor is still intact and periodically checks if the current code being run is unsigned, there is a small chance if the current code is unsigned, it can lead to the console becoming unresponsive or shutting down, making it less stable than custom firmware.

Softmods for PlayStation 4

The PlayStation 4 has ways to achieve a softmod. They rely on WebKit vulnerabilities in the PS4 Web Browser combined with a kernel exploit. All models of PS4 can be softmodded. They are all tether exploits meaning they have to be performed every time the console is powered on, although some exploits may be persisted using rest mode.

Softmodding a PS4 allows users to run homebrew, load game backups, bypass region checks, and change fan and CPU/GPU speeds. Some payloads can boot the PS4 into a Linux distribution, although this is not permanent and the console will revert to Orbis OS on reboot.

Notable firmware revisions that result in a softmod are: 1.76, 4.05, 4.74, 5.05/5.07, 6.72, 7.02, 7.55, 9.00, with 5.05/5.07 being the most stable and 9.00 the most stable after that. It is worth noting unlike the other exploits, the 9.00 exploit requires inserting a specially crafted USB flash drive into the console.

In February 2024, security researcher theflow announced [8] that he would present a new PS4 jailbreak proof of concept at TyphoonCon (a security conference) in May 2024. Moreover, the exploit used is unique in that it does not require a userland entry point (such as WebKit), implicating that firmware up to 11.00 is vulnerable.

Softmods for PlayStation 5

The PlayStation 5 has ways to achieve a softmod. They rely on a userland exploit, which can be either WebKit vulnerabilities in the PS5 Web Browser, a specially crafted Blu-ray disc, or a PS4 savegame exploit, that is combined with a kernel (and optionally hypervisor) exploit. A HV (hypervisor) exploit has not been publicly disclosed, however there are userland and kernel exploit chains which operate within the constraints of the HV and XOM (execute only memory) being active that partially unlocks privileged parts of the system. They are all tether exploits meaning they have to be performed every time the console is powered on, although some exploits may be persisted using rest mode.

Softmodding a PS5 allows users to run homebrew, load game backups, modify the PS4 backwards compatibility blacklist, run PS4 "FPKGs" (including PS4 homebrew and PS1/PS2/PS4 game backups), change fan speeds, and spoof firmware (which allows the install of games that require an update patch, and can also block updates). However, firmware spoofing will not allow games above the console's true firmware revision to load without the required update patch.

Compared to its predecessor the PS4, a userland and kernel exploit would have been enough to accomplish what is generally regarded as a true jailbreak as the PS4 softmods work by patching the kernel, however the PS5 has added security measures in comparison, mainly a HV and XOM which do not allow kernel patching without a hypervisor exploit, and also makes reverse engineering much more difficult. Despite this, several HENs (Homebrew ENablers) have been made that operate within the constraints of the HV and XOM to run unsigned code, defeating enough security to enable a homebrew environment.

Firmware 3.00 to 4.51 is vulnerable to a userland and kernel exploit chain. No publicly known chain fully compromises the hypervisor.

The IPv6 kernel exploit (which led to the PS4 6.72 firmware jailbreak) was patched on the PS4 a few months prior to the release of the PS5, which was reintroduced on the PS5 with 3.00 firmware and affected up to 4.51 firmware. This is the most commonly used kernel exploit in order to softmod a PS5. The exFAT filesystem kernel exploit that affected PS4 firmware up to 9.00 also affected PS5 firmware up to 4.03, however due to additional protections on the PS5 it is not possible to use this to softmod the PS5.

In June 2023, a payload called libhijacker [9] was disclosed, becoming a reliable method of running homebrew and partially circumvents the HV in order to run homebrew, which works by creating a new, separate process by interacting with the PS5's Daemon, effectively acting as a background ELF loader. This is notable over previous ELF loaders such as the WebKit or Blu-ray methods since those ELF loaders were terminated when the corresponding process was stopped. Another advantage of this new method is that the newly separate process is not confined to the fixed maximum resource allocation of the WebKit or BD-J processes.

In July 2023, scene developer Flat_z disclosed [10] that they had read access to the PS5's Platform Secure Processor (PSP) which is one of the most protected parts of the system and contains crucial keys for decryption. In addition, they also confirmed they had successfully exploited the HV via a PS4 save game exploit chain. Flat_z said he does not intend to disclose his findings publicly, however he is using these exploits to further reverse engineer the PS5 now that he is able to decrypt more parts of the system.

In November 2023, scene developer LightningMods disclosed [11] that they had managed to load and play a retail PS5 game backup.

In December 2023, scene developer LightningMods updated his Itemzflow homebrew app to support loading PS5 game backups.

Softmods for Nintendo DS

Softmods for Nintendo 2DS/3DS

The Nintendo 3DS (and its Nintendo 2DS sibling) have become some of the most popular console platforms to softmod, as the procedure requires only the 2DS/3DS itself, and modifying its microSD card. All models of 3DS and 2DS can be softmodded, including the 'New' refresh models. Since the closure of the Nintendo eShop for the 2DS/3DS, softmodding has become popular in order to reinstate features that are now officially defunct.

The most well developed and commonly used CFW (Custom Firmware) is known as Luma3DS. It contains features such as EmuNAND (NAND redirection), running non-system menu payloads on boot, and installing homebrew titles to the main menu. A popular homebrew app used for piracy, known as Freeshop, [12] was shut down by Nintendo with firmware 11.8 by requiring a title key authorization on the Eshop download servers, thus making all NUS downloaders [13] for the 2DS/3DS to no longer function.

Softmods for Nintendo Switch

Early versions of the Nintendo Switch known as "V1 Unpatched" are vulnerable to a Recovery Mode (RCM) hardware exploit by holding the Volume Up button, Power button, and a mystery button, which boots the device into RCM, then connecting by USB to another device which is able to push payloads. This was an oversight as RCM was intended to be used by Nintendo to service consoles and not the consumer themselves. It was discovered the mystery button could be emulated by shorting the pin on the right JoyCon rail, initializing Recovery Mode. Once in this mode, an additional flaw in the Switch USB drivers can be exploited to push payloads via USB to a Switch while in RCM. The RCM exploit is hardware based so any version of firmware on these "V1 Unpatched" is vulnerable.

Some firmware revisions have had a limited number of softmods emerge, although if updated the exploits will have been patched.

The softmods allow running homebrew, installing custom firmware (RCM exploit), bypass region checks, load game backups, and change fan and CPU/GPU speeds. With the RCM exploit it is also possible to install an Android distribution as an additional boot option, in which the device becomes much more versatile for cross platform play (such as the Xbox Game Pass), allowing games from other platforms to be played. The JoyCons are fully functional in an Android environment, making it a strong competitor for tablet gaming.

Nintendo has put safeguards in place where if a console tries to connect to a Nintendo server with a modified bootloader, or an unauthorised copy of a game is currently loaded, the device will be either bricked instantly, or eventually bricked after sending telemetry data to Nintendo servers. Once bricked, the console will be fingerprinted by Nintendo and will never be able to access a Nintendo server again, blocking access to the eShop, online play, amongst other features.

In December 2023, a group of hackers unveiled the first flash cartridge for the Switch, dubbed the Mig Switch. This cartridge accepts a microSD card that contains game backups, and the user can alternate between the loaded game by re-inserting the cartridge. It is not currently known if backup games loaded via the cartridge will risk the console being banned if the user is online. Mig Switch works on all models and firmware, partially defeating some of the security in order to play game backups, and also run homebrew.

Computer DVD drives

Some DVD drives, such as those made by Lite-on, can be softmodded to ignore region coding, allow clearing of the drive's learned media calibration data, and enable DVD+R to DVD-ROM book type coding that is persistent across reboots. This is distinct from cross-flashing the drive or installing unofficial firmware, and does not modify the drive's firmware. [14]

Related Research Articles

<span class="mw-page-title-main">Modchip</span> Device used to disable artificial restrictions in video game consoles

A modchip is a small electronic device used to alter or disable artificial restrictions of computers or entertainment devices. Modchips are mainly used in video game consoles, but also in some DVD or Blu-ray players. They introduce various modifications to its host system's function, including the circumvention of region coding, digital rights management, and copy protection checks for the purpose of using media intended for other markets, copied media, or unlicensed third-party (homebrew) software.

Modding is the act of modifying hardware, software, or anything else to perform a function not originally intended by the designer, or to achieve bespoke specification or appearance. The term is often used in reference to video game modding, particularly in regard to creating new or altered content and sharing that via the web. It may be applied to the overclocking of computers in order to increase the frequency at which the CPU operates. Case modding is a popular activity amongst many computer enthusiasts which involves the customization of a computer case or the installation of water cooling technology. In connection with automobiles, modding can connote engine tuning, remapping of a vehicle's engine control unit or customization of the coachwork.

A regional lockout is a class of digital rights management preventing the use of a certain product or service, such as multimedia or a hardware device, outside a certain region or territory. A regional lockout may be enforced through physical means, through technological means such as detecting the user's IP address or using an identifying code, or through unintentional means introduced by devices only supporting certain regional technologies.

<span class="mw-page-title-main">Action Replay</span> Brand of video game cheating devices

Action Replay is the brand name of a cheating device created by Datel. The Action Replay is available for many gaming systems including the Nintendo DS, Nintendo DSi, Nintendo 3DS, PlayStation Portable, PlayStation 2, GameCube, Game Boy Advance, and the Xbox. The name is derived from the first devices’ signature ability to pause the execution of the software and save the computer's state to disk or tape for future “replay”. The ability to manipulate the contents of memory in this paused state permitted the cheat functions for which the brand is now better known.

Homebrew, when applied to video games, refers to software produced by hobbyists for proprietary video game consoles which are not intended to be user-programmable. The official documentation is often only available to licensed developers, and these systems may use storage formats that make distribution difficult, such as ROM cartridges or encrypted CD-ROMs. Many consoles have hardware restrictions to prevent unauthorized development.

HD Loader is a program for the PlayStation 2 video game console which allows users to play games installed on the optional hard drive peripheral via PlayStation 2 Network Adaptor. The games can be copied to the hard drive from within the program, or by using a computer with image dumping software that outputs to a specific custom format.

<span class="mw-page-title-main">Xbox Linux</span>

Xbox Linux was a project that ported the Linux operating system to the Xbox video game console. Because the Xbox uses a digital signature system to prevent the public from running unsigned code, one must either use a modchip, or a softmod. Originally, modchips were the only option; however, it was later demonstrated that the TSOP chip on which the Xbox's BIOS is held may be reflashed. This way, one may flash on the "Cromwell" BIOS, which was developed legally by the Xbox Linux project. Catalyzed by a large cash prize for the first team to provide the possibility of booting Linux on an Xbox without the need of a hardware hack, numerous software-only hacks were also found. For example, a buffer overflow was found in the game 007: Agent Under Fire that allowed the booting of a Linux loader ("xbeboot") straight from a save game.

<span class="mw-page-title-main">PlayStation Portable homebrew</span> Executing unsigned code on PlayStation Portable

PlayStation Portable homebrew refers to the process of using exploits and hacks to execute unsigned code on the PlayStation Portable (PSP).

Import gamers are a subset of the video game player community that take part in the practice of playing video games from another region, usually from Japan where the majority of games for certain systems originate.

Free60 is the successor to the Xbox Linux Project that aims to put Linux, BSD, or Darwin on the Microsoft Xbox 360 using a software or hardware based "hack". The Xbox 360 uses hardware encryption and will not run unsigned code out of the box.

<span class="mw-page-title-main">PlayStation 3 system software</span> System software for the PlayStation 3

The PlayStation 3 system software is the updatable firmware and operating system of the PlayStation 3. The base operating system used by Sony for the PlayStation 3 is a fork of both FreeBSD and NetBSD known internally as CellOS or GameOS. It uses XrossMediaBar as its graphical shell.

The PlayStation Portable system software is the official firmware for the PlayStation Portable (PSP). It uses the XrossMediaBar (XMB) as its user interface, similar to the PlayStation 3 console.

<span class="mw-page-title-main">Wii system software</span> Operating system for Nintendos Wii home video game console

The Wii system software is a discontinued set of updatable firmware versions and a software frontend on the Wii home video game console. Updates, which could be downloaded over the Internet or read from a game disc, allowed Nintendo to add additional features and software, as well as to patch security vulnerabilities used by users to load homebrew software. When a new update became available, Nintendo sent a message to the Wii Message Board of Internet-connected systems notifying them of the available update.

<i>Wii Freeloader</i> Bootdisc

Wii Freeloader is a bootdisc developed by Datel to circumvent regional lockout on the Wii video game console. It allows the playing of games from other regions, but does not allow the use of DVD±R, commonly used for backups, copies or homebrew. It can be used in combination with a modchip to allow compatibility with more games or to use an update blocker. The user enters the bootdisc into the Wii system, launches the application from the Wii Menu, then replaces the disc with a region-locked game disc. This disc allows the user to play foreign GameCube games, but there have been some issues reported with different signals and the games simply not working on a foreign system, even with use of the Wii Freeloader.

<span class="mw-page-title-main">Video game console emulator</span> Program that reproduces video game consoles behavior

A video game console emulator is a type of emulator that allows a computing device to emulate a video game console's hardware and play its games on the emulating platform. More often than not, emulators carry additional features that surpass limitations of the original hardware, such as broader controller compatibility, timescale control, easier access to memory modifications, and unlocking of gameplay features. Emulators are also a useful tool in the development process of homebrew demos and the creation of new games for older, discontinued, or rare consoles.

<span class="mw-page-title-main">Hacking of consumer electronics</span>

The hacking of consumer electronics is a common practice that users perform to customize and modify their devices beyond what is typically possible. This activity has a long history, dating from the days of early computer, programming, and electronics hobbyists.

<span class="mw-page-title-main">Nintendo 3DS system software</span> Operating system for the Nintendo 3DS

The Nintendo 3DS system software is a updatable operating system used for the Nintendo 3DS handheld system. The Nintendo Switch system software is believed to have evolved from the Nintendo 3DS operating system.

<span class="mw-page-title-main">PlayStation 4 system software</span> System software for the PlayStation 4

The PlayStation 4 system software is the updatable firmware and operating system of the PlayStation 4. The operating system is Orbis OS, based on FreeBSD 9.

Homebrew software was first run on the PlayStation 3 by a group of hackers under the name "Team Ice" by exploiting a vulnerability in the game Resistance: Fall of Man. Following various other hacks executed from Linux, Sony removed the ability to install another operating system in the 3.21 firmware update. This event caused backlash among the hacker communities, and eventually the group Fail0verflow found a flaw in the generation of encryption keys which they leveraged to restore the ability to install Linux. George Hotz (Geohot), often misattributed as the genesis of homebrew on the PS3, later created the first homebrew signed using the private "metldr" encryption key which he leaked onto the internet. Leaking the key led to Hotz being sued by Sony. The court case was settled out of court, with the result of George Hotz not being able to further reverse engineer the PS3.

Custom firmware, also known as aftermarket firmware, is an unofficial new or modified version of firmware created by third parties on devices such as video game consoles, mobile phones, and various embedded device types to provide new features or to unlock hidden functionality. In the video game console community, the term is often written as custom firmware or simply CFW, referring to an altered version of the original system software inside a video game console such as the PlayStation Portable, PlayStation 3, PlayStation Vita/PlayStation TV, PlayStation 4, Nintendo 3DS and Nintendo Switch. Installing custom firmware on some devices requires bootloader unlocking.

References

  1. Qin Zhou; Nigel Poole (2010). Dasun Weerasinghe (ed.). Information Security and Digital Forensics: First International Conference, ISDF 2009. Springer Berlin Heidelberg. pp. 50–56 [53]. ISBN   978-3-642-11530-1 . Retrieved 14 July 2010.
  2. "The Official Clock Loop Thread" . Retrieved 26 April 2016.
  3. Del Sol Vives, Marcos. "TonyHax". Orca.pet. Retrieved 12 March 2023.
  4. "How to make your own Memory Card Exploit using the Independence Installer" . Retrieved 24 April 2013.
  5. "PS2 Softmod Install Tutorial". Archived from the original on 21 March 2013. Retrieved 24 April 2013.
  6. Orland, Kyle (29 June 2020). "New hack runs homebrew code from DVD-R on unmodified PlayStation 2". Ars Technica. Retrieved 29 December 2020.
  7. "MechaPwn". Github. Retrieved 12 March 2023.
  8. "TyphoonCon on X: PlayStation 4 Kernel RCE will be presented by theflow0 at #TyphoonCon24!". Twitter . Retrieved 3 February 2024.
  9. "astrelsky/libhijacker". GitHub . Retrieved 24 June 2023.
  10. "Aleksei Kulaev on Twitter: finally... hello, PS5 PSP :)". Twitter . Retrieved 30 July 2023.
  11. "LM on Twitter: First ever PS5 Game Back up to be played, PPSA03527". Twitter . Retrieved 7 November 2023.
  12. Freeshop Taken Down By Nintendo
  13. NUS Downloaders
  14. EEPROM Utility Myce.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.