New PS3 Modchip Enables qCFW on All Models

A new hardware modchip, named BadWDSD, opens the door to running quasi-CFW (qCFW) on all PlayStation 3 models, including those previously lacking Custom Firmware (CFW) support. The modchip utilizes a Raspberry Pi Pico (RP2040) to exploit a specific feature in the console's XDR memory, called WDSD (Write Data Serial Debug), to execute custom code early in the boot process.

Unlike traditional CFW, which cannot be installed directly, qCFW is a new variant heavily based on Evilnat PEX CFW. It offers virtually all CFW features, with the exception of dumping eid_root_key, but still enables functionalities such as HDD decryption without it. To ensure full functionality, Cobra must remain active at all times.

The developer describes the WDSD method not as a memory bug, but rather as an 'abused' feature. By sending data to the WDSD register during the early boot phase, custom code can be injected and executed when the console's processor starts. This method is stable with a reported 100% success rate and grants full access to the lv1 hypervisor.

qCFW has some quirks, such as wireless controllers potentially needing to resync once at startup if the console is powered on with one. Updates to qCFW also require reverting to OFW (Official Firmware) first before installing the updated version.

The BadWDSD modchip does not replace previous exploits like BadHTAB but uses a completely different method to achieve custom code execution. Furthermore, it can be used to recover consoles stuck in FSM (Service Mode) or to update consoles with faulty Bluetooth/BD modules, as well as for downgrades. With proper installation, the console should be ready to XMB within approximately 30 seconds.