There are separates actions :
1) To create a valid CFW
The whole thing is a chain of code parts. First code part is in CPU chipset itself and can't change.
It launches next part read from NAND chipset (the persistant memory thing that holds the 'firmware' and can be 'reflashed' during firmware upgrades). Sometimes it launches or read even more external extra things (like NXE needing extra parts from onboard or external memory units for avatars, on 360).
The problem is at each step of the chain, before launching next part, this part is read, hashed (a small signature string is computed, unique for each unique compilable code part), hash is encrypted, compared to expected hash, etc... Encryption is asymetric (pair public/private key). Console knows a public key so it can authenticate (see xorloser's blog for nice explanations for noobs). But to be able to create a valid part implies you know the private key. Xorloser calculated, in best cases, we would need 700000 years to brute force break it (see his blog). So... unless there is a flaw in this cascade of signature verification, we can't create our own CFW.
In the case of 360 that flaw existed temporarily in kernel 4532 and 4548, allowing tmbinc to offer a way to erase memory and load linux onboard 360. Flaw isn't at very beginning of boot, so booting normally and launching KK and letting shader rampage 360 innards is necessary. No such flaw in recent models and firmwares. I don't think PS3 has such a flaw either in recent firmwares and pressure is low to find one since Linux is allowed through alternate booting route (Other OS).
2) To swap firmwares
If we can't create a new one, let's swap among existing ones.
Even that is blocked nowadays. On 360 it's called LDV lock down value, wrote in firmware image, and that should match efuses states in console. To touch it, a cpu key is needed, that is involved in a per-machine encryption of firmware (this is separate from the signature of valid code seen above).
But cpu key is inside cpu chipset and you get it only if you can run code at will (miracle : kk shader allowed us to do that, because of a 2nd major flaw, KK related : shader isn't signed nor verified).
On PS3, earlier firmwares could be swapped, then a bit after 2.10 it couldn't. So a mechanism a bit like efuses but not very well known prevents older firmware to work again if reflashed.
3) To circumvent... blablabla
Evil drive hacks... etc... 360 failed at protecting drive firmware. PS3 still resists. Wii is a joke.
Be aware they will just drop drives soon, for download services. So this part will just be gone soon.
The conclusion is that modern and serious consoles are very will protected (let's ignore Wii for now, it's not known as a 'seriously protected' console since tmbinc, bushing and co. found many flaws in its security)
Another thing is what happened to console who got CFW? Best example is PSP.
A serious slow down of games releases could be noticed, because there were not enough money to do with so much rampant piracy. For that reason, some of the best brains out there are not really interested in looking for ways to create CFW's anymore and they rather want to stick to just offering ways to boot linux.
At least it opens ways to emulators running under Linux without opening wide piracy gate.
Kutagari saw that and letting Linux boot on PS3 was smart and probably gave PS3 the best chance to avoid massive piracy. 360 couldn't avoid it because it made it's dvd drive security based on too much cheap parts that didn't resist hackers. The blueray part of PS3 still resists hackers today.
You shouldn't keep any hope for CFW's on recent 360's and PS3's. What might happen in future is that some intelligent dev/hacker know so well how firmwares (and game os) work that they can write 360 and PS3 emulators running on future machine (PC?) holding enough horsepower to host them.
360 innards are exposed since public keys have been found, and many tools (thx xorloser!) allow to just browse the code freely. So a 360 emulator will certainly happen in future.
PS3 is still mysterious since some public keys are not even known yet, but that may still happen.
Movies on blueray have been decrypted (public keys found in ram while some player software were running, etc...). Earlier PS3 firmwares may have security holes, allowing, at least to understand all decrypting procedures once one of the first games released on blueray is inserted. Then allowing to understand how PS3 works and thus how to write a PS3 emulator... etc....
Emu fun requires patience (let's say decades of patience)...
This post has been edited by openxdkman: May 17 2009, 10:38 AM