Talk:Validating flash dumps

From PS3 Developer wiki
Revision as of 02:54, 19 June 2018 by BwE (talk | contribs)
Jump to navigation Jump to search



Basic steps to verify if your bios dump is correct:

What you need:
Your ps3 Bios Backup, extracted via e3 flasher (bkps3.bin)
e3 nor dump checker v1.0 (should be used only as a complement, as it gives false positives)
Flowrebuilder v4.2.2.0
HxD - Hex Editor

Now if you follow this basic steps, and if everything matches your ps3dump is OK, if anything fails to match use another dump, the one you're checking may lead you to a permanent brick

0 - open e3 nor dump checker, and check if it gives any errors.

WARNING: Don't trust only in dump checker, as it's known for it's false positives.

Statistics analysis

1.1 - Open your bkps3.bin in HxD
1.2 - select analysis > statistics > select your file
1.3 - mouse over the blue bars and check if between known good range:

Valid dumps will have

Value NAND NOR
00's 1.43% - 2.68%
>3838627 <7194070
18.38% - 29.01%
>3083652 <4867070
FF's 18.25% - 24.54%
>48989471 <65874061
10.42% - 10.48%
>1748186 <1758252
rest below 0.5%
<1342177
below 0.5%
<83886

Note: if you get deviating statistics (since 3.60 CoreOS/ROS will deviate because of lv0 loaders encapsulation, 00's NOR statistics thus will be above/equal 18.23% and below 18.38%). Prepatch it so that both ROS and RVK areas are filled with 3.55 reference data. If still bad statistics, it means dump is bad in perconsole regions, prone to permabrick!


Make Visual inspection

Extracting

  1. Open Flowrebuilder
  2. select "byte reverse and EXTRACT a NOR dump File"
  3. select the desired bkps3.bin , and then execute operation
  4. the Dump extraction should've been done without any errors, otherwise it may lead you to a permanent brick.
  5. after extracting you should have the following output: bkps3.swap.bin and bkps3.swap.ext
  6. inside the folder bkps3.swap.ext you should have the following items:
bkps3.swap.ext folder content

asecure_loader (folder)
ros0 (folder)
ros1 (folder)
bootloader_0 (.bin)
cCSD (.bin)
cISD (.bin)
cvtrm (.bin)
eEID (.bin)
trvk_pkg0 (.bin)
trvk_pkg1 (.bin)
trvk_prg0 (.bin)
trvk_prg1 (.bin)

(if you don't have them, please don't proceed! try to extract the dump again, or use an diferent dump, the one you're using will probably lead you to a permanent brick)

Checking seperate files/sections

Metldr

http://www.ps3devwiki.com/wiki/Flash:asecure_loader

open the file \asecure_loader\metdlr in HxD, then ctrl + a

look for your values in the following table:
http://www.ps3devwiki.com/wiki/Validating_flash_dumps#Check_metldr.2Bbootldr_sizes , and check if your lenght field in HxD matches with Size field in the table.

Also check the binary is complete, without FFFF or 0000 repetition (there should only be 0000 in header @ 0x0 of binary)

Bootldr

http://www.ps3devwiki.com/wiki/Flash:bootldr

bootloader_0 start

repeat the process with Bootloader_0.bin File

make sure your bootloader_0(bin) file starts proper: look at offsets 2 and 12 and compare the values against Validating_flash_dumps#Check_metldr.2Bbootldr_sizes

Also check the binary is complete, without FFFF or 0000 repetition (there should only be 0000 in header @ 0x0 of binary)

Header

http://www.ps3devwiki.com/wiki/Flash:0FACE0FF_DEADBEEF

http://www.ps3devwiki.com/wiki/Flash:Flash_Format

open your bkps3.swap.bin with HxD and check if the both sections matches.

Table

http://www.ps3devwiki.com/wiki/Flash:Flashregion_Table

From offset 00000400 to 00000600 (search for offset in HxD do ctrl + g) you should have the following:
http://www.ps3devwiki.com/images/3/3e/HxD.png

Flashregion Table

http://www.ps3devwiki.com/wiki/Flash:Flashregion_Table + http://www.ps3devwiki.com/wiki/Flash:asecure_loader

Search now for the following Hex code: 617365637572655F6C6F616465720000 for it in Hxd, do ctrl+f change the datatype field for HEX, Copy and paste the code, it should be found and looks like sample.

eEID

http://www.ps3devwiki.com/wiki/Flash:Encrypted_Individual_Data_-_eEID

cISD

http://www.ps3devwiki.com/wiki/Flash:Individual_System_Data_-_cISD

search for your Serial
it should be in offset 003F090, you can also look for the 2nd part of your serial number (ex: xx-12345678-xxxxxx)

cCSD

http://www.ps3devwiki.com/wiki/Flash:Common_System_Data_-_cCSD

CVTRM

http://www.ps3devwiki.com/wiki/Flash:cvtrm (cvtrm))

ROS

http://www.ps3devwiki.com/wiki/Flash:ROS#ros0

http://www.ps3devwiki.com/wiki/Flash:ROS#ros1

RVK

http://www.ps3devwiki.com/wiki/Flash:Revoke_Program
http://www.ps3devwiki.com/wiki/Flash:Revoke_Package

Second Region

http://www.ps3devwiki.com/wiki/Flash:0FACE0FF_DEADFACE

CELL_EXTNOR_AREA

http://www.ps3devwiki.com/wiki/Flash:CELL_EXTNOR_AREA

search for your HDD brand ( ctrl+f and in text mode type the disk brand) or else ctrl + g and it sould be on the 00F20200 offset


these are the basic steps to check your dump file, however if you wish to go further and check your dump more in dept, please check:

After Checking all those fields, if everything checks, so your dump is OK and you're good to proceed with your flashing process. always make more than 1 backup of your bios.


all the credits for this tutorial goes to the @p users of irc channel #ps3downgrade at Ef.net especially to alex07 and eussNL who taught me and helped me with the basic how-to for cheking the dumps. all i just did was to compile all the info they gave me and wrote everything down for further use. after writing everything done i thought it could be useful for everyone. hope it helps.

Feel free to correct any bad english or any mistaken info in this how to.

best regards cfcolaco

Other dumpcheckers

https://github.com/Swizzy/PS3DumpChecker/

Would you like me to update my BwE NOR Validator?

Please provide me with the relevant MD5's within ros0/1 etc and I will be happy to do this.

Easy way to do this would be to use the validator on valid flashes starting from firmwares that aren't included in my original validator and then provide me with the apparent 'DANGER' outputs. I can then quickly add them to the updated validator as valid results.

It would take me far too long to do this myself and I am busy with the PS4 NOR Validator.