Editing Downgrading with Hardware flasher
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
[[Category:Software]][[Category:Hardware]] | |||
<div style="float:right">[[File:NAND-downgrading-steps.png|200px|thumb|left|NAND flasher downgrader steps]]<br />[[File:NOR-downgrading-steps.png|200px|thumb|left|NOR flasher downgrader steps]]<br />[[File:Downgrading-installation-steps.png|200px|thumb|left|Downgrading installation steps ]]</div> | <div style="float:right">[[File:NAND-downgrading-steps.png|200px|thumb|left|NAND flasher downgrader steps]]<br />[[File:NOR-downgrading-steps.png|200px|thumb|left|NOR flasher downgrader steps]]<br />[[File:Downgrading-installation-steps.png|200px|thumb|left|Downgrading installation steps ]]</div> | ||
== Dump == | == Dump == | ||
Connect your [[Hardware flashing]] device and '''[[Validating_flash_dumps|make sure you are getting 100% correct, valid, verified dumps]].''' | Connect your [[Hardware flashing]] device and '''[[Validating_flash_dumps|make sure you are getting 100% correct, valid, verified dumps]].''' | ||
== Checking console capability of running 3.55 == | == Checking console capability of running 3.55 == | ||
Compare the values found in your dump with those in the | Compare the values found in your dump with those in the table below | ||
=== metldr+bootldr sizes === | === metldr+bootldr sizes === | ||
{{metbootldr}} | {{metbootldr}} | ||
==Patch the dump & Reflash it to the console == | ==Patch the dump & Reflash it to the console == | ||
<div style="float:right">[[File:Flowrebuilder-Autopatcher.png|200px|thumb|left|Flowrebuilder : Autopatcher]][[File:Flowrebuilder-Autopatcher-completed.png|200px|thumb| | <div style="float:right">[[File:Flowrebuilder-Autopatcher.png|200px|thumb|left|Flowrebuilder : Autopatcher]]<br />[[File:Flowrebuilder-Autopatcher-completed.png|200px|thumb|left|Flowrebuilder : Autopatcher - completed]]</div> | ||
For patching you can use: | For patching you can use: | ||
* Hexeditor (e.g. [http://mh-nexus.de/en/hxd/ HxD]) | * Hexeditor (e.g. [http://mh-nexus.de/en/hxd/ HxD]) | ||
* [ | * [http://www.ps3devwiki.com/files/flash/Tools/Flowrebuilder/ Flowrebuilder] (both NOR + unified NAND) | ||
* in case of Progskeet, latest Winskeet/iSkeet/YASkeet (both NOR + unified NAND) | * in case of Progskeet, latest Winskeet/iSkeet/YASkeet (both NOR + unified NAND) | ||
[http://pastie.org/5400071 NAND + NOR patchfile.txt] | [http://pastie.org/5400071 NAND + NOR patchfile.txt] | ||
=== NAND === | === NAND === | ||
Use [ | Use [http://www.ps3devwiki.com/files/flash/patches/NAND%20downgrade/ NAND patches] only on NAND consoles, not on NOR! | ||
{|class="wikitable" | {|class="wikitable" | ||
|- | |- | ||
! Target area !! Patchfile !! NAND Offset !! Paste length !! Remarks | ! Target area !! Patchfile !! NAND Offset !! Paste length !! Remarks | ||
|- | |- | ||
| ROS0 || [ | | ROS0 || [http://www.ps3devwiki.com/files/flash/patches/NAND%20downgrade/NAND-patch1-0x0C0030.bin patch1 (7 MB)] || 0x0C0030 || 0x6FFFE0 || CoreOS (prepatched 3.55) | ||
|- | |- | ||
| ROS1 || [ | | ROS1 || [http://www.ps3devwiki.com/files/flash/patches/NAND%20downgrade/NAND-patch1-0x0C0030.bin patch1 (7 MB)] || 0x7C0020 || 0x6FFFE0 || CoreOS (SAME as ros0) | ||
|- | |- | ||
| trvk_prg0 (0x91800)<br />trvk_prg1 (0x92810)<br />trvk_pkg (0x93800) || [ | | trvk_prg0 (0x91800)<br />trvk_prg1 (0x92810)<br />trvk_pkg (0x93800) || [http://www.ps3devwiki.com/files/flash/patches/NAND%20downgrade/NAND-patch2-0x91800.bin patch2 (16 KB)] || 0x91800 || 0x4000 || one big patch overlapping several revoke area's | ||
|- | |- | ||
|} | |} | ||
(above patches in a single package + autopatcher file: [ | (above patches in a single package + autopatcher file: [http://www.ps3devwiki.com/files/flash/patches/NAND%20downgrade.rar NAND downgrade.rar]) | ||
=== NOR === | === NOR === | ||
Use [ | Use [http://www.ps3devwiki.com/files/flash/patches/NOR%20downgrade/ NOR patches] only on NOR consoles, not on NAND! | ||
{|class="wikitable" | {|class="wikitable" | ||
|- | |- | ||
! Target area !! Patchfile !! NOR Offset !! Paste length !! Remarks | ! Target area !! Patchfile !! NOR Offset !! Paste length !! Remarks | ||
|- | |- | ||
| ROS0 || [ | | ROS0 || [http://www.ps3devwiki.com/files/flash/patches/NOR%20downgrade/patch1 patch1 (7 MB)] || 0x0C0010 || 0x6FFFE0 || CoreOS (prepatched 3.55) | ||
|- | |- | ||
| ROS1 || [ | | ROS1 || [http://www.ps3devwiki.com/files/flash/patches/NOR%20downgrade/patch1 patch1 (7 MB)] || 0x7C0010 || 0x6FFFE0 || CoreOS (SAME as ros0) | ||
|- | |- | ||
| trvk_prg0 (0x40000) <br />trvk_prg1 (0x60000)<br />trvk_pkg0 (0x80000) <br />trvk_pkg1 (0xA0000) || [ | | trvk_prg0 (0x40000) <br />trvk_prg1 (0x60000)<br />trvk_pkg0 (0x80000) <br />trvk_pkg1 (0xA0000) || [http://www.ps3devwiki.com/files/flash/patches/NOR%20downgrade/rvk-040000 rvk-040000 (512 KB)] || 0x40000 || 0x80000 || one big patch<br />overlapping several revoke area's | ||
|- | |- | ||
|} | |} | ||
(above patches in a single package + autopatcher file: [ | (above patches in a single package + autopatcher file: [http://www.ps3devwiki.com/files/flash/patches/NOR%20downgrade.rar NOR downgrade.rar]) | ||
==== E3 Flasher ==== | ==== E3 Flasher ==== | ||
Use these instead, otherwise you get into a maze of bytereversing: [[E3#Manual_E3_downgrade_v2|E3 Manual downgrade patches] | Use these instead, otherwise you get into a maze of bytereversing: [[E3#Manual_E3_downgrade_v2|E3 Manual downgrade patches]] | ||
==Reinstall firmware in Factory Service Mode== | ==Reinstall firmware in Factory Service Mode== | ||
For this step it is required to have the console assembled (connected PSU, harddrive, wifi/bt board etc) | |||
# Use the PSGrade dongle to trigger Factory Service Mode (in the rightmost USB port). | |||
# Turn PS3 on, it will trigger Factory Service Mode and turn off the console. | |||
# After triggering Factory Service Mode, put the Lv2diag.self (see below) and prepatched firmware to install (named PS3UPDAT.PUP) in root of your USB Mass Storage Device and plug it in the PS3 (again, in the rightmost USB port). | |||
# Turn PS3 on, it will install the firmware you had put there (even though you have no screenoutput, you can see it is busy by looking at the activity led of the harddrive and of your USB Mass Storage Device). | |||
# PS3 will turn itself off after finishing the firmware installation. | |||
See also [[Downgrading with PSgrade Dongle]], which also contains alot of ready to use PSgrade HEX files for several dongles. | See also [[Downgrading with PSgrade Dongle]], which also contains alot of ready to use PSgrade HEX files for several dongles. | ||
Line 85: | Line 65: | ||
=== PUP to use === | === PUP to use === | ||
{{RogeroFirmware}} or any firmware with prepatched lv1 (no syscon hash checks) | {{RogeroFirmware}} or any firmware with prepatched lv1 (no syscon hash checks) | ||
=== Different Factory Service Mode SELFs === | === Different Factory Service Mode SELFs === | ||
Line 103: | Line 81: | ||
* <span style="text-decoration: line-through; background-color:#FFDDDD;">use the jaicrab NoBD lv2diag : Use the Rogero normal PUP -</span> see note below | * <span style="text-decoration: line-through; background-color:#FFDDDD;">use the jaicrab NoBD lv2diag : Use the Rogero normal PUP -</span> see note below | ||
'''note:''' since V3 | '''note:''' since V3 Rogero is only available as noBD, us that one with normal lv2diag.self | ||
{|class="wikitable" | {|class="wikitable" | ||
! Filename !! Size !! Remarks !! <code>SHA1</code> !! <code>MD5</code> !! <code>CRC32</code> !! <code>CRC16</code> | ! Filename !! Size !! Remarks !! <code>SHA1</code> !! <code>MD5</code> !! <code>CRC32</code> !! <code>CRC16</code> | ||
|- | |- | ||
| style="text-align:center; background-color:#DDFFDD;" | [ | | style="text-align:center; background-color:#DDFFDD;" | [http://www.ps3devwiki.com/files/lv2diag/3.55%20downgrader/FILE1/Lv2diag.self Lv2diag.self (365.5 KB)] || style="text-align:center; background-color:#DDFFDD;" | 374272 || style="text-align:center; background-color:#DDFFDD;" | 3.55 get in FSM * || style="text-align:center; background-color:#DDFFDD;" | <code>1ED037740D67FEBACA6449CABFF4E95400C9E2EE</code> || style="text-align:center; background-color:#DDFFDD;" | <code>099F33A7967F99E91C07E870FD78B3DB</code> || style="text-align:center; background-color:#DDFFDD;" | <code>9338ABF2</code> || style="text-align:center; background-color:#DDFFDD;" | <code>4FCC</code> | ||
|- | |- | ||
<!--// | <!--// | ||
| [ | | [http://www.ps3devwiki.com/files/lv2diag/3.50%20downgrader/FILE1/Lv2diag.self Lv2diag.self (365.5 KB)] || 374272 || 3.50- get in FSM || <code>1E770010A3A6EF572AF39783A04DF792670998D3</code> || <code>90168C03B217CE775A7839D87BBFF2A3</code> || <code>D1F0AAFC</code> || <code>CD8D</code> | ||
|- //--> | |- //--> | ||
| style="text-align:center; background-color:#FFDDDD;" | [ | | style="text-align:center; background-color:#FFDDDD;" | [http://www.ps3devwiki.com/files/lv2diag/3.55%20jaicrab%20downgrader/Lv2diag.self Lv2diag.self (227.38 KB)] || style="text-align:center; background-color:#FFDDDD;" | 232832 || style="text-align:center; background-color:#FFDDDD;" | jaicrab noBD patched || style="text-align:center; background-color:#FFDDDD;" | <code>180823003B086D9D49BC7F83BEA9C769BF73A5EA</code> || style="text-align:center; background-color:#FFDDDD;" | <code>3615770407C0C3FA00D8CA49C8ADB362</code> || style="text-align:center; background-color:#FFDDDD;" | <code>25E85CFB</code> || style="text-align:center; background-color:#FFDDDD;" | <code>EDD0</code> | ||
|- | |- | ||
|} | |} | ||
''* recommended default choice, see above notes'' | ''* recommended default choice, see above notes'' | ||
=== Check the logfile === | === Check the logfile === | ||
After installation of the firmware, take the created logfile in root of USB Mass Storage Device and look if it contains [[Error_Codes#0x8002f..._-_PUP_.2F_Update_errors|errors]] ([http://pastie.org/pastes/new pastie] the log if you want to ask for help online on IRC) | After installation of the firmware, take the created logfile in root of USB Mass Storage Device and look if it contains [[Error_Codes#0x8002f..._-_PUP_.2F_Update_errors|errors]] ([http://pastie.org/pastes/new pastie] the log if you want to ask for help online on IRC) | ||
'''Tip:''' You can boot console to XMB while still in FSM, if you want to be ''really'' sure it installed fine. | |||
'''Tip:''' | |||
=== Getting out of Factory Service Mode === | === Getting out of Factory Service Mode === | ||
If everything went fine without errors, you can take the console out of service mode and enjoy your downgraded console :) | If everything went fine without errors, you can take the console out of service mode and enjoy your downgraded console :) | ||
Line 143: | Line 110: | ||
! Filename !! Size !! Remarks !! <code>SHA1</code> !! <code>MD5</code> !! <code>CRC32</code> !! <code>CRC16</code> | ! Filename !! Size !! Remarks !! <code>SHA1</code> !! <code>MD5</code> !! <code>CRC32</code> !! <code>CRC16</code> | ||
|- | |- | ||
| [ | | [http://www.ps3devwiki.com/files/lv2diag/3.55%20downgrader/FILE2/Lv2diag.self Lv2diag.self (201.42 KB)] || 206256 || get out FSM || <code>329877CBD47B994EC0AFCEA6AF98114FD9E5128B</code> || <code>7A20BFDAE65EEFB47A4425DB1B52DCDE</code> || <code>72740080</code> || <code>502A</code> | ||
|- | |- | ||
|} | |} | ||
Line 157: | Line 124: | ||
==== Remarks ==== | ==== Remarks ==== | ||
'''ReFSM''' way is strongly recomended over '''QA''' if you do NOT install a nonpatched firmware | |||
Both ways ''require'' installing nonpatched firmware to dehash syscon bank. QA-flag can be removed/reset | Both ways ''require'' installing nonpatched firmware to dehash syscon bank. QA-flag can be removed/reset after succesfull dehash, without bricking. | ||
Line 177: | Line 140: | ||
<eussNL> there is no need for factory mode after dehashing complete | <eussNL> there is no need for factory mode after dehashing complete | ||
<eussNL> in fact, if everything works on OFW 3.55 after dehashing, | <eussNL> in fact, if everything works on OFW 3.55 after dehashing, | ||
<eussNL> you can install [ | <eussNL> you can install [http://www.ps3devwiki.com/files/firmware/MFW-CEX/Downgrader/Rogero-V3.2/ Rogero V3.2] in recovery and [http://www.ps3devwiki.com/files/flash/Tools/toggle-qa/ QA-extra] flag it | ||
<eussNL> if OFW 3.55 works then you proven that you dehashed | <eussNL> if OFW 3.55 works then you proven that you dehashed | ||
<eussNL> so after that you can install whatever MFW 3.55 you want | <eussNL> so after that you can install whatever MFW 3.55 you want | ||
Line 191: | Line 154: | ||
<playonlcd> i think you can update on wiki "dehashing with jaicrab is not recommended | <playonlcd> i think you can update on wiki "dehashing with jaicrab is not recommended | ||
and will not dehash as needed and thus semibrick by syscon hash panic | and will not dehash as needed and thus semibrick by syscon hash panic | ||