Editing Downgrading with Hardware flasher
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
[[Category:Software]][[Category:Hardware]] | |||
== Dump == | == Dump == | ||
Connect your [[Hardware flashing]] device and '''[[Validating_flash_dumps|make sure you are getting 100% correct, valid, verified dumps]].''' | Connect your [[Hardware flashing]] device and '''[[Validating_flash_dumps|make sure you are getting 100% correct, valid, verified dumps]].''' | ||
== Checking console capability of running 3.55 == | == Checking console capability of running 3.55 == | ||
Compare the values found in your dump with those in the | Compare the values found in your dump with those in the table below | ||
=== metldr+bootldr sizes === | === metldr+bootldr sizes === | ||
{ | {| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;" | ||
|- bgcolor="#cccccc" | |||
! rowspan="2" | Datecode / Manufacturing date !! colspan="2" | metldr offset !! colspan="2" | bootldr offset !! rowspan="2" | Notes | |||
|- | |||
! 0x81E (NOR)<br />0x4081E (NAND) !! 0x842 (NOR)<br />0x40842 (NAND) !! 0xFC0002 (NOR)<br />0x0 (NAND) !! 0xFC0012 (NOR)<br />0x12 (NAND) | |||
|- | |||
| || E7 B0 || 0E 77 || 2E 8C || 2E 8C || <!--//john__: NAND FAT SEM-001//-->unsure if valid dump | |||
|- | |||
| || EE 10 || 0E DD || 2A 3F || 2A 3F || <!--//bluemimmo: NAND FAT//--><span style="color:#30C030; background-color:#FFFFFF; ">OK</span> | |||
|- | |||
| CECHL (VER-001) with 2.30 from factory - datecode unknown || E8 90 || 0E 85 || 2F 13 || 2F 13 || <!--//Val, Freeplex, Abkarino:CECHL04-VER001 //--><span style="color:#30C030; background-color:#FFFFFF; ">OK</span> | |||
|- | |||
| || E8 D0 || 0E 89 || 2E AB || 2E AB || <!--//Abkarino, anger, defyboy//--><span style="color:#30C030; background-color:#FFFFFF; ">OK</span> | |||
<!--// | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
00000810 00 00 00 00 00 00 00 40 00 00 00 00 00 00 E8 D0 .......@......èÐ | |||
00000820 6D 65 74 6C 64 72 00 00 00 00 00 00 00 00 00 00 metldr.......... | |||
00000830 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
00000840 00 00 0E 89 43 B6 EF 4A E2 0F 74 00 C8 80 9E 53 ...‰C¶ïJâ.t.È€žS | |||
00000850 00 00 0E 89 57 D3 B7 B1 88 EF 91 C6 67 C8 DB 06 ...‰WÓ·±ˆï‘ÆgÈÛ. | |||
//--> | |||
|- | |||
| CECHH (DIA-001) || E8 E0 || 0E 8A || 2E F4 || 2E F4 || <!--//akex: CECHH DIA-001 with Spansion S29GL128N90TFIR2 //--><span style="color:#30C030; background-color:#FFFFFF; ">OK</span> | |||
|- | |||
| CECH-2504B (JTP-001) with 3.40 from factory - datecode 0C || E9 20 || 0E 8E || 2F 4B || 2F 4B || <!--//ogy, Ir0nman, nice69, Marcocanc, sandugas:CECH-2504B (unknow mobo) with 3.40 from factory - datecode 0C, avati:(COK-002W) //--><span style="color:#30C030; background-color:#FFFFFF; ">OK</span> | |||
|- | |||
| CECH-250.B (JTP-001) with 3.56 from factory - <span style="color:#30C030; background-color:#FFFFFF; ">datecode 1A</span> || E9 60 || 0E 92 || 2F 53 || 2F 53 || <!--//Freemagne, ciariello, aftab//--><span style="color:#30C030; background-color:#FFFFFF; ">OK</span> | |||
|- | |||
| CECH2504A (JTP-001) with <span style="color:#F06060; background-color:#FFFFFF; ">3.56 from factory</span> - <span style="color:#F06060; background-color:#FFFFFF; ">datecode 1B</span> || E9 60 || 0E 92 || 2F 5B || 2F 5B || <!--//cech-2501a-jtp-001-1b, raymanvtw(RLOD+poweroff when try downgrade to 355):CECH2504A (JTP-001) with 3.56 from factory - datecode 1B //--><span style="color:#F06060; background-color:#FFFFFF; ">(RLOD+)poweroff @ downgrade 355</span> | |||
|- | |||
| CECHJ (DIA-002) || EA 60 || 0E A2 || 2E E3 || 2E E3 || <!--//cechj 40gb / chipps3ve: DIA-002 with Spansion //--><span style="color:#30C030; background-color:#FFFFFF; ">OK</span> | |||
|- | |||
| CECHC (COK-002) with 1.00 from factory || EB F0 || 0E BB || 30 44 || 30 44 || <!--//euss: NAND FAT//--><span style="color:#30C030; background-color:#FFFFFF; ">OK</span> | |||
|- | |||
| CECH2504B (JSD-001), with <span style="color:#F06060; background-color:#FFFFFF; ">3.60 from factory</span> - <span style="color:#F06060; background-color:#FFFFFF; ">datecode 1B</span><br />CECH3012A (KTE-001), with <span style="color:#F06060; background-color:#FFFFFF; ">3.65 from factory</span> - <span style="color:#F06060; background-color:#FFFFFF; ">datecode [N.A.]</span> || F9 20 || 0F 8E || 2F FB || 2F FB || <small>"metldr.2"</small><br /><!--// Nodial2ne:CECH-3012A - Date Code [N.A.] factory 3.65 //--><span style="color:#F06060; background-color:#FFFFFF; ">(RLOD+)poweroff @ downgrade 355</span> | |||
|- | |||
|} | |||
See also: [[SKU_Models#Datecode_.2F_Manufacturing_Date|SKU Models: Datecode / Manufacturing Date]] | |||
==Patch the dump & Reflash it to the console == | ==Patch the dump & Reflash it to the console == | ||
You can use Hexeditor for patching (e.g. HxD). | |||
=== NAND === | === NAND === | ||
Use | Use NAND patches only on NAND consoles, not on NOR! | ||
{|class="wikitable" | {|class="wikitable" | ||
|- | |- | ||
! Target area !! Patchfile !! NAND Offset !! Paste length !! Remarks | ! Target area !! Patchfile !! NAND Offset !! Paste length !! Remarks | ||
|- | |- | ||
| ROS0 || [ | | ROS0 || [http://www.multiupload.com/GB4LPBNJBY patch1 (7 MB)] || 0x0C0030 || 0x6FFFE0 || CoreOS (prepatched 3.55) | ||
|- | |- | ||
| ROS1 || [ | | ROS1 || [http://www.multiupload.com/GB4LPBNJBY patch1 (7 MB)] || 0x7C0020 || 0x6FFFE0 || CoreOS (SAME as ros0) | ||
|- | |- | ||
| trvk_prg0 (0x91800)<br />trvk_prg1 (0x92810)<br />trvk_pkg (0x93800) || [ | | trvk_prg0 (0x91800)<br />trvk_prg1 (0x92810)<br />trvk_pkg (0x93800) || [http://www.multiupload.com/RTIK2IUUCL patch2 (16 KB)] || 0x91800 || 0x4000 || one big patch overlapping several revoke area's | ||
|- | |- | ||
|} | |} | ||
=== NOR === | === NOR === | ||
Use | Use NOR patches only on NOR consoles, not on NAND! | ||
{|class="wikitable" | {|class="wikitable" | ||
|- | |- | ||
! Target area !! Patchfile !! NOR Offset !! Paste length !! Remarks | ! Target area !! Patchfile !! NOR Offset !! Paste length !! Remarks | ||
|- | |- | ||
| ROS0 || [ | | ROS0 || [http://www.multiupload.com/RJVZP6CKZ5 patch1 (7 MB)] || 0x0C0010 || 0x6FFFE0 || CoreOS (prepatched 3.55) | ||
|- | |- | ||
| ROS1 || [ | | ROS1 || [http://www.multiupload.com/RJVZP6CKZ5 patch1 (7 MB)] || 0x7C0010 || 0x6FFFE0 || CoreOS (SAME as ros0) | ||
|- | |- | ||
| trvk_prg0 (0x40000) <br />trvk_prg1 (0x60000)<br />trvk_pkg0 (0x80000) <br />trvk_pkg1 (0xA0000) || [ | | trvk_prg0 (0x40000) <br />trvk_prg1 (0x60000)<br />trvk_pkg0 (0x80000) <br />trvk_pkg1 (0xA0000) || [http://www.multiupload.com/MU7JRLE8R1 rvk-040000 (512 KB)] || 0x40000 || 0x80000 || one big patch<br />overlapping several revoke area's | ||
|- | |- | ||
|} | |} | ||
==Reinstall firmware in Factory Service Mode== | ==Reinstall firmware in Factory Service Mode== | ||
# Use the PSGrade dongle to trigger Factory Service Mode (in the rightmost USB port). | |||
# Turn PS3 on, it will trigger Factory Service Mode and turn off the console. | |||
# After triggering Factory Service Mode, put the Lv2diag.self (see below) and prepatched firmware to install (named PS3UPDAT.PUP) in root of your USB Mass Storage Device and plug it in the PS3 (again, in the rightmost USB port). | |||
# Turn PS3 on, it will install the firmware you had put there (even though you have no screenoutput, you can see it is busy by looking at the activity led of the harddrive and of your USB Mass Storage Device). | |||
# PS3 will turn itself off after finishing the firmware installation. | |||
See also [[Downgrading with PSgrade Dongle]], which also contains alot of ready to use PSgrade HEX files for several dongles. | See also [[Downgrading with PSgrade Dongle]], which also contains alot of ready to use PSgrade HEX files for several dongles. | ||
=== PUP to use === | === PUP to use === | ||
[[Talk:Downgrading_with_NOR_flasher#Premade_CFW_Rogero_V2| Rogero V2]] or any firmware with prepatched lv1 (no syscon hash checks) | |||
=== Different Factory Service Mode SELFs === | === Different Factory Service Mode SELFs === | ||
Line 92: | Line 91: | ||
For factory Service Mode install: | For factory Service Mode install: | ||
* if using the normal lv2diag : Use a NoBD patched PUP (e.g. Rogero NoBD PUP) (to prevent error 0x8002f057) | * if using the normal lv2diag : Use a NoBD patched PUP (e.g. Rogero NoBD PUP) (to prevent error 0x8002f057) | ||
* | * if using the jaicrab NoBD lv2diag : Use the Rogero normal PUP | ||
==== NOR ==== | ==== NOR ==== | ||
Line 101: | Line 98: | ||
Only when having a console with a broken bluraydrive, you either: | Only when having a console with a broken bluraydrive, you either: | ||
* use the normal lv2diag : Use a NoBD patched PUP (e.g. Rogero NoBD PUP) (to prevent error 0x8002f057) | * use the normal lv2diag : Use a NoBD patched PUP (e.g. Rogero NoBD PUP) (to prevent error 0x8002f057) | ||
* | * use the jaicrab NoBD lv2diag : Use the Rogero normal PUP | ||
{|class="wikitable" | {|class="wikitable" | ||
! Filename !! Size !! Remarks !! <code>SHA1</code> !! <code>MD5</code> !! <code>CRC32</code> !! <code>CRC16</code> | ! Filename !! Size !! Remarks !! <code>SHA1</code> !! <code>MD5</code> !! <code>CRC32</code> !! <code>CRC16</code> | ||
|- | |- | ||
| | | [http://www.multiupload.com/Y0Z8WNY009 Lv2diag.self (227.38 KB)] || 232832 || jaicrab noBD patched || <code>180823003B086D9D49BC7F83BEA9C769BF73A5EA</code> || <code>3615770407C0C3FA00D8CA49C8ADB362</code> || <code>25E85CFB</code> || <code>EDD0</code> | ||
|- | |||
| [http://www.multiupload.com/V1YTTWGKH0 Lv2diag.self (365.5 KB)] || 374272 || 3.55 get in FSM || <code>1ED037740D67FEBACA6449CABFF4E95400C9E2EE</code> || <code>099F33A7967F99E91C07E870FD78B3DB</code> || <code>9338ABF2</code> || <code>4FCC</code> | |||
|- | |- | ||
<!--// | <!--// | ||
| [ | | [http://www.multiupload.com/ZHJMPSMLYR Lv2diag.self (365.5 KB)] || 374272 || 3.50- get in FSM || <code>1E770010A3A6EF572AF39783A04DF792670998D3</code> || <code>90168C03B217CE775A7839D87BBFF2A3</code> || <code>D1F0AAFC</code> || <code>CD8D</code> | ||
|- //--> | |- //--> | ||
|} | |} | ||
=== Check the logfile === | === Check the logfile === | ||
After installation of the firmware, take the created logfile in root of USB Mass Storage Device and look if it contains [[Error Codes|errors]] ([http://pastie.org/pastes/new pastie] the log if you want to ask for help online on IRC) | |||
After installation of the firmware, take the created logfile in root of USB Mass Storage Device and look if it contains [[ | |||
=== Getting out of Factory Service Mode === | === Getting out of Factory Service Mode === | ||
If everything went fine without errors, you can take the console out of service mode and enjoy your downgraded console :) | If everything went fine without errors, you can take the console out of service mode and enjoy your downgraded console :) | ||
Line 143: | Line 124: | ||
! Filename !! Size !! Remarks !! <code>SHA1</code> !! <code>MD5</code> !! <code>CRC32</code> !! <code>CRC16</code> | ! Filename !! Size !! Remarks !! <code>SHA1</code> !! <code>MD5</code> !! <code>CRC32</code> !! <code>CRC16</code> | ||
|- | |- | ||
| [ | | [http://www.multiupload.com/VGQTFV56CO Lv2diag.self (201.42 KB)] || 206256 || get out FSM || <code>329877CBD47B994EC0AFCEA6AF98114FD9E5128B</code> || <code>7A20BFDAE65EEFB47A4425DB1B52DCDE</code> || <code>72740080</code> || <code>502A</code> | ||
|- | |- | ||
|} | |} | ||