Editing Downgrading with NAND flasher

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
{{warning|content=This page is very old, archaic and only left her for documentative purposes.
missing in this old guide: [[Validating flash dumps]]
Newer proper guide is: [[Downgrading with Hardware_flasher]]
}}
= Downgrading with NAND Flasher =
= Downgrading with NAND Flasher =
If your console has NOR and not NAND, look here : [[Downgrading with NOR flasher]]
If your console has NOR and not NAND, look here : [[Downgrading with NOR flasher]]
Line 15: Line 10:
::*[http://www.multiupload.com/06EMHFCKN3 Infectus downgrader]
::*[http://www.multiupload.com/06EMHFCKN3 Infectus downgrader]
::*[http://www.multiupload.com/4L1JXGOFOF Infectus_programmer_3.8_Beta_2]
::*[http://www.multiupload.com/4L1JXGOFOF Infectus_programmer_3.8_Beta_2]
::**http://www.mirrorcreator.com/files/YQWKSKUU/InfectusProgrammer-3.9.3.0.rar_links
::**http://www.mirrorcreator.com/files/LKU5IYQA/InfectusProgrammer-3.9.9.0.rar_links
*[http://www.sendspace.com/file/qhwkm5 FlowRebuilder v.4.1.0.0]
*[http://www.sendspace.com/file/qhwkm5 FlowRebuilder v.4.1.0.0]
*Hexeditor
*Hexeditor
Line 95: Line 87:
</pre>
</pre>


 
=== Translate Google English text ===
=== Improved google translate based English text ===
[http://translate.google.com/translate?js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&sl=es&tl=en&u=http%3A%2F%2Fwww.elotrolado.net%2Fhilo_downgrade-3-6x-nands-256-con-infectus-y-reparacion-del-resto-de-consolas-waninbrick_1638386 Google translate] (sorry, i'm lazy atm) :
<pre>
<pre>
256 with 3.6x downgrade INFECTUS nands [and other consoles repair waninbrick]
256 with 3.6x downgrade INFECTUS nands [and other consoles repair waninbrick]
Line 584: Line 576:
|}
|}
</div>
</div>
----
=How to Fix Waninkoko PS3 CFW Bricked Consoles=
After being investigating nand's I found a solution. Let's patch a functional nand OFW 3.55 with our "keys" (bootloader_0, bootloader_1, IED, ISD, and metldr vtrm) console. This will enable USB ports and will begin factory mode.
Attention! If you have not much experience with the soldering iron, start practicing with old motherboards. . I am not responsible for any damage that may occur in your console.
I use two infectus because it failed to detect both nands me. (Just go twice as fast in read / write) xD.
==Materials==
-Tester (recommended)
Soldering iron 15-30W.
-Modchip Infectus (v1 or v2.)
-Cable Wrapping.
-Tin.
-Flux
-Stripper.
desoldering braid (optional but surely going to have to use xD)
Double-sided tape or hot melt gun (to fix the cables).
S.O-PC with Windows (better Xp)
-PSGRADE / PSKEY [..] JIG mode.
-Pen (with lv2diag.self [file1] and PS3UPDAT.PUP [waninkoko v2])
==Programs==
-PS3NANDProgrammer1_41
Flow Rebuilder 230.
Flow Rebuilder 350. [BETA]
-NANDECC 130.
Infectus-USB drivers (v3.1).
-Nand Functional OFW 3.55 (256MB). (Any model 256mb)
Hex-Editor (I used Hex Workshop Editor)
For legal reasons can not distribute the nand OFW 3.55.
==Soldering infectus==
We are going to follow this outline: http://img94.imageshack.us/img94/3746/ps3inf.jpg
Very soothing and helps the soldier we all flux in both nands cables.
Note: With the +5 V, the infectus usb now work correctly, so no need to feed them.
===Powering the nands===
Items in purple is where you put the nands approximately 1.80V. I've used a solution somewhat "mikey mouse" using 4 diodes to
reduce the +5 V which gives one of the outputs of the source.
==Reading the nands==
"I have evidence that there is no need to feed the nands as the flashing red light is sufficient, however I failed to detect without food for another site. Turning on the power-supply source. "We connect the pc infectus.
"We opened PS3NANDProgramer 1.41 (" LOAD DLL "then" connect "and we choose flash0 or flash1). If the solders are correct, we will leave the data nands "Flash info" (otherwise check with tester soldering points in the nand). "The process of reading is around 15 minutes approx. "It is advisable to take more than two dump's of nands. (In case you have bad blocks, but infectus say no bad blocks).
Compare nands (flash0 and flash1) with Hex workshop program: TOOLS -> compare (select two of the same nand dumps) and found that they are identical. (Repeat the same with flash1). Guard well the CFW nands Wanin like gold brick. xD
==Preparation of new Nand's==
First of all we will extract the contents of nand brick, then will patch our "keys" in the new nand.
"We opened FlowRebuilder350 "We selected the two nand CFW extracted in step 2 and select the output file. We would like to "dump" if the order of nands is right we will create a peak of 264 megawatts and a series of folders.
In one of these we find (FDI, CSD, metldr, bootloader_0, bootloader_1, ISD, vtrm) and core_os. (LV0, lv2, lv2_kernel.self .... spu's and others.)
===OFW nands Patching===
"We opened FlowRebuilder230 "We selected the two nand's (flash0 and flash1) OFW and choose the output file (interpolate nand's).
"Now we need to patch "We opened the nand nand WFC ofw and brick with hex editor that you like best. "Now we are copying the sectors of our nand to nand functional. (Find and replace). [With Hex workshop 6 you can see what you have checked, bottom right [cursor / caret / sel]
IED (Starts "0000000600001DD000000000000000000000007000000 8") SEL: 10000
ISD (We "000000030000027000000000000000000000004000000 0") SEL: 800
metldr (you seek "metldr" begins with "00 00 0E DA .." SEL: EDE0.
bootloader_1 (You have to look in your nand WFC (has the same header that bootloader_0). SEL: 400000.
bootloader_0 (found in the first offset, sel: 400000).
Vtrm (this look in HexEdit "sceivtrm" and replace them). SEL: 400000.
Once the changes, you keep the new patched nand.
===Restoring ECC===
We open with 230 NandFlowRebuilder selecionamos "Desinterpolate in new Flashes."
-You select flash0 and flash1 (with the same order as in step 3b) and finally your arhiva patched.
The third tab, select the file that previously we had saved.
-Tight "Do Process" (we hope to complete successfully)
XD finish and now having the dumps XXX2.NEW XXXX.NEW and proceed to repair the ECC.
"We opened 1.30 NANDECC select the input file and the output, then click the" do process ". (We do this twice, once for each nand).
The ECC has to be repaired in the order of (450-550) if it is the wrong patched nand.
==Writing nand's patched==
"We opened PS3NandProgrammer 1.41 and delete [ERASE] on the nand's content. (Repeat the process two or three times removed) "Then write the [WRITE] the two nands. (How the process of writing takes about 45minutes). (We found no bad blocks, if any, check solering).
==Factory mode==
Now infectus disconnecting the pc, if you turn on the console, the LED should flash orange hd. (If it is not patched review and write nand nand.) (Because you have a bug)
Our console still does not work, however well-lit and read the usb ports. Nand has encrypted a file system (not yours). So let's create the new file system from nand. By having the correct keys on the console so you can enter factory mode and install the 3.55 v2 waninkoko frimware. (Do not probeis OFW factory when they leave you will have a nice brick mode again.)
"Once we introduce written PSGRADE / PSKEY ... etc, JIG mode, turn on the console (power + eject), will shut down to 20sec, then enter the pen with lv2diag.self and waninkoko update v2.
"After 10 minutes the console will turn off and will return to life. Then enter the pen with lv2diag.self [file2] and out of factory mode.
And this xD, the console and is alive! [Desoldering infectus and mount the console]
==Update==
Update from rms here: http://rms.dukio.com/?p=35
OK, so we all know about how the original Waninkoko firmware broke the older large NAND consoles, that was due to him overwriting some portions of Cell-OS Lv2 and the segment boundaries, god knows about the signature also. He also zeroed out a good section of the kernel, and also breaks some NAND consoles due to that. Now, you want to fix this issue? Well, you have to have:
1) A NAND Dumper
2) CORE_OS_PACKAGE.PKG patched to remove signature checks or Official Core OS/PS3 in Service Mode
3) A NAND Flasher
4) Flow Rebuilder
5) Hex editor
6) PS3 with firmware less than 3.55
OK, so you first have to dump both NAND chips (2 128MB NANDs for a total of 256MB) and interleave them using Flow Rebuilder, then decrypt the CORE_OS package to give you a raw core OS image, then open your combined NAND dump in a hex editor and search for “6F FF E0″ in the search for hex section. Once there, you should see:
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 6f ff e0  |.............o..|
00000010  00 00 00 01 00 00 00 17  00 00 00 00 00 6f ff e0  |.............o..|
Right after the second “6F FF E0″, remove the next 7,340,000 bytes, then, insert the unpacked Core OS (7,340,000 bytes). Then split the image using Flow Rebuilder (use ECC!) and flash. Hopefully it should work, and then you can just Lv2diag your way out.
Do not overwrite anything else.
This guide should help you fix any NAND console with Core OS fail.
Source: http://www.elotrolado.net/hilo_tutorial-reparar-brick-waninkoko-v1-by-lukin_1572743
{{Hardware Flashers}}<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)