Editing Downgrading with linux

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
* This works on FW 3.55 without a physical dongle.
[[Category:OtherOS]]
* You should have graf_chokolo's modules, and patches installed.
 
* Use this method to install a lower firmware.
'''You should have grafchokolos modules, and patches installed'''
* Thanks to graf_chokolo for bringing Linux on PS3, with all its goodies back to the PS3 ==
 
'''This works on 3.55 without a physical dongle'''
 
'''Use this method to install lower firmware! You can install a newer firmware ex 3.60 with this method but you will be loosing your homebrew'''
 
 
 
== Thanks to graf_chokolo for bringing linux, with all this goodies back to the PS3 ==
 
 


= Downgrade Method - Emulating JIG with Linux =
= Downgrade Method - Emulating JIG with Linux =


'''1st step''' – Generating a challenge
'''1st step''' – Generating a challenge
Line 14: Line 24:
----
----


You need a dongle ID.
You need a dongle id.
Valid range for dongle IDs is 0×0000 – 0xffff. So choose one, it does not matter which one, but some are revoked !!!
Valid range for dongle IDs is 0×0000 – 0xffff. So choose one, doesn’t matter which one, but some are revoked !!!


# ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_resp 0xBABE “here is a challenge like this 0xXX 0xXX … of size 20 bytes”
# ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_resp 0xBABE “here is a challenge like this 0xXX 0xXX … of size 20 bytes”
Line 28: Line 38:
----
----


The returned value should not be 0xff.
The returned value shouldn’t be 0xff.


# ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07
# ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07
Line 41: Line 51:


ps3dm_um /dev/ps3dmproxy update_pkg 1 0x9 CORE_OS_PACKAGE.pkg
ps3dm_um /dev/ps3dmproxy update_pkg 1 0x9 CORE_OS_PACKAGE.pkg


'''7th step''' – Disabling “Product Mode”
'''7th step''' – Disabling “Product Mode”
Line 47: Line 58:
# ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xff
# ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xff


'''This step is really important, if Product Mode is not disabled you will need a dongle to get out of it'''
'''This step is really important, if Product Mode isn't disabled you will need a dongle to get out of it'''


= Alternative Downgrade Method - tested and not working =
 
 
= '''ALTERNATIVE METHOD - tested and not working yet''' =


'''1st step''' – Enabling product mode
'''1st step''' – Enabling product mode
Line 59: Line 72:
----
----
   
   
The returned value should not be 0xff.
The returned value shouldn’t be 0xff.


# ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07
# ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07
Line 70: Line 83:
'''4th step''' - Install CORE_OS_PACKAGE.pkg
'''4th step''' - Install CORE_OS_PACKAGE.pkg
----
----


ps3dm_um /dev/ps3dmproxy update_pkg 1 0x9 CORE_OS_PACKAGE.pkg
ps3dm_um /dev/ps3dmproxy update_pkg 1 0x9 CORE_OS_PACKAGE.pkg


'''5th step''' – Disabling “Product Mode”
'''5th step''' – Disabling “Product Mode”
Line 78: Line 93:
# ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xff
# ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xff


'''This step is really important, if Product Mode is not disabled you will need a dongle to get out of it'''
'''This step is really important, if Product Mode isn´t disabled you will need a dongle to get out of it'''
 
=Install debug firmware=
 
'''High brick risk! Don´t try this if you don´t know what you are doing'''
 
'''If you brick with this the only way to recover is [[Hardware flashing]] the prior to conversion made dump back to the [http://www.ps3devwiki.com/index.php?title=Flash_%28Hardware%29 NAND/NOR flash]'''
 
 
'''To install debug firmware, EID0 (and EID5?) should be reencrypted and rehashed with the proper [[Target ID]] and [[DeviceID]]/type'''
 
 
Debugging Station Target ID: 0x82
 
 
eEID contains
 
*system model data
*target ID
*PS3 motherboard revision
*Per ps3 values (console id, psid...)
 
"The kernel and most of the loaders check the [[Target ID]] as well as the [[DeviceID]]/type to see if your unit is debug or not and if not they disable all the fancy things such as running unsigned code (in the case of appldr).
 
* a good read about SC http://rmscrypt.wordpress.com/2011/02/01/lets-look-at-syscon/
 




{{Linux}}<noinclude>[[Category:Main]][[Category:OtherOS]]</noinclude>
{{Linux}}<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)