Editing Flash:cvtrm
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 10: | Line 10: | ||
* [[Talk:Flash#VTRM]] | * [[Talk:Flash#VTRM]] | ||
* [[Hypervisor Reverse Engineering#VTRM]] | * [[Hypervisor Reverse Engineering#VTRM]] | ||
* [[SC Manager#0x9000 - SC Manager]] | * [[SC Manager#0x9000 - SC Manager]] | ||
* [[Talk:System Controller Firmware]] | * [[Talk:System Controller Firmware]] | ||
Line 16: | Line 15: | ||
* [[PARAM.PFD]] | * [[PARAM.PFD]] | ||
* [[Ps3vuart-tools#ps3dm]] | * [[Ps3vuart-tools#ps3dm]] | ||
* [[ | * [[Fixing DRL and CRL Hashes]] | ||
* [[RSOD Fix]] | * [[RSOD Fix]] | ||
=Structure= | =Structure= | ||
==NOR | ==NOR Flash== | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 48: | Line 47: | ||
|} | |} | ||
==NAND | ==NAND Flash== | ||
==Notes, speculation, brainstorming== | ==Notes, speculation, brainstorming== | ||
*the start offset of some unknown areas can be find by searching for 0x1070. Is the start of an area of 8 bytes lenght (2+3+3) that probably are the offset or sizes of the next areas (and probably in blocks of 512 bytes). Some examples (ctrl+f in webbrower to search for them in the page) | |||
**10 70 00 00 02 00 00 01 | |||
**10 70 00 00 39 00 00 01 | |||
** 10 70 00 00 02 00 00 01 | **10 70 00 00 03 00 00 02 | ||
** | **10 70 00 05 FF 00 00 01 | ||
**04 00 00 00 02 00 00 05 (this one doesnt starts with 0x1070 as explained above, but seems to have the same purpose) | |||
** 10 70 00 | |||
** 10 70 00 | |||
** | |||
=VTRM hashes and how to generate them= | =VTRM hashes and how to generate them= | ||
Line 122: | Line 72: | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00EC0000 <span style="background:# | 00EC0000 <span style="background:#33ff33;">53 43 45 49</span> <span style="background:#33ff33;">56 54 52 4D</span> <span style="background:#33ff33;">00 00 00 00 00 00 00 A8</span> SCEIVTRM.......¨ <-- 'SCEI' magic + 'VTRM' magic | ||
00EC0010 | 00EC0010 00 00 00 00 00 E8 02 00 00 00 00 00 00 00 00 28 .....è.........( | ||
00EC0020 <span style="background:#33ff33;">00 00 00 00</span> <span style="background:#33ff33;">56 54 52 4D</span> <span style="background:#33ff33;">00 00 00 00 00 00 00 04</span> ....VTRM........ <-- VTRM section (first VTRM) | |||
00EC0030 <span style="background:# | 00EC0030 <span style="background:#dd00dd;">FE 6D 0B C4 FA D5 CE DB 93 86 FC A1 32 3B 71 47</span> þm.ÄúÕÎÛ“†ü¡2;qG <-- 0x14 bytes hash, same value as 00EC0410 | ||
00EC0040 <span style="background:# | 00EC0040 <span style="background:#dd00dd;">3B A5 C6 F9</span> C0 00 B6 70 00 00 00 00 00 E8 27 80 ;¥ÆùÀ.¶p.....è'€ | ||
00EC0050 00 00 00 00 00 00 00 60 <span style="background:#ffcccc;">00 00 00 00 00 00 09 20</span> .......`....... | |||
00EC0060 <span style="background:#ff8888;">04 00</span> <span style="background:#ffaaaa;">00 00 02</span> <span style="background:#ffaaaa;">00 00 05</span> <span style="background:#ff8888;">10 70</span> <span style="background:#ffaaaa;">00 05 FF</span> <span style="background:#ffaaaa;">00 00 01</span> .........p..ÿ... | |||
00EC0070 <span style="background:#ff6666;">0C 1C 05 9C AA B5 97 A5 9C D6 46 2D EA 22 46 BE</span> ...œªµ—¥œÖF-ê"F¾ <-- encrypted section | |||
00EC0080 <span style="background:#ff6666;">D1 84 A9 1E 34 5F E7 90 55 49 11 82 51 9D 4A 3F</span> Ñ„©.4_ç.UI.‚Q.J? | |||
00EC0090 <span style="background:#ff6666;">EF 43 19 E8 4F 6A 5B FF DA 31 E9 F0 76 C8 B2 6B</span> ïC.èOj[ÿÚ1éðvȲk | |||
00EC00A0 <span style="background:#ff6666;">0B A7 47 8E BE 42 28 9F 2B 88 73 0B A5 B6 F2 1D</span> .§GŽ¾B(Ÿ+ˆs.¥¶ò. | |||
00EC00B0 <span style="background:#bb6666;">00 00 00 00 00 00 00 00</span> <span style="background:#999999;">FF FF FF FF FF FF FF FF</span> ........ÿÿÿÿÿÿÿÿ <-- not-used slots for encrypted data ? | |||
[...] <span style="background:#999999;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span> ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00EC00F0 <span style="background:#999999;">FF FF FF FF FF FF FF FF</span> 00 00 00 00 00 EB E4 8C ÿÿÿÿÿÿÿÿ.....ëäŒ | |||
00EC0100 00 00 00 00 00 00 00 14 <span style="background:#6666ff;">39 17 52 0B 31 70 F5 05</span> ........9.R.1põ. <-- 0x14 bytes hash, same than default on hashes table at 0xEF94C0 | |||
00EC0110 <span style="background:# | 00EC0110 <span style="background:#6666ff;">02 5A C6 F8 81 F8 54 96 2F EF F3 81</span> <span style="background:#cccccc;">FF FF FF FF</span> .ZÆø.øT–/ïó.ÿÿÿÿ | ||
[...] <span style="background:# | [...] <span style="background:#cccccc;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span> ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ <-- 0xFF's (erased bytes) to fill up to 512 bytes or 0x400 (1 block) | ||
00EC0400 <span style="background:# | 00EC0400 <span style="background:#33ff33;">00 00 00 00</span> <span style="background:#33ff33;">56 54 52 4D</span> <span style="background:#33ff33;">00 00 00 00 00 00 00 04</span> ....VTRM........ <-- VTRM section (second VTRM) | ||
00EC0410 <span style="background:#dd00dd;">FE 6D 0B C4 FA D5 CE DB 93 86 FC A1 32 3B 71 47</span> þm.ÄúÕÎÛ“†ü¡2;qG <-- 0x14 bytes hash, same value as 00EC0030 | |||
00EC0420 <span style="background:# | 00EC0420 <span style="background:#dd00dd;">3B A5 C6 F9</span> C0 00 B6 70 00 00 00 00 00 00 04 90 ;¥ÆùÀ.¶p........ | ||
00EC0430 00 00 00 00 00 00 09 20 <span style="background:#ffff66;">00 00 00 00 00 00 00 03</span> ....... ........ <-- 0x8 bytes pattern exception ! | |||
[...] <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span> <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span> ....... ....... <-- 0x8 bytes repetive pattern | |||
[...] <span style="background:# | 00EC1930 <span style="background:#ffff66;">00 00 00 00 00 00 00 01</span> <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span> ............... <-- 0x8 bytes pattern exception ! | ||
[...] <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span> <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span> ....... ....... <-- 0x8 bytes repetive pattern | |||
[...] <span style="background:# | 00EC21F0 <span style="background:#ffff66;">00 00 00 00 00 00 00 02</span> <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span> ............... <-- 0x8 bytes pattern exception ! | ||
[...] <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span> <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span> ....... ....... <-- 0x8 bytes repetive pattern | |||
[...] <span style="background:# | 00EC24F0 <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span> <span style="background:#ffff66;">00 00 00 00 00 00 00 00</span> ....... ........ <-- 0x8 bytes pattern exception ! | ||
[...] <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span> <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span> ....... ....... <-- 0x8 bytes repetive pattern | |||
00EC28C0 <span style="background:#ffcccc;">00 00 00 00 00 00 09 20</span> <span style="background:#ff8888;">10 70</span> <span style="background:#ffaaaa;">00 00 02</span> <span style="background:#ffaaaa;">00 00 01</span> ....... .p...... | |||
00EC28D0 <span style="background:#ff8888;">10 70</span> <span style="background:#ffaaaa;">00 00 39</span> <span style="background:#ffaaaa;">00 00 01</span> <span style="background:#ff6666;">22 66 39 B3 0E 7A 1C E7</span> .p..9..."f9³.z.ç <-- encrypted section | |||
00EC28E0 <span style="background:#ff6666;">68 85 F9 94 A8 30 BE C4 0B 85 D0 92 1E C0 8F 28</span> h…ù”¨0¾Ä.…Ð’.À.( | |||
00EC28F0 <span style="background:#ff6666;">7F 70 ED 15 D6 22 06 24 D9 08 64 0B C0 D7 97 29</span> .pí.Ö".$Ù.d.À×—) | |||
00EC2900 <span style="background:#ff6666;">BE A1 FE 91 D1 F2 D4 88 25 EF 24 86 E0 A3 CB 98</span> ¾¡þ‘ÑòÔˆ%ï$†à£Ë˜ | |||
00EC2910 <span style="background:#ff6666;">AF 17 6F B1 64 A0 56 E5</span> <span style="background:#bb6666;">00 00 00 00 00 00 00 01</span> ¯.o±d Vå........ | |||
00EC2920 <span style="background:#ffcccc;">00 00 00 00 00 00 09 20</span> <span style="background:#ff8888;">10 70</span> <span style="background:#ffaaaa;">00 00 02</span> <span style="background:#ffaaaa;">00 00 01</span> ....... .p...... | |||
00EC2930 <span style="background:#ff8888;">10 70</span> <span style="background:#ffaaaa;">00 00 03</span> <span style="background:#ffaaaa;">00 00 02</span> <span style="background:#ff6666;">F9 D9 6A 84 0C F2 D8 E7</span> .p......ùÙj„.òØç <-- encrypted section | |||
00EC2940 <span style="background:#ff6666;">D4 44 5C 3C DF D5 DF 0F B8 DC 3E 81 9A A4 71 8F</span> ÔD\<ßÕß.¸Ü>.š¤q. | |||
00EC2950 <span style="background:#ff6666;">0A A8 8B 90 1B 2C A1 D1 66 84 AA EE 65 D1 46 9A</span> .¨‹..,¡Ñf„ªîeÑFš | |||
00EC2960 <span style="background:#ff6666;">D7 38 83 F2 78 47 D1 8E E5 FA EB 39 CF 26 E8 25</span> ×8ƒòxGÑŽåúë9Ï&è% | |||
00EC2970 <span style="background:#ff6666;">85 DE 3B C6 0B C3 45 D5</span> <span style="background:#bb6666;">00 00 00 00 00 00 00 00</span> …Þ;Æ.ÃEÕ........ | |||
00EC2980 <span style="background:#ffcccc;">00 00 00 00 00 00 09 20</span> <span style="background:#ff8888;">04 00</span> <span style="background:#ffaaaa;">00 00 02</span> <span style="background:#ffaaaa;">00 00 05</span> ....... ........ | |||
00EC2990 <span style="background:#ff8888;">10 70</span> <span style="background:#ffaaaa;">00 05 FF</span> <span style="background:#ffaaaa;">00 00 01</span> <span style="background:#ff6666;">0C 1C 05 9C AA B5 97 A5</span> .p..ÿ......œªµ—¥ <-- encrypted section | |||
00EC29A0 <span style="background:#ff6666;">9C D6 46 2D EA 22 46 BE D1 84 A9 1E 34 5F E7 90</span> œÖF-ê"F¾Ñ„©.4_ç. | |||
00EC29B0 <span style="background:#ff6666;">55 49 11 82 51 9D 4A 3F EF 43 19 E8 4F 6A 5B FF</span> UI.‚Q.J?ïC.èOj[ÿ | |||
00EC29C0 <span style="background:#ff6666;">DA 31 E9 F0 76 C8 B2 6B 0B A7 47 8E BE 42 28 9F</span> Ú1éðvȲk.§GŽ¾B(Ÿ | |||
00EC29D0 <span style="background:#ff6666;">2B 88 73 0B A5 B6 F2 1D</span> <span style="background:#bb6666;">00 00 00 00 00 00 00 00</span> +ˆs.¥¶ò......... | |||
00EC29E0 <span style="background:#999999;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span> ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ <-- not-used slots for encrypted data ? | |||
[...] <span style="background:#999999;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span> ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00EF94C0 <span style="background:#6666ff;">39 17 52 0B 31 70 F5 05 02 5A C6 F8 81 F8 54 96</span> 9.R.1põ..ZÆø.øT– <-- 0x14 bytes lenght hashes table start, default is same than 0xEC0100 | |||
00EF94D0 <span style="background:#6666ff;">2F EF F3 81</span> 39 17 52 0B 31 70 F5 05 02 5A C6 F8 /ïó.9.R.1põ..ZÆø | |||
[...] | |||
00EFEFE0 02 5A C6 F8 81 F8 54 96 2F EF F3 81 <span style="background:#6666ff;">39 17 52 0B</span> .ZÆø.øT–/ïó.9.R. | |||
00EFEFF0 <span style="background:#6666ff;">31 70 F5 05 02 5A C6 F8 81 F8 54 96 2F EF F3 81</span> 1põ..ZÆø.øT–/ïó. <-- 0x14 bytes lenght hashes table end | |||
[...] <span style="background:# | 00EFF000 <span style="background:#cccccc;">00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</span> ................ <-- 0x00's filled up to end of file | ||
00EFFFF0 <span style="background:# | [...] <span style="background:#cccccc;">00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</span> ................ | ||
00EFFFF0 <span style="background:#cccccc;">00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</span> ................ | |||
==NOR Example== | ==NOR Example== | ||
Line 183: | Line 134: | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00EC0000 53 43 45 49 FF FF FF FF FF FF FF FF FF FF FF FF SCEIÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00EC0010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
... | |||
00EC3FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00EC4000 00 00 00 00 56 54 52 4D 00 00 00 00 00 00 00 04 ....VTRM........ | |||
00EC4010 0D 20 53 4F EE E8 06 E3 E7 AC 57 E1 E9 64 6C BF . SOîè.ãç¬Wáédl¿ | |||
00EC4020 ED BE 69 E1 00 00 00 E0 00 00 00 00 00 00 02 09 í¾iá...à........ | |||
00EC4030 00 00 00 00 00 00 04 12 00 00 00 00 00 00 00 02 ................ | |||
00EC4040 00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12 ................ | |||
00EC4050 00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12 ................ | |||
00EC4060 00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12 ................ | |||
00EC4070 00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12 ................ | |||
00EC4080 00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12 ................ | |||
00EC4090 00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12 ................ | |||
00EC40A0 00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12 ................ | |||
00EC40B0 00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12 ................ | |||
00EC40C0 00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12 ................ | |||
00EC40D0 00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12 ................ | |||
00EC40E0 00 00 00 00 00 00 04 12 00 00 | |||
{{Flash}} | {{Flash}} | ||
<noinclude>[[Category:Main]]</noinclude> | <noinclude>[[Category:Main]]</noinclude> |