Editing Talk:Downgrading with Hardware flasher

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
==Quick 'n Dirty prepatched==
==Quick 'n Dirty prepatched==
* http://www.psdevwiki.com/files/firmware/MFW-CEX/Downgrader/315-downgrader.pup (163.88 MB)  (MD5:954C3618BDEC277A546739CDB971C957 | SHA1:C074BD80F9F9AD13773163B69C0008528E6C2E6A | CRC16:C0FD | CRC32:75A740C5)
* http://www.ps3devwiki.com/files/firmware/MFW-CEX/Downgrader/315-downgrader.pup (163.88 MB)
* http://www.psdevwiki.com/files/firmware/MFW-CEX/Downgrader/341-downgrader.pup (167.1 MB) [http://www.mirrorcreator.com/files/1OEUY3WR/341-downgrader.pup_links mirror]
* http://www.ps3devwiki.com/files/firmware/MFW-CEX/Downgrader/341-downgrader.pup (167.1 MB)
(MD5:533C668CDB8864442991310481BCF64A | SHA1:C7AA2637BA69C675C2F13C214888D0C42EE4CDAF | CRC16:881B | CRC32:0634A651)
* http://www.ps3devwiki.com/files/firmware/MFW-CEX/Downgrader/355-downgrader.pup (170.62 MB)


* http://www.psdevwiki.com/files/firmware/MFW-CEX/Downgrader/355-downgrader.pup (170.62 MB)
(MD5:8415159C72CA4050DF8B940874C52921 | SHA1:703368087CE5BF17319676CE6166CE8CCF5877C4 | CRC16:BD6B | CRC32:549F0348)


*PS3MFW Features Enabled
** Change PUP build / version
** Patch LV1 (downgrader) checks
** Patch LV1 hypervisor:  Allow mapping of any memory area (Needed for LV2 Poke)
** Patch LV2 kernel: Patch to add Peek&Poke system calls to LV2
** Patch package installer: Patch to allow installation of pseudo-retail packages + debug packages
** Patch Application launcher: Patch to allow running of unsigned applications
** Add new icons to the XMB Game category: Add Install Package Files + app_home + icons to the XMB Game Category


::PS3MFW Features Enabled
== Quick syscon rehashing ==
::* Change PUP build / version
Goal: To be able to install unpatched firmwares on consoles that where previously on 3.56+
::* Patch LV1 (downgrader) checks
::* Patch LV1 hypervisor:  Allow mapping of any memory area (Needed for LV2 Poke)
::* Patch LV2 kernel: Patch to add Peek&Poke system calls to LV2
::* Patch package installer: Patch to allow installation of pseudo-retail packages + debug packages
::* Patch Application launcher: Patch to allow running of unsigned applications
::* Add new icons to the XMB Game category: Add Install Package Files + app_home + icons to the XMB Game Category


== 3.41 NAND Preloaderdumps downgrader patches ==
=== The FSM dance ===
Use these NAND patches only on dumps made with NAND Preloader, not regular NAND dumps and not on NOR!
NOR only, for now! Don't use directly as is on NAND, because offsets will differ!
 
=== Patch files used ===
Depending on which step, will be used in one or both ROS areas:
* [http://www.multiupload.com/LDVW5O233F ROS-empty.bin (7 MB)]
* [http://www.multiupload.com/X69SN5258J ROS-filled.bin (7 MB)]
This will be the same for all steps:
* [http://www.multiupload.com/DYBWAJOGQK RVK-0x40000.bin (512 KB)]
 
After each step of patching, enter Factory Service Mode and reinstall nonpatched firmware (e.g. OFW)
 
==== Step1 ====
{|class="wikitable"
{|class="wikitable"
|-
|-
! Target area !! Patchfile !! NAND Offset !! Paste length !! Remarks
! Target area !! Patchfile !! NOR Offset !! Paste length !! Remarks
|-
|-
| ROS0 || coreos_341_lv1_integryty_fix.bin patch1 (7 MB) || 0x080030 || 0x6FFFE0 || CoreOS (prepatched 3.41)
| ROS0 || [http://www.multiupload.com/LDVW5O233F ROS-empty.bin (7 MB)] || 0x0C0000 || 0x6FFFE0 ||  
|-
|-
| ROS1 || coreos_341_lv1_integryty_fix.bin patch1 (7 MB) || 0x780020 || 0x6FFFE0 || CoreOS (SAME as ros0)
| ROS1 || [http://www.multiupload.com/LDVW5O233F ROS-empty.bin (7 MB)] || 0x7C0000 || 0x6FFFE0 ||  
|-
|-
| trvk_prg0&nbsp;(0x051800)<br />trvk_prg1&nbsp;(0x052800) || trvk_prg&nbsp;(8&nbsp;KB) || 0x051800 || 0x2000 || double patch overlapping both program revoke area's
| trvk_prg0 (0x40000) <br />trvk_prg1 (0x60000)<br />trvk_pkg0 (0x80000) <br />trvk_pkg1 (0xA0000) || [http://www.multiupload.com/DYBWAJOGQK RVK-0x40000.bin (512 KB)] || 0x40000 || 0x80000 || one big patch<br />overlapping several revoke area's
|-
| trvk_pkg0&nbsp;(0x053800)<br />trvk_pkg1&nbsp;(0x054800) || trvk_pkg&nbsp;(8&nbsp;KB) || 0x053800 || 0x2000 || double patch overlapping both package revoke area's
|-
|-
|}
|}
(above patches in a single package + autopatcher file: [http://www.mirrorcreator.com/files/GPTTMIPY/3.41_NAND_Preloaderdumps_downgrader_patches.rar_links 3.41_NAND_Preloaderdumps_downgrader_patches.rar])
==== Step2 ====
 
== 3.41 NOR downgrader patches ==
Use [http://www.psdevwiki.com/files/flash/patches/341-NOR%20downgrade/ 3.41-NOR patches] only on NOR consoles, not on NAND!
{|class="wikitable"
{|class="wikitable"
|-
|-
! Target area !! Patchfile !! NOR Offset !! Paste length !! Remarks
! Target area !! Patchfile !! NOR Offset !! Paste length !! Remarks
|-
|-
| ROS0 || [http://www.psdevwiki.com/files/flash/patches/341-NOR%20downgrade/patch1 patch1 (7 MB)] || 0x0C0010 || 0x6FFFE0 || CoreOS (prepatched 3.55)
| ROS0 || [http://www.multiupload.com/X69SN5258J ROS-filled.bin (7 MB)] || 0x0C0000 || 0x6FFFE0 ||  
|-
|-
| ROS1 || [http://www.psdevwiki.com/files/flash/patches/341-NOR%20downgrade/patch1 patch1 (7 MB)] || 0x7C0010 || 0x6FFFE0 || CoreOS (SAME as ros0)
| ROS1 || [http://www.multiupload.com/LDVW5O233F ROS-empty.bin (7 MB)] || 0x7C0000 || 0x6FFFE0 ||  
|-
|-
| trvk_prg0 (0x40000) <br />trvk_prg1 (0x60000)<br />trvk_pkg0 (0x80000) <br />trvk_pkg1 (0xA0000) || [http://www.psdevwiki.com/files/flash/patches/341-NOR%20downgrade/rvk-040000 rvk-040000 (512 KB)] || 0x40000 || 0x80000 || one big patch<br />overlapping several revoke area's
| trvk_prg0 (0x40000) <br />trvk_prg1 (0x60000)<br />trvk_pkg0 (0x80000) <br />trvk_pkg1 (0xA0000) || [http://www.multiupload.com/DYBWAJOGQK RVK-0x40000.bin (512 KB)] || 0x40000 || 0x80000 || one big patch<br />overlapping several revoke area's
|-
|-
|}
|}
(above patches in a single package + autopatcher file: [http://www.psdevwiki.com/files/flash/patches/341-NOR%20downgrade.rar 341-NOR downgrade.rar] [http://www.mirrorcreator.com/files/QAO9LNID/341-NOR_downgrade.rar_links mirror])
==== Step3 ====
 
{|class="wikitable"
=== E3 Flasher ===
|-
Use these instead (already reversed), otherwise you get into a maze of bytereversing: [http://www.psdevwiki.com/files/flash/patches/341-E3%20downgrade.rar 341-E3 downgrade.rar]
! Target area !! Patchfile !! NOR Offset !! Paste length !! Remarks
 
|-
== PS3 Nor and Nand Auto Patcher by Rogero ==
| ROS0 || [http://www.multiupload.com/LDVW5O233F ROS-empty.bin (7 MB)] || 0x0C0000 || 0x6FFFE0 ||  
=== Source ===
{{Boxcode|code=<syntaxhighlight lang="cpp">
///////////////////////////////////////////////////////////////////////////
// PS3 Nor and Nand Auto Patcher v0.05        by Rogero    25/Mar/2013 //
///////////////////////////////////////////////////////////////////////////
 
 
    #include <iostream>
    #include <fstream>
    //#include <string>
    #include <direct.h>
    #include "ConsoleColor.h"
 
using namespace std;
 
void Patch(char*, char*, char*, int, int);
 
int main(int argc, char * argv[])
    {
    cout<<green<<"-----------------------------------------------------------------------"<<endl;
        cout<<"    PS3 Flash Auto Patcher v4.55              by Rogero  15/Feb/2014"<<endl<<endl;
        cout<<"    ( Patch NOR and NAND Dumps with CFW4.55 patches / No FSM needed )"<<endl;
cout<<"-----------------------------------------------------------------------"<<endl<<endl;
 
 
if(argc < 2){
 
  cout <<white<< endl << "Copy your PS3's Flash Dump into the program's folder,\n\n";
  cout << "Then Drag and Drop your Dump File onto the exe to apply the Downgrade Patches.\n";
      cout <<yellow<< endl << endl << endl << "Press any key to exit.";
  cin.get();
      return 0;
  }
 
 
 
    cout <<yellow<< "Processing the file: " <<white<< endl << argv[1] << "\n\n\n";
 
        //WinXP current directory / Files Path Fix /////////////////////////////////
        string path = argv[0];
        //remove the executable file name from the full path to get current working directory
        path.erase(path.rfind("\\")+1, std::string::npos);
 
        //Change to Current working directory
        _chdir(path.c_str());
        ////////////////////////////////////////////////////////////////////////////
 
 
FILE *ifile;
unsigned char *buf = NULL;
buf = (unsigned char *) malloc(1);
int type = 0; // 0 = NOR , 1 = NOR ByteReversed , 2 = Nand Interleaved , 3 = Unknown , 4 = NOR metldr 2
ifile = fopen( (char*) argv[1], "rb+");
 
// Detect Dump type
/////////////////////////////////////////////////////////////////////
if (ifile != NULL) {
fseek(ifile, 0x40220, SEEK_SET);  // read byte at 0x40220
fread( buf, 1, 1, ifile);
 
//printf("%02X",(int)buf[0]);
if (("%02X",(int)buf[0]) == 0x61) // Nand
{
fseek(ifile, 0x40228, SEEK_SET);
fread( buf, 1, 1, ifile);
if (("%02X",(int)buf[0]) == 0x6C) // double check if Nand
    type = 2;  // Nand
else
type = 3;  // Unknown
}
else
{
if (("%02X",(int)buf[0]) == 0x00) // Nor
{
fseek(ifile, 0x420, SEEK_SET);
fread( buf, 1, 1, ifile);
if (("%02X",(int)buf[0]) == 0x73) // check if ByteReversed
    {
fseek(ifile, 0x826, SEEK_SET);
fread( buf, 1, 1, ifile);
if (("%02X",(int)buf[0]) == 0x32) // check if metldr 2
type = 4;  // Nor with metldr 2
else
type = 1;  // Nor ByteReversed
}
else
{
if (("%02X",(int)buf[0]) == 0x61) // check if Normal
    {
fseek(ifile, 0x827, SEEK_SET);
fread( buf, 1, 1, ifile);
if (("%02X",(int)buf[0]) == 0x32) // check if metldr 2
type = 4;  // Nor with metldr 2
else
type = 0;  // Nor Normal
}
else
type = 3;  // Unknown
}
}
else
type = 3;  // Unknown
}
}
/////////////////////////////////////////////////////////////////////
 
cout <<yellow<< "Opening Files...\n\n";
 
 
if (type == 0) // Normal dump = Progskeet
{
cout << "********************************************************\n";
cout << "* This is a Normal NOR Dump (Progskeet/Winskeet style) *\n";
cout << "********************************************************\n\n"<<white;
 
Patch(argv[1], "Data/patch1n.bin", "Temp_1.bin", 786448, 1);
Patch("Temp_1.bin", "Data/patch1n.bin", "NOR_patched.bin", 8126480, 2);
 
//Patch("bkpps3_Temp_2.bin", "Data/patch2n.bin", "bkpps3_patched.bin", 262144, 3);
}
 
if (type == 1) // Byte-swapped dump = E3
{
cout << "*******************************************************\n";
cout << "* This is a byte-reversed NOR Dump (E3 Flasher style) *\n";
cout << "*******************************************************\n\n"<<white;
 
Patch(argv[1], "Data/patch1r.bin", "Temp_1.bin", 786448, 1);
Patch("Temp_1.bin", "Data/patch1r.bin", "bkpps3_NOR_patched.bin", 8126480, 2);
//Patch("bkpps3_Temp_2.bin", "Data/patch2.bin", "bkpps3_patched.bin", 262144, 3);
}
 
if (type == 0 || type == 1)
{
cout <<yellow<< "Deleting Temp Files....\n";
remove("Temp_1.bin");
//remove("bkpps3_Temp_2.bin");
cout << "Done.\n";
cout << green << endl << endl << "Your NOR Dump was successfully patched and is ready to be flashed.";
cout << yellow <<endl << endl << endl << "Press any key to exit.";
cin.get();
return(0);
}
 
if (type == 2) // Nand
{
cout << "*******************************************************\n";
cout << "* This is an Interleaved NAND Dump (by FlowRebuilder) *\n";
cout << "*******************************************************\n\n"<<white;
 
Patch(argv[1], "Data/patch1n.bin", "Temp_1.bin", 786480, 1);
Patch("Temp_1.bin", "Data/patch1n.bin", "NAND_patched.bin", 8126496, 2);
//Patch("bkpps3_Temp_2.bin", "Data/patch2.bin", "bkpps3_patched.bin", 262144, 3);
 
cout <<yellow<< "Deleting Temp Files....\n";
remove("Temp_1.bin");
//remove("bkpps3_Temp_2.bin");
cout << "Done.\n";
cout << green << endl << endl << "Your NAND Dump was successfully patched and is ready to be re-scrambled"<<endl<<"then de-interleaved into 2 flashes using latest version of FlowRebuilder.";
cout << yellow <<endl << endl << endl << "Press any key to exit.";
cin.get();
return(0);
}
 
if (type == 3) // Unknown
{
cout <<red<< "********************************************************\n";
cout << "* This is an Unknown Flash Type or a Bad File Detected *\n";
cout << "********************************************************\n\n\n"<<white;
 
cout << "The Program will exit now, check your Flash Dump then try again...";
cout << yellow <<endl << endl << endl << "Press any key to exit.";
cin.get();
return(0);
}
 
if (type == 4) // Metldr 2
{
cout <<red<< "***********************************************************************\n";
cout << "* This is a NOR Dump with a Non-Downgradable Metldr revision Detected *\n";
cout << "***********************************************************************\n\n\n"<<white;
 
cout << "The Program will exit now...";
cout << yellow <<endl << endl << endl << "Press any key to exit.";
cin.get();
return(0);
}
 
    } // end main
    //////////////////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
void Patch(char* input, char* patch, char* output, int offset, int no)
    {
    ifstream inmain(input,ios::in|ios::binary);
ifstream inpatch(patch,ios::in|ios::binary);
    ofstream patched(output,ios::out|ios::binary);
 
if ( inmain.is_open() )
  {
if (inpatch.is_open())
{
 
if (patched.is_open())
{
 
cout << "Applying Patch Number "<<no<<"...\n";
 
int patchStartOffset = offset ;
    char ioChar;
    for (int i = 0; i < patchStartOffset; i++)
    {
    inmain.get(ioChar);
    patched.put(ioChar);
    }
 
int patchLen = 0;
while (inpatch.get(ioChar))
    {
patched.put(ioChar);
    patchLen++;
}
 
    streampos mainPos = inmain.tellg();
    mainPos += patchLen;
    inmain.seekg(mainPos);
    while (inmain.get(ioChar))
    {
    patched.put(ioChar);
    }
 
patched.close();
inpatch.close();
inmain.close();
}
else
  {
    cout << "Error opening output file !!\n\n";
cout << "Please make sure you have enough free space to run the program...\n\n\n\n";
cout << "Press any key to exit.";
cin.get();
exit(0);
}
}
else
  {
    cout << "Error opening patch file !!\n\n";
cout << "Please make sure to place the Nor Dump inside the Program's folder\n";
cout << "before you Drag and Drop.\n\n\n\n";
cout << "Press any key to exit.";
cin.get();
exit(0);
}
}
else
  {
    cout << "Error opening input file\n";
cout << "Press any key to exit.";
cin.get();
exit(0);
}
}
</syntaxhighlight>}}
 
== Venix Autopatcher ==
=== Warning ===
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;"
|-
|-
! style="background-color:red!important;" | <span style="background-color:lightred; color:white; font-size:200%; ">Warning</span>
| ROS1 || [http://www.multiupload.com/X69SN5258J ROS-filled.bin (7 MB)] || 0x7C0000 || 0x6FFFE0 ||
|-
|-
| <span style="white; color:red!important; font-size:150%; text-align:center; ">This tool is known and proven to give false positives on bad dumps that lead to permabricks.
| trvk_prg0 (0x40000) <br />trvk_prg1 (0x60000)<br />trvk_pkg0 (0x80000) <br />trvk_pkg1 (0xA0000) || [http://www.multiupload.com/DYBWAJOGQK RVK-0x40000.bin (512 KB)] || 0x40000 || 0x80000 || one big patch<br />overlapping several revoke area's
 
Use this method: [[Validating flash dumps]] to make sure the dumps are in crisp condition.
 
You cannot recover from bad flash without proper dumps (e.g. bricking the console beyond repair).<br />
''<small>note: there are  12½ million bits to permabrick a console</small>''</span>
|-
|-
|}
|}
=== Intro ===
Some portuguese dude (somehow venix name reminds me of a fake bricker CFW and highly hyped and never released manager long time ago) apparently never found wiki guides or used flowrebuilder/winskeet autopatcher or hexeditor with autopatch scripts.
=== Versions ===
Venix Downgrade GUI v1.0.0.0\Venix Downgrade.exe
  SHA1:BED08FC1FEF623C08E84832DAB0DF428D3143BF5 | MD5:1215174ED33E599B7F23F345B01B6EF9 | CRC32:3339B7F8 | CRC16:3F31
  &nbsp;
Venix Downgrade GUI v1.0.0.1\Venix Downgrade.exe
  SHA1:06689D0ACB9072EE0D6BA6B9C7665A4C375F583A | MD5:F7FE9D028DC2DF6DD281E0AA90653DC4 | CRC32:0903470A | CRC16:013F
=== Tests ===
Time for some tests, like I did with [[E3#E3_Nor_dump_checker|E3 Nor dump checker]].
==== Quick bulletproof test ====
does not test:
* bad region - <span style="white; color:red!important;">not detected</span>, user not warned -> result = <span style="white; color:red!important;">brick file</span>
* bad A9 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A10 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A11 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A12 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A13 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A14 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A15 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A16 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A17 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A18 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A19 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A20 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A21 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A22 wire - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad boardID - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad bootldr - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad cCSD unreferenced area - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad cISD unreferenced area - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad EID unreferenced area - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad header - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad header asecure loader - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad header cISD - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad header cvtrm - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad header eEID - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad header metldr - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad metldr - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad/missing bootldr - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad/missing cCSD - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad/missing cISD0 - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad/missing cISD1 - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad/missing cISD2 - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad/missing EID0 - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad/missing EID1 - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad/missing EID2 - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad/missing EID3 - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad/missing EID4 - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad/missing EID5 - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad/missing metldr - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad/missing PerConsoleNonce - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad patterned non 00's - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad patterned non FF's - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
* bad region - <span style="white; color:red!important;">not detected</span>, patch file created -> result = <span style="white; color:red!important;">brick file</span>
partly test (if user flashes that, it will permabrick):
* bad A0 wire - detected, 00 filled file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A1 wire - detected, 00 filled file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A2 wire - detected, 00 filled file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A3 wire - detected, 00 filled file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A4 wire - detected, 00 filled file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A5 wire - detected, 00 filled file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A6 wire - detected, 00 filled file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A7 wire - detected, 00 filled file created -> result = <span style="white; color:red!important;">brick file</span>
* bad A8 wire - detected, 00 filled file created -> result = <span style="white; color:red!important;">brick file</span>
* bad header IFI - detected, patch file created -> result = <span style="white; color:red!important;">brick file</span>
does test:
* circulair reference - errors out: "The process cannot access the file '\nor-validationtest\venix.bin' because it is being used by another process." -> result = OK
==== Conclusion ====
Conclusion : '''<span style="white; color:red!important;">USELESS</span>''', brickdumps will still show as 'valid' and corrupt patch files will be generated, not preventing the user from permabricking. <br />
==== Recomendation ====
'''<span style="white; color:red!important;">Recommendation: [[Validating flash dumps|Validate flash dumps]] first and use [http://www.psdevwiki.com/files/flash/Tools/Flowrebuilder/ Flowrebuilder] or [http://www.psdevwiki.com/files/flash/Tools/Progskeet/Winskeet/ Winskeet] with [http://www.psdevwiki.com/files/flash/patches/ autopatcher] instead.'''
=== Newssites that news'ed the 'tool' ===
* <span style="text-decoration: line-through;">http://www.ps3crunch.net/forum/threads/3162-Venix-Downgrade-GUI-released-for-Playstation-3</span> (removed it later)
* http://psx-scene.com/forums/content/venix-downgrade-gui-automated-downgrader-validator-2118 (added warning "USE WITH CAUTION!!!! Read the posts below first!!!!")
* http://www.ps3news.com/ps3-cfw-mfw/venix-downgrade-ps3-4-11-to-3-55-patch-gui-is-released/
=== Newssite that refused to news it ===
* http://www.ps3hax.net/2012/04/warning-venix-autopatcher-is-a-dangerous-tool-do-not-use-it/ (they had read above warning on wiki and decided it was best for their users not to frontpage it)
=== Patches contained inside binairy ===
==== trvk_prg ====
===== 1 =====
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00701BB0                                  00 00 00 00 00            .....
00701BC0  00 00 00 00 00 00 00 00 00 02 E0 53 43 45 00 00  ..........àSCE..
00701BD0  00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00  ................
00701BE0  00 02 00 00 00 00 00 00 00 00 E0 11 07 9A A0 E5  ..........à..š å
00701BF0  A2 D4 48 DE 06 9C E7 E3 74 A8 67 33 E5 95 F4 56  ¢ÔHÞ.œçãt¨g3å•ôV
00701C00  F4 DC E3 9B 64 56 A1 0C 11 98 79                ôÜã›dV¡..˜y
...
===== 2 =====
(same as 1)
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00702BA0                                  00 00 00 00 00            .....
00702BB0  00 00 00 00 00 00 00 00 00 02 E0 53 43 45 00 00  ..........àSCE..
00702BC0  00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00  ................
00702BD0  00 02 00 00 00 00 00 00 00 00 E0 11 07 9A A0 E5  ..........à..š å
00702BE0  A2 D4 48 DE 06 9C E7 E3 74 A8 67 33 E5 95 F4 56  ¢ÔHÞ.œçãt¨g3å•ôV
00702BF0  F4 DC E3 9B 64 56 A1 0C 11 98 79                ôÜã›dV¡..˜y
...
===== 3 =====
(same as 1)
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
01545B90                                            00 00                ..
01545BA0  00 00 00 00 00 00 00 00 00 00 00 00 00 02 E0 53  ..............àS
01545BB0  43 45 00 00 00 00 02 00 00 00 02 00 00 00 00 00  CE..............
01545BC0  00 00 00 00 00 02 00 00 00 00 00 00 00 00 E0 11  ..............à.
01545BD0  07 9A A0 E5 A2 D4 48 DE 06 9C E7 E3 74 A8 67 33  .š å¢ÔHÞ.œçãt¨g3
01545BE0  E5 95 F4 56 F4 DC E3 9B 64 56 A1 0C 11 98 79    å•ôVôÜã›dV¡..˜y
...
==== trvk_pkg ====
===== 4 =====
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00703BB0                                  00 00 00 00 00            .....
00703BC0  00 00 00 00 00 00 00 00 00 02 60 53 43 45 00 00  ..........`SCE..
00703BD0  00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00  ................
00703BE0  00 02 00 00 00 00 00 00 00 00 60 BD 25 0F C3 46  ..........`½%.ÃF
00703BF0  1C ED 7C A9 0D 0B 63 31 C5 10 FD 5C A0 CA 58 D3  .í|©..c1Å.ý\ ÊXÓ
00703C00  F1 A9 DB B7 03 C5 94 66 83 C1 96                ñ©Û·.Å”fƒÁ–
...
===== 5 =====
(same as 1)
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
01505B80                00 00 00 00 00 00 00 00 00 00 00      ...........
01505B90  00 00 00 02 60 53 43 45 00 00 00 00 02 00 00 00  ....`SCE........
01505BA0  02 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00  ................
01505BB0  00 00 00 00 60 BD 25 0F C3 46 1C ED 7C A9 0D 0B  ....`½%.ÃF.í|©..
01505BC0  63 31 C5 10 FD 5C A0 CA 58 D3 F1 A9 DB B7 03 C5  c1Å.ý\ ÊXÓñ©Û·.Å
01505BD0  94 66 83 C1 96                                  ”fƒÁ–
...
===== 6 =====
(same as 4)
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
01525B90        00 00 00 00 00 00 00 00 00 00 00 00 00 00    ..............
01525BA0  02 60 53 43 45 00 00 00 00 02 00 00 00 02 00 00  .`SCE...........
01525BB0  00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00  ................
01525BC0  00 60 BD 25 0F C3 46 1C ED 7C A9 0D 0B 63 31 C5  .`½%.ÃF.í|©..c1Å
01525BD0  10 FD 5C A0 CA 58 D3 F1 A9 DB B7 03 C5 94 66 83  .ý\ ÊXÓñ©Û·.Å”fƒ
01525BE0  C1 96                                            Á–
...
==== ros ====
===== 7 =====
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00001BA0                    00 00 00 01 00 00 00 18 00 00        ..........
00001BB0  00 00 00 6F FF E0 00 00 00 00 00 00 04 90 00 00  ...oÿà..........
00001BC0  00 00 00 00 42 98 61 69 6D 5F 73 70 75 5F 6D 6F  ....B˜aim_spu_mo
00001BD0  64 75 6C 65 2E 73 65 6C 66 00 00 00 00 00 00 00  dule.self.......
00001BE0  00 00 00 00 00 00 00 00 00 00 00 00 47 30 00 00  ............G0..
00001BF0  00 00 00 01 F6 D8 61 70 70 6C 64 72 00 00 00 00  ....öØappldr....
00001C00  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
===== 8 =====
(same as 7)
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00705BA0                                  00 00 00 01 00            .....
00705BB0  00 00 18 00 00 00 00 00 6F FF E0 00 00 00 00 00  ........oÿà.....
00705BC0  00 04 90 00 00 00 00 00 00 42 98 61 69 6D 5F 73  .........B˜aim_s
00705BD0  70 75 5F 6D 6F 64 75 6C 65 2E 73 65 6C 66 00 00  pu_module.self..
00705BE0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00705BF0  00 47 30 00 00 00 00 00 01 F6 D8 61 70 70 6C 64  .G0......öØappld
00705C00  72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  r...............
===== 9 =====
(same as 7)
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00E05B90                          00 00 00 01 00 00 00 18          ........
00E05BA0  00 00 00 00 00 6F FF E0 00 00 00 00 00 00 04 90  .....oÿà........
00E05BB0  00 00 00 00 00 00 42 98 61 69 6D 5F 73 70 75 5F  ......B˜aim_spu_
00E05BC0  6D 6F 64 75 6C 65 2E 73 65 6C 66 00 00 00 00 00  module.self.....
00E05BD0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 47 30  ..............G0
00E05BE0  00 00 00 00 00 01 F6 D8 61 70 70 6C 64 72 00 00  ......öØappldr..
00E05BF0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
==== Note ====
wiki v2 downgrader contains 2 patchsets, used on 3 offsets. Having 9 sounds like a bit of overkill to bloat the binairy.
=== Checks ===
There is not much checked in the patcher:
- only size is checked
- and header "oÿà" (bytereversed, like with progskeet, teensy etc) versus "àÿo" (as E3).
==== 10 ====
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00001A30  0A 4E 00 61 00 6E 00 64 00 31 00 00 00 00 00 18  .N.a.n.d.1......
00001A40  4E 00 61 00 6E 00 64 00 31 00 52 00 65 00 70 00  N.a.n.d.1.R.e.p.
00001A50  65 00 61 00 74 00 31 00 E5 FF 6F 00 14 4E 00 61  e.a.t.1.åÿo..N.a
00001A60  00 6E 00 64 00 31 00 53 00 74 00 61 00 72 00 74  .n.d.1.S.t.a.r.t
00001A70  00 ED FF 6F 00 0A 4E 00 61 00 6E 00 64 00 32 00  .íÿo..N.a.n.d.2.
00001A80  F5 FF 6F 00 14 4E 00 61 00 6E 00 64 00 32 00 53  õÿo..N.a.n.d.2.S
00001A90  00 74 00 61 00 72 00 74 00 FA 3F 70 00 12 4E 00  .t.a.r.t.ú?p..N.
00001AA0  61 00 6E 00 64 00 43 00 6F 00 75 00 6E 00 74 00  a.n.d.C.o.u.n.t.
00001AB0  02 40 70 00 08 4E 00 6F 00 72 00 31 00 05 40 70  [email protected]..@p
00001AC0  00 12 4E 00 6F 00 72 00 31 00 53 00 74 00 61 00  ..N.o.r.1.S.t.a.
00001AD0  72 00 74 00 EA 3F E0 00 08 4E 00 6F 00 72 00 32  r.t.ê?à..N.o.r.2
00001AE0  00 F2 3F E0 00 12 4E 00 6F 00 72 00 32 00 53 00  .ò?à..N.o.r.2.S.
00001AF0  74 00 61 00 72 00 74 00 D7 3F 50 01 08 4E 00 6F  t.a.r.t.×?P..N.o
00001B00  00 72 00 33 00 DF 3F 50 01 12 4E 00 6F 00 72 00  .r.3.ß?P..N.o.r.
00001B10  33 00 53 00 74 00 61 00 72 00 74 00 E4 3F 52 01  3.S.t.a.r.t.ä?R.
00001B20  08 4E 00 6F 00 72 00 34 00 EC 3F 52 01 12 4E 00  .N.o.r.4.ì?R..N.
00001B30  6F 00 72 00 34 00 53 00 74 00 61 00 72 00 74 00  o.r.4.S.t.a.r.t.
00001B40  F1 3F 54 01 08 4E 00 6F 00 72 00 35 00 F9 3F 54  ñ?T..N.o.r.5.ù?T
00001B50  01 12 4E 00 6F 00 72 00 35 00 53 00 74 00 61 00  ..N.o.r.5.S.t.a.
00001B60  72 00 74 00 FE 3F 56 01 08 4E 00 6F 00 72 00 36  r.t.þ?V..N.o.r.6
00001B70  00 06 40 56 01 12 4E 00 6F 00 72 00 36 00 53 00  [email protected].
00001B80  74 00 61 00 72 00 74 00 0B 40 58 01 10 4E 00 6F  [email protected]
00001B90  00 72 00 43 00 6F 00 75 00 6E 00 74 00 13 40 58  .r.C.o.u.n.t..@X
00001BA0  01 20 E0 FF 6F 00 00 00 00 01 00 00 00 18 00 00  . àÿo...........
00001BB0  00 00 00 6F FF E0 00 00 00 00 00 00 04 90 00 00  ...oÿà..........
Thus it fails miserably in the comparison of [[Validating_flash_dumps#Flowrebuilder|Flowrebuilder']] options like un/rescramble + de-/interleave, bytereverse, unpacking and autopatching, while checking and informing the user about possible errors in the dump.


=== Venix Downgrade GUI v1.2 BETA ===
Redump flash after last reinstall of firmware in service mode to check if both ROS areas are occupied.
http://psx-scene.com/forums/content/venix-downgrade-gui-v1-2-beta-improved-validation-2135/


==== Quick bulletproof test ====
=== Alternative QA way ===
<span style="white; color:red!important;">wrongly detected:</span>
# Patch as normal downgrader (ROS 0/1 + RVK prg/pkg) on mainpage
* bad A0 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
# install prepatched firmware in service mode
* bad A1 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
# enable QA-extra and install unpatched firmware in recovery mode.
* bad A2 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A3 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A4 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A5 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A6 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A7 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A8 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A9 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A10 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A11 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A12 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A13 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A14 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A15 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A16 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A17 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A18 wire -> <span style="white; color:red!important;">Validation Failedff byte count</span>
* bad A19 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A20 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A21 wire -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad A22 wire -> <span style="white; color:red!important;">Validation Failedff byte count</span>
* bad bootldr -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad bootldr -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad cCSD unreferenced area -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad cISD unreferenced area -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad EID unreferenced area -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad header -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad header asecure loader -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad header cISD -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad header cvtrm -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad header eEID -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad IFI -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad header trvk -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad metldr -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad/missing bootldr -> <span style="white; color:red!important;">Validation Failedff byte count</span>
* bad/missing cCSD -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad/missing cISD0 -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad/missing cISD1 -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad/missing cISD2 -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad/missing EID0 -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad/missing EID1 -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad/missing EID2 -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad/missing EID3 -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad/missing EID4 -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad/missing EID5 -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad/missing metldr -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad/missing PerConsoleNonce -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad patterned non 00's -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad patterned non FF's -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad region -> <span style="white; color:red!important;">Validation Failed00 byte count</span>
* bad filelength -> <span style="white; color:red!important;">application hangs</span>
* known good reference dumps (184) -> <span style="white; color:red!important;">'''Validation Failed00 byte count'''</span>


==== Conclusion ====
=== Alternative shorter reFSM way ===
<span style="white; color:red!important;">'''USELESS'''</span>, 100% valid files will be failing 00/ff check. Improper files will be failing 00/ff check too, and no detection of the root of the cause. Nothing was patched and gives the user a permanent false sense of having bad dumps without leads of what to solve.
# Patch as normal downgrader (ROS 0/1 + RVK prg/pkg) on mainpage
# install prepatched firmware in service mode
# install unpatched firmware in service mode
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)

Template used on this page: