Editing Talk:Downgrading with NAND flasher

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 43: Line 43:
        
        
     Reference: http://www.ps3devwiki.com/index.php?title=Talk:Dual_Firmware
     Reference: http://www.ps3devwiki.com/index.php?title=Talk:Dual_Firmware
== NAND Offsets ==
===1patchcos.bin===
CTRL-F : <code>00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0</code>
CECHC-04/COK-002 MFW 3.15 ([[User:Euss|Euss]]):
<pre>  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   
  000C0000  00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20  ....... .......
  000C0010  00 00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00  .....à..........
  000C0020  00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0  .............oÿà
  000C0030  00 00 00 01 00 00 00 17 00 00 00 00 00 6F FF E0  .............oÿà</pre>
<pre>  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   
  007C0000  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  007C0010  00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0  .............oÿà
  007C0020  00 00 00 01 00 00 00 17 00 00 00 00 00 6F FF E0  .............oÿà</pre>
here dump from CECHA-006/COK-001 found @ 0x000C0020 (ros0) and 0x007c0010 (ros1):<!--//bluemimmo//-->
<pre>  Offset (h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
         
  000C0020  00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0 .............oÿà
  000C0030  00 00 00 01 00 00 00 18 00 00 00 00 00 6F FF E0 .............oÿà
  000C0040  00 00 00 00 00 00 04 90 00 00 00 00 00 04 00 00 ................
  000C0050  63 72 65 73 65 72 76 65 64 5F 30 00 00 00 00 00 creserved_0.....
  000C0060  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
  000C0070  00 00 00 00 00 04 04 90 00 00 00 00 00 00 00 08 ................
  000C0080  73 64 6B 5F 76 65 72 73 69 6F 6E 00 00 00 00 00 sdk_version.....
  000C0090  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
  000C00A0  00 00 00 00 00 04 05 00 00 00 00 00 00 01 E7 C8 ..............çÈ
  000C00B0  6C 76 31 6C 64 72 00 00 00 00 00 00 00 00 00 00 lv1ldr..........
  000COOC0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
  000C00D0  00 00 00 00 00 05 ED 00 00 00 00 00 00 01 6F F0 ......í.......oð
  000C00E0  6C 76 32 6C 64 72 00 00 00 00 00 00 00 00 00 00 lv2ldr..........</pre>
===2patchtrvk.bin===
Note: CTRL-F : not <code>00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40</code> but <code>00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40</code>
CECHC-04/COK-002 MFW 3.15 ([[User:Euss|Euss]]):
<pre>  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 
  00093800  00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20  ....... .......
  00093810  00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00  ...... .........
  00093820  00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40  ...............@
  00093830  53 43 45 00 00 00 00 02 00 00 00 02 00 00 00 00  SCE.............
  00093840  00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 40  ...............@</pre>
CECHA-06/COK-001 datas from offset 0x00093800:<!--//bluemimmo//-->
  Offset (h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     
  00093800  00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 ................
  00093810  00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 ................
  00093820  00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40 ...............@
  00093830  53 43 45 00 00 00 00 02 00 00 00 02 00 00 00 00 SCE.............
  00093840  00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 40 ...............@
  00093850  F6 93 38 8E C8 46 D5 FF 34 53 9D 12 91 7E C6 96 ö“8ŽÈFÕÿ4S..‘~Æ–
'''revoke package:'''
for a 3.72 console it would be : 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 60
http://pastie.org/3006911
'''revoke program:'''
for a 3.72 console it would be : 00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 E0
http://pastie.org/3006958
----
Example, copy ros1 to ros0 and overwrite (HxD):
* goto edit
* select block (CTRL-E) : start 7C0020 - length 6FFFE0
* copy (CTRL-C)
* goto (CTRL-G) : C0030
* overwrite (CTRL-B)
----
=== Simplyfied V2 NAND downgrade ===
====Patches to use====
{|class="wikitable"
|-
! Target area !! Patchfile !! NAND Offset !! Paste length !! Remarks
|-
| ROS0 || [http://www.multiupload.com/GB4LPBNJBY patch1&nbsp;(7&nbsp;MB)] || 0x0C0030 || 0x6FFFE0 || CoreOS (prepatched 3.55)
|-
| ROS1 || [http://www.multiupload.com/GB4LPBNJBY patch1&nbsp;(7&nbsp;MB)] || 0x7C0020 || 0x6FFFE0 || CoreOS (SAME as ros0)
|-
| trvk_prg0&nbsp;(0x91800)<br />trvk_prg1&nbsp;(0x92810)<br />trvk_pkg&nbsp;(0x93800) || [http://www.multiupload.com/RTIK2IUUCL patch2&nbsp;(16&nbsp;KB)] || 0x91800 || 0x4000 || one big patch overlapping several revoke area's
|-
|}
<!--// 3.55 did greenlight power off [http://www.multiupload.com/9Z5D080KLO patch2 (16 KB)] not work:avati//-->
<!--// 3.15 [http://www.multiupload.com/KT6BAXH8O5 patch2 (16 KB)] not work:avati//-->
==== PUP to use ====
[[Talk:Downgrading_with_NOR_flasher#Premade_CFW_Rogero_V2| Rogero V2]] or any firmware with prepatched lv1 (no syscon hash checks)
<!--//
downgrade and 3.41downgrader = manufacturing updating SUCCESS(0x8002f000) = YLOD http://mibpaste.com/WP3suB
downgrade and Rogero PUP = Bul-ray Disc Player Revoke done(0x8002f057) = YLOD http://mibpaste.com/oj8EL5
downgrade and Rogero NoBD PUP = manufacturing updating SUCCESS(0x8002f000) + autopower off = OK  http://mibpaste.com/sAguEj
//-->
====Different Factory Service Mode SELFs====
For factory Service Mode install:
* if using the normal lv2diag : Use a NoBD patched PUP (e.g. Rogero NoBD PUP) (to prevent error 0x8002f057)
* if using the jaicrab NoBD lv2diag : Use the Rogero normal PUP
{|class="wikitable"
! Filename !! Size !! Remarks !! <code>SHA1</code> !! <code>MD5</code> !! <code>CRC32</code> !! <code>CRC16</code>
|-
| [http://www.multiupload.com/Y0Z8WNY009 Lv2diag.self&nbsp;(227.38&nbsp;KB)] || 232832 || jaicrab noBD patched || <code>180823003B086D9D49BC7F83BEA9C769BF73A5EA</code> || <code>3615770407C0C3FA00D8CA49C8ADB362</code> || <code>25E85CFB</code> || <code>EDD0</code>
|-
| [http://www.multiupload.com/V1YTTWGKH0 Lv2diag.self&nbsp;(365.5&nbsp;KB)] || 374272 || 3.55 get in FSM || <code>1ED037740D67FEBACA6449CABFF4E95400C9E2EE</code> || <code>099F33A7967F99E91C07E870FD78B3DB</code> || <code>9338ABF2</code> || <code>4FCC</code>
|-
| [http://www.multiupload.com/ZHJMPSMLYR Lv2diag.self&nbsp;(365.5&nbsp;KB)] || 374272 || 3.50- get in FSM || <code>1E770010A3A6EF572AF39783A04DF792670998D3</code> || <code>90168C03B217CE775A7839D87BBFF2A3</code> || <code>D1F0AAFC</code> || <code>CD8D</code>
|-
| [http://www.multiupload.com/VGQTFV56CO Lv2diag.self&nbsp;(201.42&nbsp;KB)] || 206256 || get out FSM || <code>329877CBD47B994EC0AFCEA6AF98114FD9E5128B</code> || <code>7A20BFDAE65EEFB47A4425DB1B52DCDE</code> || <code>72740080</code> || <code>502A</code>
|-
|}
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)
Retrieved from "http://www.psdevwiki.com/ps3/Talk:Downgrading_with_NAND_flasher"