Editing Talk:Downgrading with NAND flasher

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 51: Line 51:
CTRL-F : <code>00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0</code>
CTRL-F : <code>00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0</code>


CECHC-04/COK-002 MFW 3.15 ([[User:Euss|Euss]]):
<pre>  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
<pre>  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
      
      
  000C0000 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20  ....... .......
  00080020 00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0  .............oÿà</pre>
  000C0010  00 00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00  .....à..........
 
  000C0020  00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0  .............oÿà
  000C0030  00 00 00 01 00 00 00 17 00 00 00 00 00 6F FF E0  .............oÿà</pre>
<pre>  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
<pre>  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
      
      
  007C0000  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  00780010 00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0  .............oÿà</pre>
  007C0010 00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0  .............oÿà
 
  007C0020  00 00 00 01 00 00 00 17 00 00 00 00 00 6F FF E0  .............oÿà</pre>
 
NOT found @ 0x000C0020 (difference in offsets is 0x000040000 - seems because of [http://www.ps3devwiki.com/index.php?title=Hardware_flashing#Difference_between_hardware_dumps_and_software_dumps dump method]) :


<pre>  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 
  000C0000  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  000C0010  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  000C0020  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  000C0030  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  000C0040  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  000C0050  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ</pre>


here dump from CECHA-006/COK-001 found @ 0x000C0020 (ros0) and 0x007c0010 (ros1):<!--//bluemimmo//-->
here dump from CECHA-006/COK-001 found @ 0x000C0020 (ros0) and 0x007c0010 (ros1):<!--//bluemimmo//-->
Line 82: Line 88:
   000C00D0  00 00 00 00 00 05 ED 00 00 00 00 00 00 01 6F F0 ......í.......oð
   000C00D0  00 00 00 00 00 05 ED 00 00 00 00 00 00 01 6F F0 ......í.......oð
   000C00E0  6C 76 32 6C 64 72 00 00 00 00 00 00 00 00 00 00 lv2ldr..........</pre>
   000C00E0  6C 76 32 6C 64 72 00 00 00 00 00 00 00 00 00 00 lv2ldr..........</pre>
CECHA-006/COK-001 : NOT found @ 0x00080020<!--//bluemimmo//-->:
<pre>  Offset (h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00080020  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  00080030  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  00080040  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ</pre>


===2patchtrvk.bin===
===2patchtrvk.bin===
Note: CTRL-F : not <code>00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40</code> but <code>00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40</code>
Note: CTRL-F : not <code>00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40</code> but <code>00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40</code>


CECHC-04/COK-002 MFW 3.15 ([[User:Euss|Euss]]):
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
<pre>  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    
  00093800 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20  ....... .......  
  00053800 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20  ....... .......  
  00093810 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00  ...... .........
  00053810 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00  ...... .........
  00093820 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40  ...............@
  00053820 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40  ...............@
  00093830  53 43 45 00 00 00 00 02 00 00 00 02 00 00 00 00  SCE.............
  00093840  00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 40  ...............@</pre>
 
 
CECHA-06/COK-001 datas from offset 0x00093800:<!--//bluemimmo//-->
 
  Offset (h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     
  00093800  00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 ................
  00093810  00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 ................
  00093820  00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40 ...............@
  00093830  53 43 45 00 00 00 00 02 00 00 00 02 00 00 00 00 SCE.............
  00093840  00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 40 ...............@
  00093850  F6 93 38 8E C8 46 D5 FF 34 53 9D 12 91 7E C6 96 ö“8ŽÈFÕÿ4S..‘~Æ–
 
 
'''revoke package:'''
for a 3.72 console it would be : 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 60
http://pastie.org/3006911
 
'''revoke program:'''
for a 3.72 console it would be : 00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 E0
http://pastie.org/3006958
----
 
Example, copy ros1 to ros0 and overwrite (HxD):
 
* goto edit
* select block (CTRL-E) : start 7C0020 - length 6FFFE0
* copy (CTRL-C)
* goto (CTRL-G) : C0030
* overwrite (CTRL-B)
 
 
----
 
=== Simplyfied V2 NAND downgrade ===
====Patches to use====
{|class="wikitable"
|-
! Target area !! Patchfile !! NAND Offset !! Paste length !! Remarks
|-
| ROS0 || [http://www.multiupload.com/GB4LPBNJBY patch1&nbsp;(7&nbsp;MB)] || 0x0C0030 || 0x6FFFE0 || CoreOS (prepatched 3.55)
|-
| ROS1 || [http://www.multiupload.com/GB4LPBNJBY patch1&nbsp;(7&nbsp;MB)] || 0x7C0020 || 0x6FFFE0 || CoreOS (SAME as ros0)
|-
| trvk_prg0&nbsp;(0x91800)<br />trvk_prg1&nbsp;(0x92810)<br />trvk_pkg&nbsp;(0x93800) || [http://www.multiupload.com/RTIK2IUUCL patch2&nbsp;(16&nbsp;KB)] || 0x91800 || 0x4000 || one big patch overlapping several revoke area's
|-
|}
<!--// 3.55 did greenlight power off [http://www.multiupload.com/9Z5D080KLO patch2 (16 KB)] not work:avati//-->
<!--// 3.15 [http://www.multiupload.com/KT6BAXH8O5 patch2 (16 KB)] not work:avati//-->
 
==== PUP to use ====
[[Talk:Downgrading_with_NOR_flasher#Premade_CFW_Rogero_V2| Rogero V2]] or any firmware with prepatched lv1 (no syscon hash checks)
<!--//
downgrade and 3.41downgrader = manufacturing updating SUCCESS(0x8002f000) = YLOD http://mibpaste.com/WP3suB
downgrade and Rogero PUP = Bul-ray Disc Player Revoke done(0x8002f057) = YLOD http://mibpaste.com/oj8EL5
downgrade and Rogero NoBD PUP = manufacturing updating SUCCESS(0x8002f000) + autopower off = OK  http://mibpaste.com/sAguEj
//-->
 
====Different Factory Service Mode SELFs====
For factory Service Mode install:
* if using the normal lv2diag : Use a NoBD patched PUP (e.g. Rogero NoBD PUP) (to prevent error 0x8002f057)
* if using the jaicrab NoBD lv2diag : Use the Rogero normal PUP
 
{|class="wikitable"
! Filename !! Size !! Remarks !! <code>SHA1</code> !! <code>MD5</code> !! <code>CRC32</code> !! <code>CRC16</code>
|-
| [http://www.multiupload.com/Y0Z8WNY009 Lv2diag.self&nbsp;(227.38&nbsp;KB)] || 232832 || jaicrab noBD patched || <code>180823003B086D9D49BC7F83BEA9C769BF73A5EA</code> || <code>3615770407C0C3FA00D8CA49C8ADB362</code> || <code>25E85CFB</code> || <code>EDD0</code>
|-
| [http://www.multiupload.com/V1YTTWGKH0 Lv2diag.self&nbsp;(365.5&nbsp;KB)] || 374272 || 3.55 get in FSM || <code>1ED037740D67FEBACA6449CABFF4E95400C9E2EE</code> || <code>099F33A7967F99E91C07E870FD78B3DB</code> || <code>9338ABF2</code> || <code>4FCC</code>
|-
| [http://www.multiupload.com/ZHJMPSMLYR Lv2diag.self&nbsp;(365.5&nbsp;KB)] || 374272 || 3.50- get in FSM || <code>1E770010A3A6EF572AF39783A04DF792670998D3</code> || <code>90168C03B217CE775A7839D87BBFF2A3</code> || <code>D1F0AAFC</code> || <code>CD8D</code>
|-
| [http://www.multiupload.com/VGQTFV56CO Lv2diag.self&nbsp;(201.42&nbsp;KB)] || 206256 || get out FSM || <code>329877CBD47B994EC0AFCEA6AF98114FD9E5128B</code> || <code>7A20BFDAE65EEFB47A4425DB1B52DCDE</code> || <code>72740080</code> || <code>502A</code>
|-
|}
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)