Editing Talk:Downgrading with NOR flasher

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
WARNING
[[Category:Software]]
 
this page is very old and archaic
 
only kept up for historic reference
 
=NOR patches=
=NOR patches=


Line 18: Line 13:


     Downgrade patches
     Downgrade patches
        
    http://www.multiupload.com/O0TZGNP92M
            
            
     DIFF:
     DIFF:
Line 462: Line 459:


==== Premade MFW Rogero V1 ====
==== Premade MFW Rogero V1 ====
Rogero MFW355_370_spoof_Internet_Blocked_LV1_Checks_Patched.PUP (170.59 MB) (archaic, use V2 or 3.1 instead)
Rogero MFW355_370_spoof_Internet_Blocked_LV1_Checks_Patched.PUP (170.59 MB) (archaic, use V2 instead)


<!--//http://www.multiupload.com/IAGZEX5Q75 Rogero MFW355_370_spoof_Internet_Blocked_LV1_Checks_Patched.PUP (170.59 MB)//-->
<!--//http://www.multiupload.com/IAGZEX5Q75 Rogero MFW355_370_spoof_Internet_Blocked_LV1_Checks_Patched.PUP (170.59 MB)//-->
Line 468: Line 465:


==== Premade CFW Rogero V2 ====
==== Premade CFW Rogero V2 ====
[http://www.mediafire.com/?xxm6ejfm2bd2pox Rogero_CFW_V2_Kmeaw_LV1_Patched_4.00_spoof_Privacy_Patch.PUP (170 MB / 178,827,264 bytes)]
[http://www.multiupload.com/WQ7F13ZV2B Rogero_CFW_V2.PUP (170.55 MB)]
 
MD5: 61b1592cc3a5c008ffbeb151fc77653a
 
CRC32: B7A039FC
 
 
For some Refurbished PS3s the PUP installation failed on the BD firmware update, also in case of downgrading with the Blu-Ray drive not attached,use this version:
 
[http://www.mediafire.com/?7maaw9ijbq62ydv Rogero_CFW_V2_Kmeaw_LV1_Patched_4.00_spoof_Privacy_Patch_NoBD_Update.PUP]
 
MD5: 7be79e1d314869e5031a1de78f8e8b7c
 
CRC32: 30E25A76
 


===== Usage / Compatibility =====
===== Usage / Compatibility =====
Line 1,138: Line 1,121:
=== Known Issues ===
=== Known Issues ===
"Registration of the trophy information could not be completed. The game will quit. (80010505)"
"Registration of the trophy information could not be completed. The game will quit. (80010505)"
----
== 3.56v1/v2 HDD exchange issue ==
=== option 1 ===
[http://www.multiupload.com/HA1TLN9HSK 1patchcos355.rar (9.68 MB)]
<blakcat> i had one 3.56v1 with bucle error
<blakcat> i used patchcoreos355 to solve
<blakcat> patchcoreos355 is the same thing that if you take all coreos from other 3.55 cfw dump
<blakcat> and patch with your console specific files metldr, vtrm, bootloader, EID etc ....
<blakcat> http://www.multiupload.com/HA1TLN9HSK
<blakcat> for people asking 3.56v1 error
<blakcat> you only need to use patchv2 from dospiedras and you get your ps3 unbricked with 3.55
<blakcat> or take another dump 3.55 cfw and patch with your data
=== option 2 ===
1. Use the built-in patcher of progskeet to patch your image : [http://www.multiupload.com/GRPAM1598K downgrade v2 ProgSkeet.rar (19.62 MB)]
==== NOR offsets used ====
{|class="wikitable sortable"
|-
! target area !! patch no. !! NOR Offset !! Paste length !! Remarks
|-
| ROS0 || patch1 || 0x0C0010 || 0x6FFFE0 ||
|-
| ROS1 || patch2 || 0x7C0010 || 0x6FFFE0 ||
|-
| trvk_pkg0 || patch3 || 0x80000 || 0x20000 ||
|-
| trvk_pkg1 || patch4 || 0xA0000 || 0x20000 ||
|-
| trvk_prg0 || patch5 || 0x40000 || 0x20000 ||
|-
| trvk_prg1 || patch6 || 0x60000 || 0x20000 ||
|-
|}
2. After flashing, install the prepatched PUP (.e.g Rogero v2)
=== option 3 ===
# Dump flash and patch with downgrader (insert 3.55 CoreOS in ROS'), reflash
# Put lv2diag.self and 3.7x PUP on USB stick (make sure no discs are in drive) to upgrade to 3.7x in service mode (normally a sin to do UPdate in service mode!)
# Once on 3.7x, redo the downgrade steps to get back to 3.55 and use the second lv2diag.self file to get out of service mode.
=== option 4 ===
note: Not tried+tested
# Dump flash and patch with downgrader (insert 3.55 CoreOS in ROS'), reflash
# Put lv2diag.self and 3.55 Dex Downgrader PUP on USB stick (make sure no discs are in drive) to crossgrade to 3.55 DEX in service mode (normally a sin to do crossgrade without EID change in service mode!)
# Once on 3.55 DEX downgrader, '''don't leave service mode or you'll brick'''. Redo the downgrade steps to flash NAND/NOR to 3.55 prepatched Retail/CEX.
# Reinstall 3.55 Retail/CEX PUP in service mode
# Use the second lv2diag.self file to get out of service mode.
== Hashing ==
=== CELL_EXTNOR_AREA ===
magic "CELL_EXTNOR_AREA" @ offset 0, size 0x10 :
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
         
00F20000  43 45 4C 4C 5F 45 58 54 4E 4F 52 5F 41 52 45 41  CELL_EXTNOR_AREA
version @ offset 0x10, 4 bytes :
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
         
00F20010  00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00  ................
data offset field @ offset 0x20 (02 meaning second sector) / datasize @ offset 0x24, 4 bytes (0x44 bytes):
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
         
00F20020  00 00 02 00 00 00 00 44 00 00 00 00  .......D....
Calculate SHA1 over whole data and compare with data @ offset 0x2C:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
         
00F20020                                      A9 C8 06 D0              ©È.Ð
00F20030  C0 17 8D 34 55 A7 62 73 DD 16 A6 FB 75 A0 D2 10  À..4U§bsÝ.¦ûu Ò.
Harddrive model:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
         
00F20200  00 00 00 07 46 55 4A 49 54 53 55 20 4D 48 5A 32  ....FUJITSU MHZ2
00F20210  30 38 30 42 48 20 47 31 20 20 20 20 20 20 20 20  080BH G1       
00F20220  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                 
Hardrive serial:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
         
00F20230  20 20 20 20 4B 36 33 52 54 38 42 34 48 59 42 4B      K63RT8B4HYBK
----
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
[...]
00F60000  10 00 00 0C 00 04 10 03 00 00 00 01 20 00 00 34  ............ ..4      00F60000-00F60040      (differs in other version/console dump)
00F60010  00 00 00 00 00 00 00 00 5B 3F 73 B4 9A 86 C7 B2  ........[?s´š†Ç²      is the
00F60020  A0 D1 1E AF A7 9B 97 E2 7A CB 05 2B 4D 61 26 AE  Ñ.¯§›—âzË.+Ma&®      same as
00F60030  13 CA 29 84 19 93 15 E1 4A DB 2C B7 7C 00 E4 EB  .Ê)„.“.áJÛ,·|.äë      00FA0000-00FA0040
00FA0000  10 00 00 0C 00 04 10 03 00 00 00 01 20 00 00 34  ............ ..4      00F60000-00F60040      (differs in other version/console dump)
00FA0010  00 00 00 00 00 00 00 00 5B 3F 73 B4 9A 86 C7 B2  ........[?s´š†Ç²      is the
00FA0020  A0 D1 1E AF A7 9B 97 E2 7A CB 05 2B 4D 61 26 AE  Ñ.¯§›—âzË.+Ma&®      same as
00FA0030  13 CA 29 84 19 93 15 E1 4A DB 2C B7 7C 00 E4 EB  .Ê)„.“.áJÛ,·|.äë      00F60000-00F60040
----
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)