Editing Talk:Flash

It would be great if the admin could install SyntaxHighlight extension to media wiki

http://www.mediawiki.org/wiki/Extension:ASHighlight

on my list of things to do [[User:Admin|Admin]] 21:25, 11 April 2011 (CDT)


----
=== observations comparing dumps ===


Encrypted files appear to have a header:
<pre>
From metldr

 00000840  00 00 0E 8E 99 87 3B C7 15 F2 80 80 9C 30 22 25  ...Ž™‡;Ç.ò€€œ0"%
 00000850  00 00 0E 8E 78 A5 61 E0 17 72 6E F7 A7 1B 41 AB  ...Žx¥aà.rn÷§.A«

 00000840  00 00 0E 8E 99 87 3B C7 15 F2 80 80 9C 30 22 25  ...Ž™‡;Ç.ò€€œ0"%
 00000850  00 00 0E 8E 81 2E 00 A9 59 75 01 CC C1 72 D5 50  ...Ž...©Yu.ÌÁrÕP

From bootldr

 00FC0000  00 00 2F 4B 53 92 1C E7 F7 33 41 76 9B 7A 1E D6  ../KS’.ç÷3Av›z.Ö
 00FC0010  00 00 2F 4B 78 A5 61 E0 17 72 6E F7 A7 1B 41 AB  ../Kx¥aà.rn÷§.A«

 00FC0000  00 00 2F 4B CB 9E 15 24 28 B4 4F D2 F9 3F BC 43  ../KËž.$(´OÒù?¼C
 00FC0010  00 00 2F 4B 81 2E 00 A9 59 75 01 CC C1 72 D5 50  ../K...©Yu.ÌÁrÕP
</pre>
also to note that these values are found within the eeid region.

------------

Also noted that near the end of region 1 there seems to be this recurring pattern, it repeats the following 20 bytes 199 times

 00EFD740                          0A 9E F8 79 2B 99 37 5A          .žøy+™7Z
 00EFD750  53 49 92 D7 A5 BD 99 2A 26 2D 39 B8              SI’×¥½™*&-9¸

then it has these 15 bytes:

 00EFE6D0              8C 37 E4 F4 CC CC 59 02 D0 FA B8 A5      Œ7äôÌÌY.Ðú¸¥
 00EFE6E0  1E 42 98 DD 54 AF 8D 5E                          .B˜ÝT¯.^

Then it repeats the first 20 bytes 199 times, looks like the tried to hide it?

same on the other dump but different data

 00EFD740                          17 D8 FE B6 56 B6 84 F2          .Øþ¶V¶„ò
 00EFD750  5E 17 E9 5D B1 80 E1 D2 00 6F 88 26              ^.é]±€áÒ.oˆ&

 00EFE6D0              E7 BF FF DA E2 2E A3 B8 73 79 76 C8      ç¿ÿÚâ.£¸syvÈ
 00EFE6E0  B1 72 B3 E7 B9 33 70 F6                          ±r³ç¹3pö
</pre>

----
<pre>
Done some work on decoding region 2 today:
Region 2 seems to = vflash partition table? These might be the first 2 regions?
partition table is 4096 bytes.
Format:
16 bytes 00's
16 bytes magic: 00 00 00 00 0F AC E0 FF 00 00 00 00 DE AD FA CE
8 bytes 0x03
8 bytes 0x02 (number of paritions?)
144 bytes 00's
Partition entries:
8 bytes entry point (entry point * 0x200) relative to 0x00 on flash
8 bytes entry length (entry length * 0x200)
32 bytes 10 70 00 00 01 00 00 01 00 00 00 00 00 00 00 03 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03
96 bytes 00's
</pre>

----

sample of my flash:
http://www.megaupload.com/?d=J5UKO3HX


----

=== norunpack ===
Changed version for Progskeet: http://pastebin.com/HNvCbF7d


----

=== metldr revision ===
There are are least 8 different metldr revisions (pre 3.60 aka metldr.2), only 3.50+ have the metldr version check.

====metldr+bootldr sizes====

{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;" 
|- bgcolor="#cccccc"
! rowspan="2" | Datecode / Manufacturing date !! colspan="2" | metldr offset !! colspan="2" | bootldr offset !! rowspan="2" | Notes
|-
! 0x81E&nbsp;(NOR)<br />0x4081E&nbsp;(NAND) !! 0x842&nbsp;(NOR<br />0x40842&nbsp;(NAND) !! 0xFC0002&nbsp;(NOR)<br />0x0&nbsp;(NAND) !! 0xFC0012&nbsp;(NOR)<br />0x12&nbsp;(NAND)
|-
|  || EE 10 || 0E DD || 2A 3F || 2A 3F || <!--//bluemimmo: NAND FAT//-->
|-
|  || E8 90 || 0E 85 || 2F 13 || 2F 13 || <!--//Val, Freeplex//-->
|-
|  || E8 D0 || 0E 89 || 2E AB || 2E AB || <!--//Abkarino, anger, defyboy//-->
<!--//
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000810  00 00 00 00 00 00 00 40 00 00 00 00 00 00 E8 D0  .......@......èÐ
00000820  6D 65 74 6C 64 72 00 00 00 00 00 00 00 00 00 00  metldr..........
00000830  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000840  00 00 0E 89 43 B6 EF 4A E2 0F 74 00 C8 80 9E 53  ...‰C¶ïJâ.t.È€žS
00000850  00 00 0E 89 57 D3 B7 B1 88 EF 91 C6 67 C8 DB 06  ...‰WÓ·±ˆï‘ÆgÈÛ.
//-->
|-
|  || E8 E0 || 0E 8A || 2E F4 || 2E F4 || <!--//akex: CECHH DIA-001 with Spansion S29GL128N90TFIR2 //-->
|-
|  || E9 20 || 0E 8E || 2F 4B || 2F 4B || <!--//ogy, Ir0nman, nice69, Marcocanc//-->
|-
|  || E9 60 || 0E 92 || 2F 53 || 2F 53 || <!--//Freemagne, ciariello//-->
|-
|  || E9 60 || 0E 92 || 2F 5B || 2F 5B || <!--//cech-2501a-jtp-001-1b//-->
|-
|  || EA 60 || 0E A2 || 2E E3 || 2E E3 || <!--//cechj 40gb / chipps3ve: DIA-002 with Spansion //-->
|-
|  || EB F0 || 0E BB ||   ||   || <!--//http://pastebin.com/eMR2n8EX //-->
|-
| CECH2504B (JSD-001), with 3.60 from factory - datecode 1B || F9 20 || 0F 8E || 2F FB || 2F FB || <small>"metldr.2"</small><!--// Nodial2ne:CECH-3012A - Date Code [N.A.] factory 3.65 //-->
|-
|}


== list of files stored in Flash ==

=== NOR Flash ===
The following is a list of files stored in NOR Flash

{| class="wikitable sortable"
|-
! Name !! Start Offset !! End Offset !! Size (h) !! Size (bytes) !! Notes
|-
| asecure_loader || 0x000810 || 0x02F010 || 0x2E800 || (190,464&nbsp;bytes) || aka metldr
|-
| eEID || 0x02F010 || 0x03F010 || 0x10000 || (65,636&nbsp;bytes) || <small>(IDPS @ offset 0x0002F070 absolute / 0x00000070 inside eEID )</small>
|-
| cISD || 0x03F010 || 0x03F810 || 0x800 || (2,048&nbsp;bytes) ||
|-
| cCSD || 0x03F400 || 0x040010 || 0x800 || (2,048&nbsp;bytes) ||
|-
| trvk_prg0 || 0x03FC00 || 0x060010 || 0x20000 || (131,072&nbsp;bytes) ||
|-
| trvk_prg1 || 0x05FC00 || 0x080010 || 0x20000 || (131,072&nbsp;bytes) ||
|-
| trvk_pkg0 || 0x080010 || 0x0A0010 || 0x20000 || (131,072&nbsp;bytes) ||
|-
| trvk_pkg1 || 0x0A0010 || 0x0C0010 || 0x20000 || (131,072&nbsp;bytes) ||
|-
| ros0 || 0x0C0010 || 0x7C0010 || 0x700000 || (7,340,032&nbsp;bytes) || <small>Contains CoreOS files, [http://www.ps3devwiki.com/index.php?title=Boot_Order#CoreOS_PKG_Filelisting filecontent depends on firmware version]</small>
|-
| ros1 || 0x7C0010 || 0xEC0010 || 0x700000 || (7,340,032&nbsp;bytes) || <small>Contains CoreOS files, [http://www.ps3devwiki.com/index.php?title=Boot_Order#CoreOS_PKG_Filelisting filecontent depends on firmware version]</small>
|-
| cvtrm || 0xEC0010 || 0xF00010 || 0x40000 || (262,144&nbsp;bytes) ||
|-
| CELL_EXTNOR_AREA || 0xF20000 || 0xFA0040 || 0x80040 || (524,352&nbsp;bytes) ||
|-
| bootldr || 0xFC0000 || 0xFEEAF0 || 0x2EAF0 || (191,216&nbsp;bytes) || <small>End @ FEF170, FEF570, FEF5F0, FEF600 in some dumps</small>
|-
|}

=== NAND Flash ===
The following is a list of files stored in NAND Flash

{| class="wikitable sortable"
|-
! Name !! Start Offset !! End Offset !! Size (h) !! Size (bytes) !! Notes
|-
| bootldr || 0x0000000 || 0x003FFFF || 0x40000 || (191,216&nbsp;bytes) || <small>datasize depends on bootldr revision</small>
|-
| 0FACE0FF DEADBEEF || 0x0040010 || 0x004001F || 0x10 || (16 bytes) || <small>magic header : 0x0040010  00 00 00 00 0F AC E0 FF 00 00 00 00 DE AD BE EF  .....¬àÿ....Þ¾ï</small>
|-
| flashregion table || 0x0040200 || || || 
|-
| asecure_loader || 0x0040810 || 0x004F64F || 0xEE40 || (60,992&nbsp;bytes) || <small>aka metldr, extracted data starts from 0x040840, datasize depends on metldr revision</small>
|-
| eEID || 0x0080800 || 0x0090800 || 0x10000 || (65,636&nbsp;bytes) || <small>(IDPS @ offset 0x0002F070 absolute / 0x00000070 inside eEID )</small>
|-
| cISD || 0x0090800 || 0x0091000 || 0x800 || (2,048&nbsp;bytes) ||
|-
| cCSD || 0x0091000 || 0x0091800 || 0x800 || (2,048&nbsp;bytes) ||
|-
| trvk_prg0 || 0x0091800 || 0x00927F0 || 0xFF0 || (4080&nbsp;bytes) || <small>extracted size is 0x2000 for trvk_prg0 + trvk_prg1 combined as trvk_prg (8,192 bytes)</small>
|-
| trvk_prg1 || 0x00927F0 || 0x0092900 || 0x1010 || (4112&nbsp;bytes) ||
|-
| trvk_pkg0 || 0x0093800 || 0x00947F0 || 0xFF0 || (4080&nbsp;bytes) || <small>extracted size is 0x2000 for trvk_pkg0 + trvk_pkg1 combined as trvk_pkg (8,192 bytes)</small>
|-
| trvk_pkg1 || 0x00947F0 || 0x00957E0 || 0x1010 || (4112&nbsp;bytes) ||
|-
| ros0 || 0x00C0010 || 0x07C0010 || 0x700000 || (7,340,032&nbsp;bytes) || <small>Contains CoreOS files, [http://www.ps3devwiki.com/index.php?title=Boot_Order#CoreOS_PKG_Filelisting filecontent depends on firmware version]</small>
|-
| ros1 || 0x07C0010 || 0x0EC0010 || 0x700000 || (7,340,032&nbsp;bytes) || <small>Contains CoreOS files, [http://www.ps3devwiki.com/index.php?title=Boot_Order#CoreOS_PKG_Filelisting filecontent depends on firmware version]</small>
|-
| SCEIVTRM || ~varies || ~varies || 0x10 || (16&nbsp;bytes) || <small>magic header : 0x0D80000  53 43 45 49 56 54 52 4D 00 00 00 00 00 00 00 A8  SCEIVTRM.......¨</small>
|-
| VTRM0 || ~varies || ~varies || ~varies || ~varies || <small>magic header : 0x0D80020  00 00 00 00 56 54 52 4D 00 00 00 00 00 00 00 04  ....VTRM........</small>
|-
| VTRM0 || ~varies || ~varies || ~varies || ~varies || <small>magic header : 0x0D80400  00 00 00 00 56 54 52 4D 00 00 00 00 00 00 00 04  ....VTRM........</small>
|-
| cell_ext_os_area || 0xE780000 || 0xE78000F || 0x10 || (16 bytes) || <small>magic header : 0xE780000  63 65 6C 6C 5F 65 78 74 5F 6F 73 5F 61 72 65 61  cell_ext_os_area</small>
|-
| OtherOS || 0xE780800 || ~varies || ~varies || ~varies || <small>OtherOS loader/init.rd</small>
|-
|}





----


== EID correctness ==

   [8/31/2011 1:41:13 AM] xxxxxxxxxxxxxx: the information on the PS3 dev wiki was intentionally faulty
   [8/31/2011 1:41:15 AM] qqqqq: Use the creativity or fail to find it.
 [...]
   [8/31/2011 1:41:34 AM] xxxxxxxxxxxxxx: so people can't use the 'knowledge'
 [...]
   [8/31/2011 1:41:43 AM] qqqqq: xxxxxx, uuuu has done a very good job at fixing what IS wrong. If you saw something wrong, why didn't you ask uuuu about it to fix it?
   [8/31/2011 1:41:55 AM] xxxxxxxxxxxxxx: that's not what guys like rrrrrrr have told me
   [8/31/2011 1:41:58 AM] xxxxxxxxxxxxxx: it's intentionally faulty
   [8/31/2011 1:42:03 AM] qqqqq: Instead you left it  how it was and bitched about it.
   [8/31/2011 1:42:07 AM] xxxxxxxxxxxxxx: to prevent any meaningful extraction of keys
   [8/31/2011 1:42:11 AM] qqqqq: If it was fault again talk to uuuu
   [8/31/2011 1:42:24 AM] xxxxxxxxxxxxxx: no - uuuu could not have even known about it
   [8/31/2011 1:42:28 AM] xxxxxxxxxxxxxx: it was something only a kkkk could know
   [8/31/2011 1:42:45 AM] qqqqq: You'd be surprised what uuuu knows. he really is a walking encyclopedia of the ps3.
   [8/31/2011 1:42:48 AM] xxxxxxxxxxxxxx: that wiki is compromised with purposeful misinformation
   [8/31/2011 1:42:59 AM] xxxxxxxxxxxxxx: and that's what rrrrrrr actually said and thinks
   [8/31/2011 1:43:17 AM] xxxxxxxxxxxxxx: I'm talking about ps3 dev wiki BTW here
   [8/31/2011 1:43:25 AM] qqqqq: if it's providing false info, then why not make a site to provide the right info? *gasps*
   [8/31/2011 1:43:34 AM] xxxxxxxxxxxxxx: well he did make the suggestion
   [8/31/2011 1:43:38 AM] xxxxxxxxxxxxxx: but it didn't go over well with these people
   [8/31/2011 1:43:45 AM] yyyyyyyy: kkkk wasn't the only one with cex-dex shit
   [8/31/2011 1:43:50 AM] yyyyyyyy: hell he's not even the one who wrote it
   [8/31/2011 1:44:01 AM] yyyyyyyy: so you can stfu about that
   [8/31/2011 1:44:09 AM] xxxxxxxxxxxxxx: hell do I know who the fuck wrote CEX-DEX
   [8/31/2011 1:44:27 AM] xxxxxxxxxxxxxx: all I know is that there are a bunch of connivant shits that want a wiki intentionally 'disinfoed' like that
   [8/31/2011 1:44:35 AM] xxxxxxxxxxxxxx: people in the know
   [8/31/2011 1:44:49 AM] yyyyyyyy: and one conniving shit here trying to save his hide
   [8/31/2011 1:44:57 AM] qqqqq: xxxxxx, again as i said. If there was false info (Which uuuu would never do) Why not fix it
   [8/31/2011 1:45:21 AM] xxxxxxxxxxxxxx: go ask rrrrrrr - I dunno
   [8/31/2011 1:45:26 AM] qqqqq: DO you think he purposesly makes changes so that it's wrong? That'd create an even bigger headache if a noob attempted it and bugged us in the chat
   [8/31/2011 1:45:32 AM] xxxxxxxxxxxxxx: the EID/CEX-DEX info was incomplete
   [8/31/2011 1:45:33 AM] xxxxxxxxxxxxxx: faulty


----