Editing Validating flash dumps

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
<div style="float:right">[[File:Dumpchecker.png|200px|thumb|left|Dumpchecker]]</div>
= Why so important? =
= Why so important? =
Whenever you want to mess with flash (NAND or NOR), you have to '''make sure you are getting 100% correct, valid, verified dumps.'''
Whenever you want to mess with flash (NAND or NOR), you have to '''make sure you are getting 100% correct, valid, verified dumps.'''


{{warning|content=If you do not validate your flash, and for some reason(s) the dump is invalid/bad, and you are rewriting to flash, you have <span style="color:red!important;">no way of restoring</span> the console hence making a perma-brick (unrecoverable brick).
When you don't, and for some reason(s) the dump is invalid/bad, and you are rewriting to flash, you have <span style="background-color:white; color:red;">no way of restoring</span> the console hence making a perma-brick (unrecoverable brick).
}}
 
So what can we use to prevent that, and make sure our dumps are as proper as we can check?
So what can we use to prevent that, and make sure our dumps are as proper as we can check?


= Visual inspection =
= Visual inspection =
<div style="float:right">[[File:HxD.png|thumb|left|HxD - hexeditor]]</div>
Open up the flashdump (make it unified first if it is still 2 seperate NAND dumps) with a hexeditor (e.g. HxD) and compare what you see with the [[Flash]] page.
 
Open up the flashdump (make it unified first if it is still 2 seperate NAND dumps) with a hexeditor (e.g. [http://mh-nexus.de/en/hxd/ HxD])<br />and compare what you see with the [[Flash]] page.
 
== Statistical analysis ==
 
 
One neat option in HxD is the analysis option. Open dump file and select Statistics in the Analysis menu. Mouse over the blue graph bars of [[:File:HxD-Analysis-Statistics-mouseover-00.jpg|00]] and [[:File:HxD-Analysis-Statistics-mouseover-FF.jpg|FF]] <br />
 
{{Dumpstatistics}}
 
If you do not have HxD many other hex editors have a statistics option. If you want a standalone application that specifically informs you on the validity of the given statistical range (NOR only) use the [http://betterwayelectronics.com/files/BwE%20NOR%20Statistics%20v1.4.exe BwE NOR Statistics application].
 
== Bytereversed ==
  00 00 00 00 AC 0F FF E0 00 00 00 00 AD DE EF BE  (HEX)  and  saceru_eoldare  (Text)  RAW/PS3 readable - this is E3 default byteorder
  instead of
  00 00 00 00 0F AC E0 FF 00 00 00 00 DE AD BE EF  (HEX)  and  asecure_loader  (Text)  REV/Human readable - this is Progskeet default byteorder
You can use either the bytereverse option in the the flasher application and redump, or bytereverse the current dump with [[Validating_flash_dumps#Flowrebuilder|Flowrebuilder]] or [http://www.neillcorlett.com/cmdpack/ cmdline tools] (using record to swap: 2).


== Only zeroes ==
== Only zeroes ==
Line 32: Line 13:
* Seems reading is a problem, mostly caused by bad wiring/clip seating -> check
* Seems reading is a problem, mostly caused by bad wiring/clip seating -> check


== patterned non zeroes / patterned non ff's ==
== patterned non zeroes ==
  30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
30 30 30 30 30 30 30 30 30 where zeroes should've been
  00 80 00 80 00 80 00 80 00 80 00 80 00 80 00 80  where zeroes should've been
 
  EF FF EF FF EF FF EF FF EF FF EF FF EF FF EF FF  where FF's should've been
 
* Seems reading is a problem, mostly caused by bad wiring/clip seating -> check
* Seems reading is a problem, mostly caused by bad wiring/clip seating -> check
* Can also be caused by bad grounding, too low Vcc, interference or too long wires -> check
* Can also be caused by bad grounding, too low Vcc, interference or too long wires -> check
== patterned FF's ==
  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  repetive banding of FF's where data or zeroes should have been
* Seems reading is a problem, mostly caused by bad wiring/clip seating -> check
== malformed headers / filenames / regionnames ==
  IJI              instead of  IFI
  asecure_loaher                asecure_loader
  eIIH                          eEID
  cESH                          cISD
  cCSH                          cCSD
  trvg_prk0                    trvk_prg0
  trvg_prk1                    trvk_prg1
  trvg_pkk0                    trvk_pkg0
  trvg_pkk1                    trvk_pkg1
  cztrm                        cvtrm
  mitldr                        metldr
* Seems reading is a problem, mostly caused by bad wiring/clip seating -> check
== absent files / regions ==
  00FC0000  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ    missing bootldr in NOR
  00000000  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ    missing bootldr in NAND
* Seems reading is a problem, mostly caused by bad wiring/clip seating -> check
== malformed files / regions ==
  00FC0000  28 B4 4F D2 F9 3F BC 43 28 B4 4F D2 F9 3F BC 43  (´OÒù?¼C(´OÒù?¼C    corrupted bootldr in NOR (it should always start with 00 00 there)
* Seems reading is a problem, mostly caused by bad wiring/clip seating -> check


== Repetitions ==
== Repetitions ==
take 16 bytes of an offset that should be unique, e.g. the 0x10 offset which normaly has the DEADBEEF magic header :
take 16 bytes of an offset that should be unique, e.g. the 0x10 offset which normaly has the DEADBEEF magic header :
  NOR: 0x0000010 00 00 00 00 0F AC E0 FF 00 00 00 00 DE AD BE EF  //  NAND: 0x040010 00 00 00 00 0F AC E0 FF 00 00 00 00 DE AD BE EF
  NOR: 0x0000010 00 00 00 00 0F AC E0 FF 00 00 00 00 DE AD BE EF  //  NAND: 0x040010 00 00 00 00 0F AC E0 FF 00 00 00 00 DE AD BE EF
And find all instances in hexeditor <br />
And find all instances in hexeditor <br />
When it says found in 0x10 and 0x10010 you substract them (0x10010 - 0x10 = 0x10000) <br />
When it says found in 0x10 and 0x10010 you substract them (0x10010 - 0x10 = 0x10000) <br />
So that means there is an error with setting 0x10000 (only one bit set!) low <br />
So that means there is an error with setting 0x10000 (only one bit set!) low <br />
because the programmer applies 0x10010 but the actual data on the address lines (received by the nor flash) is 0x10 <br />
because the programmer applies 0x10010 but the actual data on the address lines (received by the nor flash) is 0x10 <br />
Other semistatics: http://pastebin.com/7QMpLSBw (not all unique, but can be used to check offsetting by bad addresslines)


=== Checking again with other unique 16 byte sequence ===
=== Checking again with other unique 16 byte sequence ===
  617365637572655F6C6F616465720000 (asecure_loader in hex)
  617365637572655F6C6F616465720000 (asecure_loader in hex)
Same check, found at 0x420 and 0x10420 (0x10420-0x420 = 0x10000)
Same check, found at 0x420 and 0x10420 (0x10420-0x420 = 0x10000)


Line 90: Line 37:


conclusion : A15 is bad
conclusion : A15 is bad
<!--// Well here is a program that will verify the size of the dump, check the header 0xDEADBEEF and its repetation and shows you which address line is bad and it will also check if the console is downgradable or not by looking at the bootloader data. So with this tool you have all in one checker but even we will say you to verify the dump manually or using flowrebuilder also, Link to the program: http://www.sendspace.com/file/byubqj
This program will check for bad file size as well as if the magic header are repeated or not and also calculate the difference of repeated header and tell you which address line is bad. If the dump is good it will tell you weather the console is downgradable or not? //-->


==== Quick lookup table ====
==== Quick lookup table ====
Line 164: Line 106:
|-
|-
|}
|}
== Check metldr+bootldr sizes ==
{{warning|content=If they are even missing or bad, its a sure road to permabrick
}}
Note: There is a program that will list some of the important information below and more - automatically! [http://www.betterwayelectronics.com/files/BwE_NOR_NAND_Dump_Info.rar BwE NOR/NAND Dump Info]
<br>
<br />
{{metbootldr}}


= Flowrebuilder =
= Flowrebuilder =
<div style="float:right">[[File:FlowRebuilder.png|thumb|left|Flow Rebuilder]]</div>
== Links to versions ==
== Links to versions ==
http://www.psdevwiki.com/files/flash/Tools/Flowrebuilder/
* [http://www.multiupload.com/KNSNWVAAI1 FlowRebuilder v.4.2.1.1.exe (473.57 KB)]
 
* [http://www.multiupload.com/INR8272DRC FlowRebuilder v.4.2.0.1.exe (474.01 KB)]
* [http://www.mediafire.com/download/5arighgxi8dt9zr/FlowRebuilder_5.0.rar FlowRebuilder v5.0.0.0] (windows compile) // [http://www.mediafire.com/download/n973ic4b53v35kq/FlowRebuilder_Sources.rar FlowRebuilder v5.0.0.0 sources]
* [http://www.multiupload.com/L9QPX7DIY5 FlowRebuilder v.4.1.3.2.exe (459.95 KB)]
 
* [http://www.multiupload.com/CZP2S9CIPF FlowRebuilder v.4.1.0.0.exe (454.85 KB)]
v5.0.0.0 changelog
------------------
I'm not offering to patch NAND dumps anymore that original FlowRebuilder couldn't handle.
So I've decided to release my modified version of FlowRebuilder that can handle any dump
(been too lazy to create a new tool that would do the exact same thing.. ).
There's not much to say, you just use it like the original one. It's been tested with 700+
dumps which the original version couldn't handle. So if you get an error while unscrambling,
you can be 100% certain that at least one of your two raw dumps is bad. On the other hand a
successful unscramble doesn't mean your dumps are valid. It's not a validator.
I've also added a block mapping editor that enables you to move blocks around on the raw
dumps. In 99.9% of cases you will not need this feature. It's only required if you for
example swap out the original nands and replace them with spare ones that have bad blocks
on them. Theoretically it might also happen that a valid block goes bad while writing back
your dumps to the original nands. But actually I've never heard of this happening to anyone.
 
v4.2.3.0 changelog
------------------
added support to manage NAND preloader dumps
message user about the type of dump
message the user if bootloader are missing
auto-recognize if dump is normal or byte swapped and automanage them
 
* [http://www.psdevwiki.com/files/flash/Tools/Flowrebuilder/FlowRebuilder%20v.4.2.3.0.exe FlowRebuilder v.4.2.3.0.exe (367 KB)] // [https://www.mirrorcreator.com/files/KW6KSPLE/FlowRebuilder_v.4.2.3.0.exe_links mirror] [https://mega.co.nz/#!2osW1KCD!qdVNcmiWN1-1vrI2m5KZIHijs2Raz-hCRl4MD87qSRI mirror] [https://mega.co.nz/#!yxFTgLhZ!Kv7NsUU-3sIQIOUBeqmud7MbZ7kCoXIybTIjwrRJw-4 mirror]
* [http://www.psdevwiki.com/files/flash/Tools/Flowrebuilder/FlowRebuilder%20v.4.2.2.0.exe FlowRebuilder v.4.2.2.0.exe (389 KB)] // [https://www.mirrorcreator.com/files/19K82EY6/FlowRebuilder_v.4.2.2.0.exe_links mirror] [https://mega.co.nz/#!LtND3KZK!WnG3Cgv7YKDnt_2wvJoaGHG4M8FvGROqwPcxToAbwls mirror]
* [http://www.psdevwiki.com/files/flash/Tools/Flowrebuilder/FlowRebuilder%20v.4.2.1.2.exe FlowRebuilder v.4.2.1.2.exe (313.50 KB)] // [https://www.mirrorcreator.com/files/6KXKQFTD/FlowRebuilder_v.4.2.1.2.exe_links mirror] [https://mega.co.nz/#!3sVjAbKD!7g_AqD-UHQwbnsW6_-6ilWfNpZUo8H14s7ntuDKndSE mirror]
* [http://www.psdevwiki.com/files/flash/Tools/Flowrebuilder/FlowRebuilder%20v.4.2.1.1.exe FlowRebuilder v.4.2.1.1.exe (473.57 KB)] // [https://www.mirrorcreator.com/files/VQPOGWF3/FlowRebuilder_v.4.2.1.1.exe_links mirror] [https://mega.co.nz/#!CkV3iRKL!-HLkzqdmCnfFSy3o6AzdM8YJbfKKuoFSzRkR8nM-u94 mirror]
* [http://www.psdevwiki.com/files/flash/Tools/Flowrebuilder/FlowRebuilder%20v.4.2.0.1.exe FlowRebuilder v.4.2.0.1.exe (474.01 KB)] // [https://www.mirrorcreator.com/files/A8JQ3AEL/FlowRebuilder_v.4.2.0.1.exe_links mirror] [https://mega.co.nz/#!fx8FiAiK!WpVn5cNnW9d6lspu0d1j1ke8PUQaiTNe68xHd6tZJzw mirror]
* [http://www.psdevwiki.com/files/flash/Tools/Flowrebuilder/FlowRebuilder+v.4.1.3.2.exe FlowRebuilder v.4.1.3.2.exe (459.95 KB)] // [https://www.mirrorcreator.com/files/0YNUCKKW/FlowRebuilder_v.4.1.3.2.exe_links mirror] [https://mega.co.nz/#!P1lVSRYK!4usJC9eh1eyM5g2kkqfHSLuJ4weebixAFidtWgEZ2F8 mirror]
* [http://www.psdevwiki.com/files/flash/Tools/Flowrebuilder/FlowRebuilder%20v.4.1.0.0.exe FlowRebuilder v.4.1.0.0.exe (454.85 KB)] // [https://www.mirrorcreator.com/files/YPZBUIPL/FlowRebuilder_v.4.1.0.0.exe_links mirror] [https://mega.co.nz/#!b40iUYRA!CObvcYPrdMjUoL-7X851EUrU8nrXaiXiD121GbIbc0g mirror] (don't use, for historic reasons listed)
* FlowRebuilder v.4.0.0.2.exe () [https://www.mirrorcreator.com/files/9ZL4C0RG/FlowRebuilder_v.4.0.0.2.exe_links mirror] [https://mega.co.nz/#!r08mGYrb!W1KONq7XfxIsVWmH2PeXH9yEvQzZlPD6ZPl9cJmIdPg mirror] (don't use, for historic reasons listed)


==Flowrebuilder options==
==Flowrebuilder options==
* (NAND only) UNSCRAMBLE then interleave two NAND flashes into one unified dump - (4.1.0.0 and higher) : Makes a unified dump.bin from 2 seperate NAND flash dumps.
*(NAND only) Unscramble then interleave flashes into one unified dump : Makes a single dump.bin from 2 seperate NAND flash dumps.
** In the second step it also extract the content of the unified dump. Make sure it extracts correctly (it will give no warning if it fails!) and all the needed files are there.
** In the second step it also extract the content of the unified dump. Make sure it extracts correctly (it will give no warning if it fails!) and all the needed files are there.
* (NAND only) RE-SCRAMBLE a modified dump then de-interleave it into two new flashes - (4.1.0.0 and higher) : Splits the unified dump.bin into 2 new seperate NAND flash dumps.
*(NAND only) Re-scramble modified dump then de-interleave it into two new flashes : Splits the single dump.bin into 2 seperate NAND flash dumps.
* Byte reverse and EXTRACT a NOR  dump file - (4.1.0.0 and higher) : First byte reverse the single dump.bin then extract NOR content.
*Byte reverse and extract a NOR  dump file : First byte reverse the single dump.bin then extract NOR content.
* EXTRACT a Byte reversed NOR dump or an interleaved and unscrambled NAND dump - (4.1.0.0 and higher) : Extract the single dump.bin.
*Extract a Byte reversed NOR dump or an interleaved and unscrambled NAND dump : Extract the single dump.bin
* Byte reverse and PATCH a NOR dump - (4.2.1.1 and higher).
* PATCH a Byte reversed NOR dump or an interleaved and unscrambled NAND dump - (4.2.1.1 and higher).
* Byte reverse a dump - (4.2.1.1 and higher).
 
Note:
* <span style="text-decoration: line-through;">when getting [http://pastie.org/3656024 errors with autopatcher], use Winskeet to patch the <abbr title="validated interleaved and unscrambled NAND dump">unified dump</abbr> and then Flowrebuilder to Rescramble it.</span> -> Fixed in FlowRebuilder v.4.2.1.2
 
* Flowrebuilder 4.2.2.0 error in Wine : http://pastie.org/private/nxf7tutolf9jjojskxw


== Extracted flash content files ==
== Extracted flash content files ==
<div style="float:right">[[File:Nand-extract-noerror.png|200px|thumb|left|Flowrebuilder extraction no error]]<br />[[File:Nand-extract-error2.png|200px|thumb|left|Flowrebuilder extraction error]]</div>
<span style="background-color:white; color:red;">(make sure they are all there, flowrebuilder will not give warning when it fails!)</span>:
 
<span style="color:red!important;">(make sure they are all there, flowrebuilder will not give warning when it fails!)</span>:
* bootloader_0
* bootloader_0
* bootloader_1 (NAND only)
* bootloader_1
* cCSD
* cCSD
* cISD
* cISD
* creserved_0 (NAND only)
* creserved_0
* cvtrm
* cvtrm
* eEID
* eEID
Line 244: Line 133:
* trvk_prg
* trvk_prg
* \asecure_loader\metldr
* \asecure_loader\metldr
* \ros\<nowiki>[two seperate folders named to FW version]</nowiki>\[[CoreOS|CoreOS files]] (19 up to 25 files, depending the FW version)
* \ros\<nowiki>[two seperate folders named to FW version]</nowiki>\[[Boot_Order#CoreOS_PKG_Filelisting|CoreOS files]] (19 up to 25 files, depending the FW version)
 
'''Notes:'''
*  if it only extracted bootloader_0 + bootloader_1, check that both NANDs are dumped correct (known error with flashers that has bug with second NAND channel to read), and that high/low where selected correct.
 
* Do not use spaces in the folderpath, or Flowrebuilder will not extract the files.<!--// http://www.mediafire.com/?229seszf07votsv domelec //-->
 
* <span style="text-decoration: line-through;">Bug workaround: delete previous extraction attempts to prevent Flowrebuilder to always error. -> [http://pastie.org/3744043 bugreport]</span> -> Fixed in FlowRebuilder v.4.2.2.0
 
== From unified to seperate low/high NAND files ==
If for some reason you lose the original seperate low/high NAND files and only have the <abbr title="unscrambled then interleaved 2 NAND to unified dump">unified</abbr>, you need donor files to regenerate them.
* [[Media:NAND0-1.rar|NAND0-1.rar]]
extract and in Flowrebuilder select the option "RE-SCRAMBLE a modified dump then de-interleave it into two new flashes"
* Select the NAND backup "Flash 0" (TOP) file : here drop the 1bkp.bin
* Select the NAND backup "Flash 1" (BOTTOM) file : here drop the 2bkp.bin
* Select the Input NAND interleaved Modified file : here drop your unified flash .bin file
and click Execute Operation
 
This will result in making 2 new deinterleaved files you could use for reflashing (it is recommended to alway use '''''your own''''' deinterleaved sourcedumps, this method is only mentioned as last resort for people that lost their backups).
 
= BwE NOR Validator =
 
Created/Started by BwE on the 14th November 2012 (Because I was too lazy to constantly check everything).
 
Greetz/Credit: EussNL, Judges, No0bZiLLa, Rogero, Rebug, deank, 3absiso, AFP, SCE & PS3 Dev Wiki (+ Its Contributers).
 
This all in one validator/patcher will interpret the byte orientation, patch for either 3.55 or 4.40 and will then output the results of 2800+ validations via HTML. <br><br>
[http://betterwayelectronics.com/Latest.html Output Example]
 
=== How? ===
1 - Place your .bin/s in the same folder as the validator.<br>
2 - Run the validator '''(in Administrator mode if using Windows Vista or higher)''' and press Start.<br>
3 - A console will appear asking you to select your dump (if you have more than one in the folder).<br>
4 - Make your selection and/or select if you want to patch it (either in its current byte orientation or the opposite).<br>
5 - Wait patiently.<br>
6 - Press Enter at the end to launch the output.<br>
 
=== Explanation ===
After selecting your dump and choosing which patch you want it will begin to process the validation. Once it is finished it will give you a brief count of the results, after this you simply press enter to exit.
 
The program will then open a html output illustrating everything that has been validated. Scroll through or use the menu at the top and read each section.
 
If a validation says 'warning' or 'danger' investigate it yourself manually using a hex editor, or contact somebody knowledgeable. Only corruption messages will show you the exact offset to look at, everything else won't so this is where you have to read/learn about it on the psdevwiki.
 
Some validations will tell you that you need to patch it (e.g. TRVK_PRG0 / TRVK_PRG1 / TRVK_PKG0 / TRVK_PKG1 / ROS0 / ROS1 errors or warnings), if this is the case then do so (don't forget to rename the patched dump e.g. bkpps3.bin_patched to bkpps3.bin_patched.bin) and re-validate the '3.55 FSM' patched dump (you can move the original unpatched dump to make sure it is checking the patched one).
 
If your dump has any 'danger' messages in the per console sections (find them in the menu) then there is a good chance its completely ruined and unfixable. Also, if your dump has a large amount of 'danger' messages then there is a serious issue - bad wiring can be discovered if you have any repetition in the dump.
 
If a bkpps3_patched.bin output file is not produced, you need to run the program in Administrator Mode or turn off UAC.
 
=== Areas Of Validation ===
# Statistics
# First Region Header
# Flash Format
# Flash Region
# Asecure_Loader/Metldr
# Asecure_Loader/Metldr Corrupt Sequences
# Asecure_Loader/Metldr Encrypted Statistics/Entropy
# EID
# EID0
# EID1
# EID2
# EID3
# EID4
# EID5
# IDPS
# CISD
# CISD0
# CISD1
# CISD2
# CCSD
# CCSD0
# TRVK_PRG0
# TRVK_PRG1
# TRVK_PKG0
# TRVK_PKG1
# ROS0
# ROS1
# ROS0/1 AuthID's/MD5's
# Revoke/CoreOS MD5's
# CVTRM/VTRM0
# VTRM 1
# Second Region Header
# Second Region Block 0
# Second Region Block 1
# CELL_EXTNOR_AREA
# Lv0ldr/Bootldr
# Lv0ldr/Bootldr Corrupt Sequences
# Lv0ldr/Bootldr Statistics/Entropy
# Minimum Version
# File Digest Keys
# PerConsole Nonce
# Corrupt Sequences
# Repetition
# Authority ID
 
=== Download ===
BwE NOR Validator v1.31.rar
https://mega.co.nz/#!9FV3TJib!FXqhSFu1jLJ6-nhb3qs3CQT5na9-h1CXPn8BpoW3y_o
 
==== Changelog ====
{{Anchored|Note}}: 1.31 does not recognise 4.45/4.46 and later, to
doublecheck ROS/RVK with [https://github.com/hjudges/NORway/raw/master/norpatch.exe norpatch] (recommended) or ignore ROS/RVK you can choose to prepatch it (second best option)
 
* 1.31 - 27/05/2013 : added eid4 + fixed bug in entropy (note: possibly final version, unless adding firmware revisions/new consoles)
* 1.30 - 21/05/2013 : completely rewritten eid, cisd, ccsd + added more validations to it, upgraded other minor validations. all due to upcoming nand validator
* 1.28 - 15/05/2013 : completely rewritten cvtrm validation + added more validations to it, upgraded/perfected entropy
* 1.25 - 13/05/2013 : added entropy check for metldr/bootldr
* 1.24 - 06/05/2013 : added more information to suit newly discovered ps3 data, improved validation, added a tip for bad md5's, removed version forcing
* 1.23 - 29/04/2013 : improved validation, added 4.41 ofw information
* 1.22 - 16/04/2013 : added 115 more validations + changed statistic range for bootldr + other small boring changes
* 1.21 - 11/04/2013 : patch3 error fix.
* 1.20 - 10/04/2013 : added new console data, removed 3.56 patch (replaced with 4.40), added protection against using old validator, changed corruption check (again!), added quick info for console.
* 1.19 - 09/04/2013 : changed metldr statistic range, minver check (to suit refurbished ps3s), corruption changes
* 1.18 - 08/04/2013 : upgraded cisd/cell_ext_nor_area/metldr validations to suit unique metldr.2 revision, changed corruption output (again).
* 1.17 - 08/04/2013 : changed repetition check, changed corruption output, bugfix
* 1.16 - 02/04/2013 : added rogero's 4.40 patch, changed options, added 25+ md5's, changed stats range and id check
* 1.15 - 25/03/2013 : added 4.40 ofw information and optimised some code
* 1.14 - 19/03/2013 : improved validation of the flash-region table
* 1.13 - 18/03/2013 : better handling for metldr.2, more id detections and md5s, added byte reversal option for experimenting with E3.
* 1.12 - 16/03/2013 : md5 bug fix, changed id detections and general improvements
* 1.11 - 08/03/2013 : improved patching structure, added 3 musketeers patch (3.56 patching), code optimisation
* 1.10 - 04/03/2013 : added 25+ validations + changed results & outputs + bugfix
* 1.09 - 02/03/2013 : improved corruption checks for metldr/bootldr + more validations + old coreos bug fix (again) + changed some results
* 1.08 - 29/02/2013 : added timeout for version check + added 16bit corrupt sequence check + fixed long outputs + fixed metldr ident bug + changed some warning/danger results + changed 00/ff results
* 1.06 - 27/02/2013 : fixed bug when handling old coreos versions + fixed .self md5 list
* 1.05 - 25/02/2013 : added approx 220 more validations + changed statistic ranges + latest version check + fixes to metldr/bootldr
* 1.02 - 22/02/2013 : more md5's & authid checks + changed some results.
* 1.01 - 16/02/2013 : authid check bugfix
* 1.00 - 15/02/2013 : first public release
 
=== Warning ===
{{warning|content=Using this program is [[NOT]] a 100% way of validating your dumps (because ''nothing'' is), but it is a good way of quickly seeing if it is worth checking further. This program will NOT work with NAND and will not check anything other than what is stated. ALWAYS CHECK MANUALLY!
 
Use at own risk! Valid dumps may be invalid - Invalid dumps may be valid. <br>
There are almost infinite variations of each dump! Have fun and good luck! <br>
 
If you do not validate your flash, and for some reason(s) the dump is invalid/bad, and you are rewriting to flash, you have <span style="color:red!important;">no way of restoring</span> the console hence making a perma-brick (unrecoverable brick).}}
 
 
=== Notes ===
Report any bugs or issues to [email protected] or directly to BwE @ irc.efnet.org #ps3downgrade or irc.ps3sanctuary.com #ps3hax<br>
 
Give credit if you are using this for other people!<br>
 
Made in Australia!<br>
 
LT 4 AM <3<br />
 
 
=== Gallery ===
<gallery>
File:Sshot-21.jpg
File:Sshot-19.jpg
File:Sshot-14.jpg
File:Sshot-12.jpg
File:Sshot-4.jpg
File:Screenshot.jpg
File:Sshot-147.jpg
File:BwE NOR Dump Statistics example.jpg
File:BwE NOR Revokation CoreOS MD5 Checker.jpg
</gallery>
 
= BwE NAND Validator =
 
Created/Started by BwE on the 3rd March 2013 (Because I was pressured to).
 
Greetz/Credit: EussNL, Judges, No0bZiLLa, Rogero, Rebug, deank, 3absiso, AFP, SCE & PS3 Dev Wiki (+ Its Contributers).
 
This all in one validator/patcher will patch for 3.55 and will output the results of 2799+ validations via HTML.  <br><br>
[http://betterwayelectronics.com/LatestNAND.html Output Example]
 
=== How? ===
1 - Place your .bin/s in the same folder as the validator.<br>
2 - Run the validator and press Start.<br>
3 - A console will appear asking you to select your dump (if you have more than one in the folder).<br>
4 - Make your selection and or select if you watch to patch it.<br>
5 - Wait patiently.<br>
6 - Press Enter at the end to launch the output.<br>
 
=== Explanation ===
After selecting your dump and choosing which patch you want it will begin to process the validation. Once it is finished it will give you a brief count of the results, after this you simply press enter to exit.
 
The program will then open a html output illustrating everything that has been validated. Scroll through or use the menu at the top and read each section.
 
If a validation says 'warning' or 'danger' investigate it yourself manually using a hex editor, or contact somebody knowledgeable. Only corruption messages will show you the exact offset to look at, everything else won't so this is where you have to read/learn about it on the psdevwiki.
 
Some validations will tell you that you need to patch it (e.g. ROS0 / ROS1 errors or warnings), if this is the case then do so (don't forget to rename the patched dump) and re-validate the patched dump (you can move the original unpatched dump to make sure it is checking the patched one).
 
If your dump has any 'danger' messages in the per console sections (find them in the menu) then there is a good chance its completely ruined and unfixable. Also, if your dump has a large amount of 'danger' messages then there is a serious issue - bad wiring can be discovered if you have any repetition in the dump.
 
=== Areas Of Validation ===
# Lv0ldr/Bootldr
# Lv0ldr/Bootldr Corrupt Sequences
# Lv0ldr/Bootldr Statistics/Entropy
# First Region Header
# Flash Format
# Flash Region
# Asecure_Loader/Metldr
# Asecure_Loader/Metldr Corrupt Sequences
# Asecure_Loader/Metldr Encrypted Statistics/Entropy
# EID
# EID0
# EID1
# EID2
# EID3
# EID4
# EID5
# IDPS
# CISD
# CISD0
# CISD1
# CISD2
# CCSD
# CCSD0
# TRVK_PRG0
# TRVK_PRG1
# TRVK_PKG0
# TRVK_PKG1
# ROS0
# ROS1
# ROS0/1 AuthID's/MD5's
# CoreOS MD5's
# CVTRM/VTRM0
# VTRM 1
# CELL_EXT_OS_AREA
# OtherOS
# Lv0ldr/Bootldr
# Lv0ldr/Bootldr Corrupt Sequences
# Lv0ldr/Bootldr Statistics/Entropy
# Minimum Version
# File Digest Keys
# PerConsole Nonce
# Corrupt Sequences
# Repetition
# Authority IDs
 
=== Download ===
* [http://betterwayelectronics.com/files/BwE_NAND_Validator.rar BwE NAND Validator v1.02]
* http://www.dashhacks.com/downloads/viewdownload/5-ps3-downloads/8928-bwe-nand-validator.html
* http://www.eurasia.nu/modules.php?name=Downloads&d_op=viewdownloaddetails&lid=10031&ttitle=BwE_NAND_Validator_v1.02
* http://www.gamergen.com/telecharger/bwe-nand-validator-1-02-bwe-verification-dump-nor-logiciel-windows-puce-hardware-materiel-84317
 
Application MD5: F874983FABA32EA520A4A06057A3691C<br>
 
==== Changelog ====
* 1.02 - 09/06/2013 : bugfix for patcher (did not fix enough) + added some more MD5's (CFW)
* 1.01 - 28/05/2013 : bugfix for patcher (mistake from using old nor code)
* 1.00 - 27/05/2013 : first proper/public release (because I am lazy there will be no loader!)
 
=== Bugreport ===
1.01: <br />
* Minver is not detected correct (on rare version) - it gives a warning, even when metldr/lv0ldr revision is correct and console was downgraded fine.
 
=== Warning ===
{{warning|content=Using this program is [[NOT]] a 100% way of validating your dumps (because ''nothing'' is), but it is a good way of quickly seeing if it is worth checking further. This program will NOT  check anything other than what is stated. ALWAYS CHECK MANUALLY!
 
Use at own risk! Valid dumps may be invalid - Invalid dumps may be valid. <br>
There are almost infinite variations of each dump! Have fun and good luck! <br>
 
If you do not validate your flash, and for some reason(s) the dump is invalid/bad, and you are rewriting to flash, you have <span style="color:red!important;">no way of restoring</span> the console hence making a perma-brick (unrecoverable brick).}}
 
=== Notes ===
'''As this is the first release, give extra care to each alert and use at your own risk! This program will only as good as the NOR validator after tedious updates ;)'''
 
Report any bugs or issues to [email protected] or directly to BwE @ irc.efnet.org #ps3downgrade or irc.ps3sanctuary.com #ps3hax<br>
 
Give credit if you are using this for other people!<br>
 
Made in Australia!<br>
 
LT 4 AM <3<br />
 
= Nor Inspector =
Another Tool for validating your NOR Dump is "Nor Inspector".
 
It will display most common information about your dump and the console. <br>
 
=== How-to use ===
1) start<br>
2) drag'n'drop your dump into the app<br>
3) on errors check out status-tab<br>
 
=== Features ===
Other Features:
 
* Drag'n'drop [[CoreOS]] / [[Revokation]] Package to replace
* Hex-Region Viewer
* Byte reverse dumps supported
* Error Logging in Status-Tab (OK/ERR)
  "The Tab is green, the dump is clean!"
  ...
 
=== Download ===
[https://dl.dropbox.com/s/aeqvmm7e4boe51c/NorInspector001.rar Nor Inspector 0.0.1] (Requires .NET Framework 2.0)
 
=== Notes/Warning ===
{{warning|content=Using this program is [[NOT]] a 100% way of validating your dumps (because ''nothing'' is), but it is a good way of quickly seeing if it is worth checking further. This program will NOT work with NAND and will not check anything other than what is stated. ALWAYS CHECK MANUALLY!<br /><br />
If you do not validate your flash, and for some reason(s) the dump is invalid/bad, and you are rewriting to flash, you have <span style="color:red!important;">no way of restoring</span> the console hence making a perma-brick (unrecoverable brick).
}}
 
=== Gallery ===
<gallery>
File:NorInspector-tab-General Information.png|NorInspector - tab : General Information
File:NorInspector-tab-More Information.png|NorInspector - tab : More Information
File:NorInspector-tab-Region Viewer.png|NorInspector - tab : Region Viewer
File:NorInspector-tab-Status.png|NorInspector - tab : Status
</gallery>
 
 
= PS3 NOR/NAND Statistic =
 
=== Features ===
* NOR/NAND statistics
* NOR/NAND patching
* NOR/NAND byte swapping
* NOR/NAND infos
* NOR/NAND validation
* NOR/NAND extraction
* DATECODE check
 
=== How-to use ===
 
This tool works different than other validators. Instead of outputing a full log, it will output an error.log, if validate is checked. But see for yourself.
 
Always patching 3.55 is recommended to see if the patched statistic is right/green
 
ckp_management_ID values have to be equal as well as per_console_nonce. (should be stated in error.log if not)
 
There is one easy rule! If the error.log contains an entry, your dump is definitely broken!
 
Ros section is excluded from validation. Why? It´s easy to repair, the whole section gets patched anyway and it leads to the rule above.
 
For NAND all known sections gets checked. But a big part is not or only rarely documented. So the whole part after cvtrm, cell_ext_os_area, OtherOS and unreferenced area at the end won´t be checked. It´s very important that you have look at the statistics and the "corrupt block count" of flowrebuilder when interleaving.
 
It´s always recommended to check dumps manually with an hexeditor, and using other tools for validation, to be as safe as possible!
As long as it is not possible to decrypt the full dump, it`s impossible to validate it to 100%.
 
Keep in mind this is only beta. :)
 
http://www.ps3hax.net/showthread.php?t=55019
 
=== Download ===
* [https://content.wuala.com/contents/sinsizer/test/dumpstatistic.rar/?dl=1&key=lrmnHL2URm6D dumpstatistic.rar]
* http://rghost.net/45369360
* http://temp-share.com/show/FHKdyGTU6
 
=== Notes/Warning ===
{{warning|content=Using this program is [[NOT]] a 100% way of validating your dumps (because ''nothing'' is), but it is a good way of quickly seeing if it is worth checking further. This program will not check anything other than what is stated. ALWAYS CHECK MANUALLY!<br><br /><br />
If you do not validate your flash, and for some reason(s) the dump is invalid/bad, and you are rewriting to flash, you have <span style="color:red!important;">no way of restoring</span> the console hence making a perma-brick (unrecoverable brick).
}}
 
=== Gallery ===
<gallery>
File:PS3 NOR-NAND Statistic (Beta).jpg|PS3 NOR-NAND Statistic (Beta)
</gallery>
 
= PS3 Dump Checker =
https://github.com/Swizzy/PS3DumpChecker
 
(included also in PS3 Flash Tool 4.65 update1)
 
=== Download ===
* https://github.com/Swizzy/PS3DumpChecker/blob/master/Latest%20Compiled%20Version/PS3DumpChecker.exe?raw=true
 
=== Notes/Warning ===
{{warning|content=Using this program is [[NOT]] a 100% way of validating your dumps (because ''nothing'' is), but it is a good way of quickly seeing if it is worth checking further. This program will not check anything other than what is stated. ALWAYS CHECK MANUALLY!<br><br /><br />
If you do not validate your flash, and for some reason(s) the dump is invalid/bad, and you are rewriting to flash, you have <span style="color:red!important;">no way of restoring</span> the console hence making a perma-brick (unrecoverable brick).
}}
 
=== Gallery ===
<gallery>
File:Ps3-flash-tool-465-unofficial.png|PS3 Dump Checker - ps3-flash-tool-465-unofficial
File:PS3 Dump Checker v1.0 (Build 416).png|PS3 Dump Checker v1.0 (Build 416)
</gallery>
 
= Known bad guides (with obvious faults in them that lead to permanent bricks) =
<!--// == Baileys (&gt;10 bricks) ==
* <span style="text-decoration: line-through;">http://psx-scene.com/forums/f263/ultimate-fool-proof-guide-ps3-hardware-downgrading-104398</span>
* <span style="text-decoration: line-through;">http://www.ps3hax.net/showthread.php?t=39766</span>
'''Do not use''', not only does it deviate alot (16x) from wiki safeguarded method, it skips important steps that prevent users from bricking their console. //-->
 
== E3 FLASHER INSTALLATION and DOWNGRADE TUTORIAL (Khalkedon) ==
* <span style="text-decoration: line-through;">http://www.youtube.com/watch?v=WHNw2E4tU6c&t</span> '''Do not use'''
=== What is wrong / could be better ? ===
 
# cutting knife VS plastic to remove the bolt protectors
# cellophane 3M tape in hot environment
# ribbon flat cable not at 90 degrees position
# no fixating of clip (coin/foam filler to keep the clip more pressed)
# no tristate wire soldered
# not checking clip connection, before closing console
# no repasting of RSX and CellBE
# not using torc moment screwdriver, but electric drill
# uneven pressure when mounting frontboard
# greasy fingerprints all over the motherboard (bonus fingerprint: under cellophane tape)
# dual sata adaptor is used (not recommended, as ps3 host does not support SATA Port Multiplier)
# E3 is ´wobbly´ because no cardboard filler was used to prevent movement (bracket design error)
# not using the 'Samsung' multiconsole update for E3 and no proper SHA1 identification of the correctness of file
# using 001000 for dumping, not using flashfun, thus risking busy flashbus on a multithreaded system
# not validate content of dumps, only size
# doing a restore (will permabrick console if clipped bad)
# when unpluging the power cord at 19:09, insuficient time to dischargue capacitors of power supply (a real reset needs more time)
# using e3_downgrader.bin (nicknamed e3_bricker for obvious reasons) instead of prepatching
# misnaming ¨2nd usb port¨ -> it's usb00000  because we count from right to left in ps3 (rightmost, closest to BD)
# no proper identification of lv2diag.self (there exist many!) and PS3UPDAT.PUP to be used (SHA1)
# after FSM reinstall, no boot to XMB to check it booting proper ''with FSM active''
# not setting proper time, corrupting node database unneeded
# fix permission errors (archaic, not needed)
biggest error : not reading the (E3) downgrade guide on wiki
 
challenge: ''can you name another error?''
 
== Progskeets official downgrade guides ==
* http://www.progskeet.com/downloads/NOR_eng.pdf
** Only checks statistics, no validation at all
* http://www.progskeet.com/downloads/NAND_eng.pdf
** Checks statistics, Extracts dump but does not check its content, no validation.
** The use of Flowrebuilder, to make a unified dump from 2 NAND dumps is a bit strangely placed in the guide


= Word of Warning =
Notes: if it only extracted bootloader_0 + bootloader_1, check that both NANDs are dumped correct (known error with flashers that has bug with second NAND channel to read),
When using validators and bricking your console as result, there are only 2 people to blame :
* the one making the validator (for not properly validating, warning users and telling ''what'' is wrong and/or ''how'' it could be solved);
* the enduser for flying blind and getting lazy/dumb with it.


= Online help =
Upload your dump to a fileshare host (e.g. http://www.multiupload.com/) and join IRC ef.net in channel #ps3downgrade


{{Hardware Flashers}}<noinclude>[[Category:Main]]</noinclude>
Please use this method only after you first tried the above options first (so you have learned from it as well) :)
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "http://www.psdevwiki.com/ps3/Validating_flash_dumps"