Editing Validating flash dumps
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
= Why so important? = | = Why so important? = | ||
Whenever you want to mess with flash (NAND or NOR), you have to '''make sure you are getting 100% correct, valid, verified dumps.''' | Whenever you want to mess with flash (NAND or NOR), you have to '''make sure you are getting 100% correct, valid, verified dumps.''' | ||
When you don't, and for some reason(s) the dump is invalid/bad, and you are rewriting to flash, you have <span style="background-color:white; color:red;">no way of restoring</span> the console hence making a perma-brick (unrecoverable brick). | |||
So what can we use to prevent that, and make sure our dumps are as proper as we can check? | So what can we use to prevent that, and make sure our dumps are as proper as we can check? | ||
= Visual inspection = | = Visual inspection = | ||
Open up the flashdump (make it unified first if it is still 2 seperate NAND dumps) with a hexeditor (e.g. HxD) and compare what you see with the [[Flash]] page. | |||
Open up the flashdump (make it unified first if it is still 2 seperate NAND dumps) with a hexeditor (e.g. | |||
== Only zeroes == | == Only zeroes == | ||
Line 32: | Line 13: | ||
* Seems reading is a problem, mostly caused by bad wiring/clip seating -> check | * Seems reading is a problem, mostly caused by bad wiring/clip seating -> check | ||
== patterned non zeroes | == patterned non zeroes == | ||
30 30 30 30 30 30 30 30 30 where zeroes should've been | |||
* Seems reading is a problem, mostly caused by bad wiring/clip seating -> check | * Seems reading is a problem, mostly caused by bad wiring/clip seating -> check | ||
* Can also be caused by bad grounding, too low Vcc, interference or too long wires -> check | * Can also be caused by bad grounding, too low Vcc, interference or too long wires -> check | ||
== Repetitions == | == Repetitions == | ||
take 16 bytes of an offset that should be unique, e.g. the 0x10 offset which normaly has the DEADBEEF magic header : | take 16 bytes of an offset that should be unique, e.g. the 0x10 offset which normaly has the DEADBEEF magic header : | ||
NOR: 0x0000010 00 00 00 00 0F AC E0 FF 00 00 00 00 DE AD BE EF // NAND: 0x040010 00 00 00 00 0F AC E0 FF 00 00 00 00 DE AD BE EF | |||
And find all instances in hexeditor <br /> | And find all instances in hexeditor <br /> | ||
When it says found in 0x10 and 0x10010 you substract them (0x10010 - 0x10 = 0x10000) <br /> | When it says found in 0x10 and 0x10010 you substract them (0x10010 - 0x10 = 0x10000) <br /> | ||
So that means there is an error with setting 0x10000 (only one bit set!) low <br /> | So that means there is an error with setting 0x10000 (only one bit set!) low <br /> | ||
because the programmer applies 0x10010 but the actual data on the address lines (received by the nor flash) is 0x10 <br /> | because the programmer applies 0x10010 but the actual data on the address lines (received by the nor flash) is 0x10 <br /> | ||
=== Checking again with other unique 16 byte sequence === | === Checking again with other unique 16 byte sequence === | ||
617365637572655F6C6F616465720000 (asecure_loader in hex) | |||
Same check, found at 0x420 and 0x10420 (0x10420-0x420 = 0x10000) | Same check, found at 0x420 and 0x10420 (0x10420-0x420 = 0x10000) | ||
Line 90: | Line 37: | ||
conclusion : A15 is bad | conclusion : A15 is bad | ||
==== Quick lookup table ==== | ==== Quick lookup table ==== | ||
Line 164: | Line 106: | ||
|- | |- | ||
|} | |} | ||
= Flowrebuilder = | = Flowrebuilder = | ||
== Links to versions == | == Links to versions == | ||
* [http://www.multiupload.com/KNSNWVAAI1 FlowRebuilder v.4.2.1.1.exe (473.57 KB)] | |||
* [http://www.multiupload.com/INR8272DRC FlowRebuilder v.4.2.0.1.exe (474.01 KB)] | |||
* [http://www.multiupload.com/L9QPX7DIY5 FlowRebuilder v.4.1.3.2.exe (459.95 KB)] | |||
* [http://www.multiupload.com/CZP2S9CIPF FlowRebuilder v.4.1.0.0.exe (454.85 KB)] | |||
* [http://www. | |||
* [http://www. | |||
* [http://www. | |||
* [http://www. | |||
==Flowrebuilder options== | ==Flowrebuilder options== | ||
* (NAND only) | *(NAND only) Unscramble then interleave flashes into one unified dump : Makes a single dump.bin from 2 seperate NAND flash dumps. | ||
** In the second step it also extract the content of the unified dump. Make sure it extracts correctly (it will give no warning if it fails!) and all the needed files are there. | ** In the second step it also extract the content of the unified dump. Make sure it extracts correctly (it will give no warning if it fails!) and all the needed files are there. | ||
* (NAND only) | *(NAND only) Re-scramble modified dump then de-interleave it into two new flashes : Splits the single dump.bin into 2 seperate NAND flash dumps. | ||
* Byte reverse and | *Byte reverse and extract a NOR dump file : First byte reverse the single dump.bin then extract NOR content. | ||
* | *Extract a Byte reversed NOR dump or an interleaved and unscrambled NAND dump : Extract the single dump.bin | ||
== Extracted flash content files == | == Extracted flash content files == | ||
< | <span style="background-color:white; color:red;">(make sure they are all there, flowrebuilder will not give warning when it fails!)</span>: | ||
* bootloader_0 | * bootloader_0 | ||
* bootloader_1 | * bootloader_1 | ||
* cCSD | * cCSD | ||
* cISD | * cISD | ||
* creserved_0 | * creserved_0 | ||
* cvtrm | * cvtrm | ||
* eEID | * eEID | ||
Line 244: | Line 133: | ||
* trvk_prg | * trvk_prg | ||
* \asecure_loader\metldr | * \asecure_loader\metldr | ||
* \ros\<nowiki>[two seperate folders named to FW version]</nowiki>\[[ | * \ros\<nowiki>[two seperate folders named to FW version]</nowiki>\[[Boot_Order#CoreOS_PKG_Filelisting|CoreOS files]] (19 up to 25 files, depending the FW version) | ||
Notes: if it only extracted bootloader_0 + bootloader_1, check that both NANDs are dumped correct (known error with flashers that has bug with second NAND channel to read), | |||
== From unified to seperate low/high NAND files == | == From unified to seperate low/high NAND files == | ||
If for some reason you | If for some reason you loose the original seperate low/high NAND files, you need donor files to regenerate them. | ||
* [ | * [http://www.multiupload.com/KZ4BFXA4MB NAND0-1.rar (209.83 MB)] | ||
extract and in Flowrebuilder select the option " | extract and in Flowrebuilder select the option "Re-scramble a modified dump then de-interleave it into two new flashes" | ||
* Select the NAND backup "Flash 0" (TOP) file : here drop the 1bkp.bin | * Select the NAND backup "Flash 0" (TOP) file : here drop the 1bkp.bin | ||
* Select the NAND backup "Flash | * Select the NAND backup "Flash 0" (TOP) file : here drop the 2bkp.bin | ||
* Select the Input NAND interleaved Modified file : here drop your unified flash .bin file | * Select the Input NAND interleaved Modified file : here drop your unified flash .bin file | ||
and click Execute Operation | and click Execute Operation | ||
This will result in making 2 new deinterleaved files you could use for reflashing (it is recommended to alway use | This will result in making 2 new deinterleaved files you could use for reflashing (it is recommended to alway use your own deinterleaved sourcedumps, this method is only metioned as last resort for people that lost their backups). | ||
= Online help = | |||
Upload your dump to a fileshare host (e.g. http://www.multiupload.com/) and join IRC ef.net in channel #ps3downgrade | |||
Please use this method only after you first tried the above options first (so you have learned from it as well) :) |