Factory Service Mode: Difference between revisions
mNo edit summary |
mNo edit summary |
||
| Line 1: | Line 1: | ||
= What it is = | = What it is = | ||
| Line 120: | Line 119: | ||
Bluray Disc Player Revoke | Bluray Disc Player Revoke | ||
... | ... | ||
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude> | |||
Revision as of 20:03, 5 February 2014
What it is
The Playstation 3 Console can enter a special "Service Mode". When it does so, the bottom right hand corner of the screen has a red translucent rectangle with the words "Playstation 3. Factory/Service Mode" inside of the rectangle.
How to enter
To enter, it is needed setting Offset 0x48C07 on the System Controller EEPROM to value: 0x00 or 0xFE,
at least something beside 0xFF (inactive). This can usually be done via a special hardware logic dongle, or the Factory Service Mode Tool.
Dongle
- When the PS3 is off
- plugging a special "JIG" in the most right USB port (closest to the Blu-Ray Drive)
- then pressing Eject immediately after pressing the Power button
The PlayStation 3 is triggered into Service Mode when it boots up.
(reference: Getting in FSM with Dongle (2 Steps) )
Factory Service Mode Tool
FactoryServiceMode Tool v0.2 (Only on modified Playstation System Software 3.55 and lower) allows you to enter Factory Service Mode without any Dongle and just through GameOS XMB.
Requires 'LV1 mmap hvcall 114 fix' Requires 'LV2 peek and poke'
Linux
This requires graf chokolos modules and patches installed
1st step – Generating a challenge
- ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_challenge
2nd step – Generating a valid response for a challenge
You need a dongle id. Valid range for dongle IDs is 0×0000 – 0xffff. So choose one, doesn’t matter which one, but some are revoked !!!
- ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_resp 0xBABE “here is a challenge like this 0xXX 0xXX … of size 20 bytes”
3rd step – Verifying response (Enabling “Product Mode”)
- ps3dm_usb_dongle_auth /dev/ps3dmproxy verify_resp 0xBABE
“here is the response from step 2 like this 0xXX 0xXX … of size 20 bytes”
( Reference: Emulating JIG with Linux )
Rebug Toolbox
Select Option "Toggle Product Mode" under "Utilities" column.
Features
- Allows remarry-ing of the Blu-Ray drive
- Blu-Ray DRL CRL fixing
- Downgrading of System Software
Level-1 Hypervisor
Different acting in Level-1 Hypervisor
sysmgr_ss.fself
partition related
ss_server2.fself
av settings related?
ss_server1
trm manager usage related -> restart, backup+restore flash, flash address size, restore+backup srk/srh module loading related (user token, pkg/rvk verifier, update token (+seed)..)
Level-2 Kernel
It will allow to run an Application mounted via:
dev_usb000/Lv2diag.self
Game OS
Game OS Applications will be granted to access following Level-2 Kernel Syscalls:
389 (0x185) sys_sm_set_fan_policy 395 (0x18B) sys_sm_request_system_event_log 400 (0x190) another REQUEST_SYSTEM_EVENT_LOG 405 (0x195) Factory Process Comp.. 406 (0x196) Factory Process Comp.. 407 (0x197) Factory Process Comp.. 408 (0x198) sys_sm_get_tzpb 409 (0x199) sys_sm_get_fan_policy 577 (0x241) (PS3 Game Pad related)
Virtual Shell (VSH):
Recovery Mode (Emergency Init):
Bluray Disc Player Revoke ...
