Talk:Downgrading with NOR flasher: Difference between revisions
Jump to navigation
Jump to search
| Line 72: | Line 72: | ||
* keperfear left | * keperfear left | ||
<eussNL> oh dear, keperfear is already gone ... anyhow, this was my version : [http://www.multiupload.com/3KW1IZ45E0 patched355coreos.rar (4.84 MB)] | <eussNL> oh dear, keperfear is already gone ... anyhow, this was my version : [http://www.multiupload.com/3KW1IZ45E0 patched355coreos.rar (4.84 MB)] | ||
---- | ---- | ||
| Line 90: | Line 87: | ||
catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" | catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" | ||
</pre>(difference is \x41\x9E\x00\x0C\xE8\xA2\x8A\'''x38''' instead of \x41\x9E\x00\x0C\xE8\xA2\x8A'''\x30''') | </pre>(difference is \x41\x9E\x00\x0C\xE8\xA2\x8A\'''x38''' instead of \x41\x9E\x00\x0C\xE8\xA2\x8A'''\x30''') | ||
---- | |||
=== Combined TCL === | |||
Combined single TCL "patch-lv1checks.tcl" : | |||
<pre> | |||
#!/usr/bin/tclsh | |||
# | |||
# ps3mfw -- PS3 MFW creator | |||
# | |||
# Copyright (C) PsiColeO | |||
# Copyright (C) glevand ([email protected]) | |||
# Copyright (C) Anonymous Developers (Code Monkeys) | |||
# | |||
# This software is distributed under the terms of the GNU General Public | |||
# License ("GPL") version 3, as published by the Free Software Foundation. | |||
# | |||
# Priority: 300 | |||
# Description: Patch LV1 checks | |||
# Option --patch-lv1checks: Disables many checks in lv1 | |||
# Type --patch-lv1checks: boolean | |||
namespace eval ::patch_lv1checks { | |||
array set ::patch_lv1checks::options { | |||
--patch-lv1checks true | |||
} | |||
proc main { } { | |||
set self "lv1.self" | |||
::modify_coreos_file $self ::patch_lv1checks::patch_self | |||
} | |||
proc patch_self {self} { | |||
if {!$::patch_lv1checks::options(--patch-lv1checks)} { | |||
log "WARNING: Enabled task has no enabled option" 1 | |||
} else { | |||
::modify_self_file $self ::patch_lv1checks::patch_elf | |||
} | |||
} | |||
proc patch_elf {elf} { | |||
if {$::patch_lv1checks::options(--patch-lv1checks)} { | |||
log "Patching LV1 Checks" | |||
# ss_server1 | |||
# Patch core OS Hash check // product mode always on | |||
log "--------------- Patching ss_server1.fself ----------------------------" | |||
log "Patch core OS Hash check // product mode always on" | |||
set search "\x41\x9E\x00\x1C\x7F\x63\xDB\x78\xE8\xA2\x85\x68\x38\x80\x00\x01" | |||
set replace "\x60\x00\x00\x00\x7F\x63\xDB\x78\xE8\xA2\x85\x68\x38\x80\x00\x01" | |||
catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" | |||
# Patch check_revoke_list_hash check // product mode always on | |||
log "Patch check_revoke_list_hash check // product mode always on" | |||
set search "\x41\x9E\x00\x1C\x7F\xA3\xEB\x78\xE8\xA2\x85\x68\x38\x80\x00\x01" | |||
set replace "\x60\x00\x00\x00\x7F\xA3\xEB\x78\xE8\xA2\x85\x68\x38\x80\x00\x01" | |||
catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" | |||
# In product mode erase standby bank skipped | |||
log "Patch In product mode erase standby bank skipped" | |||
set search "\x41\x9E\x00\x0C\xE8\xA2\x8A\x38\x48\x00\x00\xCC\x7B\xFD\x00\x20" | |||
set replace "\x60\x00\x00\x00\xE8\xA2\x8A\x38\x48\x00\x00\xCC\x7B\xFD\x00\x20" | |||
catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" | |||
# Patching System Manager to disable integrity check | |||
log "Patching System Manager to disable integrity check" | |||
set search "\x38\x60\x00\x01\xf8\x01\x00\x90\x88\x1f\x00\x00\x2f\x80\x00\x00" | |||
set replace "\x38\x60\x00\x00" | |||
catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" | |||
# Patching LV1 to enable skipping of ACL checks for all storage devices | |||
log "Patching LV1 to enable skipping of ACL checks for all storage devices" | |||
set search "\x54\x63\x06\x3e\x2f\x83\x00\x00\x41\x9e\x00\x14\xe8\x01\x00\x70\x54\x00\x07\xfe" | |||
append search "\x2f\x80\x00\x00\x40\x9e\x00\x18" | |||
set replace "\x38\x60\x00\x01\x2f\x83\x00\x00\x41\x9e\x00\x14\x38\x00\x00\x01" | |||
catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" | |||
} | |||
} | |||
} | |||
</pre> | |||
Revision as of 16:39, 25 August 2011
NOR patches
Tasks
MFW Task::patch_lv1.tcl with the following patches selected:
- --patch-lv1-storage-skip-acl-check
- --patch-lv1-sysmgr-disable-integrity-check
Patches
http://pastebin.com/aNehMfGi :
Downgrade patches http://www.multiupload.com/O0TZGNP92M DIFF: ------------- patch-lv1-storage-skip-acl-check : Patching LV1 to enable skipping of ACL checks for all storage devices ORIGINAL Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0007B340 54 63 06 3E Tc.> PATCHED Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0007B340 38 60 00 01 8`.. ----- patch-lv1-storage-skip-acl-check : Patching LV1 to enable skipping of ACL checks for all storage devices (continued) ORIGINAL Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0007B340 E8 01 00 70 è..p PATCHED Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0007B340 38 00 00 01 8... ----- patch-lv1-sysmgr-disable-integrity-check: Disable integrity check in System Manager ORIGINAL Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0021D0B0 48 00 D7 15 H.×. PATCHED Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0021D0B0 38 60 00 00 8`.. ------------- Reference: http://www.ps3devwiki.com/index.php?title=Talk:Dual_Firmware
Combining patches
There is a difference between the patches on the Talk:Downgrading with NOR flasher and Talk:Downgrading with NAND flasher
what if you combine those together?
<keperfear> eussnl http://www.multiupload.com/6AZN5DOCM9 <keperfear> could you check if i patched everything correctly <keperfear> anyway i really need to sleep now <keperfear> good luck everyone * keperfear left <eussNL> oh dear, keperfear is already gone ... anyhow, this was my version : patched355coreos.rar (4.84 MB)
Eussnl try with this one
# In product mode erase standby bank skipped
log "Patch In product mode erase standby bank skipped"
set search "\x41\x9E\x00\x0C\xE8\xA2\x8A\x38\x48\x00\x00\xCC\x7B\xFD\x00\x20"
set replace "\x60\x00\x00\x00\xE8\xA2\x8A\x38\x48\x00\x00\xCC\x7B\xFD\x00\x20"
catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]"
(difference is \x41\x9E\x00\x0C\xE8\xA2\x8A\x38 instead of \x41\x9E\x00\x0C\xE8\xA2\x8A\x30)
Combined TCL
Combined single TCL "patch-lv1checks.tcl" :
#!/usr/bin/tclsh # # ps3mfw -- PS3 MFW creator # # Copyright (C) PsiColeO # Copyright (C) glevand ([email protected]) # Copyright (C) Anonymous Developers (Code Monkeys) # # This software is distributed under the terms of the GNU General Public # License ("GPL") version 3, as published by the Free Software Foundation. # # Priority: 300 # Description: Patch LV1 checks # Option --patch-lv1checks: Disables many checks in lv1 # Type --patch-lv1checks: boolean namespace eval ::patch_lv1checks { array set ::patch_lv1checks::options { --patch-lv1checks true } proc main { } { set self "lv1.self" ::modify_coreos_file $self ::patch_lv1checks::patch_self } proc patch_self {self} { if {!$::patch_lv1checks::options(--patch-lv1checks)} { log "WARNING: Enabled task has no enabled option" 1 } else { ::modify_self_file $self ::patch_lv1checks::patch_elf } } proc patch_elf {elf} { if {$::patch_lv1checks::options(--patch-lv1checks)} { log "Patching LV1 Checks" # ss_server1 # Patch core OS Hash check // product mode always on log "--------------- Patching ss_server1.fself ----------------------------" log "Patch core OS Hash check // product mode always on" set search "\x41\x9E\x00\x1C\x7F\x63\xDB\x78\xE8\xA2\x85\x68\x38\x80\x00\x01" set replace "\x60\x00\x00\x00\x7F\x63\xDB\x78\xE8\xA2\x85\x68\x38\x80\x00\x01" catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" # Patch check_revoke_list_hash check // product mode always on log "Patch check_revoke_list_hash check // product mode always on" set search "\x41\x9E\x00\x1C\x7F\xA3\xEB\x78\xE8\xA2\x85\x68\x38\x80\x00\x01" set replace "\x60\x00\x00\x00\x7F\xA3\xEB\x78\xE8\xA2\x85\x68\x38\x80\x00\x01" catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" # In product mode erase standby bank skipped log "Patch In product mode erase standby bank skipped" set search "\x41\x9E\x00\x0C\xE8\xA2\x8A\x38\x48\x00\x00\xCC\x7B\xFD\x00\x20" set replace "\x60\x00\x00\x00\xE8\xA2\x8A\x38\x48\x00\x00\xCC\x7B\xFD\x00\x20" catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" # Patching System Manager to disable integrity check log "Patching System Manager to disable integrity check" set search "\x38\x60\x00\x01\xf8\x01\x00\x90\x88\x1f\x00\x00\x2f\x80\x00\x00" set replace "\x38\x60\x00\x00" catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" # Patching LV1 to enable skipping of ACL checks for all storage devices log "Patching LV1 to enable skipping of ACL checks for all storage devices" set search "\x54\x63\x06\x3e\x2f\x83\x00\x00\x41\x9e\x00\x14\xe8\x01\x00\x70\x54\x00\x07\xfe" append search "\x2f\x80\x00\x00\x40\x9e\x00\x18" set replace "\x38\x60\x00\x01\x2f\x83\x00\x00\x41\x9e\x00\x14\x38\x00\x00\x01" catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" } } }