Talk:Downgrading with NOR flasher: Difference between revisions
Jump to navigation
Jump to search
m (→Combined TCL) |
mNo edit summary |
||
Line 53: | Line 53: | ||
---- | |||
== Combining patches == | |||
There is a difference between the patches on the [[Talk:Downgrading with NOR flasher]] and [[Talk:Downgrading with NAND flasher]] | There is a difference between the patches on the [[Talk:Downgrading with NOR flasher]] and [[Talk:Downgrading with NAND flasher]] | ||
what if you combine those together? | what if you combine those together? 1st try: selecting both patch tasks manually: | ||
<keperfear> eussnl http://www.multiupload.com/6AZN5DOCM9 | <keperfear> eussnl http://www.multiupload.com/6AZN5DOCM9 | ||
Line 71: | Line 66: | ||
<keperfear> good luck everyone | <keperfear> good luck everyone | ||
* keperfear left | * keperfear left | ||
<eussNL> oh dear, keperfear is already gone ... anyhow, this was my version : [http://www.multiupload.com/3KW1IZ45E0 patched355coreos.rar (4.84 MB)] | <eussNL> oh dear, keperfear is already gone ... anyhow, this was my version : [http://www.multiupload.com/3KW1IZ45E0 patched355coreos.rar (4.84 MB)] (no "Patch In product mode erase standby bank skipped" selected) | ||
---- | ---- | ||
Eussnl try with this one | <keperfear> Eussnl try with this one | ||
<pre> | <pre> | ||
Line 86: | Line 81: | ||
catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" | catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" | ||
</pre>(difference is \x41\x9E\x00\x0C\xE8\xA2\x8A\'''x38''' instead of \x41\x9E\x00\x0C\xE8\xA2\x8A'''\x30''') | </pre>(difference is \x41\x9E\x00\x0C\xE8\xA2\x8A\'''x38''' instead of \x41\x9E\x00\x0C\xE8\xA2\x8A'''\x30''')<br /> | ||
=== Combined TCL === | === Combined TCL === | ||
Combined single TCL "patch-lv1checks.tcl" : | 2nd try, Combined single TCL "patch-lv1checks.tcl" : | ||
<pre> | <pre> | ||
Line 211: | Line 207: | ||
|- | |- | ||
|} | |} | ||
=== Status === | |||
MFW patch_lv1checks.tcl seems to work fine. | |||
Needs testing in the field by people with hardware flasher only. |
Revision as of 18:58, 25 August 2011
NOR patches
Tasks
MFW Task::patch_lv1.tcl with the following patches selected:
- --patch-lv1-storage-skip-acl-check
- --patch-lv1-sysmgr-disable-integrity-check
Patches
http://pastebin.com/aNehMfGi :
Downgrade patches http://www.multiupload.com/O0TZGNP92M DIFF: ------------- patch-lv1-storage-skip-acl-check : Patching LV1 to enable skipping of ACL checks for all storage devices ORIGINAL Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0007B340 54 63 06 3E Tc.> PATCHED Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0007B340 38 60 00 01 8`.. ----- patch-lv1-storage-skip-acl-check : Patching LV1 to enable skipping of ACL checks for all storage devices (continued) ORIGINAL Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0007B340 E8 01 00 70 è..p PATCHED Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0007B340 38 00 00 01 8... ----- patch-lv1-sysmgr-disable-integrity-check: Disable integrity check in System Manager ORIGINAL Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0021D0B0 48 00 D7 15 H.×. PATCHED Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0021D0B0 38 60 00 00 8`.. ------------- Reference: http://www.ps3devwiki.com/index.php?title=Talk:Dual_Firmware
Combining patches
There is a difference between the patches on the Talk:Downgrading with NOR flasher and Talk:Downgrading with NAND flasher
what if you combine those together? 1st try: selecting both patch tasks manually:
<keperfear> eussnl http://www.multiupload.com/6AZN5DOCM9 <keperfear> could you check if i patched everything correctly <keperfear> anyway i really need to sleep now <keperfear> good luck everyone * keperfear left <eussNL> oh dear, keperfear is already gone ... anyhow, this was my version : patched355coreos.rar (4.84 MB) (no "Patch In product mode erase standby bank skipped" selected)
<keperfear> Eussnl try with this one
# In product mode erase standby bank skipped log "Patch In product mode erase standby bank skipped" set search "\x41\x9E\x00\x0C\xE8\xA2\x8A\x38\x48\x00\x00\xCC\x7B\xFD\x00\x20" set replace "\x60\x00\x00\x00\xE8\xA2\x8A\x38\x48\x00\x00\xCC\x7B\xFD\x00\x20" catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]"
(difference is \x41\x9E\x00\x0C\xE8\xA2\x8A\x38 instead of \x41\x9E\x00\x0C\xE8\xA2\x8A\x30)
Combined TCL
2nd try, Combined single TCL "patch-lv1checks.tcl" :
#!/usr/bin/tclsh # # ps3mfw -- PS3 MFW creator # # Copyright (C) PsiColeO # Copyright (C) glevand ([email protected]) # Copyright (C) Anonymous Developers (Code Monkeys) # # This software is distributed under the terms of the GNU General Public # License ("GPL") version 3, as published by the Free Software Foundation. # # Priority: 300 # Description: Patch LV1 checks # Option --patch-lv1checks: Disables many checks in lv1 # Type --patch-lv1checks: boolean namespace eval ::patch_lv1checks { array set ::patch_lv1checks::options { --patch-lv1checks true } proc main { } { set self "lv1.self" ::modify_coreos_file $self ::patch_lv1checks::patch_self } proc patch_self {self} { if {!$::patch_lv1checks::options(--patch-lv1checks)} { log "WARNING: Enabled task has no enabled option" 1 } else { ::modify_self_file $self ::patch_lv1checks::patch_elf } } proc patch_elf {elf} { if {$::patch_lv1checks::options(--patch-lv1checks)} { log "Patching LV1 Checks" # ss_server1 # Patch core OS Hash check // product mode always on log "--------------- Patching ss_server1.fself ----------------------------" log "Patch core OS Hash check // product mode always on" set search "\x41\x9E\x00\x1C\x7F\x63\xDB\x78\xE8\xA2\x85\x68\x38\x80\x00\x01" set replace "\x60\x00\x00\x00\x7F\x63\xDB\x78\xE8\xA2\x85\x68\x38\x80\x00\x01" catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" # Patch check_revoke_list_hash check // product mode always on log "Patch check_revoke_list_hash check // product mode always on" set search "\x41\x9E\x00\x1C\x7F\xA3\xEB\x78\xE8\xA2\x85\x68\x38\x80\x00\x01" set replace "\x60\x00\x00\x00\x7F\xA3\xEB\x78\xE8\xA2\x85\x68\x38\x80\x00\x01" catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" # In product mode erase standby bank skipped log "Patch In product mode erase standby bank skipped" set search "\x41\x9E\x00\x0C\xE8\xA2\x8A\x38\x48\x00\x00\xCC\x7B\xFD\x00\x20" set replace "\x60\x00\x00\x00\xE8\xA2\x8A\x38\x48\x00\x00\xCC\x7B\xFD\x00\x20" catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" # Patching System Manager to disable integrity check log "Patching System Manager to disable integrity check" set search "\x38\x60\x00\x01\xf8\x01\x00\x90\x88\x1f\x00\x00\x2f\x80\x00\x00" set replace "\x38\x60\x00\x00" catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" # Patching LV1 to enable skipping of ACL checks for all storage devices log "Patching LV1 to enable skipping of ACL checks for all storage devices" set search "\x54\x63\x06\x3e\x2f\x83\x00\x00\x41\x9e\x00\x14\xe8\x01\x00\x70\x54\x00\x07\xfe" append search "\x2f\x80\x00\x00\x40\x9e\x00\x18" set replace "\x38\x60\x00\x01\x2f\x83\x00\x00\x41\x9e\x00\x14\x38\x00\x00\x01" catch_die {::patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]" } } }
download: patch_lv1checks.rar (1.29 KB) (2.88-3.42 / 3.50-3.55)
PreAlpha v1 smoketest - offsets
patch-lv1checks (Modifying CORE_OS file lv1.self - Patching LV1 Checks)
No. | Description | 2.80 | 3.00 | 3.01 | 3.10 | 3.15 | 3.20 | 3.21 | 3.30 | 3.40 | 3.41-BAD | 3.41-FIX | 3.42 | 3.50 | 3.55 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Patch core OS Hash check // product mode always on | 2958632 | 2958452 | 2958452 | 2958984 | 2958984 | 2959072 | 2891632 | 2891556 | 2891596 | 2891596 | 2891596 | 2891596 | 2891684 | 2891684 |
2 | Patch check_revoke_list_hash check // product mode always on | 2961708 | 2961528 | 2961528 | 2962060 | 2962060 | 2962148 | 2894708 | 2894632 | 2894672 | 2894672 | 2894672 | 2894672 | 2894836 | 2894836 |
16 | Patch In product mode erase standby bank skipped | 2977960 | 2977780 | 2977780 | 2978324 | 2978324 | 2978412 | 2910972 | 2910896 | 2910936 | 2910936 | 2910936 | 2910936 | 2911100 | 2911100 |
23 | Patching System Manager to disable integrity check | 2211164 | 2211424 | 2211424 | 2217608 | 2217608 | 2218192 | 2218120 | 2215760 | 2216052 | 2216052 | 2216052 | 2216052 | 2216096 | 2216096 |
24 | Patching LV1 to enable skipping of ACL checks for all storage devices | 498208 | 500212 | 500212 | 505304 | 505420 | 506032 | 506032 | 505112 | 504568 | 504568 | 504568 | 504568 | 504640 | 504640 |
Status
MFW patch_lv1checks.tcl seems to work fine. Needs testing in the field by people with hardware flasher only.