Talk:Cex2Dex: Difference between revisions
CelesteBlue (talk | contribs) No edit summary |
CelesteBlue (talk | contribs) |
||
Line 4: | Line 4: | ||
= CEX2DEX - pro versus con = | = CEX2DEX - pro versus con = | ||
See also [[DEX_Options]]. | |||
== Pros == | == Pros == |
Revision as of 01:54, 7 March 2020
External references
CEX2DEX - pro versus con
See also DEX_Options.
Pros
Function | 3.55 | 3.56 | 3.60+ | Remarks |
---|---|---|---|---|
Using the features of a debug console | Yes | Yes | Yes | To effectively use features, need to use SDK related files, e.g. TargetManager etc |
Using FSELFs | Yes | Yes | Yes | To create fselfs, you must have the decrypted binary first |
Downgrading | Yes | Yes | Yes | Restricted to minver of that SKU/type (either metldr minver locked, or because of drivers - same limitations as Retail/CEX, but without hardware flasher) |
Cons
Function | 3.55 | 3.56 | 3.60+ | Remarks |
---|---|---|---|---|
Retail Functionality : Packages | No (patchable) |
No (see 3.55) |
No (Disabled for that Target ID) |
|
Retail Functionality : BD-Movies | No (patchable) |
No (see 3.55) |
No (Disabled for that Target ID) |
|
Retail Functionality : DVD-Movies | No (patchable) |
No (see 3.55) |
No (Disabled for that Target ID) |
|
Retail Functionality : PS Store | No (patchable) |
No (see 3.55) |
No (Disabled for that Target ID) |
|
PSN/SEN | No (only when patched/spoofed to Retail AND passphrase is available) |
No (see 3.55) |
No (Server Whitelisting and nondebug IDPS fail) |
|
More Stress to the console | Yes | Yes | Yes | Using TargetManager/Debugger increases memoryload, also heats up RSX more (there are known CECHA/CECHC that gotten YLOD after few weeks of usage, and behaved normally when converted back to Retail/CEX) |
Backups (via Manager) : <=3.56 keyed | Yes (same as Retail, would need lv1.self : mmap114 and lv2.self : peek/poke patches + Manager with DEX detection/payload) |
Yes (see 3.55) |
No | |
Backups (via Manager) : >=3.60 keyed | No (same as Retail) |
No (see 3.55) |
No | |
Backups (using ps3gen/bdemu) : <=3.56 keyed | Yes | Yes (see 3.55) |
Yes | |
Backups (using ps3gen/bdemu) : >=3.60 keyed | No | No | Yes | |
OtherOS++ : Linux/BSD | Yes (same as Retail, need patches) |
No (No one ported OtherOS++ MFW tasks to 3.56 yet, if someone does, see 3.55) |
No | |
Firmware availability | Yes | Yes | No (leaks always will lag behind) |
Getting firmwares will always be a handicap, as they are not openly distributed/announced like Retail, only on SCEDevnet |
Easily detectable and banned | Yes | Yes | Yes | |
HDCP off | No | No | No | Hardware limitations in the HDMI out chip (OTP ?) prevent from switching hdcp off even by forcing the setting (see note below), HDCP would then appear off in the system settings but would actually still be on
Note: |
Burned Master Discs | No | No | No | Hardware limitations in the Drive Id's (OTP not set to 0xFFFFFFFFFFFFFFFF) prevent from using burned ps3 and ps2 masterdiscs (they are recognized as data discs), this is a check performed by the drive's firmware. |
Note about FW 3.56: one would need to use custom generated keys for signing, as the random fail is fixed since that version, thus no private keys can be acquired with scekrit).
Alternative method of writing back flash (jaicrab / bad idea)
Put these, including your target NOR file, named rflash.bin on a stick:
Either use PSgrade/JIG and let the lv2diag.self be executed by lv1.self automatically, or use MultiMAN self loader. It will take a LONG time (35 minutes) until console stops blinking and shutdowns with red led.
Tested working on CECHG fat (256MB NAND). I suspect the reason for people bricking was they were flashing dumps of different lenghts and offsets (such as from memdump) and not the one provided by dumping with ?this?. -sk1080
CEX2DEX NOR Guide
Prerequisites
Memdump v 0.01eEID_RKDumper- Multiman or MMOS anything above 4.0.3 will work
NOR guide
- Put above mentioned 3 packages in root of USB stick and install them on the PS3 using *Install Packages*
- With the USB stick still inserted, run Memdump v 0.01 and select the option "Dump Flash Storage"
- Run eEID_RKDumper. It should give 5-10 seconds black screen, beep and shutdown the console.
- Reboot the console, start MultiMan and use the filemanager to navigate to /dev_hdd0/tmp/eid_root_key and copy this file to the root of your USB stick.
- Now you should have the PCK1 (eid_root_key) and complete flash dump (flash_stor_35500.bin) of that console. Backup these 2 files for safe keeping/debricking. If you have multiple consoles, mark them as needed (e.g. serial from white sticker) to avoid confusion.
Conversion differences
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0002F070 00 00 00 XX 00 XX 00 XX XX XX XX XX XX XX XX XX 0002F080 00 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F090 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F0A0 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F0B0 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F0C0 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F0D0 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F0E0 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F0F0 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F100 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F110 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F120 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F130 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F140 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
Trophy errors
If you are getting trophy errors preventing you to play backups then make sure you perform the following steps:
- Go to recovery menu and restore default settings.
- Rebuild ps3 database from recovery menu.
- If you had a playstation id then add the playstation id/password in the playstation network settings. Try to connect once. It will ask you to upgrade your console. DO NOT upgrade! Keep the playstation id/password saved in the psn settings.
Trivia
Neither the FSELF Control Flag nor the Debug Support Flag is changed, nevertheless, no functions of the DEX firmware are restricted, it behaves like a original one. Sony could just add checks in the upcoming DEX firmwares and patch this CEX2DEX conversion method. Also this isn't a full CEX-DEX conversion, seeing as the IDPS is changed only in EID0 and not also in EID5.
DEX2CEX safe way / debricking
- take that console DEX dump and convert it to the Target ID of that CEX console region (with targetID changer and that console eidrootkey)
or
take that console CEX dump.
The next steps are same as Downgrading with Hardware flasher. See there for more in depth information.
- make sure byteorder is correct, if needed use Flowrebuilder to bytereverse
- take Rogero NOR patcher or Flowrebuilder+downgraderpatches and prepatch that CEX converted dump with downgrader. Flash it.
- use Recover or Factory Service Mode to install Rogero 3.55 V7 PUP (the basic downgrader that is always used to downgrade consoles)
- on install success, activate QA and do buttoncombo to check QA-debug menu comes up. then goto Recovery and install OFW 3.55 CEX /twice/ in a row, to make sure both banks are dehashed
An Italian indepth guide: [2]
Debrick DEX back to DEX
Flash must already contain valid DEX Target ID in EID!
Use NOR patches only on NOR consoles, not on NAND!
Target area | Patchfile | NOR Offset | Paste length | Remarks |
---|---|---|---|---|
ROS0 | coreos_355_dex_checkoff (7 MB) | 0x0C0010 | 0x6FFFE0 | CoreOS (prepatched DEX 3.55) |
ROS1 | coreos_355_dex_checkoff (7 MB) | 0x7C0010 | 0x6FFFE0 | CoreOS (SAME as ros0) |
trvk_prg0 | trvk_prg0 (128 KB) | 0x040000 | 0x2000 | trvk_prg0 |
trvk_prg1 | trvk_prg0 (128 KB) | 0x060000 | 0x2000 | trvk_prg1 (same as trvk_prg0) |
trvk_pkg0 | trvk_pkg0 (128 KB) | 0x080000 | 0x2000 | trvk_pkg0 |
trvk_pkg1 | trvk_pkg0 (128 KB) | 0x0A0000 | 0x2000 | trvk_pkg1 (same as trvk_pkg0) |
Above patches in a single package + autopatcher file: 3.55_DEX_checkoff.rar.