Talk:Dual Firmware: Difference between revisions
(added debug console offsets) |
mNo edit summary |
||
Line 1: | Line 1: | ||
= Manual dualboot 3.55 & 3.70 with 2 flashdumps and 2 harddrives = | |||
(temporary on talkpage for improving/editing the guide) | |||
==Preparation in short== | |||
===Getting original and downgrade to 3.55=== | |||
# Dump the flash and make sure it is useable for downgrade to 3.55 | |||
# Patch it for downgrade | |||
# Reinstall the prepatched PUP (e.g. RogeroV2.pup) | |||
# Redump the flash to make sure it contains the exact same CoreOS prepatched and keep this as '3.55-swap.bin' together with the used harddrive '3.55.HDD'. | |||
===Getting latest=== | |||
# Update to the latest firmware you want to use (e.g. 3.7x) and reboot to make sure it works fine | |||
# Dump the flash and keep this as '3.7x-swap.bin' together with used different harddrive '3.7x.HDD'. | |||
==Swapping== | |||
===When you want to boot to 3.55=== | |||
# Reflash '3.55-swap.bin' and insert harddrive '3.55.HDD'. | |||
===When you want to boot to 3.7x=== | |||
# Reflash '3.7x-swap.bin' and insert harddrive '3.7x.HDD'. | |||
=== Old Guide === | |||
[http://www.digitalangel.it/2011/08/tutorial-fast-swap-su-ps3-slim-cfw-3-55-3-70-con-2-hard-disk-e-progskeet/ original italian and english guide posted by digitalangel] | |||
Today I will write a tutorial to “fast-swap” between CFW 3.55 and OFW 3.70, using 2 HDDs… at the end of the tutorial, you will be able to swap between the firmware just flashing a dump on your PS3 using Progskeet. (instead of downgrading and losing all data). | |||
The first steps are not so easy, so take your time and go on, by the way, you must have some skill with Progskeet, and it must be 100% working on your console. | |||
What we need: | |||
* PS3 Slim running with FW 3.70 | |||
* 2 Hard Disks | |||
* Progskeet installed and working on your PS3 Slim | |||
* Downgrade.bin edited with your personal data (there are tons of tutorials for do this) | |||
* 3.55 Downgrade Dongle to do the downgrade process. | |||
* Sony OFW 3.70 UPDATE.([http://playstation-3.logic-sunrise.com/telechargement-331678-ofw-ps3-370.html DOWNLOAD]) | |||
* CFW 3.55 KMEAW “NO CHECK” by dospiedra.([http://www.multiupload.com/4S6NGO13H4 DOWNLOAD]) | |||
* Lv2Diag By Jaicrab. ([http://playstation-3.logic-sunrise.com/telechargement-225750-lv2diag-patche-par-jaicrab.html DOWNLOAD]) | |||
* Lv2Diag “FILE 2″ to go out of Service/Factory Mode. ([http://www.mediafire.com/?b07qrb96iz99ibb DOWNLOAD]) | |||
We need 2 harddrives because the firmware is partial on NOR (CoreOS) and the rest is on the harddrive. so we will need 2 HDDs, one for 3.55, and one for 3.70.. | |||
We will call those HDD “A” (for 3.70) and “B” (for 3.55) dont mix them up! | |||
Starting with a PS3 Slim with OFW 3.70. | |||
# Plug in HDD “B”, format and prepare it if it’s required by the PS3 and you should have your 3.70 up and running. | |||
# DUMP your actual NOR and call it “original dump 3.70.bin” | |||
# Now flash your “downgrade.bin” (edited with the personal data found in “original dump 3.70.bin”) | |||
# Turn on your PS3 and be sure that the PS3 is asking you to press the PS button (downgrade.bin flashed correctly :D ) | |||
# Insert a 3.55 Downgrade dongle and enter factory/service mode. | |||
# Copy Lv2Diag.self by Jaicrab and the 3.55 NO CHECK UPDATE renamed as “PS3UPDAT.PUP” in the root of your USB Stick. | |||
# Plug in the USB Stick in the most-right USB port of your PS3 and wait for it to turn OFF. | |||
# Leave the factory mode using the other Lv2Diag.self | |||
# After the reboot, you need to configure and set up your system… now you have a fully working 3.55 CFW based on KMEAW “NO CHECK”. | |||
# DUMP your actual NOR and call it “swap dump 3.55.bin” | |||
# Unplug HDD B and Plug in HDD A. | |||
# Turn on your PS3, plug in your USB Stick containing official 3.70 update and press start+select when asked. | |||
# When the PS3 reboots, check that the system is fully working and DUMP your actual NOR and call it “swap dump 3.70.bin”. | |||
NOW IT’S FINISHED! You should have “swap dump 3.55.bin” and “swap dump 3.70.bin” … Now you just have to swap HDD and flash the correspondening dump: | |||
* HDD A = swap dump 3.70.bin | |||
* HDD B = swap dump 3.55.bin | |||
WARNING: Do not install other CFW than the “NO CHECK” one… because it’s used to make the “fast-swap” working… if you flash something different you will not be able to go between the 2 FWs. This patch disables the LV1 for checking the Syscon hashes at startup… so it will not freeze or complain when the syscon hashes says “3.70″ and your FW is 3.55 ;) | |||
WARNING: In case you wanna update your console with a future “3.80″ or-so firmware. Do not update your console when you are running 3.55 firmware! You have to go to “swap dump 3.70.bin” and then update as usual (XMB or recovery)… -By the way, the downgrade is confirmed working only on 3.70… we haven’t tested it on other FWs, you could loose the possibility to go back to 3.55!- | |||
<span style="color:red;">'''Editoral warning:''' The "NoCheck.pup" is known to cause trophy errors, use the [http://www.ps3devwiki.com/index.php?title=Talk:Downgrading_with_NOR_flasher#Premade_CFW_Rogero_V2 RogeroV2.pup] instead or build one yourself with [[PS3MFW Builder]] and the [http://www.ps3devwiki.com/index.php?title=Talk:Downgrading_with_NOR_flasher#Combined_TCL_V2 TCL] from the NOR downgrader talkpage.</span> | |||
==Patches 3.41== | ==Patches 3.41== | ||
Revision as of 18:54, 28 November 2011
Manual dualboot 3.55 & 3.70 with 2 flashdumps and 2 harddrives
(temporary on talkpage for improving/editing the guide)
Preparation in short
Getting original and downgrade to 3.55
- Dump the flash and make sure it is useable for downgrade to 3.55
- Patch it for downgrade
- Reinstall the prepatched PUP (e.g. RogeroV2.pup)
- Redump the flash to make sure it contains the exact same CoreOS prepatched and keep this as '3.55-swap.bin' together with the used harddrive '3.55.HDD'.
Getting latest
- Update to the latest firmware you want to use (e.g. 3.7x) and reboot to make sure it works fine
- Dump the flash and keep this as '3.7x-swap.bin' together with used different harddrive '3.7x.HDD'.
Swapping
When you want to boot to 3.55
- Reflash '3.55-swap.bin' and insert harddrive '3.55.HDD'.
When you want to boot to 3.7x
- Reflash '3.7x-swap.bin' and insert harddrive '3.7x.HDD'.
Old Guide
original italian and english guide posted by digitalangel
Today I will write a tutorial to “fast-swap” between CFW 3.55 and OFW 3.70, using 2 HDDs… at the end of the tutorial, you will be able to swap between the firmware just flashing a dump on your PS3 using Progskeet. (instead of downgrading and losing all data).
The first steps are not so easy, so take your time and go on, by the way, you must have some skill with Progskeet, and it must be 100% working on your console.
What we need:
- PS3 Slim running with FW 3.70
- 2 Hard Disks
- Progskeet installed and working on your PS3 Slim
- Downgrade.bin edited with your personal data (there are tons of tutorials for do this)
- 3.55 Downgrade Dongle to do the downgrade process.
- Sony OFW 3.70 UPDATE.(DOWNLOAD)
- CFW 3.55 KMEAW “NO CHECK” by dospiedra.(DOWNLOAD)
- Lv2Diag By Jaicrab. (DOWNLOAD)
- Lv2Diag “FILE 2″ to go out of Service/Factory Mode. (DOWNLOAD)
We need 2 harddrives because the firmware is partial on NOR (CoreOS) and the rest is on the harddrive. so we will need 2 HDDs, one for 3.55, and one for 3.70..
We will call those HDD “A” (for 3.70) and “B” (for 3.55) dont mix them up!
Starting with a PS3 Slim with OFW 3.70.
- Plug in HDD “B”, format and prepare it if it’s required by the PS3 and you should have your 3.70 up and running.
- DUMP your actual NOR and call it “original dump 3.70.bin”
- Now flash your “downgrade.bin” (edited with the personal data found in “original dump 3.70.bin”)
- Turn on your PS3 and be sure that the PS3 is asking you to press the PS button (downgrade.bin flashed correctly :D )
- Insert a 3.55 Downgrade dongle and enter factory/service mode.
- Copy Lv2Diag.self by Jaicrab and the 3.55 NO CHECK UPDATE renamed as “PS3UPDAT.PUP” in the root of your USB Stick.
- Plug in the USB Stick in the most-right USB port of your PS3 and wait for it to turn OFF.
- Leave the factory mode using the other Lv2Diag.self
- After the reboot, you need to configure and set up your system… now you have a fully working 3.55 CFW based on KMEAW “NO CHECK”.
- DUMP your actual NOR and call it “swap dump 3.55.bin”
- Unplug HDD B and Plug in HDD A.
- Turn on your PS3, plug in your USB Stick containing official 3.70 update and press start+select when asked.
- When the PS3 reboots, check that the system is fully working and DUMP your actual NOR and call it “swap dump 3.70.bin”.
NOW IT’S FINISHED! You should have “swap dump 3.55.bin” and “swap dump 3.70.bin” … Now you just have to swap HDD and flash the correspondening dump:
- HDD A = swap dump 3.70.bin
- HDD B = swap dump 3.55.bin
WARNING: Do not install other CFW than the “NO CHECK” one… because it’s used to make the “fast-swap” working… if you flash something different you will not be able to go between the 2 FWs. This patch disables the LV1 for checking the Syscon hashes at startup… so it will not freeze or complain when the syscon hashes says “3.70″ and your FW is 3.55 ;)
WARNING: In case you wanna update your console with a future “3.80″ or-so firmware. Do not update your console when you are running 3.55 firmware! You have to go to “swap dump 3.70.bin” and then update as usual (XMB or recovery)… -By the way, the downgrade is confirmed working only on 3.70… we haven’t tested it on other FWs, you could loose the possibility to go back to 3.55!-
Editoral warning: The "NoCheck.pup" is known to cause trophy errors, use the RogeroV2.pup instead or build one yourself with PS3MFW Builder and the TCL from the NOR downgrader talkpage.
Patches 3.41
Once this patches are tested and confirmed to be safe, they will be commited to the MFW project
Debug info patch tlc - patch_lv1debinfo
Warning try these patches only if you have nor/nand flasher to recover These patches allow the output of the debug printfs on startup, the main problem right now is that the buffer is only 0xFE0 bytes long so it gets overwritten. If anyone figures out how to solve this feel free to improve it
- To see the debug console one should read 0xFEO bytes starting from these offsets
'Debug Console'
Type | Address | Console type |
---|---|---|
ra | 0x655040 | fat |
ra | 0x66EF00 | slim |
Please inform your success or failure using these scripts
Basic Hash checks patches - patch_lv1bscheck
Warning try these patches only if you have nor/nand flasher to recover
Please inform your success or failure using these scripts
Basic Hash checks patches for linux ENABLE/DISABLE/FORCE hash checks
http://pastie.org/2070649
These have already been tested
PreAlpha v3 smoketest - offsets
patch_lv1sccheck (Modifying CORE_OS file lv1.self - Patching LV1 Checks)
a | ss_server1.fself | 2.80 | 3.00 | 3.01 | 3.10 | 3.15 | 3.20 | 3.21 | 3.30 | 3.40 | 3.41-BAD | 3.41-FIX | 3.42 | 3.50 | 3.55 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Patch core OS Hash check //product mode always on | 2958632 | 2958452 | 2958452 | 2958984 | 2958984 | 2959072 | 2891632 | 2891556 | 2891596 | 2891596 | 2891596 | 2891596 | 2891684 | 2891684 |
2 | Patch check_revoke_list_hash check //product mode always on | 2961708 | 2961528 | 2961528 | 2962060 | 2962060 | 2962148 | 2894708 | 2894632 | 2894672 | 2894672 | 2894672 | 2894672 | 2894836 | 2894836 |
3 | Patch get secure product mode on | 2954260 | 2954080 | 2954080 | 2954612 | 2954612 | 2954700 | 2887260 | 2887184 | 2887224 | 2887224 | 2887224 | 2887224 | 2887312 | 2887312 |
4 | Patch Valid acces for TOOL - manufacturing | 2970228 | 2970048 | 2970048 | 2970568 | 2970568 | 2970656 | 2903216 | 2903140 | 2903180 | 2903180 | 2903180 | 2903180 | no pattern | no pattern |
5 | Patch Same version (OK) (TOOL/DEX/ARCADE or manufacturing) | no pattern | no pattern | no pattern | no pattern | no pattern | 3029516 | 2962076 | 2961372 | 2961412 | 2961412 | 2961412 | 2961412 | - | - |
6 | Patch Older version CEX (OK) | - | - | - | - | - | 3029420 | 2961980 | 2961276 | 2961316 | 2961316 | 2961316 | 2961316 | - | - |
7 | Patch Chasis mismatched | - | - | - | - | - | 3030148 | 2962708 | 2962004 | 2962044 | 2962044 | 2962044 | 2962044 | - | - |
8 | Patch Not revoked | - | - | - | - | - | 3030080 | 2962640 | 2961936 | 2961976 | 2961976 | 2961976 | 2961976 | - | - |
9 | Patch Manufacturing Image in normal mode | - | - | - | - | - | 3030000 | 2962560 | 2961856 | 2961896 | 2961896 | 2961896 | 2961896 | - | - |
10 | Patch Unknown direction | - | - | - | - | - | 3029832 | 2962436 | 2961688 | 2961728 | 2961728 | 2961728 | 2961728 | - | - |
11 | Patch Inapropiate direction | - | - | - | - | - | 3029876 | 2962436 | 2961732 | 2961772 | 2961772 | 2961772 | 2961772 | - | - |
12 | Patch Skip package direction check | - | - | - | - | - | 3029692 | 2962252 | 2961548 | 2961588 | 2961588 | 2961588 | 2961588 | - | - |
13 | Patch Capability check product mode | - | - | - | - | - | no pattern | no pattern | 3104064 | 3104104 | 3104104 | 3104104 | 3104104 | - | - |
14 | Patch fix2pc Root hash match OK | - | - | - | - | - | - | - | 3050140 | 3050180 | 3050180 | 3050180 | 3050180 | - | - |
15 | Patch raw image overlap success | - | - | - | - | - | - | - | 2899420 | 2899460 | 2899460 | 2899460 | 2899460 | - | - |
16 | Patch In product mode erase standby bank skipped | 2977960 | 2977780 | 2977780 | 2978324 | 2978324 | 2978412 | 2910972 | 2910896 | 2910936 | 2910936 | 2910936 | 2910936 | no pattern | no pattern |
17 | Patch Flash version check Older version OK | - | - | - | - | - | - | - | 2963136 | 2963176 | 2963176 | 2963176 | 2963176 | - | - |
18 | Patch Flash version check Same version (OK) (TOOL/DEX/ARCADE or manufacturing) | - | - | - | - | - | - | - | 2963232 | 2963272 | 2963272 | 2963272 | 2963272 | - | - |
b | sys_mgr.self | 2.80 | 3.00 | 3.01 | 3.10 | 3.15 | 3.20 | 3.21 | 3.30 | 3.40 | 3.41-BAD | 3.41-FIX | 3.42 | 3.50 | 3.55 |
19 | Patch Patch sys_mgr integrity lv1 and lv0 integrity check | - | - | - | - | - | - | - | no pattern | 2216084 | 2216084 | 2216084 | 2216084 | - | - |
c | lv1.self main | 2.80 | 3.00 | 3.01 | 3.10 | 3.15 | 3.20 | 3.21 | 3.30 | 3.40 | 3.41-BAD | 3.41-FIX | 3.42 | 3.50 | 3.55 |
20 | Patch SC header not correct | - | - | - | - | - | - | - | - | 172784 | 172784 | 172784 | 172784 | - | - |
21 | Patch SC checksum error | - | - | - | - | - | - | - | - | 173112 | 173112 | 173112 | 173112 | - | - |
d | ss_server2.fself | 2.80 | 3.00 | 3.01 | 3.10 | 3.15 | 3.20 | 3.21 | 3.30 | 3.40 | 3.41-BAD | 3.41-FIX | 3.42 | 3.50 | 3.55 |
22 | Patch Capability check | - | - | - | - | - | - | - | - | 3524212 | 3524212 | 3524212 | 3524212 | - | - |
PreAlpha v4 smoketest - offsets
patch_lv1bscheck (Modifying CORE_OS file lv1.self - Disables basic hash checks in lv1)
a | ss_server1.fself | 2.80 | 3.00 | 3.01 | 3.10 | 3.15 | 3.20 | 3.21 | 3.30 | 3.40 | 3.41-BAD | 3.41-FIX | 3.42 | 3.50 | 3.55 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Patch core OS Hash check //product mode always on | 2958632 | 2958452 | 2958452 | 2958984 | 2958984 | 2959072 | 2891632 | 2891556 | 2891596 | 2891596 | 2891596 | 2891596 | 2891684 | 2891684 |
2 | Patch check_revoke_list_hash check //product mode always on | 2961708 | 2961528 | 2961528 | 2962060 | 2962060 | 2962148 | 2894708 | 2894632 | 2894672 | 2894672 | 2894672 | 2894672 | 2894836 | 2894836 |
16 | Patch In product mode erase standby bank skipped | 2977960 | 2977780 | 2977780 | 2978324 | 2978324 | 2978412 | 2910972 | 2910896 | 2910936 | 2910936 | 2910936 | 2910936 | no pattern | no pattern |
PreAlpha v5 smoketest - offsets
patch_lv1debinfo (Modifying CORE_OS file lv1.self - Enables output of debug info)
a | ss_server1.fself | 2.80 | 3.00 | 3.01 | 3.10 | 3.15 | 3.20 | 3.21 | 3.30 | 3.40 | 3.41-BAD | 3.41-FIX | 3.42 | 3.50 | 3.55 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Patch UM debug level return value #8000b04 | 2953044 | 2952864 | 2952864 | 2953396 | 2953396 | 2953484 | 2886044 | 2885968 | 2886008 | 2886008 | 2886008 | 2886008 | 2886096 | 2886096 |
2 | Patch COMMON debug level return value #80035b78 | No pattern | No pattern | No pattern | No pattern | No pattern | No pattern | No pattern | 3090884 | 3090924 | 3090924 | 3090924 | 3090924 | No pattern | No pattern |
3 | Patch SM debug level return value #8001f954 | - | - | - | - | - | - | - | 3000224 | 3000264 | 3000264 | 3000264 | 3000264 | - | - |
4 | Patch PRINTK enable return value #80035abc | - | - | - | - | - | - | - | 3090696 | 3090736 | 3090736 | 3090736 | 3090736 | - | - |
5 | Patch SB_MGR debug level return value #80030c2c | - | - | - | - | - | - | - | 3070584 | 3070624 | 3070624 | 3070624 | 3070624 | - | - |
6 | Patch DEBUG PRINTF function #80035cac | - | - | - | - | - | - | - | 3091192 | 3091232 | 3091232 | 3091232 | 3091232 | - | - |
7 | Patch PRINTF 1 function #80035bb3 | - | - | - | - | - | - | - | 3090944 | 3090984 | 3090984 | 3090984 | 3090984 | - | - |
8 | Patch COMMON PRINTF function #80035c2c | - | - | - | - | - | - | - | 3091064 | 3091104 | 3091104 | 3091104 | 3091104 | - | - |