Talk:Cex2Dex: Difference between revisions
m (Dark Mode) |
|||
(11 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
= External references = | = External references = | ||
* http://www.ps3hax.net/showthread.php?p=400529 | |||
* [https://web.archive.org/web/20141119120958/http://www.ps3hax.net/showthread.php?p=400529] | |||
= CEX2DEX - pro versus con = | = CEX2DEX - pro versus con = | ||
== | See also [[DEX_Options]]. | ||
== Pros == | |||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
|- | |- | ||
Line 14: | Line 18: | ||
|- | |- | ||
| Downgrading || {{Yes}} || {{Yes}} || {{Yes}} || Restricted to minver of that SKU/type (either metldr minver locked, or because of drivers - same limitations as Retail/CEX, but without hardware flasher) | | Downgrading || {{Yes}} || {{Yes}} || {{Yes}} || Restricted to minver of that SKU/type (either metldr minver locked, or because of drivers - same limitations as Retail/CEX, but without hardware flasher) | ||
|} | |} | ||
== | == Cons == | ||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
|- | |- | ||
! Function !! 3.55 !! 3.56 !! 3.60+ !! Remarks | ! Function !! 3.55 !! 3.56 !! 3.60+ !! Remarks | ||
|- | |- | ||
| Retail Functionality : Packages || {{No}} <br />(patchable) || {{No}}<br />(see 3.55) || {{No}}<br />(Disabled for that [[ | | Retail Functionality : Packages || {{No}} <br />(patchable) || {{No}}<br />(see 3.55) || {{No}}<br />(Disabled for that [[Product Code]]) || | ||
|- | |- | ||
| Retail Functionality : BD-Movies || {{No}} <br />(patchable) || {{No}}<br />(see 3.55) || {{No}}<br />(Disabled for that [[ | | Retail Functionality : BD-Movies || {{No}} <br />(patchable) || {{No}}<br />(see 3.55) || {{No}}<br />(Disabled for that [[Product Code]]) || | ||
|- | |- | ||
| Retail Functionality : DVD-Movies || {{No}} <br />(patchable) || {{No}}<br />(see 3.55) || {{No}}<br />(Disabled for that [[ | | Retail Functionality : DVD-Movies || {{No}} <br />(patchable) || {{No}}<br />(see 3.55) || {{No}}<br />(Disabled for that [[Product Code]]) || | ||
|- | |- | ||
| Retail Functionality : PS Store || {{No}} <br />(patchable) || {{No}}<br />(see 3.55) || {{No}}<br />(Disabled for that [[ | | Retail Functionality : PS Store || {{No}} <br />(patchable) || {{No}}<br />(see 3.55) || {{No}}<br />(Disabled for that [[Product Code]]) || | ||
|- | |- | ||
| PSN/SEN || {{No}} <br />(only when patched/spoofed to Retail AND passphrase is available) || {{No}}<br />(see 3.55) || {{No}}<br />(Server Whitelisting and nondebug IDPS fail) || | | PSN/SEN || {{No}} <br />(only when patched/spoofed to Retail AND passphrase is available) || {{No}}<br />(see 3.55) || {{No}}<br />(Server Whitelisting and nondebug IDPS fail) || | ||
Line 52: | Line 56: | ||
| HDCP off || {{No}} || {{No}} || {{No}} || Hardware limitations in the HDMI out chip (OTP ?) prevent from switching hdcp off even by forcing the setting <small>(see note below)</small>, HDCP would then appear off in the system settings but would actually still be on | | HDCP off || {{No}} || {{No}} || {{No}} || Hardware limitations in the HDMI out chip (OTP ?) prevent from switching hdcp off even by forcing the setting <small>(see note below)</small>, HDCP would then appear off in the system settings but would actually still be on | ||
<small>Note:<br /> | <small>Note:<br /> | ||
Can use [ | Can use [[QA Flagging#Debug Menu settings not in Retail/CEX QA|QA debug]] (<=3.56) or setmonitor.self (ProDG Target Manager - Monitor Settings Utility). See also [[XRegistry.sys#Common Settings|"XRegistry.sys /setting/display/0/hdcp"]] to enforce it to "off" setting.</small> | ||
|- | |- | ||
| Burned Master Discs || {{No}} || {{No}} || {{No}} || Hardware limitations in the Drive Id's (OTP not set to 0xFFFFFFFFFFFFFFFF) prevent from using burned ps3 and ps2 masterdiscs (they are recognized as data discs), this is a check performed by the drive's firmware. | | Burned Master Discs || {{No}} || {{No}} || {{No}} || Hardware limitations in the Drive Id's (OTP not set to 0xFFFFFFFFFFFFFFFF) prevent from using burned ps3 and ps2 masterdiscs (they are recognized as data discs), this is a check performed by the drive's firmware. | ||
|} | |} | ||
= Alternative method of writing back flash | Note about FW 3.56: one would need to use custom generated keys for signing, as the random fail is fixed since that version, thus no private keys can be acquired with scekrit). | ||
Put these, including your target NOR file, named rflash.bin on a stick | |||
= Alternative method of writing back flash (jaicrab / bad idea) = | |||
Either use PSgrade/JIG and let the lv2diag.self be executed by lv1.self | Put these, including your target NOR file, named rflash.bin on a stick: | ||
* [https://dl.dropbox.com/u/35197530/Lv2diag.self Lv2diag.self] | |||
* [https://dl.dropbox.com/u/35197530/advance.cfg advance.cfg] | |||
Either use PSgrade/JIG and let the lv2diag.self be executed by lv1.self automatically, or use MultiMAN self loader. It will take a LONG time (35 minutes) until console stops blinking and shutdowns with red led. | |||
Tested working on CECHG fat( | Tested working on CECHG fat (256MB NAND). I suspect the reason for people bricking was they were flashing dumps of different lenghts and offsets (such as from memdump) and not the one provided by dumping with ?this?. -sk1080 | ||
= CEX2DEX NOR Guide = | |||
== Prerequisites == | |||
= | |||
* <strike>[https://www.psdevwiki.com/ps3/files/devtools/dumpers/memdump_0.01-FINAL/memdump_0.01-FINAL/memdump_0.01-FINAL.gnpdrm.pkg Memdump v 0.01]</strike> | |||
* [ | * <strike>[https://www.psdevwiki.com/ps3/files/devtools/Cex2Dex/eEID_RKDumper/eEID_RKDumper.pkg eEID_RKDumper]</strike> | ||
* [ | |||
* [http://store.brewology.com/get/homebrew.php?id=24&fid=385 Multiman] or MMOS anything above 4.0.3 will work | * [http://store.brewology.com/get/homebrew.php?id=24&fid=385 Multiman] or MMOS anything above 4.0.3 will work | ||
==NOR guide== | == NOR guide == | ||
# Put above mentioned 3 packages in root of USB stick and install them on the PS3 using *Install Packages* | # Put above mentioned 3 packages in root of USB stick and install them on the PS3 using *Install Packages* | ||
# With the USB stick still inserted, run Memdump v 0.01 and select the option "Dump Flash Storage" | # With the USB stick still inserted, run Memdump v 0.01 and select the option "Dump Flash Storage" | ||
Line 92: | Line 96: | ||
11. Reboot ps3, and you will be able to install any Dex Firmware //--> | 11. Reboot ps3, and you will be able to install any Dex Firmware //--> | ||
= | = Conversion differences = | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
0002F070 <span style=" | 0002F070 <span style="color:green;">00 00 00 XX 00</span> <span style="color:red!important;">XX</span> <span style="color:green;">00 XX XX XX XX XX XX XX XX XX</span> | ||
0002F080 <span style=" | 0002F080 <span style="color:green;">00 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX</span> | ||
0002F090 <span style=" | 0002F090 <span style="color:red!important;">XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX</span> | ||
0002F0A0 <span style=" | 0002F0A0 <span style="color:red!important;">XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX</span> | ||
0002F0B0 <span style=" | 0002F0B0 <span style="color:red!important;">XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX</span> | ||
0002F0C0 <span style=" | 0002F0C0 <span style="color:red!important;">XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX</span> | ||
0002F0D0 <span style=" | 0002F0D0 <span style="color:red!important;">XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX</span> | ||
0002F0E0 <span style=" | 0002F0E0 <span style="color:red!important;">XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX</span> | ||
0002F0F0 <span style=" | 0002F0F0 <span style="color:red!important;">XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX</span> | ||
0002F100 <span style=" | 0002F100 <span style="color:red!important;">XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX</span> | ||
0002F110 <span style=" | 0002F110 <span style="color:red!important;">XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX</span> | ||
0002F120 <span style=" | 0002F120 <span style="color:red!important;">XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX</span> | ||
0002F130 <span style=" | 0002F130 <span style="color:red!important;">XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX</span> | ||
0002F140 <span style=" | 0002F140 <span style="color:red!important;">XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX</span> | ||
= Trophy errors = | |||
If you are getting trophy errors preventing you to play backups then make sure you perform the following steps: | If you are getting trophy errors preventing you to play backups then make sure you perform the following steps: | ||
# Go to recovery menu and restore default settings. | # Go to recovery menu and restore default settings. | ||
# Rebuild ps3 database from recovery menu. | # Rebuild ps3 database from recovery menu. | ||
# If you had a playstation id then add the playstation id/password in the playstation network settings. Try to connect once | # If you had a playstation id then add the playstation id/password in the playstation network settings. Try to connect once. It will ask you to upgrade your console. DO NOT upgrade! Keep the playstation id/password saved in the psn settings. | ||
= Trivia = | = Trivia = | ||
Neither the [ | Neither the [[SC_EEPROM#EEPROM Offset Table - Flags and Tokens|FSELF Control Flag nor the Debug Support Flag]] is changed, nevertheless, no functions of the DEX firmware are restricted, it behaves like a original one. Sony could just add checks in the upcoming DEX firmwares and patch this CEX2DEX conversion method. Also this isn't a full CEX-DEX conversion, seeing as the IDPS is changed only in EID0 and not also in EID5. | ||
= DEX2CEX safe way / debricking = | = DEX2CEX safe way / debricking = | ||
<ol><li> | |||
<ol><li>Take that console DEX dump and convert it to the [[Product Code]] of that CEX console region (with targetID changer and that console eidrootkey)<br /> | |||
''or'' <br /> | ''or'' <br /> | ||
Take that console CEX dump.</li></ol> | |||
The next steps are same as [[Downgrading_with_Hardware_flasher#Patch the dump & reflash it to the console|Downgrading with Hardware flasher]]. See there for more in depth information. | |||
# make sure byteorder is correct, if needed use Flowrebuilder to bytereverse | # make sure byteorder is correct, if needed use Flowrebuilder to bytereverse | ||
Line 176: | Line 138: | ||
# use Recover or Factory Service Mode to install Rogero 3.55 V7 PUP (the basic downgrader that is always used to downgrade consoles) | # use Recover or Factory Service Mode to install Rogero 3.55 V7 PUP (the basic downgrader that is always used to downgrade consoles) | ||
# on install success, activate QA and do buttoncombo to check QA-debug menu comes up. then goto Recovery and install OFW 3.55 CEX /twice/ in a row, to make sure both banks are dehashed | # on install success, activate QA and do buttoncombo to check QA-debug menu comes up. then goto Recovery and install OFW 3.55 CEX /twice/ in a row, to make sure both banks are dehashed | ||
An Italian indepth guide: [http://www.nextrl.it/forum/topic/86174-guida-downgrade-e-%E2%80%9Cdex-to-cex%E2%80%9D] | |||
== Debrick DEX back to DEX == | |||
Flash must already contain valid DEX [[Product Code]] in EID! | |||
Use NOR patches only on NOR consoles, not on NAND! | |||
{|class="wikitable" | |||
|- | |||
! Target area !! Patchfile !! NOR Offset !! Paste length !! Remarks | |||
|- | |||
| ROS0 || coreos_355_dex_checkoff (7 MB) || 0x0C0010 || 0x6FFFE0 || CoreOS (prepatched DEX 3.55) | |||
|- | |||
| ROS1 || coreos_355_dex_checkoff (7 MB) || 0x7C0010 || 0x6FFFE0 || CoreOS (SAME as ros0) | |||
|- | |||
| trvk_prg0 || trvk_prg0 (128 KB) || 0x040000 || 0x2000 || trvk_prg0 | |||
|- | |||
| trvk_prg1 || trvk_prg0 (128 KB) || 0x060000 || 0x2000 || trvk_prg1 (same as trvk_prg0) | |||
|- | |||
| trvk_pkg0 || trvk_pkg0 (128 KB) || 0x080000 || 0x2000 || trvk_pkg0 | |||
|- | |||
| trvk_pkg1 || trvk_pkg0 (128 KB) || 0x0A0000 || 0x2000 || trvk_pkg1 (same as trvk_pkg0) | |||
|} | |||
Above patches in a single package + autopatcher file: [http://www.mirrorcreator.com/files/1PQMPNIH/3.55_DEX_checkoff.rar_links 3.55_DEX_checkoff.rar]. |
Latest revision as of 03:51, 1 July 2023
External references[edit source]
CEX2DEX - pro versus con[edit source]
See also DEX_Options.
Pros[edit source]
Function | 3.55 | 3.56 | 3.60+ | Remarks |
---|---|---|---|---|
Using the features of a debug console | Yes | Yes | Yes | To effectively use features, need to use SDK related files, e.g. TargetManager etc |
Using FSELFs | Yes | Yes | Yes | To create fselfs, you must have the decrypted binary first |
Downgrading | Yes | Yes | Yes | Restricted to minver of that SKU/type (either metldr minver locked, or because of drivers - same limitations as Retail/CEX, but without hardware flasher) |
Cons[edit source]
Function | 3.55 | 3.56 | 3.60+ | Remarks |
---|---|---|---|---|
Retail Functionality : Packages | No (patchable) |
No (see 3.55) |
No (Disabled for that Product Code) |
|
Retail Functionality : BD-Movies | No (patchable) |
No (see 3.55) |
No (Disabled for that Product Code) |
|
Retail Functionality : DVD-Movies | No (patchable) |
No (see 3.55) |
No (Disabled for that Product Code) |
|
Retail Functionality : PS Store | No (patchable) |
No (see 3.55) |
No (Disabled for that Product Code) |
|
PSN/SEN | No (only when patched/spoofed to Retail AND passphrase is available) |
No (see 3.55) |
No (Server Whitelisting and nondebug IDPS fail) |
|
More Stress to the console | Yes | Yes | Yes | Using TargetManager/Debugger increases memoryload, also heats up RSX more (there are known CECHA/CECHC that gotten YLOD after few weeks of usage, and behaved normally when converted back to Retail/CEX) |
Backups (via Manager) : <=3.56 keyed | Yes (same as Retail, would need lv1.self : mmap114 and lv2.self : peek/poke patches + Manager with DEX detection/payload) |
Yes (see 3.55) |
No | |
Backups (via Manager) : >=3.60 keyed | No (same as Retail) |
No (see 3.55) |
No | |
Backups (using ps3gen/bdemu) : <=3.56 keyed | Yes | Yes (see 3.55) |
Yes | |
Backups (using ps3gen/bdemu) : >=3.60 keyed | No | No | Yes | |
OtherOS++ : Linux/BSD | Yes (same as Retail, need patches) |
No (No one ported OtherOS++ MFW tasks to 3.56 yet, if someone does, see 3.55) |
No | |
Firmware availability | Yes | Yes | No (leaks always will lag behind) |
Getting firmwares will always be a handicap, as they are not openly distributed/announced like Retail, only on SCEDevnet |
Easily detectable and banned | Yes | Yes | Yes | |
HDCP off | No | No | No | Hardware limitations in the HDMI out chip (OTP ?) prevent from switching hdcp off even by forcing the setting (see note below), HDCP would then appear off in the system settings but would actually still be on
Note: |
Burned Master Discs | No | No | No | Hardware limitations in the Drive Id's (OTP not set to 0xFFFFFFFFFFFFFFFF) prevent from using burned ps3 and ps2 masterdiscs (they are recognized as data discs), this is a check performed by the drive's firmware. |
Note about FW 3.56: one would need to use custom generated keys for signing, as the random fail is fixed since that version, thus no private keys can be acquired with scekrit).
Alternative method of writing back flash (jaicrab / bad idea)[edit source]
Put these, including your target NOR file, named rflash.bin on a stick:
Either use PSgrade/JIG and let the lv2diag.self be executed by lv1.self automatically, or use MultiMAN self loader. It will take a LONG time (35 minutes) until console stops blinking and shutdowns with red led.
Tested working on CECHG fat (256MB NAND). I suspect the reason for people bricking was they were flashing dumps of different lenghts and offsets (such as from memdump) and not the one provided by dumping with ?this?. -sk1080
CEX2DEX NOR Guide[edit source]
Prerequisites[edit source]
Memdump v 0.01eEID_RKDumper- Multiman or MMOS anything above 4.0.3 will work
NOR guide[edit source]
- Put above mentioned 3 packages in root of USB stick and install them on the PS3 using *Install Packages*
- With the USB stick still inserted, run Memdump v 0.01 and select the option "Dump Flash Storage"
- Run eEID_RKDumper. It should give 5-10 seconds black screen, beep and shutdown the console.
- Reboot the console, start MultiMan and use the filemanager to navigate to /dev_hdd0/tmp/eid_root_key and copy this file to the root of your USB stick.
- Now you should have the PCK1 (eid_root_key) and complete flash dump (flash_stor_35500.bin) of that console. Backup these 2 files for safe keeping/debricking. If you have multiple consoles, mark them as needed (e.g. serial from white sticker) to avoid confusion.
Conversion differences[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0002F070 00 00 00 XX 00 XX 00 XX XX XX XX XX XX XX XX XX 0002F080 00 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F090 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F0A0 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F0B0 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F0C0 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F0D0 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F0E0 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F0F0 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F100 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F110 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F120 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F130 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 0002F140 XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
Trophy errors[edit source]
If you are getting trophy errors preventing you to play backups then make sure you perform the following steps:
- Go to recovery menu and restore default settings.
- Rebuild ps3 database from recovery menu.
- If you had a playstation id then add the playstation id/password in the playstation network settings. Try to connect once. It will ask you to upgrade your console. DO NOT upgrade! Keep the playstation id/password saved in the psn settings.
Trivia[edit source]
Neither the FSELF Control Flag nor the Debug Support Flag is changed, nevertheless, no functions of the DEX firmware are restricted, it behaves like a original one. Sony could just add checks in the upcoming DEX firmwares and patch this CEX2DEX conversion method. Also this isn't a full CEX-DEX conversion, seeing as the IDPS is changed only in EID0 and not also in EID5.
DEX2CEX safe way / debricking[edit source]
- Take that console DEX dump and convert it to the Product Code of that CEX console region (with targetID changer and that console eidrootkey)
or
Take that console CEX dump.
The next steps are same as Downgrading with Hardware flasher. See there for more in depth information.
- make sure byteorder is correct, if needed use Flowrebuilder to bytereverse
- take Rogero NOR patcher or Flowrebuilder+downgraderpatches and prepatch that CEX converted dump with downgrader. Flash it.
- use Recover or Factory Service Mode to install Rogero 3.55 V7 PUP (the basic downgrader that is always used to downgrade consoles)
- on install success, activate QA and do buttoncombo to check QA-debug menu comes up. then goto Recovery and install OFW 3.55 CEX /twice/ in a row, to make sure both banks are dehashed
An Italian indepth guide: [2]
Debrick DEX back to DEX[edit source]
Flash must already contain valid DEX Product Code in EID!
Use NOR patches only on NOR consoles, not on NAND!
Target area | Patchfile | NOR Offset | Paste length | Remarks |
---|---|---|---|---|
ROS0 | coreos_355_dex_checkoff (7 MB) | 0x0C0010 | 0x6FFFE0 | CoreOS (prepatched DEX 3.55) |
ROS1 | coreos_355_dex_checkoff (7 MB) | 0x7C0010 | 0x6FFFE0 | CoreOS (SAME as ros0) |
trvk_prg0 | trvk_prg0 (128 KB) | 0x040000 | 0x2000 | trvk_prg0 |
trvk_prg1 | trvk_prg0 (128 KB) | 0x060000 | 0x2000 | trvk_prg1 (same as trvk_prg0) |
trvk_pkg0 | trvk_pkg0 (128 KB) | 0x080000 | 0x2000 | trvk_pkg0 |
trvk_pkg1 | trvk_pkg0 (128 KB) | 0x0A0000 | 0x2000 | trvk_pkg1 (same as trvk_pkg0) |
Above patches in a single package + autopatcher file: 3.55_DEX_checkoff.rar.