Talk:Downgrading with NAND flasher: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
Line 134: Line 134:
! Target area !! Patchfile !! NAND Offset !! Paste length !! Remarks
! Target area !! Patchfile !! NAND Offset !! Paste length !! Remarks
|-
|-
| ROS0 || [http://www.multiupload.com/GB4LPBNJBY NAND-patch1-0x0C0030.bin (7 MB)] || 0x0C0030 || 0x6FFFE0 || version string 3.55
| ROS0 || [http://www.multiupload.com/GB4LPBNJBY patch1 (7 MB)] || 0x0C0030 || 0x6FFFE0 || version string 3.55
|-
|-
| ROS1 || [http://www.multiupload.com/GB4LPBNJBY NAND-patch1-0x0C0030.bin (7 MB)] || 0x7C0020 || 0x6FFFE0 || SAME as ros0
| ROS1 || [http://www.multiupload.com/GB4LPBNJBY patch1 (7 MB)] || 0x7C0020 || 0x6FFFE0 || SAME as ros0
|-
|-
| trvk_prg0&nbsp;(0x91800)<br />trvk_prg1&nbsp;(0x92800)<br />trvk_pkg0&nbsp;(0x93800)<br />trvk_pkg1&nbsp;(0x94800)<br /> || [http://www.multiupload.com/9Z5D080KLO NAND-patch2-0x91800.bin (16 KB)] || 0x91800 || 0x4000 || revoke program 0 + 1 and revoke package 0 + 1 combined into single large patch
| trvk_prg0&nbsp;(0x91800)<br />trvk_prg1&nbsp;(0x92800)<br />trvk_pkg0&nbsp;(0x93800)<br />trvk_pkg1&nbsp;(0x94800)<br /> || [http://www.multiupload.com/9Z5D080KLO patch2 (16 KB)] || 0x91800 || 0x4000 || revoke program 0 + 1 and revoke package 0 + 1 combined into single large patch
|-
|-
<!--//
<!--//

Revision as of 22:54, 12 December 2011

http://pastebin.com/BqW46zjY :

   Downgrade patches
      
   http://www.multiupload.com/JJ9U8RM8T1
      
   DIFF:
      
   -------------
   Patch core OS Hash check //product mode always on
      
   ORIGINAL
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   002C1F40                                      41 9E 00 1C              Až..
      
   PATCHED
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   002C1F40                                      60 00 00 00              `...
      
   -------------
   Patch check_revoke_list_hash check //product mode always on
      
   ORIGINAL
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   002C2B50  41 9E 00 1C                                      Až..
      
   PATCHED
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   002C2B50  60 00 00 00                                      `...
      
   -------------
   Patch In product mode erase standby bank skipped
      
   ORIGINAL
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   002C6AD0                          41 9E 00 0C                      Až..
      
   PATCHED
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   002C6AD0                          60 00 00 00                      `...
      
   -------------
      
   Reference: http://www.ps3devwiki.com/index.php?title=Talk:Dual_Firmware


NAND Offsets

1patchcos.bin

CTRL-F : 00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0

CECHC-04/COK-002 MFW 3.15 (Euss):

  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
   000C0000  00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20  ....... ....... 
   000C0010  00 00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00  .....à..........
   000C0020  00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0  .............oÿà
   000C0030  00 00 00 01 00 00 00 17 00 00 00 00 00 6F FF E0  .............oÿà
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
   007C0000  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
   007C0010  00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0  .............oÿà
   007C0020  00 00 00 01 00 00 00 17 00 00 00 00 00 6F FF E0  .............oÿà


here dump from CECHA-006/COK-001 found @ 0x000C0020 (ros0) and 0x007c0010 (ros1):

   Offset (h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
          
   000C0020   00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0 .............oÿà
   000C0030   00 00 00 01 00 00 00 18 00 00 00 00 00 6F FF E0 .............oÿà
   000C0040   00 00 00 00 00 00 04 90 00 00 00 00 00 04 00 00 ................
   000C0050   63 72 65 73 65 72 76 65 64 5F 30 00 00 00 00 00 creserved_0.....
   000C0060   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
   000C0070   00 00 00 00 00 04 04 90 00 00 00 00 00 00 00 08 ................
   000C0080   73 64 6B 5F 76 65 72 73 69 6F 6E 00 00 00 00 00 sdk_version.....
   000C0090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
   000C00A0   00 00 00 00 00 04 05 00 00 00 00 00 00 01 E7 C8 ..............çÈ
   000C00B0   6C 76 31 6C 64 72 00 00 00 00 00 00 00 00 00 00 lv1ldr..........
   000COOC0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
   000C00D0   00 00 00 00 00 05 ED 00 00 00 00 00 00 01 6F F0 ......í.......oð
   000C00E0   6C 76 32 6C 64 72 00 00 00 00 00 00 00 00 00 00 lv2ldr..........

2patchtrvk.bin

Note: CTRL-F : not 00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40 but 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40

CECHC-04/COK-002 MFW 3.15 (Euss):

  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   
   00093800  00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20  ....... ....... 
   00093810  00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00  ...... .........
   00093820  00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40  ...............@
   00093830  53 43 45 00 00 00 00 02 00 00 00 02 00 00 00 00  SCE.............
   00093840  00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 40  ...............@


CECHA-06/COK-001 datas from offset 0x00093800:

  Offset (h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     
  00093800   00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 ................
  00093810   00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 ................
  00093820   00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40 ...............@
  00093830   53 43 45 00 00 00 00 02 00 00 00 02 00 00 00 00 SCE.............
  00093840   00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 40 ...............@
  00093850   F6 93 38 8E C8 46 D5 FF 34 53 9D 12 91 7E C6 96 ö“8ŽÈFÕÿ4S..‘~Æ–


revoke package: for a 3.72 console it would be : 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 60 http://pastie.org/3006911

revoke program: for a 3.72 console it would be : 00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 E0 http://pastie.org/3006958


Example, copy ros1 to ros0 and overwrite (HxD):

  • goto edit
  • select block (CTRL-E) : start 7C0020 - length 6FFFE0
  • copy (CTRL-C)
  • goto (CTRL-G) : C0030
  • overwrite (CTRL-B)



Simplyfied V2 NAND downgrade

Target area Patchfile NAND Offset Paste length Remarks
ROS0 patch1 (7 MB) 0x0C0030 0x6FFFE0 version string 3.55
ROS1 patch1 (7 MB) 0x7C0020 0x6FFFE0 SAME as ros0
trvk_prg0 (0x91800)
trvk_prg1 (0x92800)
trvk_pkg0 (0x93800)
trvk_pkg1 (0x94800)
patch2 (16 KB) 0x91800 0x4000 revoke program 0 + 1 and revoke package 0 + 1 combined into single large patch