Talk:Downgrading with Hardware flasher: Difference between revisions
Jump to navigation
Jump to search
m (Created page with "Quick 'n Dirty prepatched: * [http://www.multiupload.com/9IATGOGMR1 315-downgrader.pup (163.88 MB)] * [http://www.multiupload.com/YZ77XKXMFT 341-downgrader.pup (167.1 MB)] * [htt...") |
mNo edit summary |
||
| Line 1: | Line 1: | ||
Quick 'n Dirty prepatched | ==Quick 'n Dirty prepatched== | ||
* [http://www.multiupload.com/9IATGOGMR1 315-downgrader.pup (163.88 MB)] | * [http://www.multiupload.com/9IATGOGMR1 315-downgrader.pup (163.88 MB)] | ||
* [http://www.multiupload.com/YZ77XKXMFT 341-downgrader.pup (167.1 MB)] | * [http://www.multiupload.com/YZ77XKXMFT 341-downgrader.pup (167.1 MB)] | ||
| Line 12: | Line 12: | ||
** Patch Application launcher: Patch to allow running of unsigned applications | ** Patch Application launcher: Patch to allow running of unsigned applications | ||
** Add new icons to the XMB Game category: Add Install Package Files + app_home + icons to the XMB Game Category | ** Add new icons to the XMB Game category: Add Install Package Files + app_home + icons to the XMB Game Category | ||
== The FSM dance == | |||
NOR only, for now! Don't use directly as is on NAND, because offsets will differ! | |||
=== Patch files used === | |||
Depending on which step, will be used in one or both ROS areas: | |||
* [http://www.multiupload.com/LDVW5O233F ROS-empty.bin (7 MB)] | |||
* [http://www.multiupload.com/X69SN5258J ROS-filled.bin (7 MB)] | |||
This will be the same for all steps: | |||
* [http://www.multiupload.com/DYBWAJOGQK RVK-0x40000.bin (512 KB)] | |||
After each step of patching, enter Factory Service Mode and reinstall nonpatched firmware (e.g. OFW) | |||
=== Step1 === | |||
{|class="wikitable" | |||
|- | |||
! Target area !! Patchfile !! NOR Offset !! Paste length !! Remarks | |||
|- | |||
| ROS0 || [http://www.multiupload.com/LDVW5O233F ROS-empty.bin (7 MB)] || 0x0C0000 || 0x6FFFE0 || | |||
|- | |||
| ROS1 || [http://www.multiupload.com/LDVW5O233F ROS-empty.bin (7 MB)] || 0x7C0000 || 0x6FFFE0 || | |||
|- | |||
| trvk_prg0 (0x40000) <br />trvk_prg1 (0x60000)<br />trvk_pkg0 (0x80000) <br />trvk_pkg1 (0xA0000) || [http://www.multiupload.com/DYBWAJOGQK RVK-0x40000.bin (512 KB)] || 0x40000 || 0x80000 || one big patch<br />overlapping several revoke area's | |||
|- | |||
|} | |||
=== Step2 === | |||
{|class="wikitable" | |||
|- | |||
! Target area !! Patchfile !! NOR Offset !! Paste length !! Remarks | |||
|- | |||
| ROS0 || [http://www.multiupload.com/X69SN5258J ROS-filled.bin (7 MB)] || 0x0C0000 || 0x6FFFE0 || | |||
|- | |||
| ROS1 || [http://www.multiupload.com/LDVW5O233F ROS-empty.bin (7 MB)] || 0x7C0000 || 0x6FFFE0 || | |||
|- | |||
| trvk_prg0 (0x40000) <br />trvk_prg1 (0x60000)<br />trvk_pkg0 (0x80000) <br />trvk_pkg1 (0xA0000) || [http://www.multiupload.com/DYBWAJOGQK RVK-0x40000.bin (512 KB)] || 0x40000 || 0x80000 || one big patch<br />overlapping several revoke area's | |||
|- | |||
|} | |||
=== Step3 === | |||
{|class="wikitable" | |||
|- | |||
! Target area !! Patchfile !! NOR Offset !! Paste length !! Remarks | |||
|- | |||
| ROS0 || [http://www.multiupload.com/LDVW5O233F ROS-empty.bin (7 MB)] || 0x0C0000 || 0x6FFFE0 || | |||
|- | |||
| ROS1 || [http://www.multiupload.com/X69SN5258J ROS-filled.bin (7 MB)] || 0x7C0000 || 0x6FFFE0 || | |||
|- | |||
| trvk_prg0 (0x40000) <br />trvk_prg1 (0x60000)<br />trvk_pkg0 (0x80000) <br />trvk_pkg1 (0xA0000) || [http://www.multiupload.com/DYBWAJOGQK RVK-0x40000.bin (512 KB)] || 0x40000 || 0x80000 || one big patch<br />overlapping several revoke area's | |||
|- | |||
|} | |||
Redump flash after last reinstall of firmware in service mode to check if both ROS areas are occupied. | |||
Revision as of 14:49, 1 January 2012
Quick 'n Dirty prepatched
- PS3MFW Features Enabled
- Change PUP build / version
- Patch LV1 (downgrader) checks
- Patch LV1 hypervisor: Allow mapping of any memory area (Needed for LV2 Poke)
- Patch LV2 kernel: Patch to add Peek&Poke system calls to LV2
- Patch package installer: Patch to allow installation of pseudo-retail packages + debug packages
- Patch Application launcher: Patch to allow running of unsigned applications
- Add new icons to the XMB Game category: Add Install Package Files + app_home + icons to the XMB Game Category
The FSM dance
NOR only, for now! Don't use directly as is on NAND, because offsets will differ!
Patch files used
Depending on which step, will be used in one or both ROS areas:
This will be the same for all steps:
After each step of patching, enter Factory Service Mode and reinstall nonpatched firmware (e.g. OFW)
Step1
| Target area | Patchfile | NOR Offset | Paste length | Remarks |
|---|---|---|---|---|
| ROS0 | ROS-empty.bin (7 MB) | 0x0C0000 | 0x6FFFE0 | |
| ROS1 | ROS-empty.bin (7 MB) | 0x7C0000 | 0x6FFFE0 | |
| trvk_prg0 (0x40000) trvk_prg1 (0x60000) trvk_pkg0 (0x80000) trvk_pkg1 (0xA0000) |
RVK-0x40000.bin (512 KB) | 0x40000 | 0x80000 | one big patch overlapping several revoke area's |
Step2
| Target area | Patchfile | NOR Offset | Paste length | Remarks |
|---|---|---|---|---|
| ROS0 | ROS-filled.bin (7 MB) | 0x0C0000 | 0x6FFFE0 | |
| ROS1 | ROS-empty.bin (7 MB) | 0x7C0000 | 0x6FFFE0 | |
| trvk_prg0 (0x40000) trvk_prg1 (0x60000) trvk_pkg0 (0x80000) trvk_pkg1 (0xA0000) |
RVK-0x40000.bin (512 KB) | 0x40000 | 0x80000 | one big patch overlapping several revoke area's |
Step3
| Target area | Patchfile | NOR Offset | Paste length | Remarks |
|---|---|---|---|---|
| ROS0 | ROS-empty.bin (7 MB) | 0x0C0000 | 0x6FFFE0 | |
| ROS1 | ROS-filled.bin (7 MB) | 0x7C0000 | 0x6FFFE0 | |
| trvk_prg0 (0x40000) trvk_prg1 (0x60000) trvk_pkg0 (0x80000) trvk_pkg1 (0xA0000) |
RVK-0x40000.bin (512 KB) | 0x40000 | 0x80000 | one big patch overlapping several revoke area's |
Redump flash after last reinstall of firmware in service mode to check if both ROS areas are occupied.