Talk:Downgrading with Hardware flasher: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
Line 15: Line 15:




= Quick syscon rehashing =
== Quick syscon rehashing ==
Goal: To be able to install unpatched firmwares on consoles that where previously on 3.56+
Goal: To be able to install unpatched firmwares on consoles that where previously on 3.56+


== The FSM dance ==
=== The FSM dance ===
NOR only, for now! Don't use directly as is on NAND, because offsets will differ!
NOR only, for now! Don't use directly as is on NAND, because offsets will differ!


Line 30: Line 30:
After each step of patching, enter Factory Service Mode and reinstall nonpatched firmware (e.g. OFW)
After each step of patching, enter Factory Service Mode and reinstall nonpatched firmware (e.g. OFW)


=== Step1 ===
==== Step1 ====
{|class="wikitable"
{|class="wikitable"
|-
|-
Line 42: Line 42:
|-
|-
|}
|}
=== Step2 ===
==== Step2 ====
{|class="wikitable"
{|class="wikitable"
|-
|-
Line 54: Line 54:
|-
|-
|}
|}
=== Step3 ===
==== Step3 ====
{|class="wikitable"
{|class="wikitable"
|-
|-
Line 69: Line 69:
Redump flash after last reinstall of firmware in service mode to check if both ROS areas are occupied.
Redump flash after last reinstall of firmware in service mode to check if both ROS areas are occupied.


== Alternative QA way ==
=== Alternative QA way ===
# Patch as normal downgrader (ROS 0/1 + RVK prg/pkg) on mainpage
# Patch as normal downgrader (ROS 0/1 + RVK prg/pkg) on mainpage
# install prepatched firmware in service mode
# install prepatched firmware in service mode
# enable QA-extra and install unpatched firmware in recovery mode.
# enable QA-extra and install unpatched firmware in recovery mode.


== Alternative shorter reFSM way ==
=== Alternative shorter reFSM way ===
# Patch as normal downgrader (ROS 0/1 + RVK prg/pkg) on mainpage
# Patch as normal downgrader (ROS 0/1 + RVK prg/pkg) on mainpage
# install prepatched firmware in service mode
# install prepatched firmware in service mode
# install unpatched firmware in service mode
# install unpatched firmware in service mode

Revision as of 00:10, 3 January 2012

Quick 'n Dirty prepatched

  • PS3MFW Features Enabled
    • Change PUP build / version
    • Patch LV1 (downgrader) checks
    • Patch LV1 hypervisor: Allow mapping of any memory area (Needed for LV2 Poke)
    • Patch LV2 kernel: Patch to add Peek&Poke system calls to LV2
    • Patch package installer: Patch to allow installation of pseudo-retail packages + debug packages
    • Patch Application launcher: Patch to allow running of unsigned applications
    • Add new icons to the XMB Game category: Add Install Package Files + app_home + icons to the XMB Game Category


Quick syscon rehashing

Goal: To be able to install unpatched firmwares on consoles that where previously on 3.56+

The FSM dance

NOR only, for now! Don't use directly as is on NAND, because offsets will differ!

Patch files used

Depending on which step, will be used in one or both ROS areas:

This will be the same for all steps:

After each step of patching, enter Factory Service Mode and reinstall nonpatched firmware (e.g. OFW)

Step1

Target area Patchfile NOR Offset Paste length Remarks
ROS0 ROS-empty.bin (7 MB) 0x0C0000 0x6FFFE0
ROS1 ROS-empty.bin (7 MB) 0x7C0000 0x6FFFE0
trvk_prg0 (0x40000)
trvk_prg1 (0x60000)
trvk_pkg0 (0x80000)
trvk_pkg1 (0xA0000)
RVK-0x40000.bin (512 KB) 0x40000 0x80000 one big patch
overlapping several revoke area's

Step2

Target area Patchfile NOR Offset Paste length Remarks
ROS0 ROS-filled.bin (7 MB) 0x0C0000 0x6FFFE0
ROS1 ROS-empty.bin (7 MB) 0x7C0000 0x6FFFE0
trvk_prg0 (0x40000)
trvk_prg1 (0x60000)
trvk_pkg0 (0x80000)
trvk_pkg1 (0xA0000)
RVK-0x40000.bin (512 KB) 0x40000 0x80000 one big patch
overlapping several revoke area's

Step3

Target area Patchfile NOR Offset Paste length Remarks
ROS0 ROS-empty.bin (7 MB) 0x0C0000 0x6FFFE0
ROS1 ROS-filled.bin (7 MB) 0x7C0000 0x6FFFE0
trvk_prg0 (0x40000)
trvk_prg1 (0x60000)
trvk_pkg0 (0x80000)
trvk_pkg1 (0xA0000)
RVK-0x40000.bin (512 KB) 0x40000 0x80000 one big patch
overlapping several revoke area's

Redump flash after last reinstall of firmware in service mode to check if both ROS areas are occupied.

Alternative QA way

  1. Patch as normal downgrader (ROS 0/1 + RVK prg/pkg) on mainpage
  2. install prepatched firmware in service mode
  3. enable QA-extra and install unpatched firmware in recovery mode.

Alternative shorter reFSM way

  1. Patch as normal downgrader (ROS 0/1 + RVK prg/pkg) on mainpage
  2. install prepatched firmware in service mode
  3. install unpatched firmware in service mode