Talk:Dual Firmware: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
No edit summary
Line 1: Line 1:
= Manual dualboot 3.55 & 3.70 with 2 flashdumps and 2 harddrives =
=== Old Guide ===
[http://www.digitalangel.it/2011/08/tutorial-fast-swap-su-ps3-slim-cfw-3-55-3-70-con-2-hard-disk-e-progskeet/ original italian and english guide posted by digitalangel]
Today I will write a tutorial to “fast-swap” between CFW 3.55 and OFW 3.70, using 2 HDDs… at the end of the tutorial, you will be able to swap between the firmware just flashing a dump on your PS3 using Progskeet. (instead of downgrading and losing all data).
The first steps are not so easy, so take your time and go on, by the way, you must have some skill with Progskeet, and it must be 100% working on your console.
What we need:
* PS3 Slim running with FW 3.70
* 2 Hard Disks
* Progskeet installed and working on your PS3 Slim
* Downgrade.bin edited with your personal data (there are tons of tutorials for do this)
* 3.55 Downgrade Dongle to do the downgrade process.
* Sony OFW 3.70 UPDATE.([http://playstation-3.logic-sunrise.com/telechargement-331678-ofw-ps3-370.html DOWNLOAD])
* CFW 3.55 KMEAW “NO CHECK” by dospiedra.([http://www.multiupload.com/4S6NGO13H4 DOWNLOAD])
* Lv2Diag By Jaicrab. ([http://playstation-3.logic-sunrise.com/telechargement-225750-lv2diag-patche-par-jaicrab.html DOWNLOAD])
* Lv2Diag “FILE 2″ to go out of Service/Factory Mode. ([http://www.mediafire.com/?b07qrb96iz99ibb DOWNLOAD])
We need 2 harddrives because the firmware is partial on NOR (CoreOS) and the rest is on the harddrive. so we will need 2 HDDs, one for 3.55, and one for 3.70..
We will call those HDD “A” (for 3.70) and “B” (for 3.55) dont mix them up!
Starting with a PS3 Slim with OFW 3.70.
# Plug in HDD “B”, format and prepare it if it’s required by the PS3 and you should have your 3.70 up and running.
# DUMP your actual NOR and call it “original dump 3.70.bin”
# Now flash your “downgrade.bin” (edited with the personal data found in “original dump 3.70.bin”)
# Turn on your PS3 and be sure that the PS3 is asking you to press the PS button (downgrade.bin flashed correctly :D )
# Insert a 3.55 Downgrade dongle and enter factory/service mode.
# Copy Lv2Diag.self by Jaicrab and the 3.55 NO CHECK UPDATE renamed as “PS3UPDAT.PUP” in the root of your USB Stick.
# Plug in the USB Stick in the most-right USB port of your PS3 and wait for it to turn OFF.
# Leave the factory mode using the other Lv2Diag.self
# After the reboot, you need to configure and set up your system… now you have a fully working 3.55 CFW based on KMEAW “NO CHECK”.
# DUMP your actual NOR and call it “swap dump 3.55.bin”
# Unplug HDD B and Plug in HDD A.
# Turn on your PS3, plug in your USB Stick containing official 3.70 update and press start+select when asked.
# When the PS3 reboots, check that the system is fully working and DUMP your actual NOR and call it “swap dump 3.70.bin”.
NOW IT’S FINISHED! You should have “swap dump 3.55.bin” and “swap dump 3.70.bin” … Now you just have to swap HDD and flash the correspondening dump:
* HDD A = swap dump 3.70.bin
* HDD B = swap dump 3.55.bin
WARNING: Do not install other CFW than the “NO CHECK” one… because it’s used to make the “fast-swap” working… if you flash something different you will not be able to go between the 2 FWs. This patch disables the LV1 for checking the Syscon hashes at startup… so it will not freeze or complain when the syscon hashes says “3.70″ and your FW is 3.55 ;)
WARNING: In case you wanna update your console with a future “3.80″ or-so firmware. Do not update your console when you are running 3.55 firmware! You have to go to “swap dump 3.70.bin” and then update as usual (XMB or recovery)… -By the way, the downgrade is confirmed working only on 3.70… we haven’t tested it on other FWs, you could loose the possibility to go back to 3.55!-
<span style="color:red;">'''Editoral warning:''' The "NoCheck.pup" is known to cause trophy errors, use the [http://www.ps3devwiki.com/index.php?title=Talk:Downgrading_with_NOR_flasher#Premade_CFW_Rogero_V2 RogeroV2.pup] instead or build one yourself with [[PS3MFW Builder]] and the [http://www.ps3devwiki.com/index.php?title=Talk:Downgrading_with_NOR_flasher#Combined_TCL_V2 TCL] from the NOR downgrader talkpage.</span>
==Patches 3.41==
'''Once this patches are tested and confirmed to be safe, they will be commited to the MFW project'''
===Debug info patch tlc - patch_lv1debinfo===
'''Warning try these patches only if you have nor/nand flasher to recover'''
These patches allow the output of the debug printfs on startup, the main problem right now is that the buffer is only 0xFE0 bytes long so it gets overwritten. If anyone figures out how to solve this feel free to improve it
* http://pastie.org/private/a70bfqddpersnqf6sekuuw
* To see the debug console one should read 0xFEO bytes starting from these offsets
''''''Debug Console''''''
{|class="wikitable"
|-
!Type !! Address !! Console type
|-
|ra || 0x655040 ||fat
|-
|ra || 0x66EF00 || slim
|-
|}
'''Please inform your success or failure using these scripts'''
===Basic Hash checks patches - patch_lv1bscheck===
'''Warning try these patches only if you have nor/nand flasher to recover'''
* http://pastie.org/private/biyu5orq7h73yeaul5jhvw
'''Please inform your success or failure using these scripts'''
===Basic Hash checks patches for linux ENABLE/DISABLE/FORCE hash checks===
http://pastie.org/2070649
'''These have already been tested'''
==PreAlpha v3 smoketest - offsets==
'''patch_lv1sccheck''' (Modifying CORE_OS file lv1.self - Patching LV1 Checks)
{|class="wikitable"
|-
! a !! ss_server1.fself !! 2.80 !! 3.00 !! 3.01 !! 3.10 !! 3.15 !! 3.20 !! 3.21 !! 3.30 !! 3.40 !! 3.41-BAD !! 3.41-FIX !! 3.42 !! 3.50 !! 3.55
|-
| 1 || Patch core OS Hash check //product mode always on || 2958632 || 2958452 || 2958452 || 2958984 || 2958984 || 2959072 || 2891632 || 2891556 || 2891596 || 2891596 || 2891596 || 2891596 || 2891684 || 2891684
|-
| 2 || Patch check_revoke_list_hash check //product mode always on || 2961708 || 2961528 || 2961528 || 2962060 || 2962060 || 2962148 || 2894708 || 2894632 || 2894672 || 2894672 || 2894672 || 2894672 || 2894836 || 2894836
|-
| 3 || Patch get secure product mode on || 2954260 || 2954080 || 2954080 || 2954612 || 2954612 || 2954700 || 2887260 || 2887184 || 2887224 || 2887224 || 2887224 || 2887224 || 2887312 || 2887312
|-
| 4 || Patch Valid acces for TOOL - manufacturing || 2970228 || 2970048 || 2970048 || 2970568 || 2970568 || 2970656 || 2903216 || 2903140 || 2903180 || 2903180 || 2903180 || 2903180 || no pattern || no pattern
|-
| 5 || Patch Same version (OK) (TOOL/DEX/ARCADE or manufacturing) || no pattern || no pattern || no pattern || no pattern || no pattern || 3029516 || 2962076 || 2961372 || 2961412 || 2961412 || 2961412 || 2961412 || - || -
|-
|-
| 6 || Patch Older version CEX (OK) || - || - || - || - || - || 3029420 || 2961980 || 2961276 || 2961316 || 2961316 || 2961316 || 2961316 || - || -
| 6 || Patch Older version CEX (OK) || - || - || - || - || - || 3029420 || 2961980 || 2961276 || 2961316 || 2961316 || 2961316 || 2961316 || - || -
Line 173: Line 64:
==PreAlpha v5 smoketest - offsets==
==PreAlpha v5 smoketest - offsets==


'''patch_lv1debinfo''' (Modifying CORE_OS file lv1.self - Enables output of debug info)
'''patch_lv1debinfo''' (Modifying CORE_OS file lv1.self - Enables ou
 
{|class="wikitable"
|-
! a !! ss_server1.fself !! 2.80 !! 3.00 !! 3.01 !! 3.10 !! 3.15 !! 3.20 !! 3.21 !! 3.30 !! 3.40 !! 3.41-BAD !! 3.41-FIX !! 3.42 !! 3.50 !! 3.55
|-
| 1 || Patch UM debug level return value #8000b04 || 2953044 || 2952864 || 2952864 || 2953396 || 2953396 || 2953484 || 2886044 || 2885968 || 2886008 || 2886008 || 2886008 || 2886008 || 2886096 || 2886096
|-
| 2 || Patch COMMON debug level return value #80035b78|| No pattern || No pattern || No pattern || No pattern || No pattern || No pattern || No pattern || 3090884 || 3090924 || 3090924 || 3090924 || 3090924 || No pattern || No pattern
|-
| 3 || Patch SM debug level return value #8001f954 || - || - || - || - || - || - || - || 3000224 || 3000264 || 3000264 || 3000264 || 3000264 || - || -
|-
| 4 || Patch PRINTK enable return value #80035abc || - || - || - || - || - || - || - || 3090696 || 3090736 || 3090736 || 3090736 || 3090736 || - || -
|-
| 5 || Patch SB_MGR debug level return value #80030c2c || - || - || - || - || - || - || - || 3070584 || 3070624 || 3070624 || 3070624 || 3070624 || - || -
|-
| 6 || Patch DEBUG PRINTF function #80035cac || - || - || - || - || - || - || - || 3091192 || 3091232 || 3091232 || 3091232 || 3091232 || - || -
|-
| 7 || Patch PRINTF 1 function #80035bb3 || - || - || - || - || - || - || - || 3090944 || 3090984 || 3090984 || 3090984 || 3090984 || - || -
|-
| 8 || Patch COMMON PRINTF function #80035c2c || - || - || - || - || - || - || - || 3091064 || 3091104 || 3091104 || 3091104 || 3091104 || - || -
|-
|}

Revision as of 15:43, 20 January 2012

|- | 6 || Patch Older version CEX (OK) || - || - || - || - || - || 3029420 || 2961980 || 2961276 || 2961316 || 2961316 || 2961316 || 2961316 || - || - |- | 7 || Patch Chasis mismatched || - || - || - || - || - || 3030148 || 2962708 || 2962004 || 2962044 || 2962044 || 2962044 || 2962044 || - || - |- | 8 || Patch Not revoked || - || - || - || - || - || 3030080 || 2962640 || 2961936 || 2961976 || 2961976 || 2961976 || 2961976 || - || - |- | 9 || Patch Manufacturing Image in normal mode || - || - || - || - || - || 3030000 || 2962560 || 2961856 || 2961896 || 2961896 || 2961896 || 2961896 || - || - |- | 10 || Patch Unknown direction || - || - || - || - || - || 3029832 || 2962436 || 2961688 || 2961728 || 2961728 || 2961728 || 2961728 || - || - |- | 11 || Patch Inapropiate direction || - || - || - || - || - || 3029876 || 2962436 || 2961732 || 2961772 || 2961772 || 2961772 || 2961772 || - || - |- | 12 || Patch Skip package direction check || - || - || - || - || - || 3029692 || 2962252 || 2961548 || 2961588 || 2961588 || 2961588 || 2961588 || - || - |- | 13 || Patch Capability check product mode || - || - || - || - || - || no pattern || no pattern || 3104064 || 3104104 || 3104104 || 3104104 || 3104104 || - || - |- | 14 || Patch fix2pc Root hash match OK || - || - || - || - || - || - || - || 3050140 || 3050180 || 3050180 || 3050180 || 3050180 || - || - |- | 15 || Patch raw image overlap success || - || - || - || - || - || - || - || 2899420 || 2899460 || 2899460 || 2899460 || 2899460 || - || - |- | 16 || Patch In product mode erase standby bank skipped || 2977960 || 2977780 || 2977780 || 2978324 || 2978324 || 2978412 || 2910972 || 2910896 || 2910936 || 2910936 || 2910936 || 2910936 || no pattern || no pattern |- | 17 || Patch Flash version check Older version OK || - || - || - || - || - || - || - || 2963136 || 2963176 || 2963176 || 2963176 || 2963176 || - || - |- | 18 || Patch Flash version check Same version (OK) (TOOL/DEX/ARCADE or manufacturing) || - || - || - || - || - || - || - || 2963232 || 2963272 || 2963272 || 2963272 || 2963272 || - || - |- ! b !! sys_mgr.self !! 2.80 !! 3.00 !! 3.01 !! 3.10 !! 3.15 !! 3.20 !! 3.21 !! 3.30 !! 3.40 !! 3.41-BAD !! 3.41-FIX !! 3.42 !! 3.50 !! 3.55 |- | 19 || Patch Patch sys_mgr integrity lv1 and lv0 integrity check || - || - || - || - || - || - || - || no pattern || 2216084 || 2216084 || 2216084 || 2216084 || - || - |- ! c !! lv1.self main !! 2.80 !! 3.00 !! 3.01 !! 3.10 !! 3.15 !! 3.20 !! 3.21 !! 3.30 !! 3.40 !! 3.41-BAD !! 3.41-FIX !! 3.42 !! 3.50 !! 3.55 |- | 20 || Patch SC header not correct || - || - || - || - || - || - || - || - || 172784 || 172784 || 172784 || 172784 || - || - |- | 21 || Patch SC checksum error || - || - || - || - || - || - || - || - || 173112 || 173112 || 173112 || 173112 || - || - |- ! d !! ss_server2.fself !! 2.80 !! 3.00 !! 3.01 !! 3.10 !! 3.15 !! 3.20 !! 3.21 !! 3.30 !! 3.40 !! 3.41-BAD !! 3.41-FIX !! 3.42 !! 3.50 !! 3.55 |- | 22 || Patch Capability check || - || - || - || - || - || - || - || - || 3524212 || 3524212 || 3524212 || 3524212 || - || - |- |}


PreAlpha v4 smoketest - offsets

patch_lv1bscheck (Modifying CORE_OS file lv1.self - Disables basic hash checks in lv1)

a ss_server1.fself 2.80 3.00 3.01 3.10 3.15 3.20 3.21 3.30 3.40 3.41-BAD 3.41-FIX 3.42 3.50 3.55
1 Patch core OS Hash check //product mode always on 2958632 2958452 2958452 2958984 2958984 2959072 2891632 2891556 2891596 2891596 2891596 2891596 2891684 2891684
2 Patch check_revoke_list_hash check //product mode always on 2961708 2961528 2961528 2962060 2962060 2962148 2894708 2894632 2894672 2894672 2894672 2894672 2894836 2894836
16 Patch In product mode erase standby bank skipped 2977960 2977780 2977780 2978324 2978324 2978412 2910972 2910896 2910936 2910936 2910936 2910936 no pattern no pattern


PreAlpha v5 smoketest - offsets

patch_lv1debinfo (Modifying CORE_OS file lv1.self - Enables ou