Factory Service Mode: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
mNo edit summary
 
(11 intermediate revisions by 7 users not shown)
Line 1: Line 1:
[[Category:Software]]
[[File:PS3-factory-service-mode-for-downgrade.png|400px|thumb|right|Factory Service Mode]]
= What it is =
= What it is =
The Playstation 3 Console can enter a special "Service Mode". When it does so, the bottom right hand corner of the screen has a red translucent rectangle with the words "Playstation 3. Factory/Service Mode" inside of the rectangle.
The Playstation 3 Console can enter a special "Service Mode". When it does so, the bottom right hand corner of the screen has a red translucent rectangle with the words "Playstation 3. Factory/Service Mode" inside of the rectangle.
[[File:PS3-factory-service-mode-for-downgrade.png|400px|thumb|right|Factory Service Mode]]


= How to enter =  
= How to enter =  
To enter, it is needed setting Offset 0x48C07 on the [[SC_EEPROM|System Controller EEPROM]] to value: 0x00 or 0xFE, <br>
To enter, it is needed setting Offset 0x48C07 on the [[SC_EEPROM|System Controller EEPROM]] to value: 0x00 or 0xFE, <br>
at least something beside 0xFF (inactive). This can usually be done via a special hardware logic dongle, or the Factory Service Mode Tool.
at least something beside 0xFF (inactive). This can usually be done via a special hardware logic dongle, or the Factory Service Mode Tool.


== Dongle ==  
== Dongle ==  
* When the PS3 is off<br>
* When the PS3 is off<br>
* plugging a special "JIG" in the most right USB port (closest to the Blu-Ray Drive)<br>
* plugging a special "JIG" in the most right USB port (closest to the Blu-Ray Drive)<br>
* then pressing Eject immediately after pressing the Power button<br>
* then pressing Eject immediately after pressing the Power button<br>


The PlayStation 3 is triggered into Service Mode when it boots up.  
The PlayStation 3 is triggered into Service Mode when it boots up.  


(reference: [[Downgrading_with_PSgrade_Dongle#Getting_in_Factory.2FService_Mode_and_Downgrading| Getting in FSM with Dongle (2 Steps)]] )
(reference: [[Downgrading_with_PSgrade_Dongle#Getting_in_Factory.2FService_Mode_and_Downgrading| Getting in FSM with Dongle (2 Steps)]] )


== Factory Service Mode Tool ==  
== Factory Service Mode Tool ==  
FactoryServiceMode Tool v0.2 (Only on modified Playstation System Software 3.55 and lower) allows you to enter Factory Service Mode without any Dongle and just through GameOS XMB.
FactoryServiceMode Tool v0.2 (Only on modified Playstation System Software 3.55 and lower) allows you to enter Factory Service Mode without any Dongle and just through GameOS XMB.
  Requires 'LV1 mmap hvcall 114 fix'
  Requires 'LV1 mmap hvcall 114 fix'
  Requires 'LV2 peek and poke'
  Requires 'LV2 peek and poke'


== Linux ==
== Linux ==
  This requires graf chokolos modules and patches installed
  This requires graf chokolos modules and patches installed


'''1st step''' – Generating a challenge
'''1st step''' – Generating a challenge
Line 64: Line 48:


== Rebug Toolbox ==
== Rebug Toolbox ==
Select Option "Toggle Product Mode" under "Utilities" column.
Select Option "Toggle Product Mode" under "Utilities" column.


= Features =
= Features =
* Allows remarry-ing of the Blu-Ray drive
* Allows remarry-ing of the Blu-Ray drive
* Blu-Ray DRL CRL fixing
* Blu-Ray [[Fixing_DRL_and_CRL_Hashes|DRL CRL fixing]]
* Downgrading of System Software
* Downgrading of System Software


== Level-1 Hypervisor ==
== Level-1 Hypervisor ==
Different acting in Level-1 Hypervisor  
Different acting in Level-1 Hypervisor  


=== sysmgr_ss.fself ===
=== sysmgr_ss.fself ===
 
  partition related - Lets the PS3 function and turn on without a HDD inside, any actions
  partition related
requiring one will error out but not freeze (Tested on FAT NOR model CECHP01)


=== ss_server2.fself ===
=== ss_server2.fself ===
 
  av settings related? - Gives the PS3 the ability to Video and Audio multi-output
  av settings related?
on all games and software (Games requiring an HDD will error out unless there is one in the drive)


=== ss_server1 ===
=== ss_server1 ===
  trm manager usage related -> restart, backup+restore flash, flash address size, restore+backup srk/srh
  trm manager usage related -> restart, backup+restore flash, flash address size, restore+backup srk/srh
  module loading related (user token, pkg/rvk verifier, update token (+seed)..)
  module loading related (user token, pkg/rvk verifier, update token (+seed)..) - Gives it a multitude
 
of functions already listed here such as Downgrading/BD Remarry/CRL Files etc... but also lets the ps3 use ps2_netemu.self)


== Level-2 Kernel ==
== Level-2 Kernel ==
It will allow to run an Application mounted via:
It will allow to run an Application mounted via:
  dev_usb000/Lv2diag.self
  dev_usb000/Lv2diag.self


== Game OS ==
== Game OS ==
Game OS Applications will be granted to access following Level-2 Kernel Syscalls:
Game OS Applications will be granted to access following Level-2 Kernel Syscalls:
  389 (0x185) sys_sm_set_fan_policy
  389 (0x185) sys_sm_set_fan_policy
  395 (0x18B) sys_sm_request_system_event_log
  395 (0x18B) sys_sm_request_system_event_log
Line 111: Line 85:
  408 (0x198) sys_sm_get_tzpb
  408 (0x198) sys_sm_get_tzpb
  409 (0x199) sys_sm_get_fan_policy
  409 (0x199) sys_sm_get_fan_policy
  577 (0x241) (PS3 Game Pad related)
  577 (0x241) sys_pad_manager_....


Virtual Shell (VSH):
Virtual Shell (VSH):
Line 120: Line 94:
  Bluray Disc Player Revoke
  Bluray Disc Player Revoke
  ...
  ...
{{Firmware}}<noinclude>[[Category:Main]]</noinclude>

Latest revision as of 23:32, 18 March 2023

Factory Service Mode

What it is[edit | edit source]

The Playstation 3 Console can enter a special "Service Mode". When it does so, the bottom right hand corner of the screen has a red translucent rectangle with the words "Playstation 3. Factory/Service Mode" inside of the rectangle.

How to enter[edit | edit source]

To enter, it is needed setting Offset 0x48C07 on the System Controller EEPROM to value: 0x00 or 0xFE,
at least something beside 0xFF (inactive). This can usually be done via a special hardware logic dongle, or the Factory Service Mode Tool.

Dongle[edit | edit source]

  • When the PS3 is off
  • plugging a special "JIG" in the most right USB port (closest to the Blu-Ray Drive)
  • then pressing Eject immediately after pressing the Power button

The PlayStation 3 is triggered into Service Mode when it boots up.

(reference: Getting in FSM with Dongle (2 Steps) )

Factory Service Mode Tool[edit | edit source]

FactoryServiceMode Tool v0.2 (Only on modified Playstation System Software 3.55 and lower) allows you to enter Factory Service Mode without any Dongle and just through GameOS XMB.

Requires 'LV1 mmap hvcall 114 fix'
Requires 'LV2 peek and poke'

Linux[edit | edit source]

This requires graf chokolos modules and patches installed

1st step – Generating a challenge


  1. ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_challenge

2nd step – Generating a valid response for a challenge


You need a dongle id. Valid range for dongle IDs is 0×0000 – 0xffff. So choose one, doesn’t matter which one, but some are revoked !!!

  1. ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_resp 0xBABE “here is a challenge like this 0xXX 0xXX … of size 20 bytes”

3rd step – Verifying response (Enabling “Product Mode”)


  1. ps3dm_usb_dongle_auth /dev/ps3dmproxy verify_resp 0xBABE

“here is the response from step 2 like this 0xXX 0xXX … of size 20 bytes”


( Reference: Emulating JIG with Linux )


Rebug Toolbox[edit | edit source]

Select Option "Toggle Product Mode" under "Utilities" column.

Features[edit | edit source]

  • Allows remarry-ing of the Blu-Ray drive
  • Blu-Ray DRL CRL fixing
  • Downgrading of System Software

Level-1 Hypervisor[edit | edit source]

Different acting in Level-1 Hypervisor

sysmgr_ss.fself[edit | edit source]

partition related - Lets the PS3 function and turn on without a HDD inside, any actions 

requiring one will error out but not freeze (Tested on FAT NOR model CECHP01)

ss_server2.fself[edit | edit source]

av settings related? - Gives the PS3 the ability to Video and Audio multi-output 

on all games and software (Games requiring an HDD will error out unless there is one in the drive)

ss_server1[edit | edit source]

trm manager usage related -> restart, backup+restore flash, flash address size, restore+backup srk/srh
module loading related (user token, pkg/rvk verifier, update token (+seed)..) - Gives it a multitude 

of functions already listed here such as Downgrading/BD Remarry/CRL Files etc... but also lets the ps3 use ps2_netemu.self)

Level-2 Kernel[edit | edit source]

It will allow to run an Application mounted via:

dev_usb000/Lv2diag.self

Game OS[edit | edit source]

Game OS Applications will be granted to access following Level-2 Kernel Syscalls:

389 (0x185) sys_sm_set_fan_policy
395 (0x18B) sys_sm_request_system_event_log
400 (0x190) another REQUEST_SYSTEM_EVENT_LOG
405 (0x195) Factory Process Comp..
406 (0x196) Factory Process Comp..
407 (0x197) Factory Process Comp..
408 (0x198) sys_sm_get_tzpb
409 (0x199) sys_sm_get_fan_policy
577 (0x241) sys_pad_manager_....

Virtual Shell (VSH):


Recovery Mode (Emergency Init):

Bluray Disc Player Revoke
...