Talk:Downgrading with Hardware flasher: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
mNo edit summary
Line 5: Line 5:




*PS3MFW Features Enabled
::PS3MFW Features Enabled
** Change PUP build / version
::* Change PUP build / version
** Patch LV1 (downgrader) checks
::* Patch LV1 (downgrader) checks
** Patch LV1 hypervisor:  Allow mapping of any memory area (Needed for LV2 Poke)
::* Patch LV1 hypervisor:  Allow mapping of any memory area (Needed for LV2 Poke)
** Patch LV2 kernel: Patch to add Peek&Poke system calls to LV2
::* Patch LV2 kernel: Patch to add Peek&Poke system calls to LV2
** Patch package installer: Patch to allow installation of pseudo-retail packages + debug packages
::* Patch package installer: Patch to allow installation of pseudo-retail packages + debug packages
** Patch Application launcher: Patch to allow running of unsigned applications
::* Patch Application launcher: Patch to allow running of unsigned applications
** Add new icons to the XMB Game category: Add Install Package Files + app_home + icons to the XMB Game Category
::* Add new icons to the XMB Game category: Add Install Package Files + app_home + icons to the XMB Game Category
 
== Quick syscon rehashing ==
Goal: To be able to install unpatched firmwares on consoles that where previously on 3.56+
 
=== The FSM dance (old alpha method, no longer used) ===
NOR only, for now! Don't use directly as is on NAND, because offsets will differ!
 
=== Patch files used ===
Depending on which step, will be used in one or both ROS areas:
* [http://www.multiupload.com/LDVW5O233F ROS-empty.bin (7 MB)]
* [http://www.multiupload.com/X69SN5258J ROS-filled.bin (7 MB)]
This will be the same for all steps:
* [http://www.multiupload.com/DYBWAJOGQK RVK-0x40000.bin (512 KB)]
 
After each step of patching, enter Factory Service Mode and reinstall nonpatched firmware (e.g. OFW)
 
==== Step1 ====
{|class="wikitable"
|-
! Target area !! Patchfile !! NOR Offset !! Paste length !! Remarks
|-
| ROS0 || [http://www.multiupload.com/LDVW5O233F ROS-empty.bin (7 MB)] || 0x0C0000 || 0x6FFFE0 ||
|-
| ROS1 || [http://www.multiupload.com/LDVW5O233F ROS-empty.bin (7 MB)] || 0x7C0000 || 0x6FFFE0 ||
|-
| trvk_prg0 (0x40000) <br />trvk_prg1 (0x60000)<br />trvk_pkg0 (0x80000) <br />trvk_pkg1 (0xA0000) || [http://www.multiupload.com/DYBWAJOGQK RVK-0x40000.bin (512 KB)] || 0x40000 || 0x80000 || one big patch<br />overlapping several revoke area's
|-
|}
==== Step2 ====
{|class="wikitable"
|-
! Target area !! Patchfile !! NOR Offset !! Paste length !! Remarks
|-
| ROS0 || [http://www.multiupload.com/X69SN5258J ROS-filled.bin (7 MB)] || 0x0C0000 || 0x6FFFE0 ||
|-
| ROS1 || [http://www.multiupload.com/LDVW5O233F ROS-empty.bin (7 MB)] || 0x7C0000 || 0x6FFFE0 ||
|-
| trvk_prg0 (0x40000) <br />trvk_prg1 (0x60000)<br />trvk_pkg0 (0x80000) <br />trvk_pkg1 (0xA0000) || [http://www.multiupload.com/DYBWAJOGQK RVK-0x40000.bin (512 KB)] || 0x40000 || 0x80000 || one big patch<br />overlapping several revoke area's
|-
|}
==== Step3 ====
{|class="wikitable"
|-
! Target area !! Patchfile !! NOR Offset !! Paste length !! Remarks
|-
| ROS0 || [http://www.multiupload.com/LDVW5O233F ROS-empty.bin (7 MB)] || 0x0C0000 || 0x6FFFE0 ||
|-
| ROS1 || [http://www.multiupload.com/X69SN5258J ROS-filled.bin (7 MB)] || 0x7C0000 || 0x6FFFE0 ||
|-
| trvk_prg0 (0x40000) <br />trvk_prg1 (0x60000)<br />trvk_pkg0 (0x80000) <br />trvk_pkg1 (0xA0000) || [http://www.multiupload.com/DYBWAJOGQK RVK-0x40000.bin (512 KB)] || 0x40000 || 0x80000 || one big patch<br />overlapping several revoke area's
|-
|}
 
Redump flash after last reinstall of firmware in service mode to check if both ROS areas are occupied.
 
=== Alternative QA way ===
# Patch as normal downgrader (ROS 0/1 + RVK prg/pkg) on mainpage
# install prepatched firmware in service mode
# enable QA-extra and install unpatched firmware in recovery mode.
 
=== Alternative shorter reFSM way ===
# Patch as normal downgrader (ROS 0/1 + RVK prg/pkg) on mainpage
# install prepatched firmware in service mode
# install unpatched firmware in service mode

Revision as of 16:34, 22 March 2012

Quick 'n Dirty prepatched


PS3MFW Features Enabled
  • Change PUP build / version
  • Patch LV1 (downgrader) checks
  • Patch LV1 hypervisor: Allow mapping of any memory area (Needed for LV2 Poke)
  • Patch LV2 kernel: Patch to add Peek&Poke system calls to LV2
  • Patch package installer: Patch to allow installation of pseudo-retail packages + debug packages
  • Patch Application launcher: Patch to allow running of unsigned applications
  • Add new icons to the XMB Game category: Add Install Package Files + app_home + icons to the XMB Game Category