Talk:Hardware flashing: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
mNo edit summary
Line 76: Line 76:


* Progskeet: http://twitpic.com/5pk6dz // http://fronttowardsgamer.com/2011/07/15/exclusive-hacker-talks-progskeet-geohot-and-why-he-doesnt-give-a-sht-about-sony/
* Progskeet: http://twitpic.com/5pk6dz // http://fronttowardsgamer.com/2011/07/15/exclusive-hacker-talks-progskeet-geohot-and-why-he-doesnt-give-a-sht-about-sony/
** quad NAND with Progskeet: http://subirimg.com/images/img2065.jpg

Revision as of 04:03, 16 July 2011

NAND

NAND (256MB, old FAT models, needs 32 wires, 15 per NAND + GND + VCC)
2 chips: Samsung K9F1G08U0A-PIB0

There are 2 nands interleaved at the 512byte sectors level, giving a 1024 byte "interleaved sector". pages are 2kb on each nand.

For Infectus don't use 3.9.9.0, as it removes dual NAND PS3 support :S If your board already came with this version or higher, use this: prepare_infectus_for_ps3.rar (5.53 MB) If it is done, it will show up as "2 NAND Programmer" in the bottom left. Dual NAND PS3 compatible version: Infectus_programmer_3.8_Beta_2.zip (4.02 MB)

Power the Infectus, it crashes the PS3 and leaves the NANDs in powered mode. Use the console to power the NANDs: power it up until the PS3 crashes and halts with red flashing LED, press power again to stop the flashing, but keeps the console powered on. The NANDs are not accessed by the PS3 in this way, so it doesn't matter if the NAND content is already messed up. After that, you can read/write the NANDs.

FlowRebuilder v.4.1.0.0


Dump NAND from GameOS

dump_flash.pkg // backup/mirror: dump-flash+syscon.rar (280.51 KB)

Difference between hardware dumps and software dumps

ps3vflasha

hardware dumps

256 MB (268,435,456 bytes) bootldr is at 0x000000 on NAND (0xFC0000 on NOR)

software dumps

dump size = 239 MB (251,396,096 bytes)
bootldr not at 0x000000 on NAND :

00000000   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
00000010   00 00 00 00 0F AC E0 FF  00 00 00 00 DE AD BE EF   .....¬àÿ....Þ­¾ï

reason:

addi    %r12, %r4, 0x200 # r4 = start sector

25MB NAND consoles have a hidden section of size 0x40000 (0x200 * 512 byte sector = 0x40000) hidden by the hv. The hv hides it at address 002786E8

Original code : 0x39840200f8010090
Change to : 0x39840000f8010090

Too dangerous to patch unless you peek/poke because obviously it messes with all the offsets


NOR

NOR 16MB, newer FAT models + Slims
needs 44 I/O wires: 23 address lines:A0-A22 + 16 Data lines:D0-D15 + 5 control lines: CE#,OE#,WE#,RESET#,TRISTATE (optional:#RY-BY) + GND + VCC
1 chip: Spansion S29GL128N90TFIR2 or Samsung K8Q2815UQB-P14B

NOR uses 1024 byte sector, just as NAND.





Simple dumping NOR from Linux:

dd if=/dev/ps3nflasha of=NOR.BIN bs=1024

Alternatives for Infectus2 and Teensy 2.0++: