Talk:Validating flash dumps
Basic steps to verify if your bios dump is correct:
What you need:
Your ps3 Bios Backup, extracted via e3 flasher (bkps3.bin)
e3 nor dump checker v1.0 (should be used only as a complement, as it gives false positives)
Flowrebuilder v4.2.2.0
HxD - Hex Editor
Now if you follow this basic steps, and if everything matches your ps3dump is OK, if anything fails to match use another dump, the one you're checking may lead you to a permanent brick
0 - open e3 nor dump checker, and check if it gives any errors.
WARNING: Don't trust only in dump checker, as it's known for it's false positives.
Statistics analysis
1.1 - Open your bkps3.bin in HxD
1.2 - select analysis > statistics > select your file
1.3 - mouse over the blue bars and check if between known good range:
Valid dumps will have
Value | NAND | NOR |
---|---|---|
00's | 1.43% - 2.68% >3838627 <7194070 |
18.38% - 29.01% >3083652 <4867070 |
FF's | 18.25% - 24.54% >48989471 <65874061 |
10.42% - 10.48% >1748186 <1758252 |
rest | below 0.5% <1342177 |
below 0.5% <83886 |
Note: if you get deviating statistics (since 3.60 CoreOS/ROS will deviate because of lv0 loaders encapsulation, 00's NOR statistics thus will be above/equal 18.23% and below 18.38%). Prepatch it so that both ROS and RVK areas are filled with 3.55 reference data. If still bad statistics, it means dump is bad in perconsole regions, prone to permabrick!
Make Visual inspection
Extracting
- Open Flowrebuilder
- select "byte reverse and EXTRACT a NOR dump File"
- select the desired bkps3.bin , and then execute operation
- the Dump extraction should've been done without any errors, otherwise it may lead you to a permanent brick.
- after extracting you should have the following output: bkps3.swap.bin and bkps3.swap.ext
- inside the folder bkps3.swap.ext you should have the following items:
asecure_loader (folder)
ros0 (folder)
ros1 (folder)
bootloader_0 (.bin)
cCSD (.bin)
cISD (.bin)
cvtrm (.bin)
eEID (.bin)
trvk_pkg0 (.bin)
trvk_pkg1 (.bin)
trvk_prg0 (.bin)
trvk_prg1 (.bin)
(if you don't have them, please don't proceed! try to extract the dump again, or use an diferent dump, the one you're using will probably lead you to a permanent brick)
Checking seperate files/sections
Metldr
http://www.ps3devwiki.com/wiki/Flash:asecure_loader
open the file \asecure_loader\metdlr in HxD, then ctrl + a
look for your values in the following table:
http://www.ps3devwiki.com/wiki/Validating_flash_dumps#Check_metldr.2Bbootldr_sizes ,
and check if your lenght field in HxD matches with Size field in the table.
Also check the binary is complete, without FFFF or 0000 repetition (there should only be 0000 in header @ 0x0 of binary)
Bootldr
http://www.ps3devwiki.com/wiki/Flash:bootldr
repeat the process with Bootloader_0.bin File
make sure your bootloader_0(bin) file starts proper: look at offsets 2 and 12 and compare the values against Validating_flash_dumps#Check_metldr.2Bbootldr_sizes
Also check the binary is complete, without FFFF or 0000 repetition (there should only be 0000 in header @ 0x0 of binary)
Header
http://www.ps3devwiki.com/wiki/Flash:0FACE0FF_DEADBEEF
http://www.ps3devwiki.com/wiki/Flash:Flash_Format
open your bkps3.swap.bin with HxD and check if the both sections matches.
Table
http://www.ps3devwiki.com/wiki/Flash:Flashregion_Table
From offset 00000400 to 00000600 (search for offset in HxD do ctrl + g) you should have the following:
http://www.ps3devwiki.com/images/3/3e/HxD.png
Flashregion Table
http://www.ps3devwiki.com/wiki/Flash:Flashregion_Table + http://www.ps3devwiki.com/wiki/Flash:asecure_loader
Search now for the following Hex code: 617365637572655F6C6F616465720000 for it in Hxd, do ctrl+f change the datatype field for HEX, Copy and paste the code, it should be found and looks like sample.
eEID
http://www.ps3devwiki.com/wiki/Flash:Encrypted_Individual_Data_-_eEID
cISD
http://www.ps3devwiki.com/wiki/Flash:Individual_System_Data_-_cISD
search for your Serial
it should be in offset 003F090, you can also look for the 2nd part of your serial number (ex: xx-12345678-xxxxxx)
cCSD
http://www.ps3devwiki.com/wiki/Flash:Common_System_Data_-_cCSD
CVTRM
http://www.ps3devwiki.com/wiki/Flash:cvtrm (cvtrm))
ROS
http://www.ps3devwiki.com/wiki/Flash:ROS#ros0
http://www.ps3devwiki.com/wiki/Flash:ROS#ros1
RVK
http://www.ps3devwiki.com/wiki/Flash:Revoke_Program
http://www.ps3devwiki.com/wiki/Flash:Revoke_Package
Second Region
http://www.ps3devwiki.com/wiki/Flash:0FACE0FF_DEADFACE
CELL_EXTNOR_AREA
http://www.ps3devwiki.com/wiki/Flash:CELL_EXTNOR_AREA
search for your HDD brand ( ctrl+f and in text mode type the disk brand) or else ctrl + g and it sould be on the 00F20200 offset
these are the basic steps to check your dump file, however if you wish to go further and check your dump more in dept, please check:
After Checking all those fields, if everything checks, so your dump is OK and you're good to proceed with your flashing process. always make more than 1 backup of your bios.
all the credits for this tutorial goes to the @p users of irc channel #ps3downgrade at Ef.net especially to alex07 and eussNL who taught me and helped me with the basic how-to for cheking the dumps. all i just did was to compile all the info they gave me and wrote everything down for further use. after writing everything done i thought it could be useful for everyone.
hope it helps.
Feel free to correct any bad english or any mistaken info in this how to.
best regards cfcolaco
Other dumpcheckers
https://github.com/Swizzy/PS3DumpChecker/
Would you like me to update my BwE NOR Validator?
Please provide me with the relevant MD5's within ros0/1 etc and I will be happy to do this.
It would take me far too long to do this myself and I am busy with the PS4 NOR Validator.