Talk:E3

From PS3 Developer wiki
Jump to navigation Jump to search

E3 Nor dump checker

E3 Nor Dump Checker V1.0.exe (521.7 KB)
Article: http://www.ps3hax.net/2011/11/released-e3-nor-dump-checker-v1-0-released-tested/

Quick bulletproof test

does not test:

  • bootldr (corrupted binary not detected)
  • metldr (corrupted binary not detected)
  • bootldr size (both under- and oversize not detected)
  • metldr size (both under- and oversize not detected)
  • cISD (didn't catch brick-byte error)
  • cCSD (didn't catch brick-byte error)
  • trvk_prg0 (didn't catch brick-byte error)
  • trvk_prg1 (didn't catch brick-byte error)
  • trvk_pkg0 (didn't catch brick-byte error)
  • trvk_pkg1 (didn't catch brick-byte error)
  • eEID (didn't catch brick-byte error)
  • cvtrm (didn't catch brick-byte error)
  • CELL_EXTNOR_AREA (didn't catch brick-byte error)

partly test:

  • ROS0 (but didn't catch brick-byte error)
  • ROS1 (but didn't catch brick-byte error)

does test:

  • headerprefix ("00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00")
  • header ("00 00 00 00 AC 0F FF E0 00 00 00 00 AD DE EF BE")
  • header ("FI.I")
  • headersuffix "(FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF")
  • filetable ("saceru_eoldare.." etc.)

Conclusion : USELESS, brickdumps will still show as 'valid'.
Recommendation: use Flowrebuilder instead and common sense like mentioned on Hardware flashing page.

Added 22 nov 2011

  New E3 flasher update released, it will backup bios 3 times automatically.
  We suggest user verify those bios with E3 Nor dump checker, to assure the backup bios is no erro. 

Conclusion: Anyone with a flasher (should) know that you can dump it 1 to 1000's times the same bad. Comparing CRC/MD5/SHA1 is not any secure way to validate flash (as mentioned on Hardware flashing). Letting the dumper do it x times, only gives endusers/customers a false sense of reassurance, always a bad idea.

manual E3 downgrade v2

E3 dumps are byte reversed, and so must our patches (otherwise we have to reverse, paste the v2 in the REV, reverse back again - using byte reversed patches shortcuts that 'reversing confusion' :P)

Dump the flash with the E3, you will end up with a .bin file (e.g. bkpps3.bin)

Patches to insert for v2 downgrade:

target area patch no. NOR Offset Paste length Remarks
ROS0 patch1.REV (7 MB) 0x0C0010 0x6FFFE0 version string 3.55
ROS1 patch1.REV (7 MB) 0x7C0010 0x6FFFE0 same as patch1.REV
trvk_prg0 (0x40000)
trvk_prg1 (0x60000)
trvk_pkg0 (0x80000)
trvk_pkg1 (0xA0000)
rvk-040000.REV (512 KB) 0x40000 0x80000 one big patch
overlapping several area's

save file and use that file to flash the ps3. Afterwards, use RogeroV2, or any prepatched PUP that has the lv1/hypervisor syscon hashchecks patched out - or use the TCL from the talk/discussion page to patch one yourself) and reinstall the firmware in service mode like any V2 downgrade.

Note: If you wish to extract an E3 dump: Flowrebuilder can bytereverse and extract the NOR dump for you.

normal E3 downgrade

Update and dump

  1. Update your playstation 3 to the latest downgradeable firmware 4.x
  2. Make a backup onto a blank micro SD card, use the following flasher settings: switch 1 & 2 should be down, switch 3 should be in the up position, switch 4, 5 & 6 should also be down
  3. Turn on your playstation 3 console
  4. Once in the xmb press start on the flasher and i will begin to backup (you will see a progess indicator on the flasher and once finished it will flash alternatively)
  5. Switch your console off and remove the micro SD card from the e3 flasher, put the SD card into your computer and you should see two files bkpps3.bin and a e3flasher text file.
  6. Check that the backup was sucessfull. The file size of the backup should be 16.0 MB (16,777,216 bytes) exactly. Copy the files onto your computer and keep them safe.

Downgrade flash

  1. place the e3_downgrade.bin and the bkpps3.bin you made on a micro SD Card. (if you have updated the flasher or recently purchased one you will see three backups bkpps30.bin, bkpps31.bin & bkpps32.bin after checking that they are ok with FlowRebuilder rename one to bkpps3.bin but keep them safe if you brick your console you might need them)
  1. switch 1, 2, 3, 4, 5 should be down and switch 6 (lock/unlock) should be in the up position while in the xmb press start on the flasher and the process will begin. when programming has completed the lights will flash alternately
  1. reboot the console and you should see the connect controller using a USB cable screen (if you are just booted back into the xmb you need to manually patch the backup)

Reinstall FW in factory service mode

(see also Downgrading with PSgrade Dongle)

  1. Switch your playstation off at the power switch unplug or what ever method you like to use
  2. Insert your PSGrade dongle/jig that gets you into factory service mode in the far right usb port closest to the blu ray drive, your console will turn off again, then remove your downgrade jig
  3. Copy the first set of downgrader files to a usb mass storage device: Lv2diag.self, PS3UPDAT.PUP
  4. Put your prepared usb stick in the usb port closest to the blu ray drive again and it will begin to downgrade. this takes quite a while.
  5. Once finished your console will turn off again.
  6. Delete the files from your usb and copy Lv2diag.self from the second step of the downgrader files.
  7. Put your usb stick back in the same port and turn on your console once again to leave factory service mode. Your console will turn off again.
  8. Now you can remove your usb stick and turn your console on again and it will boot you into 3.55 rogero v2 custom firmware (or any prepatched PS3UPDAT.PUP you used earlier

E3 debricking notes

  • Requires soldering wire from SBE (solderpad on NOR flatcable) to TRISTATE (NORpoint on PS3 motherboard)
  • Make sure you have correct firmware on SD/TF card
  • E3 switches set as 1:Flash fun, 2: OFW, 3: Prog, 4: microSD, 5: PS3 Flash, 6: Lock with the console power disconnected.
  • Turn on console to restore (progress LEDs will light up one by one and blink if successfully).
  • Unplug powercable and set 1:Flash fun down to PS3 Mode and turn on the PS3, if everything went fine, it will now be debricked (remember: in case syscon has 3.56+ hashes, you need prepatched LV1, see downgrader guides).

English-E3 FLASHER repair method if console bricked.pdf (424.95 KB)