Talk:E3

From PS3 Developer wiki
Revision as of 15:44, 23 December 2011 by Euss (talk | contribs) (Created page with "=== E3 Nor dump checker === [http://www.multiupload.com/RV3PN9GVTA E3 Nor Dump Checker V1.0.exe (521.7 KB)] <br /> Article: http://www.ps3hax.net/2011/11/released-e3-nor-dump-che...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

E3 Nor dump checker

E3 Nor Dump Checker V1.0.exe (521.7 KB)
Article: http://www.ps3hax.net/2011/11/released-e3-nor-dump-checker-v1-0-released-tested/

Quick bulletproof test

does not test:

  • bootldr (corrupted binary not detected)
  • metldr (corrupted binary not detected)
  • bootldr size (both under- and oversize not detected)
  • metldr size (both under- and oversize not detected)
  • cISD (didn't catch brick-byte error)
  • cCSD (didn't catch brick-byte error)
  • trvk_prg0 (didn't catch brick-byte error)
  • trvk_prg1 (didn't catch brick-byte error)
  • trvk_pkg0 (didn't catch brick-byte error)
  • trvk_pkg1 (didn't catch brick-byte error)
  • eEID (didn't catch brick-byte error)
  • cvtrm (didn't catch brick-byte error)
  • CELL_EXTNOR_AREA (didn't catch brick-byte error)

partly test:

  • ROS0 (but didn't catch brick-byte error)
  • ROS1 (but didn't catch brick-byte error)

does test:

  • headerprefix ("00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00")
  • header ("00 00 00 00 AC 0F FF E0 00 00 00 00 AD DE EF BE")
  • header ("FI.I")
  • headersuffix "(FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF")
  • filetable ("saceru_eoldare.." etc.)

Conclusion : USELESS, brickdumps will still show as 'valid'.
Recommendation: use Flowrebuilder instead and common sense like mentioned on Hardware flashing page.

Added 22 nov 2011
  New E3 flasher update released, it will backup bios 3 times automatically.
  We suggest user verify those bios with E3 Nor dump checker, to assure the backup bios is no erro.

Conclusion: Anyone with a flasher (should) know that you can dump it 1 to 1000's times the same bad. Comparing CRC/MD5/SHA1 is not any secure way to validate flash (as mentioned on Hardware flashing). Letting the dumper do it x times, only gives endusers/customers a false sense of reassurance, always a bad idea.

manual E3 downgrade v2

E3 dumps are byte reversed, and so must our patches (otherwise we have to reverse, paste the v2 in the REV, reverse back again - using byte reversed patches shortcuts that 'reversing confusion' :P)

Dump the flash with the E3, you will end up with a .bin file (e.g. bkpps3.bin)

Patches to insert for v2 downgrade:

target area patch no. NOR Offset Paste length Remarks
ROS0 patch1.REV (7 MB) 0x0C0010 0x6FFFE0 version string 3.55
ROS1 patch1.REV (7 MB) 0x7C0010 0x6FFFE0 same as patch1.REV
trvk_prg0 (0x40000)
trvk_prg1 (0x60000)
trvk_pkg0 (0x80000)
trvk_pkg1 (0xA0000)		 rvk-040000.REV (512 KB) 0x40000 0x80000 one big patch
overlapping several area's

save file and use that file to flash the ps3. Afterwards, use RogeroV2, or any prepatched PUP that has the lv1/hypervisor syscon hashchecks patched out - or use the TCL from the talk/discussion page to patch one yourself) and reinstall the firmware in service mode like any V2 downgrade.

Note: If you wish to extract an E3 dump: Flowrebuilder can bytereverse and extract the NOR dump for you.

normal E3 downgrade

Update and dump

  1. Update your playstation 3 to the latest downgradeable firmware 4.x
  2. Make a backup onto a blank micro SD card, use the following flasher settings: switch 1 & 2 should be down, switch 3 should be in the up position, switch 4, 5 & 6 should also be down
  3. Turn on your playstation 3 console
  4. Once in the xmb press start on the flasher and i will begin to backup (you will see a progess indicator on the flasher and once finished it will flash alternatively)
  5. Switch your console off and remove the micro SD card from the e3 flasher, put the SD card into your computer and you should see two files bkpps3.bin and a e3flasher text file.
  6. Check that the backup was sucessfull. The file size of the backup should be 16.0 MB (16,777,216 bytes) exactly. Copy the files onto your computer and keep them safe.

Downgrade flash

  1. You need to download the downgrade files from the e3 website and copy them to your micro SD Card
  2. Power off your playstation and change the flasher settings. Switch 1, 2, 3, 4, 5 should be down and switch 6 should be up.
  3. Hold the start button on the flasher and turn on your console it will begin flashing the downgrade files. When the flash has completed the lights will flash alternately

Reinstall FW in factory service mode

(see also Downgrading with PSgrade Dongle)

  1. Switch your playstation off at the power switch unplug or what ever method you like to use
  2. Insert your PSGrade dongle/jig that gets you into factory service mode in the far right usb port closest to the blu ray drive, your console will turn off again, then remove your downgrade jig
  3. Copy the first set of downgrader files to a usb mass storage device: Lv2diag.self, PS3UPDAT.PUP
  4. Put your prepared usb stick in the usb port closest to the blu ray drive again and it will begin to downgrade. this takes quite a while.
  5. Once finished your console will turn off again.
  6. Delete the files from your usb and copy Lv2diag.self from the second step of the downgrader files.
  7. Put your usb stick back in the same port and turn on your console once again to leave factory service mode. Your console will turn off again.
  8. Now you can remove your usb stick and turn your console on again and it will boot you into 3.55 rogero v2 custom firmware (or any prepatched PS3UPDAT.PUP you used earlier
Retrieved from "http://www.psdevwiki.com/ps3/index.php?title=Talk:E3&oldid=7821"