Talk:Syscon Firmware

LV1 - System Controller (SC) manager

sc_mgr_get_srh (0x9001)
sc_mgr_set_srh (0x9002)
sc_mgr_encrypt (0x9003)
sc_mgr_decrypt (0x9004)
Init For VTRM (0x9005)
sc_mgr_get_region_data (0x9006)
sc_mgr_set_region_data (0x9007)
Set RTC (0x9008)
Get Time (0x9009)
Set Time (0x900A)
sc_mgr_read_eprom (0x900B)
sc_mgr_write_eprom (0x900C)
Init For Updater (0x900D)
sc_mgr_get_sc_status (0x900E)
sc_iso_header (sc_iso_sc_binary_patch - 0x9011)
SC RTC Factory (0x9012)
Correct RTC Factory (0x9013)
Set SC Status (0x9014)
Backup Root Info (0x9015)
Restore Root Info (0x9016)
Read System Data From SC EEPROM - Indi Info Manager 0x17007)

SC - sc_iso.self

sc_iso_sc_binary_patch
sc_iso_get_sc_status
sc_iso_get_property
sb_iso_get_rnd
sb_iso_encdec_key
sc_iso_module::calculate_drift_time
sc_iso_module::generate_key
sc_iso_module::generate_all_key
sc_iso_module::authenticate
sc_iso_module::change_to_old_key
sc_iso_module::do_process
sc_iso_module::get_system_info
sc_iso_module::get_system_version
sc_iso_module::do_set_rtc_status
sc_iso_module::do_get_rtc_status
sc_iso_module::do_set_rtc2
sc_iso_module::set_rtc
sc_iso_module::do_set_drift_time
sc_iso_module::do_get_time
sc_iso_module::set_time
sc_iso_module::get_time
sc_iso_module::read_data2
sc_iso_module::write_data2
sc_iso_module::write_binary_patch
sc_iso_module::read_data
sc_iso_module::write_data
sc_iso_module::write_region_data
sc_iso_module::set_region_data
sc_iso_module::write_srh
sc_iso_module::set_srh
sc_iso_module::write_key
sc_iso_module::write_mngblk
sc_iso_module::initialize_updater_block
sc_iso_module::read_region_data
sc_iso_module::get_region_data
sc_iso_module::get_srh
sc_iso_module::read_key
sc_iso_module::do_crypt
sc_iso_module::decrypt
sc_iso_module::encrypt
sc_iso_module::read_mngblk
sc_iso_module::set_sc_status
sc_iso_module::get_sc_status
sc_iso_module::init_for_updater
sc_iso_module::init_for_vtrm
sc_iso_module::start

This should be a good starting point but leaves enough to explore yourself though: http://pastebin.com/NxVkGCdp (for version 1.02)

See Graf's PSGroove Payload and HV page #0x9000 - SC_Manager / HVpage #System Controller

SYS_CON_FIRMWARE-PKGs.rar (51.92 KB)

SYS_CON_FIRMWARE_01000004.pkg (5376 bytes) Firmware 1.30 up to 1.80 (not 1.81 and higher) 
SYS_CON_FIRMWARE_01000005.pkg (5376 bytes) Firmware 1.81 up to 3.30 (not 3.40 and higher) 
SYS_CON_FIRMWARE_01000006.pkg (5376 bytes) Firmware 3.40/3.41/3.42/3.50/3.55/3.56/3.60/3.61/3.65 
SYS_CON_FIRMWARE_01010302.pkg (5376 bytes) Firmware 1.81 up to 3.30 (not 3.40 and higher) 
SYS_CON_FIRMWARE_01010303.pkg (5376 bytes) Firmware 3.40/3.41/3.42/3.50/3.55/3.56/3.60/3.61/3.65
SYS_CON_FIRMWARE_01020302.pkg (5376 bytes) Firmware 3.40/3.41/3.42/3.50/3.55/3.56/3.60/3.61/3.65
SYS_CON_FIRMWARE_01030302.pkg (5376 bytes) Firmware 3.40/3.41/3.42/3.50/3.55/3.56/3.60/3.61/3.65
SYS_CON_FIRMWARE_01040402.pkg (5376 bytes) Firmware 3.40/3.41/3.42/3.50/3.55/3.56/3.60/3.61/3.65
SYS_CON_FIRMWARE_01050002.pkg (5376 bytes) Firmware 3.40/3.41/3.42/3.50/3.55/3.56/3.60/3.61/3.65 
SYS_CON_FIRMWARE_S1_00010002083E0832.pkg (5376 bytes) Firmware 3.00/3.01/3.10/3.15/3.20/3.21/3.30/3.40/3.41/3.42/3.50/3.55/3.56/3.60/3.61/3.65 
SYS_CON_FIRMWARE_01050101.pkg (5376 bytes) Firmware 3.41/3.42/3.50/3.55/3.56/3.60/3.61/3.65

Updater log lines related to Syscon just after BD firmware, Multi-Card controller, BlueTooth firmware (in this case CEX 3.55) just before post processing and cleanup update status :

Update System controller firmware
read SC patch package (4864 bytes) elapsed = 3 msec
read SC patch package (4864 bytes) elapsed = 3 msec
read SC patch package (4864 bytes) elapsed = 3 msec
read SC patch package (4864 bytes) elapsed = 2 msec
read SC patch package (4864 bytes) elapsed = 2 msec
read SC patch package (4864 bytes) elapsed = 3 msec
read SC patch package (4864 bytes) elapsed = 2 msec
read SC patch package (4864 bytes) elapsed = 3 msec
Update System controller firmware done(0x8002f000)

PS3 Retail == PS3 TEST != PS3 TOOL I try to get PS3 TOOL SC Firmwares.

It is suggested that the Syscon EEPROM is 512KB and the full (encrypted) firmware is <400KB (on Ref.Tool the Syscon is updated by overwiting the whole Syscon firmware : e.g. v1.0.5c1_TMU510_u.bin 384KB)

Syscon commands:

ver
errlog
auth1
auth2
fandiag
xdrdiag
xiodiag
bestat
sysdiag
syslog

bringup (PowerOn State)
shutdown (PowerOff State)
powersw
resetsw
bootbeep
stat
bootbeep on BOOT BEEP ON: DONE
bootbeep off BOOT BEEP OFF: DONE
xdrdiag
start
errlog tmpforcp
cp beepremote
cp beep2kn1n3
cp beep2kn2n3 /usr/bin/sx
halt HALT: OK
version
firmud Done.
cp ready CP READY: OK
cp busy CP BUSY: OK
cp reset CP RESET: OK
bestat
xdrdiag info
xdrdiag result
xiodiag
fandiag 
diagnose

The diag commands are usually for the backup bank, the main only supports firmud

CP root pass on Ref.Tool: Cytology

http://www.pastie.org/2146658 :

sc auth keys old:
auth_1_0x00: 13163A92B50513542C18ABAD31B85FB7
auth_2_0x00: 2BC8BB73F4B59AC658A737A5DD535DFE
auth_1_0x01: D6C374FCDFF8C3CF44018C78733BF5B2
auth_2_0x01: 648B9FF94EF321C69A4AE596F2F08D22
auth_1_0x06: 626C7124FC5BA1AF7436389BA37C6654
auth_2_0x06: 9D94BE461CAF083C9D9FA185C93AEE7B
sc auth key seeds:
auth_1_0x00: 63DCA7D3FEE47F749A408363F1104E8F
auth_2_0x00: 4D10094324009CC8E6B69C70328E34C5
auth_1_0x01: D97949BAD8DA69D0E01BF31523732832
auth_2_0x01: C9D1DD3CE27E356697E26C12A7B316A8
auth_1_0x06: 4420ED722FEA35021955AB40C78EE6DF
auth_2_0x06: 3E67C2D9432E15D09BEF0E6C6492455D
the new auth keys are generated involving 256bit aes encryption (iv is all zeroes)

dump_sysrom.pkg of dump-flash+syscon.rar (280.51 KB) (http://git.gitbrew.org/ps3/?p=otheros-utils/dump_sysrom.git) seems to output wrong on MFW315:

 Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 00000000  FF FF FF FF 80 01 00 03 FF FF FF FF 80 01 00 03  ÿÿÿÿ€...ÿÿÿÿ€...
 00000010  FF FF FF FF 80 01 00 03 FF FF FF FF 80 01 00 03  ÿÿÿÿ€...ÿÿÿÿ€...
 ...   ...   ...   
 0003FFE0  FF FF FF FF 80 01 00 03 FF FF FF FF 80 01 00 03  ÿÿÿÿ€...ÿÿÿÿ€...
 0003FFF0  FF FF FF FF 80 01 00 03 FF FF FF FF 80 01 00 03  ÿÿÿÿ€...ÿÿÿÿ€...

Talk:Syscon Firmware

Navigation menu

Search