Editing Flash-Main
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
<div style="float:right">[[File: | <div style="float:right">[[File:ps4nordmp_1_06_raw_gfx.png|200px|thumb|left|PS4 Flash-Main v1.06 gfx]]</div> | ||
'''subject:''' dump of serial flash [[MX25L25635FMI-10G]] for [[CXD90025G]] | '''subject:''' dump of serial flash [[MX25L25635FMI-10G]] for [[CXD90025G]] | ||
Line 7: | Line 5: | ||
'''reference files:''' | '''reference files:''' | ||
* [http://www.file-upload.net/download-8560871/ps4nordmp_1.06_without_Mac-Serial.rar.html PS4 NOR Dump 1.06 (without MAC | * [http://www.file-upload.net/download-8560871/ps4nordmp_1.06_without_Mac-Serial.rar.html PS4 NOR Dump 1.06 (without MAC Adress & Console-ID)] | ||
* [http://www.file-upload.net/download-8671579/PS4NORDump_1.61_wo_MAC_and_CS.rar.html PS4 NOR Dump 1.61 (without MAC | * [http://www.file-upload.net/download-8671579/PS4NORDump_1.61_wo_MAC_and_CS.rar.html PS4 NOR Dump 1.61 (without MAC Adress & Console-ID)] | ||
* [http://www.file-upload.net/download-10118036/ps4nordmp_1.61_E0_wo_MAC-SERIAL.rar.html PS4 NOR Dump 1.61 E0 (without MAC | * [http://www.file-upload.net/download-10118036/ps4nordmp_1.61_E0_wo_MAC-SERIAL.rar.html PS4 NOR Dump 1.61 E0 (without MAC Adress & Console-ID)] that update seem's to fixed a nasty bug on my console, need to do more test... | ||
**hint for FW 1.61 E0: fw version is still the same (1.61) also the fw counter is still 3 but now have E0 added to it. | **hint for FW 1.61 E0: fw version is still the same (1.61) also the fw counter is still 3 but now have E0 added to it. | ||
'''other reference files:''' | '''other reference files:''' | ||
* [https://mega.co.nz/#!EAxCTYBS!d5yVsovxbnQcfc1ymiLiIaDD8MMQELs16NaBQUqgRDI PS4 TEST KIT NOR Dump 1.010.031 and 1.500.101 (without MAC | * [https://mega.co.nz/#!EAxCTYBS!d5yVsovxbnQcfc1ymiLiIaDD8MMQELs16NaBQUqgRDI PS4 TEST KIT NOR Dump 1.010.031 and 1.500.101 (without MAC Adress & Console-ID)] | ||
* [https://mega.co.nz/#!ZMhk2A7Y!F9ndK7BhombPNio2fPse6tFGfln-gQS9bV47LRiNSZo PS4 #1 NOR Dump 1.1 and 1.51 (without MAC | * [https://mega.co.nz/#!ZMhk2A7Y!F9ndK7BhombPNio2fPse6tFGfln-gQS9bV47LRiNSZo PS4 #1 NOR Dump 1.1 and 1.51 (without MAC Adress & Console-ID)] | ||
* [https://mega.co.nz/#!QZp00ZYJ!ukBiwwx_y_HEyJvXY2a4FGqZRbOKAolWEE13dIlb9WA PS4 #2 NOR Dump 1.1 and 1.51 (without MAC | * [https://mega.co.nz/#!QZp00ZYJ!ukBiwwx_y_HEyJvXY2a4FGqZRbOKAolWEE13dIlb9WA PS4 #2 NOR Dump 1.1 and 1.51 (without MAC Adress & Console-ID)] | ||
'''notes:''' Console A & B are 2 Compared from same Region and Version. Console C is from Region: EU and Version: 1.06 | '''notes:''' Console A & B are 2 Compared from same Region and Version. Console C is from Region: EU and Version: 1.06 | ||
Line 37: | Line 35: | ||
'''other files:''' Constant offsets and length in ALL Ps4 block -> [http://www.konsole.rzeszow.pl/ps4/same_block.txt same_block.txt]. Im compare over 10 dumps from diffrent firmware / console. First value is offset of first byte, second is length in byte. All values in decimental. | '''other files:''' Constant offsets and length in ALL Ps4 block -> [http://www.konsole.rzeszow.pl/ps4/same_block.txt same_block.txt]. Im compare over 10 dumps from diffrent firmware / console. First value is offset of first byte, second is length in byte. All values in decimental. | ||
== Content == | == Content == | ||
Line 180: | Line 67: | ||
=== 0x2000 === | === 0x2000 === | ||
==== Magic ==== | ==== Magic ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00002000 53 6F 6E 79 20 43 6F 6D 70 75 74 65 72 20 45 6E Sony Computer En | 00002000 53 6F 6E 79 20 43 6F 6D 70 75 74 65 72 20 45 6E Sony Computer En | ||
Line 197: | Line 80: | ||
=== 0x3000 === | === 0x3000 === | ||
==== Magic ==== | ==== Magic ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00003000 53 6F 6E 79 20 43 6F 6D 70 75 74 65 72 20 45 6E Sony Computer En | 00003000 53 6F 6E 79 20 43 6F 6D 70 75 74 65 72 20 45 6E Sony Computer En | ||
Line 213: | Line 92: | ||
=== 0x4000 === | === 0x4000 === | ||
==== SLB2 Magic (MC Stage1) ==== | ==== SLB2 Magic (MC Stage1) ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00004000 53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00 SLB2............ | 00004000 53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00 SLB2............ | ||
Line 257: | Line 132: | ||
=== 0x64000 === | === 0x64000 === | ||
==== SLB2 Magic (MC Stage2) ==== | ==== SLB2 Magic (MC Stage2) ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00064000 53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00 SLB2............ | 00064000 53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00 SLB2............ | ||
Line 291: | Line 162: | ||
=== 0xC4000 === | === 0xC4000 === | ||
==== SLB2 Magic (EAP_KBL) ==== | ==== SLB2 Magic (EAP_KBL) ==== | ||
NOTE: This container only consits of one file + that X800X which is present on every BIOS SLB2. But the data is extracted twice and just written with two diffrent names. One time the TitleID is used C0010001 and the second time a string which hold the file name eap_kbl is used. But both files are identical and extracted by using the same data source. | NOTE: This container only consits of one file + that X800X which is present on every BIOS SLB2. But the data is extracted twice and just written with two diffrent names. One time the TitleID is used C0010001 and the second time a string which hold the file name eap_kbl is used. But both files are identical and extracted by using the same data source. | ||
Line 339: | Line 206: | ||
==== wifi/bluetooth chipset firmware ==== | ==== wifi/bluetooth chipset firmware ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00144000 53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00 SLB2............ | 00144000 53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00 SLB2............ | ||
Line 438: | Line 301: | ||
001C3FF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | 001C3FF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | ||
=== 0x1C4000 | === 0x1C4000 === | ||
MAC-id @ 0x1C4021-0x1C4026 | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
001C4000 03 02 01 01 02 01 06 01 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ | 001C4000 03 02 01 01 02 01 06 01 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ | ||
001C4010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C4010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
001C4020 01 xx xx xx xx xx xx FF FF FF FF FF FF FF FF FF .pž)...ÿÿÿÿÿÿÿÿÿ MAC-id | |||
001C4020 01 | |||
001C4030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C4030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
001C4040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF | 001C4040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF xx xx ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ.. xx differs between consoles on same version | ||
001C4050 04 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF .ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C4050 04 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF .ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
001C4060 03 01 01 02 02 FF FF FF FF FF FF FF FF FF FF FF .....ÿÿÿÿÿÿÿÿÿÿÿ | 001C4060 03 01 01 02 02 FF FF FF FF FF FF FF FF FF FF FF .....ÿÿÿÿÿÿÿÿÿÿÿ | ||
Line 462: | Line 317: | ||
[...] | [...] | ||
=== 0x1C47F0 === | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
001C47F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF BE CC ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ¾Ì | 001C47F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF BE CC ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ¾Ì | ||
Line 481: | Line 335: | ||
[...] | [...] | ||
=== 0x1C4FF0 === | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 509: | Line 363: | ||
|} | |} | ||
===0x1C5200 === | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 544: | Line 398: | ||
001C5FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C5FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x1C6000 === | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 558: | Line 411: | ||
|} | |} | ||
=== 0x1C7000 === | |||
same on different consoles on same version | same on different consoles on same version | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 572: | Line 425: | ||
001C7FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C7FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x1C8000 === | |||
Motherboard Serial @ 001C8000 / Console Serial @ 001C8030 / SKU @ 001C8041 | |||
{| class="wikitable" | |||
001C8000 34 30 30 30 31 42 30 31 38 35 | |- | ||
! Console A, B !! Console C | |||
|- | |||
| <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | 001C8000 34 30 30 30 31 44 xx xx xx xx xx xx xx xx FF FF 40001D........ÿÿ Motherboard Serial | ||
001C8010 63 09 72 20 71 DB 7C 69 AC FE D8 92 89 BA 23 04 c.r.qÛ|i¬þØ’‰º#. | 001C8010 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
001C8020 00 00 00 25 00 00 0A 93 00 01 00 00 00 00 07 10 ...%...“........ | |||
001C8030 30 33 32 37 34 35 32 32 32 34 xx xx xx xx xx xx 0327452224...... Console Serial | |||
001C8040 xx 43 55 48 2D 31 30 30 34 41 20 42 30 31 58 FF .CUH-1004A B01Xÿ " (same SKU/region!) | |||
001C8050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
001C8060 30 30 30 33 30 30 30 33 30 30 31 36 30 30 31 38 0003000300160018 | |||
001C8070 30 30 30 37 30 30 30 31 30 30 30 31 30 30 30 31 0007000100010001 | |||
001C8080 30 30 30 31 30 30 30 32 30 30 33 31 30 30 31 35 0001000200310015 | |||
001C8090 30 30 32 33 30 30 34 31 52 xx xx xx xx xx 01 30 00230041R......0 " | |||
001C80A0 xx xx xx xx xx xx xx 82 07 8F 31 40 00 00 00 C2 ..........1@... " | |||
001C80B0 01 01 01 01 06 06 06 06 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ | |||
001C80C0 30 30 30 30 30 FF FF FF FF FF FF FF FF FF FF FF 00000ÿÿÿÿÿÿÿÿÿÿÿ | |||
001C80D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
001C80E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
001C80F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
001C8100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
001C8110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
001C8000 34 30 30 30 31 42 30 31 38 35 39 31 37 37 FF FF 40001B01859177ÿÿ | |||
001C8010 63 09 72 20 71 DB 7C 69 AC FE D8 92 89 BA 23 04 c.r.qÛ|i¬þØ’‰º#. | |||
001C8020 00 00 00 25 00 00 0A 93 00 01 00 00 00 00 07 10 ...%...“........ | 001C8020 00 00 00 25 00 00 0A 93 00 01 00 00 00 00 07 10 ...%...“........ | ||
001C8030 30 33 32 37 34 35 32 32 32 34 xx xx xx xx xx xx 0327452224xxxxxx | |||
001C8040 xx 43 55 48 2D 31 30 30 34 41 20 42 30 31 58 FF xCUH-1004A B01Xÿ | |||
001C8030 30 33 32 37 34 35 32 32 32 34 | |||
001C8040 | |||
001C8050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C8050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
001C8060 30 30 30 33 30 30 30 33 30 30 31 36 30 30 31 38 0003000300160018 | 001C8060 30 30 30 33 30 30 30 33 30 30 31 36 30 30 31 38 0003000300160018 | ||
001C8070 30 30 30 37 30 30 30 31 30 30 30 31 30 30 30 31 0007000100010001 | 001C8070 30 30 30 37 30 30 30 31 30 30 30 31 30 30 30 31 0007000100010001 | ||
Line 604: | Line 463: | ||
001C80B0 01 01 01 01 06 06 06 06 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ | 001C80B0 01 01 01 01 06 06 06 06 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ | ||
001C80C0 30 30 30 30 30 FF FF FF FF FF FF FF FF FF FF FF 00000ÿÿÿÿÿÿÿÿÿÿÿ | 001C80C0 30 30 30 30 30 FF FF FF FF FF FF FF FF FF FF FF 00000ÿÿÿÿÿÿÿÿÿÿÿ | ||
001C80D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
001C80E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
001C80F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
001C8100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | |||
001C8110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................</pre> | |||
|- | |||
|} | |||
==== FF filled ==== | ==== FF filled ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
001C8120 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
[...] filled FF region | [...] filled FF region | ||
001C87C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C87C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x1C87D0 === | |||
within a FF block these are found on both consoles: | within a FF block these are found on both consoles: | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 622: | Line 488: | ||
001C9020 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF .ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C9020 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF .ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
==== | === 0x1C9080 === | ||
==== 0x70 ACF (Dev/Test) ==== | |||
Only on Testkit/Devkit, seems to be a(ctivation) c(control) f(lags) (speculative, needs to be studied) : | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
001C9080 61 63 66 00 01 02 00 00 D6 B1 DA DE C7 82 7A A4 acf.....Ö±ÚÞÇ‚z¤ | |||
001C9090 21 AE 4E D0 D9 BF B1 1A 03 00 00 00 11 55 E2 52 !®NÐÙ¿±......UâR | |||
001C90A0 11 FC 58 53 00 00 00 00 CC B4 CD 3A 0A F5 C0 F4 .üXS....Ì´Í:.õÀô | |||
001C90B0 4F 04 6B C3 95 16 E6 D8 FB 0B F2 56 B0 3B BA 00 O.kÕ.æØû.òV°;º. | |||
001C90C0 26 B0 D3 BA 55 5F B0 40 0F 54 34 22 E1 E4 DA A7 &°ÓºU_°@.T4"áäÚ§ | |||
001C90D0 D1 7D EE BC EF 03 3C 23 37 EE 10 EB F6 88 1B 85 Ñ}î¼ï.<#7î.ëöˆ.… | |||
001C90E0 35 8F 4B F5 D5 1A C7 3D FF FF FF FF FF FF FF FF 5.KõÕ.Ç=ÿÿÿÿÿÿÿÿ | |||
=== 0x1C9100 === | |||
0x30 Bytes | |||
{| class="wikitable" | |||
|- | |||
! Console A, B !! Console C | |||
|- | |||
| <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
001C9100 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | |||
001C9110 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | |||
001C9120 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | |||
</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
001C9100 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
001C9110 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
001C9120 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
</pre> | |||
|- | |||
|} | |||
=== 0x1C91F0 === | |||
(0x40 bytes) | (0x40 bytes) | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 660: | Line 552: | ||
001C9BF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C9BF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x1C9900 === | |||
Unique 0x100 byte area (on Testkit Console dump): | Unique 0x100 byte area (on Testkit Console dump): | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 669: | Line 561: | ||
* xx Changes per dev console | * xx Changes per dev console | ||
=== 0x1C9C00 HDD P/N and S/N, === | |||
Checked every single Dump i got and it differs. Some Dumps have thoes entry, some not. Retail or Dev/Test do not matter. My own dumps do not have this information. But i also never changed the orig HDD. Maybe it's something like that. That only when you change to a new other HDD it will write the P/N S/N of the new HDD into this array. | Checked every single Dump i got and it differs. Some Dumps have thoes entry, some not. Retail or Dev/Test do not matter. My own dumps do not have this information. But i also never changed the orig HDD. Maybe it's something like that. That only when you change to a new other HDD it will write the P/N S/N of the new HDD into this array. | ||
Line 684: | Line 576: | ||
001C9FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C9FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x1CA000 === | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 729: | Line 621: | ||
001CA5C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | 001CA5C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | ||
==== 0x1CA5D0 Region? + | ==== 0x1CA5D0 Region? + SKU Bytes? & BIOS Incremental? & BIOS Version ==== | ||
On the end of this page we have a list where we can compare thoes informations against other consoles. This will help us to bring light into thoes few bytes here. | On the end of this page we have a list where we can compare thoes informations against other consoles. This will help us to bring light into thoes few bytes here. | ||
Line 802: | Line 694: | ||
001CBBF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001CBBF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x1CBC00 === | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 829: | Line 721: | ||
001CDFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001CDFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x1CE000 === | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 856: | Line 748: | ||
001CE1F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001CE1F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x1CE200 === | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 906: | Line 798: | ||
|} | |} | ||
=== 0x200000 === | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00200000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | 00200000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | ||
Line 940: | Line 832: | ||
002001E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 002001E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
002001F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 002001F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
==== FF filled ==== | ==== FF filled ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 947: | Line 838: | ||
00200FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00200FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x201000 === | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00201000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | 00201000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | ||
Line 981: | Line 872: | ||
002011E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 002011E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
002011F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 002011F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
==== FF filled ==== | ==== FF filled ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 988: | Line 878: | ||
00201FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00201FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x202000 === | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00202000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | 00202000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | ||
Line 1,022: | Line 912: | ||
002021E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 002021E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
002021F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 002021F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
==== FF filled ==== | ==== FF filled ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 1,029: | Line 918: | ||
00202FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00202FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x203000 === | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00203000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | 00203000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | ||
Line 1,063: | Line 952: | ||
002031E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 002031E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
002031F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 002031F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
==== FF filled ==== | ==== FF filled ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 1,070: | Line 958: | ||
00203FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00203FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x204000 | === 0x204000 === | ||
huge block | huge block | ||
{| class="wikitable" | {| class="wikitable" | ||
Line 1,104: | Line 992: | ||
002907F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 002907F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x290800 === | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00290800 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | 00290800 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | ||
Line 1,115: | Line 1,003: | ||
002909F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 002909F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x290A00 === | |||
00290A00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | 00290A00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | ||
[...] small block | [...] small block | ||
Line 1,125: | Line 1,013: | ||
00290BF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00290BF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x290C00 === | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00290C00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | 00290C00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | ||
Line 1,136: | Line 1,024: | ||
00290DF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00290DF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x290E00 === | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00290E00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | 00290E00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | ||
Line 1,148: | Line 1,036: | ||
002FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 002FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x300000 === | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00300000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | 00300000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | ||
Line 1,154: | Line 1,042: | ||
0037FFF0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 0037FFF0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
=== 0x380000 SCE VTRM Region0 (Retail & Dev/Test) === | |||
SCEVTRM Magic on 0x380048. | |||
The 0xFC in this example here mark the very first entry for a VTRM. Otherwise it would be 4 bytes either all 0x00 which means not in use or 0x03 0x00 0x00 0x00 which means in use. It is always tighten to 0x00 placed on offset 0x380050 and 0x380058 or in the second VTRM on 0x3A0050 and 0x3A0058 and it is the counter for activation and deactivation of the console. So following the counting this means for every | |||
uneven number == Activated | |||
=== | and every | ||
even number == Deactivated | |||
or | |||
If VTRM0 is marked as in use then the console is deactivated and if VTRM1 is marked in use then she is activated. | |||
Following some examples. Remember mark 0xFC and count 0x00 == factory state. | |||
NOTE: Dev / Test Consoles only do use one VTRM. The array for the second VTRM is completely empty on this SKU models beside that they don't have any mark and also no counter. (yea sure why if they only use one ^^) | |||
NOTE²: There is another byte that will change douring this process. On offset 0x3A0078 for factory the byte is 0xFF. As soon the console would be the first time activated (so count 0x01) then this byte change to 0xFE. After this (so count 0x02 and upwards) the byte will always be 0xFC. | |||
Deactivated | |||
{| class="wikitable" | |||
|- | |||
! Console A !! Console B !! Console C | |||
|- | |||
| <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
00380000 FC FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00380000 FC FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
00380010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00380010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
Line 1,167: | Line 1,076: | ||
00380050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | 00380050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | ||
00380060 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................ | 00380060 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................ | ||
00380070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00380070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00380000 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380040 01 00 00 00 FF FF FF FF 53 43 45 56 54 52 4D 00 ....ÿÿÿÿSCEVTRM. | |||
00380050 16 00 00 00 00 00 00 00 16 00 00 00 00 00 00 00 ................ | |||
00380060 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................ | |||
00380070 FF FF FF FF FF FF FF FF FC FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
00380000 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380040 01 00 00 00 FF FF FF FF 53 43 45 56 54 52 4D 00 ....ÿÿÿÿSCEVTRM. | |||
00380050 0E 00 00 00 00 00 00 00 0E 00 00 00 00 00 00 00 ................ | |||
00380060 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................ | |||
00380070 FF FF FF FF FF FF FF FF FC FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ</pre> | |||
|- | |||
|} | |||
==== 0x380170 | So we have more ways to identify if a Dump is from a Retail or a Dev/Test console. Either we can check if there are any incremental counters used on the VTRM or we can check if the VTRM hase any mark like 0xFC or 0x00000000 or 0x03000000 then it is reatail else Dev/test. Or we also can check the first 4 bytes of both VTRMs against 4x 0xFF bytes, if True == Dev/Test else Retail. | ||
==== 0x380170 PerConsole0 (Retail & Dev/Test) ==== | |||
This region of 0x60 ~= 96 bytes is the exact same on the same console of diffrent FW and BIOS versions. We can use thoes 96 bytes to identify dumps as diffrent or as from one and the same device. It's kind of a unique Console identifyer. I will add a new entry to the SystemFlash Extractor and hash this array with SHA1 which we then can use to store it in the DataBase. That gives us the ability to even identify a Dump and his informations from the DataBase out as one and the same device or as a diffrent one, while to same time to protect the privacy of the user in case we use a checksum to store and not the console specific unique vlaue. (what ever it will hold...) | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 1,185: | Line 1,112: | ||
=== 0x3A0000 SCE VTRM Region1 (Retail) === | === 0x3A0000 SCE VTRM Region1 (Retail) === | ||
SCEVTRM Magic on 0x3A0048 | |||
Activated | |||
{| class="wikitable" | |||
|- | |||
! Console A !! Console B !! Console C | |||
|- | |||
| <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
00380000 03 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00380000 03 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
00380010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00380010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
Line 1,194: | Line 1,127: | ||
00380050 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ | 00380050 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ | ||
00380060 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................ | 00380060 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................ | ||
00380070 FF FF FF FF FF FF FF FF FE FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00380070 FF FF FF FF FF FF FF FF FE FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00380000 03 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380040 01 00 00 00 FF FF FF FF 53 43 45 56 54 52 4D 00 ....ÿÿÿÿSCEVTRM. | |||
00380050 17 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 ................ | |||
00380060 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................ | |||
00380070 FF FF FF FF FF FF FF FF FC FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
00380000 03 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380040 01 00 00 00 FF FF FF FF 53 43 45 56 54 52 4D 00 ....ÿÿÿÿSCEVTRM. | |||
00380050 0F 00 00 00 00 00 00 00 0F 00 00 00 00 00 00 00 ................ | |||
00380060 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................ | |||
00380070 FF FF FF FF FF FF FF FF FC FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ</pre> | |||
|- | |||
|} | |||
{| class="wikitable" | |||
|- | |||
! Console A, B !! Console C | |||
|- | |||
| <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
003801D0 FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿ | |||
003801E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
[...] filled FF region | |||
003A0160 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
003A0170 FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿ</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
0039FFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
003A0000 03 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF ....ÿÿÿÿÿÿÿÿÿÿÿÿ | |||
003A0010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
[...] filled FF region | |||
003A0040 01 00 00 00 FF FF FF FF 53 43 45 56 54 52 4D 00 ....ÿÿÿÿSCEVTRM. | |||
003A0040 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ | |||
003A0040 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................ | |||
003A0040 FF FF FF FF FF FF FF FF FE FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿþÿÿÿÿÿÿÿ | |||
003A0050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
[...] filled FF region | |||
003A0160 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
003A0170 FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿ</pre> | |||
|- | |||
|} | |||
==== 0x3A0170 | ==== 0x3A0170 PerConsole1 (Retail) ==== | ||
The same like for Region0 applys here but with the diffrence that thoes both values from Region0 and Region1 do differ on the same console and also on diffrent versions. But Region0 do match Region0 of diffrent FW and BIOS versions and the same apply for Region1. Thoes 96 bytes from Region1 are always the same on diffrent FW and BIOS versions of the same console. | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 1,255: | Line 1,231: | ||
=== 0x3C0000 (CoreOS) === | === 0x3C0000 (CoreOS) === | ||
0x1980000 datablock | 0x1980000 datablock | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
003C0000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ | 003C0000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ | ||
Line 1,273: | Line 1,249: | ||
=== FW/BIOS versioning and incremental counting Observation === | === FW/BIOS versioning and incremental counting Observation === | ||
Following a list of Informations about The Consoles Firmware version, the SFlashes BIOS version and this strange (where i guess) incremental counter. I run that list so we can see if my guess of a incremental value is right or not. | Following a list of Informations about The Consoles Firmware version, the SFlashes BIOS version and this strange (where i guess) incremental counter. I run that list so we can see if my guess of a incremental value is right or not. | ||
The values we list are: | The values we list are: | ||
0x1CA5D0 (1 Byte) == Region? | 0x1CA5D0 (1 Byte) == Region? | ||
The real Region of your device. | The real Region of your device. | ||
0x1CA5D1 (4 Bytes) == SKU? | 0x1CA5D1 (4 Bytes) == SKU? | ||
The real SKU of your device. | The real SKU of your device. | ||
0x1C8041(variety) The SKU Model string. | 0x1C8041(variety) The SKU Model string. | ||
The Firmware version of your console. | The Firmware version of your console. | ||
0x1CA604 (4 Bytes, little endian) == BIOS version. | 0x1CA604 (4 Bytes, little endian) == BIOS version. | ||
0x1CA5D8 (4 Bytes, each integer16) == Incremental value as Byte. | 0x1CA5D8 (4 Bytes, each integer16) == Incremental value as Byte. | ||
The same value but as integer. | The same value but as integer. | ||
NOTE: If there are any informations from one and the same console but on diff versions, then please mark your console with the next free number and add it. So we can see with one hit which values are from diff cons and which are from the same con. And which value belongs to which console. If the values are from one console and no second value from the same console is already present then mark it with a minus -. | NOTE: If there are any informations from one and the same console but on diff versions, then please mark your console with the next free number and add it. So we can see with one hit which values are from diff cons and which are from the same con. And which value belongs to which console. If the values are from one console and no second value from the same console is already present then mark it with a minus -. | ||
{| class="wikitable" | {| class="wikitable" | ||
! Region !! Real !! SKU !! Real !! Model !! FW !! BIOS !! Inc Byte !! Inc Integer !! Con # | ! Region !! Real !! SKU !! Real !! Model !! FW !! BIOS !! Inc Byte !! Inc Integer !! Con # | ||
|- | |- | ||
| 0x34 || EU || 77 B3 C0 02 || Dev / Test || DUH-T1000AA || 1.50 || 1.50 || 0x03 0x00 0x00 0x00 || 3.0.0.0 || 0 | | 0x34 || EU || 77 B3 C0 02 || Dev / Test || DUH-T1000AA || 1.50 || 1.50 || 0x03 0x00 0x00 0x00 || 3.0.0.0 || 0 | ||
|- | |- | ||
| 0x34 || EU || 77 B3 C0 02 || Dev / Test || DUH-T1000AA || 1.010.031 || 0xFFFFFFFF || / || / || 0 | | 0x34 || EU || 77 B3 C0 02 || Dev / Test || DUH-T1000AA || 1.010.031 || 0xFFFFFFFF || / || / || 0 | ||
|- | |- | ||
| 0x34 || EU || 77 B3 C0 02 || Dev / Test || DUH-T1000AA || 1.76 || 1.50.10 || 0x03 0xE0 0x00 0x00 || 3.224.0.0 || - | | 0x34 || EU || 77 B3 C0 02 || Dev / Test || DUH-T1000AA || 1.76? || 1.50.10 || 0x03 0xE0 0x00 0x00 || 3.224.0.0 || - | ||
|- | |- | ||
| 0xB0 || BR || 76 B3 80 02 || Retail || CUH-1001A B01 || 2.50 || 1.52 || 0x03 0xED 0x00 0x00 || 3.237.0.0 || - | | 0xB0 || BR || 76 B3 80 02 || Retail || CUH-1001A B01 || 2.50 || 1.52 || 0x03 0xED 0x00 0x00 || 3.237.0.0 || - | ||
|- | |- | ||
| 0xB0 || BR || 76 B3 80 02 || Retail || CUH-1001A B01 || 2.50 || 1.52 || 0x03 0xED 0x00 0x00 || 3.237.0.0 || - | | 0xB0 || BR || 76 B3 80 02 || Retail || CUH-1001A B01 || 2.50 || 1.52 || 0x03 0xED 0x00 0x00 || 3.237.0.0 || - | ||
|- | |- | ||
| 0xB0 || BR || 76 B3 80 02 || Retail || CUH-1011A B01 || 2.50 || 1.52 || 0x03 0xED 0x00 0x00 || 3.237.0.0 || - | | 0xB0 || BR || 76 B3 80 02 || Retail || CUH-1011A B01 || 2.50 || 1.52 || 0x03 0xED 0x00 0x00 || 3.237.0.0 || - | ||
|- | |- | ||
| 0x34 || EU || 76 B3 80 02 || Retail || CUH-1004A B01X || 1.06 || 1.06 || 0x02 0x00 0x00 0x00 || 2.0.0.0 || 1 | | 0x34 || EU || 76 B3 80 02 || Retail || CUH-1004A B01X || 1.06 || 1.06 || 0x02 0x00 0x00 0x00 || 2.0.0.0 || 1 | ||
|- | |- | ||
| 0x30 || EU || 76 B3 80 02 || Retail || CUH-1004A B01X || 1.61 || 1.61 || 0x03 0x00 0x00 0x00 || 3.0.0.0 || 1 | | 0x30 || EU || 76 B3 80 02 || Retail || CUH-1004A B01X || 1.61 || 1.61 || 0x03 0x00 0x00 0x00 || 3.0.0.0 || 1 | ||
|- | |- | ||
| 0x30 || EU || 76 B3 80 02 || Retail || CUH-1004A B01X || 1.62 || 1.61 || 0x03 0xE0 0x00 0x00 || 3.224.0.0 || 1 | | 0x30 || EU || 76 B3 80 02 || Retail || CUH-1004A B01X || 1.62 || 1.61 || 0x03 0xE0 0x00 0x00 || 3.224.0.0 || 1 | ||
|- | |- | ||
| 0x30 || EU || 76 B3 80 02 || Retail || CUH-1004A B01X || 1.74 || 1.61 || 0x03 0xE0 0x00 0x00 || 3.224.0.0 || 1 | | 0x30 || EU || 76 B3 80 02 || Retail || CUH-1004A B01X || 1.74 || 1.61 || 0x03 0xE0 0x00 0x00 || 3.224.0.0 || 1 | ||
|- | |- | ||
|} | |} | ||
{{Reverse Engineering}} | {{Reverse Engineering}} | ||
<noinclude>[[Category:Main]]</noinclude> | <noinclude>[[Category:Main]]</noinclude> |