Editing Flash-Main

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 39: Line 39:
= Offsets =
= Offsets =


See [[Codenames]].
* 0x0 <- Header (0x1000)
 
* 0x1000 <- Unk (0x1000)
* 0x00000000 <- Segment 0 Header (0x1000)
* 0x2000 <- MBR1 (0x1000) (for sflash0s1.cryptx3b)
* 0x00001000 <- Segment 0 Active Slot (0x1000)
* 0x3000 <- MBR2 (0x1000) (for sflash0s1.cryptx3)
* 0x00002000 <- Segment 0 MBR1 (for sflash0s1.cryptx32) (0x1000)
* 0x4000 <- sflash0s0x32b (emc_ipl) (0x60000)
* 0x00003000 <- Segment 0 MBR2 (for sflash0s1.cryptx32b) (0x1000)
* 0x64000 <- sflash0s0x32 (emc_ipl) (0x60000)
* 0x00004000 <- sflash0s0x32 (0x60000) (emc_ipl)
* 0xC4000 <- sflash0s0x33 (eap_kbl) (0x80000)
* 0x00064000 <- sflash0s0x32b (0x60000) (emc_ipl)
* 0x144000 <- sflash0s0x34 (wifi fw) (0x80000)
* 0x000C4000 <- sflash0s0x33 (0x80000) (eap_kbl)
* 0x1C4000 <- sflash0s0x38 (nvs) (0xC000)
* 0x00144000 <- sflash0s0x38 (0x80000) (torus2_fw)
* 0x1D0000 <- sflash0s0x0 (blank1) (0x30000)
* 0x001C4000 <- sflash0s0x34 (0xC000) (nvs)
* 0x200000 <- Header2 (0x1000)
* 0x001D0000 <- sflash0s0x0 (0x30000) (blank)
* 0x201000 <- Unk 2(0x1000)
* 0x00200000 <- Segment 1 Header (XTS encrypted) (0x1000)
* 0x202000 <- MBR3(0x1000) (for sflash0s1.cryptx2b)  
* 0x00201000 <- Segment 1 Active Slot (XTS encrypted) (0x1000)
* 0x203000 <- MBR4(0x1000) (for sflash0s1.cryptx2)  
* 0x00202000 <- Segment 1 MBR1 (for sflash0s1.cryptx2) (XTS encrypted) (0x1000)
* 0x204000 <- sflash0s1.cryptx2b (sam_ipl/secure loader) (0x3E000)
* 0x00203000 <- Segment 1 MBR2 (for sflash0s1.cryptx2b) (XTS encrypted) (0x1000)
* 0x242000 <- sflash0s1.cryptx2 (sam_ipl/secure loader) (0x3E000)
* 0x00204000 <- sflash0s1.cryptx2 (0x3E000) (sam_ipl)
* 0x280000 <- sflash0s1.cryptx1 (idata) (0x80000)
* 0x00242000 <- sflash0s1.cryptx2b (0x3E000) (sam_ipl)
* 0x300000 <- sflash0s1.cryptx39 (bd_hrl?) (0x80000)
* 0x00280000 <- sflash0s1.cryptx1 (0x80000) (idata)
* 0x380000 <- sflash0s1.cryptx6 (Virtual TRM) (0x40000)
* 0x00300000 <- sflash0s1.cryptx39 (0x80000) (bd_hrl)
* 0x3C0000 <- sflash0s1.cryptx3b (secure kernel, secure modules) (0xCC0000)
* 0x00380000 <- sflash0s1.cryptx6 (0x40000) (Virtual TRM)
* 0x1080000 <- sflash0s1.cryptx3 (secure kernel, secure modules) (0xCC0000)
* 0x003C0000 <- sflash0s1.cryptx3 (0xCC0000) (secure kernel, secure modules)
* 0x1D40000 <- sflash0s1.cryptx40 (blank2) (0x2C0000)
* 0x01080000 <- sflash0s1.cryptx3b (0xCC0000) (secure kernel, secure modules)
* 0x01D40000 <- sflash0s1.cryptx40 (0x2C0000) (blank)


= MBR Types =
= MBR Types =


<source lang="C">
<pre>
typedef struct {
typedef struct
uint32_t start_lba;
{
uint32_t n_sectors;
unsigned int offset;
uint8_t flag1; // maybe part_id
unsigned int size;
uint8_t flag2;
unsigned char flag1;
uint16_t unknown;
unsigned char flag2;
uint64_t padding;
unsigned short unknown;
unsigned long padding;
} __attribute__((packed)) partition_t;
} __attribute__((packed)) partition_t;


typedef struct {
typedef struct
uint8_t magic[0x20]; // "SONY COMPUTER ENTERTAINMENT INC."
{
uint32_t version; // 1
uint8_t sony[0x20];
uint32_t mbr1_start; // ex: 0x10
uint32_t version;
uint32_t mbr2_start; // ex: 0x18
uint32_t total_size;
uint32_t unk[4]; // ex: (1, 1, 8, 1)
uint64_t padding;
uint32_t reserved;
uint32_t flag1;
uint8_t unused[0x1C0];
uint32_t flag2;
} __attribute__((packed)) master_block_v1_t;
uint64_t padding2;
 
partition_t partitions[16];
typedef struct {
} __attribute__((packed)) master_block_t;
uint8_t magic[0x20]; // "Sony Computer Entertainment Inc."
uint32_t version; // 4
uint32_t n_sectors;
uint64_t reserved;
uint32_t loader_start; // ex: 0x11, 0x309
uint32_t loader_count; // ex: 0x267
uint64_t reserved2;
partition_t partitions[16];
} __attribute__((packed)) master_block_v4_t;
</source>
 
= MBR Contents (Example) (Internal) =
 
== MBR 1 and 2 ==
 
<pre>
Partition 0, off=0x2000, sz=0x60000, type=0x20(32), active?=0x0 (ina) (emc)
Partition 1, off=0x62000, sz=0x60000, type=0x20(32), active?=0x1 (act) (emc)
Partition 2, off=0xc2000, sz=0x80000, type=0x21(33), active?=0x1 (act) (eap)
Partition 3, off=0x142000, sz=0x80000, type=0x26(38), active?=0x1 (act) (wifi)
Partition 4, off=0x1c2000, sz=0xc000, type=0x22(34), active?=0x1 (act) (nvs)
</pre>
 
== MBR 3 and 4 ==
 
<pre>
Partition 0, off=0x2000, sz=0x3e000, type=0x2, active?=0x1 (act) (ipl)
Partition 1, off=0x40000, sz=0x3e000, type=0x2, active?=0x0 (ina) (ipl)
Partition 2, off=0x7e000, sz=0x80000, type=0x1, active?=0x1 (act) (idstorage)
Partition 3, off=0xfe000, sz=0x80000, type=0x27(39), active?=0x1 (act) (bd revoke)
Partition 4, off=0x17e000, sz=0x40000, type=0x6, active?=0x1 (act) (vtrm)
Partition 5, off=0x1be000, sz=0xcc0000, type=0x3, active?=0x1 (act) (coreos)
Partition 6, off=0xe7e000, sz=0xcc0000, type=0x3, active?=0x0 (ina) (coreos)
Partition 7, off=0x1b3e000, sz=0x2c0000, type=0x28(40), active?=0x1 (act) (unused)
</pre>
</pre>


Line 128: Line 93:


<pre>
<pre>
Partition 0, off=0x2000, sz=0x60000, type=0x20, active?=0x1 (act)
Partition 0, off=0x2000, sz=0x60000, type=0x32, active?=0x1
Partition 1, off=0x62000, sz=0x60000, type=0x20, active?=0x0 (ina)
Partition 1, off=0x62000, sz=0x60000, type=0x32, active?=0x0
Partition 2, off=0xc2000, sz=0x80000, type=0x21, active?=0x1 (act)
Partition 2, off=0xc2000, sz=0x80000, type=0x33, active?=0x1
Partition 3, off=0x142000, sz=0x80000, type=0x26, active?=0x1 (act)
Partition 3, off=0x142000, sz=0x80000, type=0x38, active?=0x1
Partition 4, off=0x1c2000, sz=0xc000, type=0x22, active?=0x1 (act)
Partition 4, off=0x1c2000, sz=0xc000, type=0x34, active?=0x1
Partition 5, off=0x1ce000, sz=0x30000, type=0x0, active?=0x1 (act)
Partition 5, off=0x1ce000, sz=0x30000, type=0x0, active?=0x1
</pre>
</pre>


Line 1,330: Line 1,295:
==== BwE PS4 NOR Validator ====
==== BwE PS4 NOR Validator ====
[[File:Screenshot norvalidator2.png|300px|thumb|left|Results]]
[[File:Screenshot norvalidator2.png|300px|thumb|left|Results]]
Developed by [[User:BwE]] this application is designed to validate the entire NOR flash of the PS4.
It will check every byte of the flash and read approximately 1800 specific offsets.
Areas that can be repaired easily are labeled as static, meaning it will be the same across all consoles.
Dynamic areas are interchanging either with each firmware revision, the console itself or the model of console.
PerConsole areas (such as the majority of the CID) are unable to be modified.


This program is the release version of [[User:BwE]]'s PS4 NOR Validator, it is designed solely to validate the NOR flash of your PS4 console!
Alternative validations are based on known corruption patterns or expectations. This will be improved with each revision.
MD5 validations are based on known valid consoles (or file sizes) and this is why entropy and the above validation are added as supplementation.


Why would you need to do this? Well if your console has suddenly died and has what is called the 'BLOD', the NOR can be the reason why. Using my program will allow you to validate literally every single byte of the NOR (or over 2100 specific areas) - allowing you to see where or if it is corrupted.
There are various table based validations, which are based on accumulated data from various consoles, these will be improved constantly.


The most common area of corruption that causes the BLOD is the CID. Some areas of this section can actually be repaired, if you're lucky! I and others have done this! Don't forget to use my Comparator tool to help you understand what the difference is for a specific section of the NOR. It will help you with patching!
Other validations can use regular expressions which are again, based on accumulated data.


Other areas can be inter-changed between different consoles and are more suited for repair, the WiFi/BT module is a good example of this.
The ambiguity of consoles leads to the usefulness of the WARNING result. If it does not pass the expected result and it does not appear explicitly corrupt it will present a warning. Some areas in the NOR are so extremely dynamic that maybe one in 50 consoles will have it, and for the life of me, I don't know why.


So fundamentally, this program is for console repairers like myself. If you are indeed a repairer and run a business I can make a custom 'bulk' version for you! But for now, feel free to put multiple *.bin files in the working directory as my program will provide a selection menu.
My suggestion is to use this program with a cognizance of the ENTIRETY of the results. If for example the flash presents a low entropy and various warnings throughout, this is a bad sign. If the console has perfect entropy but a large (0x1000) corrupted area then I would also see this as a very bad sign. If there are a few danger results in the filler data, I would not worry too much.


I am also happy to give advice on your NOR or help interpret your results, just post on the forum or give me an email. If you can bypass my filter, send me a link to your NOR!
Eventually this program will be more and more reliable. Use it, report your results and help develop it!


If you encounter any errors or weird results - or better yet if your NOR is labled danger in any areas, but still runs fine - let me know!
The program also features extraction of the NOR, byte reversal and statistics.<br>
As of 1.1 it does not support Dev/Test consoles, but will in the future (most of the code is already in the program).


Keep in mind the CoreOS and other large encrypted areas could still be corrupt regardless of the results (I cant check every byte in an encrypted section, hence alt validations). This program is NOT perfect, but it is WAY better than just using a hex editor or never truely knowing if your BLOD is caused by the NOR!
<pre>
Version History:
1.4.6 (1/2/20) Just Keeping It Fresh! (May have fixed issues stopping the program running, if not let me know!)
1.4.4 (16/8/19) Added and Improved Validations (CID & UNK) Including New WiFi/BT FW MD5
1.4.2 (7/4/19) Added More Validations (Firmware & Console Specific), Improved Various Sections (CID & UNK Mostly)
1.4.1 (1/3/19) Prettied Up Outputs, Minor Rewording (Sorry!).
1.4.0 (1/3/19) Added Zecoxao Extraction Methodology (Will Add More Zecoxao SELF Stuff Later), Added FW/BIOS Versioning, Added Additional Entropy Validation & Various Improvements Throughout. Versions From Here On Will Be Released Slower Due To University Commitments!
1.3.8 (21/2/19) Added Additional Validations (To Suit Slim/Pro), Repaired/Improved CID Validation, More MD5s & Table Based Results.
1.3.5 (30/1/19) Added CoreOS Reference Points (Additional CoreOS Per-Console Validation).
1.3.3 (24/1/19) Reworked And Improved Both CID And UNK Sections Again, Added More MD5's, Added Application Version Checker, Removed Colored Bars, Added Comparator & Other Improvements Throughout.
1.3.1 (19/1/19) Added More Validations & MD5's, Repaired Minor Bug.
1.3 (15/1/19) Completely Reworked And Improved The CID Section And Added Additional Validations To The UNK Section & I Also Improved Some Other Validations Throughout.
1.2.6 (18/12/18) Hopefully Fixed 'Black Screen' Issue, Recompiled In 32bit.
1.2.5 (17/12/18) Added 2 New Flags (Possibly Initialization Flag?), Changed Validation Results, Improved Output/Info (HTML) & Added MD5's.
1.2 (8/12/18) Improved All Alt Validations, Repaired Vtrm1, Internal Typo & Added Repetition Checks.
1.1.1 (29/11/18) Typo Again, Made The SKU Not Come Up As Unlisted & Added Some MD5's.
1.1 (28/11/18) Improved VTRM & CID Validation, Typo Fixes & Better Colours.
1.0 (27/11/18) First Release!
</pre>
 
Developer Website:<br>
https://betterwayelectronics.com.au/
 
Direct Link:<br>
https://betterwayelectronics.com.au/BwE_PS4_NOR_Validator.rar
 
Support/Information Forum:<br>
https://www.psxhax.com/threads/release-bwe-ps4-nor-validator.6139/
 
==== BwE PS4 WiFi/BT Patcher & Extractor ====
[[File:Screenshot2.png|300px|thumb|left|WiFi/BT Results]]
Developed by [[User:BwE]] this application is designed to validate, patch and or extract the [[Flash-Main#0x144000|WiFi/BT Module]] of the PS4. The reason for this is illustrated in [[Software_Wireless_BT#BwE_PS4_WiFi.2FBT_Patcher_.26_Extractor|this page on the wiki]]. It will use MD5, entropy and pattern analysis to determine if and where the module is corrupted. From here it will determine a valid replacement based on the console's expected module version and size. Should there be no matching version available the program will offer you the ability to patch a new header and new module. This methodology is risky, but if this is your only option then it is worth a try.
 
<pre>
1.3.5 (7/4/19) - Added New Patches (Including Special 'Update' Patches For Torus2) & Improved Validation/Interpretation (& Removed Loader!).
1.3.4 (1/3/19) - Added FW/BIOS Versioning, Prettied It Up (Behind The Scenes Too) & Released to GitHub!
1.3.3 (1/3/19) - Combined Patcher & Extractor, Added Additional Patch & Added Version Checker.
1.3 (22/12/18) - Converted to 32bit (Hello 3absiso!), No Other Changes (Because this program is GREAT)
1.2 (27/11/18) - Fixed Entropy + Added Better MD5 Validation + Added Better Header Validation
1.1 (25/11/18) - Added Entropy + Better Looks
1.0 (4/09/18) - First Release!
</pre>
 
Developer Website:<br>
https://betterwayelectronics.com.au/
 
Direct Link:<br>
https://betterwayelectronics.com.au/BwE_PS4_WiFi-BT_Patcher.rar
 
Support/Information Forum:<br>
https://www.psxhax.com/threads/bwe-ps4-wifi-bt-patcher-extractor-v1-00-by-betterwayelectronics.5936/


This also goes above and beyond that of the psdevwiki page regarding the main flash of the PS4 (Thank you cfwprpht).
==== BwE PS4 NOR Statistics ====
[[File:Mainprogram.png|300px|thumb|left|Statistics Results]]
This program, another micro version of [[User:BwE]]'s PS4 NOR Validator, is designed solely to validate your NOR based on statistics only!<br>
Why make this you ask? Entropy and statistics are a well used methodology in the malware analysis field to determine if a binary file is encrypted, and by how much.<br>


<br><br><br><br><br>
What is entropy? Entropy is a method for measuring uncertainty in a series of numbers or bytes. In technical terms, entropy measures the level of difficulty or the probability of independently predicting each number in the series.<br>
'''Notes:'''


As of version 1.5.5 there is an ability to upload dumps directly to me. I use these to improve the program and validations.
What has this got to do with PS4s? Well the PS4's NOR is almost entirely encrypted and so with a collection of known valid NOR's it is possible to determine the level of entropy that represents a valid NOR and what level of entropy would represent a corrupt NOR.<br>
Abusing this service will result in your ban from future use of my validator.


''Regarding Anti-Virus:''
When corruption occurs it will generally wipe out a large chuck of the NOR, cause the NOR to repeat itself or will fill the NOR with junk. All of this will decrease or severely increase the entropy.<br>


I protect my program with Themida. The problem with this is that heuristically some AV software see it as a threat.
Seeing as the PS4 firmware is likely to add more or less complexity with each update I have made avaliable a settings file where you can adjust the predicted statistics.<br>
This is because people who make or redistribute old malware also use Themida to help make themselves undetected.


Ultimately, it is up to you to trust the program and me. I encourage you to upload to a sandbox to see for yourself.


<pre>
<pre>
Version History:
Version 1.0 (5/11/18) First initial release
- 1.7.1 (25/6/21) Fixed Uploading Questions, Added MB Serial to Outputs, New Spash Screen.
- 1.7.0 (23/6/21) Added Question Regarding Dump When Uploading, Added New CID Validation (Weird Key or Flag), Fixed UART Validation, Added Unlisted Results.
- 1.6.9 (26/5/21) Fixed Internal Code Issues, Added Unlisted Results, New Splash Screen (Potentially last update for a short while).
- 1.6.8 (16/5/21) Updated Internal Comparison Application, Improved Serial Number Validation (MB Series), Added Unlisted Results.
- 1.6.7 (25/4/21) Repaired UNK 1200 Series Validation, Added Unlisted Results.
- 1.6.6 (12/4/21) Added Unlisted Results, Improved Validation, Changed Output Styling.
- 1.6.5 (31/3/21) Added CoreOS Statistical Analysis, Changed Some Results, Changed Some Output Formatting, Returned to Previous Packer.
- 1.6.3 (30/3/21) Added CoreOS Patcher (SU-30631-3 Error Specific), Updated Results, Added Unlisted Results, Fixed Readme, Changed Packer.
- 1.6.2 (18/3/21) Repaired CID Validation, Improved Handling of 72xx, Added Unlisted Results, Improved Dump Uploading Process.
- 1.6.1 (20/2/21) Repaired CID Validation, Added Unlisted Results (Thanks Uploaders!)
- 1.6.0 (4/2/21) Added IDU Mode Patcher, Improved Validations, Added Unlisted Results.
- 1.5.9 (29/1/21) Major Improvement to CID and UNK Validations, Added Unlisted Results, Improved UART Patching, Better Handling of 1200/Pro/Slim Validations, Added v1.5 of Comparator
- 1.5.7 (11/1/21) Fixed Version Checker, Improved Statistics, Removed Some Unlisted Results (Improved Validation), Updated Upload Feature, Improved Compiler
- 1.5.6 (10/1/21) Improved CID and UNK Validations, Updated Unlisted Validations, IDU Flags Added, Some Code Optimization
- 1.5.5 (8/1/21) Updated Pro/Slim Specific Validations, Updated Unlisted Validations, Updated CID Validations, Updated UNK Validations, Added Dump Upload Feature
- 1.5.3 (5/12/20) Updated Unlisted Validations, Updated WiFi/BT MD5s & Entropy Validation
- 1.5.2 (20/11/20) Updated WiFi/BT MD5s, Added 2nd UART Flag, Updated Unlisted Validations
- 1.5.1 (3/11/20) Updated Unlisted Validations, Added UART Enabler, Removed Unused Validation Option, Added Basic Loader
- 1.5.0 (30/10/20) Updated Unlisted Validations, Upgraded Existing Validations, Removed Loader (Secret Patcher Coming Soon!)
- 1.4.9 (3/5/20) Added 21xx Series Specific Validations, Updated Unlisted Validations
- 1.4.7 (23/3/20) Added Dynamic Comparison, Updated Unlisted Validations
- 1.4.6 (1/2/20) Just Keeping It Fresh! (May have fixed issues stopping the program running, if not let me know!)
- 1.4.4 (16/8/19) Added and Improved Validations (CID & UNK) Including New WiFi/BT FW MD5
- 1.4.2 (7/4/19) Added More Validations (Firmware & Console Specific), Improved Various Sections (CID & UNK Mostly)
- 1.4.1 (1/3/19) Prettied Up Outputs, Minor Rewording (Sorry!).
- 1.4.0 (1/3/19) Added Zecoxao Extraction Methodology (Will Add More Zecoxao SELF Stuff Later), Added FW/BIOS Versioning, Added Additional Entropy Validation & Various Improvements Throughout.
- 1.3.8 (21/2/19) Added Additional Validations (To Suit Slim/Pro), Repaired/Improved CID Validation, More MD5s & Table Based Results.
- 1.3.5 (30/1/19) Added CoreOS Reference Points (Additional CoreOS Per-Console Validation).
- 1.3.3 (24/1/19) Reworked And Improved Both CID And UNK Sections Again, Added More MD5's, Added Application Version Checker, Removed Colored Bars, Added Comparator & Other Improvements Throughout.
- 1.3.1 (19/1/19) Added More Validations & MD5's, Repaired Minor Bug.
- 1.3 (15/1/19) Completely Reworked And Improved The CID Section And Added Additional Validations To The UNK Section & I Also Improved Some Other Validations Throughout.
- 1.2.6 (18/12/18) Hopefully Fixed 'Black Screen' Issue, Recompiled In 32bit.
- 1.2.5 (17/12/18) Added 2 New Flags (Possibly Initialization Flag?), Changed Validation Results, Improved Output/Info (HTML) & Added MD5's.
- 1.2 (8/12/18) Improved All Alt Validations, Repaired Vtrm1, Internal Typo & Added Repetition Checks.
- 1.1.1 (29/11/18) Typo Again, Made The SKU Not Come Up As Unlisted & Added Some MD5's.
- 1.1 (28/11/18) Improved VTRM & CID Validation, Typo Fixes & Better Colours.
- 1.0 (27/11/18) First Release!
</pre>
</pre>


'''Developer Website:'''<br>
Developer Website:<br>
https://betterwayelectronics.com.au/
https://betterwayelectronics.com.au/


'''Direct Link:'''<br>
Direct Link:<br>
https://betterwayelectronics.com.au/BwE_PS4_NOR_Validator.rar
https://betterwayelectronics.com.au/BwE_PS4_NOR_Statistics.rar


'''More Information/Updates:'''<br>
Support/Information Forum:<br>
github.com/BetterWayElectronics/ps4-nor-validator
https://www.psxhax.com/threads/bwe-ps4-nor-statistics-v1-00-by-betterwayelectronics.6074/
<br><br>


{{Reverse Engineering}}
{{Reverse Engineering}}
<noinclude>[[Category:Main]]</noinclude>
<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS4 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS4 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)