Editing Flash-Main
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 39: | Line 39: | ||
= Offsets = | = Offsets = | ||
* 0x0 <- Header (0x1000) | |||
* 0x1000 <- Unk (0x1000) | |||
* | * 0x2000 <- MBR1 (0x1000) (for sflash0s1.cryptx3b) | ||
* | * 0x3000 <- MBR2 (0x1000) (for sflash0s1.cryptx3) | ||
* | * 0x4000 <- sflash0s0x32b (emc_ipl) (0x60000) | ||
* | * 0x64000 <- sflash0s0x32 (emc_ipl) (0x60000) | ||
* | * 0xC4000 <- sflash0s0x33 (eap_kbl) (0x80000) | ||
* | * 0x144000 <- sflash0s0x34 (wifi fw) (0x80000) | ||
* | * 0x1C4000 <- sflash0s0x38 (nvs) (0xC000) | ||
* | * 0x1D0000 <- sflash0s0x0 (blank1) (0x30000) | ||
* | * 0x200000 <- Header2 (0x1000) | ||
* | * 0x201000 <- Unk 2(0x1000) | ||
* | * 0x202000 <- MBR3(0x1000) (for sflash0s1.cryptx2b) | ||
* | * 0x203000 <- MBR4(0x1000) (for sflash0s1.cryptx2) | ||
* | * 0x204000 <- sflash0s1.cryptx2b (sam_ipl/secure loader) (0x3E000) | ||
* | * 0x242000 <- sflash0s1.cryptx2 (sam_ipl/secure loader) (0x3E000) | ||
* | * 0x280000 <- sflash0s1.cryptx1 (idata) (0x80000) | ||
* | * 0x300000 <- sflash0s1.cryptx39 (bd_hrl?) (0x80000) | ||
* | * 0x380000 <- sflash0s1.cryptx6 (Virtual TRM) (0x40000) | ||
* | * 0x3C0000 <- sflash0s1.cryptx3b (secure kernel, secure modules) (0xCC0000) | ||
* | * 0x1080000 <- sflash0s1.cryptx3 (secure kernel, secure modules) (0xCC0000) | ||
* | * 0x1D40000 <- sflash0s1.cryptx40 (blank2) (0x2C0000) | ||
* | |||
* | |||
= MBR Types = | = MBR Types = | ||
Line 97: | Line 95: | ||
} __attribute__((packed)) master_block_v4_t; | } __attribute__((packed)) master_block_v4_t; | ||
</source> | </source> | ||
= MBR Contents (Example) = | = MBR Contents (Example) = | ||
Line 128: | Line 101: | ||
<pre> | <pre> | ||
Partition 0, off=0x2000, sz=0x60000, type= | Partition 0, off=0x2000, sz=0x60000, type=0x32, active?=0x1 | ||
Partition 1, off=0x62000, sz=0x60000, type= | Partition 1, off=0x62000, sz=0x60000, type=0x32, active?=0x0 | ||
Partition 2, off=0xc2000, sz=0x80000, type= | Partition 2, off=0xc2000, sz=0x80000, type=0x33, active?=0x1 | ||
Partition 3, off=0x142000, sz=0x80000, type= | Partition 3, off=0x142000, sz=0x80000, type=0x38, active?=0x1 | ||
Partition 4, off=0x1c2000, sz=0xc000, type= | Partition 4, off=0x1c2000, sz=0xc000, type=0x34, active?=0x1 | ||
Partition 5, off=0x1ce000, sz=0x30000, type=0x0, active?=0x1 | Partition 5, off=0x1ce000, sz=0x30000, type=0x0, active?=0x1 | ||
</pre> | </pre> | ||
Line 1,330: | Line 1,303: | ||
==== BwE PS4 NOR Validator ==== | ==== BwE PS4 NOR Validator ==== | ||
[[File:Screenshot norvalidator2.png|300px|thumb|left|Results]] | [[File:Screenshot norvalidator2.png|300px|thumb|left|Results]] | ||
Developed by [[User:BwE]] this application is designed to validate the entire NOR flash of the PS4. | |||
It will check every byte of the flash and read approximately 1800 specific offsets. | |||
Areas that can be repaired easily are labeled as static, meaning it will be the same across all consoles. | |||
Dynamic areas are interchanging either with each firmware revision, the console itself or the model of console. | |||
PerConsole areas (such as the majority of the CID) are unable to be modified. | |||
Alternative validations are based on known corruption patterns or expectations. This will be improved with each revision. | |||
MD5 validations are based on known valid consoles (or file sizes) and this is why entropy and the above validation are added as supplementation. | |||
There are various table based validations, which are based on accumulated data from various consoles, these will be improved constantly. | |||
Other validations can use regular expressions which are again, based on accumulated data. | |||
The ambiguity of consoles leads to the usefulness of the WARNING result. If it does not pass the expected result and it does not appear explicitly corrupt it will present a warning. Some areas in the NOR are so extremely dynamic that maybe one in 50 consoles will have it, and for the life of me, I don't know why. | |||
My suggestion is to use this program with a cognizance of the ENTIRETY of the results. If for example the flash presents a low entropy and various warnings throughout, this is a bad sign. If the console has perfect entropy but a large (0x1000) corrupted area then I would also see this as a very bad sign. If there are a few danger results in the filler data, I would not worry too much. | |||
Eventually this program will be more and more reliable. Use it, report your results and help develop it! | |||
The program also features extraction of the NOR, byte reversal and statistics.<br> | |||
As of 1.1 it does not support Dev/Test consoles, but will in the future (most of the code is already in the program). | |||
<pre> | |||
Version History: | |||
1.4.6 (1/2/20) Just Keeping It Fresh! (May have fixed issues stopping the program running, if not let me know!) | |||
1.4.4 (16/8/19) Added and Improved Validations (CID & UNK) Including New WiFi/BT FW MD5 | |||
1.4.2 (7/4/19) Added More Validations (Firmware & Console Specific), Improved Various Sections (CID & UNK Mostly) | |||
1.4.1 (1/3/19) Prettied Up Outputs, Minor Rewording (Sorry!). | |||
1.4.0 (1/3/19) Added Zecoxao Extraction Methodology (Will Add More Zecoxao SELF Stuff Later), Added FW/BIOS Versioning, Added Additional Entropy Validation & Various Improvements Throughout. Versions From Here On Will Be Released Slower Due To University Commitments! | |||
1.3.8 (21/2/19) Added Additional Validations (To Suit Slim/Pro), Repaired/Improved CID Validation, More MD5s & Table Based Results. | |||
1.3.5 (30/1/19) Added CoreOS Reference Points (Additional CoreOS Per-Console Validation). | |||
1.3.3 (24/1/19) Reworked And Improved Both CID And UNK Sections Again, Added More MD5's, Added Application Version Checker, Removed Colored Bars, Added Comparator & Other Improvements Throughout. | |||
1.3.1 (19/1/19) Added More Validations & MD5's, Repaired Minor Bug. | |||
1.3 (15/1/19) Completely Reworked And Improved The CID Section And Added Additional Validations To The UNK Section & I Also Improved Some Other Validations Throughout. | |||
1.2.6 (18/12/18) Hopefully Fixed 'Black Screen' Issue, Recompiled In 32bit. | |||
1.2.5 (17/12/18) Added 2 New Flags (Possibly Initialization Flag?), Changed Validation Results, Improved Output/Info (HTML) & Added MD5's. | |||
1.2 (8/12/18) Improved All Alt Validations, Repaired Vtrm1, Internal Typo & Added Repetition Checks. | |||
1.1.1 (29/11/18) Typo Again, Made The SKU Not Come Up As Unlisted & Added Some MD5's. | |||
1.1 (28/11/18) Improved VTRM & CID Validation, Typo Fixes & Better Colours. | |||
1.0 (27/11/18) First Release! | |||
</pre> | |||
Developer Website:<br> | |||
https://betterwayelectronics.com.au/ | |||
Direct Link:<br> | |||
https://betterwayelectronics.com.au/BwE_PS4_NOR_Validator.rar | |||
Support/Information Forum:<br> | |||
https://www.psxhax.com/threads/release-bwe-ps4-nor-validator.6139/ | |||
==== BwE PS4 WiFi/BT Patcher & Extractor ==== | |||
[[File:Screenshot2.png|300px|thumb|left|WiFi/BT Results]] | |||
Developed by [[User:BwE]] this application is designed to validate, patch and or extract the [[Flash-Main#0x144000|WiFi/BT Module]] of the PS4. The reason for this is illustrated in [[Software_Wireless_BT#BwE_PS4_WiFi.2FBT_Patcher_.26_Extractor|this page on the wiki]]. It will use MD5, entropy and pattern analysis to determine if and where the module is corrupted. From here it will determine a valid replacement based on the console's expected module version and size. Should there be no matching version available the program will offer you the ability to patch a new header and new module. This methodology is risky, but if this is your only option then it is worth a try. | |||
< | <pre> | ||
'' | 1.3.5 (7/4/19) - Added New Patches (Including Special 'Update' Patches For Torus2) & Improved Validation/Interpretation (& Removed Loader!). | ||
1.3.4 (1/3/19) - Added FW/BIOS Versioning, Prettied It Up (Behind The Scenes Too) & Released to GitHub! | |||
1.3.3 (1/3/19) - Combined Patcher & Extractor, Added Additional Patch & Added Version Checker. | |||
1.3 (22/12/18) - Converted to 32bit (Hello 3absiso!), No Other Changes (Because this program is GREAT) | |||
1.2 (27/11/18) - Fixed Entropy + Added Better MD5 Validation + Added Better Header Validation | |||
1.1 (25/11/18) - Added Entropy + Better Looks | |||
1.0 (4/09/18) - First Release! | |||
</pre> | |||
Developer Website:<br> | |||
https://betterwayelectronics.com.au/ | |||
Direct Link:<br> | |||
https://betterwayelectronics.com.au/BwE_PS4_WiFi-BT_Patcher.rar | |||
Support/Information Forum:<br> | |||
https://www.psxhax.com/threads/bwe-ps4-wifi-bt-patcher-extractor-v1-00-by-betterwayelectronics.5936/ | |||
==== BwE PS4 NOR Statistics ==== | |||
[[File:Mainprogram.png|300px|thumb|left|Statistics Results]] | |||
This program, another micro version of [[User:BwE]]'s PS4 NOR Validator, is designed solely to validate your NOR based on statistics only!<br> | |||
Why make this you ask? Entropy and statistics are a well used methodology in the malware analysis field to determine if a binary file is encrypted, and by how much.<br> | |||
What is entropy? Entropy is a method for measuring uncertainty in a series of numbers or bytes. In technical terms, entropy measures the level of difficulty or the probability of independently predicting each number in the series.<br> | |||
What has this got to do with PS4s? Well the PS4's NOR is almost entirely encrypted and so with a collection of known valid NOR's it is possible to determine the level of entropy that represents a valid NOR and what level of entropy would represent a corrupt NOR.<br> | |||
When corruption occurs it will generally wipe out a large chuck of the NOR, cause the NOR to repeat itself or will fill the NOR with junk. All of this will decrease or severely increase the entropy.<br> | |||
Seeing as the PS4 firmware is likely to add more or less complexity with each update I have made avaliable a settings file where you can adjust the predicted statistics.<br> | |||
<pre> | <pre> | ||
Version | Version 1.0 (5/11/18) First initial release | ||
</pre> | </pre> | ||
Developer Website:<br> | |||
https://betterwayelectronics.com.au/ | https://betterwayelectronics.com.au/ | ||
Direct Link:<br> | |||
https://betterwayelectronics.com.au/ | https://betterwayelectronics.com.au/BwE_PS4_NOR_Statistics.rar | ||
Support/Information Forum:<br> | |||
https://www.psxhax.com/threads/bwe-ps4-nor-statistics-v1-00-by-betterwayelectronics.6074/ | |||
{{Reverse Engineering}} | {{Reverse Engineering}} | ||
<noinclude>[[Category:Main]]</noinclude> | <noinclude>[[Category:Main]]</noinclude> |