Talk:Downgrading with Hardware flasher

Quick 'n Dirty prepatched[edit source]

http://www.psdevwiki.com/files/firmware/MFW-CEX/Downgrader/315-downgrader.pup (163.88 MB) (MD5:954C3618BDEC277A546739CDB971C957 | SHA1:C074BD80F9F9AD13773163B69C0008528E6C2E6A | CRC16:C0FD | CRC32:75A740C5)
http://www.psdevwiki.com/files/firmware/MFW-CEX/Downgrader/341-downgrader.pup (167.1 MB) mirror

(MD5:533C668CDB8864442991310481BCF64A | SHA1:C7AA2637BA69C675C2F13C214888D0C42EE4CDAF | CRC16:881B | CRC32:0634A651)

http://www.psdevwiki.com/files/firmware/MFW-CEX/Downgrader/355-downgrader.pup (170.62 MB)

(MD5:8415159C72CA4050DF8B940874C52921 | SHA1:703368087CE5BF17319676CE6166CE8CCF5877C4 | CRC16:BD6B | CRC32:549F0348)

PS3MFW Features Enabled

Change PUP build / version
Patch LV1 (downgrader) checks
Patch LV1 hypervisor: Allow mapping of any memory area (Needed for LV2 Poke)
Patch LV2 kernel: Patch to add Peek&Poke system calls to LV2
Patch package installer: Patch to allow installation of pseudo-retail packages + debug packages
Patch Application launcher: Patch to allow running of unsigned applications
Add new icons to the XMB Game category: Add Install Package Files + app_home + icons to the XMB Game Category

3.41 NAND Preloaderdumps downgrader patches[edit source]

Use these NAND patches only on dumps made with NAND Preloader, not regular NAND dumps and not on NOR!

Target area	Patchfile	NAND Offset	Paste length	Remarks
ROS0	coreos_341_lv1_integryty_fix.bin patch1 (7 MB)	0x080030	0x6FFFE0	CoreOS (prepatched 3.41)
ROS1	coreos_341_lv1_integryty_fix.bin patch1 (7 MB)	0x780020	0x6FFFE0	CoreOS (SAME as ros0)
trvk_prg0 (0x051800) trvk_prg1 (0x052800)	trvk_prg (8 KB)	0x051800	0x2000	double patch overlapping both program revoke area's
trvk_pkg0 (0x053800) trvk_pkg1 (0x054800)	trvk_pkg (8 KB)	0x053800	0x2000	double patch overlapping both package revoke area's

(above patches in a single package + autopatcher file: 3.41_NAND_Preloaderdumps_downgrader_patches.rar)

3.41 NOR downgrader patches[edit source]

Use 3.41-NOR patches only on NOR consoles, not on NAND!

Target area	Patchfile	NOR Offset	Paste length	Remarks
ROS0	patch1 (7 MB)	0x0C0010	0x6FFFE0	CoreOS (prepatched 3.55)
ROS1	patch1 (7 MB)	0x7C0010	0x6FFFE0	CoreOS (SAME as ros0)
trvk_prg0 (0x40000) trvk_prg1 (0x60000) trvk_pkg0 (0x80000) trvk_pkg1 (0xA0000)	rvk-040000 (512 KB)	0x40000	0x80000	one big patch overlapping several revoke area's

(above patches in a single package + autopatcher file: 341-NOR downgrade.rar mirror)

E3 Flasher[edit source]

Use these instead (already reversed), otherwise you get into a maze of bytereversing: 341-E3 downgrade.rar

PS3 Nor and Nand Auto Patcher by Rogero[edit source]

Source[edit source]

///////////////////////////////////////////////////////////////////////////
// PS3 Nor and Nand Auto Patcher v0.05         by Rogero    25/Mar/2013 //
///////////////////////////////////////////////////////////////////////////


    #include <iostream>
    #include <fstream>
    //#include <string>
    #include <direct.h>
    #include "ConsoleColor.h"

	using namespace std;

	void Patch(char*, char*, char*, int, int);

	int main(int argc, char * argv[])
    {
    	cout<<green<<"-----------------------------------------------------------------------"<<endl;
        cout<<"    PS3 Flash Auto Patcher v4.55              by Rogero   15/Feb/2014"<<endl<<endl;
        cout<<"    ( Patch NOR and NAND Dumps with CFW4.55 patches / No FSM needed )"<<endl;
		cout<<"-----------------------------------------------------------------------"<<endl<<endl;


		if(argc < 2){

		  cout <<white<< endl << "Copy your PS3's Flash Dump into the program's folder,\n\n";
		  cout << "Then Drag and Drop your Dump File onto the exe to apply the Downgrade Patches.\n";
	      cout <<yellow<< endl << endl << endl << "Press any key to exit.";
		  cin.get();
	      return 0;
	  	}



	    cout <<yellow<< "Processing the file: " <<white<< endl << argv[1] << "\n\n\n";

        //WinXP current directory / Files Path Fix /////////////////////////////////
        string path = argv[0];
        //remove the executable file name from the full path to get current working directory
        path.erase(path.rfind("\\")+1, std::string::npos);

        //Change to Current working directory
        _chdir(path.c_str());
        ////////////////////////////////////////////////////////////////////////////


		FILE *ifile;
		unsigned char *buf = NULL;
		buf = (unsigned char *) malloc(1);
		int type = 0; // 0 = NOR , 1 = NOR ByteReversed , 2 = Nand Interleaved , 3 = Unknown , 4 = NOR metldr 2
		ifile = fopen( (char*) argv[1], "rb+");

		// Detect Dump type
		/////////////////////////////////////////////////////////////////////
		if (ifile != NULL) {
			fseek(ifile, 0x40220, SEEK_SET);  // read byte at 0x40220
			fread( buf, 1, 1, ifile);

			//printf("%02X",(int)buf[0]);
			if (("%02X",(int)buf[0]) == 0x61) // Nand
			{
				fseek(ifile, 0x40228, SEEK_SET);
				fread( buf, 1, 1, ifile);
				if (("%02X",(int)buf[0]) == 0x6C) // double check if Nand
				    type = 2;  // Nand
				else
					type = 3;  // Unknown
			}
			else
			{
				if (("%02X",(int)buf[0]) == 0x00) // Nor
				{
					fseek(ifile, 0x420, SEEK_SET);
					fread( buf, 1, 1, ifile);
					if (("%02X",(int)buf[0]) == 0x73) // check if ByteReversed
				    {
						fseek(ifile, 0x826, SEEK_SET);
						fread( buf, 1, 1, ifile);
						if (("%02X",(int)buf[0]) == 0x32) // check if metldr 2
								type = 4;  // Nor with metldr 2
							else
								type = 1;  // Nor ByteReversed
					}
					else
					{
						if (("%02X",(int)buf[0]) == 0x61) // check if Normal
				    	{
							fseek(ifile, 0x827, SEEK_SET);
							fread( buf, 1, 1, ifile);
							if (("%02X",(int)buf[0]) == 0x32) // check if metldr 2
								type = 4;  // Nor with metldr 2
							else
								type = 0;  // Nor Normal
						}
						else
							type = 3;  // Unknown
					}
				}
				else
					type = 3;  // Unknown
			}
		}
		/////////////////////////////////////////////////////////////////////

		cout <<yellow<< "Opening Files...\n\n";


		if (type == 0) // Normal dump = Progskeet
		{
			cout << "********************************************************\n";
			cout << "* This is a Normal NOR Dump (Progskeet/Winskeet style) *\n";
			cout << "********************************************************\n\n"<<white;

			Patch(argv[1], "Data/patch1n.bin", "Temp_1.bin", 786448, 1);
			Patch("Temp_1.bin", "Data/patch1n.bin", "NOR_patched.bin", 8126480, 2);

			//Patch("bkpps3_Temp_2.bin", "Data/patch2n.bin", "bkpps3_patched.bin", 262144, 3);
		}

		if (type == 1) // Byte-swapped dump = E3
		{
			cout << "*******************************************************\n";
			cout << "* This is a byte-reversed NOR Dump (E3 Flasher style) *\n";
			cout << "*******************************************************\n\n"<<white;

			Patch(argv[1], "Data/patch1r.bin", "Temp_1.bin", 786448, 1);
			Patch("Temp_1.bin", "Data/patch1r.bin", "bkpps3_NOR_patched.bin", 8126480, 2);
			//Patch("bkpps3_Temp_2.bin", "Data/patch2.bin", "bkpps3_patched.bin", 262144, 3);
		}

		if (type == 0 || type == 1)
		{
			cout <<yellow<< "Deleting Temp Files....\n";
			remove("Temp_1.bin");
			//remove("bkpps3_Temp_2.bin");
			cout << "Done.\n";
			cout << green << endl << endl << "Your NOR Dump was successfully patched and is ready to be flashed.";
			cout << yellow <<endl << endl << endl << "Press any key to exit.";
			cin.get();
			return(0);
		}

		if (type == 2) // Nand
		{
			cout << "*******************************************************\n";
			cout << "* This is an Interleaved NAND Dump (by FlowRebuilder) *\n";
			cout << "*******************************************************\n\n"<<white;

			Patch(argv[1], "Data/patch1n.bin", "Temp_1.bin", 786480, 1);
			Patch("Temp_1.bin", "Data/patch1n.bin", "NAND_patched.bin", 8126496, 2);
			//Patch("bkpps3_Temp_2.bin", "Data/patch2.bin", "bkpps3_patched.bin", 262144, 3);

			cout <<yellow<< "Deleting Temp Files....\n";
			remove("Temp_1.bin");
			//remove("bkpps3_Temp_2.bin");
			cout << "Done.\n";
			cout << green << endl << endl << "Your NAND Dump was successfully patched and is ready to be re-scrambled"<<endl<<"then de-interleaved into 2 flashes using latest version of FlowRebuilder.";
			cout << yellow <<endl << endl << endl << "Press any key to exit.";
			cin.get();
			return(0);
		}

		if (type == 3) // Unknown
		{
			cout <<red<< "********************************************************\n";
			cout << "* This is an Unknown Flash Type or a Bad File Detected *\n";
			cout << "********************************************************\n\n\n"<<white;

			cout << "The Program will exit now, check your Flash Dump then try again...";
			cout << yellow <<endl << endl << endl << "Press any key to exit.";
			cin.get();
			return(0);
		}

		if (type == 4) // Metldr 2
		{
			cout <<red<< "***********************************************************************\n";
			cout << "* This is a NOR Dump with a Non-Downgradable Metldr revision Detected *\n";
			cout << "***********************************************************************\n\n\n"<<white;

			cout << "The Program will exit now...";
			cout << yellow <<endl << endl << endl << "Press any key to exit.";
			cin.get();
			return(0);
		}

    } // end main
    //////////////////////////////////////////////////////////////////////////////////////////////////////////////
	//////////////////////////////////////////////////////////////////////////////////////////////////////////////
	//////////////////////////////////////////////////////////////////////////////////////////////////////////////

	void Patch(char* input, char* patch, char* output, int offset, int no)
    {
    	ifstream inmain(input,ios::in|ios::binary);
		ifstream inpatch(patch,ios::in|ios::binary);
    	ofstream patched(output,ios::out|ios::binary);

		if ( inmain.is_open() )
  		{
			if (inpatch.is_open())
			{

				if (patched.is_open())
				{

					cout << "Applying Patch Number "<<no<<"...\n";

					int patchStartOffset = offset ;
    				char ioChar;
    				for (int i = 0; i < patchStartOffset; i++)
    				{
    					inmain.get(ioChar);
    					patched.put(ioChar);
    				}

					int patchLen = 0;
					while (inpatch.get(ioChar))
    				{
						patched.put(ioChar);
    					patchLen++;
					}

    				streampos mainPos = inmain.tellg();
    				mainPos += patchLen;
    				inmain.seekg(mainPos);
    				while (inmain.get(ioChar))
    				{
    					patched.put(ioChar);
    				}

					patched.close();
					inpatch.close();
					inmain.close();
				}
				else
  				{
    				cout << "Error opening output file !!\n\n";
					cout << "Please make sure you have enough free space to run the program...\n\n\n\n";
					cout << "Press any key to exit.";
					cin.get();
					exit(0);
				}
			}
			else
  			{
    			cout << "Error opening patch file !!\n\n";
				cout << "Please make sure to place the Nor Dump inside the Program's folder\n";
				cout << "before you Drag and Drop.\n\n\n\n";
				cout << "Press any key to exit.";
				cin.get();
				exit(0);
			}
		}
		else
  		{
    		cout << "Error opening input file\n";
			cout << "Press any key to exit.";
			cin.get();
			exit(0);
		}
	}

Venix Autopatcher[edit source]

Warning[edit source]

Warning
This tool is known and proven to give false positives on bad dumps that lead to permabricks. Use this method: Validating flash dumps to make sure the dumps are in crisp condition. You cannot recover from bad flash without proper dumps (e.g. bricking the console beyond repair). note: there are 12½ million bits to permabrick a console

Some portuguese dude (somehow venix name reminds me of a fake bricker CFW and highly hyped and never released manager long time ago) apparently never found wiki guides or used flowrebuilder/winskeet autopatcher or hexeditor with autopatch scripts.

Versions[edit source]

Venix Downgrade GUI v1.0.0.0\Venix Downgrade.exe
 SHA1:BED08FC1FEF623C08E84832DAB0DF428D3143BF5 | MD5:1215174ED33E599B7F23F345B01B6EF9 | CRC32:3339B7F8 | CRC16:3F31
   
Venix Downgrade GUI v1.0.0.1\Venix Downgrade.exe
 SHA1:06689D0ACB9072EE0D6BA6B9C7665A4C375F583A | MD5:F7FE9D028DC2DF6DD281E0AA90653DC4 | CRC32:0903470A | CRC16:013F

Tests[edit source]

Time for some tests, like I did with E3 Nor dump checker.

Quick bulletproof test[edit source]

does not test:

bad region - not detected, user not warned -> result = brick file
bad A9 wire - not detected, patch file created -> result = brick file
bad A10 wire - not detected, patch file created -> result = brick file
bad A11 wire - not detected, patch file created -> result = brick file
bad A12 wire - not detected, patch file created -> result = brick file
bad A13 wire - not detected, patch file created -> result = brick file
bad A14 wire - not detected, patch file created -> result = brick file
bad A15 wire - not detected, patch file created -> result = brick file
bad A16 wire - not detected, patch file created -> result = brick file
bad A17 wire - not detected, patch file created -> result = brick file
bad A18 wire - not detected, patch file created -> result = brick file
bad A19 wire - not detected, patch file created -> result = brick file
bad A20 wire - not detected, patch file created -> result = brick file
bad A21 wire - not detected, patch file created -> result = brick file
bad A22 wire - not detected, patch file created -> result = brick file
bad boardID - not detected, patch file created -> result = brick file
bad bootldr - not detected, patch file created -> result = brick file
bad cCSD unreferenced area - not detected, patch file created -> result = brick file
bad cISD unreferenced area - not detected, patch file created -> result = brick file
bad EID unreferenced area - not detected, patch file created -> result = brick file
bad header - not detected, patch file created -> result = brick file
bad header asecure loader - not detected, patch file created -> result = brick file
bad header cISD - not detected, patch file created -> result = brick file
bad header cvtrm - not detected, patch file created -> result = brick file
bad header eEID - not detected, patch file created -> result = brick file
bad header metldr - not detected, patch file created -> result = brick file
bad metldr - not detected, patch file created -> result = brick file
bad/missing bootldr - not detected, patch file created -> result = brick file
bad/missing cCSD - not detected, patch file created -> result = brick file
bad/missing cISD0 - not detected, patch file created -> result = brick file
bad/missing cISD1 - not detected, patch file created -> result = brick file
bad/missing cISD2 - not detected, patch file created -> result = brick file
bad/missing EID0 - not detected, patch file created -> result = brick file
bad/missing EID1 - not detected, patch file created -> result = brick file
bad/missing EID2 - not detected, patch file created -> result = brick file
bad/missing EID3 - not detected, patch file created -> result = brick file
bad/missing EID4 - not detected, patch file created -> result = brick file
bad/missing EID5 - not detected, patch file created -> result = brick file
bad/missing metldr - not detected, patch file created -> result = brick file
bad/missing PerConsoleNonce - not detected, patch file created -> result = brick file
bad patterned non 00's - not detected, patch file created -> result = brick file
bad patterned non FF's - not detected, patch file created -> result = brick file
bad region - not detected, patch file created -> result = brick file

partly test (if user flashes that, it will permabrick):

bad A0 wire - detected, 00 filled file created -> result = brick file
bad A1 wire - detected, 00 filled file created -> result = brick file
bad A2 wire - detected, 00 filled file created -> result = brick file
bad A3 wire - detected, 00 filled file created -> result = brick file
bad A4 wire - detected, 00 filled file created -> result = brick file
bad A5 wire - detected, 00 filled file created -> result = brick file
bad A6 wire - detected, 00 filled file created -> result = brick file
bad A7 wire - detected, 00 filled file created -> result = brick file
bad A8 wire - detected, 00 filled file created -> result = brick file
bad header IFI - detected, patch file created -> result = brick file

does test:

circulair reference - errors out: "The process cannot access the file '\nor-validationtest\venix.bin' because it is being used by another process." -> result = OK

Conclusion[edit source]

Conclusion : USELESS, brickdumps will still show as 'valid' and corrupt patch files will be generated, not preventing the user from permabricking.

Recomendation[edit source]

Recommendation: Validate flash dumps first and use Flowrebuilder or Winskeet with autopatcher instead.

Newssites that news'ed the 'tool'[edit source]

http://www.ps3crunch.net/forum/threads/3162-Venix-Downgrade-GUI-released-for-Playstation-3 (removed it later)
http://psx-scene.com/forums/content/venix-downgrade-gui-automated-downgrader-validator-2118 (added warning "USE WITH CAUTION!!!! Read the posts below first!!!!")
http://www.ps3news.com/ps3-cfw-mfw/venix-downgrade-ps3-4-11-to-3-55-patch-gui-is-released/

Newssite that refused to news it[edit source]

http://www.ps3hax.net/2012/04/warning-venix-autopatcher-is-a-dangerous-tool-do-not-use-it/ (they had read above warning on wiki and decided it was best for their users not to frontpage it)

Patches contained inside binairy[edit source]

trvk_prg[edit source]

1[edit source]

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00701BB0                                   00 00 00 00 00             .....
00701BC0  00 00 00 00 00 00 00 00 00 02 E0 53 43 45 00 00  ..........àSCE..
00701BD0  00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00  ................
00701BE0  00 02 00 00 00 00 00 00 00 00 E0 11 07 9A A0 E5  ..........à..š å
00701BF0  A2 D4 48 DE 06 9C E7 E3 74 A8 67 33 E5 95 F4 56  ¢ÔHÞ.œçãt¨g3å•ôV
00701C00  F4 DC E3 9B 64 56 A1 0C 11 98 79                 ôÜã›dV¡..˜y
...

2[edit source]

(same as 1)

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00702BA0                                   00 00 00 00 00             .....
00702BB0  00 00 00 00 00 00 00 00 00 02 E0 53 43 45 00 00  ..........àSCE..
00702BC0  00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00  ................
00702BD0  00 02 00 00 00 00 00 00 00 00 E0 11 07 9A A0 E5  ..........à..š å
00702BE0  A2 D4 48 DE 06 9C E7 E3 74 A8 67 33 E5 95 F4 56  ¢ÔHÞ.œçãt¨g3å•ôV
00702BF0  F4 DC E3 9B 64 56 A1 0C 11 98 79                 ôÜã›dV¡..˜y
...

3[edit source]

(same as 1)

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
01545B90                                            00 00                ..
01545BA0  00 00 00 00 00 00 00 00 00 00 00 00 00 02 E0 53  ..............àS
01545BB0  43 45 00 00 00 00 02 00 00 00 02 00 00 00 00 00  CE..............
01545BC0  00 00 00 00 00 02 00 00 00 00 00 00 00 00 E0 11  ..............à.
01545BD0  07 9A A0 E5 A2 D4 48 DE 06 9C E7 E3 74 A8 67 33  .š å¢ÔHÞ.œçãt¨g3
01545BE0  E5 95 F4 56 F4 DC E3 9B 64 56 A1 0C 11 98 79     å•ôVôÜã›dV¡..˜y
...

trvk_pkg[edit source]

4[edit source]

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00703BB0                                   00 00 00 00 00             .....
00703BC0  00 00 00 00 00 00 00 00 00 02 60 53 43 45 00 00  ..........`SCE..
00703BD0  00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00  ................
00703BE0  00 02 00 00 00 00 00 00 00 00 60 BD 25 0F C3 46  ..........`½%.ÃF
00703BF0  1C ED 7C A9 0D 0B 63 31 C5 10 FD 5C A0 CA 58 D3  .í|©..c1Å.ý\ ÊXÓ
00703C00  F1 A9 DB B7 03 C5 94 66 83 C1 96                 ñ©Û·.Å”fƒÁ–
...

5[edit source]

(same as 1)

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
01505B80                 00 00 00 00 00 00 00 00 00 00 00       ...........
01505B90  00 00 00 02 60 53 43 45 00 00 00 00 02 00 00 00  ....`SCE........
01505BA0  02 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00  ................
01505BB0  00 00 00 00 60 BD 25 0F C3 46 1C ED 7C A9 0D 0B  ....`½%.ÃF.í|©..
01505BC0  63 31 C5 10 FD 5C A0 CA 58 D3 F1 A9 DB B7 03 C5  c1Å.ý\ ÊXÓñ©Û·.Å
01505BD0  94 66 83 C1 96                                   ”fƒÁ–
...

6[edit source]

(same as 4)

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
01525B90        00 00 00 00 00 00 00 00 00 00 00 00 00 00    ..............
01525BA0  02 60 53 43 45 00 00 00 00 02 00 00 00 02 00 00  .`SCE...........
01525BB0  00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00  ................
01525BC0  00 60 BD 25 0F C3 46 1C ED 7C A9 0D 0B 63 31 C5  .`½%.ÃF.í|©..c1Å
01525BD0  10 FD 5C A0 CA 58 D3 F1 A9 DB B7 03 C5 94 66 83  .ý\ ÊXÓñ©Û·.Å”fƒ
01525BE0  C1 96                                            Á–
...

ros[edit source]

7[edit source]

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00001BA0                    00 00 00 01 00 00 00 18 00 00        ..........
00001BB0  00 00 00 6F FF E0 00 00 00 00 00 00 04 90 00 00  ...oÿà..........
00001BC0  00 00 00 00 42 98 61 69 6D 5F 73 70 75 5F 6D 6F  ....B˜aim_spu_mo
00001BD0  64 75 6C 65 2E 73 65 6C 66 00 00 00 00 00 00 00  dule.self.......
00001BE0  00 00 00 00 00 00 00 00 00 00 00 00 47 30 00 00  ............G0..
00001BF0  00 00 00 01 F6 D8 61 70 70 6C 64 72 00 00 00 00  ....öØappldr....
00001C00  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

8[edit source]

(same as 7)
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00705BA0                                   00 00 00 01 00             .....
00705BB0  00 00 18 00 00 00 00 00 6F FF E0 00 00 00 00 00  ........oÿà.....
00705BC0  00 04 90 00 00 00 00 00 00 42 98 61 69 6D 5F 73  .........B˜aim_s
00705BD0  70 75 5F 6D 6F 64 75 6C 65 2E 73 65 6C 66 00 00  pu_module.self..
00705BE0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00705BF0  00 47 30 00 00 00 00 00 01 F6 D8 61 70 70 6C 64  .G0......öØappld
00705C00  72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  r...............

9[edit source]

(same as 7)
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00E05B90                          00 00 00 01 00 00 00 18          ........
00E05BA0  00 00 00 00 00 6F FF E0 00 00 00 00 00 00 04 90  .....oÿà........
00E05BB0  00 00 00 00 00 00 42 98 61 69 6D 5F 73 70 75 5F  ......B˜aim_spu_
00E05BC0  6D 6F 64 75 6C 65 2E 73 65 6C 66 00 00 00 00 00  module.self.....
00E05BD0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 47 30  ..............G0
00E05BE0  00 00 00 00 00 01 F6 D8 61 70 70 6C 64 72 00 00  ......öØappldr..
00E05BF0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Note[edit source]

wiki v2 downgrader contains 2 patchsets, used on 3 offsets. Having 9 sounds like a bit of overkill to bloat the binairy.

Checks[edit source]

There is not much checked in the patcher: - only size is checked - and header "oÿà" (bytereversed, like with progskeet, teensy etc) versus "àÿo" (as E3).

10[edit source]

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00001A30  0A 4E 00 61 00 6E 00 64 00 31 00 00 00 00 00 18  .N.a.n.d.1......
00001A40  4E 00 61 00 6E 00 64 00 31 00 52 00 65 00 70 00  N.a.n.d.1.R.e.p.
00001A50  65 00 61 00 74 00 31 00 E5 FF 6F 00 14 4E 00 61  e.a.t.1.åÿo..N.a
00001A60  00 6E 00 64 00 31 00 53 00 74 00 61 00 72 00 74  .n.d.1.S.t.a.r.t
00001A70  00 ED FF 6F 00 0A 4E 00 61 00 6E 00 64 00 32 00  .íÿo..N.a.n.d.2.
00001A80  F5 FF 6F 00 14 4E 00 61 00 6E 00 64 00 32 00 53  õÿo..N.a.n.d.2.S
00001A90  00 74 00 61 00 72 00 74 00 FA 3F 70 00 12 4E 00  .t.a.r.t.ú?p..N.
00001AA0  61 00 6E 00 64 00 43 00 6F 00 75 00 6E 00 74 00  a.n.d.C.o.u.n.t.
00001AB0  02 40 70 00 08 4E 00 6F 00 72 00 31 00 05 40 70  [email protected]..@p
00001AC0  00 12 4E 00 6F 00 72 00 31 00 53 00 74 00 61 00  ..N.o.r.1.S.t.a.
00001AD0  72 00 74 00 EA 3F E0 00 08 4E 00 6F 00 72 00 32  r.t.ê?à..N.o.r.2
00001AE0  00 F2 3F E0 00 12 4E 00 6F 00 72 00 32 00 53 00  .ò?à..N.o.r.2.S.
00001AF0  74 00 61 00 72 00 74 00 D7 3F 50 01 08 4E 00 6F  t.a.r.t.×?P..N.o
00001B00  00 72 00 33 00 DF 3F 50 01 12 4E 00 6F 00 72 00  .r.3.ß?P..N.o.r.
00001B10  33 00 53 00 74 00 61 00 72 00 74 00 E4 3F 52 01  3.S.t.a.r.t.ä?R.
00001B20  08 4E 00 6F 00 72 00 34 00 EC 3F 52 01 12 4E 00  .N.o.r.4.ì?R..N.
00001B30  6F 00 72 00 34 00 53 00 74 00 61 00 72 00 74 00  o.r.4.S.t.a.r.t.
00001B40  F1 3F 54 01 08 4E 00 6F 00 72 00 35 00 F9 3F 54  ñ?T..N.o.r.5.ù?T
00001B50  01 12 4E 00 6F 00 72 00 35 00 53 00 74 00 61 00  ..N.o.r.5.S.t.a.
00001B60  72 00 74 00 FE 3F 56 01 08 4E 00 6F 00 72 00 36  r.t.þ?V..N.o.r.6
00001B70  00 06 40 56 01 12 4E 00 6F 00 72 00 36 00 53 00  [email protected].
00001B80  74 00 61 00 72 00 74 00 0B 40 58 01 10 4E 00 6F  [email protected]
00001B90  00 72 00 43 00 6F 00 75 00 6E 00 74 00 13 40 58  .r.C.o.u.n.t..@X
00001BA0  01 20 E0 FF 6F 00 00 00 00 01 00 00 00 18 00 00  . àÿo...........
00001BB0  00 00 00 6F FF E0 00 00 00 00 00 00 04 90 00 00  ...oÿà..........

Thus it fails miserably in the comparison of Flowrebuilder' options like un/rescramble + de-/interleave, bytereverse, unpacking and autopatching, while checking and informing the user about possible errors in the dump.

Venix Downgrade GUI v1.2 BETA[edit source]

http://psx-scene.com/forums/content/venix-downgrade-gui-v1-2-beta-improved-validation-2135/

Quick bulletproof test[edit source]

wrongly detected:

bad A0 wire -> Validation Failed00 byte count
bad A1 wire -> Validation Failed00 byte count
bad A2 wire -> Validation Failed00 byte count
bad A3 wire -> Validation Failed00 byte count
bad A4 wire -> Validation Failed00 byte count
bad A5 wire -> Validation Failed00 byte count
bad A6 wire -> Validation Failed00 byte count
bad A7 wire -> Validation Failed00 byte count
bad A8 wire -> Validation Failed00 byte count
bad A9 wire -> Validation Failed00 byte count
bad A10 wire -> Validation Failed00 byte count
bad A11 wire -> Validation Failed00 byte count
bad A12 wire -> Validation Failed00 byte count
bad A13 wire -> Validation Failed00 byte count
bad A14 wire -> Validation Failed00 byte count
bad A15 wire -> Validation Failed00 byte count
bad A16 wire -> Validation Failed00 byte count
bad A17 wire -> Validation Failed00 byte count
bad A18 wire -> Validation Failedff byte count
bad A19 wire -> Validation Failed00 byte count
bad A20 wire -> Validation Failed00 byte count
bad A21 wire -> Validation Failed00 byte count
bad A22 wire -> Validation Failedff byte count
bad bootldr -> Validation Failed00 byte count
bad bootldr -> Validation Failed00 byte count
bad cCSD unreferenced area -> Validation Failed00 byte count
bad cISD unreferenced area -> Validation Failed00 byte count
bad EID unreferenced area -> Validation Failed00 byte count
bad header -> Validation Failed00 byte count
bad header asecure loader -> Validation Failed00 byte count
bad header cISD -> Validation Failed00 byte count
bad header cvtrm -> Validation Failed00 byte count
bad header eEID -> Validation Failed00 byte count
bad IFI -> Validation Failed00 byte count
bad header trvk -> Validation Failed00 byte count
bad metldr -> Validation Failed00 byte count
bad/missing bootldr -> Validation Failedff byte count
bad/missing cCSD -> Validation Failed00 byte count
bad/missing cISD0 -> Validation Failed00 byte count
bad/missing cISD1 -> Validation Failed00 byte count
bad/missing cISD2 -> Validation Failed00 byte count
bad/missing EID0 -> Validation Failed00 byte count
bad/missing EID1 -> Validation Failed00 byte count
bad/missing EID2 -> Validation Failed00 byte count
bad/missing EID3 -> Validation Failed00 byte count
bad/missing EID4 -> Validation Failed00 byte count
bad/missing EID5 -> Validation Failed00 byte count
bad/missing metldr -> Validation Failed00 byte count
bad/missing PerConsoleNonce -> Validation Failed00 byte count
bad patterned non 00's -> Validation Failed00 byte count
bad patterned non FF's -> Validation Failed00 byte count
bad region -> Validation Failed00 byte count
bad filelength -> application hangs
known good reference dumps (184) -> Validation Failed00 byte count

Conclusion[edit source]

USELESS, 100% valid files will be failing 00/ff check. Improper files will be failing 00/ff check too, and no detection of the root of the cause. Nothing was patched and gives the user a permanent false sense of having bad dumps without leads of what to solve.

Talk:Downgrading with Hardware flasher

Contents

Quick 'n Dirty prepatched[edit source]

3.41 NAND Preloaderdumps downgrader patches[edit source]

3.41 NOR downgrader patches[edit source]

E3 Flasher[edit source]

PS3 Nor and Nand Auto Patcher by Rogero[edit source]

Source[edit source]

Venix Autopatcher[edit source]

Warning[edit source]

Intro[edit source]

Versions[edit source]

Tests[edit source]

Quick bulletproof test[edit source]

Conclusion[edit source]

Recomendation[edit source]

Newssites that news'ed the 'tool'[edit source]

Newssite that refused to news it[edit source]

Patches contained inside binairy[edit source]

trvk_prg[edit source]

1[edit source]

2[edit source]

3[edit source]

trvk_pkg[edit source]

4[edit source]

5[edit source]

6[edit source]

ros[edit source]

7[edit source]

8[edit source]

9[edit source]

Note[edit source]

Checks[edit source]

10[edit source]

Venix Downgrade GUI v1.2 BETA[edit source]

Quick bulletproof test[edit source]

Conclusion[edit source]

Navigation menu

Talk:Downgrading with Hardware flasher

Quick 'n Dirty prepatched[edit source]

3.41 NAND Preloaderdumps downgrader patches[edit source]

3.41 NOR downgrader patches[edit source]

E3 Flasher[edit source]

PS3 Nor and Nand Auto Patcher by Rogero[edit source]

Source[edit source]

Venix Autopatcher[edit source]

Warning[edit source]

Intro[edit source]

Versions[edit source]

Tests[edit source]

Quick bulletproof test[edit source]

Conclusion[edit source]

Recomendation[edit source]

Newssites that news'ed the 'tool'[edit source]

Newssite that refused to news it[edit source]

Patches contained inside binairy[edit source]

trvk_prg[edit source]

1[edit source]

2[edit source]

3[edit source]

trvk_pkg[edit source]

4[edit source]

5[edit source]

6[edit source]

ros[edit source]

7[edit source]

8[edit source]

9[edit source]

Note[edit source]

Checks[edit source]

10[edit source]

Venix Downgrade GUI v1.2 BETA[edit source]

Quick bulletproof test[edit source]

Conclusion[edit source]

Navigation menu

Search