Talk:Flash: Difference between revisions
m (Dark Mode) |
|||
(33 intermediate revisions by 11 users not shown) | |||
Line 1: | Line 1: | ||
= List of files on NOR Flash (OLD/historic) = | = List of files on NOR Flash (OLD/historic) = | ||
'''Note: <span style=" | '''Note: <span style="color:red!important;">this is the old table that defyboy made<!--// and kept here for crossreference/backup/historic reasons - don't delete!//-->, a more current one with absolute values and for all firmware versions is on the [[Flash|Flash mainpage]]</span>''' | ||
The following is a list of files stored in NOR Flash | The following is a list of files stored in NOR Flash | ||
Line 226: | Line 224: | ||
'''remarks:''' | '''remarks:''' | ||
* NAND dumps are 239MB because HV masks bootldr, see [ | * NAND dumps are 239MB because HV masks bootldr, see [[Hardware_flashing#Difference_between_hardware_dumps_and_software_dumps | Difference between hardware dumps and software dumps]] | ||
* trying to read beyond 0xEFC0000-0xFFFFFFF on NAND systems (a region filled with FF's on consoles without OtherOS) results in panic | * trying to read beyond 0xEFC0000-0xFFFFFFF on NAND systems (a region filled with FF's on consoles without OtherOS) results in panic | ||
Line 947: | Line 945: | ||
0EAFFFF0 B4 AB B6 56 BD 7F 04 56 AC 39 08 C9 BE 2D 97 A6 ´«¶V½..V¬9.ɾ-—¦ | 0EAFFFF0 B4 AB B6 56 BD 7F 04 56 AC 39 08 C9 BE 2D 97 A6 ´«¶V½..V¬9.ɾ-—¦ | ||
</pre> | </pre> | ||
===== 0EB00000 unreferenced area ===== | ===== 0EB00000 unreferenced area ===== | ||
with length of previous data area different, offset obviously differs from euss | with length of previous data area different, offset obviously differs from euss | ||
Line 1,001: | Line 998: | ||
</pre> | </pre> | ||
=== 0F300000 repeative 0x200 data / 0x200 FF blocks === | === 0F300000 repeative 0x200 data / 0x200 FF blocks === | ||
then at 0F300000 | then at 0F300000 | ||
[ data of 0x200 length, followed by FF block of 0x200 length ] X repeated until 0x0F30C5FF | |||
<pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 1,016: | Line 1,013: | ||
0F30C5F0 63 74 39 03 F1 E8 B4 86 07 FF CC BF 54 28 A0 96 ct9.ñè´†.ÿÌ¿T( – | 0F30C5F0 63 74 39 03 F1 E8 B4 86 07 FF CC BF 54 28 A0 96 ct9.ñè´†.ÿÌ¿T( – | ||
</pre> | </pre> | ||
=== 0F30C600 FF block === | === 0F30C600 FF block === | ||
followed by a long FF block | followed by a long FF block | ||
Line 1,050: | Line 1,046: | ||
=== 0F700200 repeative 0x200 data / 0x200 FF blocks === | === 0F700200 repeative 0x200 data / 0x200 FF blocks === | ||
then at 0F700200 | then at 0F700200 | ||
[ data of 0x200 length, followed by FF block of 0x200 length ] X repeated until 0x0F70C7F0 | |||
<pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 1,076: | Line 1,072: | ||
=== 0F700200 repeative 0x200 00 blocks / 0x200 FF blocks === | === 0F700200 repeative 0x200 00 blocks / 0x200 FF blocks === | ||
then at 0F700200 | then at 0F700200 | ||
[ 00 block of 0x200 length, followed by FF block of 0x200 length ] X repeated until 0x0FD3FFFF | |||
<pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 1,134: | Line 1,130: | ||
=== 0FE80000 repeative 0x200 00 blocks / 0x200 FF blocks === | === 0FE80000 repeative 0x200 00 blocks / 0x200 FF blocks === | ||
then at 0FE80000 | then at 0FE80000 | ||
[ 00 block of 0x200 length, followed by FF block of 0x200 length ] X repeated until 0x0FEBF5FF | |||
<pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 1,163: | Line 1,159: | ||
== NAND reference (bluemimmo) == | == NAND reference (bluemimmo) == | ||
CECHA-06/COK-001 with 3.60 OFW | CECHA-06/COK-001 with 3.60 OFW | ||
=== VTRM === | |||
<pre> | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
00D80000 53 43 45 49 56 54 52 4D 00 00 00 00 00 00 00 A8 SCEIVTRM.......¨ | |||
00D80010 00 00 00 00 00 E8 02 00 00 00 00 00 00 00 00 28 .....è.........( | |||
00D80020 00 00 00 00 56 54 52 4D 00 00 00 00 00 00 00 04 ....VTRM........ | |||
00D80030 DD 8F ED 9A 82 76 B5 2C 2A 99 A2 ED E3 AF B8 4E Ý.íš‚vµ,*™¢í㯸N | |||
00D80040 F9 F6 0F CE 00 00 00 00 00 00 00 00 00 E8 27 20 ùö.Î.........è' | |||
00D80050 00 00 00 00 00 00 00 60 00 00 00 00 00 00 09 20 .......`....... | |||
00D80060 04 00 00 00 02 00 00 05 10 70 00 05 FF 00 00 01 .........p..ÿ... | |||
00D80070 9D 2B 1C B4 04 09 59 5C 7B 6A A6 F6 B4 BB A6 FF .+.´..Y\{j¦ö´»¦ÿ | |||
00D80080 CA C2 B0 E9 34 3E 39 3C F4 1D 00 E8 B5 42 89 D7 Ê°é4>9<ô..èµB‰× | |||
00D80090 C5 12 67 F3 A2 DD 9B 5E AF A1 FE DB 19 27 C9 CB Å.gó¢Ý›^¯¡þÛ.'ÉË | |||
00D800A0 4F DE D5 CF 7A B2 C2 7B 8C 44 BE 99 54 DB 99 93 OÞÕÏz²Â{ŒD¾™TÛ™“ | |||
00D800B0 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ | |||
00D800C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00D800D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00D800E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00D800F0 FF FF FF FF FF FF FF FF 00 00 00 00 00 EB E4 8C ÿÿÿÿÿÿÿÿ.....ëäŒ | |||
00D80100 00 00 00 00 00 00 00 14 86 1E A7 45 DB 22 16 01 ........†.§EÛ".. | |||
00D80110 EF 94 71 06 CD 91 7B 0F 95 D1 36 71 FF FF FF FF ï”q.Í‘{.•Ñ6qÿÿÿÿ | |||
00D80120 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
</pre> | |||
=== cell_ext_os_area === | === cell_ext_os_area === | ||
Line 1,173: | Line 1,194: | ||
0FFFFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 0FFFFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
0FFFFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ</pre> | 0FFFFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ</pre> | ||
== NAND reference CECHG04/SEM-001(sinsizer) == | == NAND reference CECHG04/SEM-001(sinsizer) == | ||
Line 1,392: | Line 1,412: | ||
0E75B9F0 C6 68 5E A6 57 72 00 CE B7 97 B1 C1 78 2A 26 9A Æh^¦Wr.η—±Áx*&š | 0E75B9F0 C6 68 5E A6 57 72 00 CE B7 97 B1 C1 78 2A 26 9A Æh^¦Wr.η—±Áx*&š | ||
</pre> | </pre> | ||
===== 0E75BA00 unreferenced area (size | ===== 0E75BA00 unreferenced area (size 0x24600) ===== | ||
<pre>Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | <pre>Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 1,421: | Line 1,441: | ||
0E7807F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 0E7807F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
</pre> | </pre> | ||
[https://www.kernel.org/pub/linux/kernel/people/geoff/cell/ps3-linux-docs/BootLinuxAndInstallation.html crosschecking] | |||
=== OtherOS === | === OtherOS === | ||
[[Flash:OtherOS]] | [[Flash:OtherOS]] | ||
Line 1,496: | Line 1,519: | ||
Data seen in prior 0D702000 data area. | Data seen in prior 0D702000 data area. | ||
'''The | '''The whole section till the end contains these 0x200 blocks of data and FF. Some bigger FF gaps in between.''' | ||
---- | ---- | ||
== Hidden value in VTRM (NOR Flash) == | |||
[[Flash:cvtrm]] | |||
* from offset 0xEDD748 count 199 (0xC7) values of a 0x14 byte value (hash1) until you reach 0xEDE6D4, where you'll find another 0x14 byte value (hash2) | |||
* from there, count 520 (321 + 199) values of the same repeated 0x14 byte value until you reach the second offset where you'll find the same hash of the first 199 step count (you can just search for the value to encounter it faster). | |||
* in the area in the middle there's a third 0x14 value (hash3) at offset 0xEE4010 (repeated also twice in each vtrm) | |||
maybe these are all sha1 hashes of something? | |||
* 0xEE4010 should be an sha1 of root hsec, if syscon sends different hsec the sha1 wont match to VTRM it will lead to an [[RSOD]]. (root hash/ root hsec - srh) | |||
* vtrm table is almost equally build up like PFD files. | |||
===Experiments (with above hashes)=== | |||
* replacing both hash 2 with either hash3 or hash1 doesn't result in RSOD. why? (possibly hash1 and hash3 are fallback hashes?) | |||
* filling hash2 with any other value besides hash1/2/3 in hash2 WILL result in RSOD | |||
* no considerable changes found with experiment. most considerable changes would happen when the guilty is hardware and not software. | |||
* hash_repeated:hmac_sha1(srk,empty data) | |||
* hash_hidden:hmac_sha1(srk,0x58 bytes of empty sector) | |||
* srh is the hash of the signature table (the giant table with the repeated hashes and the hidden one) hashed with srk key | |||
* header hash is just a hmac sha1 of hmac sha1 of vtrm section without header (0x28 bytes) and signature table(again, with srk key, hashed twice) | |||
= RAW NAND + bad blocks = | |||
Each page of a block has 2048 bytes of data plus a 64 bytes oob (out of bounds) or spare area. This oob area contains 4*14 bytes ecc data for 4*512 bytes of actual data (of which 10 bytes are the actual ecc plus 4 unknown bytes). It totally unrelated to bad blocks. The remaining 8 bytes of oob contain eg. information of block status (good or bad) and the block mapping (physical block location in nand mapped to logical block location in merged dump). | |||
The PS3 has many different ways of doing this depending on the location of bad blocks. That's [[:File:Nand-extract-error2.png|where flowrebuilder fails]], because it doesn't know all the different ways of doing it (if it [[:File:Nand-extract-noerror.png|doesn't fail]] it means it had bad blocks in a way that Flowrebuilder understands). | |||
== As requoted from NORpatch == | |||
https://raw.githubusercontent.com/hjudges/NORway/824bab547698ebac8c69158d15e0c18d866c0a95/norpatch_README.txt | |||
<div style="border-width: 1px; border-style:dashed; border-color:#000000; padding: 10px; background-color:#FFFFFF; color:#000000; ">Some additional information on how to use "norpatch" for checking ECC errors of raw NAND dumps... | |||
<nowiki>***</nowiki> All credits go to "RPS" who developed/reversed the ECC algo (according to Flow Rebuilder title). <nowiki>***</nowiki> | |||
The algo was like forever available in Flow Rebuilder, but it was only used to create new ECCs for patched dumps. I actually don't know why there's no "checking" function. I've been using it for over a year now to validate nand dumps, cause it's a handy *additional* verification step. I've been asked many times to release this, but I didn't develop the algo, so I never did. Since the Flow Rebuilder source code is floating around anyway, I figured what the heck. Feel free to complain.. :P | |||
It's important to understand what ECC (Error Correcting Code) is and what it does (and more importantly - what it doesn't do!): | |||
* A PS3 NAND has a 10 byte ECC for each 512 byte sector. | |||
* The PS3 uses the ECC to detect and correct errors (as everything with Sony it's a propriatary algo, but commonly a 10 byte ECC can correct up to 4 invalid bytes). | |||
* RPS' implementation can only be used to detect errors, not to correct them! | |||
Where ECC fails: | |||
* Your flasher returned all 0xFF for a sector/page/block instead of correct data. This won't be detected by ECC, as the ECC for 512 * 0xFF = 10 * 0xFF. | |||
* Your flasher swapped pages while dumping, e.g. page 0 is located at the offset of page 1 and vice versa. The ECC will be correct, but the dump is still invalid. | |||
What do you do when there are ECC errors? | |||
* ECC errors are normal and it does happen that a NAND cell loses its content. Usually the PS3 will correct the error. | |||
* As a rule of thumb you can say that up to 10 errors per dump are a valid range. If you get significantly more than that, you should worry (in case of a bad dump, you'll usually get hundreds of errors - or no errors at all if your dump is just 0xFF's :) ). | |||
* When there're 10 or less errors, check the location of the errors - this requires some calculation: you'll get a block number for the error, which is the physical block in your raw dump. You have to convert this physical block number to a logical offset in your merged dump generated by Flow Rebuilder. When unscrambling dumps, Flow Rebuilder will create a text file called "nand0_phy_mapping.txt" and "nand1_phy_mapping.txt". Open the file that corresponds to the dump you've checked for ECC errors (0=top, 1=bottom). First column is the physical block, second column is the logical block. Locate the physical block number reported by the ECC check, take the corresponding (decimal) logical block number and multiply it with 0x40000 (hex). The result is the offset in your merged dump. Anything from 0x00C0000 to 0x0EBFFFF (ROS 0/1) and from 0x0F00000 to 0xEFFFFFF (VFlash) can usually be ignored. For everything else you should worry. | |||
In general: | |||
* Always make multiple dumps and file compare them! | |||
* ECC checks don't eliminate the need for additional validation! | |||
* Additionally use one or all of the awesome dump validators out there! "norpatch" is not a full-fletched validator! | |||
* I personally use BwE, especially because it will catch the 0xFF ECC issue mentioned before with its repetition check (I guess Swizzy's tool does this as well now). | |||
<br /><br /> | |||
-- judges</div> | |||
= Flash Samples = | = Flash Samples = | ||
Line 1,571: | Line 1,652: | ||
** https://github.com/anaria28/NOR-Dump-Tool | ** https://github.com/anaria28/NOR-Dump-Tool | ||
* https://github.com/Swizzy/PS3DumpChecker | * https://github.com/Swizzy/PS3DumpChecker | ||
* flash_ident.c: http://pastie.org/private/vlrxgaawtbqwggyv4ggwg | |||
== Generic Recommendations == | == Generic Recommendations == | ||
* The information in this wiki was given [[http://www.gnu.org/licenses/old-licenses/fdl-1.2.txt freely by many volunteers]] ; it would be most fair to release any program based on it, as opensource with the community accordingly (tip: [http://git.ps3dev.net/ public git-repo]). | * The information in this wiki was given [[http://www.gnu.org/licenses/old-licenses/fdl-1.2.txt freely by many volunteers]] ; it would be most fair to release any program based on it, as opensource with the community accordingly (tip: [http://git.ps3dev.net/ public git-repo]). | ||
* Please link to | * Please link to wiki so that others might improve the code and also know on what information it is based as well as other informative pages. | ||
* Feel free to ask questions on the talkpages when having trouble understanding mainpage or when not knowing what to check for. | * Feel free to ask questions on the talkpages when having trouble understanding mainpage or when not knowing what to check for. | ||
* Make checkers/extractors bytedirection aware and byteswap when needed | * Make checkers/extractors bytedirection aware and byteswap when needed | ||
Line 1,594: | Line 1,676: | ||
* Check for downgradeability | * Check for downgradeability | ||
* Check statistics in range with known FW versions (3.55 is considered base on wiki unless documented) | * Check statistics in range with known FW versions (3.55 is considered base on wiki unless documented) | ||
= With / Without = | |||
* Flash Without EID5 : Boots Fine | |||
* Flash Without EID0 Sections 1 2 3 4 5 7 8 9 and With Sections 0 6 A : Boots Fine | |||
* Flash With only MAC Address on cISD and Header: Boots Fine | |||
=Experimental tables= | |||
{| class="wikitable" | |||
|+NOR flash | |||
! rowspan="2" | type !! rowspan="2" colspan="4" | Regions !! colspan="3" | Start Offset !! colspan="3" | Length !! Notes | |||
|- | |||
! Hex !! Blocks !! Bytes !! Hex !! Blocks !! Bytes | |||
|- | |||
| {{generic}} || rowspan="8" | [[Flash:Second_Region|Second<br>Region]] || rowspan="2" | Partition table || colspan="2" | [[Flash:0FACE0FF_DEADFACE|0FACE0FF DEADFACE]] || || || || || || || | |||
|- | |||
| {{generic}} || colspan="2" | erased bytes || || || || || || || | |||
|- | |||
| {{generic}} || region 0 || colspan="2" | missing || || || || || || || | |||
|- | |||
| {{generic}} || region 1 || colspan="2" | [[Flash:CELL_EXTNOR_AREA|CELL_EXTNOR_AREA]] || || || || || || || | |||
|- | |||
| {{generic}} || rowspan="4" | region 2 || colspan="2" | [[Flash:CELL_EXTNOR_AREA#F40000|CRL1]] || || || || || || || | |||
|- | |||
| {{generic}} || colspan="2" | [[Flash:CELL_EXTNOR_AREA#F60000|DRL1]] || || || || || || || | |||
|- | |||
| {{generic}} || colspan="2" | [[Flash:CELL_EXTNOR_AREA#F80000|CRL2]] || || || || || || || | |||
|- | |||
| {{generic}} || colspan="2" | [[Flash:CELL_EXTNOR_AREA#FA0000|DRL2]] || || || || || || || | |||
|- | |||
| {{perconsole}} || colspan="4" | [[Flash:bootldr|bootldr]] || || || || || || || | |||
|- | |||
|} | |||
<!-- old tests, hidden | |||
{| class="wikitable" | |||
|+NOR flash | |||
! rowspan="2" | type !! rowspan="2" | Region !! rowspan="2" colspan="3" | Name !! colspan="2" | Hexadecimal !! colspan="2" | Blocks !! colspan="2" | Decimal !! rowspan="2" | Notes | |||
|- | |||
! Start Offset !! Length !! Start Offset !! Length !! Start Offset !! Length | |||
|- | |||
| {{generic}} || rowspan="6" style="text-align:center" | [[Flash:Second_Region|2]] || colspan="3" | [[Flash:0FACE0FF_DEADFACE|0FACE0FF DEADFACE]] || 0xF00000 || 0x1000 || 0x7800 || || || 4096 bytes || | |||
|- | |||
| {{generic}} || colspan="3" | [[Flash:CELL_EXTNOR_AREA|CELL_EXTNOR_AREA]] || 0xF20000 || 0x20000 || 0x7900 || || || 131072 bytes || | |||
|- | |||
| {{generic}} || colspan="3" | [[Flash:CELL_EXTNOR_AREA#F40000|CRL1]] || 0xF40000 || 0x20000 || 0x7A00 || || || 131072 bytes || | |||
|- | |||
| {{generic}} || colspan="3" | [[Flash:CELL_EXTNOR_AREA#F60000|DRL1]] || 0xF60000 || 0x20000 || 0x7B00 || || || 131072 bytes || | |||
|- | |||
| {{generic}} || colspan="3" | [[Flash:CELL_EXTNOR_AREA#F80000|CRL2]] || 0xF80000 || 0x20000 || 0x7C00 || || || 131072 bytes || same as CRL1 | |||
|- | |||
| {{generic}} || colspan="3" | [[Flash:CELL_EXTNOR_AREA#FA0000|DRL2]] || 0xFA0000 || 0x20000 || 0x7D00 || || || 131072 bytes || same as DRL1 | |||
|- | |||
| {{perconsole}} || rowspan="1" style="text-align:center" | <small>[[Flash:Lv0ldr_Region|lv0ldr]]</small> || colspan="3" | [[Flash:bootldr|bootldr]] || 0xFC0000 || 0x40000 || 0x7E00 || || || 262144 bytes || | |||
|- | |||
|} | |||
--> | |||
= Erasing blocks = | |||
The PS3 erases blocks in chunks of 0x40000 bytes, this is a sample of how the blocks are erased in a ros area (with offsets relatives to the start of the ros area): | |||
Erase block 0 begins 0x0 | |||
Erase block 1 begins 0x40000 | |||
Erase block 2 begins 0x80000 | |||
Erase block 3 begins 0xC0000 | |||
Erase block 4 begins 0x100000 | |||
Erase block 5 begins 0x140000 | |||
Erase block 6 begins 0x180000 | |||
Erase block 7 begins 0x1C0000 | |||
Erase block 8 begins 0x200000 | |||
Erase block 9 begins 0x240000 | |||
Erase block 10 begins 0x280000 | |||
Erase block 11 begins 0x2C0000 | |||
Erase block 12 begins 0x300000 | |||
Erase block 13 begins 0x340000 | |||
Erase block 14 begins 0x380000 | |||
Erase block 15 begins 0x3C0000 | |||
Erase block 16 begins 0x400000 | |||
Erase block 17 begins 0x440000 | |||
Erase block 18 begins 0x480000 | |||
Erase block 19 begins 0x4C0000 | |||
Erase block 20 begins 0x500000 | |||
Erase block 21 begins 0x540000 | |||
Erase block 22 begins 0x580000 | |||
Erase block 23 begins 0x5C0000 | |||
Erase block 24 begins 0x600000 | |||
Erase block 25 begins 0x640000 | |||
Erase block 26 begins 0x680000 | |||
Erase block 27 begins 0x6C0000 |
Latest revision as of 03:43, 1 July 2023
List of files on NOR Flash (OLD/historic)[edit source]
Note: this is the old table that defyboy made, a more current one with absolute values and for all firmware versions is on the Flash mainpage
The following is a list of files stored in NOR Flash
Name | TOC | Start Offset | End Offset | Size | Notes | |||
---|---|---|---|---|---|---|---|---|
Offset | Index | Relative | Absolute | Relative | Absolute | |||
asecure_loader | 0x400 | 0 | 0x400 | 0x810 | 0x2E800 | 0x2F010 | 0x2E800 (190,464 bytes) | aka metldr |
eEID | 0x400 | 1 | 0x2EC00 | 0x2F010 | 0x3EC00 | 0x3F010 | 0x10000 (65,636 bytes) | (IDPS @ offset 0x0002F070 absolute / 0x00000070 inside eEID ) |
cISD | 0x400 | 2 | 0x3EC00 | 0x3F010 | 0x3F400 | 0x3F810 | 0x800 (2,048 bytes) | |
cCSD | 0x400 | 3 | 0x3F400 | 0x3F810 | 0x3FC00 | 0x40010 | 0x800 (2,048 bytes) | |
trvk_prg0 | 0x400 | 4 | 0x3FC00 | 0x40010 | 0x5FC00 | 0x60010 | 0x20000 (131,072 bytes) | |
trvk_prg1 | 0x400 | 5 | 0x5FC00 | 0x60010 | 0x7FC00 | 0x80010 | 0x20000 (131,072 bytes) | |
trvk_pkg0 | 0x400 | 6 | 0x7FC00 | 0x80010 | 0x9FC00 | 0xA0010 | 0x20000 (131,072 bytes) | |
trvk_pkg1 | 0x400 | 7 | 0x9FC00 | 0xA0010 | 0xBFC00 | 0xC0010 | 0x20000 (131,072 bytes) | |
ros0 | 0x400 | 8 | 0xBFC00 | 0xC0010 | 0x7BFC00 | 0x7C0010 | 0x700000 (7,340,032 bytes) | Contains CoreOS files |
ros1 | 0x400 | 9 | 0x7BFC00 | 0x7C0010 | 0xEBFC00 | 0xEC0010 | 0x700000 (7,340,032 bytes) | Contains CoreOS files |
cvtrm | 0x400 | 10 | 0xEBFC00 | 0xEC0010 | 0xEFFC00 | 0xF00010 | 0x40000 (262,144 bytes) | |
CELL_EXTNOR_AREA | 0xF20000 | 0xFA0040 | 0x80040 (524,352 bytes) | |||||
bootldr | 0xFC0000 | 0xFEEAF0 | 0x2EAF0 (191,216 bytes) | End @ FEF170, FEF570, FEF5F0, FEF600 in some dumps |
new metldr.2[edit source]
Seen on CECH2504B (JSD-001), with 3.60 from factory - datecode 1B
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00000800 00 00 00 01 00 00 00 01 00 00 00 00 00 02 E8 00 ..............è. 00000810 00 00 00 00 00 00 00 40 00 00 00 00 00 00 F9 20 .......@......ù 00000820 6D 65 74 6C 64 72 2E 32 00 00 00 00 00 00 00 00 metldr.2........ 00000830 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000840 00 00 0F 8E 6E D7 BC D8 1F 11 EA 34 42 5F 9B 9D ...Žn×¼Ø..ê4B_›. 00000850 00 00 0F 8E 8C 21 5D 5F D0 B4 50 07 6A DD 21 DF ...ŽŒ!]_дP.jÝ!ß Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0002F070 00 00 00 01 00 85 00 0B 10 24 39 B7 2C BA A8 5E .....…...$9·,º¨^
vflash partition table[edit source]
Done some work on decoding region 2 today: Region 2 seems to = vflash partition table? These might be the first 2 regions? partition table is 4096 bytes. Format: 16 bytes 00's 16 bytes magic: 00 00 00 00 0F AC E0 FF 00 00 00 00 DE AD FA CE 8 bytes 0x03 8 bytes 0x02 (number of paritions?) 144 bytes 00's Partition entries: 8 bytes entry point (entry point * 0x200) relative to 0x00 on flash 8 bytes entry length (entry length * 0x200) 32 bytes 10 70 00 00 01 00 00 01 00 00 00 00 00 00 00 03 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03 96 bytes 00's
Dumping your flash[edit source]
There are many ways you can dump your flash you can choose the way that best fits you, there are some persons studing the flash.. If you can help providing a dump (specially if you have a debug console) search for those persons in IRC Efnet #ps3dev
Payload[edit source]
Uncomment dump_dev_flash() in graf_payloads compile and run the payload
see Graf's_PSGroove_Payload for more info
Linux[edit source]
Using graf_chokolo kernel with /dev/ps3nflasha access
dd if=/dev/ps3nflasha of=NOR.BIN bs=1024
Hardware[edit source]
Dump NAND/NOR from GameOS[edit source]
precompiled : dump_flash.pkg // backup/mirror: dump_flash.pkg (70.48 KB)
source: dump_flash-src.rar (2.33 KB)
Make sure USB stick is FAT32 with enough free space (16MB per NOR dump, 256MB per NAND dump)
remarks:
- NAND dumps are 239MB because HV masks bootldr, see Difference between hardware dumps and software dumps
- trying to read beyond 0xEFC0000-0xFFFFFFF on NAND systems (a region filled with FF's on consoles without OtherOS) results in panic
NOR Unpacking // NOR Unpkg[edit source]
/* # ../norunpkg norflash.bin norflash unpacking asecure_loader (size: 190xxx bytes)... unpacking eEID (size: 65536 bytes)... unpacking cISD (size: 2048 bytes)... unpacking cCSD (size: 2048 bytes)... unpacking trvk_prg0 (size: 131072 bytes)... unpacking trvk_prg1 (size: 131072 bytes)... unpacking trvk_pkg0 (size: 131072 bytes)... unpacking trvk_pkg1 (size: 131072 bytes)... unpacking ros0 (size: 7340032 bytes)... unpacking ros1 (size: 7340032 bytes)... unpacking cvtrm (size: 262144 bytes)... */ // Copyright 2010 Sven Peter // Licensed under the terms of the GNU GPL, version 2 // http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt // nor modifications by rms. #include "tools.h" #include "types.h" #include <stdio.h> #include <string.h> #include <stdlib.h> #include <unistd.h> #include <sys/stat.h> #ifdef WIN32 #define MKDIR(x,y) mkdir(x) #else #define MKDIR(x,y) mkdir(x,y) #endif u8 *pkg = NULL; static void unpack_file(u32 i) { u8 *ptr; u8 name[33]; u64 offset; u64 size; ptr = pkg + 0x10 + 0x30 * i; offset = be64(ptr + 0x00); size = be64(ptr + 0x08); memset(name, 0, sizeof name); strncpy((char *)name, (char *)(ptr + 0x10), 0x20); printf("unpacking %s (size: %d bytes)...\n", name, size); memcpy_to_file((char *)name, pkg + offset, size); } static void unpack_pkg(void) { u32 n_files; u64 size; u32 i; n_files = be32(pkg + 4); size = be64(pkg + 8); for (i = 0; i < n_files; i++) unpack_file(i); } int main(int argc, char *argv[]) { if (argc != 3) fail("usage: norunpkg filename.nor target"); pkg = mmap_file(argv[1]); /* kludge for header, i do not do sanity checks at the moment */ pkg += 1024; MKDIR(argv[2], 0777); if (chdir(argv[2]) != 0) fail("chdir"); unpack_pkg(); return 0; }
Source: http://rms.grafchokolo.com/?p=25
Changed version for Progskeet: http://pastebin.com/HNvCbF7d
RMS - eEID splitter[edit source]
#include <stdio.h> #include <stdlib.h> #include <string.h> void DumpEidData (FILE * pFile, int iInputSize, int iEidCount, char *pFilenamePrefix) { FILE *pOutput; char *szFilename; char *szBuf; int iRes, iSize; printf ("dumping EID%d from eEID at %p, size %d (%x)..\n", iEidCount, pFile, iInputSize, iInputSize); szBuf = (char *) malloc (iInputSize + 1); szFilename = (char *) malloc (strlen (pFilenamePrefix) + 2); if (szBuf == NULL) { perror ("malloc"); exit (1); }; iSize = fread (szBuf, iInputSize, 1, pFile); sprintf (szFilename, "%s%d", pFilenamePrefix, iEidCount); pOutput = fopen (szFilename, "wb"); iRes = fwrite (szBuf, iInputSize, 1, pOutput); if (iRes != iSize) { perror ("fwrite"); exit (1); }; free (szBuf); } int main (int argc, char **argv) { FILE *pFile; char *pPrefix; pFile = fopen (argv[1], "rb"); if (pFile == NULL) { usage: printf ("usage: %s <eEID> <EID name prefix>\n", argv[0]); exit (1); } if (argc == 2 && argv[2] != NULL) { pPrefix = argv[2]; goto usage; } fseek (pFile, 0x70, SEEK_SET); if (pPrefix != NULL) { DumpEidData (pFile, 2144, 0, pPrefix); DumpEidData (pFile, 672, 1, pPrefix); DumpEidData (pFile, 1840, 2, pPrefix); DumpEidData (pFile, 256, 3, pPrefix); DumpEidData (pFile, 48, 4, pPrefix); DumpEidData (pFile, 2560, 5, pPrefix); } return 0; }
Source: http://rms.grafchokolo.com/?p=59
NAND reference[edit source]
Note: Beyond VTRM/cell_ext_os_area is pretty much greyarea - needs crosschecking
NAND reference (euss)[edit source]
CECHC-04/COK-002 Pal EU launchmodel with OFW 3.15 updated to MFW 3.15 (Euss)
VTRM[edit source]
VTRM in NAND: Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00EC0000 53 43 45 49 56 54 52 4D 00 00 00 00 00 00 00 A8 SCEIVTRM.......¨ 00EC0010 00 00 00 00 00 E8 02 00 00 00 00 00 00 00 00 28 .....è.........( 00EC0020 00 00 00 00 56 54 52 4D 00 00 00 00 00 00 00 04 ....VTRM........ <-- 'VTRM' magic header 00EC0030 FE 6D 0B C4 FA D5 CE DB 93 86 FC A1 32 3B 71 47 þm.ÄúÕÎÛ“†ü¡2;qG <-- same value as 00EC0410 00EC0040 3B A5 C6 F9 C0 00 B6 70 00 00 00 00 00 E8 27 80 ;¥ÆùÀ.¶p.....è'€ <-- first part same value as 00EC0410 00EC0050 00 00 00 00 00 00 00 60 00 00 00 00 00 00 09 20 .......`....... 00EC0060 04 00 00 00 02 00 00 05 10 70 00 05 FF 00 00 01 .........p..ÿ... 00EC0070 0C 1C 05 9C AA B5 97 A5 9C D6 46 2D EA 22 46 BE ...œªµ—¥œÖF-ê"F¾ 00EC0080 D1 84 A9 1E 34 5F E7 90 55 49 11 82 51 9D 4A 3F Ñ„©.4_ç.UI.‚Q.J? 00EC0090 EF 43 19 E8 4F 6A 5B FF DA 31 E9 F0 76 C8 B2 6B ïC.èOj[ÿÚ1éðvȲk 00EC00A0 0B A7 47 8E BE 42 28 9F 2B 88 73 0B A5 B6 F2 1D .§GŽ¾B(Ÿ+ˆs.¥¶ò. 00EC00B0 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ 00EC00C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00EC00D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00EC00E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00EC00F0 FF FF FF FF FF FF FF FF 00 00 00 00 00 EB E4 8C ÿÿÿÿÿÿÿÿ.....ëäŒ 00EC0100 00 00 00 00 00 00 00 14 39 17 52 0B 31 70 F5 05 ........9.R.1põ. 00EC0110 02 5A C6 F8 81 F8 54 96 2F EF F3 81 FF FF FF FF .ZÆø.øT–/ïó.ÿÿÿÿ 00EC0120 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00EC03F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00EC0400 00 00 00 00 56 54 52 4D 00 00 00 00 00 00 00 04 ....VTRM........ 00EC0410 FE 6D 0B C4 FA D5 CE DB 93 86 FC A1 32 3B 71 47 þm.ÄúÕÎÛ“†ü¡2;qG <-- same value as 00EC0030 00EC0420 3B A5 C6 F9 C0 00 B6 70 00 00 00 00 00 00 04 90 ;¥ÆùÀ.¶p........ <-- first part same value as 00EC0040 00EC0430 00 00 00 00 00 00 09 20 00 00 00 00 00 00 00 03 ....... ........ <-- pattern exception 00EC0440 00 00 00 00 00 00 09 20 00 00 00 00 00 00 09 20 ....... ....... <-- repetive pattern until 00EC0440 with some exceptions [...] 00 00 00 00 00 00 09 20 00 00 00 00 00 00 09 20 ....... ....... <-- repetive pattern until 00EC0440 with some exceptions 00EC1930 00 00 00 00 00 00 00 01 00 00 00 00 00 00 09 20 ............... <-- pattern exception [...] 00 00 00 00 00 00 09 20 00 00 00 00 00 00 09 20 ....... ....... <-- repetive pattern until 00EC0440 with some exceptions 00EC21F0 00 00 00 00 00 00 00 02 00 00 00 00 00 00 09 20 ............... <-- pattern exception [...] 00 00 00 00 00 00 09 20 00 00 00 00 00 00 09 20 ....... ....... <-- repetive pattern until 00EC0440 with some exceptions 00EC24F0 00 00 00 00 00 00 09 20 00 00 00 00 00 00 00 00 ....... ........ [...] 00 00 00 00 00 00 09 20 00 00 00 00 00 00 09 20 ....... ....... <-- repetive pattern until 00EC0440 with some exceptions 00EC28B0 00 00 00 00 00 00 09 20 00 00 00 00 00 00 09 20 ....... ....... <-- repetive pattern until 00EC0440 with some exceptions 00EC28C0 00 00 00 00 00 00 09 20 10 70 00 00 02 00 00 01 ....... .p...... 00EC28D0 10 70 00 00 39 00 00 01 22 66 39 B3 0E 7A 1C E7 .p..9..."f9³.z.ç 00EC28E0 68 85 F9 94 A8 30 BE C4 0B 85 D0 92 1E C0 8F 28 h…ù”¨0¾Ä.…Ð’.À.( 00EC28F0 7F 70 ED 15 D6 22 06 24 D9 08 64 0B C0 D7 97 29 .pí.Ö".$Ù.d.À×—) 00EC2900 BE A1 FE 91 D1 F2 D4 88 25 EF 24 86 E0 A3 CB 98 ¾¡þ‘ÑòÔˆ%ï$†à£Ë˜ 00EC2910 AF 17 6F B1 64 A0 56 E5 00 00 00 00 00 00 00 01 ¯.o±d Vå........ 00EC2920 00 00 00 00 00 00 09 20 10 70 00 00 02 00 00 01 ....... .p...... 00EC2930 10 70 00 00 03 00 00 02 F9 D9 6A 84 0C F2 D8 E7 .p......ùÙj„.òØç 00EC2940 D4 44 5C 3C DF D5 DF 0F B8 DC 3E 81 9A A4 71 8F ÔD\<ßÕß.¸Ü>.š¤q. 00EC2950 0A A8 8B 90 1B 2C A1 D1 66 84 AA EE 65 D1 46 9A .¨‹..,¡Ñf„ªîeÑFš 00EC2960 D7 38 83 F2 78 47 D1 8E E5 FA EB 39 CF 26 E8 25 ×8ƒòxGÑŽåúë9Ï&è% 00EC2970 85 DE 3B C6 0B C3 45 D5 00 00 00 00 00 00 00 00 …Þ;Æ.ÃEÕ........ 00EC2980 00 00 00 00 00 00 09 20 04 00 00 00 02 00 00 05 ....... ........ 00EC2990 10 70 00 05 FF 00 00 01 0C 1C 05 9C AA B5 97 A5 .p..ÿ......œªµ—¥ 00EC29A0 9C D6 46 2D EA 22 46 BE D1 84 A9 1E 34 5F E7 90 œÖF-ê"F¾Ñ„©.4_ç. 00EC29B0 55 49 11 82 51 9D 4A 3F EF 43 19 E8 4F 6A 5B FF UI.‚Q.J?ïC.èOj[ÿ 00EC29C0 DA 31 E9 F0 76 C8 B2 6B 0B A7 47 8E BE 42 28 9F Ú1éðvȲk.§GŽ¾B(Ÿ 00EC29D0 2B 88 73 0B A5 B6 F2 1D 00 00 00 00 00 00 00 00 +ˆs.¥¶ò......... 00EC29E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00EF94B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00EF94C0 39 17 52 0B 31 70 F5 05 02 5A C6 F8 81 F8 54 96 9.R.1põ..ZÆø.øT– <-- 0x14 patterned data (table?) 00EF94D0 2F EF F3 81 39 17 52 0B 31 70 F5 05 02 5A C6 F8 /ïó.9.R.1põ..ZÆø [...] 00EFEFE0 02 5A C6 F8 81 F8 54 96 2F EF F3 81 39 17 52 0B .ZÆø.øT–/ïó.9.R. 00EFEFF0 31 70 F5 05 02 5A C6 F8 81 F8 54 96 2F EF F3 81 1põ..ZÆø.øT–/ïó. 00EFF000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00EFF010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00EFFFE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00EFFFF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
post VTRM / pre cell_ext_os_area[edit source]
00F00000 data area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00F00000 2E B1 47 93 21 AD 45 5C 5B 32 A7 A7 E1 25 04 D0 .±G“!E\[2§§á%.Ð 00F00010 24 45 E1 7E 3C 38 AE 4A 1C 25 21 5B 05 2D A9 15 $Eá~<8®J.%![.-©. [...] 00F00FE0 34 7F 14 93 D2 8D C0 43 06 B7 10 18 BB 28 37 D2 4..“Ò.ÀC.·..»(7Ò 00F00FF0 5B 11 B4 EB 5F 12 0A 98 BC 2B B4 60 A7 89 6F 84 [.´ë_..˜¼+´`§‰o„
00F01000 unreferenced area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00F01000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00F01010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00F3FFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00F3FFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00F40000 data area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00F40000 7E 8B 60 EE E4 2A 29 09 8F 5A E9 4E B8 7F 1E E2 ~‹`îä*)..ZéN¸..â 00F40010 F2 B5 7C C7 03 40 5E EC 87 16 04 A2 26 50 7C C9 òµ|Ç.@^ì‡..¢&P|É [...] 00F401E0 AC D9 A9 C8 BE B7 0E EE 0C E7 1E 73 45 39 70 80 ¬Ù©È¾·.î.ç.sE9p€ 00F401F0 8C 6F 32 06 08 8B CE 3B 80 DE 68 59 D5 25 DD 5A Œo2..‹Î;€ÞhYÕ%ÝZ
00F40200 unreferenced area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00F40200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00F40210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00F41FE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00F41FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00F42000 data area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00F42000 4A 51 35 DF C9 14 A2 40 71 8D 0F 11 8B 50 42 CE JQ5ßÉ.¢@q...‹PBÎ 00F42010 28 92 B5 64 57 B0 1E D2 99 22 38 BC 7A 16 6A 83 (’µdW°.Ò™"8¼z.jƒ [...] large date filled block region 0C1657E0 D5 D5 EE 71 0A B2 72 41 05 05 0B 08 3A 8A 78 04 ÕÕîq.²rA....:Šx. 0C1657F0 E9 2F 40 63 AA 3F 23 22 E9 9D B1 4B 54 11 B4 71 é/@cª?#"é.±KT.´q
0C165800 unreferenced area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0C165800 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0C165810 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D6C1FE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D6C1FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0D6C2000 data area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D6C2000 3B BC 95 72 03 FD 48 1E F2 1C 66 65 0A FB FC EC ;¼•r.ýH.ò.fe.ûüì 0D6C2010 0D 61 5C A0 8F 8F 68 5B 05 A3 85 57 29 53 53 4B .a\ ..h[.£…W)SSK [...] 0D6C9FE0 74 E5 42 98 6E EE E1 41 24 7B B5 FE B5 42 29 C0 tåB˜nîáA${µþµB)À 0D6C9FF0 25 05 C0 2B EE 87 50 40 21 EC A6 E7 0D 5A 3C 2A %.À+î‡P@!ì¦ç.Z<*
0D6CA000 unreferenced area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D6CA000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D6CA010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D6FFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D6FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0D700000 data area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D700000 0E 23 53 34 75 48 81 0F C4 09 16 4C 6C 37 BA E9 .#S4uH..Ä..Ll7ºé 0D700010 5F 51 D9 9A E2 BE 4C 71 AF 00 4C 96 33 DB D5 49 _QÙšâ¾Lq¯.L–3ÛÕI [...] 0D7001E0 8D 4C 8D CD FD D2 B5 52 78 6E 48 B0 88 14 43 36 .L.ÍýÒµRxnH°ˆ.C6 0D7001F0 DA 88 EF 59 73 96 80 13 31 16 E0 CF EB 99 83 2D ÚˆïYs–€.1.àÏ뙃-
0D700200 unreferenced area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D700200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D700210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D701FE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D701FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0D702000 data area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D702000 3C E6 76 41 CE A4 82 BD A3 2B 41 26 1E 25 36 D1 <ævAΤ‚½£+A&.%6Ñ 0D702010 CE B5 51 9C E2 AC A3 DA AB B5 16 13 CA 95 E4 D3 εQœâ¬£Ú«µ..Ê•äÓ [...] 0D891FE0 C3 CA 0D BB 30 7B D2 9A 6D 13 9C 36 BD E3 64 3A ÃÊ.»0{Òšm.œ6½ãd: 0D891FF0 97 FB 9B 9E FE 25 ED 76 FC 77 85 28 C1 CB 37 65 —û›žþ%ívüw…(ÁË7e
0D892000 unreferenced area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D892000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D892010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E6FFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E6FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0E700000 data area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E700000 C7 D7 77 CD 69 D9 1A EC E4 3C F8 8F 25 A5 3E A9 Ç×wÍiÙ.ìä<ø.%¥>© 0E700010 3D EC 43 30 89 1F 98 F1 3F BA F6 AF 9B F5 0E B2 =ìC0‰.˜ñ?ºö¯›õ.² [...] 0E7001D0 09 BC 15 00 64 27 85 8F 0F BC 40 B1 F1 57 61 60 .¼..d'…..¼@±ñWa` 0E7001E0 A4 2B A9 75 E9 C3 25 49 EC 6B 82 10 EE E1 62 BD ¤+©uéÃ%Iìk‚.îáb½ 0E7001F0 B1 A9 C1 69 36 69 14 A5 53 A4 6A 43 0F 37 45 E0 ±©Ái6i.¥S¤jC.7Eà
0E700200 unreferenced area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E700200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E700210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E701FE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E701FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0E702000 data area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E702000 7F 3A 86 47 F3 47 AF CC 28 F2 A7 A5 28 D1 A6 C2 .:†GóG¯Ì(ò§¥(Ѧ 0E702010 13 27 01 0A 33 74 05 FC CE E9 83 B8 72 99 29 09 .'..3t.üÎ郸r™). [...] 0E75A9E0 5D BF 1A 2E 80 FB 32 50 B2 55 42 34 53 F0 4C 09 ]¿..€û2P²UB4SðL. 0E75A9F0 92 8B 75 84 D5 0E 3C D7 F2 72 43 B0 C9 A4 66 C8 ’‹u„Õ.<×òrC°É¤fÈ
0E75AA00 unreferenced area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E75AA00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E75AA10 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E77FFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E77FFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
cell_ext_os_area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E780000 63 65 6C 6C 5F 65 78 74 5F 6F 73 5F 61 72 65 61 cell_ext_os_area 0E780010 00 00 00 01 00 00 00 02 00 00 00 04 FF FF FF FF ............ÿÿÿÿ 0E780020 00 00 00 01 00 27 F8 40 FF FF FF FF FF FF FF FF .....'ø@ÿÿÿÿÿÿÿÿ 0E780030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ FF filled block region 0E7801F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780200 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF ....ÿÿÿÿÿÿÿÿÿÿÿÿ 0E780210 00 00 00 03 FF FF FF FF FF FF FF FF FF FF FF FF ....ÿÿÿÿÿÿÿÿÿÿÿÿ 0E780220 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF ..........ÿÿÿÿÿÿ 0E780230 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF ............ÿÿÿÿ 0E780240 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ 0E780250 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ FF filled block region 0E7803E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E7803F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0E780410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 filled block region 0E7807E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0E7807F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
OtherOS[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E780800 1F 8B 08 08 C1 19 04 48 02 03 7A 49 6D 61 67 65 .‹..Á..H..zImage 0E780810 2E 69 6E 69 74 72 64 2E 70 73 33 2E 62 69 6E 00 .initrd.ps3.bin. [...] large data area 0EA00030 FF FE FC FF ED CF FF 07 DE FD A4 A3 A8 88 54 00 ÿþüÿíÏÿ.Þý¤£¨ˆT. 0EA00040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ large 00 filled block region 0EB7FFE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0EB7FFF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0EB80000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0EB80010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ large FF filled block region 0EFFFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0EFFFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
bootldr[edit source]
Flash:bootldr @ 0xF000000 - 0xF03FFFF
0xF040000 - 0xFFFFFFF[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0F040000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0F040010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ large FF filled block region (no data in it, only FF) 0FFFFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0FFFFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
NAND reference (CatisFine)[edit source]
CECHB-02/COK-001 NTSC USA launchmodel with FW 3.55
VTRM[edit source]
actual data differs, offsets same as euss
post VTRM / pre cell_ext_os_area[edit source]
00F00000 data area[edit source]
actual data differs, offsets same as euss
00F01000 unreferenced area[edit source]
same as euss
00F40000 data area[edit source]
actual data differs, offsets same as euss
00F40200 unreferenced area[edit source]
same as euss
00F42000 data area[edit source]
actual data differs, also length of data differs from euss
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00F42000 EF 77 C9 58 60 A7 33 F2 4A F1 5C 44 52 63 F5 C2 ïwÉX`§3òJñ\DRcõ 00F42010 65 0C 0D 08 3D BD 6F 86 C1 30 2D 9F DF 0F 4C BF e...=½o†Á0-Ÿß.L¿ [...] large date filled block region 0C1C19E0 A0 7C 08 A8 4F 24 A8 16 3F 70 81 73 0F A2 90 10 |.¨O$¨.?p.s.¢.. 0C1C19F0 C2 19 E6 CD 7D 60 D5 3A BB 6A 1C D3 EA 08 19 79 Â.æÍ}`Õ:»j.Óê..y
0C1C1A00 unreferenced area[edit source]
with length of previous data area different, offset obviously differs from euss
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0C1C1A00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0C1C1A10 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ large FF filled block region 0D701FE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D701FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0D702000 data area[edit source]
with length of previous data area different, offset obviously differs from euss
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D702000 74 0F 26 AA 49 22 3F 48 38 C6 B0 D6 3E 99 0E EF t.&ªI"?H8Æ°Ö>™.ï 0D702010 A6 96 C4 EC 63 C4 04 C3 25 44 88 8A AA F2 DB 16 ¦–ÄìcÄ.Ã%DˆŠªòÛ. [...] 0D74F1E0 E1 96 94 95 CF 6F FD 0C 7F 31 FD AF 2E E4 1A F5 á–”•Ïoý..1ý¯.ä.õ 0D74F1F0 96 7A 2E AB 89 11 0A 06 4D E6 38 3E FC 71 3A D3 –z.«‰...Mæ8>üq:Ó
0D74F200 unreferenced area[edit source]
with length of previous data area different, start offset obviously differs from euss
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D74F200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D74F210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D6FFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D6FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0D700000 data area[edit source]
actual data differs, offsets same as euss
0D700200 unreferenced area[edit source]
same as euss
0D702000 data area[edit source]
actual data differs, also length of data differs from euss
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D702000 74 0F 26 AA 49 22 3F 48 38 C6 B0 D6 3E 99 0E EF t.&ªI"?H8Æ°Ö>™.ï 0D702010 A6 96 C4 EC 63 C4 04 C3 25 44 88 8A AA F2 DB 16 ¦–ÄìcÄ.Ã%DˆŠªòÛ. [...] 0D74F1E0 E1 96 94 95 CF 6F FD 0C 7F 31 FD AF 2E E4 1A F5 á–”•Ïoý..1ý¯.ä.õ 0D74F1F0 96 7A 2E AB 89 11 0A 06 4D E6 38 3E FC 71 3A D3 –z.«‰...Mæ8>üq:Ó
0D892000 unreferenced area[edit source]
with length of previous data area different, start offset obviously differs from euss
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D74F200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D74F210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E6FFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E6FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0E700000 data area[edit source]
actual data differs, offsets same as euss
0E700200 unreferenced area[edit source]
same as euss
0E702000 data area[edit source]
actual data differs, also length of data differs from euss
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E702000 E5 6C BF E6 3D E4 09 47 EE 29 87 C4 5A E4 BE E4 ål¿æ=ä.Gî)‡ÄZä¾ä 0E702010 C5 71 97 6F D2 F1 EF 1D 72 60 3D AF 8C 0A 1A FD Åq—oÒñï.r`=¯Œ..ý [...] 0E75B9E0 47 26 0E 11 20 50 FB 0C 1B 34 9E F1 30 DB 26 CE G&.. Pû..4žñ0Û&Î 0E75B9F0 0B D5 75 71 55 F4 C6 97 49 B8 06 F5 3F 2C 76 8D .ÕuqUôÆ—I¸.õ?,v.
0E75AA00 unreferenced area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E75BA00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E75BA10 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E77FFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E77FFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
cell_ext_os_area[edit source]
No cell_ext_os_area magic present or header, FF filled instead
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E780000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ No cell_ext_os_area magic present 0E780010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ no header, FF filled instead 0E780020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ FF filled block region same as euss 0E7801F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780200 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF ....ÿÿÿÿÿÿÿÿÿÿÿÿ 0E780210 00 00 00 03 FF FF FF FF FF FF FF FF FF FF FF FF ....ÿÿÿÿÿÿÿÿÿÿÿÿ 0E780220 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF ..........ÿÿÿÿÿÿ same as euss 0E780230 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF ............ÿÿÿÿ 0E780240 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ 0E780250 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ FF filled block region same as euss 0E7803E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E7803F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780400 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780410 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ FF filled block region instead of 00 filled 0E7807E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E7807F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
OtherOS[edit source]
No Image.initrd.ps3.bin , FF filled instead
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E780800 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780810 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ large FF filled block region 0EFFFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0EFFFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
bootldr[edit source]
Flash:bootldr @ 0xF000000 - 0xF03FFFF
0xF040000 - 0xFFFFFFF[edit source]
same as euss
NAND reference (DECHA)[edit source]
DECHA-01/COK-001 nonretail model with FW 3.50 and FW 3.60
VTRM[edit source]
actual data differs, offsets differ in last section from euss
post VTRM / pre cell_ext_os_area[edit source]
00F00000 data area[edit source]
start offset same, length differs from euss
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00F00000 1C 4D F8 6C 8E EC DD F4 3F F4 BA 77 B7 41 9F AA .MølŽìÝô?ôºw·AŸª 00F00010 57 CA 8D F4 53 60 0D 9C FB 3D C2 C7 26 1B 69 24 WÊ.ôS`.œû=ÂÇ&.i$ [...] 068861E0 FA 79 61 07 C5 34 B1 44 F6 18 37 ED 94 ED 0D 11 úya.Å4±Dö.7í”í.. 068861F0 D4 8F 05 CF 6B C4 18 F8 B9 F0 33 EC 77 A4 70 8A Ô..ÏkÄ.ø¹ð3ìw¤pŠ
06886200 unreferenced area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 06886200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 06886210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 068863E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 068863F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
Note: the rest of total of datasections differ or the dump is invalid with FF patterned blocks of missing data
cell_ext_os_area[edit source]
No cell_ext_os_area magic present or header, FF filled instead
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E780000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ No cell_ext_os_area magic present 0E780010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ no header, FF filled instead 0E780020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ FF filled block region same as euss 0E7801F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780200 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF ....ÿÿÿÿÿÿÿÿÿÿÿÿ 0E780210 00 00 00 03 FF FF FF FF FF FF FF FF FF FF FF FF ....ÿÿÿÿÿÿÿÿÿÿÿÿ 0E780220 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF ..........ÿÿÿÿÿÿ same as euss 0E780230 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF ............ÿÿÿÿ 0E780240 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ 0E780250 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ FF filled block region same as euss 0E7803E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E7803F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780400 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780410 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ FF filled block region instead of 00 filled 0E7807E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E7807F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
OtherOS[edit source]
No Image.initrd.ps3.bin , FF filled instead
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E780800 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780810 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ large FF filled block region 0EFFFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0EFFFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
bootldr[edit source]
Flash:bootldr @ 0xF000000 - 0xF03FFFF
0xF040000 - 0xFFFFFFF[edit source]
same as euss
NAND reference (COOKIE13)[edit source]
COOKIE-13 preretail model with FW 085.009
VTRM[edit source]
actual data (looks encrypted, stats <0.40% for all values), structure and length differs, start offset same as euss
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00EC0000 CC 04 BF 45 AD D9 69 17 C5 EA 3C EA 46 BD FC 0B Ì.¿EÙi.Åê<êF½ü. 00EC0010 C0 25 27 6D 3E 26 7B 56 A7 01 41 D7 5D 98 BA BB À%'m>&{V§.A×]˜º» [...] large date filled block region 0EAFFFE0 23 57 03 83 E7 65 AA D7 AB D4 21 DE D2 DF 79 BE #W.ƒçeª×«Ô!ÞÒßy¾ 0EAFFFF0 B4 AB B6 56 BD 7F 04 56 AC 39 08 C9 BE 2D 97 A6 ´«¶V½..V¬9.ɾ-—¦
0EB00000 unreferenced area[edit source]
with length of previous data area different, offset obviously differs from euss
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0EB00000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0EB00010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ large FF filled block region 0EFFFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0EFFFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
post VTRM / pre cell_ext_os_area[edit source]
Not present , see above overlapping VTRM section
cell_ext_os_area[edit source]
No cell_ext_os_area , see above overlapping VTRM section
OtherOS[edit source]
No Image.initrd.ps3.bin , see above overlapping VTRM section
bootldr[edit source]
Flash:bootldr @ 0xF000000 - 0xF03FFFF
0xF040000 - 0xFFFFFFF[edit source]
up until 0F1BFFFF FF filled, same as euss
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0F040000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0F040010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0F1BFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0F1BFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0F1C0000 data area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0F1C0000 5B 59 E1 64 96 F8 D0 B5 C5 03 9E 69 09 93 AC C1 [Yád–øеÅ.ži.“¬Á 0F1C0010 0B 4D A7 5A A3 D8 CB CA 95 C5 61 CC 1B 51 0B 3F .M§Z£ØËÊ•ÅaÌ.Q.? [...] 0F1E51E0 9E F9 C6 9F 5C 09 DC 3D CB 54 AE 14 14 4B AC 9D žùÆŸ\.Ü=ËT®..K¬. 0F1E51F0 67 2E 96 A3 3F B9 D8 F8 10 D7 98 C3 C7 80 4B 48 g.–£?¹Øø.טÃÇ€KH
0F1E5200 nonreferenced area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0F1E5200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0F1E5210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0F2FFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0F2FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0F300000 repeative 0x200 data / 0x200 FF blocks[edit source]
then at 0F300000 [ data of 0x200 length, followed by FF block of 0x200 length ] X repeated until 0x0F30C5FF
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0F300000 91 6E E5 2B 97 39 4D 46 57 BA BC 6A E5 CC 41 07 ‘nå+—9MFWº¼jåÌA. 0F300010 40 22 E9 E9 F7 51 32 23 D7 08 2D 5E 93 BC 9A 3F @"éé÷Q2#×.-^“¼š? [...] [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0F30C5E0 35 AC AA B1 69 FD BB 22 8C 06 D6 79 E4 67 24 3D 5¬ª±iý»"Œ.Öyäg$= 0F30C5F0 63 74 39 03 F1 E8 B4 86 07 FF CC BF 54 28 A0 96 ct9.ñè´†.ÿÌ¿T( –
0F30C600 FF block[edit source]
followed by a long FF block
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0F30C600 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0F30C610 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0F5FFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0F5FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0F600000 data block[edit source]
followed by large datablock
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0F600000 38 E9 F3 B1 7F AF 68 E0 27 AC DC 48 1B 2D 87 BB 8éó±.¯hà'¬ÜH.-‡» 0F600010 00 C8 1C D8 FE EB E6 01 41 D2 A1 EA DC 2E F6 03 .È.Øþëæ.AÒ¡êÜ.ö. [...] 0F61D1E0 C1 70 9B E0 9D 1B 4D B3 E4 95 6E 42 8B 25 25 E1 Áp›à..M³ä•nB‹%%á 0F61D1F0 CB CD 96 88 DA A5 DA F2 42 8F 01 1F D5 E4 E9 D2 ËÍ–ˆÚ¥ÚòB...ÕäéÒ
0F61D200 FF block[edit source]
followed by large FF block
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0F61D200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0F61D210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0F7001E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0F7001F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0F700200 repeative 0x200 data / 0x200 FF blocks[edit source]
then at 0F700200 [ data of 0x200 length, followed by FF block of 0x200 length ] X repeated until 0x0F70C7F0
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0F700200 4D AB A4 D7 58 35 59 46 E7 1B C4 D8 88 BA 74 C0 M«¤×X5YFç.Ä؈ºtÀ 0F700210 18 66 C9 2C 8A FD FE D3 25 F6 52 E7 47 FE B5 5F .fÉ,ŠýþÓ%öRçGþµ_ [...] [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0F70C7E0 E2 1A 1B 96 19 1F 75 4B 02 E3 23 68 95 61 47 37 â..–..uK.ã#h•aG7 0F70C7F0 FC 69 5D 28 D5 5E E0 60 DE F8 C0 FD E6 3F 72 CE üi](Õ^à`ÞøÀýæ?rÎ
0F61D200 FF block[edit source]
followed by large FF block
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0F70C800 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0F70C810 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0FCFFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0FCFFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0F700200 repeative 0x200 00 blocks / 0x200 FF blocks[edit source]
then at 0F700200 [ 00 block of 0x200 length, followed by FF block of 0x200 length ] X repeated until 0x0FD3FFFF
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0FD00000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0FD00010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0FD3FFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0FD3FFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0FD40000 data block[edit source]
followed by large data block
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0FD40000 65 67 E9 83 90 F8 48 8F 9B 13 17 D6 07 22 F0 D5 egéƒ.øH.›..Ö."ðÕ 0FD40010 B0 10 CB 58 73 42 E1 B3 60 40 3E A4 EE C8 DF 7C °.ËXsBá³`@>¤îÈß| [...] 0FD64BE0 21 A9 AC 85 21 13 1E C4 89 F1 B5 97 14 13 35 47 !©¬…!..ĉñµ—..5G 0FD64BF0 CF C1 94 1F E2 B6 BB E9 A7 5B B0 7E 6B 9A 9C CF ÏÁ”.ⶻé§[°~kšœÏ
0FD64C00 FF block[edit source]
followed by large FF block
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0FD64C00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0FD64C10 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0FD7FFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0FD7FFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0FD80000 data block[edit source]
followed by large data block
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0FD80000 A1 A6 19 39 40 F7 D5 66 0C D6 75 51 15 0D B3 CA ¡¦.9@÷Õf.ÖuQ..³Ê 0FD80010 2D 57 87 94 59 5A B8 EE 24 A9 63 FA 58 31 BA 58 -W‡”YZ¸î$©cúX1ºX [...] 0FDAD1E0 13 9F 31 B5 79 44 0C 26 37 8C 3B B1 20 DB 09 AD .Ÿ1µyD.&7Œ;± Û. 0FDAD1F0 D0 7B AD 48 EB 8C 6E 9D BF A9 95 9D 87 E0 64 0B Ð{HëŒn.¿©•.‡àd.
0FDAD200 FF block[edit source]
followed by large FF block
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0FDAD200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0FDAD210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0FE7FFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0FE7FFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0FE80000 repeative 0x200 00 blocks / 0x200 FF blocks[edit source]
then at 0FE80000 [ 00 block of 0x200 length, followed by FF block of 0x200 length ] X repeated until 0x0FEBF5FF
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0FE80000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0FE80010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0FEBF5E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0FEBF5F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0FEBFE00 FF block[edit source]
followed by large FF block until EOF
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0FEBFE00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0FEBFE10 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0FFFFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0FFFFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
NAND reference (bluemimmo)[edit source]
CECHA-06/COK-001 with 3.60 OFW
VTRM[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00D80000 53 43 45 49 56 54 52 4D 00 00 00 00 00 00 00 A8 SCEIVTRM.......¨ 00D80010 00 00 00 00 00 E8 02 00 00 00 00 00 00 00 00 28 .....è.........( 00D80020 00 00 00 00 56 54 52 4D 00 00 00 00 00 00 00 04 ....VTRM........ 00D80030 DD 8F ED 9A 82 76 B5 2C 2A 99 A2 ED E3 AF B8 4E Ý.íš‚vµ,*™¢í㯸N 00D80040 F9 F6 0F CE 00 00 00 00 00 00 00 00 00 E8 27 20 ùö.Î.........è' 00D80050 00 00 00 00 00 00 00 60 00 00 00 00 00 00 09 20 .......`....... 00D80060 04 00 00 00 02 00 00 05 10 70 00 05 FF 00 00 01 .........p..ÿ... 00D80070 9D 2B 1C B4 04 09 59 5C 7B 6A A6 F6 B4 BB A6 FF .+.´..Y\{j¦ö´»¦ÿ 00D80080 CA C2 B0 E9 34 3E 39 3C F4 1D 00 E8 B5 42 89 D7 Ê°é4>9<ô..èµB‰× 00D80090 C5 12 67 F3 A2 DD 9B 5E AF A1 FE DB 19 27 C9 CB Å.gó¢Ý›^¯¡þÛ.'ÉË 00D800A0 4F DE D5 CF 7A B2 C2 7B 8C 44 BE 99 54 DB 99 93 OÞÕÏz²Â{ŒD¾™TÛ™“ 00D800B0 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ 00D800C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00D800D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00D800E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00D800F0 FF FF FF FF FF FF FF FF 00 00 00 00 00 EB E4 8C ÿÿÿÿÿÿÿÿ.....ëäŒ 00D80100 00 00 00 00 00 00 00 14 86 1E A7 45 DB 22 16 01 ........†.§EÛ".. 00D80110 EF 94 71 06 CD 91 7B 0F 95 D1 36 71 FF FF FF FF ï”q.Í‘{.•Ñ6qÿÿÿÿ 00D80120 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
cell_ext_os_area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E780000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ note: no cell_ext_os_area, 0CC00000-0FFFFFFF region filled with big blocks of FF 0E780010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ because firmware version 3.60 has no otheros. [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ large FF filled block region 0FFFFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0FFFFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
NAND reference CECHG04/SEM-001(sinsizer)[edit source]
ros0: OFW 4.40
ros1: OFW 4.31
metldr: 0E77 => E7B0
bootldr: 2E8C => 2E900
post VTRM / pre cell_ext_os_area[edit source]
Same structure as the other till 00F42000
00F42000 data area (size 0xC065600)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00F42000 AB 0E 33 D0 51 66 AA DD DA A0 F1 C3 CC 22 98 61 «.3ÐQfªÝÚ ñÃÌ"˜a 00F42010 25 51 0C 1C FC 9B 56 AA 85 4E B1 C5 CA 73 01 3C %Q..ü›Vª…N±ÅÊs.< [...] 0CFA75E0 73 49 FA 50 54 D5 1C B3 5E 84 E3 7E D9 4B BE 11 sIúPTÕ.³^„ã~ÙK¾. 0CFA75F0 99 DB C4 35 64 B5 BA CA 31 0A 0F 9E 58 B6 41 78 ™ÛÄ5dµºÊ1..žX¶Ax
0CFA7600 unreferenced area (size 0x398A00)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0CFA7600 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0CFA7610 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0D33FFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D33FFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00D340000 - 00D34F9FF (0x200 Blocks)[edit source]
0x200 data and unreferenced Blocks.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D340000 F8 71 BD A7 B0 58 54 75 98 00 34 AC 55 06 3C 26 øq½§°XTu˜.4¬U.<& 0D340010 25 3A 5A 86 31 4D 36 97 3C E6 83 4E 2B 10 5A 6D %:Z†1M6—<æƒN+.Zm [...] 0D3401E0 A7 40 E6 4B 2A B3 16 61 9F D3 99 96 7A 36 5B 26 §@æK*³.aŸÓ™–z6[& 0D3401F0 92 4B C1 03 91 9F 27 1F 16 49 8C 25 7E B9 6B E2 ’KÁ.‘Ÿ'..IŒ%~¹kâ 0D340200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D340210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0D3403E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D3403F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D340400 31 C0 2C 69 BA 50 73 00 AE D6 37 73 13 B9 9B A9 1À,iºPs.®Ö7s.¹›© 0D340410 DF 7C 01 C2 FD 2C E8 0F BB 4D AE BA C9 D0 F6 A9 ß|.Âý,è.»M®ºÉÐö© . . each Block (size 0x200) . 0D34F200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D34F210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 3 FF Blocks (size 0x600) 0D34F7E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D34F7F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D34F800 56 C9 9C 33 15 EA 73 27 08 57 40 B1 85 0A BF 10 VÉœ3.ês'.W@±….¿. 0D34F810 1A 23 30 CC 84 1D 61 A4 7E AB FA 54 3C 86 A3 19 .#0Ì„.a¤~«úT<†£. [...] 1 Block (size 0x200) 0D34F9E0 7E 62 C6 B5 A4 98 1C 3C 16 C5 4E DF 62 B9 47 E9 ~bƵ¤˜.<.ÅNßb¹Gé 0D34F9F0 23 82 19 D0 2E 36 DF DF D6 CA AA 5D C5 B6 07 DF #‚.Ð.6ßßÖʪ]Ŷ.ß
0D34FA00 unreferenced area (size 0x3B0600)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D34FA00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D34FA10 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0D6FFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D6FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0D700000 data area (size 0x200)[edit source]
Also found at 0F700000 (missing cell_ext_os_area header) and 0CF00000 (with cell_ext_os_area header)
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D700000 4C 21 70 8F DF 1C 65 49 23 E5 2C C1 D4 09 CC 71 L!p.ß.eI#å,ÁÔ.Ìq 0D700010 F1 05 2E 4D 41 FF 88 D9 F2 E3 FE 84 7C F6 A3 3F ñ..MAÿˆÙòãþ„|ö£? [...] 0D7001E0 A1 15 A8 02 3B 90 62 F2 A6 F1 9A BF 49 21 20 31 ¡.¨.;.bò¦ñš¿I! 1 0D7001F0 16 5F 29 CD A5 50 B8 79 7D 15 11 94 B6 8C 27 87 ._)Í¥P¸y}..”¶Œ'‡
0D700200 unreferenced area (size 0x1E00)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D700200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D700210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0D701FE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D701FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0D702000 data area (size 0x4D200)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D702000 B4 88 04 F1 A5 9C E7 64 BD 35 0A 91 7E 60 B7 B5 ´ˆ.ñ¥œçd½5.‘~`·µ 0D702010 42 66 0A 14 1E 66 30 B8 CB 0B D3 81 61 F0 CE 99 Bf...f0¸Ë.Ó.aðΙ [...] 0D74F1E0 43 B5 D3 F8 57 20 D6 7F 75 5C B5 DF 28 81 32 0A CµÓøW Ö.u\µß(.2. 0D74F1F0 C1 3F E5 FE 1B BF 05 5D DA DC C2 B6 76 05 AD F1 Á?åþ.¿.]Úܶv..ñ
0D74F200 unreferenced area (size 0x600)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D74F200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D74F210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0D74F7E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D74F7F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0D74F800 data area (size 0x42200)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D74F800 56 C9 9C 33 15 EA 73 27 08 57 40 B1 85 0A BF 10 VÉœ3.ês'.W@±….¿. 0D74F810 1A 23 30 CC 84 1D 61 A4 7E AB FA 54 3C 86 A3 19 .#0Ì„.a¤~«úT<†£. [...] 0D7919E0 32 0D A4 EC 6D 5B F8 E3 42 55 E2 FF 69 46 C0 4F 2.¤ìm[øãBUâÿiFÀO 0D7919F0 98 F0 D8 AB 7C 76 D2 09 F3 2F 09 4B CE 99 76 23 ˜ðØ«|vÒ.ó/.KΙv#
0D791A00 unreferenced area (size 0x600)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D791A00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D791A10 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0D791FE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D791FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0D792000 data area (size 0x200)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D792000 8E 24 22 F5 99 B7 B2 FE 1A 02 8D 1D 03 42 ED 56 Ž$"õ™·²þ.....BíV 0D792010 51 E6 C3 A0 AE BA 27 0B E2 29 14 D3 3F 05 AF C1 Qæà ®º'.â).Ó?.¯Á [...] 0D7921E0 99 F5 22 6D CD D3 04 FA 76 34 8D 85 66 5B 7A CD ™õ"mÍÓ.úv4.…f[zÍ 0D7921F0 69 88 06 85 F2 AD 62 3C 3B 31 A3 CE C2 40 51 C2 iˆ.…ò.b<;1£ÎÂ@QÂ
0D792200 unreferenced area (size 0x600)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D792200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D792210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0D7927E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D7927F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0D792800 data area (size 0x200)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D792800 4A BE BF 27 59 AA FF 01 83 06 36 04 E6 AA E2 74 J¾¿'Yªÿ.ƒ.6.æªât 0D792810 8E CF 92 2F CC 40 16 01 FE 66 97 D0 EA B4 B9 04 ŽÏ’/Ì@..þf—Ðê´¹. [...] 0D7929E0 27 3C 22 2B 61 67 95 58 FF D0 E3 30 11 40 80 9F '<"+ag•XÿÐã0.@€Ÿ 0D7929F0 5E 19 19 D5 A8 98 E9 28 D9 D9 40 F8 BA 30 72 27 ^..Õ¨˜é(ÙÙ@øº0r'
0D792A00 unreferenced area (size 0xBED800)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D791A00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D791A10 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0E3801E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E3801F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0D340000 - 0D34F9FF (0x200 Blocks)[edit source]
Maybe backup blocks or bad mapping. Data Blocks are equal to prior data blocks. Seen in 0D74F800 data area.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E380200 53 5A F5 55 DE 8E 6A 78 AC 78 DB 9B 3A EF 13 9A SZõUÞŽjx¬xÛ›:ï.š 0E380210 D7 D2 13 70 B2 05 C9 A0 81 E3 CF B9 41 CF 25 1B ×Ò.p².É .ãϹAÏ%. [...] 0E3803E0 41 76 D4 0E 1C 99 C8 11 8B B4 45 12 E1 FD C2 0F AvÔ..™È.‹´E.áýÂ. 0E3803F0 44 7B C7 0C E9 9A A4 F9 91 94 CD C8 91 F8 47 75 D{Ç.隤ù‘”ÍÈ‘øGu 0E380400 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E380410 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0E3805E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E3805F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E380600 F6 F8 1B 33 21 1F 32 E4 FE 9E 3D 19 21 66 3B A2 öø.3!.2äþž=.!f;¢ 0E380610 7F 85 CB 4C 91 8E F7 A1 C2 DC 18 C3 5D 50 C2 D8 .…ËL‘Ž÷¡ÂÜ.Ã]PÂØ . . 0x200 Blocks FF and data areas repepeats till 0E38FFFF . 0E38FFE0 35 3F C1 7E E3 19 83 D8 C8 20 81 71 D8 1D 21 6E 5?Á~ã.ƒØÈ .qØ.!n 0E38FFF0 07 11 D2 3E 19 24 A9 BC 24 4B 46 3D 16 16 0C 65 ..Ò>.$©¼$KF=...e
0E390000 unreferenced area (size 0x370000)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E390000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E390010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0E6FFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E6FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0E700000 data area (size 0x200)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E700000 64 F0 28 49 C5 4F ED 7B AE D7 88 C9 22 64 1E 69 dð(IÅOí{®×ˆÉ"d.i 0E700010 3C 7E 94 3C 35 4D 80 F7 37 AB A7 20 D7 C6 C8 C7 <~”<5M€÷7«§ ×ÆÈÇ [...] 0E7001E0 39 C5 4C ED 8C C7 CE 08 EE 0B FD E7 69 85 F2 28 9ÅLíŒÇÎ.î.ýçi…ò( 0E7001F0 7C FD F2 9C 7D 2D D3 E1 2A B8 6F 19 FF 25 F8 BC |ýòœ}-Óá*¸o.ÿ%ø¼
0E700200 unreferenced area (size 0x1E00)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E700200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E700210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0E701FE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E701FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0E700000 data area (size 0x59A00)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E702000 A2 DC 30 17 47 6D E1 53 18 F9 DB D8 9D 87 27 5E ¢Ü0.GmáS.ùÛØ.‡'^ 0E702010 3D C6 C6 E7 D9 DC 86 E5 39 53 D1 7F 7C 12 3A 7E =ÆÆçÙ܆å9SÑ.|.:~ [...] 0E75B9E0 A2 E6 63 4F CA 80 E0 D0 A1 59 A5 B3 47 8F 73 F1 ¢æcOÊ€àСY¥³G.sñ 0E75B9F0 C6 68 5E A6 57 72 00 CE B7 97 B1 C1 78 2A 26 9A Æh^¦Wr.η—±Áx*&š
0E75BA00 unreferenced area (size 0x24600)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E75BA00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E75BA10 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0E77FFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E77FFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
cell_ext_os_area[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E780000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ missing header 0E780020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0E7801F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780200 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF ....ÿÿÿÿÿÿÿÿÿÿÿÿ 0E780210 00 00 00 03 FF FF FF FF FF FF FF FF FF FF FF FF ....ÿÿÿÿÿÿÿÿÿÿÿÿ 0E780220 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF ..........ÿÿÿÿÿÿ 0E780230 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF ............ÿÿÿÿ 0E780240 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ 0E780250 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0E7807E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E7807F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
OtherOS[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E780800 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780810 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0EB021E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0EB021F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0EB02200 - 0EB05FFF data area (0x200 Blocks)[edit source]
Maybe backup blocks or bad mapping. Data blocks are equal to prior data blocks. Seen in 0D702000 data area.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0EB02200 18 FF 37 DF F2 B3 82 82 8C 20 E8 79 05 8B 18 89 .ÿ7ßò³‚‚Œ èy.‹.‰ 0EB02210 39 4D B7 8C 3D 5D 0B 7F E3 80 C8 4F E3 FB 99 46 9M·Œ=]..ã€ÈOãû™F [...] 0EB023E0 EF FB F0 37 9C B9 F8 B1 1B 04 BA 3A 5B C3 F6 6D ïûð7œ¹ø±..º:[Ãöm 0EB023F0 0D C5 F2 A1 FB 8E 06 A8 43 76 BD 8B 86 23 40 EF .Åò¡ûŽ.¨Cv½‹†#@ï 0EB02400 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0EB02410 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ . . 0x200 Blocks FF and data areas repepeats till 0EB05FFF . 0EB05FE0 75 9A 64 74 57 DA 61 DD 8C 90 AF D4 A9 E6 8B 9B ušdtWÚaÝŒ.¯Ô©æ‹› 0EB05FF0 10 A5 44 0F 53 F1 67 96 C8 A1 1D 22 48 54 31 25 .¥D.Sñg–È¡."HT1%
0EB06000 unreferenced area (size 0x4FA000)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0EB06000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0EB06010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0EFFFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0EFFFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
bootldr[edit source]
Flash:bootldr @ 0xF000000 - 0xF03FFFF
unreferenced area[edit source]
0F040000 unreferenced area (size 0xB00000)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0FB3FFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0FB3FFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0FB3FFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0FB3FFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0F700000 data area (size 0x200)[edit source]
Seen in 0D700000 data area. Maybe backup block or bad mapping.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0F700000 4C 21 70 8F DF 1C 65 49 23 E5 2C C1 D4 09 CC 71 L!p.ß.eI#å,ÁÔ.Ìq 0F700010 F1 05 2E 4D 41 FF 88 D9 F2 E3 FE 84 7C F6 A3 3F ñ..MAÿˆÙòãþ„|ö£? [...] 0F7001E0 A1 15 A8 02 3B 90 62 F2 A6 F1 9A BF 49 21 20 31 ¡.¨.;.bò¦ñš¿I! 1 0F7001F0 16 5F 29 CD A5 50 B8 79 7D 15 11 94 B6 8C 27 87 ._)Í¥P¸y}..”¶Œ'‡
F700200 unreferenced area (size 0x1E00)[edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0F700200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0F700210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] 0F701FE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0F701FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0F702000 - F705DFF (0x200 Blocks)[edit source]
As before alternating 0x200 datablocks and ff blocks. Data seen in prior 0D702000 data area.
The whole section till the end contains these 0x200 blocks of data and FF. Some bigger FF gaps in between.
Hidden value in VTRM (NOR Flash)[edit source]
- from offset 0xEDD748 count 199 (0xC7) values of a 0x14 byte value (hash1) until you reach 0xEDE6D4, where you'll find another 0x14 byte value (hash2)
- from there, count 520 (321 + 199) values of the same repeated 0x14 byte value until you reach the second offset where you'll find the same hash of the first 199 step count (you can just search for the value to encounter it faster).
- in the area in the middle there's a third 0x14 value (hash3) at offset 0xEE4010 (repeated also twice in each vtrm)
maybe these are all sha1 hashes of something?
- 0xEE4010 should be an sha1 of root hsec, if syscon sends different hsec the sha1 wont match to VTRM it will lead to an RSOD. (root hash/ root hsec - srh)
- vtrm table is almost equally build up like PFD files.
Experiments (with above hashes)[edit source]
- replacing both hash 2 with either hash3 or hash1 doesn't result in RSOD. why? (possibly hash1 and hash3 are fallback hashes?)
- filling hash2 with any other value besides hash1/2/3 in hash2 WILL result in RSOD
- no considerable changes found with experiment. most considerable changes would happen when the guilty is hardware and not software.
- hash_repeated:hmac_sha1(srk,empty data)
- hash_hidden:hmac_sha1(srk,0x58 bytes of empty sector)
- srh is the hash of the signature table (the giant table with the repeated hashes and the hidden one) hashed with srk key
- header hash is just a hmac sha1 of hmac sha1 of vtrm section without header (0x28 bytes) and signature table(again, with srk key, hashed twice)
RAW NAND + bad blocks[edit source]
Each page of a block has 2048 bytes of data plus a 64 bytes oob (out of bounds) or spare area. This oob area contains 4*14 bytes ecc data for 4*512 bytes of actual data (of which 10 bytes are the actual ecc plus 4 unknown bytes). It totally unrelated to bad blocks. The remaining 8 bytes of oob contain eg. information of block status (good or bad) and the block mapping (physical block location in nand mapped to logical block location in merged dump).
The PS3 has many different ways of doing this depending on the location of bad blocks. That's where flowrebuilder fails, because it doesn't know all the different ways of doing it (if it doesn't fail it means it had bad blocks in a way that Flowrebuilder understands).
As requoted from NORpatch[edit source]
*** All credits go to "RPS" who developed/reversed the ECC algo (according to Flow Rebuilder title). ***
The algo was like forever available in Flow Rebuilder, but it was only used to create new ECCs for patched dumps. I actually don't know why there's no "checking" function. I've been using it for over a year now to validate nand dumps, cause it's a handy *additional* verification step. I've been asked many times to release this, but I didn't develop the algo, so I never did. Since the Flow Rebuilder source code is floating around anyway, I figured what the heck. Feel free to complain.. :P
It's important to understand what ECC (Error Correcting Code) is and what it does (and more importantly - what it doesn't do!):
- A PS3 NAND has a 10 byte ECC for each 512 byte sector.
- The PS3 uses the ECC to detect and correct errors (as everything with Sony it's a propriatary algo, but commonly a 10 byte ECC can correct up to 4 invalid bytes).
- RPS' implementation can only be used to detect errors, not to correct them!
Where ECC fails:
- Your flasher returned all 0xFF for a sector/page/block instead of correct data. This won't be detected by ECC, as the ECC for 512 * 0xFF = 10 * 0xFF.
- Your flasher swapped pages while dumping, e.g. page 0 is located at the offset of page 1 and vice versa. The ECC will be correct, but the dump is still invalid.
What do you do when there are ECC errors?
- ECC errors are normal and it does happen that a NAND cell loses its content. Usually the PS3 will correct the error.
- As a rule of thumb you can say that up to 10 errors per dump are a valid range. If you get significantly more than that, you should worry (in case of a bad dump, you'll usually get hundreds of errors - or no errors at all if your dump is just 0xFF's :) ).
- When there're 10 or less errors, check the location of the errors - this requires some calculation: you'll get a block number for the error, which is the physical block in your raw dump. You have to convert this physical block number to a logical offset in your merged dump generated by Flow Rebuilder. When unscrambling dumps, Flow Rebuilder will create a text file called "nand0_phy_mapping.txt" and "nand1_phy_mapping.txt". Open the file that corresponds to the dump you've checked for ECC errors (0=top, 1=bottom). First column is the physical block, second column is the logical block. Locate the physical block number reported by the ECC check, take the corresponding (decimal) logical block number and multiply it with 0x40000 (hex). The result is the offset in your merged dump. Anything from 0x00C0000 to 0x0EBFFFF (ROS 0/1) and from 0x0F00000 to 0xEFFFFFF (VFlash) can usually be ignored. For everything else you should worry.
In general:
- Always make multiple dumps and file compare them!
- ECC checks don't eliminate the need for additional validation!
- Additionally use one or all of the awesome dump validators out there! "norpatch" is not a full-fletched validator!
- I personally use BwE, especially because it will catch the 0xFF ECC issue mentioned before with its repetition check (I guess Swizzy's tool does this as well now).
Flash Samples[edit source]
Reference flash dumps[edit source]
- 3.55 kmeaw, 2.80 backup: http://www.megaupload.com/?d=J5UKO3HX
- 3.66 ofw: http://www.mediafire.com/?m7m4mppro66zib5
User flashdumps[edit source]
Here are some samples of NOR Flash for your dissection. These are taken from different consoles (because it is useless to dump different firmware versions as ROS/RVK will be the same crossconsole)
SKU | bootldr | metldr | ROS0 | ROS1 | Link | Note |
---|---|---|---|---|---|---|
PS3 Phat: | ||||||
CECHA | ||||||
CECHB | ||||||
CECHC | ||||||
CECHE | ||||||
CECHG | ||||||
CECHH | ||||||
CECHJ | ||||||
CECHK | ||||||
CECHL | [1] | 3.55-Rogero CECHL03 | ||||
CECHL | [2] | 3.56 CECHL03 | ||||
CECHL | [3] | 3.70 CECHL03 | ||||
CECHM | ||||||
CECHP | ||||||
CECHQ | ||||||
PS3 Slim: | ||||||
CECH-20xx | 3.65 | 3.55 | [4] | 3.65 CECH-2008 A | ||
CECH-20xx | 3.56 | 3.56 | [5] | 3.56 CECH-2008 B | ||
CECH-20xx | 3.42 | 3.70 | [6] | 3.70 CECH-2008 B | ||
CECH-20xx | 3.72 | 4.00 | [7] | 4.00 CECH-2008 B | ||
CECH-21xx | ||||||
CECH-25xx | 3.66 | 3.56 | [8] | 3.60 CECH-2508 B | ||
CECH-25xx | 3.66 | 3.72 | [9] | 3.72 CECH-2508 B | ||
CECH-30xx |
Flash checking / extraction[edit source]
Community projects[edit source]
- http://www.ps3hax.net/showthread.php?t=50677
- https://github.com/Swizzy/PS3DumpChecker
- flash_ident.c: http://pastie.org/private/vlrxgaawtbqwggyv4ggwg
Generic Recommendations[edit source]
- The information in this wiki was given [freely by many volunteers] ; it would be most fair to release any program based on it, as opensource with the community accordingly (tip: public git-repo).
- Please link to wiki so that others might improve the code and also know on what information it is based as well as other informative pages.
- Feel free to ask questions on the talkpages when having trouble understanding mainpage or when not knowing what to check for.
- Make checkers/extractors bytedirection aware and byteswap when needed
- There are several flash dumptypes that can exist (besides the normal full ones):
- NAND
- Software dump without any bootldr and with or without masking (old software flashdump and Preloader)
- Software dump with only one bootldr (Memdump)
- Hardware dump with both bootldr (normal full dump)
- NOR
- Software dumps (Preloader)
- Hardware dumps (normal full dump)
- NAND
- Do not take shortcuts. Make users aware if any section is not checked (yet)
- Use dynamic sections whenever possible (will make it easier to port from NAND <> NOR, be more robust in checking, make it more future/history proof)
- Check if data-/file-sections are uninterupted (multirepetive 00 or FF)
- Check for known static values
- When values are semistatic, consider checking with wildcard /range masks
- Make the user aware of any anomalies (in red/bold)
- Output generic information (version, console info, minver etc)
- Check for downgradeability
- Check statistics in range with known FW versions (3.55 is considered base on wiki unless documented)
With / Without[edit source]
- Flash Without EID5 : Boots Fine
- Flash Without EID0 Sections 1 2 3 4 5 7 8 9 and With Sections 0 6 A : Boots Fine
- Flash With only MAC Address on cISD and Header: Boots Fine
Experimental tables[edit source]
type | Regions | Start Offset | Length | Notes | |||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Hex | Blocks | Bytes | Hex | Blocks | Bytes | ||||||
gen | Second Region |
Partition table | 0FACE0FF DEADFACE | ||||||||
gen | erased bytes | ||||||||||
gen | region 0 | missing | |||||||||
gen | region 1 | CELL_EXTNOR_AREA | |||||||||
gen | region 2 | CRL1 | |||||||||
gen | DRL1 | ||||||||||
gen | CRL2 | ||||||||||
gen | DRL2 | ||||||||||
pc | bootldr |
Erasing blocks[edit source]
The PS3 erases blocks in chunks of 0x40000 bytes, this is a sample of how the blocks are erased in a ros area (with offsets relatives to the start of the ros area):
Erase block 0 begins 0x0 Erase block 1 begins 0x40000 Erase block 2 begins 0x80000 Erase block 3 begins 0xC0000 Erase block 4 begins 0x100000 Erase block 5 begins 0x140000 Erase block 6 begins 0x180000 Erase block 7 begins 0x1C0000 Erase block 8 begins 0x200000 Erase block 9 begins 0x240000 Erase block 10 begins 0x280000 Erase block 11 begins 0x2C0000 Erase block 12 begins 0x300000 Erase block 13 begins 0x340000 Erase block 14 begins 0x380000 Erase block 15 begins 0x3C0000 Erase block 16 begins 0x400000 Erase block 17 begins 0x440000 Erase block 18 begins 0x480000 Erase block 19 begins 0x4C0000 Erase block 20 begins 0x500000 Erase block 21 begins 0x540000 Erase block 22 begins 0x580000 Erase block 23 begins 0x5C0000 Erase block 24 begins 0x600000 Erase block 25 begins 0x640000 Erase block 26 begins 0x680000 Erase block 27 begins 0x6C0000