Talk:Flash: Difference between revisions
Line 810: | Line 810: | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
0E780000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ No cell_ext_os_area magic present | |||
0E780010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ no header, FF filled instead | |||
0E780020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
0E780030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
0E780040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 0E780040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ |
Revision as of 16:23, 23 April 2013
List of files on NOR Flash (OLD/historic)
Note: this is the old table that defyboy made, a more current one with absolute values and for all firmware versions is on the Flash mainpage
The following is a list of files stored in NOR Flash
Name | TOC | Start Offset | End Offset | Size | Notes | |||
---|---|---|---|---|---|---|---|---|
Offset | Index | Relative | Absolute | Relative | Absolute | |||
asecure_loader | 0x400 | 0 | 0x400 | 0x810 | 0x2E800 | 0x2F010 | 0x2E800 (190,464 bytes) | aka metldr |
eEID | 0x400 | 1 | 0x2EC00 | 0x2F010 | 0x3EC00 | 0x3F010 | 0x10000 (65,636 bytes) | (IDPS @ offset 0x0002F070 absolute / 0x00000070 inside eEID ) |
cISD | 0x400 | 2 | 0x3EC00 | 0x3F010 | 0x3F400 | 0x3F810 | 0x800 (2,048 bytes) | |
cCSD | 0x400 | 3 | 0x3F400 | 0x3F810 | 0x3FC00 | 0x40010 | 0x800 (2,048 bytes) | |
trvk_prg0 | 0x400 | 4 | 0x3FC00 | 0x40010 | 0x5FC00 | 0x60010 | 0x20000 (131,072 bytes) | |
trvk_prg1 | 0x400 | 5 | 0x5FC00 | 0x60010 | 0x7FC00 | 0x80010 | 0x20000 (131,072 bytes) | |
trvk_pkg0 | 0x400 | 6 | 0x7FC00 | 0x80010 | 0x9FC00 | 0xA0010 | 0x20000 (131,072 bytes) | |
trvk_pkg1 | 0x400 | 7 | 0x9FC00 | 0xA0010 | 0xBFC00 | 0xC0010 | 0x20000 (131,072 bytes) | |
ros0 | 0x400 | 8 | 0xBFC00 | 0xC0010 | 0x7BFC00 | 0x7C0010 | 0x700000 (7,340,032 bytes) | Contains CoreOS files |
ros1 | 0x400 | 9 | 0x7BFC00 | 0x7C0010 | 0xEBFC00 | 0xEC0010 | 0x700000 (7,340,032 bytes) | Contains CoreOS files |
cvtrm | 0x400 | 10 | 0xEBFC00 | 0xEC0010 | 0xEFFC00 | 0xF00010 | 0x40000 (262,144 bytes) | |
CELL_EXTNOR_AREA | 0xF20000 | 0xFA0040 | 0x80040 (524,352 bytes) | |||||
bootldr | 0xFC0000 | 0xFEEAF0 | 0x2EAF0 (191,216 bytes) | End @ FEF170, FEF570, FEF5F0, FEF600 in some dumps |
new metldr.2
Seen on CECH2504B (JSD-001), with 3.60 from factory - datecode 1B
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00000800 00 00 00 01 00 00 00 01 00 00 00 00 00 02 E8 00 ..............è. 00000810 00 00 00 00 00 00 00 40 00 00 00 00 00 00 F9 20 .......@......ù 00000820 6D 65 74 6C 64 72 2E 32 00 00 00 00 00 00 00 00 metldr.2........ 00000830 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000840 00 00 0F 8E 6E D7 BC D8 1F 11 EA 34 42 5F 9B 9D ...Žn×¼Ø..ê4B_›. 00000850 00 00 0F 8E 8C 21 5D 5F D0 B4 50 07 6A DD 21 DF ...ŽŒ!]_дP.jÝ!ß Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0002F070 00 00 00 01 00 85 00 0B 10 24 39 B7 2C BA A8 5E .....…...$9·,º¨^
vflash partition table
Done some work on decoding region 2 today: Region 2 seems to = vflash partition table? These might be the first 2 regions? partition table is 4096 bytes. Format: 16 bytes 00's 16 bytes magic: 00 00 00 00 0F AC E0 FF 00 00 00 00 DE AD FA CE 8 bytes 0x03 8 bytes 0x02 (number of paritions?) 144 bytes 00's Partition entries: 8 bytes entry point (entry point * 0x200) relative to 0x00 on flash 8 bytes entry length (entry length * 0x200) 32 bytes 10 70 00 00 01 00 00 01 00 00 00 00 00 00 00 03 10 70 00 00 02 00 00 01 00 00 00 00 00 00 00 03 96 bytes 00's
Dumping your flash
There are many ways you can dump your flash you can choose the way that best fits you, there are some persons studing the flash.. If you can help providing a dump (specially if you have a debug console) search for those persons in IRC Efnet #ps3dev
Payload
Uncomment dump_dev_flash() in graf_payloads compile and run the payload
see Graf's_PSGroove_Payload for more info
Linux
Using graf_chokolo kernel with /dev/ps3nflasha access
dd if=/dev/ps3nflasha of=NOR.BIN bs=1024
Hardware
Dump NAND/NOR from GameOS
precompiled : dump_flash.pkg // backup/mirror: dump_flash.pkg (70.48 KB)
source: dump_flash-src.rar (2.33 KB)
Make sure USB stick is FAT32 with enough free space (16MB per NOR dump, 256MB per NAND dump)
remarks:
- NAND dumps are 239MB because HV masks bootldr, see Hardware flashing #Difference between hardware dumps and software dumps
- trying to read beyond 0xEFC0000-0xFFFFFFF on NAND systems (a region filled with FF's on consoles without OtherOS) results in panic
NOR Unpacking // NOR Unpkg
/* # ../norunpkg norflash.bin norflash unpacking asecure_loader (size: 190xxx bytes)... unpacking eEID (size: 65536 bytes)... unpacking cISD (size: 2048 bytes)... unpacking cCSD (size: 2048 bytes)... unpacking trvk_prg0 (size: 131072 bytes)... unpacking trvk_prg1 (size: 131072 bytes)... unpacking trvk_pkg0 (size: 131072 bytes)... unpacking trvk_pkg1 (size: 131072 bytes)... unpacking ros0 (size: 7340032 bytes)... unpacking ros1 (size: 7340032 bytes)... unpacking cvtrm (size: 262144 bytes)... */ // Copyright 2010 Sven Peter // Licensed under the terms of the GNU GPL, version 2 // http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt // nor modifications by rms. #include "tools.h" #include "types.h" #include <stdio.h> #include <string.h> #include <stdlib.h> #include <unistd.h> #include <sys/stat.h> #ifdef WIN32 #define MKDIR(x,y) mkdir(x) #else #define MKDIR(x,y) mkdir(x,y) #endif u8 *pkg = NULL; static void unpack_file(u32 i) { u8 *ptr; u8 name[33]; u64 offset; u64 size; ptr = pkg + 0x10 + 0x30 * i; offset = be64(ptr + 0x00); size = be64(ptr + 0x08); memset(name, 0, sizeof name); strncpy((char *)name, (char *)(ptr + 0x10), 0x20); printf("unpacking %s (size: %d bytes)...\n", name, size); memcpy_to_file((char *)name, pkg + offset, size); } static void unpack_pkg(void) { u32 n_files; u64 size; u32 i; n_files = be32(pkg + 4); size = be64(pkg + 8); for (i = 0; i < n_files; i++) unpack_file(i); } int main(int argc, char *argv[]) { if (argc != 3) fail("usage: norunpkg filename.nor target"); pkg = mmap_file(argv[1]); /* kludge for header, i do not do sanity checks at the moment */ pkg += 1024; MKDIR(argv[2], 0777); if (chdir(argv[2]) != 0) fail("chdir"); unpack_pkg(); return 0; }
Source: http://rms.grafchokolo.com/?p=25
Changed version for Progskeet: http://pastebin.com/HNvCbF7d
RMS - eEID splitter
#include <stdio.h> #include <stdlib.h> #include <string.h> void DumpEidData (FILE * pFile, int iInputSize, int iEidCount, char *pFilenamePrefix) { FILE *pOutput; char *szFilename; char *szBuf; int iRes, iSize; printf ("dumping EID%d from eEID at %p, size %d (%x)..\n", iEidCount, pFile, iInputSize, iInputSize); szBuf = (char *) malloc (iInputSize + 1); szFilename = (char *) malloc (strlen (pFilenamePrefix) + 2); if (szBuf == NULL) { perror ("malloc"); exit (1); }; iSize = fread (szBuf, iInputSize, 1, pFile); sprintf (szFilename, "%s%d", pFilenamePrefix, iEidCount); pOutput = fopen (szFilename, "wb"); iRes = fwrite (szBuf, iInputSize, 1, pOutput); if (iRes != iSize) { perror ("fwrite"); exit (1); }; free (szBuf); } int main (int argc, char **argv) { FILE *pFile; char *pPrefix; pFile = fopen (argv[1], "rb"); if (pFile == NULL) { usage: printf ("usage: %s <eEID> <EID name prefix>\n", argv[0]); exit (1); } if (argc == 2 && argv[2] != NULL) { pPrefix = argv[2]; goto usage; } fseek (pFile, 0x70, SEEK_SET); if (pPrefix != NULL) { DumpEidData (pFile, 2144, 0, pPrefix); DumpEidData (pFile, 672, 1, pPrefix); DumpEidData (pFile, 1840, 2, pPrefix); DumpEidData (pFile, 256, 3, pPrefix); DumpEidData (pFile, 48, 4, pPrefix); DumpEidData (pFile, 2560, 5, pPrefix); } return 0; }
Source: http://rms.grafchokolo.com/?p=59
NAND reference
Note: Beyond VTRM/cell_ext_os_area is pretty much greyarea - needs crosschecking
NAND reference (euss)
CECHC-04/COK-002 Pal EU launchmodel with OFW 3.15 updated to MFW 3.15 (Euss)
VTRM
VTRM in NAND: Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00EC0000 53 43 45 49 56 54 52 4D 00 00 00 00 00 00 00 A8 SCEIVTRM.......¨ 00EC0010 00 00 00 00 00 E8 02 00 00 00 00 00 00 00 00 28 .....è.........( 00EC0020 00 00 00 00 56 54 52 4D 00 00 00 00 00 00 00 04 ....VTRM........ <-- 'VTRM' magic header 00EC0030 FE 6D 0B C4 FA D5 CE DB 93 86 FC A1 32 3B 71 47 þm.ÄúÕÎÛ“†ü¡2;qG <-- same value as 00EC0410 00EC0040 3B A5 C6 F9 C0 00 B6 70 00 00 00 00 00 E8 27 80 ;¥ÆùÀ.¶p.....è'€ <-- first part same value as 00EC0410 00EC0050 00 00 00 00 00 00 00 60 00 00 00 00 00 00 09 20 .......`....... 00EC0060 04 00 00 00 02 00 00 05 10 70 00 05 FF 00 00 01 .........p..ÿ... 00EC0070 0C 1C 05 9C AA B5 97 A5 9C D6 46 2D EA 22 46 BE ...œªµ—¥œÖF-ê"F¾ 00EC0080 D1 84 A9 1E 34 5F E7 90 55 49 11 82 51 9D 4A 3F Ñ„©.4_ç.UI.‚Q.J? 00EC0090 EF 43 19 E8 4F 6A 5B FF DA 31 E9 F0 76 C8 B2 6B ïC.èOj[ÿÚ1éðvȲk 00EC00A0 0B A7 47 8E BE 42 28 9F 2B 88 73 0B A5 B6 F2 1D .§GŽ¾B(Ÿ+ˆs.¥¶ò. 00EC00B0 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ 00EC00C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00EC00D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00EC00E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00EC00F0 FF FF FF FF FF FF FF FF 00 00 00 00 00 EB E4 8C ÿÿÿÿÿÿÿÿ.....ëäŒ 00EC0100 00 00 00 00 00 00 00 14 39 17 52 0B 31 70 F5 05 ........9.R.1põ. 00EC0110 02 5A C6 F8 81 F8 54 96 2F EF F3 81 FF FF FF FF .ZÆø.øT–/ïó.ÿÿÿÿ 00EC0120 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00EC03F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00EC0400 00 00 00 00 56 54 52 4D 00 00 00 00 00 00 00 04 ....VTRM........ 00EC0410 FE 6D 0B C4 FA D5 CE DB 93 86 FC A1 32 3B 71 47 þm.ÄúÕÎÛ“†ü¡2;qG <-- same value as 00EC0030 00EC0420 3B A5 C6 F9 C0 00 B6 70 00 00 00 00 00 00 04 90 ;¥ÆùÀ.¶p........ <-- first part same value as 00EC0040 00EC0430 00 00 00 00 00 00 09 20 00 00 00 00 00 00 00 03 ....... ........ <-- pattern exception 00EC0440 00 00 00 00 00 00 09 20 00 00 00 00 00 00 09 20 ....... ....... <-- repetive pattern until 00EC0440 with some exceptions [...] 00 00 00 00 00 00 09 20 00 00 00 00 00 00 09 20 ....... ....... <-- repetive pattern until 00EC0440 with some exceptions 00EC1930 00 00 00 00 00 00 00 01 00 00 00 00 00 00 09 20 ............... <-- pattern exception [...] 00 00 00 00 00 00 09 20 00 00 00 00 00 00 09 20 ....... ....... <-- repetive pattern until 00EC0440 with some exceptions 00EC21F0 00 00 00 00 00 00 00 02 00 00 00 00 00 00 09 20 ............... <-- pattern exception [...] 00 00 00 00 00 00 09 20 00 00 00 00 00 00 09 20 ....... ....... <-- repetive pattern until 00EC0440 with some exceptions 00EC24F0 00 00 00 00 00 00 09 20 00 00 00 00 00 00 00 00 ....... ........ [...] 00 00 00 00 00 00 09 20 00 00 00 00 00 00 09 20 ....... ....... <-- repetive pattern until 00EC0440 with some exceptions 00EC28B0 00 00 00 00 00 00 09 20 00 00 00 00 00 00 09 20 ....... ....... <-- repetive pattern until 00EC0440 with some exceptions 00EC28C0 00 00 00 00 00 00 09 20 10 70 00 00 02 00 00 01 ....... .p...... 00EC28D0 10 70 00 00 39 00 00 01 22 66 39 B3 0E 7A 1C E7 .p..9..."f9³.z.ç 00EC28E0 68 85 F9 94 A8 30 BE C4 0B 85 D0 92 1E C0 8F 28 h…ù”¨0¾Ä.…Ð’.À.( 00EC28F0 7F 70 ED 15 D6 22 06 24 D9 08 64 0B C0 D7 97 29 .pí.Ö".$Ù.d.À×—) 00EC2900 BE A1 FE 91 D1 F2 D4 88 25 EF 24 86 E0 A3 CB 98 ¾¡þ‘ÑòÔˆ%ï$†à£Ë˜ 00EC2910 AF 17 6F B1 64 A0 56 E5 00 00 00 00 00 00 00 01 ¯.o±d Vå........ 00EC2920 00 00 00 00 00 00 09 20 10 70 00 00 02 00 00 01 ....... .p...... 00EC2930 10 70 00 00 03 00 00 02 F9 D9 6A 84 0C F2 D8 E7 .p......ùÙj„.òØç 00EC2940 D4 44 5C 3C DF D5 DF 0F B8 DC 3E 81 9A A4 71 8F ÔD\<ßÕß.¸Ü>.š¤q. 00EC2950 0A A8 8B 90 1B 2C A1 D1 66 84 AA EE 65 D1 46 9A .¨‹..,¡Ñf„ªîeÑFš 00EC2960 D7 38 83 F2 78 47 D1 8E E5 FA EB 39 CF 26 E8 25 ×8ƒòxGÑŽåúë9Ï&è% 00EC2970 85 DE 3B C6 0B C3 45 D5 00 00 00 00 00 00 00 00 …Þ;Æ.ÃEÕ........ 00EC2980 00 00 00 00 00 00 09 20 04 00 00 00 02 00 00 05 ....... ........ 00EC2990 10 70 00 05 FF 00 00 01 0C 1C 05 9C AA B5 97 A5 .p..ÿ......œªµ—¥ 00EC29A0 9C D6 46 2D EA 22 46 BE D1 84 A9 1E 34 5F E7 90 œÖF-ê"F¾Ñ„©.4_ç. 00EC29B0 55 49 11 82 51 9D 4A 3F EF 43 19 E8 4F 6A 5B FF UI.‚Q.J?ïC.èOj[ÿ 00EC29C0 DA 31 E9 F0 76 C8 B2 6B 0B A7 47 8E BE 42 28 9F Ú1éðvȲk.§GŽ¾B(Ÿ 00EC29D0 2B 88 73 0B A5 B6 F2 1D 00 00 00 00 00 00 00 00 +ˆs.¥¶ò......... 00EC29E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00EF94B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00EF94C0 39 17 52 0B 31 70 F5 05 02 5A C6 F8 81 F8 54 96 9.R.1põ..ZÆø.øT– <-- 0x14 patterned data (table?) 00EF94D0 2F EF F3 81 39 17 52 0B 31 70 F5 05 02 5A C6 F8 /ïó.9.R.1põ..ZÆø [...] 00EFEFE0 02 5A C6 F8 81 F8 54 96 2F EF F3 81 39 17 52 0B .ZÆø.øT–/ïó.9.R. 00EFEFF0 31 70 F5 05 02 5A C6 F8 81 F8 54 96 2F EF F3 81 1põ..ZÆø.øT–/ïó. 00EFF000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00EFF010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00EFFFE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00EFFFF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
post VTRM / pre cell_ext_os_area
00F00000 data area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00F00000 2E B1 47 93 21 AD 45 5C 5B 32 A7 A7 E1 25 04 D0 .±G“!E\[2§§á%.Ð 00F00010 24 45 E1 7E 3C 38 AE 4A 1C 25 21 5B 05 2D A9 15 $Eá~<8®J.%![.-©. [...] 00F00FE0 34 7F 14 93 D2 8D C0 43 06 B7 10 18 BB 28 37 D2 4..“Ò.ÀC.·..»(7Ò 00F00FF0 5B 11 B4 EB 5F 12 0A 98 BC 2B B4 60 A7 89 6F 84 [.´ë_..˜¼+´`§‰o„
00F01000 unreferenced area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00F01000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00F01010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00F3FFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00F3FFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00F40000 data area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00F40000 7E 8B 60 EE E4 2A 29 09 8F 5A E9 4E B8 7F 1E E2 ~‹`îä*)..ZéN¸..â 00F40010 F2 B5 7C C7 03 40 5E EC 87 16 04 A2 26 50 7C C9 òµ|Ç.@^ì‡..¢&P|É [...] 00F401E0 AC D9 A9 C8 BE B7 0E EE 0C E7 1E 73 45 39 70 80 ¬Ù©È¾·.î.ç.sE9p€ 00F401F0 8C 6F 32 06 08 8B CE 3B 80 DE 68 59 D5 25 DD 5A Œo2..‹Î;€ÞhYÕ%ÝZ
00F40200 unreferenced area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00F40200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00F40210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00F41FE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00F41FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00F42000 data area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00F42000 4A 51 35 DF C9 14 A2 40 71 8D 0F 11 8B 50 42 CE JQ5ßÉ.¢@q...‹PBÎ 00F42010 28 92 B5 64 57 B0 1E D2 99 22 38 BC 7A 16 6A 83 (’µdW°.Ò™"8¼z.jƒ [...] large date filled block region 0C1657E0 D5 D5 EE 71 0A B2 72 41 05 05 0B 08 3A 8A 78 04 ÕÕîq.²rA....:Šx. 0C1657F0 E9 2F 40 63 AA 3F 23 22 E9 9D B1 4B 54 11 B4 71 é/@cª?#"é.±KT.´q
0C165800 unreferenced area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0C165800 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0C165810 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D6C1FE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D6C1FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0D6C2000 data area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D6C2000 3B BC 95 72 03 FD 48 1E F2 1C 66 65 0A FB FC EC ;¼•r.ýH.ò.fe.ûüì 0D6C2010 0D 61 5C A0 8F 8F 68 5B 05 A3 85 57 29 53 53 4B .a\ ..h[.£…W)SSK [...] 0D6C9FE0 74 E5 42 98 6E EE E1 41 24 7B B5 FE B5 42 29 C0 tåB˜nîáA${µþµB)À 0D6C9FF0 25 05 C0 2B EE 87 50 40 21 EC A6 E7 0D 5A 3C 2A %.À+î‡P@!ì¦ç.Z<*
0D6CA000 unreferenced area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D6CA000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D6CA010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D6FFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D6FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0D700000 data area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D700000 0E 23 53 34 75 48 81 0F C4 09 16 4C 6C 37 BA E9 .#S4uH..Ä..Ll7ºé 0D700010 5F 51 D9 9A E2 BE 4C 71 AF 00 4C 96 33 DB D5 49 _QÙšâ¾Lq¯.L–3ÛÕI [...] 0D7001E0 8D 4C 8D CD FD D2 B5 52 78 6E 48 B0 88 14 43 36 .L.ÍýÒµRxnH°ˆ.C6 0D7001F0 DA 88 EF 59 73 96 80 13 31 16 E0 CF EB 99 83 2D ÚˆïYs–€.1.àÏ뙃-
0D700200 unreferenced area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D700200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D700210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D701FE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D701FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0D702000 data area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D702000 3C E6 76 41 CE A4 82 BD A3 2B 41 26 1E 25 36 D1 <ævAΤ‚½£+A&.%6Ñ 0D702010 CE B5 51 9C E2 AC A3 DA AB B5 16 13 CA 95 E4 D3 εQœâ¬£Ú«µ..Ê•äÓ [...] 0D891FE0 C3 CA 0D BB 30 7B D2 9A 6D 13 9C 36 BD E3 64 3A ÃÊ.»0{Òšm.œ6½ãd: 0D891FF0 97 FB 9B 9E FE 25 ED 76 FC 77 85 28 C1 CB 37 65 —û›žþ%ívüw…(ÁË7e
0D892000 unreferenced area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D892000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D892010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E6FFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E6FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0E700000 data area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E700000 C7 D7 77 CD 69 D9 1A EC E4 3C F8 8F 25 A5 3E A9 Ç×wÍiÙ.ìä<ø.%¥>© 0E700010 3D EC 43 30 89 1F 98 F1 3F BA F6 AF 9B F5 0E B2 =ìC0‰.˜ñ?ºö¯›õ.² [...] 0E7001D0 09 BC 15 00 64 27 85 8F 0F BC 40 B1 F1 57 61 60 .¼..d'…..¼@±ñWa` 0E7001E0 A4 2B A9 75 E9 C3 25 49 EC 6B 82 10 EE E1 62 BD ¤+©uéÃ%Iìk‚.îáb½ 0E7001F0 B1 A9 C1 69 36 69 14 A5 53 A4 6A 43 0F 37 45 E0 ±©Ái6i.¥S¤jC.7Eà
0E700200 unreferenced area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E700200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E700210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E701FE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E701FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0E702000 data area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E702000 7F 3A 86 47 F3 47 AF CC 28 F2 A7 A5 28 D1 A6 C2 .:†GóG¯Ì(ò§¥(Ѧ 0E702010 13 27 01 0A 33 74 05 FC CE E9 83 B8 72 99 29 09 .'..3t.üÎ郸r™). [...] 0E75A9E0 5D BF 1A 2E 80 FB 32 50 B2 55 42 34 53 F0 4C 09 ]¿..€û2P²UB4SðL. 0E75A9F0 92 8B 75 84 D5 0E 3C D7 F2 72 43 B0 C9 A4 66 C8 ’‹u„Õ.<×òrC°É¤fÈ
0E75AA00 unreferenced area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E75AA00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E75AA10 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E77FFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E77FFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
cell_ext_os_area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E780000 63 65 6C 6C 5F 65 78 74 5F 6F 73 5F 61 72 65 61 cell_ext_os_area 0E780010 00 00 00 01 00 00 00 02 00 00 00 04 FF FF FF FF ............ÿÿÿÿ 0E780020 00 00 00 01 00 27 F8 40 FF FF FF FF FF FF FF FF .....'ø@ÿÿÿÿÿÿÿÿ 0E780030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ FF filled block region 0E7801F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780200 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF ....ÿÿÿÿÿÿÿÿÿÿÿÿ 0E780210 00 00 00 03 FF FF FF FF FF FF FF FF FF FF FF FF ....ÿÿÿÿÿÿÿÿÿÿÿÿ 0E780220 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF ..........ÿÿÿÿÿÿ 0E780230 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF ............ÿÿÿÿ 0E780240 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ 0E780250 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ FF filled block region 0E7803E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E7803F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0E780410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 filled block region 0E7807E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0E7807F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
OtherOS
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E780800 1F 8B 08 08 C1 19 04 48 02 03 7A 49 6D 61 67 65 .‹..Á..H..zImage 0E780810 2E 69 6E 69 74 72 64 2E 70 73 33 2E 62 69 6E 00 .initrd.ps3.bin. [...] large data area 0EA00030 FF FE FC FF ED CF FF 07 DE FD A4 A3 A8 88 54 00 ÿþüÿíÏÿ.Þý¤£¨ˆT. 0EA00040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ large 00 filled block region 0EB7FFE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0EB7FFF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0EB80000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0EB80010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ large FF filled block region 0EFFFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0EFFFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
bootldr
Flash:bootldr @ 0xF000000 - 0xF03FFFF
0xF040000 - 0xFFFFFFF
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0F040000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0F040010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ large FF filled block region (no data in it, only FF) 0FFFFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0FFFFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
NAND reference (CatisFine)
CECHB-02/COK-001 NTSC USA launchmodel with FW 3.55
VTRM
actual data differs, offsets same as euss
post VTRM / pre cell_ext_os_area
00F00000 data area
actual data differs, offsets same as euss
00F01000 unreferenced area
same as euss
00F40000 data area
actual data differs, offsets same as euss
00F40200 unreferenced area
same as euss
00F42000 data area
actual data differs, also length of data differs from euss
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00F42000 EF 77 C9 58 60 A7 33 F2 4A F1 5C 44 52 63 F5 C2 ïwÉX`§3òJñ\DRcõ 00F42010 65 0C 0D 08 3D BD 6F 86 C1 30 2D 9F DF 0F 4C BF e...=½o†Á0-Ÿß.L¿ [...] large date filled block region 0C1C19E0 A0 7C 08 A8 4F 24 A8 16 3F 70 81 73 0F A2 90 10 |.¨O$¨.?p.s.¢.. 0C1C19F0 C2 19 E6 CD 7D 60 D5 3A BB 6A 1C D3 EA 08 19 79 Â.æÍ}`Õ:»j.Óê..y
0C1C1A00 unreferenced area
with length of previous data area different, offset obviously differs from euss
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0C1C1A00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0C1C1A10 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ large FF filled block region 0D701FE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D701FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0D702000 data area
with length of previous data area different, offset obviously differs from euss
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D702000 74 0F 26 AA 49 22 3F 48 38 C6 B0 D6 3E 99 0E EF t.&ªI"?H8Æ°Ö>™.ï 0D702010 A6 96 C4 EC 63 C4 04 C3 25 44 88 8A AA F2 DB 16 ¦–ÄìcÄ.Ã%DˆŠªòÛ. [...] 0D74F1E0 E1 96 94 95 CF 6F FD 0C 7F 31 FD AF 2E E4 1A F5 á–”•Ïoý..1ý¯.ä.õ 0D74F1F0 96 7A 2E AB 89 11 0A 06 4D E6 38 3E FC 71 3A D3 –z.«‰...Mæ8>üq:Ó
0D74F200 unreferenced area
with length of previous data area different, start offset obviously differs from euss
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D74F200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D74F210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D6FFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D6FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0D700000 data area
actual data differs, offsets same as euss
0D700200 unreferenced area
same as euss
0D702000 data area
actual data differs, also length of data differs from euss
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D702000 74 0F 26 AA 49 22 3F 48 38 C6 B0 D6 3E 99 0E EF t.&ªI"?H8Æ°Ö>™.ï 0D702010 A6 96 C4 EC 63 C4 04 C3 25 44 88 8A AA F2 DB 16 ¦–ÄìcÄ.Ã%DˆŠªòÛ. [...] 0D74F1E0 E1 96 94 95 CF 6F FD 0C 7F 31 FD AF 2E E4 1A F5 á–”•Ïoý..1ý¯.ä.õ 0D74F1F0 96 7A 2E AB 89 11 0A 06 4D E6 38 3E FC 71 3A D3 –z.«‰...Mæ8>üq:Ó
0D892000 unreferenced area
with length of previous data area different, start offset obviously differs from euss
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0D74F200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0D74F210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E6FFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E6FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0E700000 data area
actual data differs, offsets same as euss
0E700200 unreferenced area
same as euss
0E702000 data area
actual data differs, also length of data differs from euss
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E702000 E5 6C BF E6 3D E4 09 47 EE 29 87 C4 5A E4 BE E4 ål¿æ=ä.Gî)‡ÄZä¾ä 0E702010 C5 71 97 6F D2 F1 EF 1D 72 60 3D AF 8C 0A 1A FD Åq—oÒñï.r`=¯Œ..ý [...] 0E75B9E0 47 26 0E 11 20 50 FB 0C 1B 34 9E F1 30 DB 26 CE G&.. Pû..4žñ0Û&Î 0E75B9F0 0B D5 75 71 55 F4 C6 97 49 B8 06 F5 3F 2C 76 8D .ÕuqUôÆ—I¸.õ?,v.
0E75AA00 unreferenced area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E75BA00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E75BA10 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E77FFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E77FFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
cell_ext_os_area
No cell_ext_os_area magic present or header, FF filled instead
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E780000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ No cell_ext_os_area magic present 0E780010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ no header, FF filled instead 0E780020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ FF filled block region same as euss 0E7801F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780200 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF ....ÿÿÿÿÿÿÿÿÿÿÿÿ 0E780210 00 00 00 03 FF FF FF FF FF FF FF FF FF FF FF FF ....ÿÿÿÿÿÿÿÿÿÿÿÿ 0E780220 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF ..........ÿÿÿÿÿÿ same as euss 0E780230 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF ............ÿÿÿÿ 0E780240 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ 0E780250 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ FF filled block region same as euss 0E7803E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E7803F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780400 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780410 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ FF filled block region instead of 00 filled 0E7807E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E7807F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
OtherOS
No Image.initrd.ps3.bin , FF filled instead
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E780800 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0E780810 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ large FF filled block region 0EFFFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0EFFFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
bootldr
Flash:bootldr @ 0xF000000 - 0xF03FFFF
0xF040000 - 0xFFFFFFF
same as euss
NAND reference (bluemimmo)
CECHA-06/COK-001 with 3.60 OFW
cell_ext_os_area
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0E780000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ note: no cell_ext_os_area, 0CC00000-0FFFFFFF region filled with big blocks of FF 0E780010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ because firmware version 3.60 has no otheros. [...] FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ large FF filled block region 0FFFFFE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 0FFFFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
NAND reference (sinsizer)
00F42000 data area
Offsets of data areas and unreferenced areas varies till 0xD700000!
0D700000 data area
Also found at 0xF700000 (missing cell_ext_os_area header)and 0xCF00000 (with cell_ext_os_area header)
Flash Samples
Reference flash dumps
- 3.55 kmeaw, 2.80 backup: http://www.megaupload.com/?d=J5UKO3HX
- 3.66 ofw: http://www.mediafire.com/?m7m4mppro66zib5
User flashdumps
Here are some samples of NOR Flash for your dissection. These are taken from different consoles (because it is useless to dump different firmware versions as ROS/RVK will be the same crossconsole)
SKU | bootldr | metldr | ROS0 | ROS1 | Link | Note |
---|---|---|---|---|---|---|
PS3 Phat: | ||||||
CECHA | ||||||
CECHB | ||||||
CECHC | ||||||
CECHE | ||||||
CECHG | ||||||
CECHH | ||||||
CECHJ | ||||||
CECHK | ||||||
CECHL | [1] | 3.55-Rogero CECHL03 | ||||
CECHL | [2] | 3.56 CECHL03 | ||||
CECHL | [3] | 3.70 CECHL03 | ||||
CECHM | ||||||
CECHP | ||||||
CECHQ | ||||||
PS3 Slim: | ||||||
CECH-20xx | 3.65 | 3.55 | [4] | 3.65 CECH-2008 A | ||
CECH-20xx | 3.56 | 3.56 | [5] | 3.56 CECH-2008 B | ||
CECH-20xx | 3.42 | 3.70 | [6] | 3.70 CECH-2008 B | ||
CECH-20xx | 3.72 | 4.00 | [7] | 4.00 CECH-2008 B | ||
CECH-21xx | ||||||
CECH-25xx | 3.66 | 3.56 | [8] | 3.60 CECH-2508 B | ||
CECH-25xx | 3.66 | 3.72 | [9] | 3.72 CECH-2508 B | ||
CECH-30xx |
Flash checking / extraction
Community projects
Generic Recommendations
- The information in this wiki was given [freely by many volunteers] ; it would be most fair to release any program based on it, as opensource with the community accordingly (tip: public git-repo).
- Please link to ps3devwiki so that others might improve the code and also know on what information it is based as well as other informative pages.
- Feel free to ask questions on the talkpages when having trouble understanding mainpage or when not knowing what to check for.
- Make checkers/extractors bytedirection aware and byteswap when needed
- There are several flash dumptypes that can exist (besides the normal full ones):
- NAND
- Software dump without any bootldr and with or without masking (old software flashdump and Preloader)
- Software dump with only one bootldr (Memdump)
- Hardware dump with both bootldr (normal full dump)
- NOR
- Software dumps (Preloader)
- Hardware dumps (normal full dump)
- NAND
- Do not take shortcuts. Make users aware if any section is not checked (yet)
- Use dynamic sections whenever possible (will make it easier to port from NAND <> NOR, be more robust in checking, make it more future/history proof)
- Check if data-/file-sections are uninterupted (multirepetive 00 or FF)
- Check for known static values
- When values are semistatic, consider checking with wildcard /range masks
- Make the user aware of any anomalies (in red/bold)
- Output generic information (version, console info, minver etc)
- Check for downgradeability
- Check statistics in range with known FW versions (3.55 is considered base on wiki unless documented)