Downgrading with linux: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(16 intermediate revisions by 9 users not shown)
Line 1: Line 1:
'''You should have grafchokolos modules, and patches installed'''
* This works on FW 3.55 without a physical dongle.
 
* You should have graf_chokolo's modules, and patches installed.
'''This works on 3.55 without a fisical dongle'''
* Use this method to install a lower firmware.
 
* Thanks to graf_chokolo for bringing Linux on PS3, with all its goodies back to the PS3 ==
'''Use this method to install lower firmware! You can install a newer firmware ex 3.60 with this method but you will be loosing your hombrew'''
 
 
 
== Thanks to graf_chokolo for bringing linux, with all this goodies back to the PS3 ==
 
 


= Downgrade Method - Emulating JIG with Linux =
= Downgrade Method - Emulating JIG with Linux =


'''1st step''' – Generating a challenge
'''1st step''' – Generating a challenge
Line 22: Line 14:
----
----


You need a dongle id.
You need a dongle ID.
Valid range for dongle IDs is 0×0000 – 0xffff. So choose one, doesn’t matter which one, but some are revoked !!!
Valid range for dongle IDs is 0×0000 – 0xffff. So choose one, it does not matter which one, but some are revoked !!!


# ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_resp 0xBABE “here is a challenge like this 0xXX 0xXX … of size 20 bytes”
# ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_resp 0xBABE “here is a challenge like this 0xXX 0xXX … of size 20 bytes”
Line 36: Line 28:
----
----


The returned value shouldn’t be 0xff.
The returned value should not be 0xff.


# ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07
# ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07


'''5th step''' - Inspect if CORE_OS_PACKAGE.pkg isn´t damaged
'''5th step''' - Inspect if CORE_OS_PACKAGE.pkg isn't damaged
----
----


Line 49: Line 41:


ps3dm_um /dev/ps3dmproxy update_pkg 1 0x9 CORE_OS_PACKAGE.pkg
ps3dm_um /dev/ps3dmproxy update_pkg 1 0x9 CORE_OS_PACKAGE.pkg


'''7th step''' – Disabling “Product Mode”
'''7th step''' – Disabling “Product Mode”
Line 56: Line 47:
# ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xff
# ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xff


'''This step is really important, if Produc Mode isn´t disabled you will need a dongle to get out of it'''
'''This step is really important, if Product Mode is not disabled you will need a dongle to get out of it'''
 


 
= Alternative Downgrade Method - tested and not working =
= '''ALTERNATIVE METHOD - not tested''' =


'''1st step''' – Enabling product mode
'''1st step''' – Enabling product mode
Line 70: Line 59:
----
----
   
   
The returned value shouldn’t be 0xff.
The returned value should not be 0xff.


# ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07
# ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07
Line 81: Line 70:
'''4th step''' - Install CORE_OS_PACKAGE.pkg
'''4th step''' - Install CORE_OS_PACKAGE.pkg
----
----


ps3dm_um /dev/ps3dmproxy update_pkg 1 0x9 CORE_OS_PACKAGE.pkg
ps3dm_um /dev/ps3dmproxy update_pkg 1 0x9 CORE_OS_PACKAGE.pkg


'''5th step''' – Disabling “Product Mode”
'''5th step''' – Disabling “Product Mode”
Line 91: Line 78:
# ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xff
# ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xff


'''This step is really important, if Produc Mode isn´t disabled you will need a dongle to get out of it'''
'''This step is really important, if Product Mode is not disabled you will need a dongle to get out of it'''
 
=Install debug firmware=
 
'''High brick risk! Don´t try this if you don´t know what you are doing'''
'''If you brick with this the only way to recover is with a nor flasher and a proper backup'''
 
 
'''To install debug firmware, te proper syscon eeprom flags should be set http://www.ps3devwiki.com/index.php?title=Hypervisor_Reverse_Engineering#EEPROM_Offset_Table and EID0 should be resigned and rehashed with the proper target id '''
 
or
 
''' You could use the data from a debug EID0 '''
 
 
Debugging Station Target ID: 0x82
 
 
eEID contains
 
*system model data
*target ID
*PS3 motherboard revision
 
Other target IDs (might be helpful if someone messes this up)
 
==Targets IDs ==
 
* 81 = reference tool
* 82 = debugging station
* 83 = japan
* 84 = USA
* 85 = Europe
* 86 = Korea
* 87 = UK
* 88 = Mexico
* 89 = Australia/New Zealand
* 8A = South Asia (Asia except China, Japan and Taiwan),
* 8B = Taiwan
* 8C = Russia
* 8D = China


"The kernel checks the target id to see if your unit is debug or not and if not it disables all the fancy things such as running unsigned code. So what you want to do is to change 8x into 81 or 82 but this implies resigning the EID section (or at least decrypting the per ps3 encryption from '''a debug EID target key and reaplying onto a retail''')" ;o)


* a good read about SC http://rms.dukio.com/?p=16
{{Linux}}<noinclude>[[Category:Main]][[Category:OtherOS]]</noinclude>

Latest revision as of 01:26, 30 October 2021

  • This works on FW 3.55 without a physical dongle.
  • You should have graf_chokolo's modules, and patches installed.
  • Use this method to install a lower firmware.
  • Thanks to graf_chokolo for bringing Linux on PS3, with all its goodies back to the PS3 ==

Downgrade Method - Emulating JIG with Linux[edit | edit source]

1st step – Generating a challenge

  1. ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_challenge

2nd step – Generating a valid response for a challenge

You need a dongle ID. Valid range for dongle IDs is 0×0000 – 0xffff. So choose one, it does not matter which one, but some are revoked !!!

  1. ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_resp 0xBABE “here is a challenge like this 0xXX 0xXX … of size 20 bytes”

3rd step – Verifying response (Enabling “Product Mode”)

  1. ps3dm_usb_dongle_auth /dev/ps3dmproxy verify_resp 0xBABE

“here is the response from step 2 like this 0xXX 0xXX … of size 20 bytes”

4th step – Checking if “Product Mode” is enabled

The returned value should not be 0xff.

  1. ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07

5th step - Inspect if CORE_OS_PACKAGE.pkg isn't damaged

ps3dm_um /dev/ps3dmproxy inspect_pkg 1 0x9 CORE_OS_PACKAGE.pkg

6th step - Install CORE_OS_PACKAGE.pkg

ps3dm_um /dev/ps3dmproxy update_pkg 1 0x9 CORE_OS_PACKAGE.pkg

7th step – Disabling “Product Mode”

  1. ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xff

This step is really important, if Product Mode is not disabled you will need a dongle to get out of it

Alternative Downgrade Method - tested and not working[edit | edit source]

1st step – Enabling product mode

  1. ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xfe

2th step – Checking if “Product Mode” is enabled

The returned value should not be 0xff.

  1. ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07

3th step - Inspect if CORE_OS_PACKAGE.pkg isn´t damaged

ps3dm_um /dev/ps3dmproxy inspect_pkg 1 0x9 CORE_OS_PACKAGE.pkg

4th step - Install CORE_OS_PACKAGE.pkg

ps3dm_um /dev/ps3dmproxy update_pkg 1 0x9 CORE_OS_PACKAGE.pkg

5th step – Disabling “Product Mode”

  1. ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xff

This step is really important, if Product Mode is not disabled you will need a dongle to get out of it


Linux
Retrieved from "http://www.psdevwiki.com/ps3/index.php?title=Downgrading_with_linux&oldid=63046"