Flash-Main: Difference between revisions
(156 intermediate revisions by 9 users not shown) | |||
Line 1: | Line 1: | ||
<div style="float:right">[[File: | <div style="float:right">[[File:Atypical PS4 NOR.png|300px|thumb|left|Atypical (Corrupt @ 0x144200) PS4 NOR GFX]]</div> | ||
<div style="float:right">[[File:Typical_PS4_NOR.png|300px|thumb|left|Typical PS4 NOR GFX]]</div> | |||
'''subject:''' dump of serial flash [[MX25L25635FMI-10G]] for [[CXD90025G]] | '''subject:''' dump of serial flash [[MX25L25635FMI-10G]] for [[CXD90025G]] | ||
'''reference files:''' | '''reference files:''' | ||
* [http://www.file-upload.net/download-8560871/ps4nordmp_1.06_without_Mac-Serial.rar.html PS4 NOR Dump 1.06 (without MAC | * [http://www.file-upload.net/download-8560871/ps4nordmp_1.06_without_Mac-Serial.rar.html PS4 NOR Dump 1.06 (without MAC address & ConsoleId)] | ||
* [http://www.file-upload.net/download-8671579/PS4NORDump_1.61_wo_MAC_and_CS.rar.html PS4 NOR Dump 1.61 (without MAC | * [http://www.file-upload.net/download-8671579/PS4NORDump_1.61_wo_MAC_and_CS.rar.html PS4 NOR Dump 1.61 (without MAC address & ConsoleId)] | ||
* [http://www.file-upload.net/download-10118036/ps4nordmp_1.61_E0_wo_MAC-SERIAL.rar.html PS4 NOR Dump 1.61 E0 (without MAC | * [http://www.file-upload.net/download-10118036/ps4nordmp_1.61_E0_wo_MAC-SERIAL.rar.html PS4 NOR Dump 1.61 E0 (without MAC address & ConsoleId)] that update seem's to fixed a nasty bug on my console, need to do more test... | ||
**hint for FW 1.61 E0: fw version is still the same (1.61) also the fw counter is still 3 but now have E0 added to it. | **hint for FW 1.61 E0: fw version is still the same (1.61) also the fw counter is still 3 but now have E0 added to it. | ||
'''other reference files:''' | '''other reference files:''' | ||
* [https://mega.co.nz/#!EAxCTYBS!d5yVsovxbnQcfc1ymiLiIaDD8MMQELs16NaBQUqgRDI PS4 TEST KIT NOR Dump 1.010.031 and 1.500.101 (without MAC | * [https://mega.co.nz/#!EAxCTYBS!d5yVsovxbnQcfc1ymiLiIaDD8MMQELs16NaBQUqgRDI PS4 TEST KIT NOR Dump 1.010.031 and 1.500.101 (without MAC address & Console-ID)] | ||
* [https://mega.co.nz/#!ZMhk2A7Y!F9ndK7BhombPNio2fPse6tFGfln-gQS9bV47LRiNSZo PS4 #1 NOR Dump 1.1 and 1.51 (without MAC | * [https://mega.co.nz/#!ZMhk2A7Y!F9ndK7BhombPNio2fPse6tFGfln-gQS9bV47LRiNSZo PS4 #1 NOR Dump 1.1 and 1.51 (without MAC address & ConsoleId)] | ||
* [https://mega.co.nz/#!QZp00ZYJ!ukBiwwx_y_HEyJvXY2a4FGqZRbOKAolWEE13dIlb9WA PS4 #2 NOR Dump 1.1 and 1.51 (without MAC | * [https://mega.co.nz/#!QZp00ZYJ!ukBiwwx_y_HEyJvXY2a4FGqZRbOKAolWEE13dIlb9WA PS4 #2 NOR Dump 1.1 and 1.51 (without MAC address & ConsoleId)] | ||
'''notes:''' Console A & B are 2 Compared from same Region and Version. Console C is from Region: EU and Version: 1.06 | '''notes:''' Console A & B are 2 Compared from same Region and Version. Console C is from Region: EU and Version: 1.06 | ||
Line 28: | Line 30: | ||
'''Strings:''' [[Flash-Main/strings]] | '''Strings:''' [[Flash-Main/strings]] | ||
'''observation:''' MAC Address on 0x1C4021 length 6 bytes | | '''observation:''' MAC Address on 0x1C4021 length 6 bytes | Motherboard Serial on 0x1C8000 length 14 bytes | Console Serial on 0x1C8030 length 17 bytes | SKU Version on 0x1C8040 length 15 bytes | HDD type, P/N and S/N on 0x1C9C00 length 64 bytes | FW Counter on 0x1CA5D8 length 2 bytes (first byte is the FW Counter, {{unk|second byte is the Patch Counter}})| | ||
FW Version on 0x1CA604 length 4 bytes | FW Version on 0x1CA604 length 4 bytes | ||
'''sources:''' GUI Tool for the PS4 NOR Flash [https://github.com/cfwprpht/PS4_AC1D_Flash-Tool PS4_AC1D_Flash-Tool] | Libraries Developed for the PS4 NOR flash [https://github.com/cfwprpht/Usefull_Libraries Usefull_Libraries] | '''sources:''' GUI Tool for the PS4 NOR Flash [https://github.com/cfwprpht/PS4_AC1D_Flash-Tool PS4_AC1D_Flash-Tool] | Libraries Developed for the PS4 NOR flash [https://github.com/cfwprpht/Usefull_Libraries Usefull_Libraries] | ||
'''other files:''' Constant offsets and length in ALL Ps4 block -> [http://www.konsole.rzeszow.pl/ps4/same_block.txt same_block.txt]. Im compare over 10 dumps from diffrent firmware / console. First value is offset of first byte, second is length in byte. All values in decimental. | |||
= Offsets = | |||
See [[Codenames]]. | |||
* 0x00000000 <- Segment 0 Header (0x1000) | |||
* 0x00001000 <- Segment 0 Active Slot (0x1000) | |||
* 0x00002000 <- Segment 0 MBR1 (for sflash0s1.cryptx32) (0x1000) | |||
* 0x00003000 <- Segment 0 MBR2 (for sflash0s1.cryptx32b) (0x1000) | |||
* 0x00004000 <- sflash0s0x32 (0x60000) (emc_ipl) | |||
* 0x00064000 <- sflash0s0x32b (0x60000) (emc_ipl) | |||
* 0x000C4000 <- sflash0s0x33 (0x80000) (eap_kbl) | |||
* 0x00144000 <- sflash0s0x38 (0x80000) (torus2_fw) | |||
* 0x001C4000 <- sflash0s0x34 (0xC000) (nvs) | |||
* 0x001D0000 <- sflash0s0x0 (0x30000) (blank) | |||
* 0x00200000 <- Segment 1 Header (XTS encrypted) (0x1000) | |||
* 0x00201000 <- Segment 1 Active Slot (XTS encrypted) (0x1000) | |||
* 0x00202000 <- Segment 1 MBR1 (for sflash0s1.cryptx2) (XTS encrypted) (0x1000) | |||
* 0x00203000 <- Segment 1 MBR2 (for sflash0s1.cryptx2b) (XTS encrypted) (0x1000) | |||
* 0x00204000 <- sflash0s1.cryptx2 (0x3E000) (sam_ipl) | |||
* 0x00242000 <- sflash0s1.cryptx2b (0x3E000) (sam_ipl) | |||
* 0x00280000 <- sflash0s1.cryptx1 (0x80000) (idata) | |||
* 0x00300000 <- sflash0s1.cryptx39 (0x80000) (bd_hrl) | |||
* 0x00380000 <- sflash0s1.cryptx6 (0x40000) (Virtual TRM) | |||
* 0x003C0000 <- sflash0s1.cryptx3 (0xCC0000) (secure kernel, secure modules) | |||
* 0x01080000 <- sflash0s1.cryptx3b (0xCC0000) (secure kernel, secure modules) | |||
* 0x01D40000 <- sflash0s1.cryptx40 (0x2C0000) (blank) | |||
= MBR Types = | |||
<source lang="C"> | |||
typedef struct { | |||
uint32_t start_lba; | |||
uint32_t n_sectors; | |||
uint8_t flag1; // maybe part_id | |||
uint8_t flag2; | |||
uint16_t unknown; | |||
uint64_t padding; | |||
} __attribute__((packed)) partition_t; | |||
typedef struct { | |||
uint8_t magic[0x20]; // "SONY COMPUTER ENTERTAINMENT INC." | |||
uint32_t version; // 1 | |||
uint32_t mbr1_start; // ex: 0x10 | |||
uint32_t mbr2_start; // ex: 0x18 | |||
uint32_t unk[4]; // ex: (1, 1, 8, 1) | |||
uint32_t reserved; | |||
uint8_t unused[0x1C0]; | |||
} __attribute__((packed)) master_block_v1_t; | |||
typedef struct { | |||
uint8_t magic[0x20]; // "Sony Computer Entertainment Inc." | |||
uint32_t version; // 4 | |||
uint32_t n_sectors; | |||
uint64_t reserved; | |||
uint32_t loader_start; // ex: 0x11, 0x309 | |||
uint32_t loader_count; // ex: 0x267 | |||
uint64_t reserved2; | |||
partition_t partitions[16]; | |||
} __attribute__((packed)) master_block_v4_t; | |||
</source> | |||
= MBR Contents (Example) (Internal) = | |||
== MBR 1 and 2 == | |||
<pre> | |||
Partition 0, off=0x2000, sz=0x60000, type=0x20(32), active?=0x0 (ina) (emc) | |||
Partition 1, off=0x62000, sz=0x60000, type=0x20(32), active?=0x1 (act) (emc) | |||
Partition 2, off=0xc2000, sz=0x80000, type=0x21(33), active?=0x1 (act) (eap) | |||
Partition 3, off=0x142000, sz=0x80000, type=0x26(38), active?=0x1 (act) (wifi) | |||
Partition 4, off=0x1c2000, sz=0xc000, type=0x22(34), active?=0x1 (act) (nvs) | |||
</pre> | |||
== MBR 3 and 4 == | |||
<pre> | |||
Partition 0, off=0x2000, sz=0x3e000, type=0x2, active?=0x1 (act) (ipl) | |||
Partition 1, off=0x40000, sz=0x3e000, type=0x2, active?=0x0 (ina) (ipl) | |||
Partition 2, off=0x7e000, sz=0x80000, type=0x1, active?=0x1 (act) (idstorage) | |||
Partition 3, off=0xfe000, sz=0x80000, type=0x27(39), active?=0x1 (act) (bd revoke) | |||
Partition 4, off=0x17e000, sz=0x40000, type=0x6, active?=0x1 (act) (vtrm) | |||
Partition 5, off=0x1be000, sz=0xcc0000, type=0x3, active?=0x1 (act) (coreos) | |||
Partition 6, off=0xe7e000, sz=0xcc0000, type=0x3, active?=0x0 (ina) (coreos) | |||
Partition 7, off=0x1b3e000, sz=0x2c0000, type=0x28(40), active?=0x1 (act) (unused) | |||
</pre> | |||
= MBR Contents (Example) = | |||
== MBR 1 and 2 == | |||
<pre> | |||
Partition 0, off=0x2000, sz=0x60000, type=0x20, active?=0x1 (act) | |||
Partition 1, off=0x62000, sz=0x60000, type=0x20, active?=0x0 (ina) | |||
Partition 2, off=0xc2000, sz=0x80000, type=0x21, active?=0x1 (act) | |||
Partition 3, off=0x142000, sz=0x80000, type=0x26, active?=0x1 (act) | |||
Partition 4, off=0x1c2000, sz=0xc000, type=0x22, active?=0x1 (act) | |||
Partition 5, off=0x1ce000, sz=0x30000, type=0x0, active?=0x1 (act) | |||
</pre> | |||
== MBR 3 and 4 == | |||
<pre> | |||
Partition 0, off=0x2000, sz=0x3e000, type=0x2, active?=0x1 | |||
Partition 1, off=0x40000, sz=0x3e000, type=0x2, active?=0x0 | |||
Partition 2, off=0x7e000, sz=0x80000, type=0x1, active?=0x1 | |||
Partition 3, off=0xfe000, sz=0x80000, type=0x39, active?=0x1 | |||
Partition 4, off=0x17e000, sz=0x40000, type=0x6, active?=0x1 | |||
Partition 5, off=0x1be000, sz=0xcc0000, type=0x3, active?=0x1 | |||
Partition 6, off=0xe7e000, sz=0xcc0000, type=0x3, active?=0x0 | |||
Partition 7, off=0x1b3e000, sz=0x2c0000, type=0x40, active?=0x1 | |||
</pre> | |||
== Content == | == Content == | ||
Line 65: | Line 180: | ||
=== 0x2000 === | === 0x2000 === | ||
==== Magic ==== | ==== Magic ==== | ||
* aka MBR1 | |||
* ends in 0x3000 | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00002000 53 6F 6E 79 20 43 6F 6D 70 75 74 65 72 20 45 6E Sony Computer En | 00002000 53 6F 6E 79 20 43 6F 6D 70 75 74 65 72 20 45 6E Sony Computer En | ||
Line 78: | Line 197: | ||
=== 0x3000 === | === 0x3000 === | ||
==== Magic ==== | ==== Magic ==== | ||
* aka MBR2 | |||
* ends in 0x4000 | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00003000 53 6F 6E 79 20 43 6F 6D 70 75 74 65 72 20 45 6E Sony Computer En | 00003000 53 6F 6E 79 20 43 6F 6D 70 75 74 65 72 20 45 6E Sony Computer En | ||
Line 89: | Line 212: | ||
=== 0x4000 === | === 0x4000 === | ||
==== SLB2 Magic ==== | ==== SLB2 Magic (MC Stage1) ==== | ||
* aka sflash0s0x32 | |||
* ends in 0x64000 | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00004000 53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00 SLB2............ | 00004000 53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00 SLB2............ | ||
Line 129: | Line 256: | ||
=== 0x64000 === | === 0x64000 === | ||
==== SLB2 Magic ==== | ==== SLB2 Magic (MC Stage2) ==== | ||
* aka sflash0s0x32b | |||
* ends in 0xC4000 | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00064000 53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00 SLB2............ | 00064000 53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00 SLB2............ | ||
Line 159: | Line 290: | ||
=== 0xC4000 === | === 0xC4000 === | ||
==== SLB2 Magic ==== | ==== SLB2 Magic (EAP_KBL) ==== | ||
* aka sflash0s0x33 | |||
* ends in 0x144000 | |||
NOTE: This container only consits of one file + that X800X which is present on every BIOS SLB2. But the data is extracted twice and just written with two diffrent names. One time the TitleID is used C0010001 and the second time a string which hold the file name eap_kbl is used. But both files are identical and extracted by using the same data source. | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
000C4000 53 4C 42 32 01 00 00 00 00 00 00 00 03 00 00 00 SLB2............ | 000C4000 53 4C 42 32 01 00 00 00 00 00 00 00 03 00 00 00 SLB2............ | ||
Line 199: | Line 336: | ||
=== 0x144000 === | === 0x144000 === | ||
==== SLB2 Magic ==== | ==== SLB2 Magic (Wifi/BT) ==== | ||
==== wifi/bluetooth chipset firmware ==== | ==== wifi/bluetooth chipset firmware ==== | ||
* aka sflash0s0x38 | |||
* ends in 0x1C4000 | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00144000 53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00 SLB2............ | 00144000 53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00 SLB2............ | ||
Line 296: | Line 438: | ||
001C3FF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | 001C3FF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | ||
=== 0x1C4000 === | === 0x1C4000 (Console Main Informations) === | ||
* AKA NVS or sflash0s0x34 | |||
* Ends in 0x200000 | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
001C4000 03 02 01 01 02 01 06 01 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ | 001C4000 03 02 01 01 02 01 06 01 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ | ||
001C4010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C4010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
001C4020 01 | [...] | ||
==== 0x1C4021 MAC Address ==== | |||
MAC Address on offset 0x1C4021 6 bytes long. | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
001C4020 01 70 9E 29 33 7A 1B FF FF FF FF FF FF FF FF FF .pž).3zÿÿÿÿÿÿÿÿÿ MAC-Address | |||
001C4030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C4030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
001C4040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF | 001C4040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF 26 E8 ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ&è 0x26 0xE8 differs between consoles on same version | ||
001C4050 04 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF .ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C4050 04 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF .ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
001C4060 03 01 01 02 02 FF FF FF FF FF FF FF FF FF FF FF .....ÿÿÿÿÿÿÿÿÿÿÿ | 001C4060 03 01 01 02 02 FF FF FF FF FF FF FF FF FF FF FF .....ÿÿÿÿÿÿÿÿÿÿÿ | ||
Line 312: | Line 462: | ||
[...] | [...] | ||
=== 0x1C47F0 === | ==== 0x1C47F0 Constant ==== | ||
Every dump i checked have thoes constant bytes. | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
001C47F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF BE CC ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ¾Ì | 001C47F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF BE CC ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ¾Ì | ||
Line 330: | Line 481: | ||
[...] | [...] | ||
=== 0x1C4FF0 === | ==== 0x1C4FF0 ==== | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 358: | Line 509: | ||
|} | |} | ||
===0x1C5200 === | ====0x1C5200 ==== | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 393: | Line 544: | ||
001C5FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C5FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x1C6000 === | ==== 0x1C6000 (Retail & Dev/Test) ==== | ||
This seems to be increased. There will be 8 0x00 bytes be added for every new "what ever". | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 406: | Line 558: | ||
|} | |} | ||
=== 0x1C7000 === | ==== 0x1C7000 ==== | ||
same on different consoles on same version | same on different consoles on same version | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 420: | Line 572: | ||
001C7FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C7FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x1C8000 === | ==== 0x1C8000 MotherBoard Serial ==== | ||
Length = 14 bytes. | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
001C8000 34 30 30 30 31 42 30 31 38 35 39 31 37 37 FF FF 40001B01859177ÿÿ Motherboard Serial | |||
==== 0x1C8010 Unk ==== | |||
Length = 16 bytes. | |||
001C8000 34 30 30 30 31 | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
001C8010 | 001C8010 63 09 72 20 71 DB 7C 69 AC FE D8 92 89 BA 23 04 c.r.qÛ|i¬þØ’‰º#. " | ||
001C8020 00 00 00 25 00 00 0A 93 00 01 00 00 00 00 07 10 ...%...“........ | 001C8020 00 00 00 25 00 00 0A 93 00 01 00 00 00 00 07 10 ...%...“........ | ||
001C8030 30 33 32 37 34 35 32 32 32 34 | |||
001C8040 | ==== 0x1C8030 Console Serial ==== | ||
Length = 17 bytes. | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
001C8030 30 33 32 37 34 35 32 32 32 34 35 37 39 36 36 30 0327452224579660 Console Serial | |||
001C8040 32 2 | |||
==== 0x1C8041 SKU Model ==== | |||
Length = vary. | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
001C8040 43 55 48 2D 31 30 30 34 41 20 42 30 31 58 FF CUH-1004A B01Xÿ SKU Model | |||
001C8040 | |||
001C8050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C8050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
==== 0x1C8060 Unk ==== | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
001C8060 30 30 30 33 30 30 30 33 30 30 31 36 30 30 31 38 0003000300160018 | 001C8060 30 30 30 33 30 30 30 33 30 30 31 36 30 30 31 38 0003000300160018 | ||
001C8070 30 30 30 37 30 30 30 31 30 30 30 31 30 30 30 31 0007000100010001 | 001C8070 30 30 30 37 30 30 30 31 30 30 30 31 30 30 30 31 0007000100010001 | ||
Line 458: | Line 604: | ||
001C80B0 01 01 01 01 06 06 06 06 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ | 001C80B0 01 01 01 01 06 06 06 06 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ | ||
001C80C0 30 30 30 30 30 FF FF FF FF FF FF FF FF FF FF FF 00000ÿÿÿÿÿÿÿÿÿÿÿ | 001C80C0 30 30 30 30 30 FF FF FF FF FF FF FF FF FF FF FF 00000ÿÿÿÿÿÿÿÿÿÿÿ | ||
==== FF filled ==== | ==== FF filled ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
001C80D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
[...] filled FF region | [...] filled FF region | ||
001C87C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C87C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x1C87D0 === | ==== 0x1C87D0 ==== | ||
within a FF block these are found on both consoles: | within a FF block these are found on both consoles: | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 483: | Line 622: | ||
001C9020 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF .ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C9020 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF .ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== | ==== 0x1C9080 ACF (Dev/Test) ==== | ||
See [[Activation ACF]]. | |||
=== 0x1C91F0 === | ==== 0x1C91F0 PerConsole (Retail & Dev/Test) ==== | ||
(0x40 bytes) | (0x40 bytes) | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 532: | Line 657: | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
001C9240 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C9240 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
[...] filled FF region | |||
001C9BF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
==== 0x1C9900 PerConsole (Dev/Test) ==== | |||
Unique 0x100 byte area (on Testkit Console dump): | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
001C9900 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ | |||
[...] | |||
001C9A00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ | |||
* xx Changes per dev console | |||
==== 0x1C9C00 HDD P/N and S/N, ==== | |||
Checked every single Dump i got and it differs. Some Dumps have thoes entry, some not. Retail or Dev/Test do not matter. My own dumps do not have this information. But i also never changed the orig HDD. Maybe it's something like that. That only when you change to a new other HDD it will write the P/N S/N of the new HDD into this array. | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
0x1C9C00 47 48 54 53 48 20 53 54 34 35 30 35 30 35 37 41 GHTSH ST4505057A | |||
0x1C9C10 33 45 30 38 20 20 20 20 20 20 20 20 20 20 20 20 3E08 | |||
0x1C9C20 20 20 20 20 20 20 20 20 33 31 39 30 36 31 4D 54 319061MT | |||
0x1C9C30 35 38 33 41 54 34 55 32 4E 47 4C 41 FF FF FF FF 583AT4U2NGLA˙˙˙˙ | |||
==== FF filled ==== | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
001C9C40 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
[...] filled FF region | [...] filled FF region | ||
001C9FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001C9FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x1CA000 === | ==== 0x1CA000 ==== | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 580: | Line 729: | ||
001CA5C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | 001CA5C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | ||
==== | ==== 0x1CA5D0 Region? + Magic? & Incremental? & BIOS Version ==== | ||
On the end of this page we have a list where we can compare thoes informations against other consoles. This will help us to bring light into thoes few bytes here. | |||
BIOS Incremental? on 0x1CA5D8 | BIOS Version on 0x1CA604 - 4 bytes long | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 615: | Line 766: | ||
001CA5F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | 001CA5F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | ||
001CA600 FF 00 FF 00 00 00 61 01 FF FF FF FF FF FF FF FF ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ</pre> | 001CA600 FF 00 FF 00 00 00 61 01 FF FF FF FF FF FF FF FF ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ</pre> | ||
|- | |||
|} | |||
Region? & SKU version? | |||
{| class="wikitable" | |||
|- | |||
! Console A Dev / Test FW 1.50.10 !! Console B Dev / Test FW 1.50 !! Console C Retail FW 1.52 !! Console D Retail FW 1.06 !! Console E Retail FW 1.74 | |||
|- | |||
| <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
001CA5D0 34 77 B3 C0 02 00 00 00 02 00 00 00 00 00 00 00 4w³À............ | |||
001CA600 FF 00 FF FF 00 10 50 01 FF FF FF FF FF FF FF FF ÿ.ÿÿ....ÿÿÿÿÿÿÿÿ</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
001CA5D0 34 77 B3 C0 02 00 00 00 03 00 00 00 00 00 00 00 4w³À............ | |||
001CA600 FF 00 FF FF 00 00 50 01 FF FF FF FF FF FF FF FF ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
001CA5D0 B0 76 B3 80 02 00 00 00 03 00 00 00 00 00 00 00 °v³€............ | |||
001CA600 FF 00 FF FF 00 00 52 01 FF FF FF FF FF FF FF FF ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
001CA5D0 34 76 B3 80 02 00 00 00 03 00 00 00 00 00 00 00 4v³€............ | |||
001CA600 FF 00 FF FF 00 00 06 01 FF FF FF FF FF FF FF FF ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
001CA5D0 30 76 B3 80 02 00 00 00 03 00 00 00 00 00 00 00 0v³€............ | |||
001CA600 FF 00 FF FF 00 00 74 01 FF FF FF FF FF FF FF FF ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ</pre> | |||
|- | |- | ||
|} | |} | ||
as long we have no better understanding of the added 0xE0 i will guess it as an kind of patch counter for that FW. i assume that the 0 will increase if more patches are installed. | as long we have no better understanding of the added 0xE0 i will guess it as an kind of patch counter for that FW. i assume that the 0 will increase if more patches are installed. | ||
NOTE: The first byte off ?Region + SKU Bytes? will differ between consoles. I guess for now that it may describe the region of the console. The 0xB0 is a brazilien console where 0x30 & 0x34 are for what i can say European consoles. (Feel free to correct me) | |||
The following 4 bytes then are for Retails always the same and also for Dev / Test consoles they do match between them. | |||
Retails 0x76 0xB3 0x80 0x02 | |||
Dev/Test 0x77 0xB3 0xC0 0x02 | |||
==== FF filled ==== | ==== FF filled ==== | ||
Line 625: | Line 802: | ||
001CBBF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001CBBF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x1CBC00 === | ==== 0x1CBC00 ==== | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 652: | Line 829: | ||
001CDFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001CDFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x1CE000 === | ==== 0x1CE000 ==== | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 679: | Line 856: | ||
001CE1F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 001CE1F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x1CE200 === | ==== 0x1CE200 ==== | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 729: | Line 906: | ||
|} | |} | ||
=== 0x200000 === | ==== 0x200000 PerConsole ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00200000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | 00200000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | ||
Line 763: | Line 940: | ||
002001E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 002001E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
002001F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 002001F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
==== FF filled ==== | ==== FF filled ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 769: | Line 947: | ||
00200FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00200FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x201000 === | ==== 0x201000 PerConsole ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00201000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | 00201000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | ||
Line 803: | Line 981: | ||
002011E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 002011E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
002011F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 002011F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
==== FF filled ==== | ==== FF filled ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 809: | Line 988: | ||
00201FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00201FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x202000 === | ==== 0x202000 PerConsole ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00202000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | 00202000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | ||
Line 843: | Line 1,022: | ||
002021E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 002021E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
002021F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 002021F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
==== FF filled ==== | ==== FF filled ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 849: | Line 1,029: | ||
00202FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00202FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x203000 === | ==== 0x203000 PerConsole ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00203000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | 00203000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | ||
Line 883: | Line 1,063: | ||
002031E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 002031E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
002031F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 002031F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
==== FF filled ==== | ==== FF filled ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 889: | Line 1,070: | ||
00203FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00203FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x204000 === | === 0x204000 Unk DataBlock === | ||
huge block | huge block | ||
{| class="wikitable" | {| class="wikitable" | ||
Line 923: | Line 1,104: | ||
002907F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 002907F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x290800 === | ==== 0x290800 ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00290800 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | 00290800 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | ||
Line 934: | Line 1,115: | ||
002909F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 002909F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x290A00 === | ==== 0x290A00 ==== | ||
00290A00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | 00290A00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | ||
[...] small block | [...] small block | ||
Line 944: | Line 1,125: | ||
00290BF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00290BF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x290C00 === | ==== 0x290C00 ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00290C00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | 00290C00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | ||
Line 955: | Line 1,136: | ||
00290DF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00290DF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x290E00 === | ==== 0x290E00 ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00290E00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | 00290E00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | ||
Line 967: | Line 1,148: | ||
002FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 002FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x300000 === | ==== 0x300000 ==== | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00300000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | 00300000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version | ||
Line 973: | Line 1,154: | ||
0037FFF0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 0037FFF0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
=== 0x380000 === | * bd hrl, likely | ||
=== 0x380000 SCE VTRM Region0 (Retail & Dev/Test) === | |||
See also: [[VTRM]] | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00380000 FC FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00380000 FC FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
Line 984: | Line 1,168: | ||
00380060 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................ | 00380060 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................ | ||
00380070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00380070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
==== 0x380170 VTRM Region0 Digest? (Retail & Dev/Test) ==== | |||
See also: [[VTRM#Region0_Digest|VTRM]] | |||
==== 0x380170 ==== | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00380170 xx xx xx xx xx xx xx xx ........ xx differs between consoles on same version | 00380170 xx xx xx xx xx xx xx xx ........ xx differs between consoles on same version | ||
Line 1,010: | Line 1,181: | ||
003801C0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | 003801C0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " | ||
003801D0 xx xx xx xx xx xx xx xx ....... . " | 003801D0 xx xx xx xx xx xx xx xx ....... . " | ||
==== FF filled ==== | ==== FF filled ==== | ||
=== 0x3A0000 === | === 0x3A0000 SCE VTRM Region1 (Retail) === | ||
See also: [[VTRM#Region1|VTRM]] | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
00380000 03 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380040 01 00 00 00 FF FF FF FF 53 43 45 56 54 52 4D 00 ....ÿÿÿÿSCEVTRM. | |||
00380050 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ | |||
00380060 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................ | |||
00380070 FF FF FF FF FF FF FF FF FE FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
==== 0x3A0170 VTRM Region1 Digest? (Retail) ==== | |||
See also: [[VTRM#Region1_Digest|VTRM]] | |||
| | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
003A0170 xx xx xx xx xx xx xx xx ........ xx differs between consoles on same version | 003A0170 xx xx xx xx xx xx xx xx ........ xx differs between consoles on same version | ||
Line 1,096: | Line 1,254: | ||
003BFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 003BFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
=== 0x3C0000 === | === 0x3C0000 (CoreOS) === | ||
0x1980000 datablock | 0x1980000 datablock (sflash0s1.cryptx3 + sflash0s1.cryptx3b) | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
003C0000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ | 003C0000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ | ||
Line 1,112: | Line 1,270: | ||
{{eof}} 0x2000000 | {{eof}} 0x2000000 | ||
=== FW/BIOS versioning and incremental counting Observation === | |||
Following a list of Informations about The Consoles Firmware version, the SFlashes BIOS version and this strange (where i guess) incremental counter. I run that list so we can see if my guess of a incremental value is right or not. | |||
The values we list are: | |||
0x1CA5D0 (1 Byte) == Region? | |||
The real Region of your device. | |||
0x1CA5D1 (4 Bytes) == SKU? | |||
The real SKU of your device. | |||
0x1C8041(variety) The SKU Model string. | |||
The Firmware version of your console. | |||
0x1CA604 (4 Bytes, little endian) == BIOS version. | |||
0x1CA5D8 (4 Bytes, each integer16) == Incremental value as Byte. | |||
The same value but as integer. | |||
The Console # so we can see on one shot which value belong to which console or if they are from diffrent cons. | |||
And the last one, the SHA1 checksum of VTRM PerConsole0 | |||
NOTE: If there are any informations from one and the same console but on diff versions, then please mark your console with the next free number and add it. So we can see with one hit which values are from diff cons and which are from the same con. And which value belongs to which console. If the values are from one console and no second value from the same console is already present then mark it with a minus -. | |||
{| class="wikitable" | |||
! Region !! Real !! SKU !! Real !! Model !! FW !! BIOS !! Inc Byte !! Inc Integer !! Con # !! VTRM PerConsole0 SHA1 | |||
|- | |||
| 0x34 || EU || 77 B3 C0 02 || Dev / Test || DUH-T1000AA || 1.50 || 1.50 || 0x03 0x00 0x00 0x00 || 3.0.0.0 || 0 || 46AEDE30098A48BB6A35E392F7A8EB603F3FFCD4 | |||
|- | |||
| 0x34 || EU || 77 B3 C0 02 || Dev / Test || DUH-T1000AA || 1.010.031 || 0xFFFFFFFF || / || / || 0 || 46AEDE30098A48BB6A35E392F7A8EB603F3FFCD4 | |||
|- | |||
| 0x34 || EU || 77 B3 C0 02 || Dev / Test || DUH-T1000AA || 1.76 || 1.50.10 || 0x03 0xE0 0x00 0x00 || 3.224.0.0 || - || 11F8D58F9D5E6CC34D0E5EA63E656A40C32FB5A3 | |||
|- | |||
| 0xB0 || BR || 76 B3 80 02 || Retail || CUH-1001A B01 || 2.50 || 1.52 || 0x03 0xED 0x00 0x00 || 3.237.0.0 || - || 56C205680BFFCB4AA36047F192C9D8C6FDD31294 | |||
|- | |||
| 0xB0 || BR || 76 B3 80 02 || Retail || CUH-1001A B01 || 2.50 || 1.52 || 0x03 0xED 0x00 0x00 || 3.237.0.0 || - || 3F85EDAD7BCF9122B456970FDEDB9C1D1802A7A5 | |||
|- | |||
| 0xB0 || BR || 76 B3 80 02 || Retail || CUH-1011A B01 || 2.50 || 1.52 || 0x03 0xED 0x00 0x00 || 3.237.0.0 || - || 262E7A39E3F04C91D6820EF5EF0533F0D32BD073 | |||
|- | |||
| 0x34 || EU || 76 B3 80 02 || Retail || CUH-1004A B01X || 1.06 || 1.06 || 0x02 0x00 0x00 0x00 || 2.0.0.0 || 1 || A801741B94EAFFAE0CB9F56EB20E7908F9556D45 | |||
|- | |||
| 0x30 || EU || 76 B3 80 02 || Retail || CUH-1004A B01X || 1.61 || 1.61 || 0x03 0x00 0x00 0x00 || 3.0.0.0 || 1 || A801741B94EAFFAE0CB9F56EB20E7908F9556D45 | |||
|- | |||
| 0x30 || EU || 76 B3 80 02 || Retail || CUH-1004A B01X || 1.62 || 1.61 || 0x03 0xE0 0x00 0x00 || 3.224.0.0 || 1 || A801741B94EAFFAE0CB9F56EB20E7908F9556D45 | |||
|- | |||
| 0x30 || EU || 76 B3 80 02 || Retail || CUH-1004A B01X || 1.74 || 1.61 || 0x03 0xE0 0x00 0x00 || 3.224.0.0 || 1 || A801741B94EAFFAE0CB9F56EB20E7908F9556D45 | |||
|- | |||
|} | |||
=== Software Based Validation === | |||
==== BwE PS4 NOR Validator ==== | |||
[[File:Screenshot norvalidator2.png|300px|thumb|left|Results]] | |||
This program is the release version of [[User:BwE]]'s PS4 NOR Validator, it is designed solely to validate the NOR flash of your PS4 console! | |||
Why would you need to do this? Well if your console has suddenly died and has what is called the 'BLOD', the NOR can be the reason why. Using my program will allow you to validate literally every single byte of the NOR (or over 2100 specific areas) - allowing you to see where or if it is corrupted. | |||
The most common area of corruption that causes the BLOD is the CID. Some areas of this section can actually be repaired, if you're lucky! I and others have done this! Don't forget to use my Comparator tool to help you understand what the difference is for a specific section of the NOR. It will help you with patching! | |||
Other areas can be inter-changed between different consoles and are more suited for repair, the WiFi/BT module is a good example of this. | |||
So fundamentally, this program is for console repairers like myself. If you are indeed a repairer and run a business I can make a custom 'bulk' version for you! But for now, feel free to put multiple *.bin files in the working directory as my program will provide a selection menu. | |||
I am also happy to give advice on your NOR or help interpret your results, just post on the forum or give me an email. If you can bypass my filter, send me a link to your NOR! | |||
If you encounter any errors or weird results - or better yet if your NOR is labled danger in any areas, but still runs fine - let me know! | |||
Keep in mind the CoreOS and other large encrypted areas could still be corrupt regardless of the results (I cant check every byte in an encrypted section, hence alt validations). This program is NOT perfect, but it is WAY better than just using a hex editor or never truely knowing if your BLOD is caused by the NOR! | |||
This also goes above and beyond that of the psdevwiki page regarding the main flash of the PS4 (Thank you cfwprpht). | |||
<br><br><br><br><br> | |||
'''Notes:''' | |||
As of version 1.5.5 there is an ability to upload dumps directly to me. I use these to improve the program and validations. | |||
Abusing this service will result in your ban from future use of my validator. | |||
''Regarding Anti-Virus:'' | |||
I protect my program with Themida. The problem with this is that heuristically some AV software see it as a threat. | |||
This is because people who make or redistribute old malware also use Themida to help make themselves undetected. | |||
Ultimately, it is up to you to trust the program and me. I encourage you to upload to a sandbox to see for yourself. | |||
<pre> | |||
Version History: | |||
- 1.7.1 (25/6/21) Fixed Uploading Questions, Added MB Serial to Outputs, New Spash Screen. | |||
- 1.7.0 (23/6/21) Added Question Regarding Dump When Uploading, Added New CID Validation (Weird Key or Flag), Fixed UART Validation, Added Unlisted Results. | |||
- 1.6.9 (26/5/21) Fixed Internal Code Issues, Added Unlisted Results, New Splash Screen (Potentially last update for a short while). | |||
- 1.6.8 (16/5/21) Updated Internal Comparison Application, Improved Serial Number Validation (MB Series), Added Unlisted Results. | |||
- 1.6.7 (25/4/21) Repaired UNK 1200 Series Validation, Added Unlisted Results. | |||
- 1.6.6 (12/4/21) Added Unlisted Results, Improved Validation, Changed Output Styling. | |||
- 1.6.5 (31/3/21) Added CoreOS Statistical Analysis, Changed Some Results, Changed Some Output Formatting, Returned to Previous Packer. | |||
- 1.6.3 (30/3/21) Added CoreOS Patcher (SU-30631-3 Error Specific), Updated Results, Added Unlisted Results, Fixed Readme, Changed Packer. | |||
- 1.6.2 (18/3/21) Repaired CID Validation, Improved Handling of 72xx, Added Unlisted Results, Improved Dump Uploading Process. | |||
- 1.6.1 (20/2/21) Repaired CID Validation, Added Unlisted Results (Thanks Uploaders!) | |||
- 1.6.0 (4/2/21) Added IDU Mode Patcher, Improved Validations, Added Unlisted Results. | |||
- 1.5.9 (29/1/21) Major Improvement to CID and UNK Validations, Added Unlisted Results, Improved UART Patching, Better Handling of 1200/Pro/Slim Validations, Added v1.5 of Comparator | |||
- 1.5.7 (11/1/21) Fixed Version Checker, Improved Statistics, Removed Some Unlisted Results (Improved Validation), Updated Upload Feature, Improved Compiler | |||
- 1.5.6 (10/1/21) Improved CID and UNK Validations, Updated Unlisted Validations, IDU Flags Added, Some Code Optimization | |||
- 1.5.5 (8/1/21) Updated Pro/Slim Specific Validations, Updated Unlisted Validations, Updated CID Validations, Updated UNK Validations, Added Dump Upload Feature | |||
- 1.5.3 (5/12/20) Updated Unlisted Validations, Updated WiFi/BT MD5s & Entropy Validation | |||
- 1.5.2 (20/11/20) Updated WiFi/BT MD5s, Added 2nd UART Flag, Updated Unlisted Validations | |||
- 1.5.1 (3/11/20) Updated Unlisted Validations, Added UART Enabler, Removed Unused Validation Option, Added Basic Loader | |||
- 1.5.0 (30/10/20) Updated Unlisted Validations, Upgraded Existing Validations, Removed Loader (Secret Patcher Coming Soon!) | |||
- 1.4.9 (3/5/20) Added 21xx Series Specific Validations, Updated Unlisted Validations | |||
- 1.4.7 (23/3/20) Added Dynamic Comparison, Updated Unlisted Validations | |||
- 1.4.6 (1/2/20) Just Keeping It Fresh! (May have fixed issues stopping the program running, if not let me know!) | |||
- 1.4.4 (16/8/19) Added and Improved Validations (CID & UNK) Including New WiFi/BT FW MD5 | |||
- 1.4.2 (7/4/19) Added More Validations (Firmware & Console Specific), Improved Various Sections (CID & UNK Mostly) | |||
- 1.4.1 (1/3/19) Prettied Up Outputs, Minor Rewording (Sorry!). | |||
- 1.4.0 (1/3/19) Added Zecoxao Extraction Methodology (Will Add More Zecoxao SELF Stuff Later), Added FW/BIOS Versioning, Added Additional Entropy Validation & Various Improvements Throughout. | |||
- 1.3.8 (21/2/19) Added Additional Validations (To Suit Slim/Pro), Repaired/Improved CID Validation, More MD5s & Table Based Results. | |||
- 1.3.5 (30/1/19) Added CoreOS Reference Points (Additional CoreOS Per-Console Validation). | |||
- 1.3.3 (24/1/19) Reworked And Improved Both CID And UNK Sections Again, Added More MD5's, Added Application Version Checker, Removed Colored Bars, Added Comparator & Other Improvements Throughout. | |||
- 1.3.1 (19/1/19) Added More Validations & MD5's, Repaired Minor Bug. | |||
- 1.3 (15/1/19) Completely Reworked And Improved The CID Section And Added Additional Validations To The UNK Section & I Also Improved Some Other Validations Throughout. | |||
- 1.2.6 (18/12/18) Hopefully Fixed 'Black Screen' Issue, Recompiled In 32bit. | |||
- 1.2.5 (17/12/18) Added 2 New Flags (Possibly Initialization Flag?), Changed Validation Results, Improved Output/Info (HTML) & Added MD5's. | |||
- 1.2 (8/12/18) Improved All Alt Validations, Repaired Vtrm1, Internal Typo & Added Repetition Checks. | |||
- 1.1.1 (29/11/18) Typo Again, Made The SKU Not Come Up As Unlisted & Added Some MD5's. | |||
- 1.1 (28/11/18) Improved VTRM & CID Validation, Typo Fixes & Better Colours. | |||
- 1.0 (27/11/18) First Release! | |||
</pre> | |||
'''Developer Website:'''<br> | |||
https://betterwayelectronics.com.au/ | |||
'''Direct Link:'''<br> | |||
https://betterwayelectronics.com.au/BwE_PS4_NOR_Validator.rar | |||
'''More Information/Updates:'''<br> | |||
github.com/BetterWayElectronics/ps4-nor-validator | |||
<br><br> | |||
{{Reverse Engineering}} | {{Reverse Engineering}} | ||
<noinclude>[[Category:Main]]</noinclude> | <noinclude>[[Category:Main]]</noinclude> |
Latest revision as of 17:41, 16 March 2023
subject: dump of serial flash MX25L25635FMI-10G for CXD90025G
reference files:
- PS4 NOR Dump 1.06 (without MAC address & ConsoleId)
- PS4 NOR Dump 1.61 (without MAC address & ConsoleId)
- PS4 NOR Dump 1.61 E0 (without MAC address & ConsoleId) that update seem's to fixed a nasty bug on my console, need to do more test...
- hint for FW 1.61 E0: fw version is still the same (1.61) also the fw counter is still 3 but now have E0 added to it.
other reference files:
- PS4 TEST KIT NOR Dump 1.010.031 and 1.500.101 (without MAC address & Console-ID)
- PS4 #1 NOR Dump 1.1 and 1.51 (without MAC address & ConsoleId)
- PS4 #2 NOR Dump 1.1 and 1.51 (without MAC address & ConsoleId)
notes: Console A & B are 2 Compared from same Region and Version. Console C is from Region: EU and Version: 1.06
size: 0x2000000 filesize / 0x1D40000 datasize
statistics: 2.64-2.66% 00´s / 11.83% FF´s / < 0.38% rest
entropy: 6.96569 (87.0711%) - 7.52856 (94.107%)
Redundancy: 12.9289% - 5.893%
A. Mean: 131072
StdDev: 454103 - 245647
Strings: Flash-Main/strings
observation: MAC Address on 0x1C4021 length 6 bytes | Motherboard Serial on 0x1C8000 length 14 bytes | Console Serial on 0x1C8030 length 17 bytes | SKU Version on 0x1C8040 length 15 bytes | HDD type, P/N and S/N on 0x1C9C00 length 64 bytes | FW Counter on 0x1CA5D8 length 2 bytes (first byte is the FW Counter, ?second byte is the Patch Counter?)| FW Version on 0x1CA604 length 4 bytes
sources: GUI Tool for the PS4 NOR Flash PS4_AC1D_Flash-Tool | Libraries Developed for the PS4 NOR flash Usefull_Libraries
other files: Constant offsets and length in ALL Ps4 block -> same_block.txt. Im compare over 10 dumps from diffrent firmware / console. First value is offset of first byte, second is length in byte. All values in decimental.
Offsets[edit | edit source]
See Codenames.
- 0x00000000 <- Segment 0 Header (0x1000)
- 0x00001000 <- Segment 0 Active Slot (0x1000)
- 0x00002000 <- Segment 0 MBR1 (for sflash0s1.cryptx32) (0x1000)
- 0x00003000 <- Segment 0 MBR2 (for sflash0s1.cryptx32b) (0x1000)
- 0x00004000 <- sflash0s0x32 (0x60000) (emc_ipl)
- 0x00064000 <- sflash0s0x32b (0x60000) (emc_ipl)
- 0x000C4000 <- sflash0s0x33 (0x80000) (eap_kbl)
- 0x00144000 <- sflash0s0x38 (0x80000) (torus2_fw)
- 0x001C4000 <- sflash0s0x34 (0xC000) (nvs)
- 0x001D0000 <- sflash0s0x0 (0x30000) (blank)
- 0x00200000 <- Segment 1 Header (XTS encrypted) (0x1000)
- 0x00201000 <- Segment 1 Active Slot (XTS encrypted) (0x1000)
- 0x00202000 <- Segment 1 MBR1 (for sflash0s1.cryptx2) (XTS encrypted) (0x1000)
- 0x00203000 <- Segment 1 MBR2 (for sflash0s1.cryptx2b) (XTS encrypted) (0x1000)
- 0x00204000 <- sflash0s1.cryptx2 (0x3E000) (sam_ipl)
- 0x00242000 <- sflash0s1.cryptx2b (0x3E000) (sam_ipl)
- 0x00280000 <- sflash0s1.cryptx1 (0x80000) (idata)
- 0x00300000 <- sflash0s1.cryptx39 (0x80000) (bd_hrl)
- 0x00380000 <- sflash0s1.cryptx6 (0x40000) (Virtual TRM)
- 0x003C0000 <- sflash0s1.cryptx3 (0xCC0000) (secure kernel, secure modules)
- 0x01080000 <- sflash0s1.cryptx3b (0xCC0000) (secure kernel, secure modules)
- 0x01D40000 <- sflash0s1.cryptx40 (0x2C0000) (blank)
MBR Types[edit | edit source]
typedef struct {
uint32_t start_lba;
uint32_t n_sectors;
uint8_t flag1; // maybe part_id
uint8_t flag2;
uint16_t unknown;
uint64_t padding;
} __attribute__((packed)) partition_t;
typedef struct {
uint8_t magic[0x20]; // "SONY COMPUTER ENTERTAINMENT INC."
uint32_t version; // 1
uint32_t mbr1_start; // ex: 0x10
uint32_t mbr2_start; // ex: 0x18
uint32_t unk[4]; // ex: (1, 1, 8, 1)
uint32_t reserved;
uint8_t unused[0x1C0];
} __attribute__((packed)) master_block_v1_t;
typedef struct {
uint8_t magic[0x20]; // "Sony Computer Entertainment Inc."
uint32_t version; // 4
uint32_t n_sectors;
uint64_t reserved;
uint32_t loader_start; // ex: 0x11, 0x309
uint32_t loader_count; // ex: 0x267
uint64_t reserved2;
partition_t partitions[16];
} __attribute__((packed)) master_block_v4_t;
MBR Contents (Example) (Internal)[edit | edit source]
MBR 1 and 2[edit | edit source]
Partition 0, off=0x2000, sz=0x60000, type=0x20(32), active?=0x0 (ina) (emc) Partition 1, off=0x62000, sz=0x60000, type=0x20(32), active?=0x1 (act) (emc) Partition 2, off=0xc2000, sz=0x80000, type=0x21(33), active?=0x1 (act) (eap) Partition 3, off=0x142000, sz=0x80000, type=0x26(38), active?=0x1 (act) (wifi) Partition 4, off=0x1c2000, sz=0xc000, type=0x22(34), active?=0x1 (act) (nvs)
MBR 3 and 4[edit | edit source]
Partition 0, off=0x2000, sz=0x3e000, type=0x2, active?=0x1 (act) (ipl) Partition 1, off=0x40000, sz=0x3e000, type=0x2, active?=0x0 (ina) (ipl) Partition 2, off=0x7e000, sz=0x80000, type=0x1, active?=0x1 (act) (idstorage) Partition 3, off=0xfe000, sz=0x80000, type=0x27(39), active?=0x1 (act) (bd revoke) Partition 4, off=0x17e000, sz=0x40000, type=0x6, active?=0x1 (act) (vtrm) Partition 5, off=0x1be000, sz=0xcc0000, type=0x3, active?=0x1 (act) (coreos) Partition 6, off=0xe7e000, sz=0xcc0000, type=0x3, active?=0x0 (ina) (coreos) Partition 7, off=0x1b3e000, sz=0x2c0000, type=0x28(40), active?=0x1 (act) (unused)
MBR Contents (Example)[edit | edit source]
MBR 1 and 2[edit | edit source]
Partition 0, off=0x2000, sz=0x60000, type=0x20, active?=0x1 (act) Partition 1, off=0x62000, sz=0x60000, type=0x20, active?=0x0 (ina) Partition 2, off=0xc2000, sz=0x80000, type=0x21, active?=0x1 (act) Partition 3, off=0x142000, sz=0x80000, type=0x26, active?=0x1 (act) Partition 4, off=0x1c2000, sz=0xc000, type=0x22, active?=0x1 (act) Partition 5, off=0x1ce000, sz=0x30000, type=0x0, active?=0x1 (act)
MBR 3 and 4[edit | edit source]
Partition 0, off=0x2000, sz=0x3e000, type=0x2, active?=0x1 Partition 1, off=0x40000, sz=0x3e000, type=0x2, active?=0x0 Partition 2, off=0x7e000, sz=0x80000, type=0x1, active?=0x1 Partition 3, off=0xfe000, sz=0x80000, type=0x39, active?=0x1 Partition 4, off=0x17e000, sz=0x40000, type=0x6, active?=0x1 Partition 5, off=0x1be000, sz=0xcc0000, type=0x3, active?=0x1 Partition 6, off=0xe7e000, sz=0xcc0000, type=0x3, active?=0x0 Partition 7, off=0x1b3e000, sz=0x2c0000, type=0x40, active?=0x1
Content[edit | edit source]
0x0[edit | edit source]
Magic[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00000000 53 4F 4E 59 20 43 4F 4D 50 55 54 45 52 20 45 4E SONY COMPUTER EN 00000010 54 45 52 54 41 49 4E 4D 45 4E 54 20 49 4E 43 2E TERTAINMENT INC.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00000020 01 00 00 00 10 00 00 00 18 00 00 00 01 00 00 00 ................ 00000030 01 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 ................
00 filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] filled 00 region 00000FF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x1000[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00001000 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 €...............
this differenced between firmware versions
00 filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00001010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] filled 00 region 00001FF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x2000[edit | edit source]
Magic[edit | edit source]
- aka MBR1
- ends in 0x3000
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00002000 53 6F 6E 79 20 43 6F 6D 70 75 74 65 72 20 45 6E Sony Computer En 00002010 74 65 72 74 61 69 6E 6D 65 6E 74 20 49 6E 63 2E tertainment Inc. (0x90 block)
00 filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 000020B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] filled 00 region 00002FF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x3000[edit | edit source]
Magic[edit | edit source]
- aka MBR2
- ends in 0x4000
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00003000 53 6F 6E 79 20 43 6F 6D 70 75 74 65 72 20 45 6E Sony Computer En 00003010 74 65 72 74 61 69 6E 6D 65 6E 74 20 49 6E 63 2E tertainment Inc. (0x90 block)
00 filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 000030B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] filled 00 region 00003FF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x4000[edit | edit source]
SLB2 Magic (MC Stage1)[edit | edit source]
- aka sflash0s0x32
- ends in 0x64000
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00004000 53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00 SLB2............
00004010 40 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 @............... 00004020 01 00 00 00 90 7A 04 00 00 00 00 00 00 00 00 00 .....z.......... 00004030 43 30 30 30 30 30 30 31 00 00 00 00 00 00 00 00 C0000001........ 00004040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00004050 3F 02 00 00 40 00 00 00 00 00 00 00 00 00 00 00 ?...@........... 00004060 43 30 30 30 38 30 30 31 00 00 00 00 00 00 00 00 C0008001........
00 filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00004070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] filled 00 region 000041F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x4200[edit | edit source]
DEADBEEF CAFEBEBE Magic[edit | edit source]
(similar is at 0x64218 and 0xC4218)
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00004200 AA F9 8F D4 01 00 55 48 80 00 00 00 xx xx 04 00 ªù.Ô..UH€...... xx differs on different console with same version 00004210 00 0C 10 00 00 0C 10 00 DE AD BE EF CA FE BE BE ........Þ¾ïÊþ¾¾ 00004220 DE AF BE EF CA FE BE BE F1 F2 F3 F4 F5 F6 F7 F8 Þ¯¾ïÊþ¾¾ñòóôõö÷ø 00004230 AF 46 78 AA E2 C4 4C 90 CA 4B 1B 44 B6 A4 9F 57 ¯FxªâÄL.ÊK.D¶¤ŸW same on different console with same version 00004240 9D 24 E1 91 C2 DC 0C 36 55 AE 43 D5 C5 AB 70 BD .$á‘ÂÜ.6U®CÕÅ«p½ same on different console with same version
huge encrypted section[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00004250 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx different on different console with same version [...] (huge encrypted section) 0004BC80 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx (on different console with same version ends at 00049F1F
00 filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0004BC90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] 00063FF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ............... (on different console with same version ends at 00049FFF then a FF filled block until 00063FFF)
0x64000[edit | edit source]
SLB2 Magic (MC Stage2)[edit | edit source]
- aka sflash0s0x32b
- ends in 0xC4000
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00064000 53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00 SLB2............
00064010 33 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3............... 00064020 01 00 00 00 10 61 04 00 00 00 00 00 00 00 00 00 .....a.......... 00064030 43 30 30 30 30 30 30 31 00 00 00 00 00 00 00 00 C0000001........ 00064040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00064050 32 02 00 00 40 00 00 00 00 00 00 00 00 00 00 00 2...@........... 00064060 43 30 30 30 38 30 30 31 00 00 00 00 00 00 00 00 C0008001........
00 filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00064070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] filled 00 region 000641F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x64200[edit | edit source]
DEADBEEF CAFEBEBE Magic[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00064200 AA F9 8F D4 01 00 55 48 80 00 00 00 90 60 04 00 ªù.Ô..UH€....`.. 00064210 00 0C 10 00 00 0C 10 00 DE AD BE EF CA FE BE BE ........Þ¾ïÊþ¾¾ 00064220 DE AF BE EF CA FE BE BE F1 F2 F3 F4 F5 F6 F7 F8 Þ¯¾ïÊþ¾¾ñòóôõö÷ø 00064230 AF 46 78 AA E2 C4 4C 90 CA 4B 1B 44 B6 A4 9F 57 ¯FxªâÄL.ÊK.D¶¤ŸW 00064240 9D 24 E1 91 C2 DC 0C 36 55 AE 43 D5 C5 AB 70 BD .$á‘ÂÜ.6U®CÕÅ«p½ 00064250 CC 6F 6C 5C 8F C9 5C 30 38 F2 72 90 ED 82 C0 BB Ìol\.É\08òr.í‚À» [...]
lots of strings in this huge section, no differences between consoles on same version until 001C4024
0xC4000[edit | edit source]
SLB2 Magic (EAP_KBL)[edit | edit source]
- aka sflash0s0x33
- ends in 0x144000
NOTE: This container only consits of one file + that X800X which is present on every BIOS SLB2. But the data is extracted twice and just written with two diffrent names. One time the TitleID is used C0010001 and the second time a string which hold the file name eap_kbl is used. But both files are identical and extracted by using the same data source.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 000C4000 53 4C 42 32 01 00 00 00 00 00 00 00 03 00 00 00 SLB2............
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 000C4010 C6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Æ............... 000C4020 01 00 00 00 20 87 01 00 00 00 00 00 00 00 00 00 .....‡.......... 000C4030 43 30 30 31 30 30 30 31 00 00 00 00 00 00 00 00 C0010001........ 000C4040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000C4050 01 00 00 00 20 87 01 00 00 00 00 00 00 00 00 00 .....‡.......... 000C4060 65 61 70 5F 6B 62 6C 00 00 00 00 00 00 00 00 00 eap_kbl......... 000C4070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000C4080 C5 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 Å...@........... 000C4090 43 30 30 31 38 30 30 31 00 00 00 00 00 00 00 00 C0018001........
00 filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 000C40A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] filled 00 region 000C41F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0xC4200[edit | edit source]
DEADBEEF CAFEBEBE Magic[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 000C4200 AA F9 8F D4 01 00 55 68 80 00 00 00 A0 86 01 00 ªù.Ô..Uh€....†.. 000C4210 00 00 00 62 00 00 00 62 DE AD BE EF CA FE BE BE ...b...bÞ-¾ïÊþ¾¾ 000C4220 DE AF BE EF CA FE BE BE F1 F2 F3 F4 F5 F6 F7 F8 Þ¯¾ïÊþ¾¾ñòóôõö÷ø 000C4230 E6 D5 56 90 B0 E0 FD 52 28 7F 2A 4A 76 F9 13 E1 æÕV.°àýR(.*Jvù.á 000C4240 AE AF 02 68 D8 FF E6 F3 DD 0C B0 C0 F5 A3 4C DD ®¯.hØÿæóÝ.°Àõ£LÝ 000C4250 37 5B 14 86 19 1A 9E 70 F0 B9 F4 6D AB 34 93 4B 7[.†..žpð¹ôm«4“K [...] 000DC910 54 E2 F7 6E BD C9 D2 2E 12 9C 3F CC 3D 67 7A 1E Tâ÷n½ÉÒ..œ?Ì=gz.
00 filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 000DC920 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] filled 00 region 00143FE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x144000[edit | edit source]
SLB2 Magic (Wifi/BT)[edit | edit source]
wifi/bluetooth chipset firmware[edit | edit source]
- aka sflash0s0x38
- ends in 0x1C4000
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00144000 53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00 SLB2............
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00144010 71 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 q............... 00144020 01 00 00 00 A8 DD 06 00 00 00 00 00 00 00 00 00 ....¨Ý.......... 00144030 43 30 30 32 30 30 30 31 00 00 00 00 00 00 00 00 C0020001........ 00144040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00144050 70 03 00 00 40 00 00 00 00 00 00 00 00 00 00 00 p...@........... 00144060 43 30 30 32 38 30 30 31 00 00 00 00 00 00 00 00 C0028001........
00 filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00144070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] 00 filled region 001441F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
No DeadBeef CafeBebe Magic on this SLB2[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00144200 01 00 00 00 00 00 00 00 00 04 00 00 00 94 51 1A .............”Q. 00144210 1C F0 9F E5 1C F0 9F E5 1C F0 9F E5 1C F0 9F E5 .ðŸå.ðŸå.ðŸå.ðŸå 00144220 1C F0 9F E5 1C F0 9F E5 1C F0 9F E5 1C F0 9F E5 .ðŸå.ðŸå.ðŸå.ðŸå 00144230 10 82 0E 20 CC 68 00 00 50 68 00 00 54 68 00 00 .‚..Ìh..Ph..Th.. 00144240 AC 68 00 00 B0 68 00 00 B4 68 00 00 B8 68 00 00 ¬h..°h..´h..¸h.. 00144250 C5 68 00 00 00 00 00 EA 70 00 00 EA 28 00 8F E2 Åh.....êp..ê(..â 00144260 00 0C 90 E8 00 A0 8A E0 00 B0 8B E0 01 70 4A E2 ..Zái.....ºè.àOâ 00144270 0B 00 5A E1 69 00 00 0A 0F 00 BA E8 14 E0 4F E2 ...ã.ðG..ÿ/á°... 00144280 01 00 13 E3 03 F0 47 10 13 FF 2F E1 B0 7F 04 00 .€...À.â.ÿ/áŠ..x 00144290 A0 80 04 00 01 C0 8F E2 1C FF 2F E1 8A 18 03 78 .0œ.¤..Ñ.x.0...Ñ [...] seems to be decrypted [...] more then 60% of the strings found [...] are from that SLB2 Flash-Main/strings
0x1445F0[edit | edit source]
Z Sign[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001445C0 1E FF 2F E1 F0 B5 85 B0 C0 46 C0 46 05 00 0C 00 .ÿ/áðµ…°ÀFÀF.... 001445D0 47 F0 74 EA 00 20 01 95 02 94 C0 46 C0 46 03 90 Gðtê...•.”ÀFÀF.. 001445E0 01 A8 FF F7 B2 EE 04 00 01 A8 0D 00 00 93 03 C8 .¨ÿ÷²î...¨...“.È
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001445F0 16 00 C0 46 C0 46 C0 46 C0 46 06 F0 48 EB 00 21 ..ÀFÀFÀFÀF.ðHë.! 00144600 08 00 C0 46 C0 46 07 00 FF F7 58 EF D2 2F 02 AC ..ÀFÀF..ÿ÷XïÒ/.¬ 00144610 01 00 00 00 FC 03 00 00 00 04 00 00 5A EF 5E 13 ....ü.......Zï^. 00144620 04 90 00 21 07 60 08 00 FF F7 5A FF 41 1C 04 98 ...!.`..ÿ÷ZÿA..˜ 00144630 41 60 00 21 08 00 C0 46 C0 46 01 00 04 98 81 60 A`.!..ÀFÀF...˜.` 00144640 00 21 08 00 C0 46 C0 46 01 00 04 98 C1 60 00 21 .!..ÀFÀF...˜Á`.! 00144650 08 00 C0 46 C0 46 01 00 04 98 01 61 C0 46 C0 46 ..ÀFÀF...˜.aÀFÀF 00144660 C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 ÀFÀFÀFÀFÀFÀFÀFÀF 00144670 C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 C0 46 ÀFÀFÀFÀFÀFÀFÀFÀF
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00144680 00 9B 05 B0 20 00 04 9C 29 00 32 00 A6 46 F0 BC .›.°...œ).2.¦Fð¼ 00144690 01 B0 70 47 10 B5 C0 46 C0 46 00 20 C0 46 C0 46 .°pG.µÀFÀF..ÀFÀF 001446A0 C0 46 C0 46 C0 46 C0 46 10 BC 08 BC 18 47 00 00 ÀFÀFÀFÀF.¼.¼.G..
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001446B0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ [...] a lot off code stuff and strings 0018D810 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................
0x18D820[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0018D820 08 08 08 08 08 08 08 08 08 08 08 08 02 02 02 02 ....|.......¿4.ß 0018D830 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 @............... 0018D840 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0018D850 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0018D860 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0018D870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0018D880 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0018D890 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0018D8A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0018D8B0 00 62 74 5F 73 64 69 6F 00 77 6C 61 6E 00 4F 53 .bt_sdio.wlan.OS 0018D8C0 41 00 62 74 5F 68 63 69 00 62 6C 65 6D 62 78 00 A.bt_hci.blembx. 0018D8D0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ [...] a lot off code stuff and strings 001B1F80 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................
0x1B1F90[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001B1F90 16 0C 00 00 74 29 2E C9 04 00 00 00 00 00 00 00 ....t).É........ 001B1FA0 00 00 00 00 1F DB 8C 18 00 00 00 00 00 00 00 00 .....ÛŒ......... 001B1FB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001B1FC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001B1FD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001B1FE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001B1FF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001B2000 01 00 00 00 00 00 00 00 10 82 0E 20 00 00 00 00 .........‚. ....
00 filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001B2010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] filled 00 region 001C3FF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x1C4000 (Console Main Informations)[edit | edit source]
- AKA NVS or sflash0s0x34
- Ends in 0x200000
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C4000 03 02 01 01 02 01 06 01 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ 001C4010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...]
0x1C4021 MAC Address[edit | edit source]
MAC Address on offset 0x1C4021 6 bytes long.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C4020 01 70 9E 29 33 7A 1B FF FF FF FF FF FF FF FF FF .pž).3zÿÿÿÿÿÿÿÿÿ MAC-Address 001C4030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C4040 FF FF FF FF FF FF FF FF FF FF FF FF FF FF 26 E8 ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ&è 0x26 0xE8 differs between consoles on same version 001C4050 04 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF .ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C4060 03 01 01 02 02 FF FF FF FF FF FF FF FF FF FF FF .....ÿÿÿÿÿÿÿÿÿÿÿ 001C4070 FF FF FF FF FF FF 01 FF FF FF 00 00 00 00 00 00 ÿÿÿÿÿÿ.ÿÿÿ...... 001C4080 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF .ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C4090 FF FF FF FF FF FF 00 00 00 FF 00 00 FF FF FF FF ÿÿÿÿÿÿ...ÿ..ÿÿÿÿ 001C40A0 FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 39 ÿÿÿÿÿÿÿÿÿÿÿÿ...9 [...]
0x1C47F0 Constant[edit | edit source]
Every dump i checked have thoes constant bytes.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C47F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF BE CC ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ¾Ì 001C4800 FF 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿ.ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C4810 00 61 00 60 00 02 00 48 00 47 00 02 00 48 00 47 .a.`...H.G...H.G 001C4820 00 02 FF FF FF FF FF FF FF FF FF FF FF FF FF FF ..ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C4830 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C4840 FF FF FF FF FF FF FF FF FF FF FF FF 00 01 FF FF ÿÿÿÿÿÿÿÿÿÿÿÿ..ÿÿ 001C4850 FF FF FF FF CD 00 FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÍ.ÿÿÿÿÿÿÿÿÿÿ 001C4860 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C4870 00 50 00 00 00 08 00 00 80 00 00 00 FF FF FF FF .P......€...ÿÿÿÿ 001C4880 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C4890 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C48A0 00 50 00 00 00 09 00 00 00 00 45 00 00 00 90 00 .P........E..... 001C48B0 00 3B 00 00 00 05 00 00 05 00 00 00 FF FF FF FF .;..........ÿÿÿÿ 001C48C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...]
0x1C4FF0[edit | edit source]
Console A, B | Console C |
---|---|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C4FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF B9 29 ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ¹) 001C5000 00 07 FF 07 00 07 FF 07 00 07 0C 04 00 00 00 04 ..ÿ...ÿ......... 001C5010 00 00 FF FF FF FF FF FF 00 00 00 00 00 00 00 00 ..ÿÿÿÿÿÿ........ 001C5020 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF ..ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C5030 xx 00 00 00 xx 00 00 00 xx xx 00 00 00 00 00 00 ................ xx differs between consoles on same version 001C5040 xx 00 00 00 xx 00 00 00 xx 00 00 00 00 00 00 00 ................ " 001C5050 xx 00 00 00 xx 00 00 00 xx xx 00 00 00 00 00 00 $...%...=....... " 001C5060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C4FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF B9 29 ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ¹) 001C5000 00 07 FF 07 00 07 FF 07 00 07 0C 04 00 00 00 04 ..ÿ...ÿ......... 001C5010 00 00 FF FF FF FF FF FF 00 00 00 00 00 00 00 00 ..ÿÿÿÿÿÿ........ 001C5020 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF ..ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C5030 22 00 00 00 20 00 00 00 3D D6 00 00 00 00 00 00 ".......=Ö...... 001C5040 09 00 00 00 09 00 00 00 54 EB 02 00 00 00 00 00 ........Të...... 001C5050 1E 00 00 00 1D 00 00 00 B9 C1 03 00 00 00 00 00 ........¹Á...... 001C5060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] |
0x1C5200[edit | edit source]
Console A, B | Console C |
---|---|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C5200 xx xx xx xx xx xx xx xx xx xx FF xx xx xx xx xx ..........ÿ..... xx differs between consoles on same version 001C5210 xx xx xx xx FF FF xx xx FF FF FF FF FF FF FF FF ....ÿÿ..ÿÿÿÿÿÿÿÿ " 001C5220 xx xx xx xx xx xx xx xx xx xx FF xx xx xx xx xx ..........ÿ..... " 001C5230 xx xx xx xx FF FF xx xx FF FF FF FF FF FF FF FF ....ÿÿ..ÿÿÿÿÿÿÿÿ " 001C5240 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 001C5250 xx xx xx xx xx xx xx xx FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ " 001C5260 xx xx xx xx xx xx xx xx xx xx FF xx xx xx xx xx ..........ÿ..... " 001C5270 xx xx xx xx FF FF xx xx FF FF FF FF FF FF FF FF ....ÿÿ..ÿÿÿÿÿÿÿÿ " 001C5280 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 001C5290 xx xx xx xx FF FF xx xx FF FF FF FF FF FF FF FF ....ÿÿ..ÿÿÿÿÿÿÿÿ " |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C5200 03 00 81 80 57 C3 B3 03 04 10 FF 00 00 01 00 00 ...€Wó...ÿ..... 001C5210 09 00 09 00 FF FF 00 23 FF FF FF FF FF FF FF FF ....ÿÿ.#ÿÿÿÿÿÿÿÿ 001C5220 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C5230 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C5240 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C5250 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C5260 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C5270 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C5280 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C5290 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ |
FF filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C52A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 001C5FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x1C6000 (Retail & Dev/Test)[edit | edit source]
This seems to be increased. There will be 8 0x00 bytes be added for every new "what ever".
Console A, B | Console C |
---|---|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C6000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version 001C6010 xx xx xx xx xx xx xx xx FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ " |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C6000 FF 51 21 6D 66 1C 00 03 FF FF FF FF FF FF FF FF ÿQ!mf...ÿÿÿÿÿÿÿÿ 001C6010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ |
0x1C7000[edit | edit source]
same on different consoles on same version
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C7000 03 09 FC 00 00 00 00 00 00 00 00 00 00 00 00 00 ..ü............. 001C7010 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001C7020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001C7030 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ 001C7040 1F FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .ÿ..............
FF filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C7050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 001C7FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x1C8000 MotherBoard Serial[edit | edit source]
Length = 14 bytes.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C8000 34 30 30 30 31 42 30 31 38 35 39 31 37 37 FF FF 40001B01859177ÿÿ Motherboard Serial
0x1C8010 Unk[edit | edit source]
Length = 16 bytes.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C8010 63 09 72 20 71 DB 7C 69 AC FE D8 92 89 BA 23 04 c.r.qÛ|i¬þØ’‰º#. " 001C8020 00 00 00 25 00 00 0A 93 00 01 00 00 00 00 07 10 ...%...“........
0x1C8030 Console Serial[edit | edit source]
Length = 17 bytes.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C8030 30 33 32 37 34 35 32 32 32 34 35 37 39 36 36 30 0327452224579660 Console Serial 001C8040 32 2
0x1C8041 SKU Model[edit | edit source]
Length = vary.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C8040 43 55 48 2D 31 30 30 34 41 20 42 30 31 58 FF CUH-1004A B01Xÿ SKU Model 001C8050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x1C8060 Unk[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C8060 30 30 30 33 30 30 30 33 30 30 31 36 30 30 31 38 0003000300160018 001C8070 30 30 30 37 30 30 30 31 30 30 30 31 30 30 30 31 0007000100010001 001C8080 30 30 30 31 30 30 30 32 30 30 33 31 30 30 31 35 0001000200310015 001C8090 30 30 32 33 30 30 34 31 52 17 D2 4C C8 49 01 30 00230041R.ÒLÈI.0 001C80A0 33 E0 41 43 72 C3 F1 64 07 8F 31 80 00 00 00 C2 3àACrÃñd..1€... 001C80B0 01 01 01 01 06 06 06 06 FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ 001C80C0 30 30 30 30 30 FF FF FF FF FF FF FF FF FF FF FF 00000ÿÿÿÿÿÿÿÿÿÿÿ
FF filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C80D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 001C87C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x1C87D0[edit | edit source]
within a FF block these are found on both consoles:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C87D0 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 00 ................ 001C87E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C87F0 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF .ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C8800 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C9020 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF .ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x1C9080 ACF (Dev/Test)[edit | edit source]
See Activation ACF.
0x1C91F0 PerConsole (Retail & Dev/Test)[edit | edit source]
(0x40 bytes)
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C91F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C9200 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version 001C9210 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 001C9220 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 001C9230 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ "
Console C / FW 1.06 | Console C / FW 1.61 |
---|---|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C91F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001C9200 25 75 00 28 A6 7A 16 55 63 77 6F 12 1C 7C 37 9A %u.(¦z.Ucwo..|7š 001C9210 58 11 B2 C3 DA 06 0C 00 9A 53 16 29 E5 65 15 A8 X.²ÃÚ...šS.)åe.¨ 001C9220 44 40 C0 17 DD C5 E1 17 A2 D3 9D 98 A1 9B 97 61 D@À.ÝÅá.¢Ó.˜¡›—a 001C9230 5D 0C 67 B2 89 54 0B 8E 81 29 8E 50 A6 10 79 42 ].g²‰T.Ž.)ŽP¦.yB |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C91F0 FF FF FF FF FF FF FF FF FF FF FF FF E5 E5 E5 01 ÿÿÿÿÿÿÿÿÿÿÿÿååå. 001C9200 25 75 00 28 A6 7A 16 55 63 77 6F 12 1C 7C 37 9A %u.(¦z.Ucwo..|7š 001C9210 58 11 B2 C3 DA 06 0C 00 9A 53 16 29 E5 65 15 A8 X.²ÃÚ...šS.)åe.¨ 001C9220 44 40 C0 17 DD C5 E1 17 A2 D3 9D 98 A1 9B 97 61 D@À.ÝÅá.¢Ó.˜¡›—a 001C9230 5D 0C 67 B2 89 54 0B 8E 81 29 8E 50 A6 10 79 42 ].g²‰T.Ž.)ŽP¦.yB |
FF filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C9240 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 001C9BF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x1C9900 PerConsole (Dev/Test)[edit | edit source]
Unique 0x100 byte area (on Testkit Console dump):
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C9900 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ [...] 001C9A00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................
- xx Changes per dev console
0x1C9C00 HDD P/N and S/N,[edit | edit source]
Checked every single Dump i got and it differs. Some Dumps have thoes entry, some not. Retail or Dev/Test do not matter. My own dumps do not have this information. But i also never changed the orig HDD. Maybe it's something like that. That only when you change to a new other HDD it will write the P/N S/N of the new HDD into this array.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 0x1C9C00 47 48 54 53 48 20 53 54 34 35 30 35 30 35 37 41 GHTSH ST4505057A 0x1C9C10 33 45 30 38 20 20 20 20 20 20 20 20 20 20 20 20 3E08 0x1C9C20 20 20 20 20 20 20 20 20 33 31 39 30 36 31 4D 54 319061MT 0x1C9C30 35 38 33 41 54 34 55 32 4E 47 4C 41 FF FF FF FF 583AT4U2NGLA˙˙˙˙
FF filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001C9C40 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 001C9FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x1CA000[edit | edit source]
Console A, B | Console C |
---|---|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CA000 03 20 10 00 01 00 10 00 1C 01 xx 00 00 00 00 00 ................ 001CA010 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA040 00 00 00 00 00 00 00 00 xx 00 00 00 00 00 00 00 ................ xx differs between consoles on same version 001CA050 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA060 00 00 00 00 00 00 00 00 05 00 00 00 xx xx xx xx ................ " 001CA070 xx xx xx xx 02 00 00 00 17 00 00 00 00 00 00 00 ................ " 001CA080 00 00 xx xx 00 00 00 00 xx 00 00 00 00 00 00 00 ................ " 001CA090 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 ................ 001CA0A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA0B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA0C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA0D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA0E0 4C 2D A7 07 00 00 00 00 30 14 13 00 02 00 17 00 L-§.....0....... |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CA000 03 20 10 00 01 00 10 00 1C 01 01 00 00 00 00 00 ................ 001CA010 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA040 00 00 00 00 00 00 00 00 13 00 00 00 00 00 00 00 ................ 001CA050 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA060 00 00 00 00 00 00 00 00 04 00 00 00 D2 BA B9 52 ............Òº¹R 001CA070 00 00 00 00 02 00 00 00 17 00 00 00 00 00 00 00 ................ 001CA080 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ 001CA090 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 ................ 001CA0A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA0B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA0C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA0D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA0E0 1E 6D 67 58 01 01 01 01 01 15 13 00 02 00 17 00 .mgX............ |
00 filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CA0F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [...] filled 00 region 001CA5C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x1CA5D0 Region? + Magic? & Incremental? & BIOS Version[edit | edit source]
On the end of this page we have a list where we can compare thoes informations against other consoles. This will help us to bring light into thoes few bytes here.
BIOS Incremental? on 0x1CA5D8 | BIOS Version on 0x1CA604 - 4 bytes long
Console A, B | Console C |
---|---|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CA5D0 34 76 B3 80 02 00 00 00 02 00 00 00 00 00 00 00 4v³€............ 001CA5E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA5F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA600 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CA5D0 34 76 B3 80 02 00 00 00 02 00 00 00 00 00 00 00 4v³€............ 001CA5E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA5F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA600 FF 00 FF FF 00 00 06 01 FF FF FF FF FF FF FF FF ÿ.ÿÿ....ÿÿÿÿÿÿÿÿ |
Console C / FW 1.06 | Console C / FW 1.61 | Console C FW 1.61 E0 |
---|---|---|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CA5D0 34 76 B3 80 02 00 00 00 02 00 00 00 00 00 00 00 4v³€............ 001CA5E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA5F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA600 FF 00 FF FF 00 00 06 01 FF FF FF FF FF FF FF FF ÿ.ÿÿ....ÿÿÿÿÿÿÿÿ |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CA5D0 30 76 B3 80 02 00 00 00 03 00 00 00 00 00 00 00 0v³€............ 001CA5E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA5F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA600 FF 00 FF FF 00 00 61 01 FF FF FF FF FF FF FF FF ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CA5D0 30 76 B3 80 02 00 00 00 03 E0 00 00 00 00 00 00 0v³€.....à...... 001CA5E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA5F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 001CA600 FF 00 FF 00 00 00 61 01 FF FF FF FF FF FF FF FF ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ |
Region? & SKU version?
Console A Dev / Test FW 1.50.10 | Console B Dev / Test FW 1.50 | Console C Retail FW 1.52 | Console D Retail FW 1.06 | Console E Retail FW 1.74 |
---|---|---|---|---|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CA5D0 34 77 B3 C0 02 00 00 00 02 00 00 00 00 00 00 00 4w³À............ 001CA600 FF 00 FF FF 00 10 50 01 FF FF FF FF FF FF FF FF ÿ.ÿÿ....ÿÿÿÿÿÿÿÿ |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CA5D0 34 77 B3 C0 02 00 00 00 03 00 00 00 00 00 00 00 4w³À............ 001CA600 FF 00 FF FF 00 00 50 01 FF FF FF FF FF FF FF FF ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CA5D0 B0 76 B3 80 02 00 00 00 03 00 00 00 00 00 00 00 °v³€............ 001CA600 FF 00 FF FF 00 00 52 01 FF FF FF FF FF FF FF FF ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CA5D0 34 76 B3 80 02 00 00 00 03 00 00 00 00 00 00 00 4v³€............ 001CA600 FF 00 FF FF 00 00 06 01 FF FF FF FF FF FF FF FF ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CA5D0 30 76 B3 80 02 00 00 00 03 00 00 00 00 00 00 00 0v³€............ 001CA600 FF 00 FF FF 00 00 74 01 FF FF FF FF FF FF FF FF ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ |
as long we have no better understanding of the added 0xE0 i will guess it as an kind of patch counter for that FW. i assume that the 0 will increase if more patches are installed.
NOTE: The first byte off ?Region + SKU Bytes? will differ between consoles. I guess for now that it may describe the region of the console. The 0xB0 is a brazilien console where 0x30 & 0x34 are for what i can say European consoles. (Feel free to correct me) The following 4 bytes then are for Retails always the same and also for Dev / Test consoles they do match between them.
Retails 0x76 0xB3 0x80 0x02
Dev/Test 0x77 0xB3 0xC0 0x02
FF filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CA610 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 001CBBF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x1CBC00[edit | edit source]
Console A, B | Console C |
---|---|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CBC00 69 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx i............... xx differs between consoles on same version 001CBC10 A2 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 001CBC20 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001CBC30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001CBC40 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 001CBC50 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CBC00 64 A1 C0 DE FD B3 1F 8B 9A 3E D1 F1 01 E7 D9 CE d¡ÀÞý³.‹š>Ññ.çÙÎ 001CBC10 F7 72 3B 90 33 6D A5 B0 37 CD CA 3F D8 2F F0 0F ÷r;.3m¥°7ÍÊ?Ø/ð. 001CBC20 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001CBC30 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001CBC40 6E 90 C6 F0 5B 96 13 4B F5 B7 AB 4F 23 A2 05 02 n.Æð[–.Kõ·«O#¢.. 001CBC50 03 61 99 47 86 D9 B7 6F 8B F5 FE 4A 28 5E 95 A8 .a™G†Ù·o‹õþJ(^•¨ |
FF filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CBC60 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 001CDFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x1CE000[edit | edit source]
Console A, B | Console C |
---|---|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CE000 00 07 FF 07 00 07 FF 07 00 07 0C 04 00 00 00 04 ..ÿ...ÿ......... 001CE010 00 00 FF FF FF FF FF FF 00 00 00 00 00 00 00 00 ..ÿÿÿÿÿÿ........ 001CE020 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF ..ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001CE030 xx 00 00 00 xx 00 00 00 xx xx 00 00 00 00 00 00 ........Ë....... xx differs between consoles on same version 001CE040 xx 00 00 00 xx 00 00 00 xx 00 00 00 00 00 00 00 ................ " 001CE050 xx 00 00 00 xx 00 00 00 xx xx 00 00 00 00 00 00 ................ " |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CE000 00 07 FF 07 00 07 FF 07 00 07 0C 04 00 00 00 04 ..ÿ...ÿ......... 001CE010 00 00 FF FF FF FF FF FF 00 00 00 00 00 00 00 00 ..ÿÿÿÿÿÿ........ 001CE020 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF ..ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001CE030 22 00 00 00 21 00 00 00 3D D6 00 00 00 00 00 00 "...!...=Ö...... 001CE040 09 00 00 00 09 00 00 00 54 EB 02 00 00 00 00 00 ........Të...... 001CE050 1E 00 00 00 1E 00 00 00 B9 C1 03 00 00 00 00 00 ........¹Á...... |
FF filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CE060 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 001CE1F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x1CE200[edit | edit source]
Console A, B | Console C |
---|---|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CE200 xx xx xx xx xx xx xx xx xx xx FF xx xx xx xx xx ..........ÿ..... xx differs between consoles on same version 001CE210 xx xx xx xx FF FF xx xx FF FF FF FF FF FF FF FF ....ÿÿ..ÿÿÿÿÿÿÿÿ " 001CE220 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 001CE230 xx xx xx xx FF FF xx xx FF FF FF FF FF FF FF FF ....ÿÿ..ÿÿÿÿÿÿÿÿ " 001CE240 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 001CE250 xx xx xx xx xx xx xx xx FF FF FF FF FF FF FF FF ........ÿÿÿÿÿÿÿÿ " 001CE260 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 001CE270 xx xx xx xx FF FF xx xx FF FF FF FF FF FF FF FF ....ÿÿ..ÿÿÿÿÿÿÿÿ " 001CE280 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 001CE290 xx xx xx xx FF FF xx xx FF FF FF FF FF FF FF FF ....ÿÿ..ÿÿÿÿÿÿÿÿ " |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CE200 03 00 81 80 57 C3 B3 03 04 10 FF 00 00 01 00 00 ...€Wó...ÿ..... 001CE210 09 00 09 00 FF FF 00 23 FF FF FF FF FF FF FF FF ....ÿÿ.#ÿÿÿÿÿÿÿÿ 001CE220 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001CE230 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001CE240 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001CE250 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001CE260 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001CE270 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001CE280 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001CE290 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ |
FF filled[edit | edit source]
Console A, B | Console C |
---|---|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CE2A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 001FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 001CE2A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 001CEFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001CF000 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF .ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 001CF010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 001FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ |
0x200000 PerConsole[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00200000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version 00200010 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00200020 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00200030 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00200040 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00200050 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00200060 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00200070 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00200080 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00200090 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002000A0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002000B0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002000C0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002000D0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002000E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002000F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00200100 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00200110 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00200120 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00200130 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00200140 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00200150 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00200160 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00200170 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00200180 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00200190 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002001A0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002001B0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002001C0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002001D0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002001E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002001F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ "
FF filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00200200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 00200FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x201000 PerConsole[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00201000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version 00201010 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00201020 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00201030 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00201040 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00201050 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00201060 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00201070 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00201080 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00201090 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002010A0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002010B0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002010C0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002010D0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002010E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002010F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00201100 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00201110 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00201120 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00201130 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00201140 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00201150 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00201160 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00201170 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00201180 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00201190 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002011A0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002011B0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002011C0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002011D0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002011E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002011F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ "
FF filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00201200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 00201FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x202000 PerConsole[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00202000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version 00202010 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00202020 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00202030 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00202040 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00202050 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00202060 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00202070 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00202080 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00202090 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002020A0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002020B0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002020C0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002020D0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002020E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002020F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00202100 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00202110 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00202120 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00202130 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00202140 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00202150 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00202160 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00202170 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00202180 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00202190 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002021A0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002021B0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002021C0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002021D0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002021E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002021F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ "
FF filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00202200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 00202FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x203000 PerConsole[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00203000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version 00203010 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00203020 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00203030 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00203040 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00203050 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00203060 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00203070 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00203080 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00203090 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002030A0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002030B0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002030C0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002030D0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002030E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002030F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00203100 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00203110 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00203120 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00203130 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00203140 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00203150 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00203160 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00203170 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00203180 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00203190 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002031A0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002031B0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002031C0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002031D0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002031E0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 002031F0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ "
FF filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00203200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 00203FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x204000 Unk DataBlock[edit | edit source]
huge block
Console A, B | Console C |
---|---|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00204000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version [...] huge block 00222DF0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " (one console ended after this with FF region 0x222E00 until 0x241FFF - other has datablock 0x204000 until 0x29078F |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00204000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ [...] huge block 0029078F xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ (console C datablock ended with 0x29078F) |
0x222E00[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00222E00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ xx differs between consoles on same version [...] filled FF region 00241FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ " (one console ended after this with FF region 0x222E00 until 0x241FFF - other has datablock 0x204000 until 0x29078F)
0x242000[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00242000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version [...] huge block 00290780 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " (one console ended after this with FF region 0x222E00 until 0x241FFF - other has datablock 0x204000 until 0x29078F)
FF filled[edit | edit source]
both consoles have this FF filled
00290790 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 002907F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x290800[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00290800 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version [...] small block 00290920 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ "
FF filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00290930 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 002909F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x290A00[edit | edit source]
00290A00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version [...] small block 00290AD0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ "
FF filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00290AE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 00290BF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x290C00[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00290C00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version [...] small block 00290D50 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ "
FF filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00290D60 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 00290DF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x290E00[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00290E00 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version 00290E10 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00290E20 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00290E30 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ "
FF filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00290E40 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 002FFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x300000[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00300000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version [...] huge block 0037FFF0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ "
- bd hrl, likely
0x380000 SCE VTRM Region0 (Retail & Dev/Test)[edit | edit source]
See also: VTRM
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00380000 FC FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00380010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00380020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00380030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00380040 01 00 00 00 FF FF FF FF 53 43 45 56 54 52 4D 00 ....ÿÿÿÿSCEVTRM. 00380050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00380060 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................ 00380070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x380170 VTRM Region0 Digest? (Retail & Dev/Test)[edit | edit source]
See also: VTRM
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00380170 xx xx xx xx xx xx xx xx ........ xx differs between consoles on same version 00380180 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 00380190 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 003801A0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 003801B0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 003801C0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 003801D0 xx xx xx xx xx xx xx xx ....... . "
FF filled[edit | edit source]
0x3A0000 SCE VTRM Region1 (Retail)[edit | edit source]
See also: VTRM
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00380000 03 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00380010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00380020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00380030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00380040 01 00 00 00 FF FF FF FF 53 43 45 56 54 52 4D 00 ....ÿÿÿÿSCEVTRM. 00380050 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ 00380060 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................ 00380070 FF FF FF FF FF FF FF FF FE FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x3A0170 VTRM Region1 Digest? (Retail)[edit | edit source]
See also: VTRM
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 003A0170 xx xx xx xx xx xx xx xx ........ xx differs between consoles on same version 003A0180 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 003A0190 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 003A01A0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 003A01B0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 003A01C0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ " 003A01D0 xx xx xx xx xx xx xx xx ....... . "
FF filled[edit | edit source]
0x3A1000[edit | edit source]
Console A, B | Console C |
---|---|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 003A01D0 FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿ 003A01E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 003A1FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 003A0FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 003A1000 01 00 00 10 00 00 00 38 00 FF FF FF FF FF FF FF .......8.ÿÿÿÿÿÿÿ 00310010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 003A1020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 003A1030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 003A1040 FF FF FF FF FF FF FF FF 00 FF FF FF FF FF FF FF ÿÿÿÿÿÿÿ.ÿÿÿÿÿÿÿÿ 003A1050 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 003A1FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ |
0x3A2000[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 003A2000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version 003A2010 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ "
FF filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 003A2020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 003A2FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x3A3000[edit | edit source]
0x1000 datablock
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 003A3000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ xx differs between consoles on same version [...] small block 003A3FF0 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ "
FF filled[edit | edit source]
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 003A4000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 003BFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0x3C0000 (CoreOS)[edit | edit source]
0x1980000 datablock (sflash0s1.cryptx3 + sflash0s1.cryptx3b)
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 003C0000 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................ [...] huge block with encrypted data ?? Encrypted CoreOS ?? 01D3FFFF xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx ................
0x1D40000[edit | edit source]
FF filled[edit | edit source]
end of data was @ 0x1D40000
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 01D40000 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ [...] filled FF region 01FFFFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
eof 0x2000000
FW/BIOS versioning and incremental counting Observation[edit | edit source]
Following a list of Informations about The Consoles Firmware version, the SFlashes BIOS version and this strange (where i guess) incremental counter. I run that list so we can see if my guess of a incremental value is right or not.
The values we list are:
0x1CA5D0 (1 Byte) == Region?
The real Region of your device.
0x1CA5D1 (4 Bytes) == SKU?
The real SKU of your device.
0x1C8041(variety) The SKU Model string.
The Firmware version of your console.
0x1CA604 (4 Bytes, little endian) == BIOS version.
0x1CA5D8 (4 Bytes, each integer16) == Incremental value as Byte.
The same value but as integer.
The Console # so we can see on one shot which value belong to which console or if they are from diffrent cons.
And the last one, the SHA1 checksum of VTRM PerConsole0
NOTE: If there are any informations from one and the same console but on diff versions, then please mark your console with the next free number and add it. So we can see with one hit which values are from diff cons and which are from the same con. And which value belongs to which console. If the values are from one console and no second value from the same console is already present then mark it with a minus -.
Region | Real | SKU | Real | Model | FW | BIOS | Inc Byte | Inc Integer | Con # | VTRM PerConsole0 SHA1 |
---|---|---|---|---|---|---|---|---|---|---|
0x34 | EU | 77 B3 C0 02 | Dev / Test | DUH-T1000AA | 1.50 | 1.50 | 0x03 0x00 0x00 0x00 | 3.0.0.0 | 0 | 46AEDE30098A48BB6A35E392F7A8EB603F3FFCD4 |
0x34 | EU | 77 B3 C0 02 | Dev / Test | DUH-T1000AA | 1.010.031 | 0xFFFFFFFF | / | / | 0 | 46AEDE30098A48BB6A35E392F7A8EB603F3FFCD4 |
0x34 | EU | 77 B3 C0 02 | Dev / Test | DUH-T1000AA | 1.76 | 1.50.10 | 0x03 0xE0 0x00 0x00 | 3.224.0.0 | - | 11F8D58F9D5E6CC34D0E5EA63E656A40C32FB5A3 |
0xB0 | BR | 76 B3 80 02 | Retail | CUH-1001A B01 | 2.50 | 1.52 | 0x03 0xED 0x00 0x00 | 3.237.0.0 | - | 56C205680BFFCB4AA36047F192C9D8C6FDD31294 |
0xB0 | BR | 76 B3 80 02 | Retail | CUH-1001A B01 | 2.50 | 1.52 | 0x03 0xED 0x00 0x00 | 3.237.0.0 | - | 3F85EDAD7BCF9122B456970FDEDB9C1D1802A7A5 |
0xB0 | BR | 76 B3 80 02 | Retail | CUH-1011A B01 | 2.50 | 1.52 | 0x03 0xED 0x00 0x00 | 3.237.0.0 | - | 262E7A39E3F04C91D6820EF5EF0533F0D32BD073 |
0x34 | EU | 76 B3 80 02 | Retail | CUH-1004A B01X | 1.06 | 1.06 | 0x02 0x00 0x00 0x00 | 2.0.0.0 | 1 | A801741B94EAFFAE0CB9F56EB20E7908F9556D45 |
0x30 | EU | 76 B3 80 02 | Retail | CUH-1004A B01X | 1.61 | 1.61 | 0x03 0x00 0x00 0x00 | 3.0.0.0 | 1 | A801741B94EAFFAE0CB9F56EB20E7908F9556D45 |
0x30 | EU | 76 B3 80 02 | Retail | CUH-1004A B01X | 1.62 | 1.61 | 0x03 0xE0 0x00 0x00 | 3.224.0.0 | 1 | A801741B94EAFFAE0CB9F56EB20E7908F9556D45 |
0x30 | EU | 76 B3 80 02 | Retail | CUH-1004A B01X | 1.74 | 1.61 | 0x03 0xE0 0x00 0x00 | 3.224.0.0 | 1 | A801741B94EAFFAE0CB9F56EB20E7908F9556D45 |
Software Based Validation[edit | edit source]
BwE PS4 NOR Validator[edit | edit source]
This program is the release version of User:BwE's PS4 NOR Validator, it is designed solely to validate the NOR flash of your PS4 console!
Why would you need to do this? Well if your console has suddenly died and has what is called the 'BLOD', the NOR can be the reason why. Using my program will allow you to validate literally every single byte of the NOR (or over 2100 specific areas) - allowing you to see where or if it is corrupted.
The most common area of corruption that causes the BLOD is the CID. Some areas of this section can actually be repaired, if you're lucky! I and others have done this! Don't forget to use my Comparator tool to help you understand what the difference is for a specific section of the NOR. It will help you with patching!
Other areas can be inter-changed between different consoles and are more suited for repair, the WiFi/BT module is a good example of this.
So fundamentally, this program is for console repairers like myself. If you are indeed a repairer and run a business I can make a custom 'bulk' version for you! But for now, feel free to put multiple *.bin files in the working directory as my program will provide a selection menu.
I am also happy to give advice on your NOR or help interpret your results, just post on the forum or give me an email. If you can bypass my filter, send me a link to your NOR!
If you encounter any errors or weird results - or better yet if your NOR is labled danger in any areas, but still runs fine - let me know!
Keep in mind the CoreOS and other large encrypted areas could still be corrupt regardless of the results (I cant check every byte in an encrypted section, hence alt validations). This program is NOT perfect, but it is WAY better than just using a hex editor or never truely knowing if your BLOD is caused by the NOR!
This also goes above and beyond that of the psdevwiki page regarding the main flash of the PS4 (Thank you cfwprpht).
Notes:
As of version 1.5.5 there is an ability to upload dumps directly to me. I use these to improve the program and validations. Abusing this service will result in your ban from future use of my validator.
Regarding Anti-Virus:
I protect my program with Themida. The problem with this is that heuristically some AV software see it as a threat. This is because people who make or redistribute old malware also use Themida to help make themselves undetected.
Ultimately, it is up to you to trust the program and me. I encourage you to upload to a sandbox to see for yourself.
Version History: - 1.7.1 (25/6/21) Fixed Uploading Questions, Added MB Serial to Outputs, New Spash Screen. - 1.7.0 (23/6/21) Added Question Regarding Dump When Uploading, Added New CID Validation (Weird Key or Flag), Fixed UART Validation, Added Unlisted Results. - 1.6.9 (26/5/21) Fixed Internal Code Issues, Added Unlisted Results, New Splash Screen (Potentially last update for a short while). - 1.6.8 (16/5/21) Updated Internal Comparison Application, Improved Serial Number Validation (MB Series), Added Unlisted Results. - 1.6.7 (25/4/21) Repaired UNK 1200 Series Validation, Added Unlisted Results. - 1.6.6 (12/4/21) Added Unlisted Results, Improved Validation, Changed Output Styling. - 1.6.5 (31/3/21) Added CoreOS Statistical Analysis, Changed Some Results, Changed Some Output Formatting, Returned to Previous Packer. - 1.6.3 (30/3/21) Added CoreOS Patcher (SU-30631-3 Error Specific), Updated Results, Added Unlisted Results, Fixed Readme, Changed Packer. - 1.6.2 (18/3/21) Repaired CID Validation, Improved Handling of 72xx, Added Unlisted Results, Improved Dump Uploading Process. - 1.6.1 (20/2/21) Repaired CID Validation, Added Unlisted Results (Thanks Uploaders!) - 1.6.0 (4/2/21) Added IDU Mode Patcher, Improved Validations, Added Unlisted Results. - 1.5.9 (29/1/21) Major Improvement to CID and UNK Validations, Added Unlisted Results, Improved UART Patching, Better Handling of 1200/Pro/Slim Validations, Added v1.5 of Comparator - 1.5.7 (11/1/21) Fixed Version Checker, Improved Statistics, Removed Some Unlisted Results (Improved Validation), Updated Upload Feature, Improved Compiler - 1.5.6 (10/1/21) Improved CID and UNK Validations, Updated Unlisted Validations, IDU Flags Added, Some Code Optimization - 1.5.5 (8/1/21) Updated Pro/Slim Specific Validations, Updated Unlisted Validations, Updated CID Validations, Updated UNK Validations, Added Dump Upload Feature - 1.5.3 (5/12/20) Updated Unlisted Validations, Updated WiFi/BT MD5s & Entropy Validation - 1.5.2 (20/11/20) Updated WiFi/BT MD5s, Added 2nd UART Flag, Updated Unlisted Validations - 1.5.1 (3/11/20) Updated Unlisted Validations, Added UART Enabler, Removed Unused Validation Option, Added Basic Loader - 1.5.0 (30/10/20) Updated Unlisted Validations, Upgraded Existing Validations, Removed Loader (Secret Patcher Coming Soon!) - 1.4.9 (3/5/20) Added 21xx Series Specific Validations, Updated Unlisted Validations - 1.4.7 (23/3/20) Added Dynamic Comparison, Updated Unlisted Validations - 1.4.6 (1/2/20) Just Keeping It Fresh! (May have fixed issues stopping the program running, if not let me know!) - 1.4.4 (16/8/19) Added and Improved Validations (CID & UNK) Including New WiFi/BT FW MD5 - 1.4.2 (7/4/19) Added More Validations (Firmware & Console Specific), Improved Various Sections (CID & UNK Mostly) - 1.4.1 (1/3/19) Prettied Up Outputs, Minor Rewording (Sorry!). - 1.4.0 (1/3/19) Added Zecoxao Extraction Methodology (Will Add More Zecoxao SELF Stuff Later), Added FW/BIOS Versioning, Added Additional Entropy Validation & Various Improvements Throughout. - 1.3.8 (21/2/19) Added Additional Validations (To Suit Slim/Pro), Repaired/Improved CID Validation, More MD5s & Table Based Results. - 1.3.5 (30/1/19) Added CoreOS Reference Points (Additional CoreOS Per-Console Validation). - 1.3.3 (24/1/19) Reworked And Improved Both CID And UNK Sections Again, Added More MD5's, Added Application Version Checker, Removed Colored Bars, Added Comparator & Other Improvements Throughout. - 1.3.1 (19/1/19) Added More Validations & MD5's, Repaired Minor Bug. - 1.3 (15/1/19) Completely Reworked And Improved The CID Section And Added Additional Validations To The UNK Section & I Also Improved Some Other Validations Throughout. - 1.2.6 (18/12/18) Hopefully Fixed 'Black Screen' Issue, Recompiled In 32bit. - 1.2.5 (17/12/18) Added 2 New Flags (Possibly Initialization Flag?), Changed Validation Results, Improved Output/Info (HTML) & Added MD5's. - 1.2 (8/12/18) Improved All Alt Validations, Repaired Vtrm1, Internal Typo & Added Repetition Checks. - 1.1.1 (29/11/18) Typo Again, Made The SKU Not Come Up As Unlisted & Added Some MD5's. - 1.1 (28/11/18) Improved VTRM & CID Validation, Typo Fixes & Better Colours. - 1.0 (27/11/18) First Release!
Developer Website:
https://betterwayelectronics.com.au/
Direct Link:
https://betterwayelectronics.com.au/BwE_PS4_NOR_Validator.rar
More Information/Updates:
github.com/BetterWayElectronics/ps4-nor-validator
|