Editing Flash

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 55: Line 55:
| {{perfirmware}} || 7 || colspan="2" | [[Flash:Revoke_Package#trvk_pkg1|trvk_pkg1]] || 0x0A0000 || 0x0BFFFF || 0x20000 || (131,072 bytes) || 500h ||
| {{perfirmware}} || 7 || colspan="2" | [[Flash:Revoke_Package#trvk_pkg1|trvk_pkg1]] || 0x0A0000 || 0x0BFFFF || 0x20000 || (131,072 bytes) || 500h ||
|-
|-
| {{perfirmware}} || 8 || colspan="2" | [[Flash:ROS#ros0|ros0]] || 0x0C0000 || 0x7BFFFF || 0x700000 || (7,340,032&nbsp;bytes) || 600h || <small>Contains CoreOS files, [[Boot_Order|filecontent depends on firmware version]]</small>
| {{perfirmware}} || 8 || colspan="2" | [[Flash:ROS#ros0|ros0]] || 0x0C0000 || 0x7BFFFF || 0x700000 || (7,340,032&nbsp;bytes) || 600h || <small>Contains CoreOS files, [http://www.ps3devwiki.com/index.php?title=Boot_Order#CoreOS_PKG_Filelisting filecontent depends on firmware version]</small>
|-
|-
| {{perfirmware}} || 9 || colspan="2" | [[Flash:ROS#ros1|ros1]] || 0x7C0000 || 0xEBFFFF || 0x700000 || (7,340,032&nbsp;bytes) || 3E00h || <small>Contains CoreOS files, [[Boot_Order|filecontent depends on firmware version]]</small>
| {{perfirmware}} || 9 || colspan="2" | [[Flash:ROS#ros1|ros1]] || 0x7C0000 || 0xEBFFFF || 0x700000 || (7,340,032&nbsp;bytes) || 3E00h || <small>Contains CoreOS files, [http://www.ps3devwiki.com/index.php?title=Boot_Order#CoreOS_PKG_Filelisting filecontent depends on firmware version]</small>
|-
|-
| {{perconsole}} || A || colspan="2" | [[Flash:cvtrm|cvtrm]] || 0xEC0000 || 0xEFFFFF || 0x40000 || (262,144&nbsp;bytes) || 7600h ||
| {{perconsole}} || A || colspan="2" | [[Flash:cvtrm|cvtrm]] || 0xEC0000 || 0xEFFFFF || 0x40000 || (262,144&nbsp;bytes) || 7600h ||
Line 131: Line 131:
| {{perfirmware}} || 7 || colspan="2" | [[Flash:ROS|ros]] || 0x00C0000 || 0x0EBFFFF || <abbr title="length of both ROS0+ROS1 combined is notated @ offset 0x004036D-0x004036F">0xE00000</abbr> || (14,680,064&nbsp;bytes) || 600h
| {{perfirmware}} || 7 || colspan="2" | [[Flash:ROS|ros]] || 0x00C0000 || 0x0EBFFFF || <abbr title="length of both ROS0+ROS1 combined is notated @ offset 0x004036D-0x004036F">0xE00000</abbr> || (14,680,064&nbsp;bytes) || 600h
|-
|-
| {{perfirmware}} ||  || 0 || [[Flash:ROS##ros0|ros0]] || 0x00C0020 || 0x07C000F || 0x6FFFF0 || (7,340,016&nbsp;bytes) || || <small>Contains CoreOS files, [[Boot_Order|filecontent depends on firmware version]]</small>
| {{perfirmware}} ||  || 0 || [[Flash:ROS##ros0|ros0]] || 0x00C0020 || 0x07C000F || 0x6FFFF0 || (7,340,016&nbsp;bytes) || || <small>Contains CoreOS files, [http://www.ps3devwiki.com/index.php?title=Boot_Order#CoreOS_PKG_Filelisting filecontent depends on firmware version]</small>
|-
|-
| {{perfirmware}} ||  || 1 || [[Flash:ROS##ros1|ros1]] || 0x07C0010 || 0x0EBFFFF || 0x6FFFF0 || (7,340,016&nbsp;bytes) || || <small>Contains CoreOS files, [[Boot_Order|filecontent depends on firmware version]]</small>
| {{perfirmware}} ||  || 1 || [[Flash:ROS##ros1|ros1]] || 0x07C0010 || 0x0EBFFFF || 0x6FFFF0 || (7,340,016&nbsp;bytes) || || <small>Contains CoreOS files, [http://www.ps3devwiki.com/index.php?title=Boot_Order#CoreOS_PKG_Filelisting filecontent depends on firmware version]</small>
|-
|-
| {{perconsole}} || 8 || colspan="2" | [[Flash:cvtrm|cvtrm]] || 0x0EC0000 || 0x0EFFFFF || <abbr title="length is notated @ offset 0x004039D-0x004039F">0x40000</abbr> || (262,144&nbsp;bytes) || ||  
| {{perconsole}} || 8 || colspan="2" | [[Flash:cvtrm|cvtrm]] || 0x0EC0000 || 0x0EFFFFF || <abbr title="length is notated @ offset 0x004039D-0x004039F">0x40000</abbr> || (262,144&nbsp;bytes) || ||  
Line 143: Line 143:
| {{perconsole}} || || 1 || VTRM1 || ~varies || ~varies || ~varies || ~varies || || <small>magic header : 0x0D80400  00 00 00 00 56 54 52 4D 00 00 00 00 00 00 00 04  ....VTRM........</small>
| {{perconsole}} || || 1 || VTRM1 || ~varies || ~varies || ~varies || ~varies || || <small>magic header : 0x0D80400  00 00 00 00 56 54 52 4D 00 00 00 00 00 00 00 04  ....VTRM........</small>
|-
|-
| {{perconsole}} || colspan="3" | eFlash area || 0x0F00000 || 0xEFFFFFF || 0xE100000 || (235,929,600 bytes) || 7800h || <small>Note: eFlash region table & all dev_flash regions are encrypted with a per console keys by ENCDEC device.  
| {{perconsole}} || colspan="3" | VFlash area || 0x0F00000 || 0xEFFFFFF || 0xE100000 || (235,929,600 bytes) || 7800h || <small>Note: VFlash region table & all dev_flash regions are encrypted with a per console keys by ENCDEC device.  
magic header :0x0F00010  00 00 00 00 0F AC E0 FF 00 00 00 00 DE AD FA CE .....¬ая....Ю.ъО</small>
magic header :0x0F00010  00 00 00 00 0F AC E0 FF 00 00 00 00 DE AD FA CE .....¬ая....Ю.ъО</small>
|-
|-
| {{perconsole}} || 0 || colspan="2" |  eFlash region table || 0x0F000C0 ||  ||  ||  || || <small>There are 5 regions: /dev_flash, /dev_flash2, /dev_flash3, OtherOS & Unknown/FF-region.  Note: first 0x40000 bytes not counted because of masking bootldr by HV.</small>
| {{perconsole}} || 0 || colspan="2" |  VFlash region table || 0x0F000C0 ||  ||  ||  || || <small>There are 5 regions: /dev_flash, /dev_flash2, /dev_flash3, OtherOS & Unknown/FF-region.  Note: first 0x40000 bytes not counted because of masking bootldr by HV.</small>
|-
|-
| {{perconsole}} || 1 || {{perfirmware}} || /dev_flash (FAT16) [[Hypervisor_Reverse_Engineering#GameOS.27s_dev_flash|GameOS devflash]] || 0x0F40000 || 0xD6FFFFF || 0xC7C0000 || (209,453,056 bytes) || || <small>offset taken from region table (0x7800*0x200+0x40000=0x0F40000)</small>
| {{perconsole}} || 1 || {{perfirmware}} || /dev_flash (FAT16) [[Hypervisor_Reverse_Engineering#GameOS.27s_dev_flash|GameOS devflash]] || 0x0F40000 || 0xD6FFFFF || 0xC7C0000 || (209,453,056 bytes) || || <small>offset taken from region table (0x7800*0x200+0x40000=0x0F40000)</small>
Line 161: Line 161:
|-
|-
| {{perconsole}} || colspan="3" | [[Flash:bootldr|bootldr]] || 0xF000000 || 0xF03FFFF || 0x40000 || (262,144&nbsp;bytes) || 78000h || <small><abbr title="length of bootldr data seems notated @ offset 0x2-0x3">datasize</abbr> depends on bootldr revision</small>
| {{perconsole}} || colspan="3" | [[Flash:bootldr|bootldr]] || 0xF000000 || 0xF03FFFF || 0x40000 || (262,144&nbsp;bytes) || 78000h || <small><abbr title="length of bootldr data seems notated @ offset 0x2-0x3">datasize</abbr> depends on bootldr revision</small>
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
|-
|-
| {{perconsole}} ||  || F || [[Flash:unreferenced_area|unreferenced area]] || 0xF040000 || 0xFFFFFFF || 0xFC0000 || (16,515,072&nbsp;bytes) || 78200h ||  
| {{perconsole}} ||  || F || [[Flash:unreferenced_area|unreferenced area]] || 0xF040000 || 0xFFFFFFF || 0xFC0000 || (16,515,072&nbsp;bytes) || 78200h ||  
Line 168: Line 169:
== Notes ==
== Notes ==
*All offsets on the index page are absolute. Offsets on subpages are relative within each section (unless otherwise mentioned)
*All offsets on the index page are absolute. Offsets on subpages are relative within each section (unless otherwise mentioned)
*eMMC is mapped in the same way as NAND. It uses 256Mb, the GameOS deviceID is identical & all the NAND offsets from the table above can be safely used.
 
*NOR and NAND are [http://en.wikipedia.org/wiki/Block_%28data_storage%29 blockdevices] and thus:
*NOR and NAND are [http://en.wikipedia.org/wiki/Block_%28data_storage%29 blockdevices] and thus:
**The minimal chunk of data that can be read/written is a block (with flashdevices also named page). A block that has never been written (only erased/formatted) is filled with 0xFF's. When bytes are written to a block, the entire block must be written. The write process fills the nonused bytes (slack space) at the remainder of the block with 0x00's
**The minimal chunk of data that can be read/written is a block (with flashdevices also named page). A block that has never been written (only erased/formatted) is filled with 0xFF's. When bytes are written to a block, the entire block must be written. The write process fills the nonused bytes (slack space) at the remainder of the block with 0x00's
Line 176: Line 177:


An access to the common flash interface can be enabled by writing to the physical address space of flash memory device, for example, you can use ps3sbmmio driver on Linux.
An access to the common flash interface can be enabled by writing to the physical address space of flash memory device, for example, you can use ps3sbmmio driver on Linux.
{{Keyboard|content=<syntaxhighlight lang="bash">


Enter CFI
# Enter CFI
{{Keyboard|content=<syntaxhighlight lang="bash">
printf '\x98\x98' | dd of=/dev/ps3sbmmio bs=1 count=2 seek=$((0x1f0000aa))
printf '\x98\x98' | dd of=/dev/ps3sbmmio bs=1 count=2 seek=$((0x1f0000aa))
</syntaxhighlight>}}


Dump CFI tables
# Dump CFI tables
{{Keyboard|content=<syntaxhighlight lang="bash">
for i in {0..127}; do dd if=/dev/ps3sbmmio bs=1 count=1 skip=$((0x1f000001+$i*2)) >> cfi_tables.bin 2>/dev/null; done;
for i in {0..127}; do dd if=/dev/ps3sbmmio bs=1 count=1 skip=$((0x1f000001+$i*2)) >> cfi_tables.bin 2>/dev/null; done;
xxd cfi_tables.bin
xxd cfi_tables.bin
</syntaxhighlight>}}


Exit from CFI
# Exit from CFI
{{Keyboard|content=<syntaxhighlight lang="bash">
printf '\xf0\xf0' | dd of=/dev/ps3sbmmio bs=1 count=2 seek=$((0x1f000000))
printf '\xf0\xf0' | dd of=/dev/ps3sbmmio bs=1 count=2 seek=$((0x1f000000))
</syntaxhighlight>}}
</syntaxhighlight>}}
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "http://www.psdevwiki.com/ps3/Flash"