Downgrading with linux: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
Line 1: Line 1:
[[Category:OtherOS]]
* This works on FW 3.55 without a physical dongle.
 
* You should have graf_chokolo's modules, and patches installed.
'''You should have grafchokolos modules, and patches installed'''
* Use this method to install a lower firmware.
 
* Thanks to graf_chokolo for bringing Linux on PS3, with all its goodies back to the PS3 ==
'''This works on 3.55 without a physical dongle'''
 
'''Use this method to install lower firmware! You can install a newer firmware ex 3.60 with this method but you will be loosing your homebrew'''
 
 
 
== Thanks to graf_chokolo for bringing linux, with all this goodies back to the PS3 ==
 
 


= Downgrade Method - Emulating JIG with Linux =
= Downgrade Method - Emulating JIG with Linux =


'''1st step''' – Generating a challenge
'''1st step''' – Generating a challenge
Line 24: Line 14:
----
----


You need a dongle id.
You need a dongle ID.
Valid range for dongle IDs is 0×0000 – 0xffff. So choose one, doesn’t matter which one, but some are revoked !!!
Valid range for dongle IDs is 0×0000 – 0xffff. So choose one, it does not matter which one, but some are revoked !!!


# ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_resp 0xBABE “here is a challenge like this 0xXX 0xXX … of size 20 bytes”
# ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_resp 0xBABE “here is a challenge like this 0xXX 0xXX … of size 20 bytes”
Line 38: Line 28:
----
----


The returned value shouldn’t be 0xff.
The returned value should not be 0xff.


# ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07
# ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07
Line 51: Line 41:


ps3dm_um /dev/ps3dmproxy update_pkg 1 0x9 CORE_OS_PACKAGE.pkg
ps3dm_um /dev/ps3dmproxy update_pkg 1 0x9 CORE_OS_PACKAGE.pkg


'''7th step''' – Disabling “Product Mode”
'''7th step''' – Disabling “Product Mode”
Line 58: Line 47:
# ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xff
# ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xff


'''This step is really important, if Product Mode isn't disabled you will need a dongle to get out of it'''
'''This step is really important, if Product Mode is not disabled you will need a dongle to get out of it'''


 
= Alternative Downgrade Method - tested and not working =
 
= '''ALTERNATIVE METHOD - tested and not working yet''' =


'''1st step''' – Enabling product mode
'''1st step''' – Enabling product mode
Line 72: Line 59:
----
----
   
   
The returned value shouldn’t be 0xff.
The returned value should not be 0xff.


# ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07
# ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07
Line 83: Line 70:
'''4th step''' - Install CORE_OS_PACKAGE.pkg
'''4th step''' - Install CORE_OS_PACKAGE.pkg
----
----


ps3dm_um /dev/ps3dmproxy update_pkg 1 0x9 CORE_OS_PACKAGE.pkg
ps3dm_um /dev/ps3dmproxy update_pkg 1 0x9 CORE_OS_PACKAGE.pkg


'''5th step''' – Disabling “Product Mode”
'''5th step''' – Disabling “Product Mode”
Line 93: Line 78:
# ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xff
# ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xff


'''This step is really important, if Product Mode isn´t disabled you will need a dongle to get out of it'''
'''This step is really important, if Product Mode is not disabled you will need a dongle to get out of it'''
 
=Install debug firmware=
 
'''High brick risk! Don´t try this if you don´t know what you are doing'''
 
'''If you brick with this the only way to recover is [[Hardware flashing]] the prior to conversion made dump back to the [http://www.ps3devwiki.com/index.php?title=Flash_%28Hardware%29 NAND/NOR flash]'''
 
 
'''To install debug firmware, EID0 (and EID5?) should be reencrypted and rehashed with the proper [[Product Code]] and [[DeviceID]]/type'''
 
 
Debugging Station Product Code: 0x82
 
 
eEID contains
 
*System model data
*Product Code
*PS3 motherboard and BluRay drive information
*Per-console values (ConsoleId, OpenPSID)
 
"The kernel and most of the loaders check the [[Product Code]] as well as the [[DeviceID]]/type to see if your unit is debug or not and if not they disable all the fancy things such as running unsigned code (in the case of appldr).
 
* a good read about SC http://rmscrypt.wordpress.com/2011/02/01/lets-look-at-syscon/
 




{{Linux}}<noinclude>[[Category:Main]]</noinclude>
{{Linux}}<noinclude>[[Category:Main]][[Category:OtherOS]]</noinclude>

Latest revision as of 01:26, 30 October 2021

  • This works on FW 3.55 without a physical dongle.
  • You should have graf_chokolo's modules, and patches installed.
  • Use this method to install a lower firmware.
  • Thanks to graf_chokolo for bringing Linux on PS3, with all its goodies back to the PS3 ==

Downgrade Method - Emulating JIG with Linux[edit | edit source]

1st step – Generating a challenge

  1. ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_challenge

2nd step – Generating a valid response for a challenge

You need a dongle ID. Valid range for dongle IDs is 0×0000 – 0xffff. So choose one, it does not matter which one, but some are revoked !!!

  1. ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_resp 0xBABE “here is a challenge like this 0xXX 0xXX … of size 20 bytes”

3rd step – Verifying response (Enabling “Product Mode”)

  1. ps3dm_usb_dongle_auth /dev/ps3dmproxy verify_resp 0xBABE

“here is the response from step 2 like this 0xXX 0xXX … of size 20 bytes”

4th step – Checking if “Product Mode” is enabled

The returned value should not be 0xff.

  1. ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07

5th step - Inspect if CORE_OS_PACKAGE.pkg isn't damaged

ps3dm_um /dev/ps3dmproxy inspect_pkg 1 0x9 CORE_OS_PACKAGE.pkg

6th step - Install CORE_OS_PACKAGE.pkg

ps3dm_um /dev/ps3dmproxy update_pkg 1 0x9 CORE_OS_PACKAGE.pkg

7th step – Disabling “Product Mode”

  1. ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xff

This step is really important, if Product Mode is not disabled you will need a dongle to get out of it

Alternative Downgrade Method - tested and not working[edit | edit source]

1st step – Enabling product mode

  1. ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xfe

2th step – Checking if “Product Mode” is enabled

The returned value should not be 0xff.

  1. ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07

3th step - Inspect if CORE_OS_PACKAGE.pkg isn´t damaged

ps3dm_um /dev/ps3dmproxy inspect_pkg 1 0x9 CORE_OS_PACKAGE.pkg

4th step - Install CORE_OS_PACKAGE.pkg

ps3dm_um /dev/ps3dmproxy update_pkg 1 0x9 CORE_OS_PACKAGE.pkg

5th step – Disabling “Product Mode”

  1. ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xff

This step is really important, if Product Mode is not disabled you will need a dongle to get out of it


Linux
Retrieved from "http://www.psdevwiki.com/ps3/index.php?title=Downgrading_with_linux&oldid=63046"