Flash:bootldr

From PS3 Developer wiki
Jump to navigation Jump to search

Bootloader

Location:

  • NOR: 0xFC0000 - 0xFFFFFF (The last 256KB of flash)
  • NAND: 0x0000000 - 0x003FFFF (The first 256KB of flash)

Perconsole encrypted (datasize depends on bootldr revision)

Example

NOR: 0xFC0000 - 0xFFFFFF (The last 256KB of flash) NAND:
0x0000000 - 0x003FFFF (The first 256KB of flash) +
0xF000000 - 0xF03FFFF (The last 256KB of flash) 
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00FC0000  00 00 2E AB 83 EF B9 76 C4 DE D1 35 32 7C D3 77  ...«ƒï¹vÄÞÑ52|Ów
00FC0010  00 00 2E AB FE 2C 4E 17 E1 67 5C 3A C8 29 8E D1  ...«þ,N.ág\:È)ŽÑ
00FC0020  63 D4 81 95 5D D1 D2 E3 BA A3 2D 0A 98 8B 3C 03  cÔ.•]ÑÒ㺣-.˜‹<.
00FC0030  8E 5D D0 E7 2F EE 58 8B C0 73 A2 6D 5E 7F 7A 07  Ž]Ðç/îX‹Às¢m^.z.
00FC0040  47 8B A4 C2 EF B9 3C 60 43 E8 AC 07 F7 8D EE D5  G‹¤Âï¹<`Cè¬.÷.îÕ
00FC0050  67 EE C1 C4 B2 D2 78 98 4C 79 D6 52 49 4D C2 80  gîÁIJÒx˜LyÖRIM€
00FC0060  2D C1 F6 21 B7 B1 34 89 94 3B 33 BF B8 C8 EB 73  -Áö!·±4‰”;3¿¸Èës
[...]
00FEEAD0  9B 28 7A 63 41 DF 4D 54 CC F3 D8 FF FB B0 E6 34  ›(zcAßMTÌóØÿû°æ4
00FEEAE0  2B C6 A2 85 E9 3A 83 A1 8C AE 9F 45 C5 F4 9F AA  +Æ¢…é:ƒ¡Œ®ŸEÅôŸª
00FEEAF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00FEEB00  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
 
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000  00 00 2A 2A 5C E4 63 CD 5C 9E B6 7A FE A0 1B 54  ..**\äcÍ\ž¶zþ .T
00000010  00 00 2A 2A 57 D6 52 1B B4 DC AC DF DD 03 3E F6  ..**WÖR.´Ü¬ßÝ.>ö
00000020  95 3E B9 B8 D2 47 B6 B2 CC 40 A7 8E B7 08 45 4E  •>¹¸ÒG¶²Ì@§Ž·.EN
00000030  89 03 90 94 30 34 E0 6B 15 0F D7 23 90 D5 1E B3  ‰..”04àk..×#.Õ.³
00000040  CA DD 19 2C BA 28 44 6D 4E 28 D9 95 EF 04 B2 BA  ÊÝ.,º(DmN(Ù•ï.²º
00000050  86 D1 C6 E2 75 3F 99 99 BF 00 64 19 3A F4 A6 0B  †ÑÆâu?™™¿.d.:ô¦.
00000060  35 1B A4 A1 77 03 CC 93 7C FF 93 08 51 09 BD 79  5.¤¡w.Ì“|ÿ“.Q.½y
...
0002A2C0  5B 60 2C 7C 3A DB 23 55 AF 3D E8 4F 89 E7 BA CF  [`,|:Û#U¯=èO‰çºÏ
0002A2D0  22 68 70 F1 32 6F C2 52 9E 2B 02 12 3E F2 47 67  "hpñ2oÂRž+..>òGg
0002A2E0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0002A2F0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
0F000000  00 00 2A 2A 5C E4 63 CD 5C 9E B6 7A FE A0 1B 54  ..**\äcÍ\ž¶zþ .T
0F000010  00 00 2A 2A 57 D6 52 1B B4 DC AC DF DD 03 3E F6  ..**WÖR.´Ü¬ßÝ.>ö
0F000020  95 3E B9 B8 D2 47 B6 B2 CC 40 A7 8E B7 08 45 4E  •>¹¸ÒG¶²Ì@§Ž·.EN
0F000030  89 03 90 94 30 34 E0 6B 15 0F D7 23 90 D5 1E B3  ‰..”04àk..×#.Õ.³
0F000040  CA DD 19 2C BA 28 44 6D 4E 28 D9 95 EF 04 B2 BA  ÊÝ.,º(DmN(Ù•ï.²º
0F000050  86 D1 C6 E2 75 3F 99 99 BF 00 64 19 3A F4 A6 0B  †ÑÆâu?™™¿.d.:ô¦.
0F000060  35 1B A4 A1 77 03 CC 93 7C FF 93 08 51 09 BD 79  5.¤¡w.Ì“|ÿ“.Q.½y
...
0F02A2C0  5B 60 2C 7C 3A DB 23 55 AF 3D E8 4F 89 E7 BA CF  [`,|:Û#U¯=èO‰çºÏ
0F02A2D0  22 68 70 F1 32 6F C2 52 9E 2B 02 12 3E F2 47 67  "hpñ2oÂRž+..>òGg
0F02A2E0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
0F02A2F0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ

Header [0x40]

Address Length Value Description
0x0 0x04 0x00002EAB Payload_Size1 Used as index for decrypt/verify operation
0x4 0x0C 0x5CE463CD5C9EB67AFEA01B54 Rev key - same per revision (see talkpage)
0x10 0x4 0x00002EAB Payload_Size2 Used as index for payload's dma transfer
0x14 0xC 0xFE2C4E17E1675C3AC8298ED1 perconsole nonce
0x20 0x10 0x63D481955DD1D2E3BAA32D0A988B3C03 Keys? seeds? signatures?
0x30 0x10 0x8E5DD0E72FEE588BC073A26D5E7F7A07 Keys? seeds? signatures?

Calculating data size

(first 4 bytes from header * 0x10) + 0x40 = datasize

thus, above example : (0x00002EAB * 0x10) + 0x40 = 0x2EAF0


First Region
Generic
PerConsole
asecure_loader · eEID · cISD · cCSD · cvtrm
CRL1 · CRL2
DRL1 · DRL2
ros0 · ros1
Second Region
Generic
Lv0ldr Region
PerConsole
Retrieved from "http://www.psdevwiki.com/ps3/index.php?title=Flash:bootldr&oldid=63760"