Talk:Downgrading with NAND flasher: Difference between revisions

Latest revision as of 01:18, 14 December 2011

   Downgrade patches
      
   http://www.multiupload.com/JJ9U8RM8T1
      
   DIFF:
      
   -------------
   Patch core OS Hash check //product mode always on
      
   ORIGINAL
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   002C1F40                                      41 9E 00 1C              Až..
      
   PATCHED
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   002C1F40                                      60 00 00 00              `...
      
   -------------
   Patch check_revoke_list_hash check //product mode always on
      
   ORIGINAL
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   002C2B50  41 9E 00 1C                                      Až..
      
   PATCHED
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   002C2B50  60 00 00 00                                      `...
      
   -------------
   Patch In product mode erase standby bank skipped
      
   ORIGINAL
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   002C6AD0                          41 9E 00 0C                      Až..
      
   PATCHED
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   002C6AD0                          60 00 00 00                      `...
      
   -------------
      
   Reference: http://www.ps3devwiki.com/index.php?title=Talk:Dual_Firmware

NAND Offsets[edit source]

1patchcos.bin[edit source]

CTRL-F : 00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0

CECHC-04/COK-002 MFW 3.15 (Euss):

  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
   000C0000  00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20  ....... ....... 
   000C0010  00 00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00  .....à..........
   000C0020  00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0  .............oÿà
   000C0030  00 00 00 01 00 00 00 17 00 00 00 00 00 6F FF E0  .............oÿà

  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
   007C0000  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
   007C0010  00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0  .............oÿà
   007C0020  00 00 00 01 00 00 00 17 00 00 00 00 00 6F FF E0  .............oÿà

here dump from CECHA-006/COK-001 found @ 0x000C0020 (ros0) and 0x007c0010 (ros1):

   Offset (h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
          
   000C0020   00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0 .............oÿà
   000C0030   00 00 00 01 00 00 00 18 00 00 00 00 00 6F FF E0 .............oÿà
   000C0040   00 00 00 00 00 00 04 90 00 00 00 00 00 04 00 00 ................
   000C0050   63 72 65 73 65 72 76 65 64 5F 30 00 00 00 00 00 creserved_0.....
   000C0060   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
   000C0070   00 00 00 00 00 04 04 90 00 00 00 00 00 00 00 08 ................
   000C0080   73 64 6B 5F 76 65 72 73 69 6F 6E 00 00 00 00 00 sdk_version.....
   000C0090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
   000C00A0   00 00 00 00 00 04 05 00 00 00 00 00 00 01 E7 C8 ..............çÈ
   000C00B0   6C 76 31 6C 64 72 00 00 00 00 00 00 00 00 00 00 lv1ldr..........
   000COOC0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
   000C00D0   00 00 00 00 00 05 ED 00 00 00 00 00 00 01 6F F0 ......í.......oð
   000C00E0   6C 76 32 6C 64 72 00 00 00 00 00 00 00 00 00 00 lv2ldr..........

2patchtrvk.bin[edit source]

Note: CTRL-F : not 00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40 but 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40

CECHC-04/COK-002 MFW 3.15 (Euss):

  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   
   00093800  00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20  ....... ....... 
   00093810  00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00  ...... .........
   00093820  00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40  ...............@
   00093830  53 43 45 00 00 00 00 02 00 00 00 02 00 00 00 00  SCE.............
   00093840  00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 40  ...............@

CECHA-06/COK-001 datas from offset 0x00093800:

  Offset (h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     
  00093800   00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 ................
  00093810   00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 ................
  00093820   00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40 ...............@
  00093830   53 43 45 00 00 00 00 02 00 00 00 02 00 00 00 00 SCE.............
  00093840   00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 40 ...............@
  00093850   F6 93 38 8E C8 46 D5 FF 34 53 9D 12 91 7E C6 96 ö“8ŽÈFÕÿ4S..‘~Æ–

revoke package: for a 3.72 console it would be : 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 60 http://pastie.org/3006911

revoke program: for a 3.72 console it would be : 00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 E0 http://pastie.org/3006958

Example, copy ros1 to ros0 and overwrite (HxD):

goto edit
select block (CTRL-E) : start 7C0020 - length 6FFFE0
copy (CTRL-C)
goto (CTRL-G) : C0030
overwrite (CTRL-B)

Simplyfied V2 NAND downgrade[edit source]

Patches to use[edit source]

Target area	Patchfile	NAND Offset	Paste length	Remarks
ROS0	patch1 (7 MB)	0x0C0030	0x6FFFE0	CoreOS (prepatched 3.55)
ROS1	patch1 (7 MB)	0x7C0020	0x6FFFE0	CoreOS (SAME as ros0)
trvk_prg0 (0x91800) trvk_prg1 (0x92810) trvk_pkg (0x93800)	patch2 (16 KB)	0x91800	0x4000	one big patch overlapping several revoke area's

PUP to use[edit source]

Rogero V2 or any firmware with prepatched lv1 (no syscon hash checks)

Different Factory Service Mode SELFs[edit source]

For factory Service Mode install:

if using the normal lv2diag : Use a NoBD patched PUP (e.g. Rogero NoBD PUP) (to prevent error 0x8002f057)
if using the jaicrab NoBD lv2diag : Use the Rogero normal PUP

Filename	Size	Remarks	`SHA1`	`MD5`	`CRC32`	`CRC16`
Lv2diag.self (227.38 KB)	232832	jaicrab noBD patched	`180823003B086D9D49BC7F83BEA9C769BF73A5EA`	`3615770407C0C3FA00D8CA49C8ADB362`	`25E85CFB`	`EDD0`
Lv2diag.self (365.5 KB)	374272	3.55 get in FSM	`1ED037740D67FEBACA6449CABFF4E95400C9E2EE`	`099F33A7967F99E91C07E870FD78B3DB`	`9338ABF2`	`4FCC`
Lv2diag.self (365.5 KB)	374272	3.50- get in FSM	`1E770010A3A6EF572AF39783A04DF792670998D3`	`90168C03B217CE775A7839D87BBFF2A3`	`D1F0AAFC`	`CD8D`
Lv2diag.self (201.42 KB)	206256	get out FSM	`329877CBD47B994EC0AFCEA6AF98114FD9E5128B`	`7A20BFDAE65EEFB47A4425DB1B52DCDE`	`72740080`	`502A`

@@ Line 51: / Line 51: @@
 CTRL-F : <code>00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0</code>
+CECHC-04/COK-002 MFW 3.15 ([[User:Euss|Euss]]):
 <pre>  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
-  00080020  00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0  .............oÿà</pre>
+C0000  00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20  ....... .......
+C0010  00 00 00 00 00 E0 00 00 00 00 00 00 00 00 00 00  .....à..........
+C0020  00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0  .............oÿà
+C0030  00 00 00 01 00 00 00 17 00 00 00 00 00 6F FF E0  .............oÿà</pre>
 <pre>  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
-  00780010  00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0  .............oÿà</pre>
+C0000  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
+C0010  00 00 00 00 00 00 00 00 00 00 00 00 00 6F FF E0  .............oÿà
+C0020  00 00 00 01 00 00 00 17 00 00 00 00 00 6F FF E0  .............oÿà</pre>
-NOT found @ 0x000C0020 (difference in offsets is 0x000040000 - seems because of [http://www.ps3devwiki.com/index.php?title=Hardware_flashing#Difference_between_hardware_dumps_and_software_dumps dump method]) :
-<pre>  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
-C0000  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
-C0010  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
-C0020  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
-C0030  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
-C0040  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
-C0050  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ</pre>
@@ Line 91: / Line 82: @@
 C00D0   00 00 00 00 00 05 ED 00 00 00 00 00 00 01 6F F0 ......í.......oð
 C00E0   6C 76 32 6C 64 72 00 00 00 00 00 00 00 00 00 00 lv2ldr..........</pre>
-CECHA-006/COK-001 : NOT found @ 0x00080020<!--//bluemimmo//-->:
-<pre>   Offset (h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
+===2patchtrvk.bin===
+Note: CTRL-F : not <code>00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40</code> but <code>00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40</code>
+CECHC-04/COK-002 MFW 3.15 ([[User:Euss|Euss]]):
+<pre>  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
+   00093800  00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20  ....... .......
+   00093810  00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00  ...... .........
+   00093820  00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40  ...............@
+   00093830  53 43 45 00 00 00 00 02 00 00 00 02 00 00 00 00  SCE.............
+   00093840  00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 40  ...............@</pre>
-   00080020   FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
-   00080030   FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
-   00080040   FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ</pre>
-datas from offset 0x00093800
+CECHA-06/COK-001 datas from offset 0x00093800:<!--//bluemimmo//-->
     Offset (h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     00093800   00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 ................
     00093810   00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 ................
@@ Line 111: / Line 108: @@
+'''revoke package:'''
+for a 3.72 console it would be : 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 60
+http://pastie.org/3006911
-Bootldr from offset 0x00000000
+'''revoke program:'''
+for a 3.72 console it would be : 00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 E0
+http://pastie.org/3006958
+----
-Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
+Example, copy ros1 to ros0 and overwrite (HxD):
-00000000  00 00 2A 3F 04 AD 56 18 64 8D 49 94 23 8F B8 A1  ..*?.V.d.I”#.¸¡
+* goto edit
-00000010  00 00 2A 3F 93 B7 DF 38 94 92 09 B6 C3 9C D2 AA  ..*?“·ß8”’.¶ÃœÒª
+* select block (CTRL-E) : start 7C0020 - length 6FFFE0
-00000020  E8 7D F4 AC 86 AA 28 2F 68 31 AD 61 F5 7C BA 03  è}ô¬†ª(/h1aõ|º.
+* copy (CTRL-C)
-00000030  38 BA FF 8C D2 CA A8 5A DA 0D F0 2C 7B 69 03 22  8ºÿŒÒÊ¨ZÚ.ð,{i."
+* goto (CTRL-G) : C0030
-00000040  E2 EB 0D 9C 6A 12 31 43 FA 3C 5F 5D E3 9F 70 5E  âë.œj.1Cú<_]ãŸp^
+* overwrite (CTRL-B)
-00000050  15 18 7F 09 00 C3 65 E4 47 E4 D9 63 46 4B A1 CC  .....ÃeäGäÙcFK¡Ì
-00000060  8A F9 51 8A 6D F0 FA 94 83 F4 C1 23 4F AE 50 AD  ŠùQŠmðú”ƒôÁ#O®P
-00000070  0F 81 5A 3E 2C 31 AE 6C 81 A1 8D A2 18 7F 35 9F  ..Z>,1®l.¡.¢..5Ÿ
-00000080  99 E5 69 67 A2 E0 F8 14 B8 85 4A 99 41 D9 84 0A  ™åig¢àø.¸…J™AÙ„.
-00000090  11 D5 A1 2A C6 3D 21 9D C3 43 E0 3E 00 17 4C DC  .Õ¡*Æ=!.ÃCà>..LÜ
-A0  B1 DD E3 94 00 E0 61 41 65 9A C9 8F C9 18 83 FC  ±Ýã”.àaAešÉ.É.ƒü
-B0  CA DA 3E 89 A1 43 CF 4D 0E DB D2 7B 6D 53 6A 53  ÊÚ>‰¡CÏM.ÛÒ{mSjS
-C0  3D 43 ED 5C 7F B4 09 E4 22 38 6E 29 E7 3E 07 4B  =Cí\.´.ä"8n)ç>.K
-D0  2A FF 98 49 C9 49 FE 26 85 F4 71 15 85 11 75 F3  *ÿ˜IÉIþ&…ôq.….uó
-E0  56 79 2A 85 F3 1E 0F E3 21 16 2B 3F B3 25 18 2D  Vy*…ó..ã!.+?³%.-
-F0  9D 4E 57 76 1E 59 65 8A 5B BF 41 B7 29 1F 79 0C  .NWv.YeŠ[¿A·).y.
-00000100  A3 E7 CF 07 E7 A3 4F DA 67 B2 C9 75 89 83 4F 71  £çÏ.ç£OÚg²Éu‰ƒOq
-00000110  71 88 D6 89 D7 07 C0 2E D8 DA 39 0F 87 5B FE 40  qˆÖ‰×.À.ØÚ9.‡[þ@
-00000120  23 31 EB BF 86 1A A5 0D D5 24 94 DD A2 69 E4 E8  #1ë¿†.¥.Õ$”Ý¢iäè
-00000130  25 28 2E C7 34 E9 E5 8D 2D F4 AC F5 60 CC 2A CD  %(.Ç4éå.-ô¬õ`Ì*Í
-00000140  06 5D D7 FE C8 59 FC 6D 2B 17 25 A6 2E BE 0F F2  .]×þÈYüm+.%¦.¾.ò
-00000150  46 94 3B 0B C4 76 F6 FB C1 C1 8E 93 42 E9 5B 41  F”;.ÄvöûÁÁŽ“Bé[A
-00000160  69 A8 53 39 C6 09 32 A3 A9 3E AE 71 84 74 EC E0  i¨S9Æ.2£©>®q„tìà
-00000170  97 3B D1 41 D9 59 4B 17 E5 8B D1 2A 57 77 78 8D  —;ÑAÙYK.å‹Ñ*Wwx.
-00000180  02 4A 7F 31 5C 62 30 E5 F3 83 97 27 C4 7B 8D 31  .J.1\b0åóƒ—'Ä{.1
-00000190  E9 53 B6 86 BC 16 AC 15 B9 96 C2 A9 56 AC 13 DF  éS¶†¼.¬.¹–Â©V¬.ß
-A0  E4 05 01 30 7F 65 45 48 66 0E 3D D5 A9 1B 1A 76  ä..0.eEHf.=Õ©..v
-B0  15 38 C7 B3 0D A2 83 C2 D9 9F 13 28 F9 50 BF 4C  .8Ç³.¢ƒÂÙŸ.(ùP¿L
-C0  C1 2D 83 E8 9B A9 EF D1 C8 12 96 50 45 DD CC 26  Á-ƒè›©ïÑÈ.–PEÝÌ&
-D0  D5 57 C1 DD A0 2E 81 97 F8 B8 60 00 A9 27 2D 68  ÕWÁÝ ..—ø¸`.©'-h
-E0  69 FE C8 F5 E2 7D 48 0D 04 65 FF BB A8 BF 41 9F  iþÈõâ}H..eÿ»¨¿AŸ
-F0  27 98 56 D1 93 56 62 87 74 89 63 AD 63 B4 A3 AA  '˜VÑ“Vb‡t‰cc´£ª
-00000200  46 09 AB B5 92 BA BB CF 7C EF 8F 08 F8 FE 96 9A  F.«µ’º»Ï|ï..øþ–š
-00000210  2E 14 C4 67 8C B3 E3 DC DE BC 24 3F D8 17 B0 B6  ..ÄgŒ³ãÜÞ¼$?Ø.°¶
-00000220  1B F7 78 61 DE 90 14 29 46 CB 4E EF 30 0A D3 AA  .÷xaÞ..)FËNï0.Óª
-00000230  BB 78 6B 1D A2 3A E8 27 7B 2D 32 E5 62 C4 45 C0  »xk.¢:è'{-2åbÄEÀ
-00000240  9E 75 6C E3 5C 08 A9 D3 5B 36 38 40 AD BF 5D D4  žulã\.©Ó[68@¿]Ô
-00000250  9D D1 D9 F0 11 A6 D5 68 C9 97 BA 70 38 25 61 0B  .ÑÙð.¦ÕhÉ—ºp8%a.
-00000260  76 B6 84 0E 90 7C E9 C8 AC 01 F4 E4 2D 0A F4 C7  v¶„..|éÈ¬.ôä-.ôÇ
-00000270  98 D7 A3 98 8C CC A8 D0 05 2E A5 87 D7 FA 0A 93  ˜×£˜ŒÌ¨Ð..¥‡×ú.“
-00000280  19 91 81 D3 E9 83 E2 5E 31 D5 AD 78 4B A6 04 80  .‘.Óéƒâ^1ÕxK¦.€
-00000290  94 85 60 AA 09 5E CA 80 E3 FC 40 14 66 9C 47 11  ”…`ª.^Ê€ãü@.fœG.
-A0  A7 FF 93 6E 50 EB F6 AE 54 2F 47 43 01 EB 24 4D  §ÿ“nPëö®T/GC.ë$M
-B0  4B DC E3 A1 BC B7 B4 9B E0 77 D9 C0 97 CF CE 72  KÜã¡¼·´›àwÙÀ—ÏÎr
-C0  EF 84 F5 F1 7D 16 21 AC DC B7 2A 01 96 A4 14 47  ï„õñ}.!¬Ü·*.–¤.G
-D0  6D E5 1C 30 9D 1A 64 22 3A 7E 0B 28 A5 22 A0 B8  må.0..d":~.(¥" ¸
-E0  85 D8 0E 6B 5A 2B 7D 20 2B CF FA A9 B6 78 D0 FD  …Ø.kZ+} +Ïú©¶xÐý
-F0  82 9B 3D D7 24 F0 76 05 24 60 1A 8E CC 61 4A 8E  ‚›=×$ðv.$`.ŽÌaJŽ
-00000300  B8 F2 2B 59 AE FF 49 45 71 D0 31 73 8D 32 08 D9  ¸ò+Y®ÿIEqÐ1s.2.Ù
-00000310  8E 2E B8 18 13 49 B9 2F EB B7 D5 B9 55 E7 63 64  Ž.¸..I¹/ë·Õ¹Uçcd
-00000320  F6 CF 8C B0 ED BA A8 81 36 05 3C 48 E3 58 F1 3A  öÏŒ°íº¨.6.<HãXñ:
-00000330  51 39 CD 68 76 8D 08 D7 2B C4 7B 1D D2 4E DC A2  Q9Íhv..×+Ä{.ÒNÜ¢
-00000340  0E 1B C9 30 2B A1 EF 90 D5 35 7B 92 6B 86 D2 59  ..É0+¡ï.Õ5{’k†ÒY
-00000350  10 84 98 4B 9A 65 1A 00 B8 00 0A CA 5C F7 AF 8C  .„˜Kše..¸..Ê\÷¯Œ
-00000360  9C FF FC 0A 70 11 5E 0A 7A 02 26 B7 DE 98 FA F8  œÿü.p.^.z.&·Þ˜úø
-00000370  0D A0 D2 A3 83 95 34 2F 2C 17 6C B4 66 13 CB FB  . Ò£ƒ•4/,.l´f.Ëû
-00000380  A4 9E BC 64 08 41 F6 A0 F7 A1 F7 E1 24 EE 8C E3  ¤ž¼d.Aö ÷¡÷á$îŒã
-00000390  F2 59 19 1C 84 F8 60 45 81 72 88 B4 AE 6A 97 3E  òY..„ø`E.rˆ´®j—>
-A0  B8 5B 4A D8 C7 D2 0C AC 3C D9 25 B2 CC D7 D7 B4  ¸[JØÇÒ.¬<Ù%²Ì××´
-B0  CC EF C7 81 95 56 98 C5 A2 B3 7F 77 8D 24 51 7C  ÌïÇ.•V˜Å¢³.w.$Q|
-C0  78 27 C5 3A 1E 78 EC 84 5B 54 10 8A E3 0A CD E2  x'Å:.xì„[T.Šã.Íâ
-D0  2A 2E B2 9A B6 F2 75 8F B5 F0 74 23 6E 71 D8 56  *.²š¶òu.µðt#nqØV
-E0  F0 D1 79 73 0D 5D 41 27 E7 68 55 1F 00 52 9E BE  ðÑys.]A'çhU..Rž¾
-F0  BF D6 B4 92 C3 26 84 94 5C FE 46 6C BB 46 FA 51  ¿Ö´’Ã&„”\þFl»FúQ
-00000400  56 41 96 13 94 1A 24 02 64 4F B5 C7 36 F2 25 AF  VA–.”.$.dOµÇ6ò%¯
-00000410  8B 1F FD D1 8F 24 80 44 18 4B B9 D6 04 61 E2 EF  ‹.ýÑ.$€D.K¹Ö.aâï
-===2patchtrvk.bin===
-Note: CTRL-F : not <code>00 00 00 00 00 00 10 10 00 00 00 00 00 00 10 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40</code> but <code>00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40</code>
-  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
+----
-  00053800  00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 20  ....... .......
+=== Simplyfied V2 NAND downgrade ===
-  00053810  00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00  ...... .........
+====Patches to use====
-  00053820  00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 40  ...............@
+{|class="wikitable"
+|-
+! Target area !! Patchfile !! NAND Offset !! Paste length !! Remarks
+|-
+| ROS0 || [http://www.multiupload.com/GB4LPBNJBY patch1&nbsp;(7&nbsp;MB)] || 0x0C0030 || 0x6FFFE0 || CoreOS (prepatched 3.55)
+|-
+| ROS1 || [http://www.multiupload.com/GB4LPBNJBY patch1&nbsp;(7&nbsp;MB)] || 0x7C0020 || 0x6FFFE0 || CoreOS (SAME as ros0)
+|-
+| trvk_prg0&nbsp;(0x91800)<br />trvk_prg1&nbsp;(0x92810)<br />trvk_pkg&nbsp;(0x93800) || [http://www.multiupload.com/RTIK2IUUCL patch2&nbsp;(16&nbsp;KB)] || 0x91800 || 0x4000 || one big patch overlapping several revoke area's
+|-
+|}
+<!--// 3.55 did greenlight power off [http://www.multiupload.com/9Z5D080KLO patch2 (16 KB)] not work:avati//-->
+<!--// 3.15 [http://www.multiupload.com/KT6BAXH8O5 patch2 (16 KB)] not work:avati//-->
+==== PUP to use ====
+[[Talk:Downgrading_with_NOR_flasher#Premade_CFW_Rogero_V2| Rogero V2]] or any firmware with prepatched lv1 (no syscon hash checks)
+<!--//
+downgrade and 3.41downgrader = manufacturing updating SUCCESS(0x8002f000) = YLOD http://mibpaste.com/WP3suB
+downgrade and Rogero PUP = Bul-ray Disc Player Revoke done(0x8002f057) = YLOD http://mibpaste.com/oj8EL5
+downgrade and Rogero NoBD PUP = manufacturing updating SUCCESS(0x8002f000) + autopower off = OK  http://mibpaste.com/sAguEj
+  //-->
+====Different Factory Service Mode SELFs====
+For factory Service Mode install:
+* if using the normal lv2diag : Use a NoBD patched PUP (e.g. Rogero NoBD PUP) (to prevent error 0x8002f057)
+* if using the jaicrab NoBD lv2diag : Use the Rogero normal PUP
+{|class="wikitable"
+! Filename !! Size !! Remarks !! <code>SHA1</code> !! <code>MD5</code> !! <code>CRC32</code> !! <code>CRC16</code>
+|-
+| [http://www.multiupload.com/Y0Z8WNY009 Lv2diag.self&nbsp;(227.38&nbsp;KB)] || 232832 || jaicrab noBD patched || <code>180823003B086D9D49BC7F83BEA9C769BF73A5EA</code> || <code>3615770407C0C3FA00D8CA49C8ADB362</code> || <code>25E85CFB</code> || <code>EDD0</code>
+|-
+| [http://www.multiupload.com/V1YTTWGKH0 Lv2diag.self&nbsp;(365.5&nbsp;KB)] || 374272 || 3.55 get in FSM || <code>1ED037740D67FEBACA6449CABFF4E95400C9E2EE</code> || <code>099F33A7967F99E91C07E870FD78B3DB</code> || <code>9338ABF2</code> || <code>4FCC</code>
+|-
+| [http://www.multiupload.com/ZHJMPSMLYR Lv2diag.self&nbsp;(365.5&nbsp;KB)] || 374272 || 3.50- get in FSM || <code>1E770010A3A6EF572AF39783A04DF792670998D3</code> || <code>90168C03B217CE775A7839D87BBFF2A3</code> || <code>D1F0AAFC</code> || <code>CD8D</code>
+|-
+| [http://www.multiupload.com/VGQTFV56CO Lv2diag.self&nbsp;(201.42&nbsp;KB)] || 206256 || get out FSM || <code>329877CBD47B994EC0AFCEA6AF98114FD9E5128B</code> || <code>7A20BFDAE65EEFB47A4425DB1B52DCDE</code> || <code>72740080</code> || <code>502A</code>
+|-
+|}

Talk:Downgrading with NAND flasher: Difference between revisions

Latest revision as of 01:18, 14 December 2011

Contents

NAND Offsets[edit source]

1patchcos.bin[edit source]

2patchtrvk.bin[edit source]

Simplyfied V2 NAND downgrade[edit source]

Patches to use[edit source]

PUP to use[edit source]

Different Factory Service Mode SELFs[edit source]

Navigation menu

Talk:Downgrading with NAND flasher: Difference between revisions

Latest revision as of 01:18, 14 December 2011

NAND Offsets[edit source]

1patchcos.bin[edit source]

2patchtrvk.bin[edit source]

Simplyfied V2 NAND downgrade[edit source]

Patches to use[edit source]

PUP to use[edit source]

Different Factory Service Mode SELFs[edit source]

Navigation menu

Search