Editing Flash-Main

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
<div style="float:right">[[File:Atypical PS4 NOR.png|300px|thumb|left|Atypical (Corrupt @ 0x144200) PS4 NOR GFX]]</div>
<div style="float:right">[[File:ps4nordmp_1_06_raw_gfx.png|200px|thumb|left|PS4 Flash-Main v1.06 gfx]]</div>
<div style="float:right">[[File:Typical_PS4_NOR.png|300px|thumb|left|Typical PS4 NOR GFX]]</div>
 


'''subject:''' dump of serial flash [[MX25L25635FMI-10G]] for [[CXD90025G]]
'''subject:''' dump of serial flash [[MX25L25635FMI-10G]] for [[CXD90025G]]
Line 7: Line 5:
'''reference files:'''  
'''reference files:'''  


* [http://www.file-upload.net/download-8560871/ps4nordmp_1.06_without_Mac-Serial.rar.html PS4 NOR Dump 1.06 (without MAC address & ConsoleId)]
* [http://www.file-upload.net/download-8560871/ps4nordmp_1.06_without_Mac-Serial.rar.html PS4 NOR Dump 1.06 (without MAC Adress & Console-ID)]
* [http://www.file-upload.net/download-8671579/PS4NORDump_1.61_wo_MAC_and_CS.rar.html PS4 NOR Dump 1.61 (without MAC address & ConsoleId)]
* [http://www.file-upload.net/download-8671579/PS4NORDump_1.61_wo_MAC_and_CS.rar.html PS4 NOR Dump 1.61 (without MAC Adress & Console-ID)]
* [http://www.file-upload.net/download-10118036/ps4nordmp_1.61_E0_wo_MAC-SERIAL.rar.html PS4 NOR Dump 1.61 E0 (without MAC address & ConsoleId)] that update seem's to fixed a nasty bug on my console, need to do more test...
* [http://www.file-upload.net/download-10118036/ps4nordmp_1.61_E0_wo_MAC-SERIAL.rar.html PS4 NOR Dump 1.61 E0 (without MAC Adress & Console-ID)] that update seem's to fixed a nasty bug on my console, need to do more test...
**hint for FW 1.61 E0: fw version is still the same (1.61) also the fw counter is still 3 but now have E0 added to it.
*hint for FW 1.61 E0: fw version is still the same (1.61) also the fw counter is still 3 but now have E0 added to it.


'''other reference files:'''  
'''other reference files:'''  


* [https://mega.co.nz/#!EAxCTYBS!d5yVsovxbnQcfc1ymiLiIaDD8MMQELs16NaBQUqgRDI PS4 TEST KIT NOR Dump 1.010.031 and 1.500.101  (without MAC address & Console-ID)]   
* [https://mega.co.nz/#!EAxCTYBS!d5yVsovxbnQcfc1ymiLiIaDD8MMQELs16NaBQUqgRDI PS4 TEST KIT NOR Dump 1.010.031 and 1.500.101  (without MAC Adress & Console-ID)]   
* [https://mega.co.nz/#!ZMhk2A7Y!F9ndK7BhombPNio2fPse6tFGfln-gQS9bV47LRiNSZo PS4 #1 NOR Dump 1.1 and 1.51 (without MAC address & ConsoleId)]  
* [https://mega.co.nz/#!ZMhk2A7Y!F9ndK7BhombPNio2fPse6tFGfln-gQS9bV47LRiNSZo PS4 #1 NOR Dump 1.1 and 1.51 (without MAC Adress & Console-ID)]  
* [https://mega.co.nz/#!QZp00ZYJ!ukBiwwx_y_HEyJvXY2a4FGqZRbOKAolWEE13dIlb9WA PS4 #2 NOR Dump 1.1 and 1.51 (without MAC address & ConsoleId)]  
* [https://mega.co.nz/#!QZp00ZYJ!ukBiwwx_y_HEyJvXY2a4FGqZRbOKAolWEE13dIlb9WA PS4 #2 NOR Dump 1.1 and 1.51 (without MAC Adress & Console-ID)]  


'''notes:''' Console A & B are 2 Compared from same Region and Version. Console C is from Region: EU and Version: 1.06
'''notes:''' Console A & B are 2 Compared from same Region and Version. Console C is from Region: EU and Version: 1.06
Line 30: Line 28:
'''Strings:''' [[Flash-Main/strings]]
'''Strings:''' [[Flash-Main/strings]]


'''observation:''' MAC Address on 0x1C4021 length 6 bytes  |  Motherboard Serial on 0x1C8000 length 14 bytes  |  Console Serial on 0x1C8030 length 17 bytes  |  SKU Version on 0x1C8040 length 15 bytes  | HDD type, P/N and S/N on 0x1C9C00 length 64 bytes  |  FW Counter on 0x1CA5D8 length 2 bytes  (first byte is the FW Counter, {{unk|second byte is the Patch Counter}})|   
'''observation:''' MAC Address on 0x1C4021 length 6 bytes  |  Console Serial on 0x1C8030 length 17 bytes  |  SKU Version on 0x1C8040 length 15 bytes  |  FW Counter on 0x1CA5D8 length 2 bytes  |   
FW Version on 0x1CA604 length 4 bytes
FW Version on 0x1CA604 length 4 bytes


'''sources:''' GUI Tool for the PS4 NOR Flash [https://github.com/cfwprpht/PS4_AC1D_Flash-Tool PS4_AC1D_Flash-Tool]  |  Libraries Developed for the PS4 NOR flash [https://github.com/cfwprpht/Usefull_Libraries Usefull_Libraries]
'''sources:''' GUI Tool for the PS4 NOR Flash [https://github.com/cfwprpht/PS4_AC1D_Flash-Tool PS4_AC1D_Flash-Tool]  |  Libraries Developed for the PS4 NOR flash [https://github.com/cfwprpht/Usefull_Libraries Usefull_Libraries]


'''other files:''' Constant offsets and length in ALL Ps4 block -> [http://www.konsole.rzeszow.pl/ps4/same_block.txt same_block.txt]. Im compare over 10 dumps from diffrent firmware / console. First value is offset of first byte, second is length in byte. All values in decimental.
= Offsets =
See [[Codenames]].
* 0x00000000 <- Segment 0 Header (0x1000)
* 0x00001000 <- Segment 0 Active Slot (0x1000)
* 0x00002000 <- Segment 0 MBR1 (for sflash0s1.cryptx32) (0x1000)
* 0x00003000 <- Segment 0 MBR2 (for sflash0s1.cryptx32b) (0x1000)
* 0x00004000 <- sflash0s0x32 (0x60000) (emc_ipl)
* 0x00064000 <- sflash0s0x32b (0x60000) (emc_ipl)
* 0x000C4000 <- sflash0s0x33 (0x80000) (eap_kbl)
* 0x00144000 <- sflash0s0x38 (0x80000) (torus2_fw)
* 0x001C4000 <- sflash0s0x34 (0xC000) (nvs)
* 0x001D0000 <- sflash0s0x0 (0x30000) (blank)
* 0x00200000 <- Segment 1 Header (XTS encrypted) (0x1000)
* 0x00201000 <- Segment 1 Active Slot (XTS encrypted) (0x1000)
* 0x00202000 <- Segment 1 MBR1 (for sflash0s1.cryptx2) (XTS encrypted) (0x1000)
* 0x00203000 <- Segment 1 MBR2 (for sflash0s1.cryptx2b) (XTS encrypted) (0x1000)
* 0x00204000 <- sflash0s1.cryptx2 (0x3E000) (sam_ipl)
* 0x00242000 <- sflash0s1.cryptx2b (0x3E000) (sam_ipl)
* 0x00280000 <- sflash0s1.cryptx1 (0x80000) (idata)
* 0x00300000 <- sflash0s1.cryptx39 (0x80000) (bd_hrl)
* 0x00380000 <- sflash0s1.cryptx6 (0x40000) (Virtual TRM)
* 0x003C0000 <- sflash0s1.cryptx3 (0xCC0000) (secure kernel, secure modules)
* 0x01080000 <- sflash0s1.cryptx3b (0xCC0000) (secure kernel, secure modules)
* 0x01D40000 <- sflash0s1.cryptx40 (0x2C0000) (blank)
= MBR Types =
<source lang="C">
typedef struct {
uint32_t start_lba;
uint32_t n_sectors;
uint8_t flag1; // maybe part_id
uint8_t flag2;
uint16_t unknown;
uint64_t padding;
} __attribute__((packed)) partition_t;
typedef struct {
uint8_t magic[0x20]; // "SONY COMPUTER ENTERTAINMENT INC."
uint32_t version; // 1
uint32_t mbr1_start; // ex: 0x10
uint32_t mbr2_start; // ex: 0x18
uint32_t unk[4]; // ex: (1, 1, 8, 1)
uint32_t reserved;
uint8_t unused[0x1C0];
} __attribute__((packed)) master_block_v1_t;
typedef struct {
uint8_t magic[0x20]; // "Sony Computer Entertainment Inc."
uint32_t version; // 4
uint32_t n_sectors;
uint64_t reserved;
uint32_t loader_start; // ex: 0x11, 0x309
uint32_t loader_count; // ex: 0x267
uint64_t reserved2;
partition_t partitions[16];
} __attribute__((packed)) master_block_v4_t;
</source>
= MBR Contents (Example) (Internal) =
== MBR 1 and 2 ==
<pre>
Partition 0, off=0x2000, sz=0x60000, type=0x20(32), active?=0x0 (ina) (emc)
Partition 1, off=0x62000, sz=0x60000, type=0x20(32), active?=0x1 (act) (emc)
Partition 2, off=0xc2000, sz=0x80000, type=0x21(33), active?=0x1 (act) (eap)
Partition 3, off=0x142000, sz=0x80000, type=0x26(38), active?=0x1 (act) (wifi)
Partition 4, off=0x1c2000, sz=0xc000, type=0x22(34), active?=0x1 (act) (nvs)
</pre>
== MBR 3 and 4 ==
<pre>
Partition 0, off=0x2000, sz=0x3e000, type=0x2, active?=0x1 (act) (ipl)
Partition 1, off=0x40000, sz=0x3e000, type=0x2, active?=0x0 (ina) (ipl)
Partition 2, off=0x7e000, sz=0x80000, type=0x1, active?=0x1 (act) (idstorage)
Partition 3, off=0xfe000, sz=0x80000, type=0x27(39), active?=0x1 (act) (bd revoke)
Partition 4, off=0x17e000, sz=0x40000, type=0x6, active?=0x1 (act) (vtrm)
Partition 5, off=0x1be000, sz=0xcc0000, type=0x3, active?=0x1 (act) (coreos)
Partition 6, off=0xe7e000, sz=0xcc0000, type=0x3, active?=0x0 (ina) (coreos)
Partition 7, off=0x1b3e000, sz=0x2c0000, type=0x28(40), active?=0x1 (act) (unused)
</pre>
= MBR Contents (Example) =
== MBR 1 and 2 ==
<pre>
Partition 0, off=0x2000, sz=0x60000, type=0x20, active?=0x1 (act)
Partition 1, off=0x62000, sz=0x60000, type=0x20, active?=0x0 (ina)
Partition 2, off=0xc2000, sz=0x80000, type=0x21, active?=0x1 (act)
Partition 3, off=0x142000, sz=0x80000, type=0x26, active?=0x1 (act)
Partition 4, off=0x1c2000, sz=0xc000, type=0x22, active?=0x1 (act)
Partition 5, off=0x1ce000, sz=0x30000, type=0x0, active?=0x1 (act)
</pre>
== MBR 3 and 4 ==
<pre>
Partition 0, off=0x2000, sz=0x3e000, type=0x2, active?=0x1
Partition 1, off=0x40000, sz=0x3e000, type=0x2, active?=0x0
Partition 2, off=0x7e000, sz=0x80000, type=0x1, active?=0x1
Partition 3, off=0xfe000, sz=0x80000, type=0x39, active?=0x1
Partition 4, off=0x17e000, sz=0x40000, type=0x6, active?=0x1
Partition 5, off=0x1be000, sz=0xcc0000, type=0x3, active?=0x1
Partition 6, off=0xe7e000, sz=0xcc0000, type=0x3, active?=0x0
Partition 7, off=0x1b3e000, sz=0x2c0000, type=0x40, active?=0x1
</pre>


== Content ==
== Content ==
Line 180: Line 65:
=== 0x2000 ===
=== 0x2000 ===
==== Magic ====
==== Magic ====
* aka MBR1
* ends in 0x3000
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00002000  53 6F 6E 79 20 43 6F 6D 70 75 74 65 72 20 45 6E  Sony Computer En
  00002000  53 6F 6E 79 20 43 6F 6D 70 75 74 65 72 20 45 6E  Sony Computer En
Line 197: Line 78:
=== 0x3000 ===
=== 0x3000 ===
==== Magic ====
==== Magic ====
* aka MBR2
* ends in 0x4000
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00003000  53 6F 6E 79 20 43 6F 6D 70 75 74 65 72 20 45 6E  Sony Computer En
  00003000  53 6F 6E 79 20 43 6F 6D 70 75 74 65 72 20 45 6E  Sony Computer En
Line 212: Line 89:


=== 0x4000 ===
=== 0x4000 ===
==== SLB2 Magic (MC Stage1) ====
==== SLB2 Magic ====
 
* aka sflash0s0x32
* ends in 0x64000
 
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00004000  53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00  SLB2............
  00004000  53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00  SLB2............
Line 235: Line 108:
=== 0x4200 ===
=== 0x4200 ===
==== DEADBEEF CAFEBEBE Magic ====
==== DEADBEEF CAFEBEBE Magic ====
(similar is at 0x64218 and 0xC4218)
(simular is at 0x64218 and 0xC4218)
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00004200  AA F9 8F D4 01 00 55 48 80 00 00 00 xx xx 04 00  ªù.Ô..UH€......    xx differs on different console with same version
  00004200  AA F9 8F D4 01 00 55 48 80 00 00 00 xx xx 04 00  ªù.Ô..UH€......    xx differs on different console with same version
Line 256: Line 129:


=== 0x64000 ===
=== 0x64000 ===
==== SLB2 Magic (MC Stage2) ====
==== SLB2 Magic ====
 
* aka sflash0s0x32b
* ends in 0xC4000
 
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00064000  53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00  SLB2............
  00064000  53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00  SLB2............
Line 290: Line 159:


=== 0xC4000 ===
=== 0xC4000 ===
==== SLB2 Magic (EAP_KBL) ====
==== SLB2 Magic ====
 
* aka sflash0s0x33
* ends in 0x144000
 
NOTE: This container only consits of one file + that X800X which is present on every BIOS SLB2. But the data is extracted twice and just written with two diffrent names. One time the TitleID is used C0010001 and the second time a string which hold the file name eap_kbl is used. But both files are identical and extracted by using the same data source.
 
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  000C4000  53 4C 42 32 01 00 00 00 00 00 00 00 03 00 00 00  SLB2............
  000C4000  53 4C 42 32 01 00 00 00 00 00 00 00 03 00 00 00  SLB2............
Line 336: Line 199:


=== 0x144000 ===
=== 0x144000 ===
==== SLB2 Magic (Wifi/BT) ====
==== SLB2 Magic ====
 
==== wifi/bluetooth chipset firmware ====
==== wifi/bluetooth chipset firmware ====
* aka sflash0s0x38
* ends in 0x1C4000
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00144000  53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00  SLB2............
  00144000  53 4C 42 32 01 00 00 00 00 00 00 00 02 00 00 00  SLB2............
Line 438: Line 296:
  001C3FF0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  001C3FF0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................


=== 0x1C4000 (Console Main Informations) ===
=== 0x1C4000 ===
 
MAC-id @ 0x1C4021-0x1C4026
* AKA NVS or sflash0s0x34
* Ends in 0x200000
 
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  001C4000  03 02 01 01 02 01 06 01 FF FF FF FF FF FF FF FF  ........ÿÿÿÿÿÿÿÿ
  001C4000  03 02 01 01 02 01 06 01 FF FF FF FF FF FF FF FF  ........ÿÿÿÿÿÿÿÿ
  001C4010  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  001C4010  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  [...]
  001C4020  01 xx xx xx xx xx xx FF FF FF FF FF FF FF FF FF  .pž)...ÿÿÿÿÿÿÿÿÿ     MAC-id
 
==== 0x1C4021 MAC Address ====
MAC Address on offset 0x1C4021 6 bytes long.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  001C4020  01 70 9E 29 33 7A 1B FF FF FF FF FF FF FF FF FF  .pž).3zÿÿÿÿÿÿÿÿÿ     MAC-Address
  001C4030  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  001C4030  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  001C4040  FF FF FF FF FF FF FF FF FF FF FF FF FF FF 26 E8 ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ    0x26 0xE8 differs between consoles on same version
  001C4040  FF FF FF FF FF FF FF FF FF FF FF FF FF FF xx xx ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ..     xx differs between consoles on same version
  001C4050  04 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  .ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  001C4050  04 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  .ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  001C4060  03 01 01 02 02 FF FF FF FF FF FF FF FF FF FF FF  .....ÿÿÿÿÿÿÿÿÿÿÿ
  001C4060  03 01 01 02 02 FF FF FF FF FF FF FF FF FF FF FF  .....ÿÿÿÿÿÿÿÿÿÿÿ
Line 462: Line 312:
   [...]
   [...]


==== 0x1C47F0 Constant ====
=== 0x1C47F0 ===
Every dump i checked have thoes constant bytes.
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  001C47F0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF BE CC  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ¾Ì
  001C47F0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF BE CC  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ¾Ì
Line 481: Line 330:
  [...]
  [...]


==== 0x1C4FF0 ====
=== 0x1C4FF0 ===
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 509: Line 358:
|}
|}


====0x1C5200 ====
===0x1C5200 ===
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 544: Line 393:
  001C5FF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  001C5FF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ


==== 0x1C6000 (Retail & Dev/Test) ====
=== 0x1C6000 ===
This seems to be increased. There will be 8 0x00 bytes be added for every new "what ever".
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 558: Line 406:
|}
|}


==== 0x1C7000 ====
=== 0x1C7000 ===
same on different consoles on same version
same on different consoles on same version
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Line 572: Line 420:
  001C7FF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  001C7FF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ


==== 0x1C8000 MotherBoard Serial ====
=== 0x1C8000 ===
Length = 14 bytes.
Serial @ 001C8030 / SKU @ 001C8041
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
{| class="wikitable"
  001C8000  34 30 30 30 31 42 30 31 38 35 39 31 37 37 FF FF  40001B01859177ÿÿ  Motherboard Serial
|-
 
! Console A, B !! Console C
==== 0x1C8010 Unk ====
|-
Length = 16 bytes.
| <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  001C8000  34 30 30 30 31 44 xx xx xx xx xx xx xx xx FF FF  40001D........ÿÿ  Bluray Drive Serial
  001C8010  63 09 72 20 71 DB 7C 69 AC FE D8 92 89 BA 23 04  c.r.qÛ|i¬þØ’‰º#.   "
001C8010  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
001C8020  00 00 00 25 00 00 0A 93 00 01 00 00 00 00 07 10  ...%...“........
001C8030  30 33 32 37 34 35 32 32 32 34 xx xx xx xx xx xx  0327452224......  "
001C8040  xx 43 55 48 2D 31 30 30 34 41 20 42 30 31 58 FF  .CUH-1004A B01Xÿ  "  (same SKU/region!)
001C8050  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
001C8060  30 30 30 33 30 30 30 33 30 30 31 36 30 30 31 38 0003000300160018
001C8070  30 30 30 37 30 30 30 31 30 30 30 31 30 30 30 31  0007000100010001
001C8080  30 30 30 31 30 30 30 32 30 30 33 31 30 30 31 35 0001000200310015
001C8090  30 30 32 33 30 30 34 31 52 xx xx xx xx xx 01 30  00230041R......0  "
001C80A0  xx xx xx xx xx xx xx 82 07 8F 31 40 00 00 00 C2  ..........1@...  "
001C80B0  01 01 01 01 06 06 06 06 FF FF FF FF FF FF FF FF  ........ÿÿÿÿÿÿÿÿ
001C80C0  30 30 30 30 30 FF FF FF FF FF FF FF FF FF FF FF  00000ÿÿÿÿÿÿÿÿÿÿÿ
001C80D0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
001C80E0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
001C80F0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
001C8100  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  001C8110  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
001C8000  34 30 30 30 31 42 30 31 38 35 39 31 37 37 FF FF  40001B01859177ÿÿ
  001C8010  63 09 72 20 71 DB 7C 69 AC FE D8 92 89 BA 23 04  c.r.qÛ|i¬þØ’‰º#.
  001C8020  00 00 00 25 00 00 0A 93 00 01 00 00 00 00 07 10  ...%...“........
  001C8020  00 00 00 25 00 00 0A 93 00 01 00 00 00 00 07 10  ...%...“........
 
  001C8030  30 33 32 37 34 35 32 32 32 34 xx xx xx xx xx xx 0327452224xxxxxx
==== 0x1C8030 Console Serial ====
  001C8040  xx 43 55 48 2D 31 30 30 34 41 20 42 30 31 58 FF xCUH-1004A B01Xÿ
Length = 17 bytes.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  001C8030  30 33 32 37 34 35 32 32 32 34 35 37 39 36 36 30 0327452224579660  Console Serial
  001C8040  32                                              2
 
==== 0x1C8041 SKU Model ====
Length = vary.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
001C8040    43 55 48 2D 31 30 30 34 41 20 42 30 31 58 FF   CUH-1004A B01Xÿ   SKU Model
  001C8050  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  001C8050  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
==== 0x1C8060 Unk ====
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  001C8060  30 30 30 33 30 30 30 33 30 30 31 36 30 30 31 38  0003000300160018
  001C8060  30 30 30 33 30 30 30 33 30 30 31 36 30 30 31 38  0003000300160018
  001C8070  30 30 30 37 30 30 30 31 30 30 30 31 30 30 30 31  0007000100010001
  001C8070  30 30 30 37 30 30 30 31 30 30 30 31 30 30 30 31  0007000100010001
Line 604: Line 458:
  001C80B0  01 01 01 01 06 06 06 06 FF FF FF FF FF FF FF FF  ........ÿÿÿÿÿÿÿÿ
  001C80B0  01 01 01 01 06 06 06 06 FF FF FF FF FF FF FF FF  ........ÿÿÿÿÿÿÿÿ
  001C80C0  30 30 30 30 30 FF FF FF FF FF FF FF FF FF FF FF  00000ÿÿÿÿÿÿÿÿÿÿÿ
  001C80C0  30 30 30 30 30 FF FF FF FF FF FF FF FF FF FF FF  00000ÿÿÿÿÿÿÿÿÿÿÿ
001C80D0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
001C80E0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
001C80F0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
001C8100  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
001C8110  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................</pre>
|-
|}


==== FF filled ====
==== FF filled ====
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  001C80D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  001C8120 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
   [...]                filled FF region
   [...]                filled FF region
  001C87C0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  001C87C0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ


==== 0x1C87D0 ====
=== 0x1C87D0 ===
within a FF block these are found on both consoles:
within a FF block these are found on both consoles:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Line 622: Line 483:
  001C9020  00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  .ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  001C9020  00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  .ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ


==== 0x1C9080 ACF (Dev/Test) ====
=== 0x1C9100 ===
0x30 Bytes
{| class="wikitable"
|-
! Console A, B !! Console C
|-
| <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
001C9100  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
001C9110  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
001C9120  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
001C9100  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
001C9110  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
001C9120  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
</pre>
|-
|}


See [[Activation ACF]].
=== 0x1C91F0 ===
 
==== 0x1C91F0 PerConsole (Retail & Dev/Test) ====
(0x40 bytes)
(0x40 bytes)
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Line 657: Line 532:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  001C9240  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  001C9240  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  [...]                filled FF region
001C9BF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
==== 0x1C9900 PerConsole (Dev/Test) ====
Unique 0x100 byte area (on Testkit Console dump):
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
001C9900  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................
[...]   
001C9A00  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................
* xx Changes per dev console
==== 0x1C9C00 HDD P/N and S/N, ====
Checked every single Dump i got and it differs. Some Dumps have thoes entry, some not. Retail or Dev/Test do not matter. My own dumps do not have this information. But i also never changed the orig HDD. Maybe it's something like that. That only when you change to a new other HDD it will write the P/N S/N of the new HDD into this array.
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
0x1C9C00  47 48 54 53 48 20 53 54 34 35 30 35 30 35 37 41 GHTSH ST4505057A
0x1C9C10  33 45 30 38 20 20 20 20 20 20 20 20 20 20 20 20 3E08           
0x1C9C20  20 20 20 20 20 20 20 20 33 31 39 30 36 31 4D 54        319061MT
0x1C9C30  35 38 33 41 54 34 55 32 4E 47 4C 41 FF FF FF FF 583AT4U2NGLA˙˙˙˙
==== FF filled ====
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
001C9C40  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
   [...]                filled FF region
   [...]                filled FF region
  001C9FF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  001C9FF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ


==== 0x1CA000 ====
=== 0x1CA000 ===
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 729: Line 580:
  001CA5C0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  001CA5C0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................


==== 0x1CA5D0 Region? + Magic? & Incremental? & BIOS Version ====
==== 0x1CA5D0 ====
On the end of this page we have a list where we can compare thoes informations against other consoles. This will help us to bring light into thoes few bytes here.
FW Counter on 0x1CA5D8 | FW Version on 0x1CA604 - 4 bytes long
 
BIOS Incremental? on 0x1CA5D8 | BIOS Version on 0x1CA604 - 4 bytes long
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 751: Line 600:
{| class="wikitable"
{| class="wikitable"
|-
|-
! Console C / FW 1.06 !! Console C / FW 1.61 !! Console C FW 1.61 E0
! Console C / FW 1.06 !! Console C / FW 1.61
|-
|-
| <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
| <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Line 761: Line 610:
  001CA5E0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  001CA5E0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  001CA5F0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  001CA5F0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  001CA600  FF 00 FF FF 00 00 61 01 FF FF FF FF FF FF FF FF  ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  001CA600  FF 00 FF FF 00 00 61 01 FF FF FF FF FF FF FF FF  ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ</pre>
001CA5D0  30 76 B3 80 02 00 00 00 03 E0 00 00 00 00 00 00  0v³€.....à......
001CA5E0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
001CA5F0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
001CA600  FF 00 FF 00 00 00 61 01 FF FF FF FF FF FF FF FF  ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ</pre>
|-
|}
 
Region? & SKU version?
{| class="wikitable"
|-
! Console A Dev / Test FW 1.50.10 !! Console B Dev / Test FW 1.50 !! Console C Retail FW 1.52 !! Console D Retail FW 1.06 !! Console E Retail FW 1.74
|-
| <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
001CA5D0  34 77 B3 C0 02 00 00 00 02 00 00 00 00 00 00 00  4w³À............
001CA600  FF 00 FF FF 00 10 50 01 FF FF FF FF FF FF FF FF  ÿ.ÿÿ....ÿÿÿÿÿÿÿÿ</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
001CA5D0  34 77 B3 C0 02 00 00 00 03 00 00 00 00 00 00 00  4w³À............
001CA600  FF 00 FF FF 00 00 50 01 FF FF FF FF FF FF FF FF  ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
001CA5D0  B0 76 B3 80 02 00 00 00 03 00 00 00 00 00 00 00  °v³€............
001CA600  FF 00 FF FF 00 00 52 01 FF FF FF FF FF FF FF FF  ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
001CA5D0  34 76 B3 80 02 00 00 00 03 00 00 00 00 00 00 00  4v³€............
001CA600  FF 00 FF FF 00 00 06 01 FF FF FF FF FF FF FF FF  ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
001CA5D0  30 76 B3 80 02 00 00 00 03 00 00 00 00 00 00 00  0v³€............
001CA600  FF 00 FF FF 00 00 74 01 FF FF FF FF FF FF FF FF  ÿ.ÿÿ..a.ÿÿÿÿÿÿÿÿ</pre>
|-
|-
|}
|}
as long we have no better understanding of the added 0xE0 i will guess it as an kind of patch counter for that FW. i assume that the 0 will increase if more patches are installed.
NOTE: The first byte off ?Region + SKU Bytes? will differ between consoles. I guess for now that it may describe the region of the console. The 0xB0 is a brazilien console where 0x30 & 0x34 are for what i can say European consoles. (Feel free to correct me)
The following 4 bytes then are for Retails always the same and also for Dev / Test consoles they do match between them.
Retails 0x76 0xB3 0x80 0x02
Dev/Test 0x77 0xB3 0xC0 0x02


==== FF filled ====
==== FF filled ====
Line 802: Line 620:
  001CBBF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  001CBBF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ


==== 0x1CBC00 ====
=== 0x1CBC00 ===
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 829: Line 647:
  001CDFF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  001CDFF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ


==== 0x1CE000 ====
=== 0x1CE000 ===
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 856: Line 674:
  001CE1F0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  001CE1F0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ


==== 0x1CE200 ====
=== 0x1CE200 ===
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 906: Line 724:
|}
|}


==== 0x200000 PerConsole ====
=== 0x200000 ===
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00200000  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
  00200000  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
Line 940: Line 758:
  002001E0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
  002001E0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
  002001F0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
  002001F0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
==== FF filled ====
==== FF filled ====
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Line 947: Line 764:
  00200FF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  00200FF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ


==== 0x201000 PerConsole ====
=== 0x201000 ===
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00201000  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
  00201000  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
Line 981: Line 798:
  002011E0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
  002011E0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
  002011F0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
  002011F0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
==== FF filled ====
==== FF filled ====
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Line 988: Line 804:
  00201FF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  00201FF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ


==== 0x202000 PerConsole ====
=== 0x202000 ===
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00202000  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
  00202000  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
Line 1,022: Line 838:
  002021E0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
  002021E0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
  002021F0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
  002021F0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
==== FF filled ====
==== FF filled ====
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Line 1,029: Line 844:
  00202FF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  00202FF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ


==== 0x203000 PerConsole ====
=== 0x203000 ===
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00203000  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
  00203000  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
Line 1,063: Line 878:
  002031E0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
  002031E0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
  002031F0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
  002031F0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
==== FF filled ====
==== FF filled ====
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Line 1,070: Line 884:
  00203FF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  00203FF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ


=== 0x204000 Unk DataBlock ===
=== 0x204000 ===
huge block
huge block
{| class="wikitable"
{| class="wikitable"
Line 1,104: Line 918:
  002907F0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  002907F0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ


==== 0x290800 ====
=== 0x290800 ===
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00290800  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
  00290800  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
Line 1,115: Line 929:
  002909F0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  002909F0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ


==== 0x290A00 ====
=== 0x290A00 ===
  00290A00  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
  00290A00  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
   [...]                small block
   [...]                small block
Line 1,125: Line 939:
  00290BF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  00290BF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ


==== 0x290C00 ====
=== 0x290C00 ===
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00290C00  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
  00290C00  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
Line 1,136: Line 950:
  00290DF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  00290DF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ


==== 0x290E00 ====
=== 0x290E00 ===
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00290E00  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
  00290E00  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
Line 1,148: Line 962:
  002FFFF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  002FFFF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ


==== 0x300000 ====
=== 0x300000 ===
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00300000  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
  00300000  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  xx differs between consoles on same version
Line 1,154: Line 968:
  0037FFF0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
  0037FFF0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "


* bd hrl, likely
=== 0x380000 ===
 
SCEVTRM on 0x380048
=== 0x380000 SCE VTRM Region0 (Retail & Dev/Test) ===
See also: [[VTRM]]
 
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00380000  FC FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  00380000  FC FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
Line 1,168: Line 979:
  00380060  00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00  ................
  00380060  00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00  ................
  00380070  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  00380070  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
 
00380080  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
 
00380090  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
==== 0x380170 VTRM Region0 Digest? (Retail & Dev/Test) ====
003800A0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
See also: [[VTRM#Region0_Digest|VTRM]]
003800B0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
 
003800C0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
003800D0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
003800E0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
003800F0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00380100  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00380110  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00380120  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00380130  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00380140  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00380150  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00380160  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00380170  FF FF FF FF FF FF FF FF                          ÿÿÿÿÿÿÿÿ
==== 0x380170 ====
0x60 block
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00380170                          xx xx xx xx xx xx xx xx          ........  xx differs between consoles on same version
  00380170                          xx xx xx xx xx xx xx xx          ........  xx differs between consoles on same version
Line 1,181: Line 1,005:
  003801C0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
  003801C0  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................  "
  003801D0  xx xx xx xx xx xx xx xx                          .......        .  "
  003801D0  xx xx xx xx xx xx xx xx                          .......        .  "
==== FF filled ====
==== FF filled ====


=== 0x3A0000 SCE VTRM Region1 (Retail) ===
=== 0x3A0000 ===
See also: [[VTRM#Region1|VTRM]]
Console C second SCEVTRM on 0x3A0048
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
{| class="wikitable"
  00380000 03 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF  üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
|-
  00380010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
! Console A, B !! Console C
  00380020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
|-
  00380030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
| <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00380040 01 00 00 00 FF FF FF FF 53 43 45 56 54 52 4D 00  ....ÿÿÿÿSCEVTRM.
  003801D0                          FF FF FF FF FF FF FF FF          ÿÿÿÿÿÿÿÿ
  00380050 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  003801E0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  00380060 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00  ................
  [...]                filled FF region
  00380070 FF FF FF FF FF FF FF FF FE FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  003A0160 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
 
  003A0170  FF FF FF FF FF FF FF FF                          ÿÿÿÿÿÿÿÿ</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
==== 0x3A0170 VTRM Region1 Digest? (Retail) ====
0039FFF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
See also: [[VTRM#Region1_Digest|VTRM]]
  003A0000  03 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF  ....ÿÿÿÿÿÿÿÿÿÿÿÿ
003A0010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  [...]                filled FF region
  003A0040 01 00 00 00 FF FF FF FF 53 43 45 56 54 52 4D 00  ....ÿÿÿÿSCEVTRM.
  003A0040 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  003A0040 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00  ................
  003A0040 FF FF FF FF FF FF FF FF FE FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿþÿÿÿÿÿÿÿ
003A0050  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  [...]                filled FF region
003A0160  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
003A0170  FF FF FF FF FF FF FF FF                          ÿÿÿÿÿÿÿÿ</pre>
|-
|}


==== 0x3A0170 ====
0x60 block
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  003A0170                          xx xx xx xx xx xx xx xx          ........  xx differs between consoles on same version
  003A0170                          xx xx xx xx xx xx xx xx          ........  xx differs between consoles on same version
Line 1,254: Line 1,091:
  003BFFF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  003BFFF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ


=== 0x3C0000 (CoreOS) ===
=== 0x3C0000 ===
0x1980000 datablock (sflash0s1.cryptx3 + sflash0s1.cryptx3b)
0x1980000 datablock
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  003C0000  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................
  003C0000  xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx  ................
Line 1,270: Line 1,107:


{{eof}} 0x2000000
{{eof}} 0x2000000
=== FW/BIOS versioning and incremental counting Observation ===
Following a list of Informations about The Consoles Firmware version, the SFlashes BIOS version and this strange (where i guess) incremental counter. I run that list so we can see if my guess of a incremental value is right or not.
The values we list are:
0x1CA5D0 (1 Byte) == Region?
The real Region of your device.
0x1CA5D1 (4 Bytes) == SKU?
The real SKU of your device.
0x1C8041(variety) The SKU Model string.
The Firmware version of your console.
0x1CA604 (4 Bytes, little endian) == BIOS version.
0x1CA5D8 (4 Bytes, each integer16) == Incremental value as Byte.
The same value but as integer.
The Console # so we can see on one shot which value belong to which console or if they are from diffrent cons.
And the last one, the SHA1 checksum of VTRM PerConsole0
NOTE: If there are any informations from one and the same console but on diff versions, then please mark your console with the next free number and add it. So we can see with one hit which values are from diff cons and which are from the same con. And which value belongs to which console. If the values are from one console and no second value from the same console is already present then mark it with a minus -.
{| class="wikitable"
! Region !! Real !! SKU !! Real !! Model !! FW !! BIOS !! Inc Byte !! Inc Integer !! Con # !! VTRM PerConsole0 SHA1
|-
| 0x34 || EU || 77 B3 C0 02 || Dev / Test || DUH-T1000AA || 1.50 || 1.50 || 0x03 0x00 0x00 0x00 || 3.0.0.0 || 0 || 46AEDE30098A48BB6A35E392F7A8EB603F3FFCD4
|-
| 0x34 || EU || 77 B3 C0 02 || Dev / Test || DUH-T1000AA || 1.010.031 || 0xFFFFFFFF || / || / || 0 || 46AEDE30098A48BB6A35E392F7A8EB603F3FFCD4
|-
| 0x34 || EU || 77 B3 C0 02 || Dev / Test || DUH-T1000AA || 1.76 || 1.50.10 || 0x03 0xE0 0x00 0x00 || 3.224.0.0 || - || 11F8D58F9D5E6CC34D0E5EA63E656A40C32FB5A3
|-
| 0xB0 || BR || 76 B3 80 02 || Retail || CUH-1001A B01 || 2.50 || 1.52 || 0x03 0xED 0x00 0x00 || 3.237.0.0 || - || 56C205680BFFCB4AA36047F192C9D8C6FDD31294
|-
| 0xB0 || BR || 76 B3 80 02 || Retail || CUH-1001A B01 || 2.50 || 1.52 || 0x03 0xED 0x00 0x00 || 3.237.0.0 || - || 3F85EDAD7BCF9122B456970FDEDB9C1D1802A7A5
|-
| 0xB0 || BR || 76 B3 80 02 || Retail || CUH-1011A B01 || 2.50 || 1.52 || 0x03 0xED 0x00 0x00 || 3.237.0.0 || - || 262E7A39E3F04C91D6820EF5EF0533F0D32BD073
|-
| 0x34 || EU || 76 B3 80 02 || Retail || CUH-1004A B01X || 1.06 || 1.06 || 0x02 0x00 0x00 0x00 || 2.0.0.0 || 1 || A801741B94EAFFAE0CB9F56EB20E7908F9556D45
|-
| 0x30 || EU || 76 B3 80 02 || Retail || CUH-1004A B01X || 1.61 || 1.61 || 0x03 0x00 0x00 0x00 || 3.0.0.0 || 1 || A801741B94EAFFAE0CB9F56EB20E7908F9556D45
|-
| 0x30 || EU || 76 B3 80 02 || Retail || CUH-1004A B01X || 1.62 || 1.61 || 0x03 0xE0 0x00 0x00 || 3.224.0.0 || 1 || A801741B94EAFFAE0CB9F56EB20E7908F9556D45
|-
| 0x30 || EU || 76 B3 80 02 || Retail || CUH-1004A B01X || 1.74 || 1.61 || 0x03 0xE0 0x00 0x00 || 3.224.0.0 || 1 || A801741B94EAFFAE0CB9F56EB20E7908F9556D45
|-
|}
=== Software Based Validation ===
==== BwE PS4 NOR Validator ====
[[File:Screenshot norvalidator2.png|300px|thumb|left|Results]]
This program is the release version of [[User:BwE]]'s PS4 NOR Validator, it is designed solely to validate the NOR flash of your PS4 console!
Why would you need to do this? Well if your console has suddenly died and has what is called the 'BLOD', the NOR can be the reason why. Using my program will allow you to validate literally every single byte of the NOR (or over 2100 specific areas) - allowing you to see where or if it is corrupted.
The most common area of corruption that causes the BLOD is the CID. Some areas of this section can actually be repaired, if you're lucky! I and others have done this! Don't forget to use my Comparator tool to help you understand what the difference is for a specific section of the NOR. It will help you with patching!
Other areas can be inter-changed between different consoles and are more suited for repair, the WiFi/BT module is a good example of this.
So fundamentally, this program is for console repairers like myself. If you are indeed a repairer and run a business I can make a custom 'bulk' version for you! But for now, feel free to put multiple *.bin files in the working directory as my program will provide a selection menu.
I am also happy to give advice on your NOR or help interpret your results, just post on the forum or give me an email. If you can bypass my filter, send me a link to your NOR!
If you encounter any errors or weird results - or better yet if your NOR is labled danger in any areas, but still runs fine - let me know!
Keep in mind the CoreOS and other large encrypted areas could still be corrupt regardless of the results (I cant check every byte in an encrypted section, hence alt validations). This program is NOT perfect, but it is WAY better than just using a hex editor or never truely knowing if your BLOD is caused by the NOR!
This also goes above and beyond that of the psdevwiki page regarding the main flash of the PS4 (Thank you cfwprpht).
<br><br><br><br><br>
'''Notes:'''
As of version 1.5.5 there is an ability to upload dumps directly to me. I use these to improve the program and validations.
Abusing this service will result in your ban from future use of my validator.
''Regarding Anti-Virus:''
I protect my program with Themida. The problem with this is that heuristically some AV software see it as a threat.
This is because people who make or redistribute old malware also use Themida to help make themselves undetected.
Ultimately, it is up to you to trust the program and me. I encourage you to upload to a sandbox to see for yourself.
<pre>
Version History:
- 1.7.1 (25/6/21) Fixed Uploading Questions, Added MB Serial to Outputs, New Spash Screen.
- 1.7.0 (23/6/21) Added Question Regarding Dump When Uploading, Added New CID Validation (Weird Key or Flag), Fixed UART Validation, Added Unlisted Results.
- 1.6.9 (26/5/21) Fixed Internal Code Issues, Added Unlisted Results, New Splash Screen (Potentially last update for a short while).
- 1.6.8 (16/5/21) Updated Internal Comparison Application, Improved Serial Number Validation (MB Series), Added Unlisted Results.
- 1.6.7 (25/4/21) Repaired UNK 1200 Series Validation, Added Unlisted Results.
- 1.6.6 (12/4/21) Added Unlisted Results, Improved Validation, Changed Output Styling.
- 1.6.5 (31/3/21) Added CoreOS Statistical Analysis, Changed Some Results, Changed Some Output Formatting, Returned to Previous Packer.
- 1.6.3 (30/3/21) Added CoreOS Patcher (SU-30631-3 Error Specific), Updated Results, Added Unlisted Results, Fixed Readme, Changed Packer.
- 1.6.2 (18/3/21) Repaired CID Validation, Improved Handling of 72xx, Added Unlisted Results, Improved Dump Uploading Process.
- 1.6.1 (20/2/21) Repaired CID Validation, Added Unlisted Results (Thanks Uploaders!)
- 1.6.0 (4/2/21) Added IDU Mode Patcher, Improved Validations, Added Unlisted Results.
- 1.5.9 (29/1/21) Major Improvement to CID and UNK Validations, Added Unlisted Results, Improved UART Patching, Better Handling of 1200/Pro/Slim Validations, Added v1.5 of Comparator
- 1.5.7 (11/1/21) Fixed Version Checker, Improved Statistics, Removed Some Unlisted Results (Improved Validation), Updated Upload Feature, Improved Compiler
- 1.5.6 (10/1/21) Improved CID and UNK Validations, Updated Unlisted Validations, IDU Flags Added, Some Code Optimization
- 1.5.5 (8/1/21) Updated Pro/Slim Specific Validations, Updated Unlisted Validations, Updated CID Validations, Updated UNK Validations, Added Dump Upload Feature
- 1.5.3 (5/12/20) Updated Unlisted Validations, Updated WiFi/BT MD5s & Entropy Validation
- 1.5.2 (20/11/20) Updated WiFi/BT MD5s, Added 2nd UART Flag, Updated Unlisted Validations
- 1.5.1 (3/11/20) Updated Unlisted Validations, Added UART Enabler, Removed Unused Validation Option, Added Basic Loader
- 1.5.0 (30/10/20) Updated Unlisted Validations, Upgraded Existing Validations, Removed Loader (Secret Patcher Coming Soon!)
- 1.4.9 (3/5/20) Added 21xx Series Specific Validations, Updated Unlisted Validations
- 1.4.7 (23/3/20) Added Dynamic Comparison, Updated Unlisted Validations
- 1.4.6 (1/2/20) Just Keeping It Fresh! (May have fixed issues stopping the program running, if not let me know!)
- 1.4.4 (16/8/19) Added and Improved Validations (CID & UNK) Including New WiFi/BT FW MD5
- 1.4.2 (7/4/19) Added More Validations (Firmware & Console Specific), Improved Various Sections (CID & UNK Mostly)
- 1.4.1 (1/3/19) Prettied Up Outputs, Minor Rewording (Sorry!).
- 1.4.0 (1/3/19) Added Zecoxao Extraction Methodology (Will Add More Zecoxao SELF Stuff Later), Added FW/BIOS Versioning, Added Additional Entropy Validation & Various Improvements Throughout.
- 1.3.8 (21/2/19) Added Additional Validations (To Suit Slim/Pro), Repaired/Improved CID Validation, More MD5s & Table Based Results.
- 1.3.5 (30/1/19) Added CoreOS Reference Points (Additional CoreOS Per-Console Validation).
- 1.3.3 (24/1/19) Reworked And Improved Both CID And UNK Sections Again, Added More MD5's, Added Application Version Checker, Removed Colored Bars, Added Comparator & Other Improvements Throughout.
- 1.3.1 (19/1/19) Added More Validations & MD5's, Repaired Minor Bug.
- 1.3 (15/1/19) Completely Reworked And Improved The CID Section And Added Additional Validations To The UNK Section & I Also Improved Some Other Validations Throughout.
- 1.2.6 (18/12/18) Hopefully Fixed 'Black Screen' Issue, Recompiled In 32bit.
- 1.2.5 (17/12/18) Added 2 New Flags (Possibly Initialization Flag?), Changed Validation Results, Improved Output/Info (HTML) & Added MD5's.
- 1.2 (8/12/18) Improved All Alt Validations, Repaired Vtrm1, Internal Typo & Added Repetition Checks.
- 1.1.1 (29/11/18) Typo Again, Made The SKU Not Come Up As Unlisted & Added Some MD5's.
- 1.1 (28/11/18) Improved VTRM & CID Validation, Typo Fixes & Better Colours.
- 1.0 (27/11/18) First Release!
</pre>
'''Developer Website:'''<br>
https://betterwayelectronics.com.au/
'''Direct Link:'''<br>
https://betterwayelectronics.com.au/BwE_PS4_NOR_Validator.rar
'''More Information/Updates:'''<br>
github.com/BetterWayElectronics/ps4-nor-validator
<br><br>


{{Reverse Engineering}}
{{Reverse Engineering}}
<noinclude>[[Category:Main]]</noinclude>
<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS4 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS4 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "http://www.psdevwiki.com/ps4/Flash-Main"