Editing Flash-Main
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
| Latest revision | Your text | ||
| Line 1,157: | Line 1,157: | ||
=== 0x380000 SCE VTRM Region0 (Retail & Dev/Test) === | === 0x380000 SCE VTRM Region0 (Retail & Dev/Test) === | ||
SCEVTRM Magic on 0x380048. | |||
The 0xFC in this example here mark the very first entry for a VTRM. Otherwise it would be 4 bytes either all 0x00 which means not in use or 0x03 0x00 0x00 0x00 which means in use. It is always tighten to 0x00 placed on offset 0x380050 and 0x380058 or in the second VTRM on 0x3A0050 and 0x3A0058 and it is the counter for activation and deactivation of the console. So following the counting this means for every | |||
uneven number == Activated | |||
and every | |||
even number == Deactivated | |||
or | |||
If VTRM0 is marked as in use then the console is deactivated and if VTRM1 is marked in use then she is activated. | |||
Following some examples. Remember mark 0xFC and count 0x00 == factory state. | |||
NOTE: Dev / Test Consoles only do use one VTRM. The array for the second VTRM is completely empty on this SKU models beside that they don't have any mark and also no counter. (yea sure why if they only use one ^^) | |||
NOTE²: There is another byte that will change douring this process. On offset 0x3A0078 for factory the byte is 0xFF. As soon the console would be the first time activated (so count 0x01) then this byte change to 0xFE. After this (so count 0x02 and upwards) the byte will always be 0xFC. | |||
Deactivated | |||
{| class="wikitable" | |||
|- | |||
! Console A !! Console B !! Console C | |||
|- | |||
| <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
00380000 FC FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00380000 FC FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
00380010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00380010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | ||
| Line 1,167: | Line 1,190: | ||
00380050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | 00380050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ | ||
00380060 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................ | 00380060 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................ | ||
00380070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | 00380070 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
00380000 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380040 01 00 00 00 FF FF FF FF 53 43 45 56 54 52 4D 00 ....ÿÿÿÿSCEVTRM. | |||
00380050 16 00 00 00 00 00 00 00 16 00 00 00 00 00 00 00 ................ | |||
00380060 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................ | |||
00380070 FF FF FF FF FF FF FF FF FC FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ</pre> || <pre> Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | |||
00380000 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF üÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380010 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380020 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380030 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ | |||
00380040 01 00 00 00 FF FF FF FF 53 43 45 56 54 52 4D 00 ....ÿÿÿÿSCEVTRM. | |||
00380050 0E 00 00 00 00 00 00 00 0E 00 00 00 00 00 00 00 ................ | |||
00380060 00 10 00 00 00 00 00 00 1D 00 00 00 00 00 00 00 ................ | |||
00380070 FF FF FF FF FF FF FF FF FC FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ</pre> | |||
|- | |||
|} | |||
==== 0x380170 VTRM | So we have more ways to identify if a Dump is from a Retail or a Dev/Test console. Either we can check if there are any incremental counters used on the VTRM or we can check if the VTRM hase any mark like 0xFC or 0x00000000 or 0x03000000 then it is reatail else Dev/test. Or we also can check the first 4 bytes of both VTRMs against 4x 0xFF bytes, if True == Dev/Test else Retail. | ||
==== 0x380170 VTRM R0 PerConsole (Retail & Dev/Test) ==== | |||
This region of 0x60 ~= 96 bytes is the exact same on the same console of diffrent FW and BIOS versions. We can use thoes 96 bytes to identify dumps as diffrent or as from one and the same device. It's kind of a unique Console identifyer. I will add a new entry to the SystemFlash Extractor and hash this array with SHA1 which we then can use to store it in the DataBase. That gives us the ability to even identify a Dump and his informations from the DataBase out as one and the same device or as a diffrent one, while to same time to protect the privacy of the user in case we use a checksum to store and not the console specific unique vlaue. (what ever it will hold...) | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||