PS3 BadWDSD/qCFW + HW Flasher/NoBT Thread

A

aomsin2526

Developer
FOR USER WITH HARDWARE FLASHER ONLY!!!

Normally, before modchip can work you must install payload file called Stagex.bin into flash first.
But if user can't use HEN, then it must done by hand.

Flash Dump Patching Guide:

Some flasher such as E3 will require "byte reverse" first. I will not cover this part.

For NOR only.

1. Write Stagex.bin into offset 0x31000 of NOR flash dump
2. Write Stagex_aux.bin into offset 0xF21000 of NOR flash dump
3. Write CoreOS.bin into offset 0x0C0000 AND 0x7C0000 of NOR flash dump

Then flash dump into your console, modchip should work now.
You should then enter safe mode to install firmware.

NoBT Guide:

This is completely different from CFW. In qCFW it works by having Cobra payload patch ps3swu (firmware updater) code in memory to bypass the error.

But Cobra requires CFW lv2 kernel and cobra file in dev_flash. So how can we load it if we are on OFW?

The answer is: qCFW LITE

This mode can be enabled by shorting LITE pin on modchip to ground.

Behavior will depends on firmware you are currently on.

If you're on qCFW, This pin will just enable "Load Cobra from USB"
If you're on 4.92 CEX, This pin will temporary patch the kernel to CFW using diff file. and will enable "Load Cobra from USB"
If you're on DEX firmware, it won't work. Do not use this mode. (You don't have 4.92 DEX PUP anyway) qCFW will work however.
If you're on none of above, your console won't boot and will consecutive beep. Will need hardware flasher above.

This mode is only useful during NoBT firmware install and must be disabled under normal use.

Remember that anytime you change the modchip config pin, it must be power cycled to apply.

1. Copy qcfw/dev_flash/sys/stage2.cex file into ROOT of your USB drive
2. Short LITE pin to ground
3. Plug USB drive into RIGHTMOST port
4. Turn on your console
5. You must hear lot of beeps at boot and just before firmware updater start
6. It should able to install firmware without error
7. Unshort LITE pin after done, or HEN won't work

FROM NOW ON, ALWAYS INSTALL 4.92 FIRMWARE!. OTHERWISE YOU MUST REPEAT WHOLE HW FLASHER PROCESS AGAIN.

qCFW didn't need LITE mode because Cobra is always active on it.
 
Last edited:
Quel Flasheur utilisez-vous sur une PS3 avec carte mère KTE-001 (Slim CECH-3004B) qui a deux condensateurs chimiques trop proches du clip à mettre sur la NOR ??? La limande est soulevée par l'un des condensateurs avec mon "E3-Flasher".

Which flasher do you use on a PS3 with a KTE-001 motherboard (Slim CECH-3004B) which has two electrolytic capacitors too close to the clip for the NOR board? The flat surface is lifted by one of the capacitors with my "E3-Flasher".

De même, est-il possible de monter un "Flasheur" sur des PS3 Super-slim de modèle CECH-4004C et CECH-4204C ?

Similarly, is it possible to install a "Flasher" on PS3 Super-slim models CECH-4004C and CECH-4204C ?
 
Last edited by a moderator:
Algol said:
Quel Flasheur utilisez-vous sur une PS3 avec carte mère KTE-001 (Slim CECH-3004B) qui a deux condensateurs chimiques trop proches du clip à mettre sur la NOR ??? La limande est soulevée par l'un des condensateurs avec mon "E3-Flasher".

Which flasher do you use on a PS3 with a KTE-001 motherboard (Slim CECH-3004B) which has two electrolytic capacitors too close to the clip for the NOR board? The flat surface is lifted by one of the capacitors with my "E3-Flasher".
Click to expand...


Algol said:
De même, est-il possible de monter un "Flasheur" sur des PS3 Super-slim de modèle CECH-4004C et CECH-4204C ?

Similarly, is it possible to install a "Flasher" on PS3 Super-slim models CECH-4004C and CECH-4204C ?
Click to expand...

Must ask other people.

If you already have fully working console, you don't need hardware flasher at all.

I never used hw flasher with superslim. I create this mod without needing it at all.

Only time I need it is when I bricked on my fat, that could only happen with very specific method that is not possible anymore no matter what today.

I don't have real NoBT console either. I can only simulate it on my fat by disconnect the cable and it's working well so far.

That's why I want real tester here
 
@aomsin2526 : OK, j'accepte de t'aider avec ma PS3 Slim qui est déjà sous le HFW-4.92.2/HEN-3.4.1 actuel. Cette console fonctionne correctement et m'a été donné par mon beau-frère il y a quelques années déjà. Je peux lui faire subir cette mise en place du qCFW.
Ensuite, et comme tu me l'as bien dit, je ferai la modification à ma PS3 SuperSlim CECH-4004C et une fois cela réalisé je passerai à la CECH-4204C. Là, j'aurai besoin de toute ton aide pour localiser l'emplacement des fils à souder ainsi que de tes conseils toujours très précieux. Ces deux consoles sont aussi sous le HFW-4.92, mais le HEN est le v3.4.0.
Si tu as besoin de mieux me connaître, tu peux passer par le Mail Privé sur ce site, j'ai aussi un MP sur Gmail. J'ai démarré sur la PS1, évolué vers la PS2, puis la PS3 et maintenant la PS4. J'ai 67 printemps ...

@aomsin2526: OK, I agree to help you with my PS3 Slim, which is already running the current HFW-4.92.2/HEN-3.4.1 firmware. This console works perfectly and was given to me by my brother-in-law a few years ago. I can install qCFW on it.
Then, as you correctly suggested, I'll modify my PS3 SuperSlim CECH-4004C, and once that's done, I'll move on to the CECH-4204C. At that point, I'll need all your help to locate the solder points, as well as your always invaluable advice. Both of these consoles are also running HFW-4.92, but their HEN is v3.4.0.
If you'd like to know more about me, you can contact me via private message on this site; I also have a private message on Gmail. I started on the PS1, moved on to the PS2, then the PS3, and now the PS4. I'm 67 years old...

PS : je viens de commander les 3 RP2040-Zero chez AliExpress. Ils devraient arriver dans 2 à 3 semaines chez moi.
==> I just ordered the 3 RP2040-Zero from AliExpress. They should arrive at my house in 2 to 3 weeks.
 
Last edited by a moderator:
does this guide only specially work on 4.92?

I had some Super Slim PS3 that is stuck on update bootloop and also no longer have their original HDD as they were repurposed for other system.

I have 6 system that is in 4.80, 4.82, 4.84 and 4.88 that needs a no-bt fix.
 
remlei said:
does this guide only specially work on 4.92?

I had some Super Slim PS3 that is stuck on update bootloop and also no longer have their original HDD as they were repurposed for other system.

I have 6 system that is in 4.80, 4.82, 4.84 and 4.88 that needs a no-bt fix.
Click to expand...

You need HW flasher. Flash dump patching will install qCFW so LITE mode can work.
 
Guys please i need help, i have this ps3 superslim 12gb emmc with 8002f334 update loop, how can i complete the update, am guessing i wouldnt have had any issues if it was the supported nor, any help will be much appreciated
 
karlhartl said:
Guys please i need help, i have this ps3 superslim 12gb emmc with 8002f334 update loop, how can i complete the update, am guessing i wouldnt have had any issues if it was the supported nor, any help will be much appreciated
Click to expand...

8002F334 is bad news, since fw update file is corrupted. But since file is on emmc only way is to use hw flasher to wipe them.

On nor you just wipe hdd
 
MeteK said:
Why you did it if you knew that emmc version is not supported ?
Click to expand...
I didnt do qcfw on this console, this was brought by client i dont know whay he did

aomsin2526 said:
8002F334 is bad news, since fw update file is corrupted. But since file is on emmc only way is to use hw flasher to wipe them.

On nor you just wipe hdd
Click to expand...
By any chance can you point me to a tutorial or you can explain to me what to delete in nor, thanks for your reply
 
Last edited by a moderator:
aomsin2526 said:
You need HW flasher. Flash dump patching will install qCFW so LITE mode can work.
Click to expand...

thanks, I just recently made this work yesterday and so far, everything works great.

the instructions were not clear and you fill in the blanks by your self.

since I had my console without their origical hdd anymore, I need to format the HDD on ps3 safe mode menu first before proceeding amd install the update and wait it to fail. After that power off the machine and proceed to all the patching on the NOR and boot it up using the instruction 1-7.

the only hard part for me is understanding the nor patching stuff. I wish that a app like from xbox360 can process this nor dump patching stuff and do checks on it. It took me like 20th trial and error (no worries I still have a good nor dump) because im stupid but hey, at least I understand how it works now.
 
remlei said:
thanks, I just recently made this work yesterday and so far, everything works great.

the instructions were not clear and you fill in the blanks by your self.

since I had my console without their origical hdd anymore, I need to format the HDD on ps3 safe mode menu first before proceeding amd install the update and wait it to fail. After that power off the machine and proceed to all the patching on the NOR and boot it up using the instruction 1-7.

the only hard part for me is understanding the nor patching stuff. I wish that a app like from xbox360 can process this nor dump patching stuff and do checks on it. It took me like 20th trial and error (no worries I still have a good nor dump) because im stupid but hey, at least I understand how it works now.
Click to expand...

Great to hear you got it working.

I must admit that the guide is not clear because this use case is extreme and expect skilled user to do it successfully.

There is many types of HW flasher too, all different.

It would be nice if we have patcher app for it, it is actually simple to do but I'm not good at making them. (GUI stuff)
So I will happy if other people do it
 
aomsin2526 said:
Great to hear you got it working.

I must admit that the guide is not clear because this use case is extreme and expect skilled user to do it successfully.

There is many types of HW flasher too, all different.

It would be nice if we have patcher app for it, it is actually simple to do but I'm not good at making them. (GUI stuff)
So I will happy if other people do it
Click to expand...

I've made a small bash script to use with dd, it's a tad slow but it gets the job done.

Code: 
#!/bin/bash
# This script can be used to patch a NOR dump
# before installing the BadWDSD modchip to a bricked console
set -euo pipefail

if (( $# != 2 )); then
  echo "Usage: $0 path/to/dump.bin path/to/qcfw/folder"
  exit 1
fi

DUMP_TO_PATCH="$1.wdsd-patched"
QCFW_PATH="$2"

cp -v "$1" "$DUMP_TO_PATCH"
echo "Will patch $DUMP_TO_PATCH"

FILES=("Stagex.bin" "Stagex_aux.bin" "CoreOS.bin" "CoreOS.bin")
OFFSETS=("0x31000" "0xF21000" "0x0C0000" "0x7C0000")

for idx in $(seq 0 3); do
  FPATH="$QCFW_PATH/${FILES[idx]}"
  OFF=${OFFSETS[idx]}
  OFF_DEC=$(($OFF))
  echo "Writing $FPATH at offset $OFF ($OFF_DEC)"
  dd ibs=1 obs=1 conv=notrunc status=progress seek=$OFF_DEC if="$FPATH" of="$DUMP_TO_PATCH"
done
 
Tengo un super slim con el modulo wifi dañado. Luego de modificar los offset como se indica al comienzo del post y entre en modo seguro, debo instalar el firmware 4.92 HFW ?

I have a Super Slim with a damaged Wi-Fi module. After modifying the offsets as indicated at the beginning of the post and entering safe mode, should I install firmware 4.92 HFW?

Mod edit: Provide and English translation along with your post.
 
Last edited by a moderator:
CHIPSET said:
Tengo un super slim con el modulo wifi dañado. Luego de modificar los offset como se indica al comienzo del post y entre en modo seguro, debo instalar el firmware 4.92 HFW ?

I have a Super Slim with a damaged Wi-Fi module. After modifying the offsets as indicated at the beginning of the post and entering safe mode, should I install firmware 4.92 HFW?

Mod edit: Provide and English translation along with your post.
Click to expand...

Yes
 
You must log in or register to reply here.

Similar threads

Back
Top