PS3 Bricked PS3... (From fake bgtoolset)

[nodeberry]

Hello,

First of thank you for reading this, hopefully I can get some help. I have a fat PS3 CECH-A01, and am on FW 4.89. I followed the tutorial for installing CFW with bgtoolset and noticed it said I had FW version 4.88 on the top right, I continued anyway and applied the nofsm patch. After rebooting, I get a green light for a few seconds followed by red.

I have the dump backup from the toolset, and I have an E3 flasher here. However, I don't know the steps to get my system back working.

 

[STLcardsWS]

The official toolset is currently offline for the past few months, should be back soon.

The only online one's currently are imposter's that look like the toolset but are not the toolset.
You used an Incomplete imposter clone's, we have been warning many people about the risk as you can brick your console.

There are plenty of guides here in the forums and around the net, .
Other may have some advice for you.

 

[nodeberry]

Appreciate the reply. I am a bit confused since I have a dump.hex file here but I am unsure how to restore that using the E3 flasher.

 

[Coldheart2236]

I have a dump.hex file here but I am unsure how to restore that using the E3 flasher.

Since you have a CECH-A01 model which has a NAND flash, the E3 flasher is not suitable for it as I believe it only supports NOR consoles (CECH-H models and higher). Not 100% on that so I would wait for confirmation by someone who knows more.

 

[nodeberry]

Yeah I seen that, ordering the Teeny for NAND now. Do you know what the proper steps are for recovery?

 

[kostirez1]

Two things to check before you start any attempts to solder to the NAND flash:

I have a dump.hex file

What happens if you run that file through PS3DumpChecker or PyPS3checker? Are you really sure that you can restore this file?

I get a green light for a few seconds followed by red

Given that LEDs are controlled by Syscon, you should check what it spits out over the serial line. It should say something along the lines of "authentication fail" just like mine did after an unfortunate flash during development.

Spoiler: Boot error from CECHK

Boot Loader SE Version 2.3.5 (Build ID: 3034,32025, Build Data: 2008-05-12_15:29:27)
Copyright(C) 2007 Sony Computer Entertainment Inc.All Rights Reserved.
[SERV SETCFG] XDR (CH0,CH1) ASSERT
[SERV SETCFG] XDR (CH0,CH1) DEASSERT
[SERV NVS] READ CMD
[ERROR]: 0xb0000004 lv0 authentication fail
[SERV NVS] WRITE CMD
[SERV NVS] WRITE CMD
[SSM] *** FATAL ERROR requested by OS ***
[SSM] state: 0400 -> 0700
[POWSEQ] AV Backend Letup
[SSM] ssmCb_AfterBeOn() called.
[SSM] Shutdown mode : syspm_stat=00000000/00000000
[POWSEQ] PowerSeq_Letup called.
[SSM] state: 0700 -> 0600
(PowerOff State) (Fatal)
loading_status:0x0
[SSM] state: 0600 -> 0000
[SSM] Error state is cleared.
(PowerOff State)

 

[littlebalup]

You should have a look starting here: https://www.psx-place.com/threads/g...ate-ps3xploit-flash.21750/page-17#post-346017
@feng_ye had the same issue

 

[NiQ]

You should have a look starting here: https://www.psx-place.com/threads/g...ate-ps3xploit-flash.21750/page-17#post-346017
@feng_ye had the same issue

Are we even sure recovery from fake bgtoolset brick is possible on NAND with Teensy?

 

[GuilloteTesla]

Are we even sure recovery from fake bgtoolset brick is possible on NAND with Teensy?

If you've made a proper, valid dump of the NAND BEFORE attempting to run the exploit, then you can restore it as usual.

But if the dump was not done or it is invalid then the console may be totally bricked. I believe that there is a slight chance of recover from a bad exploit but as bguerville said, it is not possible to know the cause and degree of the damage done from this modified toolsets (albeit stolen, those are closed source).

 

[FFF256]

But if the dump was not done or it is invalid then the console may be totally bricked. I believe that there is a slight chance of recover from a bad exploit but as bguerville said, it is not possible to know the cause and degree of the damage done from this modified toolsets (albeit stolen, those are closed source).

The most common mistake is broken ROS. In this case, you can restore them and restore the console. You will need a dump from the same live console to take the live part from there. There are already instructions on the net "[FAQ] How to restore corrupted ROS0 and ROS1 in a dump!" (in another language). True, the procedure for NOR is described there, but the essence of the method for NAND is the same.

 

[NiQ]

The most common mistake is broken ROS. In this case, you can restore them and restore the console. You will need a dump from the same live console to take the live part from there. There are already instructions on the net "[FAQ] How to restore corrupted ROS0 and ROS1 in a dump!" (in another language). True, the procedure for NOR is described there, but the essence of the method for NAND is the same.

That's assuming the fake site actually managed to produce a valid dump.

 

[FFF256]

That's assuming the fake site actually managed to produce a valid dump.

Even if you did not have a dump for one reason or another and you took it only through a hardware flasher, you can restore it (ros0/ros1).

As we can see, the position of the ros0 section is 0x000BFC00 (for nor), the size is 0x00700000
As we can see, the position of the ros1 section is 0x007BFC00 (for nor), the size is 0x00700000

for nand 0x00080000