PS3 Broke PS3 CPU during delid. Is there any way i can replace it?

[M4j0r]

Obviouslly, this procedure needs to "scan" the new CELL (to find his identifyer), and stores it in the area we filled with 0xFF's

Yes, it's requesting data from the CELL side which then uses the eid_root_key to decrypt the first layer of the eid1, which will then be transferred to the Syscon. Syscon will decrypt it and then encrypt it with a different key, then write it to it's "EEPROM".
The key which Syscon uses to decrypt the eid1 will be overwritten, it's only stored there at the factory (but we know it for retail consoles).
If you lost your original eid1 but still have the eid_root_key it can be generated.

Ok. I have those tools as uarts, E3 jig for 3.55 factory service mode. So if I get any board like 3000/4000 with dead cpu I would be able to put those units in service mode after cpu is exchanged , modify that address and get out from service mode with usb files for out from fsm . Wouldn't this brick units over 3.55?

You can get non CEX units still into service mode with the usb dongle but you won't be able to exit it.
You still need either a CFW or the eid_root_key which is of course a problem on newer consoles.

Now is necessary to dump syscon full, but not revealed?So what I don't understand?
That address in nvs can be accessed in service mode?

my biggest doubt of the wiki explanation is the section named "syscon prerequisites"
I dont know if is needed to apply a syscon "patch" to unlock the access to that regions... and incase of applying a patch (as far i understood) the console should be able to boot normally to install a CFW
I dont know if there are other alternatives... i was wondering if is posible to access that areas by SPI, but i dont know, im still learning how syscon works

You need some way to enter/exit service mode which either requires CFW or the eid_root_key and full Syscon "EEPROM" access.
Well, we can't get the eid_root_key from newer units and we also don't have CFW running on them.
On Mullion you can use the SPI interface to access the full EEPROM, else you need a patch.
Sherwood requires a patch but you can't apply it without a married CELL* (Sony will just replace the Syscon, it's only meant to be married one time). So if you didn't apply the patch before CELL fails you need to replace the Sherwood Syscon.

In short: Only "hackable" consoles work, on Mullion based ones you use the SPI interface, Sherwood models need a new Syscon.**

How to get a fresh Syscon?
Sony orders them from NEC/Renesas, these are the official order codes for them:

LFQFP-128 (512KB ROM, 50KB RAM)
SW-301: UPD79F0073GFS-301-GAT-E2-AX
SW-302: UPD79F0073GFS-302-GAT-E2-AX
LFQFP-128 (768KB ROM, 50KB RAM)
SW2-301: UPD79F0086GFS-301-GAT-E2-AX
SW2-302: UPD79F0086GFS-302-GAT-E2-AX
SW2-303: UPD79F0086GFS-303-GAT-E2-AX
LFQFP-100 (768KB ROM, 50KB RAM)
SW3-301: UPD79F0123GCS-301-UEU-E2-AX
SW3-302: UPD79F0123GCS-302-UEU-E2-AX
SW3-303: UPD79F0123GCS-303-UEU-E2-AX
SW3-304: UPD79F0123GCS-304-UEU-E2-AX


* of course you could create some modchip which emulates CELL, but you still need the eid_root_key of the dead CELL
** hackable prototype consoles with a Sherwood Syscon don't need a new Syscon.

 

[vyktormvmpay25]

Thank you for sharing great info. I will sort out this exchange it with another motherboard. Usually reball both for about 60 euros. Now looking for this it would be to much work and nobody will pay more for ps3. Working units, not maintained will be 70, were people getting the idea not fixing anymore. That's why I have many broken units on stock. I fix them when I get time and sold after testing.