vyktormvmpay25
Senior Member
Please read syscon tutorial again to understand how to gain syscon internal access. From what I see your problem is more complex then I expect. There are too many issues.
PS3 [GUIDE] Unbrick a PS3 after an unfortunate PS3Xploit flash
- Thread starter littlebalup
- Start date
-
- Tags
- ps3xploit
DarlanZ
Member
I am in.
Code:
Bringup Mode #0 (0xFF)
[SSM] ssmCb_OnStartingBePowOn() called.
[SSM] First Boot.
[SSM] Bringup mode : syspm_stat=00000000/00000000
[POWSEQ] PowerSeq_Setup called.
[SSM] state: 0101 -> 0201
[POWSEQ] AV Backend Setup
[SSM] state: 0201 -> 0102
[SSM] state: 0102 -> 0202
[SSM] state: 0202 -> 0103
[SSM] state: 0103 -> 0203
[SSM] ssmCb_BeforeBeOn() called.
[SSM] state: 0203 -> 0104
Psbd_SbTransMode_Half:0x21e2
Last edited:
RIP-Felix
Senior Member
Yes that is a problem. Because no software has access to the bootloader on the NAND. They are stored on the NAND and you need to dump the actual nand after removing them from the board. Then once you have a combined original (presumably bricked backup of the actual NAND) you extract the bootloader from it and add that to the backup you made form using either BGA toolset or rebug dumps.
Unfortunately the 256MB so called "full dump" doesn't actually contain anything in the top and bottom bootloader sections. Just 00's as padding to make the resuting filesize 256MB. Which I think is misleading and causes people to think they have a full dump, when they don't. And could cause them to overwrite their original NAND! If you did that your bootloader is gone and I'm not sure if that is possable to recover from that. If it contains perconsole data, you're boned.
Last edited:
DarlanZ
Member
So, I undestand what you said then I decided to check the dump and It has(I think).
bootldr statistics(top):
bootldr statistics (bottom):
PS3 NAND STATISTIC:
Last edited:
DarlanZ
Member
DarlanZ
Member
I could wrote some commands like bringup and powerstate. The cmd bringup stopped on Psbd_SbTransMode_Half:0x21e2.
That looks ok to me.
You may try the 3.55FSM old school method. To enter FSM you can use the teensy++ 2.0 with psgrade as dongle (you must revert back the teensy to 5v and plug it to the usb port 0 of the console). Sources are also available for other like atmel based boards.
https://www.psx-place.com/threads/d...ists-for-a-3-55-fsm-downgrade.1008/#post-5602
https://www.dropbox.com/s/v0njd1i90jrcruj/psgrade_teensy_at90usb1286_16.hex?dl=1
You'll also need the lvdiag.self to install the 3.55 firmware from FSM and the lvdiag.self to exit FSM.
https://www.psdevwiki.com/ps3/Downg...er#Reinstall_firmware_in_Factory_Service_Mode
vyktormvmpay25
Senior Member
Think his problem is more on hardware side, he patched already 355fsm? Shouldn't boot 10 seconds then turned off itself? Without any dongle inserted? Usually I get that then if I go for safe mode it's going with image and I can install fw. Try that method littlebalup said.
RIP-Felix
Senior Member
That's normal. The bootloader starts after that and there's a long string of information in it that doesnt update automatically. Just hit enter again and it'll display the rest.
DarlanZ
Member
QUOTE="RIP-Felix, post: 371908, member: 69150"]That's normal. The bootloader starts after that and there's a long string of information in it that doesnt update automatically. Just hit enter again and it'll display the rest.[/QUOTE]
Here is the log:
Ok, I did this but there is a problem here. You sent to me an AT90USB1286 file and didn't work here. So I decided to check the Teensy and:
I am able to use the nandway.hex with this. I am able to write and to dump the nand.
(Maybe) I don't know if has a problem with PSGrade.hex once the ps3 go to red light blinking.(Or the problem is the ps3?)
I TRIED TO USE SOME DIFFERENTS PS3GRADE FILES THAT I FOUND ON GOOGLE BUT I DON'T KNOW IF IT'S GOOD:
Is there something more that I can do? Another thing that I can check?
The donor Southbridge and StatShip2 is ready to be replace but I have one more question. Can I replace/upgrade the StatShip2 CXD4302GB-1 with CXD9909GB once the second one was removed from COK002(CECHE). In other words, it was removed from the same model board.
Here is the log:
Ok, I did this but there is a problem here. You sent to me an AT90USB1286 file and didn't work here. So I decided to check the Teensy and:
TEENSY CHIP IS AT90USB1287:
I am able to use the nandway.hex with this. I am able to write and to dump the nand.
(Maybe) I don't know if has a problem with PSGrade.hex once the ps3 go to red light blinking.(Or the problem is the ps3?)
TEENSY WROTE WITH SUCCESS:
USB MADE WITH SUCCESS:
STEPS MADE:I TRIED TO USE SOME DIFFERENTS PS3GRADE FILES THAT I FOUND ON GOOGLE BUT I DON'T KNOW IF IT'S GOOD:
The donor Southbridge and StatShip2 is ready to be replace but I have one more question. Can I replace/upgrade the StatShip2 CXD4302GB-1 with CXD9909GB once the second one was removed from COK002(CECHE). In other words, it was removed from the same model board.
Attachments
Last edited:
That's weird. Original teensy++2.0 is based on AT90USB1286: https://www.pjrc.com/store/teensypp.html
Is it a clone?
About the starship2, I don't know at all... those chips are kind of mysterious. Hoping bost manage the nands bloscs and ECC the same way.
DarlanZ
Member
I bought it in AliExpress because It's very difficult to find a genuine. But it is strange because I am able to read and write the nand.
About the blocks, It's ok for me. I checked the dumps. Their hashs are matching with flowrebuilder files that I used to write.
I just compiled this one for you (untested) : https://www.dropbox.com/scl/fi/pnc7...87_8.hex?rlkey=jo8a1p37vtengwhpvevbsismg&dl=1
About the starship2 and blocks/ecc, I mean the starship is in charge, at least, to manage both NAND to be seen by the SB as a single "drive". So it manage the way the data are dispatched between both chips, bad blocks, ECC, etc... so I'm just saying I hope both models do that the same way. If not, it may strugle with the actual nands content.
DarlanZ
Member
I tested it and didn't work. I saw that you made a 8khz file. But the crystal crystal oscillator on this board is a 16khz.
ok, new one: https://www.dropbox.com/scl/fi/hc5e...7_16.hex?rlkey=q3vlz7n325ov4v1xesscaw2wq&dl=1
edit: just checked... in fact it compiled the exact same file as for the at90usb1286... so it shouldn't help much
DarlanZ
Member
Yea, It's the same file. Although Teensy is cloned, I think it isn't the real problem. What do you think? I did every thing that I could?
I think the only option now will be the SouthBridge replacement. I'll take a look on board components again before replacing.
So, I am thinking now that I could replace the SB and test. If it is booting, good! If no I will replace the StatShip2 too. I am thinking to do a syscon reading after remove the southbridge. It's good to know what I will see.
I guess, before i do this, the @vyktormvmpay25 and @RIP-Felix answer is important too.
Last edited:
DarlanZ
Member
Hi, could you send the link of this booter? I will use with another cok002 board that I have here.
DarlanZ
Member
I tried to use the psgrade with my teensy with other cok002 board that I have. It worked ok. I installed the firmware and generated a log file in my usb. Unfortunately it has glod and not sync controller.
Intruder_911
Member
Hi. I have 43xx model REX-001 board semi bricked Super Slim with 8002f147 error. FW is 4.82. Before it had ODE on board, but now ODE is unistalled also there is no original HDD.The BD data line tiny capasitors are installed back of course. If there is any way revive this board by manual patching 16MB NOR dump. I heard before updating/reinstalling FW it must be changed to BD mode on XMB. But unfortunatly i can't do it because missing ODE and/or orginal HDD. I mean change it to BD mode in Hex editor. There is interesting issue with its dump, everytime even i patch it by dump checker, when i try install system software the ROS0 become corrupted (may be because of 8002f147 on 15%). Thanks.
Last edited:
Similar threads
-
PS3Xploit Flash Writer (4.93 HFW Req)- Started by Evilnat
- Replies: 10
-
PS3 [Tutorial] Update Frankenstein PS3 Firmware That is Too Low to Initialize RSX (< 3.41) (NAND Models)
- Started by byt3swap
- Replies: 0
-
PS3 [Tutorial] Update Frankenstein PS3 Firmware That is Too Low to Initialize RSX (< 3.41) (NAND Models)
- Started by byt3swap
- Replies: 0
-
PS3 Bricked ps3 after flashing ofw dex on converted cex to dex ps3 slim cech-2104a.
- Started by cezar_iscru.jpg
- Replies: 2