PS3 [HELP] Identifying Metldr0.2

[LuanTeles]

Guys, i need a code to detect the following

Console Model: Fat, Slim or Super Slim
Flash Type: Nand, Nor, eMMC
Hackeable: Yes or No

I have almost all of it working, execept for eMMC and if the 25xxx is hackeable or not, here's what i have

struct ConsoleInfo {
    string model;
    string flash_type;
    string hackeable;
};

ConsoleInfo get_console_info() {
    ConsoleInfo info = { "Unknown", "Unknown", "Unknown" };
   
    uint8_t pscode[8] = {0};

    int ret = sys_ss_appliance_info_manager_get_ps_code(pscode);
    if (ret != CELL_OK) {
       info.model = "Error";
       info.flash_type = "AIM syscall failed";
       return info;
    }

    uint8_t sub_code = pscode[5];

    switch (sub_code) {
        // FAT Models
        case 0x01: // Model CECHAxx - Motherboard COK-001
        case 0x02: // Model CECHBxx - Motherboard COK-002MC
        case 0x03: // Model CECHCxx - Motherboard COK-002
        case 0x04: // Model CECHExx - Motherboard COK-002W
        case 0x05: // Model CECHGxx - Motherboard SEM-001
       
            info.model = "Fat";
            info.flash_type = "NAND";
            info.hackeable = "Yes";
            break;
       
        // FAT Models
        case 0x06: // Model CECHHxx - Motherboard DIA-001
        case 0x07: // Model CECHJ/Kxx - Motherboard DIA-002
        case 0x08: // Model CECHL/M/P/Qxx - Motherboard VER-001
       
            info.model = "Fat";
            info.flash_type = "NOR";
            info.hackeable = "Yes";
            break;
       
        // SLIM Models
       case 0x09: // Model CECH-20xxA/B - Motherboard DYN-001
        case 0x0A: // Model CECH-21xxA/B - Motherboard SUR-001
       
            info.model = "Slim";
            info.flash_type = "NOR";
            info.hackeable = "Yes";
            break;
       
        // Slim Models (Not All are Hackeable)
        case 0x0B: // Model CECH-25xxA/B - Motherboard JTP-001 / JSP-001
           
            info.model = "Slim";
            info.flash_type = "NOR";
            info.hackeable = "Yes";
            break;
       
        // Slim Model
        case 0x0C: // Model CECH-30xxA/B - Motherboard KTE-001
       
            info.model = "Slim";
            info.flash_type = "NOR";
            info.hackeable = "No";
            break;
       
        // Super Slim Models
        case 0x0D: // Model CECH-40xxB/C v1 - Motherboard MSX-001
        case 0x0E: // Model CECH-40xxA v1 - Motherboard MPX-001
        case 0x0F: // Model CECH-40xxB/C v2 - Motherboard Unknown
        case 0x10: // Model CECH-40xxA v2 - Motherboard Unknown
        case 0x11: // Model CECH-42xxB/C - Motherboard NPX-001
        case 0x12: // Model CECH-42xxA - Motherboard PPX-001 / PQX-001
        case 0x13: // Model CECH-43xxB/C - Motherboard RTX-001
        case 0x14: // Model CECH-43xxA  - Motherboard REX-001
       
            info.model = "Super Slim";
            info.flash_type = "NOR";
            info.hackeable = "No";
            break;

        default:
            {
                char buffer[32];
                snprintf(buffer, sizeof(buffer), "Unknown (0x%02X)", sub_code);
                info.model = buffer;
                info.flash_type = "Unknown";
                info.hackeable = "Unknown";
            }
            break;
    }

    return info;
}

So, what I need is a way to determine whether the CECH-25xxA/B model is hackable (meaning CFW-compatible). I could use the MINVER check, but it's not entirely reliable since the user might have changed the IDPS (which is my case).
Because of this, I started wondering how BGToolset detects it. I tested it on my system, and although my MINVER is 3.65, which doesn't match Metldr0.2, BGToolset still detects it as hackable.

Additionally, is there a way to detect the eMMC on SuperSlim models?

 

[LuanTeles]

@aldostools @Evilnat @bguerville @esc0rtd3w @haxxxen

 

[esc0rtd3w]

I remember the bgtoolset checking minver and also verifying against the bytes in flash for metldr0.2

When we were testing, I had a spoofed 2501 as 3001 with idps and thats how we verified whether it was still compatible with cfw or not

 

[aldostools]

I have almost all of it working, execept for eMMC and if the 25xxx is hackeable or not

So, what I need is a way to determine whether the CECH-25xxA/B model is hackable (meaning CFW-compatible).

Additionally, is there a way to detect the eMMC on SuperSlim models?

In webMAN MOD I have an experimental code for a flashwriter (it's buggy, so I don't recommend to enable it unless you have a HW flasher). It performs a check for metldr.2 in the ros area of the NOR/NAND flash memory to detect if the PS3 is CFW compatible or not.

This module is the version modified by kostirez1
https://github.com/aldostools/webMAN-MOD/blob/master/include/feat/rospatch.h#L170-L171

 

[LuanTeles]

In webMAN MOD I have an experimental code for a flashwriter (it's buggy, so I don't recommend to enable it unless you have a HW flasher). It performs a check for metldr.2 in the ros area of the NOR/NAND flash memory to detect if the PS3 is CFW compatible or not.

This module is the version modified by kostirez1
https://github.com/aldostools/webMAN-MOD/blob/master/include/feat/rospatch.h#L170-L171

Thank you Aldo, i'll take a loot at it,

I also found in your github the code to check if the console is nor or nand, mine is working, but urs is the ideal! thanks

 

[Charles_n_town]

I didn't realize bguerville toolbox could see through the spoof? Iirc, spoofing the idps could trick minverchk.

 

[esc0rtd3w]

I didn't realize bguerville toolbox could see through the spoof? Iirc, spoofing the idps could trick minverchk.

Yup. The spoof will show original console info from idps, even minver. Thats why the extra check was needed, to verify against the bytes to check if ".2" exists.

If the minver check shows higher than 3.56, but the bytes in flash do not include ".2", then it is flagged as cfw compatible. If the bytes include ". 2", then it is flagged as not cfw compatible, literally checking for those 2 bytes.

 

[Charles_n_town]

I see. that makes sense. I've had such a difficult time signing in lately or else I would've posted sooner. I don't want to be locked out of signing in/getting white screens. there's a lot I'd like to share with all of you, but if I can't, I can't. it's rare that I can even post at this point. I think the java errors are mostly affecting normal users. it could explain the lack of postings.

 

[LuanTeles]

Thanks guys, i got it almost working

Using Aldo's code for NAND/NOR and Metldr/Metldr.2 did the trick, but i'm having issues with the Min ver code

uint32_t GetApplicableVersion(void *data)
{
    lv2syscall8(863, 0x6011, 1, (uint64_t)data, 0, 0, 0, 0, 0);
    return_to_user_prog(uint32_t);
}

const char* applicable_version()
{
    static char result[256];
    uint8_t data[0x20];
    memset(data, 0, sizeof(data));
    int ret = GetApplicableVersion(data);
    if (ret != CELL_OK)
    {
        snprintf(result, sizeof(result), "Error: Applicable version failed, return code: %d", ret);
        return result;
    }
    snprintf(result, sizeof(result), "%x.%02x", data[1], data[3]);
    return result;
}

Any tips?

 

[Evilnat]

Thanks guys, i got it almost working

Using Aldo's code for NAND/NOR and Metldr/Metldr.2 did the trick, but i'm having issues with the Min ver code

uint32_t GetApplicableVersion(void *data)
{
    lv2syscall8(863, 0x6011, 1, (uint64_t)data, 0, 0, 0, 0, 0);
    return_to_user_prog(uint32_t);
}

const char* applicable_version()
{
    static char result[256];
    uint8_t data[0x20];
    memset(data, 0, sizeof(data));

    int ret = GetApplicableVersion(data);
    if (ret != CELL_OK)
    {
        snprintf(result, sizeof(result), "Error: Applicable version failed, return code: %d", ret);
        return result;
    }

    snprintf(result, sizeof(result), "Data[1]: %d, Data[3]: %d", data[1], data[3]);
    return result;
}

Any tips?

Try enabling/disabling SS services patches

 

[STLcardsWS]

I've had such a difficult time signing in lately or else I would've posted sooner. I don't want to be locked out of signing in/getting white screens. there's a lot I'd like to share with all of you, but if I can't, I can't. it's rare that I can even post at this point. I think the java errors are mostly affecting normal users. it could explain the lack of postings.

Stick to a single account that helps alot,

 

[LuanTeles]

It still cannot retrieve the min ver