PS3 VFLASH backup and restoration fixing some boot loops

[Berion]

I had today very interesting case. User experienced boot loop after attempt to install Evilnat CFW. We have eliminated HDD issue (S.M.A.R.T short report is fine besides few read errors). So normally in that case, I restoring Sony style FAT32 image of dev_hdd1 (user have EID Root Key). However this result no loner in boot loop but printing error related to HDD damage. So then I told the user to do:

1. Place new drive to check if this will working. It turned out that it boots fine to XMB after formatting and fw reinstall, like normal procedure looks like.
2. Make raw dump from "/dev/mapper/ps3hdd1" (it is VFLASH partition on NORs which he have (CECHL04)), from newly formatting disk. Mapper nomenclature taken from my PS3HDH, just FYI.
3. Inject that dump to old "broken" disk.

And he boots fine after disk swapping (fw resources in VFLASH and NOR must matching, in other words, both must came from the same fw version).

So besides informations above for services etc. Could you @Evilnat add to XAI plugin VFLASH dumping? Both: raw encrypted dump but also decrypted (not sub-regions, just whole region). This can safe people ass in some cases. Also maybe worth to add to bgtoolset? @bguerville

 

[Evilnat]

Sure mate I can add the option to dump it, but can I mount /dev/mapper/ps3hdd1 with cellFsUtilMount?

 

[Berion]

@Evilnat According to OtherOS nomenclature, it will be "ps3vflash" (decrypted once, so decrypted by ata key only). Because "ps3vflasha" I assuming is fully decrypted, so decrypted by ata key and that output decrypted again but by encdec key, however in this specific task that mount point will be not useful at all because we don't know nature of corruption, safer is just overwrite whole partition (region)).
https://www.psdevwiki.com/ps3/Talk:Harddrive#HDD_partitions

I don't know. That function is rather to mount fs, while VFLASH partition is still encrypted, a raw blob at that level. When decrypted became another device. I don't know how to explain in English. Below is my table, simplified in compare to dev wiki one:

We need that "purple rectangle dump", not pink. ^^"

Eventually dump from sectors from raw access to HDD but that way, we cannot distinguish exact range because for some reason, partitions lies on HDD with 8 sectors aligning differences. I never figure out why. That's the reason why take it from first removed onion layer, not further, not sooner, because that can be taken from PS3 partition table which I believe PS3 doing automatically when exposing regions (partitions and sub partitions).

 

[Evilnat]

@Berion can you tell me if this is what you need? Sorry but I am a bit lost about dumping HDD, I've never done it before

 

[Berion]

@Evilnat Closely, that's decrypted beginning of VFLASH (PS3PT for disk and VFLASH have the same magic number, if there are 6 segments in it, thats VFLASH for sure, if only 3 then that's start of decrypted disk). We need one level above (decrypted disk, but still encrypted VFLASH). ^^

On second thought, that can be useful as encrypted VFLASH, I just need a modify my script a little. So I thinking it is fine now, I can test it to confirm if You share XAI+XMLs or PUP.