PS3 Yelp! Recovery Mode flag. Where it is in memory?

X

xanthefin

Member
Shortly; I turned Toggle Recovery Mode Enabled from Rebug Toolkit. Now it won't start anymore. Get green light for some seconds and PS3 gives up.

Why?

I had petitboot installed and it messes up Recovery Mode somehow as if you try boot manually PS3 to Recovery mode you end up petitboot (first impressions - cool i have here shortcut to OtherOS!) but when turning Recovery Mode Enabled from Rebug toolkit i ended up now stuck with no boot at all.. guess petitboot to thank for that.


So.. Can i go toggle it back off somehow from memory (EEPROM/SYSCON)? I dig around that there is flag at 0x48C61 location is closest which sounded like one but if someone has closer info i would appreciate before trying set up all and trying it.

0x48C61 = Recover Flag allows backup (ros1) Core OS in NOR/NAND, (see previous post) to be run instead of ros0 (regular Core OS)

...gonna order E3 NOR tool when get some extra.


Thank you!
-Written by helpless idiot
 
Last edited:
This flag is some on "dev_hdd0/mms/".

If You have EID Root Key, mount HDD on Linux and delete it (it is very small file; can't remember the name now). Maybe it wasn't flag in flash yet... Or maybe I mislead wit ith rebuild database flag. :P

BTW: What PS3 do You have? NOR models writes petitboot into one of VFLASH partition, so formatting HDD will get rid of it.
 
Last edited:
Berion said:
This flag is some on "dev_hdd0/mms/".

If You have EID Root Key, mount HDD on Linux and delete it (it is very small file; can't remember the name now). Maybe it wasn't flag in flash yet... Or maybe I mislead wit ith rebuild database flag. :P

BTW: What PS3 do You have? NOR models writes petitboot into one of VFLASH partition, so formatting HDD will get rid of it.
Click to expand...
Hi! Thank you for reply.

It is NOR model.

Seems i dumped EID Root Key but didn't got to save it anywhere. So i have just NOR dump.

Tried shortly with another PS3 hard drive but it was no go too (even without hdd) so i can't get into Recovery on such thing too. It was on DEX 'mode' if it matters.
 
It will not, HDD is encrypted by unique keys, so for another console it is like empty HDD and she will want format it. Because ERK is unique per model and from this key are calculating others.

Rather here: https://www.psx-place.com/threads/tutorial-hdd-mounting-and-decryption-on-linux.23308/ Tools from wiki needs ancient Linux kernel to works; and whole text is badly explained IMO, I written something relatively easy to follow step by step.

I cannot guarantee that boot flag is first a file in mms folder (like one for toggle rebuild database), so I don't know if this is not a blind corner for Your road. But anyway, it doesn't matter as You are unable to read HDD on PC without EID Root Key.
 
Yeah i suspect so. Gonna put hands moving and disassemble unit and try scream hello to it if its answers back from SYSCON. Its just weird to me as it doesn't boot without those flags being there (no hdd or with another hdd) so i am suspicious and will power is too great to not to check out SYSCON. Maybe its a glitch in matrix.

Nice information added bookmark. Will make sure i rip those EID keys from my other PS3's to good safe places now.
 
NOW IT BOOTS AGAIN!


Wrote that flag back to FF manually as i mentioned in my first post as i suspected. It was set to 00.

So yeah this mine problem flag WAS in SYSCON/EEPROM chip and no hdd attached. This didn't affect checksum in my case.

If anyone attempts same. Do like me and please get familiar with the ready dump out there of the SYSCON with hex editor what you gonna look at and you will feel comfortable doing too the same as you know what to check.

...now gonna make extra debug/undo port in PS3 for the future so no need open it again such way.

HAPPY :smile:
Thanks for tips and gonna take that EID key still anyway to better place for the future adventures. :semi twins:
 
Hmm.. weird.
If you swapped CoreOS (ROS region swap) through the syscon flag & it works now, maybe the original CoreOS got corrupted along the way or something else in Flash memory that is set per ros region...
You should maybe dump the Flash Memory before doing anything else for investigation purposes...
You could run it through pyps3checker & post the logs if it finds errors/warnings.
 
Last edited:
Sorry i wrote long answer for both and it asks to contact admin due spam filtering. If someone can solve my account issues here thank you. I can continue answering.

Edit. lest try cut down message.
 
Berion said:
So it means that You dump SysCon chip, edited it and wrote it back?
Click to expand...
No need in such scale do work. As these days there are these infos
SC EEPROM - PS3 Developer wiki (psdevwiki.com)
ps3syscon/PS3-Uart-Guide.pdf at master · db260179/ps3syscon · GitHub
As i wrote you can just go write bytes individually to SYSCON (with NOR chip systems at least). Only thing i didn't see from those documented cases could i reach those flag area but happily i could and it didn't change the checksum as i verified.
So in my mind that SYSCON is like a BIOS chip with all those flags being there. Firmware is on NOR chip and rest system on hdd.
 
bguerville said:
Hmm.. weird.
If you swapped CoreOS (ROS region swap) through the syscon flag & it works now, maybe the original CoreOS got corrupted along the way or something else in Flash memory that is set per ros region...
You should maybe dump the Flash Memory before doing anything else for investigation purposes...
You could run it through pyps3checker & post the logs if it finds errors/warnings.
Click to expand...
Sorry i don't get what region change means? I don't know where is that flag (i refer earlier SC EEPROM documents which lists them all).
0x48C24 OS bank you mean? I haven't touch and thats NAND i guess only. I have NOR.
Bank #0 OS-Flag (ros0 if 0xFF else ros1, for NOR consoles only) (os_bank_indicator)

Rewrite Target ID in Flash? You mean?
If you did mean that and REX to DEX yes i have done that conversion. QA Flag Enabled too. But these are as far i know not related to no boot issue as before petitboot installation (did at last) i booted up to recovery like nothing to format my drive as DEX.

I then just got stuck via this Recovery Mode Flag (Boot Flag) in SYSCON chip. Not due any other flags. Plus there is been many people trying remove petitboot to get recovery back. So i tried that flag but it ended up in this no start issue.

Will wire so that i don't need open case if i try as next flag Set GameOS Boot flag in REBUG toolbox but i don't know its official name yet sadly. Should use official names everywhere.
Why i want back recovery is i want start at zero again to linux installation.


I found funny as petitboot is actually OpenWRT firmware modified to PS3. I downloaded it sources too to look up more situation.

This PS3 is only for Linux. And i want install for this as i did to other a 1.8Tb hdd. Wanna know where is that glitch which enabled that certain Firmware/system to format it correctly as for me over the years no any problems. Will try find the culprit for that and re-enable it for all firmwares. Did already made succesful update to my slight modified CFW without a brick so can handle that skill already some level.
 
Last edited:
pyChecker did result now actually warnings:

009.02 ROS0 Hash
009.05 ROS1 Hash

Guess comes from my edited cfw so no worries.

I believe i found the Boot flag from VFLASH area i copied to PC.. it is all zero in my case.

Edit: Reinstalled system now boots to recovery after first time going petitboot and selecting boot to GameOS. I then really had corrupted recovery... my dignity as cfw builder is been wrecked. lol
 
Last edited:
You must log in or register to reply here.

Similar threads

Back
Top