[TUT] How to unbrick w/E3 flasher, without a valid backup bios (dump)
 

This is a guide for those that have bricked their PS3, and don't have a valid bios backup.
The truth is you cannot unbrick without a valid bios backup. So what you have to do is get one.
I know your probably thinking "but my PS3 won't turn on" or "but my PS3 is bricked, how can I get a valid dump?"
Well, the answer is, you can still get a valid dump from your bricked PS3.

To unbrick and you don't have a valid dump of your nor, you need to get a valid dump of the nor. Or at least a good enough one, that if it is patched with Rogero's Nor dump patcher it will be good enough to install firmware in Factory/Service mode.
So to get that valid dump follow these steps:

1. Find a pic of your motherboard here. Solder a wire from nor tristate on motherboard to SBE on e3 ribbon cable. This will keep your PS3 on with the first switch up on the flasher. Or you can solder a wire from nor tristate to a GND point on the motherboard. Both will halt the nor and keep the PS3 on for flashing.
2. Now you need to try and get a valid backup. It is still possible even if you are bricked. Depends on what you did, and if the important info has been flashed over.
3. So to try and get some backups, keep switch 1 up, and put switch 3 up, the rest down.
4. Reseat the clip and get it on good. Or solder the e3 linker to know for sure you have a good connection.
5. Validate your backup dump. Follow this guide to validate your dumps. I know that guide can be confusing, also look at this guide that helped me understand how to validate my dumps. Then you can get someone with experience to double check your dump here.
6. After you get a good enough backup, you can patch it with Rogero's Nor dump patcher. To patch it, put the bkpps3.bin in the folder with PS3_Nor_Dump_Auto_Patcher_v0.01.exe. Then drag n drop the dump onto PS3_Nor_Dump_Auto_Patcher_v0.01.exe. It will then apply the patches for you.
   
   
   Click here if you still cannot get a good dump

   If you cannot get a valid dump, you can try and put one together. You will need to go through your dumps, and try and find the important info. Then use a hex editor, to put it all together.
   Go to this page: http://www.ps3devwiki.com/wiki/Flash. You will need to find all the per console info. To do this you will need to search through the offsets of your bad dumps. Then compare the info with the Flash page. If you can find all the per console info, you can use a donor Nor dump for the rest of the info you need.
   
   
   DO NOT CONTINUE UNTIL YOU HAVE A VALID BACKUP!!! If you try to continue without a valid backup, you may flash over the info we need to unbrick the console. If that info is not gone already.
7. Then put switch 3 down and leave the rest as they were.
8. Flash the patched dump.
9. When it is done flashing, turn the ps3 off.
10. Put all switches down on flasher. If you soldered from nor tristate to GND instead, you need to remove the wire now.
11. Turn PS3 on and you should see the connect controller screen.
12. Then cut the power by pulling the plug or by the power switch.
13. Insert downgrade dongle into the right most USB port.
14. Plug PS3 back in, and press power then eject.
15. Wait for the dongle to communicate with the PS3 and the PS3 will shut off automatically.
16. Put either Rogero v3.7 (RENAME TO PS3UPDAT.PUP) and this Lv2diag.self on the root of a FAT32 formatted USB stick.
17. Replace the downgrade dongle with the USB stick, in the right most USB port.
18. Wait for about 4 or 5 minutes for the firmware to install, and the PS3 to shut off by itself.
19. Now put this Lv2diag.self by itself on a FAT32 formatted USB stick.
20. Put the USB stick in the right most USB port and press power on the PS3.
21. Wait for about 30 seconds for the PS3 to shut off by itself.

You should now be unbricked. and if you used Rogero v3.7 follow the dehashing steps.


Don't do any flashing until you get the clip on good, and get a valid dump. This is very important. If you flash over the info needed for a valid dump, it will never be recovered. Thus making your PS3 a permabrick.

so in short..if only the NOR>ROS0/1 is corrupt on NOR flash... and all the rest of ur dump is intact >>(per console keys u can patch it with 355COREOS and overwrite the corrupt flash else it wont work i'm afraid....

Right. It would depend on how it was bricked.

Is there something similar I can do to revive my SEM-001 console? It was running OFW 3.55 when a downgrade attempt went wrong and bricked it.

I dumped the NAND with infectus but I'm not sure how intact the dump is.

What I was hoping to do was inject the per-console stuff back into a known good nand dump if I can get one.

Obviously you are talking NOR and I have NAND but I wonder whether something similar is possible?

I've soldered TSOP48 sockets to my SEM-001 and flash the nand off board with infectus then pop them in to test, so can test lots of different options relatively easiliy (just slow to write with infectus, but writing is working - can write nand and dump it and both the same).

The bad block on one of my nand is not helping as some data may have been relocated and I've no idea how to find what data may have been moved and where it may have been moved to.

what if is the brick was due flashing non valid Dump?!

@deanclaxton

for that u have to ask the masters :) ...i got all my info/help from euss back then :) for that i thank him again....and ofcourse the forums....BUT this only works if ROS0/1 is somehow corrupt, when patching those offsets with the progskeet 355 coreos patches it gets overwriten on NOR(NAND must be same with nand progskeet patch) that way u can fix this kind of brick, if there is "pck stuff" missing u must be lucky to have another "good" one with that particular info and then make 1 good one out of the 2 :)

for that u have to ask the pro's, i'm just another noob and can only tell u what worked on my end with bricks...but in the perfect scenareo it can work..its all about the per console keys

Ok cool - gives me some hope :-) If I can extract only the perconsole keys from my dumps then maybe the whole nands can be rebuilt around those. Somehow :-)

Any idea where I'd find the perconsole keys in a NAND dump? Or are they encrypted?

yes it can work....or so they claim....i have not done this personally.....for all the offsets/pck stuff check the ps3devwiki
http://www.ps3devwiki.com/wiki/Flash

most "pck" stuff/offsets are static? how do u say that...lol....some pck offsets like VTRM stuff may have different offsets/ ~varies as the wiki reports.....ur best bet is hop on the irc wagon and ask the pro's like jhax78/euss, i'm sure if it can be fixed..they can do it

If you got a non valid dump because the clip was not secure, and flashed the non valid dump with the clip still not secure. It would most likely not flash over the parts that the non valid dump was missing.

Therefore, if you seat the clip properly, or solder the e3 linker. Get a dump, and the info may still be intact.
But if you got a non valid dump, because the clip was not on good. Then you seated the clip proper or soldered the linker and flashed the non valid dump. It would flash over all the info you did not get the first time. So you would have no hope.

So if you follow the OP. And can not get a dump with the important info. Your PS3 in non recoverable.

You don't really need to solder. After attaching the clip and flipping the PS3 don't screw the bottom metal plate. I connected the power supply and the fan and switched on the PS3 WHILE using a wire to connect the alternate MB point with the tristate, after making sure the PS3 was still on after a couple of seconds, I quickly put the bottom metal plate and screwed the four black screws that press the CPU and RSX onto the heat sink and voila!