[DMX664]

Unbricking a Perma-Brick Is Now Possible!
Tutorial soon to fallow. Contribute to make it a great one.

Alright PS3Hax Community. I got a project I'm working on and am in need of your assistance.

The pictures provided below are of my original dump (obviously missing the bootldr) and of my redump that I'm hoping still has my bootldr still intact.

My goal is to (if its still on my NOR and hopefully in my redump) take the bootldr from my redump and add it into a copy of my (faulty) original dump. And thus making it a proper NOR dump... Hopefully.

If this ends up working for me it would be a great contribution to those who are also in this predicament.
So the information I need, from whoever can help, are:

1. Someone to verify from the photos (or files hosted) that a retrievable bootldr is on my redump.

2. Someone to tell me where the BOOTLDR starts (my assumption is 00FC0002) and ends.

3. And lastly when I recompile it. For someone to double check my Compiled Dump to verify its possibility in working.

Original Dump Photo of BOOTLDR




ReDump Photo of BOOTLDR




Original Dump file: http://www.mediafire.com/download.php?eytgh4i4z4faazr

Redump File: http://www.mediafire.com/download.php?b7t53flg9wvw5fj

Extra Info:

I have a CECH2001b with a DYN-001 mobo.

I bricked my PS3 when I was installing the patch to downgrade.

I had re-installed the clip and soldered nor translate so my PS3 would stop turning itself off, and hopefully the clip was on correctly enough to grab what I missed last time.

If you have any questions please post. Or if you want; PM.
************* [ - Post Merged - ] *************
I should have said something before finishing the post.

The reason why I'm so hopeful that this might work is because of baileyscream's TUT.

The "Check your Dump" section shows that (With my DYN-001 Mobo) The bootldr will start with 2f 3b and the same at its other section.
Which my redump has.

I would still like the input from others on how to continue from here (too worried to just do it without some support and/or input).

[juice777]

NOR clips are like perforated condoms... you're lucky if they work :P

I can't remember the finer details but everything you need should be on ps3dev:
e.g.
http://www.ps3devwiki.com/wiki/Flash
http://www.ps3devwiki.com/wiki/Hardware_flashing

[DMX664]

Hm... I guess I got so anxious to solve this project that I failed to do thorough research.

Thanks for the links juice777.

My impatience is getting to me, but I'll hunt down the info I need from what you provided.

I'll also post my compiled dump if anyone can take a second look over it and tell me if there's anything else I missed.
************* [ - Post Merged - ] *************
F#*k... That's a lot of code.

Anyone know if all of it is necessary, or just a few lines?

Cause this is a crap load to look through.

Click here to see full text

00 00 2F 3B 77 80 B1 34 B6 DF 25 8A 1A BB AB 4D
00 00 2F 3B 5C 2E C9 C0 45 69 0F B3 7B 3C CD D9
62 7D 23 0B B3 FE 00 36 78 94 34 43 B9 44 34 8C
DB 0A 6F 66 09 05 4B E5 64 2E 5D 9F E1 6C 51 20
36 39 D7 7E B8 D5 1D D3 32 FE 04 01 A3 6A B1 D3
FD 12 18 57 39 5C 27 6C D3 3D 5C 3F 63 DF 10 EA
CA 89 E8 53 A6 29 21 76 B4 A8 2A 6A 38 01 FC F9
A2 86 9D 46 3D 26 7E 21 BD 3A ED 30 73 C6 7A E5
C0 EB 1E 9C 1F F1 00 37 F9 29 B4 A7 29 4B 6A 68
5B 5F 41 F1 43 9B 8C 13 BC 81 56 F2 4D 11 C3 93
7F D6 57 32 AD 78 7E 0A BE C1 4F 60 E8 AB D5 54
BE 12 F6 3C 15 9E CE A9 07 AE 39 AB A1 75 2F 8D
92 08 8D A4 93 44 9F AD 0F 73 E1 2B DD 12 5E 2F
E2 1A B4 02 34 C1 AC 78 C2 E8 D9 03 C0 DE 2D 8A
4A 52 5A AD A6 27 90 DE BA D9 7C 05 5B 2B 07 D4
79 2A BF 2D B7 3D 14 EC BE 1E 66 E5 CF 69 FE 12
15 82 28 44 7B 7A ED C7 03 26 3A 47 C3 34 17 08
04 8A 6D B9 1E 12 52 E5 49 3E B1 9D B5 1D 38 12
AF DA 1B DE 89 65 E7 8D 49 10 5D 3A 84 18 EC 73
E5 FB 13 B8 DC 4F 31 AB 1B AB 40 36 58 94 C4 F5
8A E9 BE 59 96 F3 63 88 D5 D9 9D 97 76 16 AB 91
DE 79 FA 3D 4D 5D FF 74 D0 C5 8F 56 7B CD 8F 93
6D 01 85 C2 77 86 AE 47 5B 17 EC 7C 0E D5 D7 4A
67 77 44 7D DD 75 9B B5 DC 67 44 37 9F 8C 09 80
F1 A4 BA 49 38 DC F4 D2 7B 73 79 9A 79 EF C7 8D

PLUS SO MUCH MORE

************* [ - Post Merged - ] *************
OK. This is what I put together so far.

If someone could check it for me I would appreciate it.

http://www.mediafire.com/download.php?ov25qguy9kcublc

[Bigbones87]

i am checking the last thing you compiled now. i will report back as soon as i can
************* [ - Post Merged - ] *************
It extracts using Flowrebuilder fine. The ros0 and ros1 files say you are on 4.xx firmware. Metldr and say you are a chech20xx model. Here is where I see a problem. There are too many ff entries and not enough 00 entries. Take a look at your dump using hxd edited and then go to analysis/statistics and look at the bar graph. Your 00 entries should be between 18.71-29.1%. Your ff should be 10.42-10.48%. Your 00 is 16.4% and your ff is 13.32. Definetly a bad dump as a whole, but some importaant pieces are there and intact. Back to the drawing board I guess.

[DMX664]

Thanks BigBones.

I just got home from work and once I've settled in I'll use the info you gave me to try again.

I'm assuming I need to hex in more than just two lines of the bootldr like I did last time.

The question is: What do I hex in now? Any ideas?

[Bigbones87]

The only thing wrong I can visually see is the percentage of ff and 00 entries. As far as the important entries like Metldr and bootldr and the files and folders of the extraction from Flowrebuilder are all there. I'm not an expert as I keep saying, but they dump looks good other than the ff and 00 percentage. I'm not sure if these are important or not, because it isn't like the numbers are too high meaning per console data is filled with 00 or ff. It is more like there aren't enough 00 and too many ff, which would mean there are extra ff where there should be 00. Those don't seem to be important entries that would make the console operate, they are like fillers. This all specualtion of course. Good luck man.

[playerkp420]

bootloader should be about 180kb-190kb.
in that dump bootloader is 1kb.

[Bigbones87]

Originally Posted by playerkp420 bootloader should be about 180kb-190kb. in that dump bootloader is 1kb.

I keep telling people that I am no expert. I have messed around with verifying my own dumps, but I have tons to learn. So the boot loader should be 180-190 kb? I guess I missed that. One question, when you look at the ros0 and ros1 folders it shows yu how many files are in it. In his case there are 25. When you look at ps3devwiki it says if there are 25 files then it is 3.60-4.25 ofw. How do you know exactly which firmware it is? Thanks for the help

[haz367]

only the bootloader, just like my fat L04, made backup/restored bad dump! brick
re-clipped making sure good connection this time and redumped(nothing else..first dump/reclip if nessesary!!) in flash fun mode, to my suprise(people that verified that dump at the time told me it was perm-bricked) because of the misisng per console "bootloader", ok it could be a lucky one at the time, but the reclip/redump in flash fun did the trick and had the "bootloader" still intact.

only thing u can try = reclip and redump..hoping for the bootloader, or else its not gonna work

goodluck on fix

edit
@Bigbones87

for the bootloader size, it's different size for different models, so not always 189kb's, to check/verify the size wich is in hex on the wiki
http://www.ps3devwiki.com/wiki/Valid...Bbootldr_sizes

after u extract the backup/dump, check the dump at the offsets as per the wiki for "metldr/bootloader" type/size

the 3th value in the table is "metldr" size in hex
the 5th value in that table is the size of the "bootloader" for that model
e.g CECHLxx models got 3 different bootloader sizes:

2F170
2EB70
2EAF0

go into the extracted dump
rightclick the bootloader/metldr file and note its size in "bytes"

open windows calculator
set to programmer mode
tick "hex" on the left and type the above "bootloader" size in HEX e.g 2F170 then tick "dec" on the left in the calculator to get size in bytes, verify this value with the "bytes" in the rightclick menu/properties of the "bootloader" = 192880 bytes

[DMX664]

Well it was on 4.25 when I started to hack my PS3. So at least that info is close.

Ok if the bootldr needs to be longer then I'll take all the code that the http://www.ps3devwiki.com/wiki/Flash#Bootloader Says there should be. From 00FC0000 all the way to 00FFFFFF should be the bootldr.

I'll recompile this and maybe the 00 and ff % should be closer.

If not then there is more info that I gotta hunt for.

Oh. As a reference. Could someone post their SUCCESSFUL dump. This will let me find where filler data starts and stops. Then I can see if its similar to what my recompiled dump looks like.

Thanks for the helpful input BigBones and Playerkp420.
************* [ - Post Merged - ] *************
That kinda went over my head haz367.

So I'll look at the site and find what chunk of data to copy and past.