PS3 Dumps from PS3 DECH-2100 QA Flagged Proto

[zecoxao]

Some dumps from my anonymous friend's QA Flagged PS3 2100 Prototype.
Enjoy!

Missing Lv0ldr and Prototype Syscon Firmware

 

[zecoxao]

https://www57.zippyshare.com/v/ygMsIkxP/file.html
https://www57.zippyshare.com/v/wQBYyiMN/file.html

Flash and RAM

 

[zecoxao]

Some notes about this system:
The syscon firmware was never dumped before. it's also a prototype firmware.
The QA Token is the very first ever dumped token of a ps3 console. it is NOT a forced rebug token.
Lv0ldr is also unique and it should be dumped soon as well

 

[zecoxao]

More System Information:

 

[RoboKing's Cosmos]

Some dumps from my anonymous friend's QA Flagged PS3 2100 Prototype.
Enjoy!

Missing Lv0ldr and Prototype Syscon Firmware

What's the minver of that console?

 

[atreyu187]

What's the minver of that console?

Should be a 3.21 or a tad lower as that was around when the retail variant came out. Never seen a 2100 model development system.

 

[zecoxao]

Should be a 3.21 or a tad lower as that was around when the retail variant came out. Never seen a 2100 model development system.

minver is 3.10

 

[GuilloteTesla]

minver is 3.10

Should we update the PS3 Wiki here?, or maybe this data depends on the model variant?.

 

[M4j0r]

Should we update the PS3 Wiki here?, or maybe this data depends on the model variant?.

No, 3.10 != 3.10.
Sony always has special firmware builds for prototypes which of course have support for the newer hardware, but the retail firmware will lack the support.
One example are the CECHL prototypes. The prototypes do come with different mininal versions, the earliest is 2.20. A retail PS3 will report 2.45 even though the real minimal version is 2.40. If you install the retail 2.20 firmware on a CECHL it'll brick.
It also depends on the current firmware since lv1 decides what the minimal version is: https://www.psdevwiki.com/ps3/Minimum_Firmware_Version .
For prototypes lv1 has no idea and will of course report the lowest retail firmware as defined by Sony.
The real minimal version for this DEH-HH2000 unit would be (3.10, 37333, 20091116), not (3.10, 37234, 20091113).

 

[GuilloteTesla]

No, 3.10 != 3.10.

This is so true in computer science, ha ha.

 

[STLcardsWS]

For a bit context since this is across several threads and twitter.

@zecoxao posted here
https://www.psx-place.com/threads/cfw-4-89-evilnat-cobra-8-3-cex.37294/page-30#post-352829

I have another request for my friend @Evilnat : Eeprom dumper.
disregard the name of the file. it works for all firmwares from 4.75 to 4.89. It dumps NVS from the following locations:
0x2F00
0x3000
0x48000
0x48800
0x48C00
0x48D00

which means it could be potentially useful for dumping never dumped qa tokens, flags, and other rarities in the ps3 test or retail protos.

Edit: if possible i'd like it done into separate files instead of a unique log file. 0x2F00.bin, 0x3000.bin, etc

The feature was implemented into Evilnat 4.89.3 BETA
https://twitter.com/notzecoxao/status/1616867962337611777

This is what's cool about talking with developers that actually listen to what you have to say and implement the stuff you want, no questions asked. Thanks to @xXEvilnatXx for giving me the chance to implement a feature i've been waiting to have since the first days of ps3 cfw

via

there are hackable ps3 prototypes that are qa flagged. thanks to this functionality, for the first time ever, an actual ps3 qa flag token was dumped on one of these models

Then dumps provided in this thread from @zecoxao
https://www.psx-place.com/threads/dumps-from-ps3-dech-2100-qa-flagged-proto.39202/

Update:
via @zecoxao "you can also thank mysis. he made the app originally"

 

[atreyu187]

minver is 3.10

Ah figured it was lower. The production run was so small for the 2100 units. This is pretty cool seeing more being pulled from the system.

 

[LuanTeles]

No, 3.10 != 3.10.
Sony always has special firmware builds for prototypes which of course have support for the newer hardware, but the retail firmware will lack the support.
One example are the CECHL prototypes. The prototypes do come with different mininal versions, the earliest is 2.20. A retail PS3 will report 2.45 even though the real minimal version is 2.40. If you install the retail 2.20 firmware on a CECHL it'll brick.
It also depends on the current firmware since lv1 decides what the minimal version is: https://www.psdevwiki.com/ps3/Minimum_Firmware_Version .
For prototypes lv1 has no idea and will of course report the lowest retail firmware as defined by Sony.
The real minimal version for this DEH-HH2000 unit would be (3.10, 37333, 20091116), not (3.10, 37234, 20091113).

Where are the 'drivers" located in the firmware?

CoreOS? dev_flash/sys?

Can we build an old firmware with support for newer hardware revisions ?

 

[M4j0r]

Where are the 'drivers" located in the firmware?

CoreOS? dev_flash/sys?

Can we build an old firmware with support for newer hardware revisions ?

Some drivers are part of lv1 (e.g. SYSCON), some are part of lv2 (e.g. USB), some are part of the userland (like DECI) and some are split (rsx - lv1/lv2).
Patching an older firmware to be compatible with newer hardware would be very time consuming and doesn't really bring any benefit (only if you would go really low).

 

[LuanTeles]

Some drivers are part of lv1 (e.g. SYSCON), some are part of lv2 (e.g. USB), some are part of the userland (like DECI) and some are split (rsx - lv1/lv2).
Patching an older firmware to be compatible with newer hardware would be very time consuming and doesn't really bring any benefit (only if you would go really low).

oh got it, I really want to make some tests on 0.85-1.02 and firmwares up to 3.00

Unfortunately my mim ver is 3.60 and rcps3 doesn't run firmwares bellow 3.00

 

[olokos]

This does indeed look very impressive and amazing, something never thought about before, but it makes me wonder:

What could we possibly gain, having those dumps and the ability to dump those regions?
Apologies for my lack of knowledge in this matter, but we already have QA flags access and ability to toggle them or on off.

The best idea that comes up to my mind with this new discovery, is perhaps the possibility to convert compatible retail PS3s into Devkits or Testkits, or have I missed the actual point of this matter and it's about something different? Perhaps the ability to launch sub 1.00 OFW?

Thanks a lot to You and the legendary Evilnat for making this a reality, I just wanted to learn more about this.

 

[zecoxao]

This does indeed look very impressive and amazing, something never thought about before, but it makes me wonder:

What could we possibly gain, having those dumps and the ability to dump those regions?
Apologies for my lack of knowledge in this matter, but we already have QA flags access and ability to toggle them or on off.

The best idea that comes up to my mind with this new discovery, is perhaps the possibility to convert compatible retail PS3s into Devkits or Testkits, or have I missed the actual point of this matter and it's about something different? Perhaps the ability to launch sub 1.00 OFW?

Thanks a lot to You and the legendary Evilnat for making this a reality, I just wanted to learn more about this.

If we have the prototype syscon firmware we can decrypt prototype eid1 and see what's there (we haven't be able to, but decrypting retail eid1 is possible)

If we have a qa token AND signature from an unhackable system, we can convert any hackable console into a fully qa flagged permanent console (without any ugly patches)

 

[olokos]

Thank You very very much, that really explains a lot!

can convert any hackable console into a fully qa flagged permanent console (without any ugly patches)

Does that mean, that this gives us a glimpse of hope for a true CFW (albeit QA flag based) on non-CFW models like the super slim? (no ugly patches - meaning HEN I guess? which would only be used here for QA flag change?)

 

[Berion]

No. It can makes Your console truly QA which will be enabled also on OFW instead to current solution.