PS3 Softbricked: how to re-scramble PS3 Xploit 4.82 239MB dump.hex into 2 parts for top & bottom TSOPs

Discussion in 'PS3 Jailbreak CFW and PS3HEN' started by emilsonx, Feb 4, 2019.

  1. 10
    2
    7
    emilsonx

    emilsonx Forum Noob

    Joined:
    Feb 4, 2019
    Messages:
    10
    Likes Received:
    2
    Trophy Points:
    7
    Gender:
    Male
    Hello, I have softbricked my CECH-G01 NAND PS3 yesterday after trying to test out Linux (can't install petitboot), the PS3 is stuck on black screen and doesn't respond to anything etc, I'm trying to prep for teensy++ 2.0 restore method, I have a backup of 239MB dump.hex (250609664 bytes) that PS3 Xploit took, I have verified it with PS3DumpChecker (Edythator's modded version) and the dump is all good. My NAND console however has 2 NAND chips, bottom TSOP and top TSOP, and I need to split this 239MB file into 2 parts in a process so called "RE-SCRAMBLE & de-interleave". I was wondering how can that be done in 2019? Can Flowrebuilder be used to accomplish this? I need to get a hold of NAND0-1.rar donor files to as described here https://www.psdevwiki.com/ps3/Validating_flash_dumps but I can't find a mirror. Please advice. Thanks!
     
  2. 7,843
    6,513
    647
    bguerville

    bguerville Moderator

    Joined:
    Feb 25, 2015
    Messages:
    7,843
    Likes Received:
    6,513
    Trophy Points:
    647
    Location:
    Earth
    Before using a hardware flasher to restore a NAND backup, can you explain what happened?
    You said you tried & failed to install petitboot but what steps did you do exactly? What settings did you change? Etc..
     
  3. 10
    2
    7
    emilsonx

    emilsonx Forum Noob

    Joined:
    Feb 4, 2019
    Messages:
    10
    Likes Received:
    2
    Trophy Points:
    7
    Gender:
    Male
    I had Rebug CFW 4.82 with additional "Rebug Toolbox" pkg installed, the settings on console were stock except Cobra ON. I followed this wiki page on reddit

    1. chose "Resize VFLASH/NAND Regions"
    2. chose "Install Petitboot to VFLASH/NAND Regions 5 from USB", it installed dtbImage.ps3.bin.minimal from my my FAT32 USB stick
    3. chose "Boot OtherOS" option in Rebug Toolbox and chose "Apply current" when it prompted me about LV1 patches, and it also asked if I want to change "Boot order", I chose "Yes", PS3 rebooted
    4. blank screen of death :cold:
     
  4. 10
    2
    7
    emilsonx

    emilsonx Forum Noob

    Joined:
    Feb 4, 2019
    Messages:
    10
    Likes Received:
    2
    Trophy Points:
    7
    Gender:
    Male
    Can somebody reupload NAND0-1.rar file for use with FlowRebuilder? Specifically the: 1bkp.bin for "Flash 0" (TOP) and 2bkp.bin for "Flash 1 (BOTTOM). I desperately need them in order to de-scramble my PS3Xploit 239MB dump.hex into 2 files for flashing with teensy++ 2.0.

    [​IMG]
     
  5. 10
    2
    7
    emilsonx

    emilsonx Forum Noob

    Joined:
    Feb 4, 2019
    Messages:
    10
    Likes Received:
    2
    Trophy Points:
    7
    Gender:
    Male
    Hey bguerville, when I get teensy++ 2.0 in couple days, I'm planning on dumping the current state of my softbricked PS3, do you know whom I could send the dump to analyze? I'm thinking a member of Rebug team. Maybe the dump could aid in debugging and possibly a fix could be developed?
     
  6. 1,207
    777
    222
    nCadeRegal

    nCadeRegal Moderator

    Joined:
    Jul 1, 2015
    Messages:
    1,207
    Likes Received:
    777
    Trophy Points:
    222
    Gender:
    Male
    @lilballup would be a good person to ask to check out your current screwed up dump, and that's if it even is. This is out of my area of expertise. Bg might be able to help you out though, he is a wiz.
     
  7. 7,843
    6,513
    647
    bguerville

    bguerville Moderator

    Joined:
    Feb 25, 2015
    Messages:
    7,843
    Likes Received:
    6,513
    Trophy Points:
    647
    Location:
    Earth
    Did you install petitboot minimal for NAND?
    Where did you intend to install Linux? on a USB HDD?
    As per Joonie's instructions, you were supposed to use the standard NOR petitboot & put the Linux CD ISO content on your USB stick to launch the installation.
    To install Linux on HDD you would have needed to repartition the internal hdd using a patched PUP to create a OtherOS partition.

    The instructions by Joonie for Linux USB installation can be found here.
    http://www.psx-place.com/threads/running-linux-on-ps3-from-usb.12077/

    I am asking these questions in order to assert whether or not your situation is hopeless as is ie if Linux is not booting because you made a mistake in the setup & if you are really locked out of GameOS..

    If you followed the reddit instructions to a T using the minimal petitboot for NAND & a Red Ribbon DVD, petitboot should still boot though afaik. You renamed the petitboot file correctly, right?

    Note: please edit your posts instead of making successive new ones.
     
    Last edited: Feb 5, 2019
  8. 1,059
    1,044
    272
    littlebalup

    littlebalup Developer PSX-Place Supporter

    Joined:
    Oct 16, 2014
    Messages:
    1,059
    Likes Received:
    1,044
    Trophy Points:
    272
    Location:
    43°36'16.0"N 1°26'36.1"E
    I'm not sure why you are in a such situation...
    You should explore all the possibilities to fix your issue before to jump on hadware flash.
    Hardware flashing on NAND is very very, very risky even for professionals.

    And don't ask for Top or Bottom NAND dump from another console, it will not work.

    So, if you want to use your 239MB dump.hex to flash your NAND's using teensy you'll have to:
    1- make a full hardware dump of your both Top and Bottom NAND's (NANDway signal booster edition recommended).
    2- unscramble your both Top and Bottom raw NAND dumps to an unified interleaved dump using Flow Rebuilder.
    3- check the obtained interleaved 256MB dump (ask here if some troubles) to ensure is good.
    4- Inject all the data from your 239MB dump.hex to your interleaved 256MB dump (paste write at adress 0x40000) and save to a new dump.
    5- check again that new 256MB dump.
    6- Re-scramble with Flow Rebuilder that new 256MB dump to two new Top and Bottom raw dumps using your original ones as model.
    7- Flash the new Top and Bottom raw dumps to your NAND's (NANDway signal booster edition recommended, differential flashing using the diff files generated by Flow Rebuilder).
    8- Cross your fingers and reboot...
     
    Last edited: Feb 5, 2019
    DeViL303 and emilsonx like this.
  9. 10
    2
    7
    emilsonx

    emilsonx Forum Noob

    Joined:
    Feb 4, 2019
    Messages:
    10
    Likes Received:
    2
    Trophy Points:
    7
    Gender:
    Male
    - I was intending to boot Linux from USB to just live test it without installing it, I had Red Ribbon ISO dd'ed to USB stick
    - So I should have used NOR petitboot even though my console is NAND? I originally got the dtbImage.ps3.bin (renamed it from dtbImage.ps3.bin.minimal) from http://www.mediafire.com/file/b8kti561d3o3yso/Petitboot+Minimal+(NAND).zip, but Rebug Toolbox kept asking for *.minimal file, so I left both files on the USB stick and let Rebug Toolbox choose what it was looking for: dtbImage.ps3.bin and dtbImage.ps3.bin.minimal (both files were same MD5). The petitboot installation was rather quick for me, few seconds (not minutes as I read it took for some others)
    - My plan was to eventually boot Linux from DVD (but the BD in console is currently broken -- doesn't spin up disc...) and install it to USB stick, and not touch my PS3 HDD nor the Rebug CFW 4.82 PUP at all. I did research and learned recently that to patch the PUP I would use haxxxen's MFW-Builder tool.

    Much appreciated instructions, thank you.
    I'm going the hardware flasher route because I'm out of ideas what else I could try. PS3 turns on with green LED but doesn't output video. I tried entering recovery (where you hold i/o button for 10 seconds, then for 7 seconds and you wait till your hear successive 2-beeps), this according to petitboot author's page should reset boot order and default to GameOS, but in my case PS3 still outputs black screen.
     
  10. 1,059
    1,044
    272
    littlebalup

    littlebalup Developer PSX-Place Supporter

    Joined:
    Oct 16, 2014
    Messages:
    1,059
    Likes Received:
    1,044
    Trophy Points:
    272
    Location:
    43°36'16.0"N 1°26'36.1"E
    It's a long time ago I installed petitboot, but I don't remember rebug toolbox to ask to change boot order when selecting Use Current LV1 patches. I never tried the other boot option (Apply All).
    Maybe the mistake is here. IDK

    Edit:
    Try by unplugging the console for few minutes, then try again to access recovery. If it doesn't work, unplug the clock battery from the motherboard and try again.
    I have vague memories of having some issues to access the recovery mode when petitboot was installed...
     
    Last edited: Feb 5, 2019
  11. 10
    2
    7
    emilsonx

    emilsonx Forum Noob

    Joined:
    Feb 4, 2019
    Messages:
    10
    Likes Received:
    2
    Trophy Points:
    7
    Gender:
    Male
    Was worth a shot, didn't help unfortunately.
     
  12. 10
    2
    7
    emilsonx

    emilsonx Forum Noob

    Joined:
    Feb 4, 2019
    Messages:
    10
    Likes Received:
    2
    Trophy Points:
    7
    Gender:
    Male
    I got teensy++ 2.0 today and loaded it with NORway, however I was unable to solder a single wire to the NAND TSOP, the IC legs are just damn too small, it is impossible feat for me. I didn't have luck with alternative points either, I cannot remove the green varnish off the PCB, I tried needle and some sand paper. I looked up 96 pin SOIC NAND test clip but they're just too expensive and available only in China.

    I found at least 3 instances of people who bricked their fat NAND console in the same exact way with same "black screen" symptom. It is the "Other OS" option in Rebug Toolbox that is causing the "black screen of death" after boot order change.

    http://www.psx-place.com/threads/other-os-4-82-rebug-black-screen.19291/ (Same as me, CECH-G01 brick)
    https://www.maxconsole.com/threads/rebugs-toolbox-blackscreen-after-boot-into-otheros.26589/ [1] (CECHG04 brick)

    The bootorder flag is stored in VFLASH which on NAND consoles is in the NAND itself, what's worse is that trying to enter recovery/safe mode isn't clearing the bootorder flag. The only hope is to somehow enter FSM mode (albeit still blindly) or attempt tedious NAND hardware reflash from backup. The person at [1] was able to enter FSM mode using "PSFreedom JIG Dingoo", I have trouble finding what that is on the internet in 2019, however it has to do with PSFreedom Linux kernel module for PC https://github.com/kakaroto/PSFreedom which enables you to trigger FSM mode on 3.xx consoles, I reckon you run a USB cable from PC to PS3 along with PSFreedom module. I cannot find any info whether PSFreedom works on 4.xx firmwares, I only saw it working on 3.xx.

    Back to the green varnish paint on the PCB covering the alternative solder points...I purchased a Nylon fiberglass 1.5mm thin scratch pen that hopefully will help me with sanding off the varnish but it is taking forever to get shipped...
    snip.JPG
     
    Last edited: Feb 8, 2019
    sandungas and littlebalup like this.
  13. 1,059
    1,044
    272
    littlebalup

    littlebalup Developer PSX-Place Supporter

    Joined:
    Oct 16, 2014
    Messages:
    1,059
    Likes Received:
    1,044
    Trophy Points:
    272
    Location:
    43°36'16.0"N 1°26'36.1"E
    You must use NANDway...
     
  14. 4,472
    4,020
    372
    sandungas

    sandungas Moderator Developer

    Joined:
    Dec 31, 2014
    Messages:
    4,472
    Likes Received:
    4,020
    Trophy Points:
    372
    Location:
    Babylon 20xxE series
    Be carefull with the scratching, is the kind of thing that cant be made several times
    If you scratch and try to solder, the copper surface will become dirty and the copper degrades a bit... at that point is when you could be tempted to scratch again but you should try to avoid removing copper material from the VIA

    One thing i do sometimes is after the scratching is to take a razor knife and make some "marks" in the copper surface of the VIA, first in radial directions, then crossing them
    The goal of this is to create some microscopical "roughtness" and like "mountains" on the copper surface, this helps the tin to attach better to the copper
    Buuuuuut... this im saying goes against the rule i mentioned above !... removing copper material from the VIA is risky because eventually can be "carbonized" and the copper dissapears magically (it becomes some dark residue)

    Btw, take a read at what i was suggesting here about the kynar wire, flux, and kapton tape
    http://www.psx-place.com/threads/4-83-nand-downgrade-with-teensy.22348/

    Soldering in VIAs is very tricky, you need to have good equipment, and is the kind of thing you can only try a few times (not more than 5 or so in the same VIA), because everytime you try it the VIA degrades a bit
     
  15. 10
    2
    7
    emilsonx

    emilsonx Forum Noob

    Joined:
    Feb 4, 2019
    Messages:
    10
    Likes Received:
    2
    Trophy Points:
    7
    Gender:
    Male
    I had no luck with soldering, started with 28 awg wires they were way too thick, went down to 30 awg IDE ribbon table, still too thick for the finely pitched TSOP's IC legs, I have been experimenting with 32 awg enameled wire which works but still impossible to solder more than 3 successive wires to the TSOP.
    [​IMG]

    [​IMG]

    [​IMG]
    I put it over 12 hours into it, and not making progress, the time isn't worth it, I'm scrapping the console, might list it on ebay for parts. Had no luck with alternative soldering points either, I scraped the green varnish with fiberglass scratch pen, have copper exposed but again impossible to solder more than 1 wires next to each other.
     

Share This Page