graf_chokolo確實很有天份……。 http://grafchokolo.com/ps3-development-page.html/comment-page-8/#comment-2558 graf_chokolo says: March 16, 2011 at 2:36 pm Guys, take a look at my ps3dm-utils. Now you can enable service mode from Linux :-) Look at ps3dm_usb_dongle_auth :-) 嘿！大家看一下我的ps3dm-utils ，現在可以從 Linux進service mode了。 注意ps3dm_usb_dongle_auth 的部份。 nEsCh says: March 16, 2011 at 9:32 pm enable… cool 開啟……，真酷。 Could you disable it to? 那有辦法關閉嗎？ graf_chokolo says: March 17, 2011 at 7:09 am Yes :-) You have to write 0xff to EPROM offset "Product Mode" (see my HV page) by using ps3dm_um :-) 當然可以，只要利用ps3dm_um工具在 EPROM關於Product Mode的位址寫入0xff就 可以離開了。 graf_chokolo says: March 17, 2011 at 7:59 am 1st step – Generating a challenge ---------------------------------- 第一步－讓主機詢問 # ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_challenge 2nd step – Generating a valid response for a challenge ------------------------------------------------------- 第二步－產生正確的回答 You need a dongle id. Valid range for dongle IDs is 0x0000 ~ 0xffff. So choose one, doesn't matter which one, but some are revoked !!! 你會需要一個電子狗的ID，在0x0000 ~ 0xffff 的範圍之內隨便選一個，數字不 重要，只是有些已經被列黑名單了（，所以不行的話就換一個） # ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_resp 0xBABE here is a challenge like this 0xXX 0xXX ... of size 20 bytes 詢問的形式長得像0xXX 0xXX … 總長度有20個位元組 3rd step – Verifying response (Enabling "Product Mode") -------------------------------------------------------- 第三步－檢查回答（正確就可以啟動Product Mode） # ps3dm_usb_dongle_auth /dev/ps3dmproxy verify_resp 0xBABE here is the response from step 2 like this 0xXX 0xXX ... of size 20 bytes" 回答跟詢問格式一樣，長度也是20位元組 4th step – Checking if "Product Mode" is enabled ------------------------------------------------- 第四步－檢查Product Mode是否啟動 The returned value shouldn't be 0xff. 回傳的結果不能是0xff # ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07 5th step – Disabling "Product Mode" ------------------------------------ 第五步－關閉Product Mode # ps3dm_um /dev/ps3dmproxy write_eprom 0x48C07 0xff graf_chokolo says: March 18, 2011 at 12:42 pm Guys, just to make sure that you understand. There is no need for Linux and my ps3dm-utils to enable "Service Mode". You could also create a GameOS app which does the same what i'm doing on PS3 Linux. GameOS can do it also, communicate with USB Dongle Authenticator in HV process 6 :-) So, you could create a GameOS app which enables "Service Mode" without USB dongle. 為了怕大家誤會，我在這裡澄清一下。你們不一定需要靠我的ps3dm_utils 來 啟動Service Mode，你也可以寫一個程式從GameOS啟動，只是我是透過 Linux 來啟動。在GameOS裡面一樣有辦法達成，只要你能夠跟HV程序 6的電子狗認證 管理程式溝通就行，所以說從GameOS的應用程式來進入Service Mode是完全可 行的。 graf_chokolo says: March 17, 2011 at 7:25 pm And after you enabled "Service Mode" guys, you can use ps3dm_um utility to install your new custom CORE_OS_PACKAGE.pkg without PUP file direct from Linux :-) 另外就是當你進入Service Mode後，就可以使用ps3dm_um的工具，在 Linux下 將自製的CORE_OS_PACKAGE.pkg 檔案寫入主機的NOR Flash （，而不需要破解 SONY在更新管理員裡面新增的檔案完整性查驗機制） Remote_Buffer says: March 18, 2011 at 1:37 am And this core_os can be from the original 3.60 unpacked firmware? Thanks by reply friend, you are not alone in this fight against $QNY, i will help you. 而CORE_OS可以從3.60 版的.PUP檔案得到。感謝回答啦！對抗SONY的路不會孤獨 的。 graf_chokolo says: March 18, 2011 at 12:41 pm It can be either original or modified. But i don't think you should update to 3.60 :-) 對，CORE_OS 可以官方的也可以是自製的，就算如此我不覺得你有升級到3.60版 的需要。 Cookie says: March 18, 2011 at 4:51 pm Graf, would downgrading be as simple as entering service mode on your linux, installing a lower version core_os via your updater, exiting service mode, and linux and going into recovery mode and installing the lower version pup? I assume the recovery mode step will be necessary to flash the other required parts of the firmware. Or can you emulate the full update process in linux? Graf，請問一下降級的步驟是不是先進service mode，然後透過你的更新工具安 裝低版本的CORE_OS ，接著離開service mode，最後使用低版本的官方韌體從回 復模式重新安裝一次？我猜必須進回復模式的原因是還有其他的部份的 Flash需 要寫入，還是說你從 Linux也能進行完整的韌體更新？ graf_chokolo says: March 18, 2011 at 8:26 pm You have access to all VFLASH regions on Linux with my drivers, so you could extract dev_flash tars and write the content to VFLASH. 我的工具讓你有讀寫整個VFLASH區域的權限，所以你也可以將dev_flash 相關的 檔案寫到相對應的地方。（譯注：在 Linux下進行完整的降級是可能的） ****** 到現在也只有玩玩graf_chokolo的核心而已，這種高度危險性的操作還沒有時間 碰。 -- ○ ____ _ _ _ _ ____ _ _ ____ _____ ____ 。 ★(_ _)( \( )( \/ )( ___)( \( )(_ _)( _ )( _ \ ｏ _)(_ ) ( \ / )__) ) ( )( )(_)( ) / ● ‧ (____)(_)\_) \/ (____)(_)\_) (__) (_____)(_)\_) ★ ｏ -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 140.120.31.137