On Nand console the hypervisor masks the bootloader.
Here is a script for patching lv1 to allow a flash dump including the btldr.
Only "tested" on my nor console for script errors.
Commands to dump the ram can be commented out; only there for checking the script.
Uncomment the command to insert patch for the firmware version.
The example is uncommented for 4.21-4.41
Uncomment the command to dump Nand flash and comment the command to dump Nor flash.
There is another version of the command to dump Nand flash:
dd if=/dev/ps3vflasha of=NAND.BIN bs=1024
console log
based on published work of ****
edit: This was "tested" on red ribbon 5 where ps3ram is a loadable module included with the distribution. If it's first time running command modprobe on your system, you may need to run depmod -a to build the database of loadable modules. Other versions or distributions may include ps3ram support built in or loaded at boot.
Here is a script for patching lv1 to allow a flash dump including the btldr.
Only "tested" on my nor console for script errors.
Code:
#!/bin/bash -x
#inserting module
modprobe ps3ram
#dumping original ram
dd if=/dev/ps3ram of=ps3ram_orig.bin
#patching lv1
#3.41
#perl -e 'printf "\x39\x84\x00\x00"' | dd of=/dev/ps3ram bs=1 seek=$((0x2786A0))
#3.55
#perl -e 'printf "\x39\x84\x00\x00"' | dd of=/dev/ps3ram bs=1 seek=$((0x2786E8))
#4.21,4.41
perl -e 'printf "\x39\x84\x00\x00"' | dd of=/dev/ps3ram bs=1 seek=$((0x27B1B4))
#dumping patched ram
dd if=/dev/ps3ram of=ps3ram_patched.bin
#dumping nor
dd if=/dev/ps3nflasha of=NOR.BIN bs=1024
#dumping nand
#dd if=/dev/ps3flash of=NAND.BIN bs=1024
#removing patch
#3.41
#perl -e 'printf "\x39\x84\x02\x00"' | dd of=/dev/ps3ram bs=1 seek=$((0x2786A0))
#3.55
#perl -e 'printf "\x39\x84\x02\x00"' | dd of=/dev/ps3ram bs=1 seek=$((0x2786E8))
#4.21
perl -e 'printf "\x39\x84\x02\x00"' | dd of=/dev/ps3ram bs=1 seek=$((0x27B1B4))
#removing module
modprobe -r ps3ram
Commands to dump the ram can be commented out; only there for checking the script.
Uncomment the command to insert patch for the firmware version.
The example is uncommented for 4.21-4.41
Uncomment the command to dump Nand flash and comment the command to dump Nor flash.
There is another version of the command to dump Nand flash:
dd if=/dev/ps3vflasha of=NAND.BIN bs=1024
console log
Code:
RipCord@ps3:~/dumpflashscrpt$ su
Password:
root@ps3:/home/RipCord/dumpflashscrpt# chmod +x dump_flashx.sh
root@ps3:/home/RipCord/dumpflashscrpt# ./dump_flashx.sh
+ modprobe ps3ram
+ dd if=/dev/ps3ram of=ps3ram_orig.bin
524288+0 records in
524288+0 records out
268435456 bytes (268 MB) copied, 12.172 s, 22.1 MB/s
+ dd of=/dev/ps3ram bs=1 seek=2601396
+ perl -e 'printf "\x39\x84\x00\x00"'
4+0 records in
4+0 records out
4 bytes (4 B) copied, 0.121153 s, 0.0 kB/s
+ dd if=/dev/ps3ram of=ps3ram_patched.bin
524288+0 records in
524288+0 records out
268435456 bytes (268 MB) copied, 12.2443 s, 21.9 MB/s
+ dd if=/dev/ps3nflasha of=NOR.BIN bs=1024
16384+0 records in
16384+0 records out
16777216 bytes (17 MB) copied, 1.81354 s, 9.3 MB/s
+ perl -e 'printf "\x39\x84\x02\x00"'
+ dd of=/dev/ps3ram bs=1 seek=2601396
4+0 records in
4+0 records out
4 bytes (4 B) copied, 0.168891 s, 0.0 kB/s
+ modprobe -r ps3ram
root@ps3:/home/RipCord/dumpflashscrpt#
based on published work of ****
edit: This was "tested" on red ribbon 5 where ps3ram is a loadable module included with the distribution. If it's first time running command modprobe on your system, you may need to run depmod -a to build the database of loadable modules. Other versions or distributions may include ps3ram support built in or loaded at boot.