Page 1 of 11 12 ... LastLast
Results 1 to 10 of 105

Thread: Rogero PS3 MFW Fixes Trophies Problem After a 3.70 Downgrade

  1. #1
    Join Date
    Apr 2005

    Rogero PS3 MFW Fixes Trophies Problem After a 3.70 Downgrade

    Today PlayStation 3 developer Rogero has made available a PS3 MFW (Modified Firmware) that fixes the Trophies problem after a 3.70 to 3.55 PS3 console downgrade followed by V2 below.

    Download: Rogero MFW355 370 Spoof Internet Blocked LV1 Checks Patched PUP / Rogero MFW V2 (BD Patch) PUP / WinSkeet40000

    To quote: Last night I had the chance to try and downgrade a Slim Ps3 (JSD-001 board with Spansion NOR) version 3.70 to CFW 3.55 using Dospiedra's downgrade v2 patches.

    I managed to get a clean dump of the NOR using my ProgSkeet (latest QT port used), created a patched Downgrade.bin image using the 6 patched files from Dospiedra and a hex editor, then I flashed the image to the PS3 NOR, dumped the NOR another time and verified that all was written fine.

    Then I continued with the normal downgrade procedure, go into service mode, update using the 3.55_no_check.PUP, then exit service mode and all was good, it was back into CFW 3.55.

    Here the problems started, I tried to start a game and I got the famous Trophy error, so I decided to update it to my personal Modified Firmware, so I started the update and after installing the firmware, the PS3 turned off by itself, I tried to turn it on again, It turned on for almost 2 or 3 seconds then turned off completely (No Screen Output, No Red Led either) so I knew-ed at this point that the PS3 was Bricked

    N.B: this was never mentioned in any of the downgrade tutorials floating on the net, although this is a very important point to warn the users who are downgrading their Ps3 machines not to update using usual Modified firmwares unless the firmware have the LV1.self file patched to Disable all checks, anything else will result into a Bricked PS3, and this is not good at all especially if the Hardware flasher used to downgrade was removed from the Ps3's NOR or Nand Flash.

    After doing some research and discussing the issue with my friend eussNL <-- a wiki by himself I realized what happened to the Ps3, after the downgrade procedure, the machine's syscon still had a version > 3.55 (3.56 or higher) and this needs a Patched LV1.self (checks disabled) in the NOR for the PS3 to be able to boot fine, and when I updated it to my own MFW, the LV1.self file in the NOR was replaced with a non-patched version (checks enabled) and the PS3 detected the higher syscon version (3.56+) and Bricked.

    To Fix it, I had to re-flash the NOR again with the patched Downgrade.bin image (to get rid of the un-patched LV1.self) then the Ps3 was fixed and booting fine again.

    N.B: in case you're using ProgSkeet, make sure you are using the Latest released flasher (QT port) as of 11 Sep 2011 from this link:

    This one have Preset parameter values for each NOR type, I used it on Win7 and it flashed my Spansion NOR just fine.

    At this point, the Ps3 was working again, but the Trophy problem was always there, so I prepared another Modified firmware with 3.70 spoof, Privacy Patch and this time the LV1.self Checks Disabled (the patches were provided by eussNL too so Credits here goes to him), then while still having Progskeet soldered to the NOR flash, I updated the Ps3 with the new MFW, everything
    went fine, and it rebooted fine into the XMB, did some tests and the Trophy problem was gone for good and all games working fine.

    For all the users who had successfully downgraded their PS3 machines to 3.55 again, I share with you my MFW with Lv1 Checks patched to bypass the 3.56+ syscon version and prevent any brick after updating to it, and to get rid of the annoying Trophy problem encountered after the usual downgrade procedure.

    These are the 25 Patches applied to LV1.self contained in my MFW:
    # Description: Patch LV1 checks
    # Option --patch-lv1checks: Disables many checks in lv1
    # Type --patch-lv1checks: boolean
    namespace eval :: patch_lv1checks {
    array set :: patch_lv1checks:: options {
    --patch-lv1checks true
    proc main { } {
    set self "lv1.self"
    ::modify_coreos_file $self :: patch_lv1checks:: patch_self
    proc patch_self {self} {
    if {!$:: patch_lv1checks:: options(--patch-lv1checks)} {
    log "WARNING: Enabled task has no enabled option" 1
    } else {
    ::modify_self_file $self :: patch_lv1checks:: patch_elf
    proc patch_elf {elf} {
    if {$:: patch_lv1checks:: options(--patch-lv1checks)} {
    log "Patching LV1 Checks"
    # ss_server1
    # Patch core OS Hash check // product mode always on
    log "--------------- Patching ss_server1.fself ----------------------------"
    log "Patch core OS Hash check // product mode always on"
    set search "\x41\x9E\x00\x1C\x7F\x63\xDB\x78\xE8\xA2\x85\x68\ x38\x80\x00\x01"
    set replace "\x60\x00\x00\x00\x7F\x63\xDB\x78\xE8\xA2\x85\x68\ x38\x80\x00\x01"
    catch_die {:: patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]"
    # Patch check_revoke_list_hash check // product mode always on
    log "Patch check_revoke_list_hash check // product mode always on"
    set search "\x41\x9E\x00\x1C\x7F\xA3\xEB\x78\xE8\xA2\x85\x68\ x38\x80\x00\x01"
    set replace "\x60\x00\x00\x00\x7F\xA3\xEB\x78\xE8\xA2\x85\x68\ x38\x80\x00\x01"
    catch_die {:: patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]"
    # In product mode erase standby bank skipped
    log "Patch In product mode erase standby bank skipped"
    set search "\x41\x9E\x00\x0C\xE8\xA2\x8A\x38\x48\x00\x00\xCC\ x7B\xFD\x00\x20"
    set replace "\x60\x00\x00\x00\xE8\xA2\x8A\x38\x48\x00\x00\xCC\ x7B\xFD\x00\x20"
    catch_die {:: patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]"
    # Patching System Manager to disable integrity check
    log "Patching System Manager to disable integrity check"
    set search "\x38\x60\x00\x01\xf8\x01\x00\x90\x88\x1f\x00\x00\ x2f\x80\x00\x00"
    set replace "\x38\x60\x00\x00"
    catch_die {:: patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]"
    # Patching LV1 to enable skipping of ACL checks for all storage devices
    log "Patching LV1 to enable skipping of ACL checks for all storage devices"
    set search "\x54\x63\x06\x3e\x2f\x83\x00\x00\x41\x9e\x00\x14\ xe8\x01\x00\x70\x54\x00\x07\xfe"
    append search "\x2f\x80\x00\x00\x40\x9e\x00\x18"
    set replace "\x38\x60\x00\x01\x2f\x83\x00\x00\x41\x9e\x00\x14\ x38\x00\x00\x01"
    catch_die {:: patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]"
    # LV1 [email protected] patch (?Patch sys_mgr integrity lv1 and lv0 integrity check?)
    log "?Patch sys_mgr integrity lv1 and lv0 integrity check?"
    set search "\x48\x00\xD7\x15\x2F\x83\x00\x00\x38\x60\x00\ x01"
    set replace "\x38\x60\x00\x00\x2F\x83\x00\x00\x38\x60\x00\ x01"
    catch_die {:: patch_elf $elf $search 0 $replace} "Unable to patch self [file tail $elf]"
    Finally, Rogero followed up with Rogero MFW V2 BD Patch PUP with the details as follows, to quote:

    This is a better optimized version of the previous MFW released, This one is a Custom firmware built manually by patching and packing the files and the final PUP package using the well known "fail0verfl0w " public set of tools and having "Kmeaw" as the base firmware unlike it's previous version which was a Modified firmware built using the famous MFW builder application and using an OFW3.55 as the base firmware.

    Usage / Compatibility:
    • Can be used for Downgrade directly as a replacement of the no_check.PUP to avoid the "Trophies error".
    • Can be used for normal system update like any other CFW/MFW from XMB or from Recovery Menu.

    Internal Structure:
    • Kmeaw patched Lv2 with necessary patches to allow Peek/Poke support (same games compatibility as Kmeaw CFW)
    • Dospiedra's LV1 patches necessary to bypass the Syscon checks for downgraded consoles. (same as no_check.PUP)
    • Built-in system version spoof to 3.70 to prevent accidental system updates (won't allow going online in any way)
    • Privacy Patch was not applied like previous version to allow Game updates (can be added easily using MFW builder)
    • Custom Boot Logo.
    • Built-in "Heavy Rain" dynamic theme.

    History: After several days and more testing of the first MFW released for downgrading from 3.70-->3.55, I had some users feedback from #progskeet-support that some PS3 machines are having either the Registry Corrupted/Blue Screen or just a Black Screen after downgrade that required re-installing the MFW from Recovery Menu or reflashing the NOR in some cases.

    Further research about the donwgrade V2 patches and the no_check.PUP with some more testing showed that a Kmeaw based LV2 seems to have better compatibility with the Downgrade patches applied to the NOR image then a MFW built with a patched LV2, so I decided to build a new version manually which is a custom firmware that combines Kmeaw LV2 patches with Dospiedras Lv1 no-check patches and having the minimal/necessary set of patches to preserve the best overall stability.

    Thanks to the all the beta testers especially Blakcat & Marlbor1

    N.B: please note that Rogero Manager v8.5 (to be released soon) or newer are only compatible with this CFW V2, because the CFW have the built in version spoofed to 3.70 and older versions of the Manager (8.4 and lower) can't recognize it and won't be able to load the necessary payload.

    [imglink=|Rogero PS3 MFW Fixes Trophies Problem After a 3.70 Downgrade][/imglink]
    [imglink=|Rogero PS3 MFW Fixes Trophies Problem After a 3.70 Downgrade][/imglink]
    [imglink=|Rogero PS3 MFW Fixes Trophies Problem After a 3.70 Downgrade][/imglink]
    More PlayStation 3 News...

  2. #2
    Ezio Guest
    While there are different models of the Nor and progskeet initially fit well only with some models, the guys are doing a great job raising the compatibility, creating management software as best as Winskeet and verifying all the problems that may arise, solving them as Roger has done like yesterday along with the help of other guys. (eussNL, etc.).

    So great job guys, keep it up!

  3. #3
    racer0018 Guest
    Yes great job. The scene needs another spark to keep it alive and with all the downgrade that is happening and this might be the lift that we need.

  4. #4
    HeyManHRU Guest
    If the E3 flasher works for all future firmware updates I'll be pretty happy.

  5. #5
    racer0018 Guest
    Yes for sure. I will let everyone know how it works. I got mine on preorder. And have a 120 slim waiting for it. Just updated it to 3.70 today to make sure that it is ready.

  6. #6
    HeyManHRU Guest
    Nice , I hope I can purchase an E3 in Australia.

  7. #7
    Join Date
    Apr 2005

    Rogero PS3 CFW V2 Kmeaw LV1 Patched 3.72 Spoof Privacy Patch

    Following up on his previous MFW 3.55 370 Spoof and V2 (BD Patch) PUP, today PS3 developer Rogero has released Rogero PS3 CFW V2 Kmeaw LV1 Patched 3.72 Spoof Privacy Patch for PlayStation 3 Custom Firmware users.

    Download: Rogero PS3 CFW V2 Kmeaw LV1 Patched 3.72 Spoof Privacy Patch (170.54 MB)

    To quote, roughly translated: Rogero is back to give us an update of the CFW that we presented in this news. Here's a summary of the features of this custom firmware. You should know that it was created at the beginning to correct the problem trophies was going after a hardware downgrade Dospiedras Method v2 (with a chip programmer like Progskeet).

    Rogero was not happy about it and had also added the patch and Privacy lv1 checks patched to bypass the syscon 3.56 +. And today is the spoof 3.72 found in this newly created CFW.

    Below is what's included courtesy of JailbreakScene:

    What's included:
    • Kmeaw's LV1 patch
    • V3.72 spoof
    • Privacy Patch
    • Dospiedras' LV1 no-check patches

    [imglink=|Rogero PS3 CFW V2 Kmeaw LV1 Patched 3.72 Spoof Privacy Patch][/imglink]
    More PlayStation 3 News...

  8. #8
    Foo Guest
    Seeing stuff like this only makes me want to get a NAND Reader/Writer even more...

  9. #9
    HeyManHRU Guest
    Good to see Rogero is still developing stuff for the PS3, I still remember when his first backup manger was released.

  10. #10
    elser1 Guest
    i'm still waiting for a solderless flasher to get and then i'll use this i think..


Page 1 of 11 12 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts