04-28-2015 #1TheDarkprograme Guest
PS4 NOR Chip Dumping Process Documentation by AlphaHack
So here's a topic a close friend of mine made on his process and a bit more info on dumping the ps4 nor (via playstationhax.it/forums/topic/1749-ps4-nor-chip-dumping-process-documentation/), to quote:
PS4 NOR Chip Dumping Process
Download: PS4 NOR Chip Dumping Process.pdf
First of all, this document is not intended to be a tutorial. It is just a narrative of the process I recently went through on dumping the PS4 NOR chip, keep it documented and share the experience with others.
I would like to thank the precious help from TheDarkProgramer and also Cfwprophet, and say that without their help it would have been much hard to me to accomplish the task.
It all started with the purchase of a BLOD PS4 which I took to a repair house and they got it fixed. They guys there told me one interesting thing about the BLOD issue that I could not find in forums.
The BLOD can be result of many things, but what it matters to get it fixed is whether when you turn the PS4 on it gives you 3 beeps or turns on with no beeps, just the blinking blue light.
If your console only blinks blue light after it’s turned on, they it can be fixed by reballing.
I also would like to point that some people think that reballing is the same thing as reflow (this is not intended for you devs, I know you now the difference). So reballing is the process of removing the chip, clean the solder left on the chip and on the motherboard and then doing the soldering again; while reflowing is just to heat up the chip expecting to melt the solder underneath it (which most of the time doesn’t work).
So, for those of you that have a BLOD PS4 and it is not beeping when it boots, just take it to a professional reballing repair shop and you’ll have it back.
Ok, the PS4 used is a US black model, serial number MB076678134 and motherboard SAA-001.
Reaching the NOR chip MX25L25635FMI-10G my first impression was that the task would be quite hard since I don’t have much experience in desoldering such SOIC chips.
For desoldering I followed TheDarkProgramer tip not to use heat gun cause it could damage the motherboard. So I used my simple soldering iron and watched some youtube tutorials on how to remove SMD's.
The desoldering process was quite long and the tools I used were:
- Soldering iron;
- Liquid flux;
- Desoldering wire wick.
After desoldering, I started soldering the wires to the NOR.
Since I have a Raspberry Pi I decided to go with that, instead of using Teensy++ 2.0 board. Soldered the other end of wires to the Raspberry.
The finished work resulted in this:
Now it would be showtime. I used Jaicrab's tool JaiSpi v1.0, but when I tried first to read the chip I got my first error: form Terminal: “Error opening device /dev/spidev0.0”.
For those who try and get this error is not related to the NOR chip or with the tool. The problem was that SPI interface was not enabled on my Raspberry Pi, so fixed by going to raspi-config and set it enabled by default.
My second attempt I could establish a connecting but was not getting the correct info on the chip. Actually I got ID: 0xC33019 unknown! for the chip info.
But I tried a third attempt and this one I got the correct info from the chip: ID: 0xC22019 MX25L25635.
But I noticed that whenever I tried a new read from the chip it would alternate between ID: 0xC33019 unknown! and ID: 0xC22019 MX25L25635. But since I was getting the correct info too I decided to make the dump. In fact I did 10 dumps.
Each dump took 30s to complete.
Now it was time to check the dump with Cfwprophet’s PS4 AC1D Flash-Tool. After checking each dump with the tool, I was getting 5 errors out of 36 and then I got worried, because I thought that the connections and soldering was fine.
But then I decided to try to make a better connection between the chip and Raspberry Pi in order to get a 0 error dump.
So next step was to build my ow PCB and get the NOR chip soldered to it and I came up with this drawn by hand:
I also wanted to use better wires and use connectors instead of soldering them directly to the board GPIO. So the final package was this:
This time I noticed an improvement to the connection because read to the chip I wasn’t getting the unknown error anymore. Each attempt was 100% successful getting the chip info correctly. So I would not recommend, if you want try to dump the NOR chip, not to use wires to the chip directly. It is worth the time of doing your own PCB.
Dumps finished, time to check them with Acid Tool and for my surprise... I got again on all new 20 dumps the same 5 errors I got on my previous 10 dumps...
Then it happened that I talked to Cfwprophet telling him about the errors I was getting and he told that I should have read his ReadMe.txt file before, because in that file he has explained why that happens for now, but my dumps were fine (Thanks for being patient with me Cfwprophet!!).
Dumps checked and fine for now, I felt like mission’s accomplished and then I could put the PS4 al together and see if it would work again since I was working on a recovered BLOD console.
But before packing it all I changed the thermal paste and used Arctic Silver 5 and used a good amount of it..
Time to start up the PS4 and then... BLOD again... Then I restarted again and BLOD again. After a few moment of frustration I remembered that a long time ago I read that when it comes to thermal paste thou shall not use no more than a blob the size of a bean, and comparing to the amount I put on the PS4 it was like 3 times the size of a bean and as I read back then this could invert the process of the theorem paste and instead of cooling it would increase the heat...
Then I thought that could be the problem and so I opened the PS4, removed all the thermal paste that had gone over the main chip (sorry guys, I got so pissed of with me that forgot to take a picture of the mess I did), and applied a decent and correct amount of Arctic 5.
And to my happiness the PS4 turns on and its working like a charm now.
Well my friends I think that reaches the end of this documentation. Hope it may be useful for those who will try for the first time.
Take care kids!!!
xXx AlphaHack xXx
“Nothing Is True Everything Is Permitted”.
Update: Dumped the FW 2.51, but couldn't read it using Acid Tool, It gives me an errors about the dump name that it should not have spaces. But the dump is named: d01.bin.
I did 5 dumps, so I compared blocks between nor and the dump, 2 dumps got many Different sectors, and 3 got 0 Different sectors. So I guess we need an update for Acid Tool.
Hey guys what's up?? I finally could make the Ac1d work again, was a windows problem, so. Now my 2.51 dumps checks gives me only 2 errors as you can check from image below:
Doing great work with this tool with so few dumps 1 or 2 , the checking routine is working like a charm!!! Since it is the beginning of the ps4 NOR dumping scene, at least for users like me, for sure this will get better and better as times goes by!!!
Nice work Cfwprophet!!!!!
- Join Date
- Apr 2005
Very nice job AlphaHack and +Rep for sharing TheDarkprograme!
05-01-2015 #3racer0018 Guest
I will have to test this out. I got a couple of ps4 systems that are here that i bought and i have to reball them before i get rid of them. Im going to give the teensy 2.0++ a try and when i get it done, i will post some pictures. thanks all
05-01-2015 #4PLAYER 1 Guest
Thanks. So... 3 bips=death ?
No problem soldering wires directly to the rasp, you have to polish your soldering skills (according to the pics), that's all.
I have 2 blod ps4 here, so this could be useful, any new data is good.
05-01-2015 #5kunal Guest
Thanx i want to download param.sfo
05-02-2015 #6racer0018 Guest
I had to make a custom jig to hold the ps4 board on the ir station because no one had them yet. Now the stencils are something I did order. Before I was putting them on by hand. Took forever to get all the balls on there.
With the stencils makes it a lot faster. It will be interesting to see where the nor dumping leads to. If someone needs a ps4 reballed, I'm accepting those now.Thanks.
I went ahead and tried it out with the teensy 2.0++. From a person that has done a lot of downgrades on ps3s, i can tell you that it is very easy to dump a ps4. I had a ps4 that i got a pawnshop for 75 dollars because of the blod. I reballed it while i was messing around with hooking the nor chip up and dumping it. It all works now.
Anyway back to the dumping, I used a hot air gun to remove the chip and then used wires to solder direct the the chip. This worked out great for me. The only thing that i did different from what the guides said to do, is that i used a bench top power supply to power the nor chip and the teensy.
I also hooked the nor chip to the teensy while it was still on the ps4 and got the same dump, while using the bench top power supply. both times i got the same dump from the system. I also updated the ps4 and did another dump and then compared the dumps and found them to be different. Lol, like they wouldn't be.
Now here are some pictures of the program i used. And the first couple of lines in a hex editor.
thanks all and happy testing.
- Join Date
- Apr 2005
05-04-2015 #8racer0018 Guest
"IF" it ever comes to that?! The only thing is if it were me; I would remove the nor chip from the board, this gives it a lot better chance to get a good dump every time. Where on the board could give some interference with the chip.
Thanks and if you guys want I can post some pictures of a ps4 reball, if you all want to see that. Thanks.
05-04-2015 #9TheDarkprograme Guest
05-12-2015 #10racer0018 Guest
I have had some fun messing around with the flash on this thing. I went out and bought a few chips like the one that comes in the systems. I have been deleting some of the flash from the back up chips and seeing how the ps4 reacts to it.
Once I'm done I will post up if I find anything out with it. I have been keeping the original chip untouched so I don't mess it up. Thanks.