Hacking Fix waninkoko v1 brick

[Magsor]

OK, so we all know about how the original Waninkoko firmware broke the older large NAND consoles, that was due to him overwriting some portions of Cell-OS Lv2 and the segment boundaries, god knows about the signature also. He also zeroed out a good section of the kernel, and also breaks some NAND consoles due to that. Now, you want to fix this issue? Well, you have to have:

1) A NAND Dumper
2) CORE_OS_PACKAGE.PKG patched to remove signature checks or Official Core OS/PS3 in Service Mode
3) A NAND Flasher
4) Flow Rebuilder
5) Hex editor
6) PS3 with firmware less than 3.55

OK, so you first have to dump both NAND chips (2 128MB NANDs for a total of 256MB) and interleave them using Flow Rebuilder, then decrypt the CORE_OS package to give you a raw core OS image, then open your combined NAND dump in a hex editor and search for “6F FF E0? in the search for hex section. Once there, you should see:

00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 6f ff e0 |.............o..|
00000010 00 00 00 01 00 00 00 17 00 00 00 00 00 6f ff e0 |.............o..|

Right after the second “6F FF E0?, remove the next 7,340,000 bytes, then, insert the unpacked Core OS (7,340,000 bytes). Then split the image using Flow Rebuilder (use ECC!) and flash. Hopefully it should work, and then you can just Lv2diag your way out.

Do not overwrite anything else.

This guide should help you fix any NAND console with Core OS fail.

SOURCE

Still really hard to do but less expensive than sending it to sony....

 

[DeadlyFoez]

The issues with doing that could possibly still leave you bricked. If any one of those 56 blocks are bad then it will not work at all.

 

[codezer0]

Interesting... but where would you get such gear, anyway?

 

[FAST6191]

NAND chips are rarely highly custom things (normal worst case scenario is your chosen company will purposely choose chips with lots of bad sectors to try to frustrate would be hackers) and even if they use an odd package they will usually have test points on the motherboard or pinouts available somewhere. Unless my cursory search is incorrect http://www.samsung.com/global/system/busin...08x0m_rev10.pdf has it.

In a pinch you can sometimes repurpose a XD card reader (it cuts the other way as well- XD cards make easy to source NAND chip replacements) but normally it is just a matter of finding a basic electronics component supplier with one in stock (same idea as finding a EEPROM tool, JTAG tool, i2c tool or some other chip debugger/programming tool except those are a bit more common (NAND writing is usually done in circuit). Some opt for the forensic/repair side of things as well but that is overkill for the standard home user type and others still opt for building one using a programmable IC. If you want though I believe infectus do a PS3 nand reader/flasher.

The rest is just software.

Back on topic nice work all involved. It will probably get more refined as time goes on (mainly bad block handling or mitigation) but nice to see it taking off.