Announcement

Collapse
No announcement yet.

PS4 No Controller Sync Corrupted NOR Repair Tutorial

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    PS4 No Controller Sync Corrupted NOR Repair Tutorial

    No controller Sync except in Safe Mode USB?

    There are 2 issues that can cause this

    1) The Wifi/BT board has seen its last days and needs replacing - The Wifi/BT board is a BGA connection type but the pads are large enough to just use your iron to flow solder to each pad before flowing to the board

    2) The NOR chip has gone corrupt and will require the dump to be repaired and reflashed

    We will cover how to reflash the NOR in this guide using a raspberry PI 3

    Equipment needed :
    • Raspberry PI 3 (with an 8GB SD card)
    • Female to Female jumper cables
    • SOIC16 to DIP16 300mil wide adapter
    • RJ45 network cable (For PI network connection)
    • Hot air rework station/Iron and consumables (Flux/Solder etc)



    Software needed :

    Firstly lets install Raspbian to the Raspberry PI:
    1. Start up Win32 Disk Imager and in "Image File" select the decompressed Raspbian .IMG file
    2. In "Device" select the location of the SD card
    3. Select "Write"


    After the writing is complete put the SD card into the Raspberry PI and power it up using the USB cable.

    Remote connection shell to the Raspberry PI:
    1. Plug the RJ45 into the Raspberry PI and after a minute check your router connections to find the IP of the Raspberry PI.
    2. Start up Putty
    3. In "Host Name" put the IP of the Raspberry PI
    4. Select "SSH"
    5. Select "Open"
    6. In the login fields put "pi" as the username and "raspberry" as the password
    7. Insert the following commands line by line




    Code:
    sudo -s
cd /bin
wget http://jaicrab.org/Ps4/Tools/JAISPI/jaispi
chmod +x jaispi
echo "#blacklist spi-bcm2708" > /etc/modprobe.d/raspi-blacklist.conf
echo "blacklist i2c-bcm2708" >> /etc/modprobe.d/raspi-blacklist.conf
reboot
    Installation is complete. By Putty you can access the Raspberry Pi. To run the command jaispi you need to be root (sudo-s).

    Before we do this we now need to wire up our SOIC16 adapter to our PI:

    The following reference images are color coded for the connections from the SOIC adapter (or the chip if soldered direct) to the PI interface pins :

    PI Pinout:---------------------------------------------------------------------------------SOIC16 Pinout:

    ----------------------------------------------------------------------

    Full connection information table:





    Removing the NOR:

    Now we have the PI setup and ready to go it's time to remove the NOR from the PS4 mainboard, The chipset in question is MX25L25635FMI-10G and is found here :




    Flux the chip up and use your Hot Air Station to heat and remove the chip.

    Clean up the pad area on the board with braid ready for reinstallation - Now depending on your preferences of either using Hot Air to reattach or using your iron either pre-tin the pads or not - Whatever suits you best

    Checking the connections for the NOR to the PI:

    Making sure you orient the NOR correctly using the above Diagrams/Tables insert the NOR into the SOIC adapter.

    Start up Putty if its not already running and login to your PI

    Set yourself as Root with:

    Code:
    Code:
    sudo -s
    Use the command below to check read access to the NOR:


    Code:
    jaispi -i /dev/spidev0.0
    Jaispi should report back with


    Code:
    JaiSpi v1.0
ID: 0xC22019 MX25L25635
    If you get an an "Unknown" message please check your wiring and possibly give your NOR a clean with IPA to remove any flux that could hinder continuity.

    Next we want to take a read dump of the NOR with:


    Code:
    jaispi -r corruptedno1.bin /dev/spidev0.0
    It is best to take 3 dumps then verify each one using against the NOR, To do this use the above code and alter the name "corruptednor1.bin" by a number increment for each one.

    So you should end up with 3 dumps with the names :
    • corruptednor1.bin
    • corruptednor2.bin
    • corruptednor3.bin



    Next we verify each dump by using the command:


    Code:
    jaispi -v corruptednor1.bin /dev/spidev0.0
    Do this for each dump you took by changing the name of the file - If it says any of them have differences then again check your connections.

    Obtaining the dumps from the Raspberry PI:

    To obtain the dump files from the raspberry PI we will want to remote connect using WinSCP
    1. Install WinSCP
    2. In "Hostname" input the Raspberry PI IP
    3. Use the same credentials as Putty (Above) to log into the PI
    4. On the right you should now see your dump files, Right click one and select "Download"


    Extracting the .bin dump file:
    1. Using PS4_AC1D_Flash-Tool.exe click "Extract"
    2. Next to "NOR Dump" click "Open" and select your dump file
    3. Click "Save" and select a destination for your extraction
    4. Click "Extract Now!"


    Using HxD to check for corruption:
    1. Open HxD
    2. Select "File" "Open" and select file "C0020001.bin" that you just extracted using Ac1d Tools
    3. Again select "Open" and select the provided working .bin from the "Working Wifi/BT DUmp" file you downloaded from the above links (Make sure it is from the correct board revision that is printed on your motherboard EG:SAA-001)
    4. Press "CTRL+K" to open up a compare window in HxD and select "OK"
    5. If HxD shows differences in the files then the file is corrupt


    Repairing the corruption using HxD:
    1. Close the corrupted window in HxD and leave the working example open
    2. Select "File" "Open" and open your original unextracted .bin dump file
    3. Navigate to the address in your unextracted dump file that is associated with your mainboard version (The text file accompanying the working example will tell you what address to goto (For EG : SAA-001 board will be at address x144200)
    4. From this point you should see a lot of FF FF FF FF < This is the corruption
    5. From the working example file "C0020001.bin" right click and "select all" then right click "Copy"
    6. At the bottom of the HxD window you will see "Length" - Take not of the value
    7. In your unextracted "corruptednor1.bin" select and drag from the beginning of line x144200 until the "length" selection matches the previous one you took note of.
    8. Once you have matched the length selection right click and select "Paste Write"
    9. Click "File" "Save"


    Flashing the NOR back:
    1. Rename your repaired .bin file to "workingnor.bin" then move it back onto the Raspberry PI using WinSCP
    2. In Putty use the following command to flash the file back to the chip



    Code:
    jaispi -p workingnor.bin /dev/spidev0.0
    Once the process is complete you should see:


    Code:
    JaiSpi v1.0
ID: 0xC22019 MX25L25635
Starting...
0x02000000 -> 8192 Sectors written
Done!
    Next verify again by using:


    Code:
    jaispi -v workingnor.bin /dev/spidev0.0
    You should now be greeted with:


    Code:
    ID: 0xC22019 MX25L25635
Checking...
0x02000000 -> 0 Different sectors
Done!
    If all is well solder your NOR back onto your PS4 Mainboard and enjoy gaming once again
    Tags: None
    #2
    Re: PS4 No Controller Sync Corrupted NOR Repair Tutorial

    Please can you give out to me the decryption key to the wifi/Bluetooth dump file you provided. The link demanded the key to go further.

    Comment

      #3
      Re: PS4 No Controller Sync Corrupted NOR Repair Tutorial

      Does anybody have the JAISPI files? The webpage is down.

      Comment

        #4
        Re: PS4 No Controller Sync Corrupted NOR Repair Tutorial

        Thanks for sharing

        Comment

          #5
          Re: PS4 No Controller Sync Corrupted NOR Repair Tutorial

          Or, Or, just a thought, https://www.adafruit.com/product/237
          Things I've fixed: anything from semis to crappy Chinese $2 radios, and now an IoT Dildo....

          "Dude, this is Wyoming, i hopped on and sent 'er. No fucking around." -- Me

          Excuse me while i do something dangerous


          You must have a sad, sad boring life if you hate on people harmlessly enjoying life with an animal costume.

          Sometimes you need to break shit to fix it.... Thats why my lawnmower doesn't have a deadman switch or engine brake anymore

          Follow the white rabbit.

          Comment

            #6
            Re: PS4 No Controller Sync Corrupted NOR Repair Tutorial

            Hi friends, I am in the same embarrassment to retrieve the decryption key of the Bluetooth firmware. Is it possible to get it please?

            Comment

              #7
              Re: PS4 No Controller Sync Corrupted NOR Repair Tutorial

              some link of the files are inactive
              can you reupload it again sir please..

              thanks in advance...
              Last edited by SMDFlea; 11-06-2020, 09:34 AM. Reason: removed full quote

              Comment

                #8
                Re: PS4 No Controller Sync Corrupted NOR Repair Tutorial

                Will update tutorial for anyone soon - Sorry I have been inactive

                Comment

                  #9
                  Re: PS4 No Controller Sync Corrupted NOR Repair Tutorial

                  hello please can u upload good firmware again seems the link dead thanks

                  Comment

                    #10
                    Re: PS4 No Controller Sync Corrupted NOR Repair Tutorial

                    Hi is there a way to know if the wireless module is bad or the nor is corrupt please

                    thanks

                    Comment

                    Previous template Next
                    Working...
                    X