PS4 Controller Sync NOR Flash Corruption Repair – CUH-1200 (SAC-001) Demonstration

right hello there ladies and gentlemen and welcome to today’s video but today I thought we’d do a little bit of a follow up on the videos we’ve been doing last week with regards to the ps4 controller sync them what because in the examples we did there we actually did an example on an essay B revision motherboard now those put that process can be carried over for the S double a but as we said in those videos the process for the s AC is slightly different so today I just want to cover that for you so we’re gonna cover how to do an si si board today just for completion because I know one or two of you might be a little bit confused by it so what we’re going to do today is we are going to D soldier than and assign and we are going to D soldier the nor from this si si visual motherboard that’s this chip just here and what we’re going to do then is going to pop that into a programmer and then we’re going to dump it off we’ll show you the process for dating the captioning firmware and then we’ll resold it will show you working hopefully well anyway so what I’ve actually done there is for completion I’ve just scribbled I always tend to do this to be honest I’ve done this so many you know a lot of times I’ve not really done much with the si si borders yet but I always just make a little note with the chip orientation and pin number one demarcation there that’s denoted by pin one’s always denoted by a little dot in the corner of these chips if you ever noticed that so I just leave that there just to give myself a mental note more than anything else so what we’re going to do now is we’re going to de solder this this excuse me we’re going to de solder this little noir chip here so this is a little 8 pin wso n package and it’s ex effectively this is the same as those bigger 16 pin things you’ll see on the Si and si B revision motherboard so they say effectively that thing there is just the same as one of as one of these from the older division obviously slightly smaller and slightly for your pins but that doesn’t really matter for us so what we’re going to do is we’re going to apply a little bit of flux to the outside edge of this nor flash chip and you’ve got to be really careful with these because there are some really small components down on either edge now as you can see there we’re just putting folks down the left and the right-hand sides of this chip that’s because the pins the far pins down the left and far pins down the right this is an 8 pin package so we’re going to do now is we’re going to get a little bit a fume extraction over here and we’re also going to get a tiny little bit of hot air going so we’re going to do what we normally do and we’re going to what this quick 8 6 1 DW air station or put a hundred liters of air flow per minute at 485 degrees C and we’re just going to hover it around the area of the IC just to get the board nice and warm I’m going to do too much at it now as I say you are going to have to be careful with this because there are some really small surface mounts by the side of this thing so you’re not going to have too much room to go left or right because you will bang into things and dislodge them so we’re just going to heat the outside perimeter of the chip up now this is pretty awkward trying to do this with the camera X I’m trying not to block your view but I don’t know if I’m pretty cool to do it then we just stir maybe a little bit further around this is awkward enough the best at times canta see there hopefully I’m not going to block your view too much of this thank you can moral I see it will soon find out with the editing if I’ve blocked it or not I apologize if I have so I’m just going to get tweezers top and bottom now then will this be in the W som package losing ground pad underneath so you see that big ground pad there in the middle that is full of solar that ground pub there is full of solder and it will try to hit here the chip to the board but like say if you get it nice and hot and just gently lift upwards now then what I tend to find is if you slide it slightly upwards here so towards the APU you’ve actually got an area where there is no components there so if you slide it and just lift it at the same time seesaw like you’re doing that then it tends to to come up quite quite easily so hopefully that didn’t block of you too much I’m sorry for the zoom there inhibited yeah you know your view too badly there because quite frankly this camera setup is a bit crap at the map not ideals but there we go so

we’ve now got our chip off there our eight pin package is now off so what we’re going to go and do now is we’re gonna just remove the fume extraction turn that off because frankly the noise does my bloody head in when it doesn’t have to be on so it’s gonna remove our board over here for now now let’s take a closer look at our package so this is it now be careful doubt to lose this because obviously it’s got per box information on this chip we don’t want to be losing it because if we lose it above it so there is tiny little thing just to give you an idea my thumbnail my tiny little my little finger there basically into my little finger tells you how big this thing is all otherwise so what we’re going to do is we’re just going to flip it over and you can see there now you’ve got the the eight contacts there around the outside so this is a technically a dfn or dual sided no lead package no lead because of course it has no legs it’s just got these pads on the outside edge which connects to the board and what we’re going to do is we’re just going to run a tiny little bit of IPA across the back of that the back of that chip so it’s going on a tiny bit back that you’re going to hold the thing in place with the center pad there with a pair of tweezers well we just go around the outside edge of those pins with a bit of IPA so that’s just to get any flux residue and everything off there because obviously when we put it in the jars of the programmer if that’s covered in that’s covered in flux and God knows what then it’s not going to read off too well not to mention it’s going to do it to the pins on our programming socket and that’s not going to do that much good either so we have that off now so what we’re going to do now ladies and gentlemen is we are going to go and we’re going to get our programmer together and we’re going to plug in our socket I’m going to put our chip into our socket and then let’s see what we get we don’t put off on the plot on the PC so we have D soldered the nor flashes we saw in the previous clip and what we’re going to do now is we are going to attach our teensy programmer to this VM now we’ve already placed the nor flash into our socket so we’re just gonna offer that now – since virtual machine there we go so what we’re gonna do now is as before we’re going to have a look in manage I’m gonna go into device manager on this VM and we’re just going to check to ship to see that our teensy programmer is indeed detected and is ready to go so device manager ports common LPT and we can see there it’s been issued comport 3 which is cool so we’re going to open our spi Y shortcut again that’s per part 2 and part 3 on the on the previous series so we’re just going to check to see that we can indeed talk to our flash by offering the in phone command and as you can see there it has successfully identified our chip type and the manufacturer and the flash size is connect so if you’re wondering what we’re doing here we are gonna fly through this a little bit if you want a little bit more in-depth information we’ll link in part 3 to the previously we just here and this will explain this process in a lot more detail but we just want to cover off you know 1200 series what you need to do as far as identifying the patch and things you’re going to need to repair your firmware so we’ve confirmed that this machine has controller sync issue and it does look like firmware so as we can see there so it we can see our flash information so we want to dump this so if you remember from part 3 of the previous series we created this little folder in the root of C called ps4 BIOS that’s where we’re going to dump our nor flash – so command prompt now we know we can communicate with our chip we’re going to issue it the command to dump so that’s SPI a dot pi space give it the comm port number which is con port 3 you want to tell you we want to dump and we want to dump nook 2 C colon backslash ps4 BIOS but slash and we’re going to call this our week zero dot bin so you can call it anything you like and we’re going to dump this several times to make sure we can get a consistent dump so x0 will create our week one and week two you could call it the one bin – but – duck bin and three dot bin if you like it doesn’t really matter as long as you give it some sort of name and adopting extension at the end now it’s important to make sure this CPS for BIOS folder exists before you give SPI weather command because unfortunately it’s not

clever enough to actually create that folder on the fly if it’s not there so we’re going to hit enter on that and that is going to go away and dumped our nor flash contents as they are so I’m going to do that we’re just going to let that run through so for those of you who haven’t seen the previous series parts one two and three I do recommend you do go through and watch them part one goes through the components you’ll need to actually build the teensy program there is an addendum for these 1200 series videos so for these two 100 series ps4’s the 1200 series ps4 uses a slightly different package nor flash so you’ll be wanting a different socket for those that video details the socket you will require on the pinout for that socket or you know if you just want to sold it jump leads directly to the to the rear of the chip course you can do that and you know as I say the pinout for that is available on that video part two goes through how to program your teensy with a relevant software you’ll need to to do the flash and install the software P because it’s and where to download all the movies bits and pieces from part three actually goes through the actual dumping procedure so very much like what we’re doing now but goes through it and play a bit more detail and what we’re going to go through it here we just want to touch on I was conscious last time you know we started just touched on how to identify you bit some pieces for the twelve hundred now some people would rather actually see see you know the procedure actually done under twelve hundred as well so that’s cool I have absolutely no problem with that and as I say this one turned up a couple of weeks ago I think now so this has been on my list of things to do so I just thought for completion it would be nice just to showcase what we do with a twelve hundred as well you will see actually it’s very very similar to the SCA and SNA be revisions so we’re just coming up to the twenty Meg mark now so this takes a couple of minutes about two or three minutes per dump so we’ll just show you what we do to create the first one and then we’ll go away and we’ll create comes two and three off off camera we’ll come back to the process because there’s no point in you sitting through six or seven minutes or watching it just do this really I’m going to show you doing this this one in real time purely because you know it’s good good for you to see G know just how long it’s actually going to take for a normal dump so we’re just heading up to the twenty five Meg mark now twenty six make there so its measured in kilobytes this two thousand seven hundred sixty eight kilobytes it’s two megabytes in whole money so that’s why it says 32,768 K Bainer for anybody who doesn’t know so we’re nearly done now just coming up to the twenty-nine mark this has probably got about thirty seconds or so left if that on this dump and then once we’ve done that we will read UMP it again so what we need to do we need to do this a couple of times so we can actually compare and contrast the dumps we get and actually ensure that they are valid because the last thing we want to do is actually overwrite you know our good well for all intensive purposes were working firmware with something that is completely wrong and doesn’t work at all because we only have one shot right in this chip and if we are rewriting something that isn’t correct guess what we ain’t going to get any working PlayStation ain’t gonna boot and do anything else over again because of course the flash mob is unique to each PlayStation the world over so anyway that’s finished and you can see there now that it says that the dump was done in 2 minutes and 59 seconds and we can also see in our CPS 4 boss now we have this object 0 pin file which is nice so if I go back to SPI way then just press the up arrow on your keyboard you will notice that it repeats the previous command what we want to do now is just curse L left we’re saving 0 do a backspace and replaces email with a 1 so this is going to create our week one up in then we’re going to press ENTER and that’s going to go away and as you can see there now just popped in behind it’s starting to dump this week one not been here into our CPS for BIOS folder so we’re going to repeat that at the end of this process as well so we get an RV to dock pin and then we’ll come back once we have those three files here in our CPS for bass folder and we’ll look icon all right okay so now we’ve actually got our firmware dumps in place we need to identify the Wi-Fi chip revision on these boards to make sure that we get the right one because if we flush the wrong patch over the top of our firmware actually the machine doesn’t boot which is interesting so it’s in vital important actually at this bit right so in order to do that you need to locate your Wi-Fi bluetooth module on your ps4 mainboard and if you have a look here where the natural power supply plugs in so you’ve got these big metal pins here it’s just to the left-hand side of that so just at the side of the the port blocks here so where the HDMI and everything else is and the Ethernet port

here and it’s just beyond this little copper boundary here so this is your Bluetooth Wi-Fi module and as you can see on this particular board if we have a lock you can see we actually have if you look under this QR code here it says aw NB to 1/8 and that is our that aw NB to 1/8 is our model of Bluetooth Wi-Fi module controller on this particular ps4 and if you have a look here just in the middle it says there revision 1.2 and I don’t know if you can actually there you go you can see really nice and clearly there now so revision 1.2 so what we actually need to go away and do now is we need to go back to our firmware dumps folder that we downloaded at the beginning of this process and what we actually want to do now is get the 1.2 revision a wnb 2 1 8 – 2 firmware C double O 2 that 20,000 won bin file and use that to patch our consoles firmware with so will hop back onto the PC now and we’ll go do them right okay so now we’ve actually got our ps4 firmware files dumped onto our PC and we’ve identified which wireless card we actually have installed in our case it was an aw – on a 10 B we can actually use this information now to identify if we have any corruption now flash so for the real detail behind what we’re doing I recommend you go back and watch part 3 as I’ve already said we’re just going to fly through this as an example as to what you need to do for the si si so as I say for the real detail go watch part 3 but if you just want to see real quick down and dirty version and what to do and we’re going to show you now so we have our three dumps so what we need to go and do is just check that those three dumps are consistent with each other so to do that we open hxd which is our install text editor and we’re going to go to file and open I will click this little file open dialog box here and we’re going to navigate to our C ps4 BIOS folder where our firmware dumps align remember these are we going to are we are we get 0 our week 1 and I like to drop in files so just drag all three or ctrl a to I like them all and then hit open and you end up with this little tab view so each file opens in its own individual tab what we want to do is just compare and check that each one of these files is consistent with each other because what that ensures is that all three dumps are the same and we can borrow be certain that it’s a good dump if all three are the same so go to analysis you have to file compare and compare source file we want to set as our week zero duck bin target file is all one that’s absolutely fine so say okay and that will compare our week zero two or each one and it will identify any differences now what we actually want is what we are seeing here this little information box telling us that the chosen files are identical so say ok to that and then go back to the same menu so analysis file compare and compare and this time the target file wants to be changed to our week two so this will compare lx0 208 to say ok again now once again we get the same message at the chosen files are identical so that’s perfect because that what what that tells us is that I mean 0 dumped in on week 1 dot bin and re-tune up in exactly the same down to the last bit and for three individual dumps to be cooked in the exact same fashion would be so unlikely that it’s just not even worth thinking about so if we get three that are the same as we can see here then we can be certain that what we’ve actually got on here matches exactly what we’ve got on our firmware chip currently on our playstation so we’re just going to close out of HX d for now I’m going to go back to our C ps4 BIOS folder and I’m going to create a folder in here called originals now we’re going to drag and highlight all three of our original dumps and drag them into the originals folder and these are going to stay in here and we aren’t going to touch them these are purely there for backup but we are going to make a copy of our week 0 we’re going to copy that back into the ps4 BIOS folder and this is the file we’re going to be doing some work on so now we need to make sure and actually verify if we have any corruption there so to do with that what we do is we go into this ps4 acid flash tool which again we installed as part of part two of the previous video series what we need to do now is when acid-wash does a eventually arrive we need to extract and that will bring us to this nor SLB to extract err so basically the big bin file we’ve dumped off or made up of lots of tiny smaller sections which I put together in the factory and uploaded to the chip during production so what we actually want to do is get out the individual components so we can see a

lot easier where the corruption may lie so we hit the open button underneath this noir dumper area so it’s like ps4 noir them to extract come on there we go right so ps4 BIOS and we’re going to open our legs erode up in so that’s the one we’re working on remember so this will show you the MAC address the console serial the sha-1 hash of the ps4 you currently working on I’ve grade those out for obvious reasons again the will show you the SKU the model number our PlayStation that this firmware dump is from and the firmware version as well as we said in part three of the previous version that’s the old offset this program looks at that doesn’t matter so if your shows F’s just ignore that that’s fine as long as the MAC address in the serial number match up something similar to what you’ve expecting that’s cool and then use this slight the folder to save files and hit save and then go down to see Pierce well BIOS I’m going to create another folder in there and we’re going to call this original extracted because this is where all the various individual bits and pieces are going to be pulled out to hit extract now and shortly we should see a little message pop up for us to say that the nor dump has been successfully extracted and we do so we can say ok to that close acid flash because we are done with it so what we need to do now is go back into this PC navigate to see ps4 BIOS originals extracted flash extracted and you can see now we have all these various little bin files here so our ps4 Bluetooth Wi-Fi firmware lives in this C double o 20001 bin file now then if you have a look in the dish in the description of this video you will see a link to this ps4 C double o 20001 templates zip file you need to download that’s I recommend you down to your desktop and extract it there as well and that will give you this little folder here and in here is a set of working templates for that 20,000 won bin file so if we find corruption in here we can actually repair it using the various bits and pieces in here now if you watch part three of our previous tutorial series you will notice that we actually went into this swas a/b folder because we had an essay be bored if you are on a 1200 series playstation you will definitely have an essay see revision board so it’s this folder we’re going to be wanting to lock in now we need to see if we have any corruption right so open your extracted 20001 not bin file from your dump which we just got out of acid flush and that will open in a tab here in hxd as you can see it’s in our original extract and flash extracted folder then go to our dumps folder so this is the zip file you should download and extract to by now and remember how earlier on we identified that we have nee wnb to18 chipset on our motherboard and also remember we had a revision 1.2 chipset yep so go into there and that is how you identify which C Double L 20001 dot bin file you’ll need is a template to repair any corruption that you might encounter so you go into si si if you’re on a 1200 revision like I say we know we have you know check out your model of Wi-Fi board Bluetooth board on your Playstation as I say in our case it is naaw MB to 1/8 and the revision and there we go so if we double click that to open it up in hxd will see that alongside our flash extracted bin file we now have our template bin file next door to it so what we can do now is we can use the analysis file compare compare function to compare both these samples bite for bite if they come back is identical then we can say that we do not have any corruption in our bin file and the issue is actually with either the motherboard or the controller chipset itself so you can either go away replace that I’ll find somebody who can but we will find out shortly by hitting okay and as you can see here rather like in part three on the last video it picks out a difference for us and the first bit that’s different is indeed start of a big big big big big big big block of EPs and remember from part three blocks of F’s in the middle of your firmware file mean corruption if it finds any sort of bit that is different so if it pulls out any difference in here whether it would be a big block of F’s or just one set of characters that seems to have

changed then you have corruption in there and you are going to want to fix that so to do that close both of those go to open ps4 bios your objects 0 dot bit the one we’re going to be working on the map open that and you will see in this revision 1.2 folder that we had open earlier we have this hex offset one double for 200 so make a note of that number because you’re going to need it and then open your 20001 dot bin file repair template again so remember that number we just made a note of go to search and go to in your eggsy road up in tap the number after the 0x so in our case it was 0 X 1 double for 200 so we’re going to type 1 double for 200 make sure this little bit is set to the hex and offset a little bit to is begin and then say okay now then it opens it right at the bottom of the window as you can see so we’re going to scroll down a little bit so it goes towards the top okay now go back to your seat double-o 20,000 one dot bin you know the template one we’re going to use to repair the corruption and then what you want to do in here is actually go to edit select all and edit and copy so we now have a good copy of the section of firmware in memory and make a note of this length here 695 f e so go back to our exil’d up bin and then go to edit just check that again so it’s 695 Fe so one so yeah length 695 Fe so back to your big zero dot bin where your corruption is prevalent so remember it’s our big zero dot bin that we put into that ps4 BIOS folder and then go to edit select block length select length and then type that number in so 695 Fe wasn’t it make sure the bottom is set to hex hit OK and that will highlight the entire container for our Bluetooth or Wi-Fi firmware and then we’re going to overwrite that bad copy without a good copy and we do that by going to edit and paste right not paste insert or ctrl V we won’t do paste right or ctrl B and what that will do is that’s effectively going to overwrite that entire section with good firmware and we can see a lots of a text read text is good that means where that’s basically where something’s been inserted are modified in our file which is good so we can save that now to commit the changes and you’ll see now everything goes black so you can see in there now we have no f’s in it all looks good so if you go file and go to you can see this offset 144 200 still there so say okay and that’ll jump you right back to the top of where we inserted our patch and of course you still have the zeros above and everything looks good so as I say we save the changes there if you want to save it as a another name just to differentiate the two of course you can you can go to file save as cut maybe something like zero fixed dot bin or you know anything like that really hit save and then you’ve got a differentiate you know saved copy of it as well so you close hey checks d and you can see now we have our two rectified bin files there make a backup of those somewhere make a copy of them and now we can go back to SPI Y and write that back to flash so if we do SPI white dot PI space women become and you can port number which in our case is con pop3 and then we want to write and verify which is V right and then space and then give it the file path to our modified bin file so in our case C colon backslash ps4 BIOS backslash or big 0 dot min we can also use the obvious eval fixed up bin remember because we created that backup as well and then hit enter on your keyboard and as you can see now that’s going to write our file back to our device and that’s going to take around 10 minutes or so to do so at MPT 1012 sorry between 10 and 12 minutes to do on this particular machine yours might be a

little bit quicker might be a little bit slower to save a little bit of time what you can do is you can use right without the V and that will just write the file back to back to flash v right is particularly nice because what it will do is it will right the file to flash and they will read it back and compare it against what it’s actually written so it will def either what’s on the chip is exactly what’s in our bin file there so we can be perfectly sure with a V right that what’s on that chip is exactly what we want to be there so that’s that and that will finish and then once that’s done and you receive the dumb message you can go ahead resold at your flash chip back to your ps4 motherboard and you should be good to go all right okay ladies and gentlemen sighs before let’s give this a test we can see we have our 1200 series ps4 plugged in here we’ve got the controller kated you can see the charging lights on there it’s connected by this white USB lead and it it looks like it’s been initialized by the by the user so without further ado let’s see what we get our me Charlie sink controller so show you the charging light is on there so no further ado let’s hit that PS button oh there we go and you can see there now we remove the USB lead there we go can see we still maintain sync and we can do everything we want so we’re in London of course oh hey no set that date and time but yeah as you can see that’s now all working lovely actually in the third 20:55 well this PlayStation is lasted one time wheel just have a quick look what timer on it is Lily today very early there we are so we’re back in the main menu and as bethought controls are nice the sink and everything there seems to be working so we’re going to power this down and we’ll call that fixed so thanks very much again ladies and gentlemen for taking the time out to watch this very quick Whistlestop tour of what to do with the 1200 series ps4 with that though my controller sink co-option so I hope you’ve enjoyed this and you’ve learned something from it as before please remember to comment like rate and subscribe the video and subscribe to the channel of course and you know I hope this is proved useful for you because I was conscious of the fact that the day before we didn’t actually cover off the method you use to actually select the appropriate firmware patch and it’s always useful just to see it run through again or a bit a little bit quicker but yeah if you want to see everything in a little bit more detail I do recommend you go and watch part 3 which will link in annotation just here and yeah so I’ll see you on the next one boys and girls which hopefully shouldn’t be too long away now and thanks for watching remember you can any problems you can get molded me here on youtube either drop a comment below in the video or I’ll drop me a private message alternatively hit me up on Twitter I need to what your channel we have that’s at YT and RuPaul and as before I you know any sort of announcement so early heads up on new videos and things will probably end up there before they you tube so it’s always useful to come along and just keep an eye on us so yeah thanks very much for watching and I will see you on the next one so but you know until x1 it’s bad for me there we go so this here is the entire PlayStation 4 Bluetooth wireless firmware as it sits on our flash ROM so this is as our PlayStation 4 sees it so how can we tell if that’s corrupt because it just looks like a load of old garbage to me well

have a scroll down