PS4 UART Guide

This is a guide for diagnosing pulsing blue light of death (BLOD) on the PS4 by BwE of BetterWayElectronics

Tools you will need:

 * A programmer to dump the flash (I use CH341A for example)


 * Proper adapter for the bios chip (see below)


 * Programmer Software (I use AsProgrammer)


 * Serial monitoring software (I use Putty)


 * A USB to TTL 3.3v converter (I use CH341A)


 * insulated wire (needs to be thick enough)


 * Hex Editing Software (I use HxD)


 * Soldering Iron


 * Hot air station


 * Solder


 * Flux

Starting Up
BwE has provided a 'UART & Programmer Collection' pack which will aid in this project. It contains all of the following:


 * CH341A Programming Software
 * AsProgrammer 2.03a
 * SkyGz CH341A Mini Programmer Black Edition 1.18
 * NeoProgrammer 2.2.0.8
 * Modified SkyGz CH341 Programmer v1.1.1.25 by Kovzhun Mikkhail Alexandrovich (English/Russian)
 * CH341A Drivers
 * Logic Analyzer Software
 * Pulseview
 * Zadig (USB Driver)
 * PuTTY
 * USB TTL Drivers
 * FT232
 * PL2303

     Depending on the USB TTL device you have you need to install the drivers for it. If you are not using the above pack, download the appropriate driver below. PL2303 is not recommended.


 * FT232RL: https://ftdichip.com/drivers/vcp-drivers/


 * PL2303: http://www.prolific.com.tw/US/ShowProduct.aspx?p_id=225&pcid=41


 * CH341A: http://www.wch-ic.com/downloads/CH341SER_EXE.html

Dumping/Patching
Desolder your NOR chip from the board, if you do not know where that is or how to do it I suggest you discontinue this adventure early.

Next is to solder the chip to a breakout board, as seen below.

If you have a SOIC chip (it has little legs) then soldering is quite easy, just use heat.

If you have a WSON chip (the legs are not exposed, as pictured below) then you must mask off the ground pad with something non-conductive and heat resistant. I used kapton tape.

Once it is on the breakout board, read the chip with whatever you have chosen to program it with. Teensy using NORWay or a CH341A for example.      

Using the aforementioned software (Or nothing if using NORWay) dump the NOR at least twice and compare the MD5 of each dump, you can use HxD or some other tool to do this. Generally if you have desoldered the NOR and put it on a breakout board there is minimal chance for failure.

It is still best practice to validate your NOR for corruption or errors using the BwE PS4 NOR Validator as you may find the issue even before reading UART. 

Patching
UART will display empty spaces unless patched, so you must either enable it within a jailbroken console, or because you're here, via patching the NOR directly.

This can be achieved automatically with BwE PS4 NOR Validator, BwE PS4 NOR Patcher or manually on offsets 0x1C931F and 0x1CC31F by changing both to 01.

Writing
Using the same software you used to dump the NOR start by erasing it entirely and then writing your patched dump. Erasing it seems to fix a few issues that may cause the BLOD in PS4's (and even some issues in the PS5). This makes the whole process longer, but it is worth it.

Once this is done, remove the NOR chip from the breakout board and put it back on the console the way you found it. Ensure everything is clean and well presented.

Soldering UART Pins
The only 2 pins you will need to solder is Ground, and TX. Before you start, ensure that the TX pin on your PS4 is indeed getting 3.3v on start up.

If your USB TTL has jumpers, ensure that it is set to 3.3v.

Attach or solder the ground and TX lines to the USB TTL and plug it into your computer. Do not use cable that is too thick or too thin. I generally just use jumper wires as they are easy to plug into the USB TTL device.



Assembly
 </li> If you want to keep this permanent, ensure that your cables are long enough and you are able to route to the USB TTL while the case is closed.

Make sure the pins are insulated when reassembling the console. Make sure there is no force on the wires.

You can also choose to not re-assemble the console, just ensure that you have a heatsink on top of the APU and power it correctly.

Reading the UART
I suggest using BwE UART Reader to read the UART output: https://betterwayelectronics.com.au/downloads/BwE_UART_Reader.rar

Run the program and it will auto detect and select your COM port and open a connection to the PS4. When finished it will save a log file for your records.

Diagnostics

 * Boot the console
 * Whatever the UART stops at is often the issue, but errors can be hidden within. You may have to spend time reading and looking for issues.

ERROR:DCT[0/1] is disabled
The first ram block has a failure. A ram block is a pair of ram modules. It will complain about both of them, even when only one is failing. The ram blocks are 0/1, 2/3, 4/5, 6/7</li>

ERROR: main(####) loadBios -8
Accompanied with ERROR: loadBios(####) sceSblSlLoadSelf -8, ####

Your syscon is not decrypting the CoreOS in both errors.

Solution: Replace all per-console chips with that from a donor board. Essentially get an entirely new working or partially working console and use it for parts.

Best Solution: Swap active CoreOS with inactive, you need to patch the NOR and Syscon in order to facilitate this. https://www.youtube.com/watch?v=hcmMSYmwSUQ

https://www.betterwayelectronics.com.au/#ps4sales

https://betterwayelectronics.com.au/sce_syscon.html

SAMU Enter/Leave
Loops the message SAMU Enter and SAMU Leave.

SAMU is responsible for managing keys and decryption.

APU is likely the cause, no definitive fix.

IDPS Error
Console is a brick, place it gently in the bin or strip it entirely for parts. Unfixable.

Panic EAP Key Not Available
Fixable with BwE PS4 NOR Validator. https://www.betterwayelectronics.com.au/#ps4sales

Example Outputs

 * LoadBios: https://pastebin.com/4rgJA5pb
 * SAMU Enter/Leave: https://pastebin.com/h6aqUnKv