Editing Graf's PSGroove Payload
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
=graf_chokolo's Payload= | =graf_chokolo's Payload= | ||
This payloads have been around for months, and not many people have played with them.. they do amazing stuff | This payloads have been around for months, and not many people have played with them.. they do amazing stuff | ||
==Source Code for a git bootstrap and the payload from coolstuff.rar:<br>== | ==Source Code for a git bootstrap and the payload from coolstuff.rar:<br>== | ||
Line 8: | Line 8: | ||
http://git-hacks.com/graf_payloads/graf_payloads/ | http://git-hacks.com/graf_payloads/graf_payloads/ | ||
drar | |||
http://www. | http://www.megaupload.com/?d=9BGFIXJD | ||
==Requirements:== | ==Requirements:== | ||
Line 463: | Line 461: | ||
===PKG's=== | ===PKG's=== | ||
*update_mgr_inspect_pkg | |||
===Hooks=== | ===Hooks=== | ||
*self_decrypter_hook | |||
*vuart_hook | |||
*stor_hook | |||
*hvcall209_hook | |||
===Dongle/Product Mode (recovery mode) | ===Dongle/Product Mode (recovery mode)== | ||
*usb_dongle_auth | |||
*product_mode_off | |||
=== | ===Expoits=== | ||
*hv_mmap_exploit | |||
*exploit_isoldr_mbox | |||
*exploit_lv2ldr_mbox | |||
*exploit_lv2ldr_ls | |||
*exploit_appldr_mbox | |||
===System Controller (SC) manager=== | ===System Controller (SC) manager=== | ||
*sc_mgr_read_eprom | |||
*sc_mgr_get_region_data | |||
*sc_mgr_get_sc_status | |||
*sc_mgr_get_srh | |||
=== aim - aim_spu_module.self === | === aim - aim_spu_module.self === | ||
*aim_get_device_type | |||
*aim_get_device_id | |||
*aim_get_ps_code | |||
*aim_get_open_ps_id | |||
=== SC - sc_iso.self === | === SC - sc_iso.self === | ||
*sc_iso_sc_binary_patch | |||
*sc_iso_get_sc_status | |||
*sc_iso_get_property | |||
*sb_iso_get_rnd | |||
*sb_iso_encdec_key | |||
===MFW/CFW/Patch Testing=== | ===MFW/CFW/Patch Testing=== | ||
*store_file_on_flash | |||
*replace_lv2 | |||
===vflash/flash/hdd=== | ===vflash/flash/hdd=== | ||
*patch_vflash_region | |||
*create_vflash_region | |||
*store_file_on_vflash | |||
*create_hdd_region | |||
===Patches=== | ===Patches=== | ||
Line 527: | Line 526: | ||
**encdec_cmd_0x85 | **encdec_cmd_0x85 | ||
**edec_kgen1 | **edec_kgen1 | ||
==Setting QA Mode== | ==Setting QA Mode== | ||
< | <pr> | ||
This section is in development anyone feel free to share and edit this section | |||
</ | </pr> | ||
First you have tu dump your Flash -> Extract EID -> Extract EID0 and EID4 -> put them on eid.c | |||
To do this you can use [[Hardware_flashing]] or Linux with graf_chokolo kernel with acces to '''/dev/ps3nflasha''' [[[[Links_to_precompiled_stuff]] | |||
Once you are set | Once you are set | ||
Use the payloads in the following order uncommenting the required function | Use the payloads in the following order uncommenting the required function | ||
Set the QA flag | |||
*update_mgr_qa_flag() | |||
Calculate the token | |||
*update_mgr_calc_token() | |||
Verify token | |||
*update_mgr_verify_token() | |||
Set the calculated and verified token in '''update_mgr_set_token.c''' | |||
*update_mgr_set_token() | |||
'''You should use wireshark | ''' | ||
You should use wireshark to capture the responses''' | |||