Editing Patches

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
== 3.41/3.55 patches ==
[[Category:Software]]
=== Summary ===
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;"  
{| border="1" cellspacing="0" cellpadding="5" border="#999" class="wikitable" style="border:1px solid #999; border-collapse: collapse;"  
|- bgcolor="#cccccc"
|- bgcolor="#cccccc"
Line 11: Line 10:
| waninkoko v1 || YES || YES || YES || YES || YES || YES || YES || bricks all [http://www.ps3devwiki.com/index.php?title=SKU_Models 256MB NAND SKU's]
| waninkoko v1 || YES || YES || YES || YES || YES || YES || YES || bricks all [http://www.ps3devwiki.com/index.php?title=SKU_Models 256MB NAND SKU's]
|-
|-
| [http://pastie.org/private/ayacg9ng3xeop78viscdya kmeaw] || YES || YES || YES || YES || NO || YES || YES ||  
| kmeaw || YES || YES || YES || YES || NO || YES || YES ||  
|-
|-
| waninkoko v2 || YES || YES || YES || YES || YES || YES || YES || extensive lv2 patching
| waninkoko v2 || YES || YES || YES || YES || YES || YES || YES || extensive lv2 patching
Line 19: Line 18:
|}
|}


<div>
:lv1_function_114 mmap (lv1.self)
* lv1_function_114 mmap (lv1.self)
:lv2 peek (lv2_kernel.self)
* lv2 peek (lv2_kernel.self)
:lv2 poke (lv2_kernel.self)
* lv2 poke (lv2_kernel.self)
* debug pkg (nas_plugin.sprx)
* pseudo-retail pkg (nas_plugin.sprx)
* unsigned app (vsh.self)
* install pkgs (category_game.xml)
* app_home (category_game.xml)
</div>


===nas_plugin.sprx===
:debug pkg (nas_plugin.sprx)
:pseudo-retail pkg (nas_plugin.sprx)
:unsigned app (vsh.self)
:install pkgs (category_game.xml)
:app_home (category_game.xml)


==== geohot patch ====
 
:<b>Allow</b>: pseudo-retail pkg installation
==nas_plugin.sprx geohot==
:geohot patch
::pseudo-retail pkg installation
<pre>
<pre>
< 00003250  7c 06 03 78 48 04 b7 21  e8 41 00 28 7c 60 1b 78
< 00003250  7c 06 03 78 48 04 b7 21  e8 41 00 28 7c 60 1b 78
Line 39: Line 37:
> 00003250  7c 06 03 78 48 04 b7 21  e8 41 00 28 38 00 00 00
> 00003250  7c 06 03 78 48 04 b7 21  e8 41 00 28 38 00 00 00
</pre>
</pre>
*Note : Official COBRA7 includes this patch as well, old homebrew from 3.55 era need this patch.
*ex) modulespatch in COBRA7 -> { geohot_pkg_offset, LI(R0, 0), &condition_true }


====kakaroto patch====
:<b>Allow</b>: debug pkg installation
::--allow-debug-pkg (ps3mfw command-line option)
<pre>
< 2f 89 00 00 41 9e 00 4c 38 00 00 00 81 22 8b 10 81 62 8b 14
---
> 2f 89 00 00 60 00 00 00 38 00 00 00 81 22 8b 10 81 62 8b 14
</pre>
*Note : Most CEX MFWs include this kakaroto's patch, also used in COBRA7.
*ex) modulespatch in COBRA7 -> { elf2_func1 + elf2_func1_offset, NOP, &condition_true }
==== rebug patch ====
:<b>Allow</b>: pseudo-retail pkg installation
<pre>
< 41 9E 01 B0 3B A1 00 80 3D 00 2E 7B 7B BD 00 20 3D
---
> 60 00 00 00 3B A1 00 80 3D 00 2E 7B 7B BD 00 20 3D
</pre>
*Note : Also can be used for DEX CFW as well.
*ex) PS3iTA, REBUG REX/D-REX


====ecdsa check patch for fw 4.50 cex====
==nas_plugin.sprx waninkoko==
:<b>Allow</b>: pseudo-retail pkg installation
:PL3 patch
:: debug pkg installs
:: --allow-debug-pkg (ps3mfw command-line option)
<pre>
<pre>
< 00003260 E8 41 00 28 7C 60 1B 78 F8 1F 01 80 E8 7F 01 80
< 00037350 41 9e 00 4c 38 00 00 00  81 22 8b 10 81 62 8b 14
---
---
> 00003260 E8 41 00 28 7C 60 1B 78  F8 1F 01 80 38 60 00 00
> 00037350 41 9e 00 04 38 00 00 00  81 22 8b 10 81 62 8b 14
</pre>
</pre>


====waninkoko patch - PL3 ====
==nas_plugin.sprx kakaroto==
:<b>Allow</b>: debug pkg installs
:kakaroto patch
:: --allow-debug-pkg (ps3mfw command-line option)
::debug pkg installation
::--allow-debug-pkg (ps3mfw command-line option)
<pre>
<pre>
< 00037350  41 9e 00 4c 38 00 00 00 81 22 8b 10 81 62 8b 14
< 2f 89 00 00 41 9e 00 4c 38 00 00 00 81 22 8b 10 81 62 8b 14
---
---
> 00037350  41 9e 00 04 38 00 00 00 81 22 8b 10 81 62 8b 14
> 2f 89 00 00 60 00 00 00 38 00 00 00 81 22 8b 10 81 62 8b 14
</pre>
</pre>


===vsh.self===
==vsh.self==
====PL3 patch====
:PL3 patch
:<b>Allow</b>: allow unsigned apps on CEX MFW
::allow unsigned apps


<pre>
<pre>
Line 99: Line 79:
   31a7e0: 88 09 00 00 lbz    r0,0(r9)
   31a7e0: 88 09 00 00 lbz    r0,0(r9)
</pre>
</pre>
modulespatch in COBRA7
{ elf1_func2 + elf1_func2_offset, '''NOP''', &condition_true },


<pre>
<pre>
Line 122: Line 99:
</pre>
</pre>


modulespatch in COBRA7
==lv1.self graf chokolo==
:graf chokolo patch
{ elf1_func1 + elf1_func1_offset, '''LI(R3, 1)''', &condition_true },
::lv1_undocumented_function_114 (mmap)
{ elf1_func1 + elf1_func1_offset + 4, '''BLR''', &condition_true },
 
*Note : Commonly used in almost all 4.xx MFWs, Do '''NOT''' use this patch for '''DEX MFW''', it breaks the ability to run NPDRM fself.
 
 
====reActPSN====
:<b>Allow</b>: unsigned act.dat and *.rif files
 
<pre>version      addr      old data          new data                  function
3.55retail  0x30b230  4b cf 5b 45  ->  38 60 00 00    // fixed  allow unsigned act.dat *.rif
3.55retail  0x30ac90  48 31 b4 65  ->  38 60 00 00    // fixed  act.dat missing after reboot
     
3.55debug    0x312308  4b ce ea 6d  ->  38 60 00 00    // fixed  allow unsigned act.dat *.rif
3.55debug    0x311d68  48 31 b7 d5  ->  38 60 00 00    // fixed  act.dat missing after reboot
     
3.41retail  0x305dc4  4b cf af b1  ->  38 60 00 00    // fixed  allow unsigned act.dat *.rif
3.41retail  0x305824  48 31 43 ad  ->  38 60 00 00    // fixed  act.dat missing after reboot
     
3.41debug    0x30cedc  4b cf 3e 99  ->  38 60 00 00    // fixed  allow unsigned act.dat *.rif
3.41debug    0x30c93c  48 31 47 1d  ->  38 60 00 00    // fixed  act.dat missing after reboot
 
4.30debug    0x2481e4  4b db 8b 91  ->  38 60 00 00    // fixed  allow unsigned act.dat *.rif
4.30debug    0x247c44  48 3d 59 61  ->  38 60 00 00    // fixed  act.dat missing after reboot
 
</pre>(Source : http://pastebin.com/26RHud5Q)
 
====XMB InGame ScreenShot Feature====
:<b>Allow</b>: taking screenshots in every game (ps3,psp,minis,... - except ps2)
 
4.21 retail:
 
* Export: vshmain_981D7E9F is retrieving enabled(1)/disabled(0) Screenshot feature-flag from dword_720A4C+4
 
seg001:0000000000193498
seg001:0000000000193498 _Export_vshmain_981D7E9F:              # DATA XREF: OPD:_Export_vshmain_981D7E9F_opd�o
seg001:0000000000193498                lis      r9, dword_720A4C@h
seg001:000000000019349C                lwz      r9, dword_720A4C@l(r9)
seg001:00000000001934A0                addi      r9, r9, 4
seg001:00000000001934A4                lwarx    r0, r0, r9                                ->  li    r0, 1
seg001:00000000001934A8                srawi    r9, r0, 0x1F
seg001:00000000001934AC                xor      r3, r9, r0
seg001:00000000001934B0                subf      r3, r3, r9
seg001:00000000001934B4                srwi      r3, r3, 31
seg001:00000000001934B8                extsw    r3, r3
seg001:00000000001934BC                blr
seg001:00000000001934BC # End of function _Export_vshmain_981D7E9F
 
This fix will make xmb enabling screenshot save button, but it will error out when trying. it requires another patch inside vsh.self:
 
sub_195084:  (4.21 retail as well)
...
seg001:00000000001950A0                lwz      r9, dword_720A4C@l(r9)
seg001:00000000001950A4                stfd      f31, 0x190+var_8(r1)
seg001:00000000001950A8                std      r22, 0x190+var_68(r1)
seg001:00000000001950AC                std      r23, 0x190+var_60(r1)
seg001:00000000001950B0                std      r24, 0x190+var_58(r1)
seg001:00000000001950B4                std      r25, 0x190+var_50(r1)
seg001:00000000001950B8                std      r26, 0x190+var_48(r1)
seg001:00000000001950BC                std      r27, 0x190+var_40(r1)
seg001:00000000001950C0                std      r28, 0x190+var_38(r1)
seg001:00000000001950C4                std      r29, 0x190+var_30(r1)
seg001:00000000001950C8                std      r31, 0x190+var_20(r1)
seg001:00000000001950CC                addi      r9, r9, 4
seg001:00000000001950D0                lwarx    r0, r0, r9                                ->  li    r0, 1
seg001:00000000001950D4                cmpwi    cr7, r0, 0
seg001:00000000001950D8                li        r3, -0x270D
seg001:00000000001950DC                beq      cr7, return
 
=====vsh.elf (CEX, 4.50)=====
<pre>
<pre>
< 00184278  7C 00 48 28
---
> 00184278  38 00 00 01
< 00185EB0  7C 00 48 28
---
> 00185EB0  38 00 00 01
</pre>
Thats it! Enables Screenshot-Feature working fine. Have fun, i do !
=== Remote Play with PlayStation 3 (Windows Software) ===
==== premo_plugin.prx ====
for 4.50
<pre>
< 0xB7E4 38 60 00 00  li r3, 0
---
> 0xB7E4  38 60 00 01 li r3, 1
</pre>
==== premo_game_plugin.prx ====
for 4.50
<pre>
< 0xC9E4 38 60 00 00  li r3, 0
---
> 0xC9E4 38 60 00 01  li r3, 1
</pre>
Enables playing Remote Play enabled games (via SFO) to be played via sonys official remote play pc software.
=== Make Remote Play SFO Flag obsolete ===
(for disc games)
==== game_ext_plugin.prx ====
original bytes:
<pre>41 9e 00 1c 2f 83 00 03</pre>
patched bytes:
<pre>41 9e 00 28 2f 83 00 03</pre>
===lv1.self===
====graf chokolo patch====
:lv1_undocumented_function_114 (mmap)
<pre>
Part1
< 2F 80 00 00 41 9E 00 28 38 60 00 00 38 80 00 00
---
> 60 00 00 00 48 00 00 28 38 60 00 00 38 80 00 00
Part2
< 000f5a40  39 08 05 48 39 20 00 00  38 60 00 00 4b ff fc 45
< 000f5a40  39 08 05 48 39 20 00 00  38 60 00 00 4b ff fc 45
---
---
Line 265: Line 119:
</pre>
</pre>


*Note : Allow mapping of protected memory, needed for lv2 peek/poke
==lv1.self wutangrza==
 
:wutangrza patch
====LV1 peek/poke (Unused LV1 calls 182 & 183)====
:: hash fixing
'''Allow''' : LV1 peek/poke
 
<pre>
< 64 00 FF FF 60 00 FF EC F8 03 00 C0 4E 80 00 20 38 00 00 00 64 00 FF FF 60 00 FF EC F8 03 00 C0
---
> E8 83 00 18 E8 84 00 00 F8 83 00 C8 4E 80 00 20 38 00 00 00 E8 A3 00 20 E8 83 00 18 F8 A4 00 00
</pre>
 
====Disable System Integrity Check====
 
<pre>
< 48 00 E0 35 2F 83 00 00 38 60 00 01 41 9E 00 20
---
> 38 60 00 00 2F 83 00 00 38 60 00 01 41 9E 00 20
</pre>
 
*Note : Safe to use with mismatched COREOS/SYSCON versions or if PS3 is not QA enabled
 
====Skip all ACL Checks====
 
<pre>
< 54 63 06 3E 2F 83 00 00 41 9E 00 14 E8 01 00 70 54 00 07 FE 2F 80 00 00 40 9E 00 18
---
> 38 60 00 01 2F 83 00 00 41 9E 00 14 38 00 00 01 54 00 07 FE 2F 80 00 00 40 9E 00 18
</pre>
 
*Note : Needed for OtherOS++/Downgrader
 
====wutangrza patch====
: hash fixing
 
<pre>
<pre>
< 00136bc0  00 00 00 00 00 00 00 00  72 73 78 20 64 72 69 76  |........rsx driv|
< 00136bc0  00 00 00 00 00 00 00 00  72 73 78 20 64 72 69 76  |........rsx driv|
Line 311: Line 134:
</pre>
</pre>


===lv2_kernel.self===
====PL3 patch====
:lv2 peek / poke


==lv2_kernel.self==
:PL3 patch
::lv2 peek / poke
<pre>
<pre>
< 00029330  7c 63 07 b4 38 21 00 a0  4e 80 00 20 3c 60 80 01
< 00029330  7c 63 07 b4 38 21 00 a0  4e 80 00 20 3c 60 80 01
Line 345: Line 168:
</pre>
</pre>


====wutangrza patch====
==lv2_kernel.self wutangrza==
:hash fixing
:wuntangrza patch
 
::hash fixing
<pre>
<pre>
< 002d6e00  6f 75 6c 64 20 6e 6f 74  20 67 65 74 20 50 50 50  |ould not get PPP|
< 002d6e00  6f 75 6c 64 20 6e 6f 74  20 67 65 74 20 50 50 50  |ould not get PPP|
Line 367: Line 190:
> 00359390  0d ca fd 2f 00 00 00 00  00 00 00 00 00 00 00 00
> 00359390  0d ca fd 2f 00 00 00 00  00 00 00 00 00 00 00 00
</pre>
</pre>
== 4.21 patches ==
=== Summary ===
=== lv2_kernel.self ===
==== kakaroto's sigcheck patch ====
In memory 0x800000000005A2A8 (which corresponds to offset 0x6a2a8 in lv2_kernel.elf) replace : "e9 22 99 90 7c 08 02 a6"
with : "38 60 00 00 4e 80 00 20".<br />(Source: https://twitter.com/KaKaRoToKS/status/260742786972798977
<br>Pastie webarchive backup: http://web.archive.org/web/20141024180714/http://pastie.org/private/3np6uj6md1occbctdeir6a)
== disable epilepsy message ==
<!--// thanks mysis //-->
patch to ''disable'' ([[Languages#Photosensitive_epilepsy_text_removal.2Freplacement|not just replace]]), the warning screen that is show on boot since FW 4.00 and when patched, no longer delays the VSH bootprocess
[[PS3MFW_Builder#disable_epilepsy_warning|PS3 MFW builder - disable_epilepsy_warning task]] (using the same search/replace as below)
seg024:00000000006E75F9 byte_6E75F9:    .byte 1                # DATA XREF: sub_CAC70+314�o
seg024:00000000006E75F9                                        # sub_CAC70+324�w ...
                                                                # 1 = show health care msg, 0 = dont show
=== VSH.self ===
the message and all about it are done in [[Sysconf_plugin]], but it is loaded with special parameter from [[VSH]]
==== Retail/CEX + Shop/SEX ====
  set search  "\x00\x00\x00\x02\x00\x00\x00\x01\x02\x01\x01\x01\xFF\xFF\xFF\xFF"
  set replace "\x00\x00\x00\x02\x00\x00\x00\x01\x02\x00\x01\x01\xFF\xFF\xFF\xFF"
==== Debug/DEX ====
  set search  "\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x01\x00\xFF\xFF\xFF\xFF"
  set replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00\xFF\xFF\xFF\xFF"
==== Tool/DECR + Arcade/GEX ====
nothing to patch, not set by default
  seg025:000000000070F8B9 unk_70F8B9:    .space 1
=== Offsets ===
{|class="wikitable" style="font-size:small; text-align: center;border:2px ridge #999999;"
|-
! vsh.elf !! 4.00 !! 4.01 !! 4.10 !! 4.11 !! 4.20 !! 4.21 !! 4.23 !! 4.25 !! 4.26 !! 4.30 !! 4.31 !! 4.40 !! 4.41 !! 4.45 !! 4.46 !! 4.50 !! 4.55 !! 4.60 !! 4.65 !! 4.66 !! 4.70 !! 4.75
|-
| {{CEX}} || 0x6D7100 || - || 0x6D7230 || 0x6D7230 || 0x6E7758 || 0x6E7758 || - || 0x6E7760 || - || 0x6E7860 || 0x6E7860 || 0x6E79C0 || 0x6E79C0 || 0x6E7C88 || 0x6E7C88 || - || - || 0x6E8958 || 0x6E8960 || 0x6E8978 || 0x6E89E8 || 0x6E8370
|-
| {{SEX}} || 0x6D6F90 || - || 0x6D70C0 || 0x6D70C0 || 0x6D75F0 || 0x6D75F0 || 0x6D75F0 || - || 0x6D75F8 || - || 0x6E7878 || 0x6E79D8 || 0x6E79D8 || 0x6E7CA0 || 0x6E7CA0 || - || 0x6E88C8 || 0x6E8970 || - || 0x6E8990 || 0x6E8A00 || 0x6E8388
|-
| {{DEX}} || 0x6E7A68 || 0x6E7A68 || 0x6E7B98 || 0x6E7B98 || 0x6E80C0 || 0x6E80C0 || - || 0x6E80C8 || - || 0x6E81C8 || - || - || - || - || 0x6F85F0 || 0x6F9200 || 0x6F9218 || 0x6F92B8 || - || 0x6F92E0 || 0x6F9350 ||
|-
|}
== disable wait for coldboot view sleep ==
<!--// thanks mysis //-->
==== CEX + SHOP + DEX + DECR ====
  set search  "\x88\x1D\x00\x06\x3C\x60\x00"
  set replace "\x38\x00\x00\x01\x3C\x60\x00"
==== GEX/Arcade ====
N/A
=== Offsets ===
{|class="wikitable" style="font-size:small; text-align: center;border:2px ridge #999999;"
|-
! vsh.elf !! 4.00 !! 4.01 !! 4.10 !! 4.11 !! 4.20 !! 4.21 !! 4.23 !! 4.25 !! 4.26 !! 4.30 !! 4.31 !! 4.40 !! 4.41 !! 4.45 !! 4.46 !! 4.50 !! 4.55 !! 4.60 !! 4.65 !! 4.66 !! 4.70 !! 4.75
|-
| {{CEX}} || 0xBEA98 || - || 0xBEA88 || 0xBEABC || 0xBF1DC || 0xBF1DC || - || 0xBF1E4 || - || 0xBF4E4 || 0xBF4E4 || 0xBF4E4 || 0xBF4E4 || 0xBF4E4 || 0xBF4E4 || - || - || 0xBF3B0 || 0xBF3B0 || 0xBF3B0 || 0xBF30C || 0xBF30C
|-
| {{SEX}} || 0xBED04 || - || 0xBECF4 || 0xBED28 || 0xBF44C || 0xBF44C || 0xBF44C || - || 0xBF454 || - || 0xBF754 || 0xBF6E8 || 0xBF6E8 || 0xBF6E8 || 0xBF6E8 || - || 0xBF5F4 || 0xBF5A4 || - || 0xBF5A4 || 0xBF500 || 0xBF500
|-
| {{DEX}} || 0xC3AA8 || 40xC3AA8 || 0xC3A98 || 0xC3ACC || 0xC41D4 || 0xC41D4 || - || 0xC41EC || - || 0xC44EC || - || - || - || - || - || 0xC43D4 || 0xC43F0 || 0xC43B0 || - || 0xC43B0 || - ||
|-
| {{DECR}} || 0xC3F58 || - || - || - || - || - || - || - || - || - || - || - || - || - || - || 0xC5110 || - || - || - || - || - ||
|-
|}
==Enforce gameboot animation==
on higher Firmwares
game_ext_plugin.sprx :
38 80 00 00 7B E3 00 20 -> 38 80 00 00 38 60 00 02 + add gameboot_multi + gameboot_stereo
if not found on newer fw try:
2F 89 00 00 7B C3 00 20 -> 2F 89 00 00 38 60 00 02 + add gameboot_multi + gameboot_stereo
==XMB icons removal==
Samples: https://www.sendspace.com/file/e822dp
*[[Rcomage]] usage notes:
**dump resources raw, without conversion (unmark all the checkboxes)
**compile using zlib header compression (mark the zlib checkbox)
===Main XMB icons removal===
Extract the contents of: '''[[xmb_plugin_normal]].rco'''
*In the .xml file that represents the .rco structure (aka [[RCOXML Coding | RCOXML]])
**Locate the tag '''XMenu''', is composed by a long list of attributes, locate the attribute '''menus="0xa"''', it defines the number of columns in main XMB (there are 10 main icons for 10 columns in [[XMB]])
***Replace the value of '''menus="0xa"''' by the number of main icons you want in XMB (this number depends of how many you are going to remove)
**Under '''XMenu''' there are several '''XMList''' elements that works as the descriptors of the 10 icons in main XMB
***Delete the '''XMList''' line/s that defines the icon/s you want to remove
Sample for 4.70 firmware ---> https://www.sendspace.com/file/0libpe
===XMB In-game icons removal===
The process is the same with the file '''[[xmb_ingame]].rco''' but this .rco contains the icon images, so for every icon removed at code is good to remove the icon image, is not needed to remove the images but this will make the final size of the .rco smaller
*Under '''ImageTree''' there are several '''Image''' elements that works as the 10 icons in main XMB
**Delete the '''Image''' line/s that defines the icon/s you want to remove
== 4.60+ patches ==
LIC.DAT patch
<pre>
ROM:00056218 loc_56218:                              # CODE XREF: sub_560A8+160j
ROM:00056218                li        r0, 1
ROM:0005621C                ld        r3, off_349198 # aDev_bdvdPs3__0 (PARAM.SFO)
ROM:00056220                addi      r4, r1, 0x4F0+var_468
ROM:00056224                lbz      r30, 0x4F0+var_480+1(r1)
ROM:00056228                stw      r0, 0x6C(r28)
ROM:0005622C                lbz      r29, 0x4F0+var_480(r1)
ROM:00056230                bl        sub_29FDAC # ----> replaced with li r3, 1 to disable the sub call for /dev_bdvd/...../LIC.DAT
</pre>
*Note : A patch to ignore LIC.DAT to prevent random freezing from launching homebrew
*Found by dean many thanks to him :)
===RIF R and S must not be 0 (4.84/4.85)===
:<b>Allow</b>: RIF's with R and S 0 filled(reactpsn patches allow invalid signature like 1 but it must be filled). Useful for HEN because its previous revisions skipped them
seg001:00252020                li        r3, 0
seg001:00252024                blr
=== Make VSH Attachable (Debug LV2)  ===
== 4.75+ patches ==
===PSP DRM fix (4.75/4.76)===
:<b>Allow</b>: unsigned PSP packages(aka type free without license) , a.k.a. '''80029537''' error fix
< 7FE307B4 EB8101E0EBA101E8 7C0803A6
> 38600000 EB8101E0EBA101E8 7C0803A6
seg001:0000000000255260 loc_255260:                            # CODE XREF: seg001:0000000000255244j
seg001:0000000000255260                                        # seg001:0000000000255250j
seg001:0000000000255260                lis      r31, -0x7FFE # '''0x80029537'''
seg001:0000000000255264                ori      r31, r31, 0x9537 # '''0x80029537'''
seg001:0000000000255268
*Note : SONY added new drm for PSP, unsigned pkgs are impossible to run without this patch.
*Thanks to habib who did awesome job on reversing :)
=== Make EVERYTHING Attachable (Debug LV2)  ===
< 40 9E FF C8 4B FF FF C8 E9 22 80 08 7C 08 02 A6
> 40 9E FF C8 4B FF FF C8 38 60 00 01 4E 80 00 20
<pre>
patches lv2::access_control_engine::is_debuggable to always return true.
</pre>
== 4.82 lv2ldr.elf Disable ECDSA Checks ==
;Part 1:
Offset | Original Hex Value:
<pre>
000022B0 | 3F E1 12 85 18 01 42 06 33 04 99 00 21 00 0F 83
</pre>
Offset | Replace Hex Value:
<pre>
000022B0 | 3F E1 12 85 18 01 42 06 40 80 00 03 21 00 0F 83
</pre>
;Part 2:
Offset | Original Hex Value:
<pre>
00002AA0 | 33 03 9C 00 21 00 33 03 04 00 28 84 3F E0 2D 05
</pre>
Offset | Replace Hex Value:
<pre>
00002AA0 | 40 80 00 03 21 00 33 03 04 00 28 84 3F E0 2D 05
</pre>
{{Custom Firmware}}
<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)