Editing Patches

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 99: Line 99:
   31a7e0: 88 09 00 00 lbz    r0,0(r9)
   31a7e0: 88 09 00 00 lbz    r0,0(r9)
</pre>
</pre>
modulespatch in COBRA7
{ elf1_func2 + elf1_func2_offset, '''NOP''', &condition_true },


<pre>
<pre>
Line 108: Line 105:
> 05ffee0: 6063 8c06 4bff fe80 3860 0001 4e80 0020
> 05ffee0: 6063 8c06 4bff fe80 3860 0001 4e80 0020
</pre>
</pre>
modulespatch in COBRA7
{ elf1_func2 + elf1_func2_offset, '''NOP''', &condition_true },


<pre>
<pre>
Line 121: Line 121:
   60fef8: 4b ff ff e1 bl      0x60fed8
   60fef8: 4b ff ff e1 bl      0x60fed8
</pre>
</pre>
*Note : Commonly used in almost all 4.xx MFWs, Do '''NOT''' use this patch for '''DEX MFW''', it breaks the ability to run NPDRM fself.


  modulespatch in COBRA7  
  modulespatch in COBRA7  
Line 126: Line 128:
  { elf1_func1 + elf1_func1_offset, '''LI(R3, 1)''', &condition_true },
  { elf1_func1 + elf1_func1_offset, '''LI(R3, 1)''', &condition_true },
  { elf1_func1 + elf1_func1_offset + 4, '''BLR''', &condition_true },
  { elf1_func1 + elf1_func1_offset + 4, '''BLR''', &condition_true },
*Note : Commonly used in almost all 4.xx MFWs, Do '''NOT''' use this patch for '''DEX MFW''', it breaks the ability to run NPDRM fself.


====reActPSN====
====reActPSN====
Line 243: Line 242:


<pre>
<pre>
Part1
< 2F 80 00 00 41 9E 00 28 38 60 00 00 38 80 00 00
---
> 60 00 00 00 48 00 00 28 38 60 00 00 38 80 00 00
Part2
< 000f5a40  39 08 05 48 39 20 00 00  38 60 00 00 4b ff fc 45
< 000f5a40  39 08 05 48 39 20 00 00  38 60 00 00 4b ff fc 45
---
---
Line 264: Line 257:
   2d5a50: 38 00 00 00 li      r0,0
   2d5a50: 38 00 00 00 li      r0,0
</pre>
</pre>
*Note : Allow mapping of protected memory, needed for lv2 peek/poke
====LV1 peek/poke (Unused LV1 calls 182 & 183)====
'''Allow''' : LV1 peek/poke
<pre>
< 64 00 FF FF 60 00 FF EC F8 03 00 C0 4E 80 00 20 38 00 00 00 64 00 FF FF 60 00 FF EC F8 03 00 C0
---
> E8 83 00 18 E8 84 00 00 F8 83 00 C8 4E 80 00 20 38 00 00 00 E8 A3 00 20 E8 83 00 18 F8 A4 00 00
</pre>
====Disable System Integrity Check====
<pre>
< 48 00 E0 35 2F 83 00 00 38 60 00 01 41 9E 00 20
---
> 38 60 00 00 2F 83 00 00 38 60 00 01 41 9E 00 20
</pre>
*Note : Safe to use with mismatched COREOS/SYSCON versions or if PS3 is not QA enabled
====Skip all ACL Checks====
<pre>
< 54 63 06 3E 2F 83 00 00 41 9E 00 14 E8 01 00 70 54 00 07 FE 2F 80 00 00 40 9E 00 18
---
> 38 60 00 01 2F 83 00 00 41 9E 00 14 38 00 00 01 54 00 07 FE 2F 80 00 00 40 9E 00 18
</pre>
*Note : Needed for OtherOS++/Downgrader


====wutangrza patch====
====wutangrza patch====
Line 310: Line 272:
> 00136be0  3a 20 63 6f 72 65 20 63  6f 6e 74 65 78 74 2e 63  |: core context.c|
> 00136be0  3a 20 63 6f 72 65 20 63  6f 6e 74 65 78 74 2e 63  |: core context.c|
</pre>
</pre>


===lv2_kernel.self===
===lv2_kernel.self===
Line 374: Line 337:
==== kakaroto's sigcheck patch ====
==== kakaroto's sigcheck patch ====
In memory 0x800000000005A2A8 (which corresponds to offset 0x6a2a8 in lv2_kernel.elf) replace : "e9 22 99 90 7c 08 02 a6"
In memory 0x800000000005A2A8 (which corresponds to offset 0x6a2a8 in lv2_kernel.elf) replace : "e9 22 99 90 7c 08 02 a6"
with : "38 60 00 00 4e 80 00 20".<br />(Source: https://twitter.com/KaKaRoToKS/status/260742786972798977
with : "38 60 00 00 4e 80 00 20".<br />(Source: https://twitter.com/KaKaRoToKS/status/260742786972798977)
<br>Pastie webarchive backup: http://web.archive.org/web/20141024180714/http://pastie.org/private/3np6uj6md1occbctdeir6a)
 


== disable epilepsy message ==
== disable epilepsy message ==
Line 435: Line 398:
|}
|}


==Enforce gameboot animation==
=Enforce gameboot animation=
on higher Firmwares
on higher Firmwares
  game_ext_plugin.sprx :  
  game_ext_plugin.sprx :  
Line 443: Line 406:
  2F 89 00 00 7B C3 00 20 -> 2F 89 00 00 38 60 00 02 + add gameboot_multi + gameboot_stereo
  2F 89 00 00 7B C3 00 20 -> 2F 89 00 00 38 60 00 02 + add gameboot_multi + gameboot_stereo


==XMB icons removal==
=Main XMB icons removal=
Samples: https://www.sendspace.com/file/e822dp
 
*[[Rcomage]] usage notes:
**dump resources raw, without conversion (unmark all the checkboxes)
**compile using zlib header compression (mark the zlib checkbox)
 
===Main XMB icons removal===
Extract the contents of: '''[[xmb_plugin_normal]].rco'''
Extract the contents of: '''[[xmb_plugin_normal]].rco'''


*In the .xml file that represents the .rco structure (aka [[RCOXML Coding | RCOXML]])
*In the .xml file that represents the .rco structure (aka [[RCOXML Structure | RCOXML]])
**Locate the tag '''XMenu''', is composed by a long list of attributes, locate the attribute '''menus="0xa"''', it defines the number of columns in main XMB (there are 10 main icons for 10 columns in [[XMB]])
**Locate the tag '''XMenu''', is composed by a long list of attributes, locate the attribute '''menus="0xa"''', it defines the number of columns in main XMB (there are 10 main icons for 10 columns in [[XMB]])
***Replace the value of '''menus="0xa"''' by the number of main icons you want in XMB (this number depends of how many you are going to remove)
***Replace the value of '''menus="0xa"''' by the number of main icons you want in XMB (this number depends of how many you are going to remove)
Line 461: Line 417:
Sample for 4.70 firmware ---> https://www.sendspace.com/file/0libpe
Sample for 4.70 firmware ---> https://www.sendspace.com/file/0libpe


===XMB In-game icons removal===
*[[Rcomage]] usage notes:
The process is the same with the file '''[[xmb_ingame]].rco''' but this .rco contains the icon images, so for every icon removed at code is good to remove the icon image, is not needed to remove the images but this will make the final size of the .rco smaller
**dump resources raw, without conversion (unmark all the checkboxes)
**compile using zlib header compression (mark the zlib checkbox)


*Under '''ImageTree''' there are several '''Image''' elements that works as the 10 icons in main XMB
**Delete the '''Image''' line/s that defines the icon/s you want to remove
== 4.60+ patches ==
LIC.DAT patch


=PSP DRM fix (4.75/4.76)=
:<b>Allow</b>: unsigned PSP packages , a.k.a. '''80029537''' error fix
<pre>
<pre>
ROM:00056218 loc_56218:                              # CODE XREF: sub_560A8+160j
ROM:00056218                li        r0, 1
ROM:0005621C                ld        r3, off_349198 # aDev_bdvdPs3__0 (PARAM.SFO)
ROM:00056220                addi      r4, r1, 0x4F0+var_468
ROM:00056224                lbz      r30, 0x4F0+var_480+1(r1)
ROM:00056228                stw      r0, 0x6C(r28)
ROM:0005622C                lbz      r29, 0x4F0+var_480(r1)
ROM:00056230                bl        sub_29FDAC # ----> replaced with li r3, 1 to disable the sub call for /dev_bdvd/...../LIC.DAT
</pre>
*Note : A patch to ignore LIC.DAT to prevent random freezing from launching homebrew
*Found by dean many thanks to him :)
===RIF R and S must not be 0 (4.84/4.85)===
:<b>Allow</b>: RIF's with R and S 0 filled(reactpsn patches allow invalid signature like 1 but it must be filled). Useful for HEN because its previous revisions skipped them
seg001:00252020                li        r3, 0
seg001:00252024                blr
=== Make VSH Attachable (Debug LV2)  ===
== 4.75+ patches ==
===PSP DRM fix (4.75/4.76)===
:<b>Allow</b>: unsigned PSP packages(aka type free without license) , a.k.a. '''80029537''' error fix
  < 7FE307B4 EB8101E0EBA101E8 7C0803A6
  < 7FE307B4 EB8101E0EBA101E8 7C0803A6
  > 38600000 EB8101E0EBA101E8 7C0803A6
  > 38600000 EB8101E0EBA101E8 7C0803A6


  seg001:0000000000255260 loc_255260:                            # CODE XREF: seg001:0000000000255244j
  seg001:0000000000255260 loc_255260:                            # CODE XREF: seg001:0000000000255244j
Line 507: Line 434:
  seg001:0000000000255264                ori      r31, r31, 0x9537 # '''0x80029537'''
  seg001:0000000000255264                ori      r31, r31, 0x9537 # '''0x80029537'''
  seg001:0000000000255268
  seg001:0000000000255268


*Note : SONY added new drm for PSP, unsigned pkgs are impossible to run without this patch.
*Note : SONY added new drm for PSP, unsigned pkgs are impossible to run without this patch.
*Thanks to habib who did awesome job on reversing :)
*Thanks to habib who did awesome job on reversing :)


=== Make EVERYTHING Attachable (Debug LV2)  ===
< 40 9E FF C8 4B FF FF C8 E9 22 80 08 7C 08 02 A6
> 40 9E FF C8 4B FF FF C8 38 60 00 01 4E 80 00 20
<pre>
patches lv2::access_control_engine::is_debuggable to always return true.
</pre>
== 4.82 lv2ldr.elf Disable ECDSA Checks ==
;Part 1:
Offset | Original Hex Value:
<pre>
000022B0 | 3F E1 12 85 18 01 42 06 33 04 99 00 21 00 0F 83
</pre>
Offset | Replace Hex Value:
<pre>
000022B0 | 3F E1 12 85 18 01 42 06 40 80 00 03 21 00 0F 83
</pre>
;Part 2:
Offset | Original Hex Value:
<pre>
00002AA0 | 33 03 9C 00 21 00 33 03 04 00 28 84 3F E0 2D 05
</pre>
Offset | Replace Hex Value:
<pre>
00002AA0 | 40 80 00 03 21 00 33 03 04 00 28 84 3F E0 2D 05
</pre>
</pre>


{{Custom Firmware}}
{{System Firmware}}<noinclude>[[Category:Main]]</noinclude>
<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "http://www.psdevwiki.com/ps3/Patches"