Editing Talk:Dev Tools
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
== | == sputnik - Cell/SPU Pipeline viewer== | ||
http://www.ps3hax.net/2011/08/sputnik-build-3-cellspu-pipeline-viewer/ | |||
* [http://dl.dropbox.com/u/334837/Sputnik.exe.zip Windows] (will also need [http://qt.nokia.com/downloads QT runtime files]) | |||
* [http://dl.dropbox.com/u/334837/Sputnik.dmg MAC OSX] | |||
== netrpc == | |||
git://gist.github.com/1041214.git <br />https://gist.github.com/1041214 | |||
== | == Objdump == | ||
If you, for whatever reason, need to disassemble non-x86 binary files, you usually look out for a disassembler. If there's nothing free available for your platform (e.g.: ARM) one of the few solutions may be buying something like IDA Pro. | |||
But wait, if you only need to "analyze" a small portion (boot-sector, single routine, ...) and someone already ported GNUs GCC and bintools to your platform, using OBJDUMP may do the trick... | |||
If "raw.bin" is your binary file, just typing | |||
<pre> objdump -d raw.bin | |||
objdump: raw.bin: File format not recognized</pre> | |||
will not work. Objdump needs a file system object or file. | |||
Just do it like this: | |||
<pre> # create an empty file | |||
touch empty.c | |||
# compile this empty file | |||
gcc -c -o empty.o empty.c | |||
/ | # add binary as a raw section | ||
/ | objcopy --add-section raw=raw.bin empty.o | ||
/ | |||
/ | # remove ".comment" section to join | ||
/ | objcopy -R .comment empty.o | ||
/ | |||
/ | # now run objdump on it | ||
/ | objdump -d empty.o</pre> | ||
/ | Source: http://askrprojects.net/software/objdump.html | ||
/ | |||
== Several handy scripts == | |||
Most of the scripts are using graf's ps3dm-utils, so make sure you have them in your /bin directory. | |||
Also make sure you are using graf's kernel (graf_chokolo kernel 2.6.39). | |||
/ | |||
===panic1.sh=== | |||
This script will panic lv1 and get you back to petitboot, without exiting to GameOS. | |||
ps3hvc_hvcall /dev/ps3hvc panic 1 | |||
===usb_dongle_auth.sh=== | |||
This script will get you into Factory/Service mode, without using dongle: | |||
echo Generating a challenge | |||
ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_challenge | |||
echo Generating a response '(0xAAAA)' | |||
ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_resp 0xAAAA | |||
echo Verifying response '(0xAAAA)' | |||
ps3dm_usb_dongle_auth /dev/ps3dmproxy verify_resp 0xAAAA | |||
echo Checking if 'Product Mode is enabled | |||
The returned value shouldn't be 0xff | |||
ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07 | |||
===dump_EID0.sh=== | |||
This script will dump your EID0. | |||
echo Dumping EID0 | |||
ps3dm_iim /dev/ps3dmproxy get_data 0x0 > EID0.bin | |||
===dump_EID4.sh=== | |||
This script will dump your EID4. | |||
echo Dumping EID4 | |||
ps3dm_iim /dev/ps3dmproxy get_data 0x4 > EID4.bin | |||
===get_EID0_size.sh=== | |||
This script will get the size of your EID0. | |||
echo EID0 size: | |||
ps3dm_iim /dev/ps3dmproxy get_data_size 0x0 | |||
===get_EID4_size.sh=== | |||
This script will get the size of your EID4. | |||
echo EID4 size: | |||
ps3dm_iim /dev/ps3dmproxy get_data_size 0x4 | |||
===get_metldr_size.sh=== | |||
This script will get the size of metldr. | |||
echo metldr size: | |||
ps3dm_iim /dev/ps3dmproxy get_data_size 0x1000 | |||
===nor_dump.sh=== | |||
echo Dumping nor | |||
dd if=/dev/ps3nflasha of=nor.bin | |||
===dump_ram.sh=== | |||
This script will dump your ram. | |||
echo Dumping ram | |||
dd if=/dev/ps3ram of=ps3ram.bin | |||
===dump_vram.sh=== | |||
This script will dump your vram. | |||
echo Dumping vram | |||
dd if=/dev/ps3vram of=ps3vram.bin | |||
== Payloader3 == | |||
* http://git.dashhacks.com/payloader3/payloader3/trees/master (down) | |||
* 2011-06-22 backup: http://gotbrew.org/payloader3.tar.gz / [http://www.multiupload.com/DM8KLHX2SS payloader3.tar.gz (55.55 MB)] | |||
* Up including last commit before dashhacks went down : [http://www.multiupload.com/ZZ0X312CDM payloader3.tar.bz2 (45.49 MB)] (full git backup, also includes : [http://www.multiupload.com/EVO0GPP4DB payloader3-src-only.rar (2.08 MB)]) | |||
===Howto=== | |||
# Set firmware version in Makefile | |||
# Compile with "./build.sh" | |||
# Copy pkg file to usb stick | |||
# Install pkg on PS3 | |||
===Precompiles=== | |||
* [http://www.multiupload.com/MB7NE5AJYC payloader3-315.pkg (3.53 MB)] | |||
* [http://www.multiupload.com/JKKZG58NOR payloader3-341.pkg (3.53 MB)] | |||
===Notes=== | |||
# Loading ps3load after the payload will execute the appropriate ps3load.self, after your self exits you will be returned to the XMB. | |||
# Loading 'ethdebug' will load ArielX's Kammy self, after it executes you will be returned to the XMB. | |||
# Loading 'ethdebug/ps3load' will load ethdebug, then ps3load. | |||
=== ps3load 3.55 make_self fixed === | |||
* older versions of ps3load would '''not''' work on 3.50/3.55 (¨sysProcessExitSpawn2¨ won't work proper), and you had to use 3.41 instead. This is no longer an issue with the recent version ps3load which fixed the (make_self) issue for 3.55 | |||
** standalone precompiled version to try: [http://www.multiupload.com/J44BIRSPLB PS3LOAD.gnpdrm.pkg (580.47 KB)] | |||
==== Using ps3load ==== | |||
# make your app, produce at least an ELF | |||
# sprxlinker yourapp.elf (this should be done for you if you use any of the samples) | |||
# make_self yourapp.elf yourapp.self | |||
# load ps3load on the PS3 | |||
# define the PS3LOAD environment variable in your favorite shell with tcp:ip_addr (where ip_addr is your the ip address of your PS3) | |||
# ps3load yourapp.self | |||
== lv2-v9.pkg == | |||
* [http://www.multiupload.com/WEVBQ1WAA0 lv2v9.pkg (111.33 KB)] | |||
* [http://www.multiupload.com/QBRZMCJ86V lv2-v9-pkg-content.rar (105.52 KB)] | |||
=== patch1 === | |||
# PL3 3.55 | |||
# Patches marked with (*1) seem to be unstable. Thanks to drizztbsd and | |||
# RandomUse. | |||
# PL3: | |||
ef48: payload.bin | |||
# Segment 0: | |||
### 24e44: 38600000 # patch_func6 *1 | |||
55dc4: 38600000 # lv2open: patch_func8_offset1 | |||
55f28: 60000000 # lv2open: patch_func8_offset2 | |||
### 79d80: 3880000090830000 # patch_func4 + patch_func4_offset *1 | |||
### 79d88: 4E800020 # cont'd *1 | |||
### 7af7c: 60000000 # patch_func9_offset *1 | |||
### c1dd0: 38600000 # patch_func7 *1 | |||
2b3298: 4BD5C050 # hook_open (patch_func3 + patch_func3_offset) | |||
# Segment 1: | |||
346688: 800000000000f2dc # syscall_map_open_desc | |||
# Spoof | |||
# *f3b8: version.bin | |||
# 2e8218: 800000000000f378 # syscall_versiontest | |||
# 2e82f0: 800000000000f3c0 # syscall_process_sdkversion | |||
# 16ad74: 3960000a44000002 # sha1 test | |||
# f3e4: find 3437353136000000 | |||
# *fe34: 3436313335000000 | |||
=== patch2 === | |||
# Waninkoko V2 | |||
# 3270: e8821030e87c0020 # load unsigned ELFs | |||
# 3278: f8640000 | |||
# e7f0: 48000c50 # Some jump | |||
ef48: payload2.bin | |||
19360: 7c001fac4c00012c | |||
1936c: 7c0018ac7c0004ac | |||
24e44: 4bfea5c5 # patch_func6 | |||
55dc4: 38600000 # patch_func8_offset1 | |||
55f28: 60000000 # patch_func8_offset2 | |||
79d80: 38800000908300004e800020 # patch_func4 + patch_func4_offset *1 | |||
7af7c: 60000000 # patch_func9_offset | |||
c1dd0: 4bf4d639 # patch_func7 | |||
2b3298: 4bd5bf40 # hook_open | |||
3465b0: 80000000002e81e8 # sc8 | |||
346688: 8000000000324968 # sc35 | |||
=== patch3 === | |||
# Syscall36 | |||
# by 2 anonymous people | |||
55f14: 60000000 | |||
55f1c: 48000098 | |||
7af68: 60000000 | |||
7af7c: 60000000 | |||
2be4a0: payload3.bin | |||
2b3274: 4800b32c2ba30420 # add a jump to payload2_start | |||
55EA0: 63FF003D60000000 # fix 8001003D error | |||
55F64: 3FE080013BE00000 # fix 8001003E error | |||
346690: 80000000002be570 # syscall_map_open_desc |