CCAPI: Difference between revisions
No edit summary |
m (→Installation) |
||
Line 80: | Line 80: | ||
== Installation == | == Installation == | ||
When | When installing, CCAPI (the ps3 application) creates a config file ('''/dev_flash/sys/internal/config.cfg''') in which some data, depending on the console, is stored. This file has a size of 240 (0xF0) bytes. | ||
*Example from fw 4.46 dex: | *Example from fw 4.46 dex: |
Revision as of 19:17, 21 June 2014
ControlConsoleAPI is an API for PS3 and PC similar to TMAPI on DEX console, But this one "CCAPI" works for CEX and DEX.
External Sources:
http://www.nextgenupdate.com/forums/ps3-cheats-customization/697273-release-ps3lib-v4-3-dex-cex.html http://www.nextgenupdate.com/forums/ps3-cheats-customization/693857-update-controlconsoleapi-2-50-ccapi-37.html http://www.nextgenupdate.com/forums/ps3-cheats-customization/697273-release-ps3lib-v4-3-dex-cex.html http://www.nextgenupdate.com/forums/ps3-cheats-customization/701574-tutorial-how-rtm-ccapi-cex-dex.html http://www.nextgenupdate.com/forums/call-duty-ghosts-mods-cheats-glitches/691170-update-cod-real-time-editor-3-6-1-1-06-ccapi.html http://psx-scene.com/forums/content/controllconsoleapi-v2-50-adds-4-53-4-55-cfw-support-4350/
Features:
- Debug non-fself & fself in real time.
vsh.self for example can be debugged in rte, or any game with non debug eboot.
- Debug kernel in real time
lv2_kernel.self and lv1.self
Classic functions:
getProcessMemory
setProcessMemory
shutdown/reboot
work with Wireless connection
bypass exec pages writing restriction
bypass lv2 memory protection
peek/poke lv1 and lv2
setConsoleID at anytime/anywhere
setConsoleLed
ringBuzzer
getTemperature
VSH module loading
notify
How to install CCAPI
Just download and run this pkg on your ps3. It will tell you to reboot, and it's done. You only need to do this once.
How to uninstall CCAPI
Just run again the pkg.
Is it risky
In the worst case, you could need to reinstall your firmware.
VSH module loading:
create a plugins directory and put all your sprx plugins into it.
/dev_usb000/plugins /dev_usb000/plugins/prx_name1.sprx /dev_usb000/plugins/prx_name2.sprx
All of the sprx that are present in this folder, will be loaded at ps3 boot.
Important:
If some games refuse to work, just don't use plugins, delete plugins folder from /dev_usb000
How to convert a tool from 2.00 to 2.50:
1) Delete any CCAPI.dll in the same folder than the software 2) Put the PS3Lib 4.3 in the same folder than the software 3) Use the installer to install CCAPI 2.50 on your PC (you may need to reboot your pc at the end) 4) Install the CCAPI 2.50 pkg on your PS3
CCAPI 2.00
Installation
When installing, CCAPI (the ps3 application) creates a config file (/dev_flash/sys/internal/config.cfg) in which some data, depending on the console, is stored. This file has a size of 240 (0xF0) bytes.
- Example from fw 4.46 dex:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00000000 04 04 60 00 D4 6F F4 09 80 00 00 00 00 36 6B D0 ..`.Ôoô.€....6kÐ 00000010 80 00 00 00 00 07 22 5C 80 00 00 00 00 08 F9 98 €....."\€.....ù˜ 00000020 80 00 00 00 00 06 68 90 80 00 00 00 00 01 00 C0 €.....h.€......À 00000030 80 00 00 00 00 29 E7 5C 80 00 00 00 00 06 6C CC €....)ç\€.....lÌ 00000040 80 00 00 00 00 01 1F C0 80 00 00 00 00 29 E8 E8 €......À€....)èè 00000050 80 00 00 00 00 00 FE A4 E9 22 AA 78 00 01 C3 38 €.....þ¤é"ªx..Ã8 00000060 80 00 00 00 00 01 1A BC 80 00 00 00 00 01 1B 34 €......¼€......4 00000070 80 00 00 00 00 08 F9 D4 80 00 00 00 00 37 CF E8 €.....ùÔ€....7Ïè 00000080 80 00 00 00 00 3F A8 B0 80 00 00 00 00 49 6F 3C €....?¨°€....Io< 00000090 80 00 00 00 00 4C 99 8C 00 00 00 00 00 00 00 00 €....?¨°€....Io< 000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000000D0 00 00 00 00 00 00 00 03 00 00 00 00 00 61 D5 E8 .............aÕè 000000E0 00 00 00 00 00 61 DB F4 00 00 00 00 00 04 41 64 .....aÛô......Ad
Usage | Offset | Size | Value | Notes | Used in |
---|---|---|---|---|---|
- | 0x00 | 0x04 | 04 04 60 00 | Firmware: 4.46 | - |
- | 0x04 | 0x04 | D4 6F F4 09 | Console type ? (DEX/CEX) | - |
- | 0x08 | 0x08 | 80 00 00 00 00 36 6B D0 | Address of the lv2 toc (stored at 0x8000000000003000 in lv2) | - |
- | 0x10 | 0x08 | 80 00 00 00 00 07 22 5C | A subroutine inside lv2 | - |
- | 0x18 | 0x08 | 80 00 00 00 00 08 F9 98 | A subroutine inside lv2 | - |
- | 0x20 | 0x08 | 80 00 00 00 00 06 68 90 | A subroutine inside lv2 | - |
- | 0x28 | 0x08 | 80 00 00 00 00 01 00 C0 | A subroutine inside lv2 | - |
- | 0x30 | 0x08 | 80 00 00 00 00 29 E7 5C | A subroutine inside lv2 | - |
- | 0x38 | 0x08 | 80 00 00 00 00 06 6C CC | A subroutine inside lv2 | - |
- | 0x40 | 0x08 | 80 00 00 00 00 01 1F C0 | A subroutine inside lv2 | - |
- | 0x48 | 0x08 | 80 00 00 00 00 29 E8 E8 | A subroutine inside lv2 | - |
- | 0x50 | 0x08 | 80 00 00 00 00 00 FE A4 | A subroutine inside lv2 | - |
- | 0x58 | 0x04 | E9 22 AA 78 | - | - |
- | 0x5C | 0x04 | 00 01 C3 38 | - | - |
- | 0x60 | 0x08 | 80 00 00 00 00 01 1A BC | A subroutine inside lv2 | - |
- | 0x68 | 0x08 | 80 00 00 00 00 01 1B 34 | A subroutine inside lv2 | - |
Allow sys_dbg syscalls | 0x70 | 0x08 | 80 00 00 00 00 08 F9 D4 | Ccapi edits the branch at that address to modify the code flow | ccapi.sprx |
Get SysTable from pc dll | 0x78 | 0x08 | 80 00 00 00 00 37 CF E8 | Address of the syscall table | ccapi.sprx |
Set ConsoleID | 0x80 | 0x08 | 80 00 00 00 00 3F A8 B0 | Address of one of the console IDs in lv2 | ccapi.sprx |
Set ConsoleID | 0x88 | 0x08 | 80 00 00 00 00 49 6F 3C | Address of one of the console IDs in lv2 | ccapi.sprx |
Set ConsoleID | 0x90 | 0x08 | 80 00 00 00 00 4C 99 8C | Address of one of the console IDs in lv2 | ccapi.sprx |
Set ConsoleID | 0x98 | 0x08 | 00 00 00 00 00 00 00 00 | Address of one of the console IDs in lv2 | ccapi.sprx |
Set ConsoleID | 0xA0 | 0x08 | 00 00 00 00 00 00 00 00 | Address of one of the console IDs in lv2 | ccapi.sprx |
Set ConsoleID | 0xA8 | 0x08 | 00 00 00 00 00 00 00 00 | Address of one of the console IDs in lv2 | ccapi.sprx |
Set ConsoleID | 0xB0 | 0x08 | 00 00 00 00 00 00 00 00 | Address of one of the console IDs in lv2 | ccapi.sprx |
Set ConsoleID | 0xB8 | 0x08 | 00 00 00 00 00 00 00 00 | Address of one of the console IDs in lv2 | ccapi.sprx |
Set ConsoleID | 0xC0 | 0x08 | 00 00 00 00 00 00 00 00 | Address of one of the console IDs in lv2 | ccapi.sprx |
Set ConsoleID | 0xC8 | 0x08 | 00 00 00 00 00 00 00 00 | Address of one of the console IDs in lv2 | ccapi.sprx |
Set ConsoleID | 0xD0 | 0x08 | 00 00 00 00 00 00 00 03 | Console ID count | ccapi.sprx |
- | 0xD8 | 0x08 | 00 00 00 00 00 61 D5 E8 | Address of sys_prx_load_module in vsh | - |
- | 0xE0 | 0x08 | 00 00 00 00 00 61 DB F4 | Address of sys_prx_start_module in vsh | - |
- | 0xE8 | 0x08 | 00 00 00 00 00 04 41 64 | - | - |
Commands
When calling a ccapi function, a packet containing a command id is sent to the ps3. The ps3 then analyzes the packet and makes a switch on the command id.
Command ID | Action | Prototype(s) |
---|---|---|
1 | SetConsoleID | int32_t SetConsoleID(uint8_t *cid) |
2 | ReadProcessMemory | int32_t ReadProcessMemory(sys_pid_t pid, uint64_t address, void *data, size_t size) |
3 | WriteProcessMemory | int32_t WriteProcessMemory(sys_pid_t pid, uint64_t address, const void *data, size_t size) |
4 | Unknown | |
5 | GetProcessInfo | int32_t GetProcessInfo(sys_pid_t pid, sys_process_info_t *info) |
6 | GetTemperature | int32_t GetTemperature(int32_t type, uint32_t *temperature) |
7 | ControlLed | int32_t ControlLed(int32_t ledColor, int32_t ledAction) |
8 | GetLv2Memory | int32_t GetLv2Memory(uint64_t address, size_t num, uint8_t *buffer) |
9 | SetLv2Memory | int32_t SetLv2Memory(uint64_t address, int32_t size, const uint8_t *data) |
10 | GetLv1Memory | int32_t GetLv1Memory(uint64_t address, size_t size, uint8_t *buffer) |
11 | SetLv1Memory | int32_t SetLv1Memory(uint64_t address, size_t size, const uint8_t *data) |
12 | GetFirmwareInfo | int32_t GetFirmware(); int32_t GetCcapiVersion(); int32_t GetConsoleType(uint64_t *type) |
13 | RingBuzzer | int32_t RingBuzzer(int32_t mode) |
14 | Unknown | |
15 | Shutdown | int32_t Shutdown(int32_t mode) |
16 | Notify | int32_t Notify(int32_t texture, const wchar_t *text) |