Patches: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
m (combined tabled) |
||
Line 303: | Line 303: | ||
--- | --- | ||
> 00359390 0d ca fd 2f 00 00 00 00 00 00 00 00 00 00 00 00 | > 00359390 0d ca fd 2f 00 00 00 00 00 00 00 00 00 00 00 00 | ||
</pre> | </pre> | ||
Line 410: | Line 313: | ||
with : "38 60 00 00 4e 80 00 20".<br />(Source: https://twitter.com/KaKaRoToKS/status/260742786972798977) | with : "38 60 00 00 4e 80 00 20".<br />(Source: https://twitter.com/KaKaRoToKS/status/260742786972798977) | ||
=== | == disable epilepsy message == | ||
==== | ==== CEX + SHOP ==== | ||
set search "\x00\x00\x00\x02\x00\x00\x00\x01\x02\x01\x01\x01\xFF\xFF\xFF\xFF" | |||
set replace "\x00\x00\x00\x02\x00\x00\x00\x01\x02\x00\x01\x01\xFF\xFF\xFF\xFF" | |||
==== DEX ==== | |||
set search "\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x01\x00\xFF\xFF\xFF\xFF" | |||
set replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00\xFF\xFF\xFF\xFF" | |||
==== DECR ==== | |||
nothing to patch, not set by default | |||
= | === Offsets === | ||
{|class="wikitable" style="font-size:small; text-align: center;border:2px ridge #999999;" | |||
== | |- | ||
! vsh.elf !! 4.00 !! 4.01 !! 4.10 !! 4.11 !! 4.20 !! 4.21 !! 4.23 !! 4.25 !! 4.26 !! 4.30 !! 4.31 !! 4.40 !! 4.41 !! 4.45 !! 4.46 !! 4.50 !! 4.55 !! 4.60 !! 4.65 !! 4.66 !! 4.70 | |||
|- | |||
--- | | CEX || 0x6D7100 || - || 0x6D7230 || 0x6D7230 || 0x6E7758 || 0x6E7758 || - || 0x6E7760 || - || 0x6E7860 || 0x6E7860 || 0x6E79C0 || 0x6E79C0 || 0x6E7C88 || 0x6E7C88 || - || - || 0x6E8958 || 0x6E8960 || 0x6E8978 || 0x6E89E8 | ||
|- | |||
| SHOP || 0x6D6F90 || - || 0x6D70C0 || 0x6D70C0 || 0x6D75F0 || 0x6D75F0 || 0x6D75F0 || - || 0x6D75F8 || - || 0x6E7878 || 0x6E79D8 || 0x6E79D8 || 0x6E7CA0 || 0x6E7CA0 || - || 0x6E88C8 || 0x6E8970 || - || 0x6E8990 || 0x6E8A00 | |||
|- | |||
| DEX || 0x6E7A68 || 0x6E7A68 || 0x6E7B98 || 0x6E7B98 || 0x6E80C0 || 0x6E80C0 || - || 0x6E80C8 || - || 0x6E81C8 || - || - || - || - || 0x6F85F0 || 0x6F9200 || 0x6F9218 || 0x6F92B8 || - || 0x6F92E0 || 0x6F9350 | |||
|- | |||
|} | |||
--- | |||
{{System Firmware}}<noinclude>[[Category:Main]]</noinclude> | {{System Firmware}}<noinclude>[[Category:Main]]</noinclude> |
Revision as of 01:11, 30 May 2015
3.41/3.55 patches
Summary
Ego | lv1 mmap | lv2 p&p | debug pkg | pseudo-retail pkg | unsigned app | install pkgs | app_home | Notes |
---|---|---|---|---|---|---|---|---|
geohot | NO | NO | NO | YES | NO | YES | NO | installs via ps3swu patcher |
w00tangrza | YES | YES | NO | NO | NO | NO | NO | |
waninkoko v1 | YES | YES | YES | YES | YES | YES | YES | bricks all 256MB NAND SKU's |
kmeaw | YES | YES | YES | YES | NO | YES | YES | |
waninkoko v2 | YES | YES | YES | YES | YES | YES | YES | extensive lv2 patching |
f0xtr()n | YES | YES | YES | YES | NO | YES | YES | repackage of kmeaw? |
- lv1_function_114 mmap (lv1.self)
- lv2 peek (lv2_kernel.self)
- lv2 poke (lv2_kernel.self)
- debug pkg (nas_plugin.sprx)
- pseudo-retail pkg (nas_plugin.sprx)
- unsigned app (vsh.self)
- install pkgs (category_game.xml)
- app_home (category_game.xml)
nas_plugin.sprx
geohot patch
- Allow: pseudo-retail pkg installation
< 00003250 7c 06 03 78 48 04 b7 21 e8 41 00 28 7c 60 1b 78 --- > 00003250 7c 06 03 78 48 04 b7 21 e8 41 00 28 38 00 00 00
waninkoko patch - PL3
- Allow: debug pkg installs
- --allow-debug-pkg (ps3mfw command-line option)
< 00037350 41 9e 00 4c 38 00 00 00 81 22 8b 10 81 62 8b 14 --- > 00037350 41 9e 00 04 38 00 00 00 81 22 8b 10 81 62 8b 14
kakaroto patch
- Allow: debug pkg installation
- --allow-debug-pkg (ps3mfw command-line option)
< 2f 89 00 00 41 9e 00 4c 38 00 00 00 81 22 8b 10 81 62 8b 14 --- > 2f 89 00 00 60 00 00 00 38 00 00 00 81 22 8b 10 81 62 8b 14
ecdsa check patch for fw 4.50 cex
- Allow: pseudo-retail pkg installation
< 00003260 E8 41 00 28 7C 60 1B 78 F8 1F 01 80 E8 7F 01 80 --- > 00003260 E8 41 00 28 7C 60 1B 78 F8 1F 01 80 38 60 00 00
vsh.self
PL3 patch
- Allow: unsigned apps
< 030a7d0: 409d 0008 3960 0000 8122 ea60 9969 0000 --- > 030a7d0: 409d 0008 6000 0000 8122 ea60 9969 0000
31a7c8: 38 03 ff 7f addi r0,r3,-129 31a7cc: 2b a0 00 01 cmpldi cr7,r0,1 31a7d0: 40 9d 00 08 ble- cr7,0x31a7d8 - 31a7d4: 39 60 00 00 li r11,0 + 31a7d4: 60 00 00 00 nop 31a7d8: 81 22 ea 60 lwz r9,-5536(r2) 31a7dc: 99 69 00 00 stb r11,0(r9) 31a7e0: 88 09 00 00 lbz r0,0(r9)
< 05ffee0: 6063 8c06 4bff fe80 f821 ff81 7c08 02a6 --- > 05ffee0: 6063 8c06 4bff fe80 3860 0001 4e80 0020
60fedc: 3c 60 00 04 lis r3,4 60fee0: 60 63 8c 06 ori r3,r3,35846 60fee4: 4b ff fe 80 b 0x60fd64 - 60fee8: f8 21 ff 81 stdu r1,-128(r1) - 60feec: 7c 08 02 a6 mflr r0 + 60fee8: 38 60 00 01 li r3,1 + 60feec: 4e 80 00 20 blr 60fef0: 38 61 00 70 addi r3,r1,112 60fef4: f8 01 00 90 std r0,144(r1) 60fef8: 4b ff ff e1 bl 0x60fed8
reActPSN
- Allow: unsigned act.dat and *.rif files
version addr old data new data function 3.55retail 0x30b230 4b cf 5b 45 -> 38 60 00 00 // fixed allow unsigned act.dat *.rif 3.55retail 0x30ac90 48 31 b4 65 -> 38 60 00 00 // fixed act.dat missing after reboot 3.55debug 0x312308 4b ce ea 6d -> 38 60 00 00 // fixed allow unsigned act.dat *.rif 3.55debug 0x311d68 48 31 b7 d5 -> 38 60 00 00 // fixed act.dat missing after reboot 3.41retail 0x305dc4 4b cf af b1 -> 38 60 00 00 // fixed allow unsigned act.dat *.rif 3.41retail 0x305824 48 31 43 ad -> 38 60 00 00 // fixed act.dat missing after reboot 3.41debug 0x30cedc 4b cf 3e 99 -> 38 60 00 00 // fixed allow unsigned act.dat *.rif 3.41debug 0x30c93c 48 31 47 1d -> 38 60 00 00 // fixed act.dat missing after reboot 4.30debug 0x2481e4 4b db 8b 91 -> 38 60 00 00 // fixed allow unsigned act.dat *.rif 4.30debug 0x247c44 48 3d 59 61 -> 38 60 00 00 // fixed act.dat missing after reboot
(Source : http://pastebin.com/26RHud5Q)
XMB InGame ScreenShot Feature
- Allow: taking screenshots in every game (ps3,psp,minis,... - except ps2)
4.21 retail:
- Export: vshmain_981D7E9F is retrieving enabled(1)/disabled(0) Screenshot feature-flag from dword_720A4C+4
seg001:0000000000193498 seg001:0000000000193498 _Export_vshmain_981D7E9F: # DATA XREF: OPD:_Export_vshmain_981D7E9F_opd�o seg001:0000000000193498 lis r9, dword_720A4C@h seg001:000000000019349C lwz r9, dword_720A4C@l(r9) seg001:00000000001934A0 addi r9, r9, 4 seg001:00000000001934A4 lwarx r0, r0, r9 -> li r0, 1 seg001:00000000001934A8 srawi r9, r0, 0x1F seg001:00000000001934AC xor r3, r9, r0 seg001:00000000001934B0 subf r3, r3, r9 seg001:00000000001934B4 srwi r3, r3, 31 seg001:00000000001934B8 extsw r3, r3 seg001:00000000001934BC blr seg001:00000000001934BC # End of function _Export_vshmain_981D7E9F
This fix will make xmb enabling screenshot save button, but it will error out when trying. it requires another patch inside vsh.self:
sub_195084: (4.21 retail as well) ... seg001:00000000001950A0 lwz r9, dword_720A4C@l(r9) seg001:00000000001950A4 stfd f31, 0x190+var_8(r1) seg001:00000000001950A8 std r22, 0x190+var_68(r1) seg001:00000000001950AC std r23, 0x190+var_60(r1) seg001:00000000001950B0 std r24, 0x190+var_58(r1) seg001:00000000001950B4 std r25, 0x190+var_50(r1) seg001:00000000001950B8 std r26, 0x190+var_48(r1) seg001:00000000001950BC std r27, 0x190+var_40(r1) seg001:00000000001950C0 std r28, 0x190+var_38(r1) seg001:00000000001950C4 std r29, 0x190+var_30(r1) seg001:00000000001950C8 std r31, 0x190+var_20(r1) seg001:00000000001950CC addi r9, r9, 4 seg001:00000000001950D0 lwarx r0, r0, r9 -> li r0, 1 seg001:00000000001950D4 cmpwi cr7, r0, 0 seg001:00000000001950D8 li r3, -0x270D seg001:00000000001950DC beq cr7, return
vsh.elf (CEX, 4.50)
< 00184278 7C 00 48 28 --- > 00184278 38 00 00 01 < 00185EB0 7C 00 48 28 --- > 00185EB0 38 00 00 01
Thats it! Enables Screenshot-Feature working fine. Have fun, i do !
Remote Play with PlayStation 3 (Windows Software)
premo_plugin.prx
for 4.50
< 0xB7E4 38 60 00 00 li r3, 0 --- > 0xB7E4 38 60 00 01 li r3, 1
premo_game_plugin.prx
for 4.50
< 0xC9E4 38 60 00 00 li r3, 0 --- > 0xC9E4 38 60 00 01 li r3, 1
Enables playing Remote Play enabled games (via SFO) to be played via sonys official remote play pc software.
Make Remote Play SFO Flag obsolete
game_ext_plugin.prx
original bytes:
41 9e 00 1c 2f 83 00 03
patched bytes:
41 9e 00 28 2f 83 00 03
lv1.self
graf chokolo patch
- lv1_undocumented_function_114 (mmap)
< 000f5a40 39 08 05 48 39 20 00 00 38 60 00 00 4b ff fc 45 --- > 000f5a40 39 08 05 48 39 20 00 01 38 60 00 00 4b ff fc 45
2d5a38: 7f 87 e3 78 mr r7,r28 2d5a3c: e8 89 00 00 ld r4,0(r9) 2d5a40: 39 08 05 48 addi r8,r8,1352 - 2d5a44: 39 20 00 00 li r9,0 + 2d5a44: 39 20 00 01 li r9,1 2d5a48: 38 60 00 00 li r3,0 2d5a4c: 4b ff fc 45 bl 0x2d5690 2d5a50: 38 00 00 00 li r0,0
wutangrza patch
- hash fixing
< 00136bc0 00 00 00 00 00 00 00 00 72 73 78 20 64 72 69 76 |........rsx driv| --- > 00136bc0 00 00 00 00 00 00 00 00 72 73 73 20 64 72 69 76 |........rss driv|
< 00136be0 3a 20 63 6f 72 65 2f 63 6f 6e 74 65 78 74 2e 63 |: core/context.c| --- > 00136be0 3a 20 63 6f 72 65 20 63 6f 6e 74 65 78 74 2e 63 |: core context.c|
lv2_kernel.self
PL3 patch
- lv2 peek / poke
< 00029330 7c 63 07 b4 38 21 00 a0 4e 80 00 20 3c 60 80 01 --- > 00029330 7c 63 07 b4 38 21 00 a0 4e 80 00 20 e8 63 00 00
< 00029340 60 63 00 03 4e 80 00 20 3c 60 80 01 60 63 00 03 --- > 00029340 60 00 00 00 4e 80 00 20 f8 83 00 00 60 00 00 00
8000000000019330: 7c 63 07 b4 extsw r3,r3 8000000000019334: 38 21 00 a0 addi r1,r1,160 8000000000019338: 4e 80 00 20 blr -800000000001933c: 3c 60 80 01 lis r3,-32767 -8000000000019340: 60 63 00 03 ori r3,r3,3 +800000000001933c: e8 63 00 00 ld r3,0(r3) +8000000000019340: 60 00 00 00 nop 8000000000019344: 4e 80 00 20 blr -8000000000019348: 3c 60 80 01 lis r3,-32767 -800000000001934c: 60 63 00 03 ori r3,r3,3 +8000000000019348: f8 83 00 00 std r4,0(r3) +800000000001934c: 60 00 00 00 nop 8000000000019350: 4e 80 00 20 blr 8000000000019354: 3c 60 80 01 lis r3,-32767 8000000000019358: 60 63 00 03 ori r3,r3,3
wutangrza patch
- hash fixing
< 002d6e00 6f 75 6c 64 20 6e 6f 74 20 67 65 74 20 50 50 50 |ould not get PPP| --- > 002d6e00 6f 75 6c 64 20 6e 6f 74 20 6e 6f 74 20 6e 6f 74 |ould not not not| --- < 002d6e10 6f 45 20 68 65 61 64 65 72 0a 00 00 00 00 00 00 |oE header.......| --- > 002d6e10 20 6e 6f 74 20 6e 6f 74 20 6e 6f 74 20 6e 00 00 | not not not n..|
< 00359380 a0 40 36 6b 2d 8a 50 99 1e b3 0c 53 e5 9b 5d 6e --- > 00359380 5e b8 a5 00 8c f3 bc 24 08 91 19 61 e6 db 19 cb --- < 00359390 61 2c ac b8 00 00 00 00 00 00 00 00 00 00 00 00 --- > 00359390 0d ca fd 2f 00 00 00 00 00 00 00 00 00 00 00 00
4.21 patches
Summary
lv2_kernel.self
kakaroto's sigcheck patch
In memory 0x800000000005A2A8 (which corresponds to offset 0x6a2a8 in lv2_kernel.elf) replace : "e9 22 99 90 7c 08 02 a6"
with : "38 60 00 00 4e 80 00 20".
(Source: https://twitter.com/KaKaRoToKS/status/260742786972798977)
disable epilepsy message
CEX + SHOP
set search "\x00\x00\x00\x02\x00\x00\x00\x01\x02\x01\x01\x01\xFF\xFF\xFF\xFF" set replace "\x00\x00\x00\x02\x00\x00\x00\x01\x02\x00\x01\x01\xFF\xFF\xFF\xFF"
DEX
set search "\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x01\x00\xFF\xFF\xFF\xFF" set replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00\xFF\xFF\xFF\xFF"
DECR
nothing to patch, not set by default
Offsets
vsh.elf | 4.00 | 4.01 | 4.10 | 4.11 | 4.20 | 4.21 | 4.23 | 4.25 | 4.26 | 4.30 | 4.31 | 4.40 | 4.41 | 4.45 | 4.46 | 4.50 | 4.55 | 4.60 | 4.65 | 4.66 | 4.70 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CEX | 0x6D7100 | - | 0x6D7230 | 0x6D7230 | 0x6E7758 | 0x6E7758 | - | 0x6E7760 | - | 0x6E7860 | 0x6E7860 | 0x6E79C0 | 0x6E79C0 | 0x6E7C88 | 0x6E7C88 | - | - | 0x6E8958 | 0x6E8960 | 0x6E8978 | 0x6E89E8 |
SHOP | 0x6D6F90 | - | 0x6D70C0 | 0x6D70C0 | 0x6D75F0 | 0x6D75F0 | 0x6D75F0 | - | 0x6D75F8 | - | 0x6E7878 | 0x6E79D8 | 0x6E79D8 | 0x6E7CA0 | 0x6E7CA0 | - | 0x6E88C8 | 0x6E8970 | - | 0x6E8990 | 0x6E8A00 |
DEX | 0x6E7A68 | 0x6E7A68 | 0x6E7B98 | 0x6E7B98 | 0x6E80C0 | 0x6E80C0 | - | 0x6E80C8 | - | 0x6E81C8 | - | - | - | - | 0x6F85F0 | 0x6F9200 | 0x6F9218 | 0x6F92B8 | - | 0x6F92E0 | 0x6F9350 |