Patches: Difference between revisions
m (→DECR) |
m (→DEX) |
||
Line 325: | Line 325: | ||
set search "\x00\x00\x00\x02\x00\x00\x00\x01\x02\x01\x01\x01\xFF\xFF\xFF\xFF" | set search "\x00\x00\x00\x02\x00\x00\x00\x01\x02\x01\x01\x01\xFF\xFF\xFF\xFF" | ||
set replace "\x00\x00\x00\x02\x00\x00\x00\x01\x02\x00\x01\x01\xFF\xFF\xFF\xFF" | set replace "\x00\x00\x00\x02\x00\x00\x00\x01\x02\x00\x01\x01\xFF\xFF\xFF\xFF" | ||
==== DEX ==== | ==== DEX/Debug ==== | ||
set search "\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x01\x00\xFF\xFF\xFF\xFF" | set search "\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x01\x00\xFF\xFF\xFF\xFF" | ||
set replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00\xFF\xFF\xFF\xFF" | set replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00\xFF\xFF\xFF\xFF" | ||
==== DECR/Tool + ARC/GECR ==== | ==== DECR/Tool + ARC/GECR ==== | ||
nothing to patch, not set by default | nothing to patch, not set by default |
Revision as of 01:40, 30 May 2015
3.41/3.55 patches
Summary
Ego | lv1 mmap | lv2 p&p | debug pkg | pseudo-retail pkg | unsigned app | install pkgs | app_home | Notes |
---|---|---|---|---|---|---|---|---|
geohot | NO | NO | NO | YES | NO | YES | NO | installs via ps3swu patcher |
w00tangrza | YES | YES | NO | NO | NO | NO | NO | |
waninkoko v1 | YES | YES | YES | YES | YES | YES | YES | bricks all 256MB NAND SKU's |
kmeaw | YES | YES | YES | YES | NO | YES | YES | |
waninkoko v2 | YES | YES | YES | YES | YES | YES | YES | extensive lv2 patching |
f0xtr()n | YES | YES | YES | YES | NO | YES | YES | repackage of kmeaw? |
- lv1_function_114 mmap (lv1.self)
- lv2 peek (lv2_kernel.self)
- lv2 poke (lv2_kernel.self)
- debug pkg (nas_plugin.sprx)
- pseudo-retail pkg (nas_plugin.sprx)
- unsigned app (vsh.self)
- install pkgs (category_game.xml)
- app_home (category_game.xml)
nas_plugin.sprx
geohot patch
- Allow: pseudo-retail pkg installation
< 00003250 7c 06 03 78 48 04 b7 21 e8 41 00 28 7c 60 1b 78 --- > 00003250 7c 06 03 78 48 04 b7 21 e8 41 00 28 38 00 00 00
waninkoko patch - PL3
- Allow: debug pkg installs
- --allow-debug-pkg (ps3mfw command-line option)
< 00037350 41 9e 00 4c 38 00 00 00 81 22 8b 10 81 62 8b 14 --- > 00037350 41 9e 00 04 38 00 00 00 81 22 8b 10 81 62 8b 14
kakaroto patch
- Allow: debug pkg installation
- --allow-debug-pkg (ps3mfw command-line option)
< 2f 89 00 00 41 9e 00 4c 38 00 00 00 81 22 8b 10 81 62 8b 14 --- > 2f 89 00 00 60 00 00 00 38 00 00 00 81 22 8b 10 81 62 8b 14
ecdsa check patch for fw 4.50 cex
- Allow: pseudo-retail pkg installation
< 00003260 E8 41 00 28 7C 60 1B 78 F8 1F 01 80 E8 7F 01 80 --- > 00003260 E8 41 00 28 7C 60 1B 78 F8 1F 01 80 38 60 00 00
vsh.self
PL3 patch
- Allow: unsigned apps
< 030a7d0: 409d 0008 3960 0000 8122 ea60 9969 0000 --- > 030a7d0: 409d 0008 6000 0000 8122 ea60 9969 0000
31a7c8: 38 03 ff 7f addi r0,r3,-129 31a7cc: 2b a0 00 01 cmpldi cr7,r0,1 31a7d0: 40 9d 00 08 ble- cr7,0x31a7d8 - 31a7d4: 39 60 00 00 li r11,0 + 31a7d4: 60 00 00 00 nop 31a7d8: 81 22 ea 60 lwz r9,-5536(r2) 31a7dc: 99 69 00 00 stb r11,0(r9) 31a7e0: 88 09 00 00 lbz r0,0(r9)
< 05ffee0: 6063 8c06 4bff fe80 f821 ff81 7c08 02a6 --- > 05ffee0: 6063 8c06 4bff fe80 3860 0001 4e80 0020
60fedc: 3c 60 00 04 lis r3,4 60fee0: 60 63 8c 06 ori r3,r3,35846 60fee4: 4b ff fe 80 b 0x60fd64 - 60fee8: f8 21 ff 81 stdu r1,-128(r1) - 60feec: 7c 08 02 a6 mflr r0 + 60fee8: 38 60 00 01 li r3,1 + 60feec: 4e 80 00 20 blr 60fef0: 38 61 00 70 addi r3,r1,112 60fef4: f8 01 00 90 std r0,144(r1) 60fef8: 4b ff ff e1 bl 0x60fed8
reActPSN
- Allow: unsigned act.dat and *.rif files
version addr old data new data function 3.55retail 0x30b230 4b cf 5b 45 -> 38 60 00 00 // fixed allow unsigned act.dat *.rif 3.55retail 0x30ac90 48 31 b4 65 -> 38 60 00 00 // fixed act.dat missing after reboot 3.55debug 0x312308 4b ce ea 6d -> 38 60 00 00 // fixed allow unsigned act.dat *.rif 3.55debug 0x311d68 48 31 b7 d5 -> 38 60 00 00 // fixed act.dat missing after reboot 3.41retail 0x305dc4 4b cf af b1 -> 38 60 00 00 // fixed allow unsigned act.dat *.rif 3.41retail 0x305824 48 31 43 ad -> 38 60 00 00 // fixed act.dat missing after reboot 3.41debug 0x30cedc 4b cf 3e 99 -> 38 60 00 00 // fixed allow unsigned act.dat *.rif 3.41debug 0x30c93c 48 31 47 1d -> 38 60 00 00 // fixed act.dat missing after reboot 4.30debug 0x2481e4 4b db 8b 91 -> 38 60 00 00 // fixed allow unsigned act.dat *.rif 4.30debug 0x247c44 48 3d 59 61 -> 38 60 00 00 // fixed act.dat missing after reboot
(Source : http://pastebin.com/26RHud5Q)
XMB InGame ScreenShot Feature
- Allow: taking screenshots in every game (ps3,psp,minis,... - except ps2)
4.21 retail:
- Export: vshmain_981D7E9F is retrieving enabled(1)/disabled(0) Screenshot feature-flag from dword_720A4C+4
seg001:0000000000193498 seg001:0000000000193498 _Export_vshmain_981D7E9F: # DATA XREF: OPD:_Export_vshmain_981D7E9F_opd�o seg001:0000000000193498 lis r9, dword_720A4C@h seg001:000000000019349C lwz r9, dword_720A4C@l(r9) seg001:00000000001934A0 addi r9, r9, 4 seg001:00000000001934A4 lwarx r0, r0, r9 -> li r0, 1 seg001:00000000001934A8 srawi r9, r0, 0x1F seg001:00000000001934AC xor r3, r9, r0 seg001:00000000001934B0 subf r3, r3, r9 seg001:00000000001934B4 srwi r3, r3, 31 seg001:00000000001934B8 extsw r3, r3 seg001:00000000001934BC blr seg001:00000000001934BC # End of function _Export_vshmain_981D7E9F
This fix will make xmb enabling screenshot save button, but it will error out when trying. it requires another patch inside vsh.self:
sub_195084: (4.21 retail as well) ... seg001:00000000001950A0 lwz r9, dword_720A4C@l(r9) seg001:00000000001950A4 stfd f31, 0x190+var_8(r1) seg001:00000000001950A8 std r22, 0x190+var_68(r1) seg001:00000000001950AC std r23, 0x190+var_60(r1) seg001:00000000001950B0 std r24, 0x190+var_58(r1) seg001:00000000001950B4 std r25, 0x190+var_50(r1) seg001:00000000001950B8 std r26, 0x190+var_48(r1) seg001:00000000001950BC std r27, 0x190+var_40(r1) seg001:00000000001950C0 std r28, 0x190+var_38(r1) seg001:00000000001950C4 std r29, 0x190+var_30(r1) seg001:00000000001950C8 std r31, 0x190+var_20(r1) seg001:00000000001950CC addi r9, r9, 4 seg001:00000000001950D0 lwarx r0, r0, r9 -> li r0, 1 seg001:00000000001950D4 cmpwi cr7, r0, 0 seg001:00000000001950D8 li r3, -0x270D seg001:00000000001950DC beq cr7, return
vsh.elf (CEX, 4.50)
< 00184278 7C 00 48 28 --- > 00184278 38 00 00 01 < 00185EB0 7C 00 48 28 --- > 00185EB0 38 00 00 01
Thats it! Enables Screenshot-Feature working fine. Have fun, i do !
Remote Play with PlayStation 3 (Windows Software)
premo_plugin.prx
for 4.50
< 0xB7E4 38 60 00 00 li r3, 0 --- > 0xB7E4 38 60 00 01 li r3, 1
premo_game_plugin.prx
for 4.50
< 0xC9E4 38 60 00 00 li r3, 0 --- > 0xC9E4 38 60 00 01 li r3, 1
Enables playing Remote Play enabled games (via SFO) to be played via sonys official remote play pc software.
Make Remote Play SFO Flag obsolete
game_ext_plugin.prx
original bytes:
41 9e 00 1c 2f 83 00 03
patched bytes:
41 9e 00 28 2f 83 00 03
lv1.self
graf chokolo patch
- lv1_undocumented_function_114 (mmap)
< 000f5a40 39 08 05 48 39 20 00 00 38 60 00 00 4b ff fc 45 --- > 000f5a40 39 08 05 48 39 20 00 01 38 60 00 00 4b ff fc 45
2d5a38: 7f 87 e3 78 mr r7,r28 2d5a3c: e8 89 00 00 ld r4,0(r9) 2d5a40: 39 08 05 48 addi r8,r8,1352 - 2d5a44: 39 20 00 00 li r9,0 + 2d5a44: 39 20 00 01 li r9,1 2d5a48: 38 60 00 00 li r3,0 2d5a4c: 4b ff fc 45 bl 0x2d5690 2d5a50: 38 00 00 00 li r0,0
wutangrza patch
- hash fixing
< 00136bc0 00 00 00 00 00 00 00 00 72 73 78 20 64 72 69 76 |........rsx driv| --- > 00136bc0 00 00 00 00 00 00 00 00 72 73 73 20 64 72 69 76 |........rss driv|
< 00136be0 3a 20 63 6f 72 65 2f 63 6f 6e 74 65 78 74 2e 63 |: core/context.c| --- > 00136be0 3a 20 63 6f 72 65 20 63 6f 6e 74 65 78 74 2e 63 |: core context.c|
lv2_kernel.self
PL3 patch
- lv2 peek / poke
< 00029330 7c 63 07 b4 38 21 00 a0 4e 80 00 20 3c 60 80 01 --- > 00029330 7c 63 07 b4 38 21 00 a0 4e 80 00 20 e8 63 00 00
< 00029340 60 63 00 03 4e 80 00 20 3c 60 80 01 60 63 00 03 --- > 00029340 60 00 00 00 4e 80 00 20 f8 83 00 00 60 00 00 00
8000000000019330: 7c 63 07 b4 extsw r3,r3 8000000000019334: 38 21 00 a0 addi r1,r1,160 8000000000019338: 4e 80 00 20 blr -800000000001933c: 3c 60 80 01 lis r3,-32767 -8000000000019340: 60 63 00 03 ori r3,r3,3 +800000000001933c: e8 63 00 00 ld r3,0(r3) +8000000000019340: 60 00 00 00 nop 8000000000019344: 4e 80 00 20 blr -8000000000019348: 3c 60 80 01 lis r3,-32767 -800000000001934c: 60 63 00 03 ori r3,r3,3 +8000000000019348: f8 83 00 00 std r4,0(r3) +800000000001934c: 60 00 00 00 nop 8000000000019350: 4e 80 00 20 blr 8000000000019354: 3c 60 80 01 lis r3,-32767 8000000000019358: 60 63 00 03 ori r3,r3,3
wutangrza patch
- hash fixing
< 002d6e00 6f 75 6c 64 20 6e 6f 74 20 67 65 74 20 50 50 50 |ould not get PPP| --- > 002d6e00 6f 75 6c 64 20 6e 6f 74 20 6e 6f 74 20 6e 6f 74 |ould not not not| --- < 002d6e10 6f 45 20 68 65 61 64 65 72 0a 00 00 00 00 00 00 |oE header.......| --- > 002d6e10 20 6e 6f 74 20 6e 6f 74 20 6e 6f 74 20 6e 00 00 | not not not n..|
< 00359380 a0 40 36 6b 2d 8a 50 99 1e b3 0c 53 e5 9b 5d 6e --- > 00359380 5e b8 a5 00 8c f3 bc 24 08 91 19 61 e6 db 19 cb --- < 00359390 61 2c ac b8 00 00 00 00 00 00 00 00 00 00 00 00 --- > 00359390 0d ca fd 2f 00 00 00 00 00 00 00 00 00 00 00 00
4.21 patches
Summary
lv2_kernel.self
kakaroto's sigcheck patch
In memory 0x800000000005A2A8 (which corresponds to offset 0x6a2a8 in lv2_kernel.elf) replace : "e9 22 99 90 7c 08 02 a6"
with : "38 60 00 00 4e 80 00 20".
(Source: https://twitter.com/KaKaRoToKS/status/260742786972798977)
disable epilepsy message
patch to disable (not just replace), the warning screen that is show on boot since FW 4.00 and when patched, no longer delays the VSH bootprocess
seg024:00000000006E75F9 byte_6E75F9: .byte 1 # DATA XREF: sub_CAC70+314�o seg024:00000000006E75F9 # sub_CAC70+324�w ... # 1 = show health care msg, 0 = dont show
VSH.self
the message and all about it are done in Sysconf_plugin, but it is loaded with special parameter from VSH
CEX + SHOP
set search "\x00\x00\x00\x02\x00\x00\x00\x01\x02\x01\x01\x01\xFF\xFF\xFF\xFF" set replace "\x00\x00\x00\x02\x00\x00\x00\x01\x02\x00\x01\x01\xFF\xFF\xFF\xFF"
DEX/Debug
set search "\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x01\x00\xFF\xFF\xFF\xFF" set replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00\xFF\xFF\xFF\xFF"
DECR/Tool + ARC/GECR
nothing to patch, not set by default
seg025:000000000070F8B9 unk_70F8B9: .space 1
Offsets
vsh.elf | 4.00 | 4.01 | 4.10 | 4.11 | 4.20 | 4.21 | 4.23 | 4.25 | 4.26 | 4.30 | 4.31 | 4.40 | 4.41 | 4.45 | 4.46 | 4.50 | 4.55 | 4.60 | 4.65 | 4.66 | 4.70 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CEX | 0x6D7100 | - | 0x6D7230 | 0x6D7230 | 0x6E7758 | 0x6E7758 | - | 0x6E7760 | - | 0x6E7860 | 0x6E7860 | 0x6E79C0 | 0x6E79C0 | 0x6E7C88 | 0x6E7C88 | - | - | 0x6E8958 | 0x6E8960 | 0x6E8978 | 0x6E89E8 |
SHOP | 0x6D6F90 | - | 0x6D70C0 | 0x6D70C0 | 0x6D75F0 | 0x6D75F0 | 0x6D75F0 | - | 0x6D75F8 | - | 0x6E7878 | 0x6E79D8 | 0x6E79D8 | 0x6E7CA0 | 0x6E7CA0 | - | 0x6E88C8 | 0x6E8970 | - | 0x6E8990 | 0x6E8A00 |
DEX | 0x6E7A68 | 0x6E7A68 | 0x6E7B98 | 0x6E7B98 | 0x6E80C0 | 0x6E80C0 | - | 0x6E80C8 | - | 0x6E81C8 | - | - | - | - | 0x6F85F0 | 0x6F9200 | 0x6F9218 | 0x6F92B8 | - | 0x6F92E0 | 0x6F9350 |