PS3Cobra Payload Reverse Engineering: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
Line 11: Line 11:
| 490E0 || || || ||
| 490E0 || || || ||
|-
|-
| 4ED19 || || || ||
| 4ED18 || || || ||
|-
|-
| 4ED20 || || || ||
| 4ED20 || || || ||

Revision as of 04:35, 26 June 2011

The Ps3Cobra implements syscall 8 and moves syscall 0 into the payload. It does some heavy patching on Lv2 code

Lv2 Patches of Cobra Payload 1.2

offset psgroove cobra 1.2 cobra 2.0 comment
9134
490E0
4ED18
4ED20
4F0A8 bl sub_50B44 bl sub_500250
4FC2C beq cr7, loc_4FC4C nop
505D0 li %r3, 1 b sub_5008E0
50B3C
50B48 patched unpatched ?
572B8 extsw %r3, %r31 li %r3, 0
5741C bl sub_288568 nop
1C00EC stdu %sp, var_150(%sp) b sub_5003A8
1C26EC stdu %sp, var_D0(%sp) b sub_500448
1CF8A8 stdu %sp, var_B0(%sp) b sub_5004C8
25EC18 bl sub_12934 bl sub_500960
271AF0 stdu %sp, var_B0(%sp) b loc_500808 b loc_500818 (syscall864) Again, wrong here, loc_500808 is a bad jump.
this is 1.2!
273F80 stdu %sp, var_B0(%sp) b sub_500878 b sub_500990 (syscall867)you have a critical mistake, sub_500878 IS WRONG, :), if you jump here you crash your lv2
YOUR CRITICAL MISTAKE WAS ONLY PUT 1.2, NOW YOU FIX IT, THANKS
didn't meant to be rude, sry :)
29245C stdu %sp, var_100(%sp) b sub_5005A8
292598 ld %r11, stru_3403A0.base_addr_toc+8 b sub_5006D8
293A18 ld %r9, stru_3403A0.base_addr_toc+8 b sub_500540
296550 stdu %sp, var_D0(%sp) b sub_500640 (syscall606)
296928 stdu %sp, var_D0(%sp) b sub_500770 (syscall619)
29BD48 b sub_11850 b sub_500358
2AAFC8 b sub_50B48 b sub_5002F0


feel free to append and/or revise :)