PS3Cobra Payload Reverse Engineering: Difference between revisions
Jump to navigation
Jump to search
Line 11: | Line 11: | ||
| 490E0 || || || || | | 490E0 || || || || | ||
|- | |- | ||
| | | 4ED18 || || || || | ||
|- | |- | ||
| 4ED20 || || || || | | 4ED20 || || || || |
Revision as of 04:35, 26 June 2011
The Ps3Cobra implements syscall 8 and moves syscall 0 into the payload. It does some heavy patching on Lv2 code
Lv2 Patches of Cobra Payload 1.2
offset | psgroove | cobra 1.2 | cobra 2.0 | comment |
---|---|---|---|---|
9134 | ||||
490E0 | ||||
4ED18 | ||||
4ED20 | ||||
4F0A8 | bl sub_50B44 | bl sub_500250 | ||
4FC2C | beq cr7, loc_4FC4C | nop | ||
505D0 | li %r3, 1 | b sub_5008E0 | ||
50B3C | ||||
50B48 | patched | unpatched ? | ||
572B8 | extsw %r3, %r31 | li %r3, 0 | ||
5741C | bl sub_288568 | nop | ||
1C00EC | stdu %sp, var_150(%sp) | b sub_5003A8 | ||
1C26EC | stdu %sp, var_D0(%sp) | b sub_500448 | ||
1CF8A8 | stdu %sp, var_B0(%sp) | b sub_5004C8 | ||
25EC18 | bl sub_12934 | bl sub_500960 | ||
271AF0 | stdu %sp, var_B0(%sp) | b loc_500808 | b loc_500818 | (syscall864) this is 1.2! |
273F80 | stdu %sp, var_B0(%sp) | b sub_500878 | b sub_500990 | (syscall867) YOUR CRITICAL MISTAKE WAS ONLY PUT 1.2, NOW YOU FIX IT, THANKS didn't meant to be rude, sry :) |
29245C | stdu %sp, var_100(%sp) | b sub_5005A8 | ||
292598 | ld %r11, stru_3403A0.base_addr_toc+8 | b sub_5006D8 | ||
293A18 | ld %r9, stru_3403A0.base_addr_toc+8 | b sub_500540 | ||
296550 | stdu %sp, var_D0(%sp) | b sub_500640 | (syscall606) | |
296928 | stdu %sp, var_D0(%sp) | b sub_500770 | (syscall619) | |
29BD48 | b sub_11850 | b sub_500358 | ||
2AAFC8 | b sub_50B48 | b sub_5002F0 |
feel free to append and/or revise :)