CCAPI: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
mNo edit summary
No edit summary
Line 76: Line 76:
   4) Install the CCAPI 2.50 pkg on your PS3
   4) Install the CCAPI 2.50 pkg on your PS3


= CCAPI 2.00 =
== Installation ==
When installed, CCAPI (the ps3 application) creates a config file ('''/dev_flash/sys/internal/config.cfg''') in which some data, depending on the console, is stored. This file has a size of 240 (0xF0) bytes.
*Example from fw 4.46 dex:
'''Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F'''
'''00000000'''  <span style="background:#FBCEB1;">04 04 60 00</span> <span style="background:#1DACD6;">D4 6F F4 09</span> <span style="background:#A3C1AD;">80 00 00 00 00 36 6B D0</span>  ..`.Ôoô.€....6kÐ
'''00000010'''  <span style="background:#dd6666;">80 00 00 00 00 07 22 5C</span> <span style="background:#dd6666;">80 00 00 00 00 08 F9 98</span>  €....."\€.....ù˜
'''00000020'''  <span style="background:#dd6666;">80 00 00 00 00 06 68 90</span> <span style="background:#dd6666;">80 00 00 00 00 01 00 C0</span>  €.....h.€......À
'''00000030'''  <span style="background:#dd6666;">80 00 00 00 00 29 E7 5C</span> <span style="background:#dd6666;">80 00 00 00 00 06 6C CC</span>  €....)ç\€.....lÌ
'''00000040'''  <span style="background:#dd6666;">80 00 00 00 00 01 1F C0</span> <span style="background:#dd6666;">80 00 00 00 00 29 E8 E8</span>  €......À€....)èè
'''00000050'''  <span style="background:#dd6666;">80 00 00 00 00 00 FE A4</span> <span style="background:#936FB6;">E9 22 AA 78</span> <span style="background:#BDB76B;">00 01 C3 38</span>  €.....þ¤é"ªx..Ã8
'''00000060'''  <span style="background:#dd6666;">80 00 00 00 00 01 1A BC</span> <span style="background:#dd6666;">80 00 00 00 00 01 1B 34</span>  €......¼€......4
'''00000070'''  <span style="background:#77B5FE;">80 00 00 00 00 08 F9 D4</span> <span style="background:#00CC99;">80 00 00 00 00 37 CF E8</span>  €.....ùÔ€....7Ïè
'''00000080'''  <span style="background:#FBEC5D;">80 00 00 00 00 3F A8 B0</span> <span style="background:#FBEC5D;">80 00 00 00 00 49 6F 3C</span>  €....?¨°€....Io<
'''00000090'''  <span style="background:#FBEC5D;">80 00 00 00 00 4C 99 8C</span> <span style="background:#FBEC5D;">00 00 00 00 00 00 00 00</span>  €....?¨°€....Io<
'''000000A0'''  <span style="background:#FBEC5D;">00 00 00 00 00 00 00 00</span> <span style="background:#FBEC5D;">00 00 00 00 00 00 00 00</span>  ................
'''000000B0'''  <span style="background:#FBEC5D;">00 00 00 00 00 00 00 00</span> <span style="background:#FBEC5D;">00 00 00 00 00 00 00 00</span>  ................
'''000000C0'''  <span style="background:#FBEC5D;">00 00 00 00 00 00 00 00</span> <span style="background:#FBEC5D;">00 00 00 00 00 00 00 00</span>  ................
'''000000D0'''  <span style="background:#D4C533;">00 00 00 00 00 00 00 03</span> <span style="background:#FF8C00;">00 00 00 00 00 61 D5 E8</span>  .............aÕè
'''000000E0'''  <span style="background:#FF8C00;">00 00 00 00 00 61 DB F4</span> <span style="background:#D473D4;">00 00 00 00 00 04 41 64</span>  .....aÛô......Ad
{| class="wikitable"
|-
! Usage !! Offset !! Size !! Value !! Notes !! Used in
|-
| - || 0x00 || 0x04 || {{cellcolors|#FBCEB1}} 04 04 60 00 || Firmware: 4.46 || -
|-
| - || 0x04 || 0x04 || {{cellcolors|#1DACD6}} D4 6F F4 09 || Console type ? (DEX/CEX) || -
|-
| - || 0x08 || 0x08 || {{cellcolors|#A3C1AD}} 80 00 00 00 00 36 6B D0 || Address of the lv2 toc (stored at 0x8000000000003000 in lv2) || -
|-
| - || 0x10 || 0x08 || {{cellcolors|#dd6666}} 80 00 00 00 00 07 22 5C || A subroutine inside lv2 || -
|-
| - || 0x18 || 0x08 || {{cellcolors|#dd6666}} 80 00 00 00 00 08 F9 98 || A subroutine inside lv2 || -
|-
| - || 0x20 || 0x08 || {{cellcolors|#dd6666}} 80 00 00 00 00 06 68 90 || A subroutine inside lv2 || -
|-
| - || 0x28 || 0x08 || {{cellcolors|#dd6666}} 80 00 00 00 00 01 00 C0 || A subroutine inside lv2 || -
|-
| - || 0x30 || 0x08 || {{cellcolors|#dd6666}} 80 00 00 00 00 29 E7 5C || A subroutine inside lv2 || -
|-
| - || 0x38 || 0x08 || {{cellcolors|#dd6666}} 80 00 00 00 00 06 6C CC || A subroutine inside lv2 || -
|-
| - || 0x40 || 0x08 || {{cellcolors|#dd6666}} 80 00 00 00 00 01 1F C0 || A subroutine inside lv2 || -
|-
| - || 0x48 || 0x08 || {{cellcolors|#dd6666}} 80 00 00 00 00 29 E8 E8 || A subroutine inside lv2 || -
|-
| - || 0x50 || 0x08 || {{cellcolors|#dd6666}} 80 00 00 00 00 00 FE A4 || A subroutine inside lv2 || -
|-
| - || 0x58 || 0x04 || {{cellcolors|#936FB6}} E9 22 AA 78 || - || -
|-
| - || 0x5C || 0x04 || {{cellcolors|#BDB76B}} 00 01 C3 38 || - || -
|-
| - || 0x60 || 0x08 || {{cellcolors|#dd6666}} 80 00 00 00 00 01 1A BC || A subroutine inside lv2 || -
|-
| - || 0x68 || 0x08 || {{cellcolors|#dd6666}} 80 00 00 00 00 01 1B 34 || A subroutine inside lv2 || -
|-
| Allow sys_dbg syscalls || 0x70 || 0x08 || {{cellcolors|#77B5FE}} 80 00 00 00 00 08 F9 D4 || Ccapi edits the branch at that address to modify the code flow || ccapi.sprx
|-
| Get SysTable from pc dll || 0x78 || 0x08 || {{cellcolors|#00CC99}} 80 00 00 00 00 37 CF E8 || Address of the syscall table || ccapi.sprx
|-
| Set [[Console_ID|ConsoleID]] || 0x80 || 0x08 || {{cellcolors|#FBEC5D}} 80 00 00 00 00 3F A8 B0 || Address of one of the console IDs in lv2 || ccapi.sprx
|-
| Set [[Console_ID|ConsoleID]] || 0x88 || 0x08 || {{cellcolors|#FBEC5D}} 80 00 00 00 00 49 6F 3C || Address of one of the console IDs in lv2 || ccapi.sprx
|-
| Set [[Console_ID|ConsoleID]] || 0x90 || 0x08 || {{cellcolors|#FBEC5D}} 80 00 00 00 00 4C 99 8C || Address of one of the console IDs in lv2 || ccapi.sprx
|-
| Set [[Console_ID|ConsoleID]] || 0x98 || 0x08 || {{cellcolors|#FBEC5D}} 00 00 00 00 00 00 00 00 || Address of one of the console IDs in lv2 || ccapi.sprx
|-
| Set [[Console_ID|ConsoleID]] || 0xA0 || 0x08 || {{cellcolors|#FBEC5D}} 00 00 00 00 00 00 00 00 || Address of one of the console IDs in lv2 || ccapi.sprx
|-
| Set [[Console_ID|ConsoleID]] || 0xA8 || 0x08 || {{cellcolors|#FBEC5D}} 00 00 00 00 00 00 00 00 || Address of one of the console IDs in lv2 || ccapi.sprx
|-
| Set [[Console_ID|ConsoleID]] || 0xB0 || 0x08 || {{cellcolors|#FBEC5D}} 00 00 00 00 00 00 00 00 || Address of one of the console IDs in lv2 || ccapi.sprx
|-
| Set [[Console_ID|ConsoleID]] || 0xB8 || 0x08 || {{cellcolors|#FBEC5D}} 00 00 00 00 00 00 00 00 || Address of one of the console IDs in lv2 || ccapi.sprx
|-
| Set [[Console_ID|ConsoleID]] || 0xC0 || 0x08 || {{cellcolors|#FBEC5D}} 00 00 00 00 00 00 00 00 || Address of one of the console IDs in lv2 || ccapi.sprx
|-
| Set [[Console_ID|ConsoleID]] || 0xC8 || 0x08 || {{cellcolors|#FBEC5D}} 00 00 00 00 00 00 00 00 || Address of one of the console IDs in lv2 || ccapi.sprx
|-
| Set [[Console_ID|ConsoleID]] || 0xD0 || 0x08 || {{cellcolors|#D4C533}} 00 00 00 00 00 00 00 03 || Console ID count || ccapi.sprx
|-
| - || 0xD8 || 0x08 || {{cellcolors|#FF8C00}} 00 00 00 00 00 61 D5 E8 || Address of sys_prx_load_module in vsh || -
|-
| - || 0xE0 || 0x08 || {{cellcolors|#FF8C00}} 00 00 00 00 00 61 DB F4 || Address of sys_prx_start_module in vsh || -
|-
| - || 0xE8 || 0x08 || {{cellcolors|#D473D4}} 00 00 00 00 00 04 41 64 || - || -
|}
== Commands ==
When calling a ccapi function, a packet containing a command id is sent to the ps3. The ps3 then analyzes the packet and makes a switch on the command id.
{| class="wikitable sortable"
|-
! Command ID !! Action !! Prototype(s)
|-
| 1 || {{cellcolors|#88ff88}} SetConsoleID || int32_t SetConsoleID(uint8_t *cid)
|-
| 2 || {{cellcolors|#88ff88}} ReadProcessMemory || int32_t ReadProcessMemory(sys_pid_t pid, uint64_t address, void *data, size_t size)
|-
| 3 || {{cellcolors|#88ff88}} WriteProcessMemory || int32_t WriteProcessMemory(sys_pid_t pid, uint64_t address, const void *data, size_t size)
|-
| 4 || {{cellcolors|#ff8888}} Unknown ||
|-
| 5 || {{cellcolors|#88ff88}} GetProcessInfo || int32_t GetProcessInfo(sys_pid_t pid, sys_process_info_t *info)
|-
| 6 || {{cellcolors|#88ff88}} GetTemperature || int32_t GetTemperature(int32_t type, uint32_t *temperature)
|-
| 7 || {{cellcolors|#88ff88}} ControlLed || int32_t ControlLed(int32_t ledColor, int32_t ledAction)
|-
| 8 || {{cellcolors|#88ff88}} GetLv2Memory || int32_t GetLv2Memory(uint64_t address, size_t num, uint8_t *buffer)
|-
| 9 || {{cellcolors|#88ff88}} SetLv2Memory || int32_t SetLv2Memory(uint64_t address, int32_t size, const uint8_t *data)
|-
| 10 || {{cellcolors|#88ff88}} GetLv1Memory || int32_t GetLv1Memory(uint64_t address, size_t size, uint8_t *buffer)
|-
| 11 || {{cellcolors|#88ff88}} SetLv1Memory || int32_t SetLv1Memory(uint64_t address, size_t size, const uint8_t *data)
|-
| 12 || {{cellcolors|#88ff88}} GetFirmwareInfo || int32_t GetFirmware(); int32_t GetCcapiVersion(); int32_t GetConsoleType(uint64_t *type)
|-
| 13 || {{cellcolors|#88ff88}} RingBuzzer || int32_t RingBuzzer(int32_t mode)
|-
| 14 || {{cellcolors|#ff8888}} Unknown ||
|-
| 15 || {{cellcolors|#88ff88}} Shutdown || int32_t Shutdown(int32_t mode)
|-
| 16 || {{cellcolors|#88ff88}} Notify || int32_t Notify(int32_t texture, const wchar_t *text)
|}


{{System Firmware}}<noinclude>[[Category:Main]]</noinclude>
{{System Firmware}}<noinclude>[[Category:Main]]</noinclude>

Revision as of 19:16, 21 June 2014

ControlConsoleAPI is an API for PS3 and PC similar to TMAPI on DEX console, But this one "CCAPI" works for CEX and DEX.

External Sources:

 http://www.nextgenupdate.com/forums/ps3-cheats-customization/697273-release-ps3lib-v4-3-dex-cex.html
 http://www.nextgenupdate.com/forums/ps3-cheats-customization/693857-update-controlconsoleapi-2-50-ccapi-37.html
 http://www.nextgenupdate.com/forums/ps3-cheats-customization/697273-release-ps3lib-v4-3-dex-cex.html
 http://www.nextgenupdate.com/forums/ps3-cheats-customization/701574-tutorial-how-rtm-ccapi-cex-dex.html
 http://www.nextgenupdate.com/forums/call-duty-ghosts-mods-cheats-glitches/691170-update-cod-real-time-editor-3-6-1-1-06-ccapi.html
 http://psx-scene.com/forums/content/controllconsoleapi-v2-50-adds-4-53-4-55-cfw-support-4350/


Features:

- Debug non-fself & fself in real time.

 vsh.self for example can be debugged in rte, or any game with non debug eboot.

- Debug kernel in real time

 lv2_kernel.self and lv1.self

Classic functions:

getProcessMemory

setProcessMemory

shutdown/reboot

work with Wireless connection

bypass exec pages writing restriction

bypass lv2 memory protection

peek/poke lv1 and lv2

setConsoleID at anytime/anywhere

setConsoleLed

ringBuzzer

getTemperature

VSH module loading

notify


How to install CCAPI

 Just download and run this pkg on your ps3.
 It will tell you to reboot, and it's done. You only need to do this once.

How to uninstall CCAPI

 Just run again the pkg.

Is it risky

 In the worst case, you could need to reinstall your firmware.


VSH module loading:

create a plugins directory and put all your sprx plugins into it.

 /dev_usb000/plugins
 /dev_usb000/plugins/prx_name1.sprx
 /dev_usb000/plugins/prx_name2.sprx

All of the sprx that are present in this folder, will be loaded at ps3 boot.

Important:

 If some games refuse to work, just don't use plugins, delete plugins folder from /dev_usb000


How to convert a tool from 2.00 to 2.50:

 1) Delete any CCAPI.dll in the same folder than the software
 2) Put the PS3Lib 4.3 in the same folder than the software
 3) Use the installer to install CCAPI 2.50 on your PC (you may need to reboot your pc at the end)
 4) Install the CCAPI 2.50 pkg on your PS3

CCAPI 2.00

Installation

When installed, CCAPI (the ps3 application) creates a config file (/dev_flash/sys/internal/config.cfg) in which some data, depending on the console, is stored. This file has a size of 240 (0xF0) bytes.

  • Example from fw 4.46 dex:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000  04 04 60 00 D4 6F F4 09 80 00 00 00 00 36 6B D0  ..`.Ôoô.€....6kÐ
00000010  80 00 00 00 00 07 22 5C 80 00 00 00 00 08 F9 98  €....."\€.....ù˜
00000020  80 00 00 00 00 06 68 90 80 00 00 00 00 01 00 C0  €.....h.€......À
00000030  80 00 00 00 00 29 E7 5C 80 00 00 00 00 06 6C CC  €....)ç\€.....lÌ
00000040  80 00 00 00 00 01 1F C0 80 00 00 00 00 29 E8 E8  €......À€....)èè
00000050  80 00 00 00 00 00 FE A4 E9 22 AA 78 00 01 C3 38  €.....þ¤é"ªx..Ã8
00000060  80 00 00 00 00 01 1A BC 80 00 00 00 00 01 1B 34  €......¼€......4
00000070  80 00 00 00 00 08 F9 D4 80 00 00 00 00 37 CF E8  €.....ùÔ€....7Ïè
00000080  80 00 00 00 00 3F A8 B0 80 00 00 00 00 49 6F 3C  €....?¨°€....Io<
00000090  80 00 00 00 00 4C 99 8C 00 00 00 00 00 00 00 00  €....?¨°€....Io<
000000A0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000000B0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000000C0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000000D0  00 00 00 00 00 00 00 03 00 00 00 00 00 61 D5 E8  .............aÕè
000000E0  00 00 00 00 00 61 DB F4 00 00 00 00 00 04 41 64  .....aÛô......Ad
Usage Offset Size Value Notes Used in
- 0x00 0x04 04 04 60 00 Firmware: 4.46 -
- 0x04 0x04 D4 6F F4 09 Console type ? (DEX/CEX) -
- 0x08 0x08 80 00 00 00 00 36 6B D0 Address of the lv2 toc (stored at 0x8000000000003000 in lv2) -
- 0x10 0x08 80 00 00 00 00 07 22 5C A subroutine inside lv2 -
- 0x18 0x08 80 00 00 00 00 08 F9 98 A subroutine inside lv2 -
- 0x20 0x08 80 00 00 00 00 06 68 90 A subroutine inside lv2 -
- 0x28 0x08 80 00 00 00 00 01 00 C0 A subroutine inside lv2 -
- 0x30 0x08 80 00 00 00 00 29 E7 5C A subroutine inside lv2 -
- 0x38 0x08 80 00 00 00 00 06 6C CC A subroutine inside lv2 -
- 0x40 0x08 80 00 00 00 00 01 1F C0 A subroutine inside lv2 -
- 0x48 0x08 80 00 00 00 00 29 E8 E8 A subroutine inside lv2 -
- 0x50 0x08 80 00 00 00 00 00 FE A4 A subroutine inside lv2 -
- 0x58 0x04 E9 22 AA 78 - -
- 0x5C 0x04 00 01 C3 38 - -
- 0x60 0x08 80 00 00 00 00 01 1A BC A subroutine inside lv2 -
- 0x68 0x08 80 00 00 00 00 01 1B 34 A subroutine inside lv2 -
Allow sys_dbg syscalls 0x70 0x08 80 00 00 00 00 08 F9 D4 Ccapi edits the branch at that address to modify the code flow ccapi.sprx
Get SysTable from pc dll 0x78 0x08 80 00 00 00 00 37 CF E8 Address of the syscall table ccapi.sprx
Set ConsoleID 0x80 0x08 80 00 00 00 00 3F A8 B0 Address of one of the console IDs in lv2 ccapi.sprx
Set ConsoleID 0x88 0x08 80 00 00 00 00 49 6F 3C Address of one of the console IDs in lv2 ccapi.sprx
Set ConsoleID 0x90 0x08 80 00 00 00 00 4C 99 8C Address of one of the console IDs in lv2 ccapi.sprx
Set ConsoleID 0x98 0x08 00 00 00 00 00 00 00 00 Address of one of the console IDs in lv2 ccapi.sprx
Set ConsoleID 0xA0 0x08 00 00 00 00 00 00 00 00 Address of one of the console IDs in lv2 ccapi.sprx
Set ConsoleID 0xA8 0x08 00 00 00 00 00 00 00 00 Address of one of the console IDs in lv2 ccapi.sprx
Set ConsoleID 0xB0 0x08 00 00 00 00 00 00 00 00 Address of one of the console IDs in lv2 ccapi.sprx
Set ConsoleID 0xB8 0x08 00 00 00 00 00 00 00 00 Address of one of the console IDs in lv2 ccapi.sprx
Set ConsoleID 0xC0 0x08 00 00 00 00 00 00 00 00 Address of one of the console IDs in lv2 ccapi.sprx
Set ConsoleID 0xC8 0x08 00 00 00 00 00 00 00 00 Address of one of the console IDs in lv2 ccapi.sprx
Set ConsoleID 0xD0 0x08 00 00 00 00 00 00 00 03 Console ID count ccapi.sprx
- 0xD8 0x08 00 00 00 00 00 61 D5 E8 Address of sys_prx_load_module in vsh -
- 0xE0 0x08 00 00 00 00 00 61 DB F4 Address of sys_prx_start_module in vsh -
- 0xE8 0x08 00 00 00 00 00 04 41 64 - -

Commands

When calling a ccapi function, a packet containing a command id is sent to the ps3. The ps3 then analyzes the packet and makes a switch on the command id.

Command ID Action Prototype(s)
1 SetConsoleID int32_t SetConsoleID(uint8_t *cid)
2 ReadProcessMemory int32_t ReadProcessMemory(sys_pid_t pid, uint64_t address, void *data, size_t size)
3 WriteProcessMemory int32_t WriteProcessMemory(sys_pid_t pid, uint64_t address, const void *data, size_t size)
4 Unknown
5 GetProcessInfo int32_t GetProcessInfo(sys_pid_t pid, sys_process_info_t *info)
6 GetTemperature int32_t GetTemperature(int32_t type, uint32_t *temperature)
7 ControlLed int32_t ControlLed(int32_t ledColor, int32_t ledAction)
8 GetLv2Memory int32_t GetLv2Memory(uint64_t address, size_t num, uint8_t *buffer)
9 SetLv2Memory int32_t SetLv2Memory(uint64_t address, int32_t size, const uint8_t *data)
10 GetLv1Memory int32_t GetLv1Memory(uint64_t address, size_t size, uint8_t *buffer)
11 SetLv1Memory int32_t SetLv1Memory(uint64_t address, size_t size, const uint8_t *data)
12 GetFirmwareInfo int32_t GetFirmware(); int32_t GetCcapiVersion(); int32_t GetConsoleType(uint64_t *type)
13 RingBuzzer int32_t RingBuzzer(int32_t mode)
14 Unknown
15 Shutdown int32_t Shutdown(int32_t mode)
16 Notify int32_t Notify(int32_t texture, const wchar_t *text)