PS3Cobra Payload Reverse Engineering

The Ps3Cobra implements syscall 8 and moves syscall 0 into the payload. It does some heavy patching on Lv2 code

Lv2 Patches of Cobra Payload 1.2

offset	psgroove	cobra 1.2	comment
4F0A8	bl sub_50B44	bl sub_500250
4FC2C	beq cr7, loc_4FC4C	nop
505D0	li %r3, 1	b sub_5008E0
50B48	patched	unpatched ?
572B8	extsw %r3, %r31	li %r3, 0
5741C	bl sub_288568	nop
1C00EC	stdu %sp, var_150(%sp)	b sub_5003A8
1C26EC	stdu %sp, var_D0(%sp)	b sub_500448
1CF8A8	stdu %sp, var_B0(%sp)	b sub_5004C8
25EC18	bl sub_12934	bl sub_500960
271AF0	stdu %sp, var_B0(%sp)	b loc_500808	(syscall864) ~~Again, wrong here, loc_500808 is a bad jump.~~ this is 1.2!
273F80	stdu %sp, var_B0(%sp)	b sub_500878	(syscall867, ~~you have a critical mistake, sub_500878 IS WRONG, :), if you jump here you crash your lv2~~)
29245C	stdu %sp, var_100(%sp)	b sub_5005A8
292598	ld %r11, stru_3403A0.base_addr_toc+8	b sub_5006D8
293A18	ld %r9, stru_3403A0.base_addr_toc+8	b sub_500540
296550	stdu %sp, var_D0(%sp)	b sub_500640	(syscall606)
296928	stdu %sp, var_D0(%sp)	b sub_500770	(syscall619)
29BD48	b sub_11850	b sub_500358
2AAFC8	b sub_50B48	b sub_5002F0

feel free to append and/or revise :)