01-30-2012 #681Banned User
- Join Date
- Jul 2008
Cause it seems most guys are not interested in. For sure it's not a every one can do it task but a few of the devs in ps3 scene should be able to do that. We try our best to deliver a free version for every one.
Props to the guys working on this...
The lack of interest from talented hackers for this scene is blatant. No one to do the job, only speculations and theory but no actions.
Lets pray for a better tomorrow.
I think many devs have a working solution already, just nobody wants to become the next geohot.
Good luck to you guys!
May the scene be with you.
Partial example code of TB2
[Register or Login to view code]
This is a partial code of what the dongle doing
Also most of the payload mod in 0x82 (0x82 represent debugging station) don't compare this mode level to the debugger mode, it's different
debugger mode => 0xA0
0x8x = Different retail PS3 (US/ASIA/EU)
0x81 = Tool
Somebody said the SDK it's useless.. actually no... the SDK can reboot your PS3 into different mode (release/debugger/system software) and allow you to configure your system boot and what you want to patch, etc...
TB2/Cobra follow exactly what's going on in the SDK... you can reset/patch lv1-lv2...
TB2/Cobra use a LV1 wrapper like i said that allow to acces in kernel mode-> lv2/lv2kernel
Everythings you see is Syscall/patch on the fly (represented by subroutine and loc)
I'm gonna repeat but you can port the stuff from TB2/Cobra -> CFW but apparently no one was think about doing that... but the source of lv2 patcher v9 can help you (thanks to kmeaw) difficult to find, the good think about the lv2 patcher, it give you the possibility to make patch and payload that can load under lv2 patcher -> to patch your lv2
All the stuff about Cobra/TB2 is related to LV2kernel (the most important is that, the LV2Kernel that give you most of the possibility) -> that allow to give also a strong access to the Cell execution in rw mode
I never talk about 0A -> represent a error, i was talking all the times about A0, this is completely different
I still working on it because apparently no one want to help, anyway let's continue, sorry i do my best dude
hooking syscall GetParamVersion does not allow you to run fself
he isn't right because patch GetParamVersion syscall just allow you to spoof ps3 version. Of course, spoofing version doesn't disable some check.
He said a lot of assumption but can not get them checked because it lacks the technical means.
Excuse me but this have nothing to do with GetParamVersion... i don't know where you want to go exactly.
if you talk about the partial code, it's just a example, try to read what i said before have a fail conclusion.
1) Hey, couldnt we make a program that converts retail-eboot to debug-eboot by cutting off the npdrm-header (and put in a elf header?) ?
2) after loading a dex-lv2-kernel.self with mmCM-dex-mod do we still need to patch the IDPS to 0A or could we do it on-fly-by with amodified lv2-patcher v9?
What else do we need to run those npdrm-less eboots?
Thanks a lot