Page 69 of 87 FirstFirst ... 1959676869707179 ... LastLast
Results 681 to 690 of 861



  1. #681
    Senior Member cfwprophet's Avatar
    Join Date
    Jul 2008
    Posts
    1,815
    Cause it seems most guys are not interested in. For sure it's not a every one can do it task but a few of the devs in ps3 scene should be able to do that. We try our best to deliver a free version for every one.

  2. #682
    Senior Member dyceast's Avatar
    Join Date
    Oct 2006
    Posts
    308
    Props to the guys working on this...

  3. #683
    Banned User CS67700's Avatar
    Join Date
    Oct 2011
    Posts
    84
    The lack of interest from talented hackers for this scene is blatant. No one to do the job, only speculations and theory but no actions.

    Lets pray for a better tomorrow.

  4. #684
    Senior Member Transient's Avatar
    Join Date
    Apr 2007
    Posts
    334
    I think many devs have a working solution already, just nobody wants to become the next geohot.

  5. #685
    Member SanctumSlayer's Avatar
    Join Date
    Jan 2012
    Posts
    79
    Good luck to you guys!

    May the scene be with you.

  6. #686
    Senior Member Nabnab's Avatar
    Join Date
    Dec 2011
    Posts
    157
    Partial example code of TB2
    Code:
    .byte 9, 2, 0x12, 0, 1, 0, 0, 0x80, 0xFA, 9, 4, 0, 0, 0, 0xFE, 1, 2, 0, 0, 0, 0, 0, 0, 0, 0xFA, 0xCE, 0xB0, 3, 0xAA, 0xBB, 0xCC, 0xDD
    
    -------------------------------------------------------------
    mflr %r0
    bl %loc_ (Load Patch Fly)
    
    -> (Patch fly) -> 7F0028
    
    mflr %r4, 
    addi %r4, %r4, -8
    li %r3, 1
    sldi %r3, %r3, 63
    oris %r4, %r3, 0x7F
    mr  %r5, %r5
    oris %r6, %r3, 0x7F
    ori %r6, r6, 0xEE0
    
    -> (Patch fly) -> 7F0048
    
    ld %r8, 0 (%r4)
    std %r8, 0 (%r5)
    ld %r8, 8 (%r4)
    std %r8, 8 (%r5)
    ld %r8, 0x10 (%r4)
    This is a partial code of what the dongle doing

    Also most of the payload mod in 0x82 (0x82 represent debugging station) don't compare this mode level to the debugger mode, it's different

    debugger mode => 0xA0
    0x8x = Different retail PS3 (US/ASIA/EU)
    0x81 = Tool

    Somebody said the SDK it's useless.. actually no... the SDK can reboot your PS3 into different mode (release/debugger/system software) and allow you to configure your system boot and what you want to patch, etc...

    TB2/Cobra follow exactly what's going on in the SDK... you can reset/patch lv1-lv2...

    TB2/Cobra use a LV1 wrapper like i said that allow to acces in kernel mode-> lv2/lv2kernel

    Everythings you see is Syscall/patch on the fly (represented by subroutine and loc)

    I'm gonna repeat but you can port the stuff from TB2/Cobra -> CFW but apparently no one was think about doing that... but the source of lv2 patcher v9 can help you (thanks to kmeaw) difficult to find, the good think about the lv2 patcher, it give you the possibility to make patch and payload that can load under lv2 patcher -> to patch your lv2

    All the stuff about Cobra/TB2 is related to LV2kernel (the most important is that, the LV2Kernel that give you most of the possibility) -> that allow to give also a strong access to the Cell execution in rw mode

    I never talk about 0A -> represent a error, i was talking all the times about A0, this is completely different

    I still working on it because apparently no one want to help, anyway let's continue, sorry i do my best dude
    Last edited by Nabnab; 02-01-2012 at 05:35 AM

  7. #687
    Junior Member mellss's Avatar
    Join Date
    Oct 2011
    Posts
    19
    hooking syscall GetParamVersion does not allow you to run fself

    he isn't right because patch GetParamVersion syscall just allow you to spoof ps3 version. Of course, spoofing version doesn't disable some check.

    He said a lot of assumption but can not get them checked because it lacks the technical means.

  8. #688
    Senior Member Nabnab's Avatar
    Join Date
    Dec 2011
    Posts
    157
    Excuse me but this have nothing to do with GetParamVersion... i don't know where you want to go exactly.

    if you talk about the partial code, it's just a example, try to read what i said before have a fail conclusion.

  9. #689
    Junior Member mellss's Avatar
    Join Date
    Oct 2011
    Posts
    19
    more precisely GetModelandSubmodel for your guidance. it seems that you do not know what you're talking about and you do a simple copy and paste from http://pastebin.com/3VG76HQs.
    Attached Files Attached Files

  10. #690
    Senior Member Blade86's Avatar
    Join Date
    Dec 2010
    Posts
    210
    1) Hey, couldnt we make a program that converts retail-eboot to debug-eboot by cutting off the npdrm-header (and put in a elf header?) ?

    2) after loading a dex-lv2-kernel.self with mmCM-dex-mod do we still need to patch the IDPS to 0A or could we do it on-fly-by with amodified lv2-patcher v9?

    What else do we need to run those npdrm-less eboots?

    Thanks a lot

    Cheers
    Blade

 


 
Page 69 of 87 FirstFirst ... 1959676869707179 ... LastLast