130w ago -
KaKaRoTo has added PS3 LV2 Debugging via Ethernet to PSGroove PL3 this weekend for PS3 JailBreak users and developers.
Download:
PS3 LV2 Ethernet Debugging PSGroove PL3 /
ASC KaKaRoTo PL3 MultiPayload and LV2Dump BIN Files /
PS3 LV2 Ethernet Debugging PSGroove PL3 Hex Codes /
All Latest Payload - All Board All Firmware CE-X Hermes PL3
To quote from Dukio.com (linked above): Well, I think it's going to be a good framework for any new enthusiastic developer who wish to start in the ever growing PS3 Jailbreak scene. Below are the changelog for the recent refactoring work that has been done by him to his PL3 git.
- WIP: rename macros.h.S to pl3.h.S and make it do a lot more stuff
- Make send_eth compatible with FUNC_PTR and add a _res variant
- Add proper ifndef/define/endif to all .h.S files
- Port all payloads to the new pl3.h.S framework
- Factor out the code to hook the hvsc instructions into its own file
- fix the stupid prolog/epilog mixup
- Fix the payload_dump_elfs using the new refactored system
- Micro optimization
- Add a missing syscall to the list of syscalls
- Removing undocumented functions from the list of known functions
- Add missing function name to syscall_names.idh
- Make memory_patching position independent and use the new macros
- Add memory patching function to the vuart tracer payload
- Merge branch 'master' into playground Conflicts: payload_no_unauth_syscall.S
- Make the dev payload redirect all lv2_printf to eth.. should help devs see crash reports
- Remove unused instruction
Tweets by
KaKaRoToKS himself: How do PL3 payloads look now? Easier to read/maintain? icon smile Yet Another Improved Version Of PL3 Payload http://bit.ly/gpUxgZ
/*
* default_payload.S -- PS3 Jailbreak payload
*
* Copyright (C) Youness Alaoui (KaKaRoTo)
* Copyright (C) Aaron Lindsay (Aaron')
* Copyright (C) (subdub)
*
* This software is distributed under the terms of the GNU General Public
* License ("GPL") version 3, as published by the Free Software Foundation.
*
* This payload is a modified version of the original PSJailbreak's payload.
* The people behing PSJailbrak are the original authors and copyright holders
* of the code they wrote.
*/
/* pl3.h.S must always be included first!!! */
#include "pl3.h.S"
#include "map_open_path.h.S"
#include "memory_patching.h.S"
RESIDENT_AREA_START()
#include "open_hook.h.S"
#include "memory_patching_res.h.S"
RESIDENT_AREA_END()
// Include patch_table after all other includes so it picks up on what
// patches to include in the table depending on what was included
#include "patch_table.h.S"
/**
* payload_main:
*
* This is the entry point to the payload, it gets branched to form the injected
* shellcode in the JIG response.
* This is the main function of the exploit, its code is position
* indedependent. It copies the actual payload to a safe-from-overwrite memory,
* while it overwrites an existing function from the kernel.
* It will also add necessary syscalls and patch some areas of the kernel before
* returning the control back to it
*
*/
payload_main:
// prolog
mflr %r0
stdu %r1, -0xa0(%r1)
std %r30, 0x90(%r1)
std %r31, 0x98(%r1)
std %r0, 0xb0(%r1)
GET_CURRENT_PAGE(%r3, %r31)
MEM_BASE (%r30) // Load 0x8000000000000000 in %r30
COPY_RESIDENT_AREA(%r30, %r31)
// Allocate memory and copy PIC functions to it
LOAD_FUNC_PTR(memory_patching)
LOAD_FUNC_PTR(map_open_path)
// Add system calls
ADD_SYSCALL (%r30, syscall_map_open_desc, 35)
// Add default /app_home redirection
addi %r3, %r31, ADDR_IN_PAGE(path_app_home)
addi %r4, %r31, ADDR_IN_PAGE(path_usb_default_app_home)
bl map_open_path
APPLY_PATCHES(%r30, %r31)
// epilog
ld %r30, 0x90(%r1)
ld %r31, 0x98(%r1)
ld %r0, 0xb0(%r1)
addi %r1, %r1, 0xa0
mtlr %r0
blr
path_app_home:
.string "/app_home"
path_usb_default_app_home:
.string "/dev_usb000/PS3/HOMEBREW/APP_HOME"
payload_dev now prints lv2 debug to eth. So if your homebrew app (or your payload) crashes, you can get a crash report with backtrace..
Use ./tools/dump_syscall file.pcap > /dev/null to see the debug/crash report
If you have the File in question splitted. Put it all in one folder and name that folder whatever you want.
Use mmOS Filemanager and copy the Folder ...
Oh yes my bad TI-84
I think it has to do with the descriptor header for the TI-84, not sure what's causing all these problems...