To quote from Dukio.com (linked above): Well, I think it's going to be a good framework for any new enthusiastic developer who wish to start in the ever growing PS3 Jailbreak scene. Below are the changelog for the recent refactoring work that has been done by him to his PL3 git.
WIP: rename macros.h.S to pl3.h.S and make it do a lot more stuff
Make send_eth compatible with FUNC_PTR and add a _res variant
Add proper ifndef/define/endif to all .h.S files
Port all payloads to the new pl3.h.S framework
Factor out the code to hook the hvsc instructions into its own file
fix the stupid prolog/epilog mixup
Fix the payload_dump_elfs using the new refactored system
Add a missing syscall to the list of syscalls
Removing undocumented functions from the list of known functions
Add missing function name to syscall_names.idh
Make memory_patching position independent and use the new macros
Add memory patching function to the vuart tracer payload
Merge branch 'master' into playground Conflicts: payload_no_unauth_syscall.S
Make the dev payload redirect all lv2_printf to eth.. should help devs see crash reports
Remove unused instruction
Tweets by KaKaRoToKS himself: How do PL3 payloads look now? Easier to read/maintain? icon smile Yet Another Improved Version Of PL3 Payload http://bit.ly/gpUxgZ
* default_payload.S -- PS3 Jailbreak payload
* Copyright (C) Youness Alaoui (KaKaRoTo)
* Copyright (C) Aaron Lindsay (Aaron')
* Copyright (C) (subdub)
* This software is distributed under the terms of the GNU General Public
* License ("GPL") version 3, as published by the Free Software Foundation.
* This payload is a modified version of the original PSJailbreak's payload.
* The people behing PSJailbrak are the original authors and copyright holders
* of the code they wrote.
/* pl3.h.S must always be included first!!! */
// Include patch_table after all other includes so it picks up on what
// patches to include in the table depending on what was included
* This is the entry point to the payload, it gets branched to form the injected
* shellcode in the JIG response.
* This is the main function of the exploit, its code is position
* indedependent. It copies the actual payload to a safe-from-overwrite memory,
* while it overwrites an existing function from the kernel.
* It will also add necessary syscalls and patch some areas of the kernel before
* returning the control back to it
stdu %r1, -0xa0(%r1)
std %r30, 0x90(%r1)
std %r31, 0x98(%r1)
std %r0, 0xb0(%r1)
MEM_BASE (%r30) // Load 0x8000000000000000 in %r30
// Allocate memory and copy PIC functions to it
// Add system calls
ADD_SYSCALL (%r30, syscall_map_open_desc, 35)
// Add default /app_home redirection
addi %r3, %r31, ADDR_IN_PAGE(path_app_home)
addi %r4, %r31, ADDR_IN_PAGE(path_usb_default_app_home)
ld %r30, 0x90(%r1)
ld %r31, 0x98(%r1)
ld %r0, 0xb0(%r1)
addi %r1, %r1, 0xa0
payload_dev now prints lv2 debug to eth. So if your homebrew app (or your payload) crashes, you can get a crash report with backtrace..
Use ./tools/dump_syscall file.pcap > /dev/null to see the debug/crash report
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!