132w ago - Update: Chinese PlayStation 3 developer xoeo at A9VG.com has now released a working PSGroove payload to spoof PS3 Firmware version 3.15 / 3.41 to 3.50 along with some PSGroove hex codes, as follows:
Today ecosystem_mod at PSX-Scene.com (linked above) has posted about a PSGroove PL3 payload project he is working on that attempts to fake / spoof PS3 Firmware 3.41 to version 3.50 in hopes of successfully connecting to PSN.
To quote: I have made a payload that spoofs version to 3.50. It works by capturing VSH code in the moment after it decrypts index.dat.
Unluckily, it is not enough to connect to the PSN, it still refuses to connect. I have only faked the version but there are other numbers, such as release numbers.
I don't know what these numbers would be on 3.50. You can try by modifying the payload with an hexeditor and maybe someone finds the proper numbers.
Techincal info for geeks: Index.dat is the encrypted version of version.txt. After decryption, index.dat is a 20 bytes sha1 followed by 12 bytes of padding, followed by a content identical to that of version.txt.
My payload works by hooking the memcmp that the vsh performs with the sha1 to a syscall, the syscall 10, which is implemented in the payload to fill the buffer with other data.
The payload is just a PL3 default payload with that syscall 10 added and two additional patches added to memory_patch_table_1 (PATCH_INST(0x190C90, li %r11, 10) and PATCH_INST(0x190C94, sc)), and converted to the port1_config_descriptor.bin format.
Only for 3.41. Have fun.
Second version now it also fakes the auth/revision code from 45039 to 46135, which is the supossed one for 3.50. This value was also hardcoded in vsh.self, so two additional patches are done to change that string in vsh.self too. If you are gonna change auth number, remember that you must update that patch too, or you will get a beatiful red screen.
Also it now patches a syscall that gets the SDK version of a process, the patch only fakes the one for vsh. Vsh calls this function before entering the PSN.
Despite all of this, PSN still doesn't connect, but now there is a different behavior: before it told you to update and if you answered yes, you could go through the update process. Now it still tells you to update, but if you click yes, then it tells you that you are on latest version and doesn't let you to update.
I post binary and the three source files that must replace/add to the PL3 one.
Didn't want to release source because I've commited some lazyness. But anyways, here you have the only two files modified by latest, as downloaded some hours ago, PL3.
You can see the two additional patches in memory_patching.h.S. I used direct offsets instead of putting symbols in firmware_symbols.h because I was damn lazy. To complete the payload you need to put the firmware version data here (in default_payload.S):
.space 0x2D0, 0x99
Replacing the space 0x2D0, 0x99 with the data, which should be 0x2D0 size.
I was lazy again and I just pasted the proper content after compilation with an hex editor.
As for the other question, dunno if games with higher version work without sfo editing, but I think they should work. Anyways, real purpose of this is to at least allow tests to be done.
It serves the purpose of faking version. It is a matter of time to check if it leads to more things.
Update: 2.01, small bugfix (cmpwi != cmpw), still no luck with PSN.
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
Here is the one from xoeo on A9VG (http://bbs.a9vg.com/read.php?tid=1614802), for v3.15 Firmware only. This payload has the following features:
Based on the PL3 code structure, but contains implementation of Hermes for increased stability.
Allows playing of PS1/PS2 games in JB mode
Enables Life with Playstation in JB Mode
PSN Access (Different implementation from what's out there right now)
Fixed the bug of Linux menu disappearing under XMB
I compile all my own hexes now. All I ask is that when a new payload is released please inform us of 1. what it does 2. what fixes does it have 3. how is this different from the other 100 hexes currently on the front page (which is impossible to tell the difference between)
problem with this scene is too many little bratty kids running around flapping looking for mommy and daddy to hold there hand. read up, follow the news and read up some more. these devs put a lot of time into code and that's more then enough for me, i have no problem reading and learning not whining and looking for hand holding.
yes this is ridiculous! lol but its really moving fast now!
Here's the the deal that new one is a hermes mod to spoof and all but wat it gets better, xoeo has a version of PL3 thats a hybrid of hermes and PL3 and looks to be pretty much the end all be all for the payload wars. Cyberskunk and myself are currently working on getting it ported over for 3.41 and and then we are stopping all work on hermes payloads as they will be obsolete.
I will start a new thread just for the latest hermes port so people can complain or not complain about it there because it will be lost in this thread. After that we will have a brand new version of PL3 forked and no longer be called PL3 or maybe a variant there of because we do not want to confuse people with hermes, PL3, then another PL3 and have a billion questions being asked.