Video: PS3 XMB Blitting POC Plugin By 3141card is Now Available


15w ago - Following up on his previous updates, PlayStation 3 developer 3141card has shared a PS3 XMB Blitting POC Plugin alongside a demo video of it in action below.

Download: blitting_xmb_test.rar / blitting_xmb_test_PIC1_PNG.rar / blitting_xmb_test_ram.rar

To quote: I found a way for blitting information on the XMB screen, it is not perfect atm and work only in main XMB, not ingame. I found some bitmap-data in main ram, and poke other RGBA values on this place.

I make a simple framebuffer, print text in him and poke him on the screen. The example have only a blue background and white text, but more complex things are possible, inclusive nice interactive GUIs.




Here is the sprx+source, it is very simple, not perfect only a quickly writen test app... I test it only on rebug 4.46, after booting hold R2 and press Start, it will only work after bootup!!! Not after leaving a Game or App.

Copy PIC1.PNG from download (blitting_xmb_test_PIC1_PNG.rar) in e.g. multiman dir. In XMB go on multiman and press select. Simple example, draw only one frame if select was pressed.

Furthermore, it is a stupid method, but if no better way arises... in principle:

IO module is running all the time the ps3 is running.
IO module awaits input from many devices, not only pad, also Kb and mouse.

The system (XMB, in Game XMB), hombrew like multiman and also in background running prx, need a struct for handle the input.

This is a ram dump from my rebug 4.46C ps3. At offset 0x10389F4 is the pad-data struct.

00 00 = DIGITAL2 (if O is pressed = 00 20, see psl1ght header files for pad to understand the flags)

The point, if you are in game and press O on your pad, to set this value in the pad-data struct of the running game to 00 20 or use a in backround running plugin to set this value with poke to 00 20 if you press a special Keyboard button, it is the same.

Analogstick (00 82 00 82 00 80 00 80) 2 Mouse is a little bit more tricky, but also possible.

If you have rebug 4.46C running, here (linked above) is a simple ram viewer prx, based on the blit into PIC1.PNG. Look at offset 0x8000000001038800 and 0x8000000001038A00 for the pad-data struct, press e.g. O and you see the altered values...

I use it only on 4.46C with Users prx loader. Work only in XMB, is not stable, only some playing for me, not a release !

  • Go in games column on the app with the special PIC1.PNG, press select to toggle the hex-viewer on/off.
  • Use R1 and L1 to go one sector up or down,
  • Hold R2 and use R1 und L1 to go 1 KB up or down,
  • Hold L2 and use R1 und L1 to go 1 MB up or down.

EDIT: fixed a stupid copy-past error in source code of prx




Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!

Comments 20 Comments - Go to Forum Thread »

Quick Reply Quick Reply

tastyratz's Avatar
#20 - tastyratz - 13w ago
I just wanted to mention that using this tool on a 64-bit windows 7 install it will not see my hdd unless I open CMD as administrator, looks like it requires elevated privileges.

For anyone running into frustrations that was the ticket for me. I am going to reach out to aldo and fill him in because his tool requires elevation and it won't stack elevation for the ps3 exe so it won't work for me.

aracard's Avatar
#19 - aracard - 16w ago
how did you copy the data with this program from the hdd? i have ylod and cannot access the ps3

majid25's Avatar
#18 - majid25 - 29w ago
I have a similar question, I have a dead ps3 on which I want to recover the hard drive contents but I did make a flash dump before it died. Can the eid root key be obtained from the dump? That's how I believe it works unless there is some other step

aldostools's Avatar
#17 - aldostools - 31w ago
can you copy savedata from a hdd of a ps3 that is dead
yes, but only if you have the eid_root_key from the dead ps3. Brenza about the write feature, here is what 3141card answered:

I can you say why I not plan to do that. I simply know not enough about filesystems. Is the de/encryption a prob? No, its the easiest part on the prog. Its easy to write a fuction for on-the-fly encryption, simply a invers of my read_device(). I have no wish to write a app was kill in worst case a many ps3-hdd's. Only because i forget to set a flag or to update a special value in superblock or cylinder. And why write such a prog? There is always a better way. Linux.

glevand has it show (on psdevwiki.com/ps3/Mounting_HDD_on_PC). It is easy to mount a ps3 hdd on linux.

He show it for a slim hdd, ok, but for a fat only the decryption is other.

For slim: cryptsetup create -c aes-xts-plain64 -d -s 256

For fat: cryptsetup create -c aes-cbc-null -d -s 192

Next is, compile the kernel for UFS write support, and mount gameOS rw.

Work perfect for me. So why a maybe risky hombrew, if i can use a brilliant OS with proper coded device driver.

Brenza's Avatar
#16 - Brenza - 31w ago
I can't decrypt mine, 3141card already knows everything

EDIT: It works erfectly, an awesome work!

Thank you very much 3141card!!!













Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News