My current goal is decrypt and descramble hdosdsys.elf (has been done) but the executable binary image is not an ELF file but an binary blob of data (headerless ELF) because the header for the KELF format is stored on the bittable, the decription format tosses that out.
Originally Posted by Bootlegninja
To make it work on for example an PAL console we need to:
Extract ELF header from the bittable data for hosdsys.elf
Unpack, disassemble and analyze the bootloader, IOP replacement image and extra data
Develop an loader that puts the system on the expected state, and embed it on a hacked KELF. From that a decrtyted/plaintext hosdsys.elf file could be used.
This process would allow for using the USA OSD on any console regardless of region as long a matching region hacked KELF is provided. Even for folks with modchip but non USA or non JP consoles this could be useful as would allow them to play with the HDD OSD.
Forgot to add that I tried the HDD on a PAL 50003 console and once I put the right hacked KELF on __system partition it booted FMCB so it's confirmed as possible.
Just pasting the file with a tool like Winhex won't work because the file is judged as valid by it's size (the size of the file affects it's header) and pasting a file on the raw partition would cause you to have a wrong sized hacked KELF.
Replacing the KELF only started to work for me when I hacked uLE to open password protected partitions. Also I had to hack it for making the PP.XXXXX named partitions.
A tool to place the OSD headers and icon is still necessary so we need to work that out.
SCPH-10000_GH-001 SCPH-15000_GH-003 SCPH-18000_GH-008 SCPH-30001_GH-005 SCPH-30000_GH-016(V4) SCPH-30001_GH-010(V4)
2xSCPH-10190, 2xSCPH-10350, 2xSCPH-10280
"**** j0 hackers!"
-Sjeep (As seen on TOXIC OS ELF...)