New way of booting FMCB for people with SONY HDD

[shimok]

That achievement is incredible and worthy of your 1000th post.

[Bootlegninja]

this could almost be called Free HD Boot.

[shimok]

this could almost be called Free HD Boot.

I'm pretty sure there is actually a thread with that name buried in this forum. I think TnA started it almost 2 years ago shortly after the first release of FMCB. However, it stopped before it really went anywhere.

Edit: It looks like a user by the name of DaRKcLoUD-X had actually dug into the process a bit, but one of the things that held him back was the inability to create a PP partition vs. the standard + partition.

[E P]

Pretty impressive find l_oliveira. Hope this sparks further interest.

[Bootlegninja]

A full scale installer is possible using FMCB sources. would take some HDD modules and some tweaking on it's install parameters, but very promising.

[l_oliveira]

A full scale installer is possible using FMCB sources. would take some HDD modules and some tweaking on it's install parameters, but very promising.

My current goal is decrypt and descramble hdosdsys.elf (has been done) but the executable binary image is not an ELF file but an binary blob of data (headerless ELF) because the header for the KELF format is stored on the bittable, the decription format tosses that out.
To make it work on for example an PAL console we need to:

Extract ELF header from the bittable data for hosdsys.elf

Unpack, disassemble and analyze the bootloader, IOP replacement image and extra data

Develop an loader that puts the system on the expected state, and embed it on a hacked KELF. From that a decrtyted/plaintext hosdsys.elf file could be used.

This process would allow for using the USA OSD on any console regardless of region as long a matching region hacked KELF is provided. Even for folks with modchip but non USA or non JP consoles this could be useful as would allow them to play with the HDD OSD.


Edit:
Forgot to add that I tried the HDD on a PAL 50003 console and once I put the right hacked KELF on __system partition it booted FMCB so it's confirmed as possible.

Just pasting the file with a tool like Winhex won't work because the file is judged as valid by it's size (the size of the file affects it's header) and pasting a file on the raw partition would cause you to have a wrong sized hacked KELF.

Replacing the KELF only started to work for me when I hacked uLE to open password protected partitions. Also I had to hack it for making the PP.XXXXX named partitions.
A tool to place the OSD headers and icon is still necessary so we need to work that out.

[Bootlegninja]

oh. I feel like a dumb ass now. I only assumed that the HDD OSDSYS worked much like the DVD player. So, my comment was only guessing. But your post does shed light on some of the inner workings. Thank you for that.

[l_oliveira]

oh. I feel like a dumb ass now. I only assumed that the HDD OSDSYS worked much like the DVD player. So, my comment was only guessing. But your post does shed light on some of the inner workings. Thank you for that.

In fact, it DOES work like the DVD player and that's why we can't load it without an "launcher" as it expects the system to be at a certain state. IF any checking fail it just gives up and falls back to the ROM OSD.

It's just that the OSD has more files than the DVD driver, like fonts and sounds which stay together with the KELF at __system partition.

What I suggested was a "launcher" be made and embedded into any large enough kelf, which in turns just load the decrypted hosdsys onto RAM at the proper address, patch whatever is needed and launches it. That would make hosdsys generic enough to work on all consoles we could provide a KELF for.

[l_oliveira]

Omake:
F_HD_B_POC.zip
(Size 7777, JACKPOT !)

No, I won't tell what is on the zip file to not ruin the surprise.

The program in the zip file was made by SP193 after a suggestion of mine...

[RandQalan]

Ok what did I download and will it work with lager HD and don't be a tease

That is same vid I watched before