UPDATE 2: Some games use lv2open to check PARAM.SFO

**jamal94** · 10-11-2010,05:34 PM

Good tidbits of information was released today from Mathieu Hervais, one of the key developers behind the original PSGroove exploit for the PS3.

These tidbits of information, might be the ticket needed to get some "black screen" backups working correctly, and also some much needed "game updates" on your Jailbroken PS3 v3.41 console.

Problem is Mathieulh does not support the idea of "backups" on your PS3 console, so it is up to some smart fellow hacker like maybe Hermes to use these tidbits of key information in a new updated payload!

On Monday 11th October 2010, @Mathieulh said:

Some game updates use lv2open to check the disc's param.sfo to make sure the right disc is in the drive and the check fails because psjailbreak patches only patch the vsh open, as such a lot of patches will ask to "insert" the disc if you are playing from a backup, I don't care much about backups myself but for the sake of it and because some people may actually do a legit use of them, here is the patch : in 3.41 lv2 at offset 0x5745C change to li %r31, 0

Before you ask, because this is mostly backups related I wont be implementing this on the psgroove payload. If others want to implement this patch, that will be their call.

UPDATE:

Update:

On Monday 11th October 2010, @Mathieulh said:

cmpwi cr7, %r27, 0
ROM:00057430 beq cr7, loc_57458
ROM:00057434 lbz %r0, 0x60(%r28)
ROM:00057438 cmpwi cr7, %r0, 0
ROM:0005743C beq cr7, loc_57458
ROM:00057440 addi %r3, %sp, arg_72+1
ROM:00057444 addi %r4, %r28, 0x61
ROM:00057448 li %r5, 0xA
ROM:0005744C
bl sub_4C454
ROM:00057450 cmpwi cr7, %r3, 0
ROM:00057454 b loc_574A8
ROM:00057458
ROM:00057458 loc_57458: # CODE XREF: sub_57214+1FCj
ROM:00057458 # sub_57214+21Cj ...
ROM:00057458 lis %r31, -0x7FFF # 0x8001003E
ROM:0005745C ori %r31, %r31, 0x

here are the actual checks, it checks if a pointer is null, if it is, it errors, then they check the first char in the game's title id buffer, if it's 0 it erros and later a special memcmp is called which compares the title ids from the patch's sfo with the one from the disc's sfo.

Anyway I felt like it is better to explain the actual check for people's educational purposes.

THX FORJONAH FOR THE UPDATE

News Source: Matheiu's first tweet

Matheiu's second tweet

Update 2:
More Info: PSGroove.com » Blog Archiv » Mathieulh Increases Game Patch Compatibility/Stability

**pr0x1** · 10-11-2010,05:49 PM

hmmm good news :o

Now let's see psjailbreak guys steal this and act like they did it lol.

**keropi666** · 10-11-2010,05:50 PM

here's hope Hermes puts that in his new hex along with the pkg thingie

**JonahUK** · 10-11-2010,06:25 PM

Update:

On Monday 11th October 2010, @Mathieulh said:

cmpwi cr7, %r27, 0
ROM:00057430 beq cr7, loc_57458
ROM:00057434 lbz %r0, 0x60(%r28)
ROM:00057438 cmpwi cr7, %r0, 0
ROM:0005743C beq cr7, loc_57458
ROM:00057440 addi %r3, %sp, arg_72+1
ROM:00057444 addi %r4, %r28, 0x61
ROM:00057448 li %r5, 0xA
ROM:0005744C
bl sub_4C454
ROM:00057450 cmpwi cr7, %r3, 0
ROM:00057454 b loc_574A8
ROM:00057458
ROM:00057458 loc_57458: # CODE XREF: sub_57214+1FCj
ROM:00057458 # sub_57214+21Cj ...
ROM:00057458 lis %r31, -0x7FFF # 0x8001003E
ROM:0005745C ori %r31, %r31, 0x

here are the actual checks, it checks if a pointer is null, if it is, it errors, then they check the first char in the game's title id buffer, if it's 0 it erros and later a special memcmp is called which compares the title ids from the patch's sfo with the one from the disc's sfo.

Anyway I felt like it is better to explain the actual check for people's educational purposes.

http://twitter.com/Mathieulh

**RiPPERD** · 10-11-2010,06:28 PM

so surely if we just copy the part from a working game into the non working game (from the sfo file) then we can fix this?

**NZHawk** · 10-11-2010,06:51 PM

So just poke 0x000000000005745C with 6C69257233312C30 and it should work... Cant test at the moment, i'm not home.

**Eyed1** · 10-11-2010,06:52 PM

well good idea but i tried that, all we need is to look at a file in hex and change a few digits! offset=easy

**Eyed1** · 10-11-2010,06:54 PM

Originally Posted by NZHawk

So just poke 0x000000000005745C with 6C69257233312C30 and it should work... Cant test at the moment, i'm not home.

Give me 5 i’ll restore my reg.sys to normal and use your cheeky poker ;p

**JonahUK** · 10-11-2010,06:55 PM

Originally Posted by Eyed1

well good idea but i tried that, all we need is to look at a file in hex and change a few digits! offset=easy

Sorry, Noob Q coming....
So if what Math is saying is correct, would games such as COD4MW boot if this is applied?

**systmu** · 10-11-2010,07:02 PM

Wow this is great news. Way to pull through Mathieulh. I don't know about call of duty but it should fix those having trouble trying to play heavy rain and GOW III without a disc in the drive. I'm sure hermes will implement this soon! It just keeps getting better and better! Thanks guys!

User Tag List

Thread: UPDATE 2: Some games use lv2open to check PARAM.SFO

Tweet

LinkBack

Thread Tools

Display


	Would you like to get all the new info from PSX-Scene in your email each day? Subscribe to our Daily Digest! Want to learn more about the team keeping you up to date with the latest scene news? Read about them now! Check out our Developer bios, too!