Xoeo's custom PL3 payload for 3.15

[Mark Webber]

Funny thing is, even when running things like "Awsome Peek Poke" there is still nothing in that area period. Well not showing anyway.

I am curious how that offset was chosen since I can't even see what is there in retail dumps.

[CrashSerious]

Funny thing is, even when running things like "Awsome Peek Poke" there is still nothing in that area period. Well not showing anyway.

I am curious how that offset was chosen since I can't even see what is there in retail dumps.

Look at the code, it patches the original syscall to jump to that location when the syscall is made. Then the code that goes to that location jumps back to the original syscall.

Your problem may be that you have the wrong address for the syscall itself.

[Mark Webber]

I have:
patch_func20 0x273bc4 (model set) has to be correct since it is changing the model flag as expected.
elf1_func4 0x190c70 (original was 0x190c90)
rtoc_entry_3 -0x6978 (same as original)


I have mad work commitments for the next 4 days (well nights) so it will take a few days t attack it again fully without falling asleep

[Mark Webber]

OK, it drove me to insanity and now appears to be working.
I will get my hands on known working 3.50 release and test it before I release the update.

Thanks for the inspiration CS =)

[evilsperm]

@Evilsperm &/or CS.
I am moving through the code to port it for Kiosk users.
I have all the correct offsets in place now except elf1_data2.

Where is it located and how did you find it? I have no dumps (except full LV2) that go that high into memory.

You will have to do a dump elf and use wireshark. We are currently in the same dilemma getting a debug unit to jailbreak so we have to do the same exact thing... funny thing that I heard though was the kiosk and debug 3.4x have the same address
So if you beat us to it PM all the info you dumped =)

[CrAzYNeSs]

Freaking awesome progress. Keep us updated!

[Mark Webber]

Freaking awesome progress. Keep us updated!

If your waiting for the kiosk release, it will be a few days possibly.
Hopefuly finished by Monday

[CrashSerious]

OK, it drove me to insanity and now appears to be working.
I will get my hands on known working 3.50 release and test it before I release the update.

Thanks for the inspiration CS =)

You're welcome! Just curious... what was it. ;-)

[Mark Webber]

In macro.hs for some reason it uses 2 direct memory pointers to 0x190c90 & 0x190c90+4 instead of using elf1_func4 (which is what it is).

So I just changed the offsets there to match what I had already made elf1_func4

Edit: I still cannot get this to compile using syscall_8. I am getting all the same errors as the rest.
Once I get it to compile fully I can test it. Until then it's really not very useful aside from telling the PS3 it's 3.50.

Edit 2: Figured out how to get it to compile.. I went into idiot mode from lack of sleep lately =)

[CrashSerious]

In macro.hs for some reason it uses 2 direct memory pointers to 0x190c90 & 0x190c90+4 instead of using elf1_func4 (which is what it is).

So I just changed the offsets there to match what I had already made elf1_func4

Edit: I still cannot get this to compile using syscall_8. I am getting all the same errors as the rest.
Once I get it to compile fully I can test it. Until then it's really not very useful aside from telling the PS3 it's 3.50.

Edit 2: Figured out how to get it to compile.. I went into idiot mode from lack of sleep lately =)

Oh yeah. I'd change that to teh appropriate elf #define to make the code more portable.

Are you working from the code reala put up for me a few pages back or towards the beginning of the thread? (or are you using EvilSperms CEXPL3?) The XOEO code a few pages back compiles for 3.15 and spoofs successfully--- dunno why I never could get the other one working. (Maybe I "fixed" it to much before compiling)

What errors? The @higher and @highest errors? If so, make sure you use ps3toolchain and NOT ps3chain.

@edit2: it happens... ;-)