how did you make the toolbox show correct firmware version as it says 4.82 or 4.75 in rebug toolbox or multiman can you upload links of multiman and rebug toolbox that shows correct fw version ?
how did you make the toolbox show correct firmware version as it says 4.82 or 4.75 in rebug toolbox or multiman can you upload links of multiman and rebug toolbox that shows correct fw version ?
how did you make the toolbox show correct firmware version as it says 4.82 or 4.75 in rebug toolbox or multiman can you upload links of multiman and rebug toolbox that shows correct fw version ?
for multiMAN it needs an update. for Toolbox you just use the one came with the Firmware, also if you disable syscalls this function won't work since it requires CFW syscalls to detect the FW.
Yeah but i see no update only the last one is 4.82 normaly their would been new multiMan after a new Fw appears just like from 4.65 4.70 4.75 4.78 4.80 4.81 4.82..
Yeah but i see no update only the last one is 4.82 normaly their would been new multiMan after a new Fw appears just like from 4.65 4.70 4.75 4.78 4.80 4.81 4.82..
Because LV2 hasn't changed since 4.75 and it confuses homebrew when it comes FW detection since TOC and SYSCALL TABLE are the same. that's why it needs an extra check to differentiate the version strings. The common method for doing it was to peek compiled month..
Because LV2 hasn't changed since 4.75 and it confuses homebrew when it comes FW detection since TOC and SYSCALL TABLE are the same. that's why it needs an extra check to differentiate the version strings. The common method for doing it was to peek compiled month..
I downgraded to 4.80 D-REX and tested ManaGunZ v1.26 (the first version with mamba v3 per the changelog). It doesn't work.
Also tested the v1.34 in both 4.80 D-REX and 4.81 D-REX without more success.
So it seems the devil was here since the begining.
I downgraded to 4.80 D-REX and tested ManaGunZ v1.26 (the first version with mamba v3 per the changelog). It doesn't work.
Also tested the v1.34 in both 4.80 D-REX and 4.81 D-REX without more success.
So it seems the devil was here since the begining.
ok, compile debug payloads for CEX and compare the output with the one from DEX to see what's missing, I'm pretty sure the dynamic patching for prx modules fail at DEX only. I remember testing the very earlier version of funny mamba loader released by @Rancid-o used to work with IRISMAN just fine..
I guess you did not read that text that starts the post...
NOTE: All Homebrew / Plugins / Tools do not need an update to support 4.84, however some things need updates to support the latest firmware and this list only cover those items. Its not a full homebrew list. When something is updated for/with 4.84 Support, its added to this list. So keep it bookmarked and even subscribe to the thread to stay alert on the latest details.
In fact I'm not sure.
Could you try that:
- ensure cobra is disabled
- make an hard reboot
- dump lv1 (do not load mamba before to dump... like i did)
Doing that, that time I got 0x510000 for both CEX and DEX.
Anyway, in fact we should'nt realy care about VSH address in sympols.h as it is dynamicaly searched ("brute-forced") if is not found where we find and set it:
Code:
uint64_t vsh_offset = 0;
static INLINE int get_vsh_offset()
{
int i;
//First try with static offset..
if( (lv1_peekd(vsh_pos_in_ram + 0x200) == 0xF821FF917C0802A6ULL) &&
(lv1_peekd(vsh_pos_in_ram + 0x208) == 0xF80100804800039DULL) &&
(lv1_peekd(vsh_pos_in_ram + 0x210) == 0x6000000048000405ULL) )
{
vsh_offset = vsh_pos_in_ram;
#ifdef DEBUG
DPRINTF("Vsh.self found with static offset at address 0x%lx\n", vsh_offset);
#endif
}
//..if that not work brute-force the address
else
{
for(i = 0x10000; i < 0x3000000; i += 0x10000)
{
if(lv1_peekd(i + 0x200) == 0xF821FF917C0802A6ULL)
{
if(lv1_peekd(i + 0x208) == 0xF80100804800039DULL)
{
if(lv1_peekd(i + 0x210) == 0x6000000048000405ULL)
{
vsh_offset = i;
#ifdef DEBUG
DPRINTF("Vsh.self found with brute-force at address 0x%lx\n", vsh_offset);
#endif
break;
}
}
}
}
}
//Vsh not found
if(vsh_offset == 0)
{
#ifdef DEBUG
DPRINTF("Vsh.self not found!!\n");
#endif
return -1;
}
return 0;
}
ok, compile debug payloads for CEX and compare the output with the one from DEX to see what's missing, I'm pretty sure the dynamic patching for prx modules fail at DEX only. I remember testing the very earlier version of funny mamba loader released by @Rancid-o used to work with IRISMAN just fine..
In fact I'm not sure.
Could you try that:
- ensure cobra is disabled
- make an hard reboot
- dump lv1 (do not load mamba before to dump... like i did)
Doing that, that time I got 0x510000 for both CEX and DEX.
Anyway, in fact we should'nt realy care about VSH address in sympols.h as it is dynamicaly searched ("brute-forced") if is not found where we find and set it:
Code:
uint64_t vsh_offset = 0;
static INLINE int get_vsh_offset()
{
int i;
//First try with static offset..
if( (lv1_peekd(vsh_pos_in_ram + 0x200) == 0xF821FF917C0802A6ULL) &&
(lv1_peekd(vsh_pos_in_ram + 0x208) == 0xF80100804800039DULL) &&
(lv1_peekd(vsh_pos_in_ram + 0x210) == 0x6000000048000405ULL) )
{
vsh_offset = vsh_pos_in_ram;
#ifdef DEBUG
DPRINTF("Vsh.self found with static offset at address 0x%lx\n", vsh_offset);
#endif
}
//..if that not work brute-force the address
else
{
for(i = 0x10000; i < 0x3000000; i += 0x10000)
{
if(lv1_peekd(i + 0x200) == 0xF821FF917C0802A6ULL)
{
if(lv1_peekd(i + 0x208) == 0xF80100804800039DULL)
{
if(lv1_peekd(i + 0x210) == 0x6000000048000405ULL)
{
vsh_offset = i;
#ifdef DEBUG
DPRINTF("Vsh.self found with brute-force at address 0x%lx\n", vsh_offset);
#endif
break;
}
}
}
}
}
//Vsh not found
if(vsh_offset == 0)
{
#ifdef DEBUG
DPRINTF("Vsh.self not found!!\n");
#endif
return -1;
}
return 0;
}
The issue is not here, difinitly.
Did it.
In CEX output I have:
Code:
Now patching game_ext_plugin.sprx e274af7b0001e5d3
Offset: 0x000172F0 | Data: 0x38000001
...
Now patching explore_plugin.sprx acf4af2b000ecc91
Offset: 0x000DDDC4 | Data: 0x38000001
and my log is showing they are being patched. Can you try this?
Regarding VSH, don't worry about it. I looked at the code, it uses both static offset and searched offset in case of hash failure.
Code:
We are originally in region 82
MAMBA says hello (load base = 0x8000000000660000, end = 0x8000000000679c40) (version = 0104840F)
We are in CFW Rebug REX, VSH is DEX
Vsh.self found with static offset at address 0x910000
PS2 auth patch at HV:165b54
PS2 unauth patch at HV:165cd0
Offset ps2tonet_size_patch found with static offset at address: 0x9da374
Offset ps2tonet_patch found with static offset at address: 0x9da380
First poke: 0x38a00040
Second poke: 0x60638204
SUCCESS: all patches DONE!
/dev_hdd0/PS2ISO/FF12IZJS_US.iso, filesize: f94ab800
Disc Insert
real disc type = 0
effective disc type = ff61, fake disc type = ff61
Disc removed.
Disc auth: 5007 d00dabf0 (process: 01000300_main_vsh.self)
Read 8000 800
Changed to part file 0
/dev_hdd0/PS2ISO/FF12IZJS_US.iso, filesize: f94ab800
Disc Insert
real disc type = 0
effective disc type = ff61, fake disc type = ff61
Disc auth: 5007 d00e4bf0 (process: 01000300_main_vsh.self)
Faked size to 1f2957
Changed to part file 0
cellFsUtilMount: /dev_bdvd
Disc auth: 5004 29 (process: 01000300_main_vsh.self)
PROCESS /dev_flash/vsh/module/mcore.self (01050200) loaded
We are originally in region 82
Now patching game_ext_plugin.sprx e274af7b0001e5d3
Now patching explore_plugin.sprx acf4af2b000ecc91
and my log is showing they are being patched. Can you try this?
Regarding VSH, don't worry about it. I looked at the code, it uses both static offset and searched offset in case of hash failure.
Code:
We are originally in region 82
MAMBA says hello (load base = 0x8000000000660000, end = 0x8000000000679c40) (version = 0104840F)
We are in CFW Rebug REX, VSH is DEX
Vsh.self found with static offset at address 0x910000
PS2 auth patch at HV:165b54
PS2 unauth patch at HV:165cd0
Offset ps2tonet_size_patch found with static offset at address: 0x9da374
Offset ps2tonet_patch found with static offset at address: 0x9da380
First poke: 0x38a00040
Second poke: 0x60638204
SUCCESS: all patches DONE!
/dev_hdd0/PS2ISO/FF12IZJS_US.iso, filesize: f94ab800
Disc Insert
real disc type = 0
effective disc type = ff61, fake disc type = ff61
Disc removed.
Disc auth: 5007 d00dabf0 (process: 01000300_main_vsh.self)
Read 8000 800
Changed to part file 0
/dev_hdd0/PS2ISO/FF12IZJS_US.iso, filesize: f94ab800
Disc Insert
real disc type = 0
effective disc type = ff61, fake disc type = ff61
Disc auth: 5007 d00e4bf0 (process: 01000300_main_vsh.self)
Faked size to 1f2957
Changed to part file 0
cellFsUtilMount: /dev_bdvd
Disc auth: 5004 29 (process: 01000300_main_vsh.self)
PROCESS /dev_flash/vsh/module/mcore.self (01050200) loaded
We are originally in region 82
Now patching game_ext_plugin.sprx e274af7b0001e5d3
Now patching explore_plugin.sprx acf4af2b000ecc91
