OpenTuna

PS2 OpenTuna - An open source version of "Fortuna", based on reverse engineering! v2.0.1

Download
Overview Extra info Updates (4) Reviews (3) History Discussion
alexparrado said:
OpenTuna v1.0.2 uses 0x20C020C0 as return address, 0x20B020B0 is for v1.0.1 which is no longer used in sources just in documentation. So, stick to 0x20C020C0.



Nice, I've got that one too.



That's the tricky part, sorry I'm not automatize it. Anyway, if you want, send me icon.icn and I'll give some tips about how to tune it. Be sure payload-packed.elf properly works before trying to tune icon.
Click to expand...

Great, I tested payload.elf and it works (never thought about trying that lol).

Now I'll make a new icon.icn and send it to you via PM (so I don't clutter the thread with non-working icons)

Edit: Uploads are not allowed in PMs, I'll upload here
 
Here's my icon, it was made with the launcher-keys option and the changes I made are that it loads wLE from /BOOT/BOOT.ELF and it loads OPL from /OPL/OPNPS2LD.ELF
 

Attachments

blckbear_ said:
Here's my icon, it was made with the launcher-keys option and the changes I made are that it loads wLE from /BOOT/BOOT.ELF and it loads OPL from /OPL/OPNPS2LD.ELF
Click to expand...
There's something really bad with your icon because it doesn't even work in emulator. Did you adjust exploit Makefile with

KERNEL_NOPATCH = 1
NEWLIB_NANO = 1

and main.c in launcher-keys with

void _ps2sdk_libc_init() {}
void _ps2sdk_libc_deinit() {}
 
alexparrado said:
There's something really bad with your icon because it doesn't even work in emulator. Did you adjust exploit Makefile with

KERNEL_NOPATCH = 1
NEWLIB_NANO = 1

and main.c in launcher-keys with

void _ps2sdk_libc_init() {}
void _ps2sdk_libc_deinit() {}
Click to expand...

Yes, I did.
Now what I'm trying is adding:
KERNEL_NOPATCH = 1
NEWLIB_NANO = 1

to the launcher-keys makefile, the icon.icn is now 30kb in size and the payload-packed.elf works fine. I'll try this and see if it works.

Edit: with this one I'm getting a black screen (I guess its progress :confused:)
 
Last edited:
blckbear_ said:
KERNEL_NOPATCH = 1
NEWLIB_NANO = 1

to the launcher-keys makefile,
Click to expand...
That will lead to linker errors. Just use void _ps2sdk_libc_init() {} void _ps2sdk_libc_deinit() {} in launcher-keys. Veriffy payload-stripped.elf in exploit folder has 0x20c020c0 as load address by using readelf -h command.
 
blckbear_ said:
Yes, I did.
Now what I'm trying is adding:
KERNEL_NOPATCH = 1
NEWLIB_NANO = 1

to the launcher-keys makefile, the icon.icn is now 30kb in size and the payload-packed.elf works fine. I'll try this and see if it works.

Edit: with this one I'm getting a black screen (I guess its progress :confused:)
Click to expand...
That's what I'm getting in emulator. Could you share source to make a quick revision?
 
alexparrado said:
That will lead to linker errors. Just use void _ps2sdk_libc_init() {} void _ps2sdk_libc_deinit() {} in launcher-keys. Veriffy payload-stripped.elf in exploit folder has 0x20c020c0 as load address by using readelf -h command.
Click to expand...
payload-stripped.elf with the changes you suggested:
upload_2021-9-13_21-13-18.png


alexparrado said:
That's what I'm getting in emulator. Could you share source to make a quick revision?
Click to expand...

After changing the icon.icn address to 0x20C020C0 the PS2 freezes when I open the Memory card, so I guess that's not gonna work. After removing those flags from the makfile and only using the dummy functions, the payload .bin is around 35kb.
Latest sources attached.

Edit: I'm using OpenTunaRLE to create the icon.icn file btw, and if I'm not mistaken it creates it with address 0x20B020B0 instead of 0X20C020C0, correct me if I'm wrong
 

Attachments

Last edited:
blckbear_ said:
Just to be clear, the frozen console happened when I compiled using
KERNEL_NOPATCH = 1
NEWLIB_NANO = 1

in the launcher-keys makefile, but if it may cause issues I'm not gonna compile that way.


Thanks!
Click to expand...
Code seems Ok, I compiled and it works in emulator. Just realized you are using wrong resource files in OpenTuna-RLE, so replace them with the ones in above post. Send me the icon if exploit properly boots in emulator we can start icon tuning stage.
 
alexparrado said:
Code seems Ok, I compiled and it works in emulator. Just realized you are using wrong resource files in OpenTuna-RLE, so replace them with the ones in above post. Send me the icon if exploit properly boots in emulator we can start icon tuning stage.
Click to expand...
Ok, icon attached below.

I tried this icon in the console and the corrupted data icon is a blue cube, when going back MC icon disappears but then it returns to OSDSYS instead of launching the exploit.
 

Attachments

Could you please use, the included ps2_packer.exe to create a smaller payload.bin. With that packer, payload.bin size can go down to 22.8 kb.

Edit: if payload.bin goes beyond certain size, I have to adjust opentuna-tail.bin, so please use ps2_packer.exe.
 
Last edited:
Icon made with the included ps2_packer.exe, still not working on console, icon is a blue cube and console just goeas back to OSDSYS instead of launching exploit.
 

Attachments

Well, after compiling OpenTunaRLE and making the new icon, it now gets stuck when loading the MC in browser, I'll attach icon below.WIN_20210913_23_25_05_Pro.jpg
 

Attachments

blckbear_ said:
Well, after compiling OpenTunaRLE and making the new icon, it now gets stuck when loading the MC in browser, I'll attach icon below.View attachment 34876
Click to expand...
Ok, it works in emulator. This is the one to tune, taking into account it's freezing the console, you need to reduce return address repetitions, so replace values from offset 0x5c00 (no insert) 16 77 c0 20 with 00 00 00 00 . Let me know the result.
 
You must log in or register to reply here.

Similar threads

Back
Top