PS3HEN PS3HEN Open Beta Testing [For Advanced Users Only]

aldostools · Jun 20, 2022

@esc0rtd3w today I posted a pull request with a small change to mappath.c
https://github.com/PS3Xploit/PS3HEN/pull/43

Basically the small change that I did, adds support for .RAP (all caps) in addition to .rap
That simple feature is already found in Mamba 8.4 & Cobra 8.3, but not in HEN.

In Cobra/Mamba the part affected is the module "make_rif", but in PS3HEN it is coded in mappath.c

I hope that you can merge it without affect the latest changes.

aldostools · Jun 20, 2022

bguerville said:
FYI

To avoid the multiplication of payloads, a kernel plugin feature was implemented.
I strongly recommend that any add-ons to HEN or Cobra should be released through kernel plugins unless they are core features.
Kernel plugins are not HEN plugins though, they are meant to interact with the kernel, not with HEN and without stubs or hardcoded HEN symbols (to be avoided at all cost imho), the HEN functions are not directly accessible to a kplugin.
However Jason and I have been discussing this yesterday, if you care to wait for it, we will try to make a kplugin template project that can use map_path.

I was experimenting with kernel plugins about 3 years ago. If I recall correctly you can call kernel plugins from HEN/Cobra/Mamba payload calling syscall 15 like in the following example provided by habib.

For some reason that I don't know, he implemented the make_rif as a kplugin but later Cobra 8.2 had it embedded in the payload.

Code:

static int install_payload(uint8_t *payload, int size)
{
   lv2syscall3(8, SYSCALL8_OPCODE_RUN_PAYLOAD, (uint64_t)payload, size);
   return_to_user_prog(int);
}
static int reactpsn_plugin(uint8_t *idps,uint8_t *rap, uint8_t *act_dat, char *content_id, char *out, uint64_t residence)
{
   lv2syscall8(15, (uint64_t)idps, (uint64_t)rap, (uint64_t)act_dat, (uint64_t)content_id,(uint64_t)out,0,0,(uint64_t)residence);
   return_to_user_prog(int);
}

uint64_t residence = 0x80000000007F0000ULL;
install_payload(buf, size);
int ret = reactpsn_plugin(idps, rap, act_dat, content_id, out, residence);

Here is the complete code:
https://github.com/aldostools/COBRA/tree/master/487/REX/reactPSN

IIRC the /boot_plugins_kernel.txt does the same as install_payload() function

bguerville · Jun 20, 2022

Yes, syscall 15 can execute any kernel sub however that requires using lv2 symbols, it's good for kernel subs but that won't help much to execute HEN/Cobra functions whose offsets are likely to change every time a code change is introduced, making hardcoded offsets a very bad option imho.

With a kernel plugin, you can use the syscall table or even the syscall handler to execute any syscall code however in the case of map_path, I believe changes would have to be made to the sys_map_path function in order to support both kernel based and userland based string pointers for arguments, for the moment only 32bit userland pointers are supported by sys_map_path so the syscall cannot be used as is by the kernel plugin code Luan intends to use.
Moreover I think sys_map_path should support both kernel and user string arguments anyway.

Regarding the kernels plugin loading, Iirc there are 2 possibilities, one function loads a payload into a given static kernel address, the other allocates kernel memory dynamically as required.

Zwei · Jun 20, 2022

Will COBRA be updated? why is hen is 8.1 and we are already in 8.3 and Aldo has cobra/mamba 8.4

aldostools · Jun 20, 2022

bguerville said:
Yes, syscall 15 can execute any kernel sub however that requires using lv2 symbols, it's good for kernel subs but that won't help much with HEN/Cobra functions whose offsets are likely to change every time a code change is introduced, making hardcoded offsets a very bad option imho.

With a kernel plugin, you can use the syscall table or even the syscall handler to execute any syscall code however in the case of map_path, I believe changes would have to be made to the sys_map_path function in order to support both kernel based and userland based string pointers for arguments, for the moment only 32bit userland pointers are supported by sys_map_path so the syscall cannot be used as is by the kernel plugin code Luan intends to use.

I showed the example with static offset because it was more simple. But in the same link there is an example using dynamic offset for the payload obtained from a call to alloc(size, 0x27);.

Anyway I only was showing an option using the existing tools in the payload, in case you weren't aware :sem blush:

bguerville · Jun 20, 2022

Zwei said:
Will COBRA be updated? why is hen is 8.1 and we are already in 8.3 and Aldo has cobra/mamba 8.4

That would be because they are separate projects in different repos updated by different people, standardisation is pretty much left up to the various devs.

I said it before, HEN should really be merged with Cobra into one main repo IMHO, adding
#ifndef HEN statements to disable the lv1 code and new build targets in the makefile, to avoid the version discrepancies.

Mamba usually gets updated against Cobra changes nowadays.

bguerville · Jun 20, 2022

aldostools said:
I showed the example with static offset because it was more simple. But in the same link there is an example using dynamic offset for the payload obtained from a call to alloc(size, 0x27);.

Anyway I only was showing an option using the existing tools in the payload, in case you weren't aware

Sure.

There could have been a couple of things leading Habib to process rap/rif directly in the core rather than a kernel plugin like he first planned.
It needs to hook open_path just like hen/cobra core does, there is a potential conflict there, a hook inside a hook situation, and without synchronisation primitives, it might get quite complicated to juggle between the 2 without crashing eventually, keeping in mind that sharing a synchronisation primitive like a mutex or a semaphore between HEN/Cobra and a kplugin would currently be just as problematic as reusing each other's functions. Without stubs to link with, HEN/Cobra functions are not easy to access properly and appropriately, syscalls expose only a fraction of HEN functions.

In the longer term, I believe this problem with references will need to be addressed.

esc0rtd3w · Jun 20, 2022

Zwei said:
Will COBRA be updated? why is hen is 8.1 and we are already in 8.3 and Aldo has cobra/mamba 8.4

if anyone wants to either submit a Pull Request to the PS3Xploit GitHub, or send source files to myself or @bguerville with updated cobra 8.3 changes, i can compare your changes with current build and merge, so we can test internally. we can try adding that before next release. Or wait for a while and it will eventually happen lol

Coro · Jun 20, 2022

i like the option to skip plugins at boot too.

LuanTeles · Jul 4, 2022

Guys, how about blocking the CCAPI TITTLE_ID to avoid users installing it?

LuanTeles · Jul 4, 2022

esc0rtd3w said:
if anyone wants to either submit a Pull Request to the PS3Xploit GitHub, or send source files to myself or @bguerville with updated cobra 8.3 changes, i can compare your changes with current build and merge, so we can test internally. we can try adding that before next release. Or wait for a while and it will eventually happen lol

Fan control, Convert savedata and etc features would be nice

bguerville · Jul 5, 2022

Has anyone experienced any issues with remappings in the latest test build esc0 shared?
Backup managers use remappings for various features, please make sure that all types of game mountings work ok, etc..

Please report any issues, the changes to the mapping code are somewhat extensive so we would prefer to get as much testing done before releasing it as stable.

aldostools · Jul 5, 2022

bguerville said:
Has anyone experienced any issues with remappings in the latest test build esc0 shared?
Backup managers use remappings for various features, please make sure that all types of game mountings work ok, etc..

Please report any issues, the changes to the mapping code are somewhat extensive so we would prefer to get as much testing done before releasing it as stable.

This feedback will be hard to get from regular users. Most of them don't know what is happening in the background.

Maybe @LuanTeles and other developers/modders that use HEN could provide a more accurate feedback.

LuanTeles · Jul 5, 2022

aldostools said:
This feedback will be hard to get from regular users. Most of them don't know what is happening in the background.

Maybe @LuanTeles and other developers/modders that use HEN could provide a more accurate feedback.

I'll make some tests today with all backup managers.

LuanTeles · Jul 6, 2022

I just installed it here

First run
- Launched Managunz - Black screen and the system crashed.

Second run
- Launched IrisMan, mounted a game, played it a bit and I returned back to XMB, when I tried to mount it via webMAN the system hanged.

Third run
- Launched MultiMAN and the system freezes on a black screen.

Later I'll make more tests, but one thing I realized a long time ago, is that when my system fans are high as
they are now ( I never replaced my thermal paste and I use webMAN dynamic control) hen usually crashes, maybe somehow related?

bguerville · Jul 6, 2022

LuanTeles said:
I just installed it here

First run
- Launched Managunz - Black screen and the system crashed.

Second run
- Launched IrisMan, mounted a game, played it a bit and I returned back to XMB, when I tried to mount it via webMAN the system hanged.

Third run
- Launched MultiMAN and the system freezes on a black screen.

Later I'll make more tests, but one thing I realized a long time ago, is that when my system fans are high as
they are now ( I never replaced my thermal paste and I use webMAN dynamic control) hen usually crashes, maybe somehow related?

Quite likely because esc0 tested it extensively and had no problems.
Can you try with fan on manual or whatever?

vitormoraes1903 · Jul 6, 2022

Everything ok brother?, I wanted to know about bgtoolset it appears a message to try again in a few hours I wanted to know if you have a return forecast because I wanted to unlock my ofw 4.88 for CFW

LuanTeles · Jul 6, 2022

bguerville said:
Quite likely because esc0 tested it extensively and had no problems.
Can you try with fan on manual or whatever?

I really forgot that dynamic fan control have some problems with some backup managers ( MultiMAN maybe more?)

Okay, I set it to manual, seems it is working good now but Managunz cannot mount games, when a iso is selected the system crashes, is it related somehow?

I'm going to bed now, but during the day I'll make some intensive tests

bguerville · Jul 6, 2022

vitormoraes1903 said:
Everything ok brother?, I wanted to know about bgtoolset it appears a message to try again in a few hours I wanted to know if you have a return forecast because I wanted to unlock my ofw 4.88 for CFW

If all goes well, 24h to 48h.

bguerville · Jul 6, 2022

LuanTeles said:
I really forgot that dynamic fan control have some problems with some backup managers ( MultiMAN maybe more?)

Okay, I set it to manually, seems it is working good now but Managunz cannot mount games, when a iso is selected the system crashes, is it related somehow?

I'm going to bed now, but during the day I'll make some intensive tests

Not sure, I just asked esc0 to double check Managunz when he can, we will find out soon enough whether it's related or not.[emoji6]

PS3HEN PS3HEN Open Beta Testing [For Advanced Users Only]

aldostools

developer MOD

aldostools

developer MOD

bguerville

Zwei

Member

aldostools

developer MOD

bguerville

bguerville

esc0rtd3w

Coro

LuanTeles

LuanTeles

bguerville

aldostools

developer MOD

LuanTeles

LuanTeles

bguerville

vitormoraes1903

Forum Noob

LuanTeles

bguerville

bguerville

Similar threads