aomsin2526
Developer
It's well known that for BadWDSD/qCFW to work, it requires one file called Stagex.bin
This file, is actually a binary that contain lot of smaller "stage" code. Thats why it's called Stagex.
It function as lv0 replacement (First code runs on PPU) and lv1 payload (Runs alongside lv1, equal to Cobra payload but for lv1).
It can hook lv1 function at will, runs as bare metal and this bring a lot of possibility that CFW can't do.
CFW can only pre-patch lv1 code so it is a lot more limited.
qCFW today is powerful enough for everyday use. It's pretty much same as CFW in every way except dumping eid_root_key.
Which means:
No CEX2DEX - Not really, qCFW already fully supports DEX mode without needing erk at all
No HDD decryption - Understandable
No Remarry - Do we really need it?
This list is my idea that might be possible to bring it to qCFW, making it even more powerful.
This is not guarantee anything.
NoEncrypt - Disable HDD encryption
I know long ago that if you pass certain flag into lv1_storage_read/write hvcall, encryption/decryption will be skipped. So what if I use power of Stagex to hook both read and write and force this flag? The result should be that encryption is disabled entirely. No erk needed anymore.
Of course HDD must be formatted so this doesn't allow dumping of already existed encrypted backup.
But it will be useful for future use.
This always work as long as modchip is used. qCFW or OFW doesn't matter.
Remarry Cell and BD Drive
From what I know so far, Sony way of remarrying is to use JIG firmware, or enter FSM and use special lv2diag.self. What that self is doing is to call remarry iso module. This module will have access to erk and can generate anything it need to remarry.
But this iso module doesn't need to be modified at all so this means If you take this iso module from 4.40 JIG firmware then use metldr.2/isoldr to load it manually, it will work.
What we need to do is to duplicate whatever that lv2diag does, then we can remarry without knowing erk. Since iso module will handle that part for you.
Use ps2_netemu with physical disc
I must admit that I know nothing about netemu, but from what I know so far is that netemu can only read encrypted iso on dev_hdd0. What cobra is doing is to make it able to read unencrypted one.
What if I hook lv1_storage_read/write and emulate dev_hdd0 and iso file at real time? Use Stagex to act as a bridge between BD drive and netemu. Can it work?
This is going to be very difficult to do, but will be very nice to have. Also only possible on qCFW.
RSX Overclock on PS2 mode
Previously, when overclock method is to use custom PUP, overclock is applied on both ps3 and ps2 mode. This is no longer true with current method since console is rebooted when enter ps2 mode. So clock is revert to default.
With Stagex, it is possible to save and reapply clock while booting ps2 mode.
Assuming NoEncrypt and remarry above is possible, question is:
Do we still need to know erk at all?
This file, is actually a binary that contain lot of smaller "stage" code. Thats why it's called Stagex.
It function as lv0 replacement (First code runs on PPU) and lv1 payload (Runs alongside lv1, equal to Cobra payload but for lv1).
It can hook lv1 function at will, runs as bare metal and this bring a lot of possibility that CFW can't do.
CFW can only pre-patch lv1 code so it is a lot more limited.
qCFW today is powerful enough for everyday use. It's pretty much same as CFW in every way except dumping eid_root_key.
Which means:
No CEX2DEX - Not really, qCFW already fully supports DEX mode without needing erk at all
No HDD decryption - Understandable
No Remarry - Do we really need it?
This list is my idea that might be possible to bring it to qCFW, making it even more powerful.
This is not guarantee anything.
NoEncrypt - Disable HDD encryption
I know long ago that if you pass certain flag into lv1_storage_read/write hvcall, encryption/decryption will be skipped. So what if I use power of Stagex to hook both read and write and force this flag? The result should be that encryption is disabled entirely. No erk needed anymore.
Of course HDD must be formatted so this doesn't allow dumping of already existed encrypted backup.
But it will be useful for future use.
This always work as long as modchip is used. qCFW or OFW doesn't matter.
Remarry Cell and BD Drive
From what I know so far, Sony way of remarrying is to use JIG firmware, or enter FSM and use special lv2diag.self. What that self is doing is to call remarry iso module. This module will have access to erk and can generate anything it need to remarry.
But this iso module doesn't need to be modified at all so this means If you take this iso module from 4.40 JIG firmware then use metldr.2/isoldr to load it manually, it will work.
What we need to do is to duplicate whatever that lv2diag does, then we can remarry without knowing erk. Since iso module will handle that part for you.
Use ps2_netemu with physical disc
I must admit that I know nothing about netemu, but from what I know so far is that netemu can only read encrypted iso on dev_hdd0. What cobra is doing is to make it able to read unencrypted one.
What if I hook lv1_storage_read/write and emulate dev_hdd0 and iso file at real time? Use Stagex to act as a bridge between BD drive and netemu. Can it work?
This is going to be very difficult to do, but will be very nice to have. Also only possible on qCFW.
RSX Overclock on PS2 mode
Previously, when overclock method is to use custom PUP, overclock is applied on both ps3 and ps2 mode. This is no longer true with current method since console is rebooted when enter ps2 mode. So clock is revert to default.
With Stagex, it is possible to save and reapply clock while booting ps2 mode.
Assuming NoEncrypt and remarry above is possible, question is:
Do we still need to know erk at all?
Last edited:
