PS3 [Research] MLT's RIF bypass patches in VSH

haxxxen said:
good work, but tbh, i do not like to apply all these patches with cobra. this makes it too heavy i think.
and thanks for reminding about debug vsh. maybe i really have compared unspoofed vsh, which i have not patched i guess.

about the ps2classic compatibility, i had no time to try and i am busy with other stuff. i am making trainer prx files for games at the moment, which is a lot of fun to me, but very time consuming.


unluckily, this does not completely circumvent klic games and you cannot run them encrypted, but if you decrypt them and sign them free or fself you do not need any klic/rif/edat.

c00 games you can run without any problem though.
Click to expand...

I have no plan to add mlt patches to cobta for public release. This was just for fun xD

I am the one who's started to minimizing stuff while you kept improving and introducing new stuff


Sent from my iPhone using Tapatalk
 
Perhaps, you can include these patch directly in the PUP fw ?

I can try few random games if some test are needed :p
 
Zar said:
Perhaps, you can include these patch directly in the PUP fw ?

I can try few random games if some test are needed :p
Click to expand...

Patches can be hardcoded without Cobra, the idea was to port patches easily to other fw for testing purpose, since it doesn't require decrypt, hex edit and re-encrypt,

Also at least for 4.81, only 5 offsets are needed to quick port since I used the offset + differences which could be down to either 2 or 3 even.

To eliminate patches for optimization , all you have to do is to comment each patch one by one

And recompile the project and replace the payload binaries

FYI @haxxxen


Sent from my iPhone using Tapatalk
 
I have the 4.81 CEX VSH with MLT patches applied if anyone wants it for a vanilla build or even Cobra CEX as it was made by haxxxen for Ferrox 4.81 v1.01+ for me. But I am now on Rebug D-REX to use my DS4 with PS3XPad so I dont have to use a Bluetooth dongle and it adds rumble support as well as the 360 pad without dongle.
 
atreyu187 said:
I have the 4.81 CEX VSH with MLT patches applied if anyone wants it for a vanilla build or even Cobra CEX as it was made by haxxxen for Ferrox 4.81 v1.01+ for me. But I am now on Rebug D-REX to use my DS4 with PS3XPad so I dont have to use a Bluetooth dongle and it adds rumble support as well as the 360 pad without dongle.
Click to expand...
Playstion with an Xbox pad is just wrong in so many ways :-p
 
bitsbubba said:
Playstion with an Xbox pad is just wrong in so many ways :-p
Click to expand...


Not for me!! But all my associates are die hard Xbone fiends. I personally can't use any pad but the DS4. I have become spoiled. A DS3 feels off to me as I use the DS4 on my PSTV, PC, PS2, PS4 and my PS3. PS3 Xpad does DS4 better then Sony with thier half arsed HID implemented attempt of support. But hey at least it works wirelessly for OFW users for most games now. Castlevania still doesnt work with or without a USB cord which was a killer for me. Luckily PS3 Xpad makes it not only work where Sony failed but also allows for rumble support fir DEX users.
 
Joonie said:
Good news, I just tested one ps2classic game, it seems to work fine, it loaded without hanging.. (Of course rif activation is needed since it's not c00)

So after optimization, I think we can safely beta test newer CFWs with hardcoded patches done in VSH.

FYI @haxxxen @habib @Zar @DeViL303 @bguerville @bitsbubba @atreyu187
Click to expand...
its kinda impossible unless your patches are wrong because static klicensee is not being used fyi your cobra source has bad patches.
can you run games like resident evil revelations without rap?
 
habib said:
its kinda impossible unless your patches are wrong because static klicensee is not being used fyi your cobra source has bad patches.
can you run games like resident evil revelations without rap?
Click to expand...

RE revelations isn't c00 demo, it doesn't run

and I don't know why ps2clssics loads fine [activated by reactPSN]. Maybe I was confused since I tested MLT 4.40 3 years ago..

about the patches, I only took the ones that @haxxxen ported for 4.81 retail vsh [ferrox specific] so I haven't compared them with MLT 4.40 directly.
 
Joonie said:
RE revelations isn't c00 demo, it doesn't run

and I don't know why ps2clssics loads fine [activated by reactPSN]. Maybe I was confused since I tested MLT 4.40 3 years ago..

about the patches, I only took the ones that @haxxxen ported for 4.81 retail vsh [ferrox specific] so I haven't compared them with MLT 4.40 directly.
Click to expand...
yeah so thats only c00 but mlts rif bypass makes all the games work with static klicensee including re revelations
ps2 didnt work because it uses different klicensee

and you copied haxxens patches...but wrongly
 
habib said:
yeah so thats only c00 but mlts rif bypass makes all the games work with static klicensee including re revelations
ps2 didnt work because it uses different klicensee

and you copied haxxens patches...but wrongly
Click to expand...

You're wrong about RE Revelations it doesn't work on MLT 4.40 which is why he dropped the project
 
Joonie said:
Good news, I just tested one ps2classic game, it seems to work fine, it loaded without hanging.. (Of course rif activation is needed since it's not c00)

So after optimization, I think we can safely beta test newer CFWs with hardcoded patches done in VSH.
Click to expand...
now i get what you wanted to do in first place. so just to test the patches one by one, which is really not a bad idea.

habib said:
its kinda impossible unless your patches are wrong because static klicensee is not being used fyi your cobra source has bad patches.
can you run games like resident evil revelations without rap?
Click to expand...
can you exactly tell which patches are bad? and what is it about resident evil revelations? is it klic encrypted?

and what about this method @Skiller has mentioned? i think this would be the better approach, if even possible.
 
haxxxen said:
now i get what you wanted to do in first place. so just to test the patches one by one, which is really not a bad idea.


can you exactly tell which patches are bad? and what is it about resident evil revelations? is it klic encrypted?

and what about this method @Skiller has mentioned? i think this would be the better approach, if even possible.
Click to expand...
RIF license bypass, this means that now the console will not care if the content has been purchased or not, so this means that a console without RIF's nor ACT.DAT should boot all content without any problem ( ps2 classics for example ) BUUUUT will give a blackscreen, to fix that we will have to patch the "ps2netemu" so it uses a static klicensee.

its not for demos only, it was probably you who told me people could play games without waiting for its release

#define cex_mlt_rif_patch_func1 0xC4E2A
uint32_t m8
overwriting more bytes
{ cex_mlt_rif_patch_func1 + 12, ORI(R3, R3, 0x8204), &condition_true },
doesnt make sense, probably 0xc4e34
this whole patch itself is just to pass ps2 params to netemu that is already done by cobra
 
habib said:
#define cex_mlt_rif_patch_func1 0xC4E2A
uint32_t m8
overwriting more bytes
{ cex_mlt_rif_patch_func1 + 12, ORI(R3, R3, 0x8204), &condition_true },
doesnt make sense, probably 0xc4e34
this whole patch itself is just to pass ps2 params to netemu that is already done by cobra
Click to expand...

Yeah that's what I thought that was weird too xD anyways I was about to get rid of some patches when I have time.

MLT stopped including this feature on his later FW [4.46 and 4.50] also many people reported that the feature was buggy due to some games not being unlocked [like ones that @Skiller told us about]
 
Joonie said:
Yeah that's what I thought that was weird too xD anyways I was about to get rid of some patches when I have time.

MLT stopped including this feature on his later FW [4.46 and 4.50] also many people reported that the feature was buggy due to some games not being unlocked [like ones that @Skiller told us about]
Click to expand...
webman feature to enable or disable rif verification....wont that be great
thats what i am thinking of adding to cobra, a new opcode
 
FYI :

@haxxxen @habib @Zar @DeViL303 @bguerville @bitsbubba @atreyu187 @Alexander @Rancid-o @aldostools
@mysis

I think I successfully downsized the patches from 25 to 1.

for retail vsh v 4.81

0x00245910
Original : 7FC307B4
Modified : 38600000

for debug VSH v4.81

0x0024D318
Original : 7FC307B4
Modified : 38600000

Code: 
seg001:000000000025D314 loc_25D314:                             # CODE XREF: seg001:000000000025D24Cj
seg001:000000000025D314                                         # seg001:000000000025D2E0j ...
seg001:000000000025D314                 ld        r0, 0x210(r1)
seg001:000000000025D318                 li        r3, 0 <- where it's patched.
seg001:000000000025D31C                 ld        r28, 0x1E0(r1)
seg001:000000000025D320                 ld        r29, 0x1E8(r1)
seg001:000000000025D324                 mtlr      r0
seg001:000000000025D328                 ld        r30, 0x1F0(r1)
seg001:000000000025D32C                 ld        r31, 0x1F8(r1)
seg001:000000000025D330                 addi      r1, r1, 0x200
seg001:000000000025D334                 blr

Could you verify this when you get a chance? @habib @mysis @Rancid-o @haxxxen @Skiller

By the way, I only tested four games.. I wonder if this one single patch could cause less compatibility.

By the way, with only one patch, now non-c00 games don't even try to launch any more [it previously just kicked back to XMB after launching, I think this is a lot better when things don't even work properly]

Here's the link of updated binaries and sources, I only applied the one patch for both VSHs which currently work fine for c00 contents :)

http://www.mediafire.com/file/xpq9ctuxd4ars16/COBRA_7.32.zip

FYI @atreyu187
 
Last edited:
You must log in or register to reply here.

Similar threads

Back
Top