PS3 [Research] MLT's RIF bypass patches in VSH

I was implementing these features on Ferrox 1.1 (fself) with support for Cobra 732.
I noticed that the dex mod menu (sprx dex), are loaded correctly in cex, including eboot dex.
I tried GTA V, the game starts and loads the modmenu, but then when you have to turn, this will not work. You say that you can maybe start a research on this? Start the modmenu without using a CFW DEX, would be comfortable.
In practice you would no longer need to create a version of dex.
 
Alexander said:
I was implementing these features on Ferrox 1.1 (fself) with support for Cobra 732.
I noticed that the dex mod menu (sprx dex), are loaded correctly in cex, including eboot dex.
I tried GTA V, the game starts and loads the modmenu, but then when you have to turn, this will not work. You say that you can maybe start a research on this? Start the modmenu without using a CFW DEX, would be comfortable.
In practice you would no longer need to create a version of dex.
Click to expand...

I don't understand why you're reporting here about fself? I am not researching fself here

And ask @haxxxen about modmenu and cex compatibility.

Fself has nothing to do with this thread


Sent from my iPhone using Tapatalk
 
Joonie said:
I don't understand why you're reporting here about fself? I am not researching fself here

And ask @haxxxen about modmenu and cex compatibility.

Fself has nothing to do with this thread


Sent from my iPhone using Tapatalk
Click to expand...


Pretty sure he is stating he needs the menu pop up boxes that come with DEX but not CEX firmwares. Regardless it isn't what this topic is about and @haxxxen would be the guy to speak with maybe @habib if he can find the time. Only thing that post has to do with this thread is the fact he is gonna use the Cobra 7.32 you made as his stage2.bin files for his FW
 
atreyu187 said:
Pretty sure he is stating he needs the menu pop up boxes that come with DEX but not CEX firmwares. Regardless it isn't what this topic is about and @haxxxen would be the guy to speak with maybe @habib if he can find the time. Only thing that post has to do with this thread is the fact he is gonna use the Cobra 7.32 you made as his stage2.bin files for his FW
Click to expand...

In my opinion, cobra 7.32 doesn't need fself patch included, now that we have cleaner patch (only one offset) that works fine with c00, it can just be hard-coded instead. Btw did you pick up DECR yet?
 
Joonie said:
In my opinion, cobra 7.32 doesn't need fself patch included, now that we have cleaner patch (only one offset) that works fine with c00, it can just be hard-coded instead. Btw did you pick up DECR yet?
Click to expand...

No we haven't even headed home yet still outta town.

And I think he's doing it to make it "feature rich" end users seem to want as many features as possible without making the CFW look any different then an OFW. As close to an OFW look wise I mean but tons of features "under the hood" so to speak
 
atreyu187 said:
I think he's doing it to make it "feature rich" end users seem to want as many features as possible without making the CFW look any different then an OFW. As close to an OFW look wise I mean but tons of features "under the hood" so to speak
Click to expand...
As long as the standard CEX Ferrox release remains free of mods, tweaks & extra patches.. Lol
 
i think one of the issues that may happen if this project is able to get the decrypted key Injected directly into the Datatables. is that it might make issues for games with DevKilc Example Sprx, and so on that are Decrypted using Key inside Eboot.

unless this is another Branched section..

im guessing that they set it as a BEQ to 3 to go to Goma key
what u could test is BEQ to 2, and then set a Paid Content Decrypted key in place of the GOMA KEY to see if the game Loads.. would be an interesting test

just throwing ideas out there

@Joonie @habib @haxxxen

note you would probably still need to use the Bypass that Joonie Narrowed down since this makes it so the GOMA key (Freekey) is used.
 
Last edited:
Alexander said:
I was implementing these features on Ferrox 1.1 (fself) with support for Cobra 732.
I noticed that the dex mod menu (sprx dex), are loaded correctly in cex, including eboot dex.
I tried GTA V, the game starts and loads the modmenu, but then when you have to turn, this will not work. You say that you can maybe start a research on this? Start the modmenu without using a CFW DEX, would be comfortable.
In practice you would no longer need to create a version of dex.
Click to expand...
that is impossible, except you have source to menu (unlikely with most). a few of them make 2 versions though.

with these mod menus there are debug syscalls used to write to process memory, where cex has no similar syscall to do this. this is why ccapi was found, so you can use a pseudo debug syscall with cex target. @3141card has made some implementations, to use these syscalls temporary on cex, but those menu authors do not use it unfortunately.

i have made kernel detection with my prx trainers and when dex is detected, automatically sc905 is used, otherwise it uses sc201.

maybe hexing the prx file and replacing syscall905 with 201(=same ccapi syscall) can work, dunno

another thing would be, if the authors use ps3mapi cobra syscalls to write to memory, but that is their choice. this would also work with cex, though, ps3mapi is like ccapi very slow, so not recommended on my side
 
haxxxen said:
that is impossible, except you have source to menu (unlikely with most). a few of them make 2 versions though.

with these mod menus there are debug syscalls used to write to process memory, where cex has no similar syscall to do this. this is why ccapi was found, so you can use a pseudo debug syscall with cex target. @3141card has made some implementations, to use these syscalls temporary on cex, but those menu authors do not use it unfortunately.

i have made kernel detection with my prx trainers and when dex is detected, automatically sc905 is used, otherwise it uses sc201.

maybe hexing the prx file and replacing syscall905 with 201(=same ccapi syscall) can work, dunno

another thing would be, if the authors use ps3mapi cobra syscalls to write to memory, but that is their choice. this would also work with cex, though, ps3mapi is like ccapi very slow, so not recommended on my side
Click to expand...

Btw haxxxen, I think you can insert the debug syscall to the retail kernel directly, which was what CMX's been doing since 4.21.

If the same syscall slot is missing alternatively we could use other unused ones like syscall 6/7/8/8/10/11/15/38.

Right @habib?


Sent from my iPhone using Tapatalk
 
Joonie said:
Btw haxxxen, I think you can insert the debug syscall to the retail kernel directly, which was what CMX's been doing since 4.21.

If the same syscall slot is missing alternatively we could use other unused ones like syscall 6/7/8/8/10/11/15/38.

Right @habib?


Sent from my iPhone using Tapatalk
Click to expand...

ya its be nice to have Breakpoint Ability in the Cex side . without the need to go over to DEX ;)
 
Zar said:
[MENTION=29]Joonie[/MENTION]
you don't need to decrypt the eboot/self/sprx, so you don't need the key. You just have to change the value of fw version at the offset 0x40C or at 0x400. That's exactly what multiman do to fix the game.

but this error can be called for a lot of issue... according to devwiki : "Operation not permitted. An error occurred during the start operation (e.g.: debug self on retail)" . So, i'm not sure that what i told you will solve it :p
Click to expand...
rif bypass is due to ode protection removal. correct multiman uses root tail to fix games . as it acts as independent resigner .
 
OCELOT said:
rif bypass is due to ode protection removal. correct multiman uses root tail to fix games . as it acts as independent resigner .
Click to expand...

Rif bypass we research here has nothing to do with LIC.DAT check added for ODE though which was reversed by @deank long time ago


Sent from my iPhone using Tapatalk
 
Joonie said:
Rif bypass we research here has nothing to do with LIC.DAT check added for ODE though which was reversed by @deank long time ago


Sent from my iPhone using Tapatalk
Click to expand...
its already seen in webman mod
the lic dat check is only for games since 2010 that dont have it
which is why stupid ofw game injection worked on 4.70
before it was patched
hence ode protection removal.
theres many other ways to look at it though
CRT_HEAD += $(shell ppu-lv2-gcc -print-file-name'='ecrti.o)
CRT_HEAD += $(shell ppu-lv2-gcc -print-file-name'='crtbegin.o)
CRT_TAIL += $(shell ppu-lv2-gcc -print-file-name'='crtend.o)
CRT_HEAD += $(shell ppu-lv2-gcc -print-file-name'='ecrtn.o)
 
OCELOT said:
its already seen in webman mod
the lic dat check is only for games since 2010 that dont have it
which is why stupid ofw game injection worked on 4.70
before it was patched
hence ode protection removal.
theres many other ways to look at it though
CRT_HEAD += $(shell ppu-lv2-gcc -print-file-name'='ecrti.o)
CRT_HEAD += $(shell ppu-lv2-gcc -print-file-name'='crtbegin.o)
CRT_TAIL += $(shell ppu-lv2-gcc -print-file-name'='crtend.o)
CRT_HEAD += $(shell ppu-lv2-gcc -print-file-name'='ecrtn.o)
Click to expand...

You're mixing things up lol


Sent from my iPhone using Tapatalk
 
You must log in or register to reply here.

Similar threads

Back
Top