WebKit ROP Chain Tutorials [Creation/Editing/Debugging] - PS3 Development

@jcorrea btw, 4.82 DEX offsets have not been added for PETT...mostly cause i forgot lol :D

Your best bet is to use the v3 base. you can modify any of the v3 extra tools, or check the han-autoxml repo on PS3Xploit github, for developer templates and other interesting things, which already have 4.82 DEX offsets added

You can watch the tutorial videos to help understand what is happening.

Each video on youtube has a link to original tutorial files that match video content, so you can follow along with debugger and HTML/JS. they all eventually merged into what is now PETT (PS3 Exploitation Tutorial Template)
 
Last edited:
esc0rtd3w said:
Updated PETT to 0.2.3
  • Added 4.82 DEX, 4.83 CEX, 4.84 CEX, and 4.84 DEX Offsets
  • Updated All Language Files
https://github.com/PS3Xploit/pett

this update will be mostly for 4.82 DEX users and curious people on CFW or on a modified 4.83/4.84 OFW with 4.82 silk_webkit.sprx
Click to expand...
Excuse me, but what would it be? on a modified 4.83 / 4.84 OFW with 4.82 silk_webkit.sprx? Sorry if that's a silly question, but I was curious. I wanted to know more about it.
 
Niander466 said:
Excuse me, but what would it be? on a modified 4.83 / 4.84 OFW with 4.82 silk_webkit.sprx? Sorry if that's a silly question, but I was curious. I wanted to know more about it.
Click to expand...

I know This is gonna sound dumb but
Is this how you make a mod menu for any game on ps3 ?
I have been asking but I must be too dumb
Or nobody can help.
I am not sure what is going on but
I just wish I could get someone to gide me
With a step by step on how to make a mod menu for any game on ps3 ..
And when I search it . It will show me that you can do it with the multi-man pkg
But it still doesn't make sence..
Because I know there is a way to mod what you want for the game your playing..
 
Micro said:
I know This is gonna sound dumb but
Is this how you make a mod menu for any game on ps3 ?
I have been asking but I must be too dumb
Or nobody can help.
I am not sure what is going on but
I just wish I could get someone to gide me
With a step by step on how to make a mod menu for any game on ps3 ..
And when I search it . It will show me that you can do it with the multi-man pkg
But it still doesn't make sence..
Because I know there is a way to mod what you want for the game your playing..
Click to expand...
No man this is webkit tutoriel to exploit the console and target specific adress in memory RAM to run unofficiel executable files or fake-signed one and this thread isn't related to cheat,hack,save hack,mod menu , this is only for eduction to know how to start exploit the ps3 from step zero till the result of a lot of hard work
 
Louay said:
No man this is webkit tutoriel to exploit the console and target specific adress in memory RAM to run unofficiel executable files or fake-signed one and this thread isn't related to cheat,hack,save hack,mod menu , this is only for eduction to know how to start exploit the ps3 from step zero till the result of a lot of hard work
Click to expand...

My bad
Thanks
Guess I am gonna get no were with this.
Because every time I ask no one knows or can help..
And from what I see there is not anything on this subject in any threads..
Sorry I I'm sorry if I'm wasting anyone's time..
 
Louay said:
exploit the console and target specific adress in memory RAM to run unofficiel executable files or fake-signed one and this thread isn't related to cheat,hack,save hack,mod menu
Click to expand...

Yes parts of this can be used to help learn/create mods and cheats, especially/mainly the Debugging tuts as you need to be able to find the offsets to be able to mod them. and RTM tools modify the game memory in RAM to mod the game, again you need to know how to use debugging options and tools to do this and be able to find the offsets in RAM for RTM.

This is how NCL (Artemis) cheats work as they modify the memory of the game in RAM.

BTW I used this tut to help with nearly all of the mods I have made myself.......

Micro said:
I know This is gonna sound dumb but
Is this how you make a mod menu for any game on ps3 ?
I have been asking but I must be too dumb
Or nobody can help.
I am not sure what is going on but
I just wish I could get someone to gide me
With a step by step on how to make a mod menu for any game on ps3 ..
And when I search it . It will show me that you can do it with the multi-man pkg
But it still doesn't make sence..
Because I know there is a way to mod what you want for the game your playing..
Click to expand...

Part of this can be used> like learning how to debug things and find memory offsets in EBOOTs and in RAM. But the bulk of making a mod menu is learning how to code> ie C++, C# style coding and such.

The easiest would be to make Artemis NCL cheats for yourself, alot of the games in the database do not use the most upto date versions of games for the cheats, its not exactly whant you want to know but it would be a good place to start on learning how to find memory offsets of game in EBOOTs and RAM and Debugging a game as these will be needed when making a Mod menu for any game.

EDIT: The best tool to use for finding memory offsets in RAM is ProDG.

EDIT 2: Also you should look at the tut for making NoPSN apps as this also dives into EBOOT Debugging.

https://www.psx-place.com/threads/t...g-up-development-debugging-environment.13287/
 
Last edited:
Cypher_CG89 said:
Yes parts of this can be used to help learn/create mods and cheats, especially/mainly the Debugging tuts as you need to be able to find the offsets to be able to mod them. and RTM tools modify the game memory in RAM to mod the game, again you need to know how to use debugging options and tools to do this and be able to find the offsets in RAM for RTM.

This is how NCL (Artemis) cheats work as they modify the memory of the game in RAM.

BTW I used this tut to help with nearly all of the mods I have made myself.......



Part of this can be used> like learning how to debug things and find memory offsets in EBOOTs and in RAM. But the bulk of making a mod menu is learning how to code> ie C++, C# style coding and such.

The easiest would be to make Artemis NCL cheats for yourself, alot of the games in the database do not use the most upto date versions of games for the cheats, its not exactly whant you want to know but it would be a good place to start on learning how to find memory offsets of game in EBOOTs and RAM and Debugging a game as these will be needed when making a Mod menu for any game.

EDIT: The best tool to use for finding memory offsets in RAM is ProDG.

EDIT 2: Also you should look at the tut for making NoPSN apps as this also dives into EBOOT Debugging.

https://www.psx-place.com/threads/t...g-up-development-debugging-environment.13287/
Click to expand...

So I may not be right but
The Eboot has the game code
And the Hex Editor will be able to change
The val for what you want to change in the game ? If I am understanding right.
 
Cypher_CG89 said:
Yes parts of this can be used to help learn/create mods and cheats, especially/mainly the Debugging tuts as you need to be able to find the offsets to be able to mod them. and RTM tools modify the game memory in RAM to mod the game, again you need to know how to use debugging options and tools to do this and be able to find the offsets in RAM for RTM.

This is how NCL (Artemis) cheats work as they modify the memory of the game in RAM.

BTW I used this tut to help with nearly all of the mods I have made myself.......



Part of this can be used> like learning how to debug things and find memory offsets in EBOOTs and in RAM. But the bulk of making a mod menu is learning how to code> ie C++, C# style coding and such.

The easiest would be to make Artemis NCL cheats for yourself, alot of the games in the database do not use the most upto date versions of games for the cheats, its not exactly whant you want to know but it would be a good place to start on learning how to find memory offsets of game in EBOOTs and RAM and Debugging a game as these will be needed when making a Mod menu for any game.

EDIT: The best tool to use for finding memory offsets in RAM is ProDG.

EDIT 2: Also you should look at the tut for making NoPSN apps as this also dives into EBOOT Debugging.

https://www.psx-place.com/threads/t...g-up-development-debugging-environment.13287/
Click to expand...
Yes i tell that cause i thing he doesn't know any programming language so the easy way is to learn basic languages and begin to mod him self or to directly download pre made mod menu
 
Thank you I appreciate the help .
I will check this out...
And I would definitely love to learn code
But again need to know were to start and need someone that knows what there doing..
 
Oh, I didn't even knew this thread exists!

Great stuff!
I wrote an introduction on Exploits on psx-tools.de a while ago (I intended to make it understandable for every Noob, but still interesting for advanced users.) and now I relayed those advanced and interested users and (Wannabe-) Hackers to this thread (here on psx-place.com) as well!

Here is the thread I am talking about (I will update it.): https://psxtools.de/index.php/Thread/75709-Exploit-s-Erklärung-für-Anfänger-und-Fortgeschrittene/
['Exploits: (An) explanation/introduction for Noobs and advanced users']

THX for this thread and I hope it is gonna be updated as well! :)
 
Last edited:
KevinF said:
could someone tell me how i use this with 4.86 hfw hen 3.0.1 pls?
Click to expand...
The point of using a webkit exploit is to get a way to execute some code when you are not supposed to.
If you already have HEN running, you are able to run custom code so you don't need this at all.
You can do any testing or whatever research using custom self files that you can build with the psl1ght open source sdk.
 
bguerville said:
The point of using a webkit exploit is to get a way to execute some code when you are not supposed to.
If you already have HEN running, you are able to run custom code so you don't need this at all.
You can do any testing or whatever research using custom self files that you can build with the psl1ght open source sdk.
Click to expand...
I know this, but what I want to know, is how do I install this pett on 4.86hfw?
 
KevinF said:
I know this, but what I want to know, is how do I install this pett on 4.86hfw?
Click to expand...
You would need to do at least 2 things.

1. Edit init.js to add "4.86" at the end of the array: var fwcompat =[...., "4.86"];
2. Edit the ps3chck function offsets.js to add in the switch command, just before 'default:'

case fwCompat[27]:
vshType="CEX";
addr_idps=0x725B38;
g_toc=0x6F5558;
g_1=0x0D9684;
g_2=0x097604;
g_set_r4_thru_r11=0x60EFD8
g_set_high_only=g_set_r4_thru_r11+0x7C;
g_set_r3_from_r29=0x42D93C;
g_set_r3_with_ld=0x19D3B0;
g_set_r5_from_r29=0x054AF0;
g_set_r31_F8=0x627664;
g_set_r31_108=0x628834;
g_sc_80=0x0D9684;
g_sc_90=0x42C778;// fixme (check other fw versions)
g_sc_A0=0x1705D8;// fixme (check other fw versions)
g_sc_set_r3_from_r9=g_1-0x4;
g_sc_set_r3_from_r10=0x31FA8C;
e_fopen_write_close=0x423B18;
s_mount_hdd1=0x631AFC; s_unk_game_debug_pafjob=0x0D103C;
g_init_reboot=0x0C526C;
g_init_shutdown=0x0C5234;
g_exit_chain=0x2BACB8;
g_printf=0x59A4B0;
break;



Vsh has not really changed between 4.84 & 4.86 so the offsets above should still be valid, however they haven't been checked.


If you do get a crash, you will need to verify all the offsets except addr_idps which is not in vsh binary & g_toc which is good for sure, the best is to use IDA or Ghidra, but it can be done in an hex editor.
You simply open 4.84 vsh cex in one instance of your disassembler/editor & 4.86 vsh cex in another then you navigate to all the offsets above in each instance, they should point to the exact same data. A difference in offset of +4 or +8, which is really as much as you could expect from one 4.8x version to another 4.8x version, would lead to a crash.
 
Last edited:
bguerville said:
You would need to do at least 2 things.

1. Edit init.js to add "4.86" at the end of the array: var fwcompat =[...., "4.86"];
2. Edit the ps3chck function offsets.js to add in the switch command, just before 'default:'

case fwCompat[27]:
vshType="CEX";
addr_idps=0x725B38;
g_toc=0x6F5558;
g_1=0x0D9684;
g_2=0x097604;
g_set_r4_thru_r11=0x60EFD8
g_set_high_only=g_set_r4_thru_r11+0x7C;
g_set_r3_from_r29=0x42D93C;
g_set_r3_with_ld=0x19D3B0;
g_set_r5_from_r29=0x054AF0;
g_set_r31_F8=0x627664;
g_set_r31_108=0x628834;
g_sc_80=0x0D9684;
g_sc_90=0x42C778;// fixme (check other fw versions)
g_sc_A0=0x1705D8;// fixme (check other fw versions)
g_sc_set_r3_from_r9=g_1-0x4;
g_sc_set_r3_from_r10=0x31FA8C;
e_fopen_write_close=0x423B18;
s_mount_hdd1=0x631AFC; s_unk_game_debug_pafjob=0x0D103C;
g_init_reboot=0x0C526C;
g_init_shutdown=0x0C5234;
g_exit_chain=0x2BACB8;
g_printf=0x59A4B0;
break;



Vsh has not really changed between 4.84 & 4.86 so the offsets above should still be valid, however they haven't been checked.


If you do get a crash, you will need to verify all the offsets except addr_idps which is not in vsh binary & g_toc which is good for sure, the best is to use IDA or Ghidra, but it can be done in an hex editor.
You simply open 4.84 vsh cex in one instance of your disassembler/editor & 4.86 vsh cex in another then you navigate to the all offsets in each instance, they should point to the exact same data. A difference in offset of +4 or +8 would lead to a crash.
Click to expand...
thank you
 
YouTube has terminated my account because they are tyrants and commies. I will have to mirror all of the tutorial videos to another platform. If anyone is still interested anyways....

388f4c5952a5d7d5.png


cd43f57fcc0a6075.png


8cf90428c2e7b58e.png
 
lol, I knew you are a scammer and there is no exploit for the unhackables...;)
nice song and please do reupload your other vids about the different exploit stages. I think I have downloaded some but not all if at all
 
You must log in or register to reply here.

Similar threads

Back
Top