forums.ps2dev.org

The slim's preipl is almost the same as the phat one. However, if you really really want to take a look at the slim preipl, I think using booster's code is your best shot. I recall I read a thread here about 2 months ago (and I can't remember which one it was), that, booster's SDK code doesn't work ...

It's against the rule here to help you with game related hacking. But as far as the general decryption is concerned, you are right, non-kernel modules are decrypted by msg_led. I have never found any source code for prxdecrypyer either, although many people might expect that it's open source. You ca...

Anyone want this ? ^^ I don't mean to offend you, but I don't really see the point of it. If you would like to share it, then why don't you share it. By the way, people who are dealing with assembly in a regular basis should already have something similar. Excuse me, I just realized I am talking to...

Oh, my apology then :/

Well, then what you need to do is clear: just reverse engineer the IPL.

It's just a matter of time to find out what you what :)

Hey man, please be polite to other devs. They don't do it because they have to give out the algorithm to you. But like I said, you can always figure it out yourself. Are they afraid that I make an CFW ?? I don't know about that. But if you can make one, you probably shouldn't be here and asking this...

But, how look likes the key ^^ ? I found that (bu following the code) : 0xBF 0x0E 0xBF 0xC0 0x02 0x80 0xEC 0x0F 0xEC 0x4F 0xED 0x8F 0x71 0x40 0xE9 0x8F It's maybe that or not, but what is the algorithm to decrpt the IPL2 ?? I remember last time I saw an IPL, it's doing a lot of uncovering of its tr...

dridri wrote:UP


I decrypted the 01g IPL, but where is the key ??

It should be somewhere in the decrypted IPL, just follow the mips code.
Even if they change the decrypting routine, it would contain specific instructions to tell the ipl how to decrypt kernel modules.

Is this Sony's way of telling you "thanks for trying"? Sorry for my non-suggestive comment. :p I think there are many reasons that you are getting this kind of wired stuff. It might be the best for you to analyze the problem yourself. Given that what you are trying to do, you should be cap...

So what you want is to be able to step through code at the instruction level then? Well... for a start GDB does that, psplink should do that (not checked it still works :P). Alternatively use printf perhaps, if you run your code in psplink then doing printf (or fprintf(stderr, ...)) will spit out t...

I think you are thinking about this the wrong way. Look at the source for psplink. Thanks for your comments, maybe I am heading the wrong direction. I was just thinking about this in different way - it might sound a bit crazy (please don't laugh at me). What was in my mind was that I found printf()...

Aren't people ask questions here when they are not sure? plus I did not ask for a lesson either. At least, I know what I am doing is possible, although you don't necessarily agree with what I am doing. What I mean by asking for help is someone (hopefully) comes out and clarify points I am not quite...

Given what you are trying to do, asking for help is self-defeating. If you don't know how, go learn. We don't give lessons here in any case. This is a developer board, not a correspondence class for ITT. Aren't people ask questions here when they are not sure? plus I did not ask for a lesson either...

Just change it at link time, do you really need to do it at runtime? You should be able to set things up however you'd like by modifying the linker script accordingly. I am not pretending I know everything pretty well here :) Yeah, I suppose I can write a application my own and change the linker sc...

What exactly do you want to do? All the addresses (in the rodata, data and bss segments) within the executable are resolved at link time. To move any of them at run time would require you to fix up the offsets within the whole program and fix the relocations. You could, I suppose, if you know the s...

Hi everyone, I am finally free from school again and able to learn more about my PSP :) After playing around with the internal memory for a few days, I found out the following main memory layout for a typical application at its run time (I assume it is also true for many other apps): ***************...

Thanks for the clarification. Assuming in the simplest possible situation, in which you only have the main thread running for the target application (I am not sure if this is the case for every real application out there), in this case, should the initial address of $sp start somewhere at the top of...

In learning assembly language, I am still not quite sure how does the PSP allocation for a program ans its data. Assume that I am in pre-3.7x fw, now if I have a memory dump from 0x08800000 - 0x08800000 + 0x01800000 = 0x098800000 (I am not sure if I am looking at the right memory region, correct me ...

i cant tell if it can be used as a hardware debugger just by reading its documentation.

can anyone clarify this?

here is a code fragment i have this time: ; Subroutine sub_0884F7B0 - Address 0x0884F7B0 sub_0884F7B0: ; Refs: 0x0884D7E4 0x0884D8C0 0x0884F7B0: 0x3C020899 '...<' - lui $v0, 0x899 0x0884F7B4: 0x03E00008 '....' - jr $ra 0x0884F7B8: 0x2442728C '.rB$' - addiu $v0, $v0, 29324 0x0884F7BC: 0x27BDFFF0 '......

hey guys: I have a question about using prxtool debugging a program. I remember last time I used prxtool to disassemble a boot.bin, it will alert you whenever it detects a valuable pointing to a memory location, something like this: =========================================== ... ... ... loc_0002B2C...

oh, i see. Sorry for being too panic without taking a look at the rules.

=P

hey guys, Something was really bothering me yesterday when I was analyzing the assembly code of a decrypted eboot and compare to the output made by the prxtool. Here is the disassembly code segment I was looking at ... 0x00003090: 0x27BDFFE0 '...'' - addiu $sp, $sp, -32 0x00003094: 0x24030001 '...$'...

yeah, i am using prxtool, and i have searched through the whole program (using '0013B100') but didn't see any reference pointing at that location or anywhere near there... search B100, as the reference is probably splitted between 0013 and B100 ;) it wouldn't work for B100 as its a big file and the...

yeah, i am using prxtool, and i have searched through the whole program (using '0013B100') but didn't see any reference pointing at that location or anywhere near there...

come across another weird place: here is the function call: ; ====================================================== ; Subroutine sub_0013AD58 - Address 0x0013AD58 sub_0013AD58: ; Refs: 0x0013AC8C 0x0013ACD0 0x0013AD58: 0x27BDFFE0 '...'' - addiu $sp, $sp, -32 0x0013AD5C: 0xAFB3000C '....' - sw $s3, ...

$v0 and $v1 are the return value registers, but why would you ever want to use both of them for the return value? the only instance i can think of is when you want to return a 64bit long double value, are there any other instances you will need to make use of both registers? A structure that fits i...

For those who have decompiled allegrex assembly code before, i got another question for you, but i think it's a pretty general assembly code question tho =P $v0 and $v1 are the return value registers, but why would you ever want to use both of them for the return value? the only instance i can think...

does anyone know what kind of compression algorithms (or known compression algorithms) are using in the psp system?
are there any source code for that?
looks like the assembly code i am reading resembles some kind of compression scheme, but i am not quite sure...
thanks for any helps!

i am not sure if i got the ins instruction right ins $1 $2 x y so what it does it to clobber the the bits from index x to y-1 of the first register with that of the second register? it doesn't seem I was able to find any info on this instruction from my google searches about the MIPS32 R2 documenta...