Advertising (This ad goes away for registered users. You can Login or Register)
This is the development forum of the half-byte loader project. For general Half Byte Loader questions, visit the Half Byte Loader forum.
Forum rules
This forum is for HBL Development discussions ONLY. For User support or HBL general discussions, go to
viewforum.php?f=3 . Messages that are not development related will be deleted.
-
neur0n
- Guru
- Posts: 46
- Joined: Tue Sep 28, 2010 2:52 am
-
Contact:
Post
by neur0n » Thu Oct 07, 2010 2:25 pm
Why don't you edit GetFirmwareVersion() like this?
Code: Select all
#define DETECT_FIRMWARE_ADDR 0x08800B6C
#define DETECT_FIRMWARE_600 0x06000010
#define DETECT_FIRMWARE_610 0x06010010
#define DETECT_FIRMWARE_620 0x06020010
#define DETECT_FIRMWARE_630 0x06030010
#define DETECT_FIRMWARE_631 0x06030110
//edit
#define DETECT_FIRMWARE_ADDR_5xx 0x088005A0
#define DETECT_FIRMWARE_500 0x05000010
#define DETECT_FIRMWARE_550 0x47656373
Code: Select all
u32 getFirmwareVersion()
{
tGlobals * g = get_globals();
if (g->firmware_version != 1)
return g->firmware_version;
g->firmware_version = 0;
#ifdef DETECT_FIRMWARE_ADDR
u32 value = *(u32*)DETECT_FIRMWARE_ADDR;
//edit
#ifdef DETECT_FIRMWARE_ADDR_5xx
if(value==0)
{
value= *(u32*)DETECT_FIRMWARE_ADDR_5xx;
}
#endif
switch (value)
{
#ifdef DETECT_FIRMWARE_500
case DETECT_FIRMWARE_500:
g->firmware_version = 500;
break;
#endif
#ifdef DETECT_FIRMWARE_503
case DETECT_FIRMWARE_503:
g->firmware_version = 503;
break;
#endif
#ifdef DETECT_FIRMWARE_550
case DETECT_FIRMWARE_550:
g->firmware_version = 550;
break;
#endif
#ifdef DETECT_FIRMWARE_551
case DETECT_FIRMWARE_551:
g->firmware_version = 551;
break;
#endif
#ifdef DETECT_FIRMWARE_555
case DETECT_FIRMWARE_555:
g->firmware_version = 555;
break;
#endif
#ifdef DETECT_FIRMWARE_570
case DETECT_FIRMWARE_570:
g->firmware_version = 570;
break;
#endif
#ifdef DETECT_FIRMWARE_600
case DETECT_FIRMWARE_600:
g->firmware_version = 600;
break;
#endif
#ifdef DETECT_FIRMWARE_610
case DETECT_FIRMWARE_610:
g->firmware_version = 610;
break;
#endif
#ifdef DETECT_FIRMWARE_620
case DETECT_FIRMWARE_620:
g->firmware_version = 620;
break;
#endif
#ifdef DETECT_FIRMWARE_630
case DETECT_FIRMWARE_630:
g->firmware_version = 630;
break;
#endif
#ifdef DETECT_FIRMWARE_631
case DETECT_FIRMWARE_631:
g->firmware_version = 631;
break;
#endif
}
#endif
return g->firmware_version;
}
This way can be used with almost all Game.
I'm sorry by poor English.
Advertising
I have two Savedata Exploit.
One is Monster Hunter
-
JJS
- Big Beholder
- Posts: 1416
- Joined: Mon Sep 27, 2010 2:18 pm
-
Contact:
Post
by JJS » Thu Oct 07, 2010 8:56 pm
Thanks for the suggestion!
Maybe we can even fully automate this because it looks like sceKernelLibrary has the firmware version compiled in. It is always coming a certain amount of bytes after the string "sceGe_lazy" from the repective export of sceKernelLibrary. It is 48 byte higher than the start of the name for 5.00 - 5.51 and 56 byte higher on 6.xx. I haven't checked 5.55 or 5.70 yet.
Advertising
-
coyotebean
- Guru
- Posts: 96
- Joined: Mon Sep 27, 2010 3:22 pm
Post
by coyotebean » Fri Oct 08, 2010 5:06 am
That sounds like the "module_sdk_version" (NID 0x11B97506) exported in the prx.
GBASP x1, GBM x2, NDSL x2, PSP 100X x3, PSP 200X x6, PSP 300X x5, PSP Go x4, Wii x1
-
neur0n
- Guru
- Posts: 46
- Joined: Tue Sep 28, 2010 2:52 am
-
Contact:
Post
by neur0n » Fri Oct 08, 2010 7:59 am
coyotebean wrote:That sounds like the "module_sdk_version" (NID 0x11B97506) exported in the prx.
hmm...
Code: Select all
Exports:
Export 0, Name syslib, Functions 1, Variables 2, flags 80000000
Functions:
0xD632ACDB [0x00000380] - module_start
Variables:
0xF01D73A7 [0x0000047C] - module_info
0x11B97506 [0x000005A0] - syslib_11B97506
Code: Select all
bltz $t0, loc_000005E4 ; 0x000005A0: 0x05000010 '....'
Certainly, you are right.
I have two Savedata Exploit.
One is Monster Hunter
-
JJS
- Big Beholder
- Posts: 1416
- Joined: Mon Sep 27, 2010 2:18 pm
-
Contact:
Post
by JJS » Fri Oct 08, 2010 9:21 am
Nice. The library is always loaded at the start of user memory, so the position is pretty stable. I think it would be overkill to parse the exports of sceKernelLibrary and would propose to search for the "sceGe_lazy" string and use hardcoded offsets for FW < 5.70 and >= 5.70 like this:
Code: Select all
u32 getFirmwareVersion()
{
tGlobals * g = get_globals();
if (g->firmware_version != 1)
return g->firmware_version;
g->firmware_version = 0;
// Find the version in the exports of sceKernelLibrary
char* ge_lazy_address = memfindsz("sceGe_lazy", (char*)0x08800500, 0x00001000);
if (ge_lazy_address)
{
// Look at the position of the version for < 5.70
u32* version = (u32*)((u32)ge_lazy_address + 48);
if ((*version & 0x000000FF) != 0x01)
{
// Not a version number at that position, assume this is FW >= 5.70
version = (u32*)((u32)ge_lazy_address + 56);
}
g->firmware_version = ((*version >> 24) * 100)
+ (((*version & 0x00FF0000) >> 16) * 10)
+ ((*version & 0x0000FF00));
LOGSTR2("Detected firmware is 0x%08lX (%d)\n", *version, g->firmware_version);
}
else
{
LOGSTR0("Warning: Firmware version unknown, cannot find export string\n");
}
return g->firmware_version;
}
-
neur0n
- Guru
- Posts: 46
- Joined: Tue Sep 28, 2010 2:52 am
-
Contact:
Post
by neur0n » Fri Oct 08, 2010 9:42 am
It is possible to get FirmwareVersion from "sceKernelLibrary" string too.
Code: Select all
u32 getFirmwareVersion()
{
tGlobals * g = get_globals();
if (g->firmware_version != 1)
return g->firmware_version;
g->firmware_version = 0;
unsigned char cnt;
u32 version = 0;
u32 addr = memfindsz("sceKernelLibrary", (char*)0x08800300, 0x00001000);
addr+=(0x20/sizeof(int));
SceLibraryEntryTable *Entry = (SceLibraryEntryTable *)addr[0];
cnt = Entry->vstubcount + Entry->stubcount;
u32* pointer =(u32*) Entry->entrytable;
for(i=0;i++;i<cnt)
{
if(pointer[i]== 0x11B97506)//module_sdk_version" (NID 0x11B97506)
{
version = *(pointer[i + cnt] );
break;
}
}
if(version)
{
g->firmware_version = ((*version >> 24) * 100)
+ (((*version & 0x00FF0000) >> 16) * 10)
+ ((*version & 0x0000FF00));
}
else
{
LOGSTR0("Warning: Cannot find module_sdk_version function \n");
}
return g->firmware_version;
}
I have two Savedata Exploit.
One is Monster Hunter
-
JJS
- Big Beholder
- Posts: 1416
- Joined: Mon Sep 27, 2010 2:18 pm
-
Contact:
Post
by JJS » Fri Oct 08, 2010 10:15 am
Your version looks more correct. I like it.
Edit: It doesn't compile though. But if parsing the exports can be done this simple it looks like a method that will work even if the addresses change in future firmware revisions.
-
neur0n
- Guru
- Posts: 46
- Joined: Tue Sep 28, 2010 2:52 am
-
Contact:
Post
by neur0n » Fri Oct 08, 2010 3:58 pm
oh...
I posted a bad code.
Fixed code is here.
Code: Select all
u32 getFirmwareVersion()
{
tGlobals * g = get_globals();
if (g->firmware_version != 1)
return g->firmware_version;
g->firmware_version = 0;
u8 cnt;
u32 version = 0;
u8 i;
u32* addr = (u32 *)memfindsz("sceKernelLibrary", (char*)0x08800300, 0x00001000);
SceLibraryEntryTable *Entry = (SceLibraryEntryTable *) addr[8];
cnt = Entry->vstubcount + Entry->stubcount;
u32** pointer =(u32**) Entry->entrytable;
// LOGSTR1("Entry is 0x%08lX \n",(u32)Entry);
// LOGSTR1("cnt is 0x%08lX \n",(u32)cnt);
// LOGSTR1("pointer is 0x%08lX \n",(u32)pointer);
for(i=0;i< cnt;i++)
{
if( (u32)pointer[i]== 0x11B97506)
{
version = *(pointer[i + cnt]);
break;
}
}
// LOGSTR1("version is 0x%08lX \n",(u32)version);
if(version)
{
g->firmware_version = ((version >> 24) * 100)
+ (((version & 0x00FF0000) >> 16) * 10)
+ ((version & 0x0000FF00) >> 8);
}
else
{
LOGSTR0("Warning: Cannot find module_sdk_version function \n");
}
return g->firmware_version;
}
I have two Savedata Exploit.
One is Monster Hunter
-
JJS
- Big Beholder
- Posts: 1416
- Joined: Mon Sep 27, 2010 2:18 pm
-
Contact:
Post
by JJS » Fri Oct 29, 2010 7:54 pm
Added your last function to R104. Thank you, neur0n!
