Page 2 of 4
Re: Help patching this...
Posted: Tue Feb 01, 2011 12:15 pm
by pspgeneration
I think Ill Do what NightStar said...
Look at TN's patching address.... Maybe I can do something with it and patch Davee's Version and Mac Address Spoofer...If that doesnt work I'll do what JJS told me.... Thanks you 2S!
Re: Help patching this...
Posted: Tue Feb 15, 2011 2:38 pm
by L5230742
Seems I found something after examining the sysconf_plugin.prx (extracted and decrypted with PSAR Dumper from the OFW update) of all these known OFW with a hex editor.
The old 0x15EE0 was changed to 0x15D74 in 5.5x OFW, according to the code of an unofficial Davee's spoofer v4 by Zer01ne.
I checked these addresses in these versions and found the clue is a hex string of "00 01 05 24 21 20" in sysconf_plugin.prx that begins from the address mentioned above. When searching that string in the sysconf of later OFW, there is only one matching address, and that is the sysconf address needed by the spoofer. The second address is calculated by using the address found minus "2D0".
The sysconf addresses are:
Code: Select all
//6.20, found, untested
{ PSP_FIRMWARE(0x620), 0x18920, 0x18650 },
//6.35, found
{ PSP_FIRMWARE(0x635), 0x18F3C, 0x18C6C },
//6.37, sysconf didn't change...
{ PSP_FIRMWARE(0x637), 0x18F3C, 0x18C6C },
I didn't test the 6.20 address myself as I'm now on 6.35 PRO-A3. However, the version spoofing doesn't work on PRO-A3, while the MAC spoofing works.
Maybe the address for 6.35 will work on all 6.3x as the address didn't change in 6.37.
Re: Help patching this...
Posted: Tue Feb 15, 2011 3:25 pm
by DaNS
L5230742 wrote:[spoiler]Seems I found something after examining the sysconf_plugin.prx (extracted and decrypted with PSAR Dumper from the OFW update) of all these known OFW with a hex editor.
The old 0x15EE0 was changed to 0x15D74 in 5.5x OFW, according to the code of an unofficial Davee's spoofer v4 by Zer01ne.
I checked these addresses in these versions and found the clue is a hex string of "00 01 05 24 21 20" in sysconf_plugin.prx that begins from the address mentioned above. When searching that string in the sysconf of later OFW, there is only one matching address, and that is the sysconf address needed by the spoofer. The second address is calculated by using the address found minus "2D0".
The sysconf addresses are:
Code: Select all
//6.20, found, untested
{ PSP_FIRMWARE(0x620), 0x18920, 0x18650 },
//6.35, found
{ PSP_FIRMWARE(0x635), 0x18F3C, 0x18C6C },
//6.37, sysconf didn't change...
{ PSP_FIRMWARE(0x637), 0x18F3C, 0x18C6C },
I didn't test the 6.20 address myself as I'm now on 6.35 PRO-A3. However, the version spoofing doesn't work on PRO-A3, while the MAC spoofing works.
Maybe the address for 6.35 will work on all 6.3x as the address didn't change in 6.37.[/spoiler]
I found 6.20 a few weeks ago
But canceled my project because we´ll get flamed with so many fake CFW´s & videos ! "Uhhh i programmed a new CFW"
btw:
//6.36
{ PSP_FIRMWARE(0x636), 0x18F3C, 0x18C6C },
same as 6.35 & 6.37 as usual
ps: i tried it the same way
its the simplest way...
Re: Help patching this...
Posted: Tue Feb 15, 2011 3:45 pm
by L5230742
DaNS wrote:
I found 6.20 a few weeks ago
But canceled my project because we´ll get flamed with so many fake CFW´s & videos ! "Uhhh i programmed a new CFW"
You're right. The spoofer is merely a tool enabling you to decorate the system information with things you want, not a tool to trick others.
I'd love to put a compiled version for testing, but now thinking about it would lead to this, I'd better not.
Anyway, the problem causing the version spoofing is not working on 6.35 PRO-Ax is yet to be found.
Re: Help patching this...
Posted: Tue Feb 15, 2011 3:59 pm
by SoftHacker
Re: Help patching this...
Posted: Tue Feb 15, 2011 4:29 pm
by DaNS
Hello guys,
here is a compiled version by cha0z...
btw: everybody can compile such a thing -.-"
anyway he discredited me here:
http://www.pspking.de/forum/showthread. ... #pid401102
Code: Select all
#include <pspkernel.h>
#include <systemctrl.h>
#include <systemctrl_se.h>
#include <kubridge.h>
#include <string.h>
PSP_MODULE_INFO("SysconfPatcher", 0x1007, 1, 0);
#define MAKE_CALL(a, f) _sw(0x0C000000 | (((u32)(f) >> 2) & 0x03ffffff), a)
#define PSP_FIRMWARE(f) ((((f >> 8) & 0xF) << 24) | (((f >> 4) & 0xF) << 16) | ((f & 0xF) << 8) | 0x10)
STMOD_HANDLER previous = NULL;
char *ver_info = NULL;
char *mac_info = NULL;
typedef struct
{
u32 devkit;
u32 sysconf_ver;
u32 sysconf_mac;
} PatchesVersion;
PatchesVersion sysconfPatches[] =
{
{ PSP_FIRMWARE(0x500), 0x15EE0, 0x15C10 },
{ PSP_FIRMWARE(0x502), 0x15EE0, 0x15C10 },
{ PSP_FIRMWARE(0x503), 0x15EE0, 0x15C10 },
/* Thanks to: L5230742&DaNS */
{ PSP_FIRMWARE(0x550), 0x15D74, 0x15C10 }, //Zer01ne
{ PSP_FIRMWARE(0x620), 0x18920, 0x18650 }, // DaNS & L5230742
{ PSP_FIRMWARE(0x635), 0x18F3C, 0x18C6C }, //L5230742
{ PSP_FIRMWARE(0x636), 0x18F3C, 0x18C6C }, // DaNS
{ PSP_FIRMWARE(0x637), 0x18F3C, 0x18C6C }, /L5230741 & DaNS
};
#define PATCHES_N (sizeof(sysconfPatches) / sizeof(PatchesVersion))
int OnModuleStart(SceModule2 *mod)
{
int i;
u32 ver = sceKernelDevkitVersion();
if (strcmp(mod->modname, "sysconf_plugin_module") == 0)
{
for (i = 0; i < PATCHES_N; i++)
{
if (sysconfPatches[i].devkit == ver)
{
if (ver_info)
{
_sw(0x3C020000 | ((int)ver_info >> 16), mod->text_addr + sysconfPatches[i].sysconf_ver);
_sw(0x34420000 | ((int)ver_info & 0xFFFF), mod->text_addr + sysconfPatches[i].sysconf_ver + 4);
}
if (mac_info)
{
_sw(0x3C060000 | ((int)mac_info >> 16), mod->text_addr + sysconfPatches[i].sysconf_mac);
_sw(0x24C60000 | ((int)mac_info & 0xFFFF), mod->text_addr + sysconfPatches[i].sysconf_mac + 4);
}
sceKernelDcacheWritebackAll();
sceKernelIcacheClearAll();
}
}
}
if (!previous)
return 0;
return previous(mod);
}
int getSpoof(char *file, int mode)
{
int i;
char *global;
u16 isunicode = 0;
SceIoStat stat;
memset(&stat, 0, sizeof(SceIoStat));
if (sceIoGetstat(file, &stat) < 0)
return -1;
SceUID fd = sceIoOpen(file, PSP_O_RDONLY, 0777);
if (fd < 0)
return -1;
sceIoRead(fd, &isunicode, sizeof(u16));
if (isunicode != 0xFEFF)
{
isunicode = 0;
stat.st_size = (stat.st_size * 2) + 2;
sceIoLseek32(fd, 0, PSP_SEEK_SET);
}
SceUID block_id = sceKernelAllocPartitionMemory(2, "", PSP_SMEM_Low, stat.st_size, NULL);
if (block_id < 0)
return -1;
global = sceKernelGetBlockHeadAddr(block_id);
memset(global, 0, stat.st_size);
if (isunicode)
{
sceIoRead(fd, global, stat.st_size - 2);
}
else
{
for (i = 0; i < (stat.st_size / 2); i++)
{
sceIoRead(fd, global + (i * 2), 1);
}
}
if (!mode)
ver_info = global; //lazy
else
mac_info = global;
sceIoClose(fd);
return 0;
}
int module_start(SceSize args, void *argp)
{
int ret;
int pspmodel = sceKernelGetModel();
if (pspmodel >= 4)
{
ret = getSpoof("ef0:/seplugins/firmware.txt", 0);
ret += getSpoof("ef0:/seplugins/mac_adress.txt", 1);
if (ret < -1)
return ret;
previous = sctrlHENSetStartModuleHandler(OnModuleStart);
return 0;
}
else
ret = getSpoof("ms0:/seplugins/firmware.txt", 0);
ret += getSpoof("ms0:/seplugins/mac_adress.txt", 1);
if (ret < -1)
return ret;
previous = sctrlHENSetStartModuleHandler(OnModuleStart);
return 0;
}
- fms.rar
- By DaNS,L5230742&Davee
- (1.79 KiB) Downloaded 180 times
btw: i´m fixit there xD
Re: Help patching this...
Posted: Tue Feb 15, 2011 5:04 pm
by SoftHacker
the mac address doesn't spoof correctly
i got Japanese symbols or so...
can you fix this ****, pls
here a screenshoot
EDIT: my mac_adress.txt
Re: Help patching this...
Posted: Tue Feb 15, 2011 5:23 pm
by pspgeneration
SoftHacker wrote:also i get errors in the "main.cpp"
that's because it's not suppose to be main.cpp and yet main.c... Thanks guys I just now checked pspking.de and found fixit98's topic on Version Spoofer for 6.xx...
Re: Help patching this...
Posted: Tue Feb 15, 2011 5:27 pm
by SoftHacker
Re: Help patching this...
Posted: Tue Feb 15, 2011 5:31 pm
by pspgeneration
SoftHacker wrote:and whats about the mac spoof error
i won't crappy symbols, i want the content of "mac_adress.txt"
here the screenshot again
What about it?