Reverse of TN HEN main function
Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
Forum rule Nº 15 is strictly enforced in this subforum.
-
- Banned
- Posts: 13
- Joined: Wed Feb 23, 2011 10:31 am
Re: Reverse of TN HEN main function
the hen works ok and it loads homebrews but i cant when i press select nothing appears
Advertising
-
- Posts: 29
- Joined: Tue Jan 18, 2011 7:32 am
Re: Reverse of TN HEN main function
Did you compile the satelite.prx and copy it in the root of your memorystick...exploitcrash wrote:the hen works ok and it loads homebrews but i cant when i press select nothing appears
Advertising
PSP 3000 6.20 PRO-B5 Permanent Patch
-
- Banned
- Posts: 13
- Joined: Wed Feb 23, 2011 10:31 am
Re: Reverse of TN HEN main function
nope
but thnx
but thnx
Permanent HEN
I made this HEN permanent, it will go on even after reboot.
I renamed original vshmain.prx to vshorig.prx, replaced original vshmain.prx with HEN loader (modified to use power imports and not HTML hack), and modified rebootex code to this:You have to pack fake vshmain.prx like explained here, of course use original vshmain.prx as base and not lfatfs.
Tested on PSP-1000, TA-079.
I renamed original vshmain.prx to vshorig.prx, replaced original vshmain.prx with HEN loader (modified to use power imports and not HTML hack), and modified rebootex code to this:
Code: Select all
void
rename_module(void *a0, char *mod_name, char *neu_mod_name)
{
ModuleEntry *pmod;
int i, len;
char *modules_start, *names_start;
BtcnfHeader *hdr = a0;
modules_start = (char *) a0 + hdr->modules_start;
names_start = (char *) a0 + hdr->names_start;
pmod = (ModuleEntry *) modules_start;
len = __strlen(mod_name) + 1;
if (hdr->modules_nr < 0)
return;
/* search mod by name */
for (i = 0; i < hdr->modules_nr; i++) {
if (!__memcmp(names_start + pmod->name, mod_name, len))
break;
pmod++;
}
if (i == hdr->modules_nr)
return;
__memcpy(names_start + pmod->name, neu_mod_name, len);
}
int
sceBootDecryptPSP_Patched(void *a0, void *a1)
{
int r;
r = sceBootDecryptPSP(a0, a1);
inject_module(a0, "/kd/init.prx", HEN_STR, 255);
rename_module(a0, "/vsh/module/vshmain.prx", "/vsh/module/vshorig.prx");
return r;
}
Tested on PSP-1000, TA-079.
Re: Reverse of TN HEN main function
@kgsws Fantastic!!!!!!!!! I think it deserves a branch. However it will be difficult for me to commit it coz I have only PSP3004 and I'm still in need of OFW. I'll see how I can test and commit it.
FYI
I'm still working on the HEN coz I started LFTV protocol reverse.
I added 2 exports to systemctrl so that it's convenient to add hooks to vsh modules (e.g. lftv module).
EDITED for sctrlPatchModule
FYI
I'm still working on the HEN coz I started LFTV protocol reverse.
I added 2 exports to systemctrl so that it's convenient to add hooks to vsh modules (e.g. lftv module).
Code: Select all
/* SystemCtrlForUser_62CAC4CF */
extern void sctrlPatchModule(char *name, u32 patch, u32 offset);
/* SystemCtrlForUser_2A868045 */
extern u32 sctrlModuleTextAddr(char *name);
Last edited by jigsaw on Sat Mar 05, 2011 10:21 pm, edited 2 times in total.
Re: Reverse of TN HEN main function
@jigsaw if needed I can test on my PSP1000
Re: Reverse of TN HEN main function
Yes please. And once it's done pls let me know.Valantin wrote:@jigsaw if needed I can test on my PSP1000
Re: Reverse of TN HEN main function
I think now it can be better to just copy systemcontrol.prx (and all other CFW PRXes) to flash0. It will make sceBootLfat patches obsolete.
Now i will try to make simple installer (that will do all encryption on each PSP, to be safe).
Also, it is possible to add recovery menu to fake vshmain.prx, and maybe "CFW logo", sice it shows debug text on first boot.
Now i will try to make simple installer (that will do all encryption on each PSP, to be safe).
Also, it is possible to add recovery menu to fake vshmain.prx, and maybe "CFW logo", sice it shows debug text on first boot.
Re: Reverse of TN HEN main function
LOL. there was a misunderstanding ..jigsaw wrote:Yes please. And once it's done pls let me know.Valantin wrote:@jigsaw if needed I can test on my PSP1000
I'm currently working there.
if you posted a sample, test it, and maybe I can help in the development
I have no experience with the kirk-engine, and I do not know where to start.
@kgsws do not understand why to use the hen? if you can pretend that the hen loader is the original vshmain.prx why not use directly systemctrl?
Re: Reverse of TN HEN main function
Just a reminder to those who are interested in extending this HEN:
Please update your local revision up to rev 231, coz from rev 232 on lftv patch is introduced. I guess most of you won't be interested in that, which is for debugging/testing lftv protocol only.
I'm considering adding a branch which sticks to pure HEN (w/o lftv), a second branch for flash0, and the trunk keeps going with lftv.
EDIT:
2 branches added. both based on rev 231.
branches/original is for original HEN. This branch is for bug fixing to original HEN only. Any bug fix will be merged to other branch(es) and trunk.
branches/cfw is for permanent CFW. This branch is for kgsws's CFW.
trunk will be playground for other new features such as lftv.
Please update your local revision up to rev 231, coz from rev 232 on lftv patch is introduced. I guess most of you won't be interested in that, which is for debugging/testing lftv protocol only.
I'm considering adding a branch which sticks to pure HEN (w/o lftv), a second branch for flash0, and the trunk keeps going with lftv.
EDIT:
2 branches added. both based on rev 231.
branches/original is for original HEN. This branch is for bug fixing to original HEN only. Any bug fix will be merged to other branch(es) and trunk.
branches/cfw is for permanent CFW. This branch is for kgsws's CFW.
trunk will be playground for other new features such as lftv.