Page 34 of 41

Re: Reverse of TN HEN main function

Posted: Fri Mar 04, 2011 7:37 pm
by exploitcrash
the hen works ok and it loads homebrews but i cant when i press select nothing appears

Re: Reverse of TN HEN main function

Posted: Fri Mar 04, 2011 11:53 pm
by juggernaut6613
exploitcrash wrote:the hen works ok and it loads homebrews but i cant when i press select nothing appears
Did you compile the satelite.prx and copy it in the root of your memorystick... :roll:

Re: Reverse of TN HEN main function

Posted: Sat Mar 05, 2011 9:33 am
by exploitcrash
nope
but thnx

Permanent HEN

Posted: Sat Mar 05, 2011 2:31 pm
by kgsws
I made this HEN permanent, it will go on even after reboot. :)

I renamed original vshmain.prx to vshorig.prx, replaced original vshmain.prx with HEN loader (modified to use power imports and not HTML hack), and modified rebootex code to this:

Code: Select all

void
rename_module(void *a0, char *mod_name, char *neu_mod_name)
{
	ModuleEntry *pmod;
	int i, len;
	char *modules_start, *names_start;
	BtcnfHeader *hdr = a0;

	modules_start = (char *) a0 + hdr->modules_start;
	names_start = (char *) a0 + hdr->names_start;

	pmod = (ModuleEntry *) modules_start;
	len = __strlen(mod_name) + 1;

	if (hdr->modules_nr < 0)
		return;

	/* search mod by name */
	for (i = 0; i < hdr->modules_nr; i++) {
		if (!__memcmp(names_start + pmod->name, mod_name, len))
			break;
		pmod++;
	}
	if (i == hdr->modules_nr)
		return;

	__memcpy(names_start + pmod->name, neu_mod_name, len);
}

int
sceBootDecryptPSP_Patched(void *a0, void *a1)
{
	int r;
	
	r = sceBootDecryptPSP(a0, a1);
	inject_module(a0, "/kd/init.prx", HEN_STR, 255);
	rename_module(a0, "/vsh/module/vshmain.prx", "/vsh/module/vshorig.prx");

	return r;
}
You have to pack fake vshmain.prx like explained here, of course use original vshmain.prx as base and not lfatfs.

Tested on PSP-1000, TA-079.

Re: Reverse of TN HEN main function

Posted: Sat Mar 05, 2011 9:22 pm
by jigsaw
@kgsws Fantastic!!!!!!!!! :o I think it deserves a branch. However it will be difficult for me to commit it coz I have only PSP3004 and I'm still in need of OFW. I'll see how I can test and commit it.

FYI
I'm still working on the HEN coz I started LFTV protocol reverse.
I added 2 exports to systemctrl so that it's convenient to add hooks to vsh modules (e.g. lftv module).

Code: Select all

/* SystemCtrlForUser_62CAC4CF */
extern void sctrlPatchModule(char *name, u32 patch, u32 offset);

/* SystemCtrlForUser_2A868045 */
extern u32 sctrlModuleTextAddr(char *name);
EDITED for sctrlPatchModule

Re: Reverse of TN HEN main function

Posted: Sat Mar 05, 2011 10:06 pm
by Valantin
@jigsaw if needed I can test on my PSP1000 :D

Re: Reverse of TN HEN main function

Posted: Sat Mar 05, 2011 10:22 pm
by jigsaw
Valantin wrote:@jigsaw if needed I can test on my PSP1000 :D
Yes please. And once it's done pls let me know. :D

Re: Reverse of TN HEN main function

Posted: Sat Mar 05, 2011 10:54 pm
by kgsws
I think now it can be better to just copy systemcontrol.prx (and all other CFW PRXes) to flash0. It will make sceBootLfat patches obsolete.
Now i will try to make simple installer (that will do all encryption on each PSP, to be safe).

Also, it is possible to add recovery menu to fake vshmain.prx, and maybe "CFW logo", sice it shows debug text on first boot.

Re: Reverse of TN HEN main function

Posted: Sat Mar 05, 2011 10:56 pm
by Valantin
jigsaw wrote:
Valantin wrote:@jigsaw if needed I can test on my PSP1000 :D
Yes please. And once it's done pls let me know. :D
LOL. there was a misunderstanding ..
I'm currently working there.
if you posted a sample, test it, and maybe I can help in the development

I have no experience with the kirk-engine, and I do not know where to start.

@kgsws do not understand why to use the hen? if you can pretend that the hen loader is the original vshmain.prx why not use directly systemctrl?

Re: Reverse of TN HEN main function

Posted: Sat Mar 05, 2011 11:08 pm
by jigsaw
Just a reminder to those who are interested in extending this HEN:

Please update your local revision up to rev 231, coz from rev 232 on lftv patch is introduced. I guess most of you won't be interested in that, which is for debugging/testing lftv protocol only.
I'm considering adding a branch which sticks to pure HEN (w/o lftv), a second branch for flash0, and the trunk keeps going with lftv.

EDIT:

2 branches added. both based on rev 231.

branches/original is for original HEN. This branch is for bug fixing to original HEN only. Any bug fix will be merged to other branch(es) and trunk.

branches/cfw is for permanent CFW. This branch is for kgsws's CFW.

trunk will be playground for other new features such as lftv.