|
|
aller hop une pitite news qui annonce que du bon 
Citation:
More graf_chokolo updates: XorHack v2.0: The Updated PS3 Exploit Toolkit xorloser’s blog
Quote:
Here is what my descriptor looks like:
Code:
const uint8_t PROGMEM port1_config_descriptor[] = {
0×09, 0×02, 0×12, 0×00, 0×01, 0×00, 0×00, 0×80, 0xFA, 0×09, 0×04, 0×00,
0×00, 0×00, 0xFE, 0×01, 0×02, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00, 0×00,
0xFA, 0xCE, 0xB0, 0×03, 0xAA, 0xBB, 0xCC, 0xDD, 0×60, 0×00, 0×00, 0×00,
#include
———— and here paste dummy bytes ——————-
};
vsh.self and sys_init_osd.self decrypted 
ps1emu*.self decrypted
ps2 emu cannot be decrypted by appldr because it’s like GameOS, it’s decrypted by lv2ldr, ps2 emu is not an application that can be run on GameOS.
Pretty all SPRX file can be decrypted now
I will just polish a bit my source code and then upload it, guys
Reversing lv2ldr interface and decrypting lv2_kernel.self is next on my list, guys
psp_emulator.self decrypted
bdp_BDMV.self
#1339258 - Pastie
vsh.self
#1339271 - Pastie
psp_emulator.self decrypted !!!
#1339276 - Pastie
ps1_emu.self decrypted !!!
#1339284 - Pastie
I will release my code today
ESID 0xA is used for dynamic memory allocation and memory mapping, so it’s ok. Every page is 0×1000. You should have several 0xA segments.
ProtectionPage has a member variable log2_size at offset 0×18 (size 1 byte). 0xC means 2^12 = 4kb
And i was wrong about VA in my first post about ProtectionPage
Sorry EA is converted not by page table but by SLB I need a vacation from reversing ProtectionPage doesn’t contain VA, it’s EA and not VA. EA is converted by page table to VA.
|
source et source
|