Friday, October 29, 2010

What does hermes mem patch mode do?

<KaKaRoTo> Works fine with latest default payload.
<KaKaRoTo> So only with NUS (no_unauthorized_syscalls payload), so it's normal and expected.

<hObbit> so what does that mean

<KaKaRoTo> Just means that what I said the first day when i added the NUS payload still applies.
<KaKaRoTo> "only use it to put the ps3 back into restrictive access mode to unauthorized syscalls"

<hObbit> The NUS is for controller fix right?

<KaKaRoTo> Not for controller fix, it's just some (2 or 3) games that won't work without it. Eyepet is the only one I can remember.
<KaKaRoTo> The same would happen with hermes payload if you enable "patched mode" in it.
<KaKaRoTo> The only thing is that for him, the 'patched mode' only gets enabled after the drive is mounted, so maybe that's why noone noticed.
<KaKaRoTo> but it's basically the same code

<hObbit> Can we have that called via homebrew like hermes payload?

<KaKaRoTo> We could, but I don't want to, because it's an ugly hack.
<KaKaRoTo> Basically those patches disable a function that is used by every system call.
<KaKaRoTo> is_this_syscall_authorized_on_this_system/modem/whatever
<KaKaRoTo> Some games require a specific syscall to be enabled.
<KaKaRoTo> It's most probably related to the fact that the ps3 would only unlock the /dev_hdd0/game/<ID>/ of what the bluray player reads in sector 2.
<KaKaRoTo> So when a backup is launched and tries to 'install game data' it can't because it can't access the right directory.
<KaKaRoTo> So that patch makes it work.
<KaKaRoTo> It only has the side effect of enabling every other system call.
<KaKaRoTo> patch_func5 is what does all that (the is_authorized)
<KaKaRoTo> I suppose that patching it to return 1 all the time makes it return 1 to the 'syscall_is_root' or something, that's why permissions get ++
<KaKaRoTo> It also screws up the controller for games like F1 and SF4 because they need maybe something like 'syscall_is_special_usb_stick/wheel_plugged_in'
<KaKaRoTo> They think yes, so they try to use it, disable the controller, and then.. oups, nothing works.
<KaKaRoTo> (That's why you can 'fix' the controller if you plug in a wheel or the SF4 arcade usb thingy)
<KaKaRoTo> That's what patch 6 and 7 do, they force those 2 specific syscalls to return '0' instead of '1'.
<KaKaRoTo> But there are still other games that check other things and fail because of that (like eyepet, maybe it checks is_camera_plugged_in)

<hObbit> I see, so rather than enabling everything we'd need to find that specific syscall.

<KaKaRoTo> Exactly. The real fix is find just the right syscall to have elevated permissions, and fix just that one to think it's "1".
<KaKaRoTo> Instead of making it "1" for EVERY syscall, then return 0 selectively to fix specific games.

<hObbit> So what needs function 5 then? is that the eyepet game?

<KaKaRoTo> no no
<KaKaRoTo> you have this :

<KaKaRoTo> syscall_X (arguments)
<KaKaRoTo> {
<KaKaRoTo> can_i = function_5(args);
<KaKaRoTo> if (can_i == 1) { do stuff }
<KaKaRoTo> else { return error }
<KaKaRoTo> }

<KaKaRoTo> patch 5 is to overwrite the 'can_i_do_this' function completely
<KaKaRoTo> so EVERY syscall gets 'yes you can'
<KaKaRoTo> what function 6 and 7 does is just :

<KaKaRoTo> syscall_fix_for_f1 (arguments)
<KaKaRoTo> {
<KaKaRoTo> can_i = 0
<KaKaRoTo> ....
<KaKaRoTo> }
<KaKaRoTo> syscall_fix_for_ssf4 (arguments)
<KaKaRoTo> {
<KaKaRoTo> can_i = 0
<KaKaRoTo> ...
<KaKaRoTo> }

<KaKaRoTo> Patches 6 and 7 just patch the 'call func5' into 'func5 returned 0'
<KaKaRoTo> While patch 5 actually patches the content of func5 to always return 1.
<KaKaRoTo> You see how ugly it is? you understand why i didn't want to add a syscall to the payload just to enable/disable this 'patched mode'.
<KaKaRoTo> I want to do it properly, or not do it at all.


<iLLNESS> weird though... ssf4 works fine for me with NUS

<KaKaRoTo> yes it would
<KaKaRoTo> because NUS basically means 'all original'
<KaKaRoTo> it wouldn't work if you had patch 5, but not patch 6 and 7
<KaKaRoTo> but if there is no patch 5, then it would work

Thursday, October 28, 2010

About Unified Manager

Last week moh.sakhaii, Rogero and me have joined to make the better PS3 Backup Manager of the world.

moh.sakhaii wants to starts from vanilla OpenBM (his version) to don't have external contaminations.

The problem is that I'm not a graphic developer, so I need the graphic part to be done before integrating all the Gaia Manager modifications.

So I still maintain Gaia Manager until graphical part of Unified Manager (the new manager) will be enough mature

Wednesday, October 20, 2010

AsbestOS: Running Linux as GameOS

As most of you will probably already know, I’ve been working on a project recently which aims to run Linux on the PS3 using the PSJailbreak exploit, effectively replacing GameOS on the fly. I think it’s gotten to the point where it’s useful enough for other people to be interested, so here’s something resembling an official announcement.
continue on marcan's blog

★ Debug Settings…

On DrEB's Blog you can find the list of debug settings available on a Debugging Station. These settings help developers to debug and test applications.

Gaia Manager V1.0 released

Gaia Manager V1.0 released!

Here you can find the change log for every release candidate.

I want to give thanks to klutsh for the background and the syscall35 support, and to KaKaRoTo for the beautiful pl3 payload

Tuesday, October 19, 2010

Gaia Manager, pl3 and discless

In Gaia Manager V1.0_rc10 I fixed the disc less mode.

There is a strange issue I can't understand:
For an unknown reason if I put the function syscall36 static, it just does not work!
I had to put that function non-static, but it's a complete non-sense.

If anyone knows what is the reason let me know, thanks.

By the way now I'm using only pl3 since it seems more stable and it does not need the dangerous "mem patch" that breaks anyhing (FTP, etc)

Monday, October 18, 2010

Gaia Manager next steps

The TODO list for Gaia Manager

For release 1.0:
  • Try the OpenBM patch included in 1.17.1 for disc less in pl3
  • Write the TITLE_ID above the cover
  • Verify any missing bugs
For release 1.1:
  • Add support for the C-payload (if I'll write it)
  • Add support for the opensource libftp (if I'll write it or if blackb0x release him ftp open source)
For release 2.0:
  • Add support for libfont (beautiful and unicode fonts) instead of the ugly libdbgfont

About PS3 payloads

I don't understand that payload war.
I use either PL3 and Hermes v4 (to develop Gaia Manager).

I think Hermes is more feature complete than PL3 (sorry kakaroto) since it supports syscall8 and discless (using a virtual bluray disc), but PL3 code is more commented and written better (and it compiles without the need of Sony© PS3 toolchain).

My dream is too have a C-based payload and I could do it, but I need some donations since coding a payload will need lots of time (also maintaining Gaia Manager needs time).

Why do I want a C-based payload?
Because C is easier to read and there is many people who know it and who can contribute!

How do I want to do it?
Initially using function pointers and, maybe, later using a proper linker script.

I will work on it this evening or tomorrow evening.

If you want to participate with that project or if you want to donate me some hardware (like a fat, otheros compatible, PS3 with firmware <= 3.15 or a big hard disk) email me

If you want to donate some money you can use my paypal