Editing User talk:Zer0Tolerance

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
thanks :) [[User:Euss|Euss]]
thanks :) [[User:Euss|Euss]]


[[User:Zer0Tolerance]] under observation because of posting strong [http://www.psdevwiki.com/ps3/index.php?limit=500&tagfilter=&title=Special%3AContributions&contribs=user&target=Zer0Tolerance&namespace=0&topOnly=1&year=2015&month=12 SEX]ual content ;) - ([[User:Roxanne]] 17th December 2015 / 16:19 GMT+1)
===About eid2 des iv===
 
Good joke, thanks. ([[User:Zer0Tolerance]] 17th December 2015 / 18:51 GMT+1)
 
=About eid2 des iv=


just a quick heads up. both eid2 des ivs (the zeroed one and the other one) are valid to use. in a way, both glevand (zero iv) and naehrwert (fixed iv) are correct. make sure you consult with [[User:naehrwert|naehrwert]] for more info.
just a quick heads up. both eid2 des ivs (the zeroed one and the other one) are valid to use. in a way, both glevand (zero iv) and naehrwert (fixed iv) are correct. make sure you consult with [[User:naehrwert|naehrwert]] for more info.
Line 52: Line 48:
yes, you're correct. just tested other combinations and none of them work.
yes, you're correct. just tested other combinations and none of them work.


= About EID0_0_UNK1 =
=== About EID0_0_UNK1 ===


@ZeroTolerance
@ZeroTolerance
Line 119: Line 115:
dump of eeprom with above data
dump of eeprom with above data


= Thank you for puppies =
=Syscon pinouts and schematics=
 
<div style="float:right">[[File:SYSCON_SWx_JTP-001_JSD-001_HSW-001_CN101.jpg|300px|thumb|left|PS3 Power control and switches schematic for CECH-25xx series<br>
http://www.st-andrews.ac.uk/nightline/wp-content/uploads/puppies.jpeg
Motherboards JTP-001 or JSD-001, SYSCON SW-x series, Switches board HSW-001, and 4 pins PSU connector (CN101) for PSU models APS-270 or EADP-200DB]]</div>
 
This was made time ago based on several schematics made by mr.dutch, i joined all them together and added some corrections to the HSW-001 board circuit and a retracing for better placement and custom conectors made in kicad
= Mike's WriteUp =
 
when you have time come talk with me on discord about https://github.com/MikeM64/Exploit-Writeups/blob/main/PS3/lv0ldr-spi-mitm/lv0ldr-spi-mitm.md
 
thanks, zecoxao
 
Also, you're needed on telegram. thanks
 
=Help with VSH exports related with RCO=
Not sure if you took a look at this table [[Talk:RCOXML_Objects#WidgetType]], i made it thanks to your research with [[VSH_Exports#paf]], but im having a problem, by looking at RCO stuff i think there are a couple of vsh exports missing in your list, not sure how you are getting them (reversing the hash from nids i guess), i know the codenames of some rco stuff so i can imagine the vsh export names that should have, please take a look if this ones exists
*paf::PhPlaneDiv::WidgetType(void)
*paf::PhPrim::WidgetType(void)
 
I am using a FNID_Validator, this tool just calculates a hash from function name, i guessing function name and verifying hash. I also using fnid_bruteforcer to bruteforce a few chars at the tail of function name.<BR>
You found correct function name, just mangled it and validated:<BR>
_ZN3paf10PhPlaneDiv10WidgetTypeEv  FNID is 0xE36C18F5<BR>
I also tryed to find second one, but no luck.<BR>
Thanks a lot.
 
Nice, and this one ? (i think im missing one or two more, is mostly a blind shoot trying to imagine the names)
*paf::PhLabelButton::WidgetType(void)
 
paf::PhLabelButton::WidgetType(void) not found on vsh exports :(
----
Ok, one last question, im wondering if there is some typo here, at bottom of [[VSH_Exports#paf]] table... this is normal ? (2 different NIDs returning the same object name)
{| class="wikitable sortable"
! Export NID !! Notes !! Usage
|-
| 0xCA9160F6 || returns "PhNumSpin" || const char* paf_CA9160F6()
|-
| 0x59A11C82 || returns "PhNumSpin" || const char* paf_59A11C82()
|-
|}
 
Why not? Asm code is same for both functions, so there are 2 same functions with different names.
 
Ok, it was another blind shoot, just because at bottom of paf table you have a group of NIDs that returns 24 object names, and in my table i have only 23, the difference of 1 is because the "PhNumSpin" is repeated in the paf table... i was wondering if it could be a typo and it was "hiding" a new unknown object name (to ask you later to search for '''paf::PhUnknown::WidgetType(void)'''), but i guess that was too much speculation, heheh, if at some point i imagine better names for the ones im missing (not sure if im missing some of how much though) i will tell, but by now thats all, thx
 
There is a table of "widgets"<BR>
1) paf::PhWidget::WidgetType(void)<BR>
2) "PhCamera" there is a function without export/import, so I can not validate func name by hash<BR>
3) paf::PhScene::WidgetType(void)<BR>
4) paf::PhPlane::WidgetType(void)<BR>
5) paf::PhPlaneDiv::WidgetType(void)<BR>
6) paf::PhButton::WidgetType(void)<BR>
7) "PhOskButton" simillar to case 2 - function without export/import<BR>
8) paf::PhText::WidgetType(void)<BR>
9) paf::PhScroll::WidgetType(void)<BR>
10) paf::PhLabelPrim::WidgetType(void)<BR>
11) paf::PhLevelMeter::WidgetType(void)<BR>
12) paf::PhProgress::WidgetType(void)<BR>
13) paf::PhCheckBox::WidgetType(void)<BR>
14) paf::PhXmBar::WidgetType(void)<BR>
15) paf::PhXmList::WidgetType(void)<BR>
16) paf::PhXmItem::WidgetType(void)<BR>
17) "PhSpin" simillar to case 2 - function without export/import<BR>
18) paf::PhItemSpin::WidgetType(void)<BR>
19) paf::PhNumSpin::WidgetType(void)<BR>
20) paf::PhList::WidgetType(void)<BR>
21) paf::PhInfoList::WidgetType(void)<BR>
22) paf::PhMenuList::WidgetType(void)<BR>
23) paf::PhCheckBoxList::WidgetType(void)<BR>
24) paf::PhLabelText::WidgetType(void)<BR>
25) "PhLabelPrimDiv" simillar to case 2 - function without export/import<BR>
26) paf::PhClock::WidgetType(void)<BR>
27) paf::PhIPAddr::WidgetType(void)


Nice, with 4 more the numbers starts matching, by RCO format specificatios there are up to 0x1F [[Template:RCO_TOC_entry_types]], i did not expect for all them to have exports so is nice you got this new 4 names (rcomage and me in wikipages has been named them "objects" but im starting having doubts about that naming convention). I noticed a group that doesnt have exports is all the objects named "items" by rcomage. By looking at that template it can be seen the chronologicall order where was implemented by sony programmers, the first ones are the constructors for the main "xrossmediabar", and every time where appears a "list" it comes an "item" inmediatly after. Other than this "items" there could be more without exports but are not going to be much (maybe 1 or 2)
It was not uploaded to wiki before because im not so sure if the same schematics is used in all the syscon SWx series, or if is dependant of the motherboard, etc...


Well, instead of brainstorming here im going to update that table at [[Talk:RCOXML_Objects#WidgetType]]. initially was just some dirty notes to help me in the research but is becoming something important and i guess eventually could be moved from talk to frontpage
I noticed you are looking at syscon pinouts so im uploading it now in case is handy


paf::PhXmList::BlinkStart(float)


Not found :(
<strike>Btw, the syscon pin numeration is based in the circled mark in a corner, following anti-clockwise rotation, as seen here: http://i.imgur.com/HBSqlPG.jpg</strike>


*And this ones ?... seems to be used as counters and indicates how many "items" childrens there are under the "lists" (this ones are to "Set", i guess there could be others more to "Get"):
In wiki the images follows other PIN numbering scheme ---> http://www.psdevwiki.com/ps3/File:Fp128b_pin_arrangement.png
**paf::PhXmBar::SetItemNum(int)
**paf::PhMenuList::SetItemNum(int)
**paf::PhCheckBoxList::SetItemNum(int)
**paf::PhLabelPrim::SetItemNum(int)


Not found
<strike>There is no service manuals of slims, so is not clear how sony is numbering pins</strike>


Thanks, good to know anyway, now i "just" need to imagine why some "list" has vsh exports to "SetItemNum" but others doesnt. I guess there must be a good reason for it but right now i cant imagine why, i was not expecting to unlock the triple "not found" combo, but it seems im in a strike :'(
Doubt solved, wiki numbering scheme is right, so in my schematic is wrong, in the motherboard is clearlly marked at bottom-left corner as seen here ---> http://i.imgur.com/0gdeVAn.jpg
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)
Retrieved from "http://www.psdevwiki.com/ps3/User_talk:Zer0Tolerance"