Talk:Dev Tools: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
m (Replaced content with "moved to main page")
Line 1: Line 1:
== sputnik - Cell/SPU Pipeline viewer==
moved to main page
http://www.ps3hax.net/2011/08/sputnik-build-3-cellspu-pipeline-viewer/
* [http://dl.dropbox.com/u/334837/Sputnik.exe.zip Windows] (will also need [http://qt.nokia.com/downloads QT runtime files])
* [http://dl.dropbox.com/u/334837/Sputnik.dmg MAC OSX]
 
== netrpc ==
 
git://gist.github.com/1041214.git <br />https://gist.github.com/1041214
 
 
== Objdump ==
 
If you, for whatever reason, need to disassemble non-x86 binary files, you usually look out for a disassembler. If there's nothing free available for your platform (e.g.: ARM) one of the few solutions may be buying something like IDA Pro.
 
But wait, if you only need to "analyze" a small portion (boot-sector, single routine, ...) and someone already ported GNUs GCC and bintools to your platform, using OBJDUMP may do the trick...
 
If "raw.bin" is your binary file, just typing
<pre>  objdump -d raw.bin
  objdump: raw.bin: File format not recognized</pre>
 
will not work. Objdump needs a file system object or file.
 
Just do it like this:
<pre>  # create an empty file
  touch empty.c
 
  # compile this empty file
  gcc -c -o empty.o empty.c
 
  # add binary as a raw section
  objcopy --add-section raw=raw.bin empty.o
  # remove ".comment" section to join
  objcopy -R .comment empty.o
 
  # now run objdump on it
  objdump -d empty.o</pre>
Source: http://askrprojects.net/software/objdump.html
 
== Several handy scripts ==
Most of the scripts are using graf's ps3dm-utils, so make sure you have them in your /bin directory.
Also make sure you are using graf's kernel (graf_chokolo kernel 2.6.39).
 
===panic1.sh===
This script will panic lv1 and get you back to petitboot, without exiting to GameOS.
ps3hvc_hvcall /dev/ps3hvc panic 1
 
===usb_dongle_auth.sh===
This script will get you into Factory/Service mode, without using dongle:
echo Generating a challenge
ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_challenge
echo Generating a response '(0xAAAA)'
ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_resp 0xAAAA
echo Verifying response '(0xAAAA)'
ps3dm_usb_dongle_auth /dev/ps3dmproxy verify_resp 0xAAAA
echo Checking if 'Product Mode is enabled
The returned value shouldn't be 0xff
ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07
 
===dump_EID0.sh===
This script will dump your EID0.
echo Dumping EID0
ps3dm_iim /dev/ps3dmproxy get_data 0x0 > EID0.bin
 
===dump_EID4.sh===
This script will dump your EID4.
echo Dumping EID4
ps3dm_iim /dev/ps3dmproxy get_data 0x4 > EID4.bin
 
===get_EID0_size.sh===
This script will get the size of your EID0.
echo EID0 size:
ps3dm_iim /dev/ps3dmproxy get_data_size 0x0
 
===get_EID4_size.sh===
This script will get the size of your EID4.
echo EID4 size:
ps3dm_iim /dev/ps3dmproxy get_data_size 0x4
 
===get_metldr_size.sh===
This script will get the size of metldr.
echo metldr size:
ps3dm_iim /dev/ps3dmproxy get_data_size 0x1000
 
===nor_dump.sh===
echo Dumping nor
dd if=/dev/ps3nflasha of=nor.bin
 
===dump_ram.sh===
This script will dump your ram.
echo Dumping ram
dd if=/dev/ps3ram of=ps3ram.bin
 
===dump_vram.sh===
This script will dump your vram.
echo Dumping vram
dd if=/dev/ps3vram of=ps3vram.bin
 
 
 
== Payloader3 ==
* http://git.dashhacks.com/payloader3/payloader3/trees/master (down)
* 2011-06-22 backup: http://gotbrew.org/payloader3.tar.gz / [http://www.multiupload.com/DM8KLHX2SS payloader3.tar.gz (55.55 MB)]
* Up including last commit before dashhacks went down : [http://www.multiupload.com/ZZ0X312CDM payloader3.tar.bz2 (45.49 MB)] (full git backup, also includes : [http://www.multiupload.com/EVO0GPP4DB payloader3-src-only.rar (2.08 MB)])
 
===Howto===
# Set firmware version in Makefile
# Compile with "./build.sh"
# Copy pkg file to usb stick
# Install pkg on PS3
 
===Precompiles===
* [http://www.multiupload.com/MB7NE5AJYC payloader3-315.pkg (3.53 MB)]
* [http://www.multiupload.com/JKKZG58NOR payloader3-341.pkg (3.53 MB)]
 
===Notes===
# Loading ps3load after the payload will execute the appropriate ps3load.self, after your self exits you will be returned to the XMB.
# Loading 'ethdebug' will load ArielX's Kammy self, after it executes you will be returned to the XMB.
# Loading 'ethdebug/ps3load' will load ethdebug, then ps3load.
 
=== ps3load 3.55 make_self fixed ===
* older versions of ps3load would '''not''' work on 3.50/3.55 (¨sysProcessExitSpawn2¨ won't work proper), and you had to use 3.41 instead. This is no longer an issue with the recent version ps3load which fixed the (make_self) issue for 3.55
** standalone precompiled version to try: [http://www.multiupload.com/J44BIRSPLB PS3LOAD.gnpdrm.pkg (580.47 KB)]
 
==== Using ps3load ====
# make your app, produce at least an ELF
# sprxlinker yourapp.elf (this should be done for you if you use any of the samples)
# make_self yourapp.elf yourapp.self
# load ps3load on the PS3
# define the PS3LOAD environment variable in your favorite shell with tcp:ip_addr (where ip_addr is your the ip address of your PS3)
# ps3load yourapp.self
 
== lv2-v9.pkg ==
* [http://www.multiupload.com/WEVBQ1WAA0 lv2v9.pkg (111.33 KB)]
* [http://www.multiupload.com/QBRZMCJ86V lv2-v9-pkg-content.rar (105.52 KB)]
 
=== patch1 ===
  # PL3 3.55
  # Patches marked with (*1) seem to be unstable. Thanks to drizztbsd and
  # RandomUse.
  # PL3:
  ef48: payload.bin
  # Segment 0:
  ### 24e44: 38600000 # patch_func6 *1
  55dc4: 38600000 # lv2open: patch_func8_offset1
  55f28: 60000000 # lv2open: patch_func8_offset2
  ### 79d80: 3880000090830000 # patch_func4 + patch_func4_offset *1
  ### 79d88: 4E800020 # cont'd *1
  ### 7af7c: 60000000 # patch_func9_offset *1
  ### c1dd0: 38600000 # patch_func7 *1
  2b3298: 4BD5C050 # hook_open (patch_func3 + patch_func3_offset)
  # Segment 1:
  346688: 800000000000f2dc # syscall_map_open_desc
  # Spoof
  # *f3b8: version.bin
  # 2e8218: 800000000000f378 # syscall_versiontest
  # 2e82f0: 800000000000f3c0 # syscall_process_sdkversion
  # 16ad74: 3960000a44000002 # sha1 test
  # f3e4: find 3437353136000000
  # *fe34: 3436313335000000
 
=== patch2 ===
  # Waninkoko V2
  # 3270: e8821030e87c0020 # load unsigned ELFs
  # 3278: f8640000
  # e7f0: 48000c50 # Some jump
  ef48: payload2.bin
  19360: 7c001fac4c00012c
  1936c: 7c0018ac7c0004ac
  24e44: 4bfea5c5 # patch_func6
  55dc4: 38600000 # patch_func8_offset1
  55f28: 60000000 # patch_func8_offset2
  79d80: 38800000908300004e800020 # patch_func4 + patch_func4_offset *1
  7af7c: 60000000 # patch_func9_offset
  c1dd0: 4bf4d639 # patch_func7
  2b3298: 4bd5bf40 # hook_open
 
  3465b0: 80000000002e81e8 # sc8
  346688: 8000000000324968 # sc35
 
=== patch3 ===
  # Syscall36
  # by 2 anonymous people
  55f14: 60000000
  55f1c: 48000098
  7af68: 60000000
  7af7c: 60000000
 
  2be4a0: payload3.bin
  2b3274: 4800b32c2ba30420 # add a jump to payload2_start
 
  55EA0: 63FF003D60000000  # fix 8001003D error
  55F64: 3FE080013BE00000  # fix 8001003E error
 
  346690: 80000000002be570 # syscall_map_open_desc

Revision as of 21:08, 1 October 2011

moved to main page

Retrieved from "http://www.psdevwiki.com/ps3/index.php?title=Talk:Dev_Tools&oldid=5642"