Talk:Dev Tools

From PS3 Developer wiki
Revision as of 21:11, 29 September 2011 by Euss (talk | contribs) (→‎Payloader3)
Jump to navigation Jump to search

sputnik - Cell/SPU Pipeline viewer

http://www.ps3hax.net/2011/08/sputnik-build-3-cellspu-pipeline-viewer/

netrpc

git://gist.github.com/1041214.git
https://gist.github.com/1041214


Objdump

If you, for whatever reason, need to disassemble non-x86 binary files, you usually look out for a disassembler. If there's nothing free available for your platform (e.g.: ARM) one of the few solutions may be buying something like IDA Pro.

But wait, if you only need to "analyze" a small portion (boot-sector, single routine, ...) and someone already ported GNUs GCC and bintools to your platform, using OBJDUMP may do the trick...

If "raw.bin" is your binary file, just typing 

  objdump -d raw.bin
  objdump: raw.bin: File format not recognized

will not work. Objdump needs a file system object or file.

Just do it like this: 

  # create an empty file
  touch empty.c

  # compile this empty file
  gcc -c -o empty.o empty.c

  # add binary as a raw section
  objcopy --add-section raw=raw.bin empty.o
	
  # remove ".comment" section to join
  objcopy -R .comment empty.o

  # now run objdump on it
  objdump -d empty.o

Source: http://askrprojects.net/software/objdump.html

Several handy scripts

Most of the scripts are using graf's ps3dm-utils, so make sure you have them in your /bin directory. Also make sure you are using graf's kernel (graf_chokolo kernel 2.6.39).

panic1.sh

This script will panic lv1 and get you back to petitboot, without exiting to GameOS. 

ps3hvc_hvcall /dev/ps3hvc panic 1

usb_dongle_auth.sh

This script will get you into Factory/Service mode, without using dongle: 

echo Generating a challenge
ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_challenge
echo Generating a response '(0xAAAA)'
ps3dm_usb_dongle_auth /dev/ps3dmproxy gen_resp 0xAAAA
echo Verifying response '(0xAAAA)'
ps3dm_usb_dongle_auth /dev/ps3dmproxy verify_resp 0xAAAA
echo Checking if 'Product Mode is enabled
The returned value shouldn't be 0xff
ps3dm_um /dev/ps3dmproxy read_eprom 0x48C07

dump_EID0.sh

This script will dump your EID0. 

echo Dumping EID0
ps3dm_iim /dev/ps3dmproxy get_data 0x0 > EID0.bin

dump_EID4.sh

This script will dump your EID4. 

echo Dumping EID4
ps3dm_iim /dev/ps3dmproxy get_data 0x4 > EID4.bin

get_EID0_size.sh

This script will get the size of your EID0. 

echo EID0 size:
ps3dm_iim /dev/ps3dmproxy get_data_size 0x0

get_EID4_size.sh

This script will get the size of your EID4. 

echo EID4 size:
ps3dm_iim /dev/ps3dmproxy get_data_size 0x4

get_metldr_size.sh

This script will get the size of metldr. 

echo metldr size:
ps3dm_iim /dev/ps3dmproxy get_data_size 0x1000

nor_dump.sh

echo Dumping nor
dd if=/dev/ps3nflasha of=nor.bin

dump_ram.sh

This script will dump your ram. 

echo Dumping ram
dd if=/dev/ps3ram of=ps3ram.bin

dump_vram.sh

This script will dump your vram. 

echo Dumping vram
dd if=/dev/ps3vram of=ps3vram.bin


Payloader3

http://git.dashhacks.com/payloader3/payloader3/trees/master (down)

2011-06-22 backup: http://gotbrew.org/payloader3.tar.gz / payloader3.tar.gz (55.55 MB)

Howto

  1. Set firmware version in Makefile
  2. Compile with "./build.sh"
  3. Copy pkg file to usb stick
  4. Install pkg on PS3

Notes

  1. Loading ps3load after the payload will execute the appropriate ps3load.self, after your self exits you will be returned to the XMB.
  2. Loading 'ethdebug' will load ArielX's Kammy self, after it executes you will be returned to the XMB.
  3. Loading 'ethdebug/ps3load' will load ethdebug, then ps3load.

Limitations

  • ps3load will not work on 3.50/3.55 (¨sysProcessExitSpawn2¨ won't work proper), use 3.41 instead.
    • Note: latest version seem to address/fix the issues seen on 3.50/3.55
Retrieved from "http://www.psdevwiki.com/ps3/index.php?title=Talk:Dev_Tools&oldid=5576"