Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS3 CFW and Hacks       Thread starter SorenAlke       13      
Status
Not open for further replies.
Haha that's it, time to make that the default site avatar and then you'll be forced to change it... jk :p

:arrow: Another update also via zecoxao: How to find toc address in any lv2_kernel without script!

Tools Required:
  • IDA Pro (don't ask where to find it, Google is your friend)
  • HX-D
  • 7zip
  • Tools to extract elf from lv2_kernel.self (Unself/Unself2/Scetool/etc) / pup unpack tools
Step 1: Extract the elf from lv2_kernel (here i'm using aldos tools) by right clicking lv2 and choosing "SELF Tools->Extract ELF"

Step 2: Extract further the elf with 7zip by right clicking the elf and choosing "7zip-> Extract to <name_of_file_without_extension>"

It'll create a folder and extract its contents. If a popup box shows up asking to overwrite or not, choose "Rename automatically"

Step 3: Open the folder and go to the segment with 46KB/45KB size. Open it with HX-D and go from the start position 0x8000 bytes into the file. Example for 1.02 lv2_kernel:

lv2_kernel_8.png

Step 4: Copy the first 8 bytes from 0x8000 to the transfer area.

Step 5: Open the kernel in IDA Pro and let it load. After it loads search for those bytes. You should see an unknown data structure. That is your TOC :)

PS: Tested on 4.46 REX Cex Kernel, 1.02 CEX Kernel, and 4.60 DECR Kernel

Proof of Concept Scripts: poc_scripts.zip (4.61 KB)
  • lv2_dump_analyser_before_355.idc <- script for firmwares before 3.55 and after 1.02 (TOC located at segment #7)
  • lv2_dump_analyser_355_plus.idc <- script for firmwares 3.55 and above (TOC located at segment #6)
Useful if you want to find everything quick and leave syscall table for later. Just add those two to ps3ida folder and use them according to version. TOC will be automatically found.

Update: To quote zecoxao: ps2_netemu with full hvcall support + lv1 dumper by 3141card

3141card has asked me to share this. it is ps2_netemu from 4.81 with full hvcall support, and option to dump lv1 from inside netemu.

mysis this is also for you :)

Download: ps2_net_emu.7z (2.5 MB)

instructions on how to dump lv1 are inside. have fun :D

Update #2: From zecoxao: ps2_netemu with fan temps display

HthOk3K.jpg

3141card has asked me to release this as well. 4.81 netemu with temperature display :)

Download: ps2_netemu.elf (10.40 MB)

Enjoy :D

And from marvin, to quote:

Ready to use file (unrar first): testemu.rar (2.49 MB)

Tested with Rebug 4.81.2 on Slim PS3
 
Status
Not open for further replies.
Back
Top