Hi all,
I see a lot of people asking me some questions and I notice a lot of ignorance in the net about the different payload and the latest PL3 payload. So I want to make things clear..
First of all, people should stop talking/requesting/using the hermes v3 payload, I don’t like his work, and the payload is not good, it might crash the system in some cases, it’s not written properly, and hermes doesn’t even seem to understand how git works.
Also, PL3 already includes (for some time now) all the good stuff from hermes, it already supports installing game updates, or running games without a disc, anything else that Hermes added is useless and dangerous could crash in some situations (requiring a reboot).
Some might have seen my tweets about my new payload being released, and many are asking me what is the difference between my payload and what is already available.
PL3 doesn’t support syscall 36 anymore, for multiple reasons, first, it was bad code, it was mapping a path to a single hardcoded value (/dev_bdvd or /app_home or /dev_flash or whatever is hardcoded in the payload) which means that, since we (the PSGroove and PSFreedom developers) don’t want to support running backups, all the official payloads weren’t working with the backup manager without being patched first. The syscall 35 I added in my payload is more generic though, it is the proper way of doing things. You can map any path to another other new path, the prototype looks like this :
syscall_35 (char *old_path, char *new_path);
This means that the payload doesn’t need to have a hardcoded /dev_bdvd path in it, or have extra code for mapping /app_home to something else.. or having syscall 36 change both /dev_bdvd and /app_home breaking homebrew when using a discless mode with a backup manager. You also don’t need a special payload to run the ‘firmware usb loader’.. It all just works because the choice of the path mapping is given to the homebrew applications themselves. This means that the backup managers will just map /dev_bdvd to what they want and they will work by default on my payload, there will be no need for a patched version of the payload to make them work.
This however means that the backup managers that depend on syscall 36 will stop working. For now Gaia Manager is the only backup manager available that is compatible with my payload. But I’m sure more will be ported to use syscall 35.
People need to understand that this new syscall 35 has to become the new standard, this is what all the payloads should use, nothing else, and this is what everyone should start using, not the old, crappy, backup-manager specific, PSJailbreak written, syscall 36.
We need to have some form of standardization for all these payloads, I’m tired of seeing about 100 different payloads floating on the internet, it doesn’t make sense. I always believed in a single payload that works for everyone, and that’s why I created PL3, that’s why it’s a project independent of PSFreedom (and PSGroove has been ported to it) and that’s where all the efforts should go. Also, by using PL3, you automatically gain support, and all the same features, for whatever previous firmwares PL3 already supports (3.01, 3.10, 3.15 and 3.41).
I have just recently seen this new payload that everyone is so happy about that includes “all the good things from 3 worlds”, the one created by Rancid, which includes the stuff from hermes, waninkoko and Mathieulh… and I was shocked to see how much people were happy about this.. people don’t really seem to understand that this wasn’t necessary at all? PL3 has had all those patches for a while now, so why did Rancid even bother making this payload that includes the patches from hermes, waninkoko and Mathieulh? Why would you spend your time doing something that already is available!
This blog post is meant to stop all this ignorance and let people know that they don’t need to look for a special payload, just use PL3 and you’ll get everything you need. It is also meant to explain to everyone what is different about my payload.
On a side, I have received a P3Hub device, kindly donated to me by the people from r4king.com, and I have now tried PSGroove for the first time! I’ve also created a fork of jevinskie’s port of PSGroove which is now improved and updated to support the latest PL3 version. This means that the PL3 payload is available for everyone, those using PSFreedom as well as those using PSGroove, so there is no excuse now on not using it or relying on badly written payloads developed by people who barely know how to code (yes, using winrar instead of git is a good indication of that).
Update: I forgot to rant about peek&poke!!! So let’s do it now… well, the default payload in PL3 has peek and poke disabled, and for a simple reason : Nobody needs them! and more importantly they are misued! I’ve look at the code of the different backup managers, and it looks like all of them use poke to patch the memory to ‘fix something’ because they think that it’s their job to do it.. no it’s not! If you have a working patch, then submit it to PL3 and if people complain, tell them “use the proper payload”, don’t try to take advantage of peek&poke to go and modify the kernel’s instructions! The reason is simple.. you are a homebrew app that does X, then do X, leave the kernel patching to the payloads! Just as PL3 doesn’t map /dev_bdvd to /dev_usb000/I.Like.This.Game/ and locks it out! Also, I’m on firmware 3.15, so when you decide to poke and patch the kernel with a hardcoded offset, you’re just screwing up my kernel because the offset is firmware dependent! it’s not the same depending on the firmware you use, and I don’t want you playing with it. So.. peek&poke are really not useful to anybody, they are not even available on a normal linux pc, so why would you want them in your default payload, right?! The only people who should use a payload with those syscalls enabled are real developers, people who want to analyze and patch the kernel on the fly while they are doing some development of, maybe, a kernel driver! That’s it. Anyways, that’s enough ranting from me for today!
P.s: In my branch of PSGroove, I wrote a script that build the .hex file for every supported device (from the README) for every supported firmware. You can find all the hex files here : PSGroove+PL3 hex files
Update: Thanks to evilsperm, I’ve updated the archive with hex files for these devices : Blackcat, Xplain, Olimex, UsbTinyMkII, Bentio and OpenKubus.
Update 2: Some people reported crashes with my payload when running backups with installed updates. I figured out the cause and fixed it now in git. The hex files above have also been updated
Thanks for reading.
KaKaRoTo
hermes has more respect
this is not a race kakaroto
Please show some respect with Hermes, he has done a lot in the scene. Maybe his work is not perfect, but neither is yours. Plus you haven’t said why his payload is “dangerous”.
thanks man was using the menage a trois code going to give this a go your 100% it needs to be all standardised so the homebrew can begin
this payload doesnt work for me sometimes it freezes when i open gaia manager and sometimes it freezes when i try to boot a game. i will be switching back to hermes v3 and open backup manager untill this payload becomes more stable.
Ranting with paypal button at the bottom ? no comment.Some folks want all the fame for themselves.
I full believe that the payload process needs to be standardized. PL3 is definitely the way togo. As a developer myself, KaKaRoTo makes alot of sense. PL3 will make patching and development way easier for ALL the different devices out there.
Think about it this way, by allowing peak and poke access, it means that anyone can write harmful code that could mess with the kernel. At the rate backup mangers and their forks are coming out, it would be easy for someone to write some malicious code that for example could brick your PS3 and tout it as a NEW RELEASE. Since it seems like everyone in the scene wants the latest and greatest, I imagine alot of machines could be infected pretty fast since there are no checks in place to scan the code.
KaKaRoTo said it well: “you are a homebrew app that does X, then do X, leave the kernel patching to the payloads!”
Has your head exploded yet?
You didn’t do even half of contributions that Hermes made, in PS3 even in Wii with mload/cIOS, even with the ps2 uloader
Crashing payload? Well any payload would cause crash on the ps3, not only Hermes’ one
BTW.. seeing the paypal button at the botton of your ridiculous article you said everything, just want fame, that fame you will never have because you only have made a simple port of something already done
And remember: Hermes>YOU
If you are going to release something, just do it, but dont talk about other people for your profit.
something is wrong with ur minimus hex…. tried to flash it on the minimus key and it doesn’t flash it…stops at “program”
For those of you jumping down KaKaRoTo’s throat, I ask this: Have you ever written code in a language that doesn’t manage your memory for you?
Writing to the memory of a running executable is dangerous in and of itself. On the PC, production code almost never uses this approach and some antivirus products even go so far as to detect and block this activity.
Writing the memory of a *running kernel* regardless of operating system and architecture is generally an absolute last resort. As Kak said, offsets change and depending on an offset-based patch is (to say the least) not a safe coding practice. Hooks are usually a better solution to modify a running kernel (where possible.)
A lot of people who hack for the sake of backups are what I term hack’n’slash coders. This is not a scene-specific thing; the Xbox hackers do it too. All they care about is getting the “scene cred” that is spoke of so highly and then smoking a cigar – long term system stability and code quality take a back seat to pure haste. They seldom go back and fix rushed and flawed code – as long as it works for the majority they don’t care.
I was really impressed by KaKaRoTo’s ingenuity in using the Ethernet interface to get the data out of the system – he has not only talked about but has demonstrated top-notch reverse engineering skills. Hermes played around with an already-released payload and his code was not safe to use on alternate firmwares. Sorry Hermes, but credit where credit is due.
I really get the feeling that people who are shooting off their mouths didn’t read or didn’t understand what was said in the post. Don’t let these people discourage you Kak, I value your efforts.
What about us arduino users?
Can we have a good port to? 😀
Thankyou for clearing that up for me and everyone else KaKaRaTo, I will be sticking with your payloads for sure as I have been! And to everyone complaining ”leave Hermes alone” , KaKaRaTo was not attacking him , he was just stating the truth, he is not just bragging, he is not saying he is the best coder out there either, just so happens in this case:
(A) Hermes code was untidy and could potentially cause problems, It was still a part of the evolution of the PSgroove exploit.
(B) KaKaRaTo code is better and tidier at this time , who knows what will happen in the future.
==================================================
It WAS worth pointing out to everyone that there was uneeded and possibly dangerous functions in Hermes code that dont need to be in the average users payload (there is a REAL possibility of a future homebrew app accidently bricking a PS3 if it was ran on a firmware other than the one it was designed to ”poke”) I have experienced some strange behaviour using a 3.15 PS3 with homebrew myself.
Peek and Poke payloads and other experimental payloads will always be available to those who need them anyway. So it makes no difference…
==================================================
So what if he wants to put up a ”donate” button, He has put in alot of time and its not too much to ask for ,eg. 1 Dollar of every 100th person who uses his work. That would be nothing to end users but it would be a nice bit of encouragement to Kakarato to keep improving and refining the payloads.Who knows where his payloads will lead! 🙂
Anyway I bet its less than 1 in a 1000 users of his work that donate so I dont think KaKaRaTo is going to be a millionaire anytime soon through donations so dont be envious. 🙂
P.S. Dont forget KaKaRaTo was the one who brought the exploit to all the 3.15 otherOS users out there first, No one else seemed to be working on it, We could all still be waiting…. Thankyou.
DeViL303
I would like to know how to compile this for my iPod Touch 1g. Does anyone know how to go about doing that. I’ve looked everywhere for some process to turn this code into a a working Android image.
Also I like what you’re doing, I’ve thought the same thing ever since. This scene has been a mess, more than any other console hacking scene I’ve witnessed. Ever since they called this hack a “jailbreak” i knew this would be a newbie iDevice clone scene, not like the Xbox or Xbox 360 scene’s. I wish people who were hacking there consoles actually understood what they’re doing, but most just want instructions and backups, not the strides that this community is looking for.
funny, its not like hermes’ released the payload with his own name or something.
i dont understand the point of arguing about giving a “credit” for the work.
anyway i do respect the kakaroto’s work. but why did he have to take out the playing backup function.
to show sony that his work is nothing to do about piracy of course.
then he gets away from the getting sue by sony. fair well
but hermes had guts to play against sony.
ill give him a credit for that.
like i said, i respect kakaroto. but i feel like hes just complaining how hermes’ got more fame than kakaroto does.
kakaroto, if you really have confidence of yourself as programmer,
having fames from a few people who knows the programming will be more gladful than getting fames from noobs.
Black said
“anyway i do respect the kakaroto’s work. but why did he have to take out the playing backup function.”
Your straight retarded.
He took out the Peek/Poke ability. This would only break compatibility with one program NZHawks Awesome Peek Poke Application or w/e it’s called.
With this you can still emulate backups via bluray and diskless, you just need to use Gaia Manager to play them, correct me if I’m wrong.
or use Deanrrs = PS3 AVCHD and Game Manager Mod of OBM 🙂
He did not take out support for backups, where did you read that?!!
He did the exact opposite actually, Did you not read the post above by KaKaRaTo? He has added better support for homebrew apps to mount thier own paths, much better than a badly implemented hard coded mount ,Just requires a small update to homebrew thats already available (sys call 36 to sys call 35). This might actually get around the broken bluray drive issue for good if we can get a patched open manager that supports having no bluray drive. (Think Deanrrs Open manager can already support this!)
I think U r basically right,
even despite of the bad taste donate button at the bottom
that makes all your analisys useless because, anybody guess
u are just looking for money … ( probably is it also the case 🙂
but anyway ..
I did read your code and the one of the trio and of course you are right,
their code is a mess ,even psgroove is mess , of course ..
they are just crackers which is typical for young people playng at being a real hacker ..
to me look like you have more experience (meybe you are older than them) and I think you deserver more respect just for being much more professional than other which are just playing at being hackers which makes them cool even if they don’t really know so much as it seems
BTW ..
have a look to the code of marcan if you didn’t already which is a far better candidate for a clean jailbreak than psgroove
Good job Kakaroto. Both on the programming and this article.
Getting the exploit to work on older firmwares and completely rewriting the payload. From one developer to another, I’m quite impressed. Do not let whiners or ignorant people discourage you. There will always be those who won’t be satisfied no matter how much you do for them. Just ignore them the best you can 🙂
Simple change OpenManager socure code support syscall35
———————————
static uint32_t syscall35(const char *srcpath, const char *dstpath)
{
system_call_2(35, (uint32_t) srcpath, (uint32_t) dstpath);
return_to_user_prog(uint32_t);
}
void syscall36( char * path)
{
const char *hook_root = “/app_home”;
if (syscall35(hook_root, path) != 0) {
system_call_1(36, (uint32_t) path);
}
}
……
flip();
syscall36( menu_list[game_sel].path );
const char *hook_root = “/dev_bdvd”;
syscall35(hook_root, menu_list[game_sel].path);
ret = unload_modules();
exit(0);
Pingback: PS3: Why I don’t like the Hermes payload « KaKaRoTo's Blog
ok, to all these comments : I hope to clear all the misunderstanding with the latest blog post.
I also removed the donate button since I don’t really care about that.. I already got a job and a good salary, I don’t need an extra 20$. (and also, like I said, i’m receiving nothing from it anyways)
Thanks for you help.
Installed the following packages, but still the same error messages… puzzled :/
ppu-sysroot: http://mirrors.kernel.org/ubuntu/pool/universe/p/ppu-sysroot/ppu-sysroot_2.0ubuntu3_i386.deb
ppu-sysroot64: http://mirrors.kernel.org/ubuntu/pool/universe/p/ppu-sysroot/ppu-sysroot64_2.0ubuntu3_i386.deb
ppu-binutils: http://lug.mtu.edu/ubuntu/pool/universe/c/cell-binutils/ppu-binutils_2.17cvs20070401-0ubuntu1_i386.deb“%5D
and only after:
ppu-gcc: http://mirrors.kernel.org/ubuntu/pool/universe/c/cell-gcc/ppu-gcc_4.1.1r840-0ubuntu7_i386.deb
make[1]: ppu-gcc: Command not found
Using latest Ubuntu.
using PL3 with teensy 2.0 and Gaia manager, i cannot run any games without a disc. I have hit L1 to switch option to disc less. game just hangs at black screen when loading. didnt have same issue with hermes 3.0 and Open Manager 1.5 except with a couple games…
Hi,
could you please add Hexfiles for Olimex with 8Mhz, the AVR-USB-STK for example does not support 16Mhz.
Thanks for your good work !
Until the ports comes out for other boards also like arduino & Iphone i dnt think kakaroto port will b much of success cause only then number of users can increase and can judge whatever he is saying is correct or not………
Im waiting for hie arduino port rite now im using hermes v3 with all the updates and games fix……..
Hermes V4 has been released too..
Sensible comments regarding proper structured programming – however your stance on ‘backups’ makes alternate developers a necessity. Hopefully your hex will offer everything that people want and be stable.
Oh and thanks for the work
Pingback: Teensy / Bumble Bee hybrid USB dev kit for $5 (USD) - Page 64 - PSX PS2 PS3 Scene Hacking Modchip & Jailbreak Community
Can someone please advise which .hex file should be used with a AVRkey ATmega32U2.
the new compile still freezes with updated uncharted2…
is there a hex for PIC 18F2550? thahk you.
Pingback: PS3 官方繁體中文網站 – zh.ps3-hacks.com » KaKaRoTo的 PSGroove (也包含PL3)
I tried pl3 with uncharted2 (that was a problematic game when updated)… had to remove update data and re-dewnload to get it booting with PL3.
It finally booted and in the meantime the controller powered-off. So after the Naughty Dog logo there is the screen that tell you to re-connect the controller… at this point the system froze and had to pull the plug.
Booted the game again this time all went well… so I decided after 15mins of gameplay to save and quit… pressed the SAVE option in the menu (it auto-creates a quick save on 1st press) and the system froze again. Using my own rip of Uncharted2 on a slim with 3.41…
so it’s actually back to hermes for me at least until those bugs get sorted…
Hoi
Can you make a payload (or one teensy 1, at90usbkey hex) for a ps3 without blu-ray drive????
Thanksss
Pingback: KaKaRoTo: The PS3 Payload Mess! - Page 21 - PSX PS2 PS3 Scene Hacking Modchip & Jailbreak Community
yeah, that one does what I describe above
please……need a way to make psgroopic hex for 3.15 !!! thanks
Please kakatoto support psgroopic 3.15, 3.01 and 3.10!!!!! thanks.
@KaKaRoTo: is there a way to hex pl3 to the p3free jailbreak key?
Having issues installing ps3toolchain.
It has been compiling for hours and seems to be in a loop.
@Mark Webber : It takes a few hours on the most performant computers.. just be patient or.. ‘git checkout pre-built’…
I was starting to think I was going nuts seeing GCC compile for the “insert large number here” time. 😉
I’ll get it going, then get into this POS kiosk unit.
With any luck as well as installing PKG files, I will be able to remove the stupid password settings etc.
Update: SDK installed, now I give up though. If I have to install on more module I will lose it.
Will see if this is possible under Windows using the SDK and wireshark. If not, it’s shelf time for the kiosk unit.
I seriously understand why Linux has never taken off now ;p
lol, it has nothing to do with linux.. and as far as I know, there is no open sdk for windows.. or maybe there is, I don’t really know, I just use linux for this stuff.
I think there were some virtual images with everything preinstalled.. anyways, once the open toolchain is installed, then PL3 should compile without any additional modules to compile. So don’t worry about it.
Oh, and compiling the toolchain, it is expected to take a long time, just run it and forget it.
Just having a bad hair day =)
Playing with Ubuntu (first thing in Linux for 15 years) and trying to learn the rest as I go is driving me nuts.
I am back at it, and it’s having a fit about the Lufa-Lib, so it’s onto install that now and see what else it wants.
How about you telnet in and I will watch =P
first rule of linux : telnet is bad.. ssh is good :p
well, about lufa lib, you just need to read the readme file :
Type :
git submodule update –init
it will get the lufa-lib (it’s part of psgroove, just like pl3), it’s not something to install.
git submodule update -init
fatal: Not a git repository (or any of the parent directories): .git
I’ll figure it out
euhh.. you’re doing this in a git clone of psgroove, no ? look, start from scratch (just the psgroove part), go to an empty directory then do this :
—–
git clone git://github.com/psgroove/psgroove
cd psgroove
git submodule update –init
./build_hex.sh
——
DONE!
And now it wants avr-gcc. I would have sworn it was already in there
Think I will start from scratch in the morning. See how it goes then.