Finally i finished the first stable version since a few days now and im allready working a some other things and on a new update for MFW. Uhm…yea normally i would have waited a few days more till i would have posted it here on hax. But i have read a so funny post here on hax that i thought it’s time to release the stuff right now.
Originally Posted by badhabit
ok guys .. here i got the “secret method” for you to obtain anything ps3 related ..
double click your brain.exe .. if you get an error like “c:/gr/brain.exe not found” you might have been hanging around ps3hax for to long ….
|
Well to show him what can happen to peoples if they stay to long on HAX i will show you with this release:
https://github.com/cfwprpht/mfw
http://www.file-upload.net/download-…mplat.rar.html
———-
UNOFFICIAL
———-
Finally i decided to give that unofficial release the version v0.3 in case of the massive changes to MFW Builder. We have now 4.xx FW support and there for i added a lot of new things and apps’s like new_pkg which also generate a spkg matching with the input pkg, i removed self_rebuilder and added scetool to decrypt SELF’s and to rebuild the SELF’s. For the last option i coded a own routine which check the input SELF and set up the correct variables to use with scetool. Then we have a new script to auto generate predefined MFW/CFW-’s like the puplic released one’s. To make MFW Builder a bit more secure for the avarage end user i added a SHA1 checksum test on the input PUP which can also be disabled per option for the more advanced user. And dev’s which maybe plan to release there next CFW via script for MFW Builder can enable a hidden option in the file ‘mfw’ to add a new SHA1 checksum of the input PUP to the db.xml. So they also can use there old CFW as input and only apply the new changes to it. So dev’s don’t need to share copyright protected stuff and the end user don’t need to download a 200MB file every time or for every CFW and/or store more then 1 OFW on his PC.
And thats even not all what is new. I will continue working on MFW to make it an even more usefull tool then it allread y is right now.
Big THX to git-hacks.com and Anonymous Developers (Code Monkeys) for this great tool.
|
01-19-2013
12:34 PM
at least the ps3 scene still has work in progress
whats next to come? :D
01-19-2013
12:39 PM
[MENTION=215069]cfwprpht[/MENTION] excellent work as always m8...well what do you expect here at hax
01-19-2013
12:50 PM
THX
As always pls be carefull with moded FW's and only play arround with it if you have a flasher and be able to unbrick.
If you find a bug just report it here and as soon i have time i will fix it.
-Have Fun- and always trie to give something back.
01-19-2013
03:01 PM
I'm trying to use this tool, it gives me this error
Deleting output files
Executing command file delete -force -- ${::CUSTOM_PUP_DIR} ${::ORIGINAL_PUP_DIR} ${::OUT_FILE}
Executing shell fciv {C:\Users\Dario\Desktop\ps3updat_430.pup} -v -sha1 -xml db.xml
Error running script: child process exited abnormally
01-19-2013
03:16 PM
You have set up everything right in the settings.xml like /.ps3/ folder and so on ?
If yes try to download AIO Runtime installer and give a trie. Your not allone with this problem but it mostly is the setup of your comp and i can't see to time what the user's are missing. Cause i dono have some special setup or something like that. Just the most importend thing every one should have installed. Like the AIO runtime isntaller and so on.
01-19-2013
04:03 PM
old MFBuilder v0.2 working , this new version no working :\
01-19-2013
04:49 PM
YES THIS APP IS NOT IN WORKING ORDER...THANKS THO NICE REALESE KEEP IT UP BRO.....
01-19-2013
05:13 PM
edit...lemme try again..thx for the share
edit2
nope old statement still stands =
lol..removing the language...always laughing with the noobs do we...
previous 0.3 build lasted a little longer before spitting out the crappy fatal error: child process...
thx anyway..
01-19-2013
06:41 PM
Some one stole the language folder from the repo :P. Will be fixed in a few.
And thx to the other's. I will fix that strange problem as soon as possible
EDIT:
Something with the linking of the language.rar do not work. The folder is empty after downloading the repo. And for the other problem, i downloaded the repo and got the same problem as you all too. But the MFW Builder of my working dir just do the job like it should.
I will trie to hunt this down this night.
EDITł:
It seems to be something with the github. I packed the version of my working dir and extracted and tested it. This one works still like it should. I share the link here with a SHA1 checksum for the .rar. Let me know if that version work's for you and don't forget to setup the settings.xml to mach your comp (and not mine one :P ).
File Download: http://www.file-upload.net/download-...s3mfw.rar.html
SHA1 checksum: 49BFF233F9F35EF4573062F78C60B31FBB57A50D
MD5 checksum: 3651D5A68BA4E7DDC6F7934343D2C0A1
As soon i have tracked down where github and i have problems to be frinds, i will fix that then and udate the repo.
01-20-2013
02:53 AM
[MENTION=215069]cfwprpht[/MENTION]
i am not ungrateful and i am very pleased you have took another shot with a new ps3mfw builder release, but i still don't think you have tested it completely, if working properly. maybe your autogen task works (have not run it), but your patch_cos task, the most important to me as it generates a custom mfw, does still not work.
it errors out on those appldr key adds with this message:
Modifying CORE_OS file lv0 unpkg-ing file CORE_OS_PACKAGE.pkg Executing command unpkg $pkg $dest Executing shell unpkg {E:\_dump\PS3MFW\PS3MFW-MFW\update_files\CORE_OS_PACKAGE.pkg} {E:\_dump\PS3MFW\PS3MFW-MFW\update_files\CORE_OS_PACKAGE.unpkg} cosunpkg-ing file content Executing command cosunpkg $pkg $dest Executing shell cosunpkg {E:\_dump\PS3MFW\PS3MFW-MFW\update_files\CORE_OS_PACKAGE.unpkg\content} {E:\_dump\PS3MFW\PS3MFW-MFW\update_files\CORE_OS_PACKAGE} Error running script: missing ) in expression "... $::patch_cos::options(--add-356keys-to-appld..."and what about this one:
log "Patching Hermes payload pointer Syscall_Map_Open_Desc" set search "\x" set replace "\x80\x00\x00\x00\x00\x2B\xE5\x70"and btw, why do you put every instance in a single process? it only makes things difficult and more open to errors
i have tested this only with 3.55
01-20-2013
06:15 AM
while we appreciate it very much....just lollerdelol...for real..can u please share when fully ready, this is stand-alone app-extract-set folders and ofugo like all other PS3MFW builds....this is just silly...it doesn't work....not saying its to troll the noobs...if it needs something special to setup correctly...post it with the release...now i have enough time to waste but c'mon....
01-20-2013
08:09 AM
error
Selected tasks : patch_cos patch_lv1 patch_xmb patch_vsh
HOME=C:\Users\Dario
USERPROFILE=C:\Users\Dario
PATH=C:\Program Files\SN Systems\PS3\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Users\Dario\AppData\Local\Android\android-sdk;C:\Tcl\bin;C:\Program Files\SN Systems\PS3\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Users\Dario\AppData\Local\Android\android-sdk;C:\pspdev\bin;C:\Users\Dario\Desktop\ps3mfw(1)\ps3mfw\tools;C:\Users\Dario\Desktop\ps3mfw(1)\ps3mfw\tools
Deleting output files
Executing command file delete -force -- ${::CUSTOM_PUP_DIR} ${::ORIGINAL_PUP_DIR} ${::OUT_FILE}
Executing shell fciv {C:\Users\Dario\Desktop\PS3UPDAT.PUP} -v -sha1 -xml db.xml
Error running script: child process exited abnormally
01-20-2013
09:20 AM
[MENTION=121598]haxxxen[/MENTION] your welcome don't worry. Will fix the cos bug right after this post.
. You know that there are more then only peek&poke or lv1 mmap to patch. All thoes things before was done by patching a payload. The advantage of this payload is to have better support for games and homebrew apps truth eg. Syscall8, Redirect of a embended app and what everything else is in the payload.
To "Syscall_Map_Open_Desc" i still forgot to add a uniqu patch value. And yes "346690:" is the offfset in lv2 to patch but for RAM. MFW Builder do not work this way. You need a uniqu search value. This means to play arround with lv2 till you have a uniqu search value. But anyway will also be fixed right after this post.
About the payload, HELL it's a payload you have the same advantage of it like to the begin of the ps3 hacking with the jailbreak sticks
If you are still curios what the advantage of the payload is just read on devwiki about it.
If you have any other question about the code just ask and i will explain to you.
[MENTION=1694]Haze[/MENTION]367 The setup is the same like before. And the app work fine excluding some typo bug's. I don't know which version you've downloaded right now. But i allready posted a .rar in case of that the REPO need a fix. As you can see on the post of [MENTION=121598]haxxxen[/MENTION] MFW builder do work. It's more some tiny typos which are left to fix them but the app will run and do stuff.
Soooo if you come up stating things like
Just to clarify (this is for ALL):
MFW Builder with the time hase got very big. My autogen script only have nearly 1500 lines of code. If you take all code together you will mostly endup with 5000 lines of code. Then next point is that i jumped into the project without any background knowing, without someone telling me how MFW Builder or TCL works. So if you come up with no background knowing, not knowing how much code MFW Builder allready have, not knowing how much work it is to manage 5000 lines of code without the advantage of a debugger which woud tell you such tiny typos in reall time while you typ them, not knowing that i have given my PS3 to a customer in case of his PS3 was a problem console and in case of i needed 5 weeks till the flash was successfull writen i gaved my PS3 in the 3 week to the customer and now i have a problem console which is a pain in the ass to unbrick here, yea well then it could be that dev's just go back in the underground and not share there stuff in puplic like we allready haved seen. So then other teams can pop up and milk you the avarage user just like TrueBlue, Cobra or the 0x00 byte guy which tried to charge PS_Unban with money to give you a new consoleID.
By the way, just go ahead and download the MFW Builder repo of eussNL and just give a trie how many bugs you will find. But i will tell you, a few one. Do you ever have read that some one tell's eussNL what is wrong with his repo ??
Do you know why ? Cause he never released it puplic it is just a private scene thingy stuff and everyone which get the link or find the link by his self is just happy to found it even if it is buggy. No one would complain the app in any case. I have put mine in puplic to use for everyone so i would appreciate if you the user not state things like "The app don't work" while to same time the user above you posted that the app work and that he have found a bug. Really you should say that it dono work "for you" !
At least TCL is a script language and there for there is no debuger (or im to lazy to find one :P ) but anyway the point here is that im coding with Programmer's NotePad without any fancy error log in reall time. So pls if you find a bug just report it here so i can fix it just like [MENTION=121598]haxxxen[/MENTION] and a few other users allready have done.
I hope i was gently and not have sound rude.
[MENTION=236684]Agrippa90[/MENTION]
Just download the .rar and don't use the Repo. I made a misstake will uploading to repo.
01-20-2013
09:22 AM
Thanks [MENTION=215069]cfwprpht[/MENTION]
01-20-2013
09:40 AM
uhm now I have this error
i try create a pure cfw 4.31
thanks for the replies [MENTION=215069]cfwprpht[/MENTION]
01-20-2013
09:56 AM
thanks, [MENTION=215069]cfwprpht[/MENTION] you take your time to correct it. i really appreciate it, as i love this nice app and creating my own mfws.
here is my suggestion to seperate the single instances:
[SPOILER]
proc main { } { set embd [file join dev_flash vsh etc layout_factor_table_272.txt] if {$::patch_cos::options(--patch-lv0-coreos-ecdsa-check)} { set self "lv0" ::modify_coreos_file $self ::patch_cos::patch_self } if {$::patch_cos::options(--patch-spkg-ecdsa-check)} { set self "spu_pkg_rvk_verifier.self" ::modify_coreos_file $self ::patch_cos::patch_self } if {$::patch_cos::options(--patch-appldr-fself-340)} { set self "appldr" ::modify_coreos_file $self ::patch_cos::patch_self } if {$::patch_cos::options(--patch-appldr-fself-330)} { set self "appldr" ::modify_coreos_file $self ::patch_cos::patch_self } if {$::patch_cos::options(--add-356keys-to-appldr341)} { set self "appldr" ::modify_coreos_file $self ::patch_cos::patch_self } if {$::patch_cos::options(--add-360keys-to-appldr355)} { set self "appldr" ::modify_coreos_file $self ::patch_cos::patch_self } if {$::patch_cos::options(--patch-profile-gameos-bootmem-size)} { set spp "default.spp" ::modify_coreos_file $spp ::patch_cos::patch_self } if {$::patch_cos::options(--patch-pup-search-in-game-disc)} { set self "emer_init.self" ::modify_coreos_file $self ::patch_cos::patch_self } if {$::patch_cos::options(--patch-gameos-hdd-region-size) != "" } { set self "emer_init.self" ::modify_coreos_file $self ::patch_cos::patch_self } if {$::patch_cos::options(--patch-lv2-peek-poke-355)} { if {[::patch_cos::check_task] == "true"} { log "WARNING: You enabled Peek&Poke without enabling LV1 mmap or LV2 protection patching." 1 log "WARNING: Patching LV1 mmap or deactivated LV2 protection is necessary for Poke to function." 1 } else { set self "lv2_kernel.self" ::modify_coreos_file $self ::patch_cos::patch_self } } if {$::patch_cos::options(--patch-lv2-lv1-peek-poke-355)} { set self "lv2_kernel.self" ::modify_coreos_file $self ::patch_cos::patch_self } if {$::patch_cos::options(--patch-lv2-lv1-call-355)} { set self "lv2_kernel.self" ::modify_coreos_file $self ::patch_cos::patch_self } if {$::patch_cos::options(--patch-lv2-payload-hermes-355)} { set self "lv2_kernel.self" ::modify_coreos_file $self ::patch_cos::patch_self } if {$::patch_cos::options(--patch-lv2-SC36-355)} { set self "lv2_kernel.self" ::modify_coreos_file $self ::patch_cos::patch_self } if {$::patch_cos::options(--patch-lv2-peek-poke-4x) } { if {[::patch_cos::check_task] == "true"} { log "WARNING: You enabled Peek&Poke without enabling LV1 mmap or LV2 protection patching." 1 log "WARNING: Patching LV1 mmap or deactivated LV2 protection is necessary for Poke to function." 1 } else { set self "lv2_kernel.self" ::modify_coreos_file $self ::patch_cos::patch_self } } if {$::patch_cos::options(--patch-lv2-lv1-peek-poke-4x)} { set self "lv2_kernel.self" ::modify_coreos_file $self ::patch_cos::patch_self } if {$::patch_cos::options(--patch-lv2-npdrm-ecdsa-check)} { set self "lv2_kernel.self" ::modify_coreos_file $self ::patch_cos::patch_self } if {$::patch_cos::options(--patch-lv2-payload-hermes-4x)} { set self "lv2_kernel.self" ::modify_coreos_file $self ::patch_cos::patch_self } if {$::patch_cos::options(--patch-lv2-SC36-4x)} { set self "lv2_kernel.self" ::modify_coreos_file $self ::patch_cos::patch_self } if {$::patch_cos::options(--patch-lv2-payload-hermes-4x)} { if {[file exists $::customize_firmware::options(--customize-embended-app) == 0]} { log "Copy standalone '*Install Package Files' app into dev_flash" ::modify_devflash_file $embd ::copy_ps3_game ${::CUSTOM_PS3_GAME} } } if {$::patch_cos::options(--patch-lv2-payload-hermes-4x)} { if {$::patch_xmb::options(--add-install-pkg)} { log "Copy standalone '*Install Package Files' app into dev_flash" ::modify_devflash_file $embd ::copy_ps3_game ${::CUSTOM_PS3_GAME} } } if {$::patch_cos::options(--patch-lv2-payload-hermes-4x)} { if {$::patch_xmb::options(--add-pkg-mgr)} { log "Copy standalone '*Install Package Files' app into dev_flash" ::modify_devflash_file $embd ::copy_ps3_game ${::CUSTOM_PS3_GAME} } } if {$::patch_cos::options(--patch-lv2-payload-hermes-4x)} { if {$::patch_xmb::options(--add-hb-seg)} { log "Copy standalone '*Install Package Files' app into dev_flash" ::modify_devflash_file $embd ::copy_ps3_game ${::CUSTOM_PS3_GAME} } } if {$::patch_cos::options(--patch-lv2-payload-hermes-4x)} { if {$::patch_xmb::options(--add-emu-seg)} { log "Copy standalone '*Install Package Files' app into dev_flash" ::modify_devflash_file $embd ::copy_ps3_game ${::CUSTOM_PS3_GAME} } } if {$::patch_cos::options(--patch-lv2-payload-hermes-4x)} { if {$::patch_xmb::options(--patch-package-files)} { log "Copy standalone '*Install Package Files' app into dev_flash" ::modify_devflash_file $embd ::copy_ps3_game ${::CUSTOM_PS3_GAME} } } if {$::patch_cos::options(--patch-lv2-payload-hermes-4x)} { if {$::patch_xmb::options(--patch-app-home)} { log "Copy standalone '*Install Package Files' app into dev_flash" ::modify_devflash_file $embd ::copy_ps3_game ${::CUSTOM_PS3_GAME} } } } proc patch_self {self} { if {$::patch_cos::options(--patch-lv0-coreos-ecdsa-check)} { ::modify_self_file $self ::patch_cos::patch_elf } if {$::patch_cos::options(--patch-spkg-ecdsa-check)} { ::modify_self_file $self ::patch_cos::patch_elf } if {$::patch_cos::options(--patch-appldr-fself-340)} { ::modify_self_file $self ::patch_cos::patch_elf } if {$::patch_cos::options(--patch-appldr-fself-330)} { ::modify_self_file $self ::patch_cos::patch_elf } if {$::patch_cos::options(--add-356keys-to-appldr341]} { ::modify_self_file $self ::patch_cos::patch_elf } if {$::patch_cos::options(--add-360keys-to-appldr355)} { ::modify_self_file $self ::patch_cos::patch_elf } if {$::patch_cos::options(--patch-profile-gameos-bootmem-size)} { ::modify_spp_file $spp ::patch_cos::patch_elf } if {$::patch_cos::options(--patch-pup-search-in-game-disc)} { ::modify_self_file $self ::patch_cos::patch_elf } if {$::patch_cos::options(--patch-gameos-hdd-region-size) != "" } { ::modify_self_file $self ::patch_cos::patch_elf } if {$::patch_cos::options(--patch-lv2-peek-poke-355)} { ::modify_self_file $self ::patch_cos::patch_elf } if {$::patch_cos::options(--patch-lv2-lv1-peek-poke-355)} { ::modify_self_file $self ::patch_cos::patch_elf } if {$::patch_cos::options(--patch-lv2-lv1-call-355)} { ::modify_self_file $self ::patch_cos::patch_elf } if {$::patch_cos::options(--patch-lv2-payload-hermes-355)} { ::modify_self_file $self ::patch_cos::patch_elf } if {$::patch_cos::options(--patch-lv2-SC36-355)} { ::modify_self_file $self ::patch_cos::patch_elf } if {$::patch_cos::options(--patch-lv2-peek-poke-4x) } { ::modify_self_file $self ::patch_cos::patch_elf } if {$::patch_cos::options(--patch-lv2-lv1-peek-poke-4x)} { ::modify_self_file $self ::patch_cos::patch_elf } if {$::patch_cos::options(--patch-lv2-npdrm-ecdsa-check)} { ::modify_self_file $self ::patch_cos::patch_elf } if {$::patch_cos::options(--patch-lv2-payload-hermes-4x)} { ::modify_self_file $self ::patch_cos::patch_elf } if {$::patch_cos::options(--patch-lv2-SC36-4x)} { ::modify_self_file $self ::patch_cos::patch_elf } } proc patch_elf {elf} { set size $::patch_cos::options(--patch-gameos-hdd-region-size) if {$::patch_cos::options(--patch-lv0-coreos-ecdsa-check)} { log "Patching Lv0 to disable CoreOS ECDSA check" set search "\xE8\x61\x00\x70\x80\x81\x00\x7C\x48\x00\x09\xB1\xEB" set replace "\x60\x00\x00\x00" catch_die {::patch_elf $elf $search 8 $replace} \ "Unable to patch self [file tail $elf]" } if {$::patch_cos::options(--patch-spkg-ecdsa-check)} { log "Patching SPKG ECDSA verifier to disable ECDSA check" set search "\x40\x80\x0A\x05\x34\x02\xC0\x80\x1C\x28\x00\x81\x3F\xE0\x02\x83" append search "\x34\xFF\xC0\xD0\x34\xFF\x80\xD1\x34\xFF\x40\xD2\x35\x00\x00\x00" set replace "\x40\x80\x00\x03" catch_die {::patch_elf $elf $search 12 $replace} \ "Unable to patch self [file tail $elf]" } if {$::patch_cos::options(--patch-profile-gameos-bootmem-size)} { log "Patching GameOS profile to increase boot memory size" set search "\x50\x53\x33\x5f\x4c\x50\x41\x52\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append search "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x02\x50" append search "\x10\x70\x00\x00\x02\x00\x00\x01\x2f\x66\x6c\x68\x2f\x6f\x73\x2f\x6c\x76\x32\x5f" append search "\x6b\x65\x72\x6e\x65\x6c\x2e\x73\x65\x6c\x66\x00\x00\x00\x00\x00\x00\x00\x00\x00" set replace "\x00\x00\x00\x00\x00\x00\x00\x1b" catch_die {::patch_elf $pp $search 304 $replace} \ "Unable to patch spp [file tail $pp]" } if {$::patch_cos::options(--patch-appldr-fself-340)} { log "Patching Appldr to allow Fself (3.40-3.55)" set search "\x40\x80\x0e\x0c\x20\x00\x57\x83\x32\x00\x04\x80\x32\x80\x80" set replace "\x40\x80\x0e\x0c\x20\x00\x57\x83\x32\x11\x73\x00\x32\x80\x80" catch_die {::patch_elf $elf $search 7 $replace} \ "Unable to patch self [file tail $elf]" } if {$::patch_cos::options(--patch-appldr-fself-330)} { log "Patching Appldr to allow Fself (3.10-3.30)" set search "\x40\x80\x0e\x0d\x20\x00\x69\x09\x32\x00\x04\x80\x32\x80\x80" set replace "\x40\x80\x0e\x0c\x20\x00\x57\x83\x32\x11\x73\x00\x32\x80\x80" catch_die {::patch_elf $elf $search 7 $replace} \ "Unable to patch self [file tail $elf]" } if {$::patch_cos::options(--add-356keys-to-appldr341)} { log "Patching Application loader 3.41 to add 3.56 keys" log "patching revision check" set search "\x5D\x01\x83\x14" set replace "\x5D\x03\x83\x14" catch_die {::patch_elf $elf $search 0 $replace} \ "Unable to patch revision check in appldr self [file tail $elf]" log "patching 2nd keypair addr" set search "\x43\x5D\x28\x06" set replace "\x43\x5b\xD8\x06" catch_die {::patch_elf $elf $search 0 $replace} \ "Unable to patch keys2 addr in appldr self [file tail $elf]" set search "\x00\x00\x00\x00\x00\x95\xF5\x00\x19\xE7\xA6\x8E\x34\x1F\xA7\x2E" set replace "\x95\xF5\x00\x19\xE7\xA6\x8E\x34\x1F\xA7\x2E\xFD\xF4\xD6\x0E\xD3" append replace "\x76\xE2\x5C\xF4\x6B\xB4\x8D\xFD\xD1\xF0\x80\x25\x9D\xC9\x3F\x04" append replace "\x4A\x09\x55\xD9\x46\xDB\x70\xD6\x91\xA6\x40\xBB\x7F\xAE\xCC\x4C" append replace "\x6F\x8D\xF8\xEB\xD0\xA1\xD1\xDB\x08\xB3\x0D\xD3\xA9\x51\xE3\xF1" append replace "\xF2\x7E\x34\x03\x0B\x42\xC7\x29\xC5\x55\x55\x23\x2D\x61\xB8\x34" append replace "\xB8\xBD\xFF\xB0\x7E\x54\xB3\x43\x00\x00\x00\x21\x00\x00\x00\x00" append replace "\x79\x48\x18\x39\xC4\x06\xA6\x32\xBD\xB4\xAC\x09\x3D\x73\xD9\x9A" append replace "\xE1\x58\x7F\x24\xCE\x7E\x69\x19\x2C\x1C\xD0\x01\x02\x74\xA8\xAB" append replace "\x6F\x0F\x25\xE1\xC8\xC4\xB7\xAE\x70\xDF\x96\x8B\x04\x52\x1D\xDA" append replace "\x94\xD1\xB7\x37\x8B\xAF\xF5\xDF\xED\x26\x92\x40\xA7\xA3\x64\xED" append replace "\x68\x44\x67\x41\x62\x2E\x50\xBC\x60\x79\xB6\xE6\x06\xA2\xF8\xE0" append replace "\xA4\xC5\x6E\x5C\xFF\x83\x65\x26\x00\x00\x00\x11\x00\x00\x00\x00" append replace "\x4F\x89\xBE\x98\xDD\xD4\x3C\xAD\x34\x3F\x5B\xA6\xB1\xA1\x33\xB0" append replace "\xA9\x71\x56\x6F\x77\x04\x84\xAA\xC2\x0B\x5D\xD1\xDC\x9F\xA0\x6A" append replace "\x90\xC1\x27\xA9\xB4\x3B\xA9\xD8\xE8\x9F\xE6\x52\x9E\x25\x20\x6F" append replace "\x8C\xA6\x90\x5F\x46\x14\x8D\x7D\x8D\x84\xD2\xAF\xCE\xAE\x61\xB4" append replace "\x1E\x67\x50\xFC\x22\xEA\x43\x5D\xFA\x61\xFC\xE6\xF4\xF8\x60\xEE" append replace "\x4F\x54\xD9\x19\x6C\xA5\x29\x0E\x00\x00\x00\x13\x00\x00\x00\x00" append replace "\xC1\xE6\xA3\x51\xFC\xED\x6A\x06\x36\xBF\xCB\x68\x01\xA0\x94\x2D" append replace "\xB7\xC2\x8B\xDF\xC5\xE0\xA0\x53\xA3\xF5\x2F\x52\xFC\xE9\x75\x4E" append replace "\xE0\x90\x81\x63\xF4\x57\x57\x64\x40\x46\x6A\xCA\xA4\x43\xAE\x7C" append replace "\x50\x02\x2D\x5D\x37\xC9\x79\x05\xF8\x98\xE7\x8E\x7A\xA1\x4A\x0B" append replace "\x5C\xAA\xD5\xCE\x81\x90\xAE\x56\x29\xA1\x0D\x6F\x0C\xF4\x17\x35" append replace "\x97\xB3\x7A\x95\xA7\x54\x5C\x92\x00\x00\x00\x0B\x00\x00\x00\x00" append replace "\x83\x8F\x58\x60\xCF\x97\xCD\xAD\x75\xB3\x99\xCA\x44\xF4\xC2\x14" append replace "\xCD\xF9\x51\xAC\x79\x52\x98\xD7\x1D\xF3\xC3\xB7\xE9\x3A\xAE\xDA" append replace "\x7F\xDB\xB2\xE9\x24\xD1\x82\xBB\x0D\x69\x84\x4A\xDC\x4E\xCA\x5B" append replace "\x1F\x14\x0E\x8E\xF8\x87\xDA\xB5\x2F\x07\x9A\x06\xE6\x91\x5A\x64" append replace "\x60\xB7\x5C\xD2\x56\x83\x4A\x43\xFA\x7A\xF9\x0C\x23\x06\x7A\xF4" append replace "\x12\xED\xAF\xE2\xC1\x77\x8D\x69\x00\x00\x00\x14\x00\x00\x00\x00" append replace "\xC1\x09\xAB\x56\x59\x3D\xE5\xBE\x8B\xA1\x90\x57\x8E\x7D\x81\x09" append replace "\x34\x6E\x86\xA1\x10\x88\xB4\x2C\x72\x7E\x2B\x79\x3F\xD6\x4B\xDC" append replace "\x15\xD3\xF1\x91\x29\x5C\x94\xB0\x9B\x71\xEB\xDE\x08\x8A\x18\x7A" append replace "\xB6\xBB\x0A\x84\xC6\x49\xA9\x0D\x97\xEB\xA5\x5B\x55\x53\x66\xF5" append replace "\x23\x81\xBB\x38\xA8\x4C\x8B\xB7\x1D\xA5\xA5\xA0\x94\x90\x43\xC6" append replace "\xDB\x24\x90\x29\xA4\x31\x56\xF7\x00\x00\x00\x15\x00\x00\x00\x00" append replace "\x6D\xFD\x7A\xFB\x47\x0D\x2B\x2C\x95\x5A\xB2\x22\x64\xB1\xFF\x3C" append replace "\x67\xF1\x80\x98\x3B\x26\xC0\x16\x15\xDE\x9F\x2E\xCC\xBE\x7F\x41" append replace "\x24\xBD\x1C\x19\xD2\xA8\x28\x6B\x8A\xCE\x39\xE4\xA3\x78\x01\xC2" append replace "\x71\xF4\x6A\xC3\x3F\xF8\x9D\xF5\x89\xA1\x00\xA7\xFB\x64\xCE\xAC" append replace "\x24\x4C\x9A\x0C\xBB\xC1\xFD\xCE\x80\xFB\x4B\xF8\xA0\xD2\xE6\x62" append replace "\x93\x30\x9C\xB8\xEE\x8C\xFA\x95\x00\x00\x00\x2C\x00\x00\x00\x00" append replace "\x94\x5B\x99\xC0\xE6\x9C\xAF\x05\x58\xC5\x88\xB9\x5F\xF4\x1B\x23" append replace "\x26\x60\xEC\xB0\x17\x74\x1F\x32\x18\xC1\x2F\x9D\xFD\xEE\xDE\x55" append replace "\x1D\x5E\xFB\xE7\xC5\xD3\x4A\xD6\x0F\x9F\xBC\x46\xA5\x97\x7F\xCE" append replace "\xAB\x28\x4C\xA5\x49\xB2\xDE\x9A\xA5\xC9\x03\xB7\x56\x52\xF7\x8D" append replace "\x19\x2F\x8F\x4A\x8F\x3C\xD9\x92\x09\x41\x5C\x0A\x84\xC5\xC9\xFD" append replace "\x6B\xF3\x09\x5C\x1C\x18\xFF\xCD\x00\x00\x00\x15\x00\x00\x00\x00" append replace "\x2C\x9E\x89\x69\xEC\x44\xDF\xB6\xA8\x77\x1D\xC7\xF7\xFD\xFB\xCC" append replace "\xAF\x32\x9E\xC3\xEC\x07\x09\x00\xCA\xBB\x23\x74\x2A\x9A\x6E\x13" append replace "\x5A\x4C\xEF\xD5\xA9\xC3\xC0\x93\xD0\xB9\x35\x23\x76\xD1\x94\x05" append replace "\x6E\x82\xF6\xB5\x4A\x0E\x9D\xEB\xE4\xA8\xB3\x04\x3E\xE3\xB2\x4C" append replace "\xD9\xBB\xB6\x2B\x44\x16\xB0\x48\x25\x82\xE4\x19\xA2\x55\x2E\x29" append replace "\xAB\x4B\xEA\x0A\x4D\x7F\xA2\xD5\x00\x00\x00\x16\x00\x00\x00\x00" append replace "\xF6\x9E\x4A\x29\x34\xF1\x14\xD8\x9F\x38\x6C\xE7\x66\x38\x83\x66" append replace "\xCD\xD2\x10\xF1\xD8\x91\x3E\x3B\x97\x32\x57\xF1\x20\x1D\x63\x2B" append replace "\xF4\xD5\x35\x06\x93\x01\xEE\x88\x8C\xC2\xA8\x52\xDB\x65\x44\x61" append replace "\x1D\x7B\x97\x4D\x10\xE6\x1C\x2E\xD0\x87\xA0\x98\x15\x35\x90\x46" append replace "\x77\xEC\x07\xE9\x62\x60\xF8\x95\x65\xFF\x7E\xBD\xA4\xEE\x03\x5C" append replace "\x2A\xA9\xBC\xBD\xD5\x89\x3F\x99\x00\x00\x00\x2D\x00\x00\x00\x00" append replace "\x29\x80\x53\x02\xE7\xC9\x2F\x20\x40\x09\x16\x1C\xA9\x3F\x77\x6A" append replace "\x07\x21\x41\xA8\xC4\x6A\x10\x8E\x57\x1C\x46\xD4\x73\xA1\x76\xA3" append replace "\x5D\x1F\xAB\x84\x41\x07\x67\x6A\xBC\xDF\xC2\x5E\xAE\xBC\xB6\x33" append replace "\x09\x30\x1B\x64\x36\xC8\x5B\x53\xCB\x15\x85\x30\x0A\x3F\x1A\xF9" append replace "\xFB\x14\xDB\x7C\x30\x08\x8C\x46\x42\xAD\x66\xD5\xC1\x48\xB8\x99" append replace "\x5B\xB1\xA6\x98\xA8\xC7\x18\x27\x00\x00\x00\x25\x00\x00\x00\x00" append replace "\xA4\xC9\x74\x02\xCC\x8A\x71\xBC\x77\x48\x66\x1F\xE9\xCE\x7D\xF4" append replace "\x4D\xCE\x95\xD0\xD5\x89\x38\xA5\x9F\x47\xB9\xE9\xDB\xA7\xBF\xC3" append replace "\xE4\x79\x2F\x2B\x9D\xB3\x0C\xB8\xD1\x59\x60\x77\xA1\x3F\xB3\xB5" append replace "\x27\x33\xC8\x89\xD2\x89\x55\x0F\xE0\x0E\xAA\x5A\x47\xA3\x4C\xEF" append replace "\x0C\x1A\xF1\x87\x61\x0E\xB0\x7B\xA3\x5D\x2C\x09\xBB\x73\xC8\x0B" append replace "\x24\x4E\xB4\x14\x77\x00\xD1\xBF\x00\x00\x00\x26\x00\x00\x00\x00" append replace "\x98\x14\xEF\xFF\x67\xB7\x07\x4D\x1B\x26\x3B\xF8\x5B\xDC\x85\x76" append replace "\xCE\x9D\xEC\x91\x41\x23\x97\x1B\x16\x94\x72\xA1\xBC\x23\x87\xFA" append replace "\xD4\x3B\x1F\xA8\xBE\x15\x71\x4B\x30\x78\xC2\x39\x08\xBB\x2B\xCA" append replace "\x7D\x19\x86\xC6\xBE\xE6\xCE\x1E\x0C\x58\x93\xBD\x2D\xF2\x03\x88" append replace "\x1F\x40\xD5\x05\x67\x61\xCC\x3F\x1F\x2E\x9D\x9A\x37\x86\x17\xA2" append replace "\xDE\x40\xBA\x5F\x09\x84\x4C\xEB\x00\x00\x00\x3D\x00\x00\x00\x00" append replace "\x03\xB4\xC4\x21\xE0\xC0\xDE\x70\x8C\x0F\x0B\x71\xC2\x4E\x3E\xE0" append replace "\x43\x06\xAE\x73\x83\xD8\xC5\x62\x13\x94\xCC\xB9\x9F\xF7\xA1\x94" append replace "\x5A\xDB\x9E\xAF\xE8\x97\xB5\x4C\xB1\x06\x0D\x68\x85\xBE\x22\xCF" append replace "\x71\x50\x2A\xDB\x57\x83\x58\x3A\xB8\x8B\x2D\x5F\x23\xF4\x19\xAF" append replace "\x01\xC8\xB1\xE7\x2F\xCA\x1E\x69\x4A\xD4\x9F\xE3\x26\x6F\x1F\x9C" append replace "\x61\xEF\xC6\xF2\x9B\x35\x11\x42\x00\x00\x00\x12\x00\x00\x00\x00" catch_die {::patch_elf $elf $search 5 $replace} \ "Unable to patch self [file tail $elf]" } if {$::patch_cos::options(--add-360keys-to-appldr355)} { log "Patching Application loader 3.55 to add 3.60 keys" log "patching ecdsa signature check 0x09EF8 @ 3.55" set search "\x12\x05\x91\x09\x24\xFF\xC0\xD0" set replace "\x48\x20\xC1\x83\x35\x00\x00\x00" catch_die {::patch_elf $elf $search 0 $replace} \ "Unable to patch ecdsa signature check in appldr self [file tail $elf]" log "patching various checks (crapdicrap) 0x02DD0 @ 3.55" set search "\x33\x7F\x8E\x00\x04\x00\x01\xD0\x21\x00\x19\x83" set replace "\x00\x20\x00\x00\x48\x34\x28\x50\x48\x20\xC1\x83" catch_die {::patch_elf $elf $search 0 $replace} \ "Unable to patch various checks (crapdicrap) in appldr self [file tail $elf]" log "patching key revision check 0x013AC @ 3.55" set search "\x5D\x03\x03\x15" set replace "\x5D\x04\x03\x15" catch_die {::patch_elf $elf $search 0 $replace} \ "Unable to patch revision check in appldr self [file tail $elf]" log "patching 2nd keytable addr r6 0x01440 @ 3.55" set search "\x43\x64\x00\x06" set replace "\x43\x61\x90\x06" catch_die {::patch_elf $elf $search 0 $replace} \ "Unable to patch 2nd keytable addr r6 in appldr self [file tail $elf]" log "extend first keytable 0x19820 @ 3.55" set search "\x00\x00\x00\x00\x00\x95\xF5\x00\x19\xE7\xA6\x8E\x34\x1F\xA7\x2E" set replace "\x95\xF5\x00\x19\xE7\xA6\x8E\x34\x1F\xA7\x2E\xFD\xF4\xD6\x0E\xD3" append replace "\x76\xE2\x5C\xF4\x6B\xB4\x8D\xFD\xD1\xF0\x80\x25\x9D\xC9\x3F\x04" append replace "\x4A\x09\x55\xD9\x46\xDB\x70\xD6\x91\xA6\x40\xBB\x7F\xAE\xCC\x4C" append replace "\x6F\x8D\xF8\xEB\xD0\xA1\xD1\xDB\x08\xB3\x0D\xD3\xA9\x51\xE3\xF1" append replace "\xF2\x7E\x34\x03\x0B\x42\xC7\x29\xC5\x55\x55\x23\x2D\x61\xB8\x34" append replace "\xB8\xBD\xFF\xB0\x7E\x54\xB3\x43\x00\x00\x00\x21\x00\x00\x00\x00" append replace "\x79\x48\x18\x39\xC4\x06\xA6\x32\xBD\xB4\xAC\x09\x3D\x73\xD9\x9A" append replace "\xE1\x58\x7F\x24\xCE\x7E\x69\x19\x2C\x1C\xD0\x01\x02\x74\xA8\xAB" append replace "\x6F\x0F\x25\xE1\xC8\xC4\xB7\xAE\x70\xDF\x96\x8B\x04\x52\x1D\xDA" append replace "\x94\xD1\xB7\x37\x8B\xAF\xF5\xDF\xED\x26\x92\x40\xA7\xA3\x64\xED" append replace "\x68\x44\x67\x41\x62\x2E\x50\xBC\x60\x79\xB6\xE6\x06\xA2\xF8\xE0" append replace "\xA4\xC5\x6E\x5C\xFF\x83\x65\x26\x00\x00\x00\x11\x00\x00\x00\x00" append replace "\x4F\x89\xBE\x98\xDD\xD4\x3C\xAD\x34\x3F\x5B\xA6\xB1\xA1\x33\xB0" append replace "\xA9\x71\x56\x6F\x77\x04\x84\xAA\xC2\x0B\x5D\xD1\xDC\x9F\xA0\x6A" append replace "\x90\xC1\x27\xA9\xB4\x3B\xA9\xD8\xE8\x9F\xE6\x52\x9E\x25\x20\x6F" append replace "\x8C\xA6\x90\x5F\x46\x14\x8D\x7D\x8D\x84\xD2\xAF\xCE\xAE\x61\xB4" append replace "\x1E\x67\x50\xFC\x22\xEA\x43\x5D\xFA\x61\xFC\xE6\xF4\xF8\x60\xEE" append replace "\x4F\x54\xD9\x19\x6C\xA5\x29\x0E\x00\x00\x00\x13\x00\x00\x00\x00" append replace "\xC1\xE6\xA3\x51\xFC\xED\x6A\x06\x36\xBF\xCB\x68\x01\xA0\x94\x2D" append replace "\xB7\xC2\x8B\xDF\xC5\xE0\xA0\x53\xA3\xF5\x2F\x52\xFC\xE9\x75\x4E" append replace "\xE0\x90\x81\x63\xF4\x57\x57\x64\x40\x46\x6A\xCA\xA4\x43\xAE\x7C" append replace "\x50\x02\x2D\x5D\x37\xC9\x79\x05\xF8\x98\xE7\x8E\x7A\xA1\x4A\x0B" append replace "\x5C\xAA\xD5\xCE\x81\x90\xAE\x56\x29\xA1\x0D\x6F\x0C\xF4\x17\x35" append replace "\x97\xB3\x7A\x95\xA7\x54\x5C\x92\x00\x00\x00\x0B\x00\x00\x00\x00" append replace "\x83\x8F\x58\x60\xCF\x97\xCD\xAD\x75\xB3\x99\xCA\x44\xF4\xC2\x14" append replace "\xCD\xF9\x51\xAC\x79\x52\x98\xD7\x1D\xF3\xC3\xB7\xE9\x3A\xAE\xDA" append replace "\x7F\xDB\xB2\xE9\x24\xD1\x82\xBB\x0D\x69\x84\x4A\xDC\x4E\xCA\x5B" append replace "\x1F\x14\x0E\x8E\xF8\x87\xDA\xB5\x2F\x07\x9A\x06\xE6\x91\x5A\x64" append replace "\x60\xB7\x5C\xD2\x56\x83\x4A\x43\xFA\x7A\xF9\x0C\x23\x06\x7A\xF4" append replace "\x12\xED\xAF\xE2\xC1\x77\x8D\x69\x00\x00\x00\x14\x00\x00\x00\x00" append replace "\xC1\x09\xAB\x56\x59\x3D\xE5\xBE\x8B\xA1\x90\x57\x8E\x7D\x81\x09" append replace "\x34\x6E\x86\xA1\x10\x88\xB4\x2C\x72\x7E\x2B\x79\x3F\xD6\x4B\xDC" append replace "\x15\xD3\xF1\x91\x29\x5C\x94\xB0\x9B\x71\xEB\xDE\x08\x8A\x18\x7A" append replace "\xB6\xBB\x0A\x84\xC6\x49\xA9\x0D\x97\xEB\xA5\x5B\x55\x53\x66\xF5" append replace "\x23\x81\xBB\x38\xA8\x4C\x8B\xB7\x1D\xA5\xA5\xA0\x94\x90\x43\xC6" append replace "\xDB\x24\x90\x29\xA4\x31\x56\xF7\x00\x00\x00\x15\x00\x00\x00\x00" append replace "\x6D\xFD\x7A\xFB\x47\x0D\x2B\x2C\x95\x5A\xB2\x22\x64\xB1\xFF\x3C" append replace "\x67\xF1\x80\x98\x3B\x26\xC0\x16\x15\xDE\x9F\x2E\xCC\xBE\x7F\x41" append replace "\x24\xBD\x1C\x19\xD2\xA8\x28\x6B\x8A\xCE\x39\xE4\xA3\x78\x01\xC2" append replace "\x71\xF4\x6A\xC3\x3F\xF8\x9D\xF5\x89\xA1\x00\xA7\xFB\x64\xCE\xAC" append replace "\x24\x4C\x9A\x0C\xBB\xC1\xFD\xCE\x80\xFB\x4B\xF8\xA0\xD2\xE6\x62" append replace "\x93\x30\x9C\xB8\xEE\x8C\xFA\x95\x00\x00\x00\x2C\x00\x00\x00\x00" append replace "\x94\x5B\x99\xC0\xE6\x9C\xAF\x05\x58\xC5\x88\xB9\x5F\xF4\x1B\x23" append replace "\x26\x60\xEC\xB0\x17\x74\x1F\x32\x18\xC1\x2F\x9D\xFD\xEE\xDE\x55" append replace "\x1D\x5E\xFB\xE7\xC5\xD3\x4A\xD6\x0F\x9F\xBC\x46\xA5\x97\x7F\xCE" append replace "\xAB\x28\x4C\xA5\x49\xB2\xDE\x9A\xA5\xC9\x03\xB7\x56\x52\xF7\x8D" append replace "\x19\x2F\x8F\x4A\x8F\x3C\xD9\x92\x09\x41\x5C\x0A\x84\xC5\xC9\xFD" append replace "\x6B\xF3\x09\x5C\x1C\x18\xFF\xCD\x00\x00\x00\x15\x00\x00\x00\x00" append replace "\x2C\x9E\x89\x69\xEC\x44\xDF\xB6\xA8\x77\x1D\xC7\xF7\xFD\xFB\xCC" append replace "\xAF\x32\x9E\xC3\xEC\x07\x09\x00\xCA\xBB\x23\x74\x2A\x9A\x6E\x13" append replace "\x5A\x4C\xEF\xD5\xA9\xC3\xC0\x93\xD0\xB9\x35\x23\x76\xD1\x94\x05" append replace "\x6E\x82\xF6\xB5\x4A\x0E\x9D\xEB\xE4\xA8\xB3\x04\x3E\xE3\xB2\x4C" append replace "\xD9\xBB\xB6\x2B\x44\x16\xB0\x48\x25\x82\xE4\x19\xA2\x55\x2E\x29" append replace "\xAB\x4B\xEA\x0A\x4D\x7F\xA2\xD5\x00\x00\x00\x16\x00\x00\x00\x00" append replace "\xF6\x9E\x4A\x29\x34\xF1\x14\xD8\x9F\x38\x6C\xE7\x66\x38\x83\x66" append replace "\xCD\xD2\x10\xF1\xD8\x91\x3E\x3B\x97\x32\x57\xF1\x20\x1D\x63\x2B" append replace "\xF4\xD5\x35\x06\x93\x01\xEE\x88\x8C\xC2\xA8\x52\xDB\x65\x44\x61" append replace "\x1D\x7B\x97\x4D\x10\xE6\x1C\x2E\xD0\x87\xA0\x98\x15\x35\x90\x46" append replace "\x77\xEC\x07\xE9\x62\x60\xF8\x95\x65\xFF\x7E\xBD\xA4\xEE\x03\x5C" append replace "\x2A\xA9\xBC\xBD\xD5\x89\x3F\x99\x00\x00\x00\x2D\x00\x00\x00\x00" append replace "\x29\x80\x53\x02\xE7\xC9\x2F\x20\x40\x09\x16\x1C\xA9\x3F\x77\x6A" append replace "\x07\x21\x41\xA8\xC4\x6A\x10\x8E\x57\x1C\x46\xD4\x73\xA1\x76\xA3" append replace "\x5D\x1F\xAB\x84\x41\x07\x67\x6A\xBC\xDF\xC2\x5E\xAE\xBC\xB6\x33" append replace "\x09\x30\x1B\x64\x36\xC8\x5B\x53\xCB\x15\x85\x30\x0A\x3F\x1A\xF9" append replace "\xFB\x14\xDB\x7C\x30\x08\x8C\x46\x42\xAD\x66\xD5\xC1\x48\xB8\x99" append replace "\x5B\xB1\xA6\x98\xA8\xC7\x18\x27\x00\x00\x00\x25\x00\x00\x00\x00" append replace "\xA4\xC9\x74\x02\xCC\x8A\x71\xBC\x77\x48\x66\x1F\xE9\xCE\x7D\xF4" append replace "\x4D\xCE\x95\xD0\xD5\x89\x38\xA5\x9F\x47\xB9\xE9\xDB\xA7\xBF\xC3" append replace "\xE4\x79\x2F\x2B\x9D\xB3\x0C\xB8\xD1\x59\x60\x77\xA1\x3F\xB3\xB5" append replace "\x27\x33\xC8\x89\xD2\x89\x55\x0F\xE0\x0E\xAA\x5A\x47\xA3\x4C\xEF" append replace "\x0C\x1A\xF1\x87\x61\x0E\xB0\x7B\xA3\x5D\x2C\x09\xBB\x73\xC8\x0B" append replace "\x24\x4E\xB4\x14\x77\x00\xD1\xBF\x00\x00\x00\x26\x00\x00\x00\x00" append replace "\x98\x14\xEF\xFF\x67\xB7\x07\x4D\x1B\x26\x3B\xF8\x5B\xDC\x85\x76" append replace "\xCE\x9D\xEC\x91\x41\x23\x97\x1B\x16\x94\x72\xA1\xBC\x23\x87\xFA" append replace "\xD4\x3B\x1F\xA8\xBE\x15\x71\x4B\x30\x78\xC2\x39\x08\xBB\x2B\xCA" append replace "\x7D\x19\x86\xC6\xBE\xE6\xCE\x1E\x0C\x58\x93\xBD\x2D\xF2\x03\x88" append replace "\x1F\x40\xD5\x05\x67\x61\xCC\x3F\x1F\x2E\x9D\x9A\x37\x86\x17\xA2" append replace "\xDE\x40\xBA\x5F\x09\x84\x4C\xEB\x00\x00\x00\x3D\x00\x00\x00\x00" append replace "\x03\xB4\xC4\x21\xE0\xC0\xDE\x70\x8C\x0F\x0B\x71\xC2\x4E\x3E\xE0" append replace "\x43\x06\xAE\x73\x83\xD8\xC5\x62\x13\x94\xCC\xB9\x9F\xF7\xA1\x94" append replace "\x5A\xDB\x9E\xAF\xE8\x97\xB5\x4C\xB1\x06\x0D\x68\x85\xBE\x22\xCF" append replace "\x71\x50\x2A\xDB\x57\x83\x58\x3A\xB8\x8B\x2D\x5F\x23\xF4\x19\xAF" append replace "\x01\xC8\xB1\xE7\x2F\xCA\x1E\x69\x4A\xD4\x9F\xE3\x26\x6F\x1F\x9C" append replace "\x61\xEF\xC6\xF2\x9B\x35\x11\x42\x00\x00\x00\x12\x00\x00\x00\x00" append replace "\x39\xA8\x70\x17\x3C\x22\x6E\xB8\xA3\xEE\xE9\xCA\x6F\xB6\x75\xE8" append replace "\x20\x39\xB2\xD0\xCC\xB2\x26\x53\xBF\xCE\x4D\xB0\x13\xBA\xEA\x03" append replace "\x90\x26\x6C\x98\xCB\xAA\x06\xC1\xBF\x14\x5F\xF7\x60\xEA\x1B\x45" append replace "\x84\xDE\x56\x92\x80\x98\x48\xE5\xAC\xBE\x25\xBE\x54\x8F\x69\x81" append replace "\xE3\xDB\x14\x73\x5A\x5D\xDE\x1A\x0F\xD1\xF4\x75\x86\x65\x32\xB8" append replace "\x62\xB1\xAB\x6A\x00\x4B\x72\x55\x00\x00\x00\x27\x00\x00\x00\x00" append replace "\xFD\x52\xDF\xA7\xC6\xEE\xF5\x67\x96\x28\xD1\x2E\x26\x7A\xA8\x63" append replace "\xB9\x36\x5E\x6D\xB9\x54\x70\x94\x9C\xFD\x23\x5B\x3F\xCA\x0F\x3B" append replace "\x64\xF5\x02\x96\xCF\x8C\xF4\x9C\xD7\xC6\x43\x57\x28\x87\xDA\x0B" append replace "\x06\x96\xD6\xCC\xBD\x7C\xF5\x85\xEF\x5E\x00\xD5\x47\x50\x3C\x18" append replace "\x5D\x74\x21\x58\x1B\xAD\x19\x6E\x08\x17\x23\xCD\x0A\x97\xFA\x40" append replace "\xB2\xC0\xCD\x24\x92\xB0\xB5\xA1\x00\x00\x00\x3A\x00\x00\x00\x00" append replace "\xA5\xE5\x1A\xD8\xF3\x2F\xFB\xDE\x80\x89\x72\xAC\xEE\x46\x39\x7F" append replace "\x2D\x3F\xE6\xBC\x82\x3C\x82\x18\xEF\x87\x5E\xE3\xA9\xB0\x58\x4F" append replace "\x7A\x20\x3D\x51\x12\xF7\x99\x97\x9D\xF0\xE1\xB8\xB5\xB5\x2A\xA4" append replace "\x50\x59\x7B\x7F\x68\x0D\xD8\x9F\x65\x94\xD9\xBD\xC0\xCB\xEE\x03" append replace "\x66\x6A\xB5\x36\x47\xD0\x48\x7F\x7F\x45\x2F\xE2\xDD\x02\x69\x46" append replace "\x31\xEA\x75\x55\x48\xC9\xE9\x34\x00\x00\x00\x25\x00\x00\x00\x00" catch_die {::patch_elf $elf $search 5 $replace} \ "Unable to patch extend first keytable in appldr self [file tail $elf]" log "patching NPDRM key revision check 0x00B40 @ 3.55" set search "\x5D\x03\x02\x02" set replace "\x5D\x04\x02\x02" catch_die {::patch_elf $elf $search 0 $replace} \ "Unable to patch NPDRM key revision check in appldr self [file tail $elf]" log "patching NPDRM forbidden key revision table size 0x00B50 @ 3.55" set search "\x1C\x02\x02\x87" set replace "\x1C\x03\x02\x87" catch_die {::patch_elf $elf $search 0 $replace} \ "Unable to patch NPDRM forbidden key revision table size in appldr self [file tail $elf]" log "patching NPDRM forbidden key revision table 0x19720 @ 3.55" set search "\x00\x02\x00\x05\x00\x08\x00\x0B\x00\x00\x00\x00\x00\x00\x00\x00" set replace "\x00\x02\x00\x05\x00\x08\x00\x0B\x00\x0E\x00\x11\x00\x00\x00\x00" catch_die {::patch_elf $elf $search 0 $replace} \ "Unable to patch NPDRM forbidden key revision table in appldr self [file tail $elf]" log "patching 2nd keytable addr r11 0x01518 @ 3.55" set search "\x43\x69\x10\x0B" set replace "\x43\x66\xA0\x0B" catch_die {::patch_elf $elf $search 0 $replace} \ "Unable to patch 2nd keytable addr r11 in appldr self [file tail $elf]" log "extend first NPDRM keytable 0x1A240 @ 3.55" set search "\x23\x00\x00\x00\x00\x8E\x73\x72\x30\xC8\x0E\x66\xAD\x01\x62\xED" set replace "\x8E\x73\x72\x30\xC8\x0E\x66\xAD\x01\x62\xED\xDD\x32\xF1\xF7\x74" append replace "\xEE\x5E\x4E\x18\x74\x49\xF1\x90\x79\x43\x7A\x50\x8F\xCF\x9C\x86" append replace "\x7A\xAE\xCC\x60\xAD\x12\xAE\xD9\x0C\x34\x8D\x8C\x11\xD2\xBE\xD5" append replace "\x05\xBF\x09\xCB\x6F\xD7\x80\x50\xC7\x8D\xE6\x9C\xC3\x16\xFF\x27" append replace "\xC9\xF1\xED\x66\xA4\x5B\xFC\xE0\xA1\xE5\xA6\x74\x9B\x19\xBD\x54" append replace "\x6B\xBB\x46\x02\xCF\x37\x34\x40\x00\x00\x00\x0A\x00\x00\x00\x00" append replace "\xF9\xED\xD0\x30\x1F\x77\x0F\xAB\xBA\x88\x63\xD9\x89\x7F\x0F\xEA" append replace "\x65\x51\xB0\x94\x31\xF6\x13\x12\x65\x4E\x28\xF4\x35\x33\xEA\x6B" append replace "\xA5\x51\xCC\xB4\xA4\x2C\x37\xA7\x34\xA2\xB4\xF9\x65\x7D\x55\x40" append replace "\xB0\x5F\x9D\xA5\xF9\x12\x1E\xE4\x03\x14\x67\xE7\x4C\x50\x5C\x29" append replace "\xA8\xE2\x9D\x10\x22\x37\x9E\xDF\xF0\x50\x0B\x9A\xE4\x80\xB5\xDA" append replace "\xB4\x57\x8A\x4C\x61\xC5\xD6\xBF\x00\x00\x00\x11\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x1B\x71\x5B\x0C\x3E\x8D\xC4\xC1\xA5\x77\x2E\xBA\x9C\x5D\x34\xF7" append replace "\xCC\xFE\x5B\x82\x02\x5D\x45\x3F\x31\x67\x56\x64\x97\x23\x96\x64" append replace "\xE3\x1E\x20\x6F\xBB\x8A\xEA\x27\xFA\xB0\xD9\xA2\xFF\xB6\xB6\x2F" append replace "\x3F\x51\xE5\x9F\xC7\x4D\x66\x18\xD3\x44\x31\xFA\x67\x98\x7F\xA1" append replace "\x1A\xBB\xFA\xCC\x71\x11\x81\x14\x73\xCD\x99\x88\xFE\x91\xC4\x3F" append replace "\xC7\x46\x05\xE7\xB8\xCB\x73\x2D\x00\x00\x00\x08\x00\x00\x00\x00" append replace "\xBB\x4D\xBF\x66\xB7\x44\xA3\x39\x34\x17\x2D\x9F\x83\x79\xA7\xA5" append replace "\xEA\x74\xCB\x0F\x55\x9B\xB9\x5D\x0E\x7A\xEC\xE9\x17\x02\xB7\x06" append replace "\xAD\xF7\xB2\x07\xA1\x5A\xC6\x01\x11\x0E\x61\xDD\xFC\x21\x0A\xF6" append replace "\x9C\x32\x74\x71\xBA\xFF\x1F\x87\x7A\xE4\xFE\x29\xF4\x50\x1A\xF5" append replace "\xAD\x6A\x2C\x45\x9F\x86\x22\x69\x7F\x58\x3E\xFC\xA2\xCA\x30\xAB" append replace "\xB5\xCD\x45\xD1\x13\x1C\xAB\x30\x00\x00\x00\x16\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x8B\x4C\x52\x84\x97\x65\xD2\xB5\xFA\x3D\x56\x28\xAF\xB1\x76\x44" append replace "\xD5\x2B\x9F\xFE\xE2\x35\xB4\xC0\xDB\x72\xA6\x28\x67\xEA\xA0\x20" append replace "\x05\x71\x9D\xF1\xB1\xD0\x30\x6C\x03\x91\x0A\xDD\xCE\x4A\xF8\x87" append replace "\x2A\x5D\x6C\x69\x08\xCA\x98\xFC\x47\x40\xD8\x34\xC6\x40\x0E\x6D" append replace "\x6A\xD7\x4C\xF0\xA7\x12\xCF\x1E\x7D\xAE\x80\x6E\x98\x60\x5C\xC3" append replace "\x08\xF6\xA0\x36\x58\xF2\x97\x0E\x00\x00\x00\x29\x00\x00\x00\x00" append replace "\x39\x46\xDF\xAA\x14\x17\x18\xC7\xBE\x33\x9A\x0D\x6C\x26\x30\x1C" append replace "\x76\xB5\x68\xAE\xBC\x5C\xD5\x26\x52\xF2\xE2\xE0\x29\x74\x37\xC3" append replace "\xE4\x89\x7B\xE5\x53\xAE\x02\x5C\xDC\xBF\x2B\x15\xD1\xC9\x23\x4E" append replace "\xA1\x3A\xFE\x8B\x63\xF8\x97\xDA\x2D\x3D\xC3\x98\x7B\x39\x38\x9D" append replace "\xC1\x0B\xAD\x99\xDF\xB7\x03\x83\x8C\x4A\x0B\xC4\xE8\xBB\x44\x65" append replace "\x9C\x72\x6C\xFD\x0C\xE6\x0D\x0E\x00\x00\x00\x17\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x07\x86\xF4\xB0\xCA\x59\x37\xF5\x15\xBD\xCE\x18\x8F\x56\x9B\x2E" append replace "\xF3\x10\x9A\x4D\xA0\x78\x0A\x7A\xA0\x7B\xD8\x9C\x33\x50\x81\x0A" append replace "\x04\xAD\x3C\x2F\x12\x2A\x3B\x35\xE8\x04\x85\x0C\xAD\x14\x2C\x6D" append replace "\xA1\xFE\x61\x03\x5D\xBB\xEA\x5A\x94\xD1\x20\xD0\x3C\x00\x0D\x3B" append replace "\x2F\x08\x4B\x9F\x4A\xFA\x99\xA2\xD4\xA5\x88\xDF\x92\xB8\xF3\x63" append replace "\x27\xCE\x9E\x47\x88\x9A\x45\xD0\x00\x00\x00\x2A\x00\x00\x00\x00" append replace "\x03\xC2\x1A\xD7\x8F\xBB\x6A\x3D\x42\x5E\x9A\xAB\x12\x98\xF9\xFD" append replace "\x70\xE2\x9F\xD4\xE6\xE3\xA3\xC1\x51\x20\x5D\xA5\x0C\x41\x3D\xE4" append replace "\x0A\x99\xD4\xD4\xF8\x30\x1A\x88\x05\x2D\x71\x4A\xD2\xFB\x56\x5E" append replace "\x39\x95\xC3\x90\xC9\xF7\xFB\xBA\xB1\x24\xA1\xC1\x4E\x70\xF9\x74" append replace "\x1A\x5E\x6B\xDF\x17\xA6\x05\xD8\x82\x39\x65\x2C\x8E\xA7\xD5\xFC" append replace "\x9F\x24\xB3\x05\x46\xC1\xE4\x4B\x00\x00\x00\x27\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x35\x7E\xBB\xEA\x26\x5F\xAE\xC2\x71\x18\x2D\x57\x1C\x6C\xD2\xF6" append replace "\x2C\xFA\x04\xD3\x25\x58\x8F\x21\x3D\xB6\xB2\xE0\xED\x16\x6D\x92" append replace "\xD2\x6E\x6D\xD2\xB7\x4C\xD7\x8E\x86\x6E\x74\x2E\x55\x71\xB8\x4F" append replace "\x00\xDC\xF5\x39\x16\x18\x60\x4A\xB4\x2C\x8C\xFF\x3D\xC3\x04\xDF" append replace "\x45\x34\x1E\xBA\x45\x51\x29\x3E\x9E\x2B\x68\xFF\xE2\xDF\x52\x7F" append replace "\xFA\x3B\xE8\x32\x9E\x01\x5E\x57\x00\x00\x00\x3A\x00\x00\x00\x00" append replace "\x33\x7A\x51\x41\x61\x05\xB5\x6E\x40\xD7\xCA\xF1\xB9\x54\xCD\xAF" append replace "\x4E\x76\x45\xF2\x83\x79\x90\x4F\x35\xF2\x7E\x81\xCA\x7B\x69\x57" append replace "\x84\x05\xC8\x8E\x04\x22\x80\xDB\xD7\x94\xEC\x7E\x22\xB7\x40\x02" append replace "\x9B\xFF\x1C\xC7\x11\x8D\x23\x93\xDE\x50\xD5\xCF\x44\x90\x98\x60" append replace "\x68\x34\x11\xA5\x32\x76\x7B\xFD\xAC\x78\x62\x2D\xB9\xE5\x45\x67" append replace "\x53\xFE\x42\x2C\xBA\xFA\x1D\xA1\x00\x00\x00\x18\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x13\x5C\x09\x8C\xBE\x6A\x3E\x03\x7E\xBE\x9F\x2B\xB9\xB3\x02\x18" append replace "\xDD\xE8\xD6\x82\x17\x34\x6F\x9A\xD3\x32\x03\x35\x2F\xBB\x32\x91" append replace "\x40\x70\xC8\x98\xC2\xEA\xAD\x16\x34\xA2\x88\xAA\x54\x7A\x35\xA8" append replace "\xBB\xD7\xCC\xCB\x55\x6C\x2E\xF0\xF9\x08\xDC\x78\x10\xFA\xFC\x37" append replace "\xF2\xE5\x6B\x3D\xAA\x5F\x7F\xAF\x53\xA4\x94\x4A\xA9\xB8\x41\xF7" append replace "\x6A\xB0\x91\xE1\x6B\x23\x14\x33\x00\x00\x00\x3B\x00\x00\x00\x00" append replace "\x4B\x3C\xD1\x0F\x6A\x6A\xA7\xD9\x9F\x9B\x3A\x66\x0C\x35\xAD\xE0" append replace "\x8E\xF0\x1C\x2C\x33\x6B\x9E\x46\xD1\xBB\x56\x78\xB4\x26\x1A\x61" append replace "\xC0\xF2\xAB\x86\xE6\xE0\x45\x75\x52\xDB\x50\xD7\x21\x93\x71\xC5" append replace "\x64\xA5\xC6\x0B\xC2\xAD\x18\xB8\xA2\x37\xE4\xAA\x69\x06\x47\xE1" append replace "\x2B\xF7\xA0\x81\x52\x3F\xAD\x4F\x29\xBE\x89\xAC\xAC\x72\xF7\xAB" append replace "\x43\xC7\x4E\xC9\xAF\xFD\xA2\x13\x00\x00\x00\x27\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" catch_die {::patch_elf $elf $search 5 $replace} \ "Unable to patch extend first NPDRM keytable in appldr self [file tail $elf]" } if {$::patch_cos::options(--patch-pup-search-in-game-disc)} { log "Patching [file tail $elf] to disable searching for update packages in GAME disc" set search "\x80\x01\x00\x74\x2f\x80\x00\x00\x40\x9e\x00\x14\x7f\xa3\xeb\x78" set replace "\x38\x00\x00\x01" catch_die {::patch_elf $elf $search 0 $replace} \ "Unable to patch self [file tail $elf]" } if {$size != ""} { log "Patching [file tail $elf] to create GameOS HDD region of size $size of installed HDD" set search "\xe9\x21\x00\xa0\x79\x4a\x00\x20\xe9\x1b\x00\x00\x38\x00\x00\x00" append search "\x7d\x26\x48\x50\x7d\x49\x03\xa6\x39\x40\x00\x00\x38\xe9\xff\xf8" set replace "\x79\x27" if {[string equal ${size} "1/eighth of drive"] == 1} { append replace "\xe8\xc2" } elseif {[string equal ${size} "1/quarter of drive"] == 1} { append replace "\xf0\x82" } elseif {[string equal ${size} "1/half of drive"] == 1} { append replace "\xf8\x42" } elseif {[string equal ${size} "22GB"] == 1} { append replace "\xfd\x40" } elseif {[string equal ${size} "10GB"] == 1} { append replace "\xfe\xc0" } elseif {[string equal ${size} "20GB"] == 1} { append replace "\xfd\x80" } elseif {[string equal ${size} "30GB"] == 1} { append replace "\xfc\x40" } elseif {[string equal ${size} "40GB"] == 1} { append replace "\xfb\x00" } elseif {[string equal ${size} "50GB"] == 1} { append replace "\xf9\xc0" } elseif {[string equal ${size} "60GB"] == 1} { append replace "\xf8\x80" } elseif {[string equal ${size} "70GB"] == 1} { append replace "\xf7\x40" } elseif {[string equal ${size} "80GB"] == 1} { append replace "\xf6\x00" } elseif {[string equal ${size} "90GB"] == 1} { append replace "\xf4\xc0" } elseif {[string equal ${size} "100GB"] == 1} { append replace "\xf3\x80" } elseif {[string equal ${size} "110GB"] == 1} { append replace "\xf2\x40" } elseif {[string equal ${size} "120GB"] == 1} { append replace "\xf1\x00" } elseif {[string equal ${size} "130GB"] == 1} { append replace "\xef\xc0" } elseif {[string equal ${size} "140GB"] == 1} { append replace "\xee\x80" } elseif {[string equal ${size} "150GB"] == 1} { append replace "\xed\x40" } elseif {[string equal ${size} "160GB"] == 1} { append replace "\xec\x00" } elseif {[string equal ${size} "170GB"] == 1} { append replace "\xea\xc0" } elseif {[string equal ${size} "180GB"] == 1} { append replace "\xe9\x80" } elseif {[string equal ${size} "190GB"] == 1} { append replace "\xe8\x40" } elseif {[string equal ${size} "200GB"] == 1} { append replace "\xe7\x00" } elseif {[string equal ${size} "210GB"] == 1} { append replace "\xe5\xc0" } elseif {[string equal ${size} "220GB"] == 1} { append replace "\xe4\x80" } elseif {[string equal ${size} "230GB"] == 1} { append replace "\xe3\x40" } elseif {[string equal ${size} "240GB"] == 1} { append replace "\xe2\x00" } elseif {[string equal ${size} "250GB"] == 1} { append replace "\xe0\xc0" } elseif {[string equal ${size} "260GB"] == 1} { append replace "\xdf\x80" } elseif {[string equal ${size} "270GB"] == 1} { append replace "\xde\x40" } elseif {[string equal ${size} "280GB"] == 1} { append replace "\xdd\x00" } elseif {[string equal ${size} "290GB"] == 1} { append replace "\xdb\xc0" } elseif {[string equal ${size} "300GB"] == 1} { append replace "\xda\x80" } elseif {[string equal ${size} "310GB"] == 1} { append replace "\xd9\x40" } elseif {[string equal ${size} "320GB"] == 1} { append replace "\xd8\x00" } elseif {[string equal ${size} "330GB"] == 1} { append replace "\xd6\xc0" } elseif {[string equal ${size} "340GB"] == 1} { append replace "\xd5\x80" } elseif {[string equal ${size} "350GB"] == 1} { append replace "\xd4\x40" } elseif {[string equal ${size} "360GB"] == 1} { append replace "\xd3\x00" } elseif {[string equal ${size} "370GB"] == 1} { append replace "\xd1\xc0" } elseif {[string equal ${size} "380GB"] == 1} { append replace "\xd0\x80" } elseif {[string equal ${size} "390GB"] == 1} { append replace "\xcf\x40" } elseif {[string equal ${size} "400GB"] == 1} { append replace "\xce\x00" } elseif {[string equal ${size} "410GB"] == 1} { append replace "\xcc\xc0" } elseif {[string equal ${size} "420GB"] == 1} { append replace "\xcb\x80" } elseif {[string equal ${size} "430GB"] == 1} { append replace "\xca\x40" } elseif {[string equal ${size} "440GB"] == 1} { append replace "\xc9\x00" } elseif {[string equal ${size} "450GB"] == 1} { append replace "\xc7\xc0" } elseif {[string equal ${size} "460GB"] == 1} { append replace "\xc6\x80" } elseif {[string equal ${size} "470GB"] == 1} { append replace "\xc5\x40" } elseif {[string equal ${size} "480GB"] == 1} { append replace "\xc4\x00" } elseif {[string equal ${size} "490GB"] == 1} { append replace "\xc2\xc0" } elseif {[string equal ${size} "500GB"] == 1} { append replace "\xc1\x80" } elseif {[string equal ${size} "510GB"] == 1} { append replace "\xc0\x40" } elseif {[string equal ${size} "520GB"] == 1} { append replace "\xbf\x00" } elseif {[string equal ${size} "530GB"] == 1} { append replace "\xbd\xc0" } elseif {[string equal ${size} "540GB"] == 1} { append replace "\xbc\x80" } elseif {[string equal ${size} "550GB"] == 1} { append replace "\xbb\x40" } elseif {[string equal ${size} "560GB"] == 1} { append replace "\xba\x00" } elseif {[string equal ${size} "570GB"] == 1} { append replace "\xb8\xc0" } elseif {[string equal ${size} "580GB"] == 1} { append replace "\xb7\x80" } elseif {[string equal ${size} "590GB"] == 1} { append replace "\xb6\x40" } elseif {[string equal ${size} "600GB"] == 1} { append replace "\xb5\x00" } elseif {[string equal ${size} "610GB"] == 1} { append replace "\xb3\xc0" } elseif {[string equal ${size} "620GB"] == 1} { append replace "\xb2\x80" } elseif {[string equal ${size} "630GB"] == 1} { append replace "\xb1\x40" } elseif {[string equal ${size} "640GB"] == 1} { append replace "\xb0\x00" } elseif {[string equal ${size} "650GB"] == 1} { append replace "\xae\xc0" } elseif {[string equal ${size} "660GB"] == 1} { append replace "\xad\x80" } elseif {[string equal ${size} "670GB"] == 1} { append replace "\xac\x40" } elseif {[string equal ${size} "680GB"] == 1} { append replace "\xab\x00" } elseif {[string equal ${size} "690GB"] == 1} { append replace "\xa9\xc0" } elseif {[string equal ${size} "700GB"] == 1} { append replace "\xa8\x80" } elseif {[string equal ${size} "710GB"] == 1} { append replace "\xa7\x40" } elseif {[string equal ${size} "720GB"] == 1} { append replace "\xa6\x00" } elseif {[string equal ${size} "730GB"] == 1} { append replace "\xa4\xc0" } elseif {[string equal ${size} "740GB"] == 1} { append replace "\xa3\x80" } elseif {[string equal ${size} "750GB"] == 1} { append replace "\xa2\x40" } elseif {[string equal ${size} "760GB"] == 1} { append replace "\xa1\x00" } elseif {[string equal ${size} "770GB"] == 1} { append replace "\x9f\xc0" } elseif {[string equal ${size} "780GB"] == 1} { append replace "\x9e\x80" } elseif {[string equal ${size} "790GB"] == 1} { append replace "\x9d\x40" } elseif {[string equal ${size} "800GB"] == 1} { append replace "\x9c\x00" } elseif {[string equal ${size} "810GB"] == 1} { append replace "\x9a\xc0" } elseif {[string equal ${size} "820GB"] == 1} { append replace "\x99\x80" } elseif {[string equal ${size} "830GB"] == 1} { append replace "\x98\x40" } elseif {[string equal ${size} "840GB"] == 1} { append replace "\x97\x00" } elseif {[string equal ${size} "850GB"] == 1} { append replace "\x95\xc0" } elseif {[string equal ${size} "860GB"] == 1} { append replace "\x94\x80" } elseif {[string equal ${size} "870GB"] == 1} { append replace "\x93\x40" } elseif {[string equal ${size} "880GB"] == 1} { append replace "\x92\x00" } elseif {[string equal ${size} "890GB"] == 1} { append replace "\x90\xc0" } elseif {[string equal ${size} "900GB"] == 1} { append replace "\x8f\x80" } elseif {[string equal ${size} "910GB"] == 1} { append replace "\x8e\x40" } elseif {[string equal ${size} "920GB"] == 1} { append replace "\x8d\x00" } elseif {[string equal ${size} "930GB"] == 1} { append replace "\x8b\xc0" } elseif {[string equal ${size} "940GB"] == 1} { append replace "\x8a\x80" } elseif {[string equal ${size} "950GB"] == 1} { append replace "\x89\x40" } elseif {[string equal ${size} "960GB"] == 1} { append replace "\x88\x00" } elseif {[string equal ${size} "970GB"] == 1} { append replace "\x86\xc0" } elseif {[string equal ${size} "980GB"] == 1} { append replace "\x85\x80" } elseif {[string equal ${size} "990GB"] == 1} { append replace "\x84\x40" } elseif {[string equal ${size} "1000GB"] == 1} { append replace "\x83\x00" } catch_die {::patch_elf $elf $search 28 $replace} \ "Unable to patch self [file tail $elf]" } if {$::patch_cos::options(--patch-lv2-peek-poke-355)} { log "Patching LV2 to allow Peek and Poke support" set search "\xEB\xA1\x00\x88\x38\x60\x00\x00\xEB\xC1\x00\x90\xEB\xE1\x00\x98" append search "\x7C\x08\x03\xA6\x7C\x63\x07\xB4\x38\x21\x00\xA0\x4E\x80\x00\x20" append search "\x3C\x60\x80\x01\x60\x63\x00\x03\x4E\x80\x00\x20\x3C\x60\x80\x01" append search "\x60\x63\x00\x03\x4E\x80\x00\x20" set replace "\xE8\x63\x00\x00\x60\x00\x00\x00\x4E\x80\x00\x20\xF8\x83\x00\x00\x60\x00\x00\x00" catch_die {::patch_elf $elf $search 32 $replace} \ "Unable to patch self [file tail $elf]" } if {$::patch_cos::options(--patch-lv2-lv1-peek-poke-355)} { log "Patching LV2 to allow LV1 Peek and Poke support (3.55)" set search "\x7C\x71\x43\xA6\x7C\x92\x43\xA6\x7C\xB3\x43\xA6\x48" set replace "\x7C\x08\x02\xA6\xF8\x01\x00\x10\x39\x60\x00\xB6\x44\x00\x00\x22" append replace "\x7C\x83\x23\x78\xE8\x01\x00\x10\x7C\x08\x03\xA6\x4E\x80\x00\x20" append replace "\x7C\x08\x02\xA6\xF8\x01\x00\x10\x39\x60\x00\xB7\x44\x00\x00\x22" append replace "\x38\x60\x00\x00\xE8\x01\x00\x10\x7C\x08\x03\xA6\x4E\x80\x00\x20" catch_die {::patch_elf $elf $search 5644 $replace} \ "Unable to patch self [file tail $elf]" set search "\xEB\xA1\x00\x88\x38\x60\x00\x00\xEB\xC1\x00\x90\xEB\xE1\x00\x98" append search "\x7C\x08\x03\xA6\x7C\x63\x07\xB4\x38\x21\x00\xA0\x4E\x80\x00\x20" set replace "\x4B\xFE\x83\xB8\x60\x00\x00\x00\x60\x00\x00\x00\x4B\xFE\x83\xCC" append replace "\x60\x00\x00\x00\x60\x00\x00\x00" catch_die {::patch_elf $elf $search 56 $replace} \ "Unable to patch self [file tail $elf]" } if {$::patch_cos::options(--patch-lv2-lv1-call-355)} { log "Patching LV2 to allow LV1 Call support (3.55)" set search "\x7C\x71\x43\xA6\x7C\x92\x43\xA6\x7C\xB3\x43\xA6\x48" set replace "\x7C\x08\x02\xA6\xF8\x01\x00\x10\x7D\x4B\x53\x78\x44\x00\x00\x22" append replace "\xE8\x01\x00\x10\x7C\x08\x03\xA6\x4E\x80\x00\x20" catch_die {::patch_elf $elf $search 5708 $replace} \ "Unable to patch self [file tail $elf]" set search "\xEB\xA1\x00\x88\x38\x60\x00\x00\xEB\xC1\x00\x90\xEB\xE1\x00\x98" append search "\x7C\x08\x03\xA6\x7C\x63\x07\xB4\x38\x21\x00\xA0\x4E\x80\x00\x20" set replace "\x4B\xFE\x83\xE0\x60\x00\x00\x00\x60\x00\x00\x00" catch_die {::patch_elf $elf $search 80 $replace} \ "Unable to patch self [file tail $elf]" } if {$::patch_cos::options(--patch-lv2-payload-hermes-355)} { log "Patching Hermes payload 3.55 into LV2" set search "\x4B\xFF\xFD\x04\xE8\x01\x00\x90\x60\x63\x00\x02\xEB\xC1\x00\x70" set replace "\x25\x64\x25\x73\x25\x30\x31\x36\x6C\x78\x25\x30\x31\x36\x6C\x6C" append replace "\x78\x25\x30\x31\x36\x6C\x6C\x78\x25\x73\x25\x73\x25\x30\x38\x78" append replace "\x25\x64\x25\x31\x64\x25\x31\x64\x25\x31\x64\x41\x41\x41\x0A\x00" append replace "\xF8\x21\xFF\x31\x7C\x08\x02\xA6\xF8\x01\x00\xE0\xFB\xE1\x00\xC8" append replace "\x38\x81\x00\x70\x4B\xEC\xF7\x85\x3B\xE0\x00\x01\x7B\xFF\xF8\x06" append replace "\x67\xFF\x00\x2B\x63\xFF\xE5\x5C\xE8\x7F\x00\x00\x2C\x23\x00\x00" append replace "\x41\x82\x00\x0C\x38\x80\x00\x27\x4B\xDA\x2A\xAD\x38\x80\x00\x27" append replace "\x38\x60\x08\x00\x4B\xDA\x26\x65\xF8\x7F\x00\x00\xE8\x81\x00\x70" append replace "\x4B\xD9\x01\x65\xE8\x61\x00\x70\x38\x80\x00\x27\x4B\xDA\x2A\x89" append replace "\xE8\x7F\x00\x00\x4B\xD9\x01\x79\xE8\x9F\x00\x00\x7C\x64\x1A\x14" append replace "\xF8\x7F\x00\x08\x38\x60\x00\x00\xEB\xE1\x00\xC8\xE8\x01\x00\xE0" append replace "\x38\x21\x00\xD0\x7C\x08\x03\xA6\x4E\x80\x00\x20\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x80\x00\x00\x00\x00\x2B\xE4\xD0\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append replace "\xF8\x21\xFF\x61\x7C\x08\x02\xA6\xFB\x81\x00\x80\xFB\xA1\x00\x88" append replace "\xFB\xE1\x00\x98\xFB\x41\x00\x70\xFB\x61\x00\x78\xF8\x01\x00\xB0" append replace "\x7C\x9C\x23\x78\x7C\x7D\x1B\x78\x3B\xE0\x00\x01\x7B\xFF\xF8\x06" append replace "\x67\xE4\x00\x2B\x60\x84\xE6\x64\x38\xA0\x00\x09\x4B\xD9\x00\xFD" append replace "\x28\x23\x00\x00\x40\x82\x00\x30\x67\xFF\x00\x2B\x63\xFF\xE5\x5C" append replace "\xE8\x7F\x00\x00\x28\x23\x00\x00\x41\x82\x00\x14\xE8\x7F\x00\x08" append replace "\x38\x9D\x00\x09\x4B\xD9\x00\x81\xEB\xBF\x00\x00\x7F\xA3\xEB\x78" append replace "\x4B\xFF\x4C\x8C\x7F\xA3\xEB\x78\x3B\xE0\x00\x01\x7B\xFF\xF8\x06" append replace "\x67\xE4\x00\x2B\x60\x84\xE6\x6E\x38\xA0\x00\x09\x4B\xD9\x00\xAD" append replace "\x28\x23\x00\x00\x40\x82\x00\x28\x67\xFF\x00\x2B\x63\xFF\xE5\x5C" append replace "\xE8\x7F\x00\x00\x28\x23\x00\x00\x41\x82\x00\x14\xE8\x7F\x00\x08" append replace "\x38\x9D\x00\x09\x4B\xD9\x00\x31\xEB\xBF\x00\x00\x7F\xA3\xEB\x78" append replace "\x4B\xFF\x4C\x3C\x2F\x64\x65\x76\x5F\x62\x64\x76\x64\x00\x2F\x61" append replace "\x70\x70\x5F\x68\x6F\x6D\x65\x00" catch_die {::patch_elf $elf $search 0 $replace} \ "Unable to patch self [file tail $elf]" log "Patching Hermes payload pointer Syscall_Map_Open_Desc" set search "\x" set replace "\x80\x00\x00\x00\x00\x2B\xE5\x70" catch_die {::patch_elf $elf $search 0 $replace} \ "Unable to patch self [file tail $elf]" } if {$::patch_cos::options(--patch-lv2-SC36-355)} { log "Patching LV2 SysCall36 3.55 CFW" set search "\x7C\x7F\x1B\x78\x41\xC2\x00\x58\x80\x1F\x00\x48\x2F\x80\x00\x02" set replace "\x60\x00\x00\x00\x80\x1F\x00\x48\x48\x00\x00\x98" catch_die {::patch_elf $elf $search 4 $replace} \ "Unable to patch self [file tail $elf]" set search "\x7C\xF9\x3B\x78\x90\x1D\x00\x80\x90\x1D\x00\x84\xF9\x3D\x00\x90" append search "\x91\x3D\x00\x98\xF8\xDD\x00\xA0" set replace "\x60\x00\x00\x00\x90\x1D\x00\x80\x90\x1D\x00\x84\xF9\x3D\x00\x90" append replace "\x91\x3D\x00\x98\x60\x00\x00\x00" catch_die {::patch_elf $elf $search 0 $replace} \ "Unable to patch self [file tail $elf]" } if {$::patch_cos::options(--patch-lv2-peek-poke-4x)} { log "Patching LV2 peek&poke for 4.xx CFW" set search "\x63\xFF\x00\x3E\x4B\xFF\xFF\x0C" set replace "\x3F\xE0\x80\x01\x3B\xE0\x00\x00" catch_die {::patch_elf $elf $search 0 $replace} \ "Unable to patch self [file tail $elf]" set search "\x51\x7C\x7D\x1B\x78\x4B\xFF\xFF\x34\xF8\x21\xFF\x61\x7C\x08\x02\xA6" set replace "\x48\x02\x62\xC4" catch_die {::patch_elf $elf $search 9 $replace} \ "Unable to patch self [file tail $elf]" set search "\x41\x9E\xFF\xD4\x38\xDE" set replace "\x60\x00\x00\x00" catch_die {::patch_elf $elf $search 0 $replace} \ "Unable to patch self [file tail $elf]" } if {$::patch_cos::options(--patch-lv2-lv1-peek-poke-4x)} { log "Patching LV1 peek&poke call permission for LV2 into LV2" set search "\x7C\x71\x43\xA6\x7C\x92\x43\xA6\x48\x00\x00\x00\x00\x00\x00\x00" append search "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" append search "\x7C\x71\x43\xA6\x7C\x92\x43\xA6" set replace "\xE8\x63\x00\x00\x4E\x80\x00\x20\xF8\x83\x00\x00\x4E\x80\x00\x20" append replace "\x7C\x08\x02\xA6\xF8\x01\x00\x10\x39\x60\x00\xB6\x44\x00\x00\x22" append replace "\x7C\x83\x23\x78\xE8\x01\x00\x10\x7C\x08\x03\xA6\x4E\x80\x00\x20" append replace "\x7C\x08\x02\xA6\xF8\x01\x00\x10\x39\x60\x00\xB7\x44\x00\x00\x22" append replace "\x38\x60\x00\x00\xE8\x01\x00\x10\x7C\x08\x03\xA6\x4E\x80\x00\x20" append replace "\x7C\x08\x02\xA6\xF8\x01\x00\x10\x7D\x4B\x53\x78\x44\x00\x00\x22" append replace "\xE8\x01\x00\x10\x7C\x08\x03\xA6\x4E\x80\x00\x20\x80\x00\x00\x00" append replace "\x00\x00\x17\x0C\x80\x00\x00\x00\x00\x00\x17\x14\x80\x00\x00\x00" append replace "\x00\x00\x17\x1C\x80\x00\x00\x00\x00\x00\x17\x3C\x80\x00\x00\x00" append replace "\x00\x00\x17\x5C" catch_die {::patch_elf $elf $search 3060 $replace} \ "Unable to patch self [file tail $elf]" set search "\x80\x00\x00\x00\x00\x2F\xEA\x40" set replace "\x80\x00\x00\x00\x00\x00\x17\x78\x80\x00\x00\x00\x00\x00\x17\x80" append replace "\x80\x00\x00\x00\x00\x00\x17\x88\x80\x00\x00\x00\x00\x00\x17\x90" append replace "\x80\x00\x00\x00\x00\x00\x17\x98" catch_die {::patch_elf $elf $search 16 $replace} \ "Unable to patch self [file tail $elf]" } if {$::patch_cos::options(--patch-lv2-npdrm-ecdsa-check)} { log "Patching NPDRM ECDSA check disabled" set search "\x41\x9E\xFD\x68\x4B\xFF\xFD\x68\xE9\x22\x99\x90\x7C\x08\x02\xA6" set replace "\x38\x60\x00\x00\x4E\x80\x00\x20" catch_die {::patch_elf $elf $search 8 $replace} \ "Unable to patch self [file tail $elf]" } if {$::patch_cos::options(--patch-lv2-SC36-4x)} { log "Patching LV2 with SysCall36 4.xx CFW" set search "\x41\x9E\x00\xD8\x41\x9D\x00\xC0\x2F\x84\x00\x04\x40\x9C\x00\x48" set replace "\x60\x00\x00\x00\x2F\x84\x00\x04\x48\x00\x00\x98" catch_die {::patch_elf $elf $search 4 $replace} \ "Unable to patch self [file tail $elf]" set search "\x41\x9E\x00\x70\xE8\x61\x01\x88" set replace "\x60\x00\x00\x00" catch_die {::patch_elf $elf $search 0 $replace} \ "Unable to patch self [file tail $elf]" set search "\x4B\xFF\xF3\x31\x54\x63\x06\x3E\x2F\x83\x00\x00\x41\x9E\x00\x70" set replace "\x60\x00\x00\x00" catch_die {::patch_elf $elf $search 12 $replace} \ "Unable to patch self [file tail $elf]" } if {$::patch_cos::options(--patch-lv2-payload-hermes-4x)} { log "Patching Hermes payload 4.xx into LV2" set search "\x52\x52\x30\x20\x3A\x20\x30\x78" set replace "\xF8\x21\xFF\x61\x7C\x08\x02\xA6\xFB\x81\x00\x80\xFB\xA1\x00\x88" append replace "\xFB\xE1\x00\x98\xFB\x41\x00\x70\xFB\x61\x00\x78\xF8\x01\x00\xB0" append replace "\x7C\x9C\x23\x78\x7C\x7D\x1B\x78\x3B\xE0\x00\x01\x7B\xFF\xF8\x06" append replace "\x67\xE4\x00\x2E\x60\x84\xA0\x0C\x38\xA0\x00\x02\x4B\xD6\x47\x71" append replace "\x28\x23\x00\x00\x40\x82\x00\x28\x67\xFF\x00\x2E\x63\xFF\xA0\x1C" append replace "\xE8\x7F\x00\x00\x28\x23\x00\x00\x41\x82\x00\x14\xE8\x7F\x00\x08" append replace "\x38\x9D\x00\x09\x4B\xD6\x46\xF5\xEB\xBF\x00\x00\x7F\xA3\xEB\x78" append replace "\x4B\xFD\x9C\xF4\x2F\x61\x70\x70\x5F\x68\x6F\x6D\x65\x00\x00\x00" append replace "\x00\x00\x00\x00\x80\x00\x00\x00\x00\x2E\xA0\x2C\x80\x00\x00\x00" append replace "\x00\x2E\xA0\x3A\x2F\x64\x65\x76\x5F\x66\x6C\x61\x73\x68\x2F\x6D" append replace "\x66\x77\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" catch_die {::patch_elf $elf $search 0 $replace} \ "Unable to patch self [file tail $elf]" } }though it still errors on "patch_cos::options(--add-356keys-to-appldr341". maybe making a seperate task as original?
and those several "patch-lv2-payload-hermes-4x" patches with install pkg file, should also be defined, as they do not appear on base.tcl. but maybe this is noobish and you will find better results
another edit
guess i was blind again, sorry. you have defined the options in ps3mfw_base.tcl...just ignore this last note
01-20-2013
10:00 AM
thx [MENTION=215069]cfwprpht[/MENTION] for the reply.....need to give it another shot...i can't pinpoint the problem and ofcourse can be user errors to...like to roll one u know
01-20-2013
10:11 AM
another question, if i create a mfw from those working hermes patches, leaving the map_desc_blabla for now, would it break lv2?
i am too lazy to hook up the e3flasher and i am still waiting for the linker as the clip is crap
edit
[MENTION=215069]cfwprpht[/MENTION]
ok, my suggestion runs fine without appldr key add and the non working map_desc patch, but it now errors on rebuilding file with double self extension:
Rebuilding self file lv2_kernel.self.self Executing command makeself $in $out Executing shell scetool -0 SELF -1 TRUE -2 00 -3 {} -4 ff000000 -5 {} -A 0003005500000000 -6 0003005500000000 -e E:/_dump/PS3MFW/PS3MFW-MFW/update_files/CORE_OS_PACKAGE/lv2_kernel.self.elf E:/_dump/PS3MFW/PS3MFW-MFW/update_files/CORE_OS_PACKAGE/lv2_kernel.self.self Error running script: error renaming "E:/_dump/PS3MFW/PS3MFW-MFW/update_files/CORE_OS_PACKAGE/lv2_kernel.self.self": no such file or directoryedit2
it seems there are problems with scetool and rebuilding self, but i cannot determine the errors myself. if i rebuild the file manually with same options the file gets smaller. guess this is no good in the end?
maybe using these options is better?
01-26-2013
11:58 AM
Help please [MENTION=215069]cfwprpht[/MENTION]
this would be a stable tool? is full of errors, even the cfw 3.55 not able to make
always report error
02-01-2013
04:26 AM
Hi cfwprophet. I've downloaded the rar of your MFW, I set the .ps3 keys and all other things and run the app. But I have always this error:
"Error running script: child process exited abnormally"
Why?
Thanks a lot!
02-04-2013
03:59 PM
after some switching around managed to get as far a Agrippa90, the data keys first gave error on lv0, that error fixed, then this (using
Unofficial_MFW_Builder_0.2.3_PRE-Release
9578e63816cf1c966453ba5bd2960dc1
update:
ps3mfw.rar
3651d5a68ba4e7ddc6f7934343d2c0a1
the first couple errors are user faults..folder setup....but then the "lv0 pattern" is a script or whatever error, not our pc setups
Modifying CORE_OS file lv0 unpkg-ing file CORE_OS_PACKAGE.pkg Executing command unpkg $pkg $dest Executing shell unpkg {C:\Users\xxx\Desktop\TOOLS\ps3mfw\Work\PS3MFW-MFW\update_files\CORE_OS_PACKAGE.pkg} {C:\Users\xxx\Desktop\TOOLS\ps3mfw\Work\PS3MFW-MFW\update_files\CORE_OS_PACKAGE.unpkg} cosunpkg-ing file content Executing command cosunpkg $pkg $dest Executing shell cosunpkg {C:\Users\xxx\Desktop\TOOLS\ps3mfw\Work\PS3MFW-MFW\update_files\CORE_OS_PACKAGE.unpkg\content} {C:\Users\xxx\Desktop\TOOLS\ps3mfw\Work\PS3MFW-MFW\update_files\CORE_OS_PACKAGE} Modifying self/sprx file lv0 Decrypting self file lv0 Executing command unself $in $out Executing shell scetool -d {C:\Users\xxxx\Desktop\TOOLS\ps3mfw\Work\PS3MFW-MFW\update_files\CORE_OS_PACKAGE\lv0} {C:\Users\xxx\Desktop\TOOLS\ps3mfw\Work\PS3MFW-MFW\update_files\CORE_OS_PACKAGE\lv0.elf} Patching Lv0 to disable CoreOS ECDSA check Executing command ::patch_elf $elf $search 8 $replace offset: 162528 Patching SPKG ECDSA verifier to disable ECDSA check Executing command ::patch_elf $elf $search 12 $replace FATAL ERROR: Unable to patch self lv0.elf : Could not find pattern to patch See C:/Users/xxx/Desktop/TOOLS/ps3mfw/Work/ps3mfw.log for more info Last lines of log : ***************** [*] Error: Unknown type 'SPKG'.[*] Error: Unknown type 'SPKG'.[*] Error: Unknown type 'SPKG'.[*] ELF written to C:\Users\xxx\Desktop\TOOLS\ps3mfw\Work\PS3MFW-MFW\update_files\CORE_OS_PACKAGE\lv0.elf. Patching Lv0 to disable CoreOS ECDSA check Executing command ::patch_elf $elf $search 8 $replace offset: 162528 Patching SPKG ECDSA verifier to disable ECDSA check Executing command ::patch_elf $elf $search 12 $replace [colol=red]FATAL ERROR: Unable to patch self lv0.elf : Could not find pattern to patch ***************** Error running script: Unable to patch self lv0.elf : Could not find pattern to patch[/color]02-04-2013
04:15 PM
this task does not work, only if the common variables are modified in base task. this is not stable at all, but better than last time.
i think i could make it work, but what about scetool?
cause the question remains on my side, what happens if i use coreos files smaller than original rebuilt only with scetool?
02-04-2013
04:38 PM
haha..with me always when posting&testing..most times things fail..switched some stuff
around and FINALLY..it made the "acid cfw profile" 430 pup, selecting the "coreos" only at first spitted out the error ^, overwriten from the git latest files and errors...switched back to the "ps3mfw.rar" with ^md5 and the "ps3mfw" file in that is from 13-01-2013
5c74048580e426a7d6ded03553be03b7
finally produced the "default" selected "Auto generate Pre-definated CFW's - AC1D
lets see what the other "tasks" give as result
thx again cuse if working its realy nice
02-04-2013
04:55 PM
So now do you have a working version? Can you share it? Thanks :D
02-04-2013
05:25 PM
nvm................
auto-gen script works atleast..great stuff
02-05-2013
03:11 PM
this conclusion must be a late one
anyway after some.....
it seems the "auto-gen" script - ac1d cfw selected works fine on 430pup
it has all the "important" patches checked e.g coreos stuff
when unchecking the "auto-gen" script/tlc and manually only select the "same" coreos patches (4.xx ones) it spits out an error = incomplete tlc/script? its a tad hard to compare the two...and maybe some input on the sha-1 check from where u get this "value"? or not possible to do any 4.31? thx anyway..
02-05-2013
05:31 PM
i have enabled input of new hash checks based on your own folders, so you can put the pup in any folder. i have nothing else changed, so it is still cfwprophets's work.
i would recommend deleting db.xml and let the app create itself a new one with your own pup locations. you have to choose disable pup hash check option
i will take another look on tasks later on, as i am not very self confident at the moment.
02-05-2013
05:37 PM
thx haxxxen we wont rest until a fluent working version is released
for real when u see the custom pup building its a great piece of code...
maybe i can also compare and see whats missing in the "tasks" files, a quik look at it...some lines are missing..take out the scripts per task from auto-gen tlc..just a bit of work..
02-05-2013
05:47 PM
if i can give you a working coreos task, would you test a 3.55 mfw with scetool modified coreos files? i am asking because the files get smaller and if there is any problem with it.
just want to be on safe side before doing this and no regrets afterwards. i know it works for 4.x mfws as the cos files are different in sIze in any of them.
edit
i am asking, because i am assuming you have a flasher...
02-05-2013
06:09 PM
nvm....no tests...
02-06-2013
01:08 PM
puh, i have to admit these new tasks are beasts to understand and to debug errors.
i am still working on the autogen task which also does not work for me. cannot understand how it works for you [MENTION=138171]haz367[/MENTION]? can you share your setup/task?
there are some minor typos, which prevents the script (from his last rar archive) from running to the end. though the 4.x one works better than 3.55.
i want only to fix these typos and not writing a complete new task. this is too much work for me and not really intended (and i like the way he pushed all in single processes)
seems he only concentrated on acid and 4.x mfws
edit
there is a bug with hash verifying and adding, so i will investigate these first
02-06-2013
03:24 PM
hey [MENTION=121598]haxxxen[/MENTION], yes when using his latest rar something is wrong and produce error, can't re-check now, i believe it starts at the beginning with the db.xml, can't say for sure...after messing around and switching some..finally the "auto-gen ac1d" worked from start til end
not tested it but the pup was made without errors....and its a bit obvious he/they concentrate on 4.xx now, its u stuck on 355 
j/k....
im gonna give it a go if realy bored...think i've seen in a hurry some lines are missing e.g the first task in coreos / lv1 something is missing in the stand-alone tasks?!
and agreed on the tlc/scripts..lot of txt...
the setup i'm using u can get here, its cfwprophets's stuff only switched some files..can't remember either..zipped it already to make sure i didn't change it
just do for easy testing:
create folder TOOLS on desktop
drop ps3mfw into TOOLS
edit the "settings.xml" to read ur "username"
add the missing keys..(data+PS3_KEYS)
whop...cfw430_ac1d.pup
and here's a (part) of that log from created testpup..
http://pastie.org/6081909
ps3mfw
http://rghost.net/43606358
02-07-2013
01:51 AM
nevermind...
02-07-2013
07:55 AM
nvm either........
02-07-2013
09:11 AM
yeah, that is why i've edited my previous post. it is totally his right to only make the autogen for acid task work, but still it is annoying to see the other options and they do not work by default.
though there is not much new inside of these, only the 4.x stuff and hermes patches are completely new and of course the scetool routine.
i will try to extract the 4.x stuff and make new standalone ones. at least this rogero stuff he could have tested and edited properly.
but then, i will most likely remove this hash function, as it does not work properly. i could make it available only if the options are selected in gui, but then the verifying does not work and gives green light on every pup, even it is not in database. and the other way round it will add every pup again, even it is already in database. this would be the best solution, but the database will grow with every modded pup. i will test with it further, but i am not that good at modding such tasks (to be honest, i am working most times with trial and error)
but don't expect it in a rush. these will take me a while.
edit
...nevertheless, he did a very great job with these tasks, which look too complicated to me.
02-07-2013
12:17 PM
right..i wouldn't even know where to start..huge scripts..cant see head nor tail..and + 1 on the great work, doesn't change the fact its quiet about it,no feedback from anyone..so left with a total beta ps3mfw..hope we see some improvement on it
02-07-2013
12:31 PM
the only beta about it is the unknown result by resigning the files with scetool i would say. i can only speak of devflash files, which seem to work fine, but dunno about coreos. the files definately get smaller because of compression other than with the old selfrebuilder where the size exactly matches.
damn it i have no spare ps3 anymore, then i would test it immediately and report back.
edit
now i have tried these hermes patches on 3.55 and what a surprise, it breaks lv2 and bricks ps3 to blackscreen. luckily recovery has still worked, but somehow it wasn't possible to use the pad in recovery, as it did not synchronize. so i had to use fsm which luckily has worked in the end. so to all of you, stay away from this ****, and i will not take any measures, to make the tasks available. i am happy i hadn't to use flasher.
even if this **** will work for 4.x i will not do anything, as i have learned my lesson once again. so thanks mr cfwprpht, and sorry [MENTION=138171]haz367[/MENTION] i even have asked for tests. and i was about to make it work for dex 3.55...tzzz
02-10-2013
07:03 AM
hey [MENTION=121598]haxxxen[/MENTION] no worries...i feel ur pain man..i would have tested for u though....releasing this knowing its not complete..no feedback etc from anyone...have to say again..ac1d pup completed fine..what i think about it all? let me keep it in cuse i dont like to sound like an ass but this sir is SILLY
02-10-2013
02:04 PM
the real thing about this is, i would not complain about using flasher, but my only working ps3 has pc heatsink mods, which i do not want to remove, only because of flasher usage.
the saying never touch a running system comes to fruition on this one...though i have over reacted with the post maybe as i am not mad at him at all. it was my own choice, but i really was insecure if trying this one and my feelings were true again
on the other hand, i have learned, if messing with lv2 (lv1?) only, the ps3 is able to be recovered with easy software methods, but messing with appldr will break the whole chain and does not let you do anything without a hardware flasher
02-10-2013
03:53 PM
yeah yeah keep backing down/defending
...whatever...still beta...anyone running the AC1D one? i also like to test stuff but nobody but us...meh...moving on... 
02-10-2013
08:19 PM
The other day (1 week ago or so) we was talking with cfwprophet in irc about mfw, i pointed him to this threat to read your bug reports
In resume... he said is busy with other problems of his work by now, but mfw is not abandoned
Keep testing, maybe he will include your fixes in the last version, bug reports are always usefull
02-10-2013
08:30 PM
what shall i test? the only new thing for me is hermes direct payload, nothing else. and as i am still with 3.55 and no intention to update i cannot test 4.x stuff. and to be honest, this acid mod does not interest me at all as i am using my own one
my working ps3 is my precious baby, so i will not mess with her.
the other things do work with a little bit of rework by seperating the all in one tasks. though the autogen task only works with dex or 4.x ofws as the spkg routine automatically searches for spkg hdrs, which are not present in 3.55- ofws. and modifying this is over my head. i am no expert with tcl but i can modify most of them to my likings. and about the lv0 patches i am unsure, as rebug has a hell lot of lv0 patched
edit
so my noticed bugs:
- fciv does not work properly, if the add function is enabled. though it is very uncomfortable, as it also adds already existing entries
- autogen seems to work only with dex or 3.56+ ofws as it searches automatically for spkgs
- hermes payload does not work on 3.55 dex, as it breaks lv2 and blackscreens. maybe this open desc patch is essential?
- autogen only works for acid mod and no rogero, but only 4.30
- patch emer_init.self does also not work as long as it is not defined in base.tcl. if set proper it works just fine
- patch_cos.tcl is way too compact and not working
(- i miss the freedom you had with official releases)
otheros i haven't tested yet
it should not be limited to specific ofws and should work with all that you throw at it
the scetool routine works just fine now
here is my base.tcl which works fine with emer_init.self (have just added the definition for it):
03-06-2013
02:45 PM
the ouput file to unpack the pup does not work !!
here is log!
[spoiler]Selected tasks :
HOME=C:\Documents and Settings\DELL
USERPROFILE=C:\Documents and Settings\DELL
PATH=C:\TclDevKit\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files\QuickTime\QTSystem\;C:\Documents and Settings\DELL\Desktop\mfw-master cfwprpt\mfw-master\tools
Deleting output files
Executing command file delete -force -- ${::CUSTOM_PUP_DIR} ${::ORIGINAL_PUP_DIR} ${::OUT_FILE}
Adding the SHA1 of the Input PUP to the DB
Executing shell fciv -add {C:\Documents and Settings\DELL\Desktop\4.31 OFW\ps3updat_431.pup} -wp -sha1 -xml db.xml
//
// File Checksum Integrity Verifier version 2.05.
//
Unpacking source PUP ps3updat_431.pup
Executing command pup_extract ${pup} ${dest}
FATAL ERROR: Error extracting PUP file ps3updat_431.pup : can't read "::PUPUNPACK": no such variable
Error running script: Error extracting PUP file ps3updat_431.pup : can't read "::PUPUNPACK": no such variable[/spoiler]
here is fix for fciv ! (2 formats!)
cmd line
it fixed the prob and here is the second way!
# Add the input OFW SHA1 to the DB if {${::SHADD} == "false"} { debug "Adding the SHA1 of the Input PUP to the DB" sha1_check ${input} } # Check input OFW PUP SHA1 if {${::SHCHK} == "false"} { set catch [catch [sha1_verify ${input}]] if {$catch == 1} { log "Error!!" log "SHA1 of input PUP do not match any knowen SHA1" after 20000 exit 0 } elseif {$catch == 0} { log "PUP SHA1 of input OFW match knowen SHA1!" } unset catch }03-14-2013
08:00 AM
Well... i have not seen him again in irc, i imagine he is still busy or with other personal problems, but i cant speak for him
Maybe a quote to his nick here [MENTION=215069]cfwprpht[/MENTION] in the case he logins in the forum, or a push in his github https://github.com/cfwprpht/mfw ?
There are no edits in the git from 2 months ago, but is nice it exists because anyone can improve it
03-19-2013
06:09 AM
also or improving it, i know im still a bit chunky but ill get us to it with time,
if you see him in irc please leave him a word
03-24-2013
05:47 AM
You missunderstood the function and why i have made it on that way for now. I havn't the time to test other FW's there for i only added thoes one or two (can't remember right now
)
You should give a look into the file "ps3mfw" with no extansion. There is something written like that:
So change back your "false" 2 "true" and follow the instruction above. Then start MFW Builder and be surprised