so here some news for you.
There have always been problems debugging SPU elf files, since
there are almost no debugger know to do this, ecxept really slow terminal and anergistic.
wicth is almost impossiple to use..
and its in the spu files, the goodie stuff is.
normally in exampel ida pro, you could open spu, but not debugg them, so almost useless.
you have to find the software, yourself but this little command in linux or cygwin
appldr.elf(SPU FILE)
Code:
spu_elf-to-ppu_obj.exe --strip-mode=none --writable appldr.elf appldrppc.elf
isoldr.elf(SPU FILE)
Code:
$ spu_elf-to-ppu_obj.exe --strip-mode=none --writable isoldr.elf elfisoldr8.elf
it turns the appldr into PPC insteed of SPU.
Code:
zadow
@zadow
-PC ~/ann
$ spu-lv2-readelf -a appldrppc.elf
ELF-hoved:
Magi: 7f 45 4c 46 02 02 01 66 00 00 00 00 00 00 00 00
Klasse: ELF64
Data: 2-komplement, big endian
Version: 1 (current)
OS/ABI: CellOS Lv-2
ABI-version: 0
Type: REL (relok▒rbar fil)
Maskine: PowerPC64
Version: 0x1
Indgangsodresse: 0x0
Start for programhoveder: 0 (byte inde i filen)
Start for sektionshoveder: 128528 (byte inde i filen)
Flag: 0x1000000
Dette hoveds st▒rrelse: 64 (byte)
Programhovedernes st▒rrelse: 0 (byte)
Antal programhoveder: 0
Sektionshovedernes st▒rrelse: 64 (byte)
Antal sektionshoveder: 10
Sektionshovedets strengtabelsindeks: 7
Now we can debuggug into Memory, and find those hidden goddies
this is some of the string from the RAM from isoldr.elf in memory
Code:
RAM:00141660 00000005 C D$\bv
RAM:00141682 00000005 C D$\be
RAM:001416A4 00000005 C D$\b{
RAM:001416C6 00000005 C D$\b}
RAM:00141792 00000005 C D$\b\b
RAM:00142DB0 0000002F C __new__ takes at most one positional parameter
RAM:00142DE0 00000023 C variant_level must be non-negative
RAM:00142E04 0000004D C The number of nested variants wrapping the real data. 0 if not in a variant.
RAM:00142E51 0000001A C %s(%s, variant_level=%ld)
RAM:00142E6B 00000007 C %s(%s)
RAM:00142E72 00000015 C __dbus_object_path__
RAM:00142E87 0000000E C variant_level
RAM:00142E95 0000001E C attribute name must be string
RAM:00142EB3 00000018 C _dbus_bindings._IntBase
RAM:00142ECB 0000001A C _dbus_bindings._FloatBase
RAM:00142EE5 00000018 C _dbus_bindings._StrBase
RAM:00142EFD 00000019 C _dbus_bindings._LongBase
RAM:00142F16 00000012 C s:set_unique_name
RAM:00142F28 0000000B C self->conn
RAM:00142F37 00000014 C Unknown bus type %d
RAM:00142F4B 00000010 C address_or_type
RAM:00142F5B 00000009 C mainloop
RAM:00142F64 00000030 C This connection already has a unique name: '%s'
RAM:00142F94 00000027 C This connection has no unique name yet
RAM:00142FBC 00000034 C A string address or an integer bus type is required
RAM:00142FF0 0000003C C Byte constructor takes no more than one positional argument
RAM:0014302C 0000003C C Expected a string of length 1, or an int in the range 0-255
RAM:0014306C 0000001C C Integer outside range 0-255
RAM:00143088 0000000A C dbus.Byte
RAM:00143092 0000000F C dbus.ByteArray
RAM:001430A5 0000001E C A dbus.Connection is required
RAM:001430C3 0000001A C _dbus_bindings.Connection
RAM:001430DD 00000008 C address
RAM:001430E8 00000054 C Newly created D-Bus connection already has a Connection instance associated with it
RAM:0014313C 00000048 C D-Bus connection does not have a Connection instance associated with it
RAM:00143184 00000055 C Return from D-Bus message handler callback should be None, NotImplemented or integer
RAM:001431DC 00000068 C Integer return from D-Bus message handler callback should be a DBUS_HANDLER_RESULT_... constant, not %d
RAM:00143244 00000035 C Connection is in an invalid state: no DBusConnection
RAM:00143279 0000001A C O:_unregister_object_path
RAM:00143293 00000011 C Timeout too long
RAM:001432A4 0000001E C OO|fi:send_message_with_reply
RAM:001432C2 00000007 C remove
RAM:001432C9 0000001C C OO|Oi:_register_object_path
RAM:001432E5 00000005 C (OO)
RAM:001432EA 00000019 C i:set_exit_on_disconnect
RAM:00143303 00000013 C _require_main_loop
RAM:00143316 00000006 C close
RAM:0014331C 00000006 C flush
RAM:00143322 00000011 C get_is_connected
RAM:00143333 00000015 C get_is_authenticated
RAM:00143348 0000000C C get_unix_fd
RAM:00143354 00000013 C get_peer_unix_user
RAM:00143367 00000019 C get_peer_unix_process_id
RAM:00143380 00000013 C add_message_filter
RAM:00143393 00000016 C remove_message_filter
RAM:001433A9 0000000D C send_message
RAM:001433B6 0000001C C list_exported_child_objects
RAM:001433D2 0000000D C _new_for_bus
RAM:001433DF 00000010 C get_unique_name
RAM:001433F3 0000000E C reply_handler
RAM:00143401 0000000A C timeout_s
RAM:0014340B 0000000B C on_message
RAM:00143416 0000000E C on_unregister
RAM:00143424 00000009 C fallback
RAM:00143430 000000C7 C To make asynchronous calls, receive signals or export objects, D-Bus connections must be attached to a main loop by passing mainloop=... to the constructor or calling dbus.set_default_main_loop(...)
RAM:001434F8 00000025 C path must be a str or unicode object
RAM:00143520 0000004C C Can't unregister the object-path handler for '%s': there is no such handler
RAM:0014356C 00000026 C O|f:send_message_with_reply_and_block
RAM:00143594 00000038 C Connection is disconnected - unable to make method call
RAM:001435CC 0000004C C Can't register the object-path handler for '%s': there is already a handler
RAM:00143624 00000033 C Mb@A__new__ takes exactly one positional parameter
RAM:00143658 0000001F C D-Bus structs may not be empty
RAM:00143678 00000028 C %s(%s, signature=%s, variant_level=%ld)
RAM:001436A0 00000042 C The key type in a Dictionary's signature must be a primitive type
RAM:001436E4 0000004F C There must be exactly two complete types in a Dictionary's signature parameter
RAM:00143734 0000004A C There must be exactly one complete type in an Array's signature parameter
RAM:00143780 00000049 C The D-Bus signature of each element of this Array (a Signature instance)
RAM:001437CC 00000080 C The D-Bus signature of each key in this Dictionary, followed by that of each value in this Dictionary, as a Signature instance.
RAM:0014384C 0000000C C |Ol:__new__
RAM:00143858 00000015 C %s(%s, signature=%s)
RAM:0014386D 0000000E C |OOO:__init__
RAM:0014387B 0000000B C dbus.Array
RAM:00143886 00000010 C dbus.Dictionary
RAM:00143896 0000000C C dbus.Struct
RAM:001438A2 00000014 C mapping_or_iterable
RAM:001438B6 00000010 C dbus.exceptions
RAM:001438C6 0000000E C DBusException
RAM:001438D4 00000011 C _dbus_error_name
RAM:001438E5 0000000C C dbus.Double
RAM:001438F1 00000014 C Object is immutable
RAM:00143908 00000027 C Instances of this type are not ordered
RAM:00143933 00000005 C True
RAM:00143938 00000006 C False
RAM:0014393E 0000000D C dbus.Boolean
RAM:0014394B 0000000B C dbus.Int16
RAM:00143956 0000000C C dbus.UInt16
RAM:00143962 0000000B C dbus.Int32
RAM:0014396D 0000000C C dbus.UInt32
RAM:00143979 0000000B C dbus.Int64
RAM:00143984 0000000C C dbus.UInt64
RAM:00143990 00000021 C Value %d out of range for UInt16
RAM:001439B4 00000020 C Value %d out of range for Int16
RAM:001439D4 00000022 C Timeout object is no longer valid
RAM:001439F8 00000034 C A dbus.mainloop.NativeMainLoop instance is required
RAM:00143A2C 0000001C C FD watch is no longer valid
RAM:00143A4A 0000000F C NULL_MAIN_LOOP
RAM:00143A59 00000015 C _dbus_bindings.Watch
RAM:00143A6E 00000017 C _dbus_bindings.Timeout
RAM:00143A85 0000001D C dbus.mainloop.NativeMainLoop
RAM:00143AA2 00000007 C fileno
RAM:00143AA9 0000000A C get_flags
RAM:00143AB3 00000007 C handle
RAM:00143ABA 0000000C C get_enabled
RAM:00143AC6 0000000D C get_interval
RAM:00143AD4 00000026 C __dbus_object_path__ must be a string
RAM:00143AFC 0000003C C String parameters to be sent over D-Bus must be valid UTF-8
RAM:00143B38 00000024 C Expected a string or unicode object
RAM:00143B5C 0000002D C Unable to guess signature from an empty list
RAM:00143B8C 0000002D C Unable to guess signature from an empty dict
RAM:00143BBC 0000003B C Don't know how which D-Bus type to use to encode type \"%s\"
RAM:00143BF8 00000047 C More items found in struct's D-Bus signature than in Python arguments
RAM:00143C40 00000037 C Expected a string of length 1 byte, but found %d bytes
RAM:00143C78 00000022 C %d outside range for a byte value
RAM:00143C9C 0000003E C Fewer items found in D-Bus signature than in Python arguments
RAM:00143CDC 00000027 C Unknown type '\\x%x' in D-Bus signature
RAM:00143D04 00000046 C Internal error: _signature_string_from_pyobject returned a bad result
RAM:00143D4C 0000003D C More items found in D-Bus signature than in Python arguments
RAM:00143D8A 0000000A unicode bqxuD
RAM:00143D94 0000001D C -Bus structs cannot be empty
RAM:00143DB3 00000005 C join
RAM:00143DBA 00000006 C a{%s}
RAM:00143DC0 00000008 C a{%s%s}
RAM:00143DC8 00000011 C message-append.c
RAM:00143DDD 00000005 C (s#)
RAM:00143DE2 0000000A C |z:append
RAM:00143DEC 00000017 C Corrupt type signature
RAM:00143FEC 00000012 C MethodCallMessage
RAM:00143FFE 00000014 C MethodReturnMessage
RAM:00144012 0000000D C sss:__init__
RAM:0014401F 0000000E C O!sz:__init__
RAM:0014402D 0000000C C O!:__init__
RAM:00144039 0000000E C zszs:__init__
RAM:00144047 00000011 C z:set_error_name
RAM:00144058 00000010 C z:set_interface
RAM:00144068 00000010 C z:has_interface
RAM:00144078 00000012 C z:set_destination
RAM:0014408A 00000012 C s:has_destination
RAM:0014409C 0000000D C z:set_sender
RAM:001440A9 0000000D C s:has_sender
RAM:001440B6 00000010 C s:has_signature
RAM:001440C6 0000000B C z:set_path
RAM:001440D1 0000000B C z:has_path
RAM:001440DC 0000000D C z:set_member
RAM:001440E9 0000000D C z:has_member
RAM:001440F6 0000000D C ss:is_signal
RAM:00144103 0000000B C s:is_error
RAM:0014410E 00000012 C ss:is_method_call
RAM:00144120 00000016 C dbus.lowlevel.Message
RAM:00144136 0000001B C dbus.lowlevel.ErrorMessage
RAM:00144151 0000001C C dbus.lowlevel.SignalMessage
RAM:0014416D 00000009 C reply_to
RAM:00144176 0000000E C error_message
RAM:00144184 00000007 C method
RAM:0014418B 00000005 C copy
RAM:00144190 00000010 C guess_signature
RAM:001441A0 0000000F C get_auto_start
RAM:001441AF 0000000F C set_auto_start
RAM:001441BE 00000010 C get_destination
RAM:001441CE 0000000F C get_error_name
RAM:001441DD 0000000E C get_interface
RAM:001441EB 0000000B C get_member
RAM:001441F6 00000009 C get_path
RAM:001441FF 00000014 C get_path_decomposed
RAM:00144213 0000000D C get_no_reply
RAM:00144220 0000000D C set_no_reply
RAM:0014422D 00000011 C get_reply_serial
RAM:0014423E 00000011 C set_reply_serial
RAM:0014424F 0000000B C get_sender
RAM:0014425A 0000000B C get_serial
RAM:00144265 0000000E C get_signature
RAM:00144273 00000009 C get_type
RAM:0014427C 0000005F C Message object is uninitialized, or has become unusable due to error while appending arguments
RAM:001442DC 0000002D C A dbus.lowlevel.Message instance is required
RAM:0014430C 00000020 C dbus.lowlevel.MethodCallMessage
RAM:0014432C 00000022 C dbus.lowlevel.MethodReturnMessage
RAM:00144366 00000012 C |ii:get_args_list
RAM:00144378 0000000C C byte_arrays
RAM:00144384 0000000D C utf8_strings
RAM:00144394 00000024 C Unknown type '\\%x' in D-Bus message
RAM:001443B8 0000002C C get_args_list takes no positional arguments
RAM:00144448 00000008 C 2.4.2c1
RAM:00144450 0000000F C _dbus_bindings
RAM:0014445F 00000015 C org.freedesktop.DBus
RAM:00144474 00000010 C BUS_DAEMON_NAME
RAM:00144484 00000016 C /org/freedesktop/DBus
RAM:0014449A 00000010 C BUS_DAEMON_PATH
RAM:001444AA 00000011 C BUS_DAEMON_IFACE
RAM:001444BB 0000001C C /org/freedesktop/DBus/Local
RAM:001444D7 0000000B C LOCAL_PATH
RAM:001444E2 0000001B C org.freedesktop.DBus.Local
RAM:001444FD 0000000C C LOCAL_IFACE
RAM:00144509 00000015 C INTROSPECTABLE_IFACE
RAM:0014451E 0000001A C org.freedesktop.DBus.Peer
RAM:00144538 0000000B C PEER_IFACE
RAM:00144543 00000011 C PROPERTIES_IFACE
RAM:00144554 00000019 C DBUS_START_REPLY_SUCCESS
RAM:0014456D 0000001C C RELEASE_NAME_REPLY_RELEASED
RAM:00144589 0000001D C RELEASE_NAME_REPLY_NOT_OWNER
RAM:001445A6 0000001C C REQUEST_NAME_REPLY_IN_QUEUE
RAM:001445C2 0000001A C REQUEST_NAME_REPLY_EXISTS
RAM:001445DC 0000001C C NAME_FLAG_ALLOW_REPLACEMENT
RAM:001445F8 0000001B C NAME_FLAG_REPLACE_EXISTING
RAM:00144613 00000017 C NAME_FLAG_DO_NOT_QUEUE
RAM:0014462A 0000000C C BUS_SESSION
RAM:00144636 0000000B C BUS_SYSTEM
RAM:00144641 0000000C C BUS_STARTER
RAM:0014464D 00000015 C MESSAGE_TYPE_INVALID
RAM:00144662 00000019 C MESSAGE_TYPE_METHOD_CALL
RAM:0014467B 0000001B C MESSAGE_TYPE_METHOD_RETURN
RAM:00144696 00000013 C MESSAGE_TYPE_ERROR
RAM:001446A9 00000014 C MESSAGE_TYPE_SIGNAL
RAM:001446BD 0000000A C TYPE_BYTE
RAM:001446C7 0000000D C TYPE_BOOLEAN
RAM:001446D4 0000000B C TYPE_INT16
RAM:001446DF 0000000C C TYPE_UINT16
RAM:001446EB 0000000B C TYPE_INT32
RAM:001446F6 0000000C C TYPE_UINT32
RAM:00144702 0000000B C TYPE_INT64
RAM:0014470D 0000000C C TYPE_UINT64
RAM:00144719 0000000C C TYPE_DOUBLE
RAM:00144725 0000000C C TYPE_STRING
RAM:00144731 00000011 C TYPE_OBJECT_PATH
RAM:00144742 0000000F C TYPE_SIGNATURE
RAM:00144751 0000000B C TYPE_ARRAY
RAM:0014475C 0000000C C TYPE_STRUCT
RAM:00144768 0000000D C STRUCT_BEGIN
RAM:00144775 0000000B C STRUCT_END
RAM:00144780 0000000D C TYPE_VARIANT
RAM:0014478D 00000010 C TYPE_DICT_ENTRY
RAM:0014479D 00000011 C DICT_ENTRY_BEGIN
RAM:001447AE 0000000F C DICT_ENTRY_END
RAM:001447BD 00000017 C HANDLER_RESULT_HANDLED
RAM:001447D4 0000001B C HANDLER_RESULT_NEED_MEMORY
RAM:001447EF 0000000F C WATCH_READABLE
RAM:001447FE 0000000F C WATCH_WRITABLE
RAM:0014480D 0000000D C WATCH_HANGUP
RAM:0014481A 0000000C C WATCH_ERROR
RAM:00144826 00000011 C restructuredtext
RAM:00144837 0000000E C __docformat__
RAM:00144845 00000007 C 0.81.1
RAM:0014484C 0000000C C __version__
RAM:00144858 00000010 C _python_version
RAM:00144868 00000007 C _C_API
RAM:0014486F 00000017 C s:validate_object_path
RAM:00144886 00000017 C s|ii:validate_bus_name
RAM:0014489D 00000017 C s:validate_member_name
RAM:001448B4 0000001A C s:validate_interface_name
RAM:001448CE 00000016 C set_default_main_loop
RAM:001448E4 00000016 C get_default_main_loop
RAM:001448FA 00000014 C validate_error_name
RAM:0014490E 0000000D C allow_unique
RAM:0014491B 00000011 C allow_well_known
RAM:0014492C 00000024 C org.freedesktop.DBus.Introspectable
RAM:00144950 00000020 C org.freedesktop.DBus.Properties
RAM:00144970 00000021 C DBUS_START_REPLY_ALREADY_RUNNING
RAM:00144994 00000020 C RELEASE_NAME_REPLY_NON_EXISTENT
RAM:001449B4 00000021 C REQUEST_NAME_REPLY_PRIMARY_OWNER
RAM:001449D8 00000021 C REQUEST_NAME_REPLY_ALREADY_OWNER
RAM:001449FC 0000001F C HANDLER_RESULT_NOT_YET_HANDLED
RAM:00144A20 0000001A C dbus.lowlevel.PendingCall
RAM:00144A3A 00000006 C block
RAM:00144A40 00000007 C cancel
RAM:00144A47 0000000E C get_completed
RAM:00144A58 00000053 C D-Bus notify function was called for an incomplete pending call (shouldn't happen)
RAM:00144AAB 0000000C C s|O:__new__
RAM:00144AB7 0000000F C dbus.Signature
RAM:00144AC6 0000001E C _dbus_bindings._SignatureIter
RAM:00144AE4 00000069 C dbus-python is not compatible with this version of Python (unicode objects are assumed to be fixed-size)
RAM:00144B50 0000004C C The number of nested variants wrapping the real data. 0 if not in a variant
RAM:00144B9C 0000000C C s|l:__new__
RAM:00144BA8 00000010 C dbus.UTF8String
RAM:00144BB8 00000010 C dbus.ObjectPath
RAM:00144BC8 0000000C C dbus.String
RAM:00144BD4 00000006 C value
RAM:00144BDC 00000032 C Invalid object path '%s': does not start with '/'
RAM:00144C10 00000032 C Invalid object path '%s': contains substring '//'
RAM:00144C44 0000003A C Invalid object path '%s': contains invalid character '%c'
RAM:00144C80 0000003C C Invalid object path '%s': ends with '/' and is not just '/'
RAM:00144CBC 00000032 C Invalid interface or error name: may not be empty
RAM:00144CF0 00000042 C Invalid interface or error name '%s': too long (> 255 characters)
RAM:00144D34 0000003E C Invalid interface or error name '%s': contains substring '..'
RAM:00144D74 0000003E C Invalid interface or error name '%s': must not start with '.'
RAM:00144DB4 00000041 C Invalid interface or error name '%s': a digit may not follow '.'
RAM:00144DF8 00000042 C Invalid interface or error name '%s': must not start with a digit
RAM:00144E3C 00000046 C Invalid interface or error name '%s': contains invalid character '%c'
RAM:00144E84 0000003C C Invalid interface or error name '%s': must not end with '.'
RAM:00144EC0 00000037 C Invalid interface or error name '%s': must contain '.'
RAM:00144EF8 00000026 C Invalid member name: may not be empty
RAM:00144F20 00000036 C Invalid member name '%s': too long (> 255 characters)
RAM:00144F58 00000036 C Invalid member name '%s': must not start with a digit
RAM:00144F90 0000003A C Invalid member name '%s': contains invalid character '%c'
RAM:00144FCC 00000023 C Invalid bus name: may not be empty
RAM:00144FF0 00000010 C Invalid well-kno
normally it look like this
d
Code:
$(,048<@DHLSDGFJSD€#&%/€/"B€%YPTX\\`dhlptx
this would help those, that hunt for keys
now lets dump some stuff