Originally Posted by IngPereira
Don't think so, because we have the 3.70 SDK and we can resign a prx with FSELF and swapping work's on 4.11 because we can use sc 837,838 to remount the vflash with the custom sprx trigger(xmb_ingame.sprx)...
Remember we don't try to modify an existing sprx but we make our new one with the SDK and when we call it there will be a blackscreen but should trigger the Core dump.
|
First of all... If that is possible, I bet every dev i know would love you. *bing* xmb maybe lv2 code execution on 4.20. We are done belive me
perfect.
Since we are not done this is not possible. Maybe 1-2 things I tell you might not fit 100% but I list enough. 1 Fail is enough to make this not work.
1. Fail: Your function sizes have to match the function sizes of the FW 4.20. Since we don't have a decrypted FW 4.20 we don't know them. Calls will fail. The XMB will most likely fail, but not the game => No Coredump because this is not a game exception
.
2. Fail: VFlash is not used by GameOS it's Linux. If it's used by GameOS iirc it is an hdd region. On HDD files are encrypted so the decryption/signing will fail on FW 4.20 because system files are not downward compatible.
3. Fail: VFlash access is a patch in MFW so you can't access it iirc.
4. Fail: To go around Encryption/Decryption Signing fails and stuff you need to access the RAM directly which is not possible since OFW doesn't have the nice Peek/Poke Map/Unmap whatever patches.