About releasing MoHH eloader source code

[Raphael]

devs ONLY WHAT THA FUCK.....i guesse u arnt the answer to 5.5X ofw >.>

I'm the answer to nothing. I only do as I please. Don't like it? Make the eloader yourself, whining boy.

See? :)

This wasn't reply to willow :D

lol, now I'm confused :) Thx4clarification

[willow :--)]

Haha, yeah, I believe m0skit0 was replying to "mohh eloader" as well :D

[Blade]

i enjoy programing but im not a dev, and i really would like to become one so i know how to make some use of the open source... does any1 have any program suggestions or anything to get me started? :)

[Coldbird]

One way or another... why would Sony bother changing this when its already fixed anyway?

I mean the exploit has been closed, and I guess Sony wouldn't waste money for "fixing" something that already IS fixed.

Besides I'd love to check out the source, not really because I can make use of it (as I don't have a exploit at hand that I could programm a eloader for...), but I'd be interested just how you coded this loader of yours...

I'm interested in the manual loading of elf files aswell as the manual resolving of imports, etc.

[Oby1Chick]

So do you mean you can find which function calls a syscall just with its value, and find the syscall value needed for a function ? That would be amazing.

[Coldbird]

Well, considered that you can just reverse the sceKernelQuerySystemCall function to figure out how its done... its not surprising a fella figured it out sooner or later...

But as I said I'm more interested with the overall manual loading of a application and fixing the imports.

One way or another, released as source or not that guy did nice work so far.
I'm looking forward to a source release, if it ever happens, partial or full.

[Blade]

partial or full? well, he's already released an alpha version... its has the open source code devs in the src folder[/code]

[Blade]

m0skit0 hasnt been here... i hope he didnt die like Dark Alex lol... but seriously, he could be our only hope for 5.50, unless some1 else decides to step up... i would help, but im still new at the psp scene :(

[m0skit0]

Yes, the source is released (not all of it, but 90% and fully buildable) here: http://advancedpsp.tk/foro_es/viewtopic.php?f=21&t=141

If you have any questions about the inner workings, I would answer them gladly, just read this before to get the basics: http://advancedpsp.tk/foro_es/viewtopic.php?f=22&t=36

I'm back to working on it, so maybe a new release will be available soon if I manage to overcome some annoying bugs.

[Blade]

cool, im gonna read that, and take a look-see at the open src, and take some time to mess with it...

[sauron_le_noir]

Heu the site has some trouble

General Error
SQL ERROR [ mysql4 ]

MySQL server has gone away [2006]

An sql error occurred while fetching this page. Please contact an administrator if this problem persists.

[Blade]

so if this open src is fully compiled and basicly perfected. will it be available 2 the public? or will it still be restricted 4 devs to compile themselves?.... yeah, this site is having trouble.

[m0skit0]

Yeah, it's free hosting xD Just try later.

If the eloader works well enough, there will be a binary release, yes.

[adrahil]

Yes, the source is released (not all of it, but 90% and fully buildable) here: http://advancedpsp.tk/foro_es/viewtopic.php?f=21&t=141

If you have any questions about the inner workings, I would answer them gladly, just read this before to get the basics: http://advancedpsp.tk/foro_es/viewtopic.php?f=22&t=36

I'm back to working on it, so maybe a new release will be available soon if I manage to overcome some annoying bugs.

Wow... An object file with the syscall code...... It's like shouting "here's the ubersecretcode which i dont want sony to see". The code is so simple, it would take 3 min to RE. Is it really worth making fuss over such a piece of code?

[willow :--)]

It slightly reduces the number of people who can understand it, which is the main goal here I think.

[adrahil]

It slightly reduces the number of people who can understand it, which is the main goal here I think.

The lambda-user will not be interested by the source code of the eloader in the first place anyway, and, TBH, the people who can fix the syscall code in SCE will most probably be able to understand 15 lines of code, be it C or MIPS... :)

[willow :--)]

True. but reading MIPS takes more time than reading C. And time is money for companies.
In the PSP section of sony, for 10 people than can read C, maybe they have 5 that can read mips. In these five guys, maybe only 1 has the spare time to disassemble the code of a tool that never got publicly used. And maybe that guy is on holiday.
Who knows...

Obfuscated code is not secure, it's just longer to crack. But sometimes "longer" is good enough when it means "cannot be done because of time constraints of the team"

[adrahil]

Uhm... the code isn't really obfuscated, and it takes literally less than 3 minutes to disassemble. As said before, it was probably not cost-effective to disassemble whole CFWs, as they contain thousands of lines of code, but in this case it's only a dozen.

*EDIT: Just checked... In the latest M-33 source shapshot there are 481966 lines of code :) Quite a few of them aren't used, but even 100000 lines give enough work for a reverse engineer for half a year. (Plus, the guy would kill himself after a few months)

[WosRet]

... and it takes literally less than 3 minutes to disassemble.

yeah... disassembling is done in 10 seconds...

[Davee]

... and it takes literally less than 3 minutes to disassemble.

yeah... disassembling is done in 10 seconds...

naiice wan. Took me 11 seconds myself though.

[sauron_le_noir]

thx a lot m0skit0 to release the 90% of the code. The 10 % left may be seen as a challenge
and we realy miss some excelent documentation like the module description tutorial make
by Anissian.

[Blade]

i know this is probably off topic but, is it possible to hard mod the actual motherboard of the psp 300X to somehow disable the pre-ipl thing... or just totally wipe out the psp "OS" and reinstall a earlier FW???

[adrahil]

i know this is probably off topic but, is it possible to hard mod the actual motherboard of the psp 300X to somehow disable the pre-ipl thing... or just totally wipe out the psp "OS" and reinstall a earlier FW???

no

[Blade]

darn.....

[m0skit0]

About the releasing or not the syscall code, we had long discussions and finally decided to make it this way.

@sauron_le_noir: http://advancedpsp.tk/foro_es/viewtopic.php?f=22&t=36

[Blade]

.....ohhhhhh, now i think i get it.... so You have to define the pre-ipl equasion (algorithm) within the processor in order to breach sony's "os" security to be able to load any type of cfw or even touch the flash memory?... hence the name "user mode exploit" for the mohh exploit? (because it cant do that)

[m0skit0]

Blade, you're totally off-topic here... Why don't you open your thread and discuss Pre-IPL stuff? It has nothing to do with MoHH exploit, eloader or kernel/user mode.

[Blade]

srry, lol... but, sure...

[Blade]

srry, lol... but, sure...