4.84 CFW / Homebrew / Plugins / Tools

kozarovv · Mar 13, 2019

In builds that you guys posted (mamba binaries for 4.84d), there are missing offsets for CEX VSH. No idea how mamba determine is DEX or CEX vsh, but cex offsets should be also there afaik.

This can cause somehow that mamba won't recognize DEX VSH, and not apply patches.

Nevermind, i though that mabma binary is like cobra stage2.bin, and you can find hashes, and offsets in hex editor. Looks like i was wrong, or something is seriously wrong as i can't find even hashes in plain hex.

Edit: And not talking about compressed lz, but raw bin file.

littlebalup · Mar 13, 2019

Joonie said:
yeah hashes didn't change neither offsets.. wonder why it fails to patch. I can't test this on my CECHE01 and CECHA01 atm.. I need a slim to test that.. since that patch to mount ps2 disc is designed to work for non-BC.. (explore_plugin, explore_category_game and vsh.self) @littlebalup can you upload your src somewhere? Github preferred

yep : https://github.com/littlebalup/ManaGunZ/commit/e9d4cc6bc7eef3a8a91d86b7484886c9f9d0ea5b

I'll downgrade to 4.82 to see if it works

littlebalup · Mar 13, 2019

Zar said:
In my opinion the "unsupported media" error message appears when one of the plugin isn't patched to bypass the check : "is this system able to laucnh PS2 disk ?"
There isn't lot of ps2 patch anyway, perhaps one of them isn't correct but I checked them and it look like they are good... maybe in DEX there is another check...

The truth is I never tested PS2 games in DEX; There is a strong pssibility this issue existed already in previous firmwares...

@Joonie

I got the same issue with 4.82.2 D-REX...

aldostools · Mar 13, 2019

littlebalup said:
I got the same issue with 4.82.2 D-REX...

Have you tried to *copy* the payload of mamba 3.0 for 481D or 482D as 484D (instead of compile it)?

littlebalup · Mar 13, 2019

aldostools said:
Have you tried to *copy* the payload of mamba 3.0 for 481D or 482D as 484D (instead of compile it)?

I tried that right now:
- got mamba_482D.bin from irisman v4.84 pkg
- zlib compressed to mamba_482D.lz.bin and mamba_484D.lz.bin
- used them in MGZ and clean recomplile

Same issue in 4.82.2 D-REX... not tested yet in 4.84

Joonie · Mar 13, 2019

littlebalup said:
I tried that right now:
- got mamba_482D.bin from irisman v4.84 pkg
- zlib compressed to mamba_482D.lz.bin and mamba_484D.lz.bin
- used them in MGZ and clean recomplile

Same issue in 4.82.2 D-REX... not tested yet in 4.84

Found the issue. I think the vsh offset is in 0x910000 not 0x510000

https://mega.nz/#!vYwznK6B!CCh_SJp1iBueOGzQkgwsvb7hlJ564LdZQIIr2Ocj2-A

^ please try this self (replace the ManaGunZ.self) to see if works. I compiled the debug payload for it which seems to be working fine (tested on 4.84 DEX)

littlebalup · Mar 13, 2019

Joonie said:
Found the issue. I think the vsh offset is in 0x910000 not 0x510000

View attachment 15321

View attachment 15322

https://mega.nz/#!vYwznK6B!CCh_SJp1iBueOGzQkgwsvb7hlJ564LdZQIIr2Ocj2-A

^ please try this self (replace the ManaGunZ.self) to see if works. I compiled the debug payload for it which seems to be working fine (tested on 4.84 DEX)

In my 4.84 DEX lv1 dump, vsh is in 0x910000...
And it's 0x510000 in my 4.84 CEX lv1 dump.
Anyway 4.82 payload doesn't work (0x510000) for 4.84. So... idk

Zar · Mar 13, 2019

@littlebalup

Maybe you swapped the LV1_CEX_DUMP and LV1_DEX_DUMP, in offsetfinder directories ?

here : https://www.dropbox.com/sh/usvnmhzyaopn7r3/AADnG_Yz9s9EvCh7fiGHxT4Pa/symbols.h?dl=0
the vsh_in_ram for 484D is 0x510000 and for 484C it's 0x910000

Joonie · Mar 13, 2019

littlebalup said:
In my 4.84 DEX lv1 dump, vsh is in 0x910000...
And it's 0x510000 in my 4.84 CEX lv1 dump.
Anyway 4.82 payload doesn't work (0x510000) for 4.84. So... idk

But your source code had it flipped between CEX and DEX

484D
https://github.com/littlebalup/ManaGunZ/blob/master/payloads/MAMBA/lv2/include/lv2/symbols.h#L7939

484C
https://github.com/littlebalup/ManaGunZ/blob/master/payloads/MAMBA/lv2/include/lv2/symbols.h#L7713

And if they are swapped. why would it even work on CEX at the first place !?!?!!?!?

littlebalup · Mar 13, 2019

Joonie said:
But your source code had it flipped between CEX and DEX

484D
https://github.com/littlebalup/ManaGunZ/blob/master/payloads/MAMBA/lv2/include/lv2/symbols.h#L7939

484C
https://github.com/littlebalup/ManaGunZ/blob/master/payloads/MAMBA/lv2/include/lv2/symbols.h#L7713

And if they are swapped. why would it even work on CEX at the first place !?!?!!?!?

yes, sorry my mistake (it's a bit late now here...). I wanted to say vsh is in 0x510000 in my DEX dump and 0x910000 in my CEX dump.
here my LV1 dumps : https://www.dropbox.com/s/uw96w9wf823qmzo/LV1.zip?dl=1

Note that I don't have issues with PSP. Only PS2.

I'm re-installing 4.84 D-REX and i'll test your self

Joonie · Mar 13, 2019

littlebalup said:
yes, sorry my mistake (it's a bit late now here...). I wanted to say vsh is in 0x510000 in my DEX dump and 0x910000 in my CEX dump.
here my LV1 dumps : https://www.dropbox.com/s/uw96w9wf823qmzo/LV1.zip?dl=1

Note that I don't have issues with PSP. Only PS2.

I'm re-installing 4.84 D-REX and i'll test your self

Please provide us the debug output via socat when mounting ps2 , if it works it should say something about VSH and explore plugins being patched when mounting. and it's weird, your offset is different than mine. mind you I dumped my lv1 while cobra's disabled.

littlebalup · Mar 13, 2019

Joonie said:
https://mega.nz/#!vYwznK6B!CCh_SJp1iBueOGzQkgwsvb7hlJ564LdZQIIr2Ocj2-A

^ please try this self (replace the ManaGunZ.self) to see if works. I compiled the debug payload for it which seems to be working fine (tested on 4.84 DEX)

it works!!!
so... what was my error?

Joonie · Mar 13, 2019

littlebalup said:
it works!!!
so... what was my error?

I only changed vsh offset lol.. I think I should dump lv1 from CEX to just to confirm. but I have a feeling that it's just opposite to yours.

littlebalup · Mar 13, 2019

Joonie said:
I only changed vsh offset lol.. I think I should dump lv1 from CEX to just to confirm. but I have a feeling that it's just opposite to yours.

sorry sorry, sorry... cobra was enable (I missed to re-disabled it right after I re-installed 4.84 D-REX...)
so, no it doesn't work.

I'm not expert at all in debugging stuff and socat use. Could you give me some links?
I'll go to sleep now as I'm only doing sh.... and i'll see that tomorrow.

Joonie · Mar 13, 2019

littlebalup said:
sorry sorry, sorry... cobra was enable (I missed to re-disabled it right after I re-installed 4.84 D-REX...)
so, no it doesn't work.

I'm not expert at all in debugging stuff and socat use. Could you give me some links?
I'll go to sleep now as I'm only doing sh.... and i'll see that tomorrow.

you just have to install socat on either cygwin or mingw. then type "socat -u udp-recv:18194 stdout " on CLI..

https://www.psx-place.com/threads/s...s-improved-performance-stability.13078/page-3 <- Ben explained it well here.

Joonie · Mar 13, 2019

FYI it's 0x910000 on both CEX 4.84 and DEX 4.84. @Zar @littlebalup @aldostools

confirmed on CECH-E01

littlebalup · Mar 13, 2019

Joonie said:
I only changed vsh offset lol.. I think I should dump lv1 from CEX to just to confirm. but I have a feeling that it's just opposite to yours.

I re-made a LV1 dump with cobra disabled and that time the vsh is at 0x910000.
I re-made a LV1 dump with cobra enabled (to confirm) and the vsh is at 0x510000

So my initial dump was with cobra enabled.

The debug output using your self:

Code:

MAMBA says hello (load base = 0x8000000000640000, end = 0x8000000000659cc0) (ver
sion = 0104840F)
We are in CFW Rebug REX, VSH is DEX
Vsh.self found with brute-force at address 0x510000
Offset ps2tonet_size_patch found with static offset at address: 0x5da374
Offset ps2tonet_patch found with static offset at address: 0x5da380
First poke: 0x38a00040
Second poke: 0x60638204
SUCCESS: all patches DONE!
/dev_hdd0/PS2ISO/Ast▒rix & Ob▒lix XXL 2.ISO, filesize: 6d930000
Storage event: 7  0  101000000000006
Storage event: 3  0  101000000000006
Disc Insert
real disc type = 0
effective disc type = ff61, fake disc type = ff61
Storage event: 4  0  101000000000006
Disc removed.
Storage event: 8  0  101000000000006
Disc auth: 5007 d00e8bf0 (process: 01000300_main_vsh.self)
Read 8000 800
Changed to part file 0
/dev_hdd0/PS2ISO/Ast▒rix & Ob▒lix XXL 2.ISO, filesize: 6d930000
Storage event: 7  0  101000000000006
Storage event: 3  0  101000000000006
Disc Insert
real disc type = 0
effective disc type = ff61, fake disc type = ff61
Disc auth: 5007 d00f2bf0 (process: 01000300_main_vsh.self)
caller_process = 01000300
hash = 77d4a196000019ca
caller_process = 01000300
hash = eb3c000000f5
caller_process = 01000300
hash = b0cb000003c0
Map 8e0000 10000 _main_vsh.self 2008004
Map 8f0000 10000 _main_vsh.self 2004000
Faked size to db260
Read 8000 800
Changed to part file 0
Read 8800 800
Read 81800 800
cellFsUtilMount: /dev_bdvd
Read 82800 800
Read 82800 800
Read 82800 800
caller_process = 01000300
hash = c073ea8b000022fe
caller_process = 01000300
hash = 592800000274
caller_process = 01000300
hash = 11000000a3e
Map 8e0000 10000 _main_vsh.self 2008004
Map 8f0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = c073ea8b000022fe
caller_process = 01000300
hash = 592800000274
caller_process = 01000300
hash = 11000000a3e
Map 8e0000 10000 _main_vsh.self 2008004
Map 8f0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 6794c2b10000438d
caller_process = 01000300
hash = 2dd100000391
caller_process = 01000300
hash = a9e00001756
Map 8e0000 10000 _main_vsh.self 2008004
Map 8f0000 10000 _main_vsh.self 2004000
Disc auth: 5004 29 (process: 01000300_main_vsh.self)
caller_process = 01000300
hash = 2048e4d900018a85
caller_process = 01000300
hash = 3173800000012a1
caller_process = 01000300
hash = 1d60600001a8e
Map 860000 30000 _main_vsh.self 2008004
Map 890000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = a0908f1900006fe9
caller_process = 01000300
hash = 2eec000001e0
caller_process = 01000300
hash = 46c600000903
Map 8a0000 10000 _main_vsh.self 2008004
Map 8b0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 9a07e2ad0001588f
caller_process = 01000300
hash = 22a3c000000b6
caller_process = 01000300
hash = 1d47000002ab
Map 8c0000 40000 _main_vsh.self 2008004
Map 900000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = d3046ab800017b85
caller_process = 01000300
hash = 786000001cc4
caller_process = 01000300
hash = 98a00006561
Map 910000 50000 _main_vsh.self 2008004
Map 960000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 4eb79bb70002d15e
caller_process = 01000300
hash = 9f963ab000000faf
caller_process = 01000300
hash = a7600006952
Map 970000 70000 _main_vsh.self 2008004
Map 9e0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 4b77f6ce000061a3
caller_process = 01000300
hash = a0fc000002a1
caller_process = 01000300
hash = 60e00001aad
Map 9f0000 10000 _main_vsh.self 2008004
Map a00000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = b5988dba00020157
caller_process = 01000300
hash = 7700000012d2
caller_process = 01000300
hash = 247e0000dc74
Map a10000 50000 _main_vsh.self 2008004
Map a60000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 4059aeb6000056ab
caller_process = 01000300
hash = 715c2c46000007cc
caller_process = 01000300
hash = 1ca8100001b7f
Map a70000 20000 _main_vsh.self 2008004
Map a90000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 8b8ca3640000d900
caller_process = 01000300
hash = 1c72c00000b04
caller_process = 01000300
hash = 13c2000046c3
Map aa0000 30000 _main_vsh.self 2008004
Map ad0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 9098af370003e3b3
caller_process = 01000300
hash = ee88000017bc
caller_process = 01000300
hash = 3a8c0000cd59
Map b70000 a0000 _main_vsh.self 2008004
Map ae0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 20526d700002f170
caller_process = 01000300
hash = 5627000000625
caller_process = 01000300
hash = 1bb4600000fde
Map af0000 50000 _main_vsh.self 2008004
Map b40000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 67d32e9400016cdf
caller_process = 01000300
hash = 4bc16400000684
caller_process = 01000300
hash = 172de0000160d
Map c10000 30000 _main_vsh.self 2008004
Map b50000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 8aeb0c5e0000132b
caller_process = 01000300
hash = 45c800000094
caller_process = 01000300
hash = a46c00000239
Map b60000 10000 _main_vsh.self 2008004
Map c40000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 8e8eb940000079cb
caller_process = 01000300
hash = 17c1400000149
caller_process = 01000300
hash = 3caf0000046a
Map c50000 10000 _main_vsh.self 2008004
Map c60000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 6381c64c0000216f
caller_process = 01000300
hash = 751800000115
caller_process = 01000300
hash = b9eb000003c1
Map c70000 10000 _main_vsh.self 2008004
Map c80000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 99934ea300016e4f
caller_process = 01000300
hash = 372400000243
caller_process = 01000300
hash = 51c2000007b6
Map c90000 30000 _main_vsh.self 2008004
Map cc0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 215c0c8c000060ed
caller_process = 01000300
hash = e7fc000001e0
caller_process = 01000300
hash = 392600000634
Map cd0000 10000 _main_vsh.self 2008004
Map ce0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 7630748000f6743
caller_process = 01000300
hash = 330307b4000006e7
caller_process = 01000300
hash = caaa00000dc9
Map cf0000 1b0000 _main_vsh.self 2008004
Map ea0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 3f5ca3a8000020d6
caller_process = 01000300
hash = 512c000000f0
caller_process = 01000300
hash = ba370000036a
Map eb0000 10000 _main_vsh.self 2008004
Map ec0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 4229ba3800020def
caller_process = 01000300
hash = f98c0000013a
caller_process = 01000300
hash = 4fc500000493
Map ed0000 40000 _main_vsh.self 2008004
Map f10000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = efdde0ac0000cea2
caller_process = 01000300
hash = fe1d64000003e4
caller_process = 01000300
hash = 87ff00000a18
Map f20000 20000 _main_vsh.self 2008004
Map f40000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = b887276f00029586
caller_process = 01000300
hash = 57b21000004cd
caller_process = 01000300
hash = 21a400002336
Map f70000 60000 _main_vsh.self 2008004
Map f50000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 20656ba5000843d7
caller_process = 01000300
hash = bb000006bca
caller_process = 01000300
hash = 4180000d1e3
Map fd0000 140000 _main_vsh.self 2008004
Map 1110000 50000 _main_vsh.self 2004000
caller_process = 01000300
hash = 7bf9ed8c000634ca
Map 10000 f0000 _main_vsh.self 2008004
caller_process = 01000300
hash = fff101680000266c
Map 100000 10000 _main_vsh.self 2004000
PROCESS /dev_flash/vsh/module/mcore.self (01030200) loaded
caller_process = 01000300
hash = 385ccbf800008e7e
caller_process = 01000300
hash = e2450000059a
caller_process = 01000300
hash = 8024000012ee
Map 110000 20000 _main_vsh.self 2008004
Map 130000 10000 _main_vsh.self 2004000
caller_process = 01030200
hash = 29de39b500003265
caller_process = 01030200
hash = a699ef600000632
caller_process = 01030200
hash = 671d00000dce
Map 140000 10000 _main_mcore.self 2008004
Map 150000 10000 _main_mcore.self 2004000
caller_process = 01000300
hash = 8df3688a000044d8
caller_process = 01000300
hash = 1ec6000000234
caller_process = 01000300
hash = 75000000918
Map f60000 10000 _main_vsh.self 2008004
Map 1160000 20000 _main_vsh.self 2004000
caller_process = 01000300
hash = 6b9d09920000a797
caller_process = 01000300
hash = 900e00000460
caller_process = 01000300
hash = 93a00002184
Map 1180000 20000 _main_vsh.self 2008004
Map 11a0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 8c0a94500004560f
caller_process = 01000300
hash = ec7800002f62
caller_process = 01000300
hash = 29ae0000e483
Map 11b0000 b0000 _main_vsh.self 2008004
Map 1260000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = c6dd5a7400003ac0
caller_process = 01000300
hash = 8010000004c5
caller_process = 01000300
hash = 2b5200001914
Map 1270000 10000 _main_vsh.self 2008004
Map 1280000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = f3642e130000849c
caller_process = 01000300
hash = 32e000000589
caller_process = 01000300
hash = 7fc00002bad
Map 1290000 20000 _main_vsh.self 2008004
Map 12b0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 2aeb1c40000d3a1
caller_process = 01000300
hash = 14a8700000459
caller_process = 01000300
hash = 209e00001cab
Map 12c0000 20000 _main_vsh.self 2008004
Map 12e0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 1b26fe500000cfa7
caller_process = 01000300
hash = 3f123000009a7
caller_process = 01000300
hash = 4e5600002a54
Map 12f0000 20000 _main_vsh.self 2008004
Map 1310000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 62da4d9e00030738
caller_process = 01000300
hash = 2138000024b0
caller_process = 01000300
hash = 791e0000957e
Map 1370000 80000 _main_vsh.self 2008004
Map 1320000 30000 _main_vsh.self 2004000
caller_process = 01000300
hash = 3e8ef093000160b1
caller_process = 01000300
hash = 18fb93e000000e20
caller_process = 01000300
hash = 27c600004212
Map 13f0000 40000 _main_vsh.self 2008004
Map 1350000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 9d05eda700009033
caller_process = 01000300
hash = 19ba2000009c1
caller_process = 01000300
hash = 12ce00002863
Map 1430000 20000 _main_vsh.self 2008004
Map 1360000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = a3fdfafb00005f81
caller_process = 01000300
hash = a1530000040b
caller_process = 01000300
hash = 6a6000013b2
Map 1450000 10000 _main_vsh.self 2008004
Map 1460000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = a252fda00000625a
caller_process = 01000300
hash = 2346f1860000011a
caller_process = 01000300
hash = 173e00000e0e
Map 1470000 10000 _main_vsh.self 2008004
Map 1480000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 8273ae030000252a
caller_process = 01000300
hash = b01f000001c4
caller_process = 01000300
hash = 136c0000082e
Map 1490000 10000 _main_vsh.self 2008004
Map 14a0000 10000 _main_vsh.self 2004000
Read 82800 800
Read 82800 800
Read 82800 800
Read 82800 800
Read 82800 800
Read 82800 800
Read 82800 800
Read 82800 800
Read 82800 800
Read 27c800 800
Read 82800 800
Read 82800 800
Read 82800 800
Read 82800 800
Read 82800 800
Read 82800 800
caller_process = 01000300
hash = 2a432b6800001d9b
caller_process = 01000300
hash = 13a1d000001ca
caller_process = 01000300
hash = 24400000b16
Map 14b0000 10000 _main_vsh.self 2008004
Map 14c0000 50000 _main_vsh.self 2004000
caller_process = 01000300
hash = a2f115c50000a541
caller_process = 01000300
hash = 1fb2400000ac9
caller_process = 01000300
hash = 34fa000030b7
Map 1510000 20000 _main_vsh.self 2008004
Map 1530000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 32d123bb00007684
caller_process = 01000300
hash = 1ef840000010f
caller_process = 01000300
hash = 564600000400
Map 1540000 20000 _main_vsh.self 2008004
Map 1560000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 889e6035000320bc
caller_process = 01000300
hash = 366e3ed500001ad6
caller_process = 01000300
hash = 46dd200003234
Map 1570000 80000 _main_vsh.self 2008004
Map 15f0000 10000 _main_vsh.self 2004000
We are originally in region 82
caller_process = 01000300
hash = e274af7b0001e5d3
caller_process = 01000300
hash = 49c000001db7
caller_process = 01000300
hash = 57fa0000d046
Map 1600000 50000 _main_vsh.self 2008004
Map 1650000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 4f72f785000005e6
caller_process = 01000300
hash = 8e0400000078
caller_process = 01000300
hash = 980000027a
Map 1660000 10000 _main_vsh.self 2008004
Map 1670000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = acf4af2b000ecc91
caller_process = 01000300
hash = d0680001844c
caller_process = 01000300
hash = 7ce600087615
Map 1770000 280000 _main_vsh.self 2008004
Map 1680000 70000 _main_vsh.self 2004000
caller_process = 01000300
hash = f823bf4e00003194
caller_process = 01000300
hash = ffff628d00000300
caller_process = 01000300
hash = 7f6e00001063
Map 16f0000 10000 _main_vsh.self 2008004
Map 1700000 10000 _main_vsh.self 2004000
Read 82800 800
Read 82800 800

Joonie · Mar 13, 2019

littlebalup said:
I re-made a LV1 dump with cobra disabled and that time the vsh is at 0x910000.
I re-made a LV1 dump with cobra enabled (to confirm) and the vsh is at 0x510000

So my initial dump was with cobra enabled.

The debug output using your self:

lol.. I thought you were going to bed. there's something wrong in there. because your output is showing

Code:

We are in CFW Rebug REX, VSH is DEX
Vsh.self found with brute-force at address 0x510000
Offset ps2tonet_size_patch found with static offset at address: 0x5da374
Offset ps2tonet_patch found with static offset at address: 0x5da380

So yeah, please try fixing offsets to 0x910000 and compile it yourself tomorrow. I must have uploaded a wrong one.

also I don't see any sign of explore_plugin, game_ext_plugin and explore_category_game patched.. maybe the real issue is here not VSH..

Side note. PSX's vmode patch gets applied but the code doesn't seem working.. it doesn't switch refresh rate to 50hz when playing PAL game on my unit (NTSC) it works fine on COBRA though.

littlebalup · Mar 13, 2019

I corrected the vsh address and recompiled the payload (debug)
output:

Code:

MAMBA says hello (load base = 0x8000000000640000, end = 0x8000000000659cc0) (version = 0104840F)
We are in CFW Rebug REX, VSH is DEX
Vsh.self found with static offset at address 0x910000
Offset ps2tonet_size_patch found with static offset at address: 0x9da374
Offset ps2tonet_patch found with static offset at address: 0x9da380
First poke: 0x38a00040
Second poke: 0x60638204
SUCCESS: all patches DONE!
/dev_hdd0/PS2ISO/Ast▒rix & Ob▒lix XXL 2.ISO, filesize: 6d930000
Storage event: 7  0  101000000000006
Storage event: 3  0  101000000000006
Disc Insert
real disc type = 0
effective disc type = ff61, fake disc type = ff61
Storage event: 4  0  101000000000006
Disc removed.
Storage event: 8  0  101000000000006
Disc auth: 5007 d00e9bf0 (process: 01000300_main_vsh.self)
Read 8000 800
Changed to part file 0
/dev_hdd0/PS2ISO/Ast▒rix & Ob▒lix XXL 2.ISO, filesize: 6d930000
Storage event: 7  0  101000000000006
Storage event: 3  0  101000000000006
Disc Insert
real disc type = 0
effective disc type = ff61, fake disc type = ff61
Disc auth: 5007 d00f3bf0 (process: 01000300_main_vsh.self)
caller_process = 01000300
hash = 77d4a196000019ca
caller_process = 01000300
hash = eb3c000000f5
caller_process = 01000300
hash = b0cb000003c0
Map 8e0000 10000 _main_vsh.self 2008004
Map 8f0000 10000 _main_vsh.self 2004000
Faked size to db260
Read 8000 800
Changed to part file 0
Read 8800 800
Read 81800 800
cellFsUtilMount: /dev_bdvd
Read 82800 800
Read 82800 800
Read 82800 800
caller_process = 01000300
hash = c073ea8b000022fe
caller_process = 01000300
hash = 592800000274
caller_process = 01000300
hash = 11000000a3e
Map 8e0000 10000 _main_vsh.self 2008004
Map 8f0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = c073ea8b000022fe
caller_process = 01000300
hash = 592800000274
caller_process = 01000300
hash = 11000000a3e
Map 8e0000 10000 _main_vsh.self 2008004
Map 8f0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 6794c2b10000438d
caller_process = 01000300
hash = 2dd100000391
caller_process = 01000300
hash = a9e00001756
Map 8e0000 10000 _main_vsh.self 2008004
Map 8f0000 10000 _main_vsh.self 2004000
Disc auth: 5004 29 (process: 01000300_main_vsh.self)
caller_process = 01000300
hash = 2048e4d900018a85
caller_process = 01000300
hash = 3173800000012a1
caller_process = 01000300
hash = 1d60600001a8e
Map 860000 30000 _main_vsh.self 2008004
Map 890000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = a0908f1900006fe9
caller_process = 01000300
hash = 2eec000001e0
caller_process = 01000300
hash = 46c600000903
Map 8a0000 10000 _main_vsh.self 2008004
Map 8b0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 9a07e2ad0001588f
caller_process = 01000300
hash = 22a3c000000b6
caller_process = 01000300
hash = 1d47000002ab
Map 8c0000 40000 _main_vsh.self 2008004
Map 900000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = d3046ab800017b85
caller_process = 01000300
hash = 786000001cc4
caller_process = 01000300
hash = 98a00006561
Map 910000 50000 _main_vsh.self 2008004
Map 960000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 4eb79bb70002d15e
caller_process = 01000300
hash = 9f963ab000000faf
caller_process = 01000300
hash = a7600006952
Map 970000 70000 _main_vsh.self 2008004
Map 9e0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 4b77f6ce000061a3
caller_process = 01000300
hash = a0fc000002a1
caller_process = 01000300
hash = 60e00001aad
Map 9f0000 10000 _main_vsh.self 2008004
Map a00000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = b5988dba00020157
caller_process = 01000300
hash = 7700000012d2
caller_process = 01000300
hash = 247e0000dc74
Map a10000 50000 _main_vsh.self 2008004
Map a60000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 4059aeb6000056ab
caller_process = 01000300
hash = 715c2c46000007cc
caller_process = 01000300
hash = 1ca8100001b7f
Map a70000 20000 _main_vsh.self 2008004
Map a90000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 8b8ca3640000d900
caller_process = 01000300
hash = 1c72c00000b04
caller_process = 01000300
hash = 13c2000046c3
Map aa0000 30000 _main_vsh.self 2008004
Map ad0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 9098af370003e3b3
caller_process = 01000300
hash = ee88000017bc
caller_process = 01000300
hash = 3a8c0000cd59
Map b70000 a0000 _main_vsh.self 2008004
Map ae0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 20526d700002f170
caller_process = 01000300
hash = 5627000000625
caller_process = 01000300
hash = 1bb4600000fde
Map af0000 50000 _main_vsh.self 2008004
Map b40000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 67d32e9400016cdf
caller_process = 01000300
hash = 4bc16400000684
caller_process = 01000300
hash = 172de0000160d
Map c10000 30000 _main_vsh.self 2008004
Map b50000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 8aeb0c5e0000132b
caller_process = 01000300
hash = 45c800000094
caller_process = 01000300
hash = a46c00000239
Map b60000 10000 _main_vsh.self 2008004
Map c40000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 8e8eb940000079cb
caller_process = 01000300
hash = 17c1400000149
caller_process = 01000300
hash = 3caf0000046a
Map c50000 10000 _main_vsh.self 2008004
Map c60000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 6381c64c0000216f
caller_process = 01000300
hash = 751800000115
caller_process = 01000300
hash = b9eb000003c1
Map c70000 10000 _main_vsh.self 2008004
Map c80000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 99934ea300016e4f
caller_process = 01000300
hash = 372400000243
caller_process = 01000300
hash = 51c2000007b6
Map c90000 30000 _main_vsh.self 2008004
Map cc0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 215c0c8c000060ed
caller_process = 01000300
hash = e7fc000001e0
caller_process = 01000300
hash = 392600000634
Map cd0000 10000 _main_vsh.self 2008004
Map ce0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 7630748000f6743
caller_process = 01000300
hash = 330307b4000006e7
caller_process = 01000300
hash = caaa00000dc9
Map cf0000 1b0000 _main_vsh.self 2008004
Map ea0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 3f5ca3a8000020d6
caller_process = 01000300
hash = 512c000000f0
caller_process = 01000300
hash = ba370000036a
Map eb0000 10000 _main_vsh.self 2008004
Map ec0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 4229ba3800020def
caller_process = 01000300
hash = f98c0000013a
caller_process = 01000300
hash = 4fc500000493
Map ed0000 40000 _main_vsh.self 2008004
Map f10000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = efdde0ac0000cea2
caller_process = 01000300
hash = fe1d64000003e4
caller_process = 01000300
hash = 87ff00000a18
Map f20000 20000 _main_vsh.self 2008004
Map f40000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = b887276f00029586
caller_process = 01000300
hash = 57b21000004cd
caller_process = 01000300
hash = 21a400002336
Map f70000 60000 _main_vsh.self 2008004
Map f50000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 20656ba5000843d7
caller_process = 01000300
hash = bb000006bca
caller_process = 01000300
hash = 4180000d1e3
Map fd0000 140000 _main_vsh.self 2008004
Map 1110000 50000 _main_vsh.self 2004000
caller_process = 01000300
hash = 7bf9ed8c000634ca
Map 10000 f0000 _main_vsh.self 2008004
caller_process = 01000300
hash = fff101680000266c
Map 100000 10000 _main_vsh.self 2004000
PROCESS /dev_flash/vsh/module/mcore.self (01030200) loaded
caller_process = 01000300
hash = 385ccbf800008e7e
caller_process = 01000300
hash = e2450000059a
caller_process = 01000300
hash = 8024000012ee
Map 110000 20000 _main_vsh.self 2008004
Map 130000 10000 _main_vsh.self 2004000
caller_process = 01030200
hash = 29de39b500003265
caller_process = 01030200
hash = a699ef600000632
caller_process = 01030200
hash = 671d00000dce
Map 140000 10000 _main_mcore.self 2008004
Map 150000 10000 _main_mcore.self 2004000
caller_process = 01000300
hash = 8df3688a000044d8
caller_process = 01000300
hash = 1ec6000000234
caller_process = 01000300
hash = 75000000918
Map f60000 10000 _main_vsh.self 2008004
Map 1160000 20000 _main_vsh.self 2004000
caller_process = 01000300
hash = 6b9d09920000a797
caller_process = 01000300
hash = 900e00000460
caller_process = 01000300
hash = 93a00002184
Map 1180000 20000 _main_vsh.self 2008004
Map 11a0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 8c0a94500004560f
caller_process = 01000300
hash = ec7800002f62
caller_process = 01000300
hash = 29ae0000e483
Map 11b0000 b0000 _main_vsh.self 2008004
Map 1260000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = c6dd5a7400003ac0
caller_process = 01000300
hash = 8010000004c5
caller_process = 01000300
hash = 2b5200001914
Map 1270000 10000 _main_vsh.self 2008004
Map 1280000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = f3642e130000849c
caller_process = 01000300
hash = 32e000000589
caller_process = 01000300
hash = 7fc00002bad
Map 1290000 20000 _main_vsh.self 2008004
Map 12b0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 2aeb1c40000d3a1
caller_process = 01000300
hash = 14a8700000459
caller_process = 01000300
hash = 209e00001cab
Map 12c0000 20000 _main_vsh.self 2008004
Map 12e0000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 1b26fe500000cfa7
caller_process = 01000300
hash = 3f123000009a7
caller_process = 01000300
hash = 4e5600002a54
Map 12f0000 20000 _main_vsh.self 2008004
Map 1310000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 62da4d9e00030738
caller_process = 01000300
hash = 2138000024b0
caller_process = 01000300
hash = 791e0000957e
Map 1370000 80000 _main_vsh.self 2008004
Map 1320000 30000 _main_vsh.self 2004000
caller_process = 01000300
hash = 3e8ef093000160b1
caller_process = 01000300
hash = 18fb93e000000e20
caller_process = 01000300
hash = 27c600004212
Map 13f0000 40000 _main_vsh.self 2008004
Map 1350000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 9d05eda700009033
caller_process = 01000300
hash = 19ba2000009c1
caller_process = 01000300
hash = 12ce00002863
Map 1430000 20000 _main_vsh.self 2008004
Map 1360000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = a3fdfafb00005f81
caller_process = 01000300
hash = a1530000040b
caller_process = 01000300
hash = 6a6000013b2
Map 1450000 10000 _main_vsh.self 2008004
Map 1460000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = a252fda00000625a
caller_process = 01000300
hash = 2346f1860000011a
caller_process = 01000300
hash = 173e00000e0e
Map 1470000 10000 _main_vsh.self 2008004
Map 1480000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 8273ae030000252a
caller_process = 01000300
hash = b01f000001c4
caller_process = 01000300
hash = 136c0000082e
Map 1490000 10000 _main_vsh.self 2008004
Map 14a0000 10000 _main_vsh.self 2004000
Read 82800 800
Read 82800 800
Read 82800 800
Read 82800 800
Read 82800 800
Read 82800 800
Read 82800 800
Read 82800 800
Read 82800 800
Read 27c800 800
Read 82800 800
Read 82800 800
Read 82800 800
Read 82800 800
Read 82800 800
Read 82800 800
caller_process = 01000300
hash = 2a432b6800001d9b
caller_process = 01000300
hash = 13a1d000001ca
caller_process = 01000300
hash = 24400000b16
Map 14b0000 10000 _main_vsh.self 2008004
Map 14c0000 50000 _main_vsh.self 2004000
caller_process = 01000300
hash = a2f115c50000a541
caller_process = 01000300
hash = 1fb2400000ac9
caller_process = 01000300
hash = 34fa000030b7
Map 1510000 20000 _main_vsh.self 2008004
Map 1530000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 32d123bb00007684
caller_process = 01000300
hash = 1ef840000010f
caller_process = 01000300
hash = 564600000400
Map 1540000 20000 _main_vsh.self 2008004
Map 1560000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 889e6035000320bc
caller_process = 01000300
hash = 366e3ed500001ad6
caller_process = 01000300
hash = 46dd200003234
Map 1570000 80000 _main_vsh.self 2008004
Map 15f0000 10000 _main_vsh.self 2004000
We are originally in region 82
caller_process = 01000300
hash = e274af7b0001e5d3
caller_process = 01000300
hash = 49c000001db7
caller_process = 01000300
hash = 57fa0000d046
Map 1600000 50000 _main_vsh.self 2008004
Map 1650000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = 4f72f785000005e6
caller_process = 01000300
hash = 8e0400000078
caller_process = 01000300
hash = 980000027a
Map 1660000 10000 _main_vsh.self 2008004
Map 1670000 10000 _main_vsh.self 2004000
caller_process = 01000300
hash = acf4af2b000ecc91
caller_process = 01000300
hash = d0680001844c
caller_process = 01000300
hash = 7ce600087615
Map 1770000 280000 _main_vsh.self 2008004
Map 1680000 70000 _main_vsh.self 2004000
caller_process = 01000300
hash = f823bf4e00003194
caller_process = 01000300
hash = ffff628d00000300
caller_process = 01000300
hash = 7f6e00001063
Map 16f0000 10000 _main_vsh.self 2008004
Map 1700000 10000 _main_vsh.self 2004000
Read 82800 800
Read 82800 800

But it still don't work... like in 4.82. So yes there are other mistake(s).
Now i really go to sleep.

Zar · Mar 13, 2019

probably one of

ps2_nonbw_offset
ps2_nonbw_offset2
ps2_nonbw_offset3

dex_ps2_nonbw_offset
dex_ps2_nonbw_offset2
dex_ps2_nonbw_offset3

4.84 CFW / Homebrew / Plugins / Tools

kozarovv

littlebalup

littlebalup

aldostools

developer MOD

littlebalup

Joonie

littlebalup

Zar

Joonie

littlebalup

Joonie

littlebalup

Joonie

littlebalup

Joonie

Joonie

littlebalup

Joonie

littlebalup

Zar

Similar threads