PS2 FORTUNA Homebrew Launcher by VTSTech (BOOT.ELF replacement) v0.46

Allows you to choose what Homebrew Application (ELF) you want to load when you run Fortuna Project

  1. 7,651
    5,866
    872
    kozarovv

    kozarovv Developer

    Joined:
    Nov 8, 2014
    Messages:
    7,651
    Likes Received:
    5,866
    Trophy Points:
    872
    Home Page:
    I'm surprised that feature isn't well known, all my custom compilations back in ~2008-2009 used that :)


    Fixed.
     
  2. 1,656
    1,316
    347
    jolek

    jolek Senior Member

    Joined:
    Dec 29, 2017
    Messages:
    1,656
    Likes Received:
    1,316
    Trophy Points:
    347
    Gender:
    Male
    I was thinking about the same thing...

    It just that, another folder will need to be created.
    You'll need an icon for this folder (APPS).
    It can be taken from FMCB Installer:
    [​IMG]

    Theatrically if someone has got FMCB, does he\she need Fortuna?

    On the other hand, it can help testers... even with FMCB.
    Most of MC have got only 8 MB, two the same files can in different folders can be pain in the *s*...

    Yuuup.
    Additional "LAUNCHELF.CNF" will need to be in this directory with all things set up.
     
  3. 12,385
    4,991
    497
    pinky

    pinky Retired Developer

    Joined:
    Mar 8, 2015
    Messages:
    12,385
    Likes Received:
    4,991
    Trophy Points:
    497
    Gender:
    Male
    Location:
    The Great Gig in the Sky
    this got me wondering if everything is a-ok with different system/different modchip. I have codebreakers mapped to R2 and a sega master system emulator to L2. those work. something weird is going on with L1. I thought it was mapped to a video player, but all I get is a black screen. I tried launching the elf directly. it would appear that I have two ulaunch.elfs on my memory card. it doesn't seem to like it if you have it mapped twice. I just hex compared, and they're different somehow.
     
  4. 38
    102
    52
    Maximus32

    Maximus32 Developer

    Joined:
    Sep 10, 2019
    Messages:
    38
    Likes Received:
    102
    Trophy Points:
    52
    Gender:
    Male
    If you ask me every app should have had it's own folder and icon. Then the user can see what apps are on the MC, and manage (copy, delete, etc...) them per app. Having 1 folder named "APPS" does not mean much to many users. I accidentally deleted the APPS folder once trying to create space on the MC.

    Since the fortuna savegame is corrupted, some users will accidentaly delete it, also deleting the apps inside it. Also having the apps inside the fortuna folder implicates the apps are not normal apps, but fortuna-apps. Which they are not.
    Another possibility when hardcoding the boot apps would be using something similar to what mod-chips do: BOOT0.ELF, BOOT1.ELF, etc...
    Having configuration would be best, then we can all use the locations we like.
     
    TnA and Algol like this.
  5. 2,444
    2,430
    372
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,444
    Likes Received:
    2,430
    Trophy Points:
    372
    Gender:
    Male
    Location:
    Poland
    Could looks nice. ;p

    LE/uLE/wLE/Lbfn remembering first days when gskit was born. Non aliased, microscopic fonts which was hard to read on CRT, no skinning system support (what is implemented is just switching configs) etc. They are all really great stuff but with just lack of graphic design.

    If someone would rewrite UX of wLE, it could looks like this: https://www.psx-place.com/threads/wle-gui.14642/#post-85602 IMHO much clean and modern than many official apps on newer platforms. ;p But no one do this so such launcher is not a bad equivalent as just simply loader.

    @VTSTech >> attachment
     

    Attached Files:

    Last edited: Dec 5, 2019
    jolek, DeViL303 and krHACKen like this.
  6. 331
    417
    97
    VTSTech

    VTSTech Developer

    Joined:
    Apr 8, 2019
    Messages:
    331
    Likes Received:
    417
    Trophy Points:
    97
    Gender:
    Male
    Home Page:
    Fortuna works best for me when there is only 1 folder/save on the drive.

    Some of these applications create folders in root of MC (snes_emu, retroarch)

    In the next version i will see about making toggles. to change from mc0 device to mass device. Will maybe have a toggle for /FORTUNA/ or /APPS/ folder on that device too.

    Update; Coming soon...

    [​IMG]
     
    Last edited: Dec 5, 2019
    jolek likes this.
  7. 1,335
    719
    222
    TnA

    TnA Senior Member

    Joined:
    Jul 1, 2018
    Messages:
    1,335
    Likes Received:
    719
    Trophy Points:
    222
    Gender:
    Male
    Location:
    Germany --> Saxony
    krat0s hasn't posted a writeup yet...
    Yes, it starts the BOOT.ELF within the FORTUNA-Folder.

    Yes, uLE works! It is already included!
    Not all ELFs seem to work however!

    Many things are possible, but it also could be something else. I agree with your later statement however!

    "Only"... Erm... I believe it is possible to compress the Payload as well, similar like in FMCB!

    Well... The Payload remains the same... You are rather exchanging the started Homebrew or Launcher!

    Well... Like I and others said... That's possible via wLE as well and even without any additional Button-Press (autostart).

    Well... With a config, I don't see the advantage to wLE... (except maybe for less features and thus less size)

    Well, usually that is the case, correct!
    However... Just from a technical perspective, some 'injection' already takes place with viewing the icon, so it is like Stage1-Payload (patching OSDSYS to execute the next Payload), stage2-Payload (ELF-Loader), ELF...

    Well... Actually it does, or it would not patch the MC invisible! There already has been a "init-Payload" or how to call it...
    That's one of the reasons why I think, the Exploit contains 2 Payloads (initial patch for the OSDSYS and then an ELF-Loader)!

    That seems rather unlikely, because that needs the SBV-Patches to execute from 'non-supported devices'!

    It seems more likely, that there are 2 Payloads and the first Payload (OSDSYS-Patch) points/jumps to the second stage Payload (thus "back out"-call/function/path/offset being patched) and offset-prediction for this second stage Payload (ELF-Loader including SBV-Patches) is probably the reason, why:
    • it has to be the first Icon
    • multiple Versions are needed for various BOOT-ROMs

    Well... That code has some issues, which is why it had been replaced in various projects like wLE and FMCB AFAIR!
    It resets IOP, but what @krHACKen pointed to is, that it lacks cleaning various locations and will overwrite your ELF-Loader, if the ELF to be loaded uses that Memory-location.

    Maybe FMCB's or wLE's ELF-Loader/code is a better choice for this part?! ;)

    Looks good... I suppose it will already work with wLE! :P

    THX for attaching it! My mobile bandwidth is severally limited currently!

    No blue cube there, haha!

    EXACTLY what I mean!

    All possible and exactly the way you said in wLE, like @kozarovv showed you! ;)

    1. Initially MG-Signing-"Faults", which allowed us to create accepted MC-KELFs and nowadays we can create proper KELFs of pretty much any kind. --> Yes, Exploit/Vulnerability/Entry!
    2. "Payload" or "embedded ELF", which in FMCB's case includes basically all of FMCB's features like those you mentioned. The following are still external though!
    3. Configurator, like you said.
    4. Installer, like you said.
    5. Config (much more important, than your list makes it seem, where it is missing! ;) ).
    6. USB-Drivers (+ optionally those for Pre-ExpansionBay-Models) AR externalized as well (even though I would prefer some stripped internal drivers, to make it as "rock-solid" as meant to be, haha.).
    Just put @HWNJ's OSDSYS-Launcher renamed to 'BOOT.ELF' into the Fortuna-Folder! :)
    Oh... and I am not sure, why some ELFs don't seem to work as of yet.
    Might be due to the integrated ELF-Loader, but I don't know it.

    Actually, that is quite easy to accomplish on old and new installers!
    I would have preferred a rather "blind-copy-folder" since 2008, but oh well... AFAIR we even had a similar implementation a while ago, but it was dropped or we have it again... Not sure... Code-wise it should be quite possible.

    @HWNJ's OSDSYS-Launcher! ;)
    It has been tested already and works!

    The FMCB-Installer-Sources (both 1.8b and SP193's installer) are freely available!
    SP193's newest installer and the source to it can be found at the Google-site... I don't have the link to it right now, but hope someone can add it!

    He can copy off the Launch_FMCB() function.

    It can be found here --> https://github.com/TnA-Plastic/FreeMcBoot/blob/fe3a48f085ec248b60f898e54f8257d01a687c1b/main.c#L2830

    ...or wLE's MISC/OSDSYS... (Where we are back at "re-inventing the wheel, IMO... :D)

    For static paths, that's preferable, yes.

    Yerp... Kinda feels like re-inventing the wheel, but I don't want to discourage him from writing a new contribution for the scene!

    Yes, wLE supports configurable Button-&Autolaunch!

    Yes.
    ...and since it would require a config anyway, it would then almost be "stripped" wLE again, IMO.

    :thumbs_up:

    Why does that remember me to "Puuusssshhh da button!" o_O

    Wait... Compilations?

    I did that as well... A while earlier! :D
    But I suppose the "Noobie-Package" is the one which spreaded the most.

    Well, it can be used for "ultimate compatibility" of FMCB with every model AND a kind of "(FMCB-)Brick"-Protection!
    Every time a way to recover, with only one MC (as long as the MC doesn't corrupt).

    Yerp... I prefer HWNJ's OSDSYS-Launcher for that very reason... I can just use the apps, FMCB is linked to!

    It should be, but since I don't know for sure how it works, I can't be entirely sure!
    I think the patches within the OSDSYS are not too many and probably are not even related to the functions, modchips patch.

    The modchip's function (especially ahead of starting/showing the icon) should not be influenced by the presence of Fortuna!
    There are also a lot of wLE-Versions circling around.

    Actually, that is how it is meant to be!!!
    Noone however ever found the time to create some proper Icons!

    The APPS-Icon (that MemoryCard with "APPS" written on it, is actually meant to be used as a miniaturized version in the upper left corner and should only say "APP" + a 3D-Icon for the App!

    App-folders are even meant to be recognized easily, via a "PREFIX_APPNAME"-Folder name, like "APP_SMS" and usually the ELF would have "APPNAME" also as an ELF-Name, like "SMS.ELF"!

    Anyone keen to contribute to the PS2-Scene via some 3D-Icons? I prefer Blender for this, but it could be done via other programs as well!

    EXACTLY! That's the idea how the app-system is meant to be working!!!

    Yes, one APPS-Folder actually was and is a Fall-back-solution, due to single folders without icons would show up as "blue cubes" shown by @jolek before!

    Deletion of that "Save" can be blocked!!! ;)

    Correct... Well I understand it for the BOOT.ELF itself, but not for the other apps and especially not, that they are using "Save-Sub-folders" which the OSDSYS and some other stuff doesn't properly support!

    That's one of the reasons, why I simply replaced the BOOT.ELF with the OSDSYS-Launcher!

    Yerp... We did the same for FMCB, when no config is found!

    I still don't see the difference, except for the learning-experience and less functions and less memory it needs.
    In the end, it seems he wants to implement quite some functions which are already available EXACTLY that way in wLE...

    But an alternative launcher and new app is still appreciated!

    Sure! If he intends to make the GUI animated or whatnot... But wLE can have the very same static picture as a "GUI", thus it would essentially look exactly the same...

    Yerp, the GUI was never really "pretty" in uLE, also with the "background-support" and (non-performant) "config-switching-support"!

    I hope he rather invests his time and enthusiasm and working force/power into adding new functionality to wLE, haha...! :D

    Nah... Works for me with 20 icons as well...

    ?!?
    EVERY app, which saves on MC creates it's own folder...
    A Save is just a folder, + at least icon.sys and 1 to 3 icons + save-data/file.

    Well, that's better already!
    THX for the update (feature- & usability-wise)!
     
    Last edited: Dec 5, 2019
  8. 2,444
    2,430
    372
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,444
    Likes Received:
    2,430
    Trophy Points:
    372
    Gender:
    Male
    Location:
    Poland
    @TnA
    How? There is no delete-proof attribute in mcfs. Didn't You mislead it with copy protection?

    Simply: no. It is impossible to look exactly the same. Similar, sure, but not the same and with ugly font. :P


    BTW: OSDSYS doesn't support subfolders on MC. So deleting, copying or pasting folders with recurrence 1+n can break fat table. That's one of the reason to use for such operations homebrew file managers as they have fully support mcfs.
     
    TnA likes this.
  9. 1,335
    719
    222
    TnA

    TnA Senior Member

    Joined:
    Jul 1, 2018
    Messages:
    1,335
    Likes Received:
    719
    Trophy Points:
    222
    Gender:
    Male
    Location:
    Germany --> Saxony
    Yes, AFAIR (but am not entirely sure), you can only 'set write-protect' to files/folders on MC and I remember @sp193 pointed that out to me as well a while ago!

    However... I know for a matter of fact, that I had a quite big save on one or two of those Japanese MCs, which I simply could not delete via the OSDSYS (it would not even try but directly give me a message), but via wLE...

    I think it was an ugly big save (1MB) or so, possibly from PSO?


    Fortuna can block it in any case IMO, because once the icon is shown, it can block the deletion-call... (well, then you can't delete any Save via OSDSYS).

    Impossible? You've seen the last week, did you?! :D
    Nothing is impossible! I suppose wLE needs a 'GUI Overhaul part 1 - 10', lol.

    Hence why I suggested to not use Sub-folders... ^^



    Regarding an App-System Implementation, I made another thread @Maximus32 and others!
    https://www.psx-place.com/threads/discussion-app-system-implementation.27264/
     
  10. 331
    417
    97
    VTSTech

    VTSTech Developer

    Joined:
    Apr 8, 2019
    Messages:
    331
    Likes Received:
    417
    Trophy Points:
    97
    Gender:
    Male
    Home Page:
    Based on discussion here; v0.3... :)

    Tested on real PS2 (I always test on real PS2 now :P). Boots from mass. Used uLE Debug screen to confirm environment path

    [​IMG]
    [​IMG]

    v0.3
    Can now use different paths and devices!
    Can select mc0 or mass
    Can select FORTUNA or APPS
    No more sub folders
    Source code released
    --

    Also, yes I realize you can do this in uLE/wLE and that that is a much more versatile homebrew. I am at least in part, doing this for the experience, and just to see if i can :P
     
    Last edited: Dec 5, 2019
    jolek, Maximus32, Algol and 1 other person like this.
  11. 1,335
    719
    222
    TnA

    TnA Senior Member

    Joined:
    Jul 1, 2018
    Messages:
    1,335
    Likes Received:
    719
    Trophy Points:
    222
    Gender:
    Male
    Location:
    Germany --> Saxony
    Wow! I feel your enthusiasm! Quite a fast progress in a short time! :)

    You are letting "criticism" and ideas from various people influence your work to become better! Great!
     
  12. 38
    102
    52
    Maximus32

    Maximus32 Developer

    Joined:
    Sep 10, 2019
    Messages:
    38
    Likes Received:
    102
    Trophy Points:
    52
    Gender:
    Male
    So this HUGE executable is not an ELF, but hidden somewhere inside corrupted MC data. If you ask me this should have been separated, just like it is with FORTUNA. Immagine hiding the FORTUNA launcher or wLE inside the FORTUNA icon... that would be crazy. Having a tiny payload that simply starts BOOT.ELF from somewhere is much better. Is there a known reason why it's made like this?
     
  13. 1,335
    719
    222
    TnA

    TnA Senior Member

    Joined:
    Jul 1, 2018
    Messages:
    1,335
    Likes Received:
    719
    Trophy Points:
    222
    Gender:
    Male
    Location:
    Germany --> Saxony
    What? Which 'huge ELF'?

    FMCB's Loader (MC-KELF) is only ~60KB, including all functions like the hacked OSDSYS, a Config-parser, auto-launch & button-launch ELF, etc.

    It is not corrupted MC-Data either, but a signed MC-K(rypto)ELF, nowadays created with "KELF Generation Algorithm V3" (inverse XOR'ing-Trick to adapt the kc&kbit bittable-stuff to the binary which is encrypted&MC-signed, but calculated/derived from a "base-key" so to say).


    I also don't see anything in Fortuna "externalized" in that sence!
    The BOOT.ELF is not the Payload, but what actually loads the ELF is the Payload!
    In Fortuna's case, I assume in this order... Vulnerability --> 1st-stage-payload (OSDSYS-Patches or mods to execute 2nd-stage-payload) --> 2nd-stage-Payload (ELF-Loader) --> ELF
    I am not entirely sure, if the Debug-code (the colors, etc.) are within the presumed 2nd or in the 1st Payload.


    So neither FMCB, nor FHDB, nor Fortuna are in any way different in that regard... None of them have any "bloatware" internalized, nor has Fortuna something externalized which FMCB/FHDB has integrated! ;)


    But it is possible to create KELFs for other purposes as well (i.e. PSX HDD), from ELFs.
    But it definitely would be insane to use that as an automatically starting OSDSYS-Update, because it would miss various things like OSDSYS-Init and CDVD-Init + you couldn't access the OSDSYS with the card inserted... Well, that's possible too, but again needs at least to call the OSDSYS with the -SkipMc-Argument.

    Regarding your last sentence... FMCB's Payload is tiny! The KELF is ~60KB!
     
  14. 38
    102
    52
    Maximus32

    Maximus32 Developer

    Joined:
    Sep 10, 2019
    Messages:
    38
    Likes Received:
    102
    Trophy Points:
    52
    Gender:
    Male
    I'm searching for information as we speak. About the MC corruption, I was confused with the old installer "crosslinking" for "controlled filesystem corruption". Thanks for clearing that up.

    So let me get this right: from the FMCB installer v1.966: "SYSTEM/FMCB.XLF" = 78736 bytes = FMCB
    There's no other exploit, entrypoint or MC corruption required, just that single signed ELF.

    Only thing I don't quite understand is what the installer does when installing cross model and cross region... the installer only has 1 FMCB.XLF file, not multiple... how does this work? Are they signed differently, or named differently?
     
  15. 1,335
    719
    222
    TnA

    TnA Senior Member

    Joined:
    Jul 1, 2018
    Messages:
    1,335
    Likes Received:
    719
    Trophy Points:
    222
    Gender:
    Male
    Location:
    Germany --> Saxony
    The cross-linking is pretty similar to hard-links in Linux (where you can have one file sym-linked to other folders).
    "Multi-install" creates one-sector/cluster Dummies with the name of the other files and folders and then patches these dummies to point to the sectors of the real installed file MC-KELF/OSDSYS-Update! That's why these original Dummy-Sectors (locations) are stored in a uninstall.dat, because if you would manually delete these files, it would render the patched Dummy-Sectors unaccessible, until the MC is reformatted.


    Yes, the XLF was the Payload on the 1.9x-series AFAIK!
    Alright, then it's ~77KB... That's not much more though (size-wise)... :D

    Yes, only that file (MC-Re-Signed)!
    Creating that encrypted file basically is what we take advantage of... Once the KELF is properly signed, the PS2 accepts it!

    This file needs to be MC-Signed, because it comes as a ROM/DISC-KELF and has to be signed to be an MC-KELF... To generate an MC-KELF, you need the MC-Signing-ID consisting of "kc"="key content" or "contentkey" and "kbit"=Was it "key bittable"? I think it was...
    These keys are calculated from a MC-Hardware-ID and the MG-keys I think... It's well over a decade, lol... (at least for the V1-Algo, which the V3-Algo is based on, but with inversing the XOR'ing-Trick by applying it to the kc (&kbit?) instead of the Data-Blob!)

    The "FreeVast Continues"-Thread at psx-scene.com is extremely lengthy but has quite some interesting info about it + a lot of other threads as well...
    I know it's a bit scattered tho'. :-|

    But yes, just re-signing the KELF (a.k.a. "installing FMCB")... No additional Exploit (well except for getting it onto the card in the beginning, but not once it is installed and also technically there is no second Exploit involved. No other entry-point, no corruption...
    The cross-linking is solely for showing more names, which varying OSDSYS-Versions search for and thus make a card multi-version-compatible (not yet Region... Different regions search for different B?-Folders, where "?" is the region-specific letter.)

    One simply copies off the files needed for one region only AFAIR and doesn't do the cross-linking/FS-patching! ;)
    Signing of the files is the same (they are the same) and yes, named differently like osdmain.elf, osd110.elf, osd120.elf, osd130.elf...
     
    Last edited: Dec 6, 2019
  16. 2,444
    2,430
    372
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,444
    Likes Received:
    2,430
    Trophy Points:
    372
    Gender:
    Male
    Location:
    Poland
    @Maximus32 Different models, looking for different filenames. So instead of multiplying data (which is possible, just waste of space), there are crated symlinks for the same file. This means that file occupied some block range for which in table is represented as separated different files. Imagine a book, which has only two pages and index of this book listing different chapters but all lead to the same, second page. ;)
     
    TnA likes this.
  17. 1,335
    719
    222
    TnA

    TnA Senior Member

    Joined:
    Jul 1, 2018
    Messages:
    1,335
    Likes Received:
    719
    Trophy Points:
    222
    Gender:
    Male
    Location:
    Germany --> Saxony
    I think we might continue this discussion in an FMCB-related thread... Maybe a thread about the specifics of the interior and how the whole project down from the KELF, up to the Noobie-Package is structured, because it all lacks quite a documentation!

    So, can we get back on/to topic here? :)
     
  18. 1,799
    1,122
    297
    Louay

    Louay Senior Member

    Joined:
    Jan 23, 2017
    Messages:
    1,799
    Likes Received:
    1,122
    Trophy Points:
    297
    Gender:
    Male
    Occupation:
    College Student,GAMING,REPAIRING,XMB Modder
    Location:
    Tunisia
    Home Page:
    .
     
    Last edited: Dec 6, 2019
  19. 331
    417
    97
    VTSTech

    VTSTech Developer

    Joined:
    Apr 8, 2019
    Messages:
    331
    Likes Received:
    417
    Trophy Points:
    97
    Gender:
    Male
    Home Page:
  20. 331
    417
    97
    VTSTech

    VTSTech Developer

    Joined:
    Apr 8, 2019
    Messages:
    331
    Likes Received:
    417
    Trophy Points:
    97
    Gender:
    Male
    Home Page:
    Now a compressed version too :) Included in 0.4 release

    Code:
    PS2-Packer v1.1.0 (C) 2004-2005 Nicolas "Pixel" Noble
    This is free software with ABSOLUTELY NO WARRANTY.
    
    Using special ucl-nrv2e asm (one section) stub
    Compressing FORTUNA_Launcher.elf...
    Loading stub file.
    Stub PC = 01D0001C
    Removing 167 zeroes to section...
    Loaded stub: 000001D9 bytes (with 000000A7 zeroes) based at 01D00000
    Opening packer ./n2e-packer.dll.
    Preparing output elf file.
    Packing.
    ELF PC = 001000D8
    Removing 1 zeroes to section...
    Loaded section: 0000D154 bytes (with 0000607D zeroes) based at 00100000
    Section packed, from 53587 to 24672 bytes, ratio = 53.96%
    Final base address: 01CF9F90
    Writing stub.
    All data written, writing program header.
    Done!
    File compressed, from 238622 to 25257 bytes, ratio = 89.42%
     
    TnA, jolek, svotib and 1 other person like this.

Share This Page