PS3 [Research] LINK.XML information

bguerville said:
@aldostools

Do you know what the rationale is for the usage of sysPrxForUser functions over exported vsh equivalents libc functions?
sys_malloc, sys_printf etc..
First of all, are those really just duplicates? Or do they action extra locks, thread safety or whatever?

I could not find any info about this stuff anywhere. When I look at vsh module disassemblies, it's unclear what the rules are, a vsh module often uses both function types, they may use say memcpy from vsh exports but sys_memset from sysPrxForUser, or even use both duplicates like memcpy & sys_memcpy.
If I take game_ext_plugin.sprx, it uses the allocator exports for the C++ operators like new & delete but at the same time it also uses sys_malloc & sys_free from sysPrxForUser.

Obviously, I am missing something here, can you enlighten me?
Click to expand...

I don't have technical information about these specific functions. They probably are duplicates.

Often the functions are duplicated (by design) in different modules to avoid dependencies.
Sometimes they are duplicated for internal organization to group them by categories in case they need future updates.
Other times the developers are lazy and just paste a block of code with duplicated functions, not necessarily looking for efficiency.
 
bguerville said:
@DeViL303
@aldostools

I am currently working on the hashing functionalities I planned for xai_plugin.
I added support for md5/sha1/sha224/sha256/sha384 & sha512 hashing.
I wrote a hasher class that can hash strings, buffers of data or files & return a string containing the calculated hash.
Unfortunately, I wasn't able to use the more efficient SPURS based hashing library as originally planned. I tried to but I cannot manage to link the hashing spurs libraries because they reference 3 libc (standard C library) function stub entries that are not valid in the case of a vsh module.
Standard C library functions are at the very core of C & C++ programming so issues with this libc library have been a recurrent pain in the ass for xai_plugin (and other vsh prx module projects) development, always having to try work around it, sometimes with success, sometimes without.
Anyway, hashing will have to be done on PPU for now as I cannot be bothered trying to look deeper into the problem to solve it.

I am telling you about this hashing feature because I wanted to ask your opinion. Would it be useful to have a new conditional job based on (file?) hashing results? What do you think? Worth the time investment?
Click to expand...
It can be used to identify custom files that are going to be renamed, by using it together with a list of "known" hashes, lets say... we have a folder containing several files that are intended to replace cobra stage 2... and we create a list with his names and hashes, this way:
Code: 
cobra_official_20210227.bin, e36ef36f6e35e393ee3fa8abbb34b34
cobra_by_pepito_v01.bin, f6f7e67234f23fac7c8b0bb6734
cobra_tests_v23.bin, 0978aca7cacacb7acb7ac5ab34b3fef3

After that... we can enable or disable them (by webman or other apps) with this procedure, lets say i have active the official cobra, and i want to replace it by pepito
1) Check hash of the active "stage2.bin" and compare with the list (this will return the name "cobra_official_20210227.bin")
2) rename "stage2.bin" to "cobra_official_20210227.bin"
3) rename "cobra_by_pepito_v01.bin" to "stage2.bin"

Im using cobra as an example, im not sure if there are other ways to do it with cobra, but anyway... this procedure should work with a lot of the small XMB mods that requires replacing or renaming files
The point is this allows to identify files by his hash



-----------------
The difference of doing the hashing with PPU (instead of SPU) is the performance, because SPU's are designed for this kind of arithmetic calculations so they should do it very well
And specially because there are 7 SPU's so the PS3 allows to calculate hash for up to 7 files in paralell threads (this could be handy only when checking many files inside a folder though)

But for small files the performance differences in between PPU or SPU's doesnt matters much, the time differences is going to be very small, so is fine :encouragement:

*Managunz have the same problem btw, the actual managunz versions are doing the MD5 and SHA1 hash checks by PPU bruteforce
 
bguerville said:
@DeViL303
@aldostools

I am currently working on the hashing functionalities I planned for xai_plugin.
I added support for md5/sha1/sha224/sha256/sha384 & sha512 hashing.
I wrote a hasher class that can hash strings, buffers of data or files & return a string containing the calculated hash.
Unfortunately, I wasn't able to use the more efficient SPURS based hashing library as originally planned. I tried to but I cannot manage to link the hashing spurs libraries because they reference 3 libc (standard C library) function stub entries that are not valid in the case of a vsh module.
Standard C library functions are at the very core of C & C++ programming so issues with this libc library have been a recurrent pain in the ass for xai_plugin (and other vsh prx module projects) development, always having to try work around it, sometimes with success, sometimes without.
Anyway, hashing will have to be done on PPU for now as I cannot be bothered trying to look deeper into the problem to solve it.

I am telling you about this hashing feature because I wanted to ask your opinion. Would it be useful to have a new conditional job based on (file?) hashing results? What do you think? Worth the time investment?

I also started to add functions for memory patching (lv1/lv2/userland), peek poke functions basically but a little more elaborate. It made me wonder about the same thing as for hashing, whether it would be worth making a conditional job based on the value returned by a memory peek.
That would be a useful feature to have of course but again, is it worth the time investment? Would you use it?
Click to expand...

It's nice to have more functions available. However, -IMHO- all these functions wouldn't have too much use without an easy to use scripting language or a GUI to select the files. It would force the users to learn a XML pseudo script language and XMBML. The audience for these functions will use it will be very limited.

webMAN MOD currently has the web command /md5.ps3<path-file> that is called from a right-click menu via PC browser.
 
aldostools said:
It's nice to have more functions available. However, -IMHO- all these functions wouldn't have too much use without an easy to use scripting language or a GUI to select the files. It would force the users to learn a XML pseudo script language and XMBML. The audience for these functions will use it will be very limited.

webMAN MOD currently has the web command /md5.ps3<path-file> that is called from a right-click menu via PC browser.
Click to expand...
Programming the XMB already forces you to learn XMBML, there is no way around that.
In my mind, xai_plugin is only meant to make features accessible to XMBML developers, I never meant to provide a user friendly API for regular users to customise their XMB themselves, the audience for the modifications I am making is limited to devs but that was always the goal.

As to the hashing functions, I need them for the next phase of my Toolset project, like most additions I made to xai_plugin, they will be available, if people want to use them great, if not, no problem.
I am not trying to compete with wMM, I am only adding to xai_plugin the stuff I need & while I am at it, trying to make things better for DeViL303 & others who rely on xai_plugin for their own projects.

As to scripting, I think you are right fundamentally, introducing a scripting system to xai_plugin would make it a lot more powerful & would give XMB devs a whole new level of flexibility as well as the ability to do complex tasks.
 
Last edited:
bguerville said:
Programming the XMB already forces you to learn XMBML, there is no way around that.
In my mind, xai_plugin is only meant to make features accessible to XMBML developers, I never meant to provide a user friendly API for regular users to customise their XMB themselves, the audience for the modifications I am making is limited to devs but that was always the goal.

As to the hashing functions, I need them for the next phase of my Toolset project, like most additions I made to xai_plugin, they will be available, if people want to use them great, if not, no problem.
I am not trying to compete with wMM, I am only adding to xai_plugin the stuff I need & while I am at it, trying to make things better for DeViL303 & others who rely on xai_plugin for their own projects.

As to scripting, I think you are right fundamentally, introducing a scripting system to xai_plugin would make it a lot more powerful & would give XMB devs a whole new level of flexibility as well as the ability to do complex tasks.
Click to expand...

I understand your goal, but a powerful tool like xai_plugin could have uses for regular users.

Support for a basic scripting language with if/then/else is not too difficult.
You only need to parse line by line sequentially and ignore a block of lines if a condition is false.

If you think it can help you, you can use this code as reference:
https://github.com/aldostools/webMAN-MOD/blob/master/include/script.h
 
Seen script on ps3exploit and seems @bguerville use method of slice to dump/clone ? some example of script :
// obtain input element through DOM

var file = document.getElementById('file').files[0];
if(file)
{
// create an identical copy of file
// the two calls below are equivalent

var fileClone = file.slice();
var fileClone2 = file.slice(0, file.size);

// slice file into 1/2 chunk starting at middle of file
// Note the use of negative number

var fileChunkFromEnd = file.slice(-(Math.round(file.size/2)));

// slice file into 1/2 chunk starting at beginning of file

var fileChunkFromStart = file.slice(0, Math.round(file.size/2));

// slice file from beginning till 150 bytes before end

var fileNoMetadata = file.slice(0, -150, "application/experimental");
}
Now documentations are here https://w3c.github.io/FileAPI/#slice-method-algo
https://xhr.spec.whatwg.org/
https://github.com/web-platform-tests/wpt/tree/master/xhr/resources
My idea to modifify an cheap/good dvr/xvr to host any exploits on ps3/ps4 for everyone used as miniserver/tool
I can give access to one chep dvr with 500 gb to load/test modify internat dump in order to be accesed by ps3 probably on ofw/hfw.
It wold be nice some help for this project , I am able to provide tools ,not good to scripts but willing to learn.
As example i have tricked somehow CA certificate but still not secure https://victormures.go.ro/
Some dvr on old interface IE are made to push file to download in order to see images .
Just let me know
 
Last edited:
vyktormvmpay25 said:
Seen script on ps3exploit and seems @bguerville use method of slice to dump/clone ? some example of script :
// obtain input element through DOM

var file = document.getElementById('file').files[0];
if(file)
{
// create an identical copy of file
// the two calls below are equivalent

var fileClone = file.slice();
var fileClone2 = file.slice(0, file.size);

// slice file into 1/2 chunk starting at middle of file
// Note the use of negative number

var fileChunkFromEnd = file.slice(-(Math.round(file.size/2)));

// slice file into 1/2 chunk starting at beginning of file

var fileChunkFromStart = file.slice(0, Math.round(file.size/2));

// slice file from beginning till 150 bytes before end

var fileNoMetadata = file.slice(0, -150, "application/experimental");
}
Now documentations are here https://w3c.github.io/FileAPI/#slice-method-algo
https://xhr.spec.whatwg.org/
https://github.com/web-platform-tests/wpt/tree/master/xhr/resources
My idea to modifify an cheap/good dvr/xvr to host any exploits on ps3/ps4 for everyone used as miniserver/tool
I can give access to one chep dvr with 500 gb to load/test modify internat dump in order to be accesed by ps3 probably on ofw/hfw.
It wold be nice some help for this project , I am able to provide tools ,not good to scripts but willing to learn.
As example i have tricked somehow CA certificate but still not secure https://victormures.go.ro/
Some dvr on old interface IE are made to push file to download in order to see images .
Just let me know
Click to expand...
1. I have absolutely no idea what you mean when you say I used slicing to dump or clone..

2. In the limited ps3 webkit, there is no blob object available, no FileAPI so your sample would never work.
You cannot access the local file system from the browser unless you can load the browser in local mode. And you can only run the browser in local mode if you open it from a custom self or sprx & as you cannot run a custom self/sprx unless the kernel is exploited, it's a catch 22 situation. In short, to use local files you would need a new exploit of its own, whether it is an exploit that allows you to load the browser in local mode or an exploit that tricks the browser into loading a local file without realising it.
I suggest you run a javascript features test page in the ps3 browser, you will get a idea of how limited the included webkit is.
The ps3 webkit is equivalent to Safari 4.0.5 on PC with a few features removed.

3. Why would you bother repurposing a dvr to be used as a http server for ps3/ps4? Unless it's purely for fun in which case, sure, why not..
Keep in mind however that a esp8266 dongle can already serve network based exploits for ps3/ps4 based on html/js (no php of course), those usb dongles are widely available & do the job well, all for a 5 to 10 bucks investment! Hard to beat imho.

4. To create a secure https connection between a web server & the ps3 browser, you must use a ssl certificate that is compatible with the ps3. The list of compatible root certificates can be found as ".cer" files in the cert folder located at /dev_flash/data/cert.
You can access the folder directly on the ps3 or simply unpack a PUP update package on PC using PUADGUI.
FYI you can use a free Let's Encrypt ssl certificate, it should work at least from 4.82 OFW up.
 
Last edited:
sandungas said:
It can be used to identify custom files that are going to be renamed, by using it together with a list of "known" hashes, lets say... we have a folder containing several files that are intended to replace cobra stage 2... and we create a list with his names and hashes, this way:
Code: 
cobra_official_20210227.bin, e36ef36f6e35e393ee3fa8abbb34b34
cobra_by_pepito_v01.bin, f6f7e67234f23fac7c8b0bb6734
cobra_tests_v23.bin, 0978aca7cacacb7acb7ac5ab34b3fef3

After that... we can enable or disable them (by webman or other apps) with this procedure, lets say i have active the official cobra, and i want to replace it by pepito
1) Check hash of the active "stage2.bin" and compare with the list (this will return the name "cobra_official_20210227.bin")
2) rename "stage2.bin" to "cobra_official_20210227.bin"
3) rename "cobra_by_pepito_v01.bin" to "stage2.bin"

Im using cobra as an example, im not sure if there are other ways to do it with cobra, but anyway... this procedure should work with a lot of the small XMB mods that requires replacing or renaming files
The point is this allows to identify files by his hash



-----------------
The difference of doing the hashing with PPU (instead of SPU) is the performance, because SPU's are designed for this kind of arithmetic calculations so they should do it very well
And specially because there are 7 SPU's so the PS3 allows to calculate hash for up to 7 files in paralell threads (this could be handy only when checking many files inside a folder though)

But for small files the performance differences in between PPU or SPU's doesnt matters much, the time differences is going to be very small, so is fine :encouragement:

*Managunz have the same problem btw, the actual managunz versions are doing the MD5 and SHA1 hash checks by PPU bruteforce
Click to expand...

The hashing libraries for SPU rely on SPURS tasksets. It would be much better for hashing big fîles or multiple files. Using the SPURS hashing libraries, a PPU thread can process up to 64 data streams at any given time & get hashes generated concurrently for those data streams on up to 7 SPUs.

Unfortunately, the hashing libraries for SPU reference malloc, memalign & free from libc, which is no problem when used in a self project but in a prx project for vsh usage, I think those 3 references would need to be replaced by the equivalent stdc exports in order for project linking to succeed. It might be possible to patch the libraries or the compiled object files or use some kinda trick to work around the linking issue, I haven't dug deeper to solve the problem, I wonder if anyone else has actually, others must have encountered this problem linking certain libraries in prx projects in the past years.
 
Last edited:
Thank you for explanation. Dvr idea came for people with broken hdd and they don't speak native English. A remote server will help to restore them Hen. It will be somehow written on our language. Not necessarily but I will see with time.
 
vyktormvmpay25 said:
Thank you for explanation. Dvr idea came for people with broken hdd and they don't speak native English. A remote server will help to restore them Hen. It will be somehow written on our language. Not necessarily but I will see with time.
Click to expand...
If you really had a hdd problem then a full hdd reinstall would be in order, in which case you would be back on OFW or HFW & you would need to start from scratch, install PS3HEN the same way you did it the first time round, reboot & enable PS3HEN as you have always done.

As things stand, I don't see much of a need for an alternate remote server, especially when you consider the time investment, financial cost & the potential troubles related to maintaining such a website.
There is already a decent alternate version available at https://ps3addict.github.io/ which can be used when the main site & the mirror site are both down.

I can humbly make a suggestion though, if the idea is to make things easier for HEN users who don't speak English then would it not be more relevant to bring multi-language support to the HEN project files?

You could translate any text in the html files & in the few strings inside the js file.
All the files to edit are located in the "html" folder at the root of the official repo at https://www.github.com/PS3Xploit/PS3HEN.
If you were serious about this, you could make a copy of the html folder & rename that copy by appending the abbreviation for the language you wish to use. Say html_de for German, html_fr for French, html_es for Spanish etc..
Then once the translation work is complete, you could make a pull request to ps3xploit to add the alternate language in the official repo so it benefits everyone.
If others do the same with their own languages, maybe in the future esc0rtd3w (who is in charge of maintaining that repository) will feel that there is enough interest to integrate all languages into one multi-language version, until now there has not been much interest though afaik.

Alternatively you could also translate the tweaked versions of PS3HEN enabler & PS3HEN installer by lmn7 available in Coro's repo at https://github.com/ps3addict
Those files might actually be easier for you to work on than the official ones because lmn7 will have removed all unnecessary code & condensed all javascript & html markup into just one html file in an effort to keep the number of files & the overall size at a minimum.
Then you could submit a pull request to Coro (or just pm him about it, see if he is interested in adding your translation to his repo & link it for public usage with due credits).

Note to DeViL303.
I am sorry for all the off topic stuff.
First my post about xai_plugin & now this.
I can clean it all up if you wish.
Let me know. ;-)
 
Last edited:
Here is a little something I just made for my own use, but maybe some one here will also find it useful. This is only now possible due to the discoveries in this thread.

This is a simple WT type pkg (LINK.XML) that installs a permanent link to the XMBs TV category for installing OR enabling HEN. The handy thing about this is it sticks after a HFW reinstall. It's really no different to saving a bookmark to http://**ps3xploit.com >Domain no L... (ps3xploit.me =new)/hen/installer/index.html really but it just gives you a handy XMB icon.

LINK.XML contents:
Code: 
<link ver="1.0" webkit="1">
<url>http://**ps3xploit.com >Domain no Longer owned by team**  (ps3xploit.me =new)/hen/installer/index.html</url>
</link>

This can be useful to reinstall HEN after you have installed or updated HFW, or if HEN is already installed it can be used as a backup HEN enabler for cases where your category_game.xml gets replaced by something and you lose access to the HEN enabler in the game category.

eg.jpg



It would also be possible by using some XMBML conditions in the TV category to make this icon so it only shows up if HEN is not already installed (fresh HFW install), also this LINK.XML "app" could also be bundled into the HEN installer PKG if required.
 

Attachments

DeViL303 said:
Here is a little something I just made for my own use, but maybe some one here will also find it useful. This is only now possible due to the discoveries in this thread.

This is a simple WT type pkg (LINK.XML) that installs a permanent link to the XMBs TV category for installing OR enabling HEN. The handy thing about this is it sticks after a HFW reinstall. It's really no different to saving a bookmark to http://**ps3xploit.com >Domain no L... (ps3xploit.me =new)/hen/installer/index.html really but it just gives you a handy XMB icon.

LINK.XML contents:
Code: 
<link ver="1.0" webkit="1">
<url>http://**ps3xploit.com >Domain no Longer owned by team**  (ps3xploit.me =new)/hen/installer/index.html</url>
</link>

This can be useful to reinstall HEN after you have installed or updated HFW, or if HEN is already installed it can be used as a backup HEN enabler for cases where your category_game.xml gets replaced by something and you lose access to the HEN enabler in the game category.

View attachment 33706


It would also be possible by using some XMBML conditions in the TV category to make this icon so it only shows up if HEN is not already installed (fresh HFW install), also this LINK.XML "app" could also be bundled into the HEN installer PKG if required.
Click to expand...

Nice one!! I guess the LINK.XML could be used also with lmn7's offline enabler (javascript link).

If that works, it could be used even if category_game.xml is replaced.
 
aldostools said:
Nice one!! I guess the LINK.XML could be used also with lmn7's offline enabler (javascript link).

If that works, it could be used even if category_game.xml is replaced.
Click to expand...
Yeah that would be cool.

It would be nice if we could have it by default be an offline HEN enabler, but in the same JS have an online installer available if its required. So lets say the LINK.XML has full offline javascript for enabling HEN, but if it detects that the PS3HEN.BIN does not exist, then it would become an online HEN installer.

Currently it works kinda like that, but the HEN installer and enabler are both online. Also currently it works the other way around where it first tries to install HEN, but if it detects the PS3HEN.BIN exists it switches over to become a HEN enabler. It would be better for this type of use if it tried to enable HEN offline first. Not sure if that is possible or worth working on but it's an idea anyway :)
 
@esc0rtd3w You might find this interesting.

Here is a pkg that is based on the official 4.88 HEN install pkg, it includes all the files from the http://**ps3xploit.com >Domain no L...cex/installer/Latest_HEN_Installer_signed.pkg unchanged, but it has a couple of extra files added.

So as well as installing HEN like normal it also adds a link to the XMB for reinstalling HEN in future, BUT due to a mod to the included category_tv.xml this extra icon it will only show up on a fresh install of HFW. Once this HEN pkg is installed the link is hidden.

So if this was used in place of the current auto installing HEN pkg, there would be no difference initially really, except that if the user installs HFW again then the "Install HEN" icon appears. So basically this extra icon only appears when its required.

Kind of hard to explain, but if you wanted to test this all you would need to do is install this attached PKG while on HEN (HFW 4.88), then do a fresh install of 4.88 HFW to remove HEN, this will make the "Install HEN" icon appear.

Currently because the installer links to the official HEN pkg, the icon will not disappear after the install if HEN, that would only happen if the patched category_tv.xml was in the official HEN pkg which its not currently.

The patch I applied to the category_tv.xml to hide the installer icon is done like this:

Replace this:
Code: 
<Query
class="type:x-xmb/folder-pixmap"
key="gameDir"
src="xil://localhost/list?t=tv"
/>


With this:
Code: 
<Query
class="type:x-xmb/folder-pixmap"
key="gameDir"
attr="gameDir"
src="xcb://localhost/query?limit=2048&table=MMS_MEDIA_TYPE_HDD&sort=-Game:Common.stat.rating-Game:Common.timeCreated&cond=Aa+Game:Common.title+Ae+Game:Game.category AT"
/>
<Query
class="type:x-xmb/folder-pixmap"
key="gameDir2"
attr="gameDir2"
src="xcb://localhost/query?limit=2048&table=MMS_MEDIA_TYPE_HDD&sort=-Game:Common.stat.rating-Game:Common.timeCreated&cond=Aa+Game:Common.title+Ae+Game:Game.category AV"
/>
<Query
class="type:x-xmb/folder-pixmap"
key="gameDir3"
attr="gameDir3"
src="xcb://localhost/query?limit=2048&table=MMS_MEDIA_TYPE_HDD&sort=-Game:Common.stat.rating-Game:Common.timeCreated&cond=Aa+Game:Common.title+Ae+Game:Game.category WT+An+Game:Game.titleId INSTALLER"
/>

It done like this so all TV type apps still show up, but the LINK.XML WT app with the title ID "INSTALLER" is excluded and stays hidden. Then when you install HFW it installs the official category_tv.xml and makes the Install HEN icon appear.

There might be a better ways to do it but I'm just throwing out some ideas for discussion/brainstorming.
 
Coro said:
if anybody manages to get a working hen enabler into a LINK.XML, i would like to know... :)
Click to expand...
Yeah I only tried once but offline HEN enabler does not seem to work for some reason, it's strange cos other offline JS works. Not sure what's going on there.
 
aldostools said:
I don't have HEN to test myself. But here is a PKG that I made if someone one to try:
Click to expand...
Same as my attempt, it just goes to a white browser screen with infinite loading clock icon.

Not sure what the difference is here, maybe there is a smaller size limit on LINK.XML compared to JS in XMBML, idk.
 
Coro said:
if anybody manages to get a working hen enabler into a LINK.XML, i would like to know... :)
Click to expand...

If you are talking about opening a local html file in the browser (the ideal solution) so that HEN/HAN & any other browser based exploits could be used completely offline, that would require the link.xml implementation to use the web browser utility (a specific utility that allows an app/game to customise the browser behaviour) in order to enable the local file mode which is disabled by default. I don't think it does though. TBC.
Does anybody know of a game/app using a link.xml containing a local URI? I always kinda assumed that link.xml could only be used for network based URLs but it is something that could be checked/tested.

But you may have been referring to using javascript as a url just like what we do with xmbml module_action..
Btw which browser does link.xml use? Silk or webkit?
If it is webkit the old wk exploit code used by HEN should work however there may be different limitations from the xmbml usage we know..
 
DeViL303 said:
maybe there is a smaller size limit on LINK.XML
Click to expand...
i did not try the enabler included in the Auto HEN installs (before installing full hen). it is very small but has NO fw detection...

bguerville said:
But you may have been referring to using javascript as a url just like what we do with xmbml module_action..
Btw which browser does link.xml use? Silk or webkit?
If it is webkit the old wk exploit code used by HEN should work however there may be different limitations from the xmbml usage we know..
Click to expand...
you can pick the one with javascript support using "webkit=1". links to online html with js work...but xml-like enablers i have not seen working.
 
Last edited:
You must log in or register to reply here.

Similar threads

Back
Top