[TUT] How to completely remove epilepsy warning

Discussion in 'Tutorials & Guides' started by kozarovv, Sep 13, 2015.

  1. 7,004
    4,884
    697
    kozarovv

    kozarovv Super Moderator

    Joined:
    Nov 8, 2014
    Messages:
    7,004
    Likes Received:
    4,884
    Trophy Points:
    697
    Home Page:
    Today i show you how to remove epilepsy warning on older firmwares. This process will make that your PS3 boot faster, is not old replacing method that [MENTION=3657]pinky[/MENTION] described in one of his tuts, this method really disabling, giving 2-3 second faster boot of console.

    Needed tools:

    - scetool
    - HxD
    - Hashcalc (cobra cfw only)

    Which CFW i can patch?

    Every cfw that currently have this message enabled. Doesn't matter that is cobra or not, and that message was edited before. This patch will remove it completely. Excluding Rebug REX and D-REX Cobra. Non cobra Rebug REX/D-REX, Rebug Lite and Rebug Cobra Lite can be done that way if needed. Only REX/D-REX cobra not.

    Manual patching:

    Decrypting VSH:

    Decrypt vsh.self file from PUP or copy it from your PS3 (dev_flash/vsh/module/vsh.self), PUAD can extract these files for you, but you have to decrypt them via scetool , unself, or breakself. In my tutorial i use scetool as i followed that way without problem. To decrypt vsh.self put file in scetool/tool directory open cmd navigate to tool folder using comand:
    Code:
    cd <your path to tool folder>
    example: cd c:\scetool\tool
    And now use command:
    Code:
    scetool -d vsh.self vsh.elf
    Now you should have decrypted vsh.elf file in tool directory, and we gonna edit that file.

    Patching:

    Open vsh.elf in HxD and search for that string in hexadecimal:

    CEX CFW:
    Code:
    000000020000000102010101FFFFFFFF
    
    And change it to:
    
    000000020000000102000101FFFFFFFF
    DEX CFW:
    Code:
    000000000000000001010100FFFFFFFF
    
    And change it to:
    
    000000000000000000010100FFFFFFFF
    Encrypting VSH:

    After done editing, you need to re-sign file properly, put edited vsh.elf and your ORIGINAL vsh.self to scetool folder, and use scetool command:

    Code:
    scetool --template vsh.self --sce-type=SELF --compress-data=TRUE --encrypt vsh.elf vsh.self
    For non cobra cfw that was last step, now you can just replace your vsh.self in dev_flash/vsh/module/ and after next boot you shouldn't see annoying epilepsy warning message.

    For Cobra CFW:

    Cobra CFW need one additional edit to keep full cobra functionality. If you done previous steps this one shouldn't be hard for you.

    Finding hash that need to be changed.

    Ok, there is one more thing to edit if you're a COBRA user, it's editing STAGE2 file.
    Now this time you need to use 64 bit hash calculator.

    To do that you need to have all needed files in hashcalc folder. Now type in cmd:
    Code:
    cd <your hashcalc folder>
    Example: cd c:\scetool\tool
    And type:
    Code:
    hashcalc vsh.self
    Now you have calculated hashes of ORIGINAL vsh.self and then search those hashes in stage2.bin in HxD (search for HEX string, starting from A0XXXXXXXXXXXXXX (fill X with your hash)). So basically you need to update those hashes to make them work with Cobra, otherwise COBRA won't dynamically patch VSH, that will break COBRA's functions. Also is good to check that hash is only in one place in stage2 file if it occurs more time then all places need to be changed to new hashes.

    Changing hashes in stage2

    So next, do same thing using hashcalc with edited vsh.self and change hash in stage2.bin to that one from your edit vsh.self
    To do this open stage2.bin in HxD, and search for hash from your original vsh.self (search for hexadecimal) now override this hash with hash from your edited vsh.self and save file. Now you need to exchange stage2.bin file in dev_flash/sys (or similiar) to this you modified now. To check that hashes are correct run ps2 and PSP iso, if it work then all is ok. But remember to use compatibile isos.

    Warning: From 7.02 to 7.1 cobra was improved a lot, and now cobra patching a lot more thing in vsh than in first versions. This mean that in newer cobra versions bad hashes can do serious damage to your ps3, including semibrick.

    You can also use mfwbuilder to apply patches to pup but i don't know it patch also cobra hashes, here is link to task: [TCL] patch_epilepsy.tcl - Pastebin.com . All credits to mysis for the reversing, and the people at #casabonita channel in efnet irc for betatesting and brainstormings. @sandungas for tip on psx-place @Ezio for mfwbuilder task. Sorry if i forgot mention someone.

    Tutorial was founded by copy-paste from my other tut :p

    NOTE FROM 2017: Some new cobra cfw don't need to have fixed hashes, so cobra part steps from this tutorial are not needed for them. Example of that kind of firmware is: Rebug 4.81.2 and Starbucks Cobra 4.81 7.50. Generally all firmwares with cobra 7.50 or newer.
     
    Last edited: Jan 28, 2017
    esc0rtd3w likes this.
  2. 503
    317
    97
    LuanTeles

    LuanTeles Member

    Joined:
    May 15, 2017
    Messages:
    503
    Likes Received:
    317
    Trophy Points:
    97
    Gender:
    Male
    Occupation:
    Civil Engineer
    Location:
    São Paulo - Brazil
    Home Page:
    So for Rebug 4.81.2 i just need to patch the vsh?
    i want to enable it back, so i just need to reverse patch?
     
  3. 27
    14
    57
    DUDUŚ

    DUDUŚ Member

    Joined:
    Nov 6, 2016
    Messages:
    27
    Likes Received:
    14
    Trophy Points:
    57
    Gender:
    Male
    You are like a bull written...
    Since you have a positive effect, turn it around!
    ---
    For DEX: 000000000000000001010100FFFFFFFF
    For CEX: 000000020000000102010101FFFFFFFF
    ;)
     
  4. 7,004
    4,884
    697
    kozarovv

    kozarovv Super Moderator

    Joined:
    Nov 8, 2014
    Messages:
    7,004
    Likes Received:
    4,884
    Trophy Points:
    697
    Home Page:
    Tutorial is little bit outdated, and probably calculating, and changing hashes is not needed anymore. Not sure. Also if you are patching rebug then you need to know there are 3 vsh selfs.

    Debug vsh = vsh.self/ vsh.self.swp
    Retail vsh = vsh.self.cexsp
     
    pinky likes this.
  5. 9,684
    3,692
    472
    pinky

    pinky Bitsiboo's Other Half Developer

    Joined:
    Mar 8, 2015
    Messages:
    9,684
    Likes Received:
    3,692
    Trophy Points:
    472
    Gender:
    Male
    Location:
    The Great Gig in the Sky
    @kozarovv , I'm pretty sure that ur correct. cobra hashing is no longer needed which is y I didn't include it with the gameboot patch. it's easy enough to do if by some chance it were needed, so it's not a big deal. :)
     
  6. 7,739
    6,372
    622
    bguerville

    bguerville Moderator

    Joined:
    Feb 25, 2015
    Messages:
    7,739
    Likes Received:
    6,372
    Trophy Points:
    622
    Location:
    Earth
    Cobra uses static hashes which in theory should not need to change with coming fw releases however I am not not sure whether or not the current static hash used for every module, game_ext_plugin.sprx for example, would remain valid no matter what kind of manual patches were applied to it.

    Is it possible that certain manual (unrelated to Cobra) patches could mess with the static hash?
    We should ask @habib about this imo..
     
    Last edited: Jun 20, 2017
  7. 9,684
    3,692
    472
    pinky

    pinky Bitsiboo's Other Half Developer

    Joined:
    Mar 8, 2015
    Messages:
    9,684
    Likes Received:
    3,692
    Trophy Points:
    472
    Gender:
    Male
    Location:
    The Great Gig in the Sky
    with my first patched game_ext_plugin.sprx, I provided the fixed cobra hashes. I think it was @atreyu187 who told me that my patch worked without the need for the fixed hashes. they're there if u need them though. I also have a tutorial on fixing cobra hashes. that's in a couple of @kozarovv 's tutorials as well. however, afaik, fixing hashes is no longer needed with cobra 7.50+. I could be wrong though. :-p
     
  8. 7,739
    6,372
    622
    bguerville

    bguerville Moderator

    Joined:
    Feb 25, 2015
    Messages:
    7,739
    Likes Received:
    6,372
    Trophy Points:
    622
    Location:
    Earth
    pinky likes this.
  9. 9,684
    3,692
    472
    pinky

    pinky Bitsiboo's Other Half Developer

    Joined:
    Mar 8, 2015
    Messages:
    9,684
    Likes Received:
    3,692
    Trophy Points:
    472
    Gender:
    Male
    Location:
    The Great Gig in the Sky
    oh, I tried that. the patched module's hash was in fact different. however, it seems like corrected hashes weren't needed for some reason. ps2 and psp games worked as they should. if for some reason they were needed, u could always look at this tutorial or mine for how to correct cobra hashes. as u know, it's pretty easy to do. ;)
     
  10. 9,684
    3,692
    472
    pinky

    pinky Bitsiboo's Other Half Developer

    Joined:
    Mar 8, 2015
    Messages:
    9,684
    Likes Received:
    3,692
    Trophy Points:
    472
    Gender:
    Male
    Location:
    The Great Gig in the Sky
    I suppose that might lend credence to the notion that they're no longer needed, the hash recalculations I mean. :-p
     
  11. 7,739
    6,372
    622
    bguerville

    bguerville Moderator

    Joined:
    Feb 25, 2015
    Messages:
    7,739
    Likes Received:
    6,372
    Trophy Points:
    622
    Location:
    Earth
    Hashes are required by Cobra no matter what. Whether they are static or dynamic matters not, but they must be correct otherwise whenever the module gets accessed by Cobra for patching, patching will fail.

    Using a static hash means you don't need to recalculate the file hashes when a new version comes along but there's no guarantee that some manual patching of one thing or another could not eventually interfere with the static hashes... It all depends what gets patched. If I am not not mistaken, the code in the new hashcalc calculates the static hash from data found in the Elf header so in theory (I have not tested anything) if that particular data section gets modified, the resulting hash will be different...

    Currently there are 3 patches applied by Cobra to game_ext_plugin.sprx but patches will not be applied before the static hash is verified... At least that's what I read in modulespatch.c, hopefully @Joonie or @habib will confirm this...
     
    Last edited: Jun 20, 2017
    atreyu187 likes this.
  12. 503
    317
    97
    LuanTeles

    LuanTeles Member

    Joined:
    May 15, 2017
    Messages:
    503
    Likes Received:
    317
    Trophy Points:
    97
    Gender:
    Male
    Occupation:
    Civil Engineer
    Location:
    São Paulo - Brazil
    Home Page:
    Encrypting back the elf to self

    gives me this error scetool: unrecognized option '--template'
     
  13. 7,739
    6,372
    622
    bguerville

    bguerville Moderator

    Joined:
    Feb 25, 2015
    Messages:
    7,739
    Likes Received:
    6,372
    Trophy Points:
    622
    Location:
    Earth
    The --template (or -t) option is used to avoid passing the keys & other params directly as arguments. Put the original encrypted self in your working directory & make sure your template argument uses the right file path/name... Obviously the template file should not carry the same name as the output file.
    The --template option is a feature included in naehrwert's original scetool release & other forks so your scetool executable should include it unless it's a very very old version... It's more likely the problem comes from your syntax or path...
     
    Last edited: Oct 18, 2017
  14. 503
    317
    97
    LuanTeles

    LuanTeles Member

    Joined:
    May 15, 2017
    Messages:
    503
    Likes Received:
    317
    Trophy Points:
    97
    Gender:
    Male
    Occupation:
    Civil Engineer
    Location:
    São Paulo - Brazil
    Home Page:
    I'm using the scetool 0.2.8

    Using this command
    scetool --template vsh.self --sce-type=SELF --compress-data=TRUE --encrypt vsh.elf vsh.self

    in the folder i only have the original Vsh.self and the edited vsh.elf

    EDIT

    Ps3tools scetool 0.2.9 worked
     
    Last edited: Oct 18, 2017
  15. 7,739
    6,372
    622
    bguerville

    bguerville Moderator

    Joined:
    Feb 25, 2015
    Messages:
    7,739
    Likes Received:
    6,372
    Trophy Points:
    622
    Location:
    Earth
    You should always use 0.2.9 from naherwert (https://github.com/naehrwert/scetool)
    or one of the more recent forks...
    And like I said earlier, you should use a different name for your template file to avoid overwriting it. Of course, if it's a one-off encryption you might not care about keeping the template file...
     
    Last edited: Oct 18, 2017

Share This Page