PS3 Understanding PS3 executable environment

Discussion in 'General PS3 Discussion' started by igntec, Aug 10, 2019.

  1. 2
    0
    5
    igntec

    igntec Forum Noob

    Joined:
    Aug 10, 2019
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    5
    Gender:
    Male
    Hello, I have the EBOOT.BIN for God Of War 3, and used TrueAncestor SELF Resigner to decrypt it and get EBOOT.ELF file.

    Next we open it in IDA, after initial processing of executable, we have no Imports section, and we have single exported symbol start. Some instructions are not disassembled (probably SPU code), since I haven't installed all necessary plugins.

    I expected that executable will use apis provided by ps3 os, such as LibGCM, PSGL (3d apis according to PlayStation 3 system software wiki page), and we will see them in Imports.

    The same thing happens when I disassemble PS2 executable. We have no imports, and some exports (names like audioDecReset).

    Does it all mean that libraries used by game developers are linked statically into executable, and we end up with single ELF binary, that talks directly to OS kernel? (or directly to hardware in PS2 case)
     
    Last edited by a moderator: Aug 11, 2019
  2. 5,910
    2,946
    497
    atreyu187

    atreyu187 Old Hunter Moderator

    Joined:
    Sep 29, 2014
    Messages:
    5,910
    Likes Received:
    2,946
    Trophy Points:
    497
    Gender:
    Male
    Occupation:
    Scholar of Byrgenwerth
    Location:
    Cainhurst Castle
    Home Page:
  3. 2
    0
    5
    igntec

    igntec Forum Noob

    Joined:
    Aug 10, 2019
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    5
    Gender:
    Male
    Thank you, atreyu187. I think I have the answer.

    For PS2 Sony provides compiled static libraries to perform some basic job that "kernel" should provide. They contain user mode code (written in C, and inline mips asm, if needed), whereas kernel mode part (written in mips asm) is located in PS2 BIOS. For example library exported CreateThread function does some job in user mode and makes appropriate syscall to transfer control to kernel. These libraries statically linked into ELF executable produced by game developer, that runs on Emotion Engine CPU (MIPS). Another important exported functions - functions to work with gamepad, sound, and video, functions to read/write files.

    PS2 has one more CPU - IOP (MIPS, later PowerPC), it handles all IO: gamepad, sound, network, filesystem, usb, disc drive, etc. It runs its own kernel and drivers for all devices (IRX modules, located in PS2 BIOS). We can call this code PS2 OS. From game developers point of view, we don't need to write code that executes on IOP. We can call exported gamepad/sound/file functions, they will communicate with IOP through DMA channels. It is done by reading/writing some values from/to some memory addresses (what values and addresses - hardware specs should know). There are functions to "load" some module and "invoke RPC". Game code can also update drivers, so new versions of drivers will be used instead of BIOS versions. By the way, by abstracting away IOP from game developers Sony could safely replace MIPS architecture to PowerPC, without breaking any games.

    What about video? We also use DMA channels here - to communicate with Vector Unit (VU) and Graphics Synthesizer (GS). Sony can provide appropriate functions, or hardware specs - in latter case game developers write their own code to do rendering. PS2 rendering is flexible, it can be done in multiple ways, so probably it is more appropriate to go with hardware specs, in this case game developers can implement rendering that suites their specific needs.

    What about the language? Game developers will use C++ for game logic, probably pure C to call exported functions provided by Sony and implement their rendering. There is little need to use assembly, we will probably need inline assembly only when implementing our own rendering (for example: change VU0 mode), or when we want to use Sony's EE SIMD extensions. However we will have to deal with another assembly to program our VU.

    You can read this article if you are interested in rendering details:
    http://glampert.com/2016/01-22/q2ps2-hardware-accelerated-vertex-xform/

    Homebrew PS2 SDK:
    https://github.com/ps2dev/ps2sdk

    Homebrew PS2 Emulator:
    https://github.com/PCSX2/pcsx2

    In PS3 world things are a little different, it has system software that is closer to our understanding of "os". Read these article for more details:
    https://en.wikipedia.org/wiki/PlayStation_3_technical_specifications
    https://en.wikipedia.org/wiki/PlayStation_3_system_software

    PS3 uses crypted ELF executable - EBOOT.BIN, that imports functions from user mode libraries provided by Sony (SPRX). See this file tree structure:
    https://www.psdevwiki.com/ps3/Files_on_the_PS3

    Here we can see screenshot that illustrates debugging of PS3 executable:
    https://www.psdevwiki.com/ps3/IDA_pro_disassembler_and_debugger

    I didn't dig further in PS3 world, however it seems more documented.
     
  4. 2,888
    2,756
    372
    Berion

    Berion Developer

    Joined:
    Feb 3, 2015
    Messages:
    2,888
    Likes Received:
    2,756
    Trophy Points:
    372
    Gender:
    Male
    Location:
    Poland
    Edit Your first post... We do not allow piracy here. :P

    - - -
    PS2 have two kind of executables: one for EE (*.elf) and one for IOP (*.irx, modules, sometimes packed into IOPRP.IMG). Those for EE could also signed (*.kelf, I don't remember now but some MagicGate sh*t). I'm not sure this but newest PS2 doesn't have IOP, instead Decard (PPC, but used only for emulation of IOP?).

    I have some IDA filters for PS2 but I'm not kernel hacker magician so for me is like piece of junk in the collection. ;p Maybe they will fill your import and export tables?
     
  5. 13,044
    5,227
    647
    pinky

    pinky Retired Developer

    Joined:
    Mar 8, 2015
    Messages:
    13,044
    Likes Received:
    5,227
    Trophy Points:
    647
    Gender:
    Male
    Location:
    The Great Gig in the Sky
    well, the good thing about the ps3 scene (or any scene for that matter) is that there's always more to learn, if you like that sort of thing. I love it, but I haven't really invested much time towards more research or testing in recent years, unless I need to know something.
     
  6. 597
    132
    72
    snkplkn

    snkplkn Member

    Joined:
    Apr 19, 2019
    Messages:
    597
    Likes Received:
    132
    Trophy Points:
    72
    Talking about information and education.

    What are these "FIX" of Pkgs? Are these like cracks of PC games? How do these Fixes work and how are they created?
     
  7. 3,504
    5,824
    522
    aldostools

    aldostools Developer Developer

    Joined:
    Oct 30, 2014
    Messages:
    3,504
    Likes Received:
    5,824
    Trophy Points:
    522
    "FIX" is an euphemism for "crack" or "protection removal".

    In general, the "fix" packages contain EBOOT.BIN / SELF / SPRX / edat / sdat that were decrypted using the rap/rif (typically obtained from PSN store or replacing the PSN version with the retail version that don't require a rif) and re-signed using a free license. The files then are repacked into a pkg file that replace the original files that require license.

    It is not illegal when you do it yourself for personal use. However, it is piracy when it is publicly distributed or obtained from unauthorized sources.

    Piracy is against the rules of this forum.
     
    Berion and snkplkn like this.
  8. 597
    132
    72
    snkplkn

    snkplkn Member

    Joined:
    Apr 19, 2019
    Messages:
    597
    Likes Received:
    132
    Trophy Points:
    72
    I read somewhere that FIX are meant to bypass PS3 hard disk check for licenses etc.
     
Tags:

Share This Page