Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - dots_tb

Pages: [1] 2 3 4
1
News / [6/21/2020] Moderators
« on: June 22, 2020, 09:11:27 AM »
I really have no idea how to moderate the forums. Especially without looking like yandere dev or some shit.

So the following have been promoted:

https://forum.devchroma.nl/index.php?action=profile;u=16
https://forum.devchroma.nl/index.php?action=profile;u=6
https://forum.devchroma.nl/index.php?action=profile;u=257

Please remember to follow the rules:
https://forum.devchroma.nl/index.php/topic,2.0.html

2
PS Vita / upload test
« on: June 20, 2020, 09:03:22 PM »
screen of vrd by team iowa screenshot

3
PS Vita / [Release][RETool] ioPlus 0.1 - efficiently elevate IO
« on: June 18, 2020, 07:16:53 AM »
Jayjay (@BigBlackOniiSan) again had pushed me to do something, this time because of his Random Hentai plugin, and now ioPlus is updated.

ioPlus works by re-validating mount points that would previously be invalidated by a fios2 mount point causing files to be inaccessible by plugins.

If you are using a previous ioPlus build, please update to this one by replacing your ioplus.skprx with the download provided.

What's new:
Along with directory support, this ioPlus does the elevation at the beginning of the app startup, like rePatch v3, rather than with each IO call making it hopefully more efficient.

This version also migrates to DolceSDK.

If you have any issues please report them.

Install:
As stated before, you may already have a previous build, please just replace it with the download provided.

If you do not have it, it goes under the *KERNEL section of your config.txt.

Please be aware that this elevates the IO of all applications, so use at your own risk.

Download:
https://github.com/CelesteBlue-dev/PSVita-RE-tools/blob/master/ioPlus/ioPlus-0.1/release/ioplus.skprx

6
Warning Sys and I are total retards!:

It started with a shitpost that Sys made to me with the totally original idea of getting the Accessory Port to work, as every good CBPS projects start. Initially, I was not interested, but Sys is my bestest e-friend of all time, so I had to consider the proposition. However, I did not know this blind friendship would lead to uncovering the biggest Vita Hack Elite conspiracy

Not knowing where to start, we initially went to Xerpi who suggested we look at usbd, a good suggestion which would help later.

However, SilicaAndPina, who caught wind of the project, noticed some edits done to the Henkaku wiki that removed some information related to pinouts and probable cables:

Before: https://wiki.henkaku.xyz/vita/index.php?title=EHCI&oldid=8707

After Vita Hack Elite Meddling: https://wiki.henkaku.xyz/vita/index.php?title=EHCI&direction=next&oldid=8707

Could this be censorship by the VITA HACK ELITES to hide the truth about the Mystery Port? What else could be hidden…?

Sys built up the courage to confront a Vita Hack Elite insider about the EHCI matter, or the claims that the Vita Hack Elites had made about Accessory Port being removed in 1.69 according, to the EHCI article on the Henkaku wiki.

We found the response very interesting:



SilicaAndPina was perceptive and realized how fishy a “-1 return” would be, in fact it is the behavior that is experienced when the function is imported from another module. I had never personally seen Sony EVER stub a function with a “-1”, it would most likely be totally removed or changed to an error code.
We then came to the conclusion that perhaps Vita Hack Elites forgot to run a Vita Loader in IDA… Or perhaps it was misdirection?

Then finally Sys found the smoking gun. The Vita Hack Elites added to the Henkaku wiki:
https://wiki.henkaku.xyz/vita/SceUsbServ
Code: [Select]
sceUsbServAccessoryDeactivate
sceUsbServAccessoryActivate

After seeing this, that’s when I decided to go all in, the Vita Scene needs to know the TRUTH!


Making the ECCHI cable:


Sys had a test board in transit, however I don’t like waiting on things so I just decided to find a way to make a breakout for the Accessory Port. I looked at all the cables I had and found that a mini USB cable had a close enough pin arrangement with the same amount of pins as the Accessory Port.

I later found out someone else had the same idea a while back:  http://wololo.net/talk/viewtopic.php?t=40198
This also extends to the meme dev RichDevX: https://twitter.com/RichDevX/status/817189122578255873

We will refer to this Accessory Port cable as an ECCHI cable. This name is derived from the port being called EHCI.

In order to accomplish this, the shielding is removed along with any other cable insulation on the connector to expose the plastic that the connector pins rest on. This cable is then trimmed because the bed of pins within the connector of the accessory port has raised edges, along with the mini USB connector having raised edges. The resulting bed of pins on the mini USB connector must within the width of 0.5cm.

The pins + the connector bed of the cable is too short height wise to create good mechanical contact, so hot glue is used to fill the space. This is accomplished by putting a dab glue on the non-pin side, pressing a piece of paper, and then dragging the paper in a quick motion creating a thin layer of glue.

We have found that many cables either do not populate the 5th pin or are too fragile. I had only found 1 cable out of 7+ that actually worked well for this method. A better solution should be thought of in the future. These cables must be remade after like 4 uses.





Thus, the original ECCHI cable (pictured) is long broken, however I will provide photos of the one used in SO CBPS later on.

Getting the Accessory Port to work:

Knowing that there was a function sceUsbServAccessoryActivate, we used the kernel equivalent SceUsbServForDriver_AA6D4409.

Pinout:
1GND (On the side with the mounting hole that has threads)
2ID (1.8v)
3D-
4D+
5VBUS (3.3v)

On calling SceUsbServForDriver_AA6D4409, it seems that once the ID pin is shorted to ground, 3.3v is sent to VBUS. Most commercial devices require 5V, so I used a Y-cable to provide 5V from a PC. You may use hardware to step up the 3.3v

Initially, I had the data pin swapped in accordance of mini USB pinouts. After mass logging both usbd and usbserv to gather info, I was able to find and correct this mistake. Then, with retesting with the port activated by the function mentioned before, a USB device not supported message popped up. This is similar to what Zexceil had experienced on this thread: https://gbatemp.net/threads/usb-port-mod.472355/

I felt like this was enough to prove that it worked so I did not test anything further because what the hell it basically works.

USB storage or any USB device was not tested until 3 days before SO CBPS. I didn't format the USB drive at the time since it had my homework on it.

Funny enough apparently someone has attempted this as far back as 2017:
https://twitter.com/AryAlvkv/status/846575526324056064


Is this why the VITA HACK ELITES wanted to silence developers like RichDevX? YOU DECIDE!

Overall, it took less a week to figure out how to use the Accessory Port with basically no hardware knowledge outside of basic soldering. It was at this time we thought it’d be funny to hold a press conference with this as the one more thing, which became SO CBPS.



Thin layer of hot glue:


The cable deteriorates after a few uses:


Another note, when I went to test it 3 days before SO CBPS, I installed Graphene's Vita Shell modification (that is unofficial), since it looks more impressive.

It did not work with USB mounting which gave me quite a scare. However, Graphene fixed it just enough that day so I could do the filming.

Getting PSV 2000 to work:


Since the Accessory port was so easy to get working, we thought we might as well try to replicate that success with PSV2000 OTG.

The benefits are obvious, it would allow the use of a more standard cable. However, little did I know that this would drag on to 2 days before SO CBPS.

Luckily, Sys owns one of the few rare PSV2000 Testkit Ethernet adapters thanks to his friend “pix”.

It is the one pictured on the Henkaku wiki: https://forum.devchroma.nl/index.php/topic,194.msg448.html#msg448

This Testkit Ethernet Adapter was a rare piece of hardware, so Sys didn’t feel comfortable ripping it apart. So I just asked him to measure the resistance between GND and the ID pin. These pin are used to indicate the type of device plugged in.

Pinout (It's just micro USB):
1GND
2ID (1.8v)
3D-
4D+
5VBUS (3.3v)

Sys didn’t have a multi-meter to measure the resistance on, he ended up using an Arduino with a voltage divider to measure the resistance with known values. The pins of the micro USB on the Testkit adapter were accessible by plugging it into another micro-controller.

He measured the resistance 1.5k. It's worth also noting that plugging in the adapter into an Android phone does not seem to show up under USB descriptor reading apps.

Sys then ordered micro USB breakouts, but then realized he only had a butane soldering iron that melted them.

So running out of time before SO CBPS, we decided to branch out and found it challenging to find a PSV2000 that could do hardware related tasks, at the very least solder

It would be a long road finding someone like this, along with scheduling, bring us up to the 2 days before SO CBPS.

Our first PSV2000 tester was Lyzzz, who was able to test the 1.5k resistance with no results, however he became extremely busy and was no longer able to test.

We then contacted CHΞCKΞR, whom started making a cable but never responded after.

Then I noticed that SceSysconForDriver_D6F6D472 was used to control the OTG activation for the 2000.

On the Ethernet adapter, this would return 0x200 into a variable whom's pointer is passed into the function. Thus, the project shifted to getting 0x200 out of a resistance value.

Finally, we found Usagi-chan whom had SMD resistors, a PSV2000, and could solder (kinda).

And the results came in.

1.5k definitely does not work.

After asking Usagi-chan to test several known resistors and compiling tests previously done with Sys, we came up with the following values:

HEXDECWHAT IT IS
0x100 256Google Glass Headphones (Sysie)
0x200512Ethernet Adapter (Sysie)
0x5001280100k ohms (Usagi-Chan)
0x60015361.5k ohms (Usagi-Chan)
0x7001292OTG cable (1.5 ohms) (Usagi-Chan)

Usagi-chan's Y-Cable:


So the tests lead me to believe it was measuring voltage, at least for the last few values.

Other than that, I had no idea how the 0x200 value of the Ethernet was obtained and just gave up...

I also had realized Sys did not properly clean his logs out.

And that 0x700 is returned for all stock OTG cables, or a normal short.

So to make it work, we just made 0x700 return the required 0x200:
https://github.com/dots-tb/ecchi-otg-2000

Because the Ethernet adapter requires external power, it became a reasonable assumption that you would need a Y-cable. Which turned out to be the case.

As far as I know, there is no official hardware that would enable VBUS or voltage out from the micro USB port.


So finally, at the 2 days before SO CBPS mark, it was tested.

Where to go from here?

The PSV2000 can utilize a normal Y-cable, however this will be detrimental for portability. Perhaps there is a hidden function for activating VBUS to power devices plugged in without the need for external power.

As stated before, no PSV2000 to play with personally or official peripherals make this job harder.

The PSV1000 is a different story because the obscurity of the connector.

We are working with Zexceil, whom has done some manufacturing for the Switch scene, to figure out discrete hardware solution for this. No promises though.

Teakhanirons and Sys also worked on a PCB for it, but it was just for breakouts since they couldn't get the ECCHI cable to work.

I personally have no idea why no one bothered to try this stuff, but I'm happy I got a 20 min shitpost out of it because everyone else was too lazy.

I'll post some more RE information that anyone could probably get in this thread.

Credits:

TEAM IOWA:
Sys - Project manager, PSV2000 Testkit tester, and PSV2000 Testkit Ethernet Adapter
dots_tb - Head RE

With help from:
teakhanirons - I forgot what he did...
lyzzz - PSV2000 tester
CHΞCKΞR- Almost PSV2000 tester
realusagichan - PSV2000 tester, made a Y-cable
CelesteBlue - RE help
Princess of Sleeping - Pictures of PSV2000
SilicaAndPina - PSV1000 Devkit tests
Zexceil - for being interested in hardware manufacturing

And everyone else on CBPS!

Thanks also to:
The VITA HACK ELITE contributors to Henkaku wiki and psvitadevwiki (when its not deleted).
Xerpi - for usbd lead

7
General / [NEWS] "TheFloW" making Webkit exploit, needs your help
« on: June 09, 2020, 03:18:23 AM »
The following information has been gathered from public channels on the Henkaku Server.

It seems that famed PS4 developer who broke the news that dongle jailbreak cannot be made (citation: wololo.net), TheFlow, has a Webkit exploit in the works.

It seems it only works with 3.74 as shown in the picture.


(Source: Henkaku discord)

Sadly, there is no ETA for 3.74 released by Sony. As predicted by the developer (?) with no name:


(Source: Henkaku discord)

It seems that he has enlisted the help of local Russian hacker "StepS" to come up with a name for it. They have settled on "Henlo".


(Source: Henkaku discord)

However, he has now enlisted the vita hacking community to come up with a logo for this new Webkit exploit! It seems the requirements is the popular meme, "doge".

Conclusion:
Help TheFloW with his exploit by giving him creative input with your artworks by joining the Henkaku discord:
https://discord.gg/m7MwpKA

A webkit exploit will ensure an easy, user friendly entry-point similar to the original Henkaku 3.60. Meaning that there should be no complicated set up and should be as easy as opening the browser.

In other news, it seems that developer Rinnegatamante has made the some PRs to multiple repositories.


8
Graphical / [LiveDraw][6/7] Yukari
« on: June 08, 2020, 02:43:03 AM »
I drew Yukari for her b-day live on the discord: http://discord.cbps.xyz/

It was delayed because of SO CBPS.

Yukari Akiyama



Pixiv link: https://www.pixiv.net/en/artworks/82177009

9
News / [6/4/20][PRESS RELEASE] State of the CBPS
« on: June 04, 2020, 06:38:14 PM »
For release to the Scene press:

Many of you may be sad that the official source of Vita news, the Sony press conference, has been canceled. Many of you probably expected something big about the Vita from such an official source.

However, we at the CBPS have been luckily planning something for the past 2 months.

State of the CBPS (SO CBPS) is a video event that will showcase new content for the Vita Hacking Scene.

This includes new original plugins, new original games, custom DLC, and other news related to Vita development.

Collectively, it will feature over 10 works made by the collective minds of over 15 developers.

It will be scheduled for premiere on YouTube at the following date:

June 6th:
6:00 PM CEST
9:00 AM PDT

Please follow @CBPS9 on Twitter for updates and link:
https://twitter.com/CBPS9

We hope to see you there, and remember that’s SO CBPS!




10
PS Vita / MOVED: Incomplete homebrews
« on: June 03, 2020, 12:10:56 AM »

11
Graphical / [LiveDraw][5/28] Kumiko, Mafumafu
« on: May 28, 2020, 12:09:29 PM »
I drew Mafumafu and Kumiko live on the discord: http://discord.cbps.xyz/

Mafumafu:



Kumiko:




Thank you for looking.
Pixiv URL: https://www.pixiv.net/en/artworks/81917588


12
General / [NEWS]MiniVitaTV Vita controls fixed
« on: May 27, 2020, 08:41:00 AM »
cuevavirus has updated MiniVitaTV to enable the built in controls on the Vita while using the plugin.

This is achieved by merging the controls into port 0.

The issue was brought to our attention and requested to be fixed by Bosshunter. Original plugin was by TheFloW.

https://github.com/TheOfficialFloW/MiniVitaTV/pull/26

I have attached a build if you want to try it.

13
PS Vita / MOVED: [Release] Catherine Full Body HD 720p Patch
« on: May 07, 2020, 04:09:35 AM »

14
When taihen was first released, it was requested by Yifan Lu to use the USB serial functions to facilitate logs. These serial functions were used by PSM and now have been made to redirect stdout to a usb serial device, which serves as a standard COM serial port.

Princess Silly Mini Log USB is Princess Log with net functions replaced with USB serial functions and was created at the request of Silica, Pina and SonicMastr. It has full compatibility with Vita Shell's USB Mass Storage device system.

Install:
  • Install PSM USB Serial Drivers. These were extracted from the PSM SDK. Get them here: http://psmreborn.com/devtools.php?type=psm-drivers
  • Add PSMLogUSB.skprx to your config.txt and reboot.
  • Open your favorite serial monitoring program and set the correct COM port. Set the baudrate to 57600.
   
Note:

   PSMUSBLog will try to end any other USB service, except the the one used in VitaShell for Usb Mass Storage(UMS) mounting. So this will naturally create incompatibilities with plugins such as vita-udcd-uvc.
   
   When using UMS, the serial will be interrupted, however will auto-start up after the UMS service has ended.

   The serial device will also be disconnected on reboot and will only restart until the plugin is re-initialized (usually right when Taihen launches)
   
Serial Monitoring Programs:

   You may use any serial monitor program. However, because of the constant reconnecting, I'd recommend kiTTY. <http://www.9bis.net/kitty/#!pages/download.md>
   
   This program allows easy auto reconnect (Connection > Attempt to reconnect on connection failure)
   
   You may also want to enable newline mode: (Terminal > Implicit CR in every LF)
   
   Finally, to find your COM number, look at the "Device Manager" in Windows. It will be under "Ports (COM & LPT)"
   
Why use PrincessLog over this:

   If you are working with USB or are using a Linux dev enviroment (have not checked if Linux has drivers), you may still want to consider PrincessLog.


Download: https://github.com/CelesteBlue-dev/PSVita-RE-tools/tree/master/PSMLogUSB/build

Special thanks to:
SilicaAndPina
Sysie
Yifan Lu
SonicMastr
teakhanirons

CelesteBlue
Princess of Sleeping
cuevavirus

15
I was watching that PSP Homebrew conference thing and thought the ME processor accelerating Minecraft from 15fps to 60fps was cool.

So I thought it'd be cool to do something similar with the Vita with the MIPS processor.

However, it seems TheFlow has achieved this (https://github.com/TheOfficialFloW/VitaMips). But I'll just document this if it hasn't been documented already:

The idea was to write to the MIPS reset vector as was done in the ME example Motolegacy linked (https://github.com/pspdev/pspsdk/tree/master/src/samples/me).

The reset vector should be the first thing that is executed by the processor, which before command 0x30006, is held in SceCompatSharedSram.

Normally, if you try to peak at the SceCompatSharedSram, it will cause a crash until command 0x30006 on compat_sm.self is called. However, on accident by putting the wrong amount of arguments on a hook, I found that passing 0 size on 0x10006 allows you to write to the reset vector once through some f00d glitch. Maybe I'm wrong, try for yourself.

This was tested on 3.60.

To prove this theory:
  • A hook is made set the 0x10006 command to fail with 0 size on SceCompat
  • This hook will then read "ux0:/data/mips_rst.bin" to the reset vector. I will attach the the pre-ipl + challenge mips_rst.bin to the post.
  • Adrenaline is then loaded (it seems to only work once for Adrenaline?) with the mips_rst.bin loaded into the Reset Vector.
  • Adrenaline is then loaded without  mips_rst.bin, causing error c1-2650-3
  • Adrenaline is then loaded with the continue commented out, which causes kpanic.
  • Change the hook to pass the size, and it should crash.
  • Uncomment write_reset_vector(); in the standalone func, it should crash.

https://gist.github.com/dots-tb/0357e1a66db98e81153d0e8204ffce64

I will be posting more findings relating to SceCompat if they are not already documented.

Thanks to Mathieulh for his Wiki information, Motolegacy for linking the ME example, Celesteblue and Princess of Sleeping for being fappers and helping a ton, teakhanirons, and Sysie for method of testing

TheFlow for adrenaline.

Anyways, in what has become standard for me, I just found this and have no idea how it works. Hopefully, someone will find it useful.

Pages: [1] 2 3 4