Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - dots_tb

Pages: 1 [2] 3 4 ... 7
16
General / Re: Is there Any debugger plugin Project?
« on: June 17, 2020, 04:38:49 AM »
For cheats, this wiki can be read: https://github.com/r0ah/vitacheat

For a proper debugger, you will most likely need a Devkit.

The closest thing to a Debugger for retail is Davee's: https://github.com/DaveeFTW/kvdb

However, if you are willing to do RE:

You can decompile a game to find offsets here:
https://forum.devchroma.nl/index.php/topic,88.0.html

Dump information from hooking at runtime here:
https://forum.devchroma.nl/index.php/topic,18.0.html

These require stdout:
Use USB logging here:
https://forum.devchroma.nl/index.php/topic,136.0.html

Or net logging here:
https://forum.devchroma.nl/index.php/topic,80.0.html

There is some more information regarding Unity games around the forums.


Beyond all of this, I am not aware of any Debuggers in the works. Sorry.

17
Accessory Port is theorized to be MHL by Deppressiety, here is some evidence we gathered to support it:
MHL standard was created in June 2010, development known to be starting as early as 2010, with Sony co-developing: https://en.wikipedia.org/wiki/Mobile_High-Definition_Link

The PS VITA was released Dec 2011 in Japan: https://en.wikipedia.org/wiki/PlayStation_Vita

The Galaxy S2, one of the first devices to support MHL doesn't seem to have dedicated HDMI/MHL hardware: https://news.samsung.com/global/galaxy-s-ii-teardown-splitting-8-9-mm-of-the-latest-samsung-technologies

5 Pins is enough to do MHL 1.0.

20mA can't power most shit.

HDMI CEC is connected to Syscon on PS4 and PS3. The ID pin on the Vita would be CEC on MHL and is connected to the Syscon.

This is all speculative and is what Sony may have used the port for, there is no evidence that MHL would actually work.

18
Accessory Port power delivery on 3.3v VBUS....

0.02 amps on 10A mode
15.85 on 300mA mode
200 ohm load

Not looking good.

I might be a retard though.

19
Multi-ctn:



20
PS Vita / Re: XBLA ports made for PS Vita Explanation, tool and sdk
« on: June 11, 2020, 02:51:04 PM »
Nyo nyo nyo nyo nyo-ro

Nyro Nyro Nyro ro

22
Panasonic K1HA14AD000 shield (modified as some parts have been clipped off):












 








Accessory Port:



24
I hope CBPS is going to work with China making a proper accessory port cable to USB-A. Just 15 cm should be enough in Y form to connect the needed power for thumbdrives. Don't know if external wired controllers need such power, most of them work under low milliamps.

Having external controller support (like USB-HID) is a highly requested addition by the gaming community as not all controllers have bluetooth.
DS3Vita and so on are via Bluetooth. Another option is to buy a PSTV with a very expensive Cronusmax with crappy firmware.

Y-cable not required for Accessory Port cable as it provides 3.3v that can be stepped up to 5v. I think an adapter could be done under way under that size so its not too much of an eye sore and is more portable, also.

I could test controller support if you want, if it works on the PSTV, it should work on the PSV.

25
I forgot to mention I got the idea to use mini USB from this article abut Coder Cables on the Dreamcast:

http://www.thedreamcastjunkyard.co.uk/2016/02/guest-article-great-serial-connector.html

26
SO CBPS Explanation:


PSV1000:
An Accessory port Y-cable (ECCHI cable) is used with a 16gb USB jumpdrive and is plugged into the accessory port.

VitaShell is then loaded with an attempt to mount uma0, which does not work due to no other devices (such as SD2Vita or psvd).

Also its worth nothing that VitaShell will initialize the Accessory Port, it is not initialized pior.

Power, which is disconnected on the Y-cable on the Accessory Port connector, is connected to another cable which is then plugged into a power bank to provide 5v, as the Accessory Port only provides 3.3v.

It is then mounted in Vitashell.

PSV2000:
A normal USB Y-cable is used, however the version in the video has 100k pulldown on the ID pin from testing. This requires 0x500 to be changed to 0x200 in the plugin provided in the OP. It could be changed to any value on the chart.

Power and USB device must be connected before plugging in, as all needed factors to initialize USBD are done at plug-in.

When plugged in, VitShell is then used to mount the device.

27
I obtained the Panasonic K1HA14AD000.

The cable will not work, do not try it as it will break your accessory port. There is raised edges within the Accessory Port connector, while the Panasonic cable has a larger pin bed that is flat across. The raised edges will cause no mechanical contact between pins and maybe break your Accessory Port.

You may try to drill the offending areas out or trim the bed, the cable I got off Amazon had all pins populated, I am not sure about the pin arrangement though.

The metal shielding is also too tall making a snug fit, with it being too shinny width wise where the metal bumps that form the bottom inverted U. It is a very snug fit.

28
USB ports:
Port 0 – Accessory port, host mode only. There seems to be no code allowing client mode in udcd.
Port 1 – Internal USB port, used on Devkit in client mode. Host mode on 3G vita.
Port 2 – Host mode/Client mode Micro USB PSV2000, multi-ctn PSV1000

PS TV USB port (?)

Event Flags Bits in Usbserv:
0x5 – New Event
0x2 – multi-ctn connect
0x4 – multi-ctn disconnect
0x8 – Accessory connect
0x10(?) – Accessory disconnect
0x40 – 2000 OTG mode connect (only on Ethernet adapter)
0x80 – 2000 OTG mode state change

Some misc functions:
SceSysconForDriver_A26586B2(0x81000049,0); // set callback for the 100 OTG multi-ctn
SceSysconForDriver_67A4CB9F(0x81000029,0); // set callback for 2000 OTG
SceSysconForDriver_4A42712F(0x8100000d,0); //set callback for accessory port plugin
SceSysconForDriver_3274A925(1); //PSTV USB power set
SceSysconForDriver_B1F88B11(1); //devkit USB power set

SceUsbServ.yml with help with CelesteBlue:
Code: [Select]
  SceUsbServ:
    nid: 0xAE54F579
    libraries:
      SceUsbServForDriver:
        nid: 0xA75BBDF2
        kernel: true
        functions:
          SceUsbServForDriver_30AE5F66: 0x30AE5F66 //activate usb on pstv
          SceUsbServForDriver_6D738018: 0x6D738018 //is pstv
          sceUsbServMacSelectForDriver: 0x7AD36284
          sceUsbServAccessoryDeactivateForDriver: 0x853CB8E4
          sceUsbServAccessoryActivateForDriver: 0xAA6D4409
          SceUsbServForDriver_D787B191: 0xD787B191 //deactivate/suspend usb on pstv
          sceUsbServMacGetForDriver: 0xF0553A69
      SceUsbServ:
        nid: 0xDA3C0EF0
        kernel: false
        functions:
          sceUsbServAccessoryDeactivate: 0x154246A9
          sceUsbServAccessoryActivate: 0xB33AA2EB

29
Warning Sys and I are total retards!:

It started with a shitpost that Sys made to me with the totally original idea of getting the Accessory Port to work, as every good CBPS projects start. Initially, I was not interested, but Sys is my bestest e-friend of all time, so I had to consider the proposition. However, I did not know this blind friendship would lead to uncovering the biggest Vita Hack Elite conspiracy

Not knowing where to start, we initially went to Xerpi who suggested we look at usbd, a good suggestion which would help later.

However, SilicaAndPina, who caught wind of the project, noticed some edits done to the Henkaku wiki that removed some information related to pinouts and probable cables:

Before: https://wiki.henkaku.xyz/vita/index.php?title=EHCI&oldid=8707

After Vita Hack Elite Meddling: https://wiki.henkaku.xyz/vita/index.php?title=EHCI&direction=next&oldid=8707

Could this be censorship by the VITA HACK ELITES to hide the truth about the Mystery Port? What else could be hidden…?

Sys built up the courage to confront a Vita Hack Elite insider about the EHCI matter, or the claims that the Vita Hack Elites had made about Accessory Port being removed in 1.69 according, to the EHCI article on the Henkaku wiki.

We found the response very interesting:



SilicaAndPina was perceptive and realized how fishy a “-1 return” would be, in fact it is the behavior that is experienced when the function is imported from another module. I had never personally seen Sony EVER stub a function with a “-1”, it would most likely be totally removed or changed to an error code.
We then came to the conclusion that perhaps Vita Hack Elites forgot to run a Vita Loader in IDA… Or perhaps it was misdirection?

Then finally Sys found the smoking gun. The Vita Hack Elites added to the Henkaku wiki:
https://wiki.henkaku.xyz/vita/SceUsbServ
Code: [Select]
sceUsbServAccessoryDeactivate
sceUsbServAccessoryActivate

After seeing this, that’s when I decided to go all in, the Vita Scene needs to know the TRUTH!


Making the ECCHI cable:


Sys had a test board in transit, however I don’t like waiting on things so I just decided to find a way to make a breakout for the Accessory Port. I looked at all the cables I had and found that a mini USB cable had a close enough pin arrangement with the same amount of pins as the Accessory Port.

I later found out someone else had the same idea a while back:  http://wololo.net/talk/viewtopic.php?t=40198
This also extends to the meme dev RichDevX: https://twitter.com/RichDevX/status/817189122578255873

We will refer to this Accessory Port cable as an ECCHI cable. This name is derived from the port being called EHCI.

In order to accomplish this, the shielding is removed along with any other cable insulation on the connector to expose the plastic that the connector pins rest on. This cable is then trimmed because the bed of pins within the connector of the accessory port has raised edges, along with the mini USB connector having raised edges. The resulting bed of pins on the mini USB connector must within the width of 0.5cm.

The pins + the connector bed of the cable is too short height wise to create good mechanical contact, so hot glue is used to fill the space. This is accomplished by putting a dab glue on the non-pin side, pressing a piece of paper, and then dragging the paper in a quick motion creating a thin layer of glue.

We have found that many cables either do not populate the 5th pin or are too fragile. I had only found 1 cable out of 7+ that actually worked well for this method. A better solution should be thought of in the future. These cables must be remade after like 4 uses.





Thus, the original ECCHI cable (pictured) is long broken, however I will provide photos of the one used in SO CBPS later on.

Getting the Accessory Port to work:

Knowing that there was a function sceUsbServAccessoryActivate, we used the kernel equivalent SceUsbServForDriver_AA6D4409.

Pinout:
1GND (On the side with the mounting hole that has threads)
2ID (1.8v)
3D-
4D+
5VBUS (3.3v)

On calling SceUsbServForDriver_AA6D4409, it seems that once the ID pin is shorted to ground, 3.3v is sent to VBUS. Most commercial devices require 5V, so I used a Y-cable to provide 5V from a PC. You may use hardware to step up the 3.3v

Initially, I had the data pin swapped in accordance of mini USB pinouts. After mass logging both usbd and usbserv to gather info, I was able to find and correct this mistake. Then, with retesting with the port activated by the function mentioned before, a USB device not supported message popped up. This is similar to what Zexceil had experienced on this thread: https://gbatemp.net/threads/usb-port-mod.472355/

I felt like this was enough to prove that it worked so I did not test anything further because what the hell it basically works.

USB storage or any USB device was not tested until 3 days before SO CBPS. I didn't format the USB drive at the time since it had my homework on it.

Funny enough apparently someone has attempted this as far back as 2017:
https://twitter.com/AryAlvkv/status/846575526324056064


Is this why the VITA HACK ELITES wanted to silence developers like RichDevX? YOU DECIDE!

Overall, it took less a week to figure out how to use the Accessory Port with basically no hardware knowledge outside of basic soldering. It was at this time we thought it’d be funny to hold a press conference with this as the one more thing, which became SO CBPS.



Thin layer of hot glue:


The cable deteriorates after a few uses:


Another note, when I went to test it 3 days before SO CBPS, I installed Graphene's Vita Shell modification (that is unofficial), since it looks more impressive.

It did not work with USB mounting which gave me quite a scare. However, Graphene fixed it just enough that day so I could do the filming.

Getting PSV 2000 to work:


Since the Accessory port was so easy to get working, we thought we might as well try to replicate that success with PSV2000 OTG.

The benefits are obvious, it would allow the use of a more standard cable. However, little did I know that this would drag on to 2 days before SO CBPS.

Luckily, Sys owns one of the few rare PSV2000 Testkit Ethernet adapters thanks to his friend “pix”.

It is the one pictured on the Henkaku wiki: https://forum.devchroma.nl/index.php/topic,194.msg448.html#msg448

This Testkit Ethernet Adapter was a rare piece of hardware, so Sys didn’t feel comfortable ripping it apart. So I just asked him to measure the resistance between GND and the ID pin. These pin are used to indicate the type of device plugged in.

Pinout (It's just micro USB):
1GND
2ID (1.8v)
3D-
4D+
5VBUS (3.3v)

Sys didn’t have a multi-meter to measure the resistance on, he ended up using an Arduino with a voltage divider to measure the resistance with known values. The pins of the micro USB on the Testkit adapter were accessible by plugging it into another micro-controller.

He measured the resistance 1.5k. It's worth also noting that plugging in the adapter into an Android phone does not seem to show up under USB descriptor reading apps.

Sys then ordered micro USB breakouts, but then realized he only had a butane soldering iron that melted them.

So running out of time before SO CBPS, we decided to branch out and found it challenging to find a PSV2000 that could do hardware related tasks, at the very least solder

It would be a long road finding someone like this, along with scheduling, bring us up to the 2 days before SO CBPS.

Our first PSV2000 tester was Lyzzz, who was able to test the 1.5k resistance with no results, however he became extremely busy and was no longer able to test.

We then contacted CHΞCKΞR, whom started making a cable but never responded after.

Then I noticed that SceSysconForDriver_D6F6D472 was used to control the OTG activation for the 2000.

On the Ethernet adapter, this would return 0x200 into a variable whom's pointer is passed into the function. Thus, the project shifted to getting 0x200 out of a resistance value.

Finally, we found Usagi-chan whom had SMD resistors, a PSV2000, and could solder (kinda).

And the results came in.

1.5k definitely does not work.

After asking Usagi-chan to test several known resistors and compiling tests previously done with Sys, we came up with the following values:

HEXDECWHAT IT IS
0x100 256Google Glass Headphones (Sysie)
0x200512Ethernet Adapter (Sysie)
0x5001280100k ohms (Usagi-Chan)
0x60015361.5k ohms (Usagi-Chan)
0x7001292OTG cable (1.5 ohms) (Usagi-Chan)

Usagi-chan's Y-Cable:


So the tests lead me to believe it was measuring voltage, at least for the last few values.

Other than that, I had no idea how the 0x200 value of the Ethernet was obtained and just gave up...

I also had realized Sys did not properly clean his logs out.

And that 0x700 is returned for all stock OTG cables, or a normal short.

So to make it work, we just made 0x700 return the required 0x200:
https://github.com/dots-tb/ecchi-otg-2000

Because the Ethernet adapter requires external power, it became a reasonable assumption that you would need a Y-cable. Which turned out to be the case.

As far as I know, there is no official hardware that would enable VBUS or voltage out from the micro USB port.


So finally, at the 2 days before SO CBPS mark, it was tested.

Where to go from here?

The PSV2000 can utilize a normal Y-cable, however this will be detrimental for portability. Perhaps there is a hidden function for activating VBUS to power devices plugged in without the need for external power.

As stated before, no PSV2000 to play with personally or official peripherals make this job harder.

The PSV1000 is a different story because the obscurity of the connector.

We are working with Zexceil, whom has done some manufacturing for the Switch scene, to figure out discrete hardware solution for this. No promises though.

Teakhanirons and Sys also worked on a PCB for it, but it was just for breakouts since they couldn't get the ECCHI cable to work.

I personally have no idea why no one bothered to try this stuff, but I'm happy I got a 20 min shitpost out of it because everyone else was too lazy.

I'll post some more RE information that anyone could probably get in this thread.

Credits:

TEAM IOWA:
Sys - Project manager, PSV2000 Testkit tester, and PSV2000 Testkit Ethernet Adapter
dots_tb - Head RE

With help from:
teakhanirons - I forgot what he did...
lyzzz - PSV2000 tester
CHΞCKΞR- Almost PSV2000 tester
realusagichan - PSV2000 tester, made a Y-cable
CelesteBlue - RE help
Princess of Sleeping - Pictures of PSV2000
SilicaAndPina - PSV1000 Devkit tests
Zexceil - for being interested in hardware manufacturing

And everyone else on CBPS!

Thanks also to:
The VITA HACK ELITE contributors to Henkaku wiki and psvitadevwiki (when its not deleted).
Xerpi - for usbd lead

30
General / [NEWS] "TheFloW" making Webkit exploit, needs your help
« on: June 09, 2020, 03:18:23 AM »
The following information has been gathered from public channels on the Henkaku Server.

It seems that famed PS4 developer who broke the news that dongle jailbreak cannot be made (citation: wololo.net), TheFlow, has a Webkit exploit in the works.

It seems it only works with 3.74 as shown in the picture.


(Source: Henkaku discord)

Sadly, there is no ETA for 3.74 released by Sony. As predicted by the developer (?) with no name:


(Source: Henkaku discord)

It seems that he has enlisted the help of local Russian hacker "StepS" to come up with a name for it. They have settled on "Henlo".


(Source: Henkaku discord)

However, he has now enlisted the vita hacking community to come up with a logo for this new Webkit exploit! It seems the requirements is the popular meme, "doge".

Conclusion:
Help TheFloW with his exploit by giving him creative input with your artworks by joining the Henkaku discord:
https://discord.gg/m7MwpKA

A webkit exploit will ensure an easy, user friendly entry-point similar to the original Henkaku 3.60. Meaning that there should be no complicated set up and should be as easy as opening the browser.

In other news, it seems that developer Rinnegatamante has made the some PRs to multiple repositories.


Pages: 1 [2] 3 4 ... 7