igor242 11 Posted January 2, 2013 German ps3 developer KDSBest has released a ‘tool’ to apply PS3usercheat hacks to eboots. // Patch PS3UserCheat Cheat to an ELF File // 1. Decrypt EBOOT.BIN to EBOOT.ELF // 2. Provide PATCH.TXT with the following Format (From PS3 Cheats Editor) // Example PATCH.TXT //00002000 0002A878 33FE034C // Another Example of PATCH.TXT //00002000 010AF534 00000000 //00002000 010AF538 00000000 //00002000 010AF53C 00000000 //00002000 010AF540 00000000 // 3. Run this Code // 4. Rencrypt EBOOT.KDSBest.ELF to EBOOT.BIN // 5. Replace EBOOT.BIN of your game with the new one // Sorry I couldn't provide a One Click Tool I lack in time // the 0000c001 patches are button mapping for cheat pkgs, since we fixed patch it this isn't supported. // Example Tales of Grace F Move Fast Speed (Press []) is the following PATCH.TXT //00002000 007DF6FC 3F800000 //0000C001 00000000 00000080 //00002000 007DF6FC 3FE00000 // If you don't want to patch the speed the PATCH.TXT you provide //00002000 007DF6FC 3F800000 // If you want constant faster speed you provide //00002000 007DF6FC 3FE00000 // It reads the following way // 00002000 = Patch Memory (Eboot) // 0000C001 = Button Event // Look how easy // If nothing is pressed // { //00002000 007DF6FC 3F800000 => Patch Memory At 007DF6FC to 3F800000 // } //0000C001 00000000 00000080 => else If(Button Event(00000080)) => 00000080 = [] // { //00002000 007DF6FC 3FE00000 => Patch Memory At 007DF6FC to 3FE00000 // } // Why I write this tool // I provided the patches by hand // 1. Load ELF in IDA // 2. Check bytes at Address // 3. Search Bytes from IDA (Which can parse the elf header and knows the exact locations) in Hex Editor // 4. Patch Bytes by hand // 5. .... // Why is this tool written like bullshit // I don't have the mood to write it clean using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.IO; namespace Patch_ELF_PS3UserCheat { class Program { public struct ELFLocation { public uint Offset; public uint OffsetFile; public uint Size; } public struct Patch { public uint Offset; public uint PatchValue; } public static uint byteToUInt(byte[] { return byteToUInt(b, 0); } public static uint byteToUInt(byte[] b, int offset) { uint a = (uint)b[offset] << 24; a |= (uint)b[offset + 1] << 16; a |= (uint)b[offset + 2] << 8; a |= (uint)b[offset + 3] << 0; return a; } public static byte[] uintToByte(uint i) { byte[] b = new byte[4]; b[0] = (byte)((i >> 24) & 0xFF); b[1] = (byte)((i >> 16) & 0xFF); b[2] = (byte)((i >> 8) & 0xFF); b[3] = (byte)((i) & 0xFF); return b; } public static int LoadElfPHDR(BinaryReader br, List Elf, uint phdr_offset, uint phdr_size, uint i) { byte[] phdr = new byte[phdr_size]; br.BaseStream.Seek(phdr_offset + phdr_size * i, SeekOrigin.Begin); br.Read(phdr, 0, phdr.Length); ELFLocation elfLocation = new ELFLocation(); elfLocation.OffsetFile = byteToUInt(phdr, 0x0C); elfLocation.Offset = byteToUInt(phdr, 0x14); elfLocation.Size = byteToUInt(phdr, 0x24); Elf.Add(elfLocation); return 0; } public static ushort byteToUShort(byte[] b, int offset) { ushort a = (ushort)(b[offset] << 8); a |= (ushort)b[offset + 1]; return a; } public static List LoadElf(string FileName) { List Elf = new List(); BinaryReader br = new BinaryReader(File.OpenRead(FileName)); byte[] elfMagic = new byte[4]; br.Read(elfMagic, 0, 4); if (elfMagic[0] != 0x7F || elfMagic[1] != 0x45 || elfMagic[2] != 0x4C || elfMagic[3] != 0x46) { Console.WriteLine("Elf Magic Wrong (" + FileName + ")"); br.Close(); return Elf; } br.BaseStream.Seek(0, SeekOrigin.Begin); byte[] eHDR = new byte[0x40]; br.Read(eHDR, 0, eHDR.Length); uint phdr_offset = byteToUInt(eHDR, 0x24); ushort n_phdrs = byteToUShort(eHDR, 0x38); ushort phdr_size = byteToUShort(eHDR, 0x36); for (ushort i = 0; i < n_phdrs; i++) { int error = LoadElfPHDR(br, Elf, phdr_offset, phdr_size, i); if (error == 1) Console.WriteLine("Didn't Load phdr " + i + " of File " + FileName); } br.Close(); return Elf; } public static List LoadPatchFile(string FileName) { List patches = new List(); StreamReader sr = new StreamReader(File.OpenRead(FileName)); string input; while(!string.IsNullOrEmpty(input = sr.ReadLine())) { string[] vals = input.Split(new char[] { ' ' }); if (vals.Length != 3 || vals[0] != "00002000") { Console.WriteLine("This is not an ELF Patch!"); patches.Clear(); return patches; } Patch p = new Patch(); try { p.Offset = uint.Parse(vals[1], System.Globalization.NumberStyles.AllowHexSpecifier); p.PatchValue = uint.Parse(vals[2], System.Globalization.NumberStyles.AllowHexSpecifier); patches.Add(p); } catch (Exception) { Console.WriteLine("Patch file wrong!"); patches.Clear(); return patches; } } return patches; } static void Main(string[] args) { if (!File.Exists("EBOOT.ELF")) { Console.WriteLine("Couldn't find EBOOT.ELF"); Console.ReadLine(); return; } if (!File.Exists("PATCH.TXT")) { Console.WriteLine("Couldn't find PATCH.TXT"); Console.ReadLine(); return; } if (File.Exists("EBOOT.KDSBest.ELF")) File.Delete("EBOOT.KDSBest.ELF"); List locations = LoadElf("EBOOT.ELF"); List patches = LoadPatchFile("PATCH.TXT"); for(int i = 0; i < patches.Count; i++) { ELFLocation? locationForPatch = null; Patch p = patches[i]; for (int ii = 0; ii < locations.Count; ii++) { if (p.Offset >= locations[ii].Offset && p.Offset < locations[ii].Offset + locations[ii].Size) { locationForPatch = locations[ii]; break; } } if (locationForPatch == null) { Console.WriteLine("Patch is not for this ELF!"); Console.ReadLine(); return; } else { p.Offset = p.Offset - locationForPatch.Value.Offset + locationForPatch.Value.OffsetFile; patches[i] = p; } } Console.WriteLine("Patching ELF..."); File.Copy("EBOOT.ELF", "EBOOT.KDSBest.ELF"); BinaryWriter bw = new BinaryWriter(File.OpenWrite("EBOOT.KDSBest.ELF")); foreach (Patch p in patches) { bw.Seek((int) p.Offset, SeekOrigin.Begin); bw.Write(uintToByte(p.PatchValue)); } bw.Close(); Console.WriteLine("DONE!"); Console.ReadLine(); } } } Source(PS3HAX) Quote Share this post Link to post Share on other sites