Tiff Exploit - HEN Information

HEN-A · May 15, 2009

Well I am aware of a new revison of HEN coming but what new functions will be added besides plugins?

Im also hearing about a new revision coming but not from Davee.

(Like the avatar I made?)

mikeevd · May 15, 2009

Where's this other revision you heard of? Is it coming with anything good?

hellkha · May 15, 2009

Davee said:
I couldn't get into contact. It doesn't matter now, even if I got permission, I wouldn't add them.

ok, then..
u did a great job, tnx =)
play arcade (cps) on PSP is awesome \o/

MiKeY188 said:
all i can think of is jealous of his work or they thing there so good that no one should have there work.

i thought it too, but it sounds too ridiculous... why don't help someone who's doing something new for a similar problem they had before?

but, as Davee said, it doesn't matter anymore.

Bubbletune · May 15, 2009

hellkha said:
i thought it too, but it sounds too ridiculous... why don't help someone who's doing something new for a similar problem they had before?

but, as Davee said, it doesn't matter anymore.

Davee didn't really need their help to be honest, so I see why he didn't go as far to get in contact.

itsuki · May 15, 2009

PROGRAM AT UR OWN RISK

this is systemctrl in C and u will see hir the NO UMD
(sry 4 my english...im not english guy)

#include <pspsdk.h>
#include <pspkernel.h>
#include <pspthreadman_kernel.h>
#include "main.h"
#include "systemctrl.h"
#include "systemctrl_se.h"
#include "sysmodpatches.h"
#include "umd9660_driver.h"
#include "isofs_driver.h"

//0x00005F14
int sctrlKernelSetUserLevel(int level)
{
int k1 = pspSdkSetK1(0);
int res = sceKernelGetUserLevel();

u32 *mod = (u32 *)sceKernelFindModuleByName("sceThreadManager");
u32 text_addr;
u32 *thstruct;

if (!mod)
{
pspSdkSetK1(k1);
return -1;
}

text_addr = *(mod+27);
thstruct = (u32 *)_lw(text_addr+0x174C4);

thstruct[0x14/4] = (level ^ 8) << 28;

pspSdkSetK1(k1);
return res;
}

//0x00005FA8
int sctrlHENIsSE()
{
return 1;
}

//0x00005FB0
int sctrlHENIsDevhook()
{
return 0;
}

//0x00005FB8
int sctrlHENGetVersion()
{
return 0x00000500;
}

//0x00005FC0
int sctrlSEGetVersion()
{
return 0x00000600;
}

//0x00005FC8
int sctrlKernelLoadExecVSHDisc(const char *file, struct SceKernelLoadExecVSHParam *param)
{
int k1;
int res;

k1 = pspSdkSetK1(0);
res = sceKernelLoadExecVSHDisc(file, param);

pspSdkSetK1(k1);
return res;
}

//0x00006024
int sctrlKernelLoadExecVSHDiscUpdater(const char *file, struct SceKernelLoadExecVSHParam *param)
{
int k1;
int res;

k1 = pspSdkSetK1(0);
res = sceKernelLoadExecVSHDiscUpdater(file, param);

pspSdkSetK1(k1);
return res;
}

//0x00006080
int sctrlKernelLoadExecVSHMs1(const char *file, struct SceKernelLoadExecVSHParam *param)
{
int k1;
int res;

k1 = pspSdkSetK1(00);
res = sceKernelLoadExecVSHMs1(file, param);

pspSdkSetK1(k1);
return res;
}

//0x000060DC
int sctrlKernelLoadExecVSHMs2(const char *file, struct SceKernelLoadExecVSHParam *param)
{
int k1;
int res;

k1 = pspSdkSetK1(0);
res = sceKernelLoadExecVSHMs2(file, param);

pspSdkSetK1(k1);
return res;
}

//0x0x00006138
int sctrlKernelLoadExecVSHMs3(const char *file, struct SceKernelLoadExecVSHParam *param)
{
int k1;
int res;

k1 = pspSdkSetK1(0);
res = sceKernelLoadExecVSHMs3(file, param);
pspSdkSetK1(k1);

return res;
}

//0x00006194
int sctrlKernelLoadExecVSHMs4(const char *file, struct SceKernelLoadExecVSHParam *param)
{
int k1;
int res;

k1 = pspSdkSetK1(0);
res = sceKernelLoadExecVSHMs4(file, param);
pspSdkSetK1(k1);

return res;
}

//0x000061F0
int sctrlKernelLoadExecVSHWithApitype(int apitype, const char *file, struct SceKernelLoadExecVSHParam *param)
{
int k1;
int res;
int (* LoadExecVSH)(int apitype, const char *file, struct SceKernelLoadExecVSHParam *param, int unk2);

k1 = pspSdkSetK1(0);

u32 *mod = (u32 *)sceKernelFindModuleByName("sceLoadExec");
u32 text_addr;

if (!mod)
return -1;

text_addr = *(mod+27);
LoadExecVSH = (void *)(text_addr+0xEE8);

res = LoadExecVSH(apitype, file, param, 0x10000);

pspSdkSetK1(k1);

return res;
}

//0x00006280
int sctrlKernelExitVSH(struct SceKernelLoadExecVSHParam *param)
{
int k1;
int res;

k1 = pspSdkSetK1(0);
res = sceKernelExitVSHVSH(param);

pspSdkSetK1(k1);
return res;
}

//0x000062CC
PspIoDrv *sctrlHENFindDriver(char *drvname)
{
int k1 = pspSdkSetK1(0);
u32 *mod = (u32 *)sceKernelFindModuleByName("sceIOFileManager");

if (!mod)
{
pspSdkSetK1(k1);
return NULL;
}

u32 text_addr = *(mod+27);

u32 *(* GetDevice)(char *) = (void *)(text_addr+0x2800);
u32 *u;

u = GetDevice(drvname);

if (!u)
{
pspSdkSetK1(k1);
return NULL;
}

return (PspIoDrv *)u[1];
}

//0x00006350
int sctrlKernelSetInitApitype(int apitype)
{
int k1 = pspSdkSetK1(0);
int prev = sceKernelInitApitype();

u32 *mod = (u32 *)sceKernelFindModuleByName("sceInit");
u32 text_addr;

if (!mod)
{
pspSdkSetK1(k1);
return -1;
}

text_addr = *(mod+27);
_sw(apitype, text_addr+0x1E50);

pspSdkSetK1(k1);
return prev;
}

//0x000063D0
int sctrlKernelSetInitFileName(char *filename)
{
int k1 = pspSdkSetK1(0);

u32 *mod = (u32 *)sceKernelFindModuleByName("sceInit");
u32 text_addr;

if (!mod)
{
pspSdkSetK1(k1);
return -1;
}

text_addr = *(mod+27);
_sw((u32)filename, text_addr+0x1E74);

pspSdkSetK1(k1);
return 0;
}

//0x00006440
int sctrlKernelSetInitKeyConfig(int key)
{
int k1 = pspSdkSetK1(0);
int prev = sceKernelInitKeyConfig();

u32 *mod = (u32 *)sceKernelFindModuleByName("sceInit");
u32 text_addr;

if (!mod)
{
pspSdkSetK1(k1);
return -1;
}

text_addr = *(mod+27);
_sw(key, text_addr+0x1FC0);

pspSdkSetK1(k1);
return prev;
}

//inline @ 0x00006558
static void PatchIsofsDriver2()
{
u32 *mod = (u32 *)sceKernelFindModuleByName("sceIsofs_driver");

if (mod)
{
u32 text_addr = *(mod+27);

//3.40: moved to start of module_reboot_before
_sw(0x03e00008, text_addr+0x4388); //4B14);
_sw(0x34020000, text_addr+0x438C); //4B18);
ClearCaches();
}
}

//0x000064C0 --------------<<<<<< this part is NO UMD >>>>>>--------
int sctrlSEMountUmdFromFile(char *file, int noumd, int isofs)
{
int k1 = pspSdkSetK1(0);
int res;

SetUmdFile(file);

if (!noumd && !isofs)
{
DoAnyUmd();
}

else
{
if ((res = sceIoDelDrv("umd")) < 0)
return res;

if ((res = sceIoAddDrv(getumd9660_driver())) < 0)
return res;
}

if (noumd)
{
DoNoUmdPatches();
}

if (isofs)
{
sceIoDelDrv("isofs");
sceIoAddDrv(getisofs_driver());
PatchIsofsDriver2();

sceIoAssign("disc0:", "umd0:", "isofs0:", IOASSIGN_RDONLY, NULL, 0);
}

pspSdkSetK1(k1);
return 0;
}

//0x00006600
int sctrlKernelSetDevkitVersion(int version)
{
int k1 = pspSdkSetK1(0);
int prev = sceKernelDevkitVersion();

int high = version >> 16;
int low = version & 0xFFFF;

_sh(high, 0x8800E960);
_sh(low, 0x8800E968);

ClearCaches();

pspSdkSetK1(k1);
return prev;
}

hellkha · May 15, 2009

Itsuki

what is it supposed to do?

itsuki · May 15, 2009

its the systemctrl... its hard for me to explain this stuffs and u will need to program others stuffs like csoread,isofs_driver,malloc,isoread,kubridge,systemctrl,conf,sysmodpatches,main...etc, sry too many to mention... by the way that one is wat it is look like the systemctrl in C++.... blah blah blah!! nose bleed!! sry im really not good in english

---------- Post added at 12:32 PM EST ---------- Previous post was at 12:26 PM EST ----------

and u guys should understand davee's situation bcuz programming is not that easy... this is only one part needed to make a systemctrl.... i believe ummmm.. there is 20+ or sumthing to be program like that.... by the way, cso and iso are short to be program.... just giving a hint or tip or watever

Moose · May 15, 2009

//3.40: moved to start of module_reboot_before

Did you copy that from the Wildcard sources?

itsuki · May 15, 2009

yes its from wildcard, that one was already been leak like a 1yr or sumthing... i made my own cfw from that source

blue girl · May 15, 2009

sorry for the noob question, but what is it?
and what it have to do with the HEn?

itsuki · May 15, 2009

well aaaahh.... i think i saw from a few page back that their were talking bout the systemctrl..M33 module compability.. etc, mmmmhh im just giving the idea wats the systemctrl look like.. if u know how to read the c language.. u will see that its not only 1 file to be program.. there were more beside that...

so people, give davee a consideration wen he making next version and stop whining hehheehe!!

MiKeY188 · May 15, 2009

itsuki said:
yes its from wildcard, that one was already been leak like a 1yr or sumthing... i made my own cfw from that source

you didnt make your own custom firmware you used a source from another custom firmware modified it, so its not really your own!. And if i remember with my PSP testings does it even compile? perhaps it does i just cannot remember.

itsuki · May 15, 2009

MiKeY188 said:
you didnt make your own custom firmware you used a source from another custom firmware modified it, so its not really your own!. And if i remember with my PSP testings does it even compile? perhaps it does i just cannot remember.

u seems didnt understand wat i have said...

i use that source code then i made my own version cfw

and since that source code were leaked, people have made their own cfw

mmmhhh... like GEN's cfw...

Bubbletune · May 15, 2009

itsuki said:
u seems didnt understand wat i have said...

i use that source code then i made my own version cfw

and since that source code were leaked, people have made their own cfw

mmmhhh... like GEN's cfw...

GEN's custom firmware wasn't based off the OE leak. In fact, it couldn't have been, as the custom firmwares have changed so immensely since 3.71, there is no way to make the custom firmware function with the old methods. And the fact that you don't understand this, clearly tells that you didn't make a custom firmware.

May 15, 2009

Bubbletune said:
GEN's custom firmware wasn't based off the OE leak. In fact, it couldn't have been, as the custom firmwares have changed so immensely since 3.71, there is no way to make the custom firmware function with the old methods. And the fact that you don't understand this, clearly tells that you didn't make a custom firmware.

I am kinda building upon this.

A lot has changed since OE. OE used 1.50 IPL + bootstrap to boot a custom firmware. And since 3.71, custom firmwares started using custom IPL using the 3.xx/4.xx/5.xx bootstrap.

So there is no way that GEN was based off the OE series.

GEN was a possibly reverse engineered from 5.00 M33 or it was just hex-edited some of the M33 modules and changed the boot config of the firmware.

insane · May 16, 2009

itsuki said:
yes its from wildcard, that one was already been leak like a 1yr or sumthing... i made my own cfw from that source

SOHC and DOHC are completely different! You bought a car without knowing this?

carsolin · May 17, 2009

ok, i'm confused. what are you people talking about now?

BlackDonald · May 17, 2009

Congratulations!
But I found a mistake.
I use 16G but it doesn't work.
Thank you for looking!

Moose · May 17, 2009

BlackDonald said:
Congratulations!
But I found a mistake.
I use 16G but it doesn't work.
Thank you for looking!

You mean a 16GB memory stick?

DarkGamer · May 17, 2009

Latest chickhen r3 screenshot found on net

AND THE SITE WHICH IT WAS FOUND

http://translate.google.co.in/translate?hl=en&sl=zh-TW&u=http://psper.tw/post/779/&ei=ZDoQSqrcOM6OkAW7prWtBA&sa=X&oi=translate&resnum=6&ct=result&prev=/search%3Fq%3DCHICKHEN%2BR3%26hl%3Den%26sa%3DN%26start%3D10

RATE MY THREAD IF U LIKE WHAT I POST AND SUBSCRIBE ME THANKS

I"LL KEEP U GUYS POSTED

Tiff Exploit - HEN Information

Contributer

New Member

=)

Member

New Member

=)

New Member

Meta Moose

New Member

New Member

New Member

S For So Not Mature

New Member

Member

Guest

New Member

New Member

New Member

Meta Moose

PRo GaMeR