rather than trying to replace 1.5 files with 1.0 files, how about another approach..
\flash0\vsh\module\msgdialog_plugin.prx is the only unencrypted prx in the flash. from what i can tell, it is responsible for handling error messages such as 'dhcp server could not be found' (msgerror_dhcp_not_found) and 'wireless lan switch is off' (msgerror_wlan_off_1).
if this function could be patched with code to call sceKernelLoadExec instead of sceVshCommonGui(?), then we would have a simple way to trigger arbitrary code execution. all you would need to do is scan for a wireless network with the wlan switch off, and instead of calling up an error dialog, it would call loadexec.
now mrbrown has indicated that sceKernelLoadExec will not load anything from the memory stick. and since that prx is encrypted, the chances of simply patching it do not look good. this is is where we'd have to get creative.
according to vampire, that there are 2 empty partitions on the lflash device.
"0x01C00000...0x01CFC1FF (~1MB) no files
0x01D00000...0x01DEC1FF (~1MB) no files"
the first partition could be used to store a "front end". this is what we'd want to tell loadexec to run in the patched msgdialog. loadexec shouldn't complain about an invalid device, because it's stored on the internal flash, not the memstick.
the purpose of the front end would be to list the programs on the memstick, give the option to copy one from the memory stick to the second partition, and finally perform a loadexec on it. this would hopefully allow us to get around the limitations placed on loadexec.
sorry if this is a bit off the wall.. i realize this is easier said than done, and even if i am way off track, i hope i at least sparked a better idea in someone else's mind.
some thoughts on patching the firmware
some thoughts on patching the firmware
Chaosmachine Studios: High Quality Homebrew.
ok, so rumor has it you have unencrypted the prx files recently.. could you replace the encrypted version of one of the modules (say the photo_plugin.prx, it's functionality is not critical, could be replaced with a homebrew app if this all works out) with the decrypted version, and if so, could it be patched in the way i suggested above?mrbrown wrote:msgdialog_plugin.prx isn't used by the VSH.
Chaosmachine Studios: High Quality Homebrew.
hmm... If it does allow a homebrew program to be launched,... Perhaps someone could write a 'launcher' program. Then if we want to play game we just cause the laugher to run first....
another Idea I had (although its a little more risky)... Is the replace the gameboot file from the 1.5 software with the 1.0 software. This may create a hybrid software version and skip the encryption check... or pervent you from ever launching anything :p....
another Idea I had (although its a little more risky)... Is the replace the gameboot file from the 1.5 software with the 1.0 software. This may create a hybrid software version and skip the encryption check... or pervent you from ever launching anything :p....
See The Future... Feel The Future...
that's what i was describing in the second half of my post.
Chaosmachine Studios: High Quality Homebrew.