Some improvement to the SDK scePower library

Discuss the development of new homebrew software, tools and libraries.

Moderators: cheriff, TyRaNiD

Post Reply
ne0h
Posts: 386
Joined: Thu Feb 21, 2008 2:15 am

Some improvement to the SDK scePower library

Post by ne0h »

Phobox and I have added some functions at the sdk psppower library,
we are still adding some functions, anyway we have decided to post the functions founded here!
Here is the libpsppower compiled with all the 5.xx functions and the updated header file:
http://www.megaupload.com/?d=8WCVRGZ0
We have added some functions:

Code: Select all

/**
 * Get battery remain capacity as integer
 *
 * @returns battery remain capacity --> maybe mAh!
 */
int scePowerGetBatteryRemainCapacity(void); // 0x94F5A53F

/**
 * Get battery total capacity as integer
 *
 * @returns battery total capacity --> maybe mAh!
 */
int scePowerGetBatteryFullCapacity(void); // 0xFD18A0FF

/**
 * Request for PSP reboot
 *
 * @param unk1  - Unknow, pass 0
 */
void scePowerRequestColdReset(int unk1); // 0x0442D852

/**
 * Unknow function
 *
 * @return always 216 in all of my tests
 */
int scePowerGetLowBatteryCapacity(); // 0xB999184C

/**
 * Unknow, maybe return the maximum brightness available,
 * probably the function pathed by M33 to get always
 * the 4th brightness level
 *
 * @return always 4 in all of my tests
 */
int scePowerGetBacklightMaximum(void); // 0x442BFBAC
Top
Pirata Nervo
Posts: 409
Joined: Tue Oct 09, 2007 4:22 am

Post by Pirata Nervo »

thanks ne0h and phobox
Image
Upgrade your PSP
Top
phobox
Posts: 127
Joined: Mon Mar 24, 2008 6:22 pm

Post by phobox »

I think that a patch for the svn would be welcomed...
BUT
I don't know how to create one, never worked with svn.

can someone tell me (us) how to create one?
Ciao! from Italy
Top
ne0h
Posts: 386
Joined: Thu Feb 21, 2008 2:15 am

Post by ne0h »

A question:

Code: Select all

0xDB9D28DD,scePowerUnregitserCallback
0xDFA8BAF8,scePowerUnregisterCallback
Why there's 2 functions with a similar name like this?
"scePowerUnregisterCallback"? "Unregister"? Is a grammatical error or what?
Does it make the same thing?
Sorry for my english...
Top
phobox
Posts: 127
Joined: Mon Mar 24, 2008 6:22 pm

Post by phobox »

new one:

scePower_7FA406DD
that is
scePowerIsRequest.

prototype:
int scePowerIsRequest();

it return 0 if there is no request pending, 1 otherwise.
with request i mean functions like scePowerRequestColdReset, scePowerRequestStandby and scePowerRequestSuspend.


I also noticed the presence of other functions like scePowerCancelRequest, scePowerWaitRequestCompletion, scePowerIsSuspendRequired etc...

why? is there a delay between the call of the func and the effect of that function, if it is like this... how is it possible to set this delay (the unknown param of scePowerRequestColdReset?, tried, not working with a value different from 0.) or this dealy is a some-kind-of "natural" delay?

EDIT
New weird one: int scePower_2875994B();
By calling it i resets the game...
it is very fast but it looks like to be deep as well: the power led turns off(sometimes it flashes), the lcd turns off, the ms led blinks (loading of the app?), then the hb is there again on the screen! O.O...

EDIT2:
New one:
int scePowerGetResumeCount(); (scePower_0074EF9B)
the value it returns increases by calling scePower_2875994B(); that is the previuos func, the supposed resetter...

tryed calculating the nid of scePowerRequestResume or scePowerResume, but the values i obtained are not 2875994B (that is the nid of the resetter)

EDIT3: (lol)
calling this resetter func (scePower_2875994B()) makes int scePowerIsRequest(); to return 1... so it is a request and the name of the func should be scePowerRequest* than 1 or 2 words....

EDIT4: (please stop me!! lol)
scePowerGetResumeCount(); returns a value that increases by resuming the app, i found 2 ways:
1.by calling that resetter function (scePower_2875994B())
2.by doing it manually moving the power sitch up for a sec...

(suspending the psp manually makes scePowerIsRequest() func to return 1..)

by this i deduce that the unknown resetter function is a way to automate (or simulate) a suspend and a resume...
Ciao! from Italy
Top
XazZ
Posts: 10
Joined: Fri Aug 25, 2006 1:00 am

Post by XazZ »

ne0h wrote:A question:

Code: Select all

0xDB9D28DD,scePowerUnregitserCallback
0xDFA8BAF8,scePowerUnregisterCallback
Why there's 2 functions with a similar name like this?
"scePowerUnregisterCallback"? "Unregister"? Is a grammatical error or what?
Does it make the same thing?
Sorry for my english...
Good evening

Indeed, Sony has a typo in one of their names ;)
scePowerUnregitserCallback should have been:
scePowerUnregisterCallback

You might want to check silverspings blog - in one of his posts he showed more of those typos :)

Oh and thanks for finding out those names :)

XazZ
Top
ne0h
Posts: 386
Joined: Thu Feb 21, 2008 2:15 am

Post by ne0h »

Header updated
http://www.megaupload.com/?d=ZIMX2QWO
Added:

Code: Select all

/**
 * Get the total ammount of resume times
 *
 * @return the total resume times
 */
int scePowerGetResumeCount(void);

/**
 * Wait for the completion of the previous request
 *
 * @note:
 * Between the request for a op and it's execution
 * there's a "natural" delay time, with this function
 * you can stop the execution and wait for the
 * request execution
 *
 * @returns ???
 */
int scePowerWaitRequestCompletion(void);

/**
 * Check for a request uncompleted
 *
 * @returns 1 if a request is found,
 * otherwise 0
 */
int scePowerIsRequest(void);

/**
 * Unknow, probably delete a previous request,
 * but doesn't work
 *
 * @return ???
 */
int scePowerCancelRequest(void);
Top
User avatar
Torch
Posts: 825
Joined: Wed May 28, 2008 2:50 am

Post by Torch »

the delay is the time before all the callbacks have returned. in that time it can be cancelled. or so i found while testing. the sysevent method is better because you can cancel even power switch induced one.
Top
ne0h
Posts: 386
Joined: Thu Feb 21, 2008 2:15 am

Post by ne0h »

Finally updated, I've tried some functions ( I've included in the header some functions that are unknow, I've added my results )!
http://www.megaupload.com/?d=LA66AVWK
I've found some alias for scePowerSetClockFrequency, the results is the same and use the same "subfunction" in the asm src...

Code: Select all

/**
 * Set clocks frequencies
 *
 * @note: Alias for scePowerSetClockFrequency, used in the psx emu
 *
 * @returns < 0 on error, otherwise 0
 */
int scePower_545A7F3C&#40;int pllfreq, int cpufreq, int busfreq&#41;;

/**
 * Set clocks frequencies
 *
 * @note&#58; Another alias for scePowerSetClockFrequency
 *
 * @returns < 0 on error, otherwise 0
 */
int scePower_A4E93389&#40;int pllfreq, int cpufreq, int busfreq&#41;;

/**
 * Set clocks frequencies
 *
 * @note&#58; Incredible, another alias for scePowerSetClockFrequency
 *
 * @returns < 0 on error, otherwise 0
 */
int scePower_EBD177D6&#40;int pllfreq, int cpufreq, int busfreq&#41;;

/**
 * Get Pll frequency as Int
 * @returns frequency as int
 */
int scePowerGetPllClockFrequencyInt&#40;void&#41;;

/**
 * Get Pll frequency as Float
 * @returns frequency as float
 */
float scePowerGetPllClockFrequencyFloat&#40;void&#41;;

/**
 * Unknow, set something that is unknowed
 *
 * @param unk1  - Unknow
 */
void scePowerSetPowerSwMode&#40;int unk1&#41;;

/**
 * Unknow, get ??? something
 *
 * @returns 0 or 1 or 2 or 3, default to 2
 */
int scePowerGetPowerSwMode&#40;void&#41;;
Anyway there's some functions that I've doesn't writed in the header because get some strange results and are unknown...

Code: Select all

0x23C31FFE,scePowerVolatileMemLock&#40;int unk1, char** unk2, int* unk3&#41;;
0x78A1A796,scePowerIsSuspendRequired
0xA9D22232,scePowerSetCallbackMode
0xB3EDD801,scePowerVolatileMemUnlock
0x23436A4A,scePowerGetInnerTemp&#40;void&#41;
0xBAFA3DF0,scePowerGetCallbackMode
0xCB49F5CE,scePowerGetBatteryChargeCycle
0xFA97A599,scePowerVolatileMemTryLock
0x2875994B,scePower_2875994B&#40;void&#41;  // Very strange
0x2B51FE2F,scePower_2B51FE2F&#40;void&#41;   // Do nothing?? Return always 0
0xE8E4E204,scePower_E8E4E204&#40;void&#41;  // Returns always 72
The functions scePowerSetPowerSwMode and scePowerGetPowerSwMode do something but what?
If anyone have desire to test these functions and see what appens, I have seen nothing!

Sorry for my english, and thanks...
Top
Pirata Nervo
Posts: 409
Joined: Tue Oct 09, 2007 4:22 am

Post by Pirata Nervo »

how do you get the original function names? Does PRX tool outputs their names?
Image
Upgrade your PSP
Top
ne0h
Posts: 386
Joined: Thu Feb 21, 2008 2:15 am

Post by ne0h »

The NID is a "modified" Sha-1 hash of the function name, you have to get the hash of the name, write down the first 8 letters and next reverse the letters "2 to 2".
Sorry, very bad english, so a example:
Name: scePowerGetPowerSwMode
SHA-1: 85e05c16c0f3c9440a6505d171f7439416afb764
First 8 letters: 85E05C16
NID: 0x 165CE085
You can use NidCrack to try to get the name from a NID, but it's very slow!
I'm trying to write a new algoritm to improve the speed of NidCrack, but ...
Top
Pirata Nervo
Posts: 409
Joined: Tue Oct 09, 2007 4:22 am

Post by Pirata Nervo »

I know how to get the NID's >.<
I just don't know how to get the function names lol
Image
Upgrade your PSP
Top
phobox
Posts: 127
Joined: Mon Mar 24, 2008 6:22 pm

Post by phobox »

..using nidattack
..or..
..if already found...

http://silverspring.lan.st
Ciao! from Italy
Top
ne0h
Posts: 386
Joined: Thu Feb 21, 2008 2:15 am

Post by ne0h »

Ok, new function added:

Code: Select all

/**
 * Check if suspend is requided
 *
 * @note&#58; This function return 1 only when
 * the battery charge is low and
 * go in suspend mode!
 *
 * @return 1 if suspend is requided, otherwise 0
 */
int scePowerIsSuspendRequired&#40;void&#41;; // 0x78A1A796
Top
SilverSpring
Posts: 110
Joined: Tue Feb 27, 2007 9:43 pm
Contact:
Contact SilverSpring

Post by SilverSpring »

You should only write if you really know what you are talking about. Things only get added to the sdk when the person knows exactly what is going on.

ne0h wrote:The NID is a "modified" Sha-1 hash of the function name, you have to get the hash of the name, write down the first 8 letters and next reverse the letters "2 to 2".
Sorry, very bad english, so a example:
Name: scePowerGetPowerSwMode
SHA-1: 85e05c16c0f3c9440a6505d171f7439416afb764
First 8 letters: 85E05C16
NID: 0x 165CE085
You can use NidCrack to try to get the name from a NID, but it's very slow!
I'm trying to write a new algoritm to improve the speed of NidCrack, but ...
Are you sure you found them by cracking the nids? Or you just posted the ones I had found? If you had cracked them, feel free to send them to me so I can update new ones. But I guess you just grabbed them from the libdoc site since you would've cracked others that I hadn't yet updated on the site yet like:

0xE8E4E204 scePowerGetForceSuspendCapacity

for example.

Yes it always returns 72 (unless you've mucked around with your idstorage). It's the value of the battery (in mAh) that will force a suspend. Similar to the scePowerGetLowBatteryCapacity function (which returns 216 mAh) that starts the led flashing. These 2 values are set via idstorage key4, which is why some people have that suspend bug when they have corrupt idstorage.

So on a standard 1800mAh battery, these 2 events occur at 12% (led starts flashing) and 4% (auto suspends) capacity left respectively. You can change these 2 values via offset 0x1A (value 0x0048 = 72) and offset 0x1C (0x00D8 = 216) of idstorage key4.
ne0h wrote:A question:

Code: Select all

0xDB9D28DD,scePowerUnregitserCallback
0xDFA8BAF8,scePowerUnregisterCallback
Why there's 2 functions with a similar name like this?
"scePowerUnregisterCallback"? "Unregister"? Is a grammatical error or what?
Does it make the same thing?
Sorry for my english...
They are both the same function. Yes it is a typo mistake, they first named it scePowerUnregitserCallback and when they realised the mistake they made the correct spelling scePowerUnregisterCallback an export alias to the original function.
ne0h wrote: 0x2B51FE2F,scePower_2B51FE2F(void) // Do nothing?? Return always 0
No this one checks whether wlan is activated or not.

The param of scePowerRequestColdReset is not a delay but a mode, however for now it can only be 0. Several other functions also accept a mode arg that is also for now only 0. Probably reserved for future functionality, or maybe used in devkits.

0x23C31FFE scePowerVolatileMemLock
is scePowerVolatileMemLock(int mode, char **addr, int *size); where mode can only be 0 for now, and receives the address and size of the volatile memory partition in the other 2 args.

scePowerCancelRequest only cancels the standby & suspend requests from the power switch, it doesnt affect the software calls.



If you want to add functions to the sdk you have to know exactly what the functions do inside & out. It's not enough just by testing them. There could be side effects that you are not aware of.
Top
ne0h
Posts: 386
Joined: Thu Feb 21, 2008 2:15 am

Post by ne0h »

SilverSpring, thanks for the info,
but I haven't cracked the NID's and I haven't said to I've done it.
All the functions that I've posted is in the 5.00 libdoc...
I've poted some function but some of them is posted only to try to get more info.
I've thought that maybe anyone have already done some work with these functions and can help to completely reverse the unknown functions!
I've only tried to improve this library because there's some functions like
scePowerGetResumeCount, scePowerWaitRequestCompletion, scePowerIsRequest and scePowerRequestColdReset that are not in the SDK but if I'm right these function works perfect and there's no one problem!
The only function that cannot works is scePowerRequestColdReset, for the first arg...
Anyway excuse me, I've never wanted to take me the worth!
Sorry for my english

ne0h
Top
Post Reply

Return to “PSP Development”