About releasing MoHH eloader source code

Discuss the development of new homebrew software, tools and libraries.

Moderators: cheriff, TyRaNiD

m0skit0
Posts: 191
Joined: Tue Jun 02, 2009 8:58 pm

About releasing MoHH eloader source code

Post by m0skit0 »

Ok I want to release an alpha version of the Medal of Honor Heroes eloader I've been working on with ab5000 and n00b81, but since I want it to be open source and I've been asked by some devs to keep some parts closed, like syscall estimation. I just want to make clear that we have discovered how to estimate syscalls with no external help (wasnt that hard though), so we have all the right to open the source. This is just to have more experienced developers' advice and consider what to do: release ALL the source or keep some parts closed.

Thanks for reading and giving your opinion :)
The Incredible Bill Gates wrote:The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers.
Producted
Posts: 56
Joined: Thu Jun 04, 2009 12:16 am

Post by Producted »

+1 for sharing

A question; what's the last version this will work on? 5.50?
~~
No idea if you already did, but I think Freeplay needs some help. :P
m0skit0
Posts: 191
Joined: Tue Jun 02, 2009 8:58 pm

Post by m0skit0 »

5.55

Freeplay didn't contact me. I heard he just sought source from another eloader, that's all.

Anyway our eloader still needs a lot of optimizations, but at least we did it ourselves ;) And dude, you really learn a lot (and bang your head against a wall a lot xDDD)
The Incredible Bill Gates wrote:The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers.
jojojoris
Posts: 255
Joined: Sun Mar 30, 2008 4:06 am

Post by jojojoris »

Does it matter that sony also knows what it's actually doing when the source is released?

Code: Select all

int main(){
     SetupCallbacks();
     makeNiceGame();
     sceKernelExitGame();
}
sauron_le_noir
Posts: 203
Joined: Sat Jul 05, 2008 8:03 am

Post by sauron_le_noir »

+1 for the share
-1 because you give sony idea to fight custom firmware

Does it contain documentation more important value or just
the code ?
m0skit0
Posts: 191
Joined: Tue Jun 02, 2009 8:58 pm

Post by m0skit0 »

I think Sony can just reverse it to know how it works, even if they dont have the source. So I think the pros have more stakes than the cons. And sincerely, I dont think our code has something Sony doesnt already know about. There are no exploit or whatsoever to be kept in secret, maybe just syscall number estimation, which is sincerely something very very simple and basic (I dont know if there are more advanced estimations).

And I dont think Sony can fight better CFW with this, because an eloader it's not a CFW. I just remind that we dont have kernel access whatsoever, so CFW are basically different as they patch kernel modules, something I cant do with user mode access only.

Please correct me if I made wrong assumptions.
The Incredible Bill Gates wrote:The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers.
willow :--)
Posts: 107
Joined: Sat Jan 13, 2007 11:50 am

Post by willow :--) »

+1 for open source eLoader.

I'm not one of the "experienced developers" in terms of firmwares and code reverse, but I think sharing this eloader's source is a good idea.

As far as "fighting custom firmware" goes, I believe Sony already have more sources than they need. After all, they do have the source code for their firmware... so as you said, I think the pros outweight the cons.
ab5000
Posts: 74
Joined: Tue May 06, 2008 2:37 am

Post by ab5000 »

The eLoader isn't complex.
It just load the ELF in memory (along with all the sections), resolve imports and jump to start address of ELF.
The really PSP-dependent part is resolving the imports.
Resolving user-to-user imports is a bit complex but it isn't the really difficult part because we can do it from user mode with no problems.
The real problem is resolving user-to-kernel imports.
Syscall estimation allow us to resolve syscalls without having kernel mode (if we can go into kernel mode then we can simple query the syscall table).
In older FWs (like 2.00) syscalls were fixed, so you can just make a file with nid-syscall pairs and the work is done.
In newer FWs (from 2.50) syscalls are randomized.
They aren't REALLY randomized so we managed to estimate them (i can't say how we do it). Estimation isn't perfect but we have got a good grade of precision, and I got some ideas to optimize it.

The problem is: If we release syscall estimation code with the eLoader, Sony will probably find another method to randomize syscalls. And if this happens, the work we have done will be nearly useless.
I'm sure they aren't going to TOTALLY randomize syscalls (it's a BIG waste of memory), but a great part of the work should be remade from scratch.

So, I think we should release the source BUT keep the syscall estimation code closed.

P.S. If the source will be released, make LITTLE changes each time. Otherwise you will probably become crazy watching excpetions xD

Code: Select all

%&#58;include<stdio.h>
int _&#40;int __,int ___,int ____,int _____&#41;
<%for&#40;;____<___;_____=_____*__,____++&#41;;
return _____;%>main&#40;&#41;<%printf
&#40;"%d\n",_&#40;2,5,0,1&#41;&#41;;%>
m0skit0
Posts: 191
Joined: Tue Jun 02, 2009 8:58 pm

Post by m0skit0 »

You forgot that when working with PRXs you must also relocate all the stuff.

Do you really think Sony doesnt know how we could estimate syscalls? They know how they "randomize" them, so they surely know how we can estimate them, don't you think? Team Noobz already did it in their eloader.

And one of the primary reasons I want to release this open source is that other devs can contribute freely, but they cannot do that if we keep syscall closed, except providing syscall.c as a .o already compiled library, which in my opinion is as much as giving the source because it can be easily disassembled.
The Incredible Bill Gates wrote:The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers.
Visigotico
Posts: 11
Joined: Wed Apr 23, 2008 11:44 am

Post by Visigotico »

whatever. Releasing or not the source, Sony is sure to
find another way to randomize the system calls, causing the eLoader to stop working.
Davee
Posts: 43
Joined: Mon Jun 22, 2009 3:58 am

Post by Davee »

m0skit0 wrote:5.55

Freeplay didn't contact me. I heard he just sought source from another eloader, that's all.

Anyway our eloader still needs a lot of optimizations, but at least we did it ourselves ;) And dude, you really learn a lot (and bang your head against a wall a lot xDDD)

Good job mate. I completely agree, you do learn a lot when you start making these things yourself :P
PsPfReAK
Posts: 61
Joined: Sat Mar 28, 2009 9:02 am
Contact:

Post by PsPfReAK »

What if you just send the source to developers rather then having it open to download?

thats seems more like an idea.
m0skit0
Posts: 191
Joined: Tue Jun 02, 2009 8:58 pm

Post by m0skit0 »

PsPfReAK wrote:What if you just send the source to developers rather then having it open to download?
Giving the source to devs is the same to open the source. Who to trust? Would those devs who get it keep syscall estimation secret? I sincerely prefer open the source. And honeslty I don't want to keep track of people and judging who deserves the source and who not.

Development communities work way better with open source. You have a lot of examples in real world (Linux, Firefox...). Yes I know PSP cannot be compared with open standards but I think putting this elaoder open source would benefit the whole scene. New developers can find it very useful to know how execution and linking is done in PSP with a full C example. I would have been happy to have found an example such as this one. And even if Sony changes the syscall "randomization", the scene would find a way of reversing that, as it has already done with this supposed "randomization".
Visigotico wrote:Releasing or not the source, Sony is sure to find another way to randomize the system calls, causing the eLoader to stop working.
They didnt do so with Noobz eloader. And I doubt they will with this prototype.
Davee wrote:I completely agree, you do learn a lot when you start making these things yourself :P
Thanks Davee, but there's still a lot of work to be done to make this really functional.
The Incredible Bill Gates wrote:The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers.
Lechter
Posts: 8
Joined: Tue Nov 03, 2009 11:19 pm

Post by Lechter »

+1 for open source eLoader.
Draan
Posts: 48
Joined: Sat Oct 17, 2009 3:39 am

Post by Draan »

First Bubbletune + adding icons to XMB, now eLoader...it's going really hot there :)
MaTiAz
Posts: 3
Joined: Fri Nov 17, 2006 6:05 am

Post by MaTiAz »

You're missing a point here - telling SCE engineers to reverse something costs a lot of money. Money that they most likely will not spare.

By your logic, Sony could've started randomizing NIDs the moment stuff patching the kernel started appearing (ie. 1.50 times). Remember the wildc*rd source leak? That's when Sony started randomizing NIDs, when they got their hands on the -source-.

There's (usually) a reason why something stays closed-source. Be it financial or whatever, but often it's good.
m0skit0
Posts: 191
Joined: Tue Jun 02, 2009 8:58 pm

Post by m0skit0 »

Thanks for pointing that, MaTiAz.

Yeah, Sony should spend money to reverse scene stuff, which they'll unlikely do. But it should also spend more money to change the current syscall randomization. The point is they already know the scene can estimate the FW syscalls, and without doubt they also know where the flaw lies (or else their engineers are really stupid), but they haven't done a thing to prevent this from Noobz's eLoader times (2.7x iirc).

Will the source of an unfinished eloader for an already patched game exploit make them spend more money just to patch a flawed syscall randomization they're using for 4 FW major versions now?
The Incredible Bill Gates wrote:The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers.
hlide
Posts: 739
Joined: Sun Sep 10, 2006 2:31 am

Post by hlide »

ab5000 wrote:The problem is: If we release syscall estimation code with the eLoader, Sony will probably find another method to randomize syscalls. And if this happens, the work we have done will be nearly useless.
I'm sure they aren't going to TOTALLY randomize syscalls (it's a BIG waste of memory), but a great part of the work should be remade from scratch.

So, I think we should release the source BUT keep the syscall estimation code closed.
The very fact you are telling us the hint is enough to alert Sony and make their mind up to change the way to "randomize" their kernel NID again. So having the source or not doesn't change anything for Sony as changing them is safer than reading source or reverse-engineering it.
willow :--)
Posts: 107
Joined: Sat Jan 13, 2007 11:50 am

Post by willow :--) »

People should stop being paranoid. When Sony change their code, other vulnerabilities will be found. How fun would it be for hackers if the same vulnerability existed for years ?
Visigotico
Posts: 11
Joined: Wed Apr 23, 2008 11:44 am

Post by Visigotico »

If Sony is interested in making the eLoader stops working, it will
do, regardless f the source code have been released or not.
m0skit0
Posts: 191
Joined: Tue Jun 02, 2009 8:58 pm

Post by m0skit0 »

Sorry for reviving this again, but II finally decided to release it, but keep syscall estimation closed until I can discuss the matter personally with ab5000, as he coded that part, although I had the idea on how to estimate them.

I still think opening the source has more benefits than keeping it closed. Closeness only endangers the freedom of the scene by concentrating code towards one direction and enhances secrecy over cooperation. And I dont think that's good for any community, and definitely only benefits Sony, first advocate for secrecy.

Hope you understand my position
The Incredible Bill Gates wrote:The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers.
mohh eloader
Posts: 3
Joined: Fri Nov 27, 2009 5:24 am
Location: lauisiana

Post by mohh eloader »

so m0skit0 not to bother u r any thing but tell me plz all u know we will b able to run like homebrew and maybe a hint on when u think it'll b released because thats the question all over the world right now ; )
email me: jafus_fleming @yahoo.com
m0skit0
Posts: 191
Joined: Tue Jun 02, 2009 8:58 pm

Post by m0skit0 »

It is already released, but dont put much hope on it. It's a premature alpha. And dude, dont post your email on forums :P
The Incredible Bill Gates wrote:The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers.
mohh eloader
Posts: 3
Joined: Fri Nov 27, 2009 5:24 am
Location: lauisiana

Post by mohh eloader »

i only c the source...dude when will u have the actual eloader for normal users to run homebrew?
m0skit0
Posts: 191
Joined: Tue Jun 02, 2009 8:58 pm

Post by m0skit0 »

Nope. For devs only.
The Incredible Bill Gates wrote:The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers.
mohh eloader
Posts: 3
Joined: Fri Nov 27, 2009 5:24 am
Location: lauisiana

Post by mohh eloader »

devs ONLY WHAT THA FUCK.....i guesse u arnt the answer to 5.5X ofw >.>
willow :--)
Posts: 107
Joined: Sat Jan 13, 2007 11:50 am

Post by willow :--) »

Do we ban people here? If so, I think we have a good candidate...
m0skit0
Posts: 191
Joined: Tue Jun 02, 2009 8:58 pm

Post by m0skit0 »

I'm the answer to nothing. I only do as I please. Don't like it? Make the eloader yourself, whining boy.
The Incredible Bill Gates wrote:The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers.
User avatar
Raphael
Posts: 646
Joined: Tue Jan 17, 2006 4:54 pm
Location: Germany
Contact:

Post by Raphael »

m0skit0 wrote:I'm the answer to nothing. I only do as I please. Don't like it? Make the eloader yourself, whining boy.
I guess willow was more likely referring to "mohh eloader"... so no need to take it personal for you :)
<Don't push the river, it flows.>
http://wordpress.fx-world.org - my devblog
http://wiki.fx-world.org - VFPU documentation wiki

Alexander Berl
Draan
Posts: 48
Joined: Sat Oct 17, 2009 3:39 am

Post by Draan »

mohh eloader wrote:devs ONLY WHAT THA FUCK.....i guesse u arnt the answer to 5.5X ofw >.>
m0skit0 wrote:I'm the answer to nothing. I only do as I please. Don't like it? Make the eloader yourself, whining boy.
See? :)

This wasn't reply to willow :D
Post Reply