forums.ps2dev.org

[m0skit0]

Ok I want to release an alpha version of the Medal of Honor Heroes eloader I've been working on with ab5000 and n00b81, but since I want it to be open source and I've been asked by some devs to keep some parts closed, like syscall estimation. I just want to make clear that we have discovered how to estimate syscalls with no external help (wasnt that hard though), so we have all the right to open the source. This is just to have more experienced developers' advice and consider what to do: release ALL the source or keep some parts closed.

Thanks for reading and giving your opinion :)
_________________

[Producted]

+1 for sharing

A question; what's the last version this will work on? 5.50?
~~
No idea if you already did, but I think Freeplay needs some help. :P
_________________
Producted.net

[m0skit0]

5.55

Freeplay didn't contact me. I heard he just sought source from another eloader, that's all.

Anyway our eloader still needs a lot of optimizations, but at least we did it ourselves ;) And dude, you really learn a lot (and bang your head against a wall a lot xDDD)
_________________

[jojojoris]

Does it matter that sony also knows what it's actually doing when the source is released?
_________________

[sauron_le_noir]

+1 for the share
-1 because you give sony idea to fight custom firmware

Does it contain documentation more important value or just
the code ?

[m0skit0]

I think Sony can just reverse it to know how it works, even if they dont have the source. So I think the pros have more stakes than the cons. And sincerely, I dont think our code has something Sony doesnt already know about. There are no exploit or whatsoever to be kept in secret, maybe just syscall number estimation, which is sincerely something very very simple and basic (I dont know if there are more advanced estimations).

And I dont think Sony can fight better CFW with this, because an eloader it's not a CFW. I just remind that we dont have kernel access whatsoever, so CFW are basically different as they patch kernel modules, something I cant do with user mode access only.

Please correct me if I made wrong assumptions.
_________________

[willow :--)]

+1 for open source eLoader.

I'm not one of the "experienced developers" in terms of firmwares and code reverse, but I think sharing this eloader's source is a good idea.

As far as "fighting custom firmware" goes, I believe Sony already have more sources than they need. After all, they do have the source code for their firmware... so as you said, I think the pros outweight the cons.
_________________
Wagic. Play that card game against an AI on your PSP

[ab5000]

The eLoader isn't complex.
It just load the ELF in memory (along with all the sections), resolve imports and jump to start address of ELF.
The really PSP-dependent part is resolving the imports.
Resolving user-to-user imports is a bit complex but it isn't the really difficult part because we can do it from user mode with no problems.
The real problem is resolving user-to-kernel imports.
Syscall estimation allow us to resolve syscalls without having kernel mode (if we can go into kernel mode then we can simple query the syscall table).
In older FWs (like 2.00) syscalls were fixed, so you can just make a file with nid-syscall pairs and the work is done.
In newer FWs (from 2.50) syscalls are randomized.
They aren't REALLY randomized so we managed to estimate them (i can't say how we do it). Estimation isn't perfect but we have got a good grade of precision, and I got some ideas to optimize it.

The problem is: If we release syscall estimation code with the eLoader, Sony will probably find another method to randomize syscalls. And if this happens, the work we have done will be nearly useless.
I'm sure they aren't going to TOTALLY randomize syscalls (it's a BIG waste of memory), but a great part of the work should be remade from scratch.

So, I think we should release the source BUT keep the syscall estimation code closed.

P.S. If the source will be released, make LITTLE changes each time. Otherwise you will probably become crazy watching excpetions xD
_________________

[m0skit0]

You forgot that when working with PRXs you must also relocate all the stuff.

Do you really think Sony doesnt know how we could estimate syscalls? They know how they "randomize" them, so they surely know how we can estimate them, don't you think? Team Noobz already did it in their eloader.

And one of the primary reasons I want to release this open source is that other devs can contribute freely, but they cannot do that if we keep syscall closed, except providing syscall.c as a .o already compiled library, which in my opinion is as much as giving the source because it can be easily disassembled.
_________________

[Visigotico]

whatever. Releasing or not the source, Sony is sure to
find another way to randomize the system calls, causing the eLoader to stop working.

[Davee]

[PsPfReAK]

What if you just send the source to developers rather then having it open to download?

thats seems more like an idea.

[m0skit0]

[Lechter]

+1 for open source eLoader.

[Draan]

First Bubbletune + adding icons to XMB, now eLoader...it's going really hot there :)

[MaTiAz]

You're missing a point here - telling SCE engineers to reverse something costs a lot of money. Money that they most likely will not spare.

By your logic, Sony could've started randomizing NIDs the moment stuff patching the kernel started appearing (ie. 1.50 times). Remember the wildc*rd source leak? That's when Sony started randomizing NIDs, when they got their hands on the -source-.

There's (usually) a reason why something stays closed-source. Be it financial or whatever, but often it's good.

[m0skit0]

Thanks for pointing that, MaTiAz.

Yeah, Sony should spend money to reverse scene stuff, which they'll unlikely do. But it should also spend more money to change the current syscall randomization. The point is they already know the scene can estimate the FW syscalls, and without doubt they also know where the flaw lies (or else their engineers are really stupid), but they haven't done a thing to prevent this from Noobz's eLoader times (2.7x iirc).

Will the source of an unfinished eloader for an already patched game exploit make them spend more money just to patch a flawed syscall randomization they're using for 4 FW major versions now?
_________________

[hlide]

[willow :--)]

People should stop being paranoid. When Sony change their code, other vulnerabilities will be found. How fun would it be for hackers if the same vulnerability existed for years ?
_________________
Wagic. Play that card game against an AI on your PSP

[Visigotico]

If Sony is interested in making the eLoader stops working, it will
do, regardless f the source code have been released or not.

[m0skit0]

Sorry for reviving this again, but II finally decided to release it, but keep syscall estimation closed until I can discuss the matter personally with ab5000, as he coded that part, although I had the idea on how to estimate them.

I still think opening the source has more benefits than keeping it closed. Closeness only endangers the freedom of the scene by concentrating code towards one direction and enhances secrecy over cooperation. And I dont think that's good for any community, and definitely only benefits Sony, first advocate for secrecy.

Hope you understand my position
_________________

[mohh eloader]

so m0skit0 not to bother u r any thing but tell me plz all u know we will b able to run like homebrew and maybe a hint on when u think it'll b released because thats the question all over the world right now ; )
email me: jafus_fleming @yahoo.com

[m0skit0]

It is already released, but dont put much hope on it. It's a premature alpha. And dude, dont post your email on forums :P
_________________

[mohh eloader]

i only c the source...dude when will u have the actual eloader for normal users to run homebrew?

[m0skit0]

Nope. For devs only.
_________________

[mohh eloader]

devs ONLY WHAT THA FUCK.....i guesse u arnt the answer to 5.5X ofw >.>

[willow :--)]

Do we ban people here? If so, I think we have a good candidate...
_________________
Wagic. Play that card game against an AI on your PSP

[m0skit0]

I'm the answer to nothing. I only do as I please. Don't like it? Make the eloader yourself, whining boy.
_________________

[Raphael]

[Draan]