JFW-DH 3.56 Released! - 改機

http://goo.gl/34K2m

Here it is people! JFW-DH custom firmware v3.56 v1 has landed.
Details about its functions, lv2, lv1, lv0 and APPLDR, as well as the
download are available below.

Note: Our tipster, VenomusX, says that you'll need to downgrade to
official firmware v3.55 prior to installing this custom firmware
v3.56.

CFW v3.56 v1 release info:

This is the first firmware version 3.56 of custom,
This custom (its most basic) was ready for about 7 or 8 months,
but it was not until NOW when I decided to publish it.
It has nothing to do with the recently published exploit the
metldr, although the appearance is imminent futures higher
firmwares, for which he wants to try, here it is.

First of all thanks:

- Graf_Chokolo, for their great work.
- To Demonhades, for its testing, its great strength.
- To JaiCrab, for their help.
- To Lara, for making me laugh a day.
- People who have tested this 3.56 MA-1, thank you very much.
- To all that s @ s who donated for a flasher, no firmware this
far along would not exist as such.
- To Varicella by their selfless help.
- To B, thanks
- To M.E.M, I NOT forget and NOT forgive.
- All I forget that by mistake, apologize.

As the first version, it only takes the most basic functions of a
custom firmware, now I'll explain.

Also explain the changes performed in the 3.56 Sony, and as in its
release notes, which argued as a simple patch was not just a patch.

FUNCTIONS

Support PEEK/POKE lv2, using the typical SYSCALL 6 and 7 for
compatibility with existing homebrew.

Support PEEK/POKE lv1 native SYSCALL using 10 and 11
respectively. These are used as SYSCALL than the lv2, the devs
just have to use them as you would those of lv1 lv2 but affecting.

Load unsigned applications, FSELF format natively. That is, a
normal application or npdrm FSELF valid format worked directly.
(No touch-memory copy in the lv2).

Load logically signed applications, both official and unofficial
signature valid.

Support for applications up to version 3.56.

Use of all SYSCALL system, provided that the product no later
verify mode, QA, etc.

No need to modify the PARAM.SFO in the event that hypothetically
would use a application that requests a version higher than 3.56
in either npdrm/normal application/or application running from
the bdemu.

Installation of Retail and Debug PKG since the PKG Install option.
System settings in the XMB QA hacked. Now you can open the
options using the normal combo without QA flag is active or a valid
token or existing on your machine. Any options changed is maintained
in the system registry settings. This QA system hack allows any SPRX
to call the XMB to check this information hacked receive information,
such as the nas_plugin.sprx, which in the case of DEX would permit
installed without any patch of PKG Retail. As always be careful you
do with those options, this is the safest way to have the QA without
be QA, and not have to modify the EEPROM in any recalculated
appearance or tokens of any kind. Here I have to thank Sony for
making the security of your token only be in one byte and not in
those should be.

LV2:

FIX: Patch to allow loading of applications for (avoids errors 0×
80010009)
FIX: Patch to avoid checking the firmware version of the
application against the version of firmware stored in the memory
of lv2 (avoid the error 0x80010019)
FIX: Patch to avoid the error 0x8001003C (allows loading of
applications that request more internally than the current version)
FIX: Patch to avoid the error 0x8001003D
FIX: Patch to avoid the error 0x8001003E (using hdd patch and have no
disc inserted)
FIX: Enables the use of all SYSCALL, avoiding generic error 0x80010003.

CHANGES IN THE LV2 356:

FIX: Patching a new security check that prevents updater mode, it
could launch an application unsigned with the minimum key 0xD
(3.56), avoiding the error 0x80010009.
NOTE: See NOTE AT THE END OF THIS README
FIX: otherwise is used to integrate the new SYSCALL 6, 7, 10, 11
at lv2.

LV1:

Added support for PEEK/POKE NATIVE at lv1. The method used to
integrate these new hypercalls not use hypercall existing one, but
really any hypercall not used in the system is a peek or poke
depending on the case. To interact with PEEK/POKE, lv2 use SYSCALL
of 10 and 11 respectively.

Changes in the hypercall mmap (114). In the 3.56, Sony made
significant changes in this hypercall to avoid the use that was
being given to the lv1 to lv2 mapping. Now this hypercall checks
that the key argument has not been modified, are checked mapping
ranges (Someone who understands this will realize how dangerous it
is that you map the critical thing, and do not speak of lv1) the
hypercall code is divided into sub-functions into chunks for
rolling the analysis.

3.56 In this version of this hypercall MA has not been touched,
but having the support of PEEK/POKE in lv1 mapping is no longer
necessary. In a later version is not ruled out such a check hypercall
it's not complicated really, just it was not necessary for this
version.

Changes in the hypercall unmap (115), similar to mmap, its code
shared between subfunctions.

FIX: Added some patches to avoid integrity checks lv1/LV0.

FIX: Added patches in the SPM and the DM to enable the use of any
service. The patch is different, smaller, the SS patch exists
(this is no longer compatible with 3.56), in my testings my
patch does not produce any kind of problem with trophies, or
saved games, etc..
TODO: Delete the problem of not being able to downgrade to a
version lower than 3.56. Currently not possible down
from 3.56 after upgrading to the.

LV0 APPLDR:

FIX: Patch to override the check ECDSA digital signature. Now an
application with an invalid signature signed will be considered
valid. For example, "sign" an application without having the
proper private key to generate a proper signature.

FIX: Patch that removes the hash check of the application segments.
A hash will be considered invalid valid.

FIX: Patch to override that you can not use FSELF on retail
consoles. This patch is different from that in ps3devwiki, the
patch is on that page about this subject brickes machines has
a problem metadata to decrypt the encrypted executables retail.

FIX: Patch to override the protection added in 3.55 (in the case
of applications npdrm/normal, previously only was in charge
of the RVK) which prevents applications can be used above the
indicated version in the firmware today. That is, in a
hypothetical case, a game trying to throw in a 3.60 3.56.

FIX: Patch to override the protection auth check the applications
(added in 3.56), this check detects programs created public
tools as they always put the same auth, auth superior one.

FIX: Patch to remove the protection from the white list of
authorized programs, added in 3.56. Now you can use all
applications as 3.55 and below.

NOTES:

The lv2 is protected by a hash in lv1, in case you want to play
an offset that encompassed in the range of protection, this would
produce a panic check off the system. To avoid this problem, use
the tool that is attached to this package before using poke
modify lv2.

Why not to implement this patch directly is because not everyone
is dev, and that can not be touched lv2 is safe for the user. Of
course the source code of this program is included, so a dev can
see how using the POKE lv1 patched the problem.

You can now exit of service mode, and use the lv2diag as before,
but this has a potential danger. The 3.56 now makes it impossible
to make a downgrade to less than 3.56, meaning that if you are in the
3.56 in him are, if you have time you tried to cancel out a version
that checks the update manager. The problem is a programming error
that allows updating Lv2Diag.self, the failure is that No checks that
the update is in the usb or to verify that this is valid, the program
formats the flash 1.2 and 3. That is, if then fails, your system
would not have died partially flashes, still work ROS can use a
lv2diag active again, but who Forewarned is forearmed. Lv2diag Beware!

Attached to this package is an updated application to extract the
nodes of a dump of lv1 is an update of the application made by Graf
Chokolo, now has support for versions 3.15, 3.41, 3.55 and 3.56 in
one program. Useful to display the nodes extracted from your dump.
The firmware finished graphic will be added when finished JFW
3.41 itself.

In the package adds an application, I do not think there publicly,
to put the product model directly from the XMB, acts as a toggle,
in the event that you can use the product as simply. So I removed
the product.

As a final note to remember that this is the first version of the
firmware, so constructive criticism are welcome. As I suppose that
due to this publication where patches are appldr, many variants will
come out of it, just remember that the first publication was this.

Do not bite the hand that feeds you, today is a 3.56 higher
perhaps tomorrow another, or maybe not.

Cheers to VenomusX for this news tip!

Download JFW-DH: http://forum.jailbreakscene.com/viewtopic.php?f=2&t=1783

******

想灌的人可以試試，但是無法退回到任何非官方3.56版以下的韌體。

實用的性質不大高，只支援到3.56版的遊戲，但3.56版的金鑰早就外流了，因此
3.55版的主機也能透過備份替換主程式的方式執行3.56版的遊戲。這個韌體應該
是只有 POC的性質而已。


--
《天龍人轉職技能開發樹(the Technology and Occupation Tree of Sky Dragoners)》
┌→勞委會┌→新北市／立法院
┌裝熟──看報──比爛┐┌哽咽┴─告密┬┴無視─→總統府／台北市／文建會
囧mm ┤ ┌──┘└──┐┌──┘
└裝死──跳針─┴硬拗┬─轉彎┘└震怒─┬白賊─→行政院／外交部
└→財政部／監察院└→台中市／交通部

--