What is CCAPI and how does it work?

1. SOURCE: http://www.psdevwiki.com/ps3/CCAPI
2.  
3. ControlConsoleAPI is an API for PS3 and PC similar to TMAPI on DEX console, But this one "CCAPI" works for CEX and DEX.
4. External Sources:
5. http://www.nextgenupdate.com/forums/ps3-cheats-customization/693857-update-controlconsoleapi-2-50-ccapi-37.html
6. http://www.nextgenupdate.com/forums/ps3-cheats-customization/701574-tutorial-how-rtm-ccapi-cex-dex.html
7. http://psx-scene.com/forums/content/controllconsoleapi-v2-50-adds-4-53-4-55-cfw-support-4350/
8.  
9. Features:
10. Compatible CEX/DEX/SEX/(TOOL ?)
11. Debug non-fself & fself in real time (vsh.self for example can be debugged in rte, or any game with non debug eboot)
12. Debug kernel in real time(lv2_kernel.self and lv1.self)
13. Classic functions (RTE on CEX + DEX):
14. getProcessMemory
15. setProcessMemory
16. shutdown/reboot
17. work with Wireless connection
18. bypass exec pages writing restriction
19. bypass lv2 memory protection
20. new functionalities like:
21. peek/poke lv1 and lv2
22. setConsoleID at anytime/anywhere
23. setConsoleLed
24. ringBuzzer
25. getTemperature
26. VSH module loading
27. notify
28.  
29. How to install CCAPI:
30. Just download and run this pkg on your ps3.
31. It will tell you to reboot, and it's done. You only need to do this once.
32. How to uninstall CCAPI
33. Just run again the pkg.
34. Is it risky
35. In the worst case, you could need to reinstall your firmware.
36.  
37. VSH module loading:
38. create a plugins directory and put all your sprx plugins into it.
39. /dev_usb000/plugins
40. /dev_usb000/plugins/prx_name1.sprx
41. /dev_usb000/plugins/prx_name2.sprx
42.  
43. All of the sprx that are present in this folder, will be loaded at ps3 boot.
44.  
45. Important:
46. If some games refuse to work, just don't use plugins, delete plugins folder from /dev_usb000
47. http://www.mediafire.com/download/1xjkdzl77gz4meq/CcApi_package_2.50.rar
48.  
49.  
50.  
51. <=========================================================MORE IN DEPTH=========================================================>
52.  
53. #CCAPI 2.50
54. Installation:
55.  
56. When installing, CCAPI (the ps3 application) creates a config file (/dev_flash/sys/internal/config.cfg) in which some data, depending on the console, is stored. This file has a size of 240 (0xF0) bytes.
57.  
58. Example from fw 4.46 dex:
59.  
60. Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
61. 00000000 04 04 60 00 D4 6F F4 09 80 00 00 00 00 36 6B D0 ..`.Ôoô.€....6kÐ
62. 00000010 80 00 00 00 00 07 22 5C 80 00 00 00 00 08 F9 98 €....."\€.....ù˜
63. 00000020 80 00 00 00 00 06 68 90 80 00 00 00 00 01 00 C0 €.....h.€......À
64. 00000030 80 00 00 00 00 29 E7 5C 80 00 00 00 00 06 6C CC €....)ç\€.....lÌ
65. 00000040 80 00 00 00 00 01 1F C0 80 00 00 00 00 29 E8 E8 €......À€....)èè
66. 00000050 80 00 00 00 00 00 FE A4 E9 22 AA 78 00 01 C3 38 €.....þ¤é"ªx..Ã8
67. 00000060 80 00 00 00 00 01 1A BC 80 00 00 00 00 01 1B 34 €......¼€......4
68. 00000070 80 00 00 00 00 08 F9 D4 80 00 00 00 00 37 CF E8 €.....ùÔ€....7Ïè
69. 00000080 80 00 00 00 00 3F A8 B0 80 00 00 00 00 49 6F 3C €....?¨°€....Io<
70. 00000090 80 00 00 00 00 4C 99 8C 00 00 00 00 00 00 00 00 €....L™Œ........
71. 000000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
72. 000000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
73. 000000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
74. 000000D0 00 00 00 00 00 00 00 03 00 00 00 00 00 61 D5 E8 .............aÕè
75. 000000E0 00 00 00 00 00 61 DB F4 00 00 00 00 00 04 41 64 .....aÛô......Ad
76.  
77. Usage Offset Size Value Notes Used in
78. - 0x00 0x04 04 04 60 00 Firmware: 4.46 -
79. - 0x04 0x04 D4 6F F4 09 Console type ? (DEX/CEX) -
80. - 0x08 0x08 80 00 00 00 00 36 6B D0 Address of the lv2 toc (stored at 0x8000000000003000 in lv2) -
81. - 0x10 0x08 80 00 00 00 00 07 22 5C A subroutine inside lv2 -
82. - 0x18 0x08 80 00 00 00 00 08 F9 98 A subroutine inside lv2 -
83. - 0x20 0x08 80 00 00 00 00 06 68 90 A subroutine inside lv2 -
84. - 0x28 0x08 80 00 00 00 00 01 00 C0 A subroutine inside lv2 -
85. - 0x30 0x08 80 00 00 00 00 29 E7 5C A subroutine inside lv2 -
86. - 0x38 0x08 80 00 00 00 00 06 6C CC A subroutine inside lv2 -
87. - 0x40 0x08 80 00 00 00 00 01 1F C0 A subroutine inside lv2 -
88. - 0x48 0x08 80 00 00 00 00 29 E8 E8 A subroutine inside lv2 -
89. - 0x50 0x08 80 00 00 00 00 00 FE A4 A subroutine inside lv2 -
90. - 0x58 0x04 E9 22 AA 78 - -
91. - 0x5C 0x04 00 01 C3 38 - -
92. - 0x60 0x08 80 00 00 00 00 01 1A BC A subroutine inside lv2 -
93. - 0x68 0x08 80 00 00 00 00 01 1B 34 A subroutine inside lv2 -
94.  
95. Allow sys_dbg syscalls 0x70 0x08 80 00 00 00 00 08 F9 D4 Ccapi edits the branch at that address to modify the code flow ccapi.sprx
96.  
97.  
98. Get SysTable from pc dll 0x78 0x08 80 00 00 00 00 37 CF E8 Address of the syscall table ccapi.sprx
99. Set ConsoleID 0x80 0x08 80 00 00 00 00 3F A8 B0 Address of one of the console IDs in lv2 ccapi.sprx
100. Set ConsoleID 0x88 0x08 80 00 00 00 00 49 6F 3C Address of one of the console IDs in lv2 ccapi.sprx
101. Set ConsoleID 0x90 0x08 80 00 00 00 00 4C 99 8C Address of one of the console IDs in lv2 ccapi.sprx
102. Set ConsoleID 0x98 0x08 00 00 00 00 00 00 00 00 Address of one of the console IDs in lv2 ccapi.sprx
103. Set ConsoleID 0xA0 0x08 00 00 00 00 00 00 00 00 Address of one of the console IDs in lv2 ccapi.sprx
104. Set ConsoleID 0xA8 0x08 00 00 00 00 00 00 00 00 Address of one of the console IDs in lv2 ccapi.sprx
105. Set ConsoleID 0xB0 0x08 00 00 00 00 00 00 00 00 Address of one of the console IDs in lv2 ccapi.sprx
106. Set ConsoleID 0xB8 0x08 00 00 00 00 00 00 00 00 Address of one of the console IDs in lv2 ccapi.sprx
107. Set ConsoleID 0xC0 0x08 00 00 00 00 00 00 00 00 Address of one of the console IDs in lv2 ccapi.sprx
108. Set ConsoleID 0xC8 0x08 00 00 00 00 00 00 00 00 Address of one of the console IDs in lv2 ccapi.sprx
109. Set ConsoleID 0xD0 0x08 00 00 00 00 00 00 00 03 Console ID count ccapi.sprx
110. - 0xD8 0x08 00 00 00 00 00 61 D5 E8 Address of sys_prx_load_module in vsh -
111. - 0xE0 0x08 00 00 00 00 00 61 DB F4 Address of sys_prx_start_module in vsh -
112. - 0xE8 0x08 00 00 00 00 00 04 41 64 - -
113.  
114. Commands
115.  
116. When calling a ccapi function, a packet containing a command id is sent to the ps3. The ps3 then analyzes the packet and makes a switch on the command id.
117. Command ID Action Prototype(s)
118. 1 SetConsoleID int32_t SetConsoleID(uint8_t *cid)
119. 2 ReadProcessMemory int32_t ReadProcessMemory(sys_pid_t pid, uint64_t address, void *data, size_t size)
120. 3 WriteProcessMemory int32_t WriteProcessMemory(sys_pid_t pid, uint64_t address, const void *data, size_t size)
121. 4 Unknown
122. 5 GetProcessInfo int32_t GetProcessInfo(sys_pid_t pid, sys_process_info_t *info)
123. 6 GetTemperature int32_t GetTemperature(int32_t type, uint32_t *temperature)
124. 7 ControlLed int32_t ControlLed(int32_t ledColor, int32_t ledAction)
125. 8 GetLv2Memory int32_t GetLv2Memory(uint64_t address, size_t num, uint8_t *buffer)
126. 9 SetLv2Memory int32_t SetLv2Memory(uint64_t address, int32_t size, const uint8_t *data)
127. 10 GetLv1Memory int32_t GetLv1Memory(uint64_t address, size_t size, uint8_t *buffer)
128. 11 SetLv1Memory int32_t SetLv1Memory(uint64_t address, size_t size, const uint8_t *data)
129. 12 GetFirmwareInfo int32_t GetFirmware(); int32_t GetCcapiVersion(); int32_t GetConsoleType(uint64_t *type)
130. 13 RingBuzzer int32_t RingBuzzer(int32_t mode)
131. 14 Unknown
132. 15 Shutdown int32_t Shutdown(int32_t mode)
133. 16 Notify int32_t Notify(int32_t texture, const wchar_t *text)