API tools faq
paste
Advertisement
deaphroat

KDSBestPS3UserCheatTool

deaphroat
Jan 2nd, 2013
43
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 5.97 KB | None | 0 0
raw download clone embed print report
  1. // Patch PS3UserCheat Cheat to an ELF File
  2. // 1. Decrypt EBOOT.BIN to EBOOT.ELF
  3. // 2. Provide PATCH.TXT with the following Format (From PS3 Cheats Editor)
  4. // Example PATCH.TXT
  5. //00002000 0002A878 33FE034C
  6. // Another Example of PATCH.TXT
  7. //00002000 010AF534 00000000
  8. //00002000 010AF538 00000000
  9. //00002000 010AF53C 00000000
  10. //00002000 010AF540 00000000
  11. // 3. Run this Code
  12. // 4. Rencrypt EBOOT.KDSBest.ELF to EBOOT.BIN
  13. // 5. Replace EBOOT.BIN of your game with the new one
  14.  
  15. // Sorry I couldn't provide a One Click Tool I lack in time ;)
  16. // the 0000c001 patches are button mapping for cheat pkgs, since we fixed patch it this isn't supported.
  17. // Example Tales of Grace F Move Fast Speed (Press []) is the following PATCH.TXT
  18. //00002000 007DF6FC 3F800000
  19. //0000C001 00000000 00000080
  20. //00002000 007DF6FC 3FE00000
  21. // If you don't want to patch the speed the PATCH.TXT you provide
  22. //00002000 007DF6FC 3F800000
  23. // If you want constant faster speed you provide
  24. //00002000 007DF6FC 3FE00000
  25. // It reads the following way
  26. // 00002000 = Patch Memory (Eboot)
  27. // 0000C001 = Button Event
  28. // Look how easy
  29. // If nothing is pressed
  30. // {
  31. //00002000 007DF6FC 3F800000 => Patch Memory At 007DF6FC to 3F800000
  32. // }
  33. //0000C001 00000000 00000080 => else If(Button Event(00000080)) => 00000080 = []
  34. // {
  35. //00002000 007DF6FC 3FE00000 => Patch Memory At 007DF6FC to 3FE00000
  36. // }
  37.  
  38. // Why I write this tool
  39. // I provided the patches by hand
  40. // 1. Load ELF in IDA
  41. // 2. Check bytes at Address
  42. // 3. Search Bytes from IDA (Which can parse the elf header and knows the exact locations) in Hex Editor
  43. // 4. Patch Bytes by hand
  44. // 5. ....
  45.  
  46. // Why is this tool written like bullshit
  47. // I don't have the mood to write it clean ;)
  48.  
  49. using System;
  50. using System.Collections.Generic;
  51. using System.Linq;
  52. using System.Text;
  53. using System.IO;
  54.  
  55. namespace Patch_ELF_PS3UserCheat
  56. {
  57. class Program
  58. {
  59. public struct ELFLocation
  60. {
  61. public uint Offset;
  62. public uint OffsetFile;
  63. public uint Size;
  64. }
  65.  
  66. public struct Patch
  67. {
  68. public uint Offset;
  69. public uint PatchValue;
  70. }
  71.  
  72. public static uint byteToUInt(byte[] b)
  73. {
  74. return byteToUInt(b, 0);
  75. }
  76.  
  77. public static uint byteToUInt(byte[] b, int offset)
  78. {
  79. uint a = (uint)b[offset] << 24;
  80. a |= (uint)b[offset + 1] << 16;
  81. a |= (uint)b[offset + 2] << 8;
  82. a |= (uint)b[offset + 3] << 0;
  83. return a;
  84. }
  85.  
  86. public static byte[] uintToByte(uint i)
  87. {
  88. byte[] b = new byte[4];
  89. b[0] = (byte)((i >> 24) & 0xFF);
  90. b[1] = (byte)((i >> 16) & 0xFF);
  91. b[2] = (byte)((i >> 8) & 0xFF);
  92. b[3] = (byte)((i) & 0xFF);
  93. return b;
  94. }
  95.  
  96. public static int LoadElfPHDR(BinaryReader br, List Elf, uint phdr_offset, uint phdr_size, uint i)
  97. {
  98. byte[] phdr = new byte[phdr_size];
  99.  
  100. br.BaseStream.Seek(phdr_offset + phdr_size * i, SeekOrigin.Begin);
  101. br.Read(phdr, 0, phdr.Length);
  102. ELFLocation elfLocation = new ELFLocation();
  103. elfLocation.OffsetFile = byteToUInt(phdr, 0x0C);
  104. elfLocation.Offset = byteToUInt(phdr, 0x14);
  105. elfLocation.Size = byteToUInt(phdr, 0x24);
  106. Elf.Add(elfLocation);
  107. return 0;
  108. }
  109.  
  110. public static ushort byteToUShort(byte[] b, int offset)
  111. {
  112. ushort a = (ushort)(b[offset] << 8);
  113. a |= (ushort)b[offset + 1];
  114. return a;
  115. }
  116.  
  117. public static List LoadElf(string FileName)
  118. {
  119. List Elf = new List();
  120. BinaryReader br = new BinaryReader(File.OpenRead(FileName));
  121.  
  122. byte[] elfMagic = new byte[4];
  123. br.Read(elfMagic, 0, 4);
  124. if (elfMagic[0] != 0x7F ||
  125. elfMagic[1] != 0x45 ||
  126. elfMagic[2] != 0x4C ||
  127. elfMagic[3] != 0x46)
  128. {
  129. Console.WriteLine("Elf Magic Wrong (" + FileName + ")");
  130. br.Close();
  131. return Elf;
  132. }
  133. br.BaseStream.Seek(0, SeekOrigin.Begin);
  134. byte[] eHDR = new byte[0x40];
  135. br.Read(eHDR, 0, eHDR.Length);
  136. uint phdr_offset = byteToUInt(eHDR, 0x24);
  137. ushort n_phdrs = byteToUShort(eHDR, 0x38);
  138. ushort phdr_size = byteToUShort(eHDR, 0x36);
  139. for (ushort i = 0; i < n_phdrs; i++)
  140. {
  141. int error = LoadElfPHDR(br, Elf, phdr_offset, phdr_size, i);
  142. if (error == 1)
  143. Console.WriteLine("Didn't Load phdr " + i + " of File " + FileName);
  144. }
  145.  
  146. br.Close();
  147. return Elf;
  148. }
  149.  
  150. public static List LoadPatchFile(string FileName)
  151. {
  152. List patches = new List();
  153. StreamReader sr = new StreamReader(File.OpenRead(FileName));
  154.  
  155. string input;
  156. while(!string.IsNullOrEmpty(input = sr.ReadLine()))
  157. {
  158. string[] vals = input.Split(new char[] { ' ' });
  159. if (vals.Length != 3 || vals[0] != "00002000")
  160. {
  161. Console.WriteLine("This is not an ELF Patch!");
  162. patches.Clear();
  163. return patches;
  164. }
  165. Patch p = new Patch();
  166.  
  167. try
  168. {
  169. p.Offset = uint.Parse(vals[1], System.Globalization.NumberStyles.AllowHexSpecifier);
  170. p.PatchValue = uint.Parse(vals[2], System.Globalization.NumberStyles.AllowHexSpecifier);
  171. patches.Add(p);
  172. }
  173. catch (Exception)
  174. {
  175. Console.WriteLine("Patch file wrong!");
  176. patches.Clear();
  177. return patches;
  178. }
  179. }
  180. return patches;
  181. }
  182.  
  183. static void Main(string[] args)
  184. {
  185. if (!File.Exists("EBOOT.ELF"))
  186. {
  187. Console.WriteLine("Couldn't find EBOOT.ELF");
  188. Console.ReadLine();
  189. return;
  190. }
  191. if (!File.Exists("PATCH.TXT"))
  192. {
  193. Console.WriteLine("Couldn't find PATCH.TXT");
  194. Console.ReadLine();
  195. return;
  196. }
  197. if (File.Exists("EBOOT.KDSBest.ELF"))
  198. File.Delete("EBOOT.KDSBest.ELF");
  199. List locations = LoadElf("EBOOT.ELF");
  200. List patches = LoadPatchFile("PATCH.TXT");
  201. for(int i = 0; i < patches.Count; i++)
  202. {
  203. ELFLocation? locationForPatch = null;
  204. Patch p = patches[i];
  205. for (int ii = 0; ii < locations.Count; ii++)
  206. {
  207. if (p.Offset >= locations[ii].Offset && p.Offset < locations[ii].Offset + locations[ii].Size)
  208. {
  209. locationForPatch = locations[ii];
  210. break;
  211. }
  212. }
  213.  
  214. if (locationForPatch == null)
  215. {
  216. Console.WriteLine("Patch is not for this ELF!");
  217. Console.ReadLine();
  218. return;
  219. }
  220. else
  221. {
  222. p.Offset = p.Offset - locationForPatch.Value.Offset + locationForPatch.Value.OffsetFile;
  223. patches[i] = p;
  224. }
  225. }
  226.  
  227. Console.WriteLine("Patching ELF...");
  228. File.Copy("EBOOT.ELF", "EBOOT.KDSBest.ELF");
  229. BinaryWriter bw = new BinaryWriter(File.OpenWrite("EBOOT.KDSBest.ELF"));
  230. foreach (Patch p in patches)
  231. {
  232. bw.Seek((int) p.Offset, SeekOrigin.Begin);
  233. bw.Write(uintToByte(p.PatchValue));
  234. }
  235. bw.Close();
  236. Console.WriteLine("DONE!");
  237. Console.ReadLine();
  238. }
  239. }
  240. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!