|
|
Line 28: |
Line 28: |
| Below are the list of tools and descriptions, see [https://github.com/CelesteBlue-dev/PSVita-RE-tools#using-the-tools here] for more info on how to use the tools. | | Below are the list of tools and descriptions, see [https://github.com/CelesteBlue-dev/PSVita-RE-tools#using-the-tools here] for more info on how to use the tools. |
|
| |
|
| ===noASLR=== | | <tabber> |
| Disable a Address Space Layout Randomization of PS Vita. | | |-|Vita tools= |
| | *'''noASLR:''' |
| | **Authors: Princess-of-Sleeping. |
| | **Disable a Address Space Layout Randomization of PS Vita. |
|
| |
|
| *Authors: Princess-of-Sleeping. | | *'''Princess Silly Mini Log USB (PSMLogUSB):''' |
| | **Authors: dots_tb. |
| | **A modified version of PrincessLog to use the USB serial drivers provided by the PSM SDK. This allows for serial stdout without hardware modification. |
|
| |
|
| ===Princess Silly Mini Log USB (PSMLogUSB)===
| | *'''Codename PrincessLog:''' |
| A modified version of PrincessLog to use the USB serial drivers provided by the PSM SDK. This allows for serial stdout without hardware modification. | | **Authors: Princess-of-Sleeping. |
| | **A complete logging solution for any homebrew, user plugin, kernel plugin. It is more efficient and overall nicer than ShipLog. |
|
| |
|
| *Authors: dots_tb. | | *'''ShipLog v2.0 (Obsolete, use PrincessLog):''' |
| *Credits: dots_tb, SilicaAndPina (idea), Sysie. | | **Authors: dots-tb. |
| *Req: Yifan Lu, SonicMastr, teakhanirons. | | **A complete logging solution for any homebrew, user plugin, kernel plugin. It can use network or file logging. |
|
| |
|
| ===Codename PrincessLog===
| | *'''French-American Games Decrypter (FAGDec):''' |
| A complete logging solution for any homebrew, user plugin, kernel plugin. It is more efficient and overall nicer than ShipLog. | | **Authors: CelesteBlue-dev and dots-tb. |
| | **A PS Vita homebrew that decrypts easily PS Vita user/kernel and games modules and can generate .ppk (compatibility pack for low FWs). |
|
| |
|
| *Authors: Princess-of-Sleeping. | | *'''ioPlus 0.1, 0.2:''' |
| *Credits: Princess-of-Sleeping, cuevavirus. | | **Authors: dots-tb. |
| | **A PS Vita kernel plugin that allows more IO operations in userland. Fast, simpler, and efficient alternative to kuio (by Rinnegatamante) (3x smaller). It allows elevated IO permissions of user applications and plugins using the original sceIo functions. This includes reading, writing, opening, and folder management within applications such as official games. It may also include getting stats, not sure. |
| | **Version 0.2 is much more inefficient, but supports decryption of files within devices that may open such as PFS devices (WARNING THIS PLUGIN MAY BYPASS SAFE-MODE). |
|
| |
|
| ===ShipLog v2.0(Obsolete, use PrincessLog)===
| | *'''physmem_dumper:''' |
| A complete logging solution for any homebrew, user plugin, kernel plugin. It can use network or file logging. | | **Authors: xyzz. |
| + Added kernel network, removed user plugin dependency
| | **A PS Vita kernel plugin that dumps Non-Secure World (NS kernel + userland) memory using RAM physical range: from 0x40200000 to 0x5FD00000. |
| + Added ability to select which logging methods.
| | **See wiki for more information on PS Vita's physical memory: https://wiki.henkaku.xyz/vita/Physical_Memory. |
| - Removed all user plugin dependency
| | **The output dump stored in ur0:dump/physmem-dump.bin is aimed to be loaded in IDA PRO using https://github.com/xyzz/vita-ida-physdump. |
| - USB removed because it causes problem with Shell and CMA (Content Manager Assistant), it is fast but not stable.
| |
|
| |
|
| *Authors: dots-tb. | | *'''Kdumper:''' |
| *Credits: xerpi, psxdev for their works on logging solutions. Cpasjuste for net. | | **Authors: TheFloW and CelesteBlue-dev. |
| | **A PS Vita fSELF to run on any activated TestKit/DevKit running FW <=3.67 in order to dump its kernel. |
| | **Confirmed working between 3.50 and 3.67. Will need some changes for lower FWs (sceMotionDevGetEvaInfo is only on FW >= 3.50). |
|
| |
|
| ===That Hooker Got NIDS=== | | |-|PC tools= |
| A PC tool that hooks specified NIDS automatically. | | *'''That Hooker Got NIDS:''' |
| | **Authors: dots-tb. |
| | **A PC tool that hooks specified NIDS automatically. |
|
| |
|
| *Authors: dots-tb. | | *'''VitaDecompilerMod:''' |
| *Credits: xerpi for base code used, TheFlow for db.yml parsing, yasen for the name ideas. | | **Authors: dots-tb. |
| | **A free alternative to IDA. It has a great pseudo-C decompilation that offers a quick view thanks to text file exporting. |
| | **Based on vitadecompiler by TheFloW, itself based on prxtool by TyRaNiD. Compared to original TheFlow's version it has a few features such as: |
| | ***More strings (EVEN MORE), including data section. (homebrew strings now work). |
| | ***Generates .c, .h, .txt (NIDs), and db_lookup (<module_name>.yml). |
| | ***ELF and fSELF support. |
| | ***Compressed fSELF support. |
| | ***Fixed issues with NIDS being improperly found. |
| | ***Includes offsets and vaddr. |
| | ***Automatic entry point (the entry point is retrieved properly from ELF header). |
| | ***Automatic entry point location (for badly generated ELFs). |
| | ***Relocation support. |
| | ***There might be more. |
|
| |
|
| ===VitaDecompilerMod===
| | *'''prxtool for PS Vita:''' |
| A free alternative to IDA. It has a great pseudo-C decompilation that offers a quick view thanks to text file exporting.
| | **Authors: TheFloW. |
| | **An alternative to VitaDecompilerMod: prxtool cannot decompile to pseudo-C but it can decompiles ASM very well. |
|
| |
|
| Based on vitadecompiler by TheFloW, itself based on prxtool by TyRaNiD. Compared to original TheFlow's version it has a few features such as:
| | *'''vita-unmake-fself:''' |
| More strings (EVEN MORE), including data section. (homebrew strings now work).
| | **Authors: dots-tb. |
| Generates .c, .h, .txt (NIDs), and db_lookup (<module_name>.yml).
| | **A PC tool that decompresses an unencrypted SELF file (.skprx, .suprx, .self, eboot.bin) into an ELF file (.elf, .velf). |
| ELF and fSELF support.
| | **This tool can't decompress NPDRM encrypted SELF nor System encrypted SELF. That means that you will have to use FAGDec or sceutils to first get a unencrypted SELF. Read SELFtoELF documentation for more information. |
| Compressed fSELF support.
| |
| Fixed issues with NIDS being improperly found.
| |
| Includes offsets and vaddr.
| |
| Automatic entry point (the entry point is retrieved properly from ELF header).
| |
| Automatic entry point location (for badly generated ELFs).
| |
| Relocation support.
| |
| There might be more.
| |
|
| |
|
| *Authors: dots-tb. | | *'''vita-elf-inject:''' |
| *Credits: TheFloW for original VitaDecompiler and PSP prxtool's contributors. | | **Authors: dots-tb. |
| | **A PC tool that injects an ELF (made by FAGDec or vita-unmake-fself) into a decrypted eboot.bin. |
|
| |
|
| ===prxtool for PS Vita===
| | *'''PSVita-ELF-builder:''' |
| An alternative to VitaDecompilerMod: prxtool cannot decompile to pseudo-C but it can decompiles ASM very well.
| | **Authors: CelesteBlue-dev. |
| | **Deprecated. A PC tool that rebuilds ELF from decrypted modules' segments. To be used after using vitaDecrypt (never released). |
|
| |
|
| *Authors: TheFloW. | | *'''PSVita-error-code-resolver:''' |
| *Credits: TheFloW and xerpi for PS Vita port and PSP prxtool's contributors. | | **Authors: SilicaAndPina and Princess-of-Sleeping. |
| | **A PC program that can use the PS Vita error_table.bin to translate error codes. |
|
| |
|
| ===vita-unmake-fself===
| | *'''psp2-kernel-bootimage-extract:''' |
| A PC tool that decompresses an unencrypted SELF file (.skprx, .suprx, .self, eboot.bin) into an ELF file (.elf, .velf). | | **Authors: CelesteBlue-dev and zecoxa. |
| | **A PC program that extracts kernel modules ELF files from bootimage.elf or PSPemu flash files from pcff.elf. |
|
| |
|
| This tool can't decompress NPDRM encrypted SELF nor System encrypted SELF. That means that you will have to use FAGDec or sceutils to first get a unencrypted SELF. Read SELFtoELF documentation for more information.
| | *'''psp2-kbl-elf-extract:''' |
| | **Authors: CelesteBlue-dev. |
| | **A PC program that extracts embedded secure kernel modules ELF and Kernel Boot Loader (Non-secure) files from kernel_boot_loader.elf. |
|
| |
|
| *Authors: dots-tb. | | *'''psp2-syslibtrace-nids-extract:''' |
| | **Authors: CelesteBlue-dev. |
| | **A PC program that extracts the functions NIDs-names table from syslibtrace.elf to stdout. |
|
| |
|
| ===vita-elf-inject===
| | *'''unarzl:''' |
| A PC tool that injects an ELF (made by FAGDec or vita-unmake-fself) into a decrypted eboot.bin. | | **Authors: TeamMolecule. |
| | **A PC program that extracts ARZL compressed file. |
|
| |
|
| *Authors: dots-tb. | | *'''kdump-extract:''' |
| *Credits: Motoharu and CelesteBlue for make-fself rev ur engs. | | **Authors: dots-tb. |
| | **A PC program that finds and extracts segment 0 of a kernel module from a continous kernel memory dump. |
| | **It outputs a .elf that can be used for RE (see vitadecompiler), for extracting NIDs (see nids-extract). |
| | **It is to be used in conjunction with Kdumper on PS Vita side. |
|
| |
|
| ===PSVita-ELF-builder===
| | *'''psvitalibdoc:''' |
| Deprecated. A PC tool that rebuilds ELF from decrypted modules' segments. To be used after using vitaDecrypt (never released).
| | **Some lists of functions names / NIDs / libraries / modules to be used with vitadump IDA plugin, vitaldr IDA plugin, VitaDecompilerMod or prxtool for PS Vita. |
| | | </tabber> |
| *Authors: CelesteBlue-dev.
| |
| *Credits: zecoxao for the tutorial (how to rebuild ELF from decrypted segments and original SELF), vitasdk for vita-make-fself.
| |
| | |
| ===French-American Games Decrypter (FAGDec)===
| |
| A PS Vita homebrew that decrypts easily PS Vita user/kernel and games modules and can generate .ppk (compatibility pack for low FWs).
| |
| | |
| *Authors: CelesteBlue-dev and dots-tb.
| |
| *Credits: Motoharu, Team Molecule, zecoxao for vitadump(new), xerpi, NPS team esp. juliosueiras. Check app for further credits.
| |
| | |
| ===ioPlus 0.1, 0.2===
| |
| A PS Vita kernel plugin that allows more IO operations in userland. Fast, simpler, and efficient alternative to kuio (by Rinnegatamante) (3x smaller).
| |
| | |
| It allows elevated IO permissions of user applications and plugins using the original sceIo functions. This includes reading, writing, opening, and folder management within applications such as official games. It may also include getting stats, not sure.
| |
| | |
| Version 0.2 is much more inefficient, but supports decryption of files within devices that may open such as PFS devices (WARNING THIS PLUGIN MAY BYPASS SAFE-MODE).
| |
| | |
| *Authors: dots-tb.
| |
| | |
| ===physmem_dumper===
| |
| A PS Vita kernel plugin that dumps Non-Secure World (NS kernel + userland) memory using RAM physical range: from 0x40200000 to 0x5FD00000.
| |
| | |
| See wiki for more information on PS Vita's physical memory: https://wiki.henkaku.xyz/vita/Physical_Memory.
| |
| | |
| The output dump stored in ur0:dump/physmem-dump.bin is aimed to be loaded in IDA PRO using https://github.com/xyzz/vita-ida-physdump.
| |
| | |
| *Authors: xyzz. | |
| | |
| ===PSVita-error-code-resolver===
| |
| A PC program that can use the PS Vita error_table.bin to translate error codes.
| |
| | |
| *Authors: SilicaAndPina and Princess-of-Sleeping.
| |
| | |
| ===psp2-kernel-bootimage-extract===
| |
| A PC program that extracts kernel modules ELF files from bootimage.elf or PSPemu flash files from pcff.elf.
| |
| | |
| *Authors: CelesteBlue-dev and zecoxa.
| |
| | |
| ===psp2-kbl-elf-extract===
| |
| A PC program that extracts embedded secure kernel modules ELF and Kernel Boot Loader (Non-secure) files from kernel_boot_loader.elf.
| |
| | |
| *Authors: CelesteBlue-dev. | |
| | |
| ===psp2-syslibtrace-nids-extract===
| |
| A PC program that extracts the functions NIDs-names table from syslibtrace.elf to stdout.
| |
| | |
| *Authors: CelesteBlue-dev.
| |
| | |
| ===unarzl===
| |
| A PC program that extracts ARZL compressed file.
| |
| | |
| *Authors: TeamMolecule.
| |
| | |
| ===Kdumper===
| |
| A PS Vita fSELF to run on any activated TestKit/DevKit running FW <=3.67 in order to dump its kernel.
| |
| | |
| Confirmed working between 3.50 and 3.67. Will need some changes for lower FWs (sceMotionDevGetEvaInfo is only on FW >= 3.50).
| |
| | |
| *Authors: TheFloW and CelesteBlue-dev.
| |
| *Credits: TheFloW for the kernel exploits, CelesteBlue for the many improvements, Mathieulh and LemonHaze for SceNgsUser code.
| |
| | |
| ===kdump-extract===
| |
| A PC program that finds and extracts segment 0 of a kernel module from a continous kernel memory dump.
| |
| | |
| It outputs a .elf that can be used for RE (see vitadecompiler), for extracting NIDs (see nids-extract).
| |
| | |
| It is to be used in conjunction with Kdumper on PS Vita side.
| |
| | |
| *Authors: dots-tb.
| |
| | |
| ===psvitalibdoc===
| |
| Some lists of functions names / NIDs / libraries / modules to be used with vitadump IDA plugin, vitaldr IDA plugin, VitaDecompilerMod or prxtool for PS Vita. | |
|
| |
|
| ==Credits== | | ==Credits== |