1-10-15: Initial release.
In my latest PS3 video, I will show you how to determine what is the lowest firmware that your PS3 can accept. Why is this important?
If you want to do CFW (custom firmware) and you upgraded your PS3 to the latest official firmware (i.e. 4.66) you may or may not be able to downgrade it if the original firmware loaded on the system is 3.56 or higher.
If it turns out that your PS3 model was originally with built firmware 3.55 or lower, then that means your PS3 can be downgraded through the use of a hardware flasher of some sort.
See the video tutorial for more details, and check out the youtube page for the download link to MinVerCheck.rar file.
Foreword: I am pleased to announce the very first article from long time viewer Omega! I’ve reviewed this article, and this is very good stuff on reverse engineering. For the WordPress audience, this does not violate the Terms of Service. This article is simply for education, and to get your feet wet with reverse engineering. The Underground Staff does not advocate hacking for malicious use. This is simply an exercise to get your mind exploring new possibilities, no more and no less. With that said, have fun! ~ Versatile
If you visit this blog there’s a good chance you once used a no-cd crack or others hacks for a program. You may have visited this blog to find tutorials on how to use and apply them. But today we’re going a step further. We will gradually explain how these hacks are actually made. This post will only be a small introduction that can be followed by anyone. Each of my posts will continue with more advanced techniques.
Reverse Engineering (RE)
The first thing you want to do is analyze your target program. You first need to know what it does and how it works internally. Once you have this knowledge you can find the weak spots and make the program do what you want. A term that’s used a lot to describe this process is Reverse (Code) Engineering. Wikepedia defines it as:
Reverse engineering (RE) is the process of discovering the technological principles of a device, object or system through analysis of its structure, function and operation. It often involves taking something (e.g. a software program) apart and analyzing its workings in detail.
Reverse Engineering is one of the most important steps when creating a hack or no-cd crack. Sometimes it is even used as a synonym for these.
Our first lesson will be simple and doesn’t require any previous RE and/or programming knowledge. We will attempt to freeze the timer of Minesweeper.
Internally a computer works only with numbers, so every single thing on your computer is represented by a number. The smallest type of number we can directly access is called a byte. It can store the numbers between (and including) -128 and 127. We can then group 2 bytes togheter and can represent every number between -32768 and 32767. With 4 bytes we get -2147483648 and 2147483647. We can continue this with 8 bytes and so on.
It is the programmer that gives meaning to these numbers. For example, we can say that numbers 0 to 25 stand for each letter in the alphabet. In a different situation we can say that 0 to 11 stands for each month in the year. We can see that the “meaning” of these numbers indeed depends on where and how they are used.
Every byte has a so called address. This address is again a number, and we use this number to access the byte. For example, we have 2 bytes and want to add them together. Say the first byte is saved at address 2345 and the second one at address 5345. We can then tell the computer to add the bytes at address 2345 and 5345 together (and optionally save this result at another address). Address are mostly written in hexadecimal notation.
For a more detailed explanation on how numbers are stored and represented on computers you can read “The Art of Assembly“.
Freezing the timer
It’s now our job to find where the number that represents the timer is saved. Once we know it’s location we can simply overwrite it with a new value and thus change the timer in Minesweeper. To find the address we will use the tool “Memory Hacking Software” (MHS).
The first thing we need to guess is how the timer is saved. Since the timer already is a number this is trivial (the number of the timer is saved directly without any conversion). We only need to determine the size of the number. Since a byte is not large enough to save the biggest possible value of the timer (999), we will guess the programmer of minesweeper used (at least) 2 bytes to save the timer.
- Start Minesweeper. Now launch MHS.
- Go to File -> Open Process, select Minesweeper and click on Open
- Then do Search -> Data-Type Search. Select Short as Data Type (Short is the same as 2 bytes) and Exact Value as evaluation type.
- Since we haven’t started the game in minesweeper yet, the timer is currently zero. In Value to Find type 0. Now click OK.
- It will say how many addresses (in the minesweeper process) had the value 0. There will probably be a lot of them! I had 1497378 results, and one of these (probably) is the timer.
Filtering the results
We know that one of these address is the timer, however there are too many results and practically this list is still useless. What we need to do is shrink the list. And this will be done by doing a “sub search” on our previous results. In this case we can start playing minesweeper so the timer will start. We now know that the timer has increased, so we will search for an “increased value” in our current result list and thus shrink the list.
- Go to Search -> Sub Search so we can further “filter” our results of the previous search. We know the timer has increased so we select Increased as Search Type.
- I got 46 results. Still too much. I again do a sub search and again search for an increased number. Now I only get 3 results! Continue this until you only have a few results left. Once you have a small list, it should be easy to spot the timer by observing the Current Value field. This will always be equal to the timer in minesweeper. In my case the timer is saved at address 0100579C (this address can be different for you).
- Double click on the address in the “Found Addresses” list. It will be added to the “main address list”. Double click on the address in the main address list. We will now lock the value of the timer to zero. We do this by checking Locked and entering an Exact Value of zero.
And there you go, you froze the timer. Because of the way minesweeper was made it will actually display a time of 1 instead of 0, but nevertheless it’s frozen.
This was small and basic introduction to hacking. You can try this method on other programs (eg. on number of bullets left, current health, high score, etc). However you will notice that it doesn’t always work. You won’t be able to easily find the address or the address could change each time you play the game. We will discuss these problems the next time and actually do some real hacking :).
See you next time,
Share this Post
After reading the lack of comments yesterday on the TiT post, I decided to ponder about my journey in search of the next TUG event. Wait, what is a TUG event? I know some of you guys have some sick minds out there, as I’m sure TUG could refer to a lot of things like a boat, tug of war, pulling on something, and etc. 🙂
My usage of TUG here is an acronym for The Under Ground, hence the next The Underground Event for writing here on the blog.
Yesterday I thought more about the “Life of a Pirate” series, and decided that it was too forward. There is a lot of good knowledge out there from honest people who are not pirates, and I did not want to proceed with the image that pirates are evil/good and that I should totally expose the pirate scene apart.
Plus, this blog is not meant as a forum for piracy either and I don’t want to be seen as that too. In efforts to maintain the clean blog image, I have decided to move onto something that I can live with.
Welcome to what could very well be the “STD Stories”, where STD is Versatile1 acronymn for “Savvy Tech Dude” (or Dudette depending on article content). I love puns, what can I say.
Breakdown of STD Stories:
- STD stories will try to be posted once a week, but not guaranteed. Expect it to appear out of nowhere, just like real life STDs. 🙂
- STD stories are real stories about technology and how it is twisted to fit into someone’s life for logical or illogical purposes.
- STD stories may dwell on underground material, but is not meant to be strictly related to it.
- STD stories are meant to be written by The Underground Staff, but the community is highly encouraged to contribute via posts or offline interviews with Versatile1.
- STD stories can either be fictional or truth, and the validity of the story is left up to the writer and for the audience to decide for themselves.
- STD stories are laid-back, and could be a story, but doesn’t have to be. A tutorial could be thought of as a “story” too in some regards.
I’m sure the list could go on and on. Does it sound exciting? It does to me. We’ll see. As time goes on, you will see what the flavor of articles is going to be. Good times!
For the record, I have tried this and it worked perfectly. Here is the lowdown:
If you have Swap magic, or some other kind of Playstation 2 mod, did you know you can play SNES roms on the Playstation 2? Yes, it can be done.
This is what you need to do.
Go to the official homepage of SNES station here.
There you can find the SNES station program. Download it and extract it if need be. From here, you need to get SNES roms. Go to your favorite rom site to find some SNES roms. I like to go to romnation.net
Once you have some roms, put them in a rom folder, and proceed to burn the SNES data files along with your ROM folder. Now boot the SNES disc with your swap magic, and you are good to go!
What I did actually was I searched demonoid.com torrents for a copy of SNES station, as this one guy has already made SNES station disc, with over 500 SNES roms. It is missing a few games, like some of the metroid games, but hell man, that saves you time downloading all those games. Did I mention all of this fits on a 700 MB disc? Yup. The only caveat to SNES station is that some games don’t work at all, or it skips or runs very slow. Well, its just an emulator, but games like Super Mario World 1 flys!
I found a youtube video that should show you what its like to use SNES station on your PS2. Yes, you can play SNES roms on your fat or slim ps2, just make sure you have the proper tools and mods.
Share this Post