4.90 Updates (thanks Joonie, lmn7, Evilnat)

PS3-4K-Pro · Mar 13, 2023 · 0400087 · 0400087
1 parent 1e059b8
commit 0400087
Show file tree

Hide file tree

Showing 28 changed files with 1,343 additions and 43 deletions.
diff --git a/docs/hfw_layouts_cex.txt b/docs/hfw_layouts_cex.txt
@@ -315,4 +315,31 @@ silk_webkit.sprx
 user_plugin.sprx
 vmclib.sprx
 x3_mdimp11.sprx
+--------------------------------------------------
+
+--------------------------------------------------
+4.90
+
+dev_flash_014.tar.aa.2022_12_12_180040
+
+autoupdateconf_plugin.sprx
+bdp_disccheck_plugin.sprx
+bdp_plugin.sprx
+bdp_storage_plugin.sprx
+campaign_plugin.sprx
+closedcaption_config_plugin.sprx
+comboplay_plugin.sprx
+edy_plugin.sprx
+libps2hdd.sprx
+mintx_client.sprx
+mintx_client_upload.sprx
+msmw3_senvuabs_only.sprx
+np_oauth.sprx
+remotedownload_plugin.sprx
+sacd_plugin.sprx
+silk_mrcommon.sprx
+silk_webkit.sprx
+simple_music2_decode_plugin.sprx
+software_update_plugin.sprx
+strviewer_plugin.sprx
 --------------------------------------------------
diff --git a/henplugin/main.c b/henplugin/main.c
@@ -439,6 +439,13 @@ static void downloadPKG_thread2(void)
 			else{
 				download_interface->DownloadURL(0, (wchar_t *) L"http://www.ps3xploit.me/hen/dev/489/cex/installer/Latest_HEN_Installer_signed.pkg", (wchar_t *) L"/dev_hdd0");}
 		}
+	else if(val==0x3A35340000000000ULL) // for 4.90, kernel offset is off by 0x10 so we are checking this value instead of the timestamp
+		{
+			if(build_type==RELEASE){
+				download_interface->DownloadURL(0, (wchar_t *) L"http://www.ps3xploit.me/hen/release/490/cex/installer/Latest_HEN_Installer_signed.pkg", (wchar_t *) L"/dev_hdd0");}
+			else{
+				download_interface->DownloadURL(0, (wchar_t *) L"http://www.ps3xploit.me/hen/dev/490/cex/installer/Latest_HEN_Installer_signed.pkg", (wchar_t *) L"/dev_hdd0");}
+		}
 		/*
 		// Fix DEX kernel value
 	else if(val==0x323031392F30312FULL)

diff --git a/html/han_flash_mount_blind.html b/html/han_flash_mount_blind.html
@@ -8,6 +8,8 @@
 var toc_addr=7296344,default_vsh_pub_toc=7263660,vsh_opd_patch=617820,vsh_opd_addr=7256944,vsh_toc_addr_screenshot=7472764,vsh_ps3xploit_key_toc=7370860,toc_entry1_addr=7185360,toc_entry2_addr=7494456,toc_entry3_addr=7185352,toc_entry4_addr=7602176,toc_entry5_addr=7255752,toc_entry6_addr=0,gadget1_addr=620036,gadget2_addr=6332644,gadget3_addr=872540,gadget4_addr=2267192,gadget5_addr=1227548,gadget6_addr=6380764,gadget7_addr=131024,gadget8_addr=131072,gadget9_addr=170760,gadget10_addr=6479908,gadget11_addr=5874864,gadget12_addr=820812,gadget13_addr=4777384,gadget14_addr=4769696,gadget15_addr=4758664,gadget_mod1_addr=6352856,gadget_mod2_addr=80756,gadget_mod3_addr=757248,gadget_mod4a_addr=890500,gadget_mod4b_addr=4376440,gadget_mod4c_addr=346864,gadget_mod5_addr=4339932,gadget_mod6_addr=134144,gadget_mod7_addr=108204,gadget_mod8_addr=2862264,gadget_mod9_addr=68384,gadget_mod10_addr=1857428,gadget_mod11_addr=1618244,gadget_mod12_addr=6500860,gadget_mod13_addr=3369072,gadget_mod14_addr=6502656,gadget_mod15_addr=3788856,gadget_mod16_addr=5206828,ipf1_addr=7256952,ipf2_addr=5272436;}
 if((fwv==="4.86")||(fwv==="4.87")||(fwv==="4.88")||(fwv==="4.89")){
 var toc_addr=7296344,default_vsh_pub_toc=7263660,vsh_opd_patch=617820,vsh_opd_addr=7256944,vsh_toc_addr_screenshot=7473196,vsh_ps3xploit_key_toc=7371292,toc_entry1_addr=7185360,toc_entry2_addr=7494888,toc_entry3_addr=7185352,toc_entry4_addr=7602176,toc_entry5_addr=7255752,toc_entry6_addr=0,gadget1_addr=620036,gadget2_addr=6332644,gadget3_addr=872540,gadget4_addr=2267192,gadget5_addr=1227548,gadget6_addr=6380764,gadget7_addr=131024,gadget8_addr=131072,gadget9_addr=170760,gadget10_addr=6479908,gadget11_addr=5874864,gadget12_addr=820812,gadget13_addr=4777384,gadget14_addr=4769696,gadget15_addr=4758664,gadget_mod1_addr=6352856,gadget_mod2_addr=80756,gadget_mod3_addr=757248,gadget_mod4a_addr=890500,gadget_mod4b_addr=4376440,gadget_mod4c_addr=346864,gadget_mod5_addr=4339932,gadget_mod6_addr=134144,gadget_mod7_addr=108204,gadget_mod8_addr=2862264,gadget_mod9_addr=68384,gadget_mod10_addr=1857428,gadget_mod11_addr=1618244,gadget_mod12_addr=6500860,gadget_mod13_addr=3369072,gadget_mod14_addr=6502656,gadget_mod15_addr=3788856,gadget_mod16_addr=5206828,ipf1_addr=7256952,ipf2_addr=5272436;}
+if(fwv=="4.90"){
+var toc_addr=7296344,default_vsh_pub_toc=7263660,vsh_opd_patch=617820,vsh_opd_addr=7256944,vsh_toc_addr_screenshot=7473196,vsh_ps3xploit_key_toc=7371292,toc_entry1_addr=7185360,toc_entry2_addr=7494888,toc_entry3_addr=7185352,toc_entry4_addr=7602176,toc_entry5_addr=7255752,toc_entry6_addr=0,gadget1_addr=620036,gadget2_addr=6332636,gadget3_addr=872540,gadget4_addr=2267188,gadget5_addr=1227548,gadget6_addr=6380756,gadget7_addr=131024,gadget8_addr=131072,gadget9_addr=170760,gadget10_addr=6479900,gadget11_addr=5874860,gadget12_addr=820812,gadget13_addr=4777380,gadget14_addr=4769692,gadget15_addr=4758660,gadget_mod1_addr=6352848,gadget_mod2_addr=80756,gadget_mod3_addr=757248,gadget_mod4a_addr=890500,gadget_mod4b_addr=4376436,gadget_mod4c_addr=346864,gadget_mod5_addr=4339928,gadget_mod6_addr=134144,gadget_mod7_addr=108204,gadget_mod8_addr=2862260,gadget_mod9_addr=68384,gadget_mod10_addr=1857428,gadget_mod11_addr=1618244,gadget_mod12_addr=6500852,gadget_mod13_addr=3369068,gadget_mod14_addr=6502648,gadget_mod15_addr=3788852,gadget_mod16_addr=5206824,ipf1_addr=7256952,ipf2_addr=5272436;}
 function hexh2bin(hex_val)
 {
 	return String.fromCharCode(hex_val);

diff --git a/html/han_flash_mount_rewrite.html b/html/han_flash_mount_rewrite.html
@@ -8,6 +8,8 @@
 var toc_addr=7296344,default_vsh_pub_toc=7263660,vsh_opd_patch=617820,vsh_opd_addr=7256944,vsh_toc_addr_screenshot=7472764,vsh_ps3xploit_key_toc=7370860,toc_entry1_addr=7185360,toc_entry2_addr=7494456,toc_entry3_addr=7185352,toc_entry4_addr=7602176,toc_entry5_addr=7255752,toc_entry6_addr=0,gadget1_addr=620036,gadget2_addr=6332644,gadget3_addr=872540,gadget4_addr=2267192,gadget5_addr=1227548,gadget6_addr=6380764,gadget7_addr=131024,gadget8_addr=131072,gadget9_addr=170760,gadget10_addr=6479908,gadget11_addr=5874864,gadget12_addr=820812,gadget13_addr=4777384,gadget14_addr=4769696,gadget15_addr=4758664,gadget_mod1_addr=6352856,gadget_mod2_addr=80756,gadget_mod3_addr=757248,gadget_mod4a_addr=890500,gadget_mod4b_addr=4376440,gadget_mod4c_addr=346864,gadget_mod5_addr=4339932,gadget_mod6_addr=134144,gadget_mod7_addr=108204,gadget_mod8_addr=2862264,gadget_mod9_addr=68384,gadget_mod10_addr=1857428,gadget_mod11_addr=1618244,gadget_mod12_addr=6500860,gadget_mod13_addr=3369072,gadget_mod14_addr=6502656,gadget_mod15_addr=3788856,gadget_mod16_addr=5206828,ipf1_addr=7256952,ipf2_addr=5272436;}
 if((fwv==="4.86")||(fwv==="4.87")||(fwv==="4.88")||(fwv==="4.89")){
 var toc_addr=7296344,default_vsh_pub_toc=7263660,vsh_opd_patch=617820,vsh_opd_addr=7256944,vsh_toc_addr_screenshot=7473196,vsh_ps3xploit_key_toc=7371292,toc_entry1_addr=7185360,toc_entry2_addr=7494888,toc_entry3_addr=7185352,toc_entry4_addr=7602176,toc_entry5_addr=7255752,toc_entry6_addr=0,gadget1_addr=620036,gadget2_addr=6332644,gadget3_addr=872540,gadget4_addr=2267192,gadget5_addr=1227548,gadget6_addr=6380764,gadget7_addr=131024,gadget8_addr=131072,gadget9_addr=170760,gadget10_addr=6479908,gadget11_addr=5874864,gadget12_addr=820812,gadget13_addr=4777384,gadget14_addr=4769696,gadget15_addr=4758664,gadget_mod1_addr=6352856,gadget_mod2_addr=80756,gadget_mod3_addr=757248,gadget_mod4a_addr=890500,gadget_mod4b_addr=4376440,gadget_mod4c_addr=346864,gadget_mod5_addr=4339932,gadget_mod6_addr=134144,gadget_mod7_addr=108204,gadget_mod8_addr=2862264,gadget_mod9_addr=68384,gadget_mod10_addr=1857428,gadget_mod11_addr=1618244,gadget_mod12_addr=6500860,gadget_mod13_addr=3369072,gadget_mod14_addr=6502656,gadget_mod15_addr=3788856,gadget_mod16_addr=5206828,ipf1_addr=7256952,ipf2_addr=5272436;}
+if(fwv=="4.90"){
+var toc_addr=7296344,default_vsh_pub_toc=7263660,vsh_opd_patch=617820,vsh_opd_addr=7256944,vsh_toc_addr_screenshot=7473196,vsh_ps3xploit_key_toc=7371292,toc_entry1_addr=7185360,toc_entry2_addr=7494888,toc_entry3_addr=7185352,toc_entry4_addr=7602176,toc_entry5_addr=7255752,toc_entry6_addr=0,gadget1_addr=620036,gadget2_addr=6332636,gadget3_addr=872540,gadget4_addr=2267188,gadget5_addr=1227548,gadget6_addr=6380756,gadget7_addr=131024,gadget8_addr=131072,gadget9_addr=170760,gadget10_addr=6479900,gadget11_addr=5874860,gadget12_addr=820812,gadget13_addr=4777380,gadget14_addr=4769692,gadget15_addr=4758660,gadget_mod1_addr=6352848,gadget_mod2_addr=80756,gadget_mod3_addr=757248,gadget_mod4a_addr=890500,gadget_mod4b_addr=4376436,gadget_mod4c_addr=346864,gadget_mod5_addr=4339928,gadget_mod6_addr=134144,gadget_mod7_addr=108204,gadget_mod8_addr=2862260,gadget_mod9_addr=68384,gadget_mod10_addr=1857428,gadget_mod11_addr=1618244,gadget_mod12_addr=6500852,gadget_mod13_addr=3369068,gadget_mod14_addr=6502648,gadget_mod15_addr=3788852,gadget_mod16_addr=5206824,ipf1_addr=7256952,ipf2_addr=5272436;}
 function hexh2bin(hex_val)
 {
 	return String.fromCharCode(hex_val);

diff --git a/html/hen_installer/auto/index.html b/html/hen_installer/auto/index.html
@@ -127,7 +127,7 @@
 	<div id="headerId" style="color:#CC2010">
 	<h1>PS3 HEN Auto Installer</h1>
 	<span style="color:#000000">Many thanks to xerpi for porting the memory leak exploit to ps3, zecoxao & Joonie for their early & renewed support, mysis for documenting vsh/lv2, SSL for his regular & precious advice, kakaroto for the PS3 IDA tools, naherwert for scetool, Rebug Team for producing/updating the only CFW adequate to develop this work & Cobra team for sharing their CobraUSB source, the psdevwiki team of course, STLcardsWS for his long standing contribution & ever constant support.<br>We also wish to thank all the ps3 community hackers/devs, past & present, who directly or indirectly helped us put this project together, you know who you are...</span><hr>
-	<h3>Supports CEX 4.84 - 4.89 HFW Firmware</h3>
+	<h3>Supports CEX 4.84 - 4.90 HFW Firmware</h3>
 	<span style="color:#0055AA"><h3>INFO: If HEN is already installed, this will act as an Enabler</font></h3>
 	<span style="color:#222222"><h3>Instructions: Click the "Auto Install HEN" button. Wait.</font></h3>
 	<span style="color:#FF1122"><h3>* If initialization fails, set Home Page to about:blank and bookmark this page or return from history. Start browser again, load this page directly, and try again *</font></h3>

diff --git a/html/hen_installer/auto/ps3hen_v100.js b/html/hen_installer/auto/ps3hen_v100.js
@@ -1,4 +1,4 @@
-var debug=false;
+var debug=true;
 
 var ua = navigator.userAgent;
 var fwVersion = ua.substring(ua.indexOf("5.0 (") + 19, ua.indexOf(") Apple"));
@@ -714,6 +714,53 @@ var gadget_mod14_addr_489=0x633900; //load r3 dword
 var gadget_mod15_addr_489=0x39D038; //load r3 word
 var gadget_mod16_addr_489=0x4F732C; //set toc
 
+//CEX 4.90
+var toc_addr_490 = 0x6F5558;
+var default_vsh_pub_toc_490=0x6ED5AC;
+var vsh_opd_patch_490=0x96D5C;
+var vsh_opd_addr_490=0x6EBB70;
+var vsh_toc_addr_screenshot_490=0x72082C;// Updated From 4.83/4.84/4.85
+var vsh_ps3hen_key_toc_490=0x707A1C;// Updated From 4.83/4.84/4.85
+var toc_entry1_addr_490=0x6DA3D0;
+var toc_entry2_addr_490=0x725CE8;//idps Updated From 4.83/4.84/4.85
+var toc_entry3_addr_490=0x6DA3C8;
+var toc_entry4_addr_490=0x740000;
+var toc_entry5_addr_490=0x6EB6C8;
+var toc_entry6_addr_490=0x0;
+var gadget1_addr_490=0x097604;
+var gadget2_addr_490=0x60A0DC;
+var gadget3_addr_490=0x0D505C;
+var gadget4_addr_490=0x229834;
+var gadget5_addr_490=0x12BB1C;
+var gadget6_addr_490=0x615CD4;//malloc
+var gadget7_addr_490=0x01FFD0;//memset
+var gadget8_addr_490=0x020000;//memcpy
+var gadget9_addr_490=0x029B08;
+var gadget10_addr_490=0x62E01C;
+var gadget11_addr_490=0x59A4AC;// sprintf
+var gadget12_addr_490=0x0C864C;
+var gadget13_addr_490=0x48E5A4;//free
+var gadget14_addr_490=0x48C79C;
+var gadget15_addr_490=0x489C84;
+var gadget_mod1_addr_490=0x60EFD0;
+var gadget_mod2_addr_490=0x013B74;
+var gadget_mod3_addr_490=0x0B8E00;
+var gadget_mod4a_addr_490=0x0D9684;
+var gadget_mod4b_addr_490=0x42C774;
+var gadget_mod4c_addr_490=0x054AF0; //load r5 word
+var gadget_mod5_addr_490=0x4238D8;
+var gadget_mod6_addr_490=0x020C00;
+var gadget_mod7_addr_490=0x01A6AC;
+var gadget_mod8_addr_490=0x2BACB4;// graceful exit
+var gadget_mod9_addr_490=0x010B20;
+var gadget_mod10_addr_490=0x1C5794;
+var gadget_mod11_addr_490=0x18B144;
+var gadget_mod12_addr_490=0x6331F4; //validation gadget
+var gadget_mod13_addr_490=0x33686C; //store_r3 gadget
+var gadget_mod14_addr_490=0x6338F8; //load r3 dword
+var gadget_mod15_addr_490=0x39D034; //load r3 word
+var gadget_mod16_addr_490=0x4F7328; //set toc
+
 function hexh2bin(hex_val)
 {
 	return String.fromCharCode(hex_val);
@@ -1876,6 +1923,54 @@ function loadcex_489()
 	gadget_mod15_addr=gadget_mod15_addr_489;
 	gadget_mod16_addr=gadget_mod16_addr_489;
 }
+function loadcex_490()
+{
+	toc_addr = toc_addr_490;
+	vsh_opd_addr=vsh_opd_addr_490;
+	vsh_opd_patch=vsh_opd_patch_490;
+	vsh_toc_addr_screenshot=vsh_toc_addr_screenshot_490;
+	vsh_ps3hen_key_toc=vsh_ps3hen_key_toc_490;
+	default_vsh_pub_toc=default_vsh_pub_toc_490;
+	toc_entry1_addr=toc_entry1_addr_490;
+	toc_entry2_addr=toc_entry2_addr_490;
+	toc_entry3_addr=toc_entry3_addr_490;
+	toc_entry4_addr=toc_entry4_addr_490;
+	toc_entry5_addr=toc_entry5_addr_490;
+	toc_entry6_addr=toc_entry6_addr_490;
+	gadget1_addr=gadget1_addr_490;
+	gadget2_addr=gadget2_addr_490;
+	gadget3_addr=gadget3_addr_490;
+	gadget4_addr=gadget4_addr_490;
+	gadget5_addr=gadget5_addr_490;
+	gadget6_addr=gadget6_addr_490;
+	gadget7_addr=gadget7_addr_490;
+	gadget8_addr=gadget8_addr_490;
+	gadget9_addr=gadget9_addr_490;
+	gadget10_addr=gadget10_addr_490;
+	gadget11_addr=gadget11_addr_490;
+	gadget12_addr=gadget12_addr_490;
+	gadget13_addr=gadget13_addr_490;
+	gadget14_addr=gadget14_addr_490;
+	gadget15_addr=gadget15_addr_490;
+	gadget_mod1_addr=gadget_mod1_addr_490;
+	gadget_mod2_addr=gadget_mod2_addr_490;
+	gadget_mod3_addr=gadget_mod3_addr_490;
+	gadget_mod4a_addr=gadget_mod4a_addr_490;
+	gadget_mod4b_addr=gadget_mod4b_addr_490;
+	gadget_mod4c_addr=gadget_mod4c_addr_490;
+	gadget_mod5_addr=gadget_mod5_addr_490;
+	gadget_mod6_addr=gadget_mod6_addr_490;
+	gadget_mod7_addr=gadget_mod7_addr_490;
+	gadget_mod8_addr=gadget_mod8_addr_490;
+	gadget_mod9_addr=gadget_mod9_addr_490;
+	gadget_mod10_addr=gadget_mod10_addr_490;
+	gadget_mod11_addr=gadget_mod11_addr_490;
+	gadget_mod12_addr=gadget_mod12_addr_490;
+	gadget_mod13_addr=gadget_mod13_addr_490;
+	gadget_mod14_addr=gadget_mod14_addr_490;
+	gadget_mod15_addr=gadget_mod15_addr_490;
+	gadget_mod16_addr=gadget_mod16_addr_490;
+}
 /*
 function dex()
 {
@@ -1946,6 +2041,13 @@ function dex()
 			//disable_trigger();
 			break;
 
+		case "4.90":
+			//if(document.getElementById('dex').checked===true){loaddex_490();}//alert("calling loaddex_490");
+			//else {loadcex_490();}
+			//loadcex_490();
+			//disable_trigger();
+			break;
+
 		default:
 			break;
 	}
@@ -2283,7 +2385,7 @@ function fill_by_16bytes(nbytes,hex_val)
 //########################## End ROP Framework functions by bguerville(under development) #########################
 function ps3chk(){
 
-	var fwCompat = ["4.00","4.10","4.11","4.20","4.21","4.25","4.30","4.31","4.40","4.41","4.45","4.46","4.50","4.53","4.55","4.60","4.65","4.66","4.70","4.75","4.76","4.78","4.80","4.81","4.82","4.83","4.84","4.85","4.86","4.87","4.88","4.89"];
+	var fwCompat = ["4.00","4.10","4.11","4.20","4.21","4.25","4.30","4.31","4.40","4.41","4.45","4.46","4.50","4.53","4.55","4.60","4.65","4.66","4.70","4.75","4.76","4.78","4.80","4.81","4.82","4.83","4.84","4.85","4.86","4.87","4.88","4.89","4.90"];
 	var ua = navigator.userAgent;
 	var uaStringCheck = ua.substring(ua.indexOf("5.0 (") + 5, ua.indexOf(") Apple") - 7);
 	var fwVersion = ua.substring(ua.indexOf("5.0 (") + 19, ua.indexOf(") Apple"));
@@ -2328,8 +2430,14 @@ function ps3chk(){
 					loadcex_489();
 					break;
 
+				case fwCompat[32]:
+					//alert(msgHFW);
+//					initDEX();
+					loadcex_490();
+					break;					
+
 				default:
-					//alert('Your PS3 is not on FW 4.84 - 4.89! Your current running FW version is ' + fwVersion + ', which is not compatible with ps3hen 1.0. All features have been disabled');
+					//alert('Your PS3 is not on FW 4.84 - 4.90! Your current running FW version is ' + fwVersion + ', which is not compatible with ps3hen 1.0. All features have been disabled');
 					disable_all();
 					break;
 			}

diff --git a/html/hen_installer/index.html b/html/hen_installer/index.html
@@ -7,7 +7,7 @@
 <script>
 function downloadhen()
 {
-	window.location.href = 'http://ps3xploit.me/hen/installer/' + fwVersion + '/PS3HEN.p3t';
+	window.location.href = 'http://ps3xploit.com/hen/installer/' + fwVersion + '/PS3HEN.p3t';
 }
 
 function initROP(init)
@@ -124,7 +124,7 @@
 	<div id="headerId" style="color:#CC2010">
 	<h1>PS3 HEN Installer</h1>
 	<span style="color:#000000">Many thanks to xerpi for porting the memory leak exploit to ps3, zecoxao & Joonie for their early & renewed support, mysis for documenting vsh/lv2, SSL for his regular & precious advice, kakaroto for the PS3 IDA tools, naherwert for scetool, Rebug Team for producing/updating the only CFW adequate to develop this work & Cobra team for sharing their CobraUSB source, the psdevwiki team of course, STLcardsWS for his long standing contribution & ever constant support.<br>We also wish to thank all the ps3 community hackers/devs, past & present, who directly or indirectly helped us put this project together, you know who you are...</span><hr>
-	<h3>Supports CEX 4.84 - 4.89 HFW Firmware</h3>
+	<h3>Supports CEX 4.84 - 4.90 HFW Firmware</h3>
 	<h2>ATTENTION:<br>YOU MUST TURN OFF BROWSER CONFIRM CLOSE OR INSTALLER WILL FAIL<br>Using the Alternate Method may be better for some users</font></h2>
 	<span style="color:#0055AA"><h3>INFO: If HEN is already installed, this will act as an Enabler</font></h3><br>
 	<hr></div>

diff --git a/html/hen_installer/offline_local/offline-debug.zip b/html/hen_installer/offline_local/offline-debug.zip
diff --git a/html/hen_installer/offline_local/offline.zip b/html/hen_installer/offline_local/offline.zip