A9VG电玩部落论坛

 找回密码
 注册
搜索
查看: 1821|回复: 3

[讨论] [讨论][转载]PS3 Registry Research[PS3注册表研究]

[复制链接]
该用户已被禁言

精华
0
帖子
362
威望
0 点
积分
393 点
种子
8 点
注册时间
2006-9-19
最后登录
2023-7-12
 楼主| 发表于 2010-9-9 09:13  ·  广东 | 显示全部楼层 |阅读模式
原始链接:http://streetskaterfu.blogspot.c ... istry-research.html

Since PS3News released their PS3 FTP application I did some research on the PS3's registry.

The registry and it's backup are stored on dev_flash2 as xRegistry.sys.

The header

BC AD AD BC 00 00 00 90 00 00 00 02 BC AD AD BC

The entries

Every entry has a fronttag which is 5 bytes long. I'll describe:

56 41 00 11 01

This is an example value:

/setting/parental

Behind the value theres a 1 byte close mark:

00

The 5 bytes

The first 4 bytes are a unique but random number. Every value has it to be identified and found by the system as there is no special pattern. An sprx(?) finds every value by this 4 bytes.

56 41 00 11

The 5th byte can be 00, 01 or 02. 00 tagged values are actually activated/used by the VSH, 01 ones not. The 02 seems to mean "DO NEVER UNLOCK". For example the QA Mode is tagged with 02.

00 == unlocked/used/activated
01 == locked/unused/inactive
02 == never ment to be unlocked

Stop footer

The registry has a

AA BB CC DD EE

after the last value. Here the system stops to search for values.

Single values without tag

Some values are behind the stop tag spreaded randomly in the file it seems. I have no clue how the system finds those yet but here are some I found:

- your local username
- your language (f.e. eng for english)
- your PS3 system name
- URL to the information board online stored files
- HDD serial
- Board name
- your PSN username + password
- your WIFI network key
- your local IP
- your PSID
- path to local user pic

You can modify all those values as long as you don't change its size or adress. For example the local user pic is loaded from:

/dev_flash/vsh/resource/explore/user/000.png

But you can redirect it to load from USB for example:

/dev_usb/vsh/resource/explore/user/12345.png

The Cool Stuff

The retail PS3's registry contains all values to unlock the settings which are possible on a test/debug PS3 and even more like QA mode. We can enable those via the registry, but we won't see any effect in the XMB.

That is because we just UNLOCKED it, but different files on dev_flash handle what we can actually SEE in the XMB. So we need to modify them also to fully use debug options on a retail and more.

This can be done by mounting the dev_flash from USB. We need to do this as we can not write to the original dev_flash. So once we can load our customized dev_flash from USB and have modiified our registry, we have a nice way to load a our custom firmwares.

The Crash Report

The registry can contain an crash report which is seperatly splitted with another registry header as explained above. It contains system error messages, for example if you *** up your registry ;-)

- SKFU.
hdk

精华
0
帖子
1081
威望
0 点
积分
1438 点
种子
5 点
注册时间
2004-7-21
最后登录
2018-2-20
发表于 2010-9-9 09:30  ·  浙江 | 显示全部楼层
又进一步,希望更多自制系统出现。
该用户已被禁言

精华
0
帖子
134
威望
0 点
积分
157 点
种子
0 点
注册时间
2006-4-13
最后登录
2020-1-5
发表于 2010-9-9 09:46  ·  上海 | 显示全部楼层
感谢lz的技术文章。学习了。

精华
0
帖子
384
威望
0 点
积分
429 点
种子
5 点
注册时间
2008-3-22
最后登录
2020-10-5
发表于 2010-9-9 10:40  ·  北京 | 显示全部楼层
看来dev_flash里的东西很有料啊
您需要登录后才可以回帖 登录 | 注册

本版积分规则

Archiver|手机版|A9VG电玩部落 川公网安备 51019002005286号

GMT+8, 2024-11-25 22:59 , Processed in 0.180653 second(s), 17 queries , Redis On.

Powered by Discuz! X3.4

Copyright © 2001-2020, Tencent Cloud.

返回顶部