(adsbygoogle = window.adsbygoogle || []).push({}); Okay Ill admit this is something that A LOT of us want, well today I tried patching the hash and every theory that people have came up with for modding the gamesave. Now I really dont think the hash is CRC32 or whatever people have been thinking first off lets make sure we are all on the same page meaning that we all agree that the games checksum is located somewhere(usually the SVG) not somewhere on the systems RAM(memory) when used with pointers would make it more secure. In this case we think its in the game save memory itself.

The reason I think It might not be a CRC32 hash is because I did try modding the savegame files including the GRADO_MP.PRF (prf I believe stands for PlayStation readable file -or something like that?) meaning the PS3 reads it based off its hash and since the HDD doesn't have it then the gamesave must. Whats in the gamesave that could possibly contain the hash? Well there is only one thing and that is the Savegame.SVG.

Now let me explain what I did and what I found, okay first off I went with the CRC32 route and I took my old un-modded hash recorded it then I modified several parts of my gamesave and the grado files then I went back and I re-applied the old hash patching the new bytes so in theory it would allow me to use the modded values and client variables.... Well infact it did! I was able to copy it over to my PS3 without really any issue, nor error etc but nothing was applied ingame I am not totally positive if this was on my part of the lack of knowing the misleading names of dvars etc but I thought it was able to read the hash okay so it must be something.

Well Idk if its totally true but I am currently looking into something which I call silent patching which has been brought up once before. If the checksum and hash are not identical to the original then it might just patch it to the original data hash that was there before making everything that you modded almost useless.

This is really more of a discussion then how to do it as there are already crap loads of stuff on that but really I dont think we should be patching the GRADO files, I think we need to look @ the svg itself and modify it to work, also the reason HSx9 left that first line the game in the SVG when he modded the LAN profiles.

Well Ill keep you guys posted, and btw EVERY file in the entire gamesave(the whole folder) has their own hash including the PFD, and the SFO.

Also for all you guys wondering, yes I did mod somethings

(picture comming soon once its off the camera)


So discuss your findings and maybe we can finally figure more stuff out....

What do you mean you modded somethings? Will enable_art work? That should be the most obvious thing to try first, maybe the results are not so obvious. Nevertheless, nice work!

I have a picture or two of the modded one with my brothers camera as proof it can be done but I might not have it to Monday for the reason it doesn't want to connect to my computer.

The checksum doesn't have to be written in the file, it can be in the file, but not as text, I have injected MD5 Checksum to a notepad file saying "TEXT" and when I looked in it, nothing changed, and when I ran a MD5 Checksum Verification scan, it told me the same MD5 Checksum as I injected. So the file is the Checksum, and if any little bit of piece is changed, it will "corrupt" the checksum, what we need to find is, what type of checksum they used, and a checksum updater.

well I figured out the SFO(it usually global with similar checksums, very simple) but I asked my dad who knows a bit about this and he said it would be their own if their smart which I am not doubting it is which would make it harder to figure out so Now I am back to trace 1 trying to do it the old school way comparing similar SVG's and see what changes.


Ill try getting up those pictures when I can as people might be interested to see them.

Wow big progress bmx. It seems you know what you're doing, which is nice for a change. Incase you didn't know, i'm the author of the clan tag & MOTD gamesave mods, and a very experienced gamesave modder, so if you need any help don't hesitate to ask I believe gamesave modding is the way forward for MW2 hacks, so like I said, if you need any help, PM me or write back. Happy hacking

PRF is PICS RULES FILE

Well right now I know of another way to to get the stuff we want, infact everything we want in those files including injecting cvars wherever we want to, Ill try to explain it but its a bit much for those who dont know so Ill try and keep it simple...

All systems run on mainly two MAIN different types of code, a way to draw graphics and commands which in this case like the PS2 and before it will be C/C++ as C++ was used to write up the .self*executable's basically* and other big chunks of code, now the second main way to run commands and functions, loops etc on a system such as the PSP,PS2 and now the PS3 would be assembly! This is one of the best, let me rephrase that.. one of the BEST things to know when it comes to console hacking. If you hacked your PSP or PS2 you know there is something called MIPS(I know it) which would be able to do anything from a hello world etc, WELL the PS3 doesn't use MIPS but instead uses a form of power PC, so now let me explain how this can be used.

A SVG file is a compiled put together file of data and its own assembly of memory of the RAM just like any other thing on a console, before it was an SVG after it passed through a toolchain it was a code, currently we are just hex editing strings of that code, he hex and its ascii which is skidde no offence unless you are actually pro @ it. Now here is what the gamesave looked like BEFORE it was compiled as an SVG.

(example)

    

#

#	TAB=8

#

FNC_0000000c:					# 

__0000000d:					# 

__0000000e:					# 

__0000000f:					# 

	lw		t2, $0dc9(t0)		# 0000000c:8d0a0dc9	t2=$00b20dc9

FNC_00000010:					# 

__00000011:					# 

__00000012:					# 

__00000013:					# 

	lui		t3, $00ad		# 00000010:3c0b00ad	t3=$00ad0000

__00000014:					# 

__00000015:					# 

__00000016:					# 

__00000017:					# 

	sw		t2, $1254(t3)		# 00000014:ad6a1254	[00ad1254]

FNC_00000018:					# 

__00000019:					# 

__0000001a:					# 

__0000001b:					# 

	jr		ra			# 00000018:03e00008	

FNC_0000001c:					# 

__0000001d:					# 

__0000001e:					# 

Now here is what I am getting at if you could not already tell. Each savegame has its own memory in assembly/c(asm) which writes the data the developers wanted to the registers to be called for later use in the game, and it is recalled and such by using saved data registers(no they exist in the games actual ram AND system nifty stuff but its just their name that makes people think their SVG's only) their s0_$+ Now here is what one might look like, a very very short simple one.

    

## MW2SVG.asm -- A "Gamesave" for the PS3's architecture.

## What it looks before its a SVG, partly as theres MUCH more.

## Registers used:

##       $v0     - syscall parameter and return value.

##       $a0     - syscall parameter-- the string to print.



        .text

main:

        la      $a0, Modern Warefare 2_msg  # load the addr of Modern Warefare 2_msg  into $a0.

        li      $v0, 4          # 4 is the print_string syscall.

        syscall                 # do the syscall.



        li      $v0, 10         # 10 is the exit syscall.

        syscall                 # do the syscall.



## Data for the program:

        .data

Modern Warefare 2_msg:      .asciiz "Modern Warfare 2 Developed by IW\n"



## end MW2SVG.asm

^Thats an example of saving the text on the games main menu, and well we modify that in the GRADO_MP.PRF file and that is basically a command pointer to change THAT data

Now heres what we can do to get our modded results, you simply crack open the SVG using an unpacker(something that would require a lib-library) to get out its base files, header files and its memory or asm file/ram file. So if we find a method to open them up unpacked(packed=major file.. the SVG itself) and then we can modify the data to whatever we like and add new data wherever we want.

To do that we would need an unpacker, a disassembler(something like PS2dis but for the PS3 and power PC) and lots of time then a way to re-pack all the files back into a binary file(the svg) Now this would be injecting a new raw string of data in an area of current no operation(reserved for later use by Devs, make sure it is ALWAYS blank and never in use in ANY case)

    

0x00 00 00 00 00 00 00

0x10 00 00 00 00 00 00

0x20 00 00 00 00 00 00

0x30 00 00 00 00 00 00

[code]



Now if we had a pointer to branch the data in the registers over we can make it so in the hex editor it would be something like...



[code]

0x00 00 ff 00 ff 00 ff

0x10 00 ff 00 ff 00 ff

0x20 00 ff 00 ff 00 ff

0x30 00 ff 00 ff 00 ff

[code]



So in order to do this method(NOT hex editing!) you would need a dissasembler to read the binary and ram files, and an unpacker/re-packer to unbuild and rebuild all the original files back into a gamesave. But doing this would allow us to DO ANYTHING we wanted, and in realization it would be very hard but it could pay off being the biggest exploit to ever happen on the PS3(because we ran unsigned code and modded intergers and values that normally dont exist in hex, allowing the game save to do ANYTHING....)



More on that to come as its really hard to explain.

What I posted is one of the few ways of having complete control over system data, there are not really many files we can access, besides the SFO's in CERTAIN cotainers and the gamesaves. Only real way for some type of game exploit is this.

-A disassembler is probly out there we would just need to look on our good friend Google, but if not I know a good programmer who can make one.

-To unpack that can be done by something a coder could write up(the bins/libs wont be hard as these SVG's are limited and nothing special is in them) or by some overflow/exploit. To re-pack I am not too sure.

Its hard but its the ultimate way, we could NULL the hash, make it so open for our usage to do what we want to mod really it can let us do so much with the game....

More on this as I got to go. :rolleyes: