I'll try to explain it again. Any payload developer should already know this. PL3 patches a routine, that in fw 3.55 occupies 1452 bytes. This routine is replaced with "li %r3, 1; blr;", so after patching it, the routine only occupies 8 bytes, so we have an area of 1444 bytes that is not used at all and we can use for anything we want. That area is where I copy the PL3 payload I compiled specially for the CFW. The zeroes? It's just padding that PL3 adds to the compiled payload so it's size is 1448 bytes, nothing else. You don't believe me? Just dump LV2 while using psgroove/psfreedom and check it yourself (the patched routine address is defined in PL3 as MEM_BASE2).

Reply · Report Post