Reverse engineering PS3 games using the emulator.
Started by gir489




2 posts in this topic
gir489
Member


0
11 posts 2 threads Joined: Jul 2023
07-02-2023, 03:01 PM -
#1
I just recently started using this emulator and hoped it would be very similar to the XBOX 360's processor, which also uses the PowerPC architecture. I used to write XBL injected hacks for Call of Duty and other games for JTAG'd 360s so I'm very familiar with the 360's instructions and how RISC requires each instruction to be 4 bytes long. I also used to work for IBM writing software for the RAD series of processors. 

Anyway, I can't seem to find is a datasheet for the opcodes the PS3 is using. 

[Image: bCy7r4w.png]

Above is a picture of the debugger viewing a section of Goldeneye's memory that's responsible for changing ammo when you reload. I had found this section of memory using the Cheat Search feature and then asking it to break on read. However, that's only half the battle. Now I have to manipulate the function to do what I want, which is skipping the subtraction instruction. Above at 0x00060038 I used the patcher to write a byte of 0x41 branch equal, since that's the opposite of what it was, which was 0x40 branch not equal. But I just happened to luck out that the instruction I wanted was only a few instructions above it so I just copied the opcode and used that. I'd much prefer a datasheet with all the opcodes as it makes rewriting functions by hand much easier. Or, if it could have some kind of function like Cheat Engine has where I can double click the instruction and rewrite the mnemonic and then it reassembles it for me and changes the bytecodes that way, I could just copy the new bytes into a patch file.

Trying to find a list of instructions translated into opcodes has been a massive headache. I found a datasheet from IBM (They made the CPU in the PS3) on the PowerPC architecture, however, none of the instructions listed line up with what the debugger is claiming the instructions has. From what I remember about RISC, the first byte is the instruction code, then the 3 byte mask is the parameter for the instruction. I can't find anything about the PS3's CPU specifically.


Messages In This Thread
Reverse engineering PS3 games using the emulator. - by gir489 - 07-02-2023, 03:01 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)