注:这里只是记录逆向的过程,并没有汉化
不过我觉得后面解密后可以套用 PC 版的汉化,虽然希望比较渺茫就是了
注:别看文字只有这些。但是花费了好几天的时间来调试和排查
话说折腾 PS3 汉化的人是真的少啊,宝石 V 那么惨的机子都有人折腾,反观销量吊打 PSV 的 PS3 汉化作品却比 PSV 少,简直天理难容
估计折腾 PS3 clannad 的估计只有我一个人了
下列过程全程都在 linux 下进行
准备:
https://github.com/daryl317/fail0verflow-PS3-tools https://github.com/naehrwert/scetool https://github.com/SplinterGU/PSARc https://github.com/ErikPshat/data_makenp/ 理论上来说里面有些工具是重复的,例如 psar 和 scetool 里的功能,反正是按照我尝试的先后顺序来的
下载解密后的 clannad iso 版本: https://romspure.cc/download/clannad-2-72728/1
原始版本需要自己购买游戏后尝试 dump ,或者通过 nopaystation 下载并使用 unpkg ,或者直接在 PS3 里安装然后提取也是一种选择,但是这样比较麻烦
提取 EBOOT.bin 和 sys.psarc.sdat
编译 data_makeup,unself 和 psar
输入 make_npdata -d /sd/sys.psarc.sdat output.dat 0 得到 dat 文件
输入 psar -xf output.dat
查看 title.pte 的十六进制,我认为这是一张图片
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 user@localhost ~/out> file cg/title/title.pte cg/title/title.pte: data user@localhost ~/out> xxd cg/title/title.pte 00000000: 5047 5331 0281 0000 0000 0101 0038 4000 PGS1.........8@. 00000010: 0000 0500 0000 0500 0000 02d0 0000 0001 ................ 00000020: 0000 0000 0000 0000 0000 002c 0012 2fae ...........,../. 00000030: fff9 0003 01ef ffff ffff fffe 0008 fefb ................ 00000040: 0008 0040 ffff ffbf 0018 ffff ffed 0038 ...@...........8 00000050: 0009 ffff abff 0370 0378 0018 efff 0060 .......p.x.....` 00000060: abff 03c0 03c8 03d0 ebef 00d0 0090 0190 ................ 00000070: ffbf 00d0 ffff ffff ffff ffbf 0008 ffff ................ 00000080: ffff ffff f7ff 0008 fffe 0018 ffff ffff ................ 00000090: ffff ffff ffff ffff fffb 0048 ffff ffff ...........H.... 000000a0: ffff fbff 0008 bfbf 01c8 0008 ffff fbff ................ 000000b0: 0250 dfff 0200 efff 0008 ffef 0348 ffff .P...........H.. 000000c0: fff7 03b8 ffff ffff ffef 0050 ffbb 03b8 ...........P.... 000000d0: 0008 ffff fffe 03d0 ffff ffbe 0268 0660 .............h.` 000000e0: ffff efff 05ba cfbe 05f0 05f0 0050 0028 .............P.( 000000f0: ffff afef 00e0 0798 07a0 fffa 09b0 0020 ............... ...后面略
我认为可能是加密的缘故,本想通过不同平台来替换,但是发现不同平台的打包方式不一样,例如 PSV 版用的是 pck,PSP 版本忘记了,反正不是 sdat,遂作罢
查看 EBOOT.BIN
提取 TrueAncestor 里的 keys 放到~/.ps3 目录下
查看 EBOOT.BIN 的信息
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 user@localhost ~/o/s/fail0verflow-PS3-tools (master) [1 ]> ./readself /sd/EBOOT.BIN SELF header elf #1 offset: 00000000 _00000090 header len: 00000000 _00000980 meta offset: 00000000 _00000410 phdr offset: 00000000 _00000040 shdr offset: 00000000 _0039acd0 file size: 00000000 _0039ab60 auth id: 10100000 _01000003 (Unknown) vendor id: 01000002 info offset: 00000000 _00000070 sinfo offset: 00000000 _00000290 version offset: 00000000 _00000390 control info: 00000000 _000003c0 (00000000 _00000070 bytes) app version: 1 .0 .0 SDK type: unknown app type: application Control info control flags: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 file digest: 62 7 c b1 80 8 a b9 38 e3 2 c 8 c 09 17 08 72 6 a 57 9 e 25 86 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Section header offset size compressed unk1 unk2 encrypted 00000000 _00000980 00000000 _0020f268 [NO ] 00000000 00000000 [YES] 00000000 _00210980 00000000 _001876a8 [NO ] 00000000 00000000 [YES] 00000000 _00398028 00000000 _00000000 [NO ] 00000000 00000000 [YES] 00000000 _00398028 00000000 _00000000 [NO ] 00000000 00000000 [YES] 00000000 _00398028 00000000 _00000000 [NO ] 00000000 00000000 [YES] 00000000 _0021ac0c 00000000 _00000004 [NO ] 00000000 00000000 [N/A ] 00000000 _0020fb80 00000000 _00000028 [NO ] 00000000 00000000 [N/A ] 00000000 _0020fba8 00000000 _00000040 [NO ] 00000000 00000000 [N/A ] Encrypted Metadata unable to decrypt metadata ELF header type: Executable file machine: PowerPC64 version: 1 phdr offset: 00000000 _00000040 shdr offset: 00000000 _0039a3e0 entry: 00000000 _00227ba8 flags: 00000000 header size: 00000040 program header size: 00000038 program headers: 8 section header size: 00000040 section headers: 30 section header string table index: 29 Program headers type offset vaddr paddr memsize filesize PPU SPE RSX align LOAD 00000000 _00000000 00000000 _00010000 00000000 _00010000 00000000 _0020f268 00000000 _0020f268 r-x r-- --- 00000000 _00010000 LOAD 00000000 _00210000 00000000 _00220000 00000000 _00220000 00000000 _00498ea8 00000000 _001876a8 rw- rw- --- 00000000 _00010000 LOAD 00000000 _003976a8 00000000 _00000000 00000000 _00000000 00000000 _00000000 00000000 _00000000 r-- --- --- 00000000 _00010000 LOAD 00000000 _003976a8 00000000 _00000000 00000000 _00000000 00000000 _00000000 00000000 _00000000 rw- --- --- 00000000 _00010000 LOAD 00000000 _003976a8 00000000 _00000000 00000000 _00000000 00000000 _00000000 00000000 _00000000 rw- rw- rw- 00000000 _00010000 ????? 00000000 _0021a28c 00000000 _0022a28c 00000000 _0022a28c 00000000 _000001ec 00000000 _00000004 r-- --- --- 00000000 _00000008 ????? 00000000 _0020f200 00000000 _0021f200 00000000 _0021f200 00000000 _00000028 00000000 _00000028 --- --- --- 00000000 _00000008 ????? 00000000 _0020f228 00000000 _0021f228 00000000 _0021f228 00000000 _00000040 00000000 _00000040 --- --- --- 00000000 _00000004 Section headers [Nr] Name Type Addr ES Flg Lk Inf Al Off Size [00 ] <no-name> NULL 00000000 _00000000 00 00 000 00 00000000 _00000000 00000000 _00000000 [01 ] <no-name> PROGBITS 00000000 _00010200 00 wa 00 000 04 00000000 _00000200 00000000 _0000002c [02 ] <no-name> PROGBITS 00000000 _00010230 00 wa 00 000 16 00000000 _00000230 00000000 _001e64d4 [03 ] <no-name> PROGBITS 00000000 _001f6704 00 wa 00 000 04 00000000 _001e6704 00000000 _00000024 [04 ] <no-name> PROGBITS 00000000 _001f6728 00 wa 00 000 04 00000000 _001e6728 00000000 _00002460 [05 ] <no-name> PROGBITS 00000000 _001f8b88 00 a 00 000 04 00000000 _001e8b88 00000000 _00000184 [06 ] <no-name> PROGBITS 00000000 _001f8d0c 00 a 00 000 04 00000000 _001e8d0c 00000000 _0000048c [07 ] <no-name> PROGBITS 00000000 _001f9198 00 a 00 000 04 00000000 _001e9198 00000000 _00000004 [08 ] <no-name> PROGBITS 00000000 _001f919c 00 a 00 000 04 00000000 _001e919c 00000000 _00000004 [09 ] <no-name> PROGBITS 00000000 _001f91a0 00 a 00 000 04 00000000 _001e91a0 00000000 _00000004 [10 ] <no-name> PROGBITS 00000000 _001f91a4 00 a 00 000 04 00000000 _001e91a4 00000000 _00000420 [11 ] <no-name> PROGBITS 00000000 _001f95c4 00 a 00 000 04 00000000 _001e95c4 00000000 _00000004 [12 ] <no-name> PROGBITS 00000000 _001f9600 00 a 00 000 128 00000000 _001e9600 00000000 _0001bfd0 [13 ] <no-name> PROGBITS 00000000 _00215600 00 ae 00 000 128 00000000 _00205600 00000000 _00009c00 [14 ] <no-name> PROGBITS 00000000 _0021f200 00 ae 00 000 08 00000000 _0020f200 00000000 _00000028 [15 ] <no-name> PROGBITS 00000000 _0021f228 00 a 00 000 04 00000000 _0020f228 00000000 _00000040 [16 ] <no-name> PROGBITS 00000000 _00220000 00 ae 00 000 04 00000000 _00210000 00000000 _0000008c [17 ] <no-name> PROGBITS 00000000 _0022008c 00 ae 00 000 04 00000000 _0021008c 00000000 _00000294 [18 ] <no-name> PROGBITS 00000000 _00220320 00 ae 00 000 04 00000000 _00210320 00000000 _00000004 [19 ] <no-name> PROGBITS 00000000 _00220328 00 ae 00 000 08 00000000 _00210328 00000000 _00002494 [20 ] <no-name> PROGBITS 00000000 _002227bc 00 ae 00 000 04 00000000 _002127bc 00000000 _0000048c [21 ] <no-name> PROGBITS 00000000 _00222c48 00 ae 00 000 08 00000000 _00212c48 00000000 _00005768 [22 ] <no-name> PROGBITS 00000000 _002283b0 00 ae 00 000 08 00000000 _002183b0 00000000 _00001edc [23 ] <no-name> PROGBITS 00000000 _0022a28c 00 ae 00 000 04 00000000 _0021a28c 00000000 _00000004 [24 ] <no-name> NOBITS 00000000 _0022a290 00 ae 00 000 08 00000000 _0021a290 00000000 _000001e8 [25 ] <no-name> PROGBITS 00000000 _0022a480 00 ae 00 000 128 00000000 _0021a480 00000000 _0017d228 [26 ] <no-name> NOBITS 00000000 _003a7700 00 ae 00 000 128 00000000 _00397700 00000000 _003117a8 [27 ] <no-name> PROGBITS 00000000 _00000000 00 00 000 04 00000000 _003976a8 00000000 _00000428 [28 ] <no-name> PROGBITS 00000000 _00000000 00 00 000 01 00000000 _00397ad0 00000000 _000027dd [29 ] <no-name> STRTAB 00000000 _00000000 00 00 000 01 00000000 _0039a2ad 00000000 _00000132
使用 unself EBOOT.BIN EBOOT.elf 获得解密后的文件
EBOOT.elf 的十六进制
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 00000000: 7f45 4c46 0202 0166 0000 0000 0000 0000 .ELF...f........ 00000010: 0002 0015 0000 0001 0000 0000 0022 7ba8 ............."{. 00000020: 0000 0000 0000 0040 0000 0000 0039 a3e0 .......@.....9.. 00000030: 0000 0000 0040 0038 0008 0040 001e 001d .....@.8...@.... 00000040: 0000 0001 0040 0005 0000 0000 0000 0000 .....@.......... 00000050: 0000 0000 0001 0000 0000 0000 0001 0000 ................ 00000060: 0000 0000 0020 f268 0000 0000 0020 f268 ..... .h..... .h 00000070: 0000 0000 0001 0000 0000 0001 0060 0006 .............`.. 00000080: 0000 0000 0021 0000 0000 0000 0022 0000 .....!.......".. 00000090: 0000 0000 0022 0000 0000 0000 0018 76a8 ....."........v. 000000a0: 0000 0000 0049 8ea8 0000 0000 0001 0000 .....I.......... 000000b0: 0000 0001 0000 0004 0000 0000 0039 76a8 .............9v. 000000c0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 000000d0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 000000e0: 0000 0000 0001 0000 0000 0001 0000 0006 ................ 000000f0: 0000 0000 0039 76a8 0000 0000 0000 0000 .....9v......... 00000100: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000110: 0000 0000 0000 0000 0000 0000 0001 0000 ................ 00000120: 0000 0001 0660 0006 0000 0000 0039 76a8 .....`.......9v. ...后面略
相较于 EBOOT.ELF,EBOOT.BIN 多了以下内容:
1 2 3 4 5 6 7 8 9 00000000: 5343 4500 0000 0002 0010 0001 0000 0410 SCE............. 00000010: 0000 0000 0000 0980 0000 0000 0039 ab60 .............9.` 00000020: 0000 0000 0000 0003 0000 0000 0000 0070 ...............p 00000030: 0000 0000 0000 0090 0000 0000 0000 00d0 ................ 00000040: 0000 0000 0039 ad60 0000 0000 0000 0290 .....9.`........ 00000050: 0000 0000 0000 0390 0000 0000 0000 03c0 ................ 00000060: 0000 0000 0000 0070 0000 0000 0000 0000 .......p........ 00000070: 1010 0000 0100 0003 0100 0002 0000 0004 ................ 00000080: 0001 0000 0000 0000 0000 0000 0000 0000 ................
使用 powerpc64le-linux-gnu-objdump -D EBOOT.elf 获得反汇编文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 /sd/1DMP/Compressed/EBOOT.ELF: 文件格式 elf64-powerpc Disassembly of section : 0000000000010200 <>: 10200: f8 21 ff 91 stdu r1,-112(r1) 10204: 7c 08 02 a6 mflr r0 10208: f8 01 00 80 std r0,128(r1) 1020c: 48 18 0c c5 bl 0x190ed0 10210: 60 00 00 00 nop 10214: 48 18 0d 2d bl 0x190f40 10218: 60 00 00 00 nop 1021c: e8 01 00 80 ld r0,128(r1) 10220: 7c 08 03 a6 mtlr r0 10224: 38 21 00 70 addi r1,r1,112 10228: 4e 80 00 20 blr Disassembly of section : 0000000000010230 <>: 10230: f8 21 ff 81 stdu r1,-128(r1) 10234: 7c 08 02 a6 mflr r0 10238: f8 01 00 90 std r0,144(r1) 1023c: fb e1 00 78 std r31,120(r1) 10240: 3c 80 00 20 lis r4,32 10244: 60 7f 00 00 ori r31,r3,0 10248: 30 64 7c 00 addic r3,r4,31744 1024c: 3c 80 00 23 lis r4,35 10250: 90 7f 00 00 stw r3,0(r31) 10254: 80 64 a4 80 lwz r3,-23424(r4) 10258: 2c 03 00 00 cmpwi r3,0 ...后面略
下面是可能涉及到解密的片段
1 2 3 4 f4f48 : 3 c 80 00 21 lis r4,33 1ce550 : 7 c 64 1 b 78 mr r4,r310484 : 80 84 a4 80 lwz r4,-23424 (r4)10488 : 48 0 e 4 a d1 bl 0 xf4f58
不得不感叹汇编是真的难读,虽然混淆后的 C 代码也好不到哪去就是了,不得不感慨当时手写汇编的程序员是有多么地费时费力。
但是我不懂汇编,我只有一点 C 语言基础。
下一步估计就是 RPCS3 调试尝试读取内存内容也说不定?
11.21 更新:
使用 strings 查看后发现了这些:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 hlslf generic Cg binary format doesn't match the current revision. No error has occurred.The compile returned an error . The parameter used is invalid. The profile is not supported. The program could not load. The program could not bind. The program must be loaded before this operation may be used. An unsupported GL extension was required to perform this operation.An unknown value type was assigned to a parameter.The parameter is not of matrix type . The enumerant parameter has an invalid value. The parameter must be a 4x4 matrix type . The file could not be read . The file could not be written. nvparse could not successfully parse the output from the Cg compiler backend. Memory allocation failed.Invalid context handle. Invalid program handle. Invalid parameter handle.
还有
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 x:/advcpp/advsys/../common/util/pointer_cache.h psglSetAllocatorFuncs: do not call after psglInit()!! psglSetAllocatorFuncs: must specify all allocator functions OpenGL ES-CM 1.0 -optrsx SCE Fri Sep 10 14 :24 :15 JST 2010 Sony Computer Entertainment Inc. JETSTREAM-A OpenGL ES-CM 1.0 %f , %f , %f , %f ERROR: _jsAsyncCopyInit failed! Requested maxSPUs=%d , but a raw SPU is unavailable (most likely initializeSPUs is not enabled in the psglInit options or sys_spu_initialize(6 ,1 ) is not called before psglInit). PSGL console initialized JS_THREAD failed to get SPU %d PSGL GCM failed initialisation Could not init GPU memory manager This must becalled between psglBeginCommandRecord and psglEndCommandRecord psglCommandBuffer Error: Buffer pointer was not mapped Aborting CallCommandBuffer cmdBuffer data %d viewXform projXform normXform flags normalScale material.Ka material.Kd material.Ks material.Ke material.shininess globalAmbient useTexMatrix nLights light[0 ].position light[0 ].ambient light[0 ].diffuse
以及
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 /data/ SCR / seenx16.psbhikarizaka Sys Save /data/ sys/cg/ sysmenu/ systemmenu.pte/data/ sys/cg/ systemmsg/ s_window28.pte/data/ sys/cg/ systemmsg/ s_window16.ptedialog Adv Save Adv Load config chapter menu /data/ sys/cg/ title/ title02.pte/data/ sys/cg/ title/ title01.pte/data/ sys/cg/ title/ title.pte/data/ bgm/ bgm30.at3/data/ PCM /s/ tsignal.at3/data/ SCR / seen0414.psb/data/ SCR / seen6800.psbchild at title Adv from Title /data/ sys/cg/ systemmsg/ s_window% 02d.pteSpin Off Dialog Laod Task config data inst ICON0 .PNG PIC1 .PNG data/ cg.psarc.sdat data/ bgm.psarc.sdat CheckGameData % s/% sSys Save ICON0 .PNG PIC1 .PNG data/ cg.psarc.sdat data/ bgm.psarc.sdat Inst GameData % s/% s% s/ dataScenario Load SAVEDATA Scenario Save x:/products/ ps3/clannad/ app/task/ thr_save.cpp GAME /data/ sys/cg/ save/ pic1.pngSAVEDATA Sys Load x:\products\ps3\clannad\app\task\thr_sys_load.cpp SAVEDATA Sys Save SYSTEM /data/ sys/cg/ save/sys/ icon0.png/data/ sys/cg/ save/ pic1.png/data/ sys/cg/ save/sys/ proc_save.pngx:\products\ps3\clannad\app\task\thr_sys_save.cpp SAVEDATA Disp SysInfo NowLoadingTask x:/advcpp/ advsys/ advsys_manager.cpp Error Dialog SYS_MENU Backlog Backlog ErrDlg x:/advcpp/ advsys/ VirtualMachine .cpp Global CVMAdvSys Global Timer x:/advcpp/ advsys/ vm_advsys.cpp /data/ CG / mask01.pte/data/ CG / mask02.pteTITLE NULL % s% s.at3/data/ BGM / % s% s.psb/data/ SCR / % s% s.pte/data/ CG / (ReadFlagNo : % d, Y : % d) \s% 03d /data/ PCM / x:/advcpp/ advsys/event/ EventManager .cpp x:/advcpp/ advsys/effect/ effect_run.cpp x:/advcpp/ advsys/task/ CBacklogTask .cpp \n\n ! "#$%&' )*+,-.0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ CThrTrophyInst TrophyThread AudioChannel at3dec at3 ring x:/advcpp/common/PS3/sound/audio_decoder_at3.cpp x:/advcpp/common/PS3/sound/audio_mixer.cpp at3 decode thread x:/advcpp/common/PS3/sound/decode_thread.cpp audio fade thread x:/advcpp/common/PS3/sound/fade_thread.cpp Fade th x-cell-fs://%s%s x:/advcpp/common/PS3/movie/psmf_player.cpp x:/advcpp/common/PS3/graphics/fontdraw_base.cpp 1280x720/16:9 720x576/16:9 720x576/4:3 720x480/16:9 720x480/4:3 x:/advcpp/common/PS3/graphics/render_devicebase.cpp /data/sys/shader/raster_fs.cgelf /data/sys/shader/sepia_fs.cgelf /data/sys/shader/grayscale_fs.cgelf /data/sys/shader/nega_fs.cgelf /data/sys/shader/gauss_easy_vs.cgelf /data/sys/shader/gauss_easy_fs.cgelf /data/sys/shader/mask_vs.cgelf /data/sys/shader/mask_fs.cgelf /data/sys/shader/mask2_fs.cgelf /data/sys/shader/conv_color_fs.cgelf x:/advcpp/common/PS3/graphics/shader_manager_base.cpp x:/advcpp/common/PS3/graphics/tex_image.cpp texture thread x:/advcpp/common/PS3/graphics/texture_thread.cpp Tex Th x:/advcpp/common/PS3/graphics/font/font_render.cpp x:/advcpp/common/PS3/graphics/font/font_tex.cpp font change modelViewProj x:/advcpp/common/PS3/common/graphics/TexSplitInfo.cpp net start x:\advcpp\common\PS3\n et\t ask_simple_dlc.cpp x:/advcpp/common/util/CRingBuf.cpp x:/advcpp/common/util/Fat.cpp x:/advcpp/common/util/file_buffslot.cpp x:/advcpp/common/util/FreqTable.cpp
这些关键词都指向了 advcpp,这是这个的引擎吗?但是我觉得 eboot.elf 是用 c++ 编译的没错,问题是我应该如何找到这个的源码或第三方实现呢?
通过谷歌查找发现了这个 ,但是讲的是高级 C++ 编程,与这个无关。
我后来继续使用 powerpc64le-linux-gnu-objdump -Mcell -D EBOOT.ELF 反汇编尝试但是仍然是一堆晦涩不懂的 r 什么玩意。
补充:使用 readelf 查看的信息:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 user@localhost ~/fail0verflow-PS3-tools (master)> readelf -a EBOOT.ELF ELF 头: Magic: 7f 45 4c 46 02 02 01 66 00 00 00 00 00 00 00 00 类别: ELF64 数据: 2 补码,大端序 (big endian) Version: 1 (current) OS/ABI: <未知:66> ABI 版本: 0 类型: EXEC (可执行文件) 系统架构: PowerPC64 版本: 0x1 入口点地址: 0x227ba8 程序头起点: 64 (bytes into file) Start of section headers: 3777504 (bytes into file) 标志: 0x0 Size of this header: 64 (bytes) Size of program headers: 56 (bytes) Number of program headers: 8 Size of section headers: 64 (bytes) Number of section headers: 30 Section header string table index: 29 节头: [号] 名称 类型 地址 偏移量 大小 全体大小 旗标 链接 信息 对齐 [ 0] NULL 0000000000000000 00000000 0000000000000000 0000000000000000 0 0 0 [ 1] PROGBITS 0000000000010200 00000200 000000000000002c 0000000000000000 AX 0 0 4 [ 2] PROGBITS 0000000000010230 00000230 00000000001e64d4 0000000000000000 AX 0 0 16 [ 3] PROGBITS 00000000001f6704 001e6704 0000000000000024 0000000000000000 AX 0 0 4 [ 4] PROGBITS 00000000001f6728 001e6728 0000000000002460 0000000000000000 AX 0 0 4 [ 5] PROGBITS 00000000001f8b88 001e8b88 0000000000000184 0000000000000000 A 0 0 4 [ 6] PROGBITS 00000000001f8d0c 001e8d0c 000000000000048c 0000000000000000 A 0 0 4 [ 7] PROGBITS 00000000001f9198 001e9198 0000000000000004 0000000000000000 A 0 0 4 [ 8] PROGBITS 00000000001f919c 001e919c 0000000000000004 0000000000000000 A 0 0 4 [ 9] PROGBITS 00000000001f91a0 001e91a0 0000000000000004 0000000000000000 A 0 0 4 [10] PROGBITS 00000000001f91a4 001e91a4 0000000000000420 0000000000000000 A 0 0 4 [11] PROGBITS 00000000001f95c4 001e95c4 0000000000000004 0000000000000000 A 0 0 4 [12] PROGBITS 00000000001f9600 001e9600 000000000001bfd0 0000000000000000 A 0 0 128 [13] PROGBITS 0000000000215600 00205600 0000000000009c00 0000000000000000 WA 0 0 128 [14] PROGBITS 000000000021f200 0020f200 0000000000000028 0000000000000000 WA 0 0 8 [15] PROGBITS 000000000021f228 0020f228 0000000000000040 0000000000000000 A 0 0 4 [16] PROGBITS 0000000000220000 00210000 000000000000008c 0000000000000000 WA 0 0 4 [17] PROGBITS 000000000022008c 0021008c 0000000000000294 0000000000000000 WA 0 0 4 [18] PROGBITS 0000000000220320 00210320 0000000000000004 0000000000000000 WA 0 0 4 [19] PROGBITS 0000000000220328 00210328 0000000000002494 0000000000000000 WA 0 0 8 [20] PROGBITS 00000000002227bc 002127bc 000000000000048c 0000000000000000 WA 0 0 4 [21] PROGBITS 0000000000222c48 00212c48 0000000000005768 0000000000000000 WA 0 0 8 [22] PROGBITS 00000000002283b0 002183b0 0000000000001edc 0000000000000000 WA 0 0 8 [23] PROGBITS 000000000022a28c 0021a28c 0000000000000004 0000000000000000 WAT 0 0 4 [24] NOBITS 000000000022a290 0021a290 00000000000001e8 0000000000000000 WAT 0 0 8 [25] PROGBITS 000000000022a480 0021a480 000000000017d228 0000000000000000 WA 0 0 128 [26] NOBITS 00000000003a7700 00397700 00000000003117a8 0000000000000000 WA 0 0 128 [27] PROGBITS 0000000000000000 003976a8 0000000000000428 0000000000000000 0 0 4 [28] PROGBITS 0000000000000000 00397ad0 00000000000027dd 0000000000000000 0 0 1 [29] STRTAB 0000000000000000 0039a2ad 0000000000000132 0000000000000000 0 0 1 Key to Flags: W (write), A (alloc), X (execute), M (merge), S (strings), I (info), L (link order), O (extra OS processing required), G (group), T (TLS), C (compressed), x (unknown), o (OS specific), E (exclude), p (processor specific) There are no section groups in this file. 程序头: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flags Align LOAD 0x0000000000000000 0x0000000000010000 0x0000000000010000 0x000000000020f268 0x000000000020f268 R E 0x10000 LOAD 0x0000000000210000 0x0000000000220000 0x0000000000220000 0x00000000001876a8 0x0000000000498ea8 RW 0x10000 LOAD 0x00000000003976a8 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 R 0x10000 LOAD 0x00000000003976a8 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 RW 0x10000 LOAD 0x00000000003976a8 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 RW 0x10000 TLS 0x000000000021a28c 0x000000000022a28c 0x000000000022a28c 0x0000000000000004 0x00000000000001ec R 0x8 LOOS+0x1 0x000000000020f200 0x000000000021f200 0x000000000021f200 0x0000000000000028 0x0000000000000028 0x8 LOOS+0x2 0x000000000020f228 0x000000000021f228 0x000000000021f228 0x0000000000000040 0x0000000000000040 0x4 Section to Segment mapping: 段节... 00 01 02 03 04 05 06 07 There is no dynamic section in this file. 该文件中没有重定位信息。 The decoding of unwind sections for machine type PowerPC64 is not currently supported.
查看头起点的汇编:
1 2 3 4 5 227ba8: 00 19 0b 58 .long 0x190b58 190b58 : 38 40 00 00 li r2,0 109b4 : f8 41 00 28 std r2,40 (r1)10200 : f8 21 ff 91 stdu r1,-112 (r1)10230 : f8 21 ff 81 stdu r1,-128 (r1)
感觉还是没有得到太多信息,或许我应该学习 C++ 和汇编?
他奶奶的,如果 clannad ps3 版是轻音少女那样 PSP 模拟器套壳就好了,那样工作量还能简单一点,可惜并不是。
然后又试了一下 Little Busters 的 ps3 版,这下好了,连 dat 都解包不了...
