Hacking Homebrew app [Release] PC DX/Watch 1.0 new Disassembler/Assembler for Playstation 4

xZenithy

Well-Known Member
OP
Newcomer
Joined
Mar 4, 2019
Messages
52
Trophies
0
Age
43
XP
228
Country
United Kingdom
Hello,


I would like to introduce you the new Disassembler/Assembler for Playstation 4 DX/Watch 2.01 Release:


DXWatch 2.1.png
DXWatch_WLAszChhJd.png DXWatch_Debugger.png

Main Features:
Below you can find the main features compared with other similar tools.
- As Disassembler:
 Windows 10 Calculator support (copy/paste actions)
 Activate Break-Point from the disassemble code window
 Add bookmarks from the disassemble code window
 Assembler Here from the disassemble code window
- As Assembler
 3 assembler modes supported: Freestyle, Amend and CodeCave
 Verify and complete ASM instruction size
 Load and Save your ASM code
 Create a new trainer file from scratch
 Add a new cheat to an existing trainer file
- As Trainer Manager
 Load and Save your trainer- cheats in a shn supported file
 Change/Update any descriptives of the trainer, ex.: Description, Author, etc..
 Delete any cheat from the selected node
 Activate/Deactivate any cheat from your loaded trainer
 Jump from any cheat-node to his corresponding address code

New Features Version 2.01:
 Memory view re-made from scratch
 Automatic Bookmarks load/save from/to file by game
 Navigational functionality for Bookmarks/Breakpoint with scroll annotations indicator
 Move/order Cheats Node on the tree trainer manager
 Full Keyboard Short-cuts for the most important actions
 Fixed a lot of bugs and code optimization from the previous version
 Update to the last payload (PS4Debug.bin Ctn v1.0.13) to support debugging PS4 on FW 07.xx
 Debugging with Single-Step Into (experimental)


Url to download: https://www.sendspace.com/file/04a3tf

Alternative Url: https://1fichier.com/?tvmp63yqjdncgq9vaf8o

Psw file: xZenithy
 
Last edited by xZenithy,

arfgh

Well-Known Member
Member
Joined
Oct 3, 2019
Messages
388
Trophies
0
Age
91
XP
604
Country
Armenia
question... which ps4debug payload to load in order to further use this program ? Because there are several versions of it... The one that uses ctn for example ?
 

xZenithy

Well-Known Member
OP
Newcomer
Joined
Mar 4, 2019
Messages
52
Trophies
0
Age
43
XP
228
Country
United Kingdom
question... which ps4debug payload to load in order to further use this program ? Because there are several versions of it... The one that uses ctn for example ?
Good question...
The exact version of the payload is v1.0.10 and it is the last public version from ctn and it is included with DX/Watch and you can send it using the corresponding button at the top-right menu bar.
But be aware there are other higher/lower public/private version that other programs are using and these payloads are not compatible with DX/Watch.
 
Last edited by xZenithy,

PopperTop

Member
Newcomer
Joined
Jan 4, 2021
Messages
17
Trophies
0
Age
31
XP
108
Country
Croatia
Looks interesting, but I've got no clue how to use the code cave stuff, is there an easy to learn tutorial for it?

There's a bunch of games I've got where the addresses have no pointers when scanned for, so with this - you would set watchpoints on the addresses to get the base offset in the executable, then you input a modification in the cave?
 

xZenithy

Well-Known Member
OP
Newcomer
Joined
Mar 4, 2019
Messages
52
Trophies
0
Age
43
XP
228
Country
United Kingdom
Looks interesting, but I've got no clue how to use the code cave stuff, is there an easy to learn tutorial for it?

There are some videos tutorials on the Web, so google for it...

There's a bunch of games I've got where the addresses have no pointers when scanned for, so with this - you would set watchpoints on the addresses to get the base offset in the executable, then you input a modification in the cave?

More or less it is like you said. There are a lot of situacion for use a code cave and more advanced master code.

One easy example: Sometime you find the asm instruction on the executable that decrease your health, but this instructions is 2 bytes size, and your modifications is 8 bytes size, so do you don't have enough room to create your modification on the executable.
So the code cave functionality look up for and empty room in the executable where you can put your code and then on the original instruction your put a jmp to the code cave address, execute your code and with another jump come back to follow the original code.
 
  • Like
Reactions: PopperTop

PopperTop

Member
Newcomer
Joined
Jan 4, 2021
Messages
17
Trophies
0
Age
31
XP
108
Country
Croatia
I'm still having trouble. ☹

I want to disable one element of the UI that pops up when you push up on the analog stick.

I get the address that has the value for it, which is a float 0 and 1

I set a watchpoint then take the address to disassembly -

12B620A mov rax, [r15] 49-8B-07

Code cave from here...

Now I'm not sure what to input.

I tried putting:

mov dword ptr [r15], 0x00000000
vmovss xmm0, dword ptr [r15]
jmp 0x12B620A

Which causes a fatal error.
 

xZenithy

Well-Known Member
OP
Newcomer
Joined
Mar 4, 2019
Messages
52
Trophies
0
Age
43
XP
228
Country
United Kingdom
I'm still having trouble. ☹

I want to disable one element of the UI that pops up when you push up on the analog stick.

I get the address that has the value for it, which is a float 0 and 1

I set a watchpoint then take the address to disassembly -

12B620A mov rax, [r15] 49-8B-07

Code cave from here...

Now I'm not sure what to input.

I tried putting:

mov dword ptr [r15], 0x00000000
vmovss xmm0, dword ptr [r15]
jmp 0x12B620A

Which causes a fatal error.
Because by you example, the issue is on your last instrucction, The jmp 0x12B620A is wrong because the address is the orginal address, this is wrong, You need to put jmp to the return address that the prg tell you. Find in the CodeCave window a label that said: Return address : 0x12B62xx. This address is the correct address that you need to put...
 
Last edited by xZenithy,

xZenithy

Well-Known Member
OP
Newcomer
Joined
Mar 4, 2019
Messages
52
Trophies
0
Age
43
XP
228
Country
United Kingdom
DX/Watch new version 2.01:

New Features Version 2.01:
 Memory view re-made from scratch
 Automatic Bookmarks load/save from/to file by game
 Navigational functionality for Bookmarks/Breakpoint with scroll annotations indicator
 Move/order Cheats Node on the tree trainer manager
 Full Keyboard Short-cuts for the most important actions
 Fixed a lot of bugs and code optimization from the previous version
 Update to the last payload (PS4Debug.bin Ctn v1.0.13) to support debugging PS4 on FW 07.xx
 Debugging with Single-Step Into (experimental)

Probably the best disassembler for PS4...
 
  • Like
Reactions: Leeful

xZenithy

Well-Known Member
OP
Newcomer
Joined
Mar 4, 2019
Messages
52
Trophies
0
Age
43
XP
228
Country
United Kingdom
DX/Watch new version 2.02:

New Features Version 2.02:
 New Historic CPU Registers Log mode (need to enable this option first on settings)
 New option to save CPU Registers in a CSV format file any-time
 New option to save Memory Map Sections in a CSV format file any-time
 Fixed an occasional bug related to the incorrect activation/deactivation of cheats from the
Trainer menu
 Update Faqs/How to related to the new option Historic CPU Registers Log
 Other minor improvements
 

PopperTop

Member
Newcomer
Joined
Jan 4, 2021
Messages
17
Trophies
0
Age
31
XP
108
Country
Croatia
I managed to do what I wanted with the UI.

Is it possible to do cheat engine's what writes and accesses address where it lists them all?

I'm wanting to remove a camera distance limit but I'm getting a watchpoint hit straight away on the camera coordinates without even moving it in game. When this address gets NOP the camera won't move, only can look around.

I've asked a PC game photomode modder on Twitter about removing the limit and he said you do this by getting the cam coordinates then debug the function. Does this mean I have to setup IDAPro?
 

xZenithy

Well-Known Member
OP
Newcomer
Joined
Mar 4, 2019
Messages
52
Trophies
0
Age
43
XP
228
Country
United Kingdom
I'm trying to follow you but I don't sure if I have got what are you talking about. So I'm going to answer below in your post..
I managed to do what I wanted with the UI.

Is it possible to do cheat engine's what writes and accesses address where it lists them all?
"Yes, it is possible to do but only using the old school way or the hard code way... "
I'm wanting to remove a camera distance limit but I'm getting a watchpoint hit straight away on the camera coordinates without even moving it in game. When this address gets NOP the camera won't move, only can look around.
"That's normal behavior on the modern games. Everything is calculated in real-time constantly, ex.: your health, the camera coordinates, etc... That is the reason to log the cpu reguisters to see how they are calculated between the different instrucctions of code/functions...
I've asked a PC game photomode modder on Twitter about removing the limit and he said you do this by getting the cam coordinates then debug the function. Does this mean I have to setup IDAPro?
Obviously IDAPro is one of the best statics debuggers(and real-time debugger too) and a lot people is capable to resolve/get his goals only using static analysis of the code but IDAPro cannot do real-time debug on PS4 console code, that is what my tool do, real-time debugging of the code that you want investigate using the bp/wp, logging the cpu registers, etc and for a lot of people is enough with using real-time analysis to achieve his differents goals.
My advice, if the goal is small/medium (typical use case example, Infinite Health) using the DX/Watch for real-time debugging can be enough.
If your goal is complex or higher, then It can be necessary to use IDAPro to do static analysis of the code, functions, etc... to understand the logic from a high level perspective and use DX/Watch to investigate and focus the code/function in a real-time analysis on a low level perspective. You can use both tool and work together using the advanced functions of that each tool to analysis your objective code..
But anyway, everything depends of your knowledge/experience on assembler programming and at the end is up to you...
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    Psionic Roshambo @ Psionic Roshambo: https://imgur.com/gallery/YgQkMCi