Official Psgroove Payload Updated to Allow Retail PKG Installs

Mathieulh has updated the official psgroove payload to allow for retail PKG installing. Earlier today we reported about waninkoko‘s payload which accomplished the same thing. However, Mathieulh states that waninkoko‘s payload is the incorrect way to allow retail pkg installing. Mathieulh also states that issues may come up for certain pkg’s. Therefore, he has patched the payload correctly, giving us a more stable payload to install retail pkg and updated the official psgroove github. More after the jump.




The following comes from Mathieulh’s twitter.

Retail package support was just added to psgroove git (the patch isn’t the same as waninkoko’s hermes v3)

forcing r11 to 1 like waninkoko did does work but it is not the solution and might bring issues with specific package types.

The right patch to be done is to put a nop at the beginning of the debug algo decryption which checks for the model flag to be 1

Also waninkoko left the original psjailbreak patch which was not proper either:

ROM:0002ED00 lhz %r9, arg_7A(%sp) ROM:0002ED04 xori %r9, %r9, 0×80 ROM:0002ED08 addi %r9, %r9, -1 ROM:0002ED0C rldicl %r29, %r9, 1,63 ROM:0002ED10 b loc_2ED20

they force r29 to 1 which does indeed let you install debug packages but breaks the retail package install because the code will stop at the debug check if r29 is set to 1. The right way is to actually kill that check.
That’s what’s been done by doing a nop to the conditional branch.