Repository files navigation

Kammy is a system for loading patches to lv2 (PlayStation 3's Game OS) froma user application, using PSGroove or any other implementation of theexploit that adds the peek/poke syscalls. Kammy was inspired by Treeki'sNintendo Wii game patching system, Kamek.

Building Kammy requiresPSL1GHTinstalled to build. This includes needing one of the supported PS3 GCCtoolchains. Besides PSL1GHT, you will need the following utilities:

• xxd: Creating patch bin files requires the xxd tool to be installed.
• dd: Also required for building the patch bin files.
• calc: Yet another requirement for building the patch bin files.Homepage.

With these dependencies installed, you can build Kammy by simply cd'ing totheloader directory and running:

    make clean    make

Kammy must be used with a payload that supports poke/peek. This includesPSGroove and most of its forks - including my own - among others. To apply aKammy patch, a loader application must be started on the PS3. This isusually done from XMB from an installed package, or from USB using myPSGroove fork's apploader payload (or PL3's payload_dev).

The example loader included in Kammy installs a hook into lv2 that sendsdebug messages over the ethernet cable of the PS3. This is useful forgetting data from the PS3 and lv2 (you get crash reports, and some info fromdifferent apps). It's also a useful way of seeing printfs from anyapplications you write and test, including ones built with PSL1GHT.

This setup has three requirements to work properly:

1. Your PS3 must be connected to a router by ethernet cable.Wireless must be disabled in the PS3 network settings.

2. The PC that you're retrieving the info with must be connected to thesame router as the PS3. Alternatively you can connect the PS3's cabledirectly into your computer to get the output.

3. Your PC must have the socat program installed, so you can run thefollowing command:

    socat udp-recv:18194 stdout

A ready-to-run pre-compiled ethernet debug loader is provided in theDownloads Section.

Kammy is made up of three main components:

• lv2: This folder contains the lv2 patches to be built. See the ethdebugpatch for an example. It is up to the patch to apply any hooks it needs tolv2.
• libkammy: This is the basic library that handles the loading of Kammypatches. Altering it should not be necessary.
• loader: This folder contains an example that shows how to use libkammy toload kammy and another patch bin from the lv2 folder.

Internally, Kammy obliderates syscall 11, so try not to run it withpayloads that provide that syscall.