1. Introduction - The old stealth extensions

When you read this document, I assume you understand all concepts and that you already know the previous document regarding the new and simpler stealth extensions.
This document is dedicated to the "old" ones.

This first version stealth cobra, and mimics as the syscall were disabled.
In fact, after being called, any attempt to access the cfw syscalls (6,7,8,9,10,11,35 a 36) will result in the "unknown syscall" error.
But, the lv2 poke (syscall 7) will still work, meaning that if you already got the syscall table lv2 address you can add an additional security by really and definitively cleaning the syscall table.

Note that doing this before activating the syscall extensions will be controlled by the cobra core - it is easily confirmed by running cobra in debug mode and running socat in your pc to intercept debug messages.


These "old" stealth extensions do also support an additional flag to keep part of syscall 8 working for version spoofing compatibility - this was essential when using the cobra version spoofing method, that needed syscall 8 to be always running.
Unfortunately, it doesn't work anymore to connect to the psn. So it is not needed :(



=========================================================================================================

1. Definitions for using old stealth extensions in your code:

#define SYSCALL8_OPCODE_STEALTH_TEST			0x3993  // gets SYSCALL8_STEALTH_OK if Stealth extensions are installed
#define SYSCALL8_OPCODE_STEALTH_ACTIVATE		0x3995  // gets SYSCALL8_STEALTH_OK if Syscalls were disabled
#define SYSCALL8_STEALTH_OK					0x5555
  
static uint64_t call_syscall8(uint64_t func)
{
	system_call_1(8, func);
	return_to_user_prog(uint64_t);
}

static uint64_t call_syscall8p1(uint64_t func, uint64_t parameter)
{
	system_call_2(8, func, parameter);
	return_to_user_prog(uint64_t);
}

// tests if cobra stealth extensions are installed,
// return 1 if ok.
int test_cobra_stealth(void)
{
	return (call_syscall8(SYSCALL8_OPCODE_STEALTH_TEST) == SYSCALL8_STEALTH_OK);
}
		
		
// activates cobra stealth in cobra if there are stealth extensions
// param1 = protect syscall8 (needed if version spoofed being done by cobra - not needed anymore)
int do_cobra_stealth(int protect_syscall8);
int do_cobra_stealth(int protect_syscall8)
{
	return (call_syscall8p1(SYSCALL8_OPCODE_STEALTH_ACTIVATE, protect_syscall8) == SYSCALL8_STEALTH_OK);
}


=========================================================================================================

2. Using old cobra stealth:

if (test_cobra_stealth() )
{
	// stealth extensions are installed and running in this system !!!
}


if (do_cobra_stealth(0))
{
	// CFW was disabled by cobra core by using cobra stealth extensions !!!!!
}
	

========================================================================================================

	
3. The "old" cobra stealth code.


In attach to this document goes a main.c with this code injected and commented between "KW BEGIN" and "KW END" comments

That's it !
KW

