int map_path_user(char *oldpath, char *newpath, uint32_t flags) { char *oldp, *newp; #ifdef DEBUG DPRINTF("map_path_user, called by process %s: %s -> %s\n", get_process_name(get_current_process_critical()), oldpath, newpath); #endif if (oldpath == 0) return -1; int ret = pathdup_from_user(get_secure_user_ptr(oldpath), &oldp); if (ret != 0) return ret; if (newpath == 0) newp = NULL; else { ret = pathdup_from_user(get_secure_user_ptr(newpath), &newp); if (ret != 0) { dealloc(oldp, 0x27); return ret; } } ret = map_path(oldp, newp, flags | FLAG_COPY); dealloc(oldp, 0x27); if (newp) dealloc(newp, 0x27); return ret; }
int sys_psp_set_umdfile(char *file, char *id, int prometheus) { int ret; file = get_secure_user_ptr(file); id = get_secure_user_ptr(id); if (file == NULL) { if (umd_file) { dealloc(umd_file, 0x27); umd_file = NULL; } if (mutex) { if (user_mutex) user_mutex = 0; else mutex_destroy(mutex); mutex = NULL; } if (patches_backup) { for (int i = 0; patches_backup[i].offset != 0; i++) copy_to_process(vsh_process, &patches_backup[i].data, (void *)(uint64_t)(0x10000+patches_backup[i].offset), 4); dealloc(patches_backup, 0x27); patches_backup = NULL; } condition_psp_iso = 0; condition_psp_dec = 0; condition_psp_keys = 0; condition_psp_prometheus = 0; return 0; } strncpy(psp_id, id, 10); psp_id[10] = 0; if (strlen(psp_id) != 10) return EINVAL; ret = pathdup_from_user(file, &umd_file); if (ret != 0) return ret; condition_psp_iso = 1; condition_psp_prometheus = prometheus; #ifdef DEBUG if (prometheus) DPRINTF("Using prometheus patch.\n"); #endif if (!patches_backup) { switch(vsh_check) { case VSH_HASH: #ifdef DEBUG DPRINTF("Now patching PSP DRM In Retail VSH..\n"); #endif patches_backup = alloc(sizeof(psp_drm_patches), 0x27); memcpy(patches_backup, &psp_drm_patches, sizeof(psp_drm_patches)); for (int i = 0; psp_drm_patches[i].offset != 0; i++) { #ifdef DEBUG DPRINTF("Offset: 0x%08X | Data: 0x%08X\n", (uint32_t)psp_drm_patches[i].offset, (uint32_t)psp_drm_patches[i].data); #endif copy_from_process(vsh_process, (void *)(uint64_t)(0x10000+patches_backup[i].offset), &patches_backup[i].data, 4); if (copy_to_process(vsh_process, &psp_drm_patches[i].data, (void *)(uint64_t)(0x10000+psp_drm_patches[i].offset), 4) != 0) fatal("copy_to_process failed, you forgot to make vsh text writable, retard!\n"); } break; default: #ifdef DEBUG DPRINTF("Unknown VSH HASH, PSP DRM was not patched!\n"); #endif break; } } return 0; }
int sys_psp_set_umdfile(char *file, char *id, int prometheus) { if(vsh_offset == 0) return EINVAL; int ret; file = get_secure_user_ptr(file); id = get_secure_user_ptr(id); if (file == NULL) { if (umd_file) { dealloc(umd_file, 0x27); umd_file = NULL; } if (mutex) { if (user_mutex) { user_mutex = 0; } else { mutex_destroy(mutex); } mutex = NULL; } if (patches_backup) { #ifdef DEBUG DPRINTF("[PSP VSH PATCHES] Restore original data\n"); #endif for (int i = 0; patches_backup[i].offset != 0; i++) { lv1_pokew(patches_backup[i].offset, patches_backup[i].data); #ifdef DEBUG DPRINTF("%d) poke 0x%x at address 0x%x\n", i + 1, patches_backup[i].data, patches_backup[i].offset); #endif } dealloc(patches_backup, 0x27); patches_backup = NULL; } condition_psp_iso = 0; condition_psp_dec = 0; condition_psp_keys = 0; condition_psp_prometheus = 0; return 0; } strncpy(psp_id, id, 10); psp_id[10] = 0; if (strlen(psp_id) != 10) return EINVAL; ret = pathdup_from_user(file, &umd_file); if (ret != 0) return ret; condition_psp_iso = 1; condition_psp_prometheus = prometheus; #ifdef DEBUG if (prometheus) { DPRINTF("Using prometheus patch.\n"); } #endif if(get_psp_patches()) return EINVAL; if (!patches_backup) { patches_backup = alloc(sizeof(psp_drm_patches), 0x27); memcpy(patches_backup, &psp_drm_patches, sizeof(psp_drm_patches)); #ifdef DEBUG DPRINTF("Making patches..\n"); #endif for (int i = 0; psp_drm_patches[i].offset != 0; i++) { patches_backup[i].data = lv1_peekw(patches_backup[i].offset); lv1_pokew(psp_drm_patches[i].offset, psp_drm_patches[i].data); #ifdef DEBUG DPRINTF("Offset: 0x%08X | Poked Data: 0x%08X | Original Data: 0x%08X\n", (uint32_t)psp_drm_patches[i].offset, (uint32_t)psp_drm_patches[i].data, (uint32_t)patches_backup[i].data); #endif } } return 0; }
int sys_psp_set_umdfile(char *file, char *id, int prometheus) { int ret; file = get_secure_user_ptr(file); id = get_secure_user_ptr(id); if (file == NULL) { if (umd_file) { dealloc(umd_file, 0x27); umd_file = NULL; } if (mutex) { if (user_mutex) { user_mutex = 0; } else { mutex_destroy(mutex); } mutex = NULL; } if (patches_backup) { for (int i = 0; patches_backup[i].offset != 0; i++) { copy_to_process(vsh_process, &patches_backup[i].data, (void *)(uint64_t)(0x10000+patches_backup[i].offset), 4); } dealloc(patches_backup, 0x27); patches_backup = NULL; } condition_psp_iso = 0; condition_psp_dec = 0; condition_psp_keys = 0; condition_psp_prometheus = 0; return 0; } strncpy(psp_id, id, 10); psp_id[10] = 0; if (strlen(psp_id) != 10) return EINVAL; ret = pathdup_from_user(file, &umd_file); if (ret != 0) return ret; condition_psp_iso = 1; condition_psp_prometheus = prometheus; #ifdef DEBUG if (prometheus) { DPRINTF("Using prometheus patch.\n"); } #endif if (!patches_backup) { switch(vsh_check) { case VSH_HASH: DPRINTF("Now patching PSP DRM into spoofed DEBUG VSH..\n"); patches_backup = alloc(sizeof(psp_drm_patches), 0x27); memcpy(patches_backup, &psp_drm_patches, sizeof(psp_drm_patches)); for (int i = 0; psp_drm_patches[i].offset != 0; i++) { DPRINTF("Offset: 0x%08X | Data: 0x%08X\n", (uint32_t)psp_drm_patches[i].offset, (uint32_t)psp_drm_patches[i].data); copy_from_process(vsh_process, (void *)(uint64_t)(0x10000+patches_backup[i].offset), &patches_backup[i].data, 4); if (copy_to_process(vsh_process, &psp_drm_patches[i].data, (void *)(uint64_t)(0x10000+psp_drm_patches[i].offset), 4) != 0) { fatal("copy_to_process failed, you forgot to make spoofed DEBUG VSH text writable, retard!\n"); } } break; case VSH_NRM_HASH: DPRINTF("Now patching PSP DRM into normal DEBUG VSH..\n"); patches_backup = alloc(sizeof(psp_drm_patches), 0x27); memcpy(patches_backup, &psp_drm_patches, sizeof(psp_drm_patches)); for (int i = 0; psp_drm_patches[i].offset != 0; i++) { DPRINTF("Offset: 0x%08X | Data: 0x%08X\n", (uint32_t)psp_drm_patches[i].offset, (uint32_t)psp_drm_patches[i].data); copy_from_process(vsh_process, (void *)(uint64_t)(0x10000+patches_backup[i].offset), &patches_backup[i].data, 4); if (copy_to_process(vsh_process, &psp_drm_patches[i].data, (void *)(uint64_t)(0x10000+psp_drm_patches[i].offset), 4) != 0) { fatal("copy_to_process failed, you forgot to make normal DEBUG VSH text writable, retard!\n"); } } break; case VSH_CEX_HASH: DPRINTF("Now patching PSP DRM into spoofed RETAIL VSH..\n"); patches_backup = alloc(sizeof(cex_psp_drm_patches), 0x27); memcpy(patches_backup, &cex_psp_drm_patches, sizeof(cex_psp_drm_patches)); for (int i = 0; cex_psp_drm_patches[i].offset != 0; i++) { DPRINTF("Offset: 0x%08X | Data: 0x%08X\n", (uint32_t)cex_psp_drm_patches[i].offset, (uint32_t)cex_psp_drm_patches[i].data); copy_from_process(vsh_process, (void *)(uint64_t)(0x10000+patches_backup[i].offset), &patches_backup[i].data, 4); if (copy_to_process(vsh_process, &cex_psp_drm_patches[i].data, (void *)(uint64_t)(0x10000+cex_psp_drm_patches[i].offset), 4) != 0) { fatal("copy_to_process failed, you forgot to make spoofed RETAIL VSH text writable, retard!\n"); } } break; default: DPRINTF("WARNING: Unknown VSH loaded.\n Cannot patch PSP DRM into vsh.self\n"); break; } } return 0; }