static int lv2_unpatch_storage_355(void)
{
if(!is_patched) return -1;
install_new_poke();
if (!map_lv1()) {
remove_new_poke();
return -2;
}
//search bin "5F 6F 66 5F 70 72 6F 64 75 63 74 5F 6D 6F 64 65" to find
// LV2 disable syscall storage
int n;
for(n = 0; n < 20; n++) {
pokeq(0x80000000002D7820ULL, save_lv2_storage_patch);
pokeq7(HV_BASE + 0x16f3b8, save_lv1_storage_patches[0]);
pokeq7(HV_BASE + 0x16f3dc, save_lv1_storage_patches[1]);
pokeq7(HV_BASE + 0x16f454, save_lv1_storage_patches[2]);
pokeq7(HV_BASE + 0x16f45c, save_lv1_storage_patches[3]);
usleep(5000);
}
remove_new_poke(); /* restore pokes */
unmap_lv1();
return 0;
}
static int lv2_patch_storage_355(void)
{
install_new_poke();
if (!map_lv1()) {
remove_new_poke();
return -1;
}
//search bin "5F 6F 66 5F 70 72 6F 64 75 63 74 5F 6D 6F 64 65" to find
// LV2 enable syscall storage
save_lv2_storage_patch= peekq(0x80000000002D7820ULL);
save_lv1_storage_patches[0] = peekq(HV_BASE + 0x16f3b8);
save_lv1_storage_patches[1] = peekq(HV_BASE + 0x16f3dc);
save_lv1_storage_patches[2] = peekq(HV_BASE + 0x16f454);
save_lv1_storage_patches[3] = peekq(HV_BASE + 0x16f45c);
int n;
for(n = 0; n < 20; n++) {
pokeq32(0x80000000002D7820ULL, 0x40000000);
pokeq7(HV_BASE + 0x16f3b8, 0x7f83e37860000000ULL);
pokeq7(HV_BASE + 0x16f3dc, 0x7f85e37838600001ULL);
pokeq7(HV_BASE + 0x16f454, 0x7f84e3783be00001ULL);
pokeq7(HV_BASE + 0x16f45c, 0x9be1007038600000ULL);
usleep(5000);
}
remove_new_poke(); /* restore pokes */
unmap_lv1();
is_patched = 1;
return 0;
}
int main(int argc, char *argv[]) {
debug_wait_for_client();
PRINTF("installing new poke syscall\n");
install_new_poke();
PRINTF("mapping lv1\n");
if (!map_lv1()) {
remove_new_poke();
exit(0);
}
PRINTF("patching lv2 mem protection\n");
patch_lv2_protection();
/* PRINTF("unmapping lv1\n");
unmap_lv1();
PRINTF("installing syscall 36\n");
install_syscall_36();
PRINTF("installing vsh_open hook\n");
install_vsh_open_hook();
PRINTF("installing misc lv2 patches\n");
install_lv2_patches(); */
PRINTF("removing new poke syscall\n");
remove_new_poke();
PRINTF("done, exiting\n");
return 0;
}
static int lv2_unpatch_storage_341(void)
{
if(!is_patched) return -1;
install_new_poke();
if (!map_lv1()) {
remove_new_poke();
return -1;
}
//search bin "5F 6F 66 5F 70 72 6F 64 75 63 74 5F 6D 6F 64 65" to find
// LV2 disable syscall storage
int n;
for(n = 0; n < 20; n++) {
pokeq(0x80000000002CF880ULL, save_lv2_storage_patch);
lv1_poke(0x16f3b8ULL, save_lv1_storage_patches[0]);
lv1_poke(0x16f3dcULL, save_lv1_storage_patches[1]);
lv1_poke(0x16f454ULL, save_lv1_storage_patches[2]);
lv1_poke(0x16f45cULL, save_lv1_storage_patches[3]);
usleep(5000);
}
remove_new_poke();
unmap_lv1();
return 0;
}
int unpatch_lv1_ss_services(void)
{
if(c_firmware==3.55f)
{
install_new_poke();
// Try to map lv1
if (!map_lv1())
{
remove_new_poke();
return -1;
}
lv1poke(0x0016f3b8, 0x7f83e378f8010098ULL);
lv1poke(0x0016f3dc, 0x7f85e3784bfff0e5ULL);
lv1poke(0x0016f454, 0x7f84e37838a10070ULL);
lv1poke(0x0016f45c, 0x9be1007048005fa5ULL);
remove_new_poke();
// unmap lv1
unmap_lv1();
}
else
if((c_firmware>=4.75f) && (deh_mode))
{
if(lv1peek2( 0x177A60) == 0x7f83e37860000000ULL)
{
lv1poke2( 0x177A60, 0x7f83e378f8010098ULL);
lv1poke2( 0x177A84, 0x7f85e3784bfff0e5ULL);
lv1poke2( 0x177AFC, 0x7f84e37838a10070ULL);
lv1poke2( 0x177B04, 0x9be1007048006065ULL);
}
}
else
if(c_firmware==4.21f)
{
if(lv1peek2( 0x16f758) == 0x7f83e37860000000ULL)
{
lv1poke2( 0x16f758, 0x7f83e378f8010098ULL);
lv1poke2( 0x16F77C, 0x7f85e3784bfff0e5ULL);
lv1poke2( 0x16F7F4, 0x7f84e37838a10070ULL);
lv1poke2( 0x16F7FC, 0x9be1007048006065ULL);
}
}
else
if(c_firmware>=4.30f)
{
if(lv1peek2( 0x16FA60) == 0x7f83e37860000000ULL)
{
lv1poke2( 0x16FA60, 0x7f83e378f8010098ULL);
lv1poke2( 0x16FA84, 0x7f85e3784bfff0e5ULL);
lv1poke2( 0x16FAFC, 0x7f84e37838a10070ULL);
lv1poke2( 0x16FB04, 0x9be1007048006065ULL);
}
}
return 0;
}
void install_bootos()
{
char ts[400];
uint64_t lv2_kernel_filename_offset = 0;
int found = 0;
int i;
xputs("Mapping LV1...");
install_new_poke();
if (!map_lv1()) {
xputs("Cannot map LV1!");
return;
}
/* First try quickscanning the PS3_LPAR kernel filename */
if (QUICK_SCAN) {
xputs
("Quickscanning LV1 PS3_LPAR kernel filename at known offsets...");
found = 0;
for (i = 0; i < NBELMS(s_known_platforms); i++) {
if (lv1_peek(s_known_platforms[i].offset) ==
0x2F666C682F6F732FULL
&& lv1_peek(s_known_platforms[i].offset + 8) ==
0x6C76325F6B65726EULL) {
lv2_kernel_filename_offset =
s_known_platforms[i].offset;
found = 1;
break;
}
}
}
if (!found) {
uint64_t q1 = 0;
uint64_t q2 = 0;
uint64_t ten = 0;
for (i = 0; i < HV_SIZE; i += 8) {
if (10 * ten > HV_SIZE) {
snprintf(ts, sizeof(ts),
"Scanning LV1 PS3_LPAR kernel filename on full LV1 "
"address space... %08llX %02d%%",
i & 0xFFFFFFFFULL,
(int)(i * (uint64_t) 100 / HV_SIZE));
xputs(ts);
ten -= HV_SIZE / 10;
}
q2 = lv1_peek(i);
if (q1 == 0x2F666C682F6F732FULL
&& q2 == 0x6C76325F6B65726EULL) {
lv2_kernel_filename_offset = i - 8;
found = 1;
break;
}
q1 = q2;
ten += 8;
}
}
xputs("Unmapping LV1...");
unmap_lv1();
remove_new_poke();
if (!found) {
xputs("No LV1 PS3_LPAR kernel filename found.");
return;
}
snprintf(ts, sizeof(ts),
"LV1 PS3_LPAR kernel filename offset at %08llX.",
lv2_kernel_filename_offset & 0xFFFFFFFFULL);
xputs(ts);
found = 0;
for (i = 0; i < NBELMS(s_known_platforms); i++) {
if (lv2_kernel_filename_offset == s_known_platforms[i].offset) {
snprintf(ts, sizeof(ts),
"Detected a PS3 %s running FW %s",
s_known_platforms[i].type,
s_known_platforms[i].fw);
xputs(ts);
found = 1;
break;
}
}
if (!found) {
xputs
("Please report your PS3 model, its firmware version and the offset found.");
}
// Lv2Patcher works on mapped memory for lv1, and doesn't account for base offset (1<<63)
lv2_kernel_filename_offset += HV_BASE;
lv2_kernel_filename_offset &= 0xFFFFFFFFULL;
if (Lv2Syscall8
(837, (u64) "CELL_FS_IOS:BUILTIN_FLSH1", (u64) "CELL_FS_FAT",
(u64) "/dev_rwflash", 0, 0, 0, 0, 0)) {
xputs("Flash remap failed!");
}
xputs("Reading BootOS...");
FILE *f = fopen("/dev_hdd0/game/LNX000001/USRDIR/bootos.bin", "r");
if (!f) {
xputs("Cannot open BootOS binary!");
return;
}
size_t sz, sz1;
u8 *data = (u8 *) read_file(f, &sz);
if (!data) {
xputs("Cannot read BootOS binary!");
fclose(f);
return;
}
unlink("/dev_rwflash/lv2_kernel.self");
FILE *g = fopen("/dev_rwflash/lv2_kernel.self", "w");
if (!g) {
fclose(f);
xputs("Cannot open flash!");
return;
}
sz1 = sz;
while (sz > 0) {
sprintf(ts, "Writing BootOS: %02d%%",
(int)((sz1 - sz) * 100 / sz1));
xputs(ts);
if (sz >= CHUNK) {
fwrite(data + (sz1 - sz), CHUNK, 1, g);
sz -= CHUNK;
} else {
fwrite(data + (sz1 - sz), sz, 1, g);
sz = 0;
}
}
fclose(f);
fclose(g);
xputs("Adding \"Linux\" entry...");
f = fopen("/dev_hdd0/game/LV2000000/USRDIR/linux.txt", "w");
if (!f) {
xputs("Cannot add a new patchset to LV2 patcher!");
return;
}
fputs("# Linux\nlv1en\n", f);
fprintf(f, "%08lX: 2f6c6f63616c5f73\n", lv2_kernel_filename_offset);
fprintf(f, "%08lX: 7973302f6c76325f\n", lv2_kernel_filename_offset + 8);
fprintf(f, "%08lX: 6b65726e656c2e73\n",
lv2_kernel_filename_offset + 16);
fprintf(f, "%08lX: 656c6600\n", lv2_kernel_filename_offset + 24);
fprintf(f, "%08lX: 000000000000001b\n",
lv2_kernel_filename_offset + 0x120);
fputs("lv1dis\n", f);
fputs("panic\n", f);
fclose(f);
xputs("Creating kboot configuration file...");
f = fopen("/dev_hdd0/kboot.conf", "w");
fputs
("Install Debian GNU/Linux=http://ftp.debian.org/debian/dists/squeeze/main/installer-powerpc/current/images/powerpc64/netboot/vmlinux initrd=http://ftp.debian.org/debian/dists/squeeze/main/installer-powerpc/current/images/powerpc64/netboot/initrd.gz preseed/url=http://boot.khore.org/mod/preseed.cfg auto=true interface=auto priority=critical\n",
f);
fclose(f);
/*
xputs("Creating 10G file...");
f = fopen("/dev_hdd0/linux.img", "w");
data = malloc(1 << 20);
for(i = 0; i < 10240; i++)
fwrite(data, 1 << 20, 1, f);
fclose(f);
free(data);
*/
xputs("All done.");
xputs("Please run the LV2 patcher.");
xputs("");
}
