static int lv2_unpatch_storage_355(void) { if(!is_patched) return -1; install_new_poke(); if (!map_lv1()) { remove_new_poke(); return -2; } //search bin "5F 6F 66 5F 70 72 6F 64 75 63 74 5F 6D 6F 64 65" to find // LV2 disable syscall storage int n; for(n = 0; n < 20; n++) { pokeq(0x80000000002D7820ULL, save_lv2_storage_patch); pokeq7(HV_BASE + 0x16f3b8, save_lv1_storage_patches[0]); pokeq7(HV_BASE + 0x16f3dc, save_lv1_storage_patches[1]); pokeq7(HV_BASE + 0x16f454, save_lv1_storage_patches[2]); pokeq7(HV_BASE + 0x16f45c, save_lv1_storage_patches[3]); usleep(5000); } remove_new_poke(); /* restore pokes */ unmap_lv1(); return 0; }
static int lv2_patch_storage_355(void) { install_new_poke(); if (!map_lv1()) { remove_new_poke(); return -1; } //search bin "5F 6F 66 5F 70 72 6F 64 75 63 74 5F 6D 6F 64 65" to find // LV2 enable syscall storage save_lv2_storage_patch= peekq(0x80000000002D7820ULL); save_lv1_storage_patches[0] = peekq(HV_BASE + 0x16f3b8); save_lv1_storage_patches[1] = peekq(HV_BASE + 0x16f3dc); save_lv1_storage_patches[2] = peekq(HV_BASE + 0x16f454); save_lv1_storage_patches[3] = peekq(HV_BASE + 0x16f45c); int n; for(n = 0; n < 20; n++) { pokeq32(0x80000000002D7820ULL, 0x40000000); pokeq7(HV_BASE + 0x16f3b8, 0x7f83e37860000000ULL); pokeq7(HV_BASE + 0x16f3dc, 0x7f85e37838600001ULL); pokeq7(HV_BASE + 0x16f454, 0x7f84e3783be00001ULL); pokeq7(HV_BASE + 0x16f45c, 0x9be1007038600000ULL); usleep(5000); } remove_new_poke(); /* restore pokes */ unmap_lv1(); is_patched = 1; return 0; }
int main(int argc, char *argv[]) { debug_wait_for_client(); PRINTF("installing new poke syscall\n"); install_new_poke(); PRINTF("mapping lv1\n"); if (!map_lv1()) { remove_new_poke(); exit(0); } PRINTF("patching lv2 mem protection\n"); patch_lv2_protection(); /* PRINTF("unmapping lv1\n"); unmap_lv1(); PRINTF("installing syscall 36\n"); install_syscall_36(); PRINTF("installing vsh_open hook\n"); install_vsh_open_hook(); PRINTF("installing misc lv2 patches\n"); install_lv2_patches(); */ PRINTF("removing new poke syscall\n"); remove_new_poke(); PRINTF("done, exiting\n"); return 0; }
static int lv2_unpatch_storage_341(void) { if(!is_patched) return -1; install_new_poke(); if (!map_lv1()) { remove_new_poke(); return -1; } //search bin "5F 6F 66 5F 70 72 6F 64 75 63 74 5F 6D 6F 64 65" to find // LV2 disable syscall storage int n; for(n = 0; n < 20; n++) { pokeq(0x80000000002CF880ULL, save_lv2_storage_patch); lv1_poke(0x16f3b8ULL, save_lv1_storage_patches[0]); lv1_poke(0x16f3dcULL, save_lv1_storage_patches[1]); lv1_poke(0x16f454ULL, save_lv1_storage_patches[2]); lv1_poke(0x16f45cULL, save_lv1_storage_patches[3]); usleep(5000); } remove_new_poke(); unmap_lv1(); return 0; }
int unpatch_lv1_ss_services(void) { if(c_firmware==3.55f) { install_new_poke(); // Try to map lv1 if (!map_lv1()) { remove_new_poke(); return -1; } lv1poke(0x0016f3b8, 0x7f83e378f8010098ULL); lv1poke(0x0016f3dc, 0x7f85e3784bfff0e5ULL); lv1poke(0x0016f454, 0x7f84e37838a10070ULL); lv1poke(0x0016f45c, 0x9be1007048005fa5ULL); remove_new_poke(); // unmap lv1 unmap_lv1(); } else if((c_firmware>=4.75f) && (deh_mode)) { if(lv1peek2( 0x177A60) == 0x7f83e37860000000ULL) { lv1poke2( 0x177A60, 0x7f83e378f8010098ULL); lv1poke2( 0x177A84, 0x7f85e3784bfff0e5ULL); lv1poke2( 0x177AFC, 0x7f84e37838a10070ULL); lv1poke2( 0x177B04, 0x9be1007048006065ULL); } } else if(c_firmware==4.21f) { if(lv1peek2( 0x16f758) == 0x7f83e37860000000ULL) { lv1poke2( 0x16f758, 0x7f83e378f8010098ULL); lv1poke2( 0x16F77C, 0x7f85e3784bfff0e5ULL); lv1poke2( 0x16F7F4, 0x7f84e37838a10070ULL); lv1poke2( 0x16F7FC, 0x9be1007048006065ULL); } } else if(c_firmware>=4.30f) { if(lv1peek2( 0x16FA60) == 0x7f83e37860000000ULL) { lv1poke2( 0x16FA60, 0x7f83e378f8010098ULL); lv1poke2( 0x16FA84, 0x7f85e3784bfff0e5ULL); lv1poke2( 0x16FAFC, 0x7f84e37838a10070ULL); lv1poke2( 0x16FB04, 0x9be1007048006065ULL); } } return 0; }
void install_bootos() { char ts[400]; uint64_t lv2_kernel_filename_offset = 0; int found = 0; int i; xputs("Mapping LV1..."); install_new_poke(); if (!map_lv1()) { xputs("Cannot map LV1!"); return; } /* First try quickscanning the PS3_LPAR kernel filename */ if (QUICK_SCAN) { xputs ("Quickscanning LV1 PS3_LPAR kernel filename at known offsets..."); found = 0; for (i = 0; i < NBELMS(s_known_platforms); i++) { if (lv1_peek(s_known_platforms[i].offset) == 0x2F666C682F6F732FULL && lv1_peek(s_known_platforms[i].offset + 8) == 0x6C76325F6B65726EULL) { lv2_kernel_filename_offset = s_known_platforms[i].offset; found = 1; break; } } } if (!found) { uint64_t q1 = 0; uint64_t q2 = 0; uint64_t ten = 0; for (i = 0; i < HV_SIZE; i += 8) { if (10 * ten > HV_SIZE) { snprintf(ts, sizeof(ts), "Scanning LV1 PS3_LPAR kernel filename on full LV1 " "address space... %08llX %02d%%", i & 0xFFFFFFFFULL, (int)(i * (uint64_t) 100 / HV_SIZE)); xputs(ts); ten -= HV_SIZE / 10; } q2 = lv1_peek(i); if (q1 == 0x2F666C682F6F732FULL && q2 == 0x6C76325F6B65726EULL) { lv2_kernel_filename_offset = i - 8; found = 1; break; } q1 = q2; ten += 8; } } xputs("Unmapping LV1..."); unmap_lv1(); remove_new_poke(); if (!found) { xputs("No LV1 PS3_LPAR kernel filename found."); return; } snprintf(ts, sizeof(ts), "LV1 PS3_LPAR kernel filename offset at %08llX.", lv2_kernel_filename_offset & 0xFFFFFFFFULL); xputs(ts); found = 0; for (i = 0; i < NBELMS(s_known_platforms); i++) { if (lv2_kernel_filename_offset == s_known_platforms[i].offset) { snprintf(ts, sizeof(ts), "Detected a PS3 %s running FW %s", s_known_platforms[i].type, s_known_platforms[i].fw); xputs(ts); found = 1; break; } } if (!found) { xputs ("Please report your PS3 model, its firmware version and the offset found."); } // Lv2Patcher works on mapped memory for lv1, and doesn't account for base offset (1<<63) lv2_kernel_filename_offset += HV_BASE; lv2_kernel_filename_offset &= 0xFFFFFFFFULL; if (Lv2Syscall8 (837, (u64) "CELL_FS_IOS:BUILTIN_FLSH1", (u64) "CELL_FS_FAT", (u64) "/dev_rwflash", 0, 0, 0, 0, 0)) { xputs("Flash remap failed!"); } xputs("Reading BootOS..."); FILE *f = fopen("/dev_hdd0/game/LNX000001/USRDIR/bootos.bin", "r"); if (!f) { xputs("Cannot open BootOS binary!"); return; } size_t sz, sz1; u8 *data = (u8 *) read_file(f, &sz); if (!data) { xputs("Cannot read BootOS binary!"); fclose(f); return; } unlink("/dev_rwflash/lv2_kernel.self"); FILE *g = fopen("/dev_rwflash/lv2_kernel.self", "w"); if (!g) { fclose(f); xputs("Cannot open flash!"); return; } sz1 = sz; while (sz > 0) { sprintf(ts, "Writing BootOS: %02d%%", (int)((sz1 - sz) * 100 / sz1)); xputs(ts); if (sz >= CHUNK) { fwrite(data + (sz1 - sz), CHUNK, 1, g); sz -= CHUNK; } else { fwrite(data + (sz1 - sz), sz, 1, g); sz = 0; } } fclose(f); fclose(g); xputs("Adding \"Linux\" entry..."); f = fopen("/dev_hdd0/game/LV2000000/USRDIR/linux.txt", "w"); if (!f) { xputs("Cannot add a new patchset to LV2 patcher!"); return; } fputs("# Linux\nlv1en\n", f); fprintf(f, "%08lX: 2f6c6f63616c5f73\n", lv2_kernel_filename_offset); fprintf(f, "%08lX: 7973302f6c76325f\n", lv2_kernel_filename_offset + 8); fprintf(f, "%08lX: 6b65726e656c2e73\n", lv2_kernel_filename_offset + 16); fprintf(f, "%08lX: 656c6600\n", lv2_kernel_filename_offset + 24); fprintf(f, "%08lX: 000000000000001b\n", lv2_kernel_filename_offset + 0x120); fputs("lv1dis\n", f); fputs("panic\n", f); fclose(f); xputs("Creating kboot configuration file..."); f = fopen("/dev_hdd0/kboot.conf", "w"); fputs ("Install Debian GNU/Linux=http://ftp.debian.org/debian/dists/squeeze/main/installer-powerpc/current/images/powerpc64/netboot/vmlinux initrd=http://ftp.debian.org/debian/dists/squeeze/main/installer-powerpc/current/images/powerpc64/netboot/initrd.gz preseed/url=http://boot.khore.org/mod/preseed.cfg auto=true interface=auto priority=critical\n", f); fclose(f); /* xputs("Creating 10G file..."); f = fopen("/dev_hdd0/linux.img", "w"); data = malloc(1 << 20); for(i = 0; i < 10240; i++) fwrite(data, 1 << 20, 1, f); fclose(f); free(data); */ xputs("All done."); xputs("Please run the LV2 patcher."); xputs(""); }