Example #1
0
static INLINE int get_psp_patches()
{
	if(patches_found == 10)
		return 0;
	
	patches_found = 0;

	int i = 0, n = 0, mv_offset = 0;
	uint64_t value = 0, value2 = 0, addr = 0;
	
	psp_patches_type();
	
	#ifdef DEBUG
	DPRINTF("[PSP VSH PATCHES] Trying to find patches offsets..\n");
	#endif
	
	//static offset
	for(mv_offset = 0; mv_offset < 0x2000000; mv_offset += 0x100000)
	{	
		#ifdef DEBUG
		DPRINTF("Move offset +0x%x\n", mv_offset);
		#endif
		
		//psp_extra_drm_patch fix to 4.75/4.76/4.78 CEX/DEX by habib
		if(psp_extra_drm_fix != 0xDEADFACE)
		{
			addr = (vsh_offset + psp_extra_drm_fix + mv_offset);
			value = lv1_peekd(addr);
			value2 = lv1_peekd(addr + 8);	
			if(value == 0x7FE307B4EB8101E0ULL && value2 == 0xEBA101E87C0803A6ULL)
			{
				#ifdef DEBUG
				DPRINTF("[Extra Fix] Found psp_extra_drm_patch with static offset at address: 0x%lx\n", addr);
				#endif
			
				lv1_pokew(addr, 0x38600000);
				
				#ifdef DEBUG
				value = lv1_peekw(addr);
				DPRINTF("[Extra Fix] Poked 0x%lx at address: 0x%lx\n", value, addr);
				#endif
			}
		}
		//psp_drm_patch1
		addr = (vsh_offset + psp_drm_patches[0].offset + mv_offset);
		value = lv1_peekd(addr + 4);
		value2 = lv1_peekd(addr + 4 + 8);	
		if(value == 0x2F8300007C6B1B78ULL && value2 == 0x419E000C3D608002ULL)
		{
			#ifdef DEBUG
			DPRINTF("Found psp_drm_patch1 with static offset at address: 0x%lx\n", addr);
			#endif
			psp_drm_patches[0].offset = addr;
			patches_found++;
		}
		//psp_drm_patch2
		addr = (vsh_offset + psp_drm_patches[1].offset + mv_offset);
		value = lv1_peekd(addr - 8);
		if(value == 0x7FC4F37838A00098ULL)
		{
			#ifdef DEBUG
			DPRINTF("Found psp_drm_patch2 with static offset at address: 0x%lx\n", addr);
			#endif
			psp_drm_patches[1].offset = addr;
			patches_found++;
		}
		//psp_drm_patch3
		addr = (vsh_offset + psp_drm_patches[2].offset + mv_offset);
		value = lv1_peekw(addr);
		if(value == 0x7C6307B4 || value == 0x7D6307B4) //i don't found a good pattern for this
		{
			#ifdef DEBUG
			DPRINTF("Found psp_drm_patch3 with static offset at address: 0x%lx\n", addr);
			#endif
			psp_drm_patches[2].offset = addr;
			patches_found++;
		}
		//psp_drm_patch4
		addr = (vsh_offset + psp_drm_patches[3].offset + mv_offset);
		value = lv1_peekd(addr);
		if(value == 0x6000951379290020ULL)
		{
			#ifdef DEBUG
			DPRINTF("Found psp_drm_patch4 with static offset at address: 0x%lx\n", addr);
			#endif
			psp_drm_patches[3].offset = addr;
			patches_found++;
		}
		//psp_drm_patchA
		addr = (vsh_offset + psp_drm_patches[4].offset + mv_offset);
		value = lv1_peekd(addr);
		if(value == 0x600095147C0307B4ULL) //NO 3.55
		{
			#ifdef DEBUG
			DPRINTF("Found psp_drm_patchA with static offset at address: 0x%lx\n", addr);
			#endif
			psp_drm_patches[4].offset = addr;
			patches_found++;
		}
		//psp_drm_patchB
		addr = (vsh_offset + psp_drm_patches[5].offset + mv_offset);
		value = lv1_peekd(addr);
		if(value == 0x63FF95144BFFFF2CULL)
		{
			#ifdef DEBUG
			DPRINTF("Found psp_drm_patchB with static offset at address: 0x%lx\n", addr);
			#endif
			psp_drm_patches[5].offset = addr;
			patches_found++;
		}
		//psp_drm_patchC
		addr = (vsh_offset + psp_drm_patches[6].offset + mv_offset);
		value = lv1_peekd(addr - 4);
		if(value == 0x3800000060630601ULL)
		{
			#ifdef DEBUG
			DPRINTF("Found psp_drm_patchC with static offset at address: 0x%lx\n", addr);
			#endif
			psp_drm_patches[6].offset = addr;
			patches_found++;
		}
		//psp_drm_patchD
		addr = (vsh_offset + psp_drm_patches[7].offset + mv_offset);
		value = lv1_peekd(addr - 8);
		if(value == 0x7FE3FB7860009513ULL) //NO 3.55
		{
			#ifdef DEBUG
			DPRINTF("Found psp_drm_patchD with static offset at address: 0x%lx\n", addr);
			#endif
			psp_drm_patches[7].offset = addr;
			patches_found++;
		}
		//psp_drm_patchE
		addr = (vsh_offset + psp_drm_patches[8].offset + mv_offset);
		value = lv1_peekd(addr - 8);
		if(value == 0x60009513409E001CULL) //NO 3.55
		{
			#ifdef DEBUG
			DPRINTF("Found psp_drm_patchE with static offset at address: 0x%lx\n", addr);
			#endif
			psp_drm_patches[8].offset = addr;
			patches_found++;
		}
		//psp_drm_patchF
		addr = (vsh_offset + psp_drm_patches[9].offset + mv_offset);
		value = lv1_peekd(addr - 12);
		value2 = lv1_peekd(addr - 12 + 8); 
		if(value == 0x7F83E3787FE4FB78ULL)
		{
			#ifdef DEBUG
			DPRINTF("Found psp_drm_patchF with static offset at address: 0x%lx\n", addr);
			#endif
			psp_drm_patches[9].offset = addr;
			patches_found++;
		}
		if(patches_found == 10)
		{
			#ifdef DEBUG
			DPRINTF("All psp_drm_patch found with static offset!\n");
			#endif
			return 0;
		}
	}
	
	#ifdef DEBUG
	DPRINTF("psp_drm_patches not found with static offset, trying with bruteforce..\n");
	#endif
	patches_found = 0;
	
	//bruteforce
	mv_offset = (vsh_offset + 0x700);
	
	for(i = 0; i < 0x2000000; i += 4)
	{
		value = lv1_peekd(mv_offset + i);
		
		//psp_extra_drm_patch extra fix to 4.75/4.76/4.78 CEX by habib
		if(value == 0x7FE307B4EB8101E0ULL && psp_extra_drm_fix != 0xDEADFACE)
		{
			if(lv1_peekd(mv_offset + i + 8) == 0xEBA101E87C0803A6ULL)
			{
				#ifdef DEBUG
				DPRINTF("[Extra Fix] Found psp_extra_drm_patch with bruteforce at address 0x%x\n", mv_offset + i);
				#endif
			
				lv1_pokew(mv_offset + i, 0x38600000);
				
				#ifdef DEBUG
				value = lv1_peekw(mv_offset + i);
				DPRINTF("[Extra Fix] Poked 0x%lx at address: 0x%d\n", value, mv_offset + i);
				#endif
			}
		}
		//psp_drm_patch1
		if(value == 0x2F8300007C6B1B78ULL)
		{
			if(lv1_peekd(mv_offset + i + 8) == 0x419E000C3D608002ULL)
			{
				#ifdef DEBUG
				DPRINTF("Found psp_drm_patch1 with bruteforce at address 0x%x\n", mv_offset + i - 4);
				#endif
				psp_drm_patches[0].offset = (mv_offset + i - 4);
				patches_found++;
			}
		}
		//psp_drm_patch2
		if(value == 0x7FC4F37838A00098ULL)
		{
			#ifdef DEBUG
			DPRINTF("Found psp_drm_patch2 with bruteforce at address 0x%x\n", mv_offset + i + 8);
			#endif
			psp_drm_patches[1].offset = (mv_offset + i + 8);
			patches_found++;
		}
		//psp_drm_patch3
		if(value == 0xF821FAC17C0802A6ULL)
		{
			if(lv1_peekd(mv_offset + i + 8) == 0xFAC104F0FAE104F8ULL)
			{
				for(n = 0; n < 0x30; n += 4)
				{
					if(lv1_peekw(mv_offset + i - n) == 0x7C6307B4 || lv1_peekw(mv_offset + i - n) == 0x7D6307B4) //i don't found a good pattern to this
					{
						#ifdef DEBUG
						DPRINTF("Found psp_drm_patch3 with bruteforce at address 0x%x\n", mv_offset + i - n);
						#endif
						psp_drm_patches[2].offset = (mv_offset + i - n);
						patches_found++;
						break;
					}
				}
			}
		}
		//psp_drm_patch4
		if(value == 0x6000951379290020ULL)
		{
			#ifdef DEBUG
			DPRINTF("Found psp_drm_patch4 with bruteforce at address 0x%x\n", mv_offset + i);
			#endif
			psp_drm_patches[3].offset = (mv_offset + i);
			patches_found++;	
		}
		//psp_drm_patchA
		if(value == 0x600095147C0307B4ULL) //NO 3.55
		{
			#ifdef DEBUG
			DPRINTF("Found psp_drm_patchA with bruteforce at address 0x%x\n", mv_offset + i);
			#endif
			psp_drm_patches[4].offset = (mv_offset + i);
			patches_found++;	
		}
		//psp_drm_patchB
		if(value == 0x63FF95144BFFFF2CULL)
		{
			#ifdef DEBUG
			DPRINTF("Found psp_drm_patchB with bruteforce at address 0x%x\n", mv_offset + i);
			#endif
			psp_drm_patches[5].offset = (mv_offset + i);
			patches_found++;	
			}
		//psp_drm_patchC
		if(value == 0x3800000060630601ULL)
		{
			#ifdef DEBUG
			DPRINTF("Found psp_drm_patchC with bruteforce at address 0x%x\n", mv_offset + i + 4);
			#endif
			psp_drm_patches[6].offset = (mv_offset + i + 4);
			patches_found++;	
		}
		//psp_drm_patchD
		if(value == 0x7FE3FB7860009513ULL) //NO 3.55
		{
			#ifdef DEBUG
			DPRINTF("Found psp_drm_patchD with bruteforce at address 0x%x\n", mv_offset + i + 8);
			#endif
			psp_drm_patches[7].offset = (mv_offset + i + 8);
			patches_found++;	
		}
		//psp_drm_patchE
		if(value == 0x60009513409E001CULL) //NO 3.55
		{
			#ifdef DEBUG
			DPRINTF("Found psp_drm_patchE with bruteforce at address 0x%x\n", mv_offset + i + 8);
			#endif
			psp_drm_patches[8].offset = (mv_offset + i + 8);
			patches_found++;	
		}
		//psp_drm_patchF
		if(value == 0x7F83E3787FE4FB78ULL)
		{
			if(lv1_peekw(mv_offset + i + 8) == 0x38A01038)
			{
				#ifdef DEBUG
				DPRINTF("Found psp_drm_patchF with bruteforce at address 0x%x\n", mv_offset + i + 12);
				#endif
				psp_drm_patches[9].offset = (mv_offset + i + 12);
				patches_found++;
			}
		}
		if(patches_found == 10)
		{
			#ifdef DEBUG
			DPRINTF("Found all psp_drm_patch with bruteforce!\n");
			#endif
			return 0;
		}
	}
	
	#ifdef DEBUG
	DPRINTF("WARNING!! Offsets not found!!\n");
	#endif
	return EINVAL;
}
Example #2
0
	uint16_t cb = MAMBA_VERSION_BCD;
	return copy_to_user(&cb, get_secure_user_ptr(version), sizeof(uint16_t));
}

//----------------------------------------
//LV1 SYSCALL PEEK/POKE/CALL
//----------------------------------------

LV2_SYSCALL2(uint64_t, sys_cfw_lv1_peek, (uint64_t lv1_addr))
{
	#ifdef DEBUG
	DPRINTF("peek %016lx\n", lv1_addr);
	#endif

    uint64_t ret;
    ret = lv1_peekd(lv1_addr);
    return ret;

}

LV2_SYSCALL2(void, sys_cfw_lv1_poke, (uint64_t lv1_addr, uint64_t lv1_value))
{
	#ifdef DEBUG
	DPRINTF("poke %016lx %016lx\n", lv1_addr, lv1_value);
	#endif

	lv1_poked(lv1_addr, lv1_value);
}

LV2_SYSCALL2(void, sys_cfw_lv1_call, (uint64_t a1, uint64_t a2, uint64_t a3, uint64_t a4, uint64_t a5, uint64_t a6, uint64_t a7, uint64_t num))
{