static void finalize_module(void) { uint64_t meminfo[5]; sys_prx_id_t prx = prx_get_module_id_by_address(finalize_module); meminfo[0] = 0x28; meminfo[1] = 2; meminfo[3] = 0; system_call_3(482, prx, 0, (uint64_t)(uint32_t)meminfo); }
/*********************************************************************** * ring buzzer ***********************************************************************/ void buzzer(uint8_t mode) { uint16_t param = 0; switch(mode) { case 1: param = 0x0006; break; // single beep case 2: param = 0x0036; break; // double beep case 3: param = 0x01B6; break; // triple beep case 4: param = 0x0FFF; break; // continuous beep, gruesome!!! } system_call_3(392, 0x1007, 0xA, param); }
int ps3mapi_get_current_process(process_t process) { system_call_3(8, SYSCALL8_OPCODE_PS3MAPI, PS3MAPI_OPCODE_GET_CURRENT_PROC, (uint64_t)((uint32_t)process)); return_to_user_prog(int); }
int ps3mapi_get_all_processes_pid(process_id_t *pid_list) { system_call_3(8, SYSCALL8_OPCODE_PS3MAPI, PS3MAPI_OPCODE_GET_ALL_PROC_PID, (uint64_t)((uint32_t)pid_list)); return_to_user_prog(int); }
int ps3mapi_get_fw_type(char *fw) { system_call_3(8, (uint64_t)SYSCALL8_OPCODE_PS3MAPI, (uint64_t)PS3MAPI_OPCODE_GET_FW_TYPE, (uint64_t)((uint32_t)fw)); return_to_user_prog(int); }
int ring_buzzer_triple(void) { system_call_3(392, 0x1004, 0xa, 0x1b6); return_to_user_prog(int); }
int ring_buzzer_double(void) { system_call_3(392, 0x1004, 0x7, 0x36); return_to_user_prog(int); }
int ring_buzzer_simple(void) { system_call_3(392, 0x1004, 0x4, 0x6); return_to_user_prog(int); }
int ps3_soft_restart(void) { cellFsUnlink((char*)"/dev_hdd0/tmp/turnoff"); system_call_3(379, 0x200 , NULL, 0); return_to_user_prog(int); }
int ps3mapi_get_psid(uint64_t *psid) { system_call_3(8, SYSCALL8_OPCODE_PS3MAPI, PS3MAPI_OPCODE_GET_PSID, (uint64_t)((uint32_t)psid)); return_to_user_prog(int); }
int ps3mapi_get_idps(uint64_t *idps) { system_call_3(8, SYSCALL8_OPCODE_PS3MAPI, PS3MAPI_OPCODE_GET_IDPS, (uint64_t)((uint32_t)idps)); return_to_user_prog(int); }
int ps3mapi_pdisable_syscall8(int mode) { system_call_3(8, SYSCALL8_OPCODE_PS3MAPI, PS3MAPI_OPCODE_PDISABLE_SYSCALL8, (uint64_t)mode); return_to_user_prog(int); }
int ps3mapi_disable_syscall(int num) { system_call_3(8, SYSCALL8_OPCODE_PS3MAPI, PS3MAPI_OPCODE_DISABLE_SYSCALL, (uint64_t)num); return_to_user_prog(int); }
int ps3mapi_check_syscall(int num) { system_call_3(8, SYSCALL8_OPCODE_PS3MAPI, PS3MAPI_OPCODE_CHECK_SYSCALL, (uint64_t)num); return_to_user_prog(int); }
int ps3mapi_unload_vsh_plugin(char *name) { system_call_3(8, SYSCALL8_OPCODE_PS3MAPI, PS3MAPI_OPCODE_UNLOAD_VSH_PLUGIN, (uint64_t)((uint32_t)name)); return_to_user_prog(int); }
void load_payload(void) { char *ptr, *ptr2; unsigned long long addr, value; int patches = 0; #ifdef USE_MEMCPY_SYSCALL /* This does not work on some PS3s */ pokeq(NEW_POKE_SYSCALL_ADDR, 0x4800000428250000ULL); pokeq(NEW_POKE_SYSCALL_ADDR + 8, 0x4182001438a5ffffULL); pokeq(NEW_POKE_SYSCALL_ADDR + 16, 0x7cc428ae7cc329aeULL); pokeq(NEW_POKE_SYSCALL_ADDR + 24, 0x4bffffec4e800020ULL); #ifdef WITH_PL3 system_call_3(NEW_POKE_SYSCALL, 0x800000000000ef48ULL, (unsigned long long) &&_binary_payload_pl3_payload_bin_start, (uint64_t) & _binary_payload_pl3_payload_bin_size); #else system_call_3(new_poke_syscall, 0x80000000002be4a0ULL, (unsigned long long) &_binary_payload_syscall36_payload_bin_start, (uint64_t) & _binary_payload_syscall36_payload_bin_size); #endif /* restore syscall */ remove_new_poke(); pokeq(NEW_POKE_SYSCALL_ADDR + 16, 0xebc2fe287c7f1b78); pokeq(NEW_POKE_SYSCALL_ADDR + 24, 0x3860032dfba100e8); #else /* WARNING!! It supports only payload with a size multiple of 4 */ uint32_t i; #ifdef WITH_PL3 uint64_t *pl64 = (uint64_t *) (uint64_t) & _binary_payload_pl3_payload_bin_start; for (i = 0; i < (uint64_t) & _binary_payload_pl3_payload_bin_size / sizeof(uint64_t); i++) { pokeq(0x800000000000ef48ULL + i * sizeof(uint64_t), *pl64++); } if ((uint64_t) & _binary_payload_pl3_payload_bin_size % sizeof(uint64_t)) { pokeq32(0x800000000000ef48ULL + i * sizeof(uint64_t), (uint32_t) * pl64); } #else uint64_t *pl64 = (uint64_t *) (uint64_t) & _binary_payload_syscall36_payload_bin_start; for (i = 0; i < (uint64_t) & _binary_payload_syscall36_payload_bin_size / sizeof(uint64_t); i++) { pokeq(0x80000000002be4a0ULL + i * sizeof(uint64_t), *pl64++); } if ((uint64_t) & _binary_payload_syscall36_payload_bin_size % sizeof(uint64_t)) { pokeq(0x80000000002be4a0ULL + i * sizeof(uint64_t), (uint32_t) * pl64); } #endif #endif #ifdef WITH_PL3 char *tmp = strtok((char *) &_binary_payload_pl3_patch_txt_start, "\n"); #else char *tmp = strtok((char *) &_binary_payload_syscall36_patch_txt_start, "\n"); #endif do { ptr = strchr(tmp, '#'); if (ptr) *ptr = 0; ptr = tmp; while (*ptr == ' ' || *ptr == '\t') ptr++; if (!strchr("0123456789abcdefABCDEF", *ptr)) continue; addr = strtoull(ptr, &ptr, 16); if (*ptr != ':') continue; else ptr++; while (*ptr == ' ' || *ptr == '\t') ptr++; if (!strchr("0123456789abcdefABCDEF", *ptr)) continue; ptr2 = ptr; value = strtoull(ptr, &ptr, 16); patches++; if (ptr - ptr2 == 8) { _poke32(addr, value); } else if (ptr - ptr2 == 16) { _poke(addr, value); } else patches--; } while ((tmp = strtok(NULL, "\n"))); }