Example #1
0
bool load_ps3_mamba_payload()
{
    //DrawDialogOK("Label1"); 
    if(sys8_mamba() == 0x666) return true;  // MAMBA is already running
    
    if(!syscall_base)
    {
        DrawDialogOK("syscall_base is empty!");
        return false;
    }

    char payload_file[MAXPATHLEN];
    sprintf(payload_file, "%s/USRDIR/mamba/mamba_%X.lz.bin", self_path, firmware);

#ifdef LASTPLAY_LOADER
    //DrawDialogOK("Label2"); 
    if(file_exists(payload_file) == false)
        sprintf(payload_file, "/dev_hdd0/game/IRISMAN00/USRDIR/mamba/mamba_%X.lz.bin", firmware);
#endif
    //DrawDialogOK("Label3"); 
    if(file_exists(payload_file) == false) return false;

    write_htab();

    u64 *addr = (u64 *) memalign(128, 0x20000);
    //DrawDialogOK("Label4"); 
    if(!addr)
    {
        DrawDialogOK("Memory is full");
        exit(0);
    }

    memset((char *) addr, 0, 0x20000);
    int out_size;

    int file_size = 0;
    char *mamba_payload = LoadFile((char *) payload_file, &file_size);

    if(file_size < 20000)
    {
        if(mamba_payload) free(mamba_payload);

        free(addr);
        return false;
    }

    zlib_decompress((char *) mamba_payload, (char *) addr, file_size, &out_size);

    if(mamba_payload) free(mamba_payload);

    out_size = (out_size + 0x4000) & ~127;
    u64 lv2_mem = sys8_alloc(out_size, 0x27ULL); // alloc LV2 memory

    if(!lv2_mem)
    {
        free(addr);
        DrawDialogOK("LV2 memory is full!");
        exit(0);
    }

    for(int n = 0; n < 100; n++)
    {
        lv2poke(lv2_mem, lv2_mem + 0x8ULL);
        sys8_memcpy(lv2_mem + 8, (u64) addr, out_size);


        lv2poke(syscall_base + (u64) (40 * 8), lv2_mem);  // syscall management
        lv2poke(0x80000000000004E8ULL, 0);

        usleep(1000);
    }


    free(addr);
    return true;
}
Example #2
0
void load_ps3_discless_payload()
{

    u64 *addr= (u64 *) memalign(8, ps3_storage_bin_size + 31);

    if(!addr) {
        DrawDialogOK("Shit! full memory");
        exit(0);
    }

    if(!syscall_base) {
        DrawDialogOK("syscall_base is empty!");
        return;
    }
    
    if(lv2peek(0x80000000000004E8ULL)) goto skip_the_load;

    write_htab();

    PAYLOAD_BASE = 0x80000000007FE000ULL;

    memcpy((char *) addr, (char *) ps3_storage_bin, ps3_storage_bin_size);

    addr[1] = syscall_base;
    addr[2] += PAYLOAD_BASE; // sys 40
    addr[3] = lv2peek(syscall_base + (u64) (40 * 8));
    addr[4] += PAYLOAD_BASE;
    addr[5] = lv2peek(syscall_base + (u64) (130 * 8));
    addr[6] += PAYLOAD_BASE;
    addr[7] = lv2peek(syscall_base + (u64) (879 * 8));
    addr[8] += PAYLOAD_BASE;
    addr[9] = lv2peek(syscall_base + (u64) (864 * 8));
    addr[10] += PAYLOAD_BASE;
    addr[11] = lv2peek(syscall_base + (u64) (619 * 8));
    addr[12] += PAYLOAD_BASE;
    addr[13] = lv2peek(syscall_base + (u64) (837 * 8));
    addr[14] += PAYLOAD_BASE;
    addr[15] = lv2peek(syscall_base + (u64) (609 * 8));

    int n;

    for(n=0;n<200;n++) {

    lv2poke(0x80000000000004E8ULL, PAYLOAD_BASE);

    sys8_memcpyinstr(PAYLOAD_BASE, (u64) addr, (u64) ((ps3_storage_bin_size + 7) & ~7));

    lv2poke(syscall_base + (u64) (40 * 8), PAYLOAD_BASE + 0x10ULL);  // syscall management
    lv2poke(syscall_base + (u64) (130 * 8), PAYLOAD_BASE + 0x20ULL); // sys_event_queue_receive
    lv2poke(syscall_base + (u64) (879 * 8), PAYLOAD_BASE + 0x30ULL); // sys_ss_media_id
    lv2poke(syscall_base + (u64) (864 * 8), PAYLOAD_BASE + 0x40ULL); // storage_manager
    lv2poke(syscall_base + (u64) (619 * 8), PAYLOAD_BASE + 0x50ULL); // sys_storage_async_send_device_command
    lv2poke(syscall_base + (u64) (837 * 8), PAYLOAD_BASE + 0x60ULL); // sys_fs_mount
    lv2poke(syscall_base + (u64) (609 * 8), PAYLOAD_BASE + 0x70ULL); // sys_storage_get_device_info 

    usleep(10000);
    }

    sleep(1);
skip_the_load:
    free(addr);

    send_async_data_table();
}
Example #3
0
void load_ps3_mamba_payload()
{

    u64 *addr= (u64 *) memalign(128, 0x20000);

    if(!addr) {
        DrawDialogOK("Shit! full memory");
        exit(0);
    }

    if(!syscall_base) {
        DrawDialogOK("syscall_base is empty!");
        free(addr);
        return;
    }
    
    //PAYLOAD_BASE = 0x80000000007E4000ULL;

    if(sys8_mamba()==0x666) goto skip_the_load;  // MAMBA is running yet

    write_htab();

    memset((char *) addr, 0, 0x20000);
    int out_size;

    /*
    if(firmware == 0x446C)
        memcpy((char *) addr, (char *) mamba_4_46_bin, mamba_4_46_bin_size);
    else if(firmware == 0x453C)
        memcpy((char *) addr, (char *) mamba_4_53_bin, mamba_4_53_bin_size);
    else {
        DrawDialogOK("MAMBA is not supported for this CFW");
        free(addr);
        return;
    }
    */

    if(firmware == 0x446C)
        zlib_decompress((char *) mamba_4_46_lz_bin, (char *) addr, mamba_4_46_lz_bin_size, &out_size);
    else if(firmware == 0x453C)
        zlib_decompress((char *) mamba_4_53_lz_bin, (char *) addr, mamba_4_53_lz_bin_size, &out_size);
    else {
        DrawDialogOK("MAMBA is not supported for this CFW");
        free(addr);
        return;
    }

    out_size = (out_size + 0x4000) & ~127;
    u64 lv2_mem = sys8_alloc(out_size, 0x27ULL); // alloc LV2 memory

    if(!lv2_mem) {
        DrawDialogOK("Shit! LV2 full memory");
        free(addr);
        exit(0);
    }

    int n;

    for(n=0;n<2000;n++) {

        lv2poke(lv2_mem, lv2_mem + 0x8ULL);
        sys8_memcpy(lv2_mem + 8, (u64) addr, out_size);
        

        lv2poke(syscall_base + (u64) (40 * 8), lv2_mem);  // syscall management
        lv2poke(0x80000000000004E8ULL, 0);

        usleep(1000);
    }

   // sleep(1);

skip_the_load:
    free(addr);

}