예제 #1
0
bool load_ps3_mamba_payload()
{
    //DrawDialogOK("Label1"); 
    if(sys8_mamba() == 0x666) return true;  // MAMBA is already running
    
    if(!syscall_base)
    {
        DrawDialogOK("syscall_base is empty!");
        return false;
    }

    char payload_file[MAXPATHLEN];
    sprintf(payload_file, "%s/USRDIR/mamba/mamba_%X.lz.bin", self_path, firmware);

#ifdef LASTPLAY_LOADER
    //DrawDialogOK("Label2"); 
    if(file_exists(payload_file) == false)
        sprintf(payload_file, "/dev_hdd0/game/IRISMAN00/USRDIR/mamba/mamba_%X.lz.bin", firmware);
#endif
    //DrawDialogOK("Label3"); 
    if(file_exists(payload_file) == false) return false;

    write_htab();

    u64 *addr = (u64 *) memalign(128, 0x20000);
    //DrawDialogOK("Label4"); 
    if(!addr)
    {
        DrawDialogOK("Memory is full");
        exit(0);
    }

    memset((char *) addr, 0, 0x20000);
    int out_size;

    int file_size = 0;
    char *mamba_payload = LoadFile((char *) payload_file, &file_size);

    if(file_size < 20000)
    {
        if(mamba_payload) free(mamba_payload);

        free(addr);
        return false;
    }

    zlib_decompress((char *) mamba_payload, (char *) addr, file_size, &out_size);

    if(mamba_payload) free(mamba_payload);

    out_size = (out_size + 0x4000) & ~127;
    u64 lv2_mem = sys8_alloc(out_size, 0x27ULL); // alloc LV2 memory

    if(!lv2_mem)
    {
        free(addr);
        DrawDialogOK("LV2 memory is full!");
        exit(0);
    }

    for(int n = 0; n < 100; n++)
    {
        lv2poke(lv2_mem, lv2_mem + 0x8ULL);
        sys8_memcpy(lv2_mem + 8, (u64) addr, out_size);


        lv2poke(syscall_base + (u64) (40 * 8), lv2_mem);  // syscall management
        lv2poke(0x80000000000004E8ULL, 0);

        usleep(1000);
    }


    free(addr);
    return true;
}
예제 #2
0
void load_ps3_mamba_payload()
{

    u64 *addr= (u64 *) memalign(128, 0x20000);

    if(!addr) {
        DrawDialogOK("Shit! full memory");
        exit(0);
    }

    if(!syscall_base) {
        DrawDialogOK("syscall_base is empty!");
        free(addr);
        return;
    }
    
    //PAYLOAD_BASE = 0x80000000007E4000ULL;

    if(sys8_mamba()==0x666) goto skip_the_load;  // MAMBA is running yet

    write_htab();

    memset((char *) addr, 0, 0x20000);
    int out_size;

    /*
    if(firmware == 0x446C)
        memcpy((char *) addr, (char *) mamba_4_46_bin, mamba_4_46_bin_size);
    else if(firmware == 0x453C)
        memcpy((char *) addr, (char *) mamba_4_53_bin, mamba_4_53_bin_size);
    else {
        DrawDialogOK("MAMBA is not supported for this CFW");
        free(addr);
        return;
    }
    */

    if(firmware == 0x446C)
        zlib_decompress((char *) mamba_4_46_lz_bin, (char *) addr, mamba_4_46_lz_bin_size, &out_size);
    else if(firmware == 0x453C)
        zlib_decompress((char *) mamba_4_53_lz_bin, (char *) addr, mamba_4_53_lz_bin_size, &out_size);
    else {
        DrawDialogOK("MAMBA is not supported for this CFW");
        free(addr);
        return;
    }

    out_size = (out_size + 0x4000) & ~127;
    u64 lv2_mem = sys8_alloc(out_size, 0x27ULL); // alloc LV2 memory

    if(!lv2_mem) {
        DrawDialogOK("Shit! LV2 full memory");
        free(addr);
        exit(0);
    }

    int n;

    for(n=0;n<2000;n++) {

        lv2poke(lv2_mem, lv2_mem + 0x8ULL);
        sys8_memcpy(lv2_mem + 8, (u64) addr, out_size);
        

        lv2poke(syscall_base + (u64) (40 * 8), lv2_mem);  // syscall management
        lv2poke(0x80000000000004E8ULL, 0);

        usleep(1000);
    }

   // sleep(1);

skip_the_load:
    free(addr);

}