void hvsc_redirect(uint8_t hvcall, uint8_t opt)
{
int x;
uint64_t original_syscall_code_1 = lv2peek(HVSC_SYSCALL_ADDR);
uint64_t original_syscall_code_2 = lv2peek(HVSC_SYSCALL_ADDR + 8);
uint64_t original_syscall_code_3 = lv2peek(HVSC_SYSCALL_ADDR + 16);
uint64_t original_syscall_code_4 = lv2peek(HVSC_SYSCALL_ADDR + 24);
// Install redirect
if(opt == 0)
{
for (x=0;x<25;x++)
{
lv2poke(HVSC_SYSCALL_ADDR, 0x7C0802A6F8010010ULL);
lv2poke(HVSC_SYSCALL_ADDR + 8, 0x3960000044000022ULL | (uint64_t)hvcall << 32);
lv2poke(HVSC_SYSCALL_ADDR + 16, 0xE80100107C0803A6ULL);
lv2poke(HVSC_SYSCALL_ADDR + 24, 0x4e80002060000000ULL);
__asm__("sync");
}
}
if(opt == 1) // Remove redirections
{
for (x=0;x<25;x++)
{
lv2poke(HVSC_SYSCALL_ADDR, original_syscall_code_1);
lv2poke(HVSC_SYSCALL_ADDR + 8, original_syscall_code_2);
lv2poke(HVSC_SYSCALL_ADDR + 16, original_syscall_code_3);
lv2poke(HVSC_SYSCALL_ADDR + 24, original_syscall_code_4);
__asm__("sync");
}
}
}
int patch_htabfix()
{
int i, res;
uint64_t pte0, pte1;
// process entire lv2
for (i = 0; i < 128; i++)
{
// read the old value
pte0 = lv2peek(HTAB_BASE | (i << 7));
pte1 = lv2peek(HTAB_BASE | (i << 7) + 8);
WriteLogInit(0,NULL,"APP: %d loop\n",i);;
WriteLogInit(0,NULL,"APP: pte0: 0x%016llx\n", pte0);;
WriteLogInit(0,NULL,"APP: pte1: 0x%016llx\n", pte1);;
//verify entry is lv2
if ((pte1 >= HTAB_LV2_START) && (pte1 < HTAB_LV2_END))
{
// patch proper htab settings
res = lv1_write_htab_entry( 0, i << 3, pte0, (pte1 & 0xff0000) | 0x190 );
}
}
WriteLogInit(0,NULL,"APP: Htab parcheado OK!\n");;
return res;
}
static void write_htab(void)
{
u64 cont = 0;
lv1_reg regs_i, regs_o;
u32 val;
while(cont < 0x80) {
val = (cont << 7);
regs_i.reg3 = 0;
regs_i.reg4 = (cont << 3ULL);
regs_i.reg5 = lv2peek(0x800000000f000000ULL | ((u64) val));
regs_i.reg6 = lv2peek(0x800000000f000008ULL | ((u64) val));
regs_i.reg6 = (regs_i.reg6 & 0xff0000ULL) | 0x190ULL;
regs_i.reg11= 1;
sys8_lv1_syscall(®s_i, ®s_o);
cont++;
}
}
void load_ps3_discless_payload()
{
u64 *addr= (u64 *) memalign(8, ps3_storage_bin_size + 31);
if(!addr) {
DrawDialogOK("Shit! full memory");
exit(0);
}
if(!syscall_base) {
DrawDialogOK("syscall_base is empty!");
return;
}
if(lv2peek(0x80000000000004E8ULL)) goto skip_the_load;
write_htab();
PAYLOAD_BASE = 0x80000000007FE000ULL;
memcpy((char *) addr, (char *) ps3_storage_bin, ps3_storage_bin_size);
addr[1] = syscall_base;
addr[2] += PAYLOAD_BASE; // sys 40
addr[3] = lv2peek(syscall_base + (u64) (40 * 8));
addr[4] += PAYLOAD_BASE;
addr[5] = lv2peek(syscall_base + (u64) (130 * 8));
addr[6] += PAYLOAD_BASE;
addr[7] = lv2peek(syscall_base + (u64) (879 * 8));
addr[8] += PAYLOAD_BASE;
addr[9] = lv2peek(syscall_base + (u64) (864 * 8));
addr[10] += PAYLOAD_BASE;
addr[11] = lv2peek(syscall_base + (u64) (619 * 8));
addr[12] += PAYLOAD_BASE;
addr[13] = lv2peek(syscall_base + (u64) (837 * 8));
addr[14] += PAYLOAD_BASE;
addr[15] = lv2peek(syscall_base + (u64) (609 * 8));
int n;
for(n=0;n<200;n++) {
lv2poke(0x80000000000004E8ULL, PAYLOAD_BASE);
sys8_memcpyinstr(PAYLOAD_BASE, (u64) addr, (u64) ((ps3_storage_bin_size + 7) & ~7));
lv2poke(syscall_base + (u64) (40 * 8), PAYLOAD_BASE + 0x10ULL); // syscall management
lv2poke(syscall_base + (u64) (130 * 8), PAYLOAD_BASE + 0x20ULL); // sys_event_queue_receive
lv2poke(syscall_base + (u64) (879 * 8), PAYLOAD_BASE + 0x30ULL); // sys_ss_media_id
lv2poke(syscall_base + (u64) (864 * 8), PAYLOAD_BASE + 0x40ULL); // storage_manager
lv2poke(syscall_base + (u64) (619 * 8), PAYLOAD_BASE + 0x50ULL); // sys_storage_async_send_device_command
lv2poke(syscall_base + (u64) (837 * 8), PAYLOAD_BASE + 0x60ULL); // sys_fs_mount
lv2poke(syscall_base + (u64) (609 * 8), PAYLOAD_BASE + 0x70ULL); // sys_storage_get_device_info
usleep(10000);
}
sleep(1);
skip_the_load:
free(addr);
send_async_data_table();
}
int main(int argc, char *argv[])
{
int ret, server_mode;
void *host_addr = memalign(1024 * 1024, HOST_SIZE);
msgType dialog_type;
sys_ppu_thread_t id; // start server thread
load_modules();
init_logging();
netInitialize();
netCtlInit();
// Initialize SPUs
LOG(lm_main, LOG_DEBUG, ("Initializing SPUs\n"));
ret = sysSpuInitialize(MAX_PHYSICAL_SPU, MAX_RAW_SPU);
if (ret != 0)
{
LOG(lm_main, LOG_ERROR, ("sysSpuInitialize failed: %d\n", ret));
goto quit;
}
init_screen(host_addr, HOST_SIZE);
ioPadInit(7);
ret = initialize_exit_handlers();
if (ret != 0)
goto quit;
show_version();
if (user_requested_exit())
goto quit;
u64 CEX=0x4345580000000000ULL;
u64 DEX=0x4445580000000000ULL;
u64 DEH=0x4445480000000000ULL;
if(lv2peek(0x80000000002E79C8ULL)==DEX) {dex_mode=2; c_firmware=3.41f;}
else
if(lv2peek(0x80000000002CFF98ULL)==CEX) {dex_mode=0; c_firmware=3.41f;}
else
if(lv2peek(0x80000000002EFE20ULL)==DEX) {dex_mode=2; c_firmware=3.55f;}
else
if(lv2peek(0x80000000002D83D0ULL)==CEX) {dex_mode=0; c_firmware=3.55f;}
else
if(lv2peek(0x8000000000302D88ULL)==DEX) {dex_mode=2; c_firmware=4.21f;}
else
if(lv2peek(0x80000000002E8610ULL)==CEX) {dex_mode=0; c_firmware=4.21f;}
else
if(lv2peek(0x80000000002E9F08ULL)==CEX) {dex_mode=0; c_firmware=4.30f;}
else
if(lv2peek(0x8000000000304630ULL)==DEX) {dex_mode=2; c_firmware=4.30f;}
else
if(lv2peek(0x80000000002E9F18ULL)==CEX) {dex_mode=0; c_firmware=4.31f;}
else
if(lv2peek(0x80000000002EA488ULL)==CEX) {dex_mode=0; c_firmware=4.40f;}
else
if(lv2peek(0x80000000002EA498ULL)==CEX) {dex_mode=0; c_firmware=4.41f;}
else
if(lv2peek(0x8000000000304EF0ULL)==DEX) {dex_mode=2; c_firmware=4.41f;}
else
if(lv2peek(0x80000000002EA9B8ULL)==CEX) {dex_mode=0; c_firmware=4.46f;}
else
if(lv2peek(0x8000000000305410ULL)==DEX) {dex_mode=2; c_firmware=4.46f;}
else
if(lv2peek(0x80000000002E9BE0ULL)==CEX) {dex_mode=0; c_firmware=4.50f;}
else
if(lv2peek(0x8000000000309698ULL)==DEX) {dex_mode=2; c_firmware=4.50f;}
else
if(lv2peek(0x80000000002E9D70ULL)==CEX) {dex_mode=0; c_firmware=4.53f;}
else
if(lv2peek(0x80000000002EC5E0ULL)==CEX) {dex_mode=0; c_firmware=4.55f;}
else
if(lv2peek(0x80000000002ED850ULL)==CEX) {dex_mode=0; c_firmware=4.60f;}
else
if(lv2peek(0x80000000002ED860ULL)==CEX) {dex_mode=0; c_firmware=4.65f;}
else
if(lv2peek(0x800000000030F1A8ULL)==DEX) {dex_mode=2; c_firmware=4.65f;}
else
if(lv2peek(0x80000000002ED778ULL)==CEX) {dex_mode=0; c_firmware=4.70f;}
else
if(lv2peek(0x800000000030F240ULL)==DEX) {dex_mode=2; c_firmware=4.70f;}
else
if(lv2peek(0x80000000002ED818ULL)==CEX) {dex_mode=0; c_firmware=4.75f;}
else
if(lv2peek(0x800000000030F2D0ULL)==DEX) {dex_mode=2; c_firmware=4.75f;}
else
if(lv2peek(0x80000000002ED808ULL)==CEX) {dex_mode=0; c_firmware=4.80f;}
else
if(lv2peek(0x800000000030F3A0ULL)==DEX) {dex_mode=2; c_firmware=4.80f;}
else
if(lv2peek(0x800000000030F3B0ULL)==DEX) {dex_mode=2; c_firmware=4.81f;}
else
if(lv2peek(0x800000000032EB60ULL)==DEH) {deh_mode=2; c_firmware=4.81f;}
else
c_firmware=0.00f;
if(c_firmware==3.55f && dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_355D;
}
else
if(c_firmware==3.55f && !dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_355;
}
else
if(c_firmware==4.21f && !dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_421;
}
else
if(c_firmware==4.30f && !dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_430;
}
else
if(c_firmware==4.30f && dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_430D;
}
else
if(c_firmware==4.31f && !dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_431;
}
else
if(c_firmware==4.40f && !dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_440;
}
else
if(c_firmware==4.41f && !dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_441;
}
else
if(c_firmware==4.41f && dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_441D;
}
else
if(c_firmware==4.46f && !dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_446;
}
else
if(c_firmware==4.50f && !dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_450;
}
else
if(c_firmware==4.53f && !dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_453;
}
else
if(c_firmware==4.55f && !dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_455;
}
else
if(c_firmware==4.60f && !dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_460;
}
else
if(c_firmware==4.65f && !dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_465;
}
else
if(c_firmware==4.65f && dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_465D;
}
else
if(c_firmware==4.70f && !dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_470;
}
else
if(c_firmware==4.70f && dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_470D;
}
else
if(c_firmware==4.75f && !dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_475;
}
else
if(c_firmware==4.80f && !dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_480;
}
else
if(c_firmware==4.80f && dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_480D;
}
else
if(c_firmware==4.75f && dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_475D;
}
else
if(c_firmware==4.81f && dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_481D;
}
else
if(c_firmware==4.46f && dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_446D;
}
else
if(c_firmware==4.50f && dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_450D;
}
else
if(c_firmware==4.21f && dex_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_421D;
}
else
if(c_firmware==3.41f)
{
SYSCALL_TABLE = SYSCALL_TABLE_341;
}
else
if(c_firmware==4.81f && deh_mode)
{
SYSCALL_TABLE = SYSCALL_TABLE_481H;
}
/*
if(c_firmware>=4.20f && SYSCALL_TABLE)
{
// add and enable lv2 peek/poke + lv1 peek/poke
lv2poke(0x800000000000171CULL, 0x7C0802A6F8010010ULL);
lv2poke(0x800000000000171CULL + 8, 0x396000B644000022ULL);
lv2poke(0x800000000000171CULL + 16, 0x7C832378E8010010ULL);
lv2poke(0x800000000000171CULL + 24, 0x7C0803A64E800020ULL);
lv2poke(0x800000000000171CULL + 32, 0x7C0802A6F8010010ULL);
lv2poke(0x800000000000171CULL + 40, 0x396000B744000022ULL);
lv2poke(0x800000000000171CULL + 48, 0x38600000E8010010ULL);
lv2poke(0x800000000000171CULL + 56, 0x7C0803A64E800020ULL);
lv2poke(0x800000000000171CULL + 64, 0x7C0802A6F8010010ULL);
lv2poke(0x800000000000171CULL + 72, 0x7D4B537844000022ULL);
lv2poke(0x800000000000171CULL + 80, 0xE80100107C0803A6ULL);
lv2poke(0x800000000000171CULL + 88, 0x4E80002080000000ULL);
lv2poke(0x800000000000171CULL + 96, 0x0000170C80000000ULL);
lv2poke(0x800000000000171CULL + 104, 0x0000171480000000ULL);
lv2poke(0x800000000000171CULL + 112, 0x0000171C80000000ULL);
lv2poke(0x800000000000171CULL + 120, 0x0000173C80000000ULL);
lv2poke(0x800000000000171CULL + 128, 0x0000175C00000000ULL);
lv2poke(SYSCALL_PTR( 6), 0x8000000000001778ULL); //sc6
lv2poke(SYSCALL_PTR( 7), 0x8000000000001780ULL); //sc7
lv2poke(SYSCALL_PTR( 8), 0x8000000000001788ULL); //sc8
lv2poke(SYSCALL_PTR( 9), 0x8000000000001790ULL); //sc9
lv2poke(SYSCALL_PTR(10), 0x8000000000001798ULL); //sc10
}*/
// remove patch protection
if(c_firmware==3.55f)
remove_protection();
if(c_firmware==0.00f)
ret = -1;
else
ret = patch_lv1_ss_services();
if (ret < 0)
{
dialog_type = (MSG_DIALOG_NORMAL | MSG_DIALOG_BTN_TYPE_OK | MSG_DIALOG_DISABLE_CANCEL_ON);
msgDialogOpen2(dialog_type, "ERROR: Couldn't patch lv1 services, returning to the XMB.\nMake sure you are running a firmware which allows patching!", dialog_handler, NULL, NULL);
dialog_action = 0;
while (!dialog_action && !user_requested_exit())
{
sysUtilCheckCallback();
flip();
}
msgDialogAbort();
goto quit;
}
// patch syscall 864 to allow drive re-init
if(c_firmware==0.0f)
ret = -1;
else
ret = patch_syscall_864();
if (ret < 0)
{
dialog_type = (MSG_DIALOG_NORMAL | MSG_DIALOG_BTN_TYPE_OK | MSG_DIALOG_DISABLE_CANCEL_ON);
msgDialogOpen2(dialog_type, "ERROR: Couldn't patch syscall 864, returning to the XMB.\nMake sure you are running a firmware which allows patching!", dialog_handler, NULL, NULL);
dialog_action = 0;
while (!dialog_action && !user_requested_exit())
{
sysUtilCheckCallback();
flip();
}
msgDialogAbort();
goto quit;
}
// install the necessary modules
ret = install_modules();
if (ret < 0)
{
dialog_type = (MSG_DIALOG_NORMAL | MSG_DIALOG_BTN_TYPE_OK | MSG_DIALOG_DISABLE_CANCEL_ON);
msgDialogOpen2(dialog_type, "Installation was aborted, returning to the XMB.", dialog_handler, NULL, NULL);
dialog_action = 0;
while (!dialog_action && !user_requested_exit())
{
sysUtilCheckCallback();
flip();
}
msgDialogAbort();
goto quit;
}
if (user_requested_exit())
goto quit;
// reset & re-authenticate the BD drive
sys_storage_reset_bd();
sys_storage_authenticate_bd();
// eject current disc
{
int fd;
ret = sys_storage_open(BD_DEVICE, &fd);
if (ret == 0)
{
ioctl_eject(fd);
sys_storage_close(fd);
}
}
ret = sysDiscRegisterDiscChangeCallback(&bd_eject_disc_callback, &bd_insert_disc_callback);
// poll for an output_device
poll_output_devices();
server_mode = user_select_server_mode();
if (user_requested_exit())
goto quit;
if (server_mode)
{
#ifdef ENABLE_LOGGING
if (output_device)
{
char file_path[100];
sprintf(file_path, "%s/daemon_log.txt", output_device);
set_log_file(file_path);
}
#endif
sysThreadCreate(&id, listener_thread, NULL, 1500, 0x400, 0, "listener");
while (1)
{
// server loop
server_loop();
// break out of the loop when requested
if (user_requested_exit())
break;
}
}
else
{
while (1)
{
// main loop
main_loop();
// break out of the loop when requested
if (user_requested_exit())
break;
}
}
ret = sysDiscUnregisterDiscChangeCallback();
quit:
unpatch_lv1_ss_services();
destroy_logging();
netDeinitialize();
unload_modules();
free(host_addr);
return 0;
}
int patch_syscall_864(void)
{
if(c_firmware>4.81f) return -1;
uint64_t addr;
if(deh_mode)
{
if(c_firmware==4.81f)
addr = 0x800000000032C958ULL; // fw 4.81H
else return -1;
}
else if(dex_mode)
{
if(c_firmware==3.55f)
addr = 0x80000000002EF270ULL; // fw 3.55D
else if(c_firmware==4.21f)
addr = 0x8000000000302098ULL; // fw 4.21D
else if(c_firmware==4.30f)
addr = 0x8000000000303940ULL; // fw 4.30D
else if(c_firmware==4.41f)
addr = 0x8000000000304220ULL; // fw 4.41D
else if(c_firmware==4.46f)
addr = 0x8000000000304720ULL; // fw 4.46D
else if(c_firmware==4.50f)
addr = 0x80000000003089C8ULL; // fw 4.50D
else if(c_firmware==4.65f)
addr = 0x800000000030E480ULL; // fw 4.65D
else if(c_firmware==4.80f)
addr = 0x800000000030E658ULL; // fw 4.80D
else if(c_firmware==4.81f)
addr = 0x800000000030E668ULL; // fw 4.81D
else return -1;
}
else
{
if(c_firmware==3.55f)
addr = 0x80000000002D7820ULL; // fw 3.55
else if(c_firmware==4.21f)
addr = 0x80000000002E7920ULL;
else if(c_firmware==4.30f)
addr = 0x80000000002E9218ULL;
else if(c_firmware==4.31f)
addr = 0x80000000002E9228ULL;
else if(c_firmware==4.40f)
addr = 0x80000000002E9798ULL;
else if(c_firmware==4.41f)
addr = 0x80000000002E97A8ULL;
else if(c_firmware==4.46f)
addr = 0x80000000002E9CE8ULL;
else if(c_firmware==4.50f)
addr = 0x80000000002E8F10ULL;
else if(c_firmware==4.53f)
addr = 0x80000000002E90A0ULL;
else if(c_firmware==4.55f)
addr = 0x80000000002EB8B8ULL;
else if(c_firmware==4.60f)
addr = 0x80000000002ECB28ULL;
else if(c_firmware==4.65f)
addr = 0x80000000002ECB38ULL;
else if(c_firmware==4.70f)
addr = 0x80000000002ECA50ULL;
else if(c_firmware==4.75f)
addr = 0x80000000002ECAD0ULL;
else if(c_firmware==4.80f)
addr = 0x80000000002ECAC0ULL;
else if(c_firmware==3.41f)
addr = 0x80000000002CF880ULL; // fw 3.41
else return -1;
}
uint64_t access_rights = lv2peek( addr);
if (access_rights == 0x2000000000000000ULL)
{
lv2poke( addr, 0x4000000000000000ULL);
}
else if (access_rights != 0x4000000000000000ULL)
{
return -1;
}
return 0;
}
int get_firmware()
{
uint64_t toc = lv2peek(0x8000000000003000ULL);
switch(toc)
{
case 0x8000000000330540ULL:
return 0x355C;
break;
case 0x800000000034AC80ULL:
return 0x355D;
break;
case 0x8000000000346390ULL:
return 0x421C;
break;
case 0x8000000000363E80ULL:
return 0x421D;
break;
case 0x8000000000348200ULL:
return 0x430C;
break;
case 0x8000000000365CA0ULL:
return 0x430D;
break;
case 0x8000000000348210ULL:
return 0x431C;
break;
case 0x80000000003487D0ULL:
return 0x440C;
break;
case 0x80000000003487E0ULL:
return 0x441C;
break;
case 0x80000000003665C0ULL:
return 0x441D;
break;
case 0x8000000000366BD0ULL:
return 0x446D;
break;
case 0x8000000000348DF0ULL:
return 0x446C;
break;
case 0x800000000034B160ULL:
return 0x450C;
break;
case 0x800000000036EC40ULL:
return 0x450D;
break;
case 0x800000000034B2E0ULL:
return 0x453C;
break;
case 0x8000000000370620ULL:
return 0x453D;
break;
case 0x800000000034E620ULL:
return 0x455C;
break;
case 0x80000000003738E0ULL:
return 0x455D;
break;
case 0x800000000034F950ULL:
return 0x460C;
break;
case 0x8000000000375500ULL:
return 0x460D;
break;
case 0x800000000034F960ULL:
return (lv2peek(0x80000000002FC938ULL)==0x323031342F31312FULL) ? 0x466C : 0x465C;
break;
case 0x8000000000375510ULL:
return (lv2peek(0x800000000031EBA8ULL)==0x323031342F31312FULL) ? 0x466D : 0x465D;
break;
case 0x800000000034FB10ULL:
return 0x470C;
break;
case 0x8000000000375850ULL:
return 0x470D;
break;
case 0x800000000034FBB0ULL:
return (lv2peek(0x80000000002FCB68ULL)==0x323031352F30382FULL) ? 0x476C : 0x475C;
case 0x80000000003758E0ULL:
return (lv2peek(0x800000000031EF48ULL)==0x323031352F30382FULL) ? 0x476D : 0x475D;
break;
}
return 0;
}