Want more features on Pastebin? Sign Up, it's FREE!
Guest

Ps3exploits.com

By: a guest on Sep 3rd, 2010  |  syntax: None  |  size: 17.90 KB  |  views: 184  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1.     #include <pspkernel.h>
  2.     #include <pspsdk.h>
  3.     #include <pspusb.h>
  4.     #include <pspusbbus.h>
  5.     #include <string.h>
  6.     #include "descriptors.h"
  7.         #include "usb.h"
  8.     #include "psgroove.h"
  9.  
  10.         /********************************************************************************/
  11. /*------------------------------------------------------------------------------*/
  12. /* PsGroove Emulation                                             */
  13. /*------------------------------------------------------------------------------*/
  14.  
  15. /*------------------------------------------------------------------------------*/
  16. #define PORT_EMPTY 0x0100   /* powered only */
  17. #define PORT_FULL 0x0103    /* connected, enabled, powered, full-speed */
  18. #define C_PORT_CONN  0x0001 /* connection */
  19. #define C_PORT_RESET 0x0010 /* reset */
  20. #define C_PORT_NONE  0x0000 /* no change */
  21. unsigned short port_status[6] = { PORT_EMPTY, PORT_EMPTY, PORT_EMPTY, PORT_EMPTY, PORT_EMPTY, PORT_EMPTY };
  22. unsigned short port_change[6] = { C_PORT_NONE, C_PORT_NONE, C_PORT_NONE, C_PORT_NONE, C_PORT_NONE, C_PORT_NONE };
  23. enum {
  24.    init,
  25.    wait_hub_ready,
  26.    hub_ready,
  27.    p1_wait_reset,
  28.    p1_wait_enumerate,
  29.    p1_ready,
  30.    p2_wait_reset,
  31.    p2_wait_enumerate,
  32.    p2_ready,
  33.    p3_wait_reset,
  34.    p3_wait_enumerate,
  35.    p3_ready,
  36.    p2_wait_disconnect,
  37.    p4_wait_connect,
  38.    p4_wait_reset,
  39.    p4_wait_enumerate,
  40.    p4_ready,
  41.    p5_wait_reset,
  42.    p5_wait_enumerate,
  43.    p5_challenged,
  44.    p5_responded,
  45.    p3_wait_disconnect,
  46.    p3_disconnected,
  47.    p5_wait_disconnect,
  48.    p5_disconnected,
  49.    p4_wait_disconnect,
  50.    p4_disconnected,
  51.    p1_wait_disconnect,
  52.    p1_disconnected,
  53.    p6_wait_reset,
  54.    p6_wait_enumerate,
  55.    done,
  56. } state = init;
  57.  
  58. unsigned char hub_int_response = 0x00;
  59. unsigned char hub_int_force_data0 = 0;
  60. int last_port_conn_clear = 0;
  61. int last_port_reset_clear = 0;
  62.  
  63. unsigned char port_addr[7] = { -1, -1, -1, -1, -1, -1, -1 };
  64. unsigned char port_cur = -1;
  65.  
  66. /*------------------------------------------------------------------------------*/
  67.  
  68. /*------------------------------------------------------------------------------*/
  69. /*PsGroove_Timer                                          */
  70. /*------------------------------------------------------------------------------*/
  71. volatile unsigned char expire = 0; /* counts down every 10 milliseconds */
  72. void PsGroove_Timer( void )
  73. {
  74.    if (expire > 0)
  75.       expire--;
  76. }
  77.  
  78. /*------------------------------------------------------------------------------*/
  79. /*PsGroove_Panic                                          */
  80. /*------------------------------------------------------------------------------*/
  81. void PsGroove_Panic()
  82. {
  83.    //TODO: Don't Panic!
  84. }
  85.  
  86. /*------------------------------------------------------------------------------*/
  87. /*PsGroove_Switch_Port                                          */
  88. /*------------------------------------------------------------------------------*/
  89. void PsGroove_Switch_Port(int8_t port)
  90. {
  91.    if (port_cur == port) return;
  92.    port_cur = port;
  93.    if (port_addr[port] < 0)
  94.       port_addr[port] = 0;
  95.  
  96.    //TODO: I can't port this two lines
  97.    //UDADDR = port_addr[port] & 0x7f;
  98.    //UDADDR |= (1 << ADDEN);
  99. }
  100.  
  101. /*------------------------------------------------------------------------------*/
  102. /*PsGroove_Connect_Port                                          */
  103. /*------------------------------------------------------------------------------*/
  104. void PsGroove_Connect_Port(int port)
  105. {
  106.    last_port_reset_clear = 0;
  107.    hub_int_response = (1 << port);
  108.    port_status[port - 1] = PORT_FULL;
  109.    port_change[port - 1] = C_PORT_CONN;
  110. }
  111.  
  112. /*------------------------------------------------------------------------------*/
  113. /*PsGroove_Disconnect_Port                                          */
  114. /*------------------------------------------------------------------------------*/
  115. void PsGroove_Disconnect_Port(int port)
  116. {
  117.    last_port_conn_clear = 0;
  118.    hub_int_response = (1 << port);
  119.    port_status[port - 1] = PORT_EMPTY;
  120.    port_change[port - 1] = C_PORT_CONN;
  121. }
  122.  
  123. /*------------------------------------------------------------------------------*/
  124. /*PsGroove_GetDescription                                          */
  125. /*------------------------------------------------------------------------------*/
  126. unsigned short PsGroove_GetDescription(unsigned char DescriptorType, unsigned char DescriptorNumber, unsigned short wLength,  const void** const DescriptorAddress)
  127. {
  128.    void* Address = NULL;
  129.    unsigned short Size = 0;
  130.  
  131.    switch(DescriptorType)
  132.    {
  133.    case 0x01: //DTYPE_Device
  134.       switch (port_cur) {
  135.       //case 0:
  136.       //   Address = (void *) HUB_Device_Descriptor;
  137.       //   Size    = sizeof(HUB_Device_Descriptor);
  138.       //   break;
  139.       case 1:
  140.          Address = (void *) port1_device_descriptor;
  141.          Size    = sizeof(port1_device_descriptor);
  142.          break;
  143.       case 2:
  144.          Address = (void *) port2_device_descriptor;
  145.          Size    = sizeof(port2_device_descriptor);
  146.          break;
  147.       case 3:
  148.          Address = (void *) port3_device_descriptor;
  149.          Size    = sizeof(port3_device_descriptor);
  150.          break;
  151.       case 4:
  152.          Address = (void *) port4_device_descriptor;
  153.          Size    = sizeof(port4_device_descriptor);
  154.          break;
  155.       case 5:
  156.          Address = (void *) port5_device_descriptor;
  157.          Size    = sizeof(port5_device_descriptor);
  158.          break;
  159.       case 6:
  160.          Address = (void *) port6_device_descriptor;
  161.          Size    = sizeof(port6_device_descriptor);
  162.          break;
  163.       }
  164.       break;
  165.    case 0x02: //DTYPE_Configuration
  166.       switch (port_cur) {
  167.       //case 0:
  168.       //   Address = (void *) HUB_Config_Descriptor;
  169.       //   Size    = sizeof(HUB_Config_Descriptor);
  170.       //   break;
  171.       case 1:
  172.          // 4 configurations are the same.
  173.          // For the initial 8-byte request, we give a different
  174.          // length response than in the full request.
  175.          if (DescriptorNumber < 4) {
  176.             if (wLength == 8) {
  177.                Address = (void *) port1_short_config_descriptor;
  178.                Size    = sizeof(port1_short_config_descriptor);
  179.             } else {
  180.                Address = (void *) port1_config_descriptor;
  181.                Size    = sizeof(port1_config_descriptor);
  182.             }
  183.             if (DescriptorNumber == 3 && wLength > 8) {
  184.                state = p1_ready;
  185.                expire = 10;
  186.             }
  187.          }
  188.          break;
  189.       case 2:
  190.          // only 1 config
  191.          Address = (void *) port2_config_descriptor;
  192.          Size    = sizeof(port2_config_descriptor);
  193.          state = p2_ready;
  194.          expire = 15;
  195.          break;
  196.       case 3:
  197.          // 2 configurations are the same
  198.          Address = (void *) port3_config_descriptor;
  199.          Size    = sizeof(port3_config_descriptor);
  200.          if (DescriptorNumber == 1 && wLength > 8) {
  201.             state = p3_ready;
  202.             expire = 10;
  203.          }
  204.          break;
  205.       case 4:
  206.          // 3 configurations
  207.          if (DescriptorNumber == 0) {
  208.             Address = (void *) port4_config_descriptor_1;
  209.             Size    = sizeof(port4_config_descriptor_1);
  210.          } else if (DescriptorNumber == 1) {
  211.             if (wLength == 8) {
  212.                Address = (void *) port4_short_config_descriptor_2;
  213.                Size    = sizeof(port4_short_config_descriptor_2);
  214.             } else {
  215.                Address = (void *) port4_config_descriptor_2;
  216.                Size    = sizeof(port4_config_descriptor_2);
  217.             }
  218.          } else if (DescriptorNumber == 2) {
  219.             Address = (void *) port4_config_descriptor_3;
  220.             Size    = sizeof(port4_config_descriptor_3);
  221.             if (wLength > 8) {
  222.                state = p4_ready;
  223.                expire = 20;  // longer seems to help this one?
  224.             }
  225.          }
  226.          break;
  227.       case 5:
  228.          // 1 config
  229.          Address = (void *) port5_config_descriptor;
  230.          Size    = sizeof(port5_config_descriptor);
  231.          break;
  232.       case 6:
  233.          // 1 config
  234.          Address = (void *) port6_config_descriptor;
  235.          Size    = sizeof(port6_config_descriptor);
  236.          break;
  237.       }
  238.       break;
  239.    //case 0x29: // HUB descriptor (always to port 0 we'll assume)
  240.    //   switch (port_cur) {
  241.    //   case 0:
  242.    //      Address = (void *) HUB_Hub_Descriptor;
  243.    //      Size    = sizeof(HUB_Hub_Descriptor);
  244.    //      break;
  245.    //   }
  246.    //   break;
  247.    }
  248.    
  249.    return Size;
  250. }
  251.  
  252. /*------------------------------------------------------------------------------*/
  253. /*PsGroove_UnhandledControlRequest                                          */
  254. /*------------------------------------------------------------------------------*/
  255. void PsGroove_UnhandledControlRequest(struct DeviceRequest USB_ControlRequest)
  256. {
  257.    if (port_cur == 6 && USB_ControlRequest.bRequest == 0xAA) {
  258.       /* holy crap, it worked! */
  259.       //Endpoint_ClearSETUP();
  260.       //Endpoint_ClearIN();
  261.       //Endpoint_ClearStatusStage();
  262.       state = done;
  263.       return;
  264.    }      
  265.  
  266.    if (port_cur == 5 && USB_ControlRequest.bRequest == 11 /*REQ_SetInterface*/)
  267.    {
  268.       /* can ignore this */
  269.       //Endpoint_ClearSETUP();
  270.       //Endpoint_ClearIN();
  271.       //Endpoint_ClearStatusStage();
  272.       return;
  273.    }
  274.  
  275.    if (port_cur == 0 &&
  276.        USB_ControlRequest.bmRequestType == 0xA0 &&
  277.        USB_ControlRequest.bRequest == 0x00 &&  // GET HUB STATUS
  278.        USB_ControlRequest.wValue == 0x00 &&
  279.        USB_ControlRequest.wIndex == 0x00 &&
  280.        USB_ControlRequest.wLength == 0x04) {
  281.       //Endpoint_ClearSETUP();
  282.       //Endpoint_Write_Word_LE(0x0000); // wHubStatus
  283.       //Endpoint_Write_Word_LE(0x0000); // wHubChange
  284.       //Endpoint_ClearIN();
  285.       //Endpoint_ClearStatusStage();
  286.       unsigned short Empty[] = {0x0000, 0x0000};
  287.       UsbWriteData(Empty, 4); // wHubStatus, wHubChange
  288.       return;
  289.    }
  290.  
  291.    if (port_cur == 0 &&
  292.        USB_ControlRequest.bmRequestType == 0xA3 &&  
  293.        USB_ControlRequest.bRequest == 0x00 &&   //  GET PORT STATUS
  294.        USB_ControlRequest.wValue == 0x00 &&
  295.        USB_ControlRequest.wLength == 0x04) {
  296.       unsigned char p = USB_ControlRequest.wIndex;
  297.       if (p < 1 || p > 6) return;
  298.  
  299.       //Endpoint_ClearSETUP();
  300.       //Endpoint_Write_Word_LE(port_status[p - 1]); // wHubStatus
  301.       //Endpoint_Write_Word_LE(port_change[p - 1]); // wHubChange
  302.       //Endpoint_ClearIN();
  303.       //Endpoint_ClearStatusStage();
  304.  
  305.       unsigned char Package[] = {port_status[p - 1], port_status[p], port_change[p - 1], port_change[p]};
  306.       UsbWriteData(Package, 4); // wHubStatus, wHubChange
  307.       return;
  308.    }
  309.  
  310.    if (port_cur == 0 &&
  311.        USB_ControlRequest.bmRequestType == 0x23 &&
  312.        USB_ControlRequest.bRequest == 0x03 && // SET_FEATURE
  313.        USB_ControlRequest.wLength == 0x00) {
  314.       unsigned char p = USB_ControlRequest.wIndex;
  315.       if (p < 1 || p > 6) return;
  316.  
  317.       //Endpoint_ClearSETUP();
  318.       //Endpoint_ClearIN();
  319.       //Endpoint_ClearStatusStage();
  320.  
  321.       switch(USB_ControlRequest.wValue) {
  322.       case 0x0008: // PORT_POWER
  323.          if (p == 6 && state == init) {
  324.             /* after the 6th port is powered, wait a bit and continue */
  325.             state = hub_ready;
  326.             expire = 15;
  327.          }
  328.          break;
  329.       case 0x0004: // PORT_RESET
  330.          hub_int_response = (1 << p);
  331.          port_change[p - 1] |= C_PORT_RESET;
  332.          break;
  333.       }
  334.       return;
  335.    }
  336.  
  337.    if (port_cur == 0 &&
  338.        USB_ControlRequest.bmRequestType == 0x23 &&
  339.        USB_ControlRequest.bRequest == 0x01 && // CLEAR_FEATURE
  340.        USB_ControlRequest.wLength == 0x00) {
  341.       unsigned char p = USB_ControlRequest.wIndex;
  342.       if (p < 1 || p > 6) return;
  343.  
  344.       //Endpoint_ClearSETUP();
  345.       //Endpoint_ClearIN();
  346.       //Endpoint_ClearStatusStage();
  347.  
  348.       switch(USB_ControlRequest.wValue) {
  349.       case 0x0010: // C_PORT_CONNECTION
  350.          port_change[p - 1] &= ~C_PORT_CONN;
  351.          last_port_conn_clear = p;
  352.          break;
  353.       case 0x0014: // C_PORT_RESET
  354.          port_change[p - 1] &= ~C_PORT_RESET;
  355.          last_port_reset_clear = p;
  356.          break;
  357.       }
  358.       return;
  359.    }
  360.  
  361.    PsGroove_Panic();
  362. }
  363.  
  364. /*------------------------------------------------------------------------------*/
  365. /*PsGroove_JIG_Task                                                */
  366. /*------------------------------------------------------------------------------*/
  367. const unsigned char jig_response[64] = {
  368.    0x80, 0x00, 0x00, 0x00, 0x00, 0x3d, 0xee, 0x78, 0x80, 0x00, 0x00, 0x00, 0x00, 0x3d, 0xee, 0x88,
  369.    0x80, 0x00, 0x00, 0x00, 0x00, 0x33, 0xe7, 0x20, 0xe8, 0x83, 0xff, 0xf0, 0xe8, 0x63, 0xff, 0xf8,
  370.    0xe8, 0xa3, 0x00, 0x18, 0x38, 0x63, 0x10, 0x00, 0x7c, 0x04, 0x28, 0x00, 0x40, 0x82, 0xff, 0xf4,
  371.    0x38, 0xc3, 0xf0, 0x20, 0x7c, 0xc9, 0x03, 0xa6, 0x4e, 0x80, 0x04, 0x20, 0x04, 0x00, 0x00, 0x00,
  372. };
  373. void PsGroove_JIG_Task(void)
  374. {
  375.    static int bytes_out = 0, bytes_in = 0;
  376.    unsigned char buffer[0x100];
  377.    
  378.    //Endpoint_Discard_Stream(8, NO_STREAM_CALLBACK);
  379.     UsbReadData(buffer, 8);
  380.    bytes_out += 8;
  381.    if (bytes_out >= 64)
  382.    {
  383.       state = p5_challenged;
  384.       expire = 50; // was 90
  385.    }
  386.    
  387.     if (state == p5_challenged && expire == 0)
  388.    {
  389.       if (bytes_in < 64) {
  390.          UsbWriteData(&jig_response[bytes_in], 8);
  391.          bytes_in += 8;
  392.          if (bytes_in >= 64) {
  393.             state = p5_responded;
  394.             expire = 15;
  395.          }
  396.       }
  397.    }
  398. }
  399.  
  400. /*------------------------------------------------------------------------------*/
  401. /*PsGroove_Start                                                */
  402. /*------------------------------------------------------------------------------*/
  403. void PsGroove_Start()
  404. {
  405.    //TODO: start the timer.... (PsGroove_Timer each 10 ms.)
  406.    state = init;
  407.    PsGroove_Switch_Port(0);
  408.  
  409.    for (;;)
  410.    {
  411.       /*if (port_cur == 0)
  412.          HUB_Task();*/
  413.  
  414.       if (port_cur == 5)
  415.          PsGroove_JIG_Task();
  416.  
  417.  
  418.       // connect 1
  419.       if (state == hub_ready && expire == 0)
  420.       {
  421.          PsGroove_Connect_Port(1);
  422.          state = p1_wait_reset;
  423.       }
  424.  
  425.       if (state == p1_wait_reset && last_port_reset_clear == 1)
  426.       {
  427.          PsGroove_Switch_Port(1);
  428.          state = p1_wait_enumerate;
  429.       }
  430.  
  431.       // connect 2
  432.       if (state == p1_ready && expire == 0)
  433.       {
  434.          PsGroove_Switch_Port(0);
  435.          PsGroove_Connect_Port(2);
  436.          state = p2_wait_reset;
  437.       }
  438.  
  439.       if (state == p2_wait_reset && last_port_reset_clear == 2)
  440.       {
  441.          PsGroove_Switch_Port(2);
  442.          state = p2_wait_enumerate;
  443.       }
  444.  
  445.       // connect 3
  446.       if (state == p2_ready && expire == 0)
  447.       {
  448.          PsGroove_Switch_Port(0);
  449.          PsGroove_Connect_Port(3);
  450.          state = p3_wait_reset;
  451.       }
  452.  
  453.       if (state == p3_wait_reset && last_port_reset_clear == 3)
  454.       {
  455.          PsGroove_Switch_Port(3);
  456.          state = p3_wait_enumerate;
  457.       }
  458.  
  459.       // disconnect 2
  460.       if (state == p3_ready && expire == 0)
  461.       {
  462.          PsGroove_Switch_Port(0);
  463.          PsGroove_Disconnect_Port(2);
  464.          state = p2_wait_disconnect;
  465.       }
  466.  
  467.       if (state == p2_wait_disconnect && last_port_conn_clear == 2)
  468.       {
  469.          state = p4_wait_connect;
  470.          expire = 15;
  471.       }
  472.  
  473.       // connect 4
  474.       if (state == p4_wait_connect && expire == 0)
  475.       {
  476.          PsGroove_Connect_Port(4);
  477.          state = p4_wait_reset;
  478.       }
  479.  
  480.       if (state == p4_wait_reset && last_port_reset_clear == 4)
  481.       {
  482.          PsGroove_Switch_Port(4);
  483.          state = p4_wait_enumerate;
  484.       }
  485.  
  486.       // connect 5
  487.       if (state == p4_ready && expire == 0)
  488.       {
  489.          PsGroove_Switch_Port(0);
  490.          /* When first connecting port 5, we need to
  491.             have the wrong data toggle for the PS3 to
  492.             respond */
  493.          hub_int_force_data0 = 1;
  494.          PsGroove_Connect_Port(5);
  495.          state = p5_wait_reset;
  496.       }
  497.  
  498.       if (state == p5_wait_reset && last_port_reset_clear == 5)
  499.       {
  500.          PsGroove_Switch_Port(5);
  501.          state = p5_wait_enumerate;
  502.       }
  503.  
  504.       // disconnect 3
  505.       if (state == p5_responded && expire == 0)
  506.       {
  507.          PsGroove_Switch_Port(0);
  508.          /* Need wrong data toggle again */
  509.          hub_int_force_data0 = 1;
  510.          PsGroove_Disconnect_Port(3);
  511.          state = p3_wait_disconnect;
  512.       }
  513.  
  514.       if (state == p3_wait_disconnect && last_port_conn_clear == 3)
  515.       {
  516.          state = p3_disconnected;
  517.          expire = 45;
  518.       }
  519.  
  520.       // disconnect 5
  521.       if (state == p3_disconnected && expire == 0)
  522.       {
  523.          PsGroove_Switch_Port(0);
  524.          PsGroove_Disconnect_Port(5);
  525.          state = p5_wait_disconnect;
  526.       }
  527.  
  528.       if (state == p5_wait_disconnect && last_port_conn_clear == 5)
  529.       {
  530.          state = p5_disconnected;
  531.          expire = 20;
  532.       }
  533.  
  534.       // disconnect 4
  535.       if (state == p5_disconnected && expire == 0)
  536.       {
  537.          PsGroove_Switch_Port(0);
  538.          PsGroove_Disconnect_Port(4);
  539.          state = p4_wait_disconnect;
  540.       }
  541.  
  542.       if (state == p4_wait_disconnect && last_port_conn_clear == 4)
  543.       {
  544.          state = p4_disconnected;
  545.          expire = 20;
  546.       }
  547.  
  548.       // disconnect 1
  549.       if (state == p4_disconnected && expire == 0)
  550.       {
  551.          PsGroove_Switch_Port(0);
  552.          PsGroove_Disconnect_Port(1);
  553.          state = p1_wait_disconnect;
  554.       }
  555.  
  556.       if (state == p1_wait_disconnect && last_port_conn_clear == 1)
  557.       {
  558.          state = p1_disconnected;
  559.          expire = 20;
  560.       }
  561.  
  562.       // connect 6
  563.       if (state == p1_disconnected && expire == 0)
  564.       {
  565.          PsGroove_Switch_Port(0);
  566.          PsGroove_Connect_Port(6);
  567.          state = p6_wait_reset;
  568.       }
  569.  
  570.       if (state == p6_wait_reset && last_port_reset_clear == 6)
  571.       {
  572.          PsGroove_Switch_Port(6);
  573.          state = p6_wait_enumerate;
  574.       }
  575.  
  576.       // done
  577.       if (state == done)
  578.       {
  579.          //TODO: Great!
  580.       }
  581.    }
  582. }
clone this paste RAW Paste Data