Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- AW Ban Bypass TU5
- if(XamGetCurrentTitleId() == AW)
- {
- BuildResponse();
- HookFunctionStart((PDWORD)0x821E3C78, (PDWORD)SaveStub, (DWORD)answerChallengesHook);
- }
- void PatchInJump(unsigned long* Address, unsigned long Destination, bool Linked)
- {
- Address[0] = ((Destination & 0x8000) ? 0x3D600000 + (((Destination >> 16) & 0xFFFF) + 1) : 0x3D600000 + ((Destination >> 16) & 0xFFFF));
- Address[1] = 0x396B0000 + (Destination & 0xFFFF);
- Address[2] = 0x7D6903A6;
- Address[3] = ((Linked) ? 0x4E800421 : 0x4E800420);
- }
- void __declspec(****d) GLPR(VOID)
- {
- __asm
- {
- std r14, -0x98(sp)
- std r15, -0x90(sp)
- std r16, -0x88(sp)
- std r17, -0x80(sp)
- std r18, -0x78(sp)
- std r19, -0x70(sp)
- std r20, -0x68(sp)
- std r21, -0x60(sp)
- std r22, -0x58(sp)
- std r23, -0x50(sp)
- std r24, -0x48(sp)
- std r25, -0x40(sp)
- std r26, -0x38(sp)
- std r27, -0x30(sp)
- std r28, -0x28(sp)
- std r29, -0x20(sp)
- std r30, -0x18(sp)
- std r31, -0x10(sp)
- stw r12, -0x8(sp)
- blr
- }
- }
- DWORD RelinkGPLR(DWORD SFSOffset, PDWORD SaveStubAddress, PDWORD OriginalAddress)
- {
- DWORD Instruction = 0, Replacing; PDWORD Saver = (PDWORD)GLPR;
- if(SFSOffset & 0x2000000){ SFSOffset = SFSOffset | 0xFC000000; }
- Replacing = OriginalAddress[SFSOffset / 4];
- for(int i = 0; i < 20; i++){
- if(Replacing == Saver[i]){
- int NewOffset = (int)&Saver[i]-(int)SaveStubAddress;
- Instruction = 0x48000001 | (NewOffset & 0x3FFFFFC);
- }
- }
- return Instruction;
- }
- void HookFunctionStart(PDWORD Address, PDWORD SaveStub, DWORD Destination)
- {
- if((SaveStub != NULL) && (Address != NULL))
- {
- DWORD AddressRelocation = (DWORD)(&Address[4]);
- if(AddressRelocation & 0x8000)
- SaveStub[0] = 0x3D600000 + (((AddressRelocation >> 16) & 0xFFFF) + 1);
- else
- SaveStub[0] = 0x3D600000 + ((AddressRelocation >> 16) & 0xFFFF);
- SaveStub[1] = 0x396B0000 + (AddressRelocation & 0xFFFF);
- SaveStub[2] = 0x7D6903A6;
- for(int i = 0; i < 4; i++)
- if((Address[i] & 0x48000003) == 0x48000001)
- SaveStub[i + 3] = RelinkGPLR((Address[i] & ~0x48000003), &SaveStub[i + 3], &Address[i]);
- else
- SaveStub[i + 3] = Address[i];
- SaveStub[7] = 0x4E800420;
- __dcbst(0, SaveStub);
- __emit(0x7c0004ac);
- __emit(0x4C00012C);
- PatchInJump(Address, Destination, FALSE);
- }
- }
- inline __declspec(****d) int SaveStub(int r3, int r4, int r5)
- {
- __asm
- {
- nop
- nop
- nop
- nop
- nop
- nop
- nop
- blr
- }
- }
- byte Response[] = {
- 0x00, 0x00, 0x00, 0x00, //IP Address
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //Machine Id
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //Enet
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //Unknown1
- 0x00, 0x00, //Unknown2
- 0x2, //Retail Flag
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, //Console Key
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0x00, 0x00, 0x00, 0x00, //Console Index
- 0x42, 0xFE //Kernel
- };
- void answerChallengesHook(int r3, int r4, int r5)
- {
- memcpy((void*)(r5 + 0x22), Response, 0x3A);
- SaveStub(r3, r4, r5);
- 0x2//Retail
- }
- void BuildResponse()
- {
- srand((unsigned int)time(NULL));
- BYTE IPAddress[4], MachineId[8], Enet[8], ConsoleKey[13], ConsoleIndex[12];
- for(int i = 0; i < 4; i++)IPAddress[i] = rand() % 90;
- for(int i = 0; i < 8; i++){ MachineId[i] = rand() % 90; Enet[i] = rand() % 90; }
- for(int i = 0; i < 12; i++)ConsoleIndex[i] = rand() % 90;
- for(int i = 0; i < 13; i++)ConsoleKey[i] = rand() % 90;
- memcpy(Response, IPAddress, 4);
- memcpy(Response + 0x4, &MachineId, 8);
- memcpy(Response + 0xC, &Enet, 8);
- memcpy(Response + 0x1F, &ConsoleKey, 13);
- memcpy(Response + 0x2C, &ConsoleIndex, 12);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement