Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Lonje Hacked PS3
- ----------------
- Code multiman cfw 4.21 CEX :
- ==================================================================================================================
- LV2: Original 3.55 syscall36 code parts loaded at 0x2E8670 and 0x2D1060 and modified for 4.21CEX CFW as follows:
- ==================================================================================================================
- 002E8670 25 73 25 30 31 36 6C 78 25 30 31 36 6C 78 25 30 %s%016lx%016lx%0
- 002E8680 31 36 6C 78 25 30 31 36 6C 78 25 30 31 36 6C 78 16lx%016lx%016lx
- 002E8690 25 64 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 %d..............
- 002E86A0 F8 21 FF 61 7C 08 02 A6 FB 81 00 80 FB A1 00 88 °!*a|..?vA.Ava.E
- 002E86B0 FB E1 00 98 FB 41 00 70 FB 61 00 78 F8 01 00 B0 vn.OvA.pva.x°..-
- 002E86C0 7C 9C 23 78 7C 7D 1B 78 3B E0 00 01 7B FF F8 06 |U#x|}.x;?..{*°.
- 002E86D0 67 E4 00 2E 60 84 87 14 38 A0 00 07 4B D6 60 2D go..`AC.8a..Ka`-
- 002E86E0 28 23 00 00 40 82 00 4C 67 FF 00 2D 63 FF 11 1C (#..@A.Lg*.-c*..
- 002E86F0 E8 7F 00 00 28 23 00 00 41 82 00 14 E8 7F 00 08 o..(#..AA..o..
- 002E8700 38 9D 00 09 4B D6 5F B1 EB BF 00 00 7F A3 EB 78 8Y..Ka_-u¬..aux
- 002E8710 4B FD 9E 70 2F 64 65 76 5F 62 64 76 64 00 2F 61 K¤?p/dev_bdvd./a
- 002E8720 70 70 5F 68 6F 6D 65 00 00 00 00 00 00 00 00 00 pp_home.........
- 002E8730 7F A3 EB 78 3B E0 00 01 7B FF F8 06 67 E4 00 2E aux;?..{*°.go..
- 002E8740 60 84 87 1E 38 A0 00 02 4B D6 5F C1 28 23 00 00 `AC.8a..Ka_+(#..
- 002E8750 40 82 00 28 67 FF 00 2D 63 FF 11 1C E8 7F 00 00 @A.(g*.-c*..o..
- 002E8760 28 23 00 00 41 82 00 14 E8 7F 00 08 38 9D 00 09 (#..AA..o..8Y..
- 002E8770 4B D6 5F 45 EB BF 00 00 7F A3 EB 78 4B FD 9E 04 Ka_Eu¬..auxK¤?.
- 002D1060 25 64 25 73 25 30 31 36 6C 78 25 30 31 36 6C 6C %d%s%016lx%016ll
- 002D1070 78 25 30 31 36 6C 6C 78 25 73 25 73 25 30 38 78 x%016llx%s%s%08x
- 002D1080 25 64 25 31 64 25 31 64 25 31 64 41 41 41 0A 00 %d%1d%1d%1dAAA..
- 002D1090 F8 21 FF 31 7C 08 02 A6 F8 01 00 E0 FB E1 00 C8 °!*1|..?°..?vn.L
- 002D10A0 38 81 00 70 4B EE 08 E5 3B E0 00 01 7B FF F8 06 8A.pK?.o;?..{*°.
- 002D10B0 67 FF 00 2D 63 FF 11 1C E8 7F 00 00 2C 23 00 00 g*.-c*..o..,#..
- 002D10C0 41 82 00 0C 38 80 00 27 4B D9 32 4D 38 80 00 27 AA..8A.'K-2M8A.'
- 002D10D0 38 60 08 00 4B D9 2E 05 F8 7F 00 00 E8 81 00 70 8`..K-..°..oA.p
- 002D10E0 4B D7 D5 D5 E8 61 00 70 38 80 00 27 4B D9 32 29 K+--oa.p8A.'K-2)
- 002D10F0 E8 7F 00 00 4B D7 D5 E9 E8 9F 00 00 7C 64 1A 14 o..K+-uo?..|d..
- 002D1100 F8 7F 00 08 38 60 00 00 EB E1 00 C8 E8 01 00 E0 °..8`..un.Lo..?
- 002D1110 38 21 00 D0 7C 08 03 A6 4E 80 00 20 80 00 00 00 8!.¦|..?NA. A...
- 002D1120 00 59 18 00 80 00 00 00 00 59 18 09 00 00 00 00 .Y..A....Y......
- 002D1130 80 00 00 00 00 2D 10 90
- Lv2Syscall2(7, 0x80000000002E86D0ULL, 0x67E4002E60848714ULL ); // 2E86D0 oris r4, r31, 0x2E // 67 E4 00 2E 60 84 87 14 // (/dev_bdvd) // 2E86D4 ori r4, r4, 0x8714
- Lv2Syscall2(7, 0x80000000002E86DCULL, 0x4BD6602D28230000ULL ); // 2E86DC bl strncmp_sub_4E708 // 4B D6 60 2D 28 23 00 00
- Lv2Syscall2(7, 0x80000000002E86E8ULL, 0x67FF002D63FF111CULL ); // 2E86E8 oris r31, r31, 0x2D // 67 FF 00 2D 63 FF 11 1C // 2E86EC ori r31, r31, 0x111C
- Lv2Syscall2(7, 0x80000000002E8704ULL, 0x4BD65FB1EBBF0000ULL ); // 2E8704 bl strcpy_sub_4E6B4 // 4B D6 5F B1 EB BF 00 00
- Lv2Syscall2(7, 0x80000000002E8710ULL, 0x4BFD9E702F646576ULL ); // 2E8710 b loc_2C2580 // 4B FD 9E 70 2F 64 65 76 // hook_return
- Lv2Syscall2(7, 0x80000000002E873CULL, 0x67E4002E6084871EULL ); // 2E873C oris r4, r31, 0x2E // 67 E4 00 2E 60 84 87 1E // (/app_home) // 2E8740 ori r4, r4, 0x871E
- Lv2Syscall2(7, 0x80000000002E8748ULL, 0x4BD65FC128230000ULL ); // 2E8748 bl strncmp_sub_4E708 // 4B D6 5F C1 28 23 00 00
- Lv2Syscall2(7, 0x80000000002E8754ULL, 0x67FF002D63FF111CULL ); // 2E8754 oris r31, r31, 0x2D // 67 FF 00 2D 63 FF 11 1C // 2E8758 ori r31, r31, 0x111C
- Lv2Syscall2(7, 0x80000000002E8770ULL, 0x4BD65F45EBBF0000ULL ); // 2E8770 bl strcpy_sub_4E6B4 // 4B D6 5F 45 EB BF 00 00
- Lv2Syscall2(7, 0x80000000002E877CULL, 0x4BFD9E047461636BULL ); // 2E877C b loc_2C2580 // 4B FD 9E 04 74 61 63 6B // hook_return
- Lv2Syscall2(7, 0x80000000002D10A4ULL, 0x4BEE08E53BE00001ULL ); // 2D10A4 bl pathdup_from_user_1B1988 // 4B EE 08 E5 3B E0 00 01
- Lv2Syscall2(7, 0x80000000002D10B0ULL, 0x67FF002D63FF111CULL ); // 2D10B0 oris r31, r31, 0x2D // 67 FF 00 2D 63 FF 11 1C // 2D10B4 ori r31, r31, 0x111C
- Lv2Syscall2(7, 0x80000000002D10C8ULL, 0x4BD9324D38800027ULL ); // 2D10C8 bl free_sub_64314 // 4B D9 32 4D 38 80 00 27
- Lv2Syscall2(7, 0x80000000002D10D4ULL, 0x4BD92E05F87F0000ULL ); // 2D10D4 bl alloc_sub_63ED8 // 4B D9 2E 05 F8 7F 00 00
- Lv2Syscall2(7, 0x80000000002D10E0ULL, 0x4BD7D5D5E8610070ULL ); // 2D10E0 bl strcpy_sub_4E6B4 // 4B D7 D5 D5 E8 61 00 70
- Lv2Syscall2(7, 0x80000000002D10ECULL, 0x4BD93229E87F0000ULL ); // 2D10EC bl free_sub_64314 // 4B D9 32 29 E8 7F 00 00
- Lv2Syscall2(7, 0x80000000002D10F4ULL, 0x4BD7D5E9E89F0000ULL ); // 2D10F4 bl strlen_sub_4E6DC // 4B D7 D5 E9 E8 9F 00 00
- Lv2Syscall2(7, 0x80000000002D1130ULL, 0x80000000002D1090ULL ); // 2D1130 .long syscall_lv2_syscall_36 // 80 00 00 00 00 2D 10 90 // sc36 vector
- Lv2Syscall2(7, 0x80000000002C2558ULL, 0x480261487C0802A6ULL ); // 2C2558 b sub_2E86A0 // hook open
- Lv2Syscall2(7, 0x800000000035BDC8ULL, 0x80000000002D1130ULL ); // enable syscall36
- 2E8714 aDev_bdvd: .string "/dev_bdvd"
- 2E871E aApp_home: .string "/app_home"
- 2D111C free/alloc address pointer -> (set by functions)
- 2D1130 syscall36 address pointer -> 0x80000000002D1090
- ==================================================================================================================
- LV2: Additional patches for PARAM.SFO and access permissions
- Lv2Syscall2(7, 0x8000000000057020ULL, 0x63FF003D60000000ULL ); // fix 8001003D error
- Lv2Syscall2(7, 0x80000000000570E4ULL, 0x3FE080013BE00000ULL ); // fix 8001003E error
- Lv2Syscall2(7, 0x8000000000057090ULL, 0x419E00D860000000ULL );
- Lv2Syscall2(7, 0x8000000000057098ULL, 0x2F84000448000098ULL );
- Lv2Syscall2(7, 0x800000000005AA54ULL, 0x2F83000060000000ULL );
- Lv2Syscall2(7, 0x800000000005AA68ULL, 0x2F83000060000000ULL );
- ==================================================================================================================
- LV1: Remove LV2 memory protection (syscall8/9=lv1 peek/poke) HV_START_OFFSET_421 = 0x370A28
- Lv2Syscall2(9, HV_START_OFFSET_421 + 0, 0x0000000000000001ULL);
- Lv2Syscall2(9, HV_START_OFFSET_421 + 8, 0xe0d251b556c59f05ULL);
- Lv2Syscall2(9, HV_START_OFFSET_421 + 16, 0xc232fcad552c80d7ULL);
- Lv2Syscall2(9, HV_START_OFFSET_421 + 24, 0x65140cd200000000ULL);
- ==================================================================================================================
- LV1: Storage Manger Access Rights (enable)
- Lv2Syscall2(9, 0x16f758, 0x7f83e37860000000ULL);
- Lv2Syscall2(9, 0x16f77c, 0x7f85e37838600001ULL);
- Lv2Syscall2(9, 0x16f7f4, 0x7f84e3783be00001ULL);
- Lv2Syscall2(9, 0x16f7fc, 0x9be1007038600000ULL);
- LV2: Enable SM syscalls from GameOS
- Lv2Syscall2(7, 0x80000000002E7920ULL, (uint64_t) 0x40 << 56);
- ==================================================================================================================
- LV1: Storage Manger Access Rights (restore)
- Lv2Syscall2(9, 0x16f758, 0x7f83e378f8010098ULL);
- Lv2Syscall2(9, 0x16f77c, 0x7f85e3784bfff0e5ULL);
- Lv2Syscall2(9, 0x16f7f4, 0x7f84e37838a10070ULL);
- Lv2Syscall2(9, 0x16f7fc, 0x9be1007048006065ULL);
- LV2: Disable SM syscalls from GameOS (restore)
- Lv2Syscall2(7, 0x80000000002E7920ULL, (uint64_t) 0x20 << 56);
- ==================================================================================================================
- LV2: sys_get_system_parameter (syscall 867) patch for BD-Movie region change (target_id=0x01 .. 0x0D)
- Lv2Syscall2(7, 0x80000000002E8780ULL, 0xF821FF517C0802A6ULL );
- Lv2Syscall2(7, 0x80000000002E8788ULL, 0xFBC100A0FBE100A8ULL );
- Lv2Syscall2(7, 0x80000000002E8790ULL, 0xFBA10098F80100C0ULL );
- Lv2Syscall2(7, 0x80000000002E8798ULL, 0x3FE0000163FF9004ULL );
- Lv2Syscall2(7, 0x80000000002E87A0ULL, 0x7C1F18004082003CULL );
- Lv2Syscall2(7, 0x80000000002E87A8ULL, (0x3BC000003BA00001ULL | ((target_id+0x82)<<32) ) ); // Change TargetID 0x84=US / 0x85=EU / 0x8C=RUS
- Lv2Syscall2(7, 0x80000000002E87B0ULL, 0x9BA400019BC40003ULL );
- Lv2Syscall2(7, 0x80000000002E87B8ULL, 0x9BA400059BA40007ULL );
- Lv2Syscall2(7, 0x80000000002E87C0ULL, 0x38600000E80100C0ULL );
- Lv2Syscall2(7, 0x80000000002E87C8ULL, 0xEBA10098EBE100A8ULL );
- Lv2Syscall2(7, 0x80000000002E87D0ULL, 0xEBC100A07C0803A6ULL );
- Lv2Syscall2(7, 0x80000000002E87D8ULL, 0x382100B04E800020ULL );
- Lv2Syscall2(7, 0x80000000002E87E0ULL, 0x4BF70560CAFEBABEULL ); // b loc_258D40 to original sc867 and get a coffee baby!
- Lv2Syscall2(7, 0x8000000000334068ULL, 0x80000000002E8780ULL ); // hook syscall 867
- 002E8780 F8 21 FF 51 7C 08 02 A6 FB C1 00 A0 FB E1 00 A8 °!*Q|..?v+.avn.e
- 002E8790 FB A1 00 98 F8 01 00 C0 3F E0 00 01 63 FF 90 04 va.O°..L??..c*?.
- 002E87A0 7C 1F 18 00 40 82 00 3C 3B C0 00 00 3B A0 00 01 |...@A.<;L..;a..
- 002E87B0 9B A4 00 01 9B C4 00 03 9B A4 00 05 9B A4 00 07 Ua..U-..Ua..Ua..
- 002E87C0 38 60 00 00 E8 01 00 C0 EB A1 00 98 EB E1 00 A8 8`..o..Lua.Oun.e
- 002E87D0 EB C1 00 A0 7C 08 03 A6 38 21 00 B0 4E 80 00 20 u+.a|..?8!.-NA.
- 002E87E0 4B F7 05 60
- ROM:002E8780 # ---------------------------------------------------------------------------
- ROM:002E8780 stdu r1, -0xB0(r1)
- ROM:002E8784 mflr r0
- ROM:002E8788 std r30, 0xA0(r1)
- ROM:002E878C std r31, 0xA8(r1)
- ROM:002E8790 std r29, 0x98(r1)
- ROM:002E8794 std r0, 0xC0(r1)
- ROM:002E8798 lis r31, locret_19004@h
- ROM:002E879C ori r31, r31, locret_19004@l
- ROM:002E87A0 cmpw r31, r3
- ROM:002E87A4 bne loc_2E87E0
- ROM:002E87A8 li r30, 0 # TargetID
- ROM:002E87AC li r29, 1
- ROM:002E87B0 stb r29, 1(r4)
- ROM:002E87B4 stb r30, 3(r4)
- ROM:002E87B8 stb r29, 5(r4)
- ROM:002E87BC stb r29, 7(r4)
- ROM:002E87C0 li r3, 0
- ROM:002E87C4 ld r0, 0xC0(r1)
- ROM:002E87C8
- ROM:002E87C8 loc_2E87C8: # DATA XREF: ROM:003476A8o
- ROM:002E87C8 ld r29, 0x98(r1)
- ROM:002E87CC ld r31, 0xA8(r1)
- ROM:002E87D0 ld r30, 0xA0(r1)
- ROM:002E87D4 mtlr r0
- ROM:002E87D8 addi r1, r1, 0xB0
- ROM:002E87DC blr
- ROM:002E87E0 # ---------------------------------------------------------------------------
- ROM:002E87E0
- ROM:002E87E0 loc_2E87E0: # CODE XREF: ROM:002E87A4j
- ROM:002E87E0 b loc_258D40
- ROM:002E87E0 # ---------------------------------------------------------------------------
- ==================================================================================================================
- LV2: sys_get_system_parameter (syscall 867) patch for BD-Movie region (restore)
- Lv2Syscall2(7, 0x8000000000334068ULL, 0x8000000000258D28ULL ); // restore original syscall 867 (4.21CFW)
- ==================================================================================================================
- LV2: Device mount table (for BD-Mirror USB)
- dev_table=peekq(0x80000000002F4D80ULL); // actual 0x8000000000458020ULL
- ==================================================================================================================
- DEV_FLASH: libfs.sprx changes for CellFsAioInit/Finish (for BD-Mirror HDD)
- 0xD66C in IDA | 0xD75C in HEX (libfs.prx) (4.21)
- ==================================================
- 7C 1E EA 14 78 09 00 20 88 09 00 06 7C 00 07 74
- 2F 80 00 6D 41 9E 00 18 2F 80 00 76 41 9E 00 10
- 2F 80 00 62 41 9E 00 2C 48 00 00 48 38 00 00 68
- 98 09 00 04 38 00 00 64 98 09 00 05 98 09 00 06
- 38 00 00 30 98 09 00 07 38 00 00 00 98 09 00 08
- 38 00 00 00 98 09 00 0A 60 00 00 00 39 20 00 00
- 4B FF FF 18 38 60 00 00 7C 63 07 B4 4E 80 00 20
- 2F 80 00 00 41 9E FF E8 2F 80 00 2F 40 9E 00 10
- 38 00 00 00 98 09 00 06 4B FF FF D4 88 09 00 08
- 7C 00 07 74 2F 80 00 2F 41 9E FF B0 2F 80 00 00
- 41 9E FF BC 38 00 00 00 98 09 00 09 4B FF FF A4
- 60 00 00 00
- ==================================================
- LOAD:000000000000D66C add r0, r30, r29
- LOAD:000000000000D670 clrldi r9, r0, 32
- LOAD:000000000000D674 lbz r0, 6(r9)
- LOAD:000000000000D678 extsb r0, r0
- LOAD:000000000000D67C cmpwi cr7, r0, 0x6D
- LOAD:000000000000D680 beq cr7, loc_D698
- LOAD:000000000000D684 cmpwi cr7, r0, 0x76
- LOAD:000000000000D688 beq cr7, loc_D698
- LOAD:000000000000D68C cmpwi cr7, r0, 0x62
- LOAD:000000000000D690 beq cr7, loc_D6BC
- LOAD:000000000000D694 b loc_D6DC
- LOAD:000000000000D698 # ---------------------------------------------------------------------------
- LOAD:000000000000D698
- LOAD:000000000000D698 loc_D698: # CODE XREF: sub_D5B4+CCj
- LOAD:000000000000D698 # sub_D5B4+D4j
- LOAD:000000000000D698 li r0, 0x68 # 'h'
- LOAD:000000000000D69C stb r0, 4(r9)
- LOAD:000000000000D6A0 li r0, 0x64 # 'd'
- LOAD:000000000000D6A4 stb r0, 5(r9)
- LOAD:000000000000D6A8 stb r0, 6(r9)
- LOAD:000000000000D6AC li r0, 0x30 # '0'
- LOAD:000000000000D6B0 stb r0, 7(r9)
- LOAD:000000000000D6B4
- LOAD:000000000000D6B4 loc_D6B4: # CODE XREF: sub_D5B4+150j
- LOAD:000000000000D6B4 li r0, 0
- LOAD:000000000000D6B8 stb r0, 8(r9)
- LOAD:000000000000D6BC
- LOAD:000000000000D6BC loc_D6BC: # CODE XREF: sub_D5B4+DCj
- LOAD:000000000000D6BC # sub_D5B4+164j
- LOAD:000000000000D6BC li r0, 0
- LOAD:000000000000D6C0 stb r0, 0xA(r9)
- LOAD:000000000000D6C4 nop
- LOAD:000000000000D6C8
- LOAD:000000000000D6C8 loc_D6C8: # CODE XREF: sub_D5B4+12Cj
- LOAD:000000000000D6C8 # sub_D5B4+140j ...
- LOAD:000000000000D6C8 li r9, 0
- LOAD:000000000000D6CC b loc_D5E4
- LOAD:000000000000D6CC # End of function sub_D5B4
- LOAD:000000000000D6CC
- LOAD:000000000000D6D0
- LOAD:000000000000D6D0 # =============== S U B R O U T I N E =======================================
- LOAD:000000000000D6D0
- LOAD:000000000000D6D0
- LOAD:000000000000D6D0 _Export_sys_fs_cellFsAioFinish: # DATA XREF: LOAD:_Export_sys_fs_cellFsAioFinish_opdo
- LOAD:000000000000D6D0 li r3, 0
- LOAD:000000000000D6D4 extsw r3, r3
- LOAD:000000000000D6D8 blr
- LOAD:000000000000D6D8 # End of function _Export_sys_fs_cellFsAioFinish
- LOAD:000000000000D6D8
- LOAD:000000000000D6DC # ---------------------------------------------------------------------------
- LOAD:000000000000D6DC # START OF FUNCTION CHUNK FOR sub_D5B4
- LOAD:000000000000D6DC
- LOAD:000000000000D6DC loc_D6DC: # CODE XREF: sub_D5B4+E0j
- LOAD:000000000000D6DC cmpwi cr7, r0, 0
- LOAD:000000000000D6E0 beq cr7, loc_D6C8
- LOAD:000000000000D6E4 cmpwi cr7, r0, 0x2F
- LOAD:000000000000D6E8 bne cr7, loc_D6F8
- LOAD:000000000000D6EC li r0, 0
- LOAD:000000000000D6F0 stb r0, 6(r9)
- LOAD:000000000000D6F4 b loc_D6C8
- LOAD:000000000000D6F8 # ---------------------------------------------------------------------------
- LOAD:000000000000D6F8
- LOAD:000000000000D6F8 loc_D6F8: # CODE XREF: sub_D5B4+134j
- LOAD:000000000000D6F8 lbz r0, 8(r9)
- LOAD:000000000000D6FC extsb r0, r0
- LOAD:000000000000D700 cmpwi cr7, r0, 0x2F
- LOAD:000000000000D704 beq cr7, loc_D6B4
- LOAD:000000000000D708 cmpwi cr7, r0, 0
- LOAD:000000000000D70C beq cr7, loc_D6C8
- LOAD:000000000000D710 li r0, 0
- LOAD:000000000000D714 stb r0, 9(r9)
- LOAD:000000000000D718 b loc_D6BC
- LOAD:000000000000D718 # END OF FUNCTION CHUNK FOR sub_D5B4
- LOAD:000000000000D71C # ---------------------------------------------------------------------------
- LOAD:000000000000D71C nop
- LOAD:000000000000D720
- ==================================================================================================================
- LV2: 4.21CFW PEEK/POKE LV2 and PEEK/POKE LV1 (syscalls 6, 7, 8 and 9 + 10)
- 800000000035BCD8 -> 8000000000001778 -> 800000000000170C syscall6 peeklv2
- 800000000035BCE0 -> 8000000000001780 -> 8000000000001714 syscall7 pokelv2
- 800000000035BCE8 -> 8000000000001788 -> 800000000000171C syscall8 peeklv1
- 800000000035BCF0 -> 8000000000001790 -> 800000000000173C syscall9 pokelv1
- 800000000035BCF8 -> 8000000000001798 -> 800000000000175C syscall10 hvfunc=%r10
- 0000170C E8 63 00 00 4E 80 00 20 F8 83 00 00 4E 80 00 20 oc..NA. °A..NA.
- 0000171C 7C 08 02 A6 F8 01 00 10 39 60 00 B6 44 00 00 22 |..?°...9`.¦D.."
- 0000172C 7C 83 23 78 E8 01 00 10 7C 08 03 A6 4E 80 00 20 |A#xo...|..?NA.
- 0000173C 7C 08 02 A6 F8 01 00 10 39 60 00 B7 44 00 00 22 |..?°...9`.¬D.."
- 0000174C 38 60 00 00 E8 01 00 10 7C 08 03 A6 4E 80 00 20 8`..o...|..?NA.
- 0000175C 7C 08 02 A6 F8 01 00 10 7D 4B 53 78 44 00 00 22 |..?°...}KSxD.."
- 0000176C E8 01 00 10 7C 08 03 A6 4E 80 00 20 80 00 00 00 o...|..?NA. A...
- 0000177C 00 00 17 0C 80 00 00 00 00 00 17 14 80 00 00 00 ....A.......A...
- 0000178C 00 00 17 1C 80 00 00 00 00 00 17 3C 80 00 00 00 ....A......<A...
- 0000179C 00 00 17 5C
- ROM:0000170C # =============== S U B R O U T I N E =======================================
- ROM:0000170C
- ROM:0000170C
- ROM:0000170C syscall_groove_peek: # DATA XREF: ROM:0000177Co
- ROM:0000170C ld r3, 0(r3)
- ROM:00001710 blr
- ROM:00001710 # End of function syscall_groove_peek
- ROM:00001710
- ROM:00001714 # .rename syscall_groove_poke, "syscall_groove poke"
- ROM:00001714
- ROM:00001714 # =============== S U B R O U T I N E =======================================
- ROM:00001714
- ROM:00001714
- ROM:00001714 syscall_groove_poke: # DATA XREF: ROM:00001784o
- ROM:00001714 std r4, 0(r3)
- ROM:00001718 blr
- ROM:00001718 # End of function syscall_groove_poke
- ROM:00001718
- ROM:0000171C # .rename syscall_graf_peek, "syscall_graf peek"
- ROM:0000171C
- ROM:0000171C # =============== S U B R O U T I N E =======================================
- ROM:0000171C
- ROM:0000171C
- ROM:0000171C syscall_graf_peek: # DATA XREF: ROM:0000178Co
- ROM:0000171C
- ROM:0000171C .set arg_10, 0x10
- ROM:0000171C
- ROM:0000171C mflr r0
- ROM:00001720 std r0, arg_10(r1)
- ROM:00001724 li r11, 0xB6 # '¦'
- ROM:00001728 hvsc # hvsc(182): lv1_undocumented_function_182
- ROM:0000172C mr r3, r4
- ROM:00001730 ld r0, arg_10(r1)
- ROM:00001734 mtlr r0
- ROM:00001738 blr
- ROM:00001738 # End of function syscall_graf_peek
- ROM:00001738
- ROM:0000173C # .rename syscall_graf_poke, "syscall_graf poke"
- ROM:0000173C
- ROM:0000173C # =============== S U B R O U T I N E =======================================
- ROM:0000173C
- ROM:0000173C
- ROM:0000173C syscall_graf_poke: # DATA XREF: ROM:00001794o
- ROM:0000173C
- ROM:0000173C .set arg_10, 0x10
- ROM:0000173C
- ROM:0000173C mflr r0
- ROM:00001740 std r0, arg_10(r1)
- ROM:00001744 li r11, 0xB7 # '¬'
- ROM:00001748 hvsc # hvsc(183): lv1_undocumented_function_183
- ROM:0000174C li r3, 0
- ROM:00001750 ld r0, arg_10(r1)
- ROM:00001754 mtlr r0
- ROM:00001758 blr
- ROM:00001758 # End of function syscall_graf_poke
- ROM:00001758
- ROM:0000175C # .rename syscall_lv2_syscall_10, "syscall_lv2 syscall 10"
- ROM:0000175C
- ROM:0000175C # =============== S U B R O U T I N E =======================================
- ROM:0000175C
- ROM:0000175C
- ROM:0000175C syscall_lv2_syscall_10: # DATA XREF: ROM:0000179Co
- ROM:0000175C
- ROM:0000175C .set arg_10, 0x10
- ROM:0000175C
- ROM:0000175C mflr r0
- ROM:00001760 std r0, arg_10(r1)
- ROM:00001764 mr r11, r10
- ROM:00001768 hvsc # hvsc(183): lv1_undocumented_function_183
- ROM:0000176C ld r0, arg_10(r1)
- ROM:00001770 mtlr r0
- ROM:00001774 blr
- ROM:00001774 # End of function syscall_lv2_syscall_10
- ROM:00001774
- ROM:00001774 # ---------------------------------------------------------------------------
- ROM:00001778 # .rename syscall_groove_peek_desc, "syscall_groove peek_desc"
- ROM:00001778 syscall_groove_peek_desc:.long 0x80000000 # DATA XREF: ROM:0035BCDCo
- ROM:0000177C .long syscall_groove_peek
- ROM:00001780 # .rename syscall_groove_poke_desc, "syscall_groove poke_desc"
- ROM:00001780 syscall_groove_poke_desc:.long 0x80000000 # DATA XREF: ROM:0035BCE4o
- ROM:00001784 .long syscall_groove_poke
- ROM:00001788 # .rename syscall_graf_peek_desc, "syscall_graf peek_desc"
- ROM:00001788 syscall_graf_peek_desc:.long 0x80000000 # DATA XREF: ROM:0035BCECo
- ROM:0000178C .long syscall_graf_peek
- ROM:00001790 # .rename syscall_graf_poke_desc, "syscall_graf poke_desc"
- ROM:00001790 syscall_graf_poke_desc:.long 0x80000000 # DATA XREF: ROM:0035BCF4o
- ROM:00001794 .long syscall_graf_poke
- ROM:00001798 # .rename syscall_lv2_syscall_10_desc, "syscall_lv2 syscall 10_desc"
- ROM:00001798 syscall_lv2_syscall_10_desc:.long 0x80000000 # DATA XREF: ROM:0035BCFCo
- ROM:0000179C .long syscall_lv2_syscall_10
- 0035BCD8 80 00 00 00 00 00 17 78 80 00 00 00 00 00 17 80 A......xA......A
- 0035BCE8 80 00 00 00 00 00 17 88 80 00 00 00 00 00 17 90 A......EA......?
- 0035BCF8 80 00 00 00 00 00 17 98
- ROM:0035BCD8 # ---------------------------------------------------------------------------
- ROM:0035BCD8 .long 0x80000000
- ROM:0035BCDC .long syscall_groove_peek_desc # Syscall 6
- ROM:0035BCE0 .long 0x80000000
- ROM:0035BCE4 .long syscall_groove_poke_desc # Syscall 7
- ROM:0035BCE8 .long 0x80000000
- ROM:0035BCEC .long syscall_graf_peek_desc # Syscall 8
- ROM:0035BCF0 .long 0x80000000
- ROM:0035BCF4 .long syscall_graf_poke_desc # Syscall 9
- ROM:0035BCF8 .long 0x80000000
- ROM:0035BCFC .long syscall_lv2_syscall_10_desc # Syscall 10
- ==================================================================================================================
- Code multiman cfw 4.21 DEX :
- ==================================================================================================================
- LV2: Original 3.55 syscall36 code parts loaded at 0x302DE8 and 0x2EB7E0 and modified for 4.21DEX CFW as follows:
- ==================================================================================================================
- 00302DE8 25 73 25 30 31 36 6C 78 25 30 31 36 6C 78 25 30 %s%016lx%016lx%0
- 00302DF8 31 36 6C 78 25 30 31 36 6C 78 25 30 31 36 6C 78 16lx%016lx%016lx
- 00302E08 25 64 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 %d..............
- 00302E18 F8 21 FF 61 7C 08 02 A6 FB 81 00 80 FB A1 00 88 °!*a|..ævÁ.Àvá.È
- 00302E28 FB E1 00 98 FB 41 00 70 FB 61 00 78 F8 01 00 B0 vñ.ØvA.pva.x°..-
- 00302E38 7C 9C 23 78 7C 7D 1B 78 3B E0 00 01 7B FF F8 06 |Ü#x|}.x;ð..{*°.
- 00302E48 67 E4 00 30 60 84 2E 8C 38 A0 00 07 4B D4 F1 A5 gô.0`Ä.Ì8à..KL¸å
- 00302E58 28 23 00 00 40 82 00 4C 67 FF 00 2E 63 FF B8 9C (#..@Â.Lg*..c*¬Ü
- 00302E68 E8 7F 00 00 28 23 00 00 41 82 00 14 E8 7F 00 08 ø..(#..AÂ..ø..
- 00302E78 38 9D 00 09 4B D4 F1 29 EB BF 00 00 7F A3 EB 78 8Ý..KL¸)û¬..ãûx
- 00302E88 4B FD 68 B8 2F 64 65 76 5F 62 64 76 64 00 2F 61 K¤h¬/dev_bdvd./a
- 00302E98 70 70 5F 68 6F 6D 65 00 00 00 00 00 00 00 00 00 pp_home.........
- 00302EA8 7F A3 EB 78 3B E0 00 01 7B FF F8 06 67 E4 00 30 ãûx;ð..{*°.gô.0
- 00302EB8 60 84 2E 96 38 A0 00 02 4B D4 F1 39 28 23 00 00 `Ä.Ö8à..KL¸9(#..
- 00302EC8 40 82 00 28 67 FF 00 2E 63 FF B8 9C E8 7F 00 00 @Â.(g*..c*¬Üø..
- 00302ED8 28 23 00 00 41 82 00 14 E8 7F 00 08 38 9D 00 09 (#..AÂ..ø..8Ý..
- 00302EE8 4B D4 F0 BD EB BF 00 00 7F A3 EB 78 4B FD 68 4C KL¨-û¬..ãûxK¤hL
- 002EB7E0 25 64 25 73 25 30 31 36 6C 78 25 30 31 36 6C 6C %d%s%016lx%016ll
- 002EB7F0 78 25 30 31 36 6C 6C 78 25 73 25 73 25 30 38 78 x%016llx%s%s%08x
- 002EB800 25 64 25 31 64 25 31 64 25 31 64 41 41 41 0A 00 %d%1d%1d%1dAAA..
- 002EB810 F8 21 FF 31 7C 08 02 A6 F8 01 00 E0 FB E1 00 C8 °!*1|..æ°..ðvñ.L
- 002EB820 38 81 00 70 4B EC C5 55 3B E0 00 01 7B FF F8 06 8Á.pKü+U;ð..{*°.
- 002EB830 67 FF 00 2E 63 FF B8 9C E8 7F 00 00 2C 23 00 00 g*..c*¬Üø..,#..
- 002EB840 41 82 00 0C 38 80 00 27 4B D7 C3 E5 38 80 00 27 AÂ..8À.'K++õ8À.'
- 002EB850 38 60 08 00 4B D7 BF 9D F8 7F 00 00 E8 81 00 70 8`..K+¬Ý°..øÁ.p
- 002EB860 4B D6 67 45 E8 61 00 70 38 80 00 27 4B D7 C3 C1 KãgEøa.p8À.'K+++
- 002EB870 E8 7F 00 00 4B D6 67 59 E8 9F 00 00 7C 64 1A 14 ø..KãgYøß..|d..
- 002EB880 F8 7F 00 08 38 60 00 00 EB E1 00 C8 E8 01 00 E0 °..8`..ûñ.Lø..ð
- 002EB890 38 21 00 D0 7C 08 03 A6 4E 80 00 20 80 00 00 00 8!.¦|..æNÀ. À...
- 002EB8A0 00 59 18 00 80 00 00 00 00 59 18 09 00 00 00 00 .Y..À....Y......
- 002EB8B0 80 00 00 00 00 2E B8 10
- Lv2Syscall2(7, 0x8000000000302E48ULL, 0x67E4003060842E8CULL ); // 302E48 oris r4, r31, 0x30 // 67 E4 00 30 60 84 2E 8C // (/dev_bdvd) // 302E4C ori r4, r4, 0x2E8C
- Lv2Syscall2(7, 0x8000000000302E54ULL, 0x4BD4F1A528230000ULL ); // 302E54 bl strncmp_sub_51FF8 // 4B D4 F1 A5 28 23 00 00
- Lv2Syscall2(7, 0x8000000000302E60ULL, 0x67FF002E63FFB89CULL ); // 302E60 oris r31, r31, 0x2E // 67 FF 00 2E 63 FF B8 9C // 302E64 ori r31, r31, 0xB89C
- Lv2Syscall2(7, 0x8000000000302E7CULL, 0x4BD4F129EBBF0000ULL ); // 302E7C bl strcpy_sub_51FA4 // 4B D4 F1 29 EB BF 00 00
- Lv2Syscall2(7, 0x8000000000302E88ULL, 0x4BFD68B82F646576ULL ); // 302E88 b loc_2D9740 // 4B FD 68 B8 2F 64 65 76 // hook_return
- Lv2Syscall2(7, 0x8000000000302EB4ULL, 0x67E4003060842E96ULL ); // 302EB4 oris r4, r31, 0x30 // 67 E4 00 30 60 84 2E 96 // (/app_home) // 302EB8 ori r4, r4, 0x2E96
- Lv2Syscall2(7, 0x8000000000302EC0ULL, 0x4BD4F13928230000ULL ); // 302EC0 bl strncmp_sub_51FF8 // 4B D4 F1 39 28 23 00 00
- Lv2Syscall2(7, 0x8000000000302ECCULL, 0x67FF002E63FFB89CULL ); // 302ECC oris r31, r31, 0x2E // 67 FF 00 2E 63 FF B8 9C // 302ED0 ori r31, r31, 0xB89C
- Lv2Syscall2(7, 0x8000000000302EE8ULL, 0x4BD4F0BDEBBF0000ULL ); // 302EE8 bl strcpy_sub_51FA4 // 4B D4 F0 BD EB BF 00 00
- Lv2Syscall2(7, 0x8000000000302EF4ULL, 0x4BFD684C7461636BULL ); // 302EF4 b loc_2D9740 // 4B FD 68 4C 74 61 63 6B // hook_return
- Lv2Syscall2(7, 0x80000000002EB824ULL, 0x4BECC5553BE00001ULL ); // 2EB824 bl pathdup_from_user_1B7D78 // 4B EC C5 55 3B E0 00 01
- Lv2Syscall2(7, 0x80000000002EB830ULL, 0x67FF002E63FFB89CULL ); // 2EB830 oris r31, r31, 0x2E // 67 FF 00 2E 63 FF B8 9C // 2EB834 ori r31, r31, 0xB89C
- Lv2Syscall2(7, 0x80000000002EB848ULL, 0x4BD7C3E538800027ULL ); // 2EB848 bl free_sub_67C2C // 4B D7 C3 E5 38 80 00 27
- Lv2Syscall2(7, 0x80000000002EB854ULL, 0x4BD7BF9DF87F0000ULL ); // 2EB854 bl alloc_sub_677F0 // 4B D7 BF 9D F8 7F 00 00
- Lv2Syscall2(7, 0x80000000002EB860ULL, 0x4BD66745E8610070ULL ); // 2EB860 bl strcpy_sub_51FA4 // 4B D6 67 45 E8 61 00 70
- Lv2Syscall2(7, 0x80000000002EB86CULL, 0x4BD7C3C1E87F0000ULL ); // 2EB86C bl free_sub_67C2C // 4B D7 C3 C1 E8 7F 00 00
- Lv2Syscall2(7, 0x80000000002EB874ULL, 0x4BD66759E89F0000ULL ); // 2EB874 bl strlen_sub_51FCC // 4B D6 67 59 E8 9F 00 00
- Lv2Syscall2(7, 0x80000000002EB8B0ULL, 0x80000000002EB810ULL ); // 2EB8B0 .long syscall_lv2_syscall_36 // 80 00 00 00 00 2E B8 10 // sc36 vector
- Lv2Syscall2(7, 0x80000000002D9718ULL, 0x480297007C0802A6ULL ); // 2D9718 b sub_302E18 // hook open
- Lv2Syscall2(7, 0x800000000037A2D0ULL, 0x80000000002EB8B0ULL ); // enable syscall36
- 302E8C aDev_bdvd: .string "/dev_bdvd"
- 302E96 aApp_home: .string "/app_home"
- 2EB89C free/alloc address pointer -> (set by functions)
- 2EB8B0 syscall36 address pointer -> 0x80000000002EB810
- strncmp: 51FF8
- strcpy: 51FA4
- pathdup_from_user: 1B7D78
- free: 67C2C
- alloc: 677F0
- strlen: 51FCC
- ==================================================================================================================
- LV2: Additional patches for PARAM.SFO and access permissions
- Lv2Syscall2(7, 0x800000000005A938ULL, 0x63FF003D60000000ULL ); // fix 8001003D error
- Lv2Syscall2(7, 0x800000000005A9FCULL, 0x3FE080013BE00000ULL ); // fix 8001003E error
- Lv2Syscall2(7, 0x800000000005A9A8ULL, 0x419E00D860000000ULL );
- Lv2Syscall2(7, 0x800000000005A9B0ULL, 0x2F84000448000098ULL );
- Lv2Syscall2(7, 0x800000000005E36CULL, 0x2F83000060000000ULL );
- Lv2Syscall2(7, 0x800000000005E380ULL, 0x2F83000060000000ULL );
- ==================================================================================================================
- LV2: Device mount table (for BD-Mirror USB)
- dev_table=peekq(0x800000000030FB70ULL); // actual 0x8000000000470020ULL
- ==================================================================================================================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement