API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 9th, 2012
526
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 28.65 KB | None | 0 0
raw download clone embed print report
  1. Lonje Hacked PS3
  2. ----------------
  3.  
  4. Code multiman cfw 4.21 CEX :
  5.  
  6. ==================================================================================================================
  7. LV2: Original 3.55 syscall36 code parts loaded at 0x2E8670 and 0x2D1060 and modified for 4.21CEX CFW as follows:
  8. ==================================================================================================================
  9.  
  10. 002E8670 25 73 25 30 31 36 6C 78 25 30 31 36 6C 78 25 30 %s%016lx%016lx%0
  11. 002E8680 31 36 6C 78 25 30 31 36 6C 78 25 30 31 36 6C 78 16lx%016lx%016lx
  12. 002E8690 25 64 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 %d..............
  13.  
  14. 002E86A0 F8 21 FF 61 7C 08 02 A6 FB 81 00 80 FB A1 00 88 °!*a|..?vA.Ava.E
  15. 002E86B0 FB E1 00 98 FB 41 00 70 FB 61 00 78 F8 01 00 B0 vn.OvA.pva.x°..-
  16. 002E86C0 7C 9C 23 78 7C 7D 1B 78 3B E0 00 01 7B FF F8 06 |U#x|}.x;?..{*°.
  17. 002E86D0 67 E4 00 2E 60 84 87 14 38 A0 00 07 4B D6 60 2D go..`AC.8a..Ka`-
  18. 002E86E0 28 23 00 00 40 82 00 4C 67 FF 00 2D 63 FF 11 1C (#..@A.Lg*.-c*..
  19. 002E86F0 E8 7F 00 00 28 23 00 00 41 82 00 14 E8 7F 00 08 o..(#..AA..o..
  20. 002E8700 38 9D 00 09 4B D6 5F B1 EB BF 00 00 7F A3 EB 78 8Y..Ka_-u¬..aux
  21. 002E8710 4B FD 9E 70 2F 64 65 76 5F 62 64 76 64 00 2F 61 K¤?p/dev_bdvd./a
  22. 002E8720 70 70 5F 68 6F 6D 65 00 00 00 00 00 00 00 00 00 pp_home.........
  23. 002E8730 7F A3 EB 78 3B E0 00 01 7B FF F8 06 67 E4 00 2E aux;?..{*°.go..
  24. 002E8740 60 84 87 1E 38 A0 00 02 4B D6 5F C1 28 23 00 00 `AC.8a..Ka_+(#..
  25. 002E8750 40 82 00 28 67 FF 00 2D 63 FF 11 1C E8 7F 00 00 @A.(g*.-c*..o..
  26. 002E8760 28 23 00 00 41 82 00 14 E8 7F 00 08 38 9D 00 09 (#..AA..o..8Y..
  27. 002E8770 4B D6 5F 45 EB BF 00 00 7F A3 EB 78 4B FD 9E 04 Ka_Eu¬..auxK¤?.
  28.  
  29. 002D1060 25 64 25 73 25 30 31 36 6C 78 25 30 31 36 6C 6C %d%s%016lx%016ll
  30. 002D1070 78 25 30 31 36 6C 6C 78 25 73 25 73 25 30 38 78 x%016llx%s%s%08x
  31. 002D1080 25 64 25 31 64 25 31 64 25 31 64 41 41 41 0A 00 %d%1d%1d%1dAAA..
  32.  
  33. 002D1090 F8 21 FF 31 7C 08 02 A6 F8 01 00 E0 FB E1 00 C8 °!*1|..?°..?vn.L
  34. 002D10A0 38 81 00 70 4B EE 08 E5 3B E0 00 01 7B FF F8 06 8A.pK?.o;?..{*°.
  35. 002D10B0 67 FF 00 2D 63 FF 11 1C E8 7F 00 00 2C 23 00 00 g*.-c*..o..,#..
  36. 002D10C0 41 82 00 0C 38 80 00 27 4B D9 32 4D 38 80 00 27 AA..8A.'K-2M8A.'
  37. 002D10D0 38 60 08 00 4B D9 2E 05 F8 7F 00 00 E8 81 00 70 8`..K-..°..oA.p
  38. 002D10E0 4B D7 D5 D5 E8 61 00 70 38 80 00 27 4B D9 32 29 K+--oa.p8A.'K-2)
  39. 002D10F0 E8 7F 00 00 4B D7 D5 E9 E8 9F 00 00 7C 64 1A 14 o..K+-uo?..|d..
  40. 002D1100 F8 7F 00 08 38 60 00 00 EB E1 00 C8 E8 01 00 E0 °..8`..un.Lo..?
  41. 002D1110 38 21 00 D0 7C 08 03 A6 4E 80 00 20 80 00 00 00 8!.¦|..?NA. A...
  42. 002D1120 00 59 18 00 80 00 00 00 00 59 18 09 00 00 00 00 .Y..A....Y......
  43. 002D1130 80 00 00 00 00 2D 10 90
  44.  
  45. Lv2Syscall2(7, 0x80000000002E86D0ULL, 0x67E4002E60848714ULL ); // 2E86D0 oris r4, r31, 0x2E // 67 E4 00 2E 60 84 87 14 // (/dev_bdvd) // 2E86D4 ori r4, r4, 0x8714
  46. Lv2Syscall2(7, 0x80000000002E86DCULL, 0x4BD6602D28230000ULL ); // 2E86DC bl strncmp_sub_4E708 // 4B D6 60 2D 28 23 00 00
  47. Lv2Syscall2(7, 0x80000000002E86E8ULL, 0x67FF002D63FF111CULL ); // 2E86E8 oris r31, r31, 0x2D // 67 FF 00 2D 63 FF 11 1C // 2E86EC ori r31, r31, 0x111C
  48. Lv2Syscall2(7, 0x80000000002E8704ULL, 0x4BD65FB1EBBF0000ULL ); // 2E8704 bl strcpy_sub_4E6B4 // 4B D6 5F B1 EB BF 00 00
  49. Lv2Syscall2(7, 0x80000000002E8710ULL, 0x4BFD9E702F646576ULL ); // 2E8710 b loc_2C2580 // 4B FD 9E 70 2F 64 65 76 // hook_return
  50. Lv2Syscall2(7, 0x80000000002E873CULL, 0x67E4002E6084871EULL ); // 2E873C oris r4, r31, 0x2E // 67 E4 00 2E 60 84 87 1E // (/app_home) // 2E8740 ori r4, r4, 0x871E
  51. Lv2Syscall2(7, 0x80000000002E8748ULL, 0x4BD65FC128230000ULL ); // 2E8748 bl strncmp_sub_4E708 // 4B D6 5F C1 28 23 00 00
  52. Lv2Syscall2(7, 0x80000000002E8754ULL, 0x67FF002D63FF111CULL ); // 2E8754 oris r31, r31, 0x2D // 67 FF 00 2D 63 FF 11 1C // 2E8758 ori r31, r31, 0x111C
  53. Lv2Syscall2(7, 0x80000000002E8770ULL, 0x4BD65F45EBBF0000ULL ); // 2E8770 bl strcpy_sub_4E6B4 // 4B D6 5F 45 EB BF 00 00
  54. Lv2Syscall2(7, 0x80000000002E877CULL, 0x4BFD9E047461636BULL ); // 2E877C b loc_2C2580 // 4B FD 9E 04 74 61 63 6B // hook_return
  55.  
  56. Lv2Syscall2(7, 0x80000000002D10A4ULL, 0x4BEE08E53BE00001ULL ); // 2D10A4 bl pathdup_from_user_1B1988 // 4B EE 08 E5 3B E0 00 01
  57. Lv2Syscall2(7, 0x80000000002D10B0ULL, 0x67FF002D63FF111CULL ); // 2D10B0 oris r31, r31, 0x2D // 67 FF 00 2D 63 FF 11 1C // 2D10B4 ori r31, r31, 0x111C
  58. Lv2Syscall2(7, 0x80000000002D10C8ULL, 0x4BD9324D38800027ULL ); // 2D10C8 bl free_sub_64314 // 4B D9 32 4D 38 80 00 27
  59. Lv2Syscall2(7, 0x80000000002D10D4ULL, 0x4BD92E05F87F0000ULL ); // 2D10D4 bl alloc_sub_63ED8 // 4B D9 2E 05 F8 7F 00 00
  60. Lv2Syscall2(7, 0x80000000002D10E0ULL, 0x4BD7D5D5E8610070ULL ); // 2D10E0 bl strcpy_sub_4E6B4 // 4B D7 D5 D5 E8 61 00 70
  61.  
  62. Lv2Syscall2(7, 0x80000000002D10ECULL, 0x4BD93229E87F0000ULL ); // 2D10EC bl free_sub_64314 // 4B D9 32 29 E8 7F 00 00
  63. Lv2Syscall2(7, 0x80000000002D10F4ULL, 0x4BD7D5E9E89F0000ULL ); // 2D10F4 bl strlen_sub_4E6DC // 4B D7 D5 E9 E8 9F 00 00
  64. Lv2Syscall2(7, 0x80000000002D1130ULL, 0x80000000002D1090ULL ); // 2D1130 .long syscall_lv2_syscall_36 // 80 00 00 00 00 2D 10 90 // sc36 vector
  65.  
  66. Lv2Syscall2(7, 0x80000000002C2558ULL, 0x480261487C0802A6ULL ); // 2C2558 b sub_2E86A0 // hook open
  67. Lv2Syscall2(7, 0x800000000035BDC8ULL, 0x80000000002D1130ULL ); // enable syscall36
  68.  
  69. 2E8714 aDev_bdvd: .string "/dev_bdvd"
  70. 2E871E aApp_home: .string "/app_home"
  71.  
  72. 2D111C free/alloc address pointer -> (set by functions)
  73. 2D1130 syscall36 address pointer -> 0x80000000002D1090
  74.  
  75. ==================================================================================================================
  76.  
  77. LV2: Additional patches for PARAM.SFO and access permissions
  78.  
  79. Lv2Syscall2(7, 0x8000000000057020ULL, 0x63FF003D60000000ULL ); // fix 8001003D error
  80. Lv2Syscall2(7, 0x80000000000570E4ULL, 0x3FE080013BE00000ULL ); // fix 8001003E error
  81.  
  82. Lv2Syscall2(7, 0x8000000000057090ULL, 0x419E00D860000000ULL );
  83. Lv2Syscall2(7, 0x8000000000057098ULL, 0x2F84000448000098ULL );
  84.  
  85. Lv2Syscall2(7, 0x800000000005AA54ULL, 0x2F83000060000000ULL );
  86. Lv2Syscall2(7, 0x800000000005AA68ULL, 0x2F83000060000000ULL );
  87.  
  88. ==================================================================================================================
  89.  
  90. LV1: Remove LV2 memory protection (syscall8/9=lv1 peek/poke) HV_START_OFFSET_421 = 0x370A28
  91.  
  92. Lv2Syscall2(9, HV_START_OFFSET_421 + 0, 0x0000000000000001ULL);
  93. Lv2Syscall2(9, HV_START_OFFSET_421 + 8, 0xe0d251b556c59f05ULL);
  94. Lv2Syscall2(9, HV_START_OFFSET_421 + 16, 0xc232fcad552c80d7ULL);
  95. Lv2Syscall2(9, HV_START_OFFSET_421 + 24, 0x65140cd200000000ULL);
  96.  
  97. ==================================================================================================================
  98.  
  99. LV1: Storage Manger Access Rights (enable)
  100.  
  101. Lv2Syscall2(9, 0x16f758, 0x7f83e37860000000ULL);
  102. Lv2Syscall2(9, 0x16f77c, 0x7f85e37838600001ULL);
  103. Lv2Syscall2(9, 0x16f7f4, 0x7f84e3783be00001ULL);
  104. Lv2Syscall2(9, 0x16f7fc, 0x9be1007038600000ULL);
  105.  
  106. LV2: Enable SM syscalls from GameOS
  107.  
  108. Lv2Syscall2(7, 0x80000000002E7920ULL, (uint64_t) 0x40 << 56);
  109.  
  110. ==================================================================================================================
  111.  
  112. LV1: Storage Manger Access Rights (restore)
  113.  
  114. Lv2Syscall2(9, 0x16f758, 0x7f83e378f8010098ULL);
  115. Lv2Syscall2(9, 0x16f77c, 0x7f85e3784bfff0e5ULL);
  116. Lv2Syscall2(9, 0x16f7f4, 0x7f84e37838a10070ULL);
  117. Lv2Syscall2(9, 0x16f7fc, 0x9be1007048006065ULL);
  118.  
  119. LV2: Disable SM syscalls from GameOS (restore)
  120.  
  121. Lv2Syscall2(7, 0x80000000002E7920ULL, (uint64_t) 0x20 << 56);
  122.  
  123. ==================================================================================================================
  124.  
  125. LV2: sys_get_system_parameter (syscall 867) patch for BD-Movie region change (target_id=0x01 .. 0x0D)
  126.  
  127. Lv2Syscall2(7, 0x80000000002E8780ULL, 0xF821FF517C0802A6ULL );
  128. Lv2Syscall2(7, 0x80000000002E8788ULL, 0xFBC100A0FBE100A8ULL );
  129. Lv2Syscall2(7, 0x80000000002E8790ULL, 0xFBA10098F80100C0ULL );
  130. Lv2Syscall2(7, 0x80000000002E8798ULL, 0x3FE0000163FF9004ULL );
  131. Lv2Syscall2(7, 0x80000000002E87A0ULL, 0x7C1F18004082003CULL );
  132.  
  133. Lv2Syscall2(7, 0x80000000002E87A8ULL, (0x3BC000003BA00001ULL | ((target_id+0x82)<<32) ) ); // Change TargetID 0x84=US / 0x85=EU / 0x8C=RUS
  134.  
  135. Lv2Syscall2(7, 0x80000000002E87B0ULL, 0x9BA400019BC40003ULL );
  136. Lv2Syscall2(7, 0x80000000002E87B8ULL, 0x9BA400059BA40007ULL );
  137. Lv2Syscall2(7, 0x80000000002E87C0ULL, 0x38600000E80100C0ULL );
  138. Lv2Syscall2(7, 0x80000000002E87C8ULL, 0xEBA10098EBE100A8ULL );
  139. Lv2Syscall2(7, 0x80000000002E87D0ULL, 0xEBC100A07C0803A6ULL );
  140. Lv2Syscall2(7, 0x80000000002E87D8ULL, 0x382100B04E800020ULL );
  141. Lv2Syscall2(7, 0x80000000002E87E0ULL, 0x4BF70560CAFEBABEULL ); // b loc_258D40 to original sc867 and get a coffee baby!
  142.  
  143. Lv2Syscall2(7, 0x8000000000334068ULL, 0x80000000002E8780ULL ); // hook syscall 867
  144.  
  145. 002E8780 F8 21 FF 51 7C 08 02 A6 FB C1 00 A0 FB E1 00 A8 °!*Q|..?v+.avn.e
  146. 002E8790 FB A1 00 98 F8 01 00 C0 3F E0 00 01 63 FF 90 04 va.O°..L??..c*?.
  147. 002E87A0 7C 1F 18 00 40 82 00 3C 3B C0 00 00 3B A0 00 01 |...@A.<;L..;a..
  148. 002E87B0 9B A4 00 01 9B C4 00 03 9B A4 00 05 9B A4 00 07 Ua..U-..Ua..Ua..
  149. 002E87C0 38 60 00 00 E8 01 00 C0 EB A1 00 98 EB E1 00 A8 8`..o..Lua.Oun.e
  150. 002E87D0 EB C1 00 A0 7C 08 03 A6 38 21 00 B0 4E 80 00 20 u+.a|..?8!.-NA.
  151. 002E87E0 4B F7 05 60
  152.  
  153. ROM:002E8780 # ---------------------------------------------------------------------------
  154. ROM:002E8780 stdu r1, -0xB0(r1)
  155. ROM:002E8784 mflr r0
  156. ROM:002E8788 std r30, 0xA0(r1)
  157. ROM:002E878C std r31, 0xA8(r1)
  158. ROM:002E8790 std r29, 0x98(r1)
  159. ROM:002E8794 std r0, 0xC0(r1)
  160. ROM:002E8798 lis r31, locret_19004@h
  161. ROM:002E879C ori r31, r31, locret_19004@l
  162. ROM:002E87A0 cmpw r31, r3
  163. ROM:002E87A4 bne loc_2E87E0
  164. ROM:002E87A8 li r30, 0 # TargetID
  165. ROM:002E87AC li r29, 1
  166. ROM:002E87B0 stb r29, 1(r4)
  167. ROM:002E87B4 stb r30, 3(r4)
  168. ROM:002E87B8 stb r29, 5(r4)
  169. ROM:002E87BC stb r29, 7(r4)
  170. ROM:002E87C0 li r3, 0
  171. ROM:002E87C4 ld r0, 0xC0(r1)
  172. ROM:002E87C8
  173. ROM:002E87C8 loc_2E87C8: # DATA XREF: ROM:003476A8o
  174. ROM:002E87C8 ld r29, 0x98(r1)
  175. ROM:002E87CC ld r31, 0xA8(r1)
  176. ROM:002E87D0 ld r30, 0xA0(r1)
  177. ROM:002E87D4 mtlr r0
  178. ROM:002E87D8 addi r1, r1, 0xB0
  179. ROM:002E87DC blr
  180. ROM:002E87E0 # ---------------------------------------------------------------------------
  181. ROM:002E87E0
  182. ROM:002E87E0 loc_2E87E0: # CODE XREF: ROM:002E87A4j
  183. ROM:002E87E0 b loc_258D40
  184. ROM:002E87E0 # ---------------------------------------------------------------------------
  185.  
  186. ==================================================================================================================
  187.  
  188. LV2: sys_get_system_parameter (syscall 867) patch for BD-Movie region (restore)
  189.  
  190. Lv2Syscall2(7, 0x8000000000334068ULL, 0x8000000000258D28ULL ); // restore original syscall 867 (4.21CFW)
  191.  
  192. ==================================================================================================================
  193.  
  194. LV2: Device mount table (for BD-Mirror USB)
  195.  
  196. dev_table=peekq(0x80000000002F4D80ULL); // actual 0x8000000000458020ULL
  197.  
  198. ==================================================================================================================
  199.  
  200. DEV_FLASH: libfs.sprx changes for CellFsAioInit/Finish (for BD-Mirror HDD)
  201.  
  202. 0xD66C in IDA | 0xD75C in HEX (libfs.prx) (4.21)
  203. ==================================================
  204. 7C 1E EA 14 78 09 00 20 88 09 00 06 7C 00 07 74
  205. 2F 80 00 6D 41 9E 00 18 2F 80 00 76 41 9E 00 10
  206. 2F 80 00 62 41 9E 00 2C 48 00 00 48 38 00 00 68
  207. 98 09 00 04 38 00 00 64 98 09 00 05 98 09 00 06
  208. 38 00 00 30 98 09 00 07 38 00 00 00 98 09 00 08
  209. 38 00 00 00 98 09 00 0A 60 00 00 00 39 20 00 00
  210. 4B FF FF 18 38 60 00 00 7C 63 07 B4 4E 80 00 20
  211. 2F 80 00 00 41 9E FF E8 2F 80 00 2F 40 9E 00 10
  212. 38 00 00 00 98 09 00 06 4B FF FF D4 88 09 00 08
  213. 7C 00 07 74 2F 80 00 2F 41 9E FF B0 2F 80 00 00
  214. 41 9E FF BC 38 00 00 00 98 09 00 09 4B FF FF A4
  215. 60 00 00 00
  216. ==================================================
  217.  
  218. LOAD:000000000000D66C add r0, r30, r29
  219. LOAD:000000000000D670 clrldi r9, r0, 32
  220. LOAD:000000000000D674 lbz r0, 6(r9)
  221. LOAD:000000000000D678 extsb r0, r0
  222. LOAD:000000000000D67C cmpwi cr7, r0, 0x6D
  223. LOAD:000000000000D680 beq cr7, loc_D698
  224. LOAD:000000000000D684 cmpwi cr7, r0, 0x76
  225. LOAD:000000000000D688 beq cr7, loc_D698
  226. LOAD:000000000000D68C cmpwi cr7, r0, 0x62
  227. LOAD:000000000000D690 beq cr7, loc_D6BC
  228. LOAD:000000000000D694 b loc_D6DC
  229. LOAD:000000000000D698 # ---------------------------------------------------------------------------
  230. LOAD:000000000000D698
  231. LOAD:000000000000D698 loc_D698: # CODE XREF: sub_D5B4+CCj
  232. LOAD:000000000000D698 # sub_D5B4+D4j
  233. LOAD:000000000000D698 li r0, 0x68 # 'h'
  234. LOAD:000000000000D69C stb r0, 4(r9)
  235. LOAD:000000000000D6A0 li r0, 0x64 # 'd'
  236. LOAD:000000000000D6A4 stb r0, 5(r9)
  237. LOAD:000000000000D6A8 stb r0, 6(r9)
  238. LOAD:000000000000D6AC li r0, 0x30 # '0'
  239. LOAD:000000000000D6B0 stb r0, 7(r9)
  240. LOAD:000000000000D6B4
  241. LOAD:000000000000D6B4 loc_D6B4: # CODE XREF: sub_D5B4+150j
  242. LOAD:000000000000D6B4 li r0, 0
  243. LOAD:000000000000D6B8 stb r0, 8(r9)
  244. LOAD:000000000000D6BC
  245. LOAD:000000000000D6BC loc_D6BC: # CODE XREF: sub_D5B4+DCj
  246. LOAD:000000000000D6BC # sub_D5B4+164j
  247. LOAD:000000000000D6BC li r0, 0
  248. LOAD:000000000000D6C0 stb r0, 0xA(r9)
  249. LOAD:000000000000D6C4 nop
  250. LOAD:000000000000D6C8
  251. LOAD:000000000000D6C8 loc_D6C8: # CODE XREF: sub_D5B4+12Cj
  252. LOAD:000000000000D6C8 # sub_D5B4+140j ...
  253. LOAD:000000000000D6C8 li r9, 0
  254. LOAD:000000000000D6CC b loc_D5E4
  255. LOAD:000000000000D6CC # End of function sub_D5B4
  256. LOAD:000000000000D6CC
  257. LOAD:000000000000D6D0
  258. LOAD:000000000000D6D0 # =============== S U B R O U T I N E =======================================
  259. LOAD:000000000000D6D0
  260. LOAD:000000000000D6D0
  261. LOAD:000000000000D6D0 _Export_sys_fs_cellFsAioFinish: # DATA XREF: LOAD:_Export_sys_fs_cellFsAioFinish_opdo
  262. LOAD:000000000000D6D0 li r3, 0
  263. LOAD:000000000000D6D4 extsw r3, r3
  264. LOAD:000000000000D6D8 blr
  265. LOAD:000000000000D6D8 # End of function _Export_sys_fs_cellFsAioFinish
  266. LOAD:000000000000D6D8
  267. LOAD:000000000000D6DC # ---------------------------------------------------------------------------
  268. LOAD:000000000000D6DC # START OF FUNCTION CHUNK FOR sub_D5B4
  269. LOAD:000000000000D6DC
  270. LOAD:000000000000D6DC loc_D6DC: # CODE XREF: sub_D5B4+E0j
  271. LOAD:000000000000D6DC cmpwi cr7, r0, 0
  272. LOAD:000000000000D6E0 beq cr7, loc_D6C8
  273. LOAD:000000000000D6E4 cmpwi cr7, r0, 0x2F
  274. LOAD:000000000000D6E8 bne cr7, loc_D6F8
  275. LOAD:000000000000D6EC li r0, 0
  276. LOAD:000000000000D6F0 stb r0, 6(r9)
  277. LOAD:000000000000D6F4 b loc_D6C8
  278. LOAD:000000000000D6F8 # ---------------------------------------------------------------------------
  279. LOAD:000000000000D6F8
  280. LOAD:000000000000D6F8 loc_D6F8: # CODE XREF: sub_D5B4+134j
  281. LOAD:000000000000D6F8 lbz r0, 8(r9)
  282. LOAD:000000000000D6FC extsb r0, r0
  283. LOAD:000000000000D700 cmpwi cr7, r0, 0x2F
  284. LOAD:000000000000D704 beq cr7, loc_D6B4
  285. LOAD:000000000000D708 cmpwi cr7, r0, 0
  286. LOAD:000000000000D70C beq cr7, loc_D6C8
  287. LOAD:000000000000D710 li r0, 0
  288. LOAD:000000000000D714 stb r0, 9(r9)
  289. LOAD:000000000000D718 b loc_D6BC
  290. LOAD:000000000000D718 # END OF FUNCTION CHUNK FOR sub_D5B4
  291. LOAD:000000000000D71C # ---------------------------------------------------------------------------
  292. LOAD:000000000000D71C nop
  293. LOAD:000000000000D720
  294.  
  295. ==================================================================================================================
  296.  
  297. LV2: 4.21CFW PEEK/POKE LV2 and PEEK/POKE LV1 (syscalls 6, 7, 8 and 9 + 10)
  298.  
  299. 800000000035BCD8 -> 8000000000001778 -> 800000000000170C syscall6 peeklv2
  300. 800000000035BCE0 -> 8000000000001780 -> 8000000000001714 syscall7 pokelv2
  301. 800000000035BCE8 -> 8000000000001788 -> 800000000000171C syscall8 peeklv1
  302. 800000000035BCF0 -> 8000000000001790 -> 800000000000173C syscall9 pokelv1
  303. 800000000035BCF8 -> 8000000000001798 -> 800000000000175C syscall10 hvfunc=%r10
  304.  
  305. 0000170C E8 63 00 00 4E 80 00 20 F8 83 00 00 4E 80 00 20 oc..NA. °A..NA.
  306. 0000171C 7C 08 02 A6 F8 01 00 10 39 60 00 B6 44 00 00 22 |..?°...9`.¦D.."
  307. 0000172C 7C 83 23 78 E8 01 00 10 7C 08 03 A6 4E 80 00 20 |A#xo...|..?NA.
  308. 0000173C 7C 08 02 A6 F8 01 00 10 39 60 00 B7 44 00 00 22 |..?°...9`.¬D.."
  309. 0000174C 38 60 00 00 E8 01 00 10 7C 08 03 A6 4E 80 00 20 8`..o...|..?NA.
  310. 0000175C 7C 08 02 A6 F8 01 00 10 7D 4B 53 78 44 00 00 22 |..?°...}KSxD.."
  311. 0000176C E8 01 00 10 7C 08 03 A6 4E 80 00 20 80 00 00 00 o...|..?NA. A...
  312. 0000177C 00 00 17 0C 80 00 00 00 00 00 17 14 80 00 00 00 ....A.......A...
  313. 0000178C 00 00 17 1C 80 00 00 00 00 00 17 3C 80 00 00 00 ....A......<A...
  314. 0000179C 00 00 17 5C
  315.  
  316. ROM:0000170C # =============== S U B R O U T I N E =======================================
  317. ROM:0000170C
  318. ROM:0000170C
  319. ROM:0000170C syscall_groove_peek: # DATA XREF: ROM:0000177Co
  320. ROM:0000170C ld r3, 0(r3)
  321. ROM:00001710 blr
  322. ROM:00001710 # End of function syscall_groove_peek
  323. ROM:00001710
  324. ROM:00001714 # .rename syscall_groove_poke, "syscall_groove poke"
  325. ROM:00001714
  326. ROM:00001714 # =============== S U B R O U T I N E =======================================
  327. ROM:00001714
  328. ROM:00001714
  329. ROM:00001714 syscall_groove_poke: # DATA XREF: ROM:00001784o
  330. ROM:00001714 std r4, 0(r3)
  331. ROM:00001718 blr
  332. ROM:00001718 # End of function syscall_groove_poke
  333. ROM:00001718
  334. ROM:0000171C # .rename syscall_graf_peek, "syscall_graf peek"
  335. ROM:0000171C
  336. ROM:0000171C # =============== S U B R O U T I N E =======================================
  337. ROM:0000171C
  338. ROM:0000171C
  339. ROM:0000171C syscall_graf_peek: # DATA XREF: ROM:0000178Co
  340. ROM:0000171C
  341. ROM:0000171C .set arg_10, 0x10
  342. ROM:0000171C
  343. ROM:0000171C mflr r0
  344. ROM:00001720 std r0, arg_10(r1)
  345. ROM:00001724 li r11, 0xB6 # '¦'
  346. ROM:00001728 hvsc # hvsc(182): lv1_undocumented_function_182
  347. ROM:0000172C mr r3, r4
  348. ROM:00001730 ld r0, arg_10(r1)
  349. ROM:00001734 mtlr r0
  350. ROM:00001738 blr
  351. ROM:00001738 # End of function syscall_graf_peek
  352. ROM:00001738
  353. ROM:0000173C # .rename syscall_graf_poke, "syscall_graf poke"
  354. ROM:0000173C
  355. ROM:0000173C # =============== S U B R O U T I N E =======================================
  356. ROM:0000173C
  357. ROM:0000173C
  358. ROM:0000173C syscall_graf_poke: # DATA XREF: ROM:00001794o
  359. ROM:0000173C
  360. ROM:0000173C .set arg_10, 0x10
  361. ROM:0000173C
  362. ROM:0000173C mflr r0
  363. ROM:00001740 std r0, arg_10(r1)
  364. ROM:00001744 li r11, 0xB7 # '¬'
  365. ROM:00001748 hvsc # hvsc(183): lv1_undocumented_function_183
  366. ROM:0000174C li r3, 0
  367. ROM:00001750 ld r0, arg_10(r1)
  368. ROM:00001754 mtlr r0
  369. ROM:00001758 blr
  370. ROM:00001758 # End of function syscall_graf_poke
  371. ROM:00001758
  372. ROM:0000175C # .rename syscall_lv2_syscall_10, "syscall_lv2 syscall 10"
  373. ROM:0000175C
  374. ROM:0000175C # =============== S U B R O U T I N E =======================================
  375. ROM:0000175C
  376. ROM:0000175C
  377. ROM:0000175C syscall_lv2_syscall_10: # DATA XREF: ROM:0000179Co
  378. ROM:0000175C
  379. ROM:0000175C .set arg_10, 0x10
  380. ROM:0000175C
  381. ROM:0000175C mflr r0
  382. ROM:00001760 std r0, arg_10(r1)
  383. ROM:00001764 mr r11, r10
  384. ROM:00001768 hvsc # hvsc(183): lv1_undocumented_function_183
  385. ROM:0000176C ld r0, arg_10(r1)
  386. ROM:00001770 mtlr r0
  387. ROM:00001774 blr
  388. ROM:00001774 # End of function syscall_lv2_syscall_10
  389. ROM:00001774
  390. ROM:00001774 # ---------------------------------------------------------------------------
  391. ROM:00001778 # .rename syscall_groove_peek_desc, "syscall_groove peek_desc"
  392. ROM:00001778 syscall_groove_peek_desc:.long 0x80000000 # DATA XREF: ROM:0035BCDCo
  393. ROM:0000177C .long syscall_groove_peek
  394. ROM:00001780 # .rename syscall_groove_poke_desc, "syscall_groove poke_desc"
  395. ROM:00001780 syscall_groove_poke_desc:.long 0x80000000 # DATA XREF: ROM:0035BCE4o
  396. ROM:00001784 .long syscall_groove_poke
  397. ROM:00001788 # .rename syscall_graf_peek_desc, "syscall_graf peek_desc"
  398. ROM:00001788 syscall_graf_peek_desc:.long 0x80000000 # DATA XREF: ROM:0035BCECo
  399. ROM:0000178C .long syscall_graf_peek
  400. ROM:00001790 # .rename syscall_graf_poke_desc, "syscall_graf poke_desc"
  401. ROM:00001790 syscall_graf_poke_desc:.long 0x80000000 # DATA XREF: ROM:0035BCF4o
  402. ROM:00001794 .long syscall_graf_poke
  403. ROM:00001798 # .rename syscall_lv2_syscall_10_desc, "syscall_lv2 syscall 10_desc"
  404. ROM:00001798 syscall_lv2_syscall_10_desc:.long 0x80000000 # DATA XREF: ROM:0035BCFCo
  405. ROM:0000179C .long syscall_lv2_syscall_10
  406.  
  407. 0035BCD8 80 00 00 00 00 00 17 78 80 00 00 00 00 00 17 80 A......xA......A
  408. 0035BCE8 80 00 00 00 00 00 17 88 80 00 00 00 00 00 17 90 A......EA......?
  409. 0035BCF8 80 00 00 00 00 00 17 98
  410.  
  411. ROM:0035BCD8 # ---------------------------------------------------------------------------
  412. ROM:0035BCD8 .long 0x80000000
  413. ROM:0035BCDC .long syscall_groove_peek_desc # Syscall 6
  414. ROM:0035BCE0 .long 0x80000000
  415. ROM:0035BCE4 .long syscall_groove_poke_desc # Syscall 7
  416. ROM:0035BCE8 .long 0x80000000
  417. ROM:0035BCEC .long syscall_graf_peek_desc # Syscall 8
  418. ROM:0035BCF0 .long 0x80000000
  419. ROM:0035BCF4 .long syscall_graf_poke_desc # Syscall 9
  420. ROM:0035BCF8 .long 0x80000000
  421. ROM:0035BCFC .long syscall_lv2_syscall_10_desc # Syscall 10
  422.  
  423. ==================================================================================================================
  424.  
  425.  
  426.  
  427. Code multiman cfw 4.21 DEX :
  428.  
  429. ==================================================================================================================
  430. LV2: Original 3.55 syscall36 code parts loaded at 0x302DE8 and 0x2EB7E0 and modified for 4.21DEX CFW as follows:
  431. ==================================================================================================================
  432.  
  433. 00302DE8 25 73 25 30 31 36 6C 78 25 30 31 36 6C 78 25 30 %s%016lx%016lx%0
  434. 00302DF8 31 36 6C 78 25 30 31 36 6C 78 25 30 31 36 6C 78 16lx%016lx%016lx
  435. 00302E08 25 64 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 %d..............
  436.  
  437. 00302E18 F8 21 FF 61 7C 08 02 A6 FB 81 00 80 FB A1 00 88 °!*a|..ævÁ.Àvá.È
  438. 00302E28 FB E1 00 98 FB 41 00 70 FB 61 00 78 F8 01 00 B0 vñ.ØvA.pva.x°..-
  439. 00302E38 7C 9C 23 78 7C 7D 1B 78 3B E0 00 01 7B FF F8 06 |Ü#x|}.x;ð..{*°.
  440. 00302E48 67 E4 00 30 60 84 2E 8C 38 A0 00 07 4B D4 F1 A5 gô.0`Ä.Ì8à..KL¸å
  441. 00302E58 28 23 00 00 40 82 00 4C 67 FF 00 2E 63 FF B8 9C (#..@Â.Lg*..c*¬Ü
  442. 00302E68 E8 7F 00 00 28 23 00 00 41 82 00 14 E8 7F 00 08 ø..(#..AÂ..ø..
  443. 00302E78 38 9D 00 09 4B D4 F1 29 EB BF 00 00 7F A3 EB 78 8Ý..KL¸)û¬..ãûx
  444. 00302E88 4B FD 68 B8 2F 64 65 76 5F 62 64 76 64 00 2F 61 K¤h¬/dev_bdvd./a
  445. 00302E98 70 70 5F 68 6F 6D 65 00 00 00 00 00 00 00 00 00 pp_home.........
  446. 00302EA8 7F A3 EB 78 3B E0 00 01 7B FF F8 06 67 E4 00 30 ãûx;ð..{*°.gô.0
  447. 00302EB8 60 84 2E 96 38 A0 00 02 4B D4 F1 39 28 23 00 00 `Ä.Ö8à..KL¸9(#..
  448. 00302EC8 40 82 00 28 67 FF 00 2E 63 FF B8 9C E8 7F 00 00 @Â.(g*..c*¬Üø..
  449. 00302ED8 28 23 00 00 41 82 00 14 E8 7F 00 08 38 9D 00 09 (#..AÂ..ø..8Ý..
  450. 00302EE8 4B D4 F0 BD EB BF 00 00 7F A3 EB 78 4B FD 68 4C KL¨-û¬..ãûxK¤hL
  451.  
  452. 002EB7E0 25 64 25 73 25 30 31 36 6C 78 25 30 31 36 6C 6C %d%s%016lx%016ll
  453. 002EB7F0 78 25 30 31 36 6C 6C 78 25 73 25 73 25 30 38 78 x%016llx%s%s%08x
  454. 002EB800 25 64 25 31 64 25 31 64 25 31 64 41 41 41 0A 00 %d%1d%1d%1dAAA..
  455.  
  456. 002EB810 F8 21 FF 31 7C 08 02 A6 F8 01 00 E0 FB E1 00 C8 °!*1|..æ°..ðvñ.L
  457. 002EB820 38 81 00 70 4B EC C5 55 3B E0 00 01 7B FF F8 06 8Á.pKü+U;ð..{*°.
  458. 002EB830 67 FF 00 2E 63 FF B8 9C E8 7F 00 00 2C 23 00 00 g*..c*¬Üø..,#..
  459. 002EB840 41 82 00 0C 38 80 00 27 4B D7 C3 E5 38 80 00 27 AÂ..8À.'K++õ8À.'
  460. 002EB850 38 60 08 00 4B D7 BF 9D F8 7F 00 00 E8 81 00 70 8`..K+¬Ý°..øÁ.p
  461. 002EB860 4B D6 67 45 E8 61 00 70 38 80 00 27 4B D7 C3 C1 KãgEøa.p8À.'K+++
  462. 002EB870 E8 7F 00 00 4B D6 67 59 E8 9F 00 00 7C 64 1A 14 ø..KãgYøß..|d..
  463. 002EB880 F8 7F 00 08 38 60 00 00 EB E1 00 C8 E8 01 00 E0 °..8`..ûñ.Lø..ð
  464. 002EB890 38 21 00 D0 7C 08 03 A6 4E 80 00 20 80 00 00 00 8!.¦|..æNÀ. À...
  465. 002EB8A0 00 59 18 00 80 00 00 00 00 59 18 09 00 00 00 00 .Y..À....Y......
  466. 002EB8B0 80 00 00 00 00 2E B8 10
  467.  
  468. Lv2Syscall2(7, 0x8000000000302E48ULL, 0x67E4003060842E8CULL ); // 302E48 oris r4, r31, 0x30 // 67 E4 00 30 60 84 2E 8C // (/dev_bdvd) // 302E4C ori r4, r4, 0x2E8C
  469. Lv2Syscall2(7, 0x8000000000302E54ULL, 0x4BD4F1A528230000ULL ); // 302E54 bl strncmp_sub_51FF8 // 4B D4 F1 A5 28 23 00 00
  470. Lv2Syscall2(7, 0x8000000000302E60ULL, 0x67FF002E63FFB89CULL ); // 302E60 oris r31, r31, 0x2E // 67 FF 00 2E 63 FF B8 9C // 302E64 ori r31, r31, 0xB89C
  471. Lv2Syscall2(7, 0x8000000000302E7CULL, 0x4BD4F129EBBF0000ULL ); // 302E7C bl strcpy_sub_51FA4 // 4B D4 F1 29 EB BF 00 00
  472. Lv2Syscall2(7, 0x8000000000302E88ULL, 0x4BFD68B82F646576ULL ); // 302E88 b loc_2D9740 // 4B FD 68 B8 2F 64 65 76 // hook_return
  473. Lv2Syscall2(7, 0x8000000000302EB4ULL, 0x67E4003060842E96ULL ); // 302EB4 oris r4, r31, 0x30 // 67 E4 00 30 60 84 2E 96 // (/app_home) // 302EB8 ori r4, r4, 0x2E96
  474. Lv2Syscall2(7, 0x8000000000302EC0ULL, 0x4BD4F13928230000ULL ); // 302EC0 bl strncmp_sub_51FF8 // 4B D4 F1 39 28 23 00 00
  475. Lv2Syscall2(7, 0x8000000000302ECCULL, 0x67FF002E63FFB89CULL ); // 302ECC oris r31, r31, 0x2E // 67 FF 00 2E 63 FF B8 9C // 302ED0 ori r31, r31, 0xB89C
  476. Lv2Syscall2(7, 0x8000000000302EE8ULL, 0x4BD4F0BDEBBF0000ULL ); // 302EE8 bl strcpy_sub_51FA4 // 4B D4 F0 BD EB BF 00 00
  477. Lv2Syscall2(7, 0x8000000000302EF4ULL, 0x4BFD684C7461636BULL ); // 302EF4 b loc_2D9740 // 4B FD 68 4C 74 61 63 6B // hook_return
  478.  
  479. Lv2Syscall2(7, 0x80000000002EB824ULL, 0x4BECC5553BE00001ULL ); // 2EB824 bl pathdup_from_user_1B7D78 // 4B EC C5 55 3B E0 00 01
  480. Lv2Syscall2(7, 0x80000000002EB830ULL, 0x67FF002E63FFB89CULL ); // 2EB830 oris r31, r31, 0x2E // 67 FF 00 2E 63 FF B8 9C // 2EB834 ori r31, r31, 0xB89C
  481. Lv2Syscall2(7, 0x80000000002EB848ULL, 0x4BD7C3E538800027ULL ); // 2EB848 bl free_sub_67C2C // 4B D7 C3 E5 38 80 00 27
  482. Lv2Syscall2(7, 0x80000000002EB854ULL, 0x4BD7BF9DF87F0000ULL ); // 2EB854 bl alloc_sub_677F0 // 4B D7 BF 9D F8 7F 00 00
  483. Lv2Syscall2(7, 0x80000000002EB860ULL, 0x4BD66745E8610070ULL ); // 2EB860 bl strcpy_sub_51FA4 // 4B D6 67 45 E8 61 00 70
  484.  
  485. Lv2Syscall2(7, 0x80000000002EB86CULL, 0x4BD7C3C1E87F0000ULL ); // 2EB86C bl free_sub_67C2C // 4B D7 C3 C1 E8 7F 00 00
  486. Lv2Syscall2(7, 0x80000000002EB874ULL, 0x4BD66759E89F0000ULL ); // 2EB874 bl strlen_sub_51FCC // 4B D6 67 59 E8 9F 00 00
  487. Lv2Syscall2(7, 0x80000000002EB8B0ULL, 0x80000000002EB810ULL ); // 2EB8B0 .long syscall_lv2_syscall_36 // 80 00 00 00 00 2E B8 10 // sc36 vector
  488.  
  489. Lv2Syscall2(7, 0x80000000002D9718ULL, 0x480297007C0802A6ULL ); // 2D9718 b sub_302E18 // hook open
  490. Lv2Syscall2(7, 0x800000000037A2D0ULL, 0x80000000002EB8B0ULL ); // enable syscall36
  491.  
  492. 302E8C aDev_bdvd: .string "/dev_bdvd"
  493. 302E96 aApp_home: .string "/app_home"
  494.  
  495. 2EB89C free/alloc address pointer -> (set by functions)
  496. 2EB8B0 syscall36 address pointer -> 0x80000000002EB810
  497.  
  498. strncmp: 51FF8
  499. strcpy: 51FA4
  500. pathdup_from_user: 1B7D78
  501. free: 67C2C
  502. alloc: 677F0
  503. strlen: 51FCC
  504. ==================================================================================================================
  505.  
  506. LV2: Additional patches for PARAM.SFO and access permissions
  507.  
  508. Lv2Syscall2(7, 0x800000000005A938ULL, 0x63FF003D60000000ULL ); // fix 8001003D error
  509. Lv2Syscall2(7, 0x800000000005A9FCULL, 0x3FE080013BE00000ULL ); // fix 8001003E error
  510.  
  511. Lv2Syscall2(7, 0x800000000005A9A8ULL, 0x419E00D860000000ULL );
  512. Lv2Syscall2(7, 0x800000000005A9B0ULL, 0x2F84000448000098ULL );
  513.  
  514. Lv2Syscall2(7, 0x800000000005E36CULL, 0x2F83000060000000ULL );
  515. Lv2Syscall2(7, 0x800000000005E380ULL, 0x2F83000060000000ULL );
  516.  
  517. ==================================================================================================================
  518.  
  519. LV2: Device mount table (for BD-Mirror USB)
  520.  
  521. dev_table=peekq(0x800000000030FB70ULL); // actual 0x8000000000470020ULL
  522.  
  523. ==================================================================================================================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!