Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Aug 24th, 2012  |  syntax: C++  |  size: 4.21 KB  |  views: 347  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. //Author:Shadoxi
  2. //Replace libsysutil_np_trophy.sprx in flash/internal by this code
  3. //Some evil crash due to size of dump
  4.  
  5. SYS_MODULE_INFO(sceNpTrophyhook, 0, 1, 0 );
  6. SYS_MODULE_START( _start );
  7. SYS_MODULE_STOP( _stop );
  8.  
  9. SYS_LIB_DECLARE( sceNpTrophyhook, SYS_LIB_AUTO_EXPORT | SYS_LIB_WEAK_IMPORT );
  10.  
  11. SYS_LIB_EXPORT( loader_sprx, sceNpTrophyhook );
  12.  
  13. int _start(void);
  14. int _stop(void);
  15. void loader_sprx(const char* PATH_PRX);
  16.  
  17.  
  18. static inline CellFsErrno lv2FsOpen(const char* path, uint32_t oflags, int* fd, uint32_t mode, const void* arg, uint64_t argsize) {
  19. system_call_6(801, (uint64_t)path, oflags, (uint64_t)fd, mode, (uint64_t)arg, argsize);
  20. return_to_user_prog(CellFsErrno);
  21. }
  22. static inline CellFsErrno lv2FsRead(int fd, void* buf, uint64_t size, uint64_t* read_e)
  23. {
  24. system_call_4(802, fd, (uint64_t)buf, size, (uint64_t)read_e);
  25. return_to_user_prog(CellFsErrno);
  26. }
  27.  
  28. static inline CellFsErrno lv2FsWrite(int fd, const void* buf, uint64_t size, uint64_t* written)
  29. {
  30. system_call_4(803, fd, (uint64_t)buf, size, (uint64_t)written);
  31. return_to_user_prog(CellFsErrno);
  32. }
  33.  
  34. static inline CellFsErrno lv2FsClose(int fd)
  35. {
  36. system_call_1(804, fd);
  37. return_to_user_prog(CellFsErrno);
  38. }
  39. static void write_message (char const * message)
  40. {
  41.  
  42. unsigned int write_length;
  43. char const * end;
  44. for (end = message; *end != '\0'; ++end);
  45.  
  46. sys_tty_write(SYS_TTYP_PPU_STDERR, message,end - message, &write_length);
  47.  
  48. }
  49. void DumpELF_Payload()
  50. {
  51. write_message("Dumping ELF from RAM\n");
  52. int fd,res ;
  53. uint64_t i,nread,ptr;
  54. uint64_t sizeelf = 25*1024*1024 ;
  55. //Need a way to get size of ELF
  56. if(lv2FsOpen("/dev_hdd0/DUMPEDBOOT.bin", CELL_FS_O_RDONLY, &fd, 0,NULL, 0) != 0) //exist ?
  57. {
  58. write_message("DumpedEBOOT.bin\n");
  59. lv2FsOpen("/dev_hdd0/DUMPEDBOOT.bin", CELL_FS_O_RDWR|CELL_FS_O_CREAT, &fd, 0,NULL, 0) ;
  60.  
  61. for(i = 0; i < sizeelf ; i+=8)
  62. {
  63. ptr = *(uint64_t*)(0x00010000ULL+i); //Tb decrypted offset
  64. if((ptr == 0x7F454C4601020100ULL) && (i != 0))
  65. return;
  66. lv2FsWrite(fd, (void*)&ptr, 8, &nread);
  67.  
  68.  
  69. }
  70. lv2FsClose(fd);
  71. return;
  72. }
  73. else if(lv2FsOpen("/dev_hdd0/DUMPEDBOOT1.bin", CELL_FS_O_RDONLY, &fd, 0,NULL, 0) != 0)
  74. {
  75. write_message("DumpedEBOOT1.bin\n");
  76. lv2FsOpen("/dev_hdd0/DUMPEDBOOT1.bin", CELL_FS_O_RDWR|CELL_FS_O_CREAT, &fd, 0,NULL, 0) ;
  77.  
  78. for(i = 0; i < sizeelf ; i+=8)
  79. {
  80. ptr = *(uint64_t*)(0x00010000ULL+i);//Tb decrypted offset
  81. if((ptr == 0x7F454C4601020100ULL) && (i != 0))
  82. return;
  83. lv2FsWrite(fd, (void*)&ptr, 8, &nread);
  84.  
  85. }
  86. lv2FsClose(fd);
  87. return;
  88. }
  89. else if(lv2FsOpen("/dev_hdd0/DUMPEDBOOT2.bin", CELL_FS_O_RDONLY, &fd, 0,NULL, 0) != 0)
  90. {
  91. write_message("DumpedEBOOT2.bin\n");
  92. lv2FsOpen("/dev_hdd0/DUMPEDBOOT2.bin", CELL_FS_O_RDWR|CELL_FS_O_CREAT, &fd, 0,NULL, 0) ;
  93.  
  94. for(i = 0; i < sizeelf ; i+=8)
  95. {
  96. ptr = *(uint64_t*)(0x00010000ULL+i);//Tb decrypted offset
  97. if((ptr == 0x7F454C4601020100ULL) && (i != 0))
  98. return;
  99. lv2FsWrite(fd, (void*)&ptr, 8, &nread);
  100. }
  101. lv2FsClose(fd);
  102. return;
  103. }
  104. else if(lv2FsOpen("/dev_hdd0/DUMPEDBOOT3.bin", CELL_FS_O_RDONLY, &fd, 0,NULL, 0) != 0)
  105. {
  106. write_message("DumpedEBOOT2.bin\n");//Tb decrypted offset
  107. lv2FsOpen("/dev_hdd0/DUMPEDBOOT3.bin", CELL_FS_O_RDWR|CELL_FS_O_CREAT, &fd, 0,NULL, 0) ;
  108.  
  109. for(i = 0; i < sizeelf ; i+=8)
  110. {
  111. ptr = *(uint64_t*)(0x00010000ULL+i);//Tb decrypted offset
  112. if((&ptr == 0x7F454C4601020100ULL) && i != 0)
  113. return;
  114. lv2FsWrite(fd, (void*)&ptr, 8, &nread);
  115. }
  116. lv2FsClose(fd);
  117. return;
  118. }
  119. else
  120. {
  121. write_message("remove dumpedeboot\n");
  122. }
  123.  
  124. lv2FsClose(fd); //Close file
  125.  
  126. }
  127.  
  128. void loader_sprx(const char* PATH_PRX)
  129. {
  130. sys_prx_id_t prx_id ;
  131. write_message ("Loading a prx ... ");
  132. prx_id = sys_prx_load_module(PATH_PRX,0, NULL);
  133. if (prx_id < CELL_OK) {
  134. write_message ("Failed LOADING\n");
  135. return;
  136. } else {
  137. write_message ("OK loading\n");
  138. }
  139. int modres;
  140. int res1 = sys_prx_start_module( prx_id, 0, NULL, &modres, 0, NULL );
  141. if (res1 < CELL_OK)
  142. {
  143. write_message ("start Failed \n");
  144.  
  145. }
  146. }
  147.  
  148. int _start(void)
  149. {
  150. int wait = 0;
  151. write_message ("By shadoxi\n");
  152. //DUMP Decrypted noDrm TB
  153. DumpELF_Payload();
  154. //load original libsysutil_np_trophy for game
  155. loader_sprx("/dev_hdd0/game/TEST00000/USRDIR/orignal_libsysutil_np_trophy.sprx");//place here original libsysutil_np_trophy.sprx
  156. return SYS_PRX_RESIDENT;
  157. }
  158.  
  159. int _stop(void)
  160. {
  161. return SYS_PRX_STOP_OK;
  162. }