API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 24th, 2012
413
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 4.21 KB | None | 0 0
raw download clone embed print report
  1. //Author:Shadoxi
  2. //Replace libsysutil_np_trophy.sprx in flash/internal by this code
  3. //Some evil crash due to size of dump
  4.  
  5. SYS_MODULE_INFO(sceNpTrophyhook, 0, 1, 0 );
  6. SYS_MODULE_START( _start );
  7. SYS_MODULE_STOP( _stop );
  8.  
  9. SYS_LIB_DECLARE( sceNpTrophyhook, SYS_LIB_AUTO_EXPORT | SYS_LIB_WEAK_IMPORT );
  10.  
  11. SYS_LIB_EXPORT( loader_sprx, sceNpTrophyhook );
  12.  
  13. int _start(void);
  14. int _stop(void);
  15. void loader_sprx(const char* PATH_PRX);
  16.  
  17.  
  18. static inline CellFsErrno lv2FsOpen(const char* path, uint32_t oflags, int* fd, uint32_t mode, const void* arg, uint64_t argsize) {
  19. system_call_6(801, (uint64_t)path, oflags, (uint64_t)fd, mode, (uint64_t)arg, argsize);
  20. return_to_user_prog(CellFsErrno);
  21. }
  22. static inline CellFsErrno lv2FsRead(int fd, void* buf, uint64_t size, uint64_t* read_e)
  23. {
  24. system_call_4(802, fd, (uint64_t)buf, size, (uint64_t)read_e);
  25. return_to_user_prog(CellFsErrno);
  26. }
  27.  
  28. static inline CellFsErrno lv2FsWrite(int fd, const void* buf, uint64_t size, uint64_t* written)
  29. {
  30. system_call_4(803, fd, (uint64_t)buf, size, (uint64_t)written);
  31. return_to_user_prog(CellFsErrno);
  32. }
  33.  
  34. static inline CellFsErrno lv2FsClose(int fd)
  35. {
  36. system_call_1(804, fd);
  37. return_to_user_prog(CellFsErrno);
  38. }
  39. static void write_message (char const * message)
  40. {
  41.  
  42. unsigned int write_length;
  43. char const * end;
  44. for (end = message; *end != '\0'; ++end);
  45.  
  46. sys_tty_write(SYS_TTYP_PPU_STDERR, message,end - message, &write_length);
  47.  
  48. }
  49. void DumpELF_Payload()
  50. {
  51. write_message("Dumping ELF from RAM\n");
  52. int fd,res ;
  53. uint64_t i,nread,ptr;
  54. uint64_t sizeelf = 25*1024*1024 ;
  55. //Need a way to get size of ELF
  56. if(lv2FsOpen("/dev_hdd0/DUMPEDBOOT.bin", CELL_FS_O_RDONLY, &fd, 0,NULL, 0) != 0) //exist ?
  57. {
  58. write_message("DumpedEBOOT.bin\n");
  59. lv2FsOpen("/dev_hdd0/DUMPEDBOOT.bin", CELL_FS_O_RDWR|CELL_FS_O_CREAT, &fd, 0,NULL, 0) ;
  60.  
  61. for(i = 0; i < sizeelf ; i+=8)
  62. {
  63. ptr = *(uint64_t*)(0x00010000ULL+i); //Tb decrypted offset
  64. if((ptr == 0x7F454C4601020100ULL) && (i != 0))
  65. return;
  66. lv2FsWrite(fd, (void*)&ptr, 8, &nread);
  67.  
  68.  
  69. }
  70. lv2FsClose(fd);
  71. return;
  72. }
  73. else if(lv2FsOpen("/dev_hdd0/DUMPEDBOOT1.bin", CELL_FS_O_RDONLY, &fd, 0,NULL, 0) != 0)
  74. {
  75. write_message("DumpedEBOOT1.bin\n");
  76. lv2FsOpen("/dev_hdd0/DUMPEDBOOT1.bin", CELL_FS_O_RDWR|CELL_FS_O_CREAT, &fd, 0,NULL, 0) ;
  77.  
  78. for(i = 0; i < sizeelf ; i+=8)
  79. {
  80. ptr = *(uint64_t*)(0x00010000ULL+i);//Tb decrypted offset
  81. if((ptr == 0x7F454C4601020100ULL) && (i != 0))
  82. return;
  83. lv2FsWrite(fd, (void*)&ptr, 8, &nread);
  84.  
  85. }
  86. lv2FsClose(fd);
  87. return;
  88. }
  89. else if(lv2FsOpen("/dev_hdd0/DUMPEDBOOT2.bin", CELL_FS_O_RDONLY, &fd, 0,NULL, 0) != 0)
  90. {
  91. write_message("DumpedEBOOT2.bin\n");
  92. lv2FsOpen("/dev_hdd0/DUMPEDBOOT2.bin", CELL_FS_O_RDWR|CELL_FS_O_CREAT, &fd, 0,NULL, 0) ;
  93.  
  94. for(i = 0; i < sizeelf ; i+=8)
  95. {
  96. ptr = *(uint64_t*)(0x00010000ULL+i);//Tb decrypted offset
  97. if((ptr == 0x7F454C4601020100ULL) && (i != 0))
  98. return;
  99. lv2FsWrite(fd, (void*)&ptr, 8, &nread);
  100. }
  101. lv2FsClose(fd);
  102. return;
  103. }
  104. else if(lv2FsOpen("/dev_hdd0/DUMPEDBOOT3.bin", CELL_FS_O_RDONLY, &fd, 0,NULL, 0) != 0)
  105. {
  106. write_message("DumpedEBOOT2.bin\n");//Tb decrypted offset
  107. lv2FsOpen("/dev_hdd0/DUMPEDBOOT3.bin", CELL_FS_O_RDWR|CELL_FS_O_CREAT, &fd, 0,NULL, 0) ;
  108.  
  109. for(i = 0; i < sizeelf ; i+=8)
  110. {
  111. ptr = *(uint64_t*)(0x00010000ULL+i);//Tb decrypted offset
  112. if((&ptr == 0x7F454C4601020100ULL) && i != 0)
  113. return;
  114. lv2FsWrite(fd, (void*)&ptr, 8, &nread);
  115. }
  116. lv2FsClose(fd);
  117. return;
  118. }
  119. else
  120. {
  121. write_message("remove dumpedeboot\n");
  122. }
  123.  
  124. lv2FsClose(fd); //Close file
  125.  
  126. }
  127.  
  128. void loader_sprx(const char* PATH_PRX)
  129. {
  130. sys_prx_id_t prx_id ;
  131. write_message ("Loading a prx ... ");
  132. prx_id = sys_prx_load_module(PATH_PRX,0, NULL);
  133. if (prx_id < CELL_OK) {
  134. write_message ("Failed LOADING\n");
  135. return;
  136. } else {
  137. write_message ("OK loading\n");
  138. }
  139. int modres;
  140. int res1 = sys_prx_start_module( prx_id, 0, NULL, &modres, 0, NULL );
  141. if (res1 < CELL_OK)
  142. {
  143. write_message ("start Failed \n");
  144.  
  145. }
  146. }
  147.  
  148. int _start(void)
  149. {
  150. int wait = 0;
  151. write_message ("By shadoxi\n");
  152. //DUMP Decrypted noDrm TB
  153. DumpELF_Payload();
  154. //load original libsysutil_np_trophy for game
  155. loader_sprx("/dev_hdd0/game/TEST00000/USRDIR/orignal_libsysutil_np_trophy.sprx");//place here original libsysutil_np_trophy.sprx
  156. return SYS_PRX_RESIDENT;
  157. }
  158.  
  159. int _stop(void)
  160. {
  161. return SYS_PRX_STOP_OK;
  162. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!