Al-Azif

Patches702-Kernel.cpp

Sep 20th, 2020 (edited)
1,031
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // This is an open source non-commercial project. Dear PVS-Studio, please check it.
  2. // PVS-Studio Static Code Analyzer for C, C++, C#, and Java: http://www.viva64.com
  3.  
  4. #include <Boot/Patches.hpp>
  5.  
  6. /*
  7.     Please, please, please!
  8.     Keep patches consistent with the used patch style for readability.
  9. */
  10. void Mira::Boot::Patches::install_prerunPatches_702()
  11. {
  12. #if MIRA_PLATFORM == MIRA_PLATFORM_ORBIS_BSD_702
  13.     // You must assign the kernel base pointer before anything is done
  14.     if (!gKernelBase)
  15.         return;
  16.  
  17.     // Use "kmem" for all patches
  18.     uint8_t *kmem;
  19.  
  20.     // Enable UART
  21.     kmem = (uint8_t *)&gKernelBase[0x01A6EAA0];
  22.     kmem[0] = 0x00;
  23.  
  24.     // Verbose Panics
  25.     kmem = (uint8_t *)&gKernelBase[0x0013A4AE];
  26.     kmem[0] = 0x90;
  27.     kmem[1] = 0x90;
  28.     kmem[2] = 0x90;
  29.     kmem[3] = 0x90;
  30.     kmem[4] = 0x90;
  31.  
  32.     // sceSblACMgrIsAllowedSystemLevelDebugging
  33.     kmem = (uint8_t *)&gKernelBase[0x001CB060];
  34.     kmem[0] = 0xB8;
  35.     kmem[1] = 0x01;
  36.     kmem[2] = 0x00;
  37.     kmem[3] = 0x00;
  38.     kmem[4] = 0x00;
  39.     kmem[5] = 0xC3;
  40.  
  41.     kmem = (uint8_t *)&gKernelBase[0x001CB880];
  42.     kmem[0] = 0xB8;
  43.     kmem[1] = 0x01;
  44.     kmem[2] = 0x00;
  45.     kmem[3] = 0x00;
  46.     kmem[4] = 0x00;
  47.     kmem[5] = 0xC3;
  48.  
  49.     kmem = (uint8_t *)&gKernelBase[0x001CB8A0];
  50.     kmem[0] = 0xB8;
  51.     kmem[1] = 0x01;
  52.     kmem[2] = 0x00;
  53.     kmem[3] = 0x00;
  54.     kmem[4] = 0x00;
  55.     kmem[5] = 0xC3;
  56.  
  57.     // Enable rwx mapping
  58.     kmem = (uint8_t *)&gKernelBase[0x001171BE];
  59.     kmem[0] = 0x07;
  60.  
  61.     kmem = (uint8_t *)&gKernelBase[0x001171C6];
  62.     kmem[0] = 0x07;
  63.  
  64.     // Patch copyin/copyout: Allow userland + kernel addresses in both params
  65.     // copyin
  66.     kmem = (uint8_t *)&gKernelBase[0x0002F287];
  67.     kmem[0] = 0x90;
  68.     kmem[1] = 0x90;
  69.  
  70.     kmem = (uint8_t *)&gKernelBase[0x0002F293];
  71.     kmem[0] = 0x90;
  72.     kmem[1] = 0x90;
  73.     kmem[2] = 0x90;
  74.  
  75.     // copyout
  76.     kmem = (uint8_t *)&gKernelBase[0x0002F192];
  77.     kmem[0] = 0x90;
  78.     kmem[1] = 0x90;
  79.  
  80.     kmem = (uint8_t *)&gKernelBase[0x0002F19E];
  81.     kmem[0] = 0x90;
  82.     kmem[1] = 0x90;
  83.     kmem[2] = 0x90;
  84.  
  85.     // Enable MAP_SELF
  86.     kmem = (uint8_t *)&gKernelBase[0x001CB8F0];
  87.     kmem[0] = 0xB8;
  88.     kmem[1] = 0x01;
  89.     kmem[2] = 0x00;
  90.     kmem[3] = 0x00;
  91.     kmem[4] = 0x00;
  92.     kmem[5] = 0xC3;
  93.  
  94.     kmem = (uint8_t *)&gKernelBase[0x001CB910];
  95.     kmem[0] = 0xB8;
  96.     kmem[1] = 0x01;
  97.     kmem[2] = 0x00;
  98.     kmem[3] = 0x00;
  99.     kmem[4] = 0x00;
  100.     kmem[5] = 0xC3;
  101.  
  102.     kmem = (uint8_t *)&gKernelBase[0x001D40BB];
  103.     kmem[0] = 0x31;
  104.     kmem[1] = 0xC0;
  105.     kmem[2] = 0x90;
  106.     kmem[3] = 0x90;
  107.     kmem[4] = 0x90;
  108.  
  109.     // Patch copyinstr
  110.     kmem = (uint8_t *)&gKernelBase[0x0002F733];
  111.     kmem[0] = 0x90;
  112.     kmem[1] = 0x90;
  113.  
  114.     kmem = (uint8_t *)&gKernelBase[0x0002F73F];
  115.     kmem[0] = 0x90;
  116.     kmem[1] = 0x90;
  117.     kmem[2] = 0x90;
  118.  
  119.     // Patch memcpy stack
  120.     kmem = (uint8_t *)&gKernelBase[0x0002F04D];
  121.     kmem[0] = 0xEB;
  122.  
  123.     // ptrace patches
  124.     kmem = (uint8_t *)&gKernelBase[0x000448D5];
  125.     kmem[0] = 0xEB;
  126.  
  127.     // second ptrace patch
  128.     /*kmem = (uint8_t *)&gKernelBase[0x00044DAF];
  129.     kmem[0] = 0xE9;
  130.     kmem[1] = 0xE2;
  131.     kmem[2] = 0x02;
  132.     kmem[3] = 0x00;
  133.     kmem[4] = 0x00;
  134.   */
  135.  
  136.     // setlogin patch (for autolaunch check)
  137.     kmem = (uint8_t *)&gKernelBase[0x0008A8EC];
  138.     kmem[0] = 0x48;
  139.     kmem[1] = 0x31;
  140.     kmem[2] = 0xC0;
  141.     kmem[3] = 0x90;
  142.     kmem[4] = 0x90;
  143.  
  144.     // Patch to remove vm_fault: fault on nofault entry, addr %llx
  145.     kmem = (uint8_t *)&gKernelBase[0x002BF756];
  146.     kmem[0] = 0x90;
  147.     kmem[1] = 0x90;
  148.     kmem[2] = 0x90;
  149.     kmem[3] = 0x90;
  150.     kmem[4] = 0x90;
  151.     kmem[5] = 0x90;
  152.  
  153.     // Patch mprotect: Allow RWX (mprotect) mapping
  154.     kmem = (uint8_t *)&gKernelBase[0x00264C08];
  155.     kmem[0] = 0x90;
  156.     kmem[1] = 0x90;
  157.     kmem[2] = 0x90;
  158.     kmem[3] = 0x90;
  159.     kmem[4] = 0x90;
  160.     kmem[5] = 0x90;
  161.  
  162.     // flatz disable pfs signature check
  163.     kmem = (uint8_t *)&gKernelBase[0x006BE880];
  164.     kmem[0] = 0x31;
  165.     kmem[1] = 0xC0;
  166.     kmem[2] = 0xC3;
  167.  
  168.     // flatz enable debug RIFs
  169.     kmem = (uint8_t *)&gKernelBase[0x00668270];
  170.     kmem[0] = 0xB0;
  171.     kmem[1] = 0x01;
  172.     kmem[2] = 0xC3;
  173.  
  174.     kmem = (uint8_t *)&gKernelBase[0x006682A0];
  175.     kmem[0] = 0xB0;
  176.     kmem[1] = 0x01;
  177.     kmem[2] = 0xC3;
  178.  
  179.     // Enable *all* debugging logs (in vprintf)
  180.     // Patch by: SiSTRo
  181.     kmem = (uint8_t *)&gKernelBase[0x000BC817];
  182.     kmem[0] = 0xEB;
  183.     kmem[1] = 0x3B;
  184.  
  185.     // flatz allow mangled symbol in dynlib_do_dlsym
  186.     kmem = (uint8_t *)&gKernelBase[0x002F0367];
  187.     kmem[0] = 0x90;
  188.     kmem[1] = 0x90;
  189.     kmem[2] = 0x90;
  190.     kmem[3] = 0x90;
  191.     kmem[4] = 0x90;
  192.     kmem[5] = 0x90;
  193.  
  194.     // Enable mount for unprivileged user
  195.     kmem = (uint8_t *)&gKernelBase[0x0029636A];
  196.     kmem[0] = 0x90;
  197.     kmem[1] = 0x90;
  198.     kmem[2] = 0x90;
  199.     kmem[3] = 0x90;
  200.     kmem[4] = 0x90;
  201.     kmem[5] = 0x90;
  202.  
  203.     // patch suword_lwpid
  204.     // has a check to see if child_tid/parent_tid is in kernel memory, and it in so patch it
  205.     // Patch by: JOGolden
  206.     kmem = (uint8_t *)&gKernelBase[0x0002F552];
  207.     kmem[0] = 0x90;
  208.     kmem[1] = 0x90;
  209.  
  210.     kmem = (uint8_t *)&gKernelBase[0x0002F561];
  211.     kmem[0] = 0x90;
  212.     kmem[1] = 0x90;
  213.  
  214.     // Patch debug setting errors
  215.     kmem = (uint8_t *)&gKernelBase[0x005016FA];
  216.     kmem[0] = 0x00;
  217.     kmem[1] = 0x00;
  218.     kmem[2] = 0x00;
  219.     kmem[3] = 0x00;
  220.  
  221.     kmem = (uint8_t *)&gKernelBase[0x0050296C];
  222.     kmem[0] = 0x00;
  223.     kmem[1] = 0x00;
  224.     kmem[2] = 0x00;
  225.     kmem[3] = 0x00;
  226.  
  227. #endif
  228. }
  229.  
RAW Paste Data