API tools faq
paste
Advertisement
Guest User

Ps3exploits.com

a guest
Sep 3rd, 2010
206
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.90 KB | None | 0 0
raw download clone embed print report
  1. #include <pspkernel.h>
  2. #include <pspsdk.h>
  3. #include <pspusb.h>
  4. #include <pspusbbus.h>
  5. #include <string.h>
  6. #include "descriptors.h"
  7. #include "usb.h"
  8. #include "psgroove.h"
  9.  
  10. /********************************************************************************/
  11. /*------------------------------------------------------------------------------*/
  12. /* PsGroove Emulation */
  13. /*------------------------------------------------------------------------------*/
  14.  
  15. /*------------------------------------------------------------------------------*/
  16. #define PORT_EMPTY 0x0100 /* powered only */
  17. #define PORT_FULL 0x0103 /* connected, enabled, powered, full-speed */
  18. #define C_PORT_CONN 0x0001 /* connection */
  19. #define C_PORT_RESET 0x0010 /* reset */
  20. #define C_PORT_NONE 0x0000 /* no change */
  21. unsigned short port_status[6] = { PORT_EMPTY, PORT_EMPTY, PORT_EMPTY, PORT_EMPTY, PORT_EMPTY, PORT_EMPTY };
  22. unsigned short port_change[6] = { C_PORT_NONE, C_PORT_NONE, C_PORT_NONE, C_PORT_NONE, C_PORT_NONE, C_PORT_NONE };
  23. enum {
  24. init,
  25. wait_hub_ready,
  26. hub_ready,
  27. p1_wait_reset,
  28. p1_wait_enumerate,
  29. p1_ready,
  30. p2_wait_reset,
  31. p2_wait_enumerate,
  32. p2_ready,
  33. p3_wait_reset,
  34. p3_wait_enumerate,
  35. p3_ready,
  36. p2_wait_disconnect,
  37. p4_wait_connect,
  38. p4_wait_reset,
  39. p4_wait_enumerate,
  40. p4_ready,
  41. p5_wait_reset,
  42. p5_wait_enumerate,
  43. p5_challenged,
  44. p5_responded,
  45. p3_wait_disconnect,
  46. p3_disconnected,
  47. p5_wait_disconnect,
  48. p5_disconnected,
  49. p4_wait_disconnect,
  50. p4_disconnected,
  51. p1_wait_disconnect,
  52. p1_disconnected,
  53. p6_wait_reset,
  54. p6_wait_enumerate,
  55. done,
  56. } state = init;
  57.  
  58. unsigned char hub_int_response = 0x00;
  59. unsigned char hub_int_force_data0 = 0;
  60. int last_port_conn_clear = 0;
  61. int last_port_reset_clear = 0;
  62.  
  63. unsigned char port_addr[7] = { -1, -1, -1, -1, -1, -1, -1 };
  64. unsigned char port_cur = -1;
  65.  
  66. /*------------------------------------------------------------------------------*/
  67.  
  68. /*------------------------------------------------------------------------------*/
  69. /*PsGroove_Timer */
  70. /*------------------------------------------------------------------------------*/
  71. volatile unsigned char expire = 0; /* counts down every 10 milliseconds */
  72. void PsGroove_Timer( void )
  73. {
  74. if (expire > 0)
  75. expire--;
  76. }
  77.  
  78. /*------------------------------------------------------------------------------*/
  79. /*PsGroove_Panic */
  80. /*------------------------------------------------------------------------------*/
  81. void PsGroove_Panic()
  82. {
  83. //TODO: Don't Panic!
  84. }
  85.  
  86. /*------------------------------------------------------------------------------*/
  87. /*PsGroove_Switch_Port */
  88. /*------------------------------------------------------------------------------*/
  89. void PsGroove_Switch_Port(int8_t port)
  90. {
  91. if (port_cur == port) return;
  92. port_cur = port;
  93. if (port_addr[port] < 0)
  94. port_addr[port] = 0;
  95.  
  96. //TODO: I can't port this two lines
  97. //UDADDR = port_addr[port] & 0x7f;
  98. //UDADDR |= (1 << ADDEN);
  99. }
  100.  
  101. /*------------------------------------------------------------------------------*/
  102. /*PsGroove_Connect_Port */
  103. /*------------------------------------------------------------------------------*/
  104. void PsGroove_Connect_Port(int port)
  105. {
  106. last_port_reset_clear = 0;
  107. hub_int_response = (1 << port);
  108. port_status[port - 1] = PORT_FULL;
  109. port_change[port - 1] = C_PORT_CONN;
  110. }
  111.  
  112. /*------------------------------------------------------------------------------*/
  113. /*PsGroove_Disconnect_Port */
  114. /*------------------------------------------------------------------------------*/
  115. void PsGroove_Disconnect_Port(int port)
  116. {
  117. last_port_conn_clear = 0;
  118. hub_int_response = (1 << port);
  119. port_status[port - 1] = PORT_EMPTY;
  120. port_change[port - 1] = C_PORT_CONN;
  121. }
  122.  
  123. /*------------------------------------------------------------------------------*/
  124. /*PsGroove_GetDescription */
  125. /*------------------------------------------------------------------------------*/
  126. unsigned short PsGroove_GetDescription(unsigned char DescriptorType, unsigned char DescriptorNumber, unsigned short wLength, const void** const DescriptorAddress)
  127. {
  128. void* Address = NULL;
  129. unsigned short Size = 0;
  130.  
  131. switch(DescriptorType)
  132. {
  133. case 0x01: //DTYPE_Device
  134. switch (port_cur) {
  135. //case 0:
  136. // Address = (void *) HUB_Device_Descriptor;
  137. // Size = sizeof(HUB_Device_Descriptor);
  138. // break;
  139. case 1:
  140. Address = (void *) port1_device_descriptor;
  141. Size = sizeof(port1_device_descriptor);
  142. break;
  143. case 2:
  144. Address = (void *) port2_device_descriptor;
  145. Size = sizeof(port2_device_descriptor);
  146. break;
  147. case 3:
  148. Address = (void *) port3_device_descriptor;
  149. Size = sizeof(port3_device_descriptor);
  150. break;
  151. case 4:
  152. Address = (void *) port4_device_descriptor;
  153. Size = sizeof(port4_device_descriptor);
  154. break;
  155. case 5:
  156. Address = (void *) port5_device_descriptor;
  157. Size = sizeof(port5_device_descriptor);
  158. break;
  159. case 6:
  160. Address = (void *) port6_device_descriptor;
  161. Size = sizeof(port6_device_descriptor);
  162. break;
  163. }
  164. break;
  165. case 0x02: //DTYPE_Configuration
  166. switch (port_cur) {
  167. //case 0:
  168. // Address = (void *) HUB_Config_Descriptor;
  169. // Size = sizeof(HUB_Config_Descriptor);
  170. // break;
  171. case 1:
  172. // 4 configurations are the same.
  173. // For the initial 8-byte request, we give a different
  174. // length response than in the full request.
  175. if (DescriptorNumber < 4) {
  176. if (wLength == 8) {
  177. Address = (void *) port1_short_config_descriptor;
  178. Size = sizeof(port1_short_config_descriptor);
  179. } else {
  180. Address = (void *) port1_config_descriptor;
  181. Size = sizeof(port1_config_descriptor);
  182. }
  183. if (DescriptorNumber == 3 && wLength > 8) {
  184. state = p1_ready;
  185. expire = 10;
  186. }
  187. }
  188. break;
  189. case 2:
  190. // only 1 config
  191. Address = (void *) port2_config_descriptor;
  192. Size = sizeof(port2_config_descriptor);
  193. state = p2_ready;
  194. expire = 15;
  195. break;
  196. case 3:
  197. // 2 configurations are the same
  198. Address = (void *) port3_config_descriptor;
  199. Size = sizeof(port3_config_descriptor);
  200. if (DescriptorNumber == 1 && wLength > 8) {
  201. state = p3_ready;
  202. expire = 10;
  203. }
  204. break;
  205. case 4:
  206. // 3 configurations
  207. if (DescriptorNumber == 0) {
  208. Address = (void *) port4_config_descriptor_1;
  209. Size = sizeof(port4_config_descriptor_1);
  210. } else if (DescriptorNumber == 1) {
  211. if (wLength == 8) {
  212. Address = (void *) port4_short_config_descriptor_2;
  213. Size = sizeof(port4_short_config_descriptor_2);
  214. } else {
  215. Address = (void *) port4_config_descriptor_2;
  216. Size = sizeof(port4_config_descriptor_2);
  217. }
  218. } else if (DescriptorNumber == 2) {
  219. Address = (void *) port4_config_descriptor_3;
  220. Size = sizeof(port4_config_descriptor_3);
  221. if (wLength > 8) {
  222. state = p4_ready;
  223. expire = 20; // longer seems to help this one?
  224. }
  225. }
  226. break;
  227. case 5:
  228. // 1 config
  229. Address = (void *) port5_config_descriptor;
  230. Size = sizeof(port5_config_descriptor);
  231. break;
  232. case 6:
  233. // 1 config
  234. Address = (void *) port6_config_descriptor;
  235. Size = sizeof(port6_config_descriptor);
  236. break;
  237. }
  238. break;
  239. //case 0x29: // HUB descriptor (always to port 0 we'll assume)
  240. // switch (port_cur) {
  241. // case 0:
  242. // Address = (void *) HUB_Hub_Descriptor;
  243. // Size = sizeof(HUB_Hub_Descriptor);
  244. // break;
  245. // }
  246. // break;
  247. }
  248.  
  249. return Size;
  250. }
  251.  
  252. /*------------------------------------------------------------------------------*/
  253. /*PsGroove_UnhandledControlRequest */
  254. /*------------------------------------------------------------------------------*/
  255. void PsGroove_UnhandledControlRequest(struct DeviceRequest USB_ControlRequest)
  256. {
  257. if (port_cur == 6 && USB_ControlRequest.bRequest == 0xAA) {
  258. /* holy crap, it worked! */
  259. //Endpoint_ClearSETUP();
  260. //Endpoint_ClearIN();
  261. //Endpoint_ClearStatusStage();
  262. state = done;
  263. return;
  264. }
  265.  
  266. if (port_cur == 5 && USB_ControlRequest.bRequest == 11 /*REQ_SetInterface*/)
  267. {
  268. /* can ignore this */
  269. //Endpoint_ClearSETUP();
  270. //Endpoint_ClearIN();
  271. //Endpoint_ClearStatusStage();
  272. return;
  273. }
  274.  
  275. if (port_cur == 0 &&
  276. USB_ControlRequest.bmRequestType == 0xA0 &&
  277. USB_ControlRequest.bRequest == 0x00 && // GET HUB STATUS
  278. USB_ControlRequest.wValue == 0x00 &&
  279. USB_ControlRequest.wIndex == 0x00 &&
  280. USB_ControlRequest.wLength == 0x04) {
  281. //Endpoint_ClearSETUP();
  282. //Endpoint_Write_Word_LE(0x0000); // wHubStatus
  283. //Endpoint_Write_Word_LE(0x0000); // wHubChange
  284. //Endpoint_ClearIN();
  285. //Endpoint_ClearStatusStage();
  286. unsigned short Empty[] = {0x0000, 0x0000};
  287. UsbWriteData(Empty, 4); // wHubStatus, wHubChange
  288. return;
  289. }
  290.  
  291. if (port_cur == 0 &&
  292. USB_ControlRequest.bmRequestType == 0xA3 &&
  293. USB_ControlRequest.bRequest == 0x00 && // GET PORT STATUS
  294. USB_ControlRequest.wValue == 0x00 &&
  295. USB_ControlRequest.wLength == 0x04) {
  296. unsigned char p = USB_ControlRequest.wIndex;
  297. if (p < 1 || p > 6) return;
  298.  
  299. //Endpoint_ClearSETUP();
  300. //Endpoint_Write_Word_LE(port_status[p - 1]); // wHubStatus
  301. //Endpoint_Write_Word_LE(port_change[p - 1]); // wHubChange
  302. //Endpoint_ClearIN();
  303. //Endpoint_ClearStatusStage();
  304.  
  305. unsigned char Package[] = {port_status[p - 1], port_status[p], port_change[p - 1], port_change[p]};
  306. UsbWriteData(Package, 4); // wHubStatus, wHubChange
  307. return;
  308. }
  309.  
  310. if (port_cur == 0 &&
  311. USB_ControlRequest.bmRequestType == 0x23 &&
  312. USB_ControlRequest.bRequest == 0x03 && // SET_FEATURE
  313. USB_ControlRequest.wLength == 0x00) {
  314. unsigned char p = USB_ControlRequest.wIndex;
  315. if (p < 1 || p > 6) return;
  316.  
  317. //Endpoint_ClearSETUP();
  318. //Endpoint_ClearIN();
  319. //Endpoint_ClearStatusStage();
  320.  
  321. switch(USB_ControlRequest.wValue) {
  322. case 0x0008: // PORT_POWER
  323. if (p == 6 && state == init) {
  324. /* after the 6th port is powered, wait a bit and continue */
  325. state = hub_ready;
  326. expire = 15;
  327. }
  328. break;
  329. case 0x0004: // PORT_RESET
  330. hub_int_response = (1 << p);
  331. port_change[p - 1] |= C_PORT_RESET;
  332. break;
  333. }
  334. return;
  335. }
  336.  
  337. if (port_cur == 0 &&
  338. USB_ControlRequest.bmRequestType == 0x23 &&
  339. USB_ControlRequest.bRequest == 0x01 && // CLEAR_FEATURE
  340. USB_ControlRequest.wLength == 0x00) {
  341. unsigned char p = USB_ControlRequest.wIndex;
  342. if (p < 1 || p > 6) return;
  343.  
  344. //Endpoint_ClearSETUP();
  345. //Endpoint_ClearIN();
  346. //Endpoint_ClearStatusStage();
  347.  
  348. switch(USB_ControlRequest.wValue) {
  349. case 0x0010: // C_PORT_CONNECTION
  350. port_change[p - 1] &= ~C_PORT_CONN;
  351. last_port_conn_clear = p;
  352. break;
  353. case 0x0014: // C_PORT_RESET
  354. port_change[p - 1] &= ~C_PORT_RESET;
  355. last_port_reset_clear = p;
  356. break;
  357. }
  358. return;
  359. }
  360.  
  361. PsGroove_Panic();
  362. }
  363.  
  364. /*------------------------------------------------------------------------------*/
  365. /*PsGroove_JIG_Task */
  366. /*------------------------------------------------------------------------------*/
  367. const unsigned char jig_response[64] = {
  368. 0x80, 0x00, 0x00, 0x00, 0x00, 0x3d, 0xee, 0x78, 0x80, 0x00, 0x00, 0x00, 0x00, 0x3d, 0xee, 0x88,
  369. 0x80, 0x00, 0x00, 0x00, 0x00, 0x33, 0xe7, 0x20, 0xe8, 0x83, 0xff, 0xf0, 0xe8, 0x63, 0xff, 0xf8,
  370. 0xe8, 0xa3, 0x00, 0x18, 0x38, 0x63, 0x10, 0x00, 0x7c, 0x04, 0x28, 0x00, 0x40, 0x82, 0xff, 0xf4,
  371. 0x38, 0xc3, 0xf0, 0x20, 0x7c, 0xc9, 0x03, 0xa6, 0x4e, 0x80, 0x04, 0x20, 0x04, 0x00, 0x00, 0x00,
  372. };
  373. void PsGroove_JIG_Task(void)
  374. {
  375. static int bytes_out = 0, bytes_in = 0;
  376. unsigned char buffer[0x100];
  377.  
  378. //Endpoint_Discard_Stream(8, NO_STREAM_CALLBACK);
  379. UsbReadData(buffer, 8);
  380. bytes_out += 8;
  381. if (bytes_out >= 64)
  382. {
  383. state = p5_challenged;
  384. expire = 50; // was 90
  385. }
  386.  
  387. if (state == p5_challenged && expire == 0)
  388. {
  389. if (bytes_in < 64) {
  390. UsbWriteData(&jig_response[bytes_in], 8);
  391. bytes_in += 8;
  392. if (bytes_in >= 64) {
  393. state = p5_responded;
  394. expire = 15;
  395. }
  396. }
  397. }
  398. }
  399.  
  400. /*------------------------------------------------------------------------------*/
  401. /*PsGroove_Start */
  402. /*------------------------------------------------------------------------------*/
  403. void PsGroove_Start()
  404. {
  405. //TODO: start the timer.... (PsGroove_Timer each 10 ms.)
  406. state = init;
  407. PsGroove_Switch_Port(0);
  408.  
  409. for (;;)
  410. {
  411. /*if (port_cur == 0)
  412. HUB_Task();*/
  413.  
  414. if (port_cur == 5)
  415. PsGroove_JIG_Task();
  416.  
  417.  
  418. // connect 1
  419. if (state == hub_ready && expire == 0)
  420. {
  421. PsGroove_Connect_Port(1);
  422. state = p1_wait_reset;
  423. }
  424.  
  425. if (state == p1_wait_reset && last_port_reset_clear == 1)
  426. {
  427. PsGroove_Switch_Port(1);
  428. state = p1_wait_enumerate;
  429. }
  430.  
  431. // connect 2
  432. if (state == p1_ready && expire == 0)
  433. {
  434. PsGroove_Switch_Port(0);
  435. PsGroove_Connect_Port(2);
  436. state = p2_wait_reset;
  437. }
  438.  
  439. if (state == p2_wait_reset && last_port_reset_clear == 2)
  440. {
  441. PsGroove_Switch_Port(2);
  442. state = p2_wait_enumerate;
  443. }
  444.  
  445. // connect 3
  446. if (state == p2_ready && expire == 0)
  447. {
  448. PsGroove_Switch_Port(0);
  449. PsGroove_Connect_Port(3);
  450. state = p3_wait_reset;
  451. }
  452.  
  453. if (state == p3_wait_reset && last_port_reset_clear == 3)
  454. {
  455. PsGroove_Switch_Port(3);
  456. state = p3_wait_enumerate;
  457. }
  458.  
  459. // disconnect 2
  460. if (state == p3_ready && expire == 0)
  461. {
  462. PsGroove_Switch_Port(0);
  463. PsGroove_Disconnect_Port(2);
  464. state = p2_wait_disconnect;
  465. }
  466.  
  467. if (state == p2_wait_disconnect && last_port_conn_clear == 2)
  468. {
  469. state = p4_wait_connect;
  470. expire = 15;
  471. }
  472.  
  473. // connect 4
  474. if (state == p4_wait_connect && expire == 0)
  475. {
  476. PsGroove_Connect_Port(4);
  477. state = p4_wait_reset;
  478. }
  479.  
  480. if (state == p4_wait_reset && last_port_reset_clear == 4)
  481. {
  482. PsGroove_Switch_Port(4);
  483. state = p4_wait_enumerate;
  484. }
  485.  
  486. // connect 5
  487. if (state == p4_ready && expire == 0)
  488. {
  489. PsGroove_Switch_Port(0);
  490. /* When first connecting port 5, we need to
  491. have the wrong data toggle for the PS3 to
  492. respond */
  493. hub_int_force_data0 = 1;
  494. PsGroove_Connect_Port(5);
  495. state = p5_wait_reset;
  496. }
  497.  
  498. if (state == p5_wait_reset && last_port_reset_clear == 5)
  499. {
  500. PsGroove_Switch_Port(5);
  501. state = p5_wait_enumerate;
  502. }
  503.  
  504. // disconnect 3
  505. if (state == p5_responded && expire == 0)
  506. {
  507. PsGroove_Switch_Port(0);
  508. /* Need wrong data toggle again */
  509. hub_int_force_data0 = 1;
  510. PsGroove_Disconnect_Port(3);
  511. state = p3_wait_disconnect;
  512. }
  513.  
  514. if (state == p3_wait_disconnect && last_port_conn_clear == 3)
  515. {
  516. state = p3_disconnected;
  517. expire = 45;
  518. }
  519.  
  520. // disconnect 5
  521. if (state == p3_disconnected && expire == 0)
  522. {
  523. PsGroove_Switch_Port(0);
  524. PsGroove_Disconnect_Port(5);
  525. state = p5_wait_disconnect;
  526. }
  527.  
  528. if (state == p5_wait_disconnect && last_port_conn_clear == 5)
  529. {
  530. state = p5_disconnected;
  531. expire = 20;
  532. }
  533.  
  534. // disconnect 4
  535. if (state == p5_disconnected && expire == 0)
  536. {
  537. PsGroove_Switch_Port(0);
  538. PsGroove_Disconnect_Port(4);
  539. state = p4_wait_disconnect;
  540. }
  541.  
  542. if (state == p4_wait_disconnect && last_port_conn_clear == 4)
  543. {
  544. state = p4_disconnected;
  545. expire = 20;
  546. }
  547.  
  548. // disconnect 1
  549. if (state == p4_disconnected && expire == 0)
  550. {
  551. PsGroove_Switch_Port(0);
  552. PsGroove_Disconnect_Port(1);
  553. state = p1_wait_disconnect;
  554. }
  555.  
  556. if (state == p1_wait_disconnect && last_port_conn_clear == 1)
  557. {
  558. state = p1_disconnected;
  559. expire = 20;
  560. }
  561.  
  562. // connect 6
  563. if (state == p1_disconnected && expire == 0)
  564. {
  565. PsGroove_Switch_Port(0);
  566. PsGroove_Connect_Port(6);
  567. state = p6_wait_reset;
  568. }
  569.  
  570. if (state == p6_wait_reset && last_port_reset_clear == 6)
  571. {
  572. PsGroove_Switch_Port(6);
  573. state = p6_wait_enumerate;
  574. }
  575.  
  576. // done
  577. if (state == done)
  578. {
  579. //TODO: Great!
  580. }
  581. }
  582. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!