API tools faq
paste
Al-Azif

Untitled

Al-Azif
Sep 29th, 2020 (edited)
1,311
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 3.80 KB | None | 0 0
raw download clone embed print report
  1. // kdslym_addr_aslr_patch
  2. // 4.05: 0x002862D6
  3. // 4.55: 0x001BA559
  4. // 4.74: 0x001BC769
  5. // 5.01: 0x00194765
  6. // 5.03: 0x00194875
  7. // 5.05: 0x00194875
  8. // 5.55: 0x0007A123
  9. // 6.20: 0x0021D745
  10. // 6.72: 0x003CEC8A
  11. // 7.02: 0x000C1F9A
  12.  
  13. bool Utilities::EnableAslr()
  14. {
  15.     if (*(uint16_t *)kdlsym(aslr_patch) != 0x9090 && *(uint8_t *)kdlsym(aslr_patch) != 0xEB)
  16.     {
  17.         WriteLog(LL_Warn, "ASLR already enabled");
  18.         return true;
  19.     }
  20.  
  21.     if ((*(uint16_t *)kdlsym(aslr_patch) == 0x9090 || *(uint8_t *)kdlsym(aslr_patch) == 0xEB) && g_origAslrBytes != 0xFFFF)
  22.     {
  23.         if (!gKernelBase)
  24.         {
  25.             WriteLog(LL_Error, "unable to find kernel base");
  26.             return false;
  27.         }
  28.  
  29.         uint8_t *kmem;
  30.  
  31.         kmem = (uint8_t *)&gKernelBase[kdlsym_addr_aslr_patch];
  32.         kmem[0] = ((uint8_t *)(&g_origAslrBytes))[0]; // Will these be swapped?
  33.         kmem[1] = ((uint8_t *)(&g_origAslrBytes))[1]; // Will these be swapped?
  34.  
  35.         WriteLog(LL_Info, "ASLR Enabled");
  36.         return true;
  37.     }
  38.  
  39.     WriteLog(LL_Error, "unable to enable ASLR");
  40.     return false;
  41. }
  42.  
  43. bool Utilities::DisableAslr()
  44. {
  45.     if (g_origAslrBytes == 0xFFFF)
  46.         g_origAslrBytes = *(uint16_t *)kdlsym(aslr_patch);
  47.  
  48.     if (*(uint16_t *)kdlsym(aslr_patch) != 0x9090 && *(uint8_t *)kdlsym(aslr_patch) != 0xEB)
  49.     {
  50.         if (!gKernelBase)
  51.         {
  52.             WriteLog(LL_Error, "unable to find kernel base");
  53.             return false;
  54.         }
  55.  
  56.         uint8_t *kmem;
  57.  
  58.         kmem = (uint8_t *)&gKernelBase[kdlsym_addr_aslr_patch];
  59.  
  60. #if MIRA_PLATFORM < MIRA_PLATFORM_ORBIS_BSD_600
  61.         kmem[0] = 0x90;
  62.         kmem[1] = 0x90;
  63. #else
  64.         kmem[0] = 0xEB;
  65. #endif
  66.  
  67.         WriteLog(LL_Info, "ASLR Disabled");
  68.         return true;
  69.     }
  70.  
  71.     WriteLog(LL_Error, "unable to disable ASLR");
  72.     return false;
  73. }
  74.  
  75. bool Utilities::ActivateWebBrowser()
  76. {
  77.     auto sceRegMgrGetInt = (uint32_t(*)(uint32_t p_Id, int32_t* p_OutValue))kdlsym(sceRegMgrGetInt);
  78.     auto sceRegMgrSetInt = (uint32_t(*)(uint32_t p_Id, int32_t p_Value))kdlsym(sceRegMgrSetInt);
  79.  
  80.     int32_t rtv;
  81.  
  82.     auto s_Ret = sceRegMgrGetInt(0x3C040000, &rtv);
  83.  
  84.     if (s_Ret != 0)
  85.     {
  86.         WriteLog(LL_Error, "could not get web browser activation status");
  87.         return false;
  88.     } else if (rtv == 0) {
  89.         WriteLog(LL_Info, "web browser already activated");
  90.         return true;
  91.     }
  92.  
  93.     WriteLog(LL_Warn, "activating web browser");
  94.  
  95.     s_Ret = sceRegMgrSetInt(0x3C040000, 0);
  96.  
  97.     if (s_Ret != 0)
  98.     {
  99.         WriteLog(LL_Error, "could not activate web browser");
  100.         return false;
  101.     }
  102.  
  103.     WriteLog(LL_Info, "activated web browser");
  104.     return true;
  105. }
  106.  
  107. void Utilities::SetTargetId(char targetId_input)
  108. {
  109.     if (g_origTargetId == (char)0xFF)
  110.         g_origTargetId = *(char *)kdlsym(target_id);
  111.  
  112.     if (g_origTargetId == targetId_input)
  113.     {
  114.         WriteLog(LL_Error, "Target ID is already %02hhX", targetId_input);
  115.         return;
  116.     }
  117.  
  118.     WriteLog(LL_Warn, "spoofing target ID to %02hhX", targetId_input);
  119.  
  120.     if (!gKernelBase)
  121.     {
  122.         WriteLog(LL_Error, "unable to find kernel base");
  123.         return;
  124.     }
  125.  
  126.     uint8_t *kmem;
  127.  
  128.     kmem = (uint8_t *)&gKernelBase[kdlsym_addr_target_id];
  129.     kmem[0] = targetId_input;
  130.  
  131.     WriteLog(LL_Info, "target ID spoofed to %02hhX", targetId_input);
  132. }
  133.  
  134. bool Utilities::SetFanThreshhold(int fanController_input)
  135. {
  136.     if (fanController_input < 59 || fanController_input > 79)
  137.     {
  138.         WriteLog(LL_Error, "Unsafe fan controller setting: %i°C", fanController_input);
  139.         return false;
  140.     }
  141.  
  142.     auto s_Thread = curthread;
  143.     if (s_Thread == nullptr)
  144.     {
  145.         WriteLog(LL_Error, "could not get current thread.");
  146.         return false;
  147.     }
  148.  
  149.     int fd = kopen_t("/dev/icc_fan", 0x0000, 0, s_Thread); // O_RDONLY
  150.     if (fd <= 0)
  151.     {
  152.         WriteLog(LL_Info, "unable to open \"/dev/icc_fan\"");
  153.         return false;
  154.     }
  155.  
  156.     char data[10] = {0x00, 0x00, 0x00, 0x00, 0x00, (char)fanController_input, 0x00, 0x00, 0x00, 0x00};
  157.     kioctl_t(fd, 0xC01C8F07, data, s_Thread);
  158.     kclose_t(fd, s_Thread);
  159.  
  160.     WriteLog(LL_Info, "Successfully set fan controller to %i°C", fanController_input);
  161.     return true;
  162. }
  163.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!