Publicidad

Anuncios Google

Code multiman cfw 4.21 CEX :

 

=================================================================================================================
    LV2: Original 3.55 syscall36 code parts loaded at 0x2E8670 and 0x2D1060 and modified for 4.21CEX CFW as follows:
    ==================================================================================================================

    002E8670 25 73 25 30 31 36 6C 78 25 30 31 36 6C 78 25 30 %s%016lx%016lx%0
    002E8680 31 36 6C 78 25 30 31 36 6C 78 25 30 31 36 6C 78 16lx%016lx%016lx
    002E8690 25 64 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 %d..............

    002E86A0 F8 21 FF 61 7C 08 02 A6 FB 81 00 80 FB A1 00 88 °!*a|..?vA.Ava.E
    002E86B0 FB E1 00 98 FB 41 00 70 FB 61 00 78 F8 01 00 B0 vn.OvA.pva.x°..-
    002E86C0 7C 9C 23 78 7C 7D 1B 78 3B E0 00 01 7B FF F8 06 |U#x|}.x;?..{*°.
    002E86D0 67 E4 00 2E 60 84 87 14 38 A0 00 07 4B D6 60 2D go..`AC.8a..Ka`-
    002E86E0 28 23 00 00 40 82 00 4C 67 FF 00 2D 63 FF 11 1C (# [dot] [dot] atA [dot] Lg*.-c*..
    002E86F0 E8 7F 00 00 28 23 00 00 41 82 00 14 E8 7F 00 08 o..(#..AA..o..
    002E8700 38 9D 00 09 4B D6 5F B1 EB BF 00 00 7F A3 EB 78 8Y..Ka_-u¬..aux
    002E8710 4B FD 9E 70 2F 64 65 76 5F 62 64 76 64 00 2F 61 K¤?p/dev_bdvd./a
    002E8720 70 70 5F 68 6F 6D 65 00 00 00 00 00 00 00 00 00 pp_home.........
    002E8730 7F A3 EB 78 3B E0 00 01 7B FF F8 06 67 E4 00 2E aux;?..{*°.go..
    002E8740 60 84 87 1E 38 A0 00 02 4B D6 5F C1 28 23 00 00 `AC.8a..Ka_+(#..
    002E8750 40 82 00 28 67 FF 00 2D 63 FF 11 1C E8 7F 00 00 @A.(g*.-c*..o..
    002E8760 28 23 00 00 41 82 00 14 E8 7F 00 08 38 9D 00 09 (#..AA..o..8Y..
    002E8770 4B D6 5F 45 EB BF 00 00 7F A3 EB 78 4B FD 9E 04 Ka_Eu¬..auxK¤?.

    002D1060 25 64 25 73 25 30 31 36 6C 78 25 30 31 36 6C 6C %d%s%016lx%016ll
    002D1070 78 25 30 31 36 6C 6C 78 25 73 25 73 25 30 38 78 x%016llx%s%s%08x
    002D1080 25 64 25 31 64 25 31 64 25 31 64 41 41 41 0A 00 %d%1d%1d%1dAAA..

    002D1090 F8 21 FF 31 7C 08 02 A6 F8 01 00 E0 FB E1 00 C8 °!*1|..?°..?vn.L
    002D10A0 38 81 00 70 4B EE 08 E5 3B E0 00 01 7B FF F8 06 8A.pK?.o;?..{*°.
    002D10B0 67 FF 00 2D 63 FF 11 1C E8 7F 00 00 2C 23 00 00 g*.-c*..o..,#..
    002D10C0 41 82 00 0C 38 80 00 27 4B D9 32 4D 38 80 00 27 AA..8A.'K-2M8A.'
    002D10D0 38 60 08 00 4B D9 2E 05 F8 7F 00 00 E8 81 00 70 8`..K-..°..oA.p
    002D10E0 4B D7 D5 D5 E8 61 00 70 38 80 00 27 4B D9 32 29 K+--oa.p8A.'K-2)
    002D10F0 E8 7F 00 00 4B D7 D5 E9 E8 9F 00 00 7C 64 1A 14 o..K+-uo?..|d..
    002D1100 F8 7F 00 08 38 60 00 00 EB E1 00 C8 E8 01 00 E0 °..8`..un.Lo..?
    002D1110 38 21 00 D0 7C 08 03 A6 4E 80 00 20 80 00 00 00 8!.¦|..?NA. A...
    002D1120 00 59 18 00 80 00 00 00 00 59 18 09 00 00 00 00 .Y..A....Y......
    002D1130 80 00 00 00 00 2D 10 90

    Lv2Syscall2(7, 0x80000000002E86D0ULL, 0x67E4002E60848714ULL ); // 2E86D0 oris r4, r31, 0x2E // 67 E4 00 2E 60 84 87 14 // (/dev_bdvd) // 2E86D4 ori r4, r4, 0x8714
    Lv2Syscall2(7, 0x80000000002E86DCULL, 0x4BD6602D28230000ULL ); // 2E86DC bl strncmp_sub_4E708 // 4B D6 60 2D 28 23 00 00
    Lv2Syscall2(7, 0x80000000002E86E8ULL, 0x67FF002D63FF111CULL ); // 2E86E8 oris r31, r31, 0x2D // 67 FF 00 2D 63 FF 11 1C // 2E86EC ori r31, r31, 0x111C
    Lv2Syscall2(7, 0x80000000002E8704ULL, 0x4BD65FB1EBBF0000ULL ); // 2E8704 bl strcpy_sub_4E6B4 // 4B D6 5F B1 EB BF 00 00
    Lv2Syscall2(7, 0x80000000002E8710ULL, 0x4BFD9E702F646576ULL ); // 2E8710 b loc_2C2580 // 4B FD 9E 70 2F 64 65 76 // hook_return
    Lv2Syscall2(7, 0x80000000002E873CULL, 0x67E4002E6084871EULL ); // 2E873C oris r4, r31, 0x2E // 67 E4 00 2E 60 84 87 1E // (/app_home) // 2E8740 ori r4, r4, 0x871E
    Lv2Syscall2(7, 0x80000000002E8748ULL, 0x4BD65FC128230000ULL ); // 2E8748 bl strncmp_sub_4E708 // 4B D6 5F C1 28 23 00 00
    Lv2Syscall2(7, 0x80000000002E8754ULL, 0x67FF002D63FF111CULL ); // 2E8754 oris r31, r31, 0x2D // 67 FF 00 2D 63 FF 11 1C // 2E8758 ori r31, r31, 0x111C
    Lv2Syscall2(7, 0x80000000002E8770ULL, 0x4BD65F45EBBF0000ULL ); // 2E8770 bl strcpy_sub_4E6B4 // 4B D6 5F 45 EB BF 00 00
    Lv2Syscall2(7, 0x80000000002E877CULL, 0x4BFD9E047461636BULL ); // 2E877C b loc_2C2580 // 4B FD 9E 04 74 61 63 6B // hook_return

    Lv2Syscall2(7, 0x80000000002D10A4ULL, 0x4BEE08E53BE00001ULL ); // 2D10A4 bl pathdup_from_user_1B1988 // 4B EE 08 E5 3B E0 00 01
    Lv2Syscall2(7, 0x80000000002D10B0ULL, 0x67FF002D63FF111CULL ); // 2D10B0 oris r31, r31, 0x2D // 67 FF 00 2D 63 FF 11 1C // 2D10B4 ori r31, r31, 0x111C
    Lv2Syscall2(7, 0x80000000002D10C8ULL, 0x4BD9324D38800027ULL ); // 2D10C8 bl free_sub_64314 // 4B D9 32 4D 38 80 00 27
    Lv2Syscall2(7, 0x80000000002D10D4ULL, 0x4BD92E05F87F0000ULL ); // 2D10D4 bl alloc_sub_63ED8 // 4B D9 2E 05 F8 7F 00 00
    Lv2Syscall2(7, 0x80000000002D10E0ULL, 0x4BD7D5D5E8610070ULL ); // 2D10E0 bl strcpy_sub_4E6B4 // 4B D7 D5 D5 E8 61 00 70

    Lv2Syscall2(7, 0x80000000002D10ECULL, 0x4BD93229E87F0000ULL ); // 2D10EC bl free_sub_64314 // 4B D9 32 29 E8 7F 00 00
    Lv2Syscall2(7, 0x80000000002D10F4ULL, 0x4BD7D5E9E89F0000ULL ); // 2D10F4 bl strlen_sub_4E6DC // 4B D7 D5 E9 E8 9F 00 00
    Lv2Syscall2(7, 0x80000000002D1130ULL, 0x80000000002D1090ULL ); // 2D1130 .long syscall_lv2_syscall_36 // 80 00 00 00 00 2D 10 90 // sc36 vector

    Lv2Syscall2(7, 0x80000000002C2558ULL, 0x480261487C0802A6ULL ); // 2C2558 b sub_2E86A0 // hook open
    Lv2Syscall2(7, 0x800000000035BDC8ULL, 0x80000000002D1130ULL ); // enable syscall36

    2E8714 aDev_bdvd: .string "/dev_bdvd"
    2E871E aApp_home: .string "/app_home"

    2D111C free/alloc address pointer -> (set by functions)
    2D1130 syscall36 address pointer -> 0x80000000002D1090

    ==================================================================================================================

    LV2: Additional patches for PARAM.SFO and access permissions

    Lv2Syscall2(7, 0x8000000000057020ULL, 0x63FF003D60000000ULL ); // fix 8001003D error
    Lv2Syscall2(7, 0x80000000000570E4ULL, 0x3FE080013BE00000ULL ); // fix 8001003E error

    Lv2Syscall2(7, 0x8000000000057090ULL, 0x419E00D860000000ULL );
    Lv2Syscall2(7, 0x8000000000057098ULL, 0x2F84000448000098ULL );

    Lv2Syscall2(7, 0x800000000005AA54ULL, 0x2F83000060000000ULL );
    Lv2Syscall2(7, 0x800000000005AA68ULL, 0x2F83000060000000ULL );

    ==================================================================================================================

    LV1: Remove LV2 memory protection (syscall8/9=lv1 peek/poke) HV_START_OFFSET_421 = 0x370A28

    Lv2Syscall2(9, HV_START_OFFSET_421 + 0, 0x0000000000000001ULL);
    Lv2Syscall2(9, HV_START_OFFSET_421 + 8, 0xe0d251b556c59f05ULL);
    Lv2Syscall2(9, HV_START_OFFSET_421 + 16, 0xc232fcad552c80d7ULL);
    Lv2Syscall2(9, HV_START_OFFSET_421 + 24, 0x65140cd200000000ULL);

    ==================================================================================================================

    LV1: Storage Manger Access Rights (enable)

    Lv2Syscall2(9, 0x16f758, 0x7f83e37860000000ULL);
    Lv2Syscall2(9, 0x16f77c, 0x7f85e37838600001ULL);
    Lv2Syscall2(9, 0x16f7f4, 0x7f84e3783be00001ULL);
    Lv2Syscall2(9, 0x16f7fc, 0x9be1007038600000ULL);

    LV2: Enable SM syscalls from GameOS

    Lv2Syscall2(7, 0x80000000002E7920ULL, (uint64_t) 0x40 << 56);

    ==================================================================================================================

    LV1: Storage Manger Access Rights (restore)

    Lv2Syscall2(9, 0x16f758, 0x7f83e378f8010098ULL);
    Lv2Syscall2(9, 0x16f77c, 0x7f85e3784bfff0e5ULL);
    Lv2Syscall2(9, 0x16f7f4, 0x7f84e37838a10070ULL);
    Lv2Syscall2(9, 0x16f7fc, 0x9be1007048006065ULL);

    LV2: Disable SM syscalls from GameOS (restore)

    Lv2Syscall2(7, 0x80000000002E7920ULL, (uint64_t) 0x20 << 56);

    ==================================================================================================================

    LV2: sys_get_system_parameter (syscall 867) patch for BD-Movie region change (target_id=0x01 .. 0x0D)

    Lv2Syscall2(7, 0x80000000002E8780ULL, 0xF821FF517C0802A6ULL );
    Lv2Syscall2(7, 0x80000000002E8788ULL, 0xFBC100A0FBE100A8ULL );
    Lv2Syscall2(7, 0x80000000002E8790ULL, 0xFBA10098F80100C0ULL );
    Lv2Syscall2(7, 0x80000000002E8798ULL, 0x3FE0000163FF9004ULL );
    Lv2Syscall2(7, 0x80000000002E87A0ULL, 0x7C1F18004082003CULL );

    Lv2Syscall2(7, 0x80000000002E87A8ULL, (0x3BC000003BA00001ULL | ((target_id+0x82)<<32) ) ); // Change TargetID 0x84=US / 0x85=EU / 0x8C=RUS

    Lv2Syscall2(7, 0x80000000002E87B0ULL, 0x9BA400019BC40003ULL );
    Lv2Syscall2(7, 0x80000000002E87B8ULL, 0x9BA400059BA40007ULL );
    Lv2Syscall2(7, 0x80000000002E87C0ULL, 0x38600000E80100C0ULL );
    Lv2Syscall2(7, 0x80000000002E87C8ULL, 0xEBA10098EBE100A8ULL );
    Lv2Syscall2(7, 0x80000000002E87D0ULL, 0xEBC100A07C0803A6ULL );
    Lv2Syscall2(7, 0x80000000002E87D8ULL, 0x382100B04E800020ULL );
    Lv2Syscall2(7, 0x80000000002E87E0ULL, 0x4BF70560CAFEBABEULL ); // b loc_258D40 to original sc867 and get a coffee baby!

    Lv2Syscall2(7, 0x8000000000334068ULL, 0x80000000002E8780ULL ); // hook syscall 867

    002E8780 F8 21 FF 51 7C 08 02 A6 FB C1 00 A0 FB E1 00 A8 °!*Q|..?v+.avn.e
    002E8790 FB A1 00 98 F8 01 00 C0 3F E0 00 01 63 FF 90 04 va.O°..L??..c*?.
    002E87A0 7C 1F 18 00 40 82 00 3C 3B C0 00 00 3B A0 00 01 |...@A.<;L..;a..
    002E87B0 9B A4 00 01 9B C4 00 03 9B A4 00 05 9B A4 00 07 Ua..U-..Ua..Ua..
    002E87C0 38 60 00 00 E8 01 00 C0 EB A1 00 98 EB E1 00 A8 8`..o..Lua.Oun.e
    002E87D0 EB C1 00 A0 7C 08 03 A6 38 21 00 B0 4E 80 00 20 u+.a|..?8!.-NA.
    002E87E0 4B F7 05 60

    ROM:002E8780 # ---------------------------------------------------------------------------
    ROM:002E8780 stdu r1, -0xB0(r1)
    ROM:002E8784 mflr r0
    ROM:002E8788 std r30, 0xA0(r1)
    ROM:002E878C std r31, 0xA8(r1)
    ROM:002E8790 std r29, 0x98(r1)
    ROM:002E8794 std r0, 0xC0(r1)
    ROM:002E8798 lis r31, locret_19004@h
    ROM:002E879C ori r31, r31, locret_19004@l
    ROM:002E87A0 cmpw r31, r3
    ROM:002E87A4 bne loc_2E87E0
    ROM:002E87A8 li r30, 0 # TargetID
    ROM:002E87AC li r29, 1
    ROM:002E87B0 stb r29, 1(r4)
    ROM:002E87B4 stb r30, 3(r4)
    ROM:002E87B8 stb r29, 5(r4)
    ROM:002E87BC stb r29, 7(r4)
    ROM:002E87C0 li r3, 0
    ROM:002E87C4 ld r0, 0xC0(r1)
    ROM:002E87C8
    ROM:002E87C8 loc_2E87C8: # DATA XREF: ROM:003476A8o
    ROM:002E87C8 ld r29, 0x98(r1)
    ROM:002E87CC ld r31, 0xA8(r1)
    ROM:002E87D0 ld r30, 0xA0(r1)
    ROM:002E87D4 mtlr r0
    ROM:002E87D8 addi r1, r1, 0xB0
    ROM:002E87DC blr
    ROM:002E87E0 # ---------------------------------------------------------------------------
    ROM:002E87E0
    ROM:002E87E0 loc_2E87E0: # CODE XREF: ROM:002E87A4j
    ROM:002E87E0 b loc_258D40
    ROM:002E87E0 # ---------------------------------------------------------------------------

    ==================================================================================================================

    LV2: sys_get_system_parameter (syscall 867) patch for BD-Movie region (restore)

    Lv2Syscall2(7, 0x8000000000334068ULL, 0x8000000000258D28ULL ); // restore original syscall 867 (4.21CFW)

    ==================================================================================================================

    LV2: Device mount table (for BD-Mirror USB)

    dev_table=peekq(0x80000000002F4D80ULL); // actual 0x8000000000458020ULL

    ==================================================================================================================

    DEV_FLASH: libfs.sprx changes for CellFsAioInit/Finish (for BD-Mirror HDD)

    0xD66C in IDA | 0xD75C in HEX (libfs.prx) (4.21)
    ==================================================
    7C 1E EA 14 78 09 00 20 88 09 00 06 7C 00 07 74
    2F 80 00 6D 41 9E 00 18 2F 80 00 76 41 9E 00 10
    2F 80 00 62 41 9E 00 2C 48 00 00 48 38 00 00 68
    98 09 00 04 38 00 00 64 98 09 00 05 98 09 00 06
    38 00 00 30 98 09 00 07 38 00 00 00 98 09 00 08
    38 00 00 00 98 09 00 0A 60 00 00 00 39 20 00 00
    4B FF FF 18 38 60 00 00 7C 63 07 B4 4E 80 00 20
    2F 80 00 00 41 9E FF E8 2F 80 00 2F 40 9E 00 10
    38 00 00 00 98 09 00 06 4B FF FF D4 88 09 00 08
    7C 00 07 74 2F 80 00 2F 41 9E FF B0 2F 80 00 00
    41 9E FF BC 38 00 00 00 98 09 00 09 4B FF FF A4
    60 00 00 00
    ==================================================

    LOAD:000000000000D66C add r0, r30, r29
    LOAD:000000000000D670 clrldi r9, r0, 32
    LOAD:000000000000D674 lbz r0, 6(r9)
    LOAD:000000000000D678 extsb r0, r0
    LOAD:000000000000D67C cmpwi cr7, r0, 0x6D
    LOAD:000000000000D680 beq cr7, loc_D698
    LOAD:000000000000D684 cmpwi cr7, r0, 0x76
    LOAD:000000000000D688 beq cr7, loc_D698
    LOAD:000000000000D68C cmpwi cr7, r0, 0x62
    LOAD:000000000000D690 beq cr7, loc_D6BC
    LOAD:000000000000D694 b loc_D6DC
    LOAD:000000000000D698 # ---------------------------------------------------------------------------
    LOAD:000000000000D698
    LOAD:000000000000D698 loc_D698: # CODE XREF: sub_D5B4+CCj
    LOAD:000000000000D698 # sub_D5B4+D4j
    LOAD:000000000000D698 li r0, 0x68 # 'h'
    LOAD:000000000000D69C stb r0, 4(r9)
    LOAD:000000000000D6A0 li r0, 0x64 # 'd'
    LOAD:000000000000D6A4 stb r0, 5(r9)
    LOAD:000000000000D6A8 stb r0, 6(r9)
    LOAD:000000000000D6AC li r0, 0x30 # '0'
    LOAD:000000000000D6B0 stb r0, 7(r9)
    LOAD:000000000000D6B4
    LOAD:000000000000D6B4 loc_D6B4: # CODE XREF: sub_D5B4+150j
    LOAD:000000000000D6B4 li r0, 0
    LOAD:000000000000D6B8 stb r0, 8(r9)
    LOAD:000000000000D6BC
    LOAD:000000000000D6BC loc_D6BC: # CODE XREF: sub_D5B4+DCj
    LOAD:000000000000D6BC # sub_D5B4+164j
    LOAD:000000000000D6BC li r0, 0
    LOAD:000000000000D6C0 stb r0, 0xA(r9)
    LOAD:000000000000D6C4 nop
    LOAD:000000000000D6C8
    LOAD:000000000000D6C8 loc_D6C8: # CODE XREF: sub_D5B4+12Cj
    LOAD:000000000000D6C8 # sub_D5B4+140j ...
    LOAD:000000000000D6C8 li r9, 0
    LOAD:000000000000D6CC b loc_D5E4
    LOAD:000000000000D6CC # End of function sub_D5B4
    LOAD:000000000000D6CC
    LOAD:000000000000D6D0
    LOAD:000000000000D6D0 # =============== S U B R O U T I N E =======================================
    LOAD:000000000000D6D0
    LOAD:000000000000D6D0
    LOAD:000000000000D6D0 _Export_sys_fs_cellFsAioFinish: # DATA XREF: LOAD:_Export_sys_fs_cellFsAioFinish_opdo
    LOAD:000000000000D6D0 li r3, 0
    LOAD:000000000000D6D4 extsw r3, r3
    LOAD:000000000000D6D8 blr
    LOAD:000000000000D6D8 # End of function _Export_sys_fs_cellFsAioFinish
    LOAD:000000000000D6D8
    LOAD:000000000000D6DC # ---------------------------------------------------------------------------
    LOAD:000000000000D6DC # START OF FUNCTION CHUNK FOR sub_D5B4
    LOAD:000000000000D6DC
    LOAD:000000000000D6DC loc_D6DC: # CODE XREF: sub_D5B4+E0j
    LOAD:000000000000D6DC cmpwi cr7, r0, 0
    LOAD:000000000000D6E0 beq cr7, loc_D6C8
    LOAD:000000000000D6E4 cmpwi cr7, r0, 0x2F
    LOAD:000000000000D6E8 bne cr7, loc_D6F8
    LOAD:000000000000D6EC li r0, 0
    LOAD:000000000000D6F0 stb r0, 6(r9)
    LOAD:000000000000D6F4 b loc_D6C8
    LOAD:000000000000D6F8 # ---------------------------------------------------------------------------
    LOAD:000000000000D6F8
    LOAD:000000000000D6F8 loc_D6F8: # CODE XREF: sub_D5B4+134j
    LOAD:000000000000D6F8 lbz r0, 8(r9)
    LOAD:000000000000D6FC extsb r0, r0
    LOAD:000000000000D700 cmpwi cr7, r0, 0x2F
    LOAD:000000000000D704 beq cr7, loc_D6B4
    LOAD:000000000000D708 cmpwi cr7, r0, 0
    LOAD:000000000000D70C beq cr7, loc_D6C8
    LOAD:000000000000D710 li r0, 0
    LOAD:000000000000D714 stb r0, 9(r9)
    LOAD:000000000000D718 b loc_D6BC
    LOAD:000000000000D718 # END OF FUNCTION CHUNK FOR sub_D5B4
    LOAD:000000000000D71C # ---------------------------------------------------------------------------
    LOAD:000000000000D71C nop
    LOAD:000000000000D720

    ==================================================================================================================

    LV2: 4.21CFW PEEK/POKE LV2 and PEEK/POKE LV1 (syscalls 6, 7, 8 and 9 + 10)

    800000000035BCD8 -> 8000000000001778 -> 800000000000170C syscall6 peeklv2
    800000000035BCE0 -> 8000000000001780 -> 8000000000001714 syscall7 pokelv2
    800000000035BCE8 -> 8000000000001788 -> 800000000000171C syscall8 peeklv1
    800000000035BCF0 -> 8000000000001790 -> 800000000000173C syscall9 pokelv1
    800000000035BCF8 -> 8000000000001798 -> 800000000000175C syscall10 hvfunc=%r10

    0000170C E8 63 00 00 4E 80 00 20 F8 83 00 00 4E 80 00 20 oc..NA. °A..NA.
    0000171C 7C 08 02 A6 F8 01 00 10 39 60 00 B6 44 00 00 22 |..?°...9`.¦D.."
    0000172C 7C 83 23 78 E8 01 00 10 7C 08 03 A6 4E 80 00 20 |A#xo...|..?NA.
    0000173C 7C 08 02 A6 F8 01 00 10 39 60 00 B7 44 00 00 22 |..?°...9`.¬D.."
    0000174C 38 60 00 00 E8 01 00 10 7C 08 03 A6 4E 80 00 20 8`..o...|..?NA.
    0000175C 7C 08 02 A6 F8 01 00 10 7D 4B 53 78 44 00 00 22 |..?°...}KSxD.."
    0000176C E8 01 00 10 7C 08 03 A6 4E 80 00 20 80 00 00 00 o...|..?NA. A...
    0000177C 00 00 17 0C 80 00 00 00 00 00 17 14 80 00 00 00 ....A.......A...
    0000178C 00 00 17 1C 80 00 00 00 00 00 17 3C 80 00 00 00 ....A......<A...
    0000179C 00 00 17 5C

    ROM:0000170C # =============== S U B R O U T I N E =======================================
    ROM:0000170C
    ROM:0000170C
    ROM:0000170C syscall_groove_peek: # DATA XREF: ROM:0000177Co
    ROM:0000170C ld r3, 0(r3)
    ROM:00001710 blr
    ROM:00001710 # End of function syscall_groove_peek
    ROM:00001710
    ROM:00001714 # .rename syscall_groove_poke, "syscall_groove poke"
    ROM:00001714
    ROM:00001714 # =============== S U B R O U T I N E =======================================
    ROM:00001714
    ROM:00001714
    ROM:00001714 syscall_groove_poke: # DATA XREF: ROM:00001784o
    ROM:00001714 std r4, 0(r3)
    ROM:00001718 blr
    ROM:00001718 # End of function syscall_groove_poke
    ROM:00001718
    ROM:0000171C # .rename syscall_graf_peek, "syscall_graf peek"
    ROM:0000171C
    ROM:0000171C # =============== S U B R O U T I N E =======================================
    ROM:0000171C
    ROM:0000171C
    ROM:0000171C syscall_graf_peek: # DATA XREF: ROM:0000178Co
    ROM:0000171C
    ROM:0000171C .set arg_10, 0x10
    ROM:0000171C
    ROM:0000171C mflr r0
    ROM:00001720 std r0, arg_10(r1)
    ROM:00001724 li r11, 0xB6 # '¦'
    ROM:00001728 hvsc # hvsc(182): lv1_undocumented_function_182
    ROM:0000172C mr r3, r4
    ROM:00001730 ld r0, arg_10(r1)
    ROM:00001734 mtlr r0
    ROM:00001738 blr
    ROM:00001738 # End of function syscall_graf_peek
    ROM:00001738
    ROM:0000173C # .rename syscall_graf_poke, "syscall_graf poke"
    ROM:0000173C
    ROM:0000173C # =============== S U B R O U T I N E =======================================
    ROM:0000173C
    ROM:0000173C
    ROM:0000173C syscall_graf_poke: # DATA XREF: ROM:00001794o
    ROM:0000173C
    ROM:0000173C .set arg_10, 0x10
    ROM:0000173C
    ROM:0000173C mflr r0
    ROM:00001740 std r0, arg_10(r1)
    ROM:00001744 li r11, 0xB7 # '¬'
    ROM:00001748 hvsc # hvsc(183): lv1_undocumented_function_183
    ROM:0000174C li r3, 0
    ROM:00001750 ld r0, arg_10(r1)
    ROM:00001754 mtlr r0
    ROM:00001758 blr
    ROM:00001758 # End of function syscall_graf_poke
    ROM:00001758
    ROM:0000175C # .rename syscall_lv2_syscall_10, "syscall_lv2 syscall 10"
    ROM:0000175C
    ROM:0000175C # =============== S U B R O U T I N E =======================================
    ROM:0000175C
    ROM:0000175C
    ROM:0000175C syscall_lv2_syscall_10: # DATA XREF: ROM:0000179Co
    ROM:0000175C
    ROM:0000175C .set arg_10, 0x10
    ROM:0000175C
    ROM:0000175C mflr r0
    ROM:00001760 std r0, arg_10(r1)
    ROM:00001764 mr r11, r10
    ROM:00001768 hvsc # hvsc(183): lv1_undocumented_function_183
    ROM:0000176C ld r0, arg_10(r1)
    ROM:00001770 mtlr r0
    ROM:00001774 blr
    ROM:00001774 # End of function syscall_lv2_syscall_10
    ROM:00001774
    ROM:00001774 # ---------------------------------------------------------------------------
    ROM:00001778 # .rename syscall_groove_peek_desc, "syscall_groove peek_desc"
    ROM:00001778 syscall_groove_peek_desc:.long 0x80000000 # DATA XREF: ROM:0035BCDCo
    ROM:0000177C .long syscall_groove_peek
    ROM:00001780 # .rename syscall_groove_poke_desc, "syscall_groove poke_desc"
    ROM:00001780 syscall_groove_poke_desc:.long 0x80000000 # DATA XREF: ROM:0035BCE4o
    ROM:00001784 .long syscall_groove_poke
    ROM:00001788 # .rename syscall_graf_peek_desc, "syscall_graf peek_desc"
    ROM:00001788 syscall_graf_peek_desc:.long 0x80000000 # DATA XREF: ROM:0035BCECo
    ROM:0000178C .long syscall_graf_peek
    ROM:00001790 # .rename syscall_graf_poke_desc, "syscall_graf poke_desc"
    ROM:00001790 syscall_graf_poke_desc:.long 0x80000000 # DATA XREF: ROM:0035BCF4o
    ROM:00001794 .long syscall_graf_poke
    ROM:00001798 # .rename syscall_lv2_syscall_10_desc, "syscall_lv2 syscall 10_desc"
    ROM:00001798 syscall_lv2_syscall_10_desc:.long 0x80000000 # DATA XREF: ROM:0035BCFCo
    ROM:0000179C .long syscall_lv2_syscall_10

    0035BCD8 80 00 00 00 00 00 17 78 80 00 00 00 00 00 17 80 A......xA......A
    0035BCE8 80 00 00 00 00 00 17 88 80 00 00 00 00 00 17 90 A......EA......?
    0035BCF8 80 00 00 00 00 00 17 98

    ROM:0035BCD8 # ---------------------------------------------------------------------------
    ROM:0035BCD8 .long 0x80000000
    ROM:0035BCDC .long syscall_groove_peek_desc # Syscall 6
    ROM:0035BCE0 .long 0x80000000
    ROM:0035BCE4 .long syscall_groove_poke_desc # Syscall 7
    ROM:0035BCE8 .long 0x80000000
    ROM:0035BCEC .long syscall_graf_peek_desc # Syscall 8
    ROM:0035BCF0 .long 0x80000000
    ROM:0035BCF4 .long syscall_graf_poke_desc # Syscall 9
    ROM:0035BCF8 .long 0x80000000
    ROM:0035BCFC .long syscall_lv2_syscall_10_desc # Syscall 10

    ==================================================================================================================



Code multiman cfw 4.21 DEX :

    ==================================================================================================================
    LV2: Original 3.55 syscall36 code parts loaded at 0x302DE8 and 0x2EB7E0 and modified for 4.21DEX CFW as follows:
    ==================================================================================================================

    00302DE8 25 73 25 30 31 36 6C 78 25 30 31 36 6C 78 25 30 %s%016lx%016lx%0
    00302DF8 31 36 6C 78 25 30 31 36 6C 78 25 30 31 36 6C 78 16lx%016lx%016lx
    00302E08 25 64 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 %d..............

    00302E18 F8 21 FF 61 7C 08 02 A6 FB 81 00 80 FB A1 00 88 °!*a|..ævÁ.Àvá.È
    00302E28 FB E1 00 98 FB 41 00 70 FB 61 00 78 F8 01 00 B0 vñ.ØvA.pva.x°..-
    00302E38 7C 9C 23 78 7C 7D 1B 78 3B E0 00 01 7B FF F8 06 |Ü#x|}.x;ð..{*°.
    00302E48 67 E4 00 30 60 84 2E 8C 38 A0 00 07 4B D4 F1 A5 gô.0`Ä.Ì8à..KL¸å
    00302E58 28 23 00 00 40 82 00 4C 67 FF 00 2E 63 FF B8 9C (#..@Â.Lg*..c*¬Ü
    00302E68 E8 7F 00 00 28 23 00 00 41 82 00 14 E8 7F 00 08 ø..(#..AÂ..ø..
    00302E78 38 9D 00 09 4B D4 F1 29 EB BF 00 00 7F A3 EB 78 8Ý..KL¸)û¬..ãûx
    00302E88 4B FD 68 B8 2F 64 65 76 5F 62 64 76 64 00 2F 61 K¤h¬/dev_bdvd./a
    00302E98 70 70 5F 68 6F 6D 65 00 00 00 00 00 00 00 00 00 pp_home.........
    00302EA8 7F A3 EB 78 3B E0 00 01 7B FF F8 06 67 E4 00 30 ãûx;ð..{*°.gô.0
    00302EB8 60 84 2E 96 38 A0 00 02 4B D4 F1 39 28 23 00 00 `Ä.Ö8à..KL¸9(#..
    00302EC8 40 82 00 28 67 FF 00 2E 63 FF B8 9C E8 7F 00 00 @Â.(g*..c*¬Üø..
    00302ED8 28 23 00 00 41 82 00 14 E8 7F 00 08 38 9D 00 09 (#..AÂ..ø..8Ý..
    00302EE8 4B D4 F0 BD EB BF 00 00 7F A3 EB 78 4B FD 68 4C KL¨-û¬..ãûxK¤hL

    002EB7E0 25 64 25 73 25 30 31 36 6C 78 25 30 31 36 6C 6C %d%s%016lx%016ll
    002EB7F0 78 25 30 31 36 6C 6C 78 25 73 25 73 25 30 38 78 x%016llx%s%s%08x
    002EB800 25 64 25 31 64 25 31 64 25 31 64 41 41 41 0A 00 %d%1d%1d%1dAAA..

    002EB810 F8 21 FF 31 7C 08 02 A6 F8 01 00 E0 FB E1 00 C8 °!*1|..æ°..ðvñ.L
    002EB820 38 81 00 70 4B EC C5 55 3B E0 00 01 7B FF F8 06 8Á.pKü+U;ð..{*°.
    002EB830 67 FF 00 2E 63 FF B8 9C E8 7F 00 00 2C 23 00 00 g*..c*¬Üø..,#..
    002EB840 41 82 00 0C 38 80 00 27 4B D7 C3 E5 38 80 00 27 AÂ..8À.'K++õ8À.'
    002EB850 38 60 08 00 4B D7 BF 9D F8 7F 00 00 E8 81 00 70 8`..K+¬Ý°..øÁ.p
    002EB860 4B D6 67 45 E8 61 00 70 38 80 00 27 4B D7 C3 C1 KãgEøa.p8À.'K+++
    002EB870 E8 7F 00 00 4B D6 67 59 E8 9F 00 00 7C 64 1A 14 ø..KãgYøß..|d..
    002EB880 F8 7F 00 08 38 60 00 00 EB E1 00 C8 E8 01 00 E0 °..8`..ûñ.Lø..ð
    002EB890 38 21 00 D0 7C 08 03 A6 4E 80 00 20 80 00 00 00 8!.¦|..æNÀ. À...
    002EB8A0 00 59 18 00 80 00 00 00 00 59 18 09 00 00 00 00 .Y..À....Y......
    002EB8B0 80 00 00 00 00 2E B8 10

    Lv2Syscall2(7, 0x8000000000302E48ULL, 0x67E4003060842E8CULL ); // 302E48 oris r4, r31, 0x30 // 67 E4 00 30 60 84 2E 8C // (/dev_bdvd) // 302E4C ori r4, r4, 0x2E8C
    Lv2Syscall2(7, 0x8000000000302E54ULL, 0x4BD4F1A528230000ULL ); // 302E54 bl strncmp_sub_51FF8 // 4B D4 F1 A5 28 23 00 00
    Lv2Syscall2(7, 0x8000000000302E60ULL, 0x67FF002E63FFB89CULL ); // 302E60 oris r31, r31, 0x2E // 67 FF 00 2E 63 FF B8 9C // 302E64 ori r31, r31, 0xB89C
    Lv2Syscall2(7, 0x8000000000302E7CULL, 0x4BD4F129EBBF0000ULL ); // 302E7C bl strcpy_sub_51FA4 // 4B D4 F1 29 EB BF 00 00
    Lv2Syscall2(7, 0x8000000000302E88ULL, 0x4BFD68B82F646576ULL ); // 302E88 b loc_2D9740 // 4B FD 68 B8 2F 64 65 76 // hook_return
    Lv2Syscall2(7, 0x8000000000302EB4ULL, 0x67E4003060842E96ULL ); // 302EB4 oris r4, r31, 0x30 // 67 E4 00 30 60 84 2E 96 // (/app_home) // 302EB8 ori r4, r4, 0x2E96
    Lv2Syscall2(7, 0x8000000000302EC0ULL, 0x4BD4F13928230000ULL ); // 302EC0 bl strncmp_sub_51FF8 // 4B D4 F1 39 28 23 00 00
    Lv2Syscall2(7, 0x8000000000302ECCULL, 0x67FF002E63FFB89CULL ); // 302ECC oris r31, r31, 0x2E // 67 FF 00 2E 63 FF B8 9C // 302ED0 ori r31, r31, 0xB89C
    Lv2Syscall2(7, 0x8000000000302EE8ULL, 0x4BD4F0BDEBBF0000ULL ); // 302EE8 bl strcpy_sub_51FA4 // 4B D4 F0 BD EB BF 00 00
    Lv2Syscall2(7, 0x8000000000302EF4ULL, 0x4BFD684C7461636BULL ); // 302EF4 b loc_2D9740 // 4B FD 68 4C 74 61 63 6B // hook_return

    Lv2Syscall2(7, 0x80000000002EB824ULL, 0x4BECC5553BE00001ULL ); // 2EB824 bl pathdup_from_user_1B7D78 // 4B EC C5 55 3B E0 00 01
    Lv2Syscall2(7, 0x80000000002EB830ULL, 0x67FF002E63FFB89CULL ); // 2EB830 oris r31, r31, 0x2E // 67 FF 00 2E 63 FF B8 9C // 2EB834 ori r31, r31, 0xB89C
    Lv2Syscall2(7, 0x80000000002EB848ULL, 0x4BD7C3E538800027ULL ); // 2EB848 bl free_sub_67C2C // 4B D7 C3 E5 38 80 00 27
    Lv2Syscall2(7, 0x80000000002EB854ULL, 0x4BD7BF9DF87F0000ULL ); // 2EB854 bl alloc_sub_677F0 // 4B D7 BF 9D F8 7F 00 00
    Lv2Syscall2(7, 0x80000000002EB860ULL, 0x4BD66745E8610070ULL ); // 2EB860 bl strcpy_sub_51FA4 // 4B D6 67 45 E8 61 00 70

    Lv2Syscall2(7, 0x80000000002EB86CULL, 0x4BD7C3C1E87F0000ULL ); // 2EB86C bl free_sub_67C2C // 4B D7 C3 C1 E8 7F 00 00
    Lv2Syscall2(7, 0x80000000002EB874ULL, 0x4BD66759E89F0000ULL ); // 2EB874 bl strlen_sub_51FCC // 4B D6 67 59 E8 9F 00 00
    Lv2Syscall2(7, 0x80000000002EB8B0ULL, 0x80000000002EB810ULL ); // 2EB8B0 .long syscall_lv2_syscall_36 // 80 00 00 00 00 2E B8 10 // sc36 vector

    Lv2Syscall2(7, 0x80000000002D9718ULL, 0x480297007C0802A6ULL ); // 2D9718 b sub_302E18 // hook open
    Lv2Syscall2(7, 0x800000000037A2D0ULL, 0x80000000002EB8B0ULL ); // enable syscall36

    302E8C aDev_bdvd: .string "/dev_bdvd"
    302E96 aApp_home: .string "/app_home"

    2EB89C free/alloc address pointer -> (set by functions)
    2EB8B0 syscall36 address pointer -> 0x80000000002EB810

    strncmp: 51FF8
    strcpy: 51FA4
    pathdup_from_user: 1B7D78
    free: 67C2C
    alloc: 677F0
    strlen: 51FCC
    ==================================================================================================================

    LV2: Additional patches for PARAM.SFO and access permissions

    Lv2Syscall2(7, 0x800000000005A938ULL, 0x63FF003D60000000ULL ); // fix 8001003D error
    Lv2Syscall2(7, 0x800000000005A9FCULL, 0x3FE080013BE00000ULL ); // fix 8001003E error

    Lv2Syscall2(7, 0x800000000005A9A8ULL, 0x419E00D860000000ULL );
    Lv2Syscall2(7, 0x800000000005A9B0ULL, 0x2F84000448000098ULL );

    Lv2Syscall2(7, 0x800000000005E36CULL, 0x2F83000060000000ULL );
    Lv2Syscall2(7, 0x800000000005E380ULL, 0x2F83000060000000ULL );

    ==================================================================================================================

    LV2: Device mount table (for BD-Mirror USB)

    dev_table=peekq(0x800000000030FB70ULL); // actual 0x8000000000470020ULL

 

 

 

 

 

 

fuente :http://pastebin.com/bqPwX1f5


Anuncios Google

Opciones de visualización de comentarios

Seleccione la forma que prefiera para mostrar los comentarios y haga clic en «Guardar las opciones» para activar los cambios.

ps3 version 4.21

Disculpen la pregunta, soy nuevo en este mundo, tengo una consola ps3 con la version 4.21 y quisiera saber si hay forma de hackearla, porfa orientenme se los agradecere muchisimo 

Opciones de visualización de comentarios

Seleccione la forma que prefiera para mostrar los comentarios y haga clic en «Guardar las opciones» para activar los cambios.