release v2.1.3

SiSTR0 · Mar 13, 2020 · e7645a9 · e7645a9 · Gomezvh135 · May 9, 2024
1 parent e13b115
commit e7645a9
Show file tree

Hide file tree

Showing 9 changed files with 253 additions and 127 deletions.
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# PS4HEN v2.1.2
+# PS4HEN v2.1.3
 
 ## Features
 - Homebrew Enabler
@@ -12,9 +12,10 @@
 - External HDD Format 7.xx Support
 - FW Version Spoof to 7.02
 - Debug Trophies Support
-
-## Fixes
 - sys_dynlib_dlsym Patch
+- UART Enabler
+- Never Disable Screenshot
+- Remote Play Enabler
 
 ## Contributors
 Massive credits to the following:
@@ -28,6 +29,7 @@ Massive credits to the following:
 - [SiSTRo](https://github.com/SiSTR0)
 - [SocraticBliss](https://twitter.com/SocraticBliss)
 - [ChendoChap](https://github.com/ChendoChap)
+- [Biorn1950](https://github.com/Biorn1950)
 - Anonymous
 
 ## Testers

diff --git a/exploit/index.html b/exploit/index.html
diff --git a/installer/include/defines.h b/installer/include/defines.h
@@ -2,7 +2,7 @@
 #define __DEFINES_H__
 #pragma once
 
-#define VERSION "2.1.2"
+#define VERSION "2.1.3"
 
 //#define DEBUG_SOCKET
 

diff --git a/installer/include/offsets.h b/installer/include/offsets.h
@@ -3,34 +3,40 @@
 #pragma once
 
 // 5.05
-#define	XFAST_SYSCALL_addr				0x00001C0
+#define	XFAST_SYSCALL_addr              0x00001C0
 
 // Names - Data
-#define PRISON0_addr					0x10986A0
-#define ROOTVNODE_addr					0x22C1A70
-#define PMAP_STORE_addr					0x22CB570
-#define DT_HASH_SEGMENT_addr			0x0B5EF30
+#define PRISON0_addr                    0x10986A0
+#define ROOTVNODE_addr                  0x22C1A70
+#define PMAP_STORE_addr                 0x22CB570
+#define DT_HASH_SEGMENT_addr            0x0B5EF30
 
 // Functions
-#define pmap_protect_addr				0x02E3090
-#define pmap_protect_p_addr				0x02E30D4
+#define pmap_protect_addr               0x02E3090
+#define pmap_protect_p_addr             0x02E30D4
 
 // Patches
 // debug menu error
-#define debug_menu_error_patch1			0x04F9048
-#define debug_menu_error_patch2			0x04FA15C
+#define debug_menu_error_patch1         0x04F9048
+#define debug_menu_error_patch2         0x04FA15C
 
 // disable signature check
-#define disable_signature_check_patch	0x06A2700
+#define disable_signature_check_patch   0x06A2700
 
 // enable debug RIFs
-#define enable_debug_rifs_patch1		0x064B2B0
-#define enable_debug_rifs_patch2		0x064B2D0
+#define enable_debug_rifs_patch1        0x064B2B0
+#define enable_debug_rifs_patch2        0x064B2D0
 
 // allow sys_dynlib_dlsym in all processes
-#define sys_dynlib_dlsym_patch			0x0237F3A
+#define sys_dynlib_dlsym_patch          0x0237F3A
 
 // sdk version spoof - enable all VR fws
-#define sdk_version_patch				0x14A63F0
+#define sdk_version_patch               0x14A63F0
+
+// enable debug log
+#define enable_debug_log_patch          0x043612A
+
+// enable uart output
+#define enable_uart_patch               0x19ECEB0
 
 #endif
diff --git a/installer/source/debug.c b/installer/source/debug.c
@@ -30,6 +30,6 @@ void closeDebugSocket(void)
 void notify(char *message)
 {
 	char buffer[512];
-	sprintf(buffer, "%s\n\n\n\n\n\n\n", message);
-	sceSysUtilSendSystemNotificationWithText(0x81, buffer);
+	sprintf(buffer, "%s", message);
+	sceSysUtilSendSystemNotificationWithText(222, buffer);
 }
diff --git a/installer/source/main.c b/installer/source/main.c
@@ -78,6 +78,12 @@ int install_payload(struct thread *td, struct install_payload_args* args)
 	// spoof sdk_version - enable vr 5.05
 	*(uint32_t *)(kernel_base + sdk_version_patch) = FAKE_FW_VERSION;
 
+	// enable debug log
+	*(uint16_t*)(kernel_base + enable_debug_log_patch) = 0x38EB;
+
+	// enable uart output
+	*(uint32_t *)(kernel_base + enable_uart_patch) = 0;
+
 	// install kpayload
 	memset(payload_buffer, 0, PAGE_SIZE);
 	memcpy(payload_buffer, payload_data, payload_size);

diff --git a/kpayload/include/offsets.h b/kpayload/include/offsets.h
@@ -3,111 +3,122 @@
 #pragma once
 
 // data
-#define	XFAST_SYSCALL_addr				0x00001C0
-#define M_TEMP_addr						0x14B4110
-#define MINI_SYSCORE_SELF_BINARY_addr	0x14C9D48
-#define ALLPROC_addr					0x2382FF8
-#define SBL_DRIVER_MAPPED_PAGES_addr	0x271E208
-#define SBL_PFS_SX_addr					0x271E5D8
-#define SBL_KEYMGR_KEY_SLOTS_addr		0x2744548
-#define SBL_KEYMGR_KEY_RBTREE_addr		0x2744558
-#define SBL_KEYMGR_BUF_VA_addr			0x2748000
-#define SBL_KEYMGR_BUF_GVA_addr			0x2748800
-#define FPU_CTX_addr					0x274C040
-#define DIPSW_addr						0x1CD0650
+#define	XFAST_SYSCALL_addr              0x00001C0
+#define M_TEMP_addr                     0x14B4110
+#define MINI_SYSCORE_SELF_BINARY_addr   0x14C9D48
+#define ALLPROC_addr                    0x2382FF8
+#define SBL_DRIVER_MAPPED_PAGES_addr    0x271E208
+#define SBL_PFS_SX_addr                 0x271E5D8
+#define SBL_KEYMGR_KEY_SLOTS_addr       0x2744548
+#define SBL_KEYMGR_KEY_RBTREE_addr      0x2744558
+#define SBL_KEYMGR_BUF_VA_addr          0x2748000
+#define SBL_KEYMGR_BUF_GVA_addr         0x2748800
+#define FPU_CTX_addr                    0x274C040
+#define DIPSW_addr                      0x1CD0650
 
 // common
-#define memcmp_addr						0x050AC0
-#define _sx_xlock_addr					0x0F5E10
-#define _sx_xunlock_addr				0x0F5FD0
-#define malloc_addr						0x10E250
-#define free_addr						0x10E460
-#define strstr_addr						0x17DFB0
-#define fpu_kern_enter_addr				0x1BFF90
-#define fpu_kern_leave_addr				0x1C0090
-#define memcpy_addr						0x1EA530
-#define memset_addr						0x3205C0
-#define strlen_addr						0x3B71A0
-#define printf_addr						0x436040
-#define eventhandler_register_addr		0x1EC400
+#define memcmp_addr                     0x050AC0
+#define _sx_xlock_addr                  0x0F5E10
+#define _sx_xunlock_addr                0x0F5FD0
+#define malloc_addr                     0x10E250
+#define free_addr                       0x10E460
+#define strstr_addr                     0x17DFB0
+#define fpu_kern_enter_addr             0x1BFF90
+#define fpu_kern_leave_addr             0x1C0090
+#define memcpy_addr                     0x1EA530
+#define memset_addr                     0x3205C0
+#define strlen_addr                     0x3B71A0
+#define printf_addr                     0x436040
+#define eventhandler_register_addr      0x1EC400
 
 // Fself
-#define sceSblACMgrGetPathId_addr		0x0117E0
-#define sceSblServiceMailbox_addr		0x632540
-#define sceSblAuthMgrSmIsLoadable2_addr	0x63C4F0
-#define _sceSblAuthMgrGetSelfInfo_addr	0x63CD40
-#define _sceSblAuthMgrSmStart_addr		0x6418E0
-#define sceSblAuthMgrVerifyHeader_addr	0x642B40
+#define sceSblACMgrGetPathId_addr       0x0117E0
+#define sceSblServiceMailbox_addr       0x632540
+#define sceSblAuthMgrSmIsLoadable2_addr 0x63C4F0
+#define _sceSblAuthMgrGetSelfInfo_addr  0x63CD40
+#define _sceSblAuthMgrSmStart_addr      0x6418E0
+#define sceSblAuthMgrVerifyHeader_addr  0x642B40
 
 // Fpkg
-#define RsaesPkcs1v15Dec2048CRT_addr	0x1FD7D0
-#define Sha256Hmac_addr					0x2D55B0
-#define AesCbcCfb128Encrypt_addr		0x3A2BD0
-#define AesCbcCfb128Decrypt_addr		0x3A2E00
-#define sceSblDriverSendMsg_0_addr		0x61D7F0
-#define sceSblPfsSetKeys_addr			0x61EFA0
-#define sceSblKeymgrSetKeyStorage_addr	0x623FC0
-#define sceSblKeymgrSetKeyForPfs_addr	0x62D780
-#define sceSblKeymgrCleartKey_addr		0x62DB10
-#define sceSblKeymgrSmCallfunc_addr		0x62E2A0
+#define RsaesPkcs1v15Dec2048CRT_addr    0x1FD7D0
+#define Sha256Hmac_addr                 0x2D55B0
+#define AesCbcCfb128Encrypt_addr        0x3A2BD0
+#define AesCbcCfb128Decrypt_addr        0x3A2E00
+#define sceSblDriverSendMsg_0_addr      0x61D7F0
+#define sceSblPfsSetKeys_addr           0x61EFA0
+#define sceSblKeymgrSetKeyStorage_addr  0x623FC0
+#define sceSblKeymgrSetKeyForPfs_addr   0x62D780
+#define sceSblKeymgrCleartKey_addr      0x62DB10
+#define sceSblKeymgrSmCallfunc_addr     0x62E2A0
 
 // Patch
-#define vmspace_acquire_ref_addr		0x19EF90
-#define vmspace_free_addr				0x19EDC0
-#define vm_map_lock_read_addr			0x19F140
-#define vm_map_unlock_read_addr			0x19F190
-#define vm_map_lookup_entry_addr		0x19F760
-#define proc_rwmem_addr					0x30D150
+#define vmspace_acquire_ref_addr        0x19EF90
+#define vmspace_free_addr               0x19EDC0
+#define vm_map_lock_read_addr           0x19F140
+#define vm_map_unlock_read_addr         0x19F190
+#define vm_map_lookup_entry_addr        0x19F760
+#define proc_rwmem_addr                 0x30D150
 
 // Fself hooks
-#define sceSblAuthMgrIsLoadable__sceSblACMgrGetPathId_hook			0x63E25D
-#define sceSblAuthMgrIsLoadable2_hook								0x63E3A1
-#define sceSblAuthMgrVerifyHeader_hook1								0x63EAFC
-#define sceSblAuthMgrVerifyHeader_hook2								0x63F718
-#define sceSblAuthMgrSmLoadSelfSegment__sceSblServiceMailbox_hook	0x64318B
-#define sceSblAuthMgrSmLoadSelfBlock__sceSblServiceMailbox_hook		0x643DA2
+#define sceSblAuthMgrIsLoadable__sceSblACMgrGetPathId_hook          0x63E25D
+#define sceSblAuthMgrIsLoadable2_hook                               0x63E3A1
+#define sceSblAuthMgrVerifyHeader_hook1                             0x63EAFC
+#define sceSblAuthMgrVerifyHeader_hook2                             0x63F718
+#define sceSblAuthMgrSmLoadSelfSegment__sceSblServiceMailbox_hook   0x64318B
+#define sceSblAuthMgrSmLoadSelfBlock__sceSblServiceMailbox_hook     0x643DA2
 
 // Fpkg hooks
-#define sceSblKeymgrSetKeyStorage__sceSblDriverSendMsg_hook			0x624065
-#define sceSblKeymgrInvalidateKey__sx_xlock_hook 					0x62E96D
-#define sceSblKeymgrSmCallfunc_npdrm_decrypt_isolated_rif_hook		0x64C720
-#define sceSblKeymgrSmCallfunc_npdrm_decrypt_rif_new_hook			0x64D4FF
-#define mountpfs__sceSblPfsSetKeys_hook1							0x6AAAD5
-#define mountpfs__sceSblPfsSetKeys_hook2							0x6AAD04
+#define sceSblKeymgrSetKeyStorage__sceSblDriverSendMsg_hook         0x624065
+#define sceSblKeymgrInvalidateKey__sx_xlock_hook                    0x62E96D
+#define sceSblKeymgrSmCallfunc_npdrm_decrypt_isolated_rif_hook      0x64C720
+#define sceSblKeymgrSmCallfunc_npdrm_decrypt_rif_new_hook           0x64D4FF
+#define mountpfs__sceSblPfsSetKeys_hook1                            0x6AAAD5
+#define mountpfs__sceSblPfsSetKeys_hook2                            0x6AAD04
 
-// SceShellUI - libkernel patches
-#define sceSblRcMgrIsAllowDebugMenuForSettings_patch				0x01BD90
-#define sceSblRcMgrIsStoreMode_patch								0x01C090
+// SceShellUI patches - debug patches
+#define sceSblRcMgrIsAllowDebugMenuForSettings_patch                0x01BD90
+#define sceSblRcMgrIsStoreMode_patch                                0x01C090
+
+// SceShellUI patches - remote play patches
+#define CreateUserForIDU_patch                                      0x1A8FA0
+#define remote_play_menu_patch                                      0xEE638E
+
+// SceRemotePlay patches - remote play patches
+#define SceRemotePlay_patch1                                        0x03C33F
+#define SceRemotePlay_patch2                                        0x03C35A
 
 // SceShellCore patches
 // call sceKernelIsGenuineCEX
-#define sceKernelIsGenuineCEX_patch1	0x16D05B
-#define sceKernelIsGenuineCEX_patch2	0x79980B
-#define sceKernelIsGenuineCEX_patch3	0x7E5A13
-#define sceKernelIsGenuineCEX_patch4	0x94715B
+#define sceKernelIsGenuineCEX_patch1    0x16D05B
+#define sceKernelIsGenuineCEX_patch2    0x79980B
+#define sceKernelIsGenuineCEX_patch3    0x7E5A13
+#define sceKernelIsGenuineCEX_patch4    0x94715B
 
 // call nidf_libSceDipsw
-#define nidf_libSceDipsw_patch1			0x16D087
-#define nidf_libSceDipsw_patch2			0x23747B
-#define nidf_libSceDipsw_patch3			0x799837
-#define nidf_libSceDipsw_patch4			0x947187
+#define nidf_libSceDipsw_patch1         0x16D087
+#define nidf_libSceDipsw_patch2         0x23747B
+#define nidf_libSceDipsw_patch3         0x799837
+#define nidf_libSceDipsw_patch4         0x947187
 
 // enable data mount
-#define enable_data_mount_patch			0x319A53
+#define enable_data_mount_patch         0x319A53
 
 // enable fpkg
-#define enable_fpkg_patch				0x3E0602
+#define enable_fpkg_patch               0x3E0602
 
 // debug pkg free string
-#define fake_free_patch					0xEA96A7
+#define fake_free_patch                 0xEA96A7
 
 // make pkgs installer working with external hdd
-#define pkg_installer_patch				0x9312A1
+#define pkg_installer_patch             0x9312A1
 
 // enable support with 6.xx external hdd
-#define ext_hdd_patch					0x593C7D
+#define ext_hdd_patch                   0x593C7D
 
 // enable debug trophies on retail
-#define debug_trophies_patch			0x6ABE39
+#define debug_trophies_patch            0x6ABE39
+
+// disable screenshot block
+#define disable_screenshot_patch        0x0CB8C6
 
-#endif
+#endif
diff --git a/kpayload/source/main.c b/kpayload/source/main.c
@@ -78,10 +78,11 @@ int (*vm_map_lookup_entry)(struct vm_map *map, uint64_t address, struct vm_map_e
 int (*proc_rwmem)(struct proc *p, struct uio *uio) PAYLOAD_BSS;
 
 // initialization, etc
-extern void install_fself_hooks(void)    PAYLOAD_CODE;
-extern void install_fpkg_hooks(void)     PAYLOAD_CODE;
-extern void install_debug_patches(void)  PAYLOAD_CODE;
-extern int shellcore_fpkg_patch(void)    PAYLOAD_CODE;
+extern void install_fself_hooks(void)         PAYLOAD_CODE;
+extern void install_fpkg_hooks(void)          PAYLOAD_CODE;
+extern void install_patches(void)             PAYLOAD_CODE;
+extern void install_fake_signout_patch(void)  PAYLOAD_CODE;
+extern int shellcore_fpkg_patch(void)         PAYLOAD_CODE;
 
 #define resolve(name) name = (void *)(kernbase + name##_addr)
 PAYLOAD_CODE void resolve_kdlsym()
@@ -149,7 +150,7 @@ PAYLOAD_CODE int my_entrypoint()
 	resolve_kdlsym();
 	install_fself_hooks();
 	install_fpkg_hooks();
-	install_debug_patches();
+	install_patches();
 	return shellcore_fpkg_patch();
 }