diff --git a/kpatch/README.txt b/kpatch/README.txt new file mode 100644 index 0000000..5ce022a --- /dev/null +++ b/kpatch/README.txt @@ -0,0 +1,68 @@ +OSDSYS patch for ROM v1.0x - 2018/01/29 +-------------------------------------------- + +This package contains the source code for clones of the OSDSYS patches, meant for ROM v1.00 and v1.01. +As with the OSD update files, these files were meant to be encapsulated as KELFs. But I will not cover that here. + +The first PlayStation 2 consoles (SCPH-10000 & SCPH-15000) had a considerably different boot ROM from the expansion-bay consoles. +Other than having the earliest-possible IOP and EE kernels, their OSDSYS programs were coded rather differently and had a design flaw that prevented arguments from being passed to memory-card updates. + +These are the original update files and their descriptions: + +Model ROM Update File Description +SCPH-10000 0100JC20000117 osdsys.elf OSDSYS patch (patch0100). +SCPH-10000/SCPH-15000 0101JC20000217 osd110.elf System Driver Update + OSDSYS patch (patch0101). +SCPH-18000 0120JC20001027 osd130.elf System Driver Update + OSDSYS patch (patch0101). Exactly the same in content as osd110.elf. + +The OSDSYS patch will copy a ROM image that contains a replacement EELOAD program, into kernel memory (0x80030000). +It will then patch the EE kernel to scan 0x80030000-0x80040000 for the EELOAD, instead of the boot ROM. + +The System Driver Update attempts to boot the HDD-based update from the HDD unit. +While the SCPH-18000 contained a modern ROM that did not have the same deficiencies as its predecessors, +it is incapable of supporting the CXD9566R PCMCIA controller of the SCPH-18000. As a result, it needed extra help to boot updates from the HDD unit. + +osd110.elf and osd130.elf are the system driver update main executables, which also contain a patch that is similar to the code within osdsys.elf, which install a replacement EELOAD program that will replace rom0:EELOAD. +This patch targets OSDSYS from ROM v1.01J, and does nothing for other ROM versions. +As a result, its patches are also different from the ones that osdsys.elf applies (see below). + +This EELOAD replacement will wait for a request that boots rom0:OSDSYS, before loading rom0:OSDSYS and applying a few fixes to it: + 1. Patch the memory card update dispatcher to pass arguments. + 2. patch0100 only: Overwrite the Japanese message (DVDプレーヤーが起動できませんでした。), which says that that the DVD Player could not be started. + 3. patch0100 only: Replaces update filenames and commands. + +Once the OSDSYS-patching code within EELOAD is run, its effects are binding until the console is hard-reset or powered off. + +Modifications for FMCB, which this package has: +----------------------------------------------- +FMCB sits in for the system driver update. To save space, I made osd110.elf similar to osdsys.elf; instead of being a full system driver update, it will patch OSDSYS to boot osd130.elf. +The osdsys.elf patch was also made to boot osd130.elf directly, hence allowing only one copy of the system driver update to exist. + +Official path of execution: +ROM v1.00J: osdsys.elf -> osd110.elf -> HDD update +ROM v1.01J: osd110.elf -> HDD update +ROM v1.20J: osd130.elf -> HDD update + +New (unofficial) path of execution: +ROM v1.00J: osdsys.elf -> osd130.elf -> HDD update +ROM v1.01J: osd110.elf -> osd130.elf -> HDD update +ROM v1.20J: osd130.elf -> HDD update + +Notes for compilation: +---------------------- +These patches are split into two parts: The main program and an ROM image that contains EELOAD. +It is possible to build the patch without rebuilding EELOAD, by just entering "make". + +The EELOAD module is a binary file, built to be loaded at 0x00082000. To build a ROM image, you need a tool (i.e. ROMIMG). +If you wish to rebuild EELOAD, you need to: +1. Build EELOAD, by entering "make" from within the EELOAD folder. +2. Convert it into a binary file. You can do that with ee-objdump. +3. Generate a new ROM image named 'EELOAD.img', that contains EELOAD. +4. Rebuild the patch. + +Other trivia: +------------- +Within the comments of the ROM images, the EELOAD images are known as "eeload.rom". +Their original paths were as follows: +osdsys.elf: horikawa@phoenix/ee/src/kernel/patch0100/kpatch +osd110.elf: horikawa@phoenix/ee/src/kernel/patch0101/kpatch + diff --git a/kpatch/Rules.eeload.make b/kpatch/Rules.eeload.make new file mode 100644 index 0000000..c3b82bd --- /dev/null +++ b/kpatch/Rules.eeload.make @@ -0,0 +1,61 @@ +# _____ ___ ____ ___ ____ +# ____| | ____| | | |____| +# | ___| |____ ___| ____| | \ PS2DEV Open Source Project. +#----------------------------------------------------------------------- +# Copyright 2001-2004, ps2dev - http://www.ps2dev.org +# Licenced under Academic Free License version 2.0 +# Review ps2sdk README & LICENSE files for further details. + +EE_CC_VERSION := $(shell $(EE_CC) --version 2>&1 | sed -n 's/^.*(GCC) //p') + +CRT0_OBJ = crt0.o +MAPFILE = memory.map + +EE_INCS := $(EE_INCS) -I$(PS2SDK)/ee/include -I$(PS2SDK)/common/include -I. +EE_LDFLAGS := $(EE_LDFLAGS) -L$(PS2SDK)/ee/lib -s -Wl,-Map,$(MAPFILE) +EE_LIBS := $(EE_LIBS) -lc -lkernel-nopatch + +# C compiler flags +EE_CFLAGS := -D_EE -G0 -Os -Wall $(EE_INCS) $(EE_CFLAGS) + +# C++ compiler flags +EE_CXXFLAGS := -D_EE -G0 -Os -Wall $(EE_INCS) $(EE_CXXFLAGS) + +# Assembler flags +EE_ASFLAGS := $(EE_ASFLAGS) + +# Externally defined variables: EE_BIN, EE_OBJS, EE_LIB, LINKFILE, CRT0_OBJ_S + +# These macros can be used to simplify certain build rules. +EE_C_COMPILE = $(EE_CC) $(EE_CFLAGS) +EE_CXX_COMPILE = $(EE_CXX) $(EE_CXXFLAGS) + +# Extra macro for disabling the automatic inclusion of the built-in CRT object(s) +ifeq ($(EE_CC_VERSION),3.2.2) + EE_NO_CRT = -mno-crt0 +else ifeq ($(EE_CC_VERSION),3.2.3) + EE_NO_CRT = -mno-crt0 +else + EE_NO_CRT = +endif + +%.o : %.c + $(EE_CC) $(EE_CFLAGS) $(EE_INCS) -c $< -o $@ + +%.o : %.s + $(EE_AS) $(EE_ASFLAGS) $< -o $@ + +%.o : %.S + $(EE_CC) $(EE_CFLAGS) $(EE_INCS) -c $< -o $@ + +$(EE_BIN) : $(EE_OBJS) $(CRT0_OBJ) + $(EE_CC) $(EE_NO_CRT) -nostartfiles -T$(LINKFILE) $(EE_CFLAGS) \ + -o $(EE_BIN) $(CRT0_OBJ) $(EE_OBJS) $(EE_LDFLAGS) $(EE_LIBS) + $(EE_STRIP) -s -d -R .mdebug.eabi64 -R .reginfo -R .comment $(EE_BIN) + $(EE_OBJCOPY) -O binary $(EE_BIN) EELOAD + +$(CRT0_OBJ) : $(CRT0_OBJ_S) + $(EE_AS) $(EE_ASFLAGS) $< -o $@ + +clean:: + rm -f $(EE_BIN) $(EE_OBJS) $(CRT0_OBJ) $(MAPFILE) EELOAD diff --git a/kpatch/Rules.patch.make b/kpatch/Rules.patch.make new file mode 100644 index 0000000..0e6c9ba --- /dev/null +++ b/kpatch/Rules.patch.make @@ -0,0 +1,57 @@ +# _____ ___ ____ ___ ____ +# ____| | ____| | | |____| +# | ___| |____ ___| ____| | \ PS2DEV Open Source Project. +#----------------------------------------------------------------------- +# Copyright 2001-2004, ps2dev - http://www.ps2dev.org +# Licenced under Academic Free License version 2.0 +# Review ps2sdk README & LICENSE files for further details. + +EE_CC_VERSION := $(shell $(EE_CC) --version 2>&1 | sed -n 's/^.*(GCC) //p') + +LINKFILE = ../linkfile-patch +MAPFILE = memory.map + +EE_INCS := $(EE_INCS) -I$(PS2SDK)/ee/include -I$(PS2SDK)/common/include -I. +EE_LDFLAGS := $(EE_LDFLAGS) -L$(PS2SDK)/ee/lib -s -Wl,-Map,$(MAPFILE) +EE_LIBS := $(EE_LIBS) -lc -lkernel-nopatch + +# C compiler flags +EE_CFLAGS := -D_EE -G0 -Os -Wall $(EE_INCS) $(EE_CFLAGS) + +# C++ compiler flags +EE_CXXFLAGS := -D_EE -G0 -Os -Wall $(EE_INCS) $(EE_CXXFLAGS) + +# Assembler flags +EE_ASFLAGS := $(EE_ASFLAGS) + +# Externally defined variables: EE_BIN, EE_OBJS, EE_LIB + +# These macros can be used to simplify certain build rules. +EE_C_COMPILE = $(EE_CC) $(EE_CFLAGS) +EE_CXX_COMPILE = $(EE_CXX) $(EE_CXXFLAGS) + +# Extra macro for disabling the automatic inclusion of the built-in CRT object(s) +ifeq ($(EE_CC_VERSION),3.2.2) + EE_NO_CRT = -mno-crt0 +else ifeq ($(EE_CC_VERSION),3.2.3) + EE_NO_CRT = -mno-crt0 +else + EE_NO_CRT = +endif + +%.o : %.c + $(EE_CC) $(EE_CFLAGS) $(EE_INCS) -c $< -o $@ + +%.o : %.s + $(EE_AS) $(EE_ASFLAGS) $< -o $@ + +%.o : %.S + $(EE_CC) $(EE_CFLAGS) $(EE_INCS) -c $< -o $@ + +$(EE_BIN) : $(EE_OBJS) + $(EE_CC) $(EE_NO_CRT) -nostartfiles -T$(LINKFILE) $(EE_CFLAGS) \ + -o $(EE_BIN) $(EE_CRT0_OBJ) $(EE_OBJS) $(EE_LDFLAGS) $(EE_LIBS) + $(EE_STRIP) -s -d -R .mdebug.eabi64 -R .reginfo -R .comment $(EE_BIN) + +clean:: + rm -f $(EE_BIN) $(EE_OBJS) $(MAPFILE) diff --git a/kpatch/linkfile-eeload b/kpatch/linkfile-eeload new file mode 100644 index 0000000..8dbb5cd --- /dev/null +++ b/kpatch/linkfile-eeload @@ -0,0 +1,110 @@ +/* +# _____ ___ ____ ___ ____ +# ____| | ____| | | |____| +# | ___| |____ ___| ____| | \ PS2DEV Open Source Project. +#----------------------------------------------------------------------- +# Copyright 2001-2004, ps2dev - http://www.ps2dev.org +# Licenced under Academic Free License version 2.0 +# Review ps2sdk README & LICENSE files for further details. +# +# $Id$ +# Linkfile script for ee-ld +*/ + +ENTRY(_start); + +SECTIONS { + .text 0x00082000: { + _ftext = . ; + *(.start) + *(.text) + *(.text.*) + *(.gnu.linkonce.t*) + KEEP(*(.init)) + KEEP(*(.fini)) + QUAD(0) + } + + PROVIDE(_etext = .); + PROVIDE(etext = .); + + .reginfo : { *(.reginfo) } + + /* Global/static constructors and deconstructors. */ + .ctors ALIGN(16): { + KEEP(*crtbegin*.o(.ctors)) + KEEP(*(EXCLUDE_FILE(*crtend*.o) .ctors)) + KEEP(*(SORT(.ctors.*))) + KEEP(*(.ctors)) + } + .dtors ALIGN(16): { + KEEP(*crtbegin*.o(.dtors)) + KEEP(*(EXCLUDE_FILE(*crtend*.o) .dtors)) + KEEP(*(SORT(.dtors.*))) + KEEP(*(.dtors)) + } + + /* Static data. */ + .rodata ALIGN(128): { + *(.rodata) + *(.rodata.*) + *(.gnu.linkonce.r*) + } + + .data ALIGN(128): { + _fdata = . ; + *(.data) + *(.data.*) + *(.gnu.linkonce.d*) + SORT(CONSTRUCTORS) + } + + .rdata ALIGN(128): { *(.rdata) } + .gcc_except_table ALIGN(128): { *(.gcc_except_table) } + + _gp = ALIGN(128) + 0x7ff0; + .lit4 ALIGN(128): { *(.lit4) } + .lit8 ALIGN(128): { *(.lit8) } + + .sdata ALIGN(128): { + *(.sdata) + *(.sdata.*) + *(.gnu.linkonce.s*) + } + + _edata = .; + PROVIDE(edata = .); + + /* Uninitialized data. */ + .sbss ALIGN(128) : { + _fbss = . ; + *(.sbss) + *(.sbss.*) + *(.gnu.linkonce.sb*) + *(.scommon) + } + + .bss ALIGN(128) : { + *(.bss) + *(.bss.*) + *(.gnu.linkonce.b*) + *(COMMON) + } + _end_bss = .; + + /* Symbols needed by crt0.s. */ + PROVIDE(_heap_size = 0x2000); + PROVIDE(_stack_size = 0x2000); + + _stack = ALIGN(128); + PROVIDE(_stack = .); + . = _stack + _stack_size; + + _end = .; + PROVIDE(end = .); + + /* Unwanted stuff */ + /DISCARD/ : { + * ( .MIPS.abiflags ) + } +} diff --git a/kpatch/linkfile-patch b/kpatch/linkfile-patch new file mode 100644 index 0000000..ed3673f --- /dev/null +++ b/kpatch/linkfile-patch @@ -0,0 +1,107 @@ +/* +# _____ ___ ____ ___ ____ +# ____| | ____| | | |____| +# | ___| |____ ___| ____| | \ PS2DEV Open Source Project. +#----------------------------------------------------------------------- +# Copyright 2001-2004, ps2dev - http://www.ps2dev.org +# Licenced under Academic Free License version 2.0 +# Review ps2sdk README & LICENSE files for further details. +# +# $Id$ +# Linkfile script for ee-ld +*/ + +ENTRY(_start); + +SECTIONS { + .text 0x00200000: { + _ftext = . ; + *(.start) + *(.text) + *(.text.*) + *(.gnu.linkonce.t*) + KEEP(*(.init)) + KEEP(*(.fini)) + QUAD(0) + } + + PROVIDE(_etext = .); + PROVIDE(etext = .); + + .reginfo : { *(.reginfo) } + + /* Global/static constructors and deconstructors. */ + .ctors ALIGN(16): { + KEEP(*crtbegin*.o(.ctors)) + KEEP(*(EXCLUDE_FILE(*crtend*.o) .ctors)) + KEEP(*(SORT(.ctors.*))) + KEEP(*(.ctors)) + } + .dtors ALIGN(16): { + KEEP(*crtbegin*.o(.dtors)) + KEEP(*(EXCLUDE_FILE(*crtend*.o) .dtors)) + KEEP(*(SORT(.dtors.*))) + KEEP(*(.dtors)) + } + + /* Static data. */ + .rodata ALIGN(128): { + *(.rodata) + *(.rodata.*) + *(.gnu.linkonce.r*) + } + + .data ALIGN(128): { + _fdata = . ; + *(.data) + *(.data.*) + *(.gnu.linkonce.d*) + SORT(CONSTRUCTORS) + } + + .rdata ALIGN(128): { *(.rdata) } + .gcc_except_table ALIGN(128): { *(.gcc_except_table) } + + _gp = ALIGN(128) + 0x7ff0; + .lit4 ALIGN(128): { *(.lit4) } + .lit8 ALIGN(128): { *(.lit8) } + + .sdata ALIGN(128): { + *(.sdata) + *(.sdata.*) + *(.gnu.linkonce.s*) + } + + _edata = .; + PROVIDE(edata = .); + + /* Uninitialized data. */ + .sbss ALIGN(128) : { + _fbss = . ; + *(.sbss) + *(.sbss.*) + *(.gnu.linkonce.sb*) + *(.scommon) + } + + .bss ALIGN(128) : { + *(.bss) + *(.bss.*) + *(.gnu.linkonce.b*) + *(COMMON) + } + _end_bss = .; + + _end = . ; + PROVIDE(end = .); + + /* Symbols needed by crt0.s. */ + PROVIDE(_heap_size = -1); + PROVIDE(_stack = -1); + PROVIDE(_stack_size = 128*1024); + + /* Unwanted stuff */ + /DISCARD/ : { + * ( .MIPS.abiflags ) + } +} diff --git a/kpatch/patch0100/EELOAD.img b/kpatch/patch0100/EELOAD.img new file mode 100644 index 0000000..24f1f90 Binary files /dev/null and b/kpatch/patch0100/EELOAD.img differ diff --git a/kpatch/patch0100/EELOAD/EELOAD.c b/kpatch/patch0100/EELOAD/EELOAD.c new file mode 100644 index 0000000..046308c --- /dev/null +++ b/kpatch/patch0100/EELOAD/EELOAD.c @@ -0,0 +1,251 @@ +/* + Filename: EELOAD + Description: EE executable Loader (OSDSYS update). Largely the same as EELOAD from ROM v1.01, but has a patching mechanism. + Date: 2013/04/25 + Arguments: + argv[0]= or <"moduleload"> + (Or if "moduleload" was specified as the first argument): + argv[1...n]= commands, where: + "-m " -> Loads a regular IOP module. + "-k " -> Loads an encrypted IOP module. + "-x " -> Loads and executes an encrypted EE program. + + (Strings remaining in the argv[] array are arguments that are to be passed to the loaded program) + + Other notes: If no arguments are specified, it loads rom0:OSDSYS. +*/ + +#include +#include +#include +#include +#include +#include +#include + +//0x00083e80 +#define NUM_BOOT_PATHS 1 +static char *DefaultBootPaths[NUM_BOOT_PATHS+1]={"rom0:OSDSYS", NULL}; + +//0x00083e88 +static t_ExecData ElfData; + +//0x00083ea0 - the patch that solves the problem with the browser being unable to pass arguments to the update. +//The same as the v1.01 OSDSYS patch, except for the addresses. +static const unsigned int OSDSYS_patch[]={ + 0x18a0000a, //blez a1, +11 + 0x3c0b004f, //lui t3, $004f + 0x25670100, //addiu a3, t3, $0100 + 0x00a0402d, //daddu t0, a1, zero + 0x8cc20000, //lw v0, $0000(a2) + 0x2508ffff, //addiu t0, t0, $ffff + 0x24c60004, //addiu a2, a2, $0004 + 0xace20000, //sw v0, $0000(a3) + 0x00000000, //nop + 0x1500fffa, //bne t0, zero, -5 + 0x24e70004, //addiu a3, a3, $0004 + 0x3c0a0029, //lui t2, $0029 + 0x8d4ad280, //lw t2, $d280(t2) + 0x24080001, //addiu t0, zero, $0001 + 0x010a102a, //slt v0, t0, t2 + 0x10400014, //beq v0, zero, +21 + 0x28a20010, //slti v0, a1, $0010 + 0x10400012, //beq v0, zero, +19 + 0x3c02004f, //lui v0, $004f + 0x00051880, //sll v1, a1, 2 + 0x24420100, //addiu v0, v0, $0100 + 0x3c070028, //lui a3, $0028 + 0x00624821, //addu t1, v1, v0 + 0x34e7d288, //ori a3, a3, $d288 + 0x8ce30000, //lw v1, $0000(a3) + 0x00000000, //nop + 0x25080001, //addiu t0, t0, $0001 + 0x24e70004, //addiu a3, a3, $0004 + 0x24a50001, //addiu a1, a1, $0001 + 0xad230000, //sw v1, $0000(t1) + 0x010a102a, //slt v0, t0, t2 + 0x10400004, //beq v0, zero, +5 + 0x25290004, //addiu t1, t1, $0004 + 0x28a20010, //slti v0, a1, $0010 + 0x5440fff7, //bnel v0, zero, -8 + 0x8ce30000, //lw v1, $0000(a3) + 0x24030006, //addiu v1, zero, $0006 + 0x0080202d, //daddu a0, a0, zero + 0x00a0282d, //daddu a1, a1, zero + 0x25660100, //addiu a2, t3, $0100 + 0x00c0302d, //daddu a2, a2, zero + 0x0000000c, //syscall (00000) + 0x03e00008, //jr ra + 0x00000000 //nop +}; + +/* 0x000820e8*/ +static void PatchOSDSYS(void){ + volatile unsigned int *ptr; + unsigned int i, size; + + FlushCache(0); + + //Copy the patch. + strcpy((char*)0x0028b9b0, "DVDv[[Nł܂łB"); //Don't know why they need to patch this as the original message is exactly the same. D: + //Originally, these lines made the OSD use osd110.elf instead. But since FMCB's v1.10 update only causes the v1.01 OSD to use osd130.elf, do the same thing here. The v1.20 update is the first update that doesn't require patching. + strcpy((char*)0x0028b770, "/BIEXEC-SYSTEM/osd130.elf"); + strcpy((char*)0x0028b790, "-x mc%d:/BIEXEC-SYSTEM/osd130.elf"); + strcpy((char*)0x0028b8a0, "osd130.elf"); + + *(volatile unsigned int*)0x00204ad0=((*(volatile unsigned int*)0x00204ad0)&0xFC000000)|0x0013c000; //jal 0x004f0000 + + size=sizeof(OSDSYS_patch); //It did a calculation on the size of the patch by subtracting the end from the start. + + for(i=0,ptr=(volatile unsigned int*)0x004f0000; i EE) + *DMA_REG_STAT=0x20; + while(*R_EE_SBUS_REG40&0x3000){}; + + for(i=0x1000; i>0; i--){}; + } +} + +/* 0x00082258 */ +static void SyncIOP(void){ + while((*R_EE_SBUS_SMFLAG&SIF_STAT_BOOTEND)==0){}; + *R_EE_SBUS_SMFLAG=SIF_STAT_BOOTEND; +} + +/* 0x00082298 */ +static void ResetIOP(void){ + SifIopReset("", 0); + while(!SifIopIsAlive()){}; + + SyncIOP(); +} + +/* 0x000822c8 */ +static void AckSIF0(void){ + if(*R_EE_SBUS_REG40&0x20){ + DI(); + ee_kmode_enter(); + + *(volatile unsigned int*)0xBD000040=0x20; + + ee_kmode_exit(); + EI(); + } + + if(*DMA_REG_STAT&0x20) + *DMA_REG_STAT=0x20; +} + +/* 0x00082368 + Returns NULL if the argument doesn't contain the specified switch, otherwise, returns the first character after the switch. +*/ +static const char *IsSwitchCheck(const char *SwitchString, const char *cmd){ + while(*SwitchString!='\0'){ + if(*SwitchString!=*cmd) return NULL; + SwitchString++; + cmd++; + } + + return cmd; +} + +/* 0x000823a8 */ +static void ExecExecutable(int argc, char *argv[]){ + FlushCache(0); + SifExitRpc(); //Original had SifExitCmd(); + + ExecPS2((void *)ElfData.epc, (void *)ElfData.gp, argc, argv); +} + +/* 0x00082400 */ +static void BootError(const char *path){ + char *argv[2]; + + SifExitRpc(); //Original had SifExitCmd(); + + argv[0]="BootError"; + argv[1]=(char*)path; + + ExecOSD(2, argv); +} + +/* 0x00082440 */ +int main(int argc, char *argv[]){ + const char *CommandString; + int i; + + if(argc>=2){ + argv++; + argc--; + SyncSIF0(); + ResetIOP(); + AckSIF0(); + + SifInitRpc(0); + + /* 0x000824b8 */ + if(IsSwitchCheck("moduleload", argv[0])!=NULL){ + argc--; + argv++; + + while(argc>0){ + if((CommandString=IsSwitchCheck("-m ", argv[0]))!=NULL){ + SifLoadModule(CommandString, 0, NULL); + } + else if((CommandString=IsSwitchCheck("-k ", argv[0]))!=NULL){ + SifLoadModuleEncrypted(CommandString, 0, NULL); + } + else if((CommandString=IsSwitchCheck("-x ", argv[0]))!=NULL){ + FlushCache(0); + if(SifLoadElfEncrypted(CommandString, &ElfData)<0){ + BootError(CommandString); + } + + argv[0]=(char*)CommandString; + ExecExecutable(argc, argv); + } + else break; + + argc--; + argv++; + } + } + + FlushCache(0); + if(SifLoadElf(argv[0], &ElfData)<0){ + BootError(argv[0]); + } + + if(IsSwitchCheck("rom0:OSDSYS", argv[0])!=NULL){ + PatchOSDSYS(); + } + + ExecExecutable(argc, argv); + } + + SyncIOP(); + SifInitRpc(0); + FlushCache(0); + for(i=0; i= 0) + break; + } + + PatchOSDSYS(); + ExecExecutable(1, &DefaultBootPaths[i]); + + return 0; +} diff --git a/kpatch/patch0100/EELOAD/Makefile b/kpatch/patch0100/EELOAD/Makefile new file mode 100644 index 0000000..cc05a7d --- /dev/null +++ b/kpatch/patch0100/EELOAD/Makefile @@ -0,0 +1,8 @@ +EE_BIN = EELOAD.elf +EE_OBJS = EELOAD.o + +CRT0_OBJ_S = ../../crt0-eeload.s +LINKFILE = ../../linkfile-eeload + +include $(PS2SDK)/Defs.make +include ../../Rules.eeload.make diff --git a/kpatch/patch0100/EELOAD/dvdplayer.txt b/kpatch/patch0100/EELOAD/dvdplayer.txt new file mode 100644 index 0000000..1108b24 --- /dev/null +++ b/kpatch/patch0100/EELOAD/dvdplayer.txt @@ -0,0 +1 @@ +DVDv[[Nł܂łB \ No newline at end of file diff --git a/kpatch/patch0100/Makefile b/kpatch/patch0100/Makefile new file mode 100644 index 0000000..1596ed3 --- /dev/null +++ b/kpatch/patch0100/Makefile @@ -0,0 +1,13 @@ +EE_BIN = osdsys.elf + +EE_OBJS = osdsys.o EELOAD_img.o + +include $(PS2SDK)/Defs.make +include ../Rules.patch.make + +clean: + rm -f EELOAD_img.c + +EELOAD_img.o: + bin2c EELOAD.img EELOAD_img.c EELOAD_img + $(EE_CC) $(EE_CFLAGS) $(EE_INCS) -c EELOAD_img.c -o EELOAD_img.o diff --git a/kpatch/patch0100/osdsys.c b/kpatch/patch0100/osdsys.c new file mode 100644 index 0000000..375744e --- /dev/null +++ b/kpatch/patch0100/osdsys.c @@ -0,0 +1,29 @@ +#include + +extern unsigned char EELOAD_img[]; +extern unsigned int size_EELOAD_img; + +void *_start(void){ + unsigned int i; + vu32 *start; + + DI(); + ee_kmode_enter(); + + for(i=0,start=(vu32*)0x80030000; i or <"moduleload"> + (Or if "moduleload" was specified as the first argument): + argv[1...n]= commands, where: + "-m " -> Loads a regular IOP module. + "-k " -> Loads an encrypted IOP module. + "-x " -> Loads and executes an encrypted EE program. + + (Strings remaining in the argv[] array are arguments that are to be passed to the loaded program) + + Other notes: If no arguments are specified, it loads rom0:OSDSYS. +*/ + +#include +#include +#include +#include +#include +#include +#include + +//0x00084080 +#define NUM_BOOT_PATHS 1 +static char *DefaultBootPaths[NUM_BOOT_PATHS+1]={"rom0:OSDSYS", NULL}; + +//0x00084088 +static t_ExecData ElfData; + +//0x000840a0 - the patch that solves the problem with the browser being unable to pass arguments to the update. +//The same as the v1.00 OSDSYS patch, except for the addresses. +static const unsigned int OSDSYS_patch[]={ + 0x18a0000a, //blez a1, +11 + 0x3c0b004f, //lui t3, $004f + 0x25670100, //addiu a3, t3, $0100 + 0x00a0402d, //daddu t0, a1, zero + 0x8cc20000, //lw v0, $0000(a2) + 0x2508ffff, //addiu t0, t0, $ffff + 0x24c60004, //addiu a2, a2, $0004 + 0xace20000, //sw v0, $0000(a3) + 0x00000000, //nop + 0x1500fffa, //bne t0, zero, -5 + 0x24e70004, //addiu a3, a3, $0004 + 0x3c0a0029, //lui t2, $0029 + 0x8d4ad800, //lw t2, $d800(t2) + 0x24080001, //addiu t0, zero, $0001 + 0x010a102a, //slt v0, t0, t2 + 0x10400014, //beq v0, zero, +21 + 0x28a20010, //slti v0, a1, $0010 + 0x10400012, //beq v0, zero, +19 + 0x3c02004f, //lui v0, $004f + 0x00051880, //sll v1, a1, 2 + 0x24420100, //addiu v0, v0, $0100 + 0x3c070028, //lui a3, $0028 + 0x00624821, //addu t1, v1, v0 + 0x34e7d808, //ori a3, a3, $d808 + 0x8ce30000, //lw v1, $0000(a3) + 0x00000000, //nop + 0x25080001, //addiu t0, t0, $0001 + 0x24e70004, //addiu a3, a3, $0004 + 0x24a50001, //addiu a1, a1, $0001 + 0xad230000, //sw v1, $0000(t1) + 0x010a102a, //slt v0, t0, t2 + 0x10400004, //beq v0, zero, +5 + 0x25290004, //addiu t1, t1, $0004 + 0x28a20010, //slti v0, a1, $0010 + 0x5440fff7, //bnel v0, zero, -8 + 0x8ce30000, //lw v1, $0000(a3) + 0x24030006, //add iu v1, zero, $0006 + 0x0080202d, //daddu a0, a0, zero + 0x00a0282d, //daddu a1, a1, zero + 0x25660100, //addiu a2, t3, $0100 + 0x00c0302d, //daddu a2, a2, zero + 0x0000000c, //syscall (00000) + 0x03e00008, //jr ra + 0x00000000 //nop +}; + +/* 0x000820e8 */ +static void PatchOSDSYS(void){ + volatile unsigned int *ptr; + unsigned int i, size; + + FlushCache(0); + + //These lines weren't originally here, but I would like the kernel to use the update for v1.20 instead to save space (Since it's the first update that doesn't involve kernel patching). + strcpy((char*)0x0028bd00, "/BIEXEC-SYSTEM/osd130.elf"); + strcpy((char*)0x0028bca8, "-x mc0:/BIEXEC-SYSTEM/osd130.elf"); + strcpy((char*)0x0028be08, "osd130.elf"); + + //Copy the patch. + *(volatile unsigned int*)0x00204b28=((*(volatile unsigned int*)0x00204b28)&0xFC000000)|0x0013c000; //jal 0x004f0000 + + size=sizeof(OSDSYS_patch); //It did a calculation on the size of the patch by subtracting the end from the start. + + for(i=0,ptr=(volatile unsigned int*)0x004f0000; i EE) + *DMA_REG_STAT=0x20; + while(*R_EE_SBUS_REG40&0x3000){}; + + for(i=0x1000; i>0; i--){}; + } +} + +/* 0x00082208 */ +static void SyncIOP(void){ + while((*R_EE_SBUS_SMFLAG&SIF_STAT_BOOTEND)==0){}; + *R_EE_SBUS_SMFLAG=SIF_STAT_BOOTEND; +} + +/* 0x00082248 */ +static void ResetIOP(void){ + SifIopReset("", 0); + while(!SifIopIsAlive()){}; + + SyncIOP(); +} + +/* 0x00082278 */ +static void AckSIF0(void){ + if(*R_EE_SBUS_REG40&0x20){ + DI(); + ee_kmode_enter(); + + *(volatile unsigned int*)0xBD000040=0x20; + + ee_kmode_exit(); + EI(); + } + + if(*DMA_REG_STAT&0x20) + *DMA_REG_STAT=0x20; +} + +/* 0x00082300 + Returns NULL if the argument doesn't contain the specified switch, otherwise, returns the first character after the switch. +*/ +static const char *IsSwitchCheck(const char *SwitchString, const char *cmd){ + while(*SwitchString!='\0'){ + if(*SwitchString!=*cmd) return NULL; + SwitchString++; + cmd++; + } + + return cmd; +} + +/* 0x00082340 */ +static void ExecExecutable(int argc, char *argv[]){ + FlushCache(0); + SifExitRpc(); //Original had SifExitCmd(); + + ExecPS2((void *)ElfData.epc, (void *)ElfData.gp, argc, argv); +} + +/* 0x00082398 */ +static void BootError(const char *path){ + char *argv[2]; + + SifExitRpc(); //Original had SifExitCmd(); + + argv[0]="BootError"; + argv[1]=(char*)path; + + ExecOSD(2, argv); +} + +//0x000823d8 +int main(int argc, char *argv[]){ + const char *CommandString; + int i; + + if(argc>=2){ + argv++; + argc--; + SyncSIF0(); + ResetIOP(); + AckSIF0(); + + SifInitRpc(0); + + if(IsSwitchCheck("moduleload", argv[0])!=NULL){ + argc--; + argv++; + + while(argc>0){ + if((CommandString=IsSwitchCheck("-m ", argv[0]))!=NULL){ + SifLoadModule(CommandString, 0, NULL); + } + else if((CommandString=IsSwitchCheck("-k ", argv[0]))!=NULL){ + SifLoadModuleEncrypted(CommandString, 0, NULL); + } + else if((CommandString=IsSwitchCheck("-x ", argv[0]))!=NULL){ + FlushCache(0); + if(SifLoadElfEncrypted(CommandString, &ElfData)<0){ + BootError(CommandString); + } + + argv[0]=(char*)CommandString; + ExecExecutable(argc, argv); + } + else break; + + argc--; + argv++; + } + } + + FlushCache(0); + if(SifLoadElf(argv[0], &ElfData)<0){ + BootError(argv[0]); + } + + if(IsSwitchCheck("rom0:OSDSYS", argv[0])!=NULL){ + PatchOSDSYS(); + } + + ExecExecutable(argc, argv); + } + + SyncIOP(); + SifInitRpc(0); + FlushCache(0); + for(i=0; i= 0) + break; + } + + PatchOSDSYS(); + ExecExecutable(1, &DefaultBootPaths[i]); + + return 0; +} diff --git a/kpatch/patch0101/EELOAD/Makefile b/kpatch/patch0101/EELOAD/Makefile new file mode 100644 index 0000000..cc05a7d --- /dev/null +++ b/kpatch/patch0101/EELOAD/Makefile @@ -0,0 +1,8 @@ +EE_BIN = EELOAD.elf +EE_OBJS = EELOAD.o + +CRT0_OBJ_S = ../../crt0-eeload.s +LINKFILE = ../../linkfile-eeload + +include $(PS2SDK)/Defs.make +include ../../Rules.eeload.make diff --git a/kpatch/patch0101/Makefile b/kpatch/patch0101/Makefile new file mode 100644 index 0000000..b7d2a20 --- /dev/null +++ b/kpatch/patch0101/Makefile @@ -0,0 +1,13 @@ +EE_BIN = osd110.elf + +EE_OBJS = osdsys.o EELOAD_img.o + +include $(PS2SDK)/Defs.make +include ../Rules.patch.make + +clean: + rm -f EELOAD_img.c + +EELOAD_img.o: + bin2c EELOAD.img EELOAD_img.c EELOAD_img + $(EE_CC) $(EE_CFLAGS) $(EE_INCS) -c EELOAD_img.c -o EELOAD_img.o diff --git a/kpatch/patch0101/osdsys.c b/kpatch/patch0101/osdsys.c new file mode 100644 index 0000000..375744e --- /dev/null +++ b/kpatch/patch0101/osdsys.c @@ -0,0 +1,29 @@ +#include + +extern unsigned char EELOAD_img[]; +extern unsigned int size_EELOAD_img; + +void *_start(void){ + unsigned int i; + vu32 *start; + + DI(); + ee_kmode_enter(); + + for(i=0,start=(vu32*)0x80030000; i