5.05 support

app/app/main.c

@@ -14,7 +14,6 @@ void daemon_thread(void);
 int my_popen(void** buf, size_t* sz, int argc, ...);
 
 int ldr_main(int argc, const char** argv);
-pid_t my_fork(int, int, int, int*);
 
 char* error_string(void*, size_t);
 char** list_networks(int*);
@@ -37,7 +36,7 @@ int is_sw_version_supported(void)
     OrbisKernelSwVersion sw_ver;
     sceKernelGetSystemSwVersion(&sw_ver);
     int ver = sw_ver.i_version >> 16;
-    return ver == 0x672 || ver == 0x702 || (ver >= 0x750 && ver <= 0x755);
+    return ver == 0x505 || ver == 0x672 || ver == 0x702 || (ver >= 0x750 && ver <= 0x755);
 }
 
 int main(int argc, const char** argv)

tun/Makefile

@@ -18,7 +18,7 @@ blob-ps4-%.elf: main.c crt-ps4-%.o
 blob-ps4-%.bin: blob-ps4-%.elf
 	objcopy blob-ps4-$*.elf --only-section .text --only-section .data --only-section .bss --only-section .rodata -O binary blob-ps4-$*.bin
 
-tunldr.o: tunldr.c blob-ps4-672.bin blob-ps4-672.elf blob-ps4-702.bin blob-ps4-702.elf blob-ps4-755.bin blob-ps4-755.elf
+tunldr.o: tunldr.c blob-ps4-505.bin blob-ps4-505.elf blob-ps4-672.bin blob-ps4-672.elf blob-ps4-702.bin blob-ps4-702.elf blob-ps4-755.bin blob-ps4-755.elf
 	gcc tunldr.c -ffreestanding -c -o tunldr.o -fPIE
 
 clean:

tun/crt-ps4-505.asm

@@ -0,0 +1,236 @@
+section .text
+use64
+
+extern main
+
+global _start
+_start:
+mov rcx, 0xc0000082
+rdmsr
+shl rax, 32
+shr rax, 32
+shl rdx, 32
+or rax, rdx
+sub rax, 0x1c0
+mov [rel kernel_base], rax
+jmp main
+
+kernel_base:
+dq 0
+
+global printf
+printf:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x436040]
+jmp r11
+
+global if_alloc
+if_alloc:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x206150]
+jmp r11
+
+global if_initname
+if_initname:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x20b3e0]
+jmp r11
+
+global if_attach
+if_attach:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x2069c0]
+jmp r11
+
+global m_pullup
+m_pullup:
+mov r11, [rel kernel_base]
+lea r11, [r11+0xca100]
+jmp r11
+
+global m_freem
+m_freem:
+mov r11, [rel kernel_base]
+lea r11, [r11+0xc8280]
+jmp r11
+
+global m_length
+m_length:
+mov r11, [rel kernel_base]
+lea r11, [r11+0xcb0b0]
+jmp r11
+
+global netisr_queue
+netisr_queue:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x9e9a0]
+jmp r11
+
+global m_devget
+m_devget:
+mov r11, [rel kernel_base]
+lea r11, [r11+0xca8d0]
+jmp r11
+
+global malloc
+malloc:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x10e250]
+jmp r11
+
+global socreate
+socreate:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x162840]
+jmp r11
+
+global sosend
+sosend:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x164490]
+jmp r11
+
+global soconnect2
+soconnect2:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x163ac0]
+jmp r11
+
+global if_detach
+if_detach:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x2070d0]
+jmp r11
+
+global if_free
+if_free:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x206810] ; actually if_free_type, type argument ignored
+jmp r11
+
+global soclose
+soclose:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x163570]
+jmp r11
+
+global free
+free:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x10e460]
+jmp r11
+
+global make_dev_p
+make_dev_p:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x1b9810]
+jmp r11
+
+global devfs_get_cdevpriv
+devfs_get_cdevpriv:
+mov r11, [rel kernel_base]
+lea r11, [r11+0xb0590]
+jmp r11
+
+global soreceive
+soreceive:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x1660f0]
+jmp r11
+
+global devfs_set_cdevpriv
+devfs_set_cdevpriv:
+mov r11, [rel kernel_base]
+lea r11, [r11+0xb05d0]
+jmp r11
+
+global uiomove
+uiomove:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x2a7d20]
+jmp r11
+
+global if_down
+if_down:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x208be0]
+jmp r11
+
+global mtx_init
+mtx_init:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x402780]
+jmp r11
+
+global mtx_destroy
+mtx_destroy:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x4027f0]
+jmp r11
+
+global _mtx_lock_sleep
+_mtx_lock_sleep:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x401d70]
+jmp r11
+
+global _mtx_unlock_sleep
+_mtx_unlock_sleep:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x4020a0]
+jmp r11
+
+global soshutdown
+soshutdown:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x166110]
+jmp r11
+
+global m_copydata
+m_copydata:
+mov r11, [rel kernel_base]
+lea r11, [r11+0xc9bd0]
+jmp r11
+
+global sopoll
+sopoll:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x1680d0]
+jmp r11
+
+global copyin
+copyin:
+mov r11, [rel kernel_base]
+lea r11, [r11+0x1ea710]
+jmp r11
+
+global m_dup
+m_dup:
+mov r11, [rel kernel_base]
+lea r11, [r11+0xc9c50]
+jmp r11
+
+global get_M_TEMP
+get_M_TEMP:
+mov rax, [rel kernel_base]
+add rax, 0x14b4110
+ret 
+
+global get_sysent
+get_sysent:
+mov rax, [rel kernel_base]
+add rax, 0x107c610
+ret
+
+global get_curthread
+get_curthread:
+mov rax, [fs:0]
+ret
+
+global get_udp_usrreqs
+get_udp_usrreqs:
+mov rax, [rel kernel_base]
+add rax, 0x19c2798
+ret
+
+; ...

tun/tunldr.c

@@ -1,10 +1,13 @@
 asm("kexec:\nmov $11, %rax\nmov %rcx, %r10\nsyscall\nret");
 void kexec(void* fn, int ver);
 
+asm("blob_505:\n.incbin \"blob-ps4-505.bin\"\nblob_505_end:");
 asm("blob_672:\n.incbin \"blob-ps4-672.bin\"\nblob_672_end:");
 asm("blob_702:\n.incbin \"blob-ps4-702.bin\"\nblob_702_end:");
 asm("blob_755:\n.incbin \"blob-ps4-755.bin\"\nblob_755_end:");
 
+extern char blob_505[];
+extern char blob_505_end[];
 extern char blob_672[];
 extern char blob_672_end[];
 extern char blob_702[];
@@ -33,7 +36,16 @@ static void load_start_module(void* td, struct uap* uap)
     int(*copyin)(const void*, void*, unsigned long long);
     char* blob;
     char* blob_end;
-    if(uap->arg == 0x672)
+    if(uap->arg == 0x505)
+    {
+        // 5.05 offsets
+        kernel_map = *(unsigned long long*)(kernel_map + 0x1ac60e0);
+        kmem_alloc = (void*)(kernel_base + 0xfcc80);
+        copyin = (void*)(kernel_base + 0x1ea710);
+        blob = blob_505;
+        blob_end = blob_505_end;
+    }
+    else if(uap->arg == 0x672)
     {
         // 6.72 offsets
         kernel_map = *(unsigned long long*)(kernel_base + 0x220dfc0);