Added 9.05 Support

Author: EchoStretch

prosper0gdb/offsets.c

@@ -2597,6 +2597,100 @@ DEF(lapic_map, 0x27af838)
 #include "offset_list.txt"
 END_FW()
 
+START_FW(905)
+DEF(allproc, 0x2755d50)
+DEF(idt, 0x2d94300)
+DEF(gdt_array, 0x2d955e0)
+DEF(tss_array, 0x2d96fe0)
+DEF(pcpu_array, 0x2da8f00)
+DEF(doreti_iret, -0xa52e93)
+DEF(add_rsp_iret, doreti_iret - 7)
+DEF(swapgs_add_rsp_iret, doreti_iret - 10)
+DEF(rep_movsb_pop_rbp_ret, -0xa167e6)
+DEF(rdmsr_start, -0xa545ca)
+DEF(wrmsr_ret, -0xa5599c)
+DEF(nop_ret, wrmsr_ret + 2)
+DEF(dr2gpr_start, -0xa59fd3)
+DEF(gpr2dr_1_start, -0xa59eba)
+DEF(gpr2dr_2_start, -0xa59dc7)
+DEF(mov_cr3_rax_mov_ds, -0xa59a29)
+DEF(mov_rax_cr3, -0x3C660F)
+DEF(cpu_switch, -0xa5a1c0)
+DEF(mprotect_fix_start, -0x98e1a3)
+DEF(mprotect_fix_end, mprotect_fix_start+6)
+
+DEF(mmap_self_fix_1_start, 0x0)
+DEF(mmap_self_fix_1_end, mmap_self_fix_1_start+2)
+DEF(mmap_self_fix_2_start, 0x0)
+DEF(mmap_self_fix_2_end, mmap_self_fix_2_start+2)
+
+DEF(aslr_fix_start, -0x8D9064)
+DEF(aslr_fix_end, aslr_fix_start+2)
+
+DEF(sigaction_fix_start, -0x72b4b0)
+DEF(sigaction_fix_end, -0x72b491)
+DEF(sysents, 0x1aac10)
+DEF(sysents_ps4, 0x1a2600)
+DEF(sysentvec, 0xdba648)
+DEF(sysentvec_ps4, 0xdba7c0)
+DEF(sceSblServiceMailbox, -0x6e7a10)
+DEF(sceSblAuthMgrSmIsLoadable2, -0x928ce0)
+DEF(mdbg_call_fix, -0x68A549)
+DEF(syscall_before, -0x87e2b1)
+DEF(syscall_after, -0x87e28d)
+DEF(malloc, -0xbcfa0)
+DEF(M_something, 0x14070d0)
+DEF(loadSelfSegment_epilogue, -0x928551) 
+DEF(loadSelfSegment_watchpoint, -0x2F9228) //?????
+DEF(loadSelfSegment_watchpoint_lr,  -0x928827)
+DEF(decryptSelfBlock_watchpoint_lr, -0x9284BE)
+DEF(decryptSelfBlock_epilogue, -0x928400) 
+//DEF(decryptMultipleSelfBlocks_watchpoint_lr, -0x92FF81) //403
+DEF(decryptMultipleSelfBlocks_watchpoint_lr, -0x927D88) //505
+DEF(decryptMultipleSelfBlocks_epilogue, -0x927B57)
+DEF(sceSblServiceMailbox_lr_verifyHeader, -0x9289c7)
+DEF(sceSblServiceMailbox_lr_loadSelfSegment, -0x928653)
+DEF(sceSblServiceMailbox_lr_decryptSelfBlock, -0x92809d)
+DEF(sceSblServiceMailbox_lr_decryptMultipleSelfBlocks, -0x9278B3) 
+DEF(sceSblServiceMailbox_lr_sceSblAuthMgrSmFinalize, -0x928d58)
+DEF(sceSblServiceMailbox_lr_verifySuperBlock, -0x9CF350)
+DEF(sceSblServiceMailbox_lr_sceSblPfsClearKey_1, -0x9CF8D1)
+DEF(sceSblServiceMailbox_lr_sceSblPfsClearKey_2, -0x9CF865)
+DEF(sceSblServiceMailbox_lr_npdrm_cmd_5, -0x34AA73)
+DEF(sceSblServiceMailbox_lr_npdrm_cmd_6, -0x34A845)
+//DEF(sceSblPfsSetKeys, -0x9D5930) //403
+DEF(sceSblPfsSetKeys, -0x9D0440)
+DEF(sceSblServiceCryptAsync, -0x970020)
+DEF(sceSblServiceCryptAsync_deref_singleton, -0x96FFE3)
+DEF(copyin, -0xa170b0)
+DEF(copyout, -0xa17160)
+DEF(crypt_message_resolve, -0x4AEFB0) //0x4AF100)
+DEF(justreturn, -0xa530c0)
+DEF(justreturn_pop, justreturn+8)
+DEF(mini_syscore_header, 0xe89518)
+DEF(pop_all_iret, -0xa52ef2)
+DEF(pop_all_except_rdi_iret, pop_all_iret+4)
+DEF(push_pop_all_iret, -0x9f5078)
+DEF(kernel_pmap_store, 0x2d28b78)
+DEF(crypt_singleton_array, 0x2c6da30)
+DEF(security_flags, 0xD73064)
+DEF(targetid, 0xD7306D)
+DEF(qa_flags, 0xD73088)
+DEF(utoken, 0xD730F0)
+DEF(mov_rax_cr0, -0xa5a121)
+DEF(mov_cr0_rax, -0xa5a11c)
+DEF(mov_rdi_cr2, -0xa5634a)
+DEF(lgdt_rdi, -0xa169c0)
+DEF(lidt_lldt, -0xa59971)
+DEF(ltr_ax, -0xa5994f)
+DEF(kproc_shutdown, -0x9f20b8))
+DEF(s_shutdown_final, 0x36B132)
+DEF(eventhandler_register, -0x55E8B0) 
+DEF(strlen_trap, -0x47D938) //47da88)
+DEF(lapic_map, 0x27af838)
+#include "offset_list.txt"
+END_FW()
+
 START_FW(920)
 DEF(allproc, 0x2755d50)
 DEF(idt, 0x2d94300)
@@ -2910,7 +3004,7 @@ DEF(aslr_fix_start, -0x8F033D)
 DEF(aslr_fix_end, aslr_fix_start+2)
 
 DEF(sigaction_fix_start, -0x73d979) 
-DEF(sigaction_fix_end, -0x73d94d) 
+DEF(sigaction_fix_end, -0x73D959) 
 DEF(sysents, 0x1ad100) 
 DEF(sysents_ps4, 0x1a4bb0) 
 DEF(sysentvec, 0xdba6d8) 
@@ -3003,7 +3097,7 @@ DEF(aslr_fix_start, -0x8F033D)
 DEF(aslr_fix_end, aslr_fix_start+2)
 
 DEF(sigaction_fix_start, -0x73d979) 
-DEF(sigaction_fix_end, -0x73d94d) 
+DEF(sigaction_fix_end, -0x73D959) 
 DEF(sysents, 0x1ad100) 
 DEF(sysents_ps4, 0x1a4bb0) 
 DEF(sysentvec, 0xdba6d8) 
@@ -3020,7 +3114,8 @@ DEF(loadSelfSegment_watchpoint, -0x2FC6A7)
 DEF(loadSelfSegment_watchpoint_lr, -0x940CA7) 
 DEF(decryptSelfBlock_watchpoint_lr, -0x94093E) 
 DEF(decryptSelfBlock_epilogue, -0x9408DB) 
-DEF(decryptMultipleSelfBlocks_watchpoint_lr, -0x940209)
+//DEF(decryptMultipleSelfBlocks_watchpoint_lr, -0x940209)
+DEF(decryptMultipleSelfBlocks_watchpoint_lr, -0x940214)
 DEF(decryptMultipleSelfBlocks_epilogue, -0x93FFEF) 
 DEF(sceSblServiceMailbox_lr_verifyHeader, -0x940e47) 
 DEF(sceSblServiceMailbox_lr_loadSelfSegment, -0x940ad4) 
@@ -3100,6 +3195,7 @@ int set_offsets(void)
     case 0x840: set_offsets_840(); break;
     case 0x860: set_offsets_860(); break;
     case 0x900: set_offsets_900(); break;
+    case 0x905: set_offsets_905(); break;
     case 0x920: set_offsets_920(); break;
     case 0x940: set_offsets_940(); break;
     case 0x960: set_offsets_960(); break;

ps5-kstuff/main.c

@@ -1278,6 +1278,39 @@ static struct shellcore_patch shellcore_patches_900[] = {
     {0x6F6E40, "\x48\x31\xc0\xc3", 4}, // PKG Installer
 };
 
+static struct shellcore_patch shellcore_patches_905[] = {
+    {0xC0F813, "\x52\xeb\xe2", 3}, //push rdx; jmp 0xC0F7F8
+    {0xC0F7F8, "\xe8\xe3\xf8\xff\xff\x58\xc3", 7}, //call 0xC0F0E0; pop rax; ret
+    {0xC0F0C6, "\xe9\x06\x00\x00\x00", 5},  // jmp 0xC0F0D1
+    {0xC0F0D1, "\x31\xc0\x50\xe8\x07\x00\x00\x00\x58\xc3", 10}, //xor eax, eax; push rax; call 0xC0F0E0; pop rax; ret
+    {0x6F1C08, "\xeb\x04", 2},
+    {0x30E1CF, "\xeb\x04", 2},
+    {0x30E59F, "\xeb\x04", 2},
+    {0x7118CB, "\xeb", 1},
+    {0x6FA165, "\x90\xe9", 2},
+    {0x712035, "\xeb", 1},
+    {0x71401F, "\x61\x01\x00\x00", 4}, // 0x714184
+    {0x209DD1, "\xe8\x0a\x05\x60\x00\x31\xc9\xff\xc1\xe9\x84\x03\x00\x00", 14}, // call 0x80A2E0; xor ecx; inc ecx; jmp 0x20A163
+    {0x20A163, "\x83\xf8\x02\x0f\x43\xc1\xe9\x01\xf4\xff\xff", 11},// cmp eax, 2; cmovae eax, ecx; jmp 0x20956F
+    {0x209371, "\xe9\x5b\x0a\x00\x00", 5}, // jmp 0x209DD1
+
+	{0x734300, "\xC3", 1}, // callback to sceRifManagerRegisterActivationCallback
+
+    {0x16A4690, "\x31\xc0\xc3", 3}, // VR2 Min Fw Check
+    {0xA8EA86, "\xeb\x03", 2}, // disable game error message
+    {0x3068EB, "\x90\xe9", 2}, // PS4 Disc Installer Patch 1
+    {0x306969, "\x90\xe9", 2}, // PS5 Disc Installer Patch 1
+    {0x306A6C, "\xeb", 1}, // PS4 PKG Installer Patch 1
+    {0x306B40, "\xeb", 1}, // PS5 PKG Installer Patch 1
+    {0x306F46, "\x90\xe9", 2}, // PS4 PKG Installer Patch 2
+    {0x3070ED, "\xeb", 1}, // PS5 PKG Installer Patch 2
+    {0x3074AE, "\x90\xe9", 2}, // PS4 PKG Installer Patch 3
+    {0x307541, "\x90\xe9", 2}, // PS5 PKG Installer Patch 3
+    {0x6F088A, "\xeb", 1}, // PS4 PKG Installer Patch 4
+    {0x6F37C4, "\xeb", 1}, // PS5 PKG Installer Patch 4
+    {0x6F6E40, "\x48\x31\xc0\xc3", 4}, // PKG Installer
+};
+
 static struct shellcore_patch shellcore_patches_920[] = {
     {0xC0F553, "\x52\xeb\xe2", 3}, //push rdx; jmp 0xC0F538
     {0xC0F538, "\xe8\xe3\xf8\xff\xff\x58\xc3", 7}, //call 0xC0EE20; pop rax; ret
@@ -1535,6 +1568,7 @@ static const struct shellcore_patch* get_shellcore_patches(size_t* n_patches)
     FW(840);
     FW(860);
     FW(900);
+    FW(905);
     FW(920);
     FW(940);
     FW(960);
@@ -2275,6 +2309,31 @@ static struct PARASITES(14) parasites_900 = {
     }
 };
 
+static struct PARASITES(14) parasites_905 = {
+    .lim_syscall = 3,
+    .lim_fself = 12,
+    .lim_total = 14,
+    .parasites = {
+        /* syscall parasites */
+        {-0x87E7BE, R13},
+        {-0x3BC12C, RSI},
+        {-0x3BC0EC, RSI},
+        /* fself parasites */
+        {-0x2F8DE6, RAX},
+        {-0x2F9938, RAX},
+        {-0x2F9800, RAX},
+        {-0x2F956B, RAX},
+        {-0x2F929D, RAX},
+        {-0x2F8F66, RAX},
+        {-0x2F8F5A, RAX},
+        {-0xA1730C, RDI},
+        {-0x2F93D7, RAX},
+        /* unsorted parasites */
+        {-0x4AECBF, RAX},
+        {-0x4AECBF, R15},
+    }
+};
+
 static struct PARASITES(14) parasites_920 = {
     .lim_syscall = 3,
     .lim_fself = 12,
@@ -2491,6 +2550,9 @@ static struct parasite_desc* get_parasites(size_t* desc_size)
     case 0x900:
         *desc_size = sizeof(parasites_900);
         return (void*)&parasites_900;
+    case 0x905:
+        *desc_size = sizeof(parasites_905);
+        return (void*)&parasites_905;
     case 0x920:
         *desc_size = sizeof(parasites_920);
         return (void*)&parasites_920;