Added 10.0x Offsets ( Not Working )

Author: EchoStretch

prosper0gdb/offsets.c

@@ -2879,6 +2879,192 @@ DEF(lapic_map, 0x27af838)
 #include "offset_list.txt"
 END_FW()
 
+START_FW(1000)
+DEF(allproc, 0x2765d70) 
+DEF(idt, 0x2d5c300) 
+DEF(gdt_array, 0x2d5d5e0) 
+DEF(tss_array, 0x2d5efe0) 
+DEF(pcpu_array, 0x2d70f00) 
+DEF(doreti_iret, -0xa6eb13) 
+DEF(add_rsp_iret, doreti_iret - 7)
+DEF(swapgs_add_rsp_iret, doreti_iret - 10)
+DEF(rep_movsb_pop_rbp_ret, -0xa32466) 
+DEF(rdmsr_start, -0xa7024a) 
+DEF(wrmsr_ret, -0xa7161c) 
+DEF(nop_ret, wrmsr_ret + 2)
+DEF(dr2gpr_start, -0xa75c53) 
+DEF(gpr2dr_1_start, -0xa75b3a) 
+DEF(gpr2dr_2_start, -0xa75a47) 
+DEF(mov_cr3_rax_mov_ds, -0xa756a9) 
+DEF(mov_rax_cr3, -0x3C9A2F) 
+DEF(cpu_switch, -0xa75e40) 
+DEF(mprotect_fix_start, -0x9a8293) 
+DEF(mprotect_fix_end, mprotect_fix_start+6)
+
+DEF(mmap_self_fix_1_start, 0x0)
+DEF(mmap_self_fix_1_end, mmap_self_fix_1_start+2)
+DEF(mmap_self_fix_2_start, 0x0)
+DEF(mmap_self_fix_2_end, mmap_self_fix_2_start+2)
+
+DEF(aslr_fix_start, -0x8F033D) 
+DEF(aslr_fix_end, aslr_fix_start+2)
+
+DEF(sigaction_fix_start, -0x73d979) 
+DEF(sigaction_fix_end, -0x73d94d) 
+DEF(sysents, 0x1ad100) 
+DEF(sysents_ps4, 0x1a4bb0) 
+DEF(sysentvec, 0xdba6d8) 
+DEF(sysentvec_ps4, 0xdba850) 
+DEF(sceSblServiceMailbox, -0x6f8b10) 
+DEF(sceSblAuthMgrSmIsLoadable2, -0x941160) 
+DEF(mdbg_call_fix, -0x6995e9) 
+DEF(syscall_before, -0x893e21) 
+DEF(syscall_after, -0x893ded) 
+DEF(malloc, -0xbb850) 
+DEF(M_something, 0x1407470) 
+DEF(loadSelfSegment_epilogue, -0x940A67) 
+DEF(loadSelfSegment_watchpoint, -0x2FC6A7) 
+DEF(loadSelfSegment_watchpoint_lr, -0x940CA7) 
+DEF(decryptSelfBlock_watchpoint_lr, -0x94093E) 
+DEF(decryptSelfBlock_epilogue, -0x9408DB) 
+DEF(decryptMultipleSelfBlocks_watchpoint_lr, -0x940209)
+DEF(decryptMultipleSelfBlocks_epilogue, -0x93FFEF) 
+DEF(sceSblServiceMailbox_lr_verifyHeader, -0x940e47) 
+DEF(sceSblServiceMailbox_lr_loadSelfSegment, -0x940ad4) 
+DEF(sceSblServiceMailbox_lr_decryptSelfBlock, -0x94051d) 
+DEF(sceSblServiceMailbox_lr_decryptMultipleSelfBlocks, -0x93FD52) 
+DEF(sceSblServiceMailbox_lr_sceSblAuthMgrSmFinalize, -0x9411d8) 
+DEF(sceSblServiceMailbox_lr_verifySuperBlock, -0x9EA679) 
+DEF(sceSblServiceMailbox_lr_sceSblPfsClearKey_1, -0x9EACF2)
+DEF(sceSblServiceMailbox_lr_sceSblPfsClearKey_2, -0x9EAC8D)
+DEF(sceSblServiceMailbox_lr_npdrm_cmd_5, -0x34D98A) 
+DEF(sceSblServiceMailbox_lr_npdrm_cmd_6, -0x34D755) 
+//DEF(sceSblPfsSetKeys, -0x9EA920) //403
+DEF(sceSblPfsSetKeys, -0x9EB870) //505
+DEF(sceSblServiceCryptAsync, -0x98A590) 
+DEF(sceSblServiceCryptAsync_deref_singleton, -0x98A556) 
+DEF(copyin, -0xa32d30) 
+DEF(copyout, -0xa32de0) 
+DEF(crypt_message_resolve, -0x4B5A50) 
+DEF(justreturn, -0xa6ed40) 
+DEF(justreturn_pop, justreturn+8)
+DEF(mini_syscore_header, 0xe896d8) 
+DEF(pop_all_iret, -0xa6eb72) 
+DEF(pop_all_except_rdi_iret, pop_all_iret+4)
+DEF(push_pop_all_iret, -0xa106b8) 
+DEF(kernel_pmap_store, 0x2cf0ef8) 
+DEF(crypt_singleton_array, 0x2c35d70) 
+DEF(security_flags, 0xD79064)
+DEF(targetid, 0xD7906D)
+DEF(qa_flags, 0xD79088)
+DEF(utoken, 0xD790F0)
+DEF(mov_rax_cr0, -0xa75da1) 
+DEF(mov_cr0_rax, -0xa75d9c) 
+DEF(mov_rdi_cr2, -0xa71fca) 
+DEF(lgdt_rdi, -0xa32640) 
+DEF(lidt_lldt, -0xa755f1) 
+DEF(ltr_ax, -0xa755cf) 
+DEF(kproc_shutdown, -0xa0d090) 
+DEF(s_shutdown_final, 0x36dc89) 
+DEF(eventhandler_register, -0x568300) 
+DEF(strlen_trap, -0x483f88) 
+DEF(lapic_map, 0x27bf858) 
+#include "offset_list.txt"
+END_FW()
+
+START_FW(1001)
+DEF(allproc, 0x2765d70) 
+DEF(idt, 0x2d5c300) 
+DEF(gdt_array, 0x2d5d5e0) 
+DEF(tss_array, 0x2d5efe0) 
+DEF(pcpu_array, 0x2d70f00) 
+DEF(doreti_iret, -0xa6eb13) 
+DEF(add_rsp_iret, doreti_iret - 7)
+DEF(swapgs_add_rsp_iret, doreti_iret - 10)
+DEF(rep_movsb_pop_rbp_ret, -0xa32466) 
+DEF(rdmsr_start, -0xa7024a) 
+DEF(wrmsr_ret, -0xa7161c) 
+DEF(nop_ret, wrmsr_ret + 2)
+DEF(dr2gpr_start, -0xa75c53) 
+DEF(gpr2dr_1_start, -0xa75b3a) 
+DEF(gpr2dr_2_start, -0xa75a47) 
+DEF(mov_cr3_rax_mov_ds, -0xa756a9) 
+DEF(mov_rax_cr3, -0x3C9A2F) 
+DEF(cpu_switch, -0xa75e40) 
+DEF(mprotect_fix_start, -0x9a8293) 
+DEF(mprotect_fix_end, mprotect_fix_start+6)
+
+DEF(mmap_self_fix_1_start, 0x0)
+DEF(mmap_self_fix_1_end, mmap_self_fix_1_start+2)
+DEF(mmap_self_fix_2_start, 0x0)
+DEF(mmap_self_fix_2_end, mmap_self_fix_2_start+2)
+
+DEF(aslr_fix_start, -0x8F033D) 
+DEF(aslr_fix_end, aslr_fix_start+2)
+
+DEF(sigaction_fix_start, -0x73d979) 
+DEF(sigaction_fix_end, -0x73d94d) 
+DEF(sysents, 0x1ad100) 
+DEF(sysents_ps4, 0x1a4bb0) 
+DEF(sysentvec, 0xdba6d8) 
+DEF(sysentvec_ps4, 0xdba850) 
+DEF(sceSblServiceMailbox, -0x6f8b10) 
+DEF(sceSblAuthMgrSmIsLoadable2, -0x941160) 
+DEF(mdbg_call_fix, -0x6995e9) 
+DEF(syscall_before, -0x893e21) 
+DEF(syscall_after, -0x893ded) 
+DEF(malloc, -0xbb850) 
+DEF(M_something, 0x1407470) 
+DEF(loadSelfSegment_epilogue, -0x940A67) 
+DEF(loadSelfSegment_watchpoint, -0x2FC6A7) 
+DEF(loadSelfSegment_watchpoint_lr, -0x940CA7) 
+DEF(decryptSelfBlock_watchpoint_lr, -0x94093E) 
+DEF(decryptSelfBlock_epilogue, -0x9408DB) 
+DEF(decryptMultipleSelfBlocks_watchpoint_lr, -0x940209)
+DEF(decryptMultipleSelfBlocks_epilogue, -0x93FFEF) 
+DEF(sceSblServiceMailbox_lr_verifyHeader, -0x940e47) 
+DEF(sceSblServiceMailbox_lr_loadSelfSegment, -0x940ad4) 
+DEF(sceSblServiceMailbox_lr_decryptSelfBlock, -0x94051d) 
+DEF(sceSblServiceMailbox_lr_decryptMultipleSelfBlocks, -0x93FD52) 
+DEF(sceSblServiceMailbox_lr_sceSblAuthMgrSmFinalize, -0x9411d8) 
+DEF(sceSblServiceMailbox_lr_verifySuperBlock, -0x9EA679) 
+DEF(sceSblServiceMailbox_lr_sceSblPfsClearKey_1, -0x9EACF2)
+DEF(sceSblServiceMailbox_lr_sceSblPfsClearKey_2, -0x9EAC8D)
+DEF(sceSblServiceMailbox_lr_npdrm_cmd_5, -0x34D98A) 
+DEF(sceSblServiceMailbox_lr_npdrm_cmd_6, -0x34D755) 
+//DEF(sceSblPfsSetKeys, -0x9EA920) //403
+DEF(sceSblPfsSetKeys, -0x9EB870) //505
+DEF(sceSblServiceCryptAsync, -0x98A590) 
+DEF(sceSblServiceCryptAsync_deref_singleton, -0x98A556) 
+DEF(copyin, -0xa32d30) 
+DEF(copyout, -0xa32de0) 
+DEF(crypt_message_resolve, -0x4B5A50) 
+DEF(justreturn, -0xa6ed40) 
+DEF(justreturn_pop, justreturn+8)
+DEF(mini_syscore_header, 0xe896d8) 
+DEF(pop_all_iret, -0xa6eb72) 
+DEF(pop_all_except_rdi_iret, pop_all_iret+4)
+DEF(push_pop_all_iret, -0xa10540) 
+DEF(kernel_pmap_store, 0x2cf0ef8) 
+DEF(crypt_singleton_array, 0x2c35d70) 
+DEF(security_flags, 0xD79064)
+DEF(targetid, 0xD7906D)
+DEF(qa_flags, 0xD79088)
+DEF(utoken, 0xD790F0)
+DEF(mov_rax_cr0, -0xa75da1) 
+DEF(mov_cr0_rax, -0xa75d9c) 
+DEF(mov_rdi_cr2, -0xa71fca) 
+DEF(lgdt_rdi, -0xa32640) 
+DEF(lidt_lldt, -0xa755f1) 
+DEF(ltr_ax, -0xa755cf) 
+DEF(kproc_shutdown, -0xa0b100) 
+DEF(s_shutdown_final, 0x36dcc5) 
+DEF(eventhandler_register, -0x568300) 
+DEF(strlen_trap, -0x483f88) 
+DEF(lapic_map, 0x27bf858) 
+#include "offset_list.txt"
+END_FW()
+
 void* dlsym(void*, const char*);
 
 int set_offsets(void)
@@ -2917,9 +3103,10 @@ int set_offsets(void)
     case 0x920: set_offsets_920(); break;
     case 0x940: set_offsets_940(); break;
     case 0x960: set_offsets_960(); break;
+    case 0x1000: set_offsets_1000(); break;
+    case 0x1001: set_offsets_1001(); break;
 #endif
     default: return -1;
     }
     return 0;
-}
-
+}

ps5-kstuff/main.c

@@ -1377,6 +1377,72 @@ static struct shellcore_patch shellcore_patches_960[] = {
     {0x6F72C0, "\x48\x31\xc0\xc3", 4}, // PKG Installer
 };
 
+static struct shellcore_patch shellcore_patches_1000[] = {
+    {0xC03AC3, "\x52\xeb\xe2", 3}, //push rdx; jmp 0xC03AA8
+    {0xC03AA8, "\xe8\x33\xf8\xff\xff\x58\xc3", 7}, //call 0xC032E0; pop rax; ret
+    {0xC032C6, "\xe9\x06\x00\x00\x00", 5},  // jmp 0xC032D1
+    {0xC032D1, "\x31\xc0\x50\xe8\x07\x00\x00\x00\x58\xc3", 10}, //xor eax, eax; push rax; call 0xC032E0; pop rax; ret
+    {0x702624, "\xeb\x04", 2},
+    {0x30D19F, "\xeb\x04", 2},
+    {0x30D56F, "\xeb\x04", 2},
+    {0x722365, "\xeb", 1},
+    {0x70AF95, "\x90\xe9", 2},
+    {0x722AA3, "\xeb", 1},
+    {0x724A3F, "\x61\x01\x00\x00", 4}, // 0x724BA4
+    {0x206C11, "\xe8\x6a\x72\x60\x00\x31\xc9\xff\xc1\xe9\xd4\x01\x00\x00", 14}, // call 0x80DE80; xor ecx; inc ecx; jmp 0x206DF3
+    {0x206DF3, "\x83\xf8\x02\x0f\x43\xc1\xe9\x9e\xf9\xff\xff", 11},// cmp eax, 2; cmovae eax, ecx; jmp 0x20679C
+    {0x20675D, "\xe9\xaf\x04\x00\x00", 5}, // jmp 0x206C11
+
+    {0x7460A0, "\xC3", 1}, // callback to sceRifManagerRegisterActivationCallback
+
+    {0x16A1980, "\x31\xc0\xc3", 3}, // VR2 Min Fw Check
+    {0xA86D73, "\xeb\x03", 2}, // disable game error message
+    {0x305790, "\x90\xe9", 2}, // PS4 Disc Installer Patch 1
+    {0x30580A, "\x90\xe9", 2}, // PS5 Disc Installer Patch 1
+    {0x30590C, "\xeb", 1}, // PS4 PKG Installer Patch 1
+    {0x3059E0, "\xeb", 1}, // PS5 PKG Installer Patch 1
+    {0x305DE7, "\x90\xe9", 2}, // PS4 PKG Installer Patch 2
+    {0x305F8F, "\xeb", 1}, // PS5 PKG Installer Patch 2
+    {0x30633E, "\x90\xe9", 2}, // PS4 PKG Installer Patch 3
+    {0x3063D1, "\x90\xe9", 2}, // PS5 PKG Installer Patch 3
+    {0x700D28, "\xeb", 1}, // PS4 PKG Installer Patch 4
+    {0x7041F2, "\xeb", 1}, // PS5 PKG Installer Patch 4
+    {0x7078D0, "\x48\x31\xc0\xc3", 4}, // PKG Installer
+};
+
+static struct shellcore_patch shellcore_patches_1001[] = {
+    {0xC03AC3, "\x52\xeb\xe2", 3}, //push rdx; jmp 0xC03AA8
+    {0xC03AA8, "\xe8\x33\xf8\xff\xff\x58\xc3", 7}, //call 0xC032E0; pop rax; ret
+    {0xC032C6, "\xe9\x06\x00\x00\x00", 5},  // jmp 0xC032D1
+    {0xC032D1, "\x31\xc0\x50\xe8\x07\x00\x00\x00\x58\xc3", 10}, //xor eax, eax; push rax; call 0xC032E0; pop rax; ret
+    {0x702624, "\xeb\x04", 2},
+    {0x30D19F, "\xeb\x04", 2},
+    {0x30D56F, "\xeb\x04", 2},
+    {0x722365, "\xeb", 1},
+    {0x70AF95, "\x90\xe9", 2},
+    {0x722AA3, "\xeb", 1},
+    {0x724A3F, "\x61\x01\x00\x00", 4}, // 0x724BA4
+    {0x206C11, "\xe8\x6a\x72\x60\x00\x31\xc9\xff\xc1\xe9\xd4\x01\x00\x00", 14}, // call 0x80DE80; xor ecx; inc ecx; jmp 0x206DF3
+    {0x206DF3, "\x83\xf8\x02\x0f\x43\xc1\xe9\x9e\xf9\xff\xff", 11},// cmp eax, 2; cmovae eax, ecx; jmp 0x20679C
+    {0x20675D, "\xe9\xaf\x04\x00\x00", 5}, // jmp 0x206C11
+
+    {0x7460A0, "\xC3", 1}, // callback to sceRifManagerRegisterActivationCallback
+
+    {0x16A1980, "\x31\xc0\xc3", 3}, // VR2 Min Fw Check
+    {0xA86D73, "\xeb\x03", 2}, // disable game error message
+    {0x305790, "\x90\xe9", 2}, // PS4 Disc Installer Patch 1
+    {0x30580A, "\x90\xe9", 2}, // PS5 Disc Installer Patch 1
+    {0x30590C, "\xeb", 1}, // PS4 PKG Installer Patch 1
+    {0x3059E0, "\xeb", 1}, // PS5 PKG Installer Patch 1
+    {0x305DE7, "\x90\xe9", 2}, // PS4 PKG Installer Patch 2
+    {0x305F8F, "\xeb", 1}, // PS5 PKG Installer Patch 2
+    {0x30633E, "\x90\xe9", 2}, // PS4 PKG Installer Patch 3
+    {0x3063D1, "\x90\xe9", 2}, // PS5 PKG Installer Patch 3
+    {0x700D28, "\xeb", 1}, // PS4 PKG Installer Patch 4
+    {0x7041F2, "\xeb", 1}, // PS5 PKG Installer Patch 4
+    {0x7078D0, "\x48\x31\xc0\xc3", 4}, // PKG Installer
+};
+
 extern char _start[];
 
 static void relocate_shellcore_patches(struct shellcore_patch* patches, size_t n_patches)
@@ -1472,6 +1538,8 @@ static const struct shellcore_patch* get_shellcore_patches(size_t* n_patches)
     FW(920);
     FW(940);
     FW(960);
+    FW(1000);
+    FW(1001);
     default:
         *n_patches = 1;
         return 0;
@@ -2282,6 +2350,60 @@ static struct PARASITES(14) parasites_960 = {
     }
 };
 
+static struct PARASITES(14) parasites_1000 = {
+    .lim_syscall = 3,
+    .lim_fself = 12,
+    .lim_total = 14,
+    .parasites = {
+        /* syscall parasites */
+        {-0x894308, R13},
+        {-0x3BF480, RSI},
+        {-0x3BF440, RSI},
+        /* fself parasites */
+        {-0x2FC476, RAX},
+        {-0x2FCFDA, RAX},
+        //{-0x2FCE96, RAX},
+        {-0x2FCE96, RDX},
+        {-0x2FCC0B, RAX},
+        //{-0x2FCE96, RAX},
+        {-0x2FC932, R10},
+        {-0x2FC5FA, RAX},
+        {-0x2FC5EE, RAX},
+        {-0xA32F8C, RDI},
+        {-0x2FCA77, RAX},
+        /* unsorted parasites */
+        {-0x4B5766, RCX},
+        {-0x4B5766, R14},
+    }
+};
+
+static struct PARASITES(14) parasites_1001 = {
+    .lim_syscall = 3,
+    .lim_fself = 12,
+    .lim_total = 14,
+    .parasites = {
+        /* syscall parasites */
+        {-0x894308, R13},
+        {-0x3BF480, RSI},
+        {-0x3BF440, RSI},
+        /* fself parasites */
+        {-0x2FC476, RAX},
+        {-0x2FCFDA, RAX},
+        //{-0x2FCE96, RAX},
+        {-0x2FCE96, RDX},
+        {-0x2FCC0B, RAX},
+        //{-0x2FCE96, RAX},
+        {-0x2FC932, R10},
+        {-0x2FC5FA, RAX},
+        {-0x2FC5EE, RAX},
+        {-0xA32F8C, RDI},
+        {-0x2FCA77, RAX},
+        /* unsorted parasites */
+        {-0x4B5766, RCX},
+        {-0x4B5766, R14},
+    }
+};
+
 static struct parasite_desc* get_parasites(size_t* desc_size)
 {
     uint32_t ver = r0gdb_get_fw_version() >> 16;
@@ -2378,6 +2500,12 @@ static struct parasite_desc* get_parasites(size_t* desc_size)
     case 0x960:
         *desc_size = sizeof(parasites_960);
         return (void*)&parasites_960;
+    case 0x1000:
+        *desc_size = sizeof(parasites_1000);
+        return (void*)&parasites_1000;
+    case 0x1001:
+        *desc_size = sizeof(parasites_1001);
+        return (void*)&parasites_1001;
     default:
         return 0;
 #else