├── .gitignore ├── AUTHORS ├── COPYING ├── README.md ├── TODO ├── graf ├── Makefile ├── data │ └── .gitignore └── source │ └── main.cpp ├── libkammy ├── Makefile ├── data │ └── .gitignore ├── include │ └── kammy.h └── source │ └── kammy.cpp ├── loader ├── Makefile ├── data │ └── .gitignore ├── include │ └── debug.h └── source │ └── main.cpp └── lv2 ├── .gitignore ├── Makefile ├── Makefile.ethdebug ├── Makefile.graf ├── Makefile.kammy ├── common ├── crt1.c ├── gpr0.S ├── kammy.S ├── kammy.x ├── kammy_lv2.cpp ├── kammy_lv2.h ├── list.h ├── lv2.h └── string.h ├── ethdebug ├── assembly.h ├── debug.cpp ├── debug.h ├── device.cpp ├── device.h ├── gelic.h ├── hvcall.S ├── lv1call.h ├── main.cpp ├── printf.cpp └── printf.h ├── graf ├── cksum.c ├── cksum.h ├── decrypt_pkg.c ├── decrypt_pkg.h ├── decrypt_profile.c ├── decrypt_profile.h ├── decrypt_usb_dongle_master_key.c ├── decrypt_usb_dongle_master_key.h ├── dispmgr.h ├── dump_flash.c ├── dump_flash.h ├── dump_htab.c ├── dump_htab.h ├── dump_lv2.c ├── dump_lv2.h ├── dump_profile.c ├── dump_profile.h ├── dump_repo_nodes.c ├── dump_repo_nodes.h ├── dump_slb.c ├── dump_slb.h ├── dump_sprg0.c ├── dump_sprg0.h ├── dump_stor.c ├── dump_stor.h ├── gelic.c ├── gelic.h ├── hvcall.S ├── if_ether.h ├── if_vlan.h ├── inttypes.h ├── ipv4.h ├── lv1_result.h ├── lv1call.h ├── main.c ├── memcpy.h ├── memset.h ├── mm.c ├── mm.h ├── param.c ├── param.h ├── ppc_asm.h ├── query_lpar_address.c ├── query_lpar_address.h ├── repo_node.c ├── repo_node.h ├── rvk_pkg_341.c ├── rvk_pkg_341.h ├── spu.h ├── ss.h ├── stor.c ├── stor.h ├── sysmgr.h ├── system.h ├── time.c ├── time.h ├── tools │ ├── Makefile │ ├── dump_region_from_file.sh │ ├── inflate.c │ ├── pcap2bin.c │ └── sendfile.c ├── udp.h ├── update_mgr_inspect_pkg.c ├── update_mgr_inspect_pkg.h ├── vas.c ├── vas.h ├── vuart.h ├── vuart_dispmgr.c ├── vuart_dispmgr.h ├── vuart_sysmgr.c └── vuart_sysmgr.h └── kammy ├── crt0.c ├── hooks.cpp ├── main.cpp ├── memprot.cpp ├── module.cpp └── stub.S /.gitignore: -------------------------------------------------------------------------------- 1 | build/ 2 | *.elf 3 | *.self 4 | *.a 5 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | Main Author 2 | Aaron Lindsay 3 | 4 | ethdebug - Adapted from AsbestOS stage2 5 | Hector Martin 6 | 7 | graf - Adapted from graf_chokolo's PSGroove payload 8 | https://github.com/grafchokolo/psgroove 9 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Kammy 2 | ===== 3 | 4 | Kammy is a system for loading patches to lv2 (PlayStation 3's Game OS) from 5 | a user application, using PSGroove or any other implementation of the 6 | exploit that adds the peek/poke syscalls. Kammy was inspired by Treeki's 7 | Nintendo Wii game patching system, Kamek. 8 | 9 | Building 10 | -------- 11 | Building Kammy requires [PSL1GHT](http://github.com/AerialX/PSL1GHT) 12 | installed to build. This includes needing one of the supported PS3 GCC 13 | toolchains. Besides PSL1GHT, you will need the following utilities: 14 | 15 | * xxd: Creating patch bin files requires the xxd tool to be installed. 16 | * dd: Also required for building the patch bin files. 17 | * calc: Yet another requirement for building the patch bin files. 18 | [Homepage](http://www.isthe.com/chongo/tech/comp/calc/). 19 | 20 | With these dependencies installed, you can build Kammy by simply cd'ing to 21 | the *loader* directory and running: 22 | 23 | make clean 24 | make 25 | 26 | 27 | Usage 28 | ----- 29 | Kammy must be used with a payload that supports poke/peek. This includes 30 | PSGroove and most of its forks - including my own - among others. To apply a 31 | Kammy patch, a loader application must be started on the PS3. This is 32 | usually done from XMB from an installed package, or from USB using my 33 | PSGroove fork's apploader payload (or PL3's payload_dev). 34 | 35 | ### Ethernet Debug Example 36 | The example loader included in Kammy installs a hook into lv2 that sends 37 | debug messages over the ethernet cable of the PS3. This is useful for 38 | getting data from the PS3 and lv2 (you get crash reports, and some info from 39 | different apps). It's also a useful way of seeing printfs from any 40 | applications you write and test, including ones built with PSL1GHT. 41 | 42 | This setup has three requirements to work properly: 43 | 44 | 1. Your PS3 must be connected to a router by ethernet cable. 45 | Wireless must be disabled in the PS3 network settings. 46 | 2. The PC that you're retrieving the info with must be connected to the 47 | same router as the PS3. Alternatively you can connect the PS3's cable 48 | directly into your computer to get the output. 49 | 3. Your PC must have the socat program installed, so you can run the 50 | following command: 51 | 52 | socat udp-recv:18194 stdout 53 | 54 | A ready-to-run pre-compiled ethernet debug loader is provided in the 55 | [Downloads Section](http://github.com/AerialX/Kammy/downloads). 56 | 57 | 58 | Customizing 59 | ----------- 60 | Kammy is made up of three main components: 61 | 62 | * lv2: This folder contains the lv2 patches to be built. See the ethdebug 63 | patch for an example. It is up to the patch to apply any hooks it needs to 64 | lv2. 65 | * libkammy: This is the basic library that handles the loading of Kammy 66 | patches. Altering it should not be necessary. 67 | * loader: This folder contains an example that shows how to use libkammy to 68 | load kammy and another patch bin from the lv2 folder. 69 | 70 | 71 | Notes 72 | ----- 73 | Internally, Kammy obliderates syscall 11, so try not to run it with 74 | payloads that provide that syscall. 75 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | * The Makefiles need deps support added, they act all wonky when building 2 | * lv2/kammy needs to provide a patch management system for all other bins 3 | * Get filesystem stuff working 4 | * Awesome stuff 5 | -------------------------------------------------------------------------------- /graf/Makefile: -------------------------------------------------------------------------------- 1 | .SUFFIXES: 2 | ifeq ($(strip $(PSL1GHT)),) 3 | $(error "PSL1GHT must be set in the environment.") 4 | endif 5 | 6 | include $(PSL1GHT)/Makefile.base 7 | 8 | TARGET := $(notdir $(CURDIR)) 9 | BUILD := build 10 | SOURCE := source 11 | INCLUDE := include ../libkammy/include ../lv2 12 | DATA := data 13 | LIBS := ../../libkammy/libkammy.a 14 | 15 | CFLAGS += -g -O2 -Wall 16 | CXXFLAGS += -g -O2 -Wall 17 | 18 | ifneq ($(BUILD),$(notdir $(CURDIR))) 19 | 20 | export OUTPUT := $(CURDIR)/$(TARGET) 21 | export VPATH := $(foreach dir,$(SOURCE),$(CURDIR)/$(dir)) \ 22 | $(foreach dir,$(DATA),$(CURDIR)/$(dir)) 23 | export BUILDDIR := $(CURDIR)/$(BUILD) 24 | export DEPSDIR := $(BUILDDIR) 25 | 26 | CFILES := $(foreach dir,$(SOURCE),$(notdir $(wildcard $(dir)/*.c))) 27 | CXXFILES := $(foreach dir,$(SOURCE),$(notdir $(wildcard $(dir)/*.cpp))) 28 | SFILES := $(foreach dir,$(SOURCE),$(notdir $(wildcard $(dir)/*.S))) 29 | BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.bin))) \ 30 | graf.bin 31 | 32 | export OFILES := $(CFILES:.c=.o) \ 33 | $(CXXFILES:.cpp=.o) \ 34 | $(SFILES:.S=.o) \ 35 | $(BINFILES:.bin=.bin.o) 36 | 37 | export BINFILES := $(BINFILES:.bin=.bin.h) 38 | 39 | export INCLUDES := $(foreach dir,$(INCLUDE),-I$(CURDIR)/$(dir)) \ 40 | -I$(CURDIR)/$(BUILD) 41 | 42 | .PHONY: $(BUILD) clean 43 | 44 | $(BUILD): 45 | @[ -d $@ ] || mkdir -p $@ 46 | @make --no-print-directory -C ../libkammy 47 | @make --no-print-directory -C ../lv2 -f Makefile.graf 48 | @make --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile 49 | 50 | clean: 51 | @echo Clean... 52 | @rm -rf $(BUILD) $(OUTPUT).elf $(OUTPUT).self 53 | 54 | else 55 | 56 | DEPENDS := $(OFILES:.o=.d) 57 | 58 | $(OUTPUT).self: $(OUTPUT).elf 59 | $(OUTPUT).elf: $(OFILES) ../../libkammy/libkammy.a 60 | 61 | $(OFILES): $(BINFILES) 62 | 63 | -include $(DEPENDS) 64 | 65 | endif 66 | -------------------------------------------------------------------------------- /graf/data/.gitignore: -------------------------------------------------------------------------------- 1 | graf.bin 2 | -------------------------------------------------------------------------------- /graf/source/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | #include "graf.bin.h" 6 | 7 | #include 8 | 9 | static u64 LoadModule(const u8* bin, const char* name, u64 param1 = 0, u64 param2 = 0, u64 param3 = 0, u64 param4 = 0, u64 param5 = 0, u64 param6 = 0) 10 | { 11 | u64 ret = KAMMY_ERROR; 12 | printf("\tLoading %s into lv2... ", name); 13 | const Lv2Module* module = Kammy_Load(bin); 14 | if (!module->Verify()) { 15 | printf("Failed! %s is corrupt.\n", name); 16 | return ret; 17 | } 18 | if (!module->Execute(&ret, param1, param2, param3, param4, param5, param6)) 19 | printf("Failed! Kammy was unable to load %s.\n", name); 20 | else 21 | printf("Done! Result returned from %s in lv2: 0x%08x%08x\n", name, (u32)(ret >> 32), (u32)ret); 22 | return ret; 23 | } 24 | 25 | static bool Init() 26 | { 27 | if (Kammy_IsInitialised()) 28 | printf("\tAlready loaded!\n"); 29 | else { 30 | printf("\tInitializing... "); 31 | if (Kammy_Initialise()) 32 | printf("Done! Kammy injected into lv2 successfully.\n"); 33 | else { 34 | printf("Failed! Syscalls could not be injected. Does this payload have peek/poke?\n"); 35 | return false; 36 | } 37 | } 38 | 39 | return true; 40 | } 41 | 42 | extern "C" int main(int argc, char** argv) 43 | { 44 | printf("Kammy v" LIBKAMMY_VERSION "\n"); 45 | 46 | if (!Init()) { 47 | printf("Failed!\n"); 48 | return 0; 49 | } 50 | 51 | LoadModule(graf_bin, "graf.bin"); 52 | printf("Aaand we're done for tonight folks.\n"); 53 | 54 | return 0; 55 | } 56 | -------------------------------------------------------------------------------- /libkammy/Makefile: -------------------------------------------------------------------------------- 1 | .SUFFIXES: 2 | ifeq ($(strip $(PSL1GHT)),) 3 | $(error "PSL1GHT must be set in the environment.") 4 | endif 5 | 6 | include $(PSL1GHT)/Makefile.base 7 | 8 | TARGET := $(notdir $(CURDIR)) 9 | BUILD := build 10 | SOURCE := source 11 | LV2SOURCE := ../lv2/common 12 | INCLUDE := include ../lv2/common 13 | DATA := data 14 | LIBS := 15 | 16 | CFLAGS += -g -O2 -Wall 17 | CXXFLAGS += -g -O2 -Wall 18 | 19 | ifneq ($(BUILD),$(notdir $(CURDIR))) 20 | 21 | .PHONY: $(BUILD) clean 22 | 23 | export OUTDIR := $(CURDIR) 24 | export OUTPUT := $(CURDIR)/$(TARGET) 25 | export VPATH := $(foreach dir,$(SOURCE),$(CURDIR)/$(dir)) \ 26 | $(foreach dir,$(LV2SOURCE),$(CURDIR)/$(dir)) \ 27 | $(foreach dir,$(DATA),$(CURDIR)/$(dir)) 28 | export BUILDDIR := $(CURDIR)/$(BUILD) 29 | export DEPSDIR := $(BUILDDIR) 30 | 31 | CFILES := $(foreach dir,$(SOURCE),$(notdir $(wildcard $(dir)/*.c))) 32 | CXXFILES := $(foreach dir,$(SOURCE),$(notdir $(wildcard $(dir)/*.cpp))) \ 33 | $(foreach dir,$(LV2SOURCE),$(notdir $(wildcard $(dir)/*.cpp))) 34 | SFILES := $(foreach dir,$(SOURCE),$(notdir $(wildcard $(dir)/*.S))) 35 | BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.bin))) \ 36 | kammy.bin 37 | 38 | export OFILES := $(CFILES:.c=.o) \ 39 | $(CXXFILES:.cpp=.o) \ 40 | $(SFILES:.S=.o) \ 41 | $(BINFILES:.bin=.bin.o) 42 | 43 | export BINFILES := $(BINFILES:.bin=.bin.h) 44 | 45 | export INCLUDES := $(foreach dir,$(INCLUDE),-I$(CURDIR)/$(dir)) \ 46 | -I$(CURDIR)/$(BUILD) 47 | $(BUILD): 48 | @[ -d $@ ] || mkdir -p $@ 49 | @make --no-print-directory -C ../lv2 -f Makefile.kammy 50 | @make --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile 51 | 52 | clean: 53 | @echo Clean... 54 | @rm -rf $(BUILD) $(OUTPUT).a 55 | 56 | install: 57 | @echo "Installing into $(PS3DEV)/ppu..." 58 | @cp $(OUTPUT).a $(PS3DEV)/ppu/lib/ 59 | @cp -r include $(PS3DEV)/ppu/ 60 | @cp ../lv2/common/kammy_lv2.h $(PS3DEV)/ppu/include/ 61 | @cp ../lv2/common/kammy.x $(PS3DEV)/ppu/lib/ 62 | @mkdir -p $(PS3DEV)/ppu/include/kammy 63 | @cp ../lv2/common/lv2.h $(PS3DEV)/ppu/include/kammy/ 64 | 65 | else 66 | 67 | DEPENDS := $(OFILES:.o=.d) 68 | 69 | $(OUTPUT).a: $(OFILES) 70 | 71 | $(OFILES): $(BINFILES) 72 | 73 | -include $(DEPENDS) 74 | 75 | endif 76 | -------------------------------------------------------------------------------- /libkammy/data/.gitignore: -------------------------------------------------------------------------------- 1 | kammy.bin 2 | -------------------------------------------------------------------------------- /libkammy/include/kammy.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define LIBKAMMY_VERSION "0.1" 6 | #define LIBKAMMY_MAGIC 0x1337baad 7 | 8 | struct Lv2Module; 9 | 10 | bool Kammy_IsInitialised(); 11 | bool Kammy_Initialise(); 12 | const Lv2Module* Kammy_Load(const void* data); 13 | 14 | struct Lv2opd 15 | { 16 | u64 Address; 17 | u64 TableOfContents; 18 | u64 Reserved; 19 | } __attribute__((__packed__)); 20 | 21 | struct Lv2Module 22 | { 23 | u32 Magic; // KAMMY_MAGIC 24 | u32 HeaderSize; // DataOffset = sizeof(Lv2Module) = 0x20 25 | u64 MainEntry; // Main OPD entry 26 | u64 TextBase; // Compiled base 27 | u64 TextEnd; // DataSize = TextEnd - TextBase 28 | u8 Data[]; 29 | 30 | bool ExecuteInternal(u64* ret = NULL) const; 31 | bool Execute(u64* ret = NULL, u64 param1 = 0, u64 param2 = 0, u64 param3 = 0, u64 param4 = 0, u64 param5 = 0, u64 param6 = 0) const; 32 | 33 | bool Verify() const 34 | { 35 | return Magic == LIBKAMMY_MAGIC; 36 | } 37 | 38 | uint32_t GetDataSize() const 39 | { 40 | return TextEnd - TextBase; 41 | } 42 | 43 | const Lv2opd* GetMain() const 44 | { 45 | return (const Lv2opd*)(Data + (MainEntry - TextBase)); 46 | } 47 | } __attribute__((__packed__)); 48 | -------------------------------------------------------------------------------- /libkammy/source/kammy.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include 4 | 5 | #include "kammy.h" 6 | #include "kammy_lv2.h" 7 | 8 | #include "kammy.bin.h" 9 | 10 | #define ROUND_UP(p, round) \ 11 | ((p + round - 1) & ~(round - 1)) 12 | 13 | // lv2 retail 3.41 addresses 14 | #define LV2_ALLOC (void*)0x8000000000062088ULL 15 | #define KAMMY_RTOC_BASE (void*)0x8000000000003000ULL 16 | #define KAMMY_RTOC 0x800000000033E720ULL 17 | 18 | // Some function that gets trashed by the payload already 19 | #define KAMMY_HACK_BASE 0x800000000004ED28ULL 20 | 21 | // Custom syscalls 22 | #define SYSCALL_PEEK 6 23 | #define SYSCALL_POKE 7 24 | 25 | static void SyscallPoke(void* address, u64 value) 26 | { 27 | Lv2Syscall2(SYSCALL_POKE, (u64)address, value); 28 | } 29 | 30 | static u64 SyscallPeek(void* address) 31 | { 32 | return Lv2Syscall1(SYSCALL_PEEK, (u64)address); 33 | } 34 | 35 | bool Kammy_IsInitialised() 36 | { 37 | return (Kammy_Version() & KAMMY_VERSION_MASK) == (KAMMY_VERSION & KAMMY_VERSION_MASK); 38 | } 39 | 40 | bool Kammy_Initialise() 41 | { 42 | if (Kammy_IsInitialised()) 43 | return true; 44 | 45 | const Lv2Module* kammy = Kammy_Load(kammy_bin); 46 | if (!kammy) 47 | return false; 48 | 49 | u64 ret; 50 | if (!kammy->ExecuteInternal(&ret)) 51 | return false; 52 | return ret == KAMMY_VERSION; 53 | } 54 | 55 | const Lv2Module* Kammy_Load(const void* data) 56 | { 57 | return (const Lv2Module*)data; 58 | } 59 | 60 | static void RelocateMemcpy(u64* dest, u64* data, u32 size, u64 base, void* newbase) 61 | { 62 | for (u32 i = 0; i < size / 8; i++) { 63 | u64 value = data[i]; 64 | if ((value & 0xFFFFFFFF00000000ULL) == base) 65 | // if (value - base < size) 66 | value = value - base + (u64)newbase; 67 | SyscallPoke(dest + i, value); 68 | } 69 | } 70 | 71 | bool Lv2Module::ExecuteInternal(u64* ret) const 72 | { 73 | if (!Verify()) 74 | return false; 75 | 76 | if (SyscallPeek(KAMMY_RTOC_BASE) != KAMMY_RTOC) { 77 | fprintf(stderr, "\tError! Kammy only works on retail 3.41.\n"); 78 | return false; 79 | } 80 | 81 | // Uses poke to create a new alloc syscall // 82 | u64* addr = (u64*)SyscallPeek((u64*)LV2_SYSCALL_TABLE + KAMMY_SYSCALL); 83 | if (!addr || (u32)(u64)addr == 0x8001003) { 84 | fprintf(stderr, "\tError! Peek and poke not implemented.\n"); 85 | return false; 86 | } 87 | SyscallPoke(addr, (u64)LV2_ALLOC); 88 | 89 | u32 size = ROUND_UP(GetDataSize(), 0x08); 90 | u64* address = (u64*)Lv2Syscall2(KAMMY_SYSCALL, size, 0x27); 91 | if (!address || (u32)(u64)address == 0x8001003) 92 | return false; 93 | RelocateMemcpy(address, (u64*)Data, size, TextBase, address); 94 | SyscallPoke((u64*)LV2_SYSCALL_TABLE + KAMMY_SYSCALL, (MainEntry - TextBase) + (u64)address); 95 | // HACK: The hypervisor doesn't obey the opd rtoc, so we have to pass it 96 | u64 value = Lv2Syscall1(KAMMY_SYSCALL, *(u64*)(Data + (MainEntry - TextBase) + 8) - TextBase + (u64)address); 97 | if (ret) 98 | *ret = value; 99 | return true; 100 | } 101 | 102 | bool Lv2Module::Execute(u64* ret, u64 param1, u64 param2, u64 param3, u64 param4, u64 param5, u64 param6) const 103 | { 104 | if (!Verify()) 105 | return false; 106 | u32 size = ROUND_UP(GetDataSize(), 0x08); 107 | void* address = Kammy_Alloc(size); 108 | if (!address) 109 | return false; 110 | RelocateMemcpy((u64*)address, (u64*)Data, size, TextBase, address); 111 | u64 value = Kammy_Execute((void*)((MainEntry - TextBase) + (u64)address), param1, param2, param3, param4, param5, param6); 112 | if (ret) 113 | *ret = value; 114 | return true; 115 | } 116 | -------------------------------------------------------------------------------- /loader/Makefile: -------------------------------------------------------------------------------- 1 | .SUFFIXES: 2 | ifeq ($(strip $(PSL1GHT)),) 3 | $(error "PSL1GHT must be set in the environment.") 4 | endif 5 | 6 | include $(PSL1GHT)/Makefile.base 7 | 8 | TARGET := $(notdir $(CURDIR)) 9 | BUILD := build 10 | SOURCE := source 11 | INCLUDE := include ../libkammy/include ../lv2 12 | DATA := data 13 | LIBS := ../../libkammy/libkammy.a 14 | 15 | CFLAGS += -g -O2 -Wall 16 | CXXFLAGS += -g -O2 -Wall 17 | 18 | ifneq ($(BUILD),$(notdir $(CURDIR))) 19 | 20 | export OUTPUT := $(CURDIR)/$(TARGET) 21 | export VPATH := $(foreach dir,$(SOURCE),$(CURDIR)/$(dir)) \ 22 | $(foreach dir,$(DATA),$(CURDIR)/$(dir)) 23 | export BUILDDIR := $(CURDIR)/$(BUILD) 24 | export DEPSDIR := $(BUILDDIR) 25 | 26 | CFILES := $(foreach dir,$(SOURCE),$(notdir $(wildcard $(dir)/*.c))) 27 | CXXFILES := $(foreach dir,$(SOURCE),$(notdir $(wildcard $(dir)/*.cpp))) 28 | SFILES := $(foreach dir,$(SOURCE),$(notdir $(wildcard $(dir)/*.S))) 29 | BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.bin))) \ 30 | ethdebug.bin 31 | 32 | export OFILES := $(CFILES:.c=.o) \ 33 | $(CXXFILES:.cpp=.o) \ 34 | $(SFILES:.S=.o) \ 35 | $(BINFILES:.bin=.bin.o) 36 | 37 | export BINFILES := $(BINFILES:.bin=.bin.h) 38 | 39 | export INCLUDES := $(foreach dir,$(INCLUDE),-I$(CURDIR)/$(dir)) \ 40 | -I$(CURDIR)/$(BUILD) 41 | 42 | .PHONY: $(BUILD) clean 43 | 44 | $(BUILD): 45 | @[ -d $@ ] || mkdir -p $@ 46 | @make --no-print-directory -C ../libkammy 47 | @make --no-print-directory -C ../lv2 -f Makefile.ethdebug 48 | @make --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile 49 | 50 | clean: 51 | @echo Clean... 52 | @rm -rf $(BUILD) $(OUTPUT).elf $(OUTPUT).self 53 | 54 | else 55 | 56 | DEPENDS := $(OFILES:.o=.d) 57 | 58 | $(OUTPUT).self: $(OUTPUT).elf 59 | $(OUTPUT).elf: $(OFILES) ../../libkammy/libkammy.a 60 | 61 | $(OFILES): $(BINFILES) 62 | 63 | -include $(DEPENDS) 64 | 65 | endif 66 | -------------------------------------------------------------------------------- /loader/data/.gitignore: -------------------------------------------------------------------------------- 1 | ethdebug.bin 2 | -------------------------------------------------------------------------------- /loader/include/debug.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | bool Debug_Connect(); 4 | void Debug_Disconnect(); 5 | void Debug_Print(const char* fmt, ...); 6 | -------------------------------------------------------------------------------- /loader/source/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | #include "ethdebug.bin.h" 6 | 7 | #include 8 | 9 | static u64 LoadModule(const u8* bin, const char* name, u64 param1 = 0, u64 param2 = 0, u64 param3 = 0, u64 param4 = 0, u64 param5 = 0, u64 param6 = 0) 10 | { 11 | u64 ret = KAMMY_ERROR; 12 | printf("\tLoading %s into lv2... ", name); 13 | const Lv2Module* module = Kammy_Load(bin); 14 | if (!module->Verify()) { 15 | printf("Failed! %s is corrupt.\n", name); 16 | return ret; 17 | } 18 | if (!module->Execute(&ret, param1, param2, param3, param4, param5, param6)) 19 | printf("Failed! Kammy was unable to load %s.\n", name); 20 | else 21 | printf("Done! Result returned from %s in lv2: 0x%08x%08x\n", name, (u32)(ret >> 32), (u32)ret); 22 | return ret; 23 | } 24 | 25 | static bool Init() 26 | { 27 | if (Kammy_IsInitialised()) 28 | printf("\tAlready loaded!\n"); 29 | else { 30 | printf("\tInitializing... "); 31 | if (Kammy_Initialise()) 32 | printf("Done! Kammy injected into lv2 successfully.\n"); 33 | else { 34 | printf("Failed! Syscalls could not be injected. Does this payload have peek/poke?\n"); 35 | return false; 36 | } 37 | } 38 | 39 | return true; 40 | } 41 | 42 | extern "C" int main(int argc, char** argv) 43 | { 44 | printf("Kammy v" LIBKAMMY_VERSION "\n"); 45 | 46 | if (!Init()) { 47 | printf("Failed!\n"); 48 | return 0; 49 | } 50 | 51 | // Want to see this debug info? 52 | // 1) The PS3 must be connected to a router/computer via ethernet cable. 53 | // If wireless is enabled it won't work. 54 | // 2) Be on the same network/router/etc as the PS3 55 | // 3) Install socat on your PC, and run the following command: 56 | // socat udp-recv:18194 stdout 57 | LoadModule(ethdebug_bin, "ethdebug.bin"); 58 | printf("This is a ttyWrite test, it will show up over UDP.\n"); 59 | 60 | // After this hook is installed it will stay in place as long as 61 | // the PS3 stays on. Great for getting printfs from other PSL1GHT 62 | // apps. 63 | 64 | printf("Aaand we're done for tonight folks.\n"); 65 | 66 | return 0; 67 | } 68 | -------------------------------------------------------------------------------- /lv2/.gitignore: -------------------------------------------------------------------------------- 1 | *.bin 2 | -------------------------------------------------------------------------------- /lv2/Makefile: -------------------------------------------------------------------------------- 1 | LV2BINS := kammy ethdebug 2 | 3 | LV2CLEAN := $(foreach bin,$(LV2BINS),$(bin)\ clean) 4 | LV2OBJDUMP := $(foreach bin,$(LV2BINS),$(bin)\ objdump) 5 | 6 | all: $(LV2BINS) 7 | 8 | clean: $(LV2CLEAN) 9 | 10 | objdump: $(LV2OBJDUMP) 11 | 12 | $(LV2BINS) $(LV2CLEAN) $(LV2OBJDUMP): 13 | @make -f Makefile.$@ 14 | 15 | .PHONY: $(LV2BINS) 16 | -------------------------------------------------------------------------------- /lv2/Makefile.ethdebug: -------------------------------------------------------------------------------- 1 | .SUFFIXES: 2 | ifeq ($(strip $(PSL1GHT)),) 3 | $(error "PSL1GHT must be set in the environment.") 4 | endif 5 | 6 | include $(PSL1GHT)/Makefile.base 7 | 8 | MAKEFILE := ethdebug 9 | TARGET := $(MAKEFILE).bin 10 | TARGETS := ../loader/data/$(TARGET) 11 | BUILD := $(MAKEFILE)/build 12 | DATA := $(MAKEFILE)/data 13 | LINKFILE := common/kammy.x 14 | SOURCE := $(MAKEFILE) common 15 | INCLUDE := $(SOURCE) 16 | MAPFILE := $(BUILD)/$(MAKEFILE).map 17 | TEXTBASE := 0xFAC3B01000000000 18 | LIBS := 19 | 20 | LD := ppu-ld 21 | 22 | CFLAGS += -nodefaultlibs -nostdlib \ 23 | -fno-builtin -fno-exceptions \ 24 | -Os -Wall \ 25 | -DLV2 26 | CXXFLAGS := $(CFLAGS) -fno-rtti 27 | CFLAGS += --std=gnu99 28 | LDFLAGS := -L. -s -T $(LINKPATH) \ 29 | -Ttext $(TEXTBASE) \ 30 | -Map $(MAPPATH) --no-demangle 31 | 32 | XXD := xxd -r -p 33 | 34 | ifneq ($(notdir $(BUILD)),$(notdir $(CURDIR))) 35 | 36 | export OUTPUT := $(CURDIR)/$(TARGET) 37 | export OUTPUTS := $(foreach dir,$(TARGETS),$(CURDIR)/$(dir)) 38 | export VPATH := $(foreach dir,$(SOURCE),$(CURDIR)/$(dir)) \ 39 | $(foreach dir,$(DATA),$(CURDIR)/$(dir)) 40 | export BUILDDIR := $(CURDIR)/$(BUILD) 41 | export DEPSDIR := $(BUILDDIR) 42 | export LINKPATH := $(CURDIR)/$(LINKFILE) 43 | export MAPPATH := $(CURDIR)/$(MAPFILE) 44 | 45 | CFILES := $(foreach dir,$(SOURCE),$(notdir $(wildcard $(dir)/*.c))) 46 | CXXFILES := $(foreach dir,$(SOURCE),$(notdir $(wildcard $(dir)/*.cpp))) 47 | SFILES := $(foreach dir,$(SOURCE),$(notdir $(wildcard $(dir)/*.S))) 48 | BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.bin))) 49 | 50 | export OFILES := $(CFILES:.c=.o) \ 51 | $(CXXFILES:.cpp=.o) \ 52 | $(SFILES:.S=.o) 53 | 54 | export BINFILES := $(BINFILES:.bin=.bin.h) 55 | 56 | export INCLUDES := $(foreach dir,$(INCLUDE),-I$(CURDIR)/$(dir)) \ 57 | -I$(CURDIR)/$(BUILD) 58 | 59 | .PHONY: $(BUILD) clean 60 | 61 | $(BUILD): 62 | @[ -d $@ ] || mkdir -p $@ 63 | @make --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile.$(MAKEFILE) 64 | 65 | objdump: $(OUTPUT) 66 | @ppu-objdump -D -EB -b binary -m powerpc:common64 $(BUILD)/$(TARGET) 67 | 68 | clean: 69 | @echo Clean... 70 | @rm -rf $(BUILD) $(OUTPUT) $(OUTPUTS) 71 | 72 | else 73 | 74 | DEPENDS := $(OFILES:.o=.d) 75 | 76 | $(BUILD): $(OUTPUTS) 77 | 78 | ifneq ($(OUTPUTS),) 79 | $(OUTPUTS): $(OUTPUT) 80 | @cp $< $@ 81 | endif 82 | 83 | GET_MAIN = '/^ +0x[0-9a-z]+ +_start$$/ {print $$1}' 84 | GET_TEXT = '/^\.text +0x[0-9a-z]+ +0x[0-9a-z]+$$/ {print $$2}' 85 | GET_BSS_END = '/^ +0x[0-9a-z]+ +__bss_end = \.$$/ {print $$1}' 86 | GET_BSS_START = '/^ +0x[0-9a-z]+ +__bss_start = \.$$/ {print $$1}' 87 | $(OUTPUT): $(OFILES) 88 | @echo "[LD] $@" 89 | @$(LD) $(LDFLAGS) $(OFILES) -o $(BUILDDIR)/$(TARGET) 90 | @echo 1337baad00000020 | $(XXD) > $@ 91 | @awk $(GET_MAIN) $(MAPPATH) | $(XXD) >> $@ 92 | @awk $(GET_TEXT) $(MAPPATH) | $(XXD) >> $@ 93 | @awk $(GET_BSS_END) $(MAPPATH) | $(XXD) >> $@ 94 | @cat $(BUILDDIR)/$(TARGET) >> $@ 95 | @dd bs=1 count="`calc \`awk $(GET_BSS_END) $(MAPPATH)\` - \`awk $(GET_BSS_START) $(MAPPATH)\` + 0x10`" if=/dev/zero >> $@ 2> /dev/null 96 | $(OFILES): 97 | 98 | -include $(DEPENDS) 99 | 100 | endif 101 | -------------------------------------------------------------------------------- /lv2/Makefile.graf: -------------------------------------------------------------------------------- 1 | .SUFFIXES: 2 | ifeq ($(strip $(PSL1GHT)),) 3 | $(error "PSL1GHT must be set in the environment.") 4 | endif 5 | 6 | include $(PSL1GHT)/Makefile.base 7 | 8 | MAKEFILE := graf 9 | TARGET := $(MAKEFILE).bin 10 | TARGETS := ../graf/data/$(TARGET) 11 | BUILD := $(MAKEFILE)/build 12 | DATA := $(MAKEFILE)/data 13 | LINKFILE := common/kammy.x 14 | SOURCE := $(MAKEFILE) common 15 | INCLUDE := $(SOURCE) 16 | MAPFILE := $(BUILD)/$(MAKEFILE).map 17 | TEXTBASE := 0xFAC3B01000000000 18 | LIBS := 19 | 20 | LD := ppu-ld 21 | 22 | CFLAGS += -nodefaultlibs -nostdlib \ 23 | -fno-builtin -fno-exceptions \ 24 | -Os -Wall \ 25 | -DLV2 26 | CXXFLAGS := $(CFLAGS) -fno-rtti 27 | CFLAGS += --std=gnu99 28 | LDFLAGS := -L. -s -T $(LINKPATH) \ 29 | -Ttext $(TEXTBASE) \ 30 | -Map $(MAPPATH) --no-demangle 31 | 32 | XXD := xxd -r -p 33 | 34 | ifneq ($(notdir $(BUILD)),$(notdir $(CURDIR))) 35 | 36 | export OUTPUT := $(CURDIR)/$(TARGET) 37 | export OUTPUTS := $(foreach dir,$(TARGETS),$(CURDIR)/$(dir)) 38 | export VPATH := $(foreach dir,$(SOURCE),$(CURDIR)/$(dir)) \ 39 | $(foreach dir,$(DATA),$(CURDIR)/$(dir)) 40 | export BUILDDIR := $(CURDIR)/$(BUILD) 41 | export DEPSDIR := $(BUILDDIR) 42 | export LINKPATH := $(CURDIR)/$(LINKFILE) 43 | export MAPPATH := $(CURDIR)/$(MAPFILE) 44 | 45 | CFILES := $(foreach dir,$(SOURCE),$(notdir $(wildcard $(dir)/*.c))) 46 | CXXFILES := $(foreach dir,$(SOURCE),$(notdir $(wildcard $(dir)/*.cpp))) 47 | SFILES := $(foreach dir,$(SOURCE),$(notdir $(wildcard $(dir)/*.S))) 48 | BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.bin))) 49 | 50 | export OFILES := $(CFILES:.c=.o) \ 51 | $(CXXFILES:.cpp=.o) \ 52 | $(SFILES:.S=.o) 53 | 54 | export BINFILES := $(BINFILES:.bin=.bin.h) 55 | 56 | export INCLUDES := $(foreach dir,$(INCLUDE),-I$(CURDIR)/$(dir)) \ 57 | -I$(CURDIR)/$(BUILD) 58 | 59 | .PHONY: $(BUILD) clean 60 | 61 | $(BUILD): 62 | @[ -d $@ ] || mkdir -p $@ 63 | @make --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile.$(MAKEFILE) 64 | 65 | objdump: $(OUTPUT) 66 | @ppu-objdump -D -EB -b binary -m powerpc:common64 $(BUILD)/$(TARGET) 67 | 68 | clean: 69 | @echo Clean... 70 | @rm -rf $(BUILD) $(OUTPUT) $(OUTPUTS) 71 | 72 | else 73 | 74 | DEPENDS := $(OFILES:.o=.d) 75 | 76 | $(BUILD): $(OUTPUTS) 77 | 78 | ifneq ($(OUTPUTS),) 79 | $(OUTPUTS): $(OUTPUT) 80 | @cp $< $@ 81 | endif 82 | 83 | GET_MAIN = '/^ +0x[0-9a-z]+ +_start$$/ {print $$1}' 84 | GET_TEXT = '/^\.text +0x[0-9a-z]+ +0x[0-9a-z]+$$/ {print $$2}' 85 | GET_BSS_END = '/^ +0x[0-9a-z]+ +__bss_end = \.$$/ {print $$1}' 86 | GET_BSS_START = '/^ +0x[0-9a-z]+ +__bss_start = \.$$/ {print $$1}' 87 | $(OUTPUT): $(OFILES) 88 | @echo "[LD] $@" 89 | @$(LD) $(LDFLAGS) $(OFILES) -o $(BUILDDIR)/$(TARGET) 90 | @echo 1337baad00000020 | $(XXD) > $@ 91 | @awk $(GET_MAIN) $(MAPPATH) | $(XXD) >> $@ 92 | @awk $(GET_TEXT) $(MAPPATH) | $(XXD) >> $@ 93 | @awk $(GET_BSS_END) $(MAPPATH) | $(XXD) >> $@ 94 | @cat $(BUILDDIR)/$(TARGET) >> $@ 95 | @dd bs=1 count="`calc \`awk $(GET_BSS_END) $(MAPPATH)\` - \`awk $(GET_BSS_START) $(MAPPATH)\` + 0x10`" if=/dev/zero >> $@ 2> /dev/null 96 | $(OFILES): 97 | 98 | -include $(DEPENDS) 99 | 100 | endif 101 | -------------------------------------------------------------------------------- /lv2/Makefile.kammy: -------------------------------------------------------------------------------- 1 | .SUFFIXES: 2 | ifeq ($(strip $(PSL1GHT)),) 3 | $(error "PSL1GHT must be set in the environment.") 4 | endif 5 | 6 | include $(PSL1GHT)/Makefile.base 7 | 8 | MAKEFILE := kammy 9 | TARGET := $(MAKEFILE).bin 10 | TARGETS := ../libkammy/data/$(TARGET) 11 | BUILD := $(MAKEFILE)/build 12 | DATA := $(MAKEFILE)/data 13 | LINKFILE := common/kammy.x 14 | SOURCE := $(MAKEFILE) common 15 | INCLUDE := $(SOURCE) 16 | MAPFILE := $(BUILD)/$(MAKEFILE).map 17 | TEXTBASE := 0xFAC3B01000000000 18 | LIBS := 19 | 20 | LD := ppu-ld 21 | 22 | CFLAGS += -nodefaultlibs -nostdlib -m64 \ 23 | -fno-builtin -fno-exceptions \ 24 | -Os -Wall \ 25 | -DLV2 -DKAMMY 26 | CXXFLAGS := $(CFLAGS) -fno-rtti 27 | CFLAGS += --std=gnu99 28 | LDFLAGS := -L. -s -T $(LINKPATH) \ 29 | -Ttext $(TEXTBASE) \ 30 | -Map $(MAPPATH) --no-demangle 31 | 32 | XXD := xxd -r -p 33 | 34 | ifneq ($(notdir $(BUILD)),$(notdir $(CURDIR))) 35 | 36 | export OUTPUT := $(CURDIR)/$(TARGET) 37 | export OUTPUTS := $(foreach dir,$(TARGETS),$(CURDIR)/$(dir)) 38 | export VPATH := $(foreach dir,$(SOURCE),$(CURDIR)/$(dir)) \ 39 | $(foreach dir,$(DATA),$(CURDIR)/$(dir)) 40 | export BUILDDIR := $(CURDIR)/$(BUILD) 41 | export DEPSDIR := $(BUILDDIR) 42 | export LINKPATH := $(CURDIR)/$(LINKFILE) 43 | export MAPPATH := $(CURDIR)/$(MAPFILE) 44 | 45 | CFILES := $(foreach dir,$(SOURCE),$(notdir $(wildcard $(dir)/*.c))) 46 | CXXFILES := $(foreach dir,$(SOURCE),$(notdir $(wildcard $(dir)/*.cpp))) 47 | SFILES := $(foreach dir,$(SOURCE),$(notdir $(wildcard $(dir)/*.S))) 48 | BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.bin))) 49 | 50 | export OFILES := $(CFILES:.c=.o) \ 51 | $(CXXFILES:.cpp=.o) \ 52 | $(SFILES:.S=.o) 53 | 54 | export BINFILES := $(BINFILES:.bin=.bin.h) 55 | 56 | export INCLUDES := $(foreach dir,$(INCLUDE),-I$(CURDIR)/$(dir)) \ 57 | -I$(CURDIR)/$(BUILD) 58 | 59 | .PHONY: $(BUILD) clean 60 | 61 | $(BUILD): 62 | @[ -d $@ ] || mkdir -p $@ 63 | @make --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile.$(MAKEFILE) 64 | 65 | objdump: $(OUTPUT) 66 | @ppu-objdump -D -EB -b binary -m powerpc:common64 $(BUILD)/$(TARGET) 67 | 68 | clean: 69 | @echo Clean... 70 | @rm -rf $(BUILD) $(OUTPUT) $(OUTPUTS) 71 | 72 | else 73 | 74 | DEPENDS := $(OFILES:.o=.d) 75 | 76 | $(BUILD): $(OUTPUTS) 77 | 78 | ifneq ($(OUTPUTS),) 79 | $(OUTPUTS): $(OUTPUT) 80 | @cp $< $@ 81 | endif 82 | 83 | GET_MAIN = '/^ +0x[0-9a-z]+ +_start$$/ {print $$1}' 84 | GET_TEXT = '/^\.text +0x[0-9a-z]+ +0x[0-9a-z]+$$/ {print $$2}' 85 | GET_BSS_END = '/^ +0x[0-9a-z]+ +__bss_end = \.$$/ {print $$1}' 86 | GET_BSS_START = '/^ +0x[0-9a-z]+ +__bss_start = \.$$/ {print $$1}' 87 | $(OUTPUT): $(OFILES) 88 | @echo "[LD] $@" 89 | @$(LD) $(LDFLAGS) $(OFILES) -o $(BUILDDIR)/$(TARGET) 90 | @echo 1337baad00000020 | $(XXD) > $@ 91 | @awk $(GET_MAIN) $(MAPPATH) | $(XXD) >> $@ 92 | @awk $(GET_TEXT) $(MAPPATH) | $(XXD) >> $@ 93 | @awk $(GET_BSS_END) $(MAPPATH) | $(XXD) >> $@ 94 | @cat $(BUILDDIR)/$(TARGET) >> $@ 95 | @dd bs=1 count="`calc \`awk $(GET_BSS_END) $(MAPPATH)\` - \`awk $(GET_BSS_START) $(MAPPATH)\` + 0x10`" if=/dev/zero >> $@ 2> /dev/null 96 | $(OFILES): 97 | 98 | -include $(DEPENDS) 99 | 100 | endif 101 | -------------------------------------------------------------------------------- /lv2/common/crt1.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | uint64_t start(); 4 | 5 | typedef void (*ctor)(void); 6 | extern ctor __ctors_start; 7 | extern ctor __ctors_end; 8 | 9 | #ifdef KAMMY 10 | uint64_t __start() 11 | #else 12 | uint64_t _start() 13 | #endif 14 | { 15 | // Static constructors; note that these crash AFAICT. 16 | for (ctor* c = &__ctors_start; c != &__ctors_end; c++) 17 | (*c)(); 18 | 19 | return start(); 20 | } 21 | -------------------------------------------------------------------------------- /lv2/common/gpr0.S: -------------------------------------------------------------------------------- 1 | /* Required when compiling under gcc 4.4.x and higher, * 2 | * without linking to libgcc */ 3 | 4 | #define _GLOBAL(sym) \ 5 | .global sym; \ 6 | sym: 7 | 8 | _GLOBAL(_savegpr0_14) std 14,-0x90(1) 9 | _GLOBAL(_savegpr0_15) std 15,-0x88(1) 10 | _GLOBAL(_savegpr0_16) std 16,-0x80(1) 11 | _GLOBAL(_savegpr0_17) std 17,-0x78(1) 12 | _GLOBAL(_savegpr0_18) std 18,-0x70(1) 13 | _GLOBAL(_savegpr0_19) std 19,-0x68(1) 14 | _GLOBAL(_savegpr0_20) std 20,-0x60(1) 15 | _GLOBAL(_savegpr0_21) std 21,-0x58(1) 16 | _GLOBAL(_savegpr0_22) std 22,-0x50(1) 17 | _GLOBAL(_savegpr0_23) std 23,-0x48(1) 18 | _GLOBAL(_savegpr0_24) std 24,-0x40(1) 19 | _GLOBAL(_savegpr0_25) std 25,-0x38(1) 20 | _GLOBAL(_savegpr0_26) std 26,-0x30(1) 21 | _GLOBAL(_savegpr0_27) std 27,-0x28(1) 22 | _GLOBAL(_savegpr0_28) std 28,-0x20(1) 23 | _GLOBAL(_savegpr0_29) std 29,-0x18(1) 24 | _GLOBAL(_savegpr0_30) std 30,-0x10(1) 25 | _GLOBAL(_savegpr0_31) std 31,-0x08(1) 26 | std 0,0x10(1) 27 | blr 28 | 29 | _GLOBAL(_restgpr0_14) ld 14,-0x90(1) 30 | _GLOBAL(_restgpr0_15) ld 15,-0x88(1) 31 | _GLOBAL(_restgpr0_16) ld 16,-0x80(1) 32 | _GLOBAL(_restgpr0_17) ld 17,-0x78(1) 33 | _GLOBAL(_restgpr0_18) ld 18,-0x70(1) 34 | _GLOBAL(_restgpr0_19) ld 19,-0x68(1) 35 | _GLOBAL(_restgpr0_20) ld 20,-0x60(1) 36 | _GLOBAL(_restgpr0_21) ld 21,-0x58(1) 37 | _GLOBAL(_restgpr0_22) ld 22,-0x50(1) 38 | _GLOBAL(_restgpr0_23) ld 23,-0x48(1) 39 | _GLOBAL(_restgpr0_24) ld 24,-0x40(1) 40 | _GLOBAL(_restgpr0_25) ld 25,-0x38(1) 41 | _GLOBAL(_restgpr0_26) ld 26,-0x30(1) 42 | _GLOBAL(_restgpr0_27) ld 27,-0x28(1) 43 | _GLOBAL(_restgpr0_28) ld 28,-0x20(1) 44 | _GLOBAL(_restgpr0_29) ld 29,-0x18(1) 45 | _GLOBAL(_restgpr0_30) ld 30,-0x10(1) 46 | _GLOBAL(_restgpr0_31) ld 31,-0x08(1) 47 | ld 0,0x10(1) 48 | mtlr 0 49 | blr 50 | 51 | -------------------------------------------------------------------------------- /lv2/common/kammy.S: -------------------------------------------------------------------------------- 1 | #define RTOC 0x800000000033E720 2 | 3 | #define LV2_FUNC(name, addr) \ 4 | .global name; \ 5 | name: \ 6 | .quad 0x8000000000000000 | addr, RTOC, 0 7 | 8 | .section .opd, "aw" 9 | 10 | LV2_FUNC(memcpy, 0x7C01C) 11 | LV2_FUNC(memset, 0x4D144) 12 | LV2_FUNC(memcmp, 0x4C454) 13 | 14 | LV2_FUNC(strcat, 0x4D220) 15 | LV2_FUNC(strchr, 0x4D258) 16 | LV2_FUNC(strlen, 0x4D318) 17 | LV2_FUNC(strcpy, 0x4D2F0) 18 | LV2_FUNC(strncpy, 0x4D3B8) 19 | LV2_FUNC(strcmp, 0x4D29C) 20 | LV2_FUNC(strncmp, 0x4D344) 21 | 22 | LV2_FUNC(printf, 0x28A654) 23 | LV2_FUNC(snprintf, 0x04E4D8) 24 | LV2_FUNC(sprintf, 0x04E56C) 25 | 26 | /* lv2 internal, do not work! 27 | LV2_FUNC(fsOpen, 0x2AB290) 28 | LV2_FUNC(fsRead, 0x2AB234) 29 | LV2_FUNC(fsWrite, 0x2AB1A0) 30 | LV2_FUNC(fsSeek, 0x2AA9F4) 31 | LV2_FUNC(fsClose, 0x2AB0F8) 32 | LV2_FUNC(fsStat, 0x2AAAAC) 33 | */ 34 | 35 | LV2_FUNC(alloc, 0x62088) 36 | LV2_FUNC(dealloc, 0x624C8) 37 | LV2_FUNC(panic, 0x288568) 38 | -------------------------------------------------------------------------------- /lv2/common/kammy.x: -------------------------------------------------------------------------------- 1 | OUTPUT_FORMAT ("binary") 2 | 3 | SECTIONS { 4 | .text : { 5 | FILL (0) 6 | 7 | __text_start = . ; 8 | *(.init) 9 | *(.text) 10 | __ctors_start = . ; 11 | *(.ctors) 12 | __ctors_end = . ; 13 | *(.dtors) 14 | *(.rodata) 15 | *(.fini) 16 | __text_end = . ; 17 | } 18 | .bss : { 19 | __bss_start = . ; 20 | *(.bss) 21 | __bss_end = . ; 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /lv2/common/kammy_lv2.cpp: -------------------------------------------------------------------------------- 1 | #include "kammy_lv2.h" 2 | 3 | #ifndef KAMMY 4 | 5 | u64 Kammy_Version() 6 | { 7 | return Lv2Syscall1(KAMMY_SYSCALL, KAMMY_SUBCALL_VERSION); 8 | } 9 | 10 | KAMMY_PTR Kammy_Alloc(u64 size) 11 | { 12 | return (KAMMY_PTR)Lv2Syscall2(KAMMY_SYSCALL, KAMMY_SUBCALL_ALLOC, size); 13 | } 14 | 15 | void Kammy_Dealloc(KAMMY_PTR addr) 16 | { 17 | Lv2Syscall2(KAMMY_SYSCALL, KAMMY_SUBCALL_DEALLOC, (u64)addr); 18 | } 19 | 20 | u64 Kammy_Execute(KAMMY_PTR addr, u64 param1, u64 param2, u64 param3, u64 param4, u64 param5, u64 param6) 21 | { 22 | return Lv2Syscall8(KAMMY_SYSCALL, KAMMY_SUBCALL_EXEC, (u64)addr, param1, param2, param3, param4, param5, param6); 23 | } 24 | 25 | void Kammy_Memcpy(KAMMY_PTR dest, KAMMY_PTR src, u64 size) 26 | { 27 | Lv2Syscall4(KAMMY_SYSCALL, KAMMY_SUBCALL_MEMCPY, (u64)dest, (u64)src, size); 28 | } 29 | 30 | void Kammy_HookSyscall(u32 syscall, KAMMY_PTR func) 31 | { 32 | Lv2Syscall3(KAMMY_SYSCALL, KAMMY_SUBCALL_HOOK_SYSCALL, syscall, (u64)func); 33 | } 34 | 35 | void Kammy_HookBranch(KAMMY_PTR branch, KAMMY_PTR func, bool lr) 36 | { 37 | Lv2Syscall4(KAMMY_SYSCALL, KAMMY_SUBCALL_HOOK_BRANCH, (u64)branch, (u64)func, lr); 38 | } 39 | 40 | s64 Kammy_HookSubcall(u64 subcall, KAMMY_PTR func) 41 | { 42 | return Lv2Syscall3(KAMMY_SYSCALL, KAMMY_SUBCALL_HOOK_SUBCALL, subcall, (u64)func); 43 | } 44 | 45 | u64 Kammy_CallSubcall(u64 subcall, u64 param1, u64 param2, u64 param3, u64 param4, u64 param5, u64 param6) 46 | { 47 | return Lv2Syscall8(KAMMY_SYSCALL, KAMMY_SUBCALL_CALL_SUBCALL, subcall, param1, param2, param3, param4, param5, param6); 48 | } 49 | 50 | #endif 51 | -------------------------------------------------------------------------------- /lv2/common/kammy_lv2.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #define KAMMY_VERSION 0x4A33100000000001ULL 6 | #define KAMMY_VERSION_MASK 0xFFFFFFFF00000000ULL 7 | #define KAMMY_SYSCALL 11 8 | 9 | #define KAMMY_PTR void* 10 | 11 | enum { 12 | KAMMY_ERROR_OK = 0, 13 | KAMMY_ERROR = -0x100, 14 | KAMMY_ERROR_UNIMPLEMENTED, 15 | KAMMY_ERROR_INVALID 16 | }; 17 | 18 | u64 Kammy_Version(); 19 | KAMMY_PTR Kammy_Alloc(u64 size); 20 | void Kammy_Dealloc(KAMMY_PTR addr); 21 | u64 Kammy_Execute(KAMMY_PTR addr, u64 param1 = 0, u64 param2 = 0, u64 param3 = 0, u64 param4 = 0, u64 param5 = 0, u64 param6 = 0); 22 | void Kammy_Memcpy(KAMMY_PTR dest, KAMMY_PTR src, u64 size); 23 | void Kammy_HookSyscall(u32 syscall, KAMMY_PTR func); 24 | void Kammy_HookBranch(KAMMY_PTR branch, KAMMY_PTR func, bool lr); 25 | 26 | s64 Kammy_HookSubcall(u64 subcall, KAMMY_PTR func); 27 | u64 Kammy_CallSubcall(u64 subcall, u64 param1 = 0, u64 param2 = 0, u64 param3 = 0, u64 param4 = 0, u64 param5 = 0, u64 param6 = 0); 28 | s64 Kammy_GetModules(KAMMY_PTR* buffer = NULL, u64* size = 0); 29 | s64 Kammy_UnloadModule(KAMMY_PTR base); 30 | #ifdef KAMMY 31 | s64 Kammy_RegisterModule(KAMMY_PTR base); 32 | #else 33 | s64 Kammy_RegisterModule(); 34 | #endif 35 | 36 | enum { 37 | KAMMY_SUBCALL_VERSION = 0, 38 | KAMMY_SUBCALL_ALLOC, 39 | KAMMY_SUBCALL_DEALLOC, 40 | KAMMY_SUBCALL_EXEC, 41 | KAMMY_SUBCALL_MEMCPY, 42 | KAMMY_SUBCALL_HOOK_SYSCALL, 43 | KAMMY_SUBCALL_HOOK_BRANCH, 44 | KAMMY_SUBCALL_HOOK_SUBCALL, 45 | KAMMY_SUBCALL_CALL_SUBCALL, 46 | KAMMY_SUBCALL_GET_MODULES, 47 | KAMMY_SUBCALL_UNLOAD_MODULE, 48 | KAMMY_SUBCALL_REGISTER_MODULE, 49 | KAMMY_SUBCALL_MAX 50 | }; 51 | 52 | -------------------------------------------------------------------------------- /lv2/common/list.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "lv2.h" 4 | 5 | #ifndef MIN 6 | #define MIN(x, y) ((x) < (y) ? (x) : (y)) 7 | #endif 8 | 9 | template class List 10 | { 11 | public: 12 | typedef T* Iterator; 13 | typedef T& Reference; 14 | protected: 15 | u64 size; 16 | u64 allocated; 17 | T* Internal; 18 | public: 19 | List() : size(0), allocated(0), Internal(NULL) { } 20 | List(u64 size) : size(0), allocated(0), Internal(NULL) { Allocate(size); } 21 | ~List() { Clear(); } 22 | 23 | List(const List& list) { Add(list.Begin(), list.End()); } 24 | 25 | List& operator =(const List& list) 26 | { 27 | Clear(); 28 | Add(list.Begin(), list.End()); 29 | return *this; 30 | } 31 | List& operator =(List list) 32 | { 33 | Clear(); 34 | Add(list.Begin(), list.End()); 35 | return *this; 36 | } 37 | 38 | void Allocate(u64 newsize) { 39 | if (newsize > allocated) { 40 | T* newinternal = new T[newsize]; 41 | if (Internal) { 42 | for (u64 i = 0; i < MIN(size, newsize); i++) 43 | newinternal[i] = Internal[i]; 44 | delete[] Internal; 45 | } 46 | Internal = newinternal; 47 | 48 | allocated = newsize; 49 | } 50 | } 51 | 52 | Iterator Begin() { return Internal; } 53 | Iterator End() { return Internal + size; } 54 | Iterator Add(const T& item) { Allocate(size + 1); Internal[size] = item; size++; return End() - 1; } 55 | Iterator Add(Iterator begin, Iterator end) { 56 | for (; begin != end; begin++) 57 | Add(*begin); 58 | } 59 | void Remove(Iterator, Iterator); 60 | void Remove(Iterator); 61 | void Remove(u64 index); 62 | 63 | void Clear() { if (Internal) delete[] Internal; size = 0; allocated = 0; Internal = NULL; } 64 | 65 | u64 Size() { return size; } 66 | 67 | Reference operator [](u64 index) { return Internal[index]; } 68 | }; 69 | 70 | template class Pair 71 | { 72 | public: 73 | K Key; 74 | V Value; 75 | 76 | Pair() { } 77 | Pair(const K& key, const V& value) : Key(key), Value(value) { } 78 | }; 79 | 80 | -------------------------------------------------------------------------------- /lv2/common/lv2.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #ifdef LV2 6 | 7 | typedef u64 size_t; 8 | 9 | #define ALIGNED(x) __attribute__((aligned(x))) 10 | 11 | #ifdef __cplusplus 12 | #define LV2_EXPORT extern "C" __attribute__((longcall)) 13 | #else 14 | #define LV2_EXPORT extern __attribute__((longcall)) 15 | #endif 16 | 17 | // string.h 18 | LV2_EXPORT void* memcpy(void* dest, const void* src, size_t n); 19 | LV2_EXPORT void* memset(void* s, int c, size_t n); 20 | LV2_EXPORT int memcmp(const void *v1, const void *v2, size_t n); 21 | 22 | LV2_EXPORT char *strcat(char *destination, const char *source); 23 | LV2_EXPORT char *strchr(const char* str, int chr); 24 | LV2_EXPORT char* strcpy(char* dest, const char* src); 25 | LV2_EXPORT char *strncpy(char *destination, const char *source, size_t num); 26 | LV2_EXPORT size_t strlen(const char* s); 27 | LV2_EXPORT int strcmp(const char *s1, const char *s2); 28 | LV2_EXPORT int strncmp(const char* s1, const char* s2, size_t n); 29 | 30 | // stdio.h 31 | LV2_EXPORT int printf(const char *format, ...); 32 | LV2_EXPORT int snprintf(char *str, long unsigned int size, const char *format, ...); 33 | LV2_EXPORT int sprintf(char *str, const char *format, ...); 34 | 35 | // lv2 36 | LV2_EXPORT __attribute__((malloc)) void* alloc(size_t size, int unk); 37 | LV2_EXPORT void dealloc(void* ptr, int unk); 38 | LV2_EXPORT void panic(int unk); 39 | 40 | // misc 41 | #ifdef __cplusplus 42 | extern "C" { 43 | #endif 44 | static inline void* malloc(size_t size) { return alloc(size, 0x27); } 45 | static inline void free(void* ptr) { dealloc(ptr, 0x27); } 46 | #ifdef __cplusplus 47 | } 48 | inline void* operator new(size_t size) { return malloc(size); } 49 | inline void* operator new[](size_t size) { return malloc(size); } 50 | inline void operator delete(void* ptr) { return free(ptr); } 51 | inline void operator delete[](void* ptr) { return free(ptr); } 52 | #endif 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /lv2/common/string.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | class String 4 | { 5 | public: 6 | static const u64 npos = -1; 7 | protected: 8 | char* buffer; 9 | 10 | void Construct(const char* string, u64 len = npos) 11 | { 12 | if (buffer) 13 | free(buffer); 14 | if (len == npos) 15 | len = strlen(string); 16 | buffer = (char*)malloc(len + 1); 17 | if (buffer) { 18 | if (len) 19 | strncpy(buffer, string, len); 20 | buffer[len] = '\0'; 21 | } 22 | } 23 | public: 24 | String() : buffer(NULL) { Construct(""); } 25 | String(const String& string) : buffer(NULL) { Construct(string.C()); } 26 | String(const String& string, u64 off, u64 len = npos) : buffer(NULL) { Construct(string.C() + off, len); } 27 | String(const char* string, u64 len = npos) : buffer(NULL) { Construct(string, len); } 28 | 29 | ~String() { free(buffer); buffer = NULL; } 30 | 31 | String& operator =(const String& string) 32 | { 33 | Construct(string.C(), string.Size()); 34 | return *this; 35 | } 36 | String& operator =(const char* string) 37 | { 38 | Construct(string); 39 | return *this; 40 | } 41 | 42 | String operator +(const String& string) const 43 | { 44 | String out(*this, 0, Size() + string.Size()); 45 | strcat(out.buffer, string.buffer); 46 | return out; 47 | } 48 | 49 | String& operator +=(const String& string) 50 | { 51 | char* newbuffer = (char*)malloc(Size() + string.Size()); 52 | strcpy(newbuffer, buffer); 53 | strcat(newbuffer, string.buffer); 54 | free(buffer); 55 | buffer = newbuffer; 56 | return *this; 57 | } 58 | 59 | const char* C() const { return buffer; } 60 | 61 | char& operator [](u64 index) { return buffer[index]; } 62 | 63 | u64 Size() const { return strlen(buffer); } 64 | u64 Length() const { return strlen(buffer); } // TODO: UTF8 65 | 66 | s64 Compare(const String& string) const { return strcmp(buffer, string.C()); } 67 | s64 Compare(const String& string, u64 len) const { return strncmp(buffer, string.C(), len); } 68 | s64 Compare(u64 off1, const String& string, u64 off2, u64 len) const { return strncmp(buffer + off1, string.C() + off2, len); } 69 | s64 Compare(const char* string) const { return strcmp(buffer, string); } 70 | s64 Compare(const char* string, u64 len) const { return strncmp(buffer, string, len); } 71 | s64 Compare(u64 off1, const char* string, u64 len) const { return strncmp(buffer + off1, string, len); } 72 | 73 | String Substring(u64 off = 0, u64 len = npos) const { return String(buffer + off, len); } 74 | }; 75 | -------------------------------------------------------------------------------- /lv2/ethdebug/assembly.h: -------------------------------------------------------------------------------- 1 | /* assembly.h - assembly language definitions 2 | 3 | Copyright (C) 2010 Hector Martin "marcan" 10 | #include "lv2.h" 11 | #include "debug.h" 12 | #include "lv1call.h" 13 | #include "gelic.h" 14 | #include "string.h" 15 | #include "printf.h" 16 | #include "device.h" 17 | #include 18 | 19 | #define DEBUG_PORT 18194 20 | 21 | static int bus_id; 22 | static int dev_id; 23 | 24 | static u64 bus_addr; 25 | 26 | struct ethhdr { 27 | u8 dest[6]; 28 | u8 src[6]; 29 | u16 type; 30 | } __attribute__((packed)); 31 | 32 | struct vlantag { 33 | u16 vlan; 34 | u16 subtype; 35 | } __attribute__((packed)); 36 | 37 | struct iphdr { 38 | u8 ver_len; 39 | u8 dscp_ecn; 40 | u16 total_length; 41 | u16 ident; 42 | u16 frag_off_flags; 43 | u8 ttl; 44 | u8 proto; 45 | u16 checksum; 46 | u32 src; 47 | u32 dest; 48 | } __attribute__((packed)); 49 | 50 | struct udphdr { 51 | u16 src; 52 | u16 dest; 53 | u16 len; 54 | u16 checksum; 55 | } __attribute__((packed)); 56 | 57 | static struct ethhdr *h_eth; 58 | static struct vlantag *h_vlan; 59 | static struct iphdr *h_ip; 60 | static struct udphdr *h_udp; 61 | 62 | static char *pmsg; 63 | 64 | #define MAX_MESSAGE_SIZE 1000 65 | 66 | struct debug_block { 67 | volatile struct gelic_descr descr; 68 | u8 pkt[1520]; 69 | } __attribute__((packed)); 70 | 71 | struct debug_block dbg_ ALIGNED(32); 72 | #define dbg (&dbg_) 73 | //#define dbg ((struct debug_block*)0x8000000000700000) 74 | 75 | static int debug_initialized = 0; 76 | 77 | static int header_size; 78 | 79 | s64 debug_init(void) 80 | { 81 | s64 result; 82 | u64 v2; 83 | 84 | result = find_device_by_type(DEV_TYPE_ETH, 0, &bus_id, &dev_id, NULL); 85 | if (result) 86 | return result; 87 | 88 | result = map_dma_mem(bus_id, dev_id, dbg, sizeof(struct debug_block), &bus_addr); 89 | if (result) 90 | return result; 91 | 92 | memset(dbg, 0, sizeof(struct debug_block)); 93 | 94 | dbg->descr.buf_addr = bus_addr + offsetof(struct debug_block, pkt); 95 | 96 | u64 mac; 97 | result = lv1_net_control(bus_id, dev_id, GELIC_LV1_GET_MAC_ADDRESS, 0, 0, 0, &mac, &v2); 98 | if (result) 99 | return result; 100 | mac <<= 16; 101 | 102 | h_eth = (struct ethhdr*)dbg->pkt; 103 | 104 | memset(&h_eth->dest, 0xff, 6); 105 | memcpy(&h_eth->src, &mac, 6); 106 | 107 | header_size = sizeof(struct ethhdr); 108 | 109 | u64 vlan_id; 110 | result = lv1_net_control(bus_id, dev_id, GELIC_LV1_GET_VLAN_ID, \ 111 | GELIC_LV1_VLAN_TX_ETHERNET_0, 0, 0, &vlan_id, &v2); 112 | if (result == 0) { 113 | h_eth->type = 0x8100; 114 | 115 | header_size += sizeof(struct vlantag); 116 | h_vlan = (struct vlantag*)(h_eth+1); 117 | h_vlan->vlan = vlan_id; 118 | h_vlan->subtype = 0x0800; 119 | h_ip = (struct iphdr*)(h_vlan+1); 120 | } else { 121 | h_eth->type = 0x0800; 122 | h_ip = (struct iphdr*)(h_eth+1); 123 | } 124 | 125 | header_size += sizeof(struct iphdr); 126 | h_ip->ver_len = 0x45; 127 | h_ip->ttl = 10; 128 | h_ip->proto = 0x11; 129 | h_ip->src = 0x00000000; 130 | h_ip->dest = 0xffffffff; 131 | 132 | header_size += sizeof(struct udphdr); 133 | h_udp = (struct udphdr*)(h_ip+1); 134 | h_udp->src = DEBUG_PORT; 135 | h_udp->dest = DEBUG_PORT; 136 | 137 | pmsg = (char*)(h_udp+1); 138 | 139 | debug_initialized = 1; 140 | 141 | return 0; 142 | } 143 | 144 | s64 debug_printf(const char* fmt, ...) 145 | { 146 | va_list ap; 147 | 148 | if (!debug_initialized) 149 | return -1; 150 | 151 | va_start(ap, fmt); 152 | size_t msgsize = _vsnprintf(pmsg, MAX_MESSAGE_SIZE, fmt, ap); 153 | va_end(ap); 154 | 155 | return debug_print(NULL, msgsize); 156 | } 157 | 158 | s64 debug_print(const char* buffer, size_t msgsize) 159 | { 160 | if (msgsize > MAX_MESSAGE_SIZE) 161 | msgsize = MAX_MESSAGE_SIZE; 162 | 163 | if (buffer) 164 | memcpy(pmsg, buffer, msgsize); 165 | 166 | dbg->descr.buf_size = header_size + msgsize; 167 | h_ip->total_length = msgsize + sizeof(struct udphdr) + sizeof(struct iphdr); 168 | h_udp->len = msgsize + sizeof(struct udphdr); 169 | 170 | h_ip->checksum = 0; 171 | u32 sum = 0; 172 | u16 *p = (u16*)h_ip; 173 | int i; 174 | for (i=0; i<5; i++) 175 | sum += *p++; 176 | h_ip->checksum = ~(sum + (sum>>16)); 177 | 178 | dbg->descr.dmac_cmd_status = GELIC_DESCR_DMA_CMD_NO_CHKSUM | GELIC_DESCR_TX_DMA_FRAME_TAIL; 179 | dbg->descr.result_size = 0; 180 | dbg->descr.data_status = 0; 181 | 182 | s64 ret = lv1_net_start_tx_dma(bus_id, dev_id, bus_addr, 0); 183 | if (ret) 184 | return ret; 185 | 186 | while ((dbg->descr.dmac_cmd_status & GELIC_DESCR_DMA_STAT_MASK) == GELIC_DESCR_DMA_CARDOWNED); 187 | return 0; 188 | } 189 | 190 | void abort(void) 191 | { 192 | printf("abort() called! Panicking.\n"); 193 | lv1_panic(0); 194 | } 195 | 196 | void fatal(const char *msg) 197 | { 198 | printf("FATAL: %s\n", msg); 199 | printf("Panicking.\n"); 200 | lv1_panic(0); 201 | } 202 | -------------------------------------------------------------------------------- /lv2/ethdebug/debug.h: -------------------------------------------------------------------------------- 1 | /* debug.h - printf message logging via Lv-1 Ethernet 2 | 3 | Copyright (C) 2010 Hector Martin "marcan" >32) + (i)) 69 | #define FIELD(s, i) (S2I(s) + (i)) 70 | 71 | int find_device_by_type(int type, int index, int *pbus_id, int *pdev_id, int *pirq) 72 | { 73 | u64 v2; 74 | u64 bus_ndx; 75 | s64 result; 76 | 77 | printf("Locating device with type %d and index %d...\n", type, index); 78 | for (bus_ndx=0; bus_ndx<10; bus_ndx++) { 79 | u64 bus_id=0, bus_type=0, num_dev=0; 80 | 81 | result = lv1_get_repository_node_value(PS3_LPAR_ID_PME, FIELD_FIRST("bus",bus_ndx), 82 | FIELD("type",0), 0, 0, &bus_type, &v2); 83 | if (result) 84 | continue; 85 | result = lv1_get_repository_node_value(PS3_LPAR_ID_PME, FIELD_FIRST("bus",bus_ndx), 86 | FIELD("id",0), 0, 0, &bus_id, &v2); 87 | if (result) 88 | continue; 89 | result = lv1_get_repository_node_value(PS3_LPAR_ID_PME, FIELD_FIRST("bus",bus_ndx), 90 | FIELD("num_dev",0), 0, 0, &num_dev, &v2); 91 | if (result) 92 | continue; 93 | 94 | //printf("Bus #%ld id %ld type %ld num_dev %ld\n", bus_ndx, bus_id, bus_type, num_dev); 95 | u64 dev_ndx; 96 | for (dev_ndx=0; dev_ndx 13 | * 14 | * Copyright (C) 2007 Sony Computer Entertainment Inc. 15 | * Copyright 2006, 2007 Sony Corporation. 16 | * 17 | * This file is based on: spider_net.h 18 | * 19 | * (C) Copyright IBM Corp. 2005 20 | * 21 | * Authors : Utz Bacher 22 | * Jens Osterkamp 23 | */ 24 | 25 | #ifndef GELIC_H 26 | #define GELIC_H 27 | 28 | #include "lv2.h" 29 | 30 | /* RX descriptor data_status bits */ 31 | enum gelic_descr_rx_status { 32 | GELIC_DESCR_RXDMADU = 0x80000000, /* destination MAC addr unknown */ 33 | GELIC_DESCR_RXLSTFBF = 0x40000000, /* last frame buffer */ 34 | GELIC_DESCR_RXIPCHK = 0x20000000, /* IP checksum performed */ 35 | GELIC_DESCR_RXTCPCHK = 0x10000000, /* TCP/UDP checksup performed */ 36 | GELIC_DESCR_RXWTPKT = 0x00C00000, /* 37 | * wakeup trigger packet 38 | * 01: Magic Packet (TM) 39 | * 10: ARP packet 40 | * 11: Multicast MAC addr 41 | */ 42 | GELIC_DESCR_RXVLNPKT = 0x00200000, /* VLAN packet */ 43 | /* bit 20..16 reserved */ 44 | GELIC_DESCR_RXRRECNUM = 0x0000ff00, /* reception receipt number */ 45 | /* bit 7..0 reserved */ 46 | }; 47 | 48 | #define GELIC_DESCR_DATA_STATUS_CHK_MASK \ 49 | (GELIC_DESCR_RXIPCHK | GELIC_DESCR_RXTCPCHK) 50 | 51 | /* TX descriptor data_status bits */ 52 | enum gelic_descr_tx_status { 53 | GELIC_DESCR_TX_TAIL = 0x00000001, /* gelic treated this 54 | * descriptor was end of 55 | * a tx frame 56 | */ 57 | }; 58 | 59 | /* RX descriptor data error bits */ 60 | enum gelic_descr_rx_error { 61 | /* bit 31 reserved */ 62 | GELIC_DESCR_RXALNERR = 0x40000000, /* alignement error 10/100M */ 63 | GELIC_DESCR_RXOVERERR = 0x20000000, /* oversize error */ 64 | GELIC_DESCR_RXRNTERR = 0x10000000, /* Runt error */ 65 | GELIC_DESCR_RXIPCHKERR = 0x08000000, /* IP checksum error */ 66 | GELIC_DESCR_RXTCPCHKERR = 0x04000000, /* TCP/UDP checksum error */ 67 | GELIC_DESCR_RXDRPPKT = 0x00100000, /* drop packet */ 68 | GELIC_DESCR_RXIPFMTERR = 0x00080000, /* IP packet format error */ 69 | /* bit 18 reserved */ 70 | GELIC_DESCR_RXDATAERR = 0x00020000, /* IP packet format error */ 71 | GELIC_DESCR_RXCALERR = 0x00010000, /* cariier extension length 72 | * error */ 73 | GELIC_DESCR_RXCREXERR = 0x00008000, /* carrier extention error */ 74 | GELIC_DESCR_RXMLTCST = 0x00004000, /* multicast address frame */ 75 | /* bit 13..0 reserved */ 76 | }; 77 | #define GELIC_DESCR_DATA_ERROR_CHK_MASK \ 78 | (GELIC_DESCR_RXIPCHKERR | GELIC_DESCR_RXTCPCHKERR) 79 | 80 | /* DMA command and status (RX and TX)*/ 81 | enum gelic_descr_dma_status { 82 | GELIC_DESCR_DMA_COMPLETE = 0x00000000, /* used in tx */ 83 | GELIC_DESCR_DMA_BUFFER_FULL = 0x00000000, /* used in rx */ 84 | GELIC_DESCR_DMA_RESPONSE_ERROR = 0x10000000, /* used in rx, tx */ 85 | GELIC_DESCR_DMA_PROTECTION_ERROR = 0x20000000, /* used in rx, tx */ 86 | GELIC_DESCR_DMA_FRAME_END = 0x40000000, /* used in rx */ 87 | GELIC_DESCR_DMA_FORCE_END = 0x50000000, /* used in rx, tx */ 88 | GELIC_DESCR_DMA_CARDOWNED = 0xa0000000, /* used in rx, tx */ 89 | GELIC_DESCR_DMA_NOT_IN_USE = 0xb0000000, /* any other value */ 90 | }; 91 | 92 | #define GELIC_DESCR_DMA_STAT_MASK (0xf0000000) 93 | 94 | /* tx descriptor command and status */ 95 | enum gelic_descr_tx_dma_status { 96 | /* [19] */ 97 | GELIC_DESCR_TX_DMA_IKE = 0x00080000, /* IPSEC off */ 98 | /* [18] */ 99 | GELIC_DESCR_TX_DMA_FRAME_TAIL = 0x00040000, /* last descriptor of 100 | * the packet 101 | */ 102 | /* [17..16] */ 103 | GELIC_DESCR_TX_DMA_TCP_CHKSUM = 0x00020000, /* TCP packet */ 104 | GELIC_DESCR_TX_DMA_UDP_CHKSUM = 0x00030000, /* UDP packet */ 105 | GELIC_DESCR_TX_DMA_NO_CHKSUM = 0x00000000, /* no checksum */ 106 | 107 | /* [1] */ 108 | GELIC_DESCR_TX_DMA_CHAIN_END = 0x00000002, /* DMA terminated 109 | * due to chain end 110 | */ 111 | }; 112 | 113 | #define GELIC_DESCR_DMA_CMD_NO_CHKSUM \ 114 | (GELIC_DESCR_DMA_CARDOWNED | GELIC_DESCR_TX_DMA_IKE | \ 115 | GELIC_DESCR_TX_DMA_NO_CHKSUM) 116 | 117 | #define GELIC_DESCR_DMA_CMD_TCP_CHKSUM \ 118 | (GELIC_DESCR_DMA_CARDOWNED | GELIC_DESCR_TX_DMA_IKE | \ 119 | GELIC_DESCR_TX_DMA_TCP_CHKSUM) 120 | 121 | #define GELIC_DESCR_DMA_CMD_UDP_CHKSUM \ 122 | (GELIC_DESCR_DMA_CARDOWNED | GELIC_DESCR_TX_DMA_IKE | \ 123 | GELIC_DESCR_TX_DMA_UDP_CHKSUM) 124 | 125 | enum gelic_descr_rx_dma_status { 126 | /* [ 1 ] */ 127 | GELIC_DESCR_RX_DMA_CHAIN_END = 0x00000002, /* DMA terminated 128 | * due to chain end 129 | */ 130 | }; 131 | 132 | /* for lv1_net_control */ 133 | enum gelic_lv1_net_control_code { 134 | GELIC_LV1_GET_MAC_ADDRESS = 1, 135 | GELIC_LV1_GET_ETH_PORT_STATUS = 2, 136 | GELIC_LV1_SET_NEGOTIATION_MODE = 3, 137 | GELIC_LV1_GET_VLAN_ID = 4, 138 | GELIC_LV1_SET_WOL = 5, 139 | GELIC_LV1_GET_CHANNEL = 6, 140 | GELIC_LV1_POST_WLAN_CMD = 9, 141 | GELIC_LV1_GET_WLAN_CMD_RESULT = 10, 142 | GELIC_LV1_GET_WLAN_EVENT = 11, 143 | }; 144 | 145 | /* for GELIC_LV1_WOL_MAGIC_PACKET */ 146 | enum gelic_lv1_wol_mp_arg { 147 | GELIC_LV1_WOL_MP_DISABLE = 0, 148 | GELIC_LV1_WOL_MP_ENABLE = 1, 149 | }; 150 | 151 | /* for GELIC_LV1_WOL_{ADD,DELETE}_MATCH_ADDR */ 152 | enum gelic_lv1_wol_match_arg { 153 | GELIC_LV1_WOL_MATCH_INDIVIDUAL = 0, 154 | GELIC_LV1_WOL_MATCH_ALL = 1, 155 | }; 156 | 157 | /* status returened from GET_ETH_PORT_STATUS */ 158 | enum gelic_lv1_ether_port_status { 159 | GELIC_LV1_ETHER_LINK_UP = 0x0000000000000001L, 160 | GELIC_LV1_ETHER_FULL_DUPLEX = 0x0000000000000002L, 161 | GELIC_LV1_ETHER_AUTO_NEG = 0x0000000000000004L, 162 | 163 | GELIC_LV1_ETHER_SPEED_10 = 0x0000000000000010L, 164 | GELIC_LV1_ETHER_SPEED_100 = 0x0000000000000020L, 165 | GELIC_LV1_ETHER_SPEED_1000 = 0x0000000000000040L, 166 | GELIC_LV1_ETHER_SPEED_MASK = 0x0000000000000070L, 167 | }; 168 | 169 | enum gelic_lv1_vlan_index { 170 | /* for outgoing packets */ 171 | GELIC_LV1_VLAN_TX_ETHERNET_0 = 0x0000000000000002L, 172 | GELIC_LV1_VLAN_TX_WIRELESS = 0x0000000000000003L, 173 | 174 | /* for incoming packets */ 175 | GELIC_LV1_VLAN_RX_ETHERNET_0 = 0x0000000000000012L, 176 | GELIC_LV1_VLAN_RX_WIRELESS = 0x0000000000000013L, 177 | }; 178 | 179 | enum gelic_lv1_phy { 180 | GELIC_LV1_PHY_ETHERNET_0 = 0x0000000000000002L, 181 | }; 182 | 183 | /* size of hardware part of gelic descriptor */ 184 | #define GELIC_DESCR_SIZE (32) 185 | 186 | enum gelic_port_type { 187 | GELIC_PORT_ETHERNET_0 = 0, 188 | GELIC_PORT_WIRELESS = 1, 189 | GELIC_PORT_MAX 190 | }; 191 | 192 | struct gelic_descr { 193 | /* as defined by the hardware */ 194 | u32 buf_addr; 195 | u32 buf_size; 196 | u32 next_descr_addr; 197 | u32 dmac_cmd_status; 198 | u32 result_size; 199 | u32 valid_size; /* all zeroes for tx */ 200 | u32 data_status; 201 | u32 data_error; /* all zeroes for tx */ 202 | } __attribute__((aligned(32))); 203 | 204 | #endif 205 | -------------------------------------------------------------------------------- /lv2/ethdebug/main.cpp: -------------------------------------------------------------------------------- 1 | #include "lv2.h" 2 | 3 | #include "kammy_lv2.h" 4 | 5 | #include "debug.h" 6 | #include "lv1call.h" 7 | 8 | int ttyWriteHook(int channel, const char* message, int length, int* written) 9 | { 10 | debug_print(message, length); 11 | if (written) 12 | *written = length; 13 | return 0; 14 | } 15 | 16 | extern "C" u64 start() 17 | { 18 | u64 ret = debug_init(); 19 | if (ret) 20 | return ret; 21 | ret = debug_printf("ethdebug.bin: Initialized\n"); 22 | if (ret) 23 | return ret; 24 | Kammy_HookSyscall(403, (void*)ttyWriteHook); // tty_write 25 | Kammy_HookBranch((void*)0x800000000028A654, (void*)debug_printf, false); // lv2_printf 26 | Kammy_HookBranch((void*)0x800000000028F050, (void*)debug_printf, false); // lv2_printf_null 27 | return 0; 28 | } 29 | -------------------------------------------------------------------------------- /lv2/ethdebug/printf.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1995 Patrick Powell. 3 | * 4 | * This code is based on code written by Patrick Powell . 5 | * It may be used for any purpose as long as this notice remains intact on all 6 | * source code distributions. 7 | */ 8 | 9 | /* 10 | * Copyright (c) 2008 Holger Weiss. 11 | * 12 | * This version of the code is maintained by Holger Weiss . 13 | * My changes to the code may freely be used, modified and/or redistributed for 14 | * any purpose. It would be nice if additions and fixes to this file (including 15 | * trivial code cleanups) would be sent back in order to let me include them in 16 | * the version available at . 17 | * However, this is not a requirement for using or redistributing (possibly 18 | * modified) versions of this file, nor is leaving this notice intact mandatory. 19 | */ 20 | #ifndef __VSPRINTF_H__ 21 | #define __VSPRINTF_H__ 22 | 23 | #include 24 | 25 | int _vsprintf(char *buf, const char *fmt, va_list args); 26 | int _vsnprintf(char *str, size_t size, const char *format, va_list args); 27 | int _sprintf(char *buffer, const char *fmt, ...) __attribute__ ((format (printf, 2, 3))); 28 | 29 | #endif 30 | 31 | -------------------------------------------------------------------------------- /lv2/graf/cksum.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | 19 | u16 cksum(const void *data, int size) 20 | { 21 | const u16 *ptr; 22 | long sum; 23 | 24 | ptr = data; 25 | sum = 0; 26 | 27 | while(size > 1) 28 | { 29 | sum += *ptr++; 30 | if(sum & 0x80000000) 31 | sum = (sum & 0xFFFF) + (sum >> 16); 32 | 33 | size -= 2; 34 | } 35 | 36 | if (size) 37 | sum += (u16) *(u8 *) ptr; 38 | 39 | while (sum >> 16) 40 | sum = (sum & 0xFFFF) + (sum >> 16); 41 | 42 | return ~sum; 43 | } 44 | -------------------------------------------------------------------------------- /lv2/graf/cksum.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _CKSUM_H_ 18 | #define _CKSUM_H_ 19 | 20 | #include 21 | 22 | struct pseudo_hdr 23 | { 24 | u32 src; 25 | u32 dest; 26 | u8 zero; 27 | u8 proto; 28 | u16 len; 29 | }; 30 | 31 | u16 cksum(const void *data, int size); 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /lv2/graf/decrypt_pkg.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | 28 | #define SPU_BASE 0x8000000014000000ULL 29 | #define SPU_OFFSET 0x14000000ULL 30 | #define SPU_PAGE_SIZE 16 31 | #define SPU_SIZE 0x1000000 32 | #define SPU_MODULE_SIZE (1 << SPU_PAGE_SIZE) 33 | #define SPU_ARG_SIZE (SPU_SIZE - SPU_MODULE_SIZE) 34 | 35 | #define SPU_SHADOW_BASE 0x80000000133D0000ULL 36 | #define SPU_SHADOW_OFFSET 0x133D0000ULL 37 | #define SPU_SHADOW_SIZE 0x1000 38 | 39 | #define SPU_PRIV2_BASE 0x80000000133E0000ULL 40 | #define SPU_PRIV2_OFFSET 0x133E0000ULL 41 | #define SPU_PRIV2_SIZE 0x20000 42 | 43 | struct spu_args 44 | { 45 | u64 type; 46 | u64 flags; 47 | u8 *src_addr; 48 | u64 src_size; 49 | u8 *dst_addr; 50 | u64 dst_size; 51 | u8 *rvk_src_addr; 52 | u64 rvk_src_size; 53 | u8 *rvk_dst_addr; 54 | u64 rvk_dst_size; 55 | }; 56 | 57 | static volatile u64 spu_lpar_addr = 0x700020000000ULL + 0xE900000ULL - SPU_SIZE; 58 | 59 | static volatile u64 paid = 0x1050000003000001; 60 | static volatile u64 esid = 0x8000000018000000; 61 | static volatile u64 vsid = 0x0000000000001400; 62 | 63 | static struct spu_args __attribute__ ((aligned ((128)))) spu_args; 64 | 65 | int decrypt_pkg(void) 66 | { 67 | u64 hdr_size, encrypted_size; 68 | u64 priv2_addr, problem_phys, local_store_phys, unused, shadow_addr, spe_id, intr_status; 69 | u8 *spu_module, *spu_arg; 70 | struct spu_shadow *spu_shadow; 71 | struct spu_priv2 *spu_priv2; 72 | volatile u64 dummy; 73 | int spu_module_size, spu_arg_size, i, result; 74 | 75 | MM_LOAD_BASE(spu_module, SPU_OFFSET); 76 | 77 | result = mm_map_lpar_memory_region(spu_lpar_addr, (u64) spu_module, SPU_SIZE, 0xC, 0); 78 | if (result != 0) 79 | return result; 80 | 81 | spu_module_size = gelic_recv_data(spu_module, SPU_MODULE_SIZE); 82 | if (spu_module_size <= 0) 83 | return spu_module_size; 84 | 85 | spu_arg = (u8 *) spu_module + SPU_MODULE_SIZE; 86 | 87 | spu_arg_size = gelic_recv_data(spu_arg, SPU_ARG_SIZE); 88 | if (spu_arg_size <= 0) 89 | return spu_arg_size; 90 | 91 | result = lv1_construct_logical_spe(0xC, 0xC, 0xC, 0xC, 0xC, vas_get_id(), 2, 92 | &priv2_addr, &problem_phys, &local_store_phys, &unused, &shadow_addr, &spe_id); 93 | if (result != 0) 94 | return result; 95 | 96 | MM_LOAD_BASE(spu_shadow, SPU_SHADOW_OFFSET); 97 | 98 | result = mm_map_lpar_memory_region(shadow_addr, (u64) spu_shadow, SPU_SHADOW_SIZE, 0xC, 3); 99 | if (result != 0) 100 | return result; 101 | 102 | hdr_size = *(u64 *) (spu_arg + 0x10); 103 | encrypted_size = *(u64 *) (spu_arg + 0x18); 104 | 105 | memset(&spu_args, 0, sizeof(struct spu_args)); 106 | //spu_args.type = *(u32 *) (spu_arg + hdr_size + 4) + 1; 107 | spu_args.type = 1; 108 | spu_args.flags = 5; 109 | spu_args.src_addr = spu_arg; 110 | spu_args.src_size = (hdr_size + encrypted_size); 111 | spu_args.dst_addr = spu_arg + hdr_size; 112 | spu_args.dst_size = encrypted_size; 113 | spu_args.rvk_src_addr = rvk_pkg_341; 114 | spu_args.rvk_src_size = sizeof(rvk_pkg_341); 115 | spu_args.rvk_dst_addr = rvk_pkg_341; 116 | spu_args.rvk_dst_size = sizeof(rvk_pkg_341); 117 | 118 | result = lv1_undocumented_function_209(spe_id, paid, (u64) spu_module, 119 | (u64) &spu_args, sizeof(spu_args), 0, 0, 6); 120 | if (result != 0) 121 | return result; 122 | 123 | result = lv1_undocumented_function_62(spe_id, 0, 0, esid, vsid); 124 | if (result != 0) 125 | return result; 126 | 127 | result = lv1_clear_spe_interrupt_status(spe_id, 1, intr_status, 0); 128 | if (result != 0) 129 | return result; 130 | 131 | result = lv1_undocumented_function_168(spe_id, 0x3000, 1ULL << 32); 132 | if (result != 0) 133 | return result; 134 | 135 | while (1) 136 | { 137 | result = lv1_get_spe_interrupt_status(spe_id, 1, &intr_status); 138 | if (result != 0) 139 | return result; 140 | 141 | if (intr_status) 142 | { 143 | result = lv1_undocumented_function_62(spe_id, 0, 0, esid, vsid); 144 | if (result != 0) 145 | return result; 146 | 147 | result = lv1_clear_spe_interrupt_status(spe_id, 1, intr_status, 0); 148 | if (result != 0) 149 | return result; 150 | 151 | result = lv1_undocumented_function_168(spe_id, 0x3000, 1ULL << 32); 152 | if (result != 0) 153 | return result; 154 | } 155 | 156 | if (spu_shadow->execution_status == 0x7) 157 | { 158 | MM_LOAD_BASE(spu_priv2, SPU_PRIV2_OFFSET); 159 | 160 | result = mm_map_lpar_memory_region(priv2_addr, (u64) spu_priv2, SPU_PRIV2_SIZE, 0xC, 3); 161 | if (result != 0) 162 | return result; 163 | 164 | result = lv1_get_spe_interrupt_status(spe_id, 2, &intr_status); 165 | if (result != 0) 166 | return result; 167 | 168 | dummy = spu_priv2->spu_out_intr_mbox; 169 | 170 | result = lv1_undocumented_function_167(spe_id, 0x4000, &dummy); 171 | if (result != 0) 172 | return result; 173 | 174 | result = lv1_clear_spe_interrupt_status(spe_id, 2, intr_status, 0); 175 | if (result != 0) 176 | return result; 177 | 178 | result = lv1_undocumented_function_200(spe_id); 179 | if (result != 0) 180 | return result; 181 | } 182 | 183 | if ((spu_shadow->execution_status == 0x3) || 184 | (spu_shadow->execution_status == 0xB)) 185 | break; 186 | } 187 | 188 | lv1_pause(0); 189 | 190 | result = gelic_xmit_data(gelic_bcast_mac_addr, 0xCAFE, spu_shadow, SPU_SHADOW_SIZE); 191 | if (result != 0) 192 | return result; 193 | 194 | result = gelic_xmit_data(gelic_bcast_mac_addr, 0xCAFE, spu_arg, hdr_size + encrypted_size); 195 | if (result != 0) 196 | return result; 197 | 198 | lv1_panic(1); 199 | 200 | return 0; 201 | } 202 | -------------------------------------------------------------------------------- /lv2/graf/decrypt_pkg.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _DECRYPT_PKG_ 18 | #define _DECRYPT_PKG_ 19 | 20 | int decrypt_pkg(void); 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /lv2/graf/decrypt_profile.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | 27 | #define SPU_BASE 0x8000000014000000ULL 28 | #define SPU_OFFSET 0x14000000ULL 29 | #define SPU_PAGE_SIZE 16 30 | #define SPU_MODULE_SIZE (2 << SPU_PAGE_SIZE) 31 | #define SPU_ARG_SIZE (1 << SPU_PAGE_SIZE) 32 | #define SPU_SIZE (SPU_MODULE_SIZE + SPU_ARG_SIZE) 33 | 34 | #define SPU_SHADOW_BASE 0x80000000133D0000ULL 35 | #define SPU_SHADOW_OFFSET 0x133D0000ULL 36 | #define SPU_SHADOW_SIZE 0x1000 37 | 38 | #define SPU_PRIV2_BASE 0x80000000133E0000ULL 39 | #define SPU_PRIV2_OFFSET 0x133E0000ULL 40 | #define SPU_PRIV2_SIZE 0x20000 41 | 42 | static volatile u64 spu_lpar_addr = 0x700020000000ULL + 0xE900000ULL - SPU_SIZE; 43 | 44 | static volatile u64 paid = 0x1050000003000001; 45 | static volatile u64 esid = 0x8000000018000000; 46 | static volatile u64 vsid = 0x0000000000001400; 47 | 48 | int decrypt_profile(void) 49 | { 50 | u64 priv2_addr, problem_phys, local_store_phys, unused, shadow_addr, spe_id, intr_status; 51 | u8 *spu_module, *spu_arg; 52 | struct spu_shadow *spu_shadow; 53 | struct spu_priv2 *spu_priv2; 54 | volatile u64 dummy; 55 | int spu_module_size, spu_arg_size, i, result; 56 | 57 | MM_LOAD_BASE(spu_module, SPU_OFFSET); 58 | 59 | result = mm_map_lpar_memory_region(spu_lpar_addr, (u64) spu_module, SPU_SIZE, 0xC, 0); 60 | if (result != 0) 61 | return result; 62 | 63 | spu_module_size = gelic_recv_data(spu_module, SPU_MODULE_SIZE); 64 | if (spu_module_size <= 0) 65 | return spu_module_size; 66 | 67 | spu_arg = (u8 *) spu_module + SPU_MODULE_SIZE; 68 | 69 | spu_arg_size = gelic_recv_data(spu_arg, SPU_ARG_SIZE); 70 | if (spu_arg_size <= 0) 71 | return spu_arg_size; 72 | 73 | result = lv1_construct_logical_spe(0xC, 0xC, 0xC, 0xC, 0xC, vas_get_id(), 2, 74 | &priv2_addr, &problem_phys, &local_store_phys, &unused, &shadow_addr, &spe_id); 75 | if (result != 0) 76 | return result; 77 | 78 | MM_LOAD_BASE(spu_shadow, SPU_SHADOW_OFFSET); 79 | 80 | result = mm_map_lpar_memory_region(shadow_addr, (u64) spu_shadow, SPU_SHADOW_SIZE, 0xC, 3); 81 | if (result != 0) 82 | return result; 83 | 84 | result = lv1_undocumented_function_209(spe_id, paid, (u64) spu_module, 85 | (u64) spu_arg, spu_arg_size, 0, 0, 6); 86 | if (result != 0) 87 | return result; 88 | 89 | result = lv1_undocumented_function_62(spe_id, 0, 0, esid, vsid); 90 | if (result != 0) 91 | return result; 92 | 93 | result = lv1_clear_spe_interrupt_status(spe_id, 1, intr_status, 0); 94 | if (result != 0) 95 | return result; 96 | 97 | result = lv1_undocumented_function_168(spe_id, 0x3000, 1ULL << 32); 98 | if (result != 0) 99 | return result; 100 | 101 | while (1) 102 | { 103 | result = lv1_get_spe_interrupt_status(spe_id, 1, &intr_status); 104 | if (result != 0) 105 | return result; 106 | 107 | if (intr_status) 108 | { 109 | result = lv1_undocumented_function_62(spe_id, 0, 0, esid, vsid); 110 | if (result != 0) 111 | return result; 112 | 113 | result = lv1_clear_spe_interrupt_status(spe_id, 1, intr_status, 0); 114 | if (result != 0) 115 | return result; 116 | 117 | result = lv1_undocumented_function_168(spe_id, 0x3000, 1ULL << 32); 118 | if (result != 0) 119 | return result; 120 | } 121 | 122 | if (spu_shadow->execution_status == 0x7) 123 | { 124 | MM_LOAD_BASE(spu_priv2, SPU_PRIV2_OFFSET); 125 | 126 | result = mm_map_lpar_memory_region(priv2_addr, (u64) spu_priv2, SPU_PRIV2_SIZE, 0xC, 3); 127 | if (result != 0) 128 | return result; 129 | 130 | result = lv1_get_spe_interrupt_status(spe_id, 2, &intr_status); 131 | if (result != 0) 132 | return result; 133 | 134 | dummy = spu_priv2->spu_out_intr_mbox; 135 | 136 | result = lv1_undocumented_function_167(spe_id, 0x4000, &dummy); 137 | if (result != 0) 138 | return result; 139 | 140 | result = lv1_clear_spe_interrupt_status(spe_id, 2, intr_status, 0); 141 | if (result != 0) 142 | return result; 143 | 144 | result = lv1_undocumented_function_200(spe_id); 145 | if (result != 0) 146 | return result; 147 | } 148 | 149 | if ((spu_shadow->execution_status == 0xB) || 150 | (spu_shadow->execution_status == 0x3)) 151 | break; 152 | } 153 | 154 | lv1_pause(0); 155 | 156 | result = gelic_xmit_data(gelic_bcast_mac_addr, 0xCAFE, spu_shadow, SPU_SHADOW_SIZE); 157 | if (result != 0) 158 | return result; 159 | 160 | result = gelic_xmit_data(gelic_bcast_mac_addr, 0xCAFE, spu_arg, spu_arg_size); 161 | if (result != 0) 162 | return result; 163 | 164 | lv1_panic(1); 165 | 166 | return 0; 167 | } 168 | -------------------------------------------------------------------------------- /lv2/graf/decrypt_profile.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _DECRYPT_PROFILE_ 18 | #define _DECRYPT_PROFILE_ 19 | 20 | int decrypt_profile(void); 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /lv2/graf/decrypt_usb_dongle_master_key.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | 26 | #define DECRYPT_USB_DONGLE_MASTER_KEY_BASE 0x80000000133A0000ULL 27 | #define DECRYPT_USB_DONGLE_MASTER_KEY_OFFSET 0x133A0000ULL 28 | #define DECRYPT_USB_DONGLE_MASTER_KEY_PAGE_SIZE 12 29 | #define DECRYPT_USB_DONGLE_MASTER_KEY_SIZE (1 << DECRYPT_USB_DONGLE_MASTER_KEY_PAGE_SIZE) 30 | 31 | int decrypt_usb_dongle_master_key(void) 32 | { 33 | #define N(a) (sizeof((a)) / sizeof((a)[0])) 34 | 35 | static u64 subject_id[][2] = 36 | { 37 | { 0x1070000001000001, 0x1070000045000001 }, 38 | { 0x1070000002000001, 0x1070000001000002 }, 39 | { 0x1070000002000001, 0x1070000002000002 }, 40 | { 0x1070000002000001, 0x1070000003000002 }, 41 | { 0x1070000002000001, 0x1070000004000002 }, 42 | { 0x1070000002000001, 0x10700005FF000001 }, 43 | { 0x1070000002000001, 0x107000004E000001 }, 44 | { 0x1070000002000001, 0x1070000051000001 }, 45 | }; 46 | static u8 encrypted_usb_dongle_master_key[64] = 47 | { 48 | 0x22, 0xD5, 0xD1, 0x8C, 0xFF, 0xE2, 0x4F, 0xAC, 0xEC, 0x72, 0xA2, 49 | 0x42, 0xA7, 0x18, 0x98, 0x10, 0x25, 0x33, 0xE0, 0x96, 0xF2, 0xC1, 50 | 0x91, 0x0D, 0x15, 0x23, 0xD3, 0x07, 0x74, 0xE7, 0x2B, 0x72, 0xDF, 51 | 0xA6, 0xDD, 0xE9, 0x68, 0x8B, 0x76, 0x2A, 0x6A, 0x87, 0x51, 0x7F, 52 | 0x85, 0x39, 0x0B, 0xD4, 0x20, 0x3F, 0x46, 0x89, 0x04, 0x82, 0xB7, 53 | 0x30, 0x84, 0x89, 0x4B, 0xCC, 0x9D, 0xB1, 0x24, 0x7C 54 | }; 55 | u64 vuart_lpar_addr, muid, lpar_addr, ea_addr, nread, nwritten, val; 56 | void *msgbuf; 57 | struct dispmgr_header *dispmgr_header; 58 | struct ss_header *ss_header; 59 | struct ss_virtual_trm_mgr_decrypt_master *ss_virtual_trm_mgr_decrypt_master; 60 | int i, result; 61 | 62 | result = lv1_allocate_memory(DECRYPT_USB_DONGLE_MASTER_KEY_SIZE, 63 | DECRYPT_USB_DONGLE_MASTER_KEY_PAGE_SIZE, 0, 0, &vuart_lpar_addr, &muid); 64 | if (result != 0) 65 | return result; 66 | 67 | MM_LOAD_BASE(ea_addr, DECRYPT_USB_DONGLE_MASTER_KEY_OFFSET); 68 | lpar_addr = vuart_lpar_addr; 69 | 70 | for (i = 0; i < DECRYPT_USB_DONGLE_MASTER_KEY_SIZE >> DECRYPT_USB_DONGLE_MASTER_KEY_PAGE_SIZE; i++) 71 | { 72 | result = mm_insert_htab_entry(MM_EA2VA(ea_addr), lpar_addr, 0); 73 | if (result != 0) 74 | return result; 75 | 76 | ea_addr += (1 << DECRYPT_USB_DONGLE_MASTER_KEY_PAGE_SIZE); 77 | lpar_addr += (1 << DECRYPT_USB_DONGLE_MASTER_KEY_PAGE_SIZE); 78 | } 79 | 80 | MM_LOAD_BASE(msgbuf, DECRYPT_USB_DONGLE_MASTER_KEY_OFFSET); 81 | 82 | for (i = 0; i < N(subject_id); i++) 83 | { 84 | memset(msgbuf, 0, DECRYPT_USB_DONGLE_MASTER_KEY_SIZE); 85 | 86 | dispmgr_header = (struct dispmgr_header *) msgbuf; 87 | dispmgr_header->version = 1; 88 | dispmgr_header->function_id = 0x2000; 89 | dispmgr_header->request_size = 0x28; 90 | dispmgr_header->response_size = 0x100; 91 | 92 | ss_header = (struct ss_header *) (dispmgr_header + 1); 93 | memset(ss_header, 0, sizeof(struct ss_header)); 94 | ss_header->packet_id = 0x200E; 95 | ss_header->function_id = 0x2000; 96 | ss_header->laid = subject_id[i][0]; 97 | ss_header->paid = subject_id[i][1]; 98 | 99 | ss_virtual_trm_mgr_decrypt_master = 100 | (struct ss_virtual_trm_mgr_decrypt_master *) (ss_header + 1); 101 | memset(ss_virtual_trm_mgr_decrypt_master, 0, 102 | sizeof(struct ss_virtual_trm_mgr_decrypt_master)); 103 | memcpy(ss_virtual_trm_mgr_decrypt_master->seed, "_USB_DONGLE_AUTH", 16); 104 | memcpy(ss_virtual_trm_mgr_decrypt_master->msg, encrypted_usb_dongle_master_key, 64); 105 | 106 | dispmgr_header->request_size += sizeof(struct ss_virtual_trm_mgr_decrypt_master); 107 | 108 | result = lv1_write_virtual_uart(DISPMGR_VUART_PORT, vuart_lpar_addr, 109 | sizeof(struct dispmgr_header) + sizeof(struct ss_header) + 110 | sizeof(struct ss_virtual_trm_mgr_decrypt_master), &nwritten); 111 | if (result < 0) 112 | return result; 113 | 114 | for (;;) 115 | { 116 | result = lv1_get_virtual_uart_param(DISPMGR_VUART_PORT, VUART_PARAM_RX_BYTES, &val); 117 | if (result < 0) 118 | return result; 119 | 120 | if (val != 0) 121 | break; 122 | } 123 | 124 | for (;;) 125 | { 126 | result = lv1_read_virtual_uart(DISPMGR_VUART_PORT, vuart_lpar_addr, 127 | DECRYPT_USB_DONGLE_MASTER_KEY_SIZE, &nread); 128 | if (result < 0) 129 | return result; 130 | 131 | if (nread == 0) 132 | break; 133 | 134 | result = gelic_xmit_data(gelic_bcast_mac_addr, 0xCAFE, msgbuf, nread); 135 | if (result < 0) 136 | return result; 137 | } 138 | } 139 | 140 | return 0; 141 | 142 | #undef N 143 | } 144 | -------------------------------------------------------------------------------- /lv2/graf/decrypt_usb_dongle_master_key.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _DECRYPT_USB_DONGLE_MASTER_KEY_H_ 18 | #define _DECRYPT_USB_DONGLE_MASTER_KEY_H_ 19 | 20 | int decrypt_usb_dongle_master_key(void); 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /lv2/graf/dispmgr.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _DISPMGR_H_ 18 | #define _DISPMGR_H_ 19 | 20 | #include 21 | 22 | #define DISPMGR_VUART_PORT 10 23 | 24 | struct dispmgr_header 25 | { 26 | u32 version; 27 | u32 function_id; 28 | u32 request_size; 29 | u32 response_size; 30 | }; 31 | 32 | #endif 33 | -------------------------------------------------------------------------------- /lv2/graf/dump_flash.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | int dump_flash(void) 24 | { 25 | u64 region_id, sector; 26 | u8 buf[1024]; 27 | int i, result; 28 | 29 | result = stor_init(STOR_FLASH_DEV_ID); 30 | if (result != 0) 31 | return result; 32 | 33 | for (region_id = 0; region_id < 1; region_id++) 34 | { 35 | for (sector = 0; sector < 0x8000; sector++) 36 | { 37 | result = stor_read(region_id, sector, 1, 0x2, buf + 16); 38 | 39 | memcpy(buf, ®ion_id, 8); 40 | memcpy(buf + 8, §or, 8); 41 | 42 | if (result != 0) 43 | { 44 | memcpy(buf + 16, &result, 4); 45 | 46 | result = gelic_xmit(gelic_bcast_mac_addr, 0xCAFE, buf, 16 + 4); 47 | if (result != 0) 48 | return result; 49 | } 50 | else 51 | { 52 | result = gelic_xmit(gelic_bcast_mac_addr, 0xCAFE, buf, 16 + STOR_FLASH_BLOCK_SIZE); 53 | if (result != 0) 54 | return result; 55 | } 56 | 57 | for (i = 0; i < 10000; i++) 58 | __asm__ __volatile__ ("nop"); 59 | } 60 | } 61 | 62 | return 0; 63 | } 64 | -------------------------------------------------------------------------------- /lv2/graf/dump_flash.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _DUMP_FLASH_H_ 18 | #define _DUMP_FLASH_H_ 19 | 20 | #include 21 | 22 | int dump_flash(void); 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /lv2/graf/dump_htab.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | #define DUMP_HTAB_BASE 0x80000000133A0000ULL 24 | #define DUMP_HTAB_OFFSET 0x133A0000ULL 25 | #define DUMP_HTAB_PAGE_SIZE 12 26 | #define DUMP_HTAB_SIZE (1024 * 1024) 27 | 28 | int dump_htab(void) 29 | { 30 | u64 htab_lpar_addr, lpar_addr, ea_addr; 31 | void *htab; 32 | int i, result; 33 | 34 | /* 35 | result = lv1_map_htab(0, &htab_lpar_addr); 36 | if (result != 0) 37 | return result; 38 | 39 | MM_LOAD_BASE(ea_addr, DUMP_HTAB_OFFSET); 40 | lpar_addr = htab_lpar_addr; 41 | 42 | for (i = 0; i < DUMP_HTAB_SIZE >> DUMP_HTAB_PAGE_SIZE; i++) 43 | { 44 | result = mm_insert_htab_entry(MM_EA2VA(ea_addr), lpar_addr, 3); 45 | if (result != 0) 46 | return result; 47 | 48 | ea_addr += (1 << DUMP_HTAB_PAGE_SIZE); 49 | lpar_addr += (1 << DUMP_HTAB_PAGE_SIZE); 50 | } 51 | 52 | MM_LOAD_BASE(htab, DUMP_HTAB_OFFSET); 53 | 54 | result = gelic_xmit_data(gelic_bcast_mac_addr, 0xCAFE, htab, DUMP_HTAB_SIZE); 55 | if (result < 0) 56 | return result; 57 | */ 58 | 59 | MM_LOAD_BASE(htab, 0xF000000ULL); 60 | 61 | result = gelic_xmit_data(gelic_bcast_mac_addr, 0xCAFE, htab, 0x40000); 62 | if (result < 0) 63 | return result; 64 | 65 | return 0; 66 | } 67 | -------------------------------------------------------------------------------- /lv2/graf/dump_htab.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _DUMP_HTAB_H_ 18 | #define _DUMP_HTAB_H_ 19 | 20 | int dump_htab(void); 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /lv2/graf/dump_lv2.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | 22 | #define DUMP_LV2_BASE 0x80000000133A0000ULL 23 | #define DUMP_LV2_OFFSET 0x133A0000ULL 24 | #define DUMP_LV2_PAGE_SIZE 12 25 | #define DUMP_LV2_SIZE (1 << DUMP_LV2_PAGE_SIZE) 26 | 27 | int dump_lv2(u64 start_addr, u64 size) 28 | { 29 | u64 lpar_addr, muid, addr; 30 | u8 *buf; 31 | int result; 32 | 33 | result = lv1_allocate_memory(DUMP_LV2_SIZE, DUMP_LV2_PAGE_SIZE, 0, 0, 34 | &lpar_addr, &muid); 35 | if (result != 0) 36 | return result; 37 | 38 | result = mm_insert_htab_entry(MM_EA2VA(DUMP_LV2_BASE), lpar_addr, 0); 39 | if (result != 0) 40 | return result; 41 | 42 | MM_LOAD_BASE(buf, DUMP_LV2_OFFSET); 43 | 44 | for (addr = start_addr; addr < start_addr + size; addr += 1024) 45 | { 46 | memcpy(buf, &addr, 8); 47 | memcpy(buf + 8, (u64 *) addr, 1024); 48 | 49 | result = gelic_xmit(gelic_bcast_mac_addr, 0xCAFE, buf, 8 + 1024); 50 | if (result != 0) 51 | return result; 52 | } 53 | 54 | return 0; 55 | } 56 | -------------------------------------------------------------------------------- /lv2/graf/dump_lv2.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _DUMP_LV2_H_ 18 | #define _DUMP_LV2_H_ 19 | 20 | #include 21 | 22 | int dump_lv2(u64 start_addr, u64 size); 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /lv2/graf/dump_profile.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | 27 | #define DUMP_PROFILE_BASE 0x80000000133A0000ULL 28 | #define DUMP_PROFILE_OFFSET 0x133A0000ULL 29 | #define DUMP_PROFILE_PAGE_SIZE 12 30 | #define DUMP_PROFILE_SIZE (1 << DUMP_PROFILE_PAGE_SIZE) 31 | 32 | int dump_profile(void) 33 | { 34 | #define N(a) (sizeof((a)) / sizeof((a)[0])) 35 | 36 | static u64 subject_id[][2] = 37 | { 38 | { 0x1070000002000001, 0x10700003FF000001 }, 39 | { 0x1070000002000001, 0x10700003FF000001 }, 40 | { 0x1070000002000001, 0x10700003FF000001 }, 41 | }; 42 | u64 lpar_addr, muid, nread, nwritten, val; 43 | void *msgbuf; 44 | struct dispmgr_header *dispmgr_header; 45 | struct ss_header *ss_header; 46 | struct ss_secure_profile_loader_get *ss_secure_profile_loader_get; 47 | int i, result; 48 | 49 | result = lv1_allocate_memory(DUMP_PROFILE_SIZE, DUMP_PROFILE_PAGE_SIZE, 50 | 0, 0, &lpar_addr, &muid); 51 | if (result != 0) 52 | return result; 53 | 54 | result = mm_insert_htab_entry(MM_EA2VA(DUMP_PROFILE_BASE), lpar_addr, 0); 55 | if (result != 0) 56 | return result; 57 | 58 | MM_LOAD_BASE(msgbuf, DUMP_PROFILE_OFFSET); 59 | 60 | for (i = 0; i < N(subject_id); i++) 61 | { 62 | memset(msgbuf, 0, DUMP_PROFILE_SIZE); 63 | 64 | dispmgr_header = (struct dispmgr_header *) msgbuf; 65 | dispmgr_header->version = 1; 66 | dispmgr_header->function_id = 0x15000; 67 | dispmgr_header->request_size = 0x28; 68 | dispmgr_header->response_size = 0x400; 69 | 70 | ss_header = (struct ss_header *) (dispmgr_header + 1); 71 | ss_header->packet_id = 0x15003; 72 | ss_header->function_id = 0x15000; 73 | ss_header->laid = subject_id[i][0]; 74 | ss_header->paid = subject_id[i][1]; 75 | 76 | ss_secure_profile_loader_get = 77 | (struct ss_secure_profile_loader_get *) (ss_header + 1); 78 | memcpy(ss_secure_profile_loader_get->profile_name, "DEFAULT.SPP", 11); 79 | ss_secure_profile_loader_get->contents_type = 0xA; 80 | memcpy(ss_secure_profile_loader_get->contents_name, "SCE_CELLOS_SYSTEM_MGR", 21); 81 | ss_secure_profile_loader_get->contents_size = 8; 82 | *(u64 *) ((u8 *) (ss_secure_profile_loader_get + 1) + 83 | ss_secure_profile_loader_get->contents_size + 8) = 84 | SS_SECURE_PROFILE_LOADER_GET_CONTENTS_SIZE; 85 | 86 | dispmgr_header->request_size += sizeof(struct ss_secure_profile_loader_get) + 87 | ss_secure_profile_loader_get->contents_size + 16; 88 | 89 | result = lv1_write_virtual_uart(DISPMGR_VUART_PORT, lpar_addr, 90 | sizeof(struct dispmgr_header) + sizeof(struct ss_header) + 91 | sizeof(struct ss_secure_profile_loader_get) + 92 | ss_secure_profile_loader_get->contents_size + 16, &nwritten); 93 | if (result < 0) 94 | return result; 95 | 96 | for (;;) 97 | { 98 | result = lv1_get_virtual_uart_param(DISPMGR_VUART_PORT, VUART_PARAM_RX_BYTES, &val); 99 | if (result < 0) 100 | return result; 101 | 102 | if (val != 0) 103 | break; 104 | } 105 | 106 | result = lv1_read_virtual_uart(DISPMGR_VUART_PORT, lpar_addr, DUMP_PROFILE_SIZE, &nread); 107 | if (result < 0) 108 | return result; 109 | 110 | result = gelic_xmit_data(gelic_bcast_mac_addr, 0xCAFE, msgbuf, nread); 111 | if (result < 0) 112 | return result; 113 | } 114 | 115 | return 0; 116 | 117 | #undef N 118 | } 119 | -------------------------------------------------------------------------------- /lv2/graf/dump_profile.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _DUMP_PROFILE_H_ 18 | #define _DUMP_PROFILE_H_ 19 | 20 | int dump_profile(void); 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /lv2/graf/dump_repo_nodes.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | 26 | int dump_repo_nodes(void) 27 | { 28 | #define N(a) (sizeof((a)) / sizeof((a)[0])) 29 | 30 | static const u64 nodes[][4] = 31 | { 32 | /* ss.laid */ 33 | { 0x0000000073730000, 0x6C61696400000000, 0x0000000000000000, 0x0000000000000000 }, 34 | /* sys.lv1.iso_enbl */ 35 | { 0x0000000073797300, 0x6C76310000000000, 0x69736F5F656E626C, 0x0000000000000000 }, 36 | /* sys.flash.fmt */ 37 | { 0x0000000073797300, 0x666C617368000000, 0x666D740000000000, 0x0000000000000000 }, 38 | /* sys.flash.boot */ 39 | { 0x0000000073797300, 0x666C617368000000, 0x626F6F7400000000, 0x0000000000000000 }, 40 | /* bus1.num_dev */ 41 | { 0x0000000062757301, 0x6E756D5F64657600, 0x0000000000000000, 0x0000000000000000 }, 42 | /* bus4.num_dev */ 43 | { 0x0000000062757304, 0x6E756D5F64657600, 0x0000000000000000, 0x0000000000000000 }, 44 | /* bus4.dev1.region0.size */ 45 | { 0x0000000062757304, 0x6465760000000001, 0x726567696F6E0000, 0x73697A6500000000 }, 46 | /* bus4.dev2.region0.size */ 47 | { 0x0000000062757304, 0x6465760000000002, 0x726567696F6E0000, 0x73697A6500000000 }, 48 | /* bus4.dev4.region0.size */ 49 | { 0x0000000062757304, 0x6465760000000004, 0x726567696F6E0000, 0x73697A6500000000 }, 50 | /* bus4.dev0.blk_size */ 51 | { 0x0000000062757304, 0x6465760000000000, 0x626C6B5F73697A65, 0x0000000000000000 }, 52 | /* bus4.dev4.blk_size */ 53 | { 0x0000000062757304, 0x6465760000000004, 0x626C6B5F73697A65, 0x0000000000000000 }, 54 | /* ss.param.qa.flag */ 55 | { 0x0000000073730000, 0x706172616D000000, 0x7161000000000000, 0x666C616700000000 }, 56 | }; 57 | u64 entries[N(nodes)][7], v1, v2; 58 | int i, result; 59 | 60 | for (i = 0; i < N(nodes); i++) 61 | { 62 | result = lv1_get_repository_node_value(REPO_NODE_LPAR_ID_PME, nodes[i][0], nodes[i][1], 63 | nodes[i][2], nodes[i][3], &v1, &v2); 64 | 65 | entries[i][0] = result; 66 | memcpy(&entries[i][1], &nodes[i][0], 4 * 8); 67 | entries[i][5] = v1; 68 | entries[i][6] = v2; 69 | } 70 | 71 | return gelic_xmit(gelic_bcast_mac_addr, 0xCAFE, entries, sizeof(entries)); 72 | 73 | #undef N 74 | } 75 | 76 | int dump_repo_nodes_spu(void) 77 | { 78 | #define N(a) (sizeof((a)) / sizeof((a)[0])) 79 | 80 | static const u64 nodes[][5] = 81 | { 82 | /* bi.spursvn */ 83 | { 0x0000000062690000, 0x7370757273766E00, 0x0000000000000000, 0x0000000000000000 }, 84 | /* bi.spursv.0 */ 85 | { 0x0000000062690000, 0x7370757273760000, 0x0000000000000000, 0x0000000000000000 }, 86 | /* bi.spursv.1 */ 87 | { 0x0000000062690000, 0x7370757273760000, 0x0000000000000001, 0x0000000000000000 }, 88 | /* bi.spursv.2 */ 89 | { 0x0000000062690000, 0x7370757273760000, 0x0000000000000002, 0x0000000000000000 }, 90 | /* bi.spursv.3 */ 91 | { 0x0000000062690000, 0x7370757273760000, 0x0000000000000003, 0x0000000000000000 }, 92 | /* bi.spursv.4 */ 93 | { 0x0000000062690000, 0x7370757273760000, 0x0000000000000004, 0x0000000000000000 }, 94 | /* bi.spursv.5 */ 95 | { 0x0000000062690000, 0x7370757273760000, 0x0000000000000005, 0x0000000000000000 }, 96 | /* bi.spursv.6 */ 97 | { 0x0000000062690000, 0x7370757273760000, 0x0000000000000006, 0x0000000000000000 }, 98 | /* bi.spursv.7 */ 99 | { 0x0000000062690000, 0x7370757273760000, 0x0000000000000007, 0x0000000000000000 }, 100 | }; 101 | u64 entries[N(nodes)][7], v1, v2; 102 | int i, result; 103 | 104 | for (i = 0; i < N(nodes); i++) 105 | { 106 | result = lv1_get_repository_node_value(2, nodes[i][0], nodes[i][1], 107 | nodes[i][2], nodes[i][3], &v1, &v2); 108 | 109 | entries[i][0] = result; 110 | memcpy(&entries[i][1], &nodes[i][0], 4 * 8); 111 | entries[i][5] = v1; 112 | entries[i][6] = v2; 113 | } 114 | 115 | return gelic_xmit(gelic_bcast_mac_addr, 0xCAFE, entries, sizeof(entries)); 116 | 117 | #undef N 118 | } 119 | -------------------------------------------------------------------------------- /lv2/graf/dump_repo_nodes.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _DUMP_REPO_NODES_H_ 18 | #define _DUMP_REPO_NODES_H_ 19 | 20 | int dump_repo_nodes(void); 21 | 22 | int dump_repo_nodes_spu(void); 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /lv2/graf/dump_slb.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | 21 | #define SLB_SIZE 64 22 | 23 | int dump_slb(void) 24 | { 25 | u64 entries[2 * SLB_SIZE], e, v; 26 | int i; 27 | 28 | for (i = 0; i < SLB_SIZE; i += 2) 29 | { 30 | __asm__ __volatile__ ("slbmfee %0, %1" : "=r"(e) : "r"(i)); 31 | __asm__ __volatile__ ("slbmfev %0, %1" : "=r"(v) : "r"(i)); 32 | 33 | entries[i] = e; 34 | entries[i + 1] = v; 35 | } 36 | 37 | return gelic_xmit(gelic_bcast_mac_addr, 0xCAFE, entries, sizeof(entries)); 38 | } 39 | -------------------------------------------------------------------------------- /lv2/graf/dump_slb.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _DUMP_SLB_H_ 18 | #define _DUMP_SLB_H_ 19 | 20 | int dump_slb(void); 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /lv2/graf/dump_sprg0.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | 20 | int dump_sprg0(void) 21 | { 22 | u64 sprg0; 23 | 24 | __asm__ __volatile__ ("mfsprg0 %0" : "=r"(sprg0)); 25 | 26 | return gelic_xmit(gelic_bcast_mac_addr, 0xCAFE, &sprg0, 8); 27 | } 28 | -------------------------------------------------------------------------------- /lv2/graf/dump_sprg0.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _DUMP_SPRG0_H_ 18 | #define _DUMP_SPRG0_H_ 19 | 20 | int dump_sprg0(void); 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /lv2/graf/dump_stor.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | 22 | int dump_stor(void) 23 | { 24 | u64 region_id, sector; 25 | u8 buf[1024]; 26 | int i, result; 27 | 28 | result = stor_init(3); 29 | if (result != 0) 30 | return result; 31 | 32 | for (region_id = 0; region_id < 8; region_id++) 33 | { 34 | for (sector = 0; sector < 100; sector++) 35 | { 36 | result = stor_read(region_id, sector, 1, 0x2, buf + 16); 37 | 38 | memcpy(buf, ®ion_id, 8); 39 | memcpy(buf + 8, §or, 8); 40 | 41 | if (result != 0) 42 | { 43 | memcpy(buf + 16, &result, 4); 44 | 45 | result = gelic_xmit(gelic_bcast_mac_addr, 0xCAFE, buf, 16 + 4); 46 | if (result != 0) 47 | return result; 48 | } 49 | else 50 | { 51 | result = gelic_xmit(gelic_bcast_mac_addr, 0xCAFE, buf, 16 + 0x200); 52 | if (result != 0) 53 | return result; 54 | } 55 | 56 | for (i = 0; i < 10000; i++) 57 | __asm__ __volatile__ ("nop"); 58 | } 59 | } 60 | 61 | lv1_panic(1); 62 | 63 | return 0; 64 | } 65 | -------------------------------------------------------------------------------- /lv2/graf/dump_stor.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _DUMP_STOR_H_ 18 | #define _DUMP_STOR_H_ 19 | 20 | #include 21 | 22 | int dump_stor(void); 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /lv2/graf/gelic.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _GELIC_H_ 18 | #define _GELIC_H_ 19 | 20 | /* Kammy Modification: This define causes gelic to use printf to send 21 | * data using lv2 tty (like Kammy's ethdebug) rather than actually using 22 | * the gelic ethernet interface. Why? Because I like using ethdebug and 23 | * the gelic code doesn't support PS3 Slim systems. 24 | */ 25 | #define GELIC_TTY 26 | 27 | #include 28 | 29 | extern const u8 gelic_bcast_mac_addr[VLAN_ETH_ALEN]; 30 | 31 | int gelic_init(void); 32 | 33 | int gelic_xmit(const u8 dest_mac_addr[VLAN_ETH_ALEN], u16 proto, const void *data, u64 size); 34 | 35 | int gelic_recv(void *data, u64 max_size); 36 | 37 | int gelic_xmit_data(const u8 dest_mac_addr[VLAN_ETH_ALEN], u16 proto, const void *data, u64 size); 38 | 39 | int gelic_recv_data(const void *data, u64 max_size); 40 | 41 | int gelic_xmit_test(void); 42 | 43 | int gelic_recv_test(void); 44 | 45 | #endif 46 | -------------------------------------------------------------------------------- /lv2/graf/hvcall.S: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | 19 | #define LV1_N_IN_0_OUT(API_NAME, API_NUMBER) \ 20 | _GLOBAL(##API_NAME) \ 21 | mflr %r0; \ 22 | std %r0, 16(%r1); \ 23 | li %r11, API_NUMBER; \ 24 | sc 1; \ 25 | ld %r0, 16(%r1); \ 26 | mtlr %r0; \ 27 | blr 28 | 29 | #define LV1_1_IN_0_OUT LV1_N_IN_0_OUT 30 | #define LV1_1_IN_0_OUT LV1_N_IN_0_OUT 31 | #define LV1_2_IN_0_OUT LV1_N_IN_0_OUT 32 | #define LV1_3_IN_0_OUT LV1_N_IN_0_OUT 33 | #define LV1_4_IN_0_OUT LV1_N_IN_0_OUT 34 | #define LV1_5_IN_0_OUT LV1_N_IN_0_OUT 35 | #define LV1_6_IN_0_OUT LV1_N_IN_0_OUT 36 | #define LV1_7_IN_0_OUT LV1_N_IN_0_OUT 37 | #define LV1_8_IN_0_OUT LV1_N_IN_0_OUT 38 | 39 | #define LV1_0_IN_1_OUT(API_NAME, API_NUMBER) \ 40 | _GLOBAL(##API_NAME) \ 41 | mflr %r0; \ 42 | std %r0, 16(%r1); \ 43 | stdu %r3, -8(%r1); \ 44 | li %r11, API_NUMBER; \ 45 | sc 1; \ 46 | addi %r1, %r1, 8; \ 47 | ld %r11, -8(%r1); \ 48 | std %r4, 0(%r11); \ 49 | ld %r0, 16(%r1); \ 50 | mtlr %r0; \ 51 | blr 52 | 53 | #define LV1_1_IN_1_OUT(API_NAME, API_NUMBER) \ 54 | _GLOBAL(##API_NAME) \ 55 | mflr %r0; \ 56 | std %r0, 16(%r1); \ 57 | stdu %r4, -8(%r1); \ 58 | li %r11, API_NUMBER; \ 59 | sc 1; \ 60 | addi %r1, %r1, 8; \ 61 | ld %r11, -8(%r1); \ 62 | std %r4, 0(%r11); \ 63 | ld %r0, 16(%r1); \ 64 | mtlr %r0; \ 65 | blr 66 | 67 | #define LV1_1_IN_2_OUT(API_NAME, API_NUMBER) \ 68 | _GLOBAL(##API_NAME) \ 69 | mflr %r0; \ 70 | std %r0, 16(%r1); \ 71 | std %r4, -8(%r1); \ 72 | stdu %r5, -16(%r1); \ 73 | li %r11, API_NUMBER; \ 74 | sc 1; \ 75 | addi %r1, %r1, 16; \ 76 | ld %r11, -8(%r1); \ 77 | std %r4, 0(%r11); \ 78 | ld %r11, -16(%r1); \ 79 | std %r5, 0(%r11); \ 80 | ld %r0, 16(%r1); \ 81 | mtlr %r0; \ 82 | blr 83 | 84 | #define LV1_1_IN_5_OUT(API_NAME, API_NUMBER) \ 85 | _GLOBAL(##API_NAME) \ 86 | mflr %r0; \ 87 | std %r0, 16(%r1); \ 88 | std %r4, -8(%r1); \ 89 | std %r5, -16(%r1); \ 90 | std %r6, -24(%r1); \ 91 | std %r7, -32(%r1); \ 92 | stdu %r8, -40(%r1); \ 93 | li %r11, API_NUMBER; \ 94 | sc 1; \ 95 | addi %r1, %r1, 40; \ 96 | ld %r11, -8(%r1); \ 97 | std %r4, 0(%r11); \ 98 | ld %r11, -16(%r1); \ 99 | std %r5, 0(%r11); \ 100 | ld %r11, -24(%r1); \ 101 | std %r6, 0(%r11); \ 102 | ld %r11, -32(%r1); \ 103 | std %r7, 0(%r11); \ 104 | ld %r11, -40(%r1); \ 105 | std %r8, 0(%r11); \ 106 | ld %r0, 16(%r1); \ 107 | mtlr %r0; \ 108 | blr 109 | 110 | #define LV1_2_IN_1_OUT(API_NAME, API_NUMBER) \ 111 | _GLOBAL(##API_NAME) \ 112 | mflr %r0; \ 113 | std %r0, 16(%r1); \ 114 | stdu %r5, -8(%r1); \ 115 | li %r11, API_NUMBER; \ 116 | sc 1; \ 117 | addi %r1, %r1, 8; \ 118 | ld %r11, -8(%r1); \ 119 | std %r4, 0(%r11); \ 120 | ld %r0, 16(%r1); \ 121 | mtlr %r0; \ 122 | blr 123 | 124 | #define LV1_3_IN_1_OUT(API_NAME, API_NUMBER) \ 125 | _GLOBAL(##API_NAME) \ 126 | mflr %r0; \ 127 | std %r0, 16(%r1); \ 128 | stdu %r6, -8(%r1); \ 129 | li %r11, API_NUMBER; \ 130 | sc 1; \ 131 | addi %r1, %r1, 8; \ 132 | ld %r11, -8(%r1); \ 133 | std %r4, 0(%r11); \ 134 | ld %r0, 16(%r1); \ 135 | mtlr %r0; \ 136 | blr 137 | 138 | #define LV1_3_IN_2_OUT(API_NAME, API_NUMBER) \ 139 | _GLOBAL(##API_NAME) \ 140 | mflr %r0; \ 141 | std %r0, 16(%r1); \ 142 | std %r6, -8(%r1); \ 143 | stdu %r7, -16(%r1); \ 144 | li %r11, API_NUMBER; \ 145 | sc 1; \ 146 | addi %r1, %r1, 16; \ 147 | ld %r11, -8(%r1); \ 148 | std %r4, 0(%r11); \ 149 | ld %r11, -16(%r1); \ 150 | std %r5, 0(%r11); \ 151 | ld %r0, 16(%r1); \ 152 | mtlr %r0; \ 153 | blr 154 | 155 | #define LV1_4_IN_2_OUT(API_NAME, API_NUMBER) \ 156 | _GLOBAL(##API_NAME) \ 157 | mflr %r0; \ 158 | std %r0, 16(%r1); \ 159 | std %r7, -8(%r1); \ 160 | stdu %r8, -16(%r1); \ 161 | li %r11, API_NUMBER; \ 162 | sc 1; \ 163 | addi %r1, %r1, 16; \ 164 | ld %r11, -8(%r1); \ 165 | std %r4, 0(%r11); \ 166 | ld %r11, -16(%r1); \ 167 | std %r5, 0(%r11); \ 168 | ld %r0, 16(%r1); \ 169 | mtlr %r0; \ 170 | blr 171 | 172 | #define LV1_5_IN_1_OUT(API_NAME, API_NUMBER) \ 173 | _GLOBAL(##API_NAME) \ 174 | mflr %r0; \ 175 | std %r0, 16(%r1); \ 176 | stdu %r8, -8(%r1); \ 177 | li %r11, API_NUMBER; \ 178 | sc 1; \ 179 | addi %r1, %r1, 8; \ 180 | ld %r11, -8(%r1); \ 181 | std %r4, 0(%r11); \ 182 | ld %r0, 16(%r1); \ 183 | mtlr %r0; \ 184 | blr 185 | 186 | #define LV1_5_IN_2_OUT(API_NAME, API_NUMBER) \ 187 | _GLOBAL(##API_NAME) \ 188 | mflr %r0; \ 189 | std %r0, 16(%r1); \ 190 | std %r8, -8(%r1); \ 191 | stdu %r9, -16(%r1); \ 192 | li %r11, API_NUMBER; \ 193 | sc 1; \ 194 | addi %r1, %r1, 16; \ 195 | ld %r11, -8(%r1); \ 196 | std %r4, 0(%r11); \ 197 | ld %r11, -16(%r1); \ 198 | std %r5, 0(%r11); \ 199 | ld %r0, 16(%r1); \ 200 | mtlr %r0; \ 201 | blr 202 | 203 | #define LV1_6_IN_1_OUT(API_NAME, API_NUMBER) \ 204 | _GLOBAL(##API_NAME) \ 205 | mflr %r0; \ 206 | std %r0, 16(%r1); \ 207 | stdu %r9, -8(%r1); \ 208 | li %r11, API_NUMBER; \ 209 | sc 1; \ 210 | addi %r1, %r1, 8; \ 211 | ld %r11, -8(%r1); \ 212 | std %r4, 0(%r11); \ 213 | ld %r0, 16(%r1); \ 214 | mtlr %r0; \ 215 | blr 216 | 217 | #define LV1_6_IN_2_OUT(API_NAME, API_NUMBER) \ 218 | _GLOBAL(##API_NAME) \ 219 | mflr %r0; \ 220 | std %r0, 16(%r1); \ 221 | std %r9, -8(%r1); \ 222 | stdu %r10, -16(%r1); \ 223 | li %r11, API_NUMBER; \ 224 | sc 1; \ 225 | addi %r1, %r1, 16; \ 226 | ld %r11, -8(%r1); \ 227 | std %r4, 0(%r11); \ 228 | ld %r11, -16(%r1); \ 229 | std %r5, 0(%r11); \ 230 | ld %r0, 16(%r1); \ 231 | mtlr %r0; \ 232 | blr 233 | 234 | #define LV1_6_IN_3_OUT(API_NAME, API_NUMBER) \ 235 | _GLOBAL(##API_NAME) \ 236 | mflr %r0; \ 237 | std %r0, 16(%r1); \ 238 | std %r9, -8(%r1); \ 239 | stdu %r10, -16(%r1); \ 240 | li %r11, API_NUMBER; \ 241 | sc 1; \ 242 | addi %r1, %r1, 16; \ 243 | ld %r11, -8(%r1); \ 244 | std %r4, 0(%r11); \ 245 | ld %r11, -16(%r1); \ 246 | std %r5, 0(%r11); \ 247 | ld %r11, 48+8*8(%r1); \ 248 | std %r6, 0(%r11); \ 249 | ld %r0, 16(%r1); \ 250 | mtlr %r0; \ 251 | blr 252 | 253 | #define LV1_7_IN_6_OUT(API_NAME, API_NUMBER) \ 254 | _GLOBAL(##API_NAME) \ 255 | mflr %r0; \ 256 | std %r0, 16(%r1); \ 257 | std %r10, 48+8*7(%r1); \ 258 | li %r11, API_NUMBER; \ 259 | sc 1; \ 260 | ld %r11, 48+8*7(%r1); \ 261 | std %r4, 0(%r11); \ 262 | ld %r11, 48+8*8(%r1); \ 263 | std %r5, 0(%r11); \ 264 | ld %r11, 48+8*9(%r1); \ 265 | std %r6, 0(%r11); \ 266 | ld %r11, 48+8*10(%r1); \ 267 | std %r7, 0(%r11); \ 268 | ld %r11, 48+8*11(%r1); \ 269 | std %r8, 0(%r11); \ 270 | ld %r11, 48+8*12(%r1); \ 271 | std %r9, 0(%r11); \ 272 | ld %r0, 16(%r1); \ 273 | mtlr %r0; \ 274 | blr 275 | 276 | #define LV1_CALL(name, in, out, num) LV1_##in##_IN_##out##_OUT(lv1_##name, num) 277 | 278 | .text 279 | 280 | #include 281 | -------------------------------------------------------------------------------- /lv2/graf/if_ether.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _IF_ETHER_H_ 18 | #define _IF_ETHER_H_ 19 | 20 | #include 21 | 22 | #define ETH_ALEN 6 23 | #define ETH_HLEN 14 24 | #define ETH_DATA_LEN 1500 25 | #define ETH_FRAME_LEN 1518 26 | #define ETH_FCS_LEN 4 27 | 28 | #define ETH_P_IP 0x0800 29 | #define ETH_P_8021Q 0x8100 30 | 31 | struct eth_hdr 32 | { 33 | u8 dest[ETH_ALEN]; 34 | u8 src[ETH_ALEN]; 35 | u16 proto; 36 | }; 37 | 38 | #endif 39 | -------------------------------------------------------------------------------- /lv2/graf/if_vlan.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _IF_VLAN_H_ 18 | #define _IF_VLAN_H_ 19 | 20 | #include 21 | 22 | #define VLAN_HLEN 4 23 | 24 | #define VLAN_ETH_ALEN 6 25 | #define VLAN_ETH_HLEN 18 26 | #define VLAN_ETH_DATA_LEN 1500 27 | #define VLAN_ETH_FRAME_LEN 1518 28 | 29 | #define VLAN_VID_MASK 0x0FFF 30 | 31 | struct vlan_hdr 32 | { 33 | u16 tci; 34 | u16 encap_proto; 35 | }; 36 | 37 | struct vlan_eth_hdr 38 | { 39 | u8 dest[VLAN_ETH_ALEN]; 40 | u8 src[VLAN_ETH_ALEN]; 41 | u16 proto; 42 | u16 tci; 43 | u16 encap_proto; 44 | }; 45 | 46 | #endif 47 | -------------------------------------------------------------------------------- /lv2/graf/inttypes.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _INTTYPES_H_ 18 | #define _INTTYPES_H_ 19 | 20 | #include 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /lv2/graf/ipv4.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _IPV4_H_ 18 | #define _IPV4_H_ 19 | 20 | #define IPV4_VERSION 4 21 | 22 | #define IPV4_MAX_TTL 255 23 | #define IPV4_DEFAULT_TTL 64 24 | 25 | struct ipv4_hdr 26 | { 27 | u8 version:4; 28 | u8 ihl:4; 29 | u8 tos; 30 | u16 total_len; 31 | u16 id; 32 | u16 frag_off; 33 | u8 ttl; 34 | u8 proto; 35 | u16 cksum; 36 | u32 src; 37 | u32 dest; 38 | }; 39 | 40 | #endif 41 | -------------------------------------------------------------------------------- /lv2/graf/lv1_result.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _LV1_RESULT_ 18 | #define _LV1_RESULT_ 19 | 20 | #define LV1_SUCCESS 0 21 | #define LV1_NO_PRIVILEGE -3 22 | #define LV1_DENIED_BY_POLICY -4 23 | #define LV1_ACCESS_VIOLATION -5 24 | #define LV1_NO_ENTRY -6 25 | #define LV1_ILLEGAL_PARAMETER_VALUE -17 26 | #define LV1_NOT_IMPLEMENTED -20 27 | #define LV1_ALIGNMENT_ERROR -23 28 | 29 | #endif 30 | -------------------------------------------------------------------------------- /lv2/graf/main.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | 38 | int start(void) 39 | { 40 | int i, result; 41 | 42 | printf("mm_init()\n"); 43 | result = mm_init(); 44 | if (result != 0) 45 | goto error; 46 | 47 | printf("param_init()\n"); 48 | result = param_init(); 49 | if (result != 0) 50 | goto error; 51 | 52 | printf("gelic_init()\n"); 53 | result = gelic_init(); 54 | if (result != 0) 55 | goto error; 56 | 57 | printf("gelic_xmit_test()\n"); 58 | result = gelic_xmit_test(); 59 | if (result != 0) 60 | goto error; 61 | 62 | /* 63 | printf("gelic_recv_test()\n"); 64 | result = gelic_recv_test(); 65 | if (result != 0) 66 | goto error; 67 | */ 68 | 69 | /* 70 | printf("dump_lv2()\n"); 71 | result = dump_lv2(0x8000000000000000ULL, 64 * 1024 * 1024); 72 | if (result != 0) 73 | goto error; 74 | */ 75 | 76 | /* 77 | printf("dump_slb()\n"); 78 | result = dump_slb(); 79 | if (result != 0) 80 | goto error; 81 | */ 82 | 83 | /* 84 | printf("dump_sprg0()\n"); 85 | result = dump_sprg0(); 86 | if (result != 0) 87 | goto error; 88 | */ 89 | 90 | /* 91 | printf("dump_htab()\n"); 92 | result = dump_htab(); 93 | if (result != 0) 94 | goto error; 95 | */ 96 | 97 | /* 98 | printf("dump_stor()\n"); 99 | result = dump_stor(); 100 | if (result != 0) 101 | goto error; 102 | */ 103 | 104 | printf("dump_flash()\n"); 105 | result = dump_flash(); 106 | if (result != 0) 107 | goto error; 108 | 109 | /* 110 | printf("dump_repo_nodes()\n"); 111 | result = dump_repo_nodes(); 112 | if (result != 0) 113 | goto error; 114 | */ 115 | 116 | /* 117 | printf("dump_repo_nodes_spu()\n"); 118 | result = dump_repo_nodes_spu(); 119 | if (result != 0) 120 | goto error; 121 | */ 122 | 123 | /* 124 | printf("dump_profile()\n"); 125 | result = dump_profile(); 126 | if (result != 0) 127 | goto error; 128 | */ 129 | 130 | /* 131 | printf("decrypt_profile()\n"); 132 | result = decrypt_profile(); 133 | if (result != 0) 134 | goto error; 135 | */ 136 | 137 | /* 138 | printf("vuart_sysmgr()\n"); 139 | result = vuart_sysmgr(); 140 | if (result != 0) 141 | goto error; 142 | */ 143 | 144 | /* 145 | printf("vuart_dispmgr()\n"); 146 | result = vuart_dispmgr(); 147 | if (result != 0) 148 | goto error; 149 | */ 150 | 151 | /* 152 | printf("decrypt_usb_dongle_master_key()\n"); 153 | result = decrypt_usb_dongle_master_key(); 154 | if (result != 0) 155 | goto error; 156 | */ 157 | 158 | /* 159 | printf("update_mgr_inspect_pkg()\n"); 160 | result = update_mgr_inspect_pkg(); 161 | if (result != 0) 162 | goto error; 163 | */ 164 | 165 | /* 166 | printf("query_lpar_address()\n"); 167 | result = query_lpar_address(); 168 | if (result != 0) 169 | goto error; 170 | */ 171 | 172 | /* 173 | printf("decrypt_pkg()\n"); 174 | result = decrypt_pkg(); 175 | if (result != 0) 176 | goto error; 177 | */ 178 | 179 | return 0; 180 | 181 | error: 182 | return -1; 183 | } 184 | -------------------------------------------------------------------------------- /lv2/graf/memcpy.h: -------------------------------------------------------------------------------- 1 | #include 2 | -------------------------------------------------------------------------------- /lv2/graf/memset.h: -------------------------------------------------------------------------------- 1 | #include 2 | -------------------------------------------------------------------------------- /lv2/graf/mm.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | 21 | #define HPTE_V_BOLTED 0x0000000000000010ULL 22 | #define HPTE_V_LARGE 0x0000000000000004ULL 23 | #define HPTE_V_VALID 0x0000000000000001ULL 24 | #define HPTE_R_PROT_MASK 0x0000000000000003ULL 25 | 26 | int mm_init(void) 27 | { 28 | return 0; 29 | } 30 | 31 | int mm_insert_htab_entry(u64 va_addr, u64 lpar_addr, u64 prot) 32 | { 33 | u64 hpte_group, hpte_index, hpte_v, hpte_r, hpte_evicted_v, hpte_evicted_r; 34 | 35 | hpte_group = (((va_addr >> 28) ^ ((va_addr & 0xFFFFFFFULL) >> 12)) & 0x7FF) << 3; 36 | hpte_v = ((va_addr >> 23) << 7) | HPTE_V_VALID; 37 | hpte_r = lpar_addr | 0x38 | (prot & HPTE_R_PROT_MASK); 38 | 39 | return lv1_insert_htab_entry(0, hpte_group, hpte_v, hpte_r, HPTE_V_BOLTED, 0, 40 | &hpte_index, &hpte_evicted_v, &hpte_evicted_r); 41 | } 42 | 43 | int mm_map_lpar_memory_region(u64 lpar_start_addr, u64 ea_start_addr, u64 size, 44 | u64 page_shift, u64 prot) 45 | { 46 | int i, result; 47 | 48 | for (i = 0; i < size >> page_shift; i++) 49 | { 50 | result = mm_insert_htab_entry(MM_EA2VA(ea_start_addr), lpar_start_addr, prot); 51 | if (result != 0) 52 | return result; 53 | 54 | lpar_start_addr += (1 << page_shift); 55 | ea_start_addr += (1 << page_shift); 56 | } 57 | 58 | return 0; 59 | } 60 | -------------------------------------------------------------------------------- /lv2/graf/mm.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _MM_H_ 18 | #define _MM_H_ 19 | 20 | #include 21 | 22 | #define MM_LOAD_BASE(ptr, offset) \ 23 | __asm__ __volatile__ ( \ 24 | "li %0, 1\n\t" \ 25 | "rldicr %0, %0, 63, 0\n\t" \ 26 | "oris %0, %0, %1\n\t" \ 27 | "ori %0, %0, %2\n\t" : \ 28 | "=r"(ptr) : \ 29 | "g"(((offset) >> 16) & 0xFFFF), \ 30 | "g"((offset) & 0xFFFF)) 31 | 32 | #define MM_EA2VA(ea) ((ea) & ~0x8000000000000000ULL) 33 | 34 | int mm_init(void); 35 | 36 | int mm_insert_htab_entry(u64 va_addr, u64 lpar_addr, u64 prot); 37 | 38 | int mm_map_lpar_memory_region(u64 lpar_start_addr, u64 ea_start_addr, u64 size, 39 | u64 page_shift, u64 prot); 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /lv2/graf/param.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | 20 | #define PARAM_BASE 0x8000000013390000ULL 21 | #define PARAM_OFFSET 0x13390000ULL 22 | 23 | u64 param_lpar_addr; 24 | 25 | u64 param_lpar_size; 26 | 27 | u64 param_ea_addr; 28 | 29 | int param_init(void) 30 | { 31 | u64 *ptr; 32 | 33 | MM_LOAD_BASE(ptr, PARAM_OFFSET); 34 | 35 | /* These cause lv2 to panic, because the memory is unmapped? 36 | * http://pastie.org/private/imivznhbjpnwubsm9vl6uw 37 | param_lpar_addr = ptr[0x2000 - 1]; 38 | 39 | param_lpar_size = ptr[0x2000 - 2]; 40 | 41 | param_ea_addr = ptr[0x2000 - 3]; 42 | */ 43 | 44 | return 0; 45 | } 46 | -------------------------------------------------------------------------------- /lv2/graf/param.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _PARAM_H_ 18 | #define _PARAM_H_ 19 | 20 | #include 21 | 22 | extern u64 param_lpar_addr; 23 | 24 | extern u64 param_ea_addr; 25 | 26 | int param_init(void); 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /lv2/graf/ppc_asm.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _PPC_ASM_H_ 18 | #define _PPC_ASM_H_ 19 | 20 | #define XGLUE(a,b) a##b 21 | #define GLUE(a,b) XGLUE(a,b) 22 | 23 | #define _GLOBAL(name) \ 24 | .section ".text"; \ 25 | .align 2 ; \ 26 | .globl name; \ 27 | .type name,@function; \ 28 | name: \ 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /lv2/graf/query_lpar_address.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | #define QUERY_LPAR_ADDR_OFFSET 0x0033F658ULL 24 | 25 | int query_lpar_address(void) 26 | { 27 | u64 lpar_addr, start_address, size, access_right, max_page_size, flags; 28 | u64 entries[3][7]; 29 | u64 *ptr; 30 | int i, result; 31 | 32 | MM_LOAD_BASE(ptr, QUERY_LPAR_ADDR_OFFSET); 33 | 34 | lpar_addr = 0x0000000000000000ULL; 35 | 36 | result = lv1_query_logical_partition_address_region_info(lpar_addr, 37 | &start_address, &size, &access_right, &max_page_size, &flags); 38 | 39 | i = 0; 40 | 41 | entries[i][0] = result; 42 | entries[i][1] = lpar_addr; 43 | entries[i][2] = start_address; 44 | entries[i][3] = size; 45 | entries[i][4] = access_right; 46 | entries[i][5] = max_page_size; 47 | entries[i][6] = flags; 48 | 49 | lpar_addr = *((u64 *) (*(u64 *) (*(u64 *) ptr)) + 0x11); 50 | 51 | result = lv1_query_logical_partition_address_region_info(lpar_addr, 52 | &start_address, &size, &access_right, &max_page_size, &flags); 53 | 54 | i++; 55 | 56 | entries[i][0] = result; 57 | entries[i][1] = lpar_addr; 58 | entries[i][2] = start_address; 59 | entries[i][3] = size; 60 | entries[i][4] = access_right; 61 | entries[i][5] = max_page_size; 62 | entries[i][6] = flags; 63 | 64 | lpar_addr = *((u64 *) (*(u64 *) (*(u64 *) ptr)) + 0x13); 65 | 66 | result = lv1_query_logical_partition_address_region_info(lpar_addr, 67 | &start_address, &size, &access_right, &max_page_size, &flags); 68 | 69 | i++; 70 | 71 | entries[i][0] = result; 72 | entries[i][1] = lpar_addr; 73 | entries[i][2] = start_address; 74 | entries[i][3] = size; 75 | entries[i][4] = access_right; 76 | entries[i][5] = max_page_size; 77 | entries[i][6] = flags; 78 | 79 | result = gelic_xmit_data(gelic_bcast_mac_addr, 0xCAFE, entries, sizeof(entries)); 80 | if (result < 0) 81 | return result; 82 | 83 | return 0; 84 | } 85 | -------------------------------------------------------------------------------- /lv2/graf/query_lpar_address.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _QUERY_LPAR_ADDRESS_H_ 18 | #define _QUERY_LPAR_ADDRESS_H_ 19 | 20 | int query_lpar_address(void); 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /lv2/graf/repo_node.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | 19 | const u64 repo_node_key_ss_inspect_request[4] = 20 | { 21 | /* ss.inspect.request */ 22 | 0x0000000073730000, 0x696E737065637400, 0x7265717565737400, 0x0000000000000000 23 | }; 24 | -------------------------------------------------------------------------------- /lv2/graf/repo_node.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _REPO_NODE_H_ 18 | #define _REPO_NODE_H_ 19 | 20 | #include 21 | 22 | #define REPO_NODE_LPAR_ID_CURRENT 0 23 | #define REPO_NODE_LPAR_ID_PME 1 24 | 25 | extern const u64 repo_node_key_ss_inspect_request[4]; 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /lv2/graf/rvk_pkg_341.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | 19 | u8 rvk_pkg_341[0x240] __attribute__ ((aligned ((128)))) = 20 | { 21 | /* paste your revoke package for packages here */ 22 | }; 23 | -------------------------------------------------------------------------------- /lv2/graf/rvk_pkg_341.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _RVK_PKG_341_H_ 18 | #define _RVK_PKG_341_H_ 19 | 20 | #include 21 | 22 | extern u8 rvk_pkg_341[0x240]; 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /lv2/graf/spu.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _SPU_H_ 18 | #define _SPU_H_ 19 | 20 | #include 21 | 22 | struct spu_shadow 23 | { 24 | u8 padding_0x0000_0x0140[0x0140 - 0x0000]; 25 | u64 int_status_class0; 26 | u64 int_status_class1; 27 | u64 int_status_class2; 28 | u8 padding_0x0158_0x0610[0x0610 - 0x0158]; 29 | u64 mfc_dsisr; 30 | u8 padding_0x0618_0x0620[0x0620 - 0x0618]; 31 | u64 mfc_dar; 32 | u8 padding_0x0628_0x0800[0x0800 - 0x0628]; 33 | u64 mfc_dsipr; 34 | u8 padding_0x0808_0x0810[0x0810 - 0x0808]; 35 | u64 mfc_lscrr; 36 | u8 padding_0x0818_0x0C00[0x0C00 - 0x0818]; 37 | u64 mfc_cer; 38 | u8 padding_0x0C08_0x0F00[0x0F00 - 0x0C08]; 39 | u64 execution_status; 40 | u8 padding_0x0F08_0x1000[0x1000 - 0x0F08]; 41 | }; 42 | 43 | struct spu_priv2 44 | { 45 | u8 padding_0x00000_0x04000[0x04000 - 0x00000]; 46 | u64 spu_out_intr_mbox; 47 | u8 padding_0x04008_0x20000[0x20000 - 0x04008]; 48 | }; 49 | 50 | #endif 51 | -------------------------------------------------------------------------------- /lv2/graf/ss.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _SS_H_ 18 | #define _SS_H_ 19 | 20 | #include 21 | 22 | #define SS_FUNCTION_ID_VIRTUAL_TRM_MGR 0x2000 23 | #define SS_FUNCTION_ID_SECURE_RTC 0x3000 24 | #define SS_FUNCTION_ID_STORAGE_MGR 0x5000 25 | #define SS_FUNCTION_ID_UPDATE_MGR 0x6000 26 | #define SS_FUNCTION_ID_SECURE_PROFILE_LOADER 0x15000 27 | #define SS_FUNCTION_ID_INDI_INFO_MGR 0x17000 28 | #define SS_FUNCTION_ID_AIM 0x19000 29 | #define SS_FUNCTION_ID_USB_DONGLE_AUTH 0x24000 30 | #define SS_FUNCTION_ID_USER_TOKEN_MGR 0x25000 31 | 32 | struct ss_header 33 | { 34 | u64 packet_id; 35 | u64 function_id; 36 | u32 retval; 37 | u8 res[4]; 38 | u64 laid; 39 | u64 paid; 40 | }; 41 | 42 | struct ss_update_mgr_read_eprom 43 | { 44 | u32 offset; 45 | u8 res[4]; 46 | u8 value; 47 | }; 48 | 49 | struct ss_update_mgr_write_eprom 50 | { 51 | u32 offset; 52 | u8 res[4]; 53 | u8 value; 54 | }; 55 | 56 | struct ss_update_mgr_get_applicable_version 57 | { 58 | u32 field0; 59 | }; 60 | 61 | struct ss_update_mgr_get_package_info 62 | { 63 | u32 type; 64 | u8 res[4]; 65 | u64 version; 66 | }; 67 | 68 | struct ss_update_mgr_get_token_seed 69 | { 70 | u64 token_size; 71 | u8 token[80]; 72 | u64 seed_size; 73 | u8 seed[80]; 74 | }; 75 | 76 | struct ss_update_mgr_set_token 77 | { 78 | u64 token_size; 79 | u8 token[80]; 80 | }; 81 | 82 | struct ss_update_mgr_inspect_pkg 83 | { 84 | u32 field0; 85 | u8 res1[4]; 86 | u32 pkg_type; 87 | u8 res2[4]; 88 | u32 field10; 89 | u8 res3[4]; 90 | u64 lpar_id; 91 | u64 pkg_size; 92 | u8 pkg_data[0]; 93 | /* u64 reques_id */ 94 | }; 95 | 96 | #define SS_SECURE_PROFILE_LOADER_GET_CONTENTS_SIZE 0x10000 97 | #define SS_SECURE_PROFILE_LOADER_GET_CONTENTS 0x20000 98 | 99 | struct ss_secure_profile_loader_get 100 | { 101 | u8 profile_name[256]; 102 | u32 contents_type; 103 | u8 res[4]; 104 | u8 contents_name[32]; 105 | u64 contents_size; 106 | u8 contents[0]; 107 | /* u64 fieldX; */ 108 | /* u64 request_type; */ 109 | }; 110 | 111 | struct ss_indi_info_mgr_read_eid0_size 112 | { 113 | u64 field0; 114 | u64 field8; 115 | }; 116 | 117 | struct ss_indi_info_mgr_read_eid0 118 | { 119 | u64 field0; 120 | u64 field8; 121 | u8 field10[0]; 122 | /* u64 fieldX */; 123 | }; 124 | 125 | struct ss_virtual_trm_mgr_decrypt_master 126 | { 127 | u8 seed[16]; 128 | u8 msg[64]; 129 | }; 130 | 131 | #endif 132 | -------------------------------------------------------------------------------- /lv2/graf/stor.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | 22 | #define STOR_BUS_ID 4 23 | 24 | #define STOR_DMA_BASE 0x80000000133A0000ULL 25 | #define STOR_DMA_OFFSET 0x133A0000ULL 26 | #define STOR_DMA_PAGE_SIZE 12 27 | #define STOR_DMA_SIZE (1 << STOR_DMA_PAGE_SIZE) 28 | 29 | struct stor_var 30 | { 31 | u64 dev_id; 32 | u64 block_size; 33 | u64 dma_lpar_addr; 34 | u32 dma_bus_addr; 35 | }; 36 | 37 | static struct stor_var stor_var; 38 | 39 | int stor_init(u64 dev_id) 40 | { 41 | u64 dma_lpar_addr, muid, dma_bus_addr; 42 | int result; 43 | 44 | result = lv1_allocate_memory(STOR_DMA_SIZE, STOR_DMA_PAGE_SIZE, 0, 0, 45 | &dma_lpar_addr, &muid); 46 | if (result != 0) 47 | return result; 48 | 49 | result = lv1_allocate_device_dma_region(STOR_BUS_ID, dev_id, 50 | STOR_DMA_SIZE, STOR_DMA_PAGE_SIZE, 0, &dma_bus_addr); 51 | if (result != 0) 52 | return result; 53 | 54 | result = lv1_map_device_dma_region(STOR_BUS_ID, dev_id, dma_lpar_addr, dma_bus_addr, 55 | STOR_DMA_SIZE, 0xF800000000000000ULL); 56 | if (result != 0) 57 | return result; 58 | 59 | result = mm_insert_htab_entry(MM_EA2VA(STOR_DMA_BASE), dma_lpar_addr, 0); 60 | if (result != 0) 61 | return result; 62 | 63 | stor_var.dev_id = dev_id; 64 | stor_var.dma_lpar_addr = dma_lpar_addr; 65 | stor_var.dma_bus_addr = dma_bus_addr; 66 | stor_var.block_size = 0x200; 67 | 68 | return 0; 69 | } 70 | 71 | int stor_read(u64 region_id, u64 start_sector, u64 num_sectors, u64 flags, void *data) 72 | { 73 | u64 tag, status; 74 | u8 *buf; 75 | int result; 76 | 77 | result = lv1_storage_read(stor_var.dev_id, region_id, start_sector, num_sectors, 78 | flags, stor_var.dma_lpar_addr, &tag); 79 | if (result != 0) 80 | return result; 81 | 82 | for (;;) 83 | { 84 | result = lv1_storage_check_async_status(stor_var.dev_id, tag, &status); 85 | if (result != 0) 86 | continue; 87 | 88 | if (status == 0) 89 | break; 90 | } 91 | 92 | MM_LOAD_BASE(buf, STOR_DMA_OFFSET); 93 | 94 | memcpy(data, buf, stor_var.block_size * num_sectors); 95 | 96 | return 0; 97 | } 98 | 99 | int stor_write(u64 region_id, u64 start_sector, u64 num_sectors, u64 flags, void *data) 100 | { 101 | return 0; 102 | } 103 | -------------------------------------------------------------------------------- /lv2/graf/stor.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _STOR_H_ 18 | #define _STOR_H_ 19 | 20 | #include 21 | 22 | #define STOR_FLASH_DEV_ID 1 23 | #define STOR_FLASH_BLOCK_SIZE 0x200 24 | 25 | int stor_init(u64 dev_id); 26 | 27 | int stor_read(u64 region_id, u64 start_sector, u64 num_sectors, u64 flags, void *data); 28 | 29 | int stor_write(u64 region_id, u64 start_sector, u64 num_sectors, u64 flags, void *data); 30 | 31 | #endif 32 | -------------------------------------------------------------------------------- /lv2/graf/sysmgr.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _SYSMGR_H_ 18 | #define _SYSMGR_H_ 19 | 20 | #include 21 | 22 | #define SYSMGR_VUART_PORT 2 23 | 24 | #define SYSMGR_SID_REQUEST 1 25 | #define SYSMGR_SID_RESPONSE 2 26 | #define SYSMGR_SID_CMD 3 27 | #define SYSMGR_SID_EXT_EVENT 4 28 | #define SYSMGR_SID_SET_NEXT_OP 5 29 | #define SYSMGR_SID_SET_ATTR 8 30 | #define SYSMGR_SID_CTRL_LED 12 31 | #define SYSMGR_SID_RING_BUZZER 21 32 | #define SYSMGR_SID_REQ_BE_COUNT 28 33 | #define SYSMGR_SID_REQ_SC_VERSION 30 34 | #define SYSMGR_SID_REQ_SYS_EVENT_LOG 32 35 | 36 | #define SYSMGR_NEXT_OP_SYS_SHUTDOWN 1 37 | #define SYSMGR_NEXT_OP_SYS_REBOOT 2 38 | #define SYSMGR_NEXT_OP_LPAR_REBOOT 0x82 39 | 40 | #define SYSMGR_WAKE_SRC_DEFAULT 0x00000000 41 | #define SYSMGR_WAKE_SRC_WOL 0x00000400 42 | #define SYSMGR_WAKE_SRC_POR 0x80000000 43 | 44 | struct sysmgr_header 45 | { 46 | u8 version; 47 | u8 size; 48 | u16 res1; 49 | u32 payload_size; 50 | u16 sid; 51 | u16 res2; 52 | u32 tag; 53 | }; 54 | 55 | struct sysmgr_request 56 | { 57 | u8 version; 58 | u8 type; 59 | u8 gos_id; 60 | u8 reserved[13]; 61 | }; 62 | 63 | struct sysmgr_set_next_op 64 | { 65 | u8 version; 66 | u8 type; 67 | u8 gos_id; 68 | u8 res1; 69 | u32 wake_src; 70 | u8 res2[8]; 71 | }; 72 | 73 | struct sysmgr_set_attr 74 | { 75 | u8 version; 76 | u8 res[3]; 77 | u32 attr; 78 | }; 79 | 80 | struct sysmgr_ctrl_led 81 | { 82 | u8 field0; 83 | u8 field1; 84 | u8 field2; 85 | u8 res1; 86 | u8 field4; 87 | u8 field5; 88 | u8 res2[10]; 89 | }; 90 | 91 | struct sysmgr_ring_buzzer 92 | { 93 | u8 res1; 94 | u8 field1; 95 | u8 field2; 96 | u8 res2; 97 | u32 field4; 98 | }; 99 | 100 | struct sysmgr_req_sys_event_log 101 | { 102 | u8 field0; 103 | u8 offset; 104 | u8 flag; 105 | u8 field3; 106 | }; 107 | 108 | #endif 109 | -------------------------------------------------------------------------------- /lv2/graf/system.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _SYSTEM_H_ 18 | #define _SYSTEM_H_ 19 | 20 | #define mb() __asm__ __volatile__ ("sync" : : : "memory") 21 | #define rmb() __asm__ __volatile__ ("sync" : : : "memory") 22 | #define wmb() __asm__ __volatile__ ("sync" : : : "memory") 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /lv2/graf/time.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | 19 | void sleep(unsigned long long ticks) 20 | { 21 | unsigned long long end; 22 | 23 | end = get_tb_ticks() + ticks; 24 | 25 | while (get_tb_ticks() < end) 26 | __asm__ __volatile__ ("nop"); 27 | } 28 | -------------------------------------------------------------------------------- /lv2/graf/time.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _TIME_H_ 18 | #define _TIME_H_ 19 | 20 | #define TB_TICKS_PER_SEC 79800000 21 | 22 | static inline unsigned long long get_tb_ticks(void) 23 | { 24 | unsigned long long ticks; 25 | 26 | __asm__ __volatile__ ("mftb %0" : "=r"(ticks)); 27 | 28 | return ticks; 29 | } 30 | 31 | void sleep(unsigned long long ticks); 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /lv2/graf/tools/Makefile: -------------------------------------------------------------------------------- 1 | 2 | CC=gcc 3 | CFLAGS=-O2 -Wall 4 | LDFLAGS= 5 | 6 | SRC_PCAP2BIN=pcap2bin.c 7 | OBJ_PCAP2BIN=$(SRC_PCAP2BIN:.c=.o) 8 | TARGET_PCAP2BIN=pcap2bin 9 | 10 | SRC_SENDFILE=sendfile.c 11 | OBJ_SENDFILE=$(SRC_SENDFILE:.c=.o) 12 | LIB_SENDFILE=-lnet -lpcap 13 | TARGET_SENDFILE=sendfile 14 | 15 | SRC_INFLATE=inflate.c 16 | OBJ_INFLATE=$(SRC_INFLATE:.c=.o) 17 | LIB_INFLATE=-lz 18 | TARGET_INFLATE=inflate 19 | 20 | all: $(TARGET_PCAP2BIN) $(TARGET_SENDFILE) $(TARGET_INFLATE) 21 | 22 | $(TARGET_PCAP2BIN): $(OBJ_PCAP2BIN) 23 | $(CC) $(LDFLAGS) $(OBJ_PCAP2BIN) -o $@ 24 | 25 | $(TARGET_SENDFILE): $(OBJ_SENDFILE) 26 | $(CC) $(LDFLAGS) $(OBJ_SENDFILE) -o $@ $(LIB_SENDFILE) 27 | 28 | $(TARGET_INFLATE): $(OBJ_INFLATE) 29 | $(CC) $(LDFLAGS) $(OBJ_INFLATE) -o $@ $(LIB_INFLATE) 30 | 31 | %.o: %.c 32 | $(CC) $(CFLAGS) -c $^ 33 | 34 | clean: 35 | rm -f $(TARGET_PCAP2BIN) $(OBJ_PCAP2BIN) $(TARGET_SENDFILE) $(OBJ_SENDFILE) \ 36 | $(TARGET_INFLATE) $(OBJ_INFLATE) 37 | -------------------------------------------------------------------------------- /lv2/graf/tools/dump_region_from_file.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ $# -ne 3 ]; then 4 | echo "usage: $0 " >&2 5 | exit 1 6 | fi 7 | 8 | filename=$1 9 | offset=$(($2)) 10 | size=$(($3)) 11 | 12 | dd if="$filename" bs=1 skip=$offset count=$size 13 | -------------------------------------------------------------------------------- /lv2/graf/tools/inflate.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | 22 | #define ZLIB_CHUNK_SIZE 0x1000 23 | 24 | static int zlib_inflate(FILE *fin, FILE *fout); 25 | 26 | static const char *zlib_error2str(int error); 27 | 28 | static void usage(const char *progname); 29 | 30 | int main(int argc, char **argv) 31 | { 32 | FILE *fin, *fout; 33 | int result; 34 | 35 | if (argc != 3) 36 | { 37 | usage(argv[0]); 38 | exit(1); 39 | } 40 | 41 | fin = fopen(argv[1], "r"); 42 | if (fin == NULL) 43 | { 44 | fprintf(stderr, "couldn't open input file '%s'\n", argv[1]); 45 | exit(1); 46 | } 47 | 48 | fout = fopen(argv[2], "w"); 49 | if (fin == NULL) 50 | { 51 | fprintf(stderr, "couldn't open output file '%s'\n", argv[2]); 52 | exit(1); 53 | } 54 | 55 | result = zlib_inflate(fin, fout); 56 | if (result != Z_OK) 57 | { 58 | fprintf(stderr, "zlib error %s\n", zlib_error2str(result)); 59 | exit(1); 60 | } 61 | 62 | fclose(fin); 63 | fclose(fout); 64 | 65 | exit(0); 66 | } 67 | 68 | static int zlib_inflate(FILE *fin, FILE *fout) 69 | { 70 | z_stream strm; 71 | unsigned char bin[ZLIB_CHUNK_SIZE]; 72 | unsigned char bout[ZLIB_CHUNK_SIZE]; 73 | int nleft, result; 74 | 75 | strm.zalloc = Z_NULL; 76 | strm.zfree = Z_NULL; 77 | strm.opaque = Z_NULL; 78 | strm.avail_in = 0; 79 | strm.next_in = Z_NULL; 80 | 81 | result = inflateInit(&strm); 82 | if (result != Z_OK) 83 | return result; 84 | 85 | do 86 | { 87 | strm.avail_in = fread(bin, 1, ZLIB_CHUNK_SIZE, fin); 88 | if (ferror(fin)) 89 | { 90 | inflateEnd(&strm); 91 | return Z_ERRNO; 92 | } 93 | 94 | if (strm.avail_in == 0) 95 | break; 96 | 97 | strm.next_in = bin; 98 | 99 | do 100 | { 101 | strm.avail_out = ZLIB_CHUNK_SIZE; 102 | strm.next_out = bout; 103 | 104 | result = inflate(&strm, Z_NO_FLUSH); 105 | if (result == Z_STREAM_ERROR) 106 | return result; 107 | 108 | switch (result) 109 | { 110 | case Z_NEED_DICT: 111 | result = Z_DATA_ERROR; 112 | case Z_DATA_ERROR: 113 | case Z_MEM_ERROR: 114 | inflateEnd(&strm); 115 | return result; 116 | break; 117 | } 118 | 119 | nleft = ZLIB_CHUNK_SIZE - strm.avail_out; 120 | 121 | if ((fwrite(bout, 1, nleft, fout) != nleft) || ferror(fout)) 122 | { 123 | inflateEnd(&strm); 124 | return Z_ERRNO; 125 | } 126 | } while (strm.avail_out == 0); 127 | } while (result != Z_STREAM_END); 128 | 129 | inflateEnd(&strm); 130 | 131 | if (result != Z_STREAM_END) 132 | return Z_DATA_ERROR; 133 | 134 | return Z_OK; 135 | } 136 | 137 | static const char *zlib_error2str(int error) 138 | { 139 | static char buf[64]; 140 | 141 | switch (error) 142 | { 143 | case Z_ERRNO: 144 | return "Z_ERRNO"; 145 | break; 146 | 147 | case Z_STREAM_ERROR: 148 | return "Z_STREAM_ERROR"; 149 | break; 150 | 151 | case Z_DATA_ERROR: 152 | return "Z_DATA_ERROR"; 153 | break; 154 | 155 | case Z_MEM_ERROR: 156 | return "Z_MEM_ERROR"; 157 | break; 158 | 159 | case Z_VERSION_ERROR: 160 | return "Z_VERSION_ERROR"; 161 | break; 162 | 163 | default: 164 | sprintf(buf, "%d", error); 165 | return buf; 166 | break; 167 | } 168 | } 169 | 170 | static void usage(const char *progname) 171 | { 172 | fprintf(stderr, "usage: %s \n", progname); 173 | } 174 | -------------------------------------------------------------------------------- /lv2/graf/tools/pcap2bin.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | 26 | #define LINKTYPE_EN10MB 1 27 | 28 | #define PCAP_PKT_MAXSIZE 8192 29 | 30 | #define ETH_HLEN 14 31 | 32 | #define ETH_P_IP 0x0800 33 | #define ETH_P_8021Q 0x8100 34 | 35 | #define VLAN_ETH_HLEN 18 36 | 37 | #define VLAN_ETH_ALEN 6 38 | 39 | struct pcap_file_header 40 | { 41 | uint8_t magic[4]; 42 | uint16_t version_major; 43 | uint16_t version_minor; 44 | int32_t thiszone; 45 | uint32_t sigfigs; 46 | uint32_t snaplen; 47 | uint32_t linktype; 48 | }; 49 | 50 | struct pcap_pkthdr 51 | { 52 | struct timeval ts; 53 | uint32_t caplen; 54 | uint32_t len; 55 | }; 56 | 57 | struct vlan_eth_hdr 58 | { 59 | uint8_t dest[VLAN_ETH_ALEN]; 60 | uint8_t src[VLAN_ETH_ALEN]; 61 | uint16_t proto; 62 | uint16_t tci; 63 | uint16_t encap_proto; 64 | }; 65 | 66 | static int str2mac(const char *s, unsigned char mac_addr[VLAN_ETH_ALEN]); 67 | 68 | static void usage(const char *progname); 69 | 70 | int main(int argc, char **argv) 71 | { 72 | int c, proto, head_skip, n, npacket, npacket_written, nbyte_written, link_hdrlen, skip; 73 | int test_src_mac_addr, test_dest_mac_addr; 74 | unsigned char src_mac_addr[VLAN_ETH_ALEN], dest_mac_addr[VLAN_ETH_ALEN]; 75 | char *end; 76 | FILE *in, *out; 77 | struct pcap_file_header pcap_file_header; 78 | struct pcap_pkthdr pcap_pkthdr; 79 | unsigned char buf[PCAP_PKT_MAXSIZE]; 80 | struct vlan_eth_hdr *vlan_eth_hdr; 81 | 82 | proto = -1; 83 | head_skip = 0; 84 | test_src_mac_addr = 0; 85 | test_dest_mac_addr = 0; 86 | 87 | while ((c = getopt(argc, argv, "p:h:s:d:")) != -1) 88 | { 89 | switch (c) 90 | { 91 | case 'p': 92 | proto = strtol(optarg, &end, 0); 93 | if (*end != '\0') 94 | usage(argv[0]); 95 | break; 96 | 97 | case 'h': 98 | head_skip = strtol(optarg, &end, 0); 99 | if (*end != '\0') 100 | usage(argv[0]); 101 | 102 | if (head_skip < 0) 103 | head_skip = 0; 104 | break; 105 | 106 | case 's': 107 | if (strlen(optarg) != (2 * VLAN_ETH_ALEN)) 108 | usage(argv[0]); 109 | 110 | if (str2mac(optarg, src_mac_addr) != 0) 111 | usage(argv[0]); 112 | 113 | test_src_mac_addr = 1; 114 | break; 115 | 116 | case 'd': 117 | if (strlen(optarg) != (2 * VLAN_ETH_ALEN)) 118 | usage(argv[0]); 119 | 120 | if (str2mac(optarg, dest_mac_addr) != 0) 121 | usage(argv[0]); 122 | 123 | test_dest_mac_addr = 1; 124 | break; 125 | 126 | case '?': 127 | default: 128 | fprintf(stderr, "unrecognized option: %c\n", c); 129 | usage(argv[0]); 130 | } 131 | } 132 | 133 | if (argc != (optind + 2)) 134 | usage(argv[0]); 135 | 136 | in = fopen(argv[optind], "r"); 137 | if (in == NULL) 138 | { 139 | fprintf(stderr, "couldn't open input file '%s'\n", argv[optind]); 140 | exit(1); 141 | } 142 | 143 | out = fopen(argv[optind + 1], "w"); 144 | if (out == NULL) 145 | { 146 | fprintf(stderr, "couldn't open output file '%s'\n", argv[optind + 1]); 147 | exit(1); 148 | } 149 | 150 | n = fread(&pcap_file_header, 1, sizeof(struct pcap_file_header), in); 151 | if (n != sizeof(struct pcap_file_header)) 152 | { 153 | fprintf(stderr, "couldn't read pcap file header\n"); 154 | exit(1); 155 | } 156 | 157 | if ((pcap_file_header.magic[0] != 0xD4) || 158 | (pcap_file_header.magic[1] != 0xC3) || 159 | (pcap_file_header.magic[2] != 0xB2) || 160 | (pcap_file_header.magic[3] != 0xA1)) 161 | { 162 | fprintf(stderr, "input file is not a pcap file\n"); 163 | exit(1); 164 | } 165 | 166 | if (pcap_file_header.linktype != LINKTYPE_EN10MB) 167 | { 168 | fprintf(stderr, "wrong pcap file linktype %d\n", pcap_file_header.linktype); 169 | exit(1); 170 | } 171 | 172 | npacket = 0; 173 | npacket_written = 0; 174 | nbyte_written = 0; 175 | 176 | for (;;) 177 | { 178 | npacket++; 179 | 180 | n = fread(&pcap_pkthdr, 1, sizeof(struct pcap_pkthdr), in); 181 | if (n == 0) 182 | { 183 | break; 184 | } 185 | else if (n != sizeof(struct pcap_pkthdr)) 186 | { 187 | fprintf(stderr, "couldn't read pcap packet header #%d\n", npacket); 188 | exit(1); 189 | } 190 | 191 | n = fread(buf, 1, pcap_pkthdr.caplen, in); 192 | if (n != pcap_pkthdr.caplen) 193 | { 194 | fprintf(stderr, "couldn't read pcap packet #%d\n", npacket); 195 | exit(1); 196 | } 197 | 198 | vlan_eth_hdr = (struct vlan_eth_hdr *) buf; 199 | if (vlan_eth_hdr->proto == htons(ETH_P_8021Q)) 200 | { 201 | if ((proto >= 0) && (proto <= 0xFFFF) && 202 | (vlan_eth_hdr->encap_proto != htons(proto))) 203 | continue; 204 | 205 | link_hdrlen = VLAN_ETH_HLEN; 206 | } 207 | else 208 | { 209 | if ((proto >= 0) && (proto <= 0xFFFF) && 210 | (vlan_eth_hdr->proto != htons(proto))) 211 | continue; 212 | 213 | link_hdrlen = ETH_HLEN; 214 | } 215 | 216 | if ((test_src_mac_addr != 0) && 217 | (memcmp(src_mac_addr, vlan_eth_hdr->src, VLAN_ETH_ALEN) != 0)) 218 | continue; 219 | 220 | if ((test_dest_mac_addr != 0) && 221 | (memcmp(dest_mac_addr, vlan_eth_hdr->dest, VLAN_ETH_ALEN) != 0)) 222 | continue; 223 | 224 | skip = link_hdrlen + head_skip; 225 | if (skip >= pcap_pkthdr.caplen) 226 | continue; 227 | 228 | n = fwrite(buf + skip, 1, pcap_pkthdr.caplen - skip, out); 229 | if (n != (pcap_pkthdr.caplen - skip)) 230 | { 231 | fprintf(stderr, "couldn't write pcap packet #%d\n", npacket); 232 | exit(1); 233 | } 234 | 235 | npacket_written++; 236 | nbyte_written += (pcap_pkthdr.caplen - skip); 237 | } 238 | 239 | printf("total packets processed #%d\n", npacket); 240 | printf("total packets written #%d\n", npacket_written); 241 | printf("total bytes written #%d (0x%x)\n", nbyte_written, nbyte_written); 242 | 243 | fclose(in); 244 | fclose(out); 245 | 246 | exit(0); 247 | } 248 | 249 | static int str2mac(const char *s, unsigned char mac_addr[VLAN_ETH_ALEN]) 250 | { 251 | int i; 252 | unsigned char a, b; 253 | 254 | if (strlen(s) != (2 * VLAN_ETH_ALEN)) 255 | return -1; 256 | 257 | for (i = 0; i < VLAN_ETH_ALEN; i++) 258 | { 259 | a = s[2 * i]; 260 | b = s[2 * i + 1]; 261 | 262 | if (!isxdigit(a) || !isxdigit(b)) 263 | return -1; 264 | 265 | if (isalpha(a)) 266 | a = toupper(a) - 'A' + 10; 267 | else 268 | a = a - '0'; 269 | 270 | if (isalpha(b)) 271 | b = toupper(b) - 'A' + 10; 272 | else 273 | b = b - '0'; 274 | 275 | mac_addr[i] = (a << 4) | b; 276 | } 277 | 278 | return 0; 279 | } 280 | 281 | static void usage(const char *progname) 282 | { 283 | fprintf(stderr, "usage: %s [-p ] [-h ] [-s ] " 284 | "[-d ] \n", progname); 285 | exit(1); 286 | } 287 | -------------------------------------------------------------------------------- /lv2/graf/tools/sendfile.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | #define ETH_ALEN 6 24 | 25 | #define ETH_DATA_LEN 1500 26 | 27 | #define VLAN_HLEN 4 28 | 29 | #define VLAN_ETH_ALEN 6 30 | #define VLAN_ETH_HLEN 18 31 | #define VLAN_ETH_DATA_LEN 1500 32 | #define VLAN_ETH_FRAME_LEN 1518 33 | 34 | #define VLAN_VID_MASK 0x0FFF 35 | 36 | #define PKT_MAGIC 0x0FACE0FF 37 | #define PKT_HDR_SIZE 16 38 | #define PKT_FLAG_LAST 0x00000001 39 | 40 | struct vlan_hdr 41 | { 42 | u_int16_t tci; 43 | u_int16_t encap_proto; 44 | }; 45 | 46 | struct vlan_eth_hdr 47 | { 48 | u_int8_t dest[VLAN_ETH_ALEN]; 49 | u_int8_t src[VLAN_ETH_ALEN]; 50 | u_int16_t proto; 51 | u_int16_t tci; 52 | u_int16_t encap_proto; 53 | }; 54 | 55 | struct pkt_hdr 56 | { 57 | u_int32_t magic; 58 | u_int32_t offset; 59 | u_int32_t size; 60 | u_int32_t flags; 61 | }; 62 | 63 | static int str2mac(const char *s, unsigned char mac_addr[ETH_ALEN]); 64 | 65 | static void usage(const char *progname); 66 | 67 | int main(int argc, char **argv) 68 | { 69 | int c, n, i, proto, packet_size, pause_us, retransmit, file_size, num_packets, npacket; 70 | char *end; 71 | libnet_t *ln_ctx; 72 | char ln_errbuf[LIBNET_ERRBUF_SIZE]; 73 | struct libnet_ether_addr *ln_hwaddr; 74 | libnet_ptag_t ln_ptag; 75 | pcap_t *pcap_ctx; 76 | char pcap_errbuf[PCAP_ERRBUF_SIZE], pcap_fp_str[64]; 77 | struct bpf_program pcap_fp; 78 | struct pcap_pkthdr pcap_hdr; 79 | FILE *fp; 80 | unsigned char buf[ETH_DATA_LEN], dest_mac_addr[ETH_ALEN]; 81 | struct pkt_hdr *pkt_hdr; 82 | struct vlan_eth_hdr *vlan_eth_hdr; 83 | 84 | proto = 0xCAFE; 85 | packet_size = ETH_DATA_LEN - PKT_HDR_SIZE; 86 | pause_us = 1000; 87 | retransmit = 3; 88 | 89 | while ((c = getopt(argc, argv, "p:s:w:r:")) != -1) 90 | { 91 | switch (c) 92 | { 93 | case 'p': 94 | proto = strtol(optarg, &end, 0); 95 | if ((*end != '\0')) 96 | usage(argv[0]); 97 | break; 98 | 99 | case 's': 100 | packet_size = strtol(optarg, &end, 0); 101 | if ((*end != '\0')) 102 | usage(argv[0]); 103 | 104 | if ((packet_size <= 0) || (packet_size > (ETH_DATA_LEN - PKT_HDR_SIZE))) 105 | packet_size = ETH_DATA_LEN - PKT_HDR_SIZE; 106 | break; 107 | 108 | case 'w': 109 | pause_us = strtol(optarg, &end, 0); 110 | if ((*end != '\0')) 111 | usage(argv[0]); 112 | 113 | if (pause_us <= 0) 114 | pause_us = 1; 115 | break; 116 | 117 | case 'r': 118 | retransmit = strtol(optarg, &end, 0); 119 | if ((*end != '\0')) 120 | usage(argv[0]); 121 | 122 | if (retransmit < 0) 123 | retransmit = 0; 124 | break; 125 | 126 | case '?': 127 | default: 128 | fprintf(stderr, "unrecognized option: %c\n", c); 129 | usage(argv[0]); 130 | } 131 | } 132 | 133 | if (argc != (optind + 3)) 134 | usage(argv[0]); 135 | 136 | if (strlen(argv[optind]) <= 0) 137 | usage(argv[0]); 138 | 139 | ln_ctx = libnet_init(LIBNET_LINK, argv[optind], ln_errbuf); 140 | if (ln_ctx == NULL) 141 | { 142 | fprintf (stderr, "couldn't initialize libnet context: %s\n", ln_errbuf); 143 | exit (1); 144 | } 145 | 146 | if (str2mac(argv[optind + 1], dest_mac_addr) != 0) 147 | usage(argv[0]); 148 | 149 | pcap_ctx = pcap_open_live(argv[optind], BUFSIZ, 1, 1000, pcap_errbuf); 150 | if (pcap_ctx == NULL) 151 | { 152 | fprintf (stderr, "couldn't initialize pcap context: %s\n", pcap_errbuf); 153 | exit (1); 154 | } 155 | 156 | sprintf(pcap_fp_str, "vlan and ether proto 0x%04x and ether src %02x:%02x:%02x:%02x:%02x:%02x", 157 | proto, dest_mac_addr[0], dest_mac_addr[1], dest_mac_addr[2], dest_mac_addr[3], 158 | dest_mac_addr[4], dest_mac_addr[5]); 159 | 160 | printf("pcap filter: %s\n", pcap_fp_str); 161 | 162 | if (pcap_compile(pcap_ctx, &pcap_fp, pcap_fp_str, 0, PCAP_NETMASK_UNKNOWN) == -1) 163 | { 164 | fprintf (stderr, "couldn't compile pcap filter: %s\n", pcap_geterr(pcap_ctx)); 165 | exit (1); 166 | } 167 | 168 | if (pcap_setfilter(pcap_ctx, &pcap_fp) == -1) 169 | { 170 | fprintf (stderr, "couldn't set pcap filter: %s\n", pcap_geterr(pcap_ctx)); 171 | exit (1); 172 | } 173 | 174 | fp = fopen(argv[optind + 2], "r"); 175 | if (fp == NULL) 176 | { 177 | fprintf(stderr, "couldn't open file '%s'\n", argv[optind + 2]); 178 | exit(1); 179 | } 180 | 181 | fseek(fp, 0, SEEK_END); 182 | 183 | file_size = ftell(fp); 184 | 185 | fseek(fp, 0, SEEK_SET); 186 | 187 | printf("file size #%d\n", file_size); 188 | 189 | if (file_size == 0) 190 | { 191 | printf("file is empty, terminating\n"); 192 | exit(0); 193 | } 194 | 195 | ln_hwaddr = libnet_get_hwaddr(ln_ctx); 196 | 197 | ln_ptag = libnet_build_ethernet(dest_mac_addr, (u_int8_t *) ln_hwaddr, 198 | proto, NULL, 0, ln_ctx, 0); 199 | if (ln_ptag == -1) 200 | { 201 | fprintf (stderr, "couldn't create libnet packet: %s\n", libnet_geterror(ln_ctx)); 202 | exit (1); 203 | } 204 | 205 | num_packets = (file_size + packet_size - 1) / packet_size; 206 | npacket = 0; 207 | 208 | while ((n = fread(buf + PKT_HDR_SIZE, 1, packet_size, fp)) > 0) 209 | { 210 | pkt_hdr = (struct pkt_hdr *) buf; 211 | memset(pkt_hdr, 0, PKT_HDR_SIZE); 212 | pkt_hdr->magic = htonl(PKT_MAGIC); 213 | pkt_hdr->offset = htonl(npacket * packet_size); 214 | pkt_hdr->size = htonl(n); 215 | if (n < packet_size) 216 | pkt_hdr->flags |= PKT_FLAG_LAST; 217 | pkt_hdr->flags = htonl(pkt_hdr->flags); 218 | 219 | npacket++; 220 | 221 | if (libnet_build_ethernet(dest_mac_addr, (u_int8_t *) ln_hwaddr, 222 | proto, buf, n + PKT_HDR_SIZE, ln_ctx, ln_ptag) == -1) 223 | { 224 | fprintf (stderr, "couldn't modify libnet packet #%d: %s\n", 225 | npacket, libnet_geterror(ln_ctx)); 226 | exit (1); 227 | } 228 | 229 | for (i = 0; i < retransmit + 1; i++) 230 | { 231 | printf("sending packet #%d of #%d\n", npacket, num_packets); 232 | 233 | if ((libnet_write(ln_ctx)) == -1) 234 | { 235 | fprintf (stderr, "couldn't send packet #%d: %s\n", npacket, libnet_geterror(ln_ctx)); 236 | exit (1); 237 | } 238 | 239 | vlan_eth_hdr = (struct vlan_eth_hdr *) pcap_next(pcap_ctx, &pcap_hdr); 240 | if (vlan_eth_hdr == NULL) 241 | { 242 | fprintf (stderr, "timeout ack for packet #%d\n", npacket); 243 | continue; 244 | } 245 | 246 | if (pcap_hdr.len < (VLAN_ETH_HLEN + PKT_HDR_SIZE)) 247 | { 248 | fprintf (stderr, "invalid ack for packet #%d\n", npacket); 249 | continue; 250 | } 251 | 252 | pkt_hdr = (struct pkt_hdr *) (vlan_eth_hdr + 1); 253 | pkt_hdr->offset = ntohl(pkt_hdr->offset); 254 | 255 | if (pkt_hdr->offset == ((npacket - 1) * packet_size + n)) 256 | { 257 | printf("received ack for packet #%d\n", npacket); 258 | break; 259 | } 260 | else 261 | { 262 | fprintf (stderr, "bad ack for packet #%d, offset 0x%x\n", 263 | npacket, pkt_hdr->offset); 264 | continue; 265 | } 266 | } 267 | 268 | if (i == (retransmit + 1)) 269 | { 270 | fprintf (stderr, "no ack received for packet #%d\n", npacket); 271 | exit (1); 272 | } 273 | 274 | usleep(pause_us); 275 | } 276 | 277 | fclose(fp); 278 | 279 | pcap_close(pcap_ctx); 280 | 281 | libnet_destroy(ln_ctx); 282 | 283 | exit(0); 284 | } 285 | 286 | static int str2mac(const char *s, unsigned char mac_addr[ETH_ALEN]) 287 | { 288 | int i; 289 | unsigned char a, b; 290 | 291 | if (strlen(s) != (2 * ETH_ALEN)) 292 | return -1; 293 | 294 | for (i = 0; i < ETH_ALEN; i++) 295 | { 296 | a = s[2 * i]; 297 | b = s[2 * i + 1]; 298 | 299 | if (!isxdigit(a) || !isxdigit(b)) 300 | return -1; 301 | 302 | if (isalpha(a)) 303 | a = toupper(a) - 'A' + 10; 304 | else 305 | a = a - '0'; 306 | 307 | if (isalpha(b)) 308 | b = toupper(b) - 'A' + 10; 309 | else 310 | b = b - '0'; 311 | 312 | mac_addr[i] = (a << 4) | b; 313 | } 314 | 315 | return 0; 316 | } 317 | 318 | static void usage(const char *progname) 319 | { 320 | fprintf(stderr, "usage: %s [-p ] [-s ] [-w ] " 321 | "[-r ] \n", progname); 322 | exit(1); 323 | } 324 | -------------------------------------------------------------------------------- /lv2/graf/udp.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _UDP_H_ 18 | #define _UDP_H_ 19 | 20 | #include 21 | 22 | struct udp_hdr 23 | { 24 | u16 src; 25 | u16 dest; 26 | u16 len; 27 | u16 cksum; 28 | }; 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /lv2/graf/update_mgr_inspect_pkg.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | 27 | #define UPDATE_MGR_INSPECT_PKG_BASE 0x80000000133A0000ULL 28 | #define UPDATE_MGR_INSPECT_PKG_OFFSET 0x133A0000ULL 29 | #define UPDATE_MGR_INSPECT_PKG_PAGE_SIZE 12 30 | #define UPDATE_MGR_INSPECT_PKG_SIZE (1 << UPDATE_MGR_INSPECT_PKG_PAGE_SIZE) 31 | 32 | #define PKG_BASE 0x80000000133B0000ULL 33 | #define PKG_OFFSET 0x133B0000ULL 34 | #define PKG_PAGE_SIZE 12 35 | #define PKG_SIZE (16 << PKG_PAGE_SIZE) 36 | 37 | static int update_mgr_inspect_pkg_dump_status(u64 reques_id); 38 | 39 | int update_mgr_inspect_pkg(void) 40 | { 41 | #define N(a) (sizeof((a)) / sizeof((a)[0])) 42 | 43 | static const u64 subject_id[][2] = 44 | { 45 | { 0x1070000002000001, 0x10700003FF000001 }, 46 | { 0x1070000002000001, 0x0000000000000000 }, 47 | }; 48 | u64 vuart_lpar_addr, pkg_lpar_addr, muid, lpar_addr, ea_addr, nread, nwritten, val; 49 | u64 reques_id; 50 | void *msgbuf, *pkgbuf; 51 | struct dispmgr_header *dispmgr_header; 52 | struct ss_header *ss_header; 53 | struct ss_update_mgr_inspect_pkg *ss_update_mgr_inspect_pkg; 54 | int i, pkg_size, result; 55 | 56 | result = lv1_allocate_memory(UPDATE_MGR_INSPECT_PKG_SIZE, UPDATE_MGR_INSPECT_PKG_PAGE_SIZE, 57 | 0, 0, &vuart_lpar_addr, &muid); 58 | if (result != 0) 59 | return result; 60 | 61 | MM_LOAD_BASE(ea_addr, UPDATE_MGR_INSPECT_PKG_OFFSET); 62 | lpar_addr = vuart_lpar_addr; 63 | 64 | for (i = 0; i < UPDATE_MGR_INSPECT_PKG_SIZE >> 12; i++) 65 | { 66 | result = mm_insert_htab_entry(MM_EA2VA(ea_addr), lpar_addr, 0); 67 | if (result != 0) 68 | return result; 69 | 70 | ea_addr += (1 << 12); 71 | lpar_addr += (1 << 12); 72 | } 73 | 74 | result = lv1_allocate_memory(PKG_SIZE, PKG_PAGE_SIZE, 0, 0, &pkg_lpar_addr, &muid); 75 | if (result != 0) 76 | return result; 77 | 78 | MM_LOAD_BASE(ea_addr, PKG_OFFSET); 79 | lpar_addr = pkg_lpar_addr; 80 | 81 | for (i = 0; i < PKG_SIZE >> 12; i++) 82 | { 83 | result = mm_insert_htab_entry(MM_EA2VA(ea_addr), lpar_addr, 0); 84 | if (result != 0) 85 | return result; 86 | 87 | ea_addr += (1 << 12); 88 | lpar_addr += (1 << 12); 89 | } 90 | 91 | MM_LOAD_BASE(pkgbuf, PKG_OFFSET); 92 | 93 | pkg_size = gelic_recv_data(pkgbuf, PKG_SIZE); 94 | if (pkg_size <= 0) 95 | return pkg_size; 96 | 97 | MM_LOAD_BASE(msgbuf, UPDATE_MGR_INSPECT_PKG_OFFSET); 98 | 99 | for (i = 0; i < N(subject_id); i++) 100 | { 101 | memset(msgbuf, 0, UPDATE_MGR_INSPECT_PKG_SIZE); 102 | 103 | dispmgr_header = (struct dispmgr_header *) msgbuf; 104 | dispmgr_header->version = 1; 105 | dispmgr_header->function_id = 0x6000; 106 | dispmgr_header->request_size = 0x28; 107 | dispmgr_header->response_size = 0x100; 108 | 109 | ss_header = (struct ss_header *) (dispmgr_header + 1); 110 | ss_header->packet_id = 0x6002; 111 | ss_header->function_id = 0x6000; 112 | ss_header->laid = subject_id[i][0]; 113 | ss_header->paid = subject_id[i][1]; 114 | 115 | ss_update_mgr_inspect_pkg = 116 | (struct ss_update_mgr_inspect_pkg *) (ss_header + 1); 117 | ss_update_mgr_inspect_pkg->field0 = 1; 118 | ss_update_mgr_inspect_pkg->pkg_type = 9; 119 | ss_update_mgr_inspect_pkg->field10 = 0x9; 120 | ss_update_mgr_inspect_pkg->lpar_id = 2; 121 | ss_update_mgr_inspect_pkg->pkg_size = 1; 122 | *(u64 *) ss_update_mgr_inspect_pkg->pkg_data = pkg_lpar_addr; 123 | *(u64 *) (ss_update_mgr_inspect_pkg->pkg_data + 8) = pkg_size; 124 | 125 | dispmgr_header->request_size += sizeof(struct ss_update_mgr_inspect_pkg) + 0x20; 126 | 127 | result = lv1_write_virtual_uart(DISPMGR_VUART_PORT, vuart_lpar_addr, 128 | sizeof(struct dispmgr_header) + dispmgr_header->request_size, &nwritten); 129 | if (result < 0) 130 | return result; 131 | 132 | for (;;) 133 | { 134 | result = lv1_get_virtual_uart_param(DISPMGR_VUART_PORT, VUART_PARAM_RX_BYTES, &val); 135 | if (result < 0) 136 | return result; 137 | 138 | if (val != 0) 139 | break; 140 | } 141 | 142 | for (;;) 143 | { 144 | result = lv1_read_virtual_uart(DISPMGR_VUART_PORT, vuart_lpar_addr, 145 | UPDATE_MGR_INSPECT_PKG_SIZE, &nread); 146 | if (result != 0) 147 | return result; 148 | 149 | if (nread == 0) 150 | break; 151 | 152 | reques_id = *(u64 *) (ss_update_mgr_inspect_pkg->pkg_data + 0x18); 153 | 154 | result = gelic_xmit_data(gelic_bcast_mac_addr, 0xCAFE, msgbuf, nread); 155 | if (result < 0) 156 | return result; 157 | 158 | for (;;) 159 | { 160 | update_mgr_inspect_pkg_dump_status(reques_id); 161 | 162 | lv1_pause(0); 163 | } 164 | } 165 | } 166 | 167 | return 0; 168 | 169 | #undef N 170 | } 171 | 172 | static int update_mgr_inspect_pkg_dump_status(u64 reques_id) 173 | { 174 | u64 entries[7], v1, v2; 175 | int i, result; 176 | 177 | entries[0] = lv1_get_repository_node_value(REPO_NODE_LPAR_ID_PME, 178 | repo_node_key_ss_inspect_request[0], repo_node_key_ss_inspect_request[1], 179 | repo_node_key_ss_inspect_request[2], reques_id, 180 | &entries[5], &entries[6]); 181 | 182 | memcpy(&entries[1], repo_node_key_ss_inspect_request, 4 * 8); 183 | 184 | return gelic_xmit(gelic_bcast_mac_addr, 0xCAFE, entries, sizeof(entries)); 185 | } 186 | -------------------------------------------------------------------------------- /lv2/graf/update_mgr_inspect_pkg.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _UPDATE_MGR_INSPECT_PKG_H_ 18 | #define _UPDATE_MGR_INSPECT_PKG_H_ 19 | 20 | int upate_mgr_inspect_pkg(void); 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /lv2/graf/vas.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | 21 | unsigned long vas_get_id(void) 22 | { 23 | u64 id; 24 | 25 | lv1_get_logical_ppe_id(&id); 26 | lv1_get_virtual_address_space_id_of_ppe(id, &id); 27 | 28 | return id; 29 | } 30 | -------------------------------------------------------------------------------- /lv2/graf/vas.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _VAS_H_ 18 | #define _VAS_H_ 19 | 20 | unsigned long vas_get_id(void); 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /lv2/graf/vuart.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _VUART_H_ 18 | #define _VUART_H_ 19 | 20 | #define VUART_PARAM_TX_TRIGGER 0 21 | #define VUART_PARAM_RX_TRIGGER 1 22 | #define VUART_PARAM_INTERRUPT_MASK 2 23 | #define VUART_PARAM_RX_BUFSIZE 3 24 | #define VUART_PARAM_RX_BYTES 4 25 | #define VUART_PARAM_TX_BUFSIZE 5 26 | #define VUART_PARAM_TX_BYTES 6 27 | #define VUART_PARAM_INTERRUPT_STATUS 7 28 | 29 | #define VUART_INTERRUPT_MASK_TX 0x00000001 30 | #define VUART_INTERRUPT_MASK_RX 0x00000002 31 | #define VUART_INTERRUPT_MASK_DISCONNECT 0x00000004 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /lv2/graf/vuart_dispmgr.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | 26 | #define VUART_DISPMGR_BASE 0x80000000133A0000ULL 27 | #define VUART_DISPMGR_OFFSET 0x133A0000ULL 28 | #define VUART_DISPMGR_PAGE_SIZE 12 29 | #define VUART_DISPMGR_SIZE (1 << VUART_DISPMGR_PAGE_SIZE) 30 | 31 | int vuart_dispmgr(void) 32 | { 33 | #define N(a) (sizeof((a)) / sizeof((a)[0])) 34 | 35 | static u64 subject_id[][2] = 36 | { 37 | { 0x1070000002000001, 0x10700003FF000001 }, 38 | { 0x1070000002000001, 0x10700005FC000001 }, 39 | { 0x1070000002000001, 0x10700003FD000001 }, 40 | { 0x1070000002000001, 0x1070000300000001 }, 41 | }; 42 | u64 vuart_lpar_addr, muid, lpar_addr, ea_addr, nread, nwritten, val; 43 | void *msgbuf; 44 | struct dispmgr_header *dispmgr_header; 45 | struct ss_header *ss_header; 46 | struct ss_update_mgr_get_package_info *ss_update_mgr_get_package_info; 47 | int i, result; 48 | 49 | result = lv1_allocate_memory(VUART_DISPMGR_SIZE, VUART_DISPMGR_PAGE_SIZE, 50 | 0, 0, &vuart_lpar_addr, &muid); 51 | if (result != 0) 52 | return result; 53 | 54 | MM_LOAD_BASE(ea_addr, VUART_DISPMGR_OFFSET); 55 | lpar_addr = vuart_lpar_addr; 56 | 57 | for (i = 0; i < VUART_DISPMGR_SIZE >> 12; i++) 58 | { 59 | result = mm_insert_htab_entry(MM_EA2VA(ea_addr), lpar_addr, 0); 60 | if (result != 0) 61 | return result; 62 | 63 | ea_addr += (1 << 12); 64 | lpar_addr += (1 << 12); 65 | } 66 | 67 | MM_LOAD_BASE(msgbuf, VUART_DISPMGR_OFFSET); 68 | 69 | for (i = 0; i < N(subject_id); i++) 70 | { 71 | memset(msgbuf, 0, VUART_DISPMGR_SIZE); 72 | 73 | dispmgr_header = (struct dispmgr_header *) msgbuf; 74 | dispmgr_header->version = 1; 75 | dispmgr_header->function_id = 0x6000; 76 | dispmgr_header->request_size = 0x28; 77 | dispmgr_header->response_size = 0x100; 78 | 79 | ss_header = (struct ss_header *) (dispmgr_header + 1); 80 | memset(ss_header, 0, sizeof(struct ss_header)); 81 | ss_header->packet_id = 0x6003; 82 | ss_header->function_id = 0x6000; 83 | ss_header->laid = subject_id[i][0]; 84 | ss_header->paid = subject_id[i][1]; 85 | 86 | ss_update_mgr_get_package_info = 87 | (struct ss_update_mgr_get_package_info *) (ss_header + 1); 88 | memset(ss_update_mgr_get_package_info, 0, 89 | sizeof(struct ss_update_mgr_get_package_info)); 90 | ss_update_mgr_get_package_info->type = 1; 91 | 92 | dispmgr_header->request_size += sizeof(struct ss_update_mgr_get_package_info); 93 | 94 | result = lv1_write_virtual_uart(DISPMGR_VUART_PORT, vuart_lpar_addr, 95 | sizeof(struct dispmgr_header) + sizeof(struct ss_header) + 96 | sizeof(struct ss_update_mgr_get_package_info), &nwritten); 97 | if (result < 0) 98 | return result; 99 | 100 | for (;;) 101 | { 102 | result = lv1_get_virtual_uart_param(DISPMGR_VUART_PORT, VUART_PARAM_RX_BYTES, &val); 103 | if (result < 0) 104 | return result; 105 | 106 | if (val != 0) 107 | break; 108 | } 109 | 110 | for (;;) 111 | { 112 | result = lv1_read_virtual_uart(DISPMGR_VUART_PORT, vuart_lpar_addr, VUART_DISPMGR_SIZE, 113 | &nread); 114 | if (result < 0) 115 | return result; 116 | 117 | if (nread == 0) 118 | break; 119 | 120 | result = gelic_xmit_data(gelic_bcast_mac_addr, 0xCAFE, msgbuf, nread); 121 | if (result < 0) 122 | return result; 123 | } 124 | } 125 | 126 | return 0; 127 | 128 | #undef N 129 | } 130 | -------------------------------------------------------------------------------- /lv2/graf/vuart_dispmgr.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _VUART_DISPMGR_H_ 18 | #define _VUART_DISPMGR_H_ 19 | 20 | int vuart_dispmgr(void); 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /lv2/graf/vuart_sysmgr.c: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | 25 | #define VUART_SYSMGR_BASE 0x80000000133A0000ULL 26 | #define VUART_SYSMGR_OFFSET 0x133A0000ULL 27 | #define VUART_SYSMGR_PAGE_SIZE 12 28 | #define VUART_SYSMGR_SIZE (1 << VUART_SYSMGR_PAGE_SIZE) 29 | 30 | int vuart_sysmgr(void) 31 | { 32 | u64 lpar_addr, muid, nread, nwritten, val; 33 | void *msgbuf; 34 | struct sysmgr_header *header; 35 | struct sysmgr_ctrl_led *ctrl_led; 36 | struct sysmgr_ring_buzzer *ring_buzzer; 37 | int result; 38 | 39 | result = lv1_allocate_memory(VUART_SYSMGR_SIZE, VUART_SYSMGR_PAGE_SIZE, 40 | 0, 0, &lpar_addr, &muid); 41 | if (result != 0) 42 | return result; 43 | 44 | result = mm_insert_htab_entry(MM_EA2VA(VUART_SYSMGR_BASE), lpar_addr, 0); 45 | if (result != 0) 46 | return result; 47 | 48 | MM_LOAD_BASE(msgbuf, VUART_SYSMGR_OFFSET); 49 | 50 | header = (struct sysmgr_header *) msgbuf; 51 | memset(header, 0, sizeof(struct sysmgr_header)); 52 | header->version = 1; 53 | header->size = 16; 54 | header->payload_size = 16; 55 | header->sid = SYSMGR_SID_CTRL_LED; 56 | 57 | ctrl_led = (struct sysmgr_ctrl_led *) (header + 1); 58 | memset(ctrl_led, 0, sizeof(struct sysmgr_ctrl_led)); 59 | ctrl_led->field0 = 1; 60 | ctrl_led->field1 = 0; 61 | ctrl_led->field2 = 0xFF; 62 | ctrl_led->field4 = 0xFF; 63 | ctrl_led->field5 = 0xFF; 64 | 65 | result = lv1_write_virtual_uart(SYSMGR_VUART_PORT, 66 | lpar_addr, sizeof(struct sysmgr_header) + sizeof(struct sysmgr_ctrl_led), &nwritten); 67 | if (result < 0) 68 | return result; 69 | 70 | header = (struct sysmgr_header *) msgbuf; 71 | memset(header, 0, sizeof(struct sysmgr_header)); 72 | header->version = 1; 73 | header->size = 16; 74 | header->payload_size = 8; 75 | header->sid = SYSMGR_SID_RING_BUZZER; 76 | 77 | ring_buzzer = (struct sysmgr_ring_buzzer *) (header + 1); 78 | memset(ring_buzzer, 0, sizeof(struct sysmgr_ring_buzzer)); 79 | ring_buzzer->field1 = 0x29; 80 | ring_buzzer->field2 = 0x4; 81 | ring_buzzer->field4 = 0x6; 82 | 83 | result = lv1_write_virtual_uart(SYSMGR_VUART_PORT, 84 | lpar_addr, sizeof(struct sysmgr_header) + sizeof(struct sysmgr_ring_buzzer), &nwritten); 85 | if (result < 0) 86 | return result; 87 | 88 | for (;;) 89 | { 90 | result = lv1_get_virtual_uart_param(SYSMGR_VUART_PORT, VUART_PARAM_RX_BYTES, &val); 91 | if (result < 0) 92 | return result; 93 | 94 | if (val == 0) 95 | continue; 96 | 97 | result = lv1_read_virtual_uart(SYSMGR_VUART_PORT, lpar_addr, VUART_SYSMGR_SIZE, &nread); 98 | if (result < 0) 99 | return result; 100 | 101 | result = gelic_xmit_data(gelic_bcast_mac_addr, 0xCAFE, msgbuf, nread); 102 | if (result < 0) 103 | return result; 104 | } 105 | 106 | return 0; 107 | } 108 | -------------------------------------------------------------------------------- /lv2/graf/vuart_sysmgr.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * This program is free software; you can redistribute it and/or modify 4 | * it under the terms of the GNU General Public License as published by 5 | * the Free Software Foundation; version 2 of the License. 6 | * 7 | * This program is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 | * GNU General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU General Public License 13 | * along with this program; if not, write to the Free Software 14 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 15 | */ 16 | 17 | #ifndef _VUART_SYSMGR_H_ 18 | #define _VUART_SYSMGR_H_ 19 | 20 | int vuart_sysmgr(void); 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /lv2/kammy/crt0.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | uint64_t __start(); 4 | uint64_t start(); 5 | 6 | uint64_t _start(uint64_t rtoc) 7 | { 8 | uint64_t originalrtoc; 9 | asm("mr %0, %%r2":"=r"(originalrtoc):); 10 | asm("mr %%r2, %0"::"r"(rtoc)); 11 | uint64_t ret = __start(); 12 | asm("mr %%r2, %0"::"r"(originalrtoc)); 13 | return ret; 14 | } 15 | -------------------------------------------------------------------------------- /lv2/kammy/hooks.cpp: -------------------------------------------------------------------------------- 1 | #include "kammy_lv2.h" 2 | #include "lv2.h" 3 | 4 | extern u32 Kammy_Stub; 5 | extern u32 Kammy_Stub_Address; 6 | extern u32 Kammy_Stub_End; 7 | static void __Kammy_CreateHook(u32* stub32, u64 func) 8 | { 9 | memcpy(stub32, &Kammy_Stub, (&Kammy_Stub_End - &Kammy_Stub) * 4); 10 | stub32[0] = Kammy_Stub; 11 | stub32 += &Kammy_Stub_Address - &Kammy_Stub; 12 | stub32[0] |= ((func >> 48) & 0xFFFF); 13 | stub32[1] |= ((func >> 32) & 0xFFFF); 14 | stub32[3] |= ((func >> 16) & 0xFFFF); 15 | stub32[4] |= (func & 0xFFFF); 16 | } 17 | 18 | void Kammy_HookSyscall(u32 syscall, void* ptr) 19 | { 20 | u64* func = (u64*)ptr; 21 | u64* stub64 = (u64*)malloc(0x80); 22 | u32* stub32 = (u32*)(stub64 + 4); 23 | stub64[0] = (u64)stub32; 24 | stub64[1] = func[1]; 25 | stub64[2] = func[2]; 26 | 27 | __Kammy_CreateHook(stub32, (u64)ptr); 28 | 29 | ((u64*)LV2_SYSCALL_TABLE)[syscall] = (u64)stub64; 30 | } 31 | 32 | void Kammy_HookBranch(void* branch, void* ptr, bool lr) 33 | { 34 | u32* stub32 = (u32*)malloc(0x60); 35 | __Kammy_CreateHook(stub32, (u64)ptr); 36 | 37 | *(u32*)branch = 0x48000000 | (((u64)stub32 - (u64)branch) & 0x0BFFFFFC) | (lr ? 1 : 0); 38 | } 39 | 40 | -------------------------------------------------------------------------------- /lv2/kammy/main.cpp: -------------------------------------------------------------------------------- 1 | #include "lv2.h" 2 | #include "kammy_lv2.h" 3 | 4 | typedef u64 (*Subcall)(u64, u64, u64, u64, u64, u64, u64); 5 | Subcall SubcallTable[] = { 6 | (Subcall)Kammy_Version, 7 | (Subcall)Kammy_Alloc, 8 | (Subcall)Kammy_Dealloc, 9 | (Subcall)Kammy_Execute, 10 | (Subcall)Kammy_Memcpy, 11 | (Subcall)Kammy_HookSyscall, 12 | (Subcall)Kammy_HookBranch, 13 | (Subcall)Kammy_HookSubcall, 14 | (Subcall)Kammy_CallSubcall, 15 | (Subcall)Kammy_GetModules, 16 | (Subcall)Kammy_UnloadModule, 17 | (Subcall)Kammy_RegisterModule 18 | }; 19 | 20 | u64 Kammy_Handler(u64 subcall, u64 param1, u64 param2, u64 param3, u64 param4, u64 param5, u64 param6, u64 param7) 21 | { 22 | if (subcall >= KAMMY_SUBCALL_MAX) 23 | return KAMMY_ERROR_INVALID; 24 | return SubcallTable[subcall](param1, param2, param3, param4, param5, param6, param7); 25 | } 26 | 27 | u64 Kammy_Version() 28 | { 29 | return KAMMY_VERSION; 30 | } 31 | 32 | #define KAMMY_ALLOC_UNK 0x27 33 | void* Kammy_Alloc(u64 size) 34 | { 35 | return alloc(size, KAMMY_ALLOC_UNK); 36 | } 37 | void Kammy_Dealloc(void* addr) 38 | { 39 | dealloc(addr, KAMMY_ALLOC_UNK); 40 | } 41 | 42 | void Kammy_Memcpy(void* dest, void* src, u64 size) 43 | { 44 | memcpy(dest, src, size); 45 | } 46 | 47 | u64 Kammy_Execute(void* addr, u64 param1, u64 param2, u64 param3, u64 param4, u64 param5, u64 param6) 48 | { 49 | return ((Subcall)addr)(param1, param2, param3, param4, param5, param6, 0); 50 | } 51 | 52 | void RemoveMemoryProtection(); 53 | void __Init_Module(); 54 | 55 | extern "C" u64 start() 56 | { 57 | RemoveMemoryProtection(); 58 | Kammy_HookSyscall(KAMMY_SYSCALL, (void*)Kammy_Handler); 59 | __Init_Module(); 60 | return Kammy_Version(); 61 | } 62 | 63 | -------------------------------------------------------------------------------- /lv2/kammy/memprot.cpp: -------------------------------------------------------------------------------- 1 | #include "lv2.h" 2 | 3 | #define __memprotcpy_bl 10 4 | u32 __memprotcpy[] = { 5 | 0x28230000, // cmpldi r3,0 6 | 0x4182003c, // beq- 40 7 | 0x28240000, // cmpldi r4,0 8 | 0x41820034, // beq- 40 9 | 0x7c601b78, // mr r0,r3 10 | 0x7c832378, // mr r3,r4 11 | 0x7c040378, // mr r4,r0 12 | 0xf821ff81, // stdu r1,-128(r1) 13 | 0x7c0802a6, // mflr r0 14 | 0xf8010090, // std r0,144(r1) 15 | 0x48000001, // bl memcpy : 0x28 16 | 0xe8010090, // ld r0,144(r1) 17 | 0x38210080, // addi r1,r1,128 18 | 0x7c0803a6, // mtlr r0 19 | 0x38600000, // li r3,0 20 | 0x4e800020, // blr 21 | // fail: 22 | 0x38600001, // li r3,1 23 | 0x4e800020 // blr 24 | }; 25 | 26 | #define __memprotcpycount 2 27 | u64 __memprotcpyaddr[__memprotcpycount] = { 28 | 0x800000000000e050, // protmemcpy_chkdest 29 | 0x800000000000e26c // protmemcpy_chksrc 30 | }; 31 | 32 | #define MEMCPY 0x800000000007c01c 33 | void RemoveMemoryProtection() 34 | { 35 | for (int i = 0; i < __memprotcpycount; i++) { 36 | __memprotcpy[__memprotcpy_bl] = 0x48000001 | (u32)(MEMCPY - (__memprotcpyaddr[i] + __memprotcpy_bl * 4)); 37 | memcpy((void*)__memprotcpyaddr[i], __memprotcpy, sizeof(__memprotcpy)); 38 | } 39 | // *(u32*)0x800000000006D834 = 0x4e800020; // Partially a problem 40 | } 41 | -------------------------------------------------------------------------------- /lv2/kammy/module.cpp: -------------------------------------------------------------------------------- 1 | #include "kammy_lv2.h" 2 | 3 | #include "list.h" 4 | 5 | typedef u64 (*Subcall)(u64, u64, u64, u64, u64, u64); 6 | typedef Pair SubcallPair; 7 | typedef List CustomSubcallList; 8 | CustomSubcallList* CustomSubcalls; 9 | 10 | static Subcall GetSubcall(u64 subcall) { 11 | for (CustomSubcallList::Iterator iter = CustomSubcalls->Begin(); iter != CustomSubcalls->End(); iter++) { 12 | if (iter->Key == subcall) 13 | return iter->Value; 14 | } 15 | return NULL; 16 | } 17 | 18 | void __Init_Module() 19 | { 20 | CustomSubcalls = new CustomSubcallList(); 21 | } 22 | 23 | s64 Kammy_HookSubcall(u64 subcall, void* func) 24 | { 25 | for (CustomSubcallList::Iterator iter = CustomSubcalls->Begin(); iter != CustomSubcalls->End(); iter++) { 26 | if (iter->Key == subcall) { 27 | iter->Value = (Subcall)func; 28 | return KAMMY_ERROR_OK; 29 | } 30 | } 31 | CustomSubcalls->Add(SubcallPair(subcall, (Subcall)func)); 32 | return KAMMY_ERROR_OK; 33 | } 34 | 35 | u64 Kammy_CallSubcall(u64 subcall, u64 param1, u64 param2, u64 param3, u64 param4, u64 param5, u64 param6) 36 | { 37 | Subcall func = GetSubcall(subcall); 38 | if (func) 39 | return func(param1, param2, param3, param4, param5, param6); 40 | return KAMMY_ERROR; 41 | } 42 | 43 | s64 Kammy_GetModules(void** buffer, u64* size) 44 | { 45 | return KAMMY_ERROR_UNIMPLEMENTED; 46 | } 47 | 48 | s64 Kammy_UnloadModule(void* base) 49 | { 50 | return KAMMY_ERROR_UNIMPLEMENTED; 51 | } 52 | 53 | s64 Kammy_RegisterModule(void* base) 54 | { 55 | return KAMMY_ERROR_UNIMPLEMENTED; 56 | } 57 | 58 | -------------------------------------------------------------------------------- /lv2/kammy/stub.S: -------------------------------------------------------------------------------- 1 | .global Kammy_Stub 2 | .global Kammy_Stub_Address 3 | .global Kammy_Stub_End 4 | Kammy_Stub: 5 | mflr %r0 6 | std %r0, 0x10(%r1) 7 | stdu %r1, -0x80(%r1) 8 | std %r2, 0x70(%r1) 9 | Kammy_Stub_Address: 10 | lis %r2, 0 11 | ori %r2, %r2, 0 12 | sldi %r2, %r2, 32 13 | oris %r2, %r2, 0 14 | ori %r2, %r2, 0 15 | ld %r0, 0x00(%r2) 16 | ld %r2, 0x08(%r2) 17 | mtctr %r0 18 | bctrl 19 | ld %r2, 0x70(%r1) 20 | addi %r1, %r1, 0x80 21 | ld %r0, 0x10(%r1) 22 | mtlr %r0 23 | blr 24 | Kammy_Stub_End: 25 | nop 26 | --------------------------------------------------------------------------------