diff --git a/.gitmodules b/.gitmodules index 0ff076c..3a8f03d 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,6 @@ [submodule "ps4-payload-sdk"] path = ps4-payload-sdk - url = https://github.com/xvortex/ps4-payload-sdk.git + url = https://github.com/GiantPluto/ps4-payload-sdk.git [submodule "ps4-ksdk"] path = ps4-ksdk - url = https://github.com/xemio/ps4-ksdk.git + url = https://github.com/GiantPluto/ps4-ksdk.git diff --git a/README.md b/README.md index c5ed6e0..d24d8c8 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# ps4debug +# ps4debug for 6.72 This is a debugger for the PlayStation 4. Yes thats right! Look around and you will find some very useful tools online or on the PS4 Source Discord channel. Anything is possible, except kernel mode debugging, which I decided to leave out. ### Quickstart Guide @@ -16,5 +16,13 @@ Please look at the libdebug folder for a library to use with this payload. ### Contributing If you want to contribute, then feel free to make a pull request or open an issue with a bug that you have found! I am always in need of people to test for me. Join the PS4 Source Discord and look for golden. Also I need someone that is good at writing to spiff up this readme document. I am always in need of people to do work! It seems like I do everything... -##### Created by **golden** -###### Shout out to ChendoChap, berkayylmao, 2much4u, idc, and zecoxao! +### Created by **golden** + +### Contributors + +- ChendoChap - For his intial work till 5.05 and his guidance during 6.72 porting on ptrace +- berkayylmao +- 2much4u +- idc +- zecoxao +- DeathRGH - For second [ptrace](https://github.com/GiantPluto/ps4debug/blob/457c2bf5468329e68a272b5f1e1ab88957f5f2d8/installer/source/installer.c#L53) patch for 6.72 diff --git a/debugger/include/ptrace.h b/debugger/include/ptrace.h index 091a330..076463b 100644 --- a/debugger/include/ptrace.h +++ b/debugger/include/ptrace.h @@ -91,13 +91,6 @@ #define SIGUSR1 30 /* user defined signal 1 */ #define SIGUSR2 31 /* user defined signal 2 */ -struct ptrace_io_desc { - int piod_op; /* I/O operation */ - void *piod_offs; /* child offset */ - void *piod_addr; /* parent offset */ - uint64_t piod_len; /* request length */ -}; - TYPE_BEGIN(struct ptrace_lwpinfo, 0x98); TYPE_FIELD(uint32_t pl_lwpid, 0); TYPE_FIELD(char pl_tdname[24], 0x80); diff --git a/debugger/source/console.c b/debugger/source/console.c index ab98cea..1f16fb2 100644 --- a/debugger/source/console.c +++ b/debugger/source/console.c @@ -78,8 +78,8 @@ int console_notify_handle(int fd, struct cmd_packet *packet) { } int console_info_handle(int fd, struct cmd_packet *packet) { - struct cmd_console_info_response resp; - size_t len; + //struct cmd_console_info_response resp; + //size_t len; //extern int (*sysctl)(int *name, unsigned int namelen, char *oldval, size_t *oldlen, char *newval, size_t newlen); //extern int (*sysctlbyname)(char *name, char *oldval, size_t *oldlen, char *newval, size_t newlen); diff --git a/debugger/source/main.c b/debugger/source/main.c index 2a458ac..674b8af 100644 --- a/debugger/source/main.c +++ b/debugger/source/main.c @@ -19,7 +19,7 @@ int _main(void) { sceKernelSleep(2); // just a little notify - sceSysUtilSendSystemNotificationWithText(222, "ps4debug by golden"); + sceSysUtilSendSystemNotificationWithText(222, "ps4debug by golden\n 6.72 port by GiantPluto"); // jailbreak current thread sys_console_cmd(SYS_CONSOLE_CMD_JAILBREAK, NULL); diff --git a/debugger/source/proc.c b/debugger/source/proc.c index 69212af..294ae14 100644 --- a/debugger/source/proc.c +++ b/debugger/source/proc.c @@ -2,7 +2,7 @@ // 6/12/2018 // -#include "proc.h" +#include "include/proc.h" int proc_list_handle(int fd, struct cmd_packet *packet) { void *data; diff --git a/installer/Makefile b/installer/Makefile index 32eb319..382479e 100644 --- a/installer/Makefile +++ b/installer/Makefile @@ -1,8 +1,5 @@ KSDK := ../ps4-ksdk/ -TEXT := 0x926200000 -DATA := 0x926300000 - CC := gcc AS := gcc OBJCOPY := objcopy @@ -10,9 +7,10 @@ ODIR := build SDIR := source IDIRS := -I$(KSDK)/include -I. -Iinclude LDIRS := -L$(KSDK) -L. -Llib -CFLAGS := $(IDIRS) -O2 -std=c11 -fno-builtin -nostartfiles -nostdlib -Wall -masm=intel -march=btver2 -mtune=btver2 -m64 -mabi=sysv -mcmodel=large -DTEXT_ADDRESS=$(TEXT) -DDATA_ADDRESS=$(DATA) +MAPFILE := $(shell basename $(CURDIR)).map +CFLAGS := $(IDIRS) -Os -std=gnu11 -ffunction-sections -fdata-sections -fno-builtin -nostartfiles -nostdlib -Wall -masm=intel -march=btver2 -mtune=btver2 -m64 -mabi=sysv -mcmodel=small -fpie SFLAGS := -nostartfiles -nostdlib -march=btver2 -mtune=btver2 -LFLAGS := $(LDIRS) -Xlinker -T linker.x -Wl,--build-id=none -Ttext=$(TEXT) -Tdata=$(DATA) +LFLAGS := $(LDIRS) -Xlinker -T linker.x -Wl,--build-id=none -Wl,--gc-sections CFILES := $(wildcard $(SDIR)/*.c) SFILES := $(wildcard $(SDIR)/*.s) OBJS := $(patsubst $(SDIR)/%.c, $(ODIR)/%.o, $(CFILES)) $(patsubst $(SDIR)/%.s, $(ODIR)/%.o, $(SFILES)) diff --git a/installer/source/installer.c b/installer/source/installer.c index 21fd218..16855e5 100644 --- a/installer/source/installer.c +++ b/installer/source/installer.c @@ -27,39 +27,37 @@ void patch_kernel() { uint64_t kernbase = get_kbase(); // patch memcpy first - *(uint8_t *)(kernbase + 0x1EA53D) = 0xEB; + *(uint8_t *)(kernbase + 0x003C15BD) = 0xEB; // patch sceSblACMgrIsAllowedSystemLevelDebugging - memcpy((void *)(kernbase + 0x11730), "\x48\xC7\xC0\x01\x00\x00\x00\xC3", 8); + memcpy((void *)(kernbase + 0x00233BD0), "\x48\xC7\xC0\x01\x00\x00\x00\xC3", 8); // patch sceSblACMgrHasMmapSelfCapability - memcpy((void *)(kernbase + 0x117B0), "\x48\xC7\xC0\x01\x00\x00\x00\xC3", 8); + memcpy((void *)(kernbase + 0x00233C40), "\x48\xC7\xC0\x01\x00\x00\x00\xC3", 8); // patch sceSblACMgrIsAllowedToMmapSelf - memcpy((void *)(kernbase + 0x117C0), "\x48\xC7\xC0\x01\x00\x00\x00\xC3", 8); + memcpy((void *)(kernbase + 0x00233C50), "\x48\xC7\xC0\x01\x00\x00\x00\xC3", 8); // disable sysdump_perform_dump_on_fatal_trap // will continue execution and give more information on crash, such as rip - *(uint8_t *)(kernbase + 0x7673E0) = 0xC3; + *(uint8_t *)(kernbase + 0x00784120) = 0xC3; // self patches - memcpy((void *)(kernbase + 0x13F03F), "\x31\xC0\x90\x90\x90", 5); + memcpy((void *)(kernbase + 0x000AD2E4), "\x31\xC0\x90\x90\x90", 5); // patch vm_map_protect check - memcpy((void *)(kernbase + 0x1A3C08), "\x90\x90\x90\x90\x90\x90", 6); + memcpy((void *)(kernbase + 0x00451DB8), "\x90\x90\x90\x90\x90\x90", 6); - // patch ptrace, thanks 2much4u - *(uint8_t *)(kernbase + 0x30D9AA) = 0xEB; + // patch ptrace + *(uint8_t *)(kernbase + 0x0010F879) = 0xEB; + memcpy((void *)(kernbase + 0x10FD22), "\xE9\xE2\x02\x00\x00", 5); - // remove all these bullshit checks from ptrace, by golden - memcpy((void *)(kernbase + 0x30DE01), "\xE9\xD0\x00\x00\x00", 5); - - // patch ASLR, thanks 2much4u - *(uint16_t *)(kernbase + 0x194875) = 0x9090; + // disable ASLR + *(uint8_t *)(kernbase + 0x003CECE1) = 0xEB; // patch kmem_alloc - *(uint8_t *)(kernbase + 0xFCD48) = VM_PROT_ALL; - *(uint8_t *)(kernbase + 0xFCD56) = VM_PROT_ALL; + *(uint8_t *)(kernbase + 0x002507F5) = VM_PROT_ALL; + *(uint8_t *)(kernbase + 0x00250803) = VM_PROT_ALL; cpu_enable_wp(); } @@ -145,7 +143,7 @@ int load_debugger() { int runinstaller() { init_ksdk(); - // enable uart + //// enable uart *disable_console_output = 0; ascii_art(); diff --git a/installer/source/proc.c b/installer/source/proc.c index d0b1c5c..6ae0cca 100644 --- a/installer/source/proc.c +++ b/installer/source/proc.c @@ -266,25 +266,25 @@ int proc_create_thread(struct proc *p, uint64_t address) { } if (!memcmp(entries[i].name, "libkernel.sprx", 14)) { - _scePthreadAttrInit = entries[i].start + 0x12660; - _scePthreadAttrSetstacksize = entries[i].start + 0x12680; - _scePthreadCreate = entries[i].start + 0x12AA0; - _thr_initial = entries[i].start + 0x84C20; + _scePthreadAttrInit = entries[i].start + 0x00013A40; + _scePthreadAttrSetstacksize = entries[i].start + 0x00013A60; + _scePthreadCreate = entries[i].start + 0x00013E80; + _thr_initial = entries[i].start + 0x00435420; break; } if (!memcmp(entries[i].name, "libkernel_web.sprx", 18)) { - _scePthreadAttrInit = entries[i].start + 0x1E730; - _scePthreadAttrSetstacksize = entries[i].start + 0xFA80; - _scePthreadCreate = entries[i].start + 0x98C0; - _thr_initial = entries[i].start + 0x84C20; + _scePthreadAttrInit = entries[i].start + 0x0001FD20; + _scePthreadAttrSetstacksize = entries[i].start + 0x00010540; + _scePthreadCreate = entries[i].start + 0x0000A0F0; + _thr_initial = entries[i].start + 0x00435420; break; } if (!memcmp(entries[i].name, "libkernel_sys.sprx", 18)) { - _scePthreadAttrInit = entries[i].start + 0x13190; - _scePthreadAttrSetstacksize = entries[i].start + 0x131B0; - _scePthreadCreate = entries[i].start + 0x135D0; - _thr_initial = entries[i].start + 0x89030; + _scePthreadAttrInit = entries[i].start + 0x00014570; + _scePthreadAttrSetstacksize = entries[i].start + 0x00014590; + _scePthreadCreate = entries[i].start + 0x000149B0; + _thr_initial = entries[i].start + 0x00435830; break; } } diff --git a/kdebugger/source/proc.c b/kdebugger/source/proc.c index 3108d4f..fdf453c 100644 --- a/kdebugger/source/proc.c +++ b/kdebugger/source/proc.c @@ -269,25 +269,25 @@ int proc_create_thread(struct proc *p, uint64_t address) { } if (!memcmp(entries[i].name, "libkernel.sprx", 14)) { - _scePthreadAttrInit = entries[i].start + 0x12660; - _scePthreadAttrSetstacksize = entries[i].start + 0x12680; - _scePthreadCreate = entries[i].start + 0x12AA0; - _thr_initial = entries[i].start + 0x84C20; + _scePthreadAttrInit = entries[i].start + 0x00013A40; + _scePthreadAttrSetstacksize = entries[i].start + 0x00013A60; + _scePthreadCreate = entries[i].start + 0x00013E80; + _thr_initial = entries[i].start + 0x00435420; break; } if (!memcmp(entries[i].name, "libkernel_web.sprx", 18)) { - _scePthreadAttrInit = entries[i].start + 0x1E730; - _scePthreadAttrSetstacksize = entries[i].start + 0xFA80; - _scePthreadCreate = entries[i].start + 0x98C0; - _thr_initial = entries[i].start + 0x84C20; + _scePthreadAttrInit = entries[i].start + 0x0001FD20; + _scePthreadAttrSetstacksize = entries[i].start + 0x00010540; + _scePthreadCreate = entries[i].start + 0x0000A0F0; + _thr_initial = entries[i].start + 0x00435420; break; } if (!memcmp(entries[i].name, "libkernel_sys.sprx", 18)) { - _scePthreadAttrInit = entries[i].start + 0x13190; - _scePthreadAttrSetstacksize = entries[i].start + 0x131B0; - _scePthreadCreate = entries[i].start + 0x135D0; - _thr_initial = entries[i].start + 0x89030; + _scePthreadAttrInit = entries[i].start + 0x00014570; + _scePthreadAttrSetstacksize = entries[i].start + 0x00014590; + _scePthreadCreate = entries[i].start + 0x000149B0; + _thr_initial = entries[i].start + 0x00435830; break; } } diff --git a/ps4-ksdk b/ps4-ksdk index 81e7838..360fb0c 160000 --- a/ps4-ksdk +++ b/ps4-ksdk @@ -1 +1 @@ -Subproject commit 81e7838ec9facbefdfffac51261f74bf02456133 +Subproject commit 360fb0c89a64ce04ace50ca6f0fc6ad806114ea5 diff --git a/ps4-payload-sdk b/ps4-payload-sdk index e6f009d..3c7b1aa 160000 --- a/ps4-payload-sdk +++ b/ps4-payload-sdk @@ -1 +1 @@ -Subproject commit e6f009de39f7d7f70280ce7f9c3eafdbab568cb5 +Subproject commit 3c7b1aaf6db6a93a35cc765543cc92a4760cc260