Post: VitaShell Now Ported To 3.67! *MAYBE HENKAKU 3.67 Soon?*
02-17-2018, 07:03 PM #1
Jxstinian
Pokemon Trainer
(adsbygoogle = window.adsbygoogle || []).push({});
VitaShell Now Ported To 3.67! *MAYBE HENKAKU 3.67 Soon?*


Hey NGU, there has been alot of buzz thats been going on in the Vita scene. As many Vita Henkaku users know You must login or register to view this content. and many of his projects such as VitaShell. Today TheOfficialFloW has ported VitaShell to firmware 3.67, which is pretty big. Alot of speculation is going around wondering if there will be an "Henkaku 3.67" coming very soon due to this port! This is big news for the community due to alot of users want to play 3.61+ Games and as for us trophy modders, there is so many games out there above 3.61 that we can collect! As of right now you can check out You must login or register to view this content.to see the new founded changes! I will try to keep this post updated I will also add the new changes to the original source code, this code wasn't created by me and all credit goes to TheOfficialFloW and whoever else who worked on this project!

Raw Paste For The Most Recent Version to VitaShell:

modules/kernel/main.c:

#include <psp2kern/kernel/cpu.h>
#include <psp2kern/kernel/modulemgr.h>
#include <psp2kern/kernel/sysmem.h>
#include <psp2kern/io/fcntl.h>

#include <stdio.h>
#include <string.h>

#include <taihen.h>

#define MOUNT_POINT_ID 0x800

int module_get_offset(SceUID pid, SceUID modid, int segidx, size_t offset, uintptr_t *addr);

typedef struct {
const char *dev;
const char *dev2;
const char *blkdev;
const char *blkdev2;
int id;
} SceIoDevice;

typedef struct {
int id;
const char *dev_unix;
int unk;
int dev_major;
int dev_minor;
const char *dev_filesystem;
int unk2;
SceIoDevice *dev;
int unk3;
SceIoDevice *dev2;
int unk4;
int unk5;
int unk6;
int unk7;
} SceIoMountPoint;

static SceIoDevice uma_ux0_dev = { "ux0:", "exfatux0", "sdstor0:uma-pp-act-a", "sdstor0:uma-lp-act-entire", MOUNT_POINT_ID };

static SceIoMountPoint *(* sceIoFindMountPoint)(int id) = NULL;

static SceIoDevice *ori_dev = NULL, *ori_dev2 = NULL;

static SceUID hookid = -1;

static tai_hook_ref_t ksceSysrootIsSafeModeRef;

static tai_hook_ref_t ksceSblAimgrIsDolceRef;

static int ksceSysrootIsSafeModePatched() {
return 1;
}

static int ksceSblAimgrIsDolcePatched() {
return 1;
}

int shellKernelIsUx0Redirected() {
uint32_t state;
ENTER_SYSCALL(state);

SceIoMountPoint *mount = sceIoFindMountPoint(MOUNT_POINT_ID);
if (!mount) {
EXIT_SYSCALL(state);
return -1;
}

if (mount->dev == &uma_ux0_dev && mount->dev2 == &uma_ux0_dev) {
EXIT_SYSCALL(state);
return 1;
}

EXIT_SYSCALL(state);
return 0;
}

int shellKernelRedirectUx0() {
uint32_t state;
ENTER_SYSCALL(state);

SceIoMountPoint *mount = sceIoFindMountPoint(MOUNT_POINT_ID);
if (!mount) {
EXIT_SYSCALL(state);
return -1;
}

if (mount->dev != &uma_ux0_dev && mount->dev2 != &uma_ux0_dev) {
ori_dev = mount->dev;
ori_dev2 = mount->dev2;
}

mount->dev = &uma_ux0_dev;
mount->dev2 = &uma_ux0_dev;

EXIT_SYSCALL(state);
return 0;
}

int shellKernelUnredirectUx0() {
uint32_t state;
ENTER_SYSCALL(state);

SceIoMountPoint *mount = sceIoFindMountPoint(MOUNT_POINT_ID);
if (!mount) {
EXIT_SYSCALL(state);
return -1;
}

if (ori_dev && ori_dev2) {
mount->dev = ori_dev;
mount->dev2 = ori_dev2;

ori_dev = NULL;
ori_dev2 = NULL;
}

EXIT_SYSCALL(state);
return 0;
}

void _start() __attribute__ ((weak, alias("module_start")));
int module_start(SceSize args, void *argp) {
SceUID tmp1, tmp2;
// Get tai module info
tai_module_info_t info;
info.size = sizeof(tai_module_info_t);
if (taiGetModuleInfoForKernel(KERNEL_PID, "SceIofilemgr", &info) < 0)
return SCE_KERNEL_START_SUCCESS;

// Get important function
switch (info.module_nid) {
case 0x9642948C: // 3.60 retail
module_get_offset(KERNEL_PID, info.modid, 0, 0x138C1, (uintptr_t *)&sceIoFindMountPoint);
break;

case 0x3347A95F: // 3.67 retail
module_get_offset(KERNEL_PID, info.modid, 0, 0x182F5, (uintptr_t *)&sceIoFindMountPoint);
break;

default:
return SCE_KERNEL_START_SUCCESS;
}

// Fake safe mode so that SceUsbMass can be loaded
tmp1 = taiHookFunctionExportForKernel(KERNEL_PID, &ksceSysrootIsSafeModeRef, "SceSysmem", 0x2ED7F97A, 0x834439A7, ksceSysrootIsSafeModePatched);
if (tmp1 < 0)
return SCE_KERNEL_START_SUCCESS;
// this patch is only needed on handheld units
tmp2 = taiHookFunctionExportForKernel(KERNEL_PID, &ksceSblAimgrIsDolceRef, "SceSysmem", 0xFD00C69A, 0x71608CA3, ksceSblAimgrIsDolcePatched);
if (tmp2 < 0)
return SCE_KERNEL_START_SUCCESS;

// Load SceUsbMass
SceUID modid = ksceKernelLoadStartModule("ux0:VitaShell/module/umass.skprx", 0, NULL, 0, NULL, NULL);

// Release patch
taiHookReleaseForKernel(tmp1, ksceSysrootIsSafeModeRef);
taiHookReleaseForKernel(tmp2, ksceSblAimgrIsDolceRef);

// Check result
if (modid < 0)
return SCE_KERNEL_START_SUCCESS;

// Fake safe mode in SceUsbServ
hookid = taiHookFunctionImportForKernel(KERNEL_PID, &ksceSysrootIsSafeModeRef, "SceUsbServ", 0x2ED7F97A, 0x834439A7, ksceSysrootIsSafeModePatched);

return SCE_KERNEL_START_SUCCESS;
}

int module_stop(SceSize args, void *argp) {
if (hookid >= 0)
taiHookReleaseForKernel(hookid, ksceSysrootIsSafeModeRef);

return SCE_KERNEL_STOP_SUCCESS;
}
Last edited by Jxstinian ; 02-17-2018 at 09:58 PM. Reason: Added link to thread!

The following 2 users say thank you to Jxstinian for this useful post:

Frosty, Wosley
02-17-2018, 07:06 PM #2
Wosley
Discord: Wosley#6447
Originally posted by Jxstinian View Post
VitaShell Now Ported To 3.67! *MAYBE HENKAKU 3.67 Soon?*


Hey NGU, there has been alot of buzz thats been going on in the Vita scene. As many Vita Henkaku users know You must login or register to view this content. and many of his projects such as VitaShell. Today TheOfficialFloW has ported VitaShell to firmware 3.67, which is pretty big. Alot of speculation is going around wondering if there will be an "Henkaku 3.67" coming very soon due to this port! This is big news for the community due to alot of users want to play 3.61+ Games and as for us trophy modders, there is so many games out there above 3.61 that we can collect! As of right now you can check out TheOfficialFloW VitaShell Github to see the new founded changes! I will try to keep this post updated I will also add the new changes to the original source code, this code wasn't created by me and all credit goes to TheOfficialFloW and whoever else who worked on this project!

Raw Paste For The Most Recent Version to VitaShell:

modules/kernel/main.c:

#include <psp2kern/kernel/cpu.h>
#include <psp2kern/kernel/modulemgr.h>
#include <psp2kern/kernel/sysmem.h>
#include <psp2kern/io/fcntl.h>

#include <stdio.h>
#include <string.h>

#include <taihen.h>

#define MOUNT_POINT_ID 0x800

int module_get_offset(SceUID pid, SceUID modid, int segidx, size_t offset, uintptr_t *addr);

typedef struct {
const char *dev;
const char *dev2;
const char *blkdev;
const char *blkdev2;
int id;
} SceIoDevice;

typedef struct {
int id;
const char *dev_unix;
int unk;
int dev_major;
int dev_minor;
const char *dev_filesystem;
int unk2;
SceIoDevice *dev;
int unk3;
SceIoDevice *dev2;
int unk4;
int unk5;
int unk6;
int unk7;
} SceIoMountPoint;

static SceIoDevice uma_ux0_dev = { "ux0:", "exfatux0", "sdstor0:uma-pp-act-a", "sdstor0:uma-lp-act-entire", MOUNT_POINT_ID };

static SceIoMountPoint *(* sceIoFindMountPoint)(int id) = NULL;

static SceIoDevice *ori_dev = NULL, *ori_dev2 = NULL;

static SceUID hookid = -1;

static tai_hook_ref_t ksceSysrootIsSafeModeRef;

static tai_hook_ref_t ksceSblAimgrIsDolceRef;

static int ksceSysrootIsSafeModePatched() {
return 1;
}

static int ksceSblAimgrIsDolcePatched() {
return 1;
}

int shellKernelIsUx0Redirected() {
uint32_t state;
ENTER_SYSCALL(state);

SceIoMountPoint *mount = sceIoFindMountPoint(MOUNT_POINT_ID);
if (!mount) {
EXIT_SYSCALL(state);
return -1;
}

if (mount->dev == &uma_ux0_dev && mount->dev2 == &uma_ux0_dev) {
EXIT_SYSCALL(state);
return 1;
}

EXIT_SYSCALL(state);
return 0;
}

int shellKernelRedirectUx0() {
uint32_t state;
ENTER_SYSCALL(state);

SceIoMountPoint *mount = sceIoFindMountPoint(MOUNT_POINT_ID);
if (!mount) {
EXIT_SYSCALL(state);
return -1;
}

if (mount->dev != &uma_ux0_dev && mount->dev2 != &uma_ux0_dev) {
ori_dev = mount->dev;
ori_dev2 = mount->dev2;
}

mount->dev = &uma_ux0_dev;
mount->dev2 = &uma_ux0_dev;

EXIT_SYSCALL(state);
return 0;
}

int shellKernelUnredirectUx0() {
uint32_t state;
ENTER_SYSCALL(state);

SceIoMountPoint *mount = sceIoFindMountPoint(MOUNT_POINT_ID);
if (!mount) {
EXIT_SYSCALL(state);
return -1;
}

if (ori_dev && ori_dev2) {
mount->dev = ori_dev;
mount->dev2 = ori_dev2;

ori_dev = NULL;
ori_dev2 = NULL;
}

EXIT_SYSCALL(state);
return 0;
}

void _start() __attribute__ ((weak, alias("module_start")));
int module_start(SceSize args, void *argp) {
SceUID tmp1, tmp2;
// Get tai module info
tai_module_info_t info;
info.size = sizeof(tai_module_info_t);
if (taiGetModuleInfoForKernel(KERNEL_PID, "SceIofilemgr", &info) < 0)
return SCE_KERNEL_START_SUCCESS;

// Get important function
switch (info.module_nid) {
case 0x9642948C: // 3.60 retail
module_get_offset(KERNEL_PID, info.modid, 0, 0x138C1, (uintptr_t *)&sceIoFindMountPoint);
break;

case 0x3347A95F: // 3.67 retail
module_get_offset(KERNEL_PID, info.modid, 0, 0x182F5, (uintptr_t *)&sceIoFindMountPoint);
break;

default:
return SCE_KERNEL_START_SUCCESS;
}

// Fake safe mode so that SceUsbMass can be loaded
tmp1 = taiHookFunctionExportForKernel(KERNEL_PID, &ksceSysrootIsSafeModeRef, "SceSysmem", 0x2ED7F97A, 0x834439A7, ksceSysrootIsSafeModePatched);
if (tmp1 < 0)
return SCE_KERNEL_START_SUCCESS;
// this patch is only needed on handheld units
tmp2 = taiHookFunctionExportForKernel(KERNEL_PID, &ksceSblAimgrIsDolceRef, "SceSysmem", 0xFD00C69A, 0x71608CA3, ksceSblAimgrIsDolcePatched);
if (tmp2 < 0)
return SCE_KERNEL_START_SUCCESS;

// Load SceUsbMass
SceUID modid = ksceKernelLoadStartModule("ux0:VitaShell/module/umass.skprx", 0, NULL, 0, NULL, NULL);

// Release patch
taiHookReleaseForKernel(tmp1, ksceSysrootIsSafeModeRef);
taiHookReleaseForKernel(tmp2, ksceSblAimgrIsDolceRef);

// Check result
if (modid < 0)
return SCE_KERNEL_START_SUCCESS;

// Fake safe mode in SceUsbServ
hookid = taiHookFunctionImportForKernel(KERNEL_PID, &ksceSysrootIsSafeModeRef, "SceUsbServ", 0x2ED7F97A, 0x834439A7, ksceSysrootIsSafeModePatched);

return SCE_KERNEL_START_SUCCESS;
}

int module_stop(SceSize args, void *argp) {
if (hookid >= 0)
taiHookReleaseForKernel(hookid, ksceSysrootIsSafeModeRef);

return SCE_KERNEL_STOP_SUCCESS;
}


Nice work man Smile

i like to see that your very active in the vita scene in general + on ngu

The following user thanked Wosley for this useful post:

Jxstinian
02-17-2018, 09:24 PM #3
Originally posted by Jxstinian View Post
VitaShell Now Ported To 3.67! *MAYBE HENKAKU 3.67 Soon?*



Hey NGU, there has been alot of buzz thats been going on in the Vita scene. As many Vita Henkaku users know You must login or register to view this content. and many of his projects such as VitaShell. Today TheOfficialFloW has ported VitaShell to firmware 3.67, which is pretty big. Alot of speculation is going around wondering if there will be an "Henkaku 3.67" coming very soon due to this port! This is big news for the community due to alot of users want to play 3.61+ Games and as for us trophy modders, there is so many games out there above 3.61 that we can collect! As of right now you can check out TheOfficialFloW VitaShell Github to see the new founded changes! I will try to keep this post updated I will also add the new changes to the original source code, this code wasn't created by me and all credit goes to TheOfficialFloW and whoever else who worked on this project!

Raw Paste For The Most Recent Version to VitaShell:

modules/kernel/main.c:

#include <psp2kern/kernel/cpu.h>
#include <psp2kern/kernel/modulemgr.h>
#include <psp2kern/kernel/sysmem.h>
#include <psp2kern/io/fcntl.h>

#include <stdio.h>
#include <string.h>

#include <taihen.h>

#define MOUNT_POINT_ID 0x800

int module_get_offset(SceUID pid, SceUID modid, int segidx, size_t offset, uintptr_t *addr);

typedef struct {
const char *dev;
const char *dev2;
const char *blkdev;
const char *blkdev2;
int id;
} SceIoDevice;

typedef struct {
int id;
const char *dev_unix;
int unk;
int dev_major;
int dev_minor;
const char *dev_filesystem;
int unk2;
SceIoDevice *dev;
int unk3;
SceIoDevice *dev2;
int unk4;
int unk5;
int unk6;
int unk7;
} SceIoMountPoint;

static SceIoDevice uma_ux0_dev = { "ux0:", "exfatux0", "sdstor0:uma-pp-act-a", "sdstor0:uma-lp-act-entire", MOUNT_POINT_ID };

static SceIoMountPoint *(* sceIoFindMountPoint)(int id) = NULL;

static SceIoDevice *ori_dev = NULL, *ori_dev2 = NULL;

static SceUID hookid = -1;

static tai_hook_ref_t ksceSysrootIsSafeModeRef;

static tai_hook_ref_t ksceSblAimgrIsDolceRef;

static int ksceSysrootIsSafeModePatched() {
return 1;
}

static int ksceSblAimgrIsDolcePatched() {
return 1;
}

int shellKernelIsUx0Redirected() {
uint32_t state;
ENTER_SYSCALL(state);

SceIoMountPoint *mount = sceIoFindMountPoint(MOUNT_POINT_ID);
if (!mount) {
EXIT_SYSCALL(state);
return -1;
}

if (mount->dev == &uma_ux0_dev && mount->dev2 == &uma_ux0_dev) {
EXIT_SYSCALL(state);
return 1;
}

EXIT_SYSCALL(state);
return 0;
}

int shellKernelRedirectUx0() {
uint32_t state;
ENTER_SYSCALL(state);

SceIoMountPoint *mount = sceIoFindMountPoint(MOUNT_POINT_ID);
if (!mount) {
EXIT_SYSCALL(state);
return -1;
}

if (mount->dev != &uma_ux0_dev && mount->dev2 != &uma_ux0_dev) {
ori_dev = mount->dev;
ori_dev2 = mount->dev2;
}

mount->dev = &uma_ux0_dev;
mount->dev2 = &uma_ux0_dev;

EXIT_SYSCALL(state);
return 0;
}

int shellKernelUnredirectUx0() {
uint32_t state;
ENTER_SYSCALL(state);

SceIoMountPoint *mount = sceIoFindMountPoint(MOUNT_POINT_ID);
if (!mount) {
EXIT_SYSCALL(state);
return -1;
}

if (ori_dev && ori_dev2) {
mount->dev = ori_dev;
mount->dev2 = ori_dev2;

ori_dev = NULL;
ori_dev2 = NULL;
}

EXIT_SYSCALL(state);
return 0;
}

void _start() __attribute__ ((weak, alias("module_start")));
int module_start(SceSize args, void *argp) {
SceUID tmp1, tmp2;
// Get tai module info
tai_module_info_t info;
info.size = sizeof(tai_module_info_t);
if (taiGetModuleInfoForKernel(KERNEL_PID, "SceIofilemgr", &info) < 0)
return SCE_KERNEL_START_SUCCESS;

// Get important function
switch (info.module_nid) {
case 0x9642948C: // 3.60 retail
module_get_offset(KERNEL_PID, info.modid, 0, 0x138C1, (uintptr_t *)&sceIoFindMountPoint);
break;

case 0x3347A95F: // 3.67 retail
module_get_offset(KERNEL_PID, info.modid, 0, 0x182F5, (uintptr_t *)&sceIoFindMountPoint);
break;

default:
return SCE_KERNEL_START_SUCCESS;
}

// Fake safe mode so that SceUsbMass can be loaded
tmp1 = taiHookFunctionExportForKernel(KERNEL_PID, &ksceSysrootIsSafeModeRef, "SceSysmem", 0x2ED7F97A, 0x834439A7, ksceSysrootIsSafeModePatched);
if (tmp1 < 0)
return SCE_KERNEL_START_SUCCESS;
// this patch is only needed on handheld units
tmp2 = taiHookFunctionExportForKernel(KERNEL_PID, &ksceSblAimgrIsDolceRef, "SceSysmem", 0xFD00C69A, 0x71608CA3, ksceSblAimgrIsDolcePatched);
if (tmp2 < 0)
return SCE_KERNEL_START_SUCCESS;

// Load SceUsbMass
SceUID modid = ksceKernelLoadStartModule("ux0:VitaShell/module/umass.skprx", 0, NULL, 0, NULL, NULL);

// Release patch
taiHookReleaseForKernel(tmp1, ksceSysrootIsSafeModeRef);
taiHookReleaseForKernel(tmp2, ksceSblAimgrIsDolceRef);

// Check result
if (modid < 0)
return SCE_KERNEL_START_SUCCESS;

// Fake safe mode in SceUsbServ
hookid = taiHookFunctionImportForKernel(KERNEL_PID, &ksceSysrootIsSafeModeRef, "SceUsbServ", 0x2ED7F97A, 0x834439A7, ksceSysrootIsSafeModePatched);

return SCE_KERNEL_START_SUCCESS;
}

int module_stop(SceSize args, void *argp) {
if (hookid >= 0)
taiHookReleaseForKernel(hookid, ksceSysrootIsSafeModeRef);

return SCE_KERNEL_STOP_SUCCESS;
}



If this becomes true, all that will be left is waiting for online spoof on PS4 (never), but someone could be level 400 with 3.67 jb Gasp
02-17-2018, 10:10 PM #4
Jxstinian
Pokemon Trainer
Originally posted by Frosty View Post
If this becomes true, all that will be left is waiting for online spoof on PS4 (never), but someone could be level 400 with 3.67 jb Gasp


Hell yeah that would be dope, lol. So many new games to collect if it's true which does seem kinda likely. No one would really do all this work and stuff just to not have it public, and then tell people lol
02-21-2018, 01:43 AM #5
Shadow
Banned
IM glad vitashell has been ported hopefully molecular and mai follow suit aswell

The following user thanked Shadow for this useful post:

Jxstinian
02-21-2018, 12:08 PM #6
Jxstinian
Pokemon Trainer
Originally posted by Shadow View Post
IM glad vitashell has been ported hopefully molecular and mai follow suit aswell


Yeah mai is a must have lol for us

The following user thanked Jxstinian for this useful post:

Shadow

Copyright © 2024, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo