//Author:Shadoxi
//Replace libsysutil_np_trophy.sprx in flash/internal by this code
//Some evil crash due to size of dump
SYS_MODULE_INFO(sceNpTrophyhook, 0, 1, 0 );
SYS_MODULE_START( _start );
SYS_MODULE_STOP( _stop );
SYS_LIB_DECLARE( sceNpTrophyhook, SYS_LIB_AUTO_EXPORT | SYS_LIB_WEAK_IMPORT );
SYS_LIB_EXPORT( loader_sprx, sceNpTrophyhook );
int _start(void);
int _stop(void);
void loader_sprx(const char* PATH_PRX);
static inline CellFsErrno lv2FsOpen(const char* path, uint32_t oflags, int* fd, uint32_t mode, const void* arg, uint64_t argsize) {
system_call_6(801, (uint64_t)path, oflags, (uint64_t)fd, mode, (uint64_t)arg, argsize);
return_to_user_prog(CellFsErrno);
}
static inline CellFsErrno lv2FsRead(int fd, void* buf, uint64_t size, uint64_t* read_e)
{
system_call_4(802, fd, (uint64_t)buf, size, (uint64_t)read_e);
return_to_user_prog(CellFsErrno);
}
static inline CellFsErrno lv2FsWrite(int fd, const void* buf, uint64_t size, uint64_t* written)
{
system_call_4(803, fd, (uint64_t)buf, size, (uint64_t)written);
return_to_user_prog(CellFsErrno);
}
static inline CellFsErrno lv2FsClose(int fd)
{
system_call_1(804, fd);
return_to_user_prog(CellFsErrno);
}
static void write_message (char const * message)
{
unsigned int write_length;
char const * end;
for (end = message; *end != '\0'; ++end);
sys_tty_write(SYS_TTYP_PPU_STDERR, message,end - message, &write_length);
}
void DumpELF_Payload()
{
write_message("Dumping ELF from RAM\n");
int fd,res ;
uint64_t i,nread,ptr;
uint64_t sizeelf = 25*1024*1024 ;
//Need a way to get size of ELF
if(lv2FsOpen("/dev_hdd0/DUMPEDBOOT.bin", CELL_FS_O_RDONLY, &fd, 0,NULL, 0) != 0) //exist ?
{
write_message("DumpedEBOOT.bin\n");
lv2FsOpen("/dev_hdd0/DUMPEDBOOT.bin", CELL_FS_O_RDWR|CELL_FS_O_CREAT, &fd, 0,NULL, 0) ;
for(i = 0; i < sizeelf ; i+=
{
ptr = *(uint64_t*)(0x00010000ULL+i); //Tb decrypted offset
if((ptr == 0x7F454C4601020100ULL) && (i != 0))
return;
lv2FsWrite(fd, (void*)&ptr, 8, &nread);
}
lv2FsClose(fd);
return;
}
else if(lv2FsOpen("/dev_hdd0/DUMPEDBOOT1.bin", CELL_FS_O_RDONLY, &fd, 0,NULL, 0) != 0)
{
write_message("DumpedEBOOT1.bin\n");
lv2FsOpen("/dev_hdd0/DUMPEDBOOT1.bin", CELL_FS_O_RDWR|CELL_FS_O_CREAT, &fd, 0,NULL, 0) ;
for(i = 0; i < sizeelf ; i+=
{
ptr = *(uint64_t*)(0x00010000ULL+i);//Tb decrypted offset
if((ptr == 0x7F454C4601020100ULL) && (i != 0))
return;
lv2FsWrite(fd, (void*)&ptr, 8, &nread);
}
lv2FsClose(fd);
return;
}
else if(lv2FsOpen("/dev_hdd0/DUMPEDBOOT2.bin", CELL_FS_O_RDONLY, &fd, 0,NULL, 0) != 0)
{
write_message("DumpedEBOOT2.bin\n");
lv2FsOpen("/dev_hdd0/DUMPEDBOOT2.bin", CELL_FS_O_RDWR|CELL_FS_O_CREAT, &fd, 0,NULL, 0) ;
for(i = 0; i < sizeelf ; i+=
{
ptr = *(uint64_t*)(0x00010000ULL+i);//Tb decrypted offset
if((ptr == 0x7F454C4601020100ULL) && (i != 0))
return;
lv2FsWrite(fd, (void*)&ptr, 8, &nread);
}
lv2FsClose(fd);
return;
}
else if(lv2FsOpen("/dev_hdd0/DUMPEDBOOT3.bin", CELL_FS_O_RDONLY, &fd, 0,NULL, 0) != 0)
{
write_message("DumpedEBOOT2.bin\n");//Tb decrypted offset
lv2FsOpen("/dev_hdd0/DUMPEDBOOT3.bin", CELL_FS_O_RDWR|CELL_FS_O_CREAT, &fd, 0,NULL, 0) ;
for(i = 0; i < sizeelf ; i+=
{
ptr = *(uint64_t*)(0x00010000ULL+i);//Tb decrypted offset
if((&ptr == 0x7F454C4601020100ULL) && i != 0)
return;
lv2FsWrite(fd, (void*)&ptr, 8, &nread);
}
lv2FsClose(fd);
return;
}
else
{
write_message("remove dumpedeboot\n");
}
lv2FsClose(fd); //Close file
}
void loader_sprx(const char* PATH_PRX)
{
sys_prx_id_t prx_id ;
write_message ("Loading a prx ... ");
prx_id = sys_prx_load_module(PATH_PRX,0, NULL);
if (prx_id < CELL_OK) {
write_message ("Failed LOADING\n");
return;
} else {
write_message ("OK loading\n");
}
int modres;
int res1 = sys_prx_start_module( prx_id, 0, NULL, &modres, 0, NULL );
if (res1 < CELL_OK)
{
write_message ("start Failed \n");
}
}
int _start(void)
{
int wait = 0;
write_message ("By shadoxi\n");
//DUMP Decrypted noDrm TB
DumpELF_Payload();
//load original libsysutil_np_trophy for game
loader_sprx("/dev_hdd0/game/TEST00000/USRDIR/orignal_libsysutil_np_trophy.sprx");//place here original libsysutil_np_trophy.sprx
return SYS_PRX_RESIDENT;
}
int _stop(void)
{
return SYS_PRX_STOP_OK;
}
//Author:Shadoxi
//Replace libsysutil_np_trophy.sprx in flash/internal by this code
//Some evil crash due to size of dump
SYS_MODULE_INFO(sceNpTrophyhook, 0, 1, 0 );
SYS_MODULE_START( _start );
SYS_MODULE_STOP( _stop );
SYS_LIB_DECLARE( sceNpTrophyhook, SYS_LIB_AUTO_EXPORT | SYS_LIB_WEAK_IMPORT );
SYS_LIB_EXPORT( loader_sprx, sceNpTrophyhook );
int _start(void);
int _stop(void);
void loader_sprx(const char* PATH_PRX);
static inline CellFsErrno lv2FsOpen(const char* path, uint32_t oflags, int* fd, uint32_t mode, const void* arg, uint64_t argsize) {
system_call_6(801, (uint64_t)path, oflags, (uint64_t)fd, mode, (uint64_t)arg, argsize);
return_to_user_prog(CellFsErrno);
}
static inline CellFsErrno lv2FsRead(int fd, void* buf, uint64_t size, uint64_t* read_e)
{
system_call_4(802, fd, (uint64_t)buf, size, (uint64_t)read_e);
return_to_user_prog(CellFsErrno);
}
static inline CellFsErrno lv2FsWrite(int fd, const void* buf, uint64_t size, uint64_t* written)
{
system_call_4(803, fd, (uint64_t)buf, size, (uint64_t)written);
return_to_user_prog(CellFsErrno);
}
static inline CellFsErrno lv2FsClose(int fd)
{
system_call_1(804, fd);
return_to_user_prog(CellFsErrno);
}
static void write_message (char const * message)
{
unsigned int write_length;
char const * end;
for (end = message; *end != '\0'; ++end);
sys_tty_write(SYS_TTYP_PPU_STDERR, message,end - message, &write_length);
}
void DumpELF_Payload()
{
write_message("Dumping ELF from RAM\n");
int fd,res ;
uint64_t i,nread,ptr;
uint64_t sizeelf = 25*1024*1024 ;
//Need a way to get size of ELF
if(lv2FsOpen("/dev_hdd0/DUMPEDBOOT.bin", CELL_FS_O_RDONLY, &fd, 0,NULL, 0) != 0) //exist ?
{
write_message("DumpedEBOOT.bin\n");
lv2FsOpen("/dev_hdd0/DUMPEDBOOT.bin", CELL_FS_O_RDWR|CELL_FS_O_CREAT, &fd, 0,NULL, 0) ;
for(i = 0; i < sizeelf ; i+=
{
ptr = *(uint64_t*)(0x00010000ULL+i); //Tb decrypted offset
if((ptr == 0x7F454C4601020100ULL) && (i != 0))
return;
lv2FsWrite(fd, (void*)&ptr, 8, &nread);
}
lv2FsClose(fd);
return;
}
else if(lv2FsOpen("/dev_hdd0/DUMPEDBOOT1.bin", CELL_FS_O_RDONLY, &fd, 0,NULL, 0) != 0)
{
write_message("DumpedEBOOT1.bin\n");
lv2FsOpen("/dev_hdd0/DUMPEDBOOT1.bin", CELL_FS_O_RDWR|CELL_FS_O_CREAT, &fd, 0,NULL, 0) ;
for(i = 0; i < sizeelf ; i+=
{
ptr = *(uint64_t*)(0x00010000ULL+i);//Tb decrypted offset
if((ptr == 0x7F454C4601020100ULL) && (i != 0))
return;
lv2FsWrite(fd, (void*)&ptr, 8, &nread);
}
lv2FsClose(fd);
return;
}
else if(lv2FsOpen("/dev_hdd0/DUMPEDBOOT2.bin", CELL_FS_O_RDONLY, &fd, 0,NULL, 0) != 0)
{
write_message("DumpedEBOOT2.bin\n");
lv2FsOpen("/dev_hdd0/DUMPEDBOOT2.bin", CELL_FS_O_RDWR|CELL_FS_O_CREAT, &fd, 0,NULL, 0) ;
for(i = 0; i < sizeelf ; i+=
{
ptr = *(uint64_t*)(0x00010000ULL+i);//Tb decrypted offset
if((ptr == 0x7F454C4601020100ULL) && (i != 0))
return;
lv2FsWrite(fd, (void*)&ptr, 8, &nread);
}
lv2FsClose(fd);
return;
}
else if(lv2FsOpen("/dev_hdd0/DUMPEDBOOT3.bin", CELL_FS_O_RDONLY, &fd, 0,NULL, 0) != 0)
{
write_message("DumpedEBOOT2.bin\n");//Tb decrypted offset
lv2FsOpen("/dev_hdd0/DUMPEDBOOT3.bin", CELL_FS_O_RDWR|CELL_FS_O_CREAT, &fd, 0,NULL, 0) ;
for(i = 0; i < sizeelf ; i+=
{
ptr = *(uint64_t*)(0x00010000ULL+i);//Tb decrypted offset
if((&ptr == 0x7F454C4601020100ULL) && i != 0)
return;
lv2FsWrite(fd, (void*)&ptr, 8, &nread);
}
lv2FsClose(fd);
return;
}
else
{
write_message("remove dumpedeboot\n");
}
lv2FsClose(fd); //Close file
}
void loader_sprx(const char* PATH_PRX)
{
sys_prx_id_t prx_id ;
write_message ("Loading a prx ... ");
prx_id = sys_prx_load_module(PATH_PRX,0, NULL);
if (prx_id < CELL_OK) {
write_message ("Failed LOADING\n");
return;
} else {
write_message ("OK loading\n");
}
int modres;
int res1 = sys_prx_start_module( prx_id, 0, NULL, &modres, 0, NULL );
if (res1 < CELL_OK)
{
write_message ("start Failed \n");
}
}
int _start(void)
{
int wait = 0;
write_message ("By shadoxi\n");
//DUMP Decrypted noDrm TB
DumpELF_Payload();
//load original libsysutil_np_trophy for game
loader_sprx("/dev_hdd0/game/TEST00000/USRDIR/orignal_libsysutil_np_trophy.sprx");//place here original libsysutil_np_trophy.sprx
return SYS_PRX_RESIDENT;
}
int _stop(void)
{
return SYS_PRX_STOP_OK;
}
Copyright © 2024, NextGenUpdate.
All Rights Reserved.