private void FindDirs_Button_Click(object sender, EventArgs e)
{
if (pid == 0)
{
return;
}
var pm = ps4.GetProcessMaps(pid);
if (pm.FindEntry("(NoName)clienthandler") == null)
{
return;
}
var dirNameAddr = ps4.AllocateMemory(pid, Marshal.SizeOf(typeof(SceSaveDataDirName)) * 1024);
SceSaveDataDirNameSearchCond searchCond = new SceSaveDataDirNameSearchCond
{
userId = InitialUser()
};
SceSaveDataDirNameSearchResult searchResult = new SceSaveDataDirNameSearchResult
{
dirNames = dirNameAddr,
dirNamesNum = 1024
};
Dirs_ComboBox.DataSource = Find(searchCond, searchResult);
ps4.FreeMemory(pid, dirNameAddr, Marshal.SizeOf(typeof(SceSaveDataDirName)) * 1024);
}
public ulong GetIntNative(uint regId, out int intVal)
{
ulong errorCode = 0;
var bufferAddr = ps4.AllocateMemory(p.pid, sizeof(int));
ps4.WriteMemory <int>(p.pid, bufferAddr, 0);
errorCode = ps4.Call(p.pid, stub, sceRegMgrGetInt_addr, regId, bufferAddr);
int valueReturned = ps4.ReadMemory <int>(p.pid, bufferAddr);
ps4.FreeMemory(p.pid, bufferAddr, sizeof(int));
intVal = valueReturned;
return(errorCode);
}
private void setupButton_Click(object sender, EventArgs e)
{
if (!ps4.IsConnected)
{
SetStatus("Not connected to ps4");
return;
}
var pl = ps4.GetProcessList();
var su = pl.FindProcess("SceShellUI");
if (su == null)
{
SetStatus("Couldn't find SceShellUI");
return;
}
pid = su.pid;
var pm = ps4.GetProcessMaps(pid);
var tmp = pm.FindEntry("libSceSaveData.sprx")?.start;
if (tmp == null)
{
MessageBox.Show("savedata lib not found", "Error");
return;
}
libSceSaveDataBase = (ulong)tmp;
tmp = pm.FindEntry("libSceUserService.sprx")?.start;
if (tmp == null)
{
MessageBox.Show("user service lib not found", "Error");
return;
}
libSceUserServiceBase = (ulong)tmp;
tmp = pm.FindEntry("executable")?.start;
if (tmp == null)
{
MessageBox.Show("executable not found", "Error");
return;
}
executableBase = (ulong)tmp;
tmp = pm.FindEntry("libSceLibcInternal.sprx")?.start;
if (tmp == null)
{
MessageBox.Show("libc not found", "Error");
return;
}
libSceLibcInternalBase = (ulong)tmp;
stub = pm.FindEntry("(NoName)clienthandler") == null?ps4.InstallRPC(pid) : pm.FindEntry("(NoName)clienthandler").start;
var ret = ps4.Call(pid, stub, libSceSaveDataBase + offsets.sceSaveDataInitialize3);
WriteLog($"sceSaveDataInitialize3 ret = 0x{ret:X}");
//PATCHES
//SAVEDATA LIBRARY PATCHES (libSceSaveData)
ps4.WriteMemory(pid, libSceSaveDataBase + 0x00036798, (byte)0x00); // 'sce_' patch
ps4.WriteMemory(pid, libSceSaveDataBase + 0x00035479, (byte)0x00); // 'sce_sdmemory' patch
ps4.WriteMemory(pid, libSceSaveDataBase + 0x00000E88, (byte)0x30); // '_' patch
var l = ps4.GetProcessList();
var s = l.FindProcess("SceShellCore");
var m = ps4.GetProcessMaps(s.pid);
var ex = m.FindEntry("executable");
//SHELLCORE PATCHES (SceShellCore)
ps4.WriteMemory(s.pid, ex.start + 0x0130C060, (byte)0x00); // 'sce_sdmemory' patch
ps4.WriteMemory(s.pid, ex.start + 0x0083F4E0, new byte[] { 0x48, 0x31, 0xC0, 0xC3 }); //verify keystone patch
ps4.WriteMemory(s.pid, ex.start + 0x0006D580, new byte[] { 0x31, 0xC0, 0xC3 }); //transfer mount permission patch eg mount foreign saves with write permission
ps4.WriteMemory(s.pid, ex.start + 0x000CFAA0, new byte[] { 0x31, 0xC0, 0xC3 }); //patch psn check to load saves saves foreign to current account
ps4.WriteMemory(s.pid, ex.start + 0x0006FF5F, new byte[] { 0x90, 0x90 }); // ^
ps4.WriteMemory(s.pid, ex.start + 0x0006D058, new byte[] { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 }); // something something patches...
ps4.WriteMemory(s.pid, ex.start + 0x0006C971, new byte[] { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 }); // don't even remember doing this
ps4.WriteMemory(s.pid, ex.start + 0x0006C1A4, new byte[] { 0x90, 0x90 }); //nevah jump
ps4.WriteMemory(s.pid, ex.start + 0x0006C40C, new byte[] { 0x90, 0xE9 }); //always jump
//WRITE CUSTOM FUNCTIONS (libSceLibcInternal)
GetSaveDirectoriesAddr = ps4.AllocateMemory(pid, 0x8000);
ps4.WriteMemory(pid, GetSaveDirectoriesAddr, functions.GetSaveDirectories);
ps4.WriteMemory(pid, GetSaveDirectoriesAddr + 0x12, libSceLibcInternalBase + 0x000B1EC0); //opendir
ps4.WriteMemory(pid, GetSaveDirectoriesAddr + 0x20, libSceLibcInternalBase + 0x000B2C70); //readdir
ps4.WriteMemory(pid, GetSaveDirectoriesAddr + 0x2E, libSceLibcInternalBase + 0x000B0CB0); //closedir
ps4.WriteMemory(pid, GetSaveDirectoriesAddr + 0x3C, libSceLibcInternalBase + 0x000BE710); //strcpy
GetUsersAddr = GetSaveDirectoriesAddr + (uint)functions.GetSaveDirectories.Length + 0x20;
ps4.WriteMemory(pid, GetUsersAddr, functions.GetUsers);
ps4.WriteMemory(pid, GetUsersAddr + 0x15, libSceUserServiceBase + offsets.sceUserServiceGetLoginUserIdList);
ps4.WriteMemory(pid, GetUsersAddr + 0x23, libSceUserServiceBase + offsets.sceUserServiceGetUserName);
ps4.WriteMemory(pid, GetUsersAddr + 0x31, libSceLibcInternalBase + 0x000BE710); //strcpy
var users = GetUsers();
userComboBox.DataSource = users;
SetStatus("Setup Done :)");
}
private void setupButton_Click(object sender, EventArgs e)
{
statusLabel.Text = "Setting up...";
string[] offsetsNew;
if (!ps4.IsConnected)
{
SetStatus("Not connected to PS4.");
return;
}
var pl = ps4.GetProcessList();
var su = pl.FindProcess("SceShellUI");
if (su == null)
{
SetStatus("Couldn't find SceShellUI");
return;
}
pid = su.pid;
var pm = ps4.GetProcessMaps(pid);
var tmp = pm.FindEntry("libSceSaveData.sprx")?.start;
if (tmp == null)
{
MessageBox.Show("savedata lib not found", "Error");
return;
}
libSceSaveDataBase = (ulong)tmp;
tmp = pm.FindEntry("libSceUserService.sprx")?.start;
if (tmp == null)
{
MessageBox.Show("user service lib not found", "Error");
return;
}
libSceUserServiceBase = (ulong)tmp;
tmp = pm.FindEntry("executable")?.start;
if (tmp == null)
{
MessageBox.Show("executable not found", "Error");
return;
}
executableBase = (ulong)tmp;
tmp = pm.FindEntry("libSceLibcInternal.sprx")?.start;
if (tmp == null)
{
MessageBox.Show("libc not found", "Error");
return;
}
libSceLibcInternalBase = (ulong)tmp;
stub = pm.FindEntry("(NoName)clienthandler") == null?ps4.InstallRPC(pid) : pm.FindEntry("(NoName)clienthandler").start;
string selectedFw = fwCombo.Text.ToString();
if (selectedFw == "")
{
SetStatus("Please select your FW from dropdown menu.");
return;
}
var offsetspath = Directory.GetCurrentDirectory() + @"\payloads\" + selectedFw + @"\offsets";
if (!File.Exists(offsetspath))
{
MessageBox.Show("offsets missing", "Error");
return;
}
else
{
offsetsNew = File.ReadAllText(offsetspath).Split(',');
if (offsetsNew.Length != 24)
{
MessageBox.Show("offsets incorrect", "Error");
return;
}
else
{
offsets.sceUserServiceGetInitialUser = Convert.ToUInt32(offsetsNew[17], 16);
offsets.sceUserServiceGetLoginUserIdList = Convert.ToUInt32(offsetsNew[18], 16);
offsets.sceUserServiceGetUserName = Convert.ToUInt32(offsetsNew[19], 16);
offsets.sceSaveDataMount = Convert.ToUInt32(offsetsNew[20], 16);
offsets.sceSaveDataUmount = Convert.ToUInt32(offsetsNew[21], 16);
offsets.sceSaveDataDirNameSearch = Convert.ToUInt32(offsetsNew[22], 16);
offsets.sceSaveDataInitialize3 = Convert.ToUInt32(offsetsNew[23], 16);
var ret = ps4.Call(pid, stub, libSceSaveDataBase + offsets.sceSaveDataInitialize3);
WriteLog($"sceSaveDataInitialize3 ret = 0x{ret:X}");
//PATCHES
//SAVEDATA LIBRARY PATCHES (libSceSaveData)
ps4.WriteMemory(pid, libSceSaveDataBase + Convert.ToUInt32(offsetsNew[0], 16), (byte)0x00); // 'sce_' patch
ps4.WriteMemory(pid, libSceSaveDataBase + Convert.ToUInt32(offsetsNew[1], 16), (byte)0x00); // 'sce_sdmemory' patch
ps4.WriteMemory(pid, libSceSaveDataBase + Convert.ToUInt32(offsetsNew[2], 16), (byte)0x30); // '_' patch
var l = ps4.GetProcessList();
var s = l.FindProcess("SceShellCore");
var m = ps4.GetProcessMaps(s.pid);
var ex = m.FindEntry("executable");
//SHELLCORE PATCHES (SceShellCore)
ps4.WriteMemory(s.pid, ex.start + Convert.ToUInt32(offsetsNew[3], 16), (byte)0x00); // 'sce_sdmemory' patch
ps4.WriteMemory(s.pid, ex.start + Convert.ToUInt32(offsetsNew[4], 16), new byte[] { 0x48, 0x31, 0xC0, 0xC3 }); //verify keystone patch
ps4.WriteMemory(s.pid, ex.start + Convert.ToUInt32(offsetsNew[5], 16), new byte[] { 0x31, 0xC0, 0xC3 }); //transfer mount permission patch eg mount foreign saves with write permission
ps4.WriteMemory(s.pid, ex.start + Convert.ToUInt32(offsetsNew[6], 16), new byte[] { 0x31, 0xC0, 0xC3 }); //patch psn check to load saves saves foreign to current account
ps4.WriteMemory(s.pid, ex.start + Convert.ToUInt32(offsetsNew[7], 16), new byte[] { 0x90, 0x90 }); // ^
ps4.WriteMemory(s.pid, ex.start + Convert.ToUInt32(offsetsNew[8], 16), new byte[] { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 }); // something something patches...
ps4.WriteMemory(s.pid, ex.start + Convert.ToUInt32(offsetsNew[9], 16), new byte[] { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 }); // don't even remember doing this
ps4.WriteMemory(s.pid, ex.start + Convert.ToUInt32(offsetsNew[10], 16), new byte[] { 0x90, 0x90 }); //nevah jump
ps4.WriteMemory(s.pid, ex.start + Convert.ToUInt32(offsetsNew[11], 16), new byte[] { 0x90, 0xE9 }); //always jump
//WRITE CUSTOM FUNCTIONS (libSceLibcInternal)
GetSaveDirectoriesAddr = ps4.AllocateMemory(pid, 0x8000);
ps4.WriteMemory(pid, GetSaveDirectoriesAddr, functions.GetSaveDirectories);
if (selectedFw == "5.05")
{
ps4.WriteMemory(pid, GetSaveDirectoriesAddr + 0x12, executableBase + Convert.ToUInt32(offsetsNew[12], 16)); //opendir
ps4.WriteMemory(pid, GetSaveDirectoriesAddr + 0x20, executableBase + Convert.ToUInt32(offsetsNew[13], 16)); //readdir
ps4.WriteMemory(pid, GetSaveDirectoriesAddr + 0x2E, executableBase + Convert.ToUInt32(offsetsNew[14], 16)); //closedir
}
else
{
ps4.WriteMemory(pid, GetSaveDirectoriesAddr + 0x12, libSceLibcInternalBase + Convert.ToUInt32(offsetsNew[12], 16)); //opendir
ps4.WriteMemory(pid, GetSaveDirectoriesAddr + 0x20, libSceLibcInternalBase + Convert.ToUInt32(offsetsNew[13], 16)); //readdir
ps4.WriteMemory(pid, GetSaveDirectoriesAddr + 0x2E, libSceLibcInternalBase + Convert.ToUInt32(offsetsNew[14], 16)); //closedir
}
ps4.WriteMemory(pid, GetSaveDirectoriesAddr + 0x3C, libSceLibcInternalBase + Convert.ToUInt32(offsetsNew[15], 16)); //strcpy
GetUsersAddr = GetSaveDirectoriesAddr + (uint)functions.GetSaveDirectories.Length + 0x20;
ps4.WriteMemory(pid, GetUsersAddr, functions.GetUsers);
ps4.WriteMemory(pid, GetUsersAddr + 0x15, libSceUserServiceBase + offsets.sceUserServiceGetLoginUserIdList);
ps4.WriteMemory(pid, GetUsersAddr + 0x23, libSceUserServiceBase + offsets.sceUserServiceGetUserName);
ps4.WriteMemory(pid, GetUsersAddr + 0x31, libSceLibcInternalBase + Convert.ToUInt32(offsetsNew[16], 16)); //strcpy
var users = GetUsers();
userComboBox.DataSource = users;
if (userComboBox.Items.Count == 0)
{
SetStatus("Setup failed. Make sure you have the correct FW selected in the dropdown menu and try again.");
}
else
{
SetStatus("Setup done. Select user and press 'Get Games' to scan for available games.");
}
}
}
}
private void searchButton_Click(object sender, EventArgs e)
{
if (pid == 0)
{
SetStatus("No Process Selected");
return;
}
var pm = ps4.GetProcessMaps(pid);
if (pm.FindEntry("(NoName)clienthandler") == null)
{
SetStatus("RPC Stub Not Found");
return;
}
var dirNameAddr = ps4.AllocateMemory(pid, Marshal.SizeOf(typeof(SceSaveDataDirName)) * 1024);
var paramAddr = ps4.AllocateMemory(pid, Marshal.SizeOf(typeof(SceSaveDataParam)) * 1024);
SceSaveDataDirNameSearchCond searchCond = new SceSaveDataDirNameSearchCond
{
userId = GetUser()
};
SceSaveDataDirNameSearchResult searchResult = new SceSaveDataDirNameSearchResult
{
dirNames = dirNameAddr,
dirNamesNum = 1024,
param = paramAddr,
};
dirsComboBox.DataSource = Find(searchCond, searchResult);
ps4.FreeMemory(pid, dirNameAddr, Marshal.SizeOf(typeof(SceSaveDataDirName)) * 1024);
ps4.FreeMemory(pid, paramAddr, Marshal.SizeOf(typeof(SceSaveDataParam)) * 1024);
if (dirsComboBox.Items.Count > 0)
{
SetStatus($"Found {dirsComboBox.Items.Count} Save Directories :D");
}
else
{
SetStatus("Found 0 Save Directories :(");
}
}
