[11.00] Patch Debug settings error and Improve stability

LightningMods · May 4, 2024 · 3ec592a · 3ec592a
1 parent 42773d0
commit 3ec592a
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 5 deletions.
diff --git a/stage2/offsets.h b/stage2/offsets.h
@@ -7,7 +7,7 @@
 
 #ifndef __OFFSETS_H__
 #define __OFFSETS_H__
-//#define ENABLE_DEBUG_MENU 1
+#define ENABLE_DEBUG_MENU 1
 
 #if FIRMWARE == 900 // FW 9.00
 
@@ -143,8 +143,9 @@
 #define ptrace_p2 0x00384771
 #define disable_aslr_p 0x003B11A4
 #define sceSblACMgrIsAllowedSystemLevelDebugging_p 0x003D0DE0
-#define kemem_2 0x00245EE3
-#define kemem_1 0x00245EDA
+#define kemem_2 0x00245EE4
+#define kemem_1 0x00245EDC
+
 #define vm_map_lock_offset  0x00357760
 #define vm_map_insert_offset 0x00358AB0
 #define vm_map_unlock_offset  0x003577D0

diff --git a/stage2/stage2.c b/stage2/stage2.c
@@ -369,18 +369,17 @@ void stage2(void) {
   memcpy((void * ) kdlsym(copyinstr_patch2), nops, sizeof(nops));
   *(uint16_t * ) kdlsym(copyinstr_patch3) = 0x9090;
 
+#if !ENABLE_DEBUG_MENU
   printf("Patching vm_map_protect, ptrace, ASLR and kmem_alloc\n");
 
   // patch vm_map_protect check
-
   memcpy((void * )(kbase + vm_map_protect_p), "\x90\x90\x90\x90\x90\x90", 6);
 
   // patch ptrace
   *(uint8_t * )(kbase + ptrace_p) = 0xEB;
   memcpy((void * )(kbase + ptrace_p2), "\xE9\x7C\x02\x00\x00", 5);
 
   // patch sceSblACMgrIsAllowedSystemLevelDebugging
-
   memcpy((void * )(kbase + sceSblACMgrIsAllowedSystemLevelDebugging_p), "\x48\xC7\xC0\x01\x00\x00\x00\xC3", 8); //900
 
   // patch ASLR, thanks 2much4u
@@ -410,6 +409,48 @@ void stage2(void) {
   kmem = (uint8_t *)&kbase[0x1E4C63];
   kmem[0] = 0x90;
   kmem[1] = 0xE9;
+
+  // Enable MAP_SELF
+	// sceSblACMgrHasMmapSelfCapability
+	kmem = (uint8_t *)&kbase[0x003D0E50];
+	kmem[0] = 0xB8;
+	kmem[1] = 0x01;
+	kmem[2] = 0x00;
+	kmem[3] = 0x00;
+	kmem[4] = 0x00;
+	kmem[5] = 0xC3;
+
+	// sceSblACMgrIsAllowedToMmapSelf
+	kmem = (uint8_t *)&kbase[0x003D0E70];//3D0DE0
+	kmem[0] = 0xB8;
+	kmem[1] = 0x01;
+	kmem[2] = 0x00;
+	kmem[3] = 0x00;
+	kmem[4] = 0x00;
+	kmem[5] = 0xC3;
+
+	// Patches call to sceSblAuthMgrIsLoadable in vm_mmap2
+	kmem = (uint8_t *)&kbase[0x00157F91];
+	kmem[0] = 0x31;
+	kmem[1] = 0xC0;
+	kmem[2] = 0xEB;
+	kmem[3] = 0x01;
+#endif
+#else
+#if FIRMWARE == 1100 // FW 11.00, 9.00 already has goldhen
+	// Patch debug setting errors
+	kmem = (uint8_t *)&kbase[0x004EE328];
+	kmem[0] = 0x00;
+	kmem[1] = 0x00;
+	kmem[2] = 0x00;
+	kmem[3] = 0x00;
+
+	kmem = (uint8_t *)&kbase[0x004EF3EE];
+	kmem[0] = 0x00;
+	kmem[1] = 0x00;
+	kmem[2] = 0x00;
+	kmem[3] = 0x00;
+#endif
 #endif
 
   // Install kexec syscall 11