diff --git a/PAYLOADS/3.03/build.sh b/PAYLOADS/3.03/build.sh deleted file mode 100644 index 2e49dcc..0000000 --- a/PAYLOADS/3.03/build.sh +++ /dev/null @@ -1,20 +0,0 @@ -echo "Building payload" - -ee-gcc -Ttext=0x01FFF800 payload.c -o payload.elf -nostartfiles -nostdlib -ffreestanding -Os -Wl,-z,max-page-size=0x1 # 2048 -ee-objcopy -O binary payload.elf payload.bin -Wl,-z,max-page-size=0x1 - -ENTRY=`ee-objdump -t payload.elf | grep " _start"` -echo $ENTRY - -# Doesn't seem to work on MinGW toolchain, so set manually if you're using that: -#ENTRY=0x`grep -o "^\S*" <<< $ENTRY` -ENTRY=0x01fff9a8 - -echo $ENTRY -echo "Building crt0" - -ee-gcc -Ttext=0x015FFF34 -DENTRY=$ENTRY crt0.S -o fullpayload.elf -nostartfiles -nostdlib -ffreestanding -Wl,-z,max-page-size=0x1 -ee-objcopy -O binary fullpayload.elf fullpayload.bin -Wl,-z,max-page-size=0x1 - -# todo make all this hex editing automatic -echo "Done. fullpayload.bin at 0x0e8c, and payload.bin at 0x3000" diff --git a/PAYLOADS/3.03/crt0.S b/PAYLOADS/3.03/crt0.S deleted file mode 100644 index b6f159b..0000000 --- a/PAYLOADS/3.03/crt0.S +++ /dev/null @@ -1,54 +0,0 @@ -.set noreorder # If we're writing assembly, why would we want this? - -.section .text.startup - -.equ getBufferInternal, 0x262360 -.equ payload, (0x2000000 - 0x800) # End of RAM - -.global _start -_start: - #la $a0, 0x7f - #la $v1, 0x01 - #syscall 0x01 # ResetEE - - #la $a0, relo - la $a0, load - la $a1, 0 - la $a2, 0 - la $a3, 0 - -.global ExecPS2 -ExecPS2: - la $v1, 7 - syscall 7 # ExecPS2 - -load: - la $a0, 0 - la $a1, 0 # 0 = VIDEO_TS.IFO, 1 = VTS_01_0.IFO - la $a2, 0x3000 / 0x800 # lba offset in file - la $a3, payload # Destination - la $t0, 0x800 / 0x800 # Count - la $t1, 0 - la $v0, getBufferInternal - jalr $v0 - nop - -#relo: - # Relocate payload to end of RAM -# la $a0, (0x2000000 - 1024) -# la $a1, payload -# la $a2, 2048 -# la $v0, memcpy -# jalr $v0 - -boot: - la $v1, 0x64; la $a0, 0; syscall 0x64 # FlushCache data writeback - la $v1, 0x64; la $a0, 2; syscall 0x64 # FlushCache instruction invalidate - - # Point stack to end of scratchpad RAM - la $sp, 0x70004000 - - # Execute from relocated place - la $v0, ENTRY - j $v0 - nop diff --git a/PAYLOADS/3.03/fullpayload.bin b/PAYLOADS/3.03/fullpayload.bin deleted file mode 100644 index 63e7826..0000000 Binary files a/PAYLOADS/3.03/fullpayload.bin and /dev/null differ diff --git a/PAYLOADS/3.03/payload.bin b/PAYLOADS/3.03/payload.bin deleted file mode 100644 index 179afd1..0000000 Binary files a/PAYLOADS/3.03/payload.bin and /dev/null differ diff --git a/PAYLOADS/3.03/payload.c b/PAYLOADS/3.03/payload.c deleted file mode 100644 index 7b01716..0000000 --- a/PAYLOADS/3.03/payload.c +++ /dev/null @@ -1,141 +0,0 @@ -#include - -// Pick one -#define LOAD_FROM_VTS_02_0_IFO -//#define LOAD_FROM_SECTOR_RELATIVE_TO_VIDEO_TS_IFO (151 - 138 - 7) - -#define min(a, b) (((a) < (b)) ? (a) : (b)) - -#define pointToIFO ((void (*)(unsigned int index, unsigned int lba, unsigned int offset))0x2432c8) -#define getDiscData ((void (*)(unsigned int s, void *d))0x243438) - -#define SifIopReset ((int (*)(char *, int))0x291fb8) -#define SifIopSync ((int (*)(void))0x292138) -#define SifInitRpc ((void (*)(int))0x2082a0) -#define SifExitRpc ((void (*)(void))0x208440) - -#define getBufferInternal ((int (*)(void *filename, int type, int currentSector, void *dest, unsigned int sectorsRemaining, int curReadPos))0x262360) - -#define ELF_PT_LOAD 1 - -typedef unsigned char u8; -typedef unsigned short u16; -typedef unsigned int u32; - -typedef struct { - u8 ident[16]; - u16 type; - u16 machine; - u32 version; - u32 entry; - u32 phoff; - u32 shoff; - u32 flags; - u16 ehsize; - u16 phentsize; - u16 phnum; - u16 shentsize; - u16 shnum; - u16 shstrndx; -} elf_header_t; - -typedef struct { - u32 type; - u32 offset; - void *vaddr; - u32 paddr; - u32 filesz; - u32 memsz; - u32 flags; - u32 align; -} elf_pheader_t; - -__attribute__((noreturn)) void ExecPS2(void *entry, void *gp, int argc, char **argv) { - asm volatile("la $v1, 7; syscall 7"); - //__builtin_unreachable(); -} - -void *memcpy_(void *dest, void *src, size_t n) { - int i; - for(i = 0; i < n; i++) ((unsigned char *)dest)[i] = ((unsigned char *)src)[i]; - return dest; -} - -void *memset(void *dest, int c, size_t n) { - int i; - for(i = 0; i < n; i++) ((unsigned char *)dest)[i] = c; - return dest; -} - -static void readData(void *dest, unsigned int offset, size_t n) { - unsigned char buffer[0x800]; - - unsigned int copied = 0; - #define remaining (n - copied) - - if(offset % 0x800) { - getBufferInternal("", 1, offset / 0x800, buffer, 1, 0); - memcpy_(dest, buffer + offset % 0x800, min(0x800 - (offset % 0x800), n)); - copied += min(0x800 - (offset % 0x800), n); - } - - if(remaining >= 0x800) { - getBufferInternal("", 1, (offset + copied) / 0x800, dest + copied, remaining / 0x800, 0); - copied += (remaining / 0x800) * 0x800; - } - - if(remaining > 0) { - getBufferInternal("", 1, (offset + copied) / 0x800, buffer, 1, 0); - memcpy_(dest + copied, buffer, remaining); - } -} - -__attribute__((noreturn)) void _start(void) { - //Exit(0); - //asm volatile("la $v1, 0x04; la $a0, 0; syscall 0x04"); - - int i; - - #ifdef LOAD_FROM_VTS_02_0_IFO - // point to VTS_02_0.IFO - pointToIFO(2, 0, 0); - - // Force a read from VTS_02_0.IFO - char head[64]; - getDiscData(64, &head); - - #define RELATIVE_SECTOR 0 - #else - #define RELATIVE_SECTOR LOAD_FROM_SECTOR_RELATIVE_TO_VIDEO_TS_IFO - #endif - - // Based on https://github.com/AKuHAK/uLaunchELF/blob/master/loader/loader.c - elf_header_t eh; - readData(&eh, RELATIVE_SECTOR * 0x800, sizeof(elf_header_t)); - - elf_pheader_t eph[eh.phnum]; - readData(&eph, RELATIVE_SECTOR * 0x800 + eh.phoff, sizeof(elf_pheader_t) * eh.phnum); - - for (i = 0; i < eh.phnum; i++) { - if (eph[i].type != ELF_PT_LOAD) - continue; - - readData(eph[i].vaddr, RELATIVE_SECTOR * 0x800 + eph[i].offset, eph[i].filesz); - if(eph[i].memsz > eph[i].filesz) memset(eph[i].vaddr + eph[i].filesz, 0, eph[i].memsz - eph[i].filesz); - } - - asm volatile("la $v1, 0x64; la $a0, 0; syscall 0x64"); // FlushCache data writeback - asm volatile("la $v1, 0x64; la $a0, 2; syscall 0x64"); // FlushCache instruction invalidate - - //while(!SifIopReset("", 0)); - //while(!SifIopSync()); - - //while(!SifIopReset("rom0:UDNL rom0:EELOADCNF", 0)); - SifIopReset("rom0:UDNL rom0:EELOADCNF", 0); - while(!SifIopSync()); - - SifInitRpc(0); - SifExitRpc(); - - ExecPS2((void *)eh.entry, 0, 0, 0); -} diff --git a/PAYLOADS/3.03/payload.elf b/PAYLOADS/3.03/payload.elf deleted file mode 100644 index e788105..0000000 Binary files a/PAYLOADS/3.03/payload.elf and /dev/null differ diff --git a/PAYLOADS/3.04/build.sh b/PAYLOADS/3.04/build.sh deleted file mode 100644 index a0c0843..0000000 --- a/PAYLOADS/3.04/build.sh +++ /dev/null @@ -1,21 +0,0 @@ -echo "Building payload" - -ee-gcc -Ttext=0x01FFF800 payload.c -o payload.elf -nostartfiles -nostdlib -ffreestanding -Os -Wl,-z,max-page-size=0x1 # 2048 -ee-objcopy -O binary payload.elf payload.bin -Wl,-z,max-page-size=0x1 - -ENTRY=`ee-objdump -t payload.elf | grep " _start"` -echo $ENTRY - -# Doesn't seem to work on MinGW toolchain, so set manually if you're using that: -#ENTRY=0x`grep -o "^\S*" <<< $ENTRY` -ENTRY=0x01fff9a8 - -echo $ENTRY -echo "Building crt0" - -ee-gcc -Ttext=0x01800180 -DENTRY=$ENTRY crt0.S -o fullpayload.elf -nostartfiles -nostdlib -ffreestanding -Wl,-z,max-page-size=0x1 -ee-objcopy -O binary fullpayload.elf fullpayload.bin -Wl,-z,max-page-size=0x1 - -# todo make all this hex editing automatic -#echo "Done. Insert fullpayload.bin into VIDEO_TS.IFO at offset 0x2954" -echo "Done. fullpayload.bin at 0x2d00, and payload.bin at 0x3000" diff --git a/PAYLOADS/3.04/crt0.S b/PAYLOADS/3.04/crt0.S deleted file mode 100644 index 5fc0964..0000000 --- a/PAYLOADS/3.04/crt0.S +++ /dev/null @@ -1,62 +0,0 @@ -.set noreorder # If we're writing assembly, why would we want this? - -.section .text.startup - -.equ getBufferInternal, 0x261548 -.equ payload, (0x2000000 - 0x800) # End of RAM - -.global _start -_start: - #la $a0, 0x7f - #la $v1, 0x01 - #syscall 0x01 # ResetEE - - #la $a0, relo - la $a0, load - la $a1, 0 - la $a2, 0 - la $a3, 0 - -.global ExecPS2 -ExecPS2: - la $v1, 7 - syscall 7 # ExecPS2 - -load: - la $a0, 0 - la $a1, 0 # 0 = VIDEO_TS.IFO, 1 = VTS_01_0.IFO - la $a2, 0x3000 / 0x800 # lba offset in file - la $a3, payload # Destination - la $t0, 0x800 / 0x800 # Count - la $t1, 0 - la $v0, getBufferInternal - jalr $v0 - nop - -#relo: - # Relocate payload to end of RAM -# la $a0, (0x2000000 - 1024) -# la $a1, payload -# la $a2, 2048 -# la $v0, memcpy -# jalr $v0 - -boot: - la $v1, 0x64; la $a0, 0; syscall 0x64 # FlushCache data writeback - la $v1, 0x64; la $a0, 2; syscall 0x64 # FlushCache instruction invalidate - - # Point stack to end of scratchpad RAM - la $sp, 0x70004000 - - # Execute from relocated place - la $v0, ENTRY - j $v0 - nop - -.space (_start + 0x2faa - 0x2d00) - . -fpIndex: - .byte 0x96 - .byte 0x08 - -#.space (_start + 0x3000 - 0x2d00) - . -#.incbin "payload.bin" diff --git a/PAYLOADS/3.04/fullpayload.bin b/PAYLOADS/3.04/fullpayload.bin deleted file mode 100644 index 3d5aba1..0000000 Binary files a/PAYLOADS/3.04/fullpayload.bin and /dev/null differ diff --git a/PAYLOADS/3.04/fullpayload.elf b/PAYLOADS/3.04/fullpayload.elf deleted file mode 100644 index 345fc1b..0000000 Binary files a/PAYLOADS/3.04/fullpayload.elf and /dev/null differ diff --git a/PAYLOADS/3.04/payload.bin b/PAYLOADS/3.04/payload.bin deleted file mode 100644 index 9e57d24..0000000 Binary files a/PAYLOADS/3.04/payload.bin and /dev/null differ diff --git a/PAYLOADS/3.04/payload.c b/PAYLOADS/3.04/payload.c deleted file mode 100644 index 3a88fb9..0000000 --- a/PAYLOADS/3.04/payload.c +++ /dev/null @@ -1,141 +0,0 @@ -#include - -// Pick one -#define LOAD_FROM_VTS_02_0_IFO -//#define LOAD_FROM_SECTOR_RELATIVE_TO_VIDEO_TS_IFO (151 - 138 - 7) - -#define min(a, b) (((a) < (b)) ? (a) : (b)) - -#define pointToIFO ((void (*)(unsigned int index, unsigned int lba, unsigned int offset))0x23dfc8) -#define getDiscData ((void (*)(unsigned int s, void *d))0x23e138) - -#define SifIopReset ((int (*)(char *, int))0x291358) -#define SifIopSync ((int (*)(void))0x2914d8) -#define SifInitRpc ((void (*)(int))0x208260) -#define SifExitRpc ((void (*)(void))0x208400) - -#define getBufferInternal ((int (*)(void *filename, int type, int currentSector, void *dest, unsigned int sectorsRemaining, int curReadPos))0x261548) - -#define ELF_PT_LOAD 1 - -typedef unsigned char u8; -typedef unsigned short u16; -typedef unsigned int u32; - -typedef struct { - u8 ident[16]; - u16 type; - u16 machine; - u32 version; - u32 entry; - u32 phoff; - u32 shoff; - u32 flags; - u16 ehsize; - u16 phentsize; - u16 phnum; - u16 shentsize; - u16 shnum; - u16 shstrndx; -} elf_header_t; - -typedef struct { - u32 type; - u32 offset; - void *vaddr; - u32 paddr; - u32 filesz; - u32 memsz; - u32 flags; - u32 align; -} elf_pheader_t; - -__attribute__((noreturn)) void ExecPS2(void *entry, void *gp, int argc, char **argv) { - asm volatile("la $v1, 7; syscall 7"); - //__builtin_unreachable(); -} - -void *memcpy_(void *dest, void *src, size_t n) { - int i; - for(i = 0; i < n; i++) ((unsigned char *)dest)[i] = ((unsigned char *)src)[i]; - return dest; -} - -void *memset(void *dest, int c, size_t n) { - int i; - for(i = 0; i < n; i++) ((unsigned char *)dest)[i] = c; - return dest; -} - -static void readData(void *dest, unsigned int offset, size_t n) { - unsigned char buffer[0x800]; - - unsigned int copied = 0; - #define remaining (n - copied) - - if(offset % 0x800) { - getBufferInternal("", 1, offset / 0x800, buffer, 1, 0); - memcpy_(dest, buffer + offset % 0x800, min(0x800 - (offset % 0x800), n)); - copied += min(0x800 - (offset % 0x800), n); - } - - if(remaining >= 0x800) { - getBufferInternal("", 1, (offset + copied) / 0x800, dest + copied, remaining / 0x800, 0); - copied += (remaining / 0x800) * 0x800; - } - - if(remaining > 0) { - getBufferInternal("", 1, (offset + copied) / 0x800, buffer, 1, 0); - memcpy_(dest + copied, buffer, remaining); - } -} - -__attribute__((noreturn)) void _start(void) { - //Exit(0); - //asm volatile("la $v1, 0x04; la $a0, 0; syscall 0x04"); - - int i; - - #ifdef LOAD_FROM_VTS_02_0_IFO - // point to VTS_02_0.IFO - pointToIFO(2, 0, 0); - - // Force a read from VTS_02_0.IFO - char head[64]; - getDiscData(64, &head); - - #define RELATIVE_SECTOR 0 - #else - #define RELATIVE_SECTOR LOAD_FROM_SECTOR_RELATIVE_TO_VIDEO_TS_IFO - #endif - - // Based on https://github.com/AKuHAK/uLaunchELF/blob/master/loader/loader.c - elf_header_t eh; - readData(&eh, RELATIVE_SECTOR * 0x800, sizeof(elf_header_t)); - - elf_pheader_t eph[eh.phnum]; - readData(&eph, RELATIVE_SECTOR * 0x800 + eh.phoff, sizeof(elf_pheader_t) * eh.phnum); - - for (i = 0; i < eh.phnum; i++) { - if (eph[i].type != ELF_PT_LOAD) - continue; - - readData(eph[i].vaddr, RELATIVE_SECTOR * 0x800 + eph[i].offset, eph[i].filesz); - if(eph[i].memsz > eph[i].filesz) memset(eph[i].vaddr + eph[i].filesz, 0, eph[i].memsz - eph[i].filesz); - } - - asm volatile("la $v1, 0x64; la $a0, 0; syscall 0x64"); // FlushCache data writeback - asm volatile("la $v1, 0x64; la $a0, 2; syscall 0x64"); // FlushCache instruction invalidate - - //while(!SifIopReset("", 0)); - //while(!SifIopSync()); - - //while(!SifIopReset("rom0:UDNL rom0:EELOADCNF", 0)); - SifIopReset("rom0:UDNL rom0:EELOADCNF", 0); - while(!SifIopSync()); - - SifInitRpc(0); - SifExitRpc(); - - ExecPS2((void *)eh.entry, 0, 0, 0); -} diff --git a/PAYLOADS/3.04/payload.elf b/PAYLOADS/3.04/payload.elf deleted file mode 100644 index fab2abb..0000000 Binary files a/PAYLOADS/3.04/payload.elf and /dev/null differ diff --git a/PAYLOADS/All PS2 slims (3.10 + 3.11)/payload.bin b/PAYLOADS/All PS2 slims (3.10 + 3.11)/payload.bin deleted file mode 100644 index a459837..0000000 Binary files a/PAYLOADS/All PS2 slims (3.10 + 3.11)/payload.bin and /dev/null differ diff --git a/PAYLOADS/All PS2 slims (3.10 + 3.11)/payload.elf b/PAYLOADS/All PS2 slims (3.10 + 3.11)/payload.elf deleted file mode 100644 index 01537c8..0000000 Binary files a/PAYLOADS/All PS2 slims (3.10 + 3.11)/payload.elf and /dev/null differ diff --git a/PAYLOADS/All PS2 slims (3.10 + 3.11)/build.sh b/PAYLOADS/build.sh similarity index 71% rename from PAYLOADS/All PS2 slims (3.10 + 3.11)/build.sh rename to PAYLOADS/build.sh index 238f677..d6afdad 100644 --- a/PAYLOADS/All PS2 slims (3.10 + 3.11)/build.sh +++ b/PAYLOADS/build.sh @@ -12,6 +12,14 @@ ENTRY=0x01fff99c echo $ENTRY +echo "Building crt0 (3.03)" +ee-gcc -Ttext=0x015FFF34 -DENTRY=$ENTRY -DGETBUFFERINTERNAL=0x262360 crt0.S -o crt0_3.03.elf -nostartfiles -nostdlib -ffreestanding -Wl,-z,max-page-size=0x1 +ee-objcopy -O binary crt0_3.03.elf crt0_3.03.bin -Wl,-z,max-page-size=0x1 + +echo "Building crt0 (3.04M)" +ee-gcc -Ttext=0x01800180 -DENTRY=$ENTRY -DGETBUFFERINTERNAL=0x261548 crt0.S -o crt0_3.04M.elf -nostartfiles -nostdlib -ffreestanding -Wl,-z,max-page-size=0x1 +ee-objcopy -O binary crt0_3.04M.elf crt0_3.04M.bin -Wl,-z,max-page-size=0x1 + echo "Building jump for 3.04J" ee-gcc -Ttext=0x012811E4 -DJUMP=0x01281340 jump.S -o jump.elf -nostartfiles -nostdlib -ffreestanding -Wl,-z,max-page-size=0x1 ee-objcopy -O binary jump.elf jump.bin -Wl,-z,max-page-size=0x1 @@ -29,8 +37,14 @@ ee-gcc -Ttext=0x01500014 -DENTRY=$ENTRY -DGETBUFFERINTERNAL=0x2952f0 crt0.S -o c ee-objcopy -O binary crt0_3.11.elf crt0_3.11.bin -Wl,-z,max-page-size=0x1 echo "Done." + +echo "For the All Slims image:" +echo "Insert crt0_3.03.bin into VIDEO_TS.IFO at offset 0x0e8c" echo "Insert jump.bin into VIDEO_TS.IFO at offset 0x2724" echo "Insert crt0_3.04J.bin into VIDEO_TS.IFO at offset 0x2880" echo "Insert crt0_3.10.bin into VIDEO_TS.IFO at offset 0x2bb4" echo "Insert crt0_3.11.bin into VIDEO_TS.IFO at offset 0x2954" echo "Insert payload.bin into VIDEO_TS.IFO at offset 0x3000" + +echo "For 3.04M only image:" +echo "Insert fullpayload.bin at 0x2d00, and payload.bin at 0x3000" diff --git a/PAYLOADS/All PS2 slims (3.10 + 3.11)/crt0.S b/PAYLOADS/crt0.S similarity index 100% rename from PAYLOADS/All PS2 slims (3.10 + 3.11)/crt0.S rename to PAYLOADS/crt0.S diff --git a/PAYLOADS/crt0_3.03.bin b/PAYLOADS/crt0_3.03.bin new file mode 100644 index 0000000..b597d33 Binary files /dev/null and b/PAYLOADS/crt0_3.03.bin differ diff --git a/PAYLOADS/3.03/fullpayload.elf b/PAYLOADS/crt0_3.03.elf similarity index 61% rename from PAYLOADS/3.03/fullpayload.elf rename to PAYLOADS/crt0_3.03.elf index 7382ed2..6747ad1 100644 Binary files a/PAYLOADS/3.03/fullpayload.elf and b/PAYLOADS/crt0_3.03.elf differ diff --git a/PAYLOADS/All PS2 slims (3.10 + 3.11)/crt0_3.04J.bin b/PAYLOADS/crt0_3.04J.bin similarity index 100% rename from PAYLOADS/All PS2 slims (3.10 + 3.11)/crt0_3.04J.bin rename to PAYLOADS/crt0_3.04J.bin diff --git a/PAYLOADS/All PS2 slims (3.10 + 3.11)/crt0_3.04J.elf b/PAYLOADS/crt0_3.04J.elf similarity index 100% rename from PAYLOADS/All PS2 slims (3.10 + 3.11)/crt0_3.04J.elf rename to PAYLOADS/crt0_3.04J.elf diff --git a/PAYLOADS/crt0_3.04M.bin b/PAYLOADS/crt0_3.04M.bin new file mode 100644 index 0000000..5475657 Binary files /dev/null and b/PAYLOADS/crt0_3.04M.bin differ diff --git a/PAYLOADS/crt0_3.04M.elf b/PAYLOADS/crt0_3.04M.elf new file mode 100644 index 0000000..0ae906f Binary files /dev/null and b/PAYLOADS/crt0_3.04M.elf differ diff --git a/PAYLOADS/All PS2 slims (3.10 + 3.11)/crt0_3.10.bin b/PAYLOADS/crt0_3.10.bin similarity index 100% rename from PAYLOADS/All PS2 slims (3.10 + 3.11)/crt0_3.10.bin rename to PAYLOADS/crt0_3.10.bin diff --git a/PAYLOADS/All PS2 slims (3.10 + 3.11)/crt0_3.10.elf b/PAYLOADS/crt0_3.10.elf similarity index 100% rename from PAYLOADS/All PS2 slims (3.10 + 3.11)/crt0_3.10.elf rename to PAYLOADS/crt0_3.10.elf diff --git a/PAYLOADS/All PS2 slims (3.10 + 3.11)/crt0_3.11.bin b/PAYLOADS/crt0_3.11.bin similarity index 100% rename from PAYLOADS/All PS2 slims (3.10 + 3.11)/crt0_3.11.bin rename to PAYLOADS/crt0_3.11.bin diff --git a/PAYLOADS/All PS2 slims (3.10 + 3.11)/crt0_3.11.elf b/PAYLOADS/crt0_3.11.elf similarity index 100% rename from PAYLOADS/All PS2 slims (3.10 + 3.11)/crt0_3.11.elf rename to PAYLOADS/crt0_3.11.elf diff --git a/PAYLOADS/All PS2 slims (3.10 + 3.11)/jump.S b/PAYLOADS/jump.S similarity index 100% rename from PAYLOADS/All PS2 slims (3.10 + 3.11)/jump.S rename to PAYLOADS/jump.S diff --git a/PAYLOADS/All PS2 slims (3.10 + 3.11)/jump.bin b/PAYLOADS/jump.bin similarity index 100% rename from PAYLOADS/All PS2 slims (3.10 + 3.11)/jump.bin rename to PAYLOADS/jump.bin diff --git a/PAYLOADS/All PS2 slims (3.10 + 3.11)/jump.elf b/PAYLOADS/jump.elf similarity index 100% rename from PAYLOADS/All PS2 slims (3.10 + 3.11)/jump.elf rename to PAYLOADS/jump.elf diff --git a/PAYLOADS/payload.bin b/PAYLOADS/payload.bin new file mode 100644 index 0000000..34fe797 Binary files /dev/null and b/PAYLOADS/payload.bin differ diff --git a/PAYLOADS/All PS2 slims (3.10 + 3.11)/payload.c b/PAYLOADS/payload.c similarity index 92% rename from PAYLOADS/All PS2 slims (3.10 + 3.11)/payload.c rename to PAYLOADS/payload.c index cd6b7a3..80fa60a 100644 --- a/PAYLOADS/All PS2 slims (3.10 + 3.11)/payload.c +++ b/PAYLOADS/payload.c @@ -95,7 +95,19 @@ __attribute__((noreturn)) void _start(void) { int i; // Identify version based on jump target location - if((*(void **)0x6D9C3C) == (void *)0x126b7e0) { + if((*(void **)0x928D24) == (void *)0x15ea540) { + // 3.03 + pointToIFO = (void *)0x2432c8; + getDiscData = (void *)0x243438; + + getBufferInternal = (void *)0x262360; + + SifIopReset = (void *)0x291fb8; + SifIopSync = (void *)0x292138; + SifInitRpc = (void *)0x2082a0; + SifExitRpc = (void *)0x208440; + } + else if((*(void **)0x6D9C3C) == (void *)0x126b7e0) { // 3.04J pointToIFO = (void *)0x23dfe0; getDiscData = (void *)0x23e150; diff --git a/PAYLOADS/payload.elf b/PAYLOADS/payload.elf new file mode 100644 index 0000000..1fdf9ad Binary files /dev/null and b/PAYLOADS/payload.elf differ