3.04 image now supports 3.10 and 3.11 too

2020-07-19 13:54:41 +01:00 · 2020-07-19 13:54:41 +01:00 · 698d91b10e
commit 698d91b10e
parent b207971522
11 changed files with 31 additions and 3 deletions
--- a/language/VIDEO_TS/VIDEO_TS.IFO
+++ b/language/VIDEO_TS/VIDEO_TS.IFO
--- a/3.11)/build.sh
+++ b/3.11)/build.sh
@ -12,17 +12,25 @@ ENTRY=0x01fff99c
 echo $ENTRY
-echo "Building crt0 (3.10)"
+echo "Building jump for 3.04J"
 ee-gcc -Ttext=0x012811E4 -DJUMP=0x01281340 jump.S -o jump.elf -nostartfiles -nostdlib -ffreestanding -Wl,-z,max-page-size=0x1
 ee-objcopy -O binary jump.elf jump.bin -Wl,-z,max-page-size=0x1
 echo "Building crt0 (3.04J)"
 ee-gcc -Ttext=0x01281340 -DENTRY=$ENTRY -DGETBUFFERINTERNAL=0x261560 crt0.S -o crt0_3.04J.elf -nostartfiles -nostdlib -ffreestanding -Wl,-z,max-page-size=0x1
 ee-objcopy -O binary crt0_3.04J.elf crt0_3.04J.bin -Wl,-z,max-page-size=0x1
 echo "Building crt0 (3.10)"
 ee-gcc -Ttext=0x01500014 -DENTRY=$ENTRY -DGETBUFFERINTERNAL=0x2986a0 crt0.S -o crt0_3.10.elf -nostartfiles -nostdlib -ffreestanding -Wl,-z,max-page-size=0x1
 ee-objcopy -O binary crt0_3.10.elf crt0_3.10.bin -Wl,-z,max-page-size=0x1
 echo "Building crt0 (3.11)"
 ee-gcc -Ttext=0x01500014 -DENTRY=$ENTRY -DGETBUFFERINTERNAL=0x2952f0 crt0.S -o crt0_3.11.elf -nostartfiles -nostdlib -ffreestanding -Wl,-z,max-page-size=0x1
 ee-objcopy -O binary crt0_3.11.elf crt0_3.11.bin -Wl,-z,max-page-size=0x1
 echo "Done."
 echo "Insert jump.bin into VIDEO_TS.IFO at offset 0x2724"
 echo "Insert crt0_3.04J.bin into VIDEO_TS.IFO at offset 0x2880"
 echo "Insert crt0_3.10.bin into VIDEO_TS.IFO at offset 0x2bb4"
 echo "Insert crt0_3.11.bin into VIDEO_TS.IFO at offset 0x2954"
 echo "Insert payload.bin into VIDEO_TS.IFO at offset 0x3000"
--- a/3.11)/crt0_3.04J.bin
+++ b/3.11)/crt0_3.04J.bin
--- a/3.11)/crt0_3.04J.elf
+++ b/3.11)/crt0_3.04J.elf
--- a/3.11)/jump.S
+++ b/3.11)/jump.S
@ -0,0 +1,8 @@
 .set noreorder # If we're writing assembly, why would we want this?
 .section .text.startup
 .global _start
 _start:
 	j JUMP
 	nop
--- a/3.11)/jump.bin
+++ b/3.11)/jump.bin
--- a/3.11)/jump.elf
+++ b/3.11)/jump.elf
--- a/3.11)/payload.bin
+++ b/3.11)/payload.bin
--- a/3.11)/payload.c
+++ b/3.11)/payload.c
@ -95,7 +95,19 @@ __attribute__((noreturn)) void _start(void) {
 	int i;
 	// Identify version based on jump target location
-	if((*(void **)0x5f1f38) == (void *)0x1500014) {
+	if((*(void **)0x6D9C3C) == (void *)0x126b7e0) {
 		// 3.04J
 		pointToIFO = (void *)0x23dfe0;
 		getDiscData = (void *)0x23e150;
 		getBufferInternal = (void *)0x261560;
 		SifIopReset = (void *)0x84fe0;
 		SifIopSync = (void *)0x85110;
 		SifInitRpc = (void *)0x84180;
 		SifExitRpc = (void *)0x84310;
 	}
 	else if((*(void **)0x5f1f38) == (void *)0x1500014) {
 		// 3.10
 		pointToIFO = (void *)0x25c880;
 		getDiscData = (void *)0x25c9f0;
--- a/3.11)/payload.elf
+++ b/3.11)/payload.elf
--- a/exploit.iso
+++ b/exploit.iso