Li
/
fuckpsse
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
This repository has been archived on 2023-10-31. You can view files and clone it, but cannot push or open issues or pull requests.
fuckpsse/Native/FuckPSSE.c

160 lines
32 KiB
C
Raw Normal View History

Inital Upload (v1.0)
2018-10-13 13:29:00 +00:00
#include <taihen.h>
#include <vitasdk.h>
#include <string.h>
#include <stdio.h>
SceUID sceKernelGetStdout();
Update ILL Exe Inject
2018-10-18 10:52:25 +00:00
static SceUID LoadModuleHook = -1;
Inital Upload (v1.0)
2018-10-13 13:29:00 +00:00
static tai_hook_ref_t LoadModuleHook_ref;
Update ILL Exe Inject
2018-10-18 10:52:25 +00:00
static SceUID cOpenHook = -1;
Inital Upload (v1.0)
2018-10-13 13:29:00 +00:00
static tai_hook_ref_t cOpenHook_ref;
Update ILL Exe Inject
2018-10-18 10:52:25 +00:00
static SceUID cReadHook = -1;
Inital Upload (v1.0)
2018-10-13 13:29:00 +00:00
static tai_hook_ref_t cReadHook_ref;
Update ILL Exe Inject
2018-10-18 10:52:25 +00:00
static char LetsJustAttackILL[0x1600] = {0x4D,0x5A,0x90,0x00,0x03,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0xFF,0xFF,0x00,0x00,0xB8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x80,0x00,0x00,0x00,0x0E,0x1F,0xBA,0x0E,0x00,0xB4,0x09,0xCD,0x21,0xB8,0x01,0x4C,0xCD,0x21,0x54,0x68,0x69,0x73,0x20,0x70,0x72,0x6F,0x67,0x72,0x61,0x6D,0x20,0x63,0x61,0x6E,0x6E,0x6F,0x74,0x20,0x62,0x65,0x20,0x72,0x75,0x6E,0x20,0x69,0x6E,0x20,0x44,0x4F,0x53,0x20,0x6D,0x6F,0x64,0x65,0x2E,0x0D,0x0D,0x0A,0x24,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x50,0x45,0x00,0x00,0x4C,0x01,0x03,0x00,0x44,0x63,0xC8,0x5B,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xE0,0x00,0x02,0x01,0x0B,0x01,0x0B,0x00,0x00,0x0C,0x00,0x00,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x1E,0x2A,0x00,0x00,0x00,0x20,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x20,0x00,0x00,0x00,0x02,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x80,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x03,0x00,0x40,0x85,0x00,0x00,0x10,0x00,0x00,0x10,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xCC,0x29,0x00,0x00,0x4F,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0xC8,0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x60,0x00,0x00,0x0C,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x20,0x00,0x00,0x48,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x2E,0x74,0x65,0x78,0x74,0x00,0x00,0x00,0x24,0x0A,0x00,0x00,0x00,0x20,0x00,0x00,0x00,0x0C,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x60,0x2E,0x72,0x73,0x72,0x63,0x00,0x00,0x00,0xC8,0x04,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x06,0x00,0x00,0x00,0x0E,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x40,0x2E,0x72,0x65,0x6C,0x6F,0x63,0x00,0x00,0x0C,0x00,0x00,0x00,0x00,0x60,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x14,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x42,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x2A,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x02,0x00,0x05,0x00,0x70,0x23,0x00,0x00,0x5C,0x06,0x00,0x00,0x01,0x00,0x00,0x00,0x03,0x00,0x00,0x06,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x13,0x30,0x05,0x00,0xB6,0x00,0x00,0x00,0x01,0x00,0x00,0x11,0x00,0x28,0x03,0x00,0x00,0x0A,0x00,0x7E,0x01,0x00,0x00,0x04,0x22,0x00,0x00,0x80,0x3F,0x22,0x00,0x00,0x00,0x00,0x22,0x00,0x00,0x00,0x00,0x22,0x00,0x00,0x00,0x00,0x6F,0x04,0x00,0x00,0x0A,0x00,0x7E,0x01,0x00,0x00,0x04,0x6F,0x05,0x00,0x00,0x0A,0x00,0x7E,0x01,0x00,0x00,0x04,0x6F,0x06,0x00,0x00,0x0A,0x00,0x03,0x17,0x18,0x28,0x07,0x00,0x00,0x0A,0x0A,0x02,0x19,0x17,0x28,0x07,0x00,0x00,0x0A,0x0B,0x16,0x6A,0x0C,0x2B,0x45,0x00,0x07,0x6F,0x08,0x00,0x00,0x0A,0x69,0x08,0x69,0x59,0x0D,0x09,0x20,0x40,0x42,0x0F,0x00,0xFE,0x02,0x16,0xFE,0x01,0x13,0x05,0x11,0x05,0x2D,0x06,0x20,0x40,0x42,0x0F,0x00,0x0D,0x09,0x8D,0x0B,0x00,0x00,0x01,0x13,0x04,0x08,0x07,0x11,0x04,0x16,0x09,0x6F,0x09,0x00,0x00,0x0A,0x6A,0x58,0x0C,0x06,0x11,0x04,0x16,0x09,0x6F,0x0A,0x00,0x00,0x0A,0x00,0x00,0x08,0x07,0x6F,0x08,0x00,0x00,0x0A,0xFE,0x04,0x13,0x05,0x11,0x05,0x2D,0xAC,0x07,0x6F,0x0B,0x00,0x00,0x0A,0x00,0x06,0x6F,0x0B,0x00,0x00,0x0A,0x00,0x2A,0x00,0x00,0x13,0x30,0x05,0x00,0x20,0x01,0x00,0x00,0x02,0x00,0x00,0x11,0x00,0x28,0x03,0x00,0x00,0x0A,0x00,0x7E,0x01,0x00,0x00
Inital Upload (v1.0)
2018-10-13 13:29:00 +00:00
int HasReplacedExe = 0;
//Thanks dots-tb for reversing this!
typedef struct PSM_handle {
uint32_t unk0;
uint32_t unk1;
uint32_t filesz;
uint32_t unk3;
} PSM_handle;
char OldPath[1024];
int pss_crypto_open_p(PSM_handle *handle, char *path) {
memset(OldPath,0x00,1024);
memcpy(OldPath,path,1024);
sceClibPrintf("[FuckPSSE] [OPEN] before run: PSM_handle:\n");
sceClibPrintf("[FuckPSSE] unk0 %lx\n",handle->unk0);
sceClibPrintf("[FuckPSSE] unk1 %lx\n",handle->unk1);
sceClibPrintf("[FuckPSSE] Size %lx\n",handle->filesz);
sceClibPrintf("[FuckPSSE] unk3 %lx\n",handle->unk3);
sceClibPrintf("[FuckPSSE] Path: %s\n",path);
int ret;
ret = TAI_CONTINUE(int, cOpenHook_ref, handle, path);
if(!strcmp(OldPath,"pss0:/top/Application/app.exe") && !HasReplacedExe)
{
Update ILL Exe Inject
2018-10-18 10:52:25 +00:00
handle->filesz = 0x1600;
Inital Upload (v1.0)
2018-10-13 13:29:00 +00:00
}
sceClibPrintf("[FuckPSSE] [OPEN] after run: PSM_handle:\n");
sceClibPrintf("[FuckPSSE] unk0 %lx\n",handle->unk0);
sceClibPrintf("[FuckPSSE] unk1 %lx\n",handle->unk1);
sceClibPrintf("[FuckPSSE] Size %lx\n",handle->filesz);
sceClibPrintf("[FuckPSSE] unk3 %lx\n",handle->unk3);
sceClibPrintf("[FuckPSSE] Path: %s\n",path);
sceClibPrintf("[FuckPSSE] ret: %x\n",ret);
return ret;
}
char *pss_crypto_read_p(PSM_handle *handle, int ctx) {
sceClibPrintf("[FuckPSSE] [READ] before run: PSM_handle:\n");
sceClibPrintf("[FuckPSSE] unk0 %lx\n",handle->unk0);
sceClibPrintf("[FuckPSSE] unk1 %lx\n",handle->unk1);
sceClibPrintf("[FuckPSSE] Size %lx\n",handle->filesz);
sceClibPrintf("[FuckPSSE] unk3 %lx\n",handle->unk3);
sceClibPrintf("[FuckPSSE] Path: %x\n",ctx);
if(!strcmp(OldPath,"pss0:/top/Application/app.exe") && !HasReplacedExe)
{
TAI_CONTINUE(int, cReadHook_ref, handle, ctx);
sceClibPrintf("[FuckPSSE] APP.EXE Detected! Injecting dumper!\n");
HasReplacedExe = 1;
return (char*)&LetsJustAttackILL;
}
else
{
int ret;
ret = TAI_CONTINUE(int, cReadHook_ref, handle, ctx);
sceClibPrintf("[FuckPSSE] [READ] after run: PSM_handle:\n");
sceClibPrintf("[FuckPSSE] unk0 %lx\n",handle->unk0);
sceClibPrintf("[FuckPSSE] unk1 %lx\n",handle->unk1);
sceClibPrintf("[FuckPSSE] Size %lx\n",handle->filesz);
sceClibPrintf("[FuckPSSE] unk3 %lx\n",handle->unk3);
sceClibPrintf("[FuckPSSE] Path: %x\n",ctx);
return ret;
}
return 0;
}
SceUID sceKernelLoadStartModule_p(char *path, SceSize args, void *argp, int flags, SceKernelLMOption *option, int *status)
{
Update ILL Exe Inject
2018-10-18 10:52:25 +00:00
sceClibPrintf("[FuckPSSE] Starting Module: %s\n",path);
Inital Upload (v1.0)
2018-10-13 13:29:00 +00:00
SceUID ret;
ret = TAI_CONTINUE(SceUID, LoadModuleHook_ref, path, args, argp, flags, option, status);
if(!strcmp(path,"app0:/module/libpsm.suprx"))
{
sceClibPrintf("[FuckPSSE] SceLibPsm Detected!\n");
cOpenHook = taiHookFunctionImport(&cOpenHook_ref,
"SceLibMono",
TAI_ANY_LIBRARY,
0x6B4125E4, //pss_crypto_open
pss_crypto_open_p);
cReadHook = taiHookFunctionImport(&cReadHook_ref,
"SceLibMono",
TAI_ANY_LIBRARY,
0x32BA8444, //pss_crypto_read
pss_crypto_read_p);
sceClibPrintf("[FuckPSSE] cOpenHook %x, %x\n",cOpenHook,cOpenHook_ref);
sceClibPrintf("[FuckPSSE] cReadHook %x, %x\n",cReadHook,cReadHook_ref);
}
return ret;
}
void _start() __attribute__ ((weak, alias ("module_start")));
void module_start(SceSize argc, const void *args) {
char titleid[12];
sceAppMgrAppParamGetString(0, 12, titleid, 256);
if(!strcmp(titleid,"PCSI00011")) // PSM Runtime
{
sceClibPrintf("[FuckPSSE] Silca: I like to see girls die :3\n");
sceClibPrintf("[FuckPSSE] Loaded!\n");
sceClibPrintf("[FuckPSSE] Running on %s\n",titleid);
LoadModuleHook = taiHookFunctionImport(&LoadModuleHook_ref,
TAI_MAIN_MODULE,
TAI_ANY_LIBRARY,
0x2DCC4AFA, //sceKernelLoadStartModule
sceKernelLoadStartModule_p);
sceClibPrintf("[FuckPSSE] LoadModuleHook %x, %x\n",LoadModuleHook,LoadModuleHook_ref);
}
}
int module_stop(SceSize argc, const void *args) {
// release hooks
Update ILL Exe Inject
2018-10-18 10:52:25 +00:00
//if (cOpenHook >= 0) taiHookRelease(cOpenHook, cOpenHook_ref);
//if (cReadHook >= 0) taiHookRelease(cReadHook, cReadHook_ref);
//if (LoadModuleHook >= 0) taiHookRelease(LoadModuleHook, LoadModuleHook_ref);
Inital Upload (v1.0)
2018-10-13 13:29:00 +00:00
return SCE_KERNEL_STOP_SUCCESS;
}