HowTo add Kernel access under FW2.50/2.60 VSH (eLoader-TIFF)

[0okm]

sample
Download-Link : http://rapidshare.de/files/33680044/...SH_KA.zip.html

main.c
add line extern void kernel_ent(u32 Temp);
and write Kernel access in a function
use kernel_ent((u32) &your_function) to call it

Code:

// -------------------------------------------
// Kernel access under FW2.50/2.60 VSH
// use Noobz's eLoader(TIFF) 0.9.8
// -------------------------------------------
// Game mode Kernel access by hitchhikr / Neural.
// VSH mode Kernel access by moonlight
// Mod. by 0okm
// -------------------------------------------

// -------------------------------------------
// Include
#include <pspkernel.h>
#include <pspdisplay.h>
#include <pspdebug.h>
#include <pspctrl.h>

#include <stdlib.h>
#include <stdio.h>
#include <string.h>

PSP_MODULE_INFO("25_26_VSH_KA", 0, 1, 1);
PSP_MAIN_THREAD_ATTR(THREAD_ATTR_USER);

#define printf	pspDebugScreenPrintf

extern void kernel_ent(u32 Temp);

void Dump_kmem(void)
{
	int handle;
	handle = sceIoOpen("ms0:/0x88000000-kmem.BIN", PSP_O_WRONLY | PSP_O_CREAT | PSP_O_TRUNC, 0777);
	sceIoWrite(handle, (void*) 0x88000000 , 0x400000);
	sceIoClose(handle);
}

void Dump_klib(void)
{
	int handle;
	handle = sceIoOpen("ms0:/0x88800000-klib.BIN", PSP_O_WRONLY | PSP_O_CREAT | PSP_O_TRUNC, 0777);
	sceIoWrite(handle, (void*) 0x88800000 , 0x100000);
	sceIoClose(handle);
}

void Dump_boot(void)
{
	int handle;
	handle = sceIoOpen("ms0:/0xBFC00000-boot.BIN", PSP_O_WRONLY | PSP_O_CREAT | PSP_O_TRUNC, 0777);
	sceIoWrite(handle, (void*) 0xBFC00000 , 0x100000);
	sceIoClose(handle);
}

int main(int argc, char* argv[])
{
	pspDebugScreenInit();
	printf("\n");
	printf(" Kernel access under FW2.50/2.60 VSH\n");
	printf(" use Noobz's eLoader(TIFF) 0.9.8\n\n");

	printf(" Game mode Kernel access by hitchhikr / Neural.\n");
	printf(" VSH mode Kernel access by moonlight\n");
	printf(" Mod. by 0okm\n\n");

	printf(" FW ver is 0x%.8X\n\n", sceKernelDevkitVersion());

	SceCtrlData pad;
	sceCtrlSetSamplingCycle(0);
	sceCtrlSetSamplingMode(0);
	u32 oldButtons = 0;

	printf(" Pass [TRIANGLE] to Kernel mem. Dump\n");
	printf(" Pass [SQUARE] to Kernel lib. Dump\n");
	printf(" Pass [CIRCLE] to Kernel boot Dump\n");
	printf(" Pass [CROSS] to EXIT\n\n");
	while (1)
	{
		sceCtrlReadBufferPositive(&pad, 1);
		if (oldButtons != pad.Buttons)
		{
			oldButtons = pad.Buttons;
			if (pad.Buttons & PSP_CTRL_TRIANGLE)
			{
				kernel_ent((u32) &Dump_kmem);

				pspDebugScreenSetTextColor(0xFFFF0000);
				printf(" Kernel mem. Dump Finish\n");
			}
			if (pad.Buttons & PSP_CTRL_SQUARE)
			{
				kernel_ent((u32) &Dump_klib);

				pspDebugScreenSetTextColor(0xFF00FF00);
				printf(" Kernel lib. Dump Finish\n");
			}
			if (pad.Buttons & PSP_CTRL_CIRCLE)
			{
				kernel_ent((u32) &Dump_boot);

				pspDebugScreenSetTextColor(0xFF0000FF);
				printf(" Kernel boot Dump Finish\n");
			}
			if (pad.Buttons & PSP_CTRL_CROSS)
			{
				sceKernelExitGame();
			}
			sceDisplayWaitVblankStart();
		}
	}

	return(0);
}

Makefile
in line OBJS add kernel_ex.o
in line LIBS add -lpspvshbridge

Code:

TARGET = 25_26_VSH_KA
OBJS = main.o kernel_ex.o

INCDIR =
CFLAGS = -G0 -Wall -O2
CXXFLAGS = $(CFLAGS) -fno-exceptions -fno-rtti
ASFLAGS = $(CFLAGS)

LIBDIR =
LDFLAGS =
LIBS= -lpspvshbridge

EXTRA_TARGETS = EBOOT.PBP
PSP_EBOOT_TITLE = FW2.50/2.60 VSH Kernel access
PSP_EBOOT_ICON = ICON0.PNG

PSPSDK=$(shell psp-config --pspsdk-path)
include $(PSPSDK)/lib/build.mak

[JordanBlack68]

Sweet, nice to hear you Ookm, thats amazing, great job!

[Moonchild]

So this is for 2.5/2.6 only? or does it work on 2.7+ too?
Nicely done

[ghostman]

!Noob alert!

How do i used this my current eloader0.98 installation on my fw2.5 ta-082?

Awsome work 0okm, even though i have no idea how to use it

[Moca]

Well, by looking at the title I would say this is for 2.0/1 lol. Thanks Ookm.

[muratcan]

Is this based off the hitchikr exploit or is a completely new find?

[n00bified]

this is a noob question but what do i do with the mem lib and boot files once i dump them?

[Fanjita]

*sigh*

If you don't understand what this is, then it's not useful to you.

It's an easier way to run hitchhikr's existing v2.5/2.6 kernel mode exploit, using the TIFF vshLoadExecMs2 call, rather than sceKernelLoadExec. Same effect, but it works in VSH instead of GTA.

It's useful for developers who want to mess around with kernel mode, which is definitely not a playground for the uninitiated.

Incidentally eLoader 0.99 will support limited kernel mode homebrew natively, so this will probably be obsolete from that point onwards.

[Moonchild]

This is basically only for developers, since you can't do anything else with them.
The dump files are only for testing I believe, to show us that it really is kernel access


You beat me to it Fanjita :\

[n00bified]

thanks for clarification guys. does this help eloader development at all or did you already know about this fanjita?

[Fanjita]

Quote:

Originally Posted by n00bified

thanks for clarification guys. does this help eloader development at all or did you already know about this fanjita?

We're already doing something vaguely similar in eLoader 0.99 (in development).

[nxtlidenno]

Yeah but fanjita did you say yours was limited kernal access in 0.99 if so what do you mean by limited. And is this kernal access shown here limited as well?

[-Dman-]

Thanks 0okm, another great piece of information for devs, and us TA-082's stuck @ 2.6.

Fanjita, thanks for that update! I really appreciate the tough work your putting into this, and Kernal access is great!

[MSeven]

so we can now get kernel required homebrew on tiff, great!

[-Dman-]

Looks like 2.5/2.6 is slowly gonna become the new 1.5

[Fanjita]

Quote:

Originally Posted by yoyomacy

so we can now get kernel required homebrew on tiff, great!

No, that's not what this means (well, not directly).

This doesn't add any real extra functionality, it just makes it easier for people to access the kmode exploit.

[MSeven]

i understand now, but lets hope this is useful for something and 0okm isnt to bummed out

[ManelScout4Life]

Maybe now some one could re-write the original PSP No Update UMD Starter (found here http://files.pspupdates.qj.net/cgi-b...0,0,0,0,38,751) to work for 2.50 - 2.60

[Fanjita]

Quote:

Originally Posted by yoyomacy

i understand now, but lets hope this is useful for something and 0okm isnt to bummed out

It is useful, just not in the way that everyone seems to think.

[nxtlidenno]

So you mean this isnt useful for the things wich we are'nt allowed to talk about?

[robe]

Quote:

Originally Posted by Fanjita

This doesn't add any real extra functionality, it just makes it easier for people to access the kmode exploit.

will it free more memory when using eloader (tiff version) so more homebrew will work, i.e. gpSP? That would be great!

[Fanjita]

Quote:

Originally Posted by robe

will it free more memory when using eloader (tiff version) so more homebrew will work, i.e. gpSP? That would be great!

Not on its own, no.

But grab the new eLoader, it uses kmode to free a lot more memory. I haven't tried gpSP, but there's a reasonable chance it will work.

[|-Anubis-|]

no gpSP doesn't work. It just crashes. But at least I know that the crash info display works.

[Train]

Quote:

Originally Posted by Fanjita

Not on its own, no.

But grab the new eLoader, it uses kmode to free a lot more memory. I haven't tried gpSP, but there's a reasonable chance it will work.

Will it free more RAM then the GTA Kmode exploit did?

[PandaHuman]

gpsp can run with eloader 0.97,but using eloader 0.98 it crash...