Added Support For PS5 2.70

Thanks To @BestPig , @zecoxao And Anonymous Friend For Help
EchoStretch · Oct 28, 2024 · 39341b2 · 39341b2
1 parent cb62548
commit 39341b2
Show file tree

Hide file tree

Showing 7 changed files with 11 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -18,7 +18,7 @@ The primary and recommended exploit takes advantage of the fact that system Qual
 These flags are not reinitialized by the secure loader upon resume from sleep mode, though the hypervisor is. By setting the SL flag, putting the system to sleep, and resuming, we can edit the guest kernel's pagetables to make kernel .text pages read/writable, allowing dumping of the kernel and hooks/patches.
 
 ## Important Notes
-- Currently only 2.50 FW is supported for Homebrew Enabler (HEN), support for other firmware versions will be added at a later time.
+- Currently only listed FW is supported for Homebrew Enabler (HEN), support for other firmware versions will be added at a later time.
 - The exploit payload (byepervisor.elf) will need to be sent twice, once before suspending the system and again after resuming.
 - You will have to put the system into rest mode manually yourself
 - Kernel dump from QA flags exploit will not contain hypervisor's .data region at the moment, if this is important for you, dump using the jump table exploit after porting or disable nested paging first (this is a TODO)
@@ -29,7 +29,7 @@ These flags are not reinitialized by the secure loader upon resume from sleep mo
 - Homebrew enabler (HEN) (fself+fpkg)
 
 ## Firmware Status
-Completed: 1.12, 1.14, 2.00, 2.20, 2.25, 2.26, 2.30, 2.50 
+Completed: 1.12, 1.14, 2.00, 2.20, 2.25, 2.26, 2.30, 2.50, 2.70
 
 ## Build notes
 This exploit payload is built using the [PS5-Payload-Dev SDK](https://github.com/ps5-payload-dev/sdk). Note also that the build for `hen/` is slightly special, as it gets compiled to a flat binary thats copied into a kernel code cave. The entirety of code in `hen/` runs in supervisor/kernel mode.

diff --git a/_old_jump_table_exploit/src/kdlsym.c b/_old_jump_table_exploit/src/kdlsym.c
@@ -41,6 +41,7 @@ void init_kdlsym()
     case 0x2260000:
     case 0x2300000:
     case 0x2500000:
+    case 0x2700000:
         g_kernel_base = KERNEL_ADDRESS_DATA_BASE - 0x1B80000;
         break;
     }
@@ -89,6 +90,7 @@ uint64_t kdlsym(ksym_t sym)
     case 0x2300000:
         return g_kernel_base + g_sym_map_230[sym];
     case 0x2500000:
+    case 0x2700000:
         return g_kernel_base + g_sym_map_250[sym];
     }
 
@@ -129,6 +131,7 @@ uint64_t kdlgadget(kgadget_t gadget)
     case 0x2300000:
         return g_kernel_base + g_gadget_map_230[gadget];
     case 0x2500000:
+    case 0x2700000:
         return g_kernel_base + g_gadget_map_250[gadget];
     }
 

diff --git a/hen/src/hook.cpp b/hen/src/hook.cpp
@@ -74,6 +74,7 @@ struct hook *find_hook(hook_id id)
         num_hooks = sizeof(g_kernel_hooks_230) / sizeof(struct hook);
         break;
     case 0x2500000:
+    case 0x2700000:
         hooks = (struct hook *) &g_kernel_hooks_250;
         num_hooks = sizeof(g_kernel_hooks_250) / sizeof(struct hook);
         break;

diff --git a/hen/src/kdlsym.cpp b/hen/src/kdlsym.cpp
@@ -69,6 +69,7 @@ uint64_t kdlsym(ksym_t sym)
     case 0x2300000:
         return g_kernel_base + g_sym_map_230[sym];
     case 0x2500000:
+    case 0x2700000:
         return g_kernel_base + g_sym_map_250[sym];
     }
 

diff --git a/hen/src/patch_shellcore.cpp b/hen/src/patch_shellcore.cpp
@@ -197,6 +197,7 @@ void apply_shellcore_patches()
         num_patches = sizeof(g_shellcore_patches_230) / sizeof(struct patch);
         break;
     case 0x2500000:
+    case 0x2700000:
         patches = (struct patch *) &g_shellcore_patches_250;
         num_patches = sizeof(g_shellcore_patches_250) / sizeof(struct patch);
         break;

diff --git a/src/kdlsym.cpp b/src/kdlsym.cpp
@@ -47,6 +47,7 @@ void init_kdlsym()
     case 0x2260000:
     case 0x2300000:
     case 0x2500000:
+    case 0x2700000:
         g_kernel_base = KERNEL_ADDRESS_DATA_BASE - 0x1B80000;
         break;
     }
@@ -97,6 +98,7 @@ uint64_t kdlsym(ksym_t sym)
     case 0x2300000:
         return g_kernel_base + g_sym_map_230[sym];
     case 0x2500000:
+    case 0x2700000:
         return g_kernel_base + g_sym_map_250[sym];
     }
 

diff --git a/src/patching.cpp b/src/patching.cpp
@@ -87,6 +87,7 @@ int apply_kernel_patches()
         num_patches = sizeof(g_kernel_patches_230) / sizeof(struct patch);
         break;
     case 0x2500000:
+    case 0x2700000:
         patches = (struct patch *) &g_kernel_patches_250;
         num_patches = sizeof(g_kernel_patches_250) / sizeof(struct patch);
         break;