From 5248d0315a8cdb5fc27de06f6374bfa02622d75d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Furkan=20Mudanyal=C4=B1?= Date: Mon, 1 Jun 2020 23:45:36 +0300 Subject: [PATCH] Add files via upload --- README.md | 38 ++++++++++++++++++++ app/CMakeLists.txt | 50 +++++++++++++++++++++++++++ app/SceShellSvc.yml | 12 +++++++ app/TrophyShot.yml | 8 +++++ app/trophy_app.c | 75 ++++++++++++++++++++++++++++++++++++++++ main/CMakeLists.txt | 50 +++++++++++++++++++++++++++ main/SceShellSvc.yml | 12 +++++++ main/TrophyShot.yml | 8 +++++ main/trophy_shell.c | 82 ++++++++++++++++++++++++++++++++++++++++++++ 9 files changed, 335 insertions(+) create mode 100644 README.md create mode 100644 app/CMakeLists.txt create mode 100644 app/SceShellSvc.yml create mode 100644 app/TrophyShot.yml create mode 100644 app/trophy_app.c create mode 100644 main/CMakeLists.txt create mode 100644 main/SceShellSvc.yml create mode 100644 main/TrophyShot.yml create mode 100644 main/trophy_shell.c diff --git a/README.md b/README.md new file mode 100644 index 0000000..95d87b1 --- /dev/null +++ b/README.md @@ -0,0 +1,38 @@ +# TrophyShot by Team CBPS + +## What does it do? + +Just like in PS4, it takes a screenshot whenever you unlock a trophy. + +Best used with [reScreeny](https://github.com/dots-tb/reScreeny) + +## How do I install it? + +In config.txt inside tai folder, + +TrophyShot_shell.suprx goes under \*main + +TrophyShot_app.suprx goes under \*ALL + +like this: + + *main + ur0:tai/TrophyShot_shell.suprx + + *ALL + ur0:tai/TrophyShot_app.suprx + +After modifying the config, reboot. + +## Credits +- [FMudanyali](https://github.com/FMudanyali) of Team CBPS - SceScreenShot implementation, first 4 iterations, taught teakhanirons how to use snprintf +- [Graphene](https://github.com/GrapheneCt) of Team CBPS - SceShellUtil reverse engineering and ShellUtil clipboard trick, stabilization by module seperation and platinum testing +- [Princess of Sleeping](https://github.com/Princess-of-Sleeping) of Team CBPS - SceShell reverse engineering guidance +- [teakhanirons](https://github.com/teakhanirons) of Team CBPS - Additional SceShell and SceScreenShot reverse engineering +- [dots-tb](https://github.com/dots-tb) of Team CBPS - Additional reverse engineering guidance, cool guy in general +- [Silica](https://github.com/KuromeSan) of Team CBPS - Prevented a disaster, twice +- [Pina](https://github.com/KuromeSan) of Team CBPS - Was there +- [yasen](https://github.com/nightyasen) of Team CBPS - Morale support +- [cuevavirus](https://github.com/cuevavirus) of Team CBPS - DolceSDK maintainance +- [Nkekev](https://github.com/Nkekev) of Team CBPS - Requested this plugin a long time ago +- and [Team CBPS](https://forum.devchroma.nl/). diff --git a/app/CMakeLists.txt b/app/CMakeLists.txt new file mode 100644 index 0000000..80fc72e --- /dev/null +++ b/app/CMakeLists.txt @@ -0,0 +1,50 @@ +cmake_minimum_required(VERSION 2.8) + +if(NOT DEFINED CMAKE_TOOLCHAIN_FILE) + if(DEFINED ENV{DOLCESDK}) + set(CMAKE_TOOLCHAIN_FILE "$ENV{DOLCESDK}/share/dolce.toolchain.cmake" CACHE PATH "toolchain file") + else() + message(FATAL_ERROR "Please define DOLCESDK to point to your SDK path!") + endif() +endif() + +project(trophyshot_app) +include("$ENV{DOLCESDK}/share/dolce.cmake" REQUIRED) + +dolce_gen_libs(SceShellSvc_stubs + SceShellSvc.yml + LIB SceShellSvc_stub_weak) + +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wl,-q -Wall -O3 -std=gnu99") +set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -nostdlib") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11 -fno-rtti -fno-exceptions") + +link_directories( + ${CMAKE_CURRENT_BINARY_DIR} +) + +add_executable(${PROJECT_NAME} + trophy_app.c +) + +target_link_libraries(${PROJECT_NAME} + SceLibKernel_stub + SceKernelModulemgr_stub + SceKernelThreadMgr_stub + SceSysmem_stub + SceScreenShot_stub_weak + SceShellSvc_stub_weak + SceSysmodule_stub + SceShellSvc_stub + ScePaf_stub_weak + SceRtc_stub + gcc + k + taihen_stub + taihenModuleUtils_stub +) +dolce_create_self(${PROJECT_NAME}.suprx ${PROJECT_NAME} + UNSAFE + CONFIG ${CMAKE_SOURCE_DIR}/TrophyShot.yml +) + diff --git a/app/SceShellSvc.yml b/app/SceShellSvc.yml new file mode 100644 index 0000000..dee2ec9 --- /dev/null +++ b/app/SceShellSvc.yml @@ -0,0 +1,12 @@ +version: 2 +firmware: 3.60 +modules: + SceShellSvc: + nid: 0x36E557FA + libraries: + SceShellUtil: + kernel: false + nid: 0xD2B1C8AE + functions: + sceShellUtilTextClipboardWrite: 0xC4810C56 + sceShellUtilTextClipboardRead: 0x1B186905 diff --git a/app/TrophyShot.yml b/app/TrophyShot.yml new file mode 100644 index 0000000..a17b838 --- /dev/null +++ b/app/TrophyShot.yml @@ -0,0 +1,8 @@ +TrophyShotApp: + attributes: 0 + version: + major: 1 + minor: 0 + main: + start: module_start + stop: module_stop \ No newline at end of file diff --git a/app/trophy_app.c b/app/trophy_app.c new file mode 100644 index 0000000..085ab8f --- /dev/null +++ b/app/trophy_app.c @@ -0,0 +1,75 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define printf sceClibPrintf +#define TROPHY_MAGIC 12345678 +#define DONE_MAGIC 87654321 + +int sceShellUtilTextClipboardRead(void* data, SceSize size, SceSize *textlen); +int sceShellUtilTextClipboardWrite(const void* data, SceSize size); + +int hook[2]; +static tai_hook_ref_t screenshot_hook; +static tai_hook_ref_t screen_disable_hook; +const static int done_magic = DONE_MAGIC; + +void sceScreenShotDisable_patched() { + printf("INFO TrophyShot: Prevented disabling screenshot. \n"); +} + +int sceDisplaySetFrameBuf_patched(const SceDisplayFrameBuf* pParam, SceDisplaySetBufSync sync) { + + int read_data; + sceShellUtilTextClipboardRead(&read_data, sizeof(int), NULL); + + if (read_data == TROPHY_MAGIC) { + + printf("SHOOTING\n"); + + SceScreenShotCaptureFileInfo captureFileInfo; + sceClibMemset(&captureFileInfo, 0, sizeof(captureFileInfo)); + int screenshot_ret = sceScreenShotCapture(1, &captureFileInfo, NULL, NULL); + + printf("INFO TrophyShot: sceScreenShotCapture() : 0x%08x path='%s'\n", screenshot_ret, captureFileInfo.path); + + sceShellUtilTextClipboardWrite(&done_magic, sizeof(int)); + } + + return TAI_CONTINUE(int, screenshot_hook, pParam, sync); +} + +void _start() __attribute__((weak, alias("module_start"))); +int module_start(SceSize args, void *argp) { + printf("TrophyShot APP PART 2.0 SALVO FIRE\n"); + + sceSysmoduleLoadModule(SCE_SYSMODULE_SCREEN_SHOT); + hook[1] = taiHookFunctionExport( + &screen_disable_hook, + "SceScreenShot", + 0xF26FC97D, //SceScreenShot + 0x50AE9FF9, //SceScreenShotDisable + sceScreenShotDisable_patched); + + hook[0] = taiHookFunctionImport( + &screenshot_hook, + TAI_MAIN_MODULE, + TAI_ANY_LIBRARY, //SceDisplayUser + 0x7A410B64, //sceDisplaySetFrameBuf + sceDisplaySetFrameBuf_patched); + + printf("hooks: 0x%x 0x%x\n", hook[0], hook[1]); + return SCE_KERNEL_START_SUCCESS; +} + +int module_stop(SceSize args, void *argp) { + if (hook[0] >= 0) taiHookRelease(hook[0], screenshot_hook); + if (hook[1] >= 0) taiHookRelease(hook[1], screen_disable_hook); + return SCE_KERNEL_STOP_SUCCESS; +} \ No newline at end of file diff --git a/main/CMakeLists.txt b/main/CMakeLists.txt new file mode 100644 index 0000000..e3a2abf --- /dev/null +++ b/main/CMakeLists.txt @@ -0,0 +1,50 @@ +cmake_minimum_required(VERSION 2.8) + +if(NOT DEFINED CMAKE_TOOLCHAIN_FILE) + if(DEFINED ENV{DOLCESDK}) + set(CMAKE_TOOLCHAIN_FILE "$ENV{DOLCESDK}/share/dolce.toolchain.cmake" CACHE PATH "toolchain file") + else() + message(FATAL_ERROR "Please define DOLCESDK to point to your SDK path!") + endif() +endif() + +project(trophyshot_shell) +include("$ENV{DOLCESDK}/share/dolce.cmake" REQUIRED) + +dolce_gen_libs(SceShellSvc_stubs + SceShellSvc.yml + LIB SceShellSvc_stub_weak) + +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wl,-q -Wall -O3 -std=gnu99") +set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -nostdlib") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11 -fno-rtti -fno-exceptions") + +link_directories( + ${CMAKE_CURRENT_BINARY_DIR} +) + +add_executable(${PROJECT_NAME} + trophy_shell.c +) + +target_link_libraries(${PROJECT_NAME} + SceLibKernel_stub + SceKernelModulemgr_stub + SceKernelThreadMgr_stub + SceSysmem_stub + SceScreenShot_stub_weak + SceShellSvc_stub_weak + SceSysmodule_stub + SceShellSvc_stub + ScePaf_stub_weak + SceRtc_stub + gcc + k + taihen_stub + taihenModuleUtils_stub +) +dolce_create_self(${PROJECT_NAME}.suprx ${PROJECT_NAME} + UNSAFE + CONFIG ${CMAKE_SOURCE_DIR}/TrophyShot.yml +) + diff --git a/main/SceShellSvc.yml b/main/SceShellSvc.yml new file mode 100644 index 0000000..dee2ec9 --- /dev/null +++ b/main/SceShellSvc.yml @@ -0,0 +1,12 @@ +version: 2 +firmware: 3.60 +modules: + SceShellSvc: + nid: 0x36E557FA + libraries: + SceShellUtil: + kernel: false + nid: 0xD2B1C8AE + functions: + sceShellUtilTextClipboardWrite: 0xC4810C56 + sceShellUtilTextClipboardRead: 0x1B186905 diff --git a/main/TrophyShot.yml b/main/TrophyShot.yml new file mode 100644 index 0000000..f26a97a --- /dev/null +++ b/main/TrophyShot.yml @@ -0,0 +1,8 @@ +TrophyShotMain: + attributes: 0 + version: + major: 1 + minor: 0 + main: + start: module_start + stop: module_stop \ No newline at end of file diff --git a/main/trophy_shell.c b/main/trophy_shell.c new file mode 100644 index 0000000..70d39be --- /dev/null +++ b/main/trophy_shell.c @@ -0,0 +1,82 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define printf sceClibPrintf +#define TROPHY_MAGIC 12345678 +#define DONE_MAGIC 87654321 + +int sceShellUtilTextClipboardRead(void* data, SceSize size, SceSize *textlen); +int sceShellUtilTextClipboardWrite(const void* data, SceSize size); + +int hook[1]; +static tai_hook_ref_t shell_hook; +const static int trophy_magic = TROPHY_MAGIC; + +int sub_81229FAC_patched(int arg1, int arg2) { + int waiter = 0; + printf("I'M HOOKINGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG\n"); + int ret = TAI_CONTINUE(int, shell_hook, arg1, arg2); + + sceKernelDelayThread(1300000); + printf("INFO TrophyShot: Trophy unlocked.\n"); + sceShellUtilTextClipboardWrite(&trophy_magic, sizeof(int)); + + while (waiter != DONE_MAGIC) { + sceShellUtilTextClipboardRead(&waiter, sizeof(int), NULL); + sceKernelDelayThread(1000); + } + + return ret; +} + +void _start() __attribute__((weak, alias("module_start"))); +int module_start(SceSize args, void *argp) { + printf("TrophyShot 2.0 SALVO FIRE\n"); + + tai_module_info_t tai_info; + tai_info.size = sizeof(tai_module_info_t); + int ret = taiGetModuleInfo("SceShell", &tai_info); + if (ret < 0) return SCE_KERNEL_START_FAILED; + + int offset; + switch (tai_info.module_nid) { // trophy notification + case 0x0552F692: // retail 3.60 SceShell + case 0x532155E5: // retail 3.61 SceShell + offset = 0x229fac; + break; + case 0x5549BF1F: // retail 3.65 SceShell + case 0x34B4D82E: // retail 3.67 SceShell + case 0x12DAC0F3: // retail 3.68 SceShell + case 0x0703C828: // retail 3.69 SceShell + case 0x2053B5A5: // retail 3.70 SceShell + case 0xF476E785: // retail 3.71 SceShell + case 0x939FFBE9: // retail 3.72 SceShell + case 0x734D476A: // retail 3.73 SceShell + offset = 0x22a048; + break; + default: + return SCE_KERNEL_START_SUCCESS; + } + hook[0] = taiHookFunctionOffset( + &shell_hook, + tai_info.modid, + 0, + offset, + 1, + sub_81229FAC_patched); + + printf("hook: 0x%x\n", hook[0]); + return SCE_KERNEL_START_SUCCESS; +} + +int module_stop(SceSize args, void *argp) { + if (hook[0] >= 0) taiHookRelease(hook[0], shell_hook); + return SCE_KERNEL_STOP_SUCCESS; +} \ No newline at end of file