diff --git a/main/CMakeLists.txt b/CMakeLists.txt similarity index 68% rename from main/CMakeLists.txt rename to CMakeLists.txt index e3a2abf..f020fe4 100644 --- a/main/CMakeLists.txt +++ b/CMakeLists.txt @@ -8,13 +8,9 @@ if(NOT DEFINED CMAKE_TOOLCHAIN_FILE) endif() endif() -project(trophyshot_shell) +project(TrophyShot) include("$ENV{DOLCESDK}/share/dolce.cmake" REQUIRED) -dolce_gen_libs(SceShellSvc_stubs - SceShellSvc.yml - LIB SceShellSvc_stub_weak) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wl,-q -Wall -O3 -std=gnu99") set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -nostdlib") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11 -fno-rtti -fno-exceptions") @@ -24,27 +20,19 @@ link_directories( ) add_executable(${PROJECT_NAME} - trophy_shell.c + main.c ) target_link_libraries(${PROJECT_NAME} - SceLibKernel_stub - SceKernelModulemgr_stub - SceKernelThreadMgr_stub - SceSysmem_stub - SceScreenShot_stub_weak - SceShellSvc_stub_weak - SceSysmodule_stub - SceShellSvc_stub - ScePaf_stub_weak - SceRtc_stub - gcc - k - taihen_stub - taihenModuleUtils_stub + SceLibKernel_stub + SceThreadmgr_stub + SceScreenShot_stub_weak + SceModulemgr_stub + SceSysmodule_stub + taihenModuleUtils_stub + taihen_stub ) dolce_create_self(${PROJECT_NAME}.suprx ${PROJECT_NAME} UNSAFE CONFIG ${CMAKE_SOURCE_DIR}/TrophyShot.yml -) - +) \ No newline at end of file diff --git a/README.md b/README.md index c830d28..02460fe 100644 --- a/README.md +++ b/README.md @@ -10,17 +10,12 @@ Get it from here: https://github.com/FMudanyali/TrophyShot/releases In config.txt inside tai folder, -TrophyShot_shell.suprx goes under *main - -TrophyShot_app.suprx goes under *ALL +TrophyShot.suprx goes under *main like this: ``` *main -ur0:tai/TrophyShot_shell.suprx - -*ALL -ur0:tai/TrophyShot_app.suprx +ur0:tai/TrophyShot.suprx ``` After modifying the config, reboot. diff --git a/app/TrophyShot.yml b/TrophyShot.yml similarity index 70% rename from app/TrophyShot.yml rename to TrophyShot.yml index a17b838..3fb9316 100644 --- a/app/TrophyShot.yml +++ b/TrophyShot.yml @@ -1,4 +1,4 @@ -TrophyShotApp: +TrophyShot: attributes: 0 version: major: 1 diff --git a/app/CMakeLists.txt b/app/CMakeLists.txt deleted file mode 100644 index 4be6a7b..0000000 --- a/app/CMakeLists.txt +++ /dev/null @@ -1,51 +0,0 @@ -cmake_minimum_required(VERSION 2.8) - -if(NOT DEFINED CMAKE_TOOLCHAIN_FILE) - if(DEFINED ENV{DOLCESDK}) - set(CMAKE_TOOLCHAIN_FILE "$ENV{DOLCESDK}/share/dolce.toolchain.cmake" CACHE PATH "toolchain file") - else() - message(FATAL_ERROR "Please define DOLCESDK to point to your SDK path!") - endif() -endif() - -project(trophyshot_app) -include("$ENV{DOLCESDK}/share/dolce.cmake" REQUIRED) - -dolce_gen_libs(SceShellSvc_stubs - SceShellSvc.yml - LIB SceShellSvc_stub_weak) - -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wl,-q -Wall -O3 -std=gnu99") -set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -nostdlib") -set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11 -fno-rtti -fno-exceptions") - -link_directories( - ${CMAKE_CURRENT_BINARY_DIR} -) - -add_executable(${PROJECT_NAME} - trophy_app.c -) - -target_link_libraries(${PROJECT_NAME} - SceLibKernel_stub - SceKernelModulemgr_stub - SceKernelThreadMgr_stub - SceSysmem_stub - SceAppMgr_stub - SceScreenShot_stub_weak - SceShellSvc_stub_weak - SceSysmodule_stub - SceShellSvc_stub - ScePaf_stub_weak - SceRtc_stub - gcc - k - taihen_stub - taihenModuleUtils_stub -) -dolce_create_self(${PROJECT_NAME}.suprx ${PROJECT_NAME} - UNSAFE - CONFIG ${CMAKE_SOURCE_DIR}/TrophyShot.yml -) - diff --git a/app/SceShellSvc.yml b/app/SceShellSvc.yml deleted file mode 100644 index dee2ec9..0000000 --- a/app/SceShellSvc.yml +++ /dev/null @@ -1,12 +0,0 @@ -version: 2 -firmware: 3.60 -modules: - SceShellSvc: - nid: 0x36E557FA - libraries: - SceShellUtil: - kernel: false - nid: 0xD2B1C8AE - functions: - sceShellUtilTextClipboardWrite: 0xC4810C56 - sceShellUtilTextClipboardRead: 0x1B186905 diff --git a/app/trophy_app.c b/app/trophy_app.c deleted file mode 100644 index 8e4d7a1..0000000 --- a/app/trophy_app.c +++ /dev/null @@ -1,79 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define printf sceClibPrintf -#define TROPHY_MAGIC 12345678 -#define DONE_MAGIC 87654321 - -int sceShellUtilTextClipboardRead(void* data, SceSize size, SceSize *textlen); -int sceShellUtilTextClipboardWrite(const void* data, SceSize size); -int sceAppMgrIsGameProgram(int); - -int hook[1]; -static tai_hook_ref_t screenshot_hook; -const static int done_magic = DONE_MAGIC; -static int frames = 0; - - -int sceDisplaySetFrameBuf_patched(const SceDisplayFrameBuf* pParam, SceDisplaySetBufSync sync) { - - int read_data, screenshot_ret; - - if (frames == 5) { - - frames = 0; - sceShellUtilTextClipboardRead(&read_data, sizeof(int), NULL); - - if (read_data == TROPHY_MAGIC) { - - printf("SHOOTING\n"); - - SceScreenShotCaptureFileInfo captureFileInfo; - sceClibMemset(&captureFileInfo, 0, sizeof(captureFileInfo)); - screenshot_ret = sceScreenShotCapture(1, &captureFileInfo, NULL, NULL); - - printf("INFO TrophyShot: sceScreenShotCapture() : 0x%08x path='%s'\n", screenshot_ret, captureFileInfo.path); - - sceShellUtilTextClipboardWrite(&done_magic, sizeof(int)); - } - } - - frames++; - - return TAI_CONTINUE(int, screenshot_hook, pParam, sync); -} - -void _start() __attribute__((weak, alias("module_start"))); -int module_start(SceSize args, void *argp) { - printf("TrophyShot APP PART 2.0 SALVO FIRE\n"); - - int ret = sceAppMgrIsGameProgram(-2); - printf("APP TYPE: %d\n", ret); - - if (ret == 1) { - sceSysmoduleLoadModule(SCE_SYSMODULE_SCREEN_SHOT); - - hook[0] = taiHookFunctionImport( - &screenshot_hook, - TAI_MAIN_MODULE, - TAI_ANY_LIBRARY, //SceDisplayUser - 0x7A410B64, //sceDisplaySetFrameBuf - sceDisplaySetFrameBuf_patched); - - printf("INFO TrophyShot_app: sceDisplaySetFrameBuf HOOK: 0x%x\n", hook[0]); - } - - return SCE_KERNEL_START_SUCCESS; -} - -int module_stop(SceSize args, void *argp) { - if (hook[0] >= 0) taiHookRelease(hook[0], screenshot_hook); - return SCE_KERNEL_STOP_SUCCESS; -} \ No newline at end of file diff --git a/main.c b/main.c new file mode 100644 index 0000000..00edda5 --- /dev/null +++ b/main.c @@ -0,0 +1,68 @@ +#include +#include +#include +#include +#include + +#define printf sceClibPrintf + +int hook[1]; +static tai_hook_ref_t shell_hook; + +int (*shellShot)(void); + +// Taken from sysident - taihen_min.c https://github.com/cuevavirus/sysident +int module_get_offset(SceUID modid, int segidx, uint32_t offset, void *stub_out){ + int res = 0; + SceKernelModuleInfo info; + + if(segidx > 3) return -1; + if(stub_out == NULL) return -2; + + res = sceKernelGetModuleInfo(modid, &info); + if(res < 0) return res; + if(offset > info.segments[segidx].memsz) return -3; + + *(uint32_t *)stub_out = (uint32_t)(info.segments[segidx].vaddr + offset); + return 0; +} + +int sub_81229FAC_patched(int arg1, int arg2){ + int ret = TAI_CONTINUE(int, shell_hook, arg1, arg2); + sceKernelDelayThread(1800000); + printf("INFO TrophyShot: Trophy unlocked.\n"); + shellShot(); + return ret; +} + +void _start() __attribute__((weak, alias("module_start"))); +int module_start(SceSize args, void *argp) { + tai_module_info_t tai_info; + tai_info.size = sizeof(tai_module_info_t); + int ret = taiGetModuleInfo("SceShell", &tai_info); + if (ret < 0) return SCE_KERNEL_START_SUCCESS; + //function found by teakhanirons + module_get_offset( + tai_info.modid, + 0, + 0x14a928 | 1, + &shellShot + ); + //function found by Graphene + hook[0] = taiHookFunctionOffset( + &shell_hook, + tai_info.modid, + 0, + 0x229fac, + 1, + sub_81229FAC_patched + ); + + printf("INFO sub_81229FAC_patched: 0x%x\n", hook[0]); + return SCE_KERNEL_START_SUCCESS; +} + +int module_stop(SceSize args, void *argp) { + if (hook[0] >= 0) taiHookRelease(hook[0], shell_hook); + return SCE_KERNEL_STOP_SUCCESS; +} \ No newline at end of file diff --git a/main/SceShellSvc.yml b/main/SceShellSvc.yml deleted file mode 100644 index dee2ec9..0000000 --- a/main/SceShellSvc.yml +++ /dev/null @@ -1,12 +0,0 @@ -version: 2 -firmware: 3.60 -modules: - SceShellSvc: - nid: 0x36E557FA - libraries: - SceShellUtil: - kernel: false - nid: 0xD2B1C8AE - functions: - sceShellUtilTextClipboardWrite: 0xC4810C56 - sceShellUtilTextClipboardRead: 0x1B186905 diff --git a/main/TrophyShot.yml b/main/TrophyShot.yml deleted file mode 100644 index f26a97a..0000000 --- a/main/TrophyShot.yml +++ /dev/null @@ -1,8 +0,0 @@ -TrophyShotMain: - attributes: 0 - version: - major: 1 - minor: 0 - main: - start: module_start - stop: module_stop \ No newline at end of file diff --git a/main/trophy_shell.c b/main/trophy_shell.c deleted file mode 100644 index 70d39be..0000000 --- a/main/trophy_shell.c +++ /dev/null @@ -1,82 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define printf sceClibPrintf -#define TROPHY_MAGIC 12345678 -#define DONE_MAGIC 87654321 - -int sceShellUtilTextClipboardRead(void* data, SceSize size, SceSize *textlen); -int sceShellUtilTextClipboardWrite(const void* data, SceSize size); - -int hook[1]; -static tai_hook_ref_t shell_hook; -const static int trophy_magic = TROPHY_MAGIC; - -int sub_81229FAC_patched(int arg1, int arg2) { - int waiter = 0; - printf("I'M HOOKINGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG\n"); - int ret = TAI_CONTINUE(int, shell_hook, arg1, arg2); - - sceKernelDelayThread(1300000); - printf("INFO TrophyShot: Trophy unlocked.\n"); - sceShellUtilTextClipboardWrite(&trophy_magic, sizeof(int)); - - while (waiter != DONE_MAGIC) { - sceShellUtilTextClipboardRead(&waiter, sizeof(int), NULL); - sceKernelDelayThread(1000); - } - - return ret; -} - -void _start() __attribute__((weak, alias("module_start"))); -int module_start(SceSize args, void *argp) { - printf("TrophyShot 2.0 SALVO FIRE\n"); - - tai_module_info_t tai_info; - tai_info.size = sizeof(tai_module_info_t); - int ret = taiGetModuleInfo("SceShell", &tai_info); - if (ret < 0) return SCE_KERNEL_START_FAILED; - - int offset; - switch (tai_info.module_nid) { // trophy notification - case 0x0552F692: // retail 3.60 SceShell - case 0x532155E5: // retail 3.61 SceShell - offset = 0x229fac; - break; - case 0x5549BF1F: // retail 3.65 SceShell - case 0x34B4D82E: // retail 3.67 SceShell - case 0x12DAC0F3: // retail 3.68 SceShell - case 0x0703C828: // retail 3.69 SceShell - case 0x2053B5A5: // retail 3.70 SceShell - case 0xF476E785: // retail 3.71 SceShell - case 0x939FFBE9: // retail 3.72 SceShell - case 0x734D476A: // retail 3.73 SceShell - offset = 0x22a048; - break; - default: - return SCE_KERNEL_START_SUCCESS; - } - hook[0] = taiHookFunctionOffset( - &shell_hook, - tai_info.modid, - 0, - offset, - 1, - sub_81229FAC_patched); - - printf("hook: 0x%x\n", hook[0]); - return SCE_KERNEL_START_SUCCESS; -} - -int module_stop(SceSize args, void *argp) { - if (hook[0] >= 0) taiHookRelease(hook[0], shell_hook); - return SCE_KERNEL_STOP_SUCCESS; -} \ No newline at end of file