Initial commit

DeathRGH · May 13, 2024 · 4f6ff55 · 4f6ff55
commit 4f6ff55
Show file tree

Hide file tree

Showing 119 changed files with 16,569 additions and 0 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,2 @@
+# Auto detect text files and perform LF normalization
+* text=auto
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,12 @@
+*.rar
+*.zip
+*.bin
+debugger/build
+kdebugger/build
+installer/build
+ps4-ksdk/build
+ps4-payload-sdk/libPS4/build
+**/*.bin
+**/*.elf
+**/*.a
+.vscode
diff --git a/README.md b/README.md
@@ -0,0 +1,42 @@
+# Frame4
+A ps4debug edit used with PS4 Toolbox.
+
+### Features
+- Reading/Writing Memory (Both Kernel and Userland)
+- Debugger (Userland)
+- Function Calling (RPC)
+- Process List
+- Virtual Memory Map
+- Loading ELFs
+- Loading SPRXs
+- ...
+
+### Supported PS4 Firmwares
+- 5.05
+- 9.00
+- 11.00 (Please note 11.00 is barely tested, any feedback will help!)
+###### You have no reason to stay on 6.72 or 7.02, just update to 9.00 if you are on those!
+
+### Goals
+- [x] Make frame4 load side by side with ps4debug
+- [ ] Switch the syscalls (107-112) used for cmds to not interfere with ps4debug
+- [ ] Move away from the multi compilation setup and merge everything (similar to what has been done for ps5debug by Dizz)
+- [ ] Implement sprx loading without relying on goldhen
+- [ ] Fix on-console scanner
+- [ ] Stop hijacking shell core and instead create our own process
+- [ ] Move stuff to userland that doesn't need to be in kernel
+
+### Contributing
+If you want to contribute, feel free to make a pull request or open an issue.
+
+### Credits
+- [Alexandro Sanchez](https://github.com/AlexAltea) Original ps4ksdk
+- [Dizz](https://twitter.com/DizzMods) Http server, updated ksdk, multi fw support
+- [Golden]() Original ps4debug
+- [GoldHEN Team](https://github.com/GoldHEN) SPRX loader
+- [OSM](https://twitter.com/LegendaryOSM) Core dump patch
+- [RS Glitching](https://www.youtube.com/@RSGLITCHING) Updating most of the kernel addresses to 11.00 and testing
+- [theorywrong](https://twitter.com/TheoryWrong) Original AFR
+- [TLH](https://github.com/TetzkatLipHoka) Help with on-console scanner
+
+##### And everyone else that I forgot or helped with the original ps4debug!
diff --git a/build.sh b/build.sh
@@ -0,0 +1,74 @@
+clean_build() {
+    cd ps4-ksdk
+    make clean
+    cd ..
+
+    cd ps4-payload-sdk/libPS4/
+    make clean
+    cd ../../
+
+    cd debugger
+    make clean
+    cd ..
+
+    cd kdebugger
+    make clean
+    cd ..
+
+    cd installer
+    make clean
+    cd ..
+}
+
+build_submodules() {
+    cd ps4-ksdk
+    make
+    cd ..
+
+    cd ps4-payload-sdk/libPS4/
+    make
+    cd ../../
+}
+
+build_debugger() {
+    cd debugger
+    make
+    cd ..
+}
+
+build_kdebugger() {
+    cd kdebugger
+    make
+    cd ..
+}
+
+build_installer() {
+    cd installer
+    make
+    cd ..
+}
+
+if (( $# == 1 ));
+then
+    if [ $1 == "clean" ]
+    then
+        echo "cleaning build..."
+        clean_build
+    fi
+fi
+
+echo "Frame4 building..."
+
+echo "=> submodules..."
+build_submodules
+echo "=> debugger..."
+build_debugger
+echo "=> kdebugger..."
+build_kdebugger
+echo "=> installer..."
+build_installer
+
+cp ./installer/installer.bin ./Frame4.bin
+
+echo ""
+echo "Frame4 building done!"
diff --git a/debugger/Makefile b/debugger/Makefile
@@ -0,0 +1,41 @@
+LIBPS4	:=	../ps4-payload-sdk/libPS4
+
+TEXT	:=	0x926600000
+DATA	:=	0x926700000
+
+CC		:=	gcc
+AS		:=	gcc
+OBJCOPY	:=	objcopy
+ODIR	:=	build
+SDIR	:=	source
+IDIRS	:=	-I$(LIBPS4)/include -I. -Iinclude
+LDIRS	:=	-L$(LIBPS4) -L. -Llib
+CFLAGS	:=	$(IDIRS) -O2 -std=c11 -fno-builtin -nostartfiles -nostdlib -masm=intel -march=btver2 -mtune=btver2 -m64 -mabi=sysv -mcmodel=large -DTEXT_ADDRESS=$(TEXT) -DDATA_ADDRESS=$(DATA)
+SFLAGS	:=	-nostartfiles -nostdlib -march=btver2 -mtune=btver2
+LFLAGS	:=	$(LDIRS) -Xlinker -T $(LIBPS4)/linker.x -Wl,--build-id=none -Ttext=$(TEXT) -Tdata=$(DATA)
+CFILES	:=	$(wildcard $(SDIR)/*.c)
+SFILES	:=	$(wildcard $(SDIR)/*.s)
+OBJS	:=	$(patsubst $(SDIR)/%.c, $(ODIR)/%.o, $(CFILES)) $(patsubst $(SDIR)/%.s, $(ODIR)/%.o, $(SFILES))
+
+LIBS	:= -lPS4
+
+TARGET = debugger.bin
+
+$(TARGET): $(ODIR) $(OBJS)
+	$(CC) $(LIBPS4)/crt0.s $(ODIR)/*.o -o temp.t $(CFLAGS) $(LFLAGS) $(LIBS)
+	$(OBJCOPY) -O binary temp.t $(TARGET)
+	rm -f temp.t
+
+$(ODIR)/%.o: $(SDIR)/%.c
+	$(CC) -c -o $@ $< $(CFLAGS)
+
+$(ODIR)/%.o: $(SDIR)/%.s
+	$(AS) -c -o $@ $< $(SFLAGS)
+
+$(ODIR):
+	@mkdir $@
+
+.PHONY: clean
+
+clean:
+	rm -f $(TARGET) $(ODIR)/*.o
diff --git a/debugger/include/console.h b/debugger/include/console.h
@@ -0,0 +1,18 @@
+// cleaned 2022/07/29
+
+#ifndef _CONSOLE_H
+#define _CONSOLE_H
+
+#include <ps4.h>
+#include "protocol.h"
+#include "net.h"
+#include "debug.h"
+
+int console_reboot_handle(int fd, struct cmd_packet *packet);
+int console_print_handle(int fd, struct cmd_packet *packet);
+int console_notify_handle(int fd, struct cmd_packet *packet);
+int console_info_handle(int fd, struct cmd_packet *packet);
+
+int console_handle(int fd, struct cmd_packet *packet);
+
+#endif
diff --git a/debugger/include/debug.h b/debugger/include/debug.h
@@ -0,0 +1,168 @@
+// cleaned 2022/07/29
+
+#ifndef _DEBUG_H
+#define _DEBUG_H
+
+#include <ps4.h>
+#include "protocol.h"
+#include "net.h"
+#include "ptrace.h"
+
+struct __reg64 {
+	uint64_t r_r15;
+	uint64_t r_r14;
+	uint64_t r_r13;
+	uint64_t r_r12;
+	uint64_t r_r11;
+	uint64_t r_r10;
+	uint64_t r_r9;
+	uint64_t r_r8;
+	uint64_t r_rdi;
+	uint64_t r_rsi;
+	uint64_t r_rbp;
+	uint64_t r_rbx;
+	uint64_t r_rdx;
+	uint64_t r_rcx;
+	uint64_t r_rax;
+	uint32_t r_trapno;
+	uint16_t r_fs;
+	uint16_t r_gs;
+	uint32_t r_err;
+	uint16_t r_es;
+	uint16_t r_ds;
+	uint64_t r_rip;
+	uint64_t r_cs;
+	uint64_t r_rflags;
+	uint64_t r_rsp;
+	uint64_t r_ss;
+};
+
+// Contents of each x87 floating point accumulator
+struct fpacc87 {
+	uint8_t fp_bytes[10];
+};
+
+// Contents of each SSE extended accumulator
+struct xmmacc {
+	uint8_t xmm_bytes[16];
+};
+
+// Contents of the upper 16 bytes of each AVX extended accumulator
+struct ymmacc {
+	uint8_t ymm_bytes[16];
+};
+
+struct envxmm {
+	uint16_t en_cw;			// control word (16bits)
+	uint16_t en_sw;			// status word (16bits)
+	uint8_t en_tw;			// tag word (8bits)
+	uint8_t en_zero;
+	uint16_t en_opcode;		// opcode last executed (11 bits )
+	uint64_t en_rip;		// floating point instruction pointer
+	uint64_t en_rdp;		// floating operand pointer
+	uint32_t en_mxcsr;		// SSE sontorol/status register
+	uint32_t en_mxcsr_mask;	// valid bits in mxcsr
+};
+
+struct savefpu {
+	struct envxmm sv_env;
+	struct {
+		struct fpacc87 fp_acc;
+		uint8_t fp_pad[6]; // padding
+	} sv_fp[8];
+	struct xmmacc sv_xmm[16];
+	uint8_t sv_pad[96];
+} __attribute__((aligned(16)));
+
+struct xstate_hdr {
+	uint64_t xstate_bv;
+	uint8_t xstate_rsrv0[16];
+	uint8_t xstate_rsrv[40];
+};
+
+struct savefpu_xstate {
+	struct xstate_hdr sx_hd;
+	struct ymmacc sx_ymm[16];
+};
+
+struct savefpu_ymm {
+	struct envxmm sv_env;
+	struct {
+		struct fpacc87 fp_acc;
+		int8_t fp_pad[6]; // padding
+	} sv_fp[8];
+	struct xmmacc sv_xmm[16];
+	uint8_t sv_pad[96];
+	struct savefpu_xstate sv_xstate;
+} __attribute__((aligned(64)));
+
+struct __dbreg64 {
+	uint64_t dr[16]; // debug registers
+	// Index 0-3: debug address registers
+	// Index 4-5: reserved
+	// Index 6: debug status
+	// Index 7: debug control
+	// Index 8-15: reserved
+};
+
+struct debug_interrupt_packet {
+	uint32_t lwpid;
+	uint32_t status;
+	char tdname[40];
+	struct __reg64 reg64;
+	struct savefpu_ymm savefpu;
+	struct __dbreg64 dbreg64;
+} __attribute__((packed));
+#define DEBUG_INTERRUPT_PACKET_SIZE 0x4A0
+
+#define DBREG_DR7_DISABLE		0x00
+#define DBREG_DR7_LOCAL_ENABLE	0x01
+#define DBREG_DR7_GLOBAL_ENABLE	0x02
+
+#define DBREG_DR7_LEN_1 0x00 // 1 byte length
+#define DBREG_DR7_LEN_2 0x01
+#define DBREG_DR7_LEN_4 0x03
+#define DBREG_DR7_LEN_8 0x02
+
+#define DBREG_DR7_EXEC		0x00 // break on execute
+#define DBREG_DR7_WRONLY	0x01 // break on write
+#define DBREG_DR7_RDWR		0x03 // break on read or write
+
+#define DBREG_DR7_MASK(i)						((uint64_t)(0xf) << ((i) * 4 + 16) | 0x3 << (i) * 2)
+#define DBREG_DR7_SET(i, len, access, enable)	((uint64_t)((len) << 2 | (access)) << ((i) * 4 + 16) | (enable) << (i) * 2)
+#define DBREG_DR7_GD							0x2000
+#define DBREG_DR7_ENABLED(d, i)					(((d) & 0x3 << (i) * 2) != 0)
+#define DBREG_DR7_ACCESS(d, i)					((d) >> ((i) * 4 + 16) & 0x3)
+#define DBREG_DR7_LEN(d, i)						((d) >> ((i) * 4 + 18) & 0x3)
+
+#define DBREG_DRX(d,x)							((d)->dr[(x)]) // reference dr0 - dr7 by register number
+
+#define DEBUG_PORT 42069
+
+extern int g_debugging;
+extern struct server_client *curdbgcli;
+extern struct debug_context *curdbgctx;
+
+int debug_attach_handle(int fd, struct cmd_packet *packet);
+int debug_detach_handle(int fd, struct cmd_packet *packet);
+int debug_breakpt_handle(int fd, struct cmd_packet *packet);
+int debug_watchpt_handle(int fd, struct cmd_packet *packet);
+int debug_threads_handle(int fd, struct cmd_packet *packet);
+int debug_stopthr_handle(int fd, struct cmd_packet *packet);
+int debug_resumethr_handle(int fd, struct cmd_packet *packet);
+int debug_getregs_handle(int fd, struct cmd_packet *packet);
+int debug_setregs_handle(int fd, struct cmd_packet *packet);
+int debug_getfpregs_handle(int fd, struct cmd_packet *packet);
+int debug_setfpregs_handle(int fd, struct cmd_packet *packet);
+int debug_getdbregs_handle(int fd, struct cmd_packet *packet);
+int debug_setdbregs_handle(int fd, struct cmd_packet *packet);
+int debug_stopgo_handle(int fd, struct cmd_packet *packet);
+int debug_thrinfo_handle(int fd, struct cmd_packet *packet);
+int debug_singlestep_handle(int fd, struct cmd_packet *packet);
+
+int connect_debugger(struct debug_context *dbgctx, struct sockaddr_in *client);
+void debug_cleanup(struct debug_context *dbgctx);
+
+int debug_handle(int fd, struct cmd_packet *packet);
+
+#endif