openorbis / mira-project Goto Github PK

Just some cleanup work.

I wanna remote homebrew games damnit

I'm a derp

Seems the debug settings patches are removed?

What all feature requests should we have?

• Game Dumping and Decryption
• Userland Process Trainer SDK (pending OO SDK?)
• Fake-DEX, Spoof-DEX support
• Game Enumeration over RPC (req: @Seremo )
• Fake-NP
• Fake SELF
• Fake Package
• Kernel Debugger (port of m0rph)
• Device Driver for userland IOCTL's
• Dump HDD Keys
• View System Information
• Linux support (fail0verflow)
• "Rebooting" support (@theorywrong )
• Rest Mode support
• Web Browser activation
• Embedding elf to loader (minor)
• Remote Registry Manager
• FakeNVS
• FakeRegistry
• User account activation
• Update removal (instead of ghetto blocker)

In order to assist with rebuilding structures much easier, we should reference the named pipe implementation and create one to operate with Mira. This will allow for easy class rebuilding.

Title

https://github.com/zecoxao/todex

repository is here but i have no idea how to implement, maybe other can do this better

can be adapted to other versions easily, search for sequence of bytes:
2F B0 9F D1 DE 76 96 7D EB 94 7B 51 EC 82 78 1E

before it is the psid and then idps

switch target id in idps to the user's desired choice to unlock extra options (0x80/0x81/0x82/0xA0)

We may need to assist @CrazyVoidProgrammer with this issue, as he may not be available due to much more important personal concerns.

Such an important feature that Sony locked behind a tutorial setup that is long, unskippable and overly-complicated.

Info about IPD here.

Info about how complicated the procedure is on PS4..

More info about the importance of IPD..

When using the PSVR, you can drastically change the VR experience by decreasing or increasing the IPD, which have some effect on the FOV and the distance of where the focus is on the headset.

On PC, with trinus, you have a slider for it (and to be honest, most headset does have a slider for IPD, since it's also required for 3D stereo), as seen here.

It's so important that it's most of time modified on the fly on a lot of headset/stereo setup, it's also game dependent, some games require to change the IPD to a specific number to fix issues or increase effects that are deemed "too flat"", a good example being Driveclub, that massively benefit from a lower IPD (sub 50), providing less aliasing and a better "VR sense" but unfortunately less 3D stereo too.

It's obliviously a pain in the ass, everytime you want to change it, you are forced to restart the procedure, which obliviously, have locked animations ( non skippable ), which mean you need to spend at least 30/60s depending of the change everytime !

There is also no way to set the size directly, you need to manually move a cursor for both eyes and count how many movement you made........ it's really annoying.

A way to have a simple slider that you can change at anytime (or even better, on the fly ?) would be a huge improvement !

CE-30391-6

This will probably be controlled either from the kernel or the daemon

Testkits use different ShellCore offsets and what not, instead of creating a whole new platform that would be very annoying to keep maintained, add a flag in Mira's configuration block on first bootup determining if a unit is a testkit, or dev, or retail. Then from there apply required patches in each of the required locations that are testkit specific.

This will fix now closed PR: #86

Currently there are some patches missing to allow Remote PKG Support

Linking to #84 and #98 as it seems to have a bunch of stuff required for this.

There seems to be no way to set fd_rdir and fd_jdir via /dev/mira ioctls, which is required in utility apps for accessing PS4 filesystem.

Let's say I want to contribute a kernel plugin to Mira. Is there a contribution guide/style guide I have to follow? Most importantly, does it need to be written in object-oriented C++ (I assume yes), or is C code ok too?

EDIT: this is not a technical question, this is about what is acceptable and what rules I should respect, if any, to make my code acceptable for this project.

I have a ps4 5.03 bd . I like to use mira . I was used a binloader(4.55-5.07). For upload miraloader and mira.bin . But not worked . Thak you for help me to use mira.

When a game is inserted, check if the sceFios library exists in the game, decrypt and dump it to local HDD with version information so if homebrew or a game needs it and does not have it it will try to pull from game directory, then cache, then local system in order to resolve.

in lines 41, 47 and 94 the reference to 'false' should be 'False'
If false does not start with a capital F python will throw a NameError.

A part of struct proc is wrong, if you try to get name with p->p_comm, the name is misaligned.
Sony have change alot the struct proc, Maybe build a custom proc struct for very useful data.

This will be based on AlexAltea's Orbital Dumper.

https://github.com/AlexAltea/orbital/tree/master/tools/dumper

Mira should be able to handle getting preempted in the kernel, as well as interrupts that come in that will take away execution. This way during suspend and resume the state can be saved and restored properly

Currently there is no standardized way to create trainers. With the stabilization and finalization of Substitute, there should be a way for people to easily create trainers, as well as creating an interface to link to Mono via IPC of some kind. That way menu's are automatically created/generated upon game launch.

If I try to load a disc-based game after installing Mira, it fails with CE-34878-0 error short after booting. Same for "The Playroom".

It's impossible to do using fork/exec, as those processes will prevent the app from closing properly. As many homebrew apps may want this functionality, Mira seems to be a good place for it.

With the structure of Mira changing so much since the last time this was implemented (also with Substitute being done) this will need to be revisited/re-implemented.

Some games will not start with error CE-30391-6 and logs the user out. Also trophies timestamps are blank (-).

Using logs from @Leeful I believe it a string we may be able to start searching at is sceRifManagerPlayFirstTrialSwitchTimerState return %x [ent=%s, user=%x pft=%d] with a return of 809c0201. And/or sceProcessStarter::GetAppRifCtxId() ret = %x with a return of 80a40019.

Blank Trophy FPKG Game Log: https://pastebin.com/9VchmRi5
Blank Trophy Retail Game Log: https://pastebin.com/feAqFPEj
Game Failing to launch/logout: https://pastebin.com/Wt5Yffsd

Note: The title ID patch for switching on some debug options (ToDEX) appears to bypass these issues until the system is restarted.

Steps to reproduce:

1. Start Mira
2. Go to Settings -> Network -> Test Internet connection
3. Go back to homescreen and launch any app. The system will freeze.

The bug is present with both ps4jb and ChendoChap's implementation of the kexploit.

EDIT: The issue does not reproduce on ps4jb before b0a79c, which uses an older version of Mira.

Hi. How I can use mira in my ps4 5.03. I can't update my ps4 because my bleu ray drive is broken . Thank u

Samples from the toolchain and what not that printf() cannot be captured by reading kernel log. Adding the hook for this into Mira would add convenience here.

This will set a local profile as activated, or be able to set a local account to another ID for activation.

Title.

How I can use mira in ps4 5.03. I cant update my ps4

It's not a consistent issue, but occasionally when launching an application, the system will crash due to a null pointer de-reference on the return of Mira::Plugins::Substitute::DisableHook() in the context of the SceLibNpRifMgrIpcDispatcher.

kernel base: 0xffffffff873f0000
mira base: 0xffffff806d394000 size: 0x6a920
mira proc: 0xffffbe66341096c0 entrypoint: 0xffffff806d41c4a8
mira mira_entry: 0xffffff806d41c4a8
mira messageManager: 0xffffbe6615540800 pluginManager: 0xffffbe6634629880 rpcServer: 0xffffbe6650193200
LastBranchFromOffsetFromKernelBase: 0xffffff80e603efb4
RipOffsetFromKernelBase: 0xffffff80e603efcb
OffsetFromMiraEntry: [tf_last_branch_from-mira_entry]:0x12b0c [mira_entry-tf_last_branch_from]:0xfffffffffffed4f4
OffsetFromMiraEntryRIP: (0x12b23)
call stack:
[0] [r: 0xffffff806d42f001] [f:0xffffff806c102cb0]
[1] [r: 0xffffff806d42d492] [f:0xffffff806c102ce0]
[2] [r: 0xffffffff87a3d504] [f:0xffffff806c102d30]
[3] [r: 0xffffffff87a3e885] [f:0xffffff806c102df0]
[4] [r: 0xffffffff87a3de78] [f:0xffffff806c103330]
[5] [r: 0xffffffff874a3725] [f:0xffffff806c103840]
[6] [r: 0xffffffff87543b45] [f:0xffffff806c1038a0]
[7] [r: 0xffffffff8754390c] [f:0xffffff806c1038f0]
[8] [r: 0xffffff806d41d3e9] [f:0xffffff806c103950]
[9] [r: 0xffffffff873f0668] [f:0xffffff806c103990]
[10] [r: 0xffffffff873f0313] [f:0xffffff806c103aa0]

Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x286
fault code              = supervisor read data, page not present
instruction pointer	= 0x20:0xffffff806d42efcb
stack pointer	        = 0x28:0xffffff806c102ca0
frame pointer	        = 0x28:0xffffff806c102cb0
code segment		= base 0x0, limit 0xfffff, type 0x1b
		        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process	        = 41 (SceLibNpRifMgrIpcDispatcher)
trap number		= 12
page fault
exiting crashed thread
panic: thread_exit: exit with 0 locks held. sx 1 rwr 0 lks 0
cpuid = 1

There are a few suspect issues with this crash. Firstly, null pointer de-reference on a return indicates the stack is being absolutely clobbered by something. The fact that it consistently occurs in the context of the SceLibNpRifMgrIpcDispatcher process and on the off chance the bug fires it always happens at the same spot in the app launch procedure, indicates there's a consistent problem which is induced by some sort of variance since it doesn't happen on every app launch.

The only thing I can think of that would explain that type of behavior is some kind of race condition.

mira error, i was enter in the game god of war and apears a messange who said that "error in the database press acept to reset"
this was the only buttom so i press acept and after this mi play was reboot and clear all my games, i can't find it in any place but in the console the games stay ocupping space, what i could to do???

So far there is undefined behavior inside of the protobuf-c decoder. Cannot repro this issue on PC (linux) with asan enabled, memory sanitizer caught one issue, but it never triggered again. Opting for removing all of RPC from the kernel in favor of the CtrlDriver (currently in use by substitute) and moving all remote RPC calls to userland with a refactored RPC system using capnproto or the official protobuf library from google (written in C++), currently pending on OOSDK C++ support to land from @Cryptogenic .

Ideally, this is the new flow

PC Client -> Socket -> Userland Daemon (startup code provided by @LightningMods ) -> RPC Server -> /dev/mira ioctl calls

As well as a watchdog to make sure RPC daemon restarts on crash.

There will need to be documentation on how to develop using Substitute, how to load it, and examples created for the OOSDK (that will need to be merged in at some point)

Implement the ability to clear out already downloaded but not installed PS4UPDATE.PUP files from the update directory, as well as the ability to search + remove on launch.

Hi, when using Al Azif Mira (official) payload. Trying to run games off of an external hard drive, I get the same error message everytime. The games won't load. But when using leefuls HEN payload, all games run including off the external hard drive.

Suggestions please?

Thank you :))

Emulated NVS so people can experiment at their own risk without writing final results to the physical NVS regions.

Here is a list of bugs I have found while using mira (5.05):

• PS2 games made with PS4 PS2 Classics GUI stay on loading screen and will not load.
• Remote Package Installer will not load (says corrupt).
• The Debug Settings option disappears after you have used rest mode.
• Games crash on resuming from rest mode if you enter rest mode with game running.

If I find any more bugs I'll update the list.
Hope this is useful :)

thx to @sleirsgoevy Today at 4:06 AM
most warnings are about the "auto i = 0; i < ...unsigned here..." pattern

Will re-enable all warnings and fix these occurrences.

Here is a list of games I have tested that will not start when using mira.
When you try and load them it says:
An error has occured in the following application (CE-34878-0)

• Uncharted Lost Legacy [CUSA09564]
• Uncharted 4 [CUSA00341]
• The Last of Us Remastered [CUSA00557]
• Assassins Creed Origins [CUSA05625]
• Nioh [CUSA07123]
• Kingdom Hearts HD 1.5 + 2.5 Remix [CUSA05786]
• God Of War [CUSA07410]
• FarCry 5 [CUSA05904]
• Tom Clancy Ghost Recon Wildlands [CUSA02819]
• Transistor [CUSA00642]
• Watchdogs [CUSA00016]
• Pure Pool [CUSA01748]

This is an odd one, It doesnt throw an error but it just stays on the loading image.

• Octodad Dadliest Catch [CUSA05301]

There might also be an problem running certain games from an extended storage USB drive (NOT apptousb)
I've only tested it out with a couple of games but Back To the future and Sonic Mania work when on internal but not when on an extended storage drive.
At first I thought it was all games but Angry Birds Star Wars works from internal and external so it can't be that.

Hope this helps:)

Due to a bug in the Makefile for the loader, the Utils object files are linked out of order.

ld build/src/Utils/Kernel.o build/src/Utils/_crt0.o ...

For a normal executable, this is a non-issue. However, when a payload is built, the Kernel.s object file being linked in before the _crt0.s object file results in the first instructions in the binary being that of kernelRdmsr. This is an issue because payload loaders need to execute at binary + 0x0, otherwise the entry-point is non-deterministic. Since kernelRdmsr is present at 0x0 instead of _start, the payload loader will attempt to execute the rdmsr instruction, which is a privileged instruction that userland cannot execute, and will thus crash.

[21:16:26]	# A user thread receives a fatal signal
[21:16:26]	#
[21:16:26]	# signal: 10 (SIGBUS)
[21:16:26]	# thread ID: 101886
[21:16:26]	# thread name: payload launch thread
[21:16:26]	# proc ID: 96
[21:16:26]	# proc name: eboot.bin
[21:16:26]	# reason: general protection fault
[21:16:26]	#
[21:16:26]	# registers:
[21:16:26]	# rax: 0000000000000001  rbx: 0000000000000000
[21:16:26]	# rcx: 0000000080dee8ab  rdx: 00000000088fc820
[21:16:26]	# rsi: 000000000000002d  rdi: 0000000880dee8ab
[21:16:26]	# rbp: 00000007eefebff0  rsp: 00000007eefebf38
[21:16:26]	# r8 : 0000000822641410  r9 : 0000000000000000
[21:16:26]	# r10: 00000000088f3d33  r11: 0000000000000212
[21:16:26]	# r12: 0000000000000000  r13: 0000000000000000
[21:16:26]	# r14: 0000000000000000  r15: 0000000000000000
[21:16:26]	# rip: 0000000926200002  eflags: 00010202
[21:16:26]	# BrF: 00000000088d760d  BrT: 0000000926200000
[21:16:26]	#

0x926200002: rdmsr

If a client drops the connection to the log server suddenly (for example, if a C# application connects to Mira but does not disconnect gracefully before the application closes), it effectively DoS's the server. It will not accept any new connections, and a console reboot + Mira reload is required to connect to the log server. This is an issue that will likely need to be addressed before release.

/mnt/c/Users/user/Desktop/mira-project/src/Boot/Patches/Patches405.cpp:187:16: error: expected ';' after expression [clang-diagnostic-error]
kmem[1] = 0x90

Self explanatory, too lazy to fix on repo xD

Iv tested my working hb (working on 505) because specs full stack exploit has the required patches but 6.72 doesn't when resolving using Mira on 6.72 in a game process it fails to resolve

5.55 firmware support should be added.

Port from failoverflow