Advertising (This ad goes away for registered users. You can Login or Register)

MIPS PSP syscalls?

Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
User avatar
hgoel0974
Retired Mod
Posts: 2153
Joined: Mon Jul 23, 2012 11:42 pm
Location: Maia, Pleiades Nebula

MIPS PSP syscalls?

Post by hgoel0974 » Tue Apr 09, 2013 5:30 pm

Is there a list of all the syscalls and their respective codes for $v0 anywhere?
Advertising
"If the truth is a cruel mistress, then a lie must be a nice girl"

User avatar
preloader
Posts: 81
Joined: Thu Feb 28, 2013 1:09 pm

Re: MIPS PSP syscalls?

Post by preloader » Tue Apr 09, 2013 7:20 pm

İt is a bit complicated. You can try disassemble exploits and checking assembly files for syscalls. If you want to improve yourself and try to something you should take a look at MARS MIPS Simulator you can find more informations about MARS here: http://courses.missouristate.edu/kenvol ... /index.htm
Advertising

User avatar
hgoel0974
Retired Mod
Posts: 2153
Joined: Mon Jul 23, 2012 11:42 pm
Location: Maia, Pleiades Nebula

Re: MIPS PSP syscalls?

Post by hgoel0974 » Tue Apr 09, 2013 8:36 pm

preloader wrote:İt is a bit complicated. You can try disassemble exploits and checking assembly files for syscalls. If you want to improve yourself and try to something you should take a look at MARS MIPS Simulator you can find more informations about MARS here: http://courses.missouristate.edu/kenvol ... /index.htm
I learned assembly using MARS. Although I feel that the codes might be the same because in the end, it is still MIPS but I am not sure.
"If the truth is a cruel mistress, then a lie must be a nice girl"

User avatar
preloader
Posts: 81
Joined: Thu Feb 28, 2013 1:09 pm

Re: MIPS PSP syscalls?

Post by preloader » Tue Apr 09, 2013 8:52 pm

Originally posted by m0skit0 on advancedpsp.tk, and recreated by ultimakillz. Taken from : http://forums.pspslimhacks.com/threads/ ... mips.7573/
Code shown below maybe it can help you.

Code: Select all

// sceIoOpen
lui $a0, 0x08C1
ori $a0, $zr, 0x2345
li $a1, 1
li $a2, 0x1FF
jal 0x08A885C8
nop

// sceIoRead
or $a0, $zr, $v0
lui $a1, 0x08D0
li $a3, 0x6051
jal 0x08A88578
nop

// sceIoClose
jal 0x08A88590
nop

// sceKernelDcacheWritebackInvalidateAll
jal 0x08A887C0
nop

// Jump to our loaded code
lui $a0, 0x08D0
jr $a0
nop

User avatar
hgoel0974
Retired Mod
Posts: 2153
Joined: Mon Jul 23, 2012 11:42 pm
Location: Maia, Pleiades Nebula

Re: MIPS PSP syscalls?

Post by hgoel0974 » Tue Apr 09, 2013 9:32 pm

preloader wrote:Originally posted by m0skit0 on advancedpsp.tk, and recreated by ultimakillz. Taken from : http://forums.pspslimhacks.com/threads/ ... mips.7573/
Code shown below maybe it can help you.

Code: Select all

// sceIoOpen
lui $a0, 0x08C1
ori $a0, $zr, 0x2345
li $a1, 1
li $a2, 0x1FF
jal 0x08A885C8
nop

// sceIoRead
or $a0, $zr, $v0
lui $a1, 0x08D0
li $a3, 0x6051
jal 0x08A88578
nop

// sceIoClose
jal 0x08A88590
nop

// sceKernelDcacheWritebackInvalidateAll
jal 0x08A887C0
nop

// Jump to our loaded code
lui $a0, 0x08D0
jr $a0
nop
I think m0skit0 also posted this here, and well,I already know this, it isn't what I am talking about, syscalls are like

Code: Select all

li $v0,1
li $a0,10
syscall
which takes the value in $v0 and based on it decides which syscall we are making, in this case, $v0 is 1 which tells the MARS simulator to write the value stored in $a0 (argument 1) to the screen, what I'd like to know is if this exact same code will work, are the $v0 codes the same as the MARS simulator's codes?
"If the truth is a cruel mistress, then a lie must be a nice girl"

User avatar
Acid_Snake
Retired Mod
Posts: 3099
Joined: Tue May 01, 2012 11:32 am
Location: Behind you!

Re: MIPS PSP syscalls?

Post by Acid_Snake » Thu Apr 18, 2013 1:30 pm

syscalls no longer work in 6.60, meaning they aren't available in the vita either

wololo
Site Admin
Posts: 3605
Joined: Wed Oct 15, 2008 12:42 am
Location: Japan

Re: MIPS PSP syscalls?

Post by wololo » Thu Apr 18, 2013 1:51 pm

Acid, you mean syscall estimates
syscalls, obviously, still work, as they are at the core of how everything works in user mode on the psp or the psp emu.

I know that's what you meant, but remember everything we say here could be misunderstood by many people who will repeat that without questionning what they read

Edit: hgoel: syscalls on the psp are not fixed, so there isn't a list of them. Syscalls are semi randomly generated by the kernel. What does not change are the nids, and you can find lists of nids on silverspring's site.

Edit2: details on syscall randomization here: http://wololo.net/2012/06/07/syscall-internals/
If you need US PSN Codes, this technique is what I recommend.

Looking for guest bloggers and news hunters here at wololo.net, PM me!

User avatar
Acid_Snake
Retired Mod
Posts: 3099
Joined: Tue May 01, 2012 11:32 am
Location: Behind you!

Re: MIPS PSP syscalls?

Post by Acid_Snake » Thu Apr 18, 2013 2:03 pm

yeah I know, I usually forget the "estimation" part, but you know what I mean so it's not a big deal

JJS
Big Beholder
Posts: 1416
Joined: Mon Sep 27, 2010 2:18 pm
Contact:

Re: MIPS PSP syscalls?

Post by JJS » Thu Apr 18, 2013 5:54 pm

It should be noted that there are different ways to do syscalls for different MIPS processor revisions. On the PSP you specify the syscall number in the syscall instruction instead of loading it into register v0. See also here: viewtopic.php?f=5&t=740#p7977

Actually let me expand on this a bit: Because, as wololo said, syscalls are not fixed you usually do not call a syscall directly from your code. Instead you have the import stubs which are resolved by the kernel when your module loads. So on loading, the kernel writes the correct syscall instruction into this table. Your own code only performs a jump to this import code. This is also what the code preloader posted does. The jal goes to the import stub.

User avatar
Acid_Snake
Retired Mod
Posts: 3099
Joined: Tue May 01, 2012 11:32 am
Location: Behind you!

Re: MIPS PSP syscalls?

Post by Acid_Snake » Thu Apr 18, 2013 9:24 pm

thanks a bunch JJS, I'll be copy-pasting that somewhere I know

Post Reply

Return to “Programming and Security”