API tools faq
paste
Advertisement
Evilnat

stage0 code (reduced)

Evilnat
Jun 3rd, 2025
145
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.32 KB | Source Code | 0 0
raw download clone embed print report
  1. #include <lv2/lv2.h>
  2. #include <lv2/memory.h>
  3. #include <lv2/io.h>
  4. #include <lv2/libc.h>
  5. #include <lv2/thread.h>
  6. #include <lv2/patch.h>
  7. #include <lv1/lv1.h>
  8.  
  9. #define STAGE2_MAX_SIZE         0x1FE00
  10.  
  11. #define USB_FLAG                "/dev_flash/sys/usb_flag"
  12.  
  13. #if defined (FIRMWARE_CEX)
  14.     #define STAGE2_FILE         "/dev_blind/sys/stage2.cex"
  15.     #define STAGE2_USB0_FILE    "/dev_usb000/stage2.cex"
  16. #elif defined (FIRMWARE_DEX)
  17.     #define STAGE2_FILE         "/dev_blind/sys/stage2.dex"
  18.     #define STAGE2_USB0_FILE    "/dev_usb000/stage2.dex"
  19. #endif
  20.  
  21. void main(void)
  22. {
  23.     void *stage2 = NULL;
  24.     char *stage2_file = (char *)STAGE2_FILE;
  25.    
  26.     f_desc_t f;
  27.     int (* func)(void);
  28.  
  29.     CellFsStat stat;
  30.     int fd, ret = 0;
  31.     uint64_t rs;
  32.  
  33.     for (int i = 0; i < 128; i++)
  34.     {
  35.         uint64_t pte0 = *(uint64_t *)(MKA(0xf000000 | (i << 7)));
  36.         uint64_t pte1 = *(uint64_t *)(MKA(0xf000000 | ((i << 7) + 8)));    
  37.         lv1_write_htab_entry(0, i << 3, pte0, (pte1 & 0xff0000) | 0x190);
  38.     }
  39.  
  40.     // Check if flag "/dev_flash/sys/usb_flag" exists to load external Cobra
  41.     if(cellFsStat(USB_FLAG, &stat) == 0)
  42.     {  
  43.         // Mounting /dev_usb000 (Thanks to haxxxen)
  44.         cellFsUtilMount_Usb000();
  45.  
  46.         // Checking for stage2.cex/dex on /dev_usb000
  47.         if(((ret = cellFsStat(STAGE2_USB0_FILE, &stat) == 0)))
  48.             stage2_file = (char *)STAGE2_USB0_FILE;
  49.     }
  50.  
  51.     // Mounting /dev_flash with write permission on /dev_blind
  52.     // We don't need to check in /dev_flash, we can do it on /dev_blind
  53.     // Reducing the size when compiling the payload
  54.     cellFsUtilMount("CELL_FS_IOS:BUILTIN_FLSH1", "CELL_FS_FAT", "/dev_blind", 0, 0, 0, 0, 0);
  55.  
  56.     // Load stage2
  57.     if(cellFsStat(stage2_file, &stat) == 0)
  58.     {
  59.         // Avoid loading an empty stage2
  60.         if(stat.st_size != 0 && stat.st_size < STAGE2_MAX_SIZE)
  61.         {
  62.             if(cellFsOpen(stage2_file, CELL_FS_O_RDONLY, &fd, 0, NULL, 0) == 0)
  63.             {
  64.                 stage2 = alloc(stat.st_size, 0x27);
  65.                 if(stage2)
  66.                 {      
  67.                     if(cellFsRead(fd, stage2, stat.st_size, &rs) != 0)
  68.                     {
  69.                         dealloc(stage2, 0x27);
  70.                         stage2 = NULL;
  71.                     }                      
  72.                 }  
  73.  
  74.                 cellFsClose(fd);
  75.             }
  76.         }
  77.     }  
  78.  
  79.     // stage2 fail save by bguerville / AV
  80.     // Disabling to avoid semibrick on NAND, will be enabled in stage2
  81.     if(stage2 && !ret)
  82.         cellFsRename(STAGE2_FILE, STAGE2_FILE ".bak"); 
  83.  
  84.     f.toc = (void *)MKA(TOC);
  85.     f.addr = stage2 ? stage2 : (void *)MKA(0x17e0);
  86.        
  87.     func = (void *)&f; 
  88.     func();
  89. }
  90.  
Tags: Cobra stage0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!