hdd0 unlock

Changelog.txt

@@ -19,6 +19,7 @@ Add : Flow3D setting to align game boxes.
 Add : Flow3D setting to adjust gap between game boxes.
 Change : Flow3D, I increased the zoom of the selected game case (press L3).
 Fix : Square picture 320x320 used by webMAN MOD and sman in XMB won't be stretched anymore.
+Add : PS3 hdd unlock by 3141card. Go to Setting>System>Hdd0 unlock.
 
 Notes:
 (1) This is mostly for damaged disc, some sectors might be unreadable because of scratches.

MGZ/source/fw_unk.c

@@ -40,6 +40,7 @@ extern u64 LV2MOUNTADDR_CSIZE;
 extern u64 NEW_POKE_SYSCALL_ADDR;
 extern u64 OFFSET_1_IDPS;
 extern u64 OFFSET_2_IDPS;
+extern u64 UFS_SB_ADDR;
 
 extern void print_head(char *format2, ...);
 extern void print_load(char *format, ...);
@@ -257,6 +258,7 @@ u8 init_fw_unk()
 
 	print_load("New firmware ! Please wait while MGZ search for the new offsets...");
 
+	u8 flag_ufs_sb_addr[8] = {0, 0, 0, 0, 0x19, 0x54, 0x01, 0x19};
 	u8 flag_htab[0x8] = {0x41, 0xDA, 0x00, 0x54, 0xE9, 0x7F, 0x00, 0xA8};
 	u8 flag_mmap1[0x8] = {0x88, 0x1F, 0x00, 0x99, 0x54, 0x00, 0x06, 0x3E};
 	u8 flag_mmap2[0x8] = {0xE8, 0xFF, 0x00, 0xE0, 0x7C, 0x08, 0x03, 0x78};
@@ -319,6 +321,9 @@ u8 init_fw_unk()
 			//FW_DATE_1 = reverse64(FW_DATE_1);
 			//FW_DATE_2 = reverse64(FW_DATE_2);
 		}
+		if(!memcmp((char *) &memLV2[n], (char *) flag_ufs_sb_addr, 0x8)) {
+			UFS_SB_ADDR = n - 0x558;
+		}
 		if(0x50000 < n && n <0x80000) {
 			if(!memcmp((char *) &memLV2[n], (char *) flag_offset_fix, 0x20)) {
 				OFFSET_FIX = n - 0x8;
@@ -408,7 +413,8 @@ u8 init_fw_unk()
 		&& OFFSET_FIX_LIC
 		&& OFFSET_2_FIX
 		&& OFFSET_FIX
-		&& FW_DATE_OFFSET) {
+		&& FW_DATE_OFFSET
+		&& UFS_SB_ADDR) {
 			flag = SUCCESS;	
 			break;
 		}
@@ -432,11 +438,11 @@ u8 init_fw_unk()
 	LV2MOUNTADDR             = LV2ADDR(LV2MOUNTADDR           );
 	OFFSET_1_IDPS            = LV2ADDR(OFFSET_1_IDPS          );
 	OFFSET_2_IDPS            = LV2ADDR(OFFSET_2_IDPS          );
+	UFS_SB_ADDR              = LV2ADDR(UFS_SB_ADDR            );
 
 	NEW_POKE_SYSCALL_ADDR = lv2peek( lv2peek(SYSCALL_TABLE + NEW_POKE_SYSCALL*8) ) + 0ULL;
 	UMOUNT_SYSCALL_OFFSET = lv2peek( lv2peek(SYSCALL_TABLE + 838*8) )  + 8ULL;
 
-
 	print_load("Loading lv1 in memory...");
 	u8 *memLV1 = LoadLV1();
 	if( memLV1 == NULL) {

MGZ/source/main.c

@@ -421,6 +421,7 @@ u64 *ERK_DUMPER;
 size_t ERK_DUMPER_SIZE;
 u64 OFFSET_1_IDPS;
 u64 OFFSET_2_IDPS;
+u64 UFS_SB_ADDR=0;
 
 //*********** IRIS ****************
 
@@ -6512,6 +6513,8 @@ void update_lang()
 	LANG(STR_ASK_TO_DELETE, "STR_ASK_TO_DELETE", STR_ASK_TO_DELETE_DEFAULT);
 	LANG(STR_DUMPER_MAX_TRY, "STR_DUMPER_MAX_TRY", STR_DUMPER_MAX_TRY_DEFAULT);
 	LANG(STR_DUMPER_MAX_TRY_DESC, "STR_DUMPER_MAX_TRY_DESC", STR_DUMPER_MAX_TRY_DESC_DEFAULT);
+	LANG(STR_HDD_UNLOCK_SPACE, "STR_HDD_UNLOCK_SPACE", STR_HDD_UNLOCK_SPACE);
+	LANG(STR_HDD_UNLOCK_SPACE_DESC, "STR_HDD_UNLOCK_SPACE_DESC", STR_HDD_UNLOCK_SPACE_DESC_DEFAULT);
 
 
 	FREE(STR_DB_NET);
@@ -10446,6 +10449,11 @@ u64 lv2poke(u64 addr, u64 value)
 	return_to_user_prog(u64);
 }
 
+u32 lv2peek32(uint64_t addr)
+{
+	return (u32)(lv2peek(addr) >> 32);
+}
+
 static void lv2poke32(u64 addr, uint32_t val)
 {
 	uint32_t next = lv2peek(addr) & 0xffffffff;
@@ -11355,6 +11363,65 @@ void DumpDevicesData()
 	free(info);
 }
 
+
+// ****************************
+// HDD0 UNLOCK RESERVED SPACE
+// ****************************
+#define UFS2_MAGIC	0x19540119ULL
+
+static uint64_t get_ufs_sb_addr(void)
+{
+	u64 LV2_START = 0x8000000000600000ULL;
+	u64 LV2_END = 0x8000000000500000ULL;
+
+	u64 addr = (u64) (LV2_START - 0xA8ULL);
+
+// fast
+	while(addr > LV2_END) {
+		if(lv2peek(addr) == UFS2_MAGIC)
+			return (uint64_t)(addr - 0x558ULL);
+		addr -= 0x800ULL;
+	}
+
+	LV2_START = 0x8000000000800000ULL;
+	LV2_END   = 0x8000000000000000ULL;
+	addr = (u64) (LV2_START - 0xA8ULL);
+
+// slow
+	while(addr > LV2_END) {
+		if(lv2peek(addr) == UFS2_MAGIC)
+			return (uint64_t)(addr - 0x558ULL);
+		addr -= 0x100ULL;
+	}
+
+	return 0ULL;
+}
+
+u8 hdd0_is_unlocked()
+{
+	if( lv2peek32(UFS_SB_ADDR + 0x3C) == 1) return YES;
+
+	return NO;
+}
+
+void hdd0_unlock(u8 state)
+{
+	if( state ) {
+		lv2poke32(UFS_SB_ADDR + 0x3C, 1);
+  		lv2poke32(UFS_SB_ADDR + 0x80, 1);
+	} else {
+		lv2poke32(UFS_SB_ADDR + 0x3C, 8);
+  		lv2poke32(UFS_SB_ADDR + 0x80, 0);
+	}
+	sys_fs_unmount("/dev_hdd0");
+	sys_fs_mount("CELL_FS_UTILITY:HDD0", "CELL_FS_UFS", "/dev_hdd0", 0);
+	usleep(1000);
+}
+
+// ****************************
+// HDD0 UNLOCK RESERVED SPACE
+// ****************************
+
 u32 u8_to_u32(u8* arr)
 {
 	return (0x1000000*arr[0] + 0x10000*arr[1] + 0x100*arr[2] + arr[3]);
@@ -29118,17 +29185,17 @@ void Open_option()
 			else {
 				add_option_item(STR_UNMOUNT_DEVBLIND);
 			}
-			/*
+
 			if(PEEKnPOKE) {
 				add_option_item(STR_DUMP_LV1);
 				add_option_item(STR_DUMP_LV2);
 			}
 			add_option_item(STR_DUMP_FLASH);
-			*/
 
-			add_option_item("Test");
-			add_option_item("Test2");
-			add_option_item("Test3");
+
+			//add_option_item("Test");
+			//add_option_item("Test2");
+			//add_option_item("Test3");
 
 			add_option_item("InsertEject");
 
@@ -30178,7 +30245,7 @@ void show_preview()
 			}
 		}
 	}
-	if(TITLES[title]!=NULL) preview_window(strcmp(TITLES[title], STR_ROOT_DISPLAY) == 0 && MENU_LVL != LVL_TITLE);
+	if(TITLES[title]!=NULL) preview_window(strcmp(TITLES[title], STR_FILEMANAGER) == 0 && MENU_LVL != LVL_TITLE);
 }
 
 //*******************************************************
@@ -30351,6 +30418,9 @@ void Draw_HELP()
 	if(item_is(STR_BOX3D_GAP)) {
 		DrawString(x, y, STR_BOX3D_GAP_DESC);
 	} else
+	if(item_is(STR_HDD_UNLOCK_SPACE)) {
+		DrawString(x, y, STR_HDD_UNLOCK_SPACE_DESC);
+	} else
 	if(item_is(STR_DUMPER_MAX_TRY)) {
 		DrawString(x, y, STR_DUMPER_MAX_TRY_DESC);
 	} else
@@ -38037,7 +38107,7 @@ void init_SETTINGS()
 		}
 	}
 	else { // NOT CUSTOM STYLE
-				
+
 		add_item_MENU(STR_FM_ICON, ITEM_LOCKED);
 		if(fm_CustomIcons==NO ) add_item_value_MENU(STR_FM_FILEFOLDER);
 		if(fm_CustomIcons==YES) add_item_value_MENU(STR_FM_CUSTOM);
@@ -38143,6 +38213,11 @@ void init_SETTINGS()
 		}
 		add_item_MENU(STR_DYNAREC, ITEM_TOGGLE);
 		ITEMS_VALUE_POSITION[ITEMS_NUMBER] = HaveDynarec();
+
+		if( UFS_SB_ADDR ) {
+			add_item_MENU(STR_HDD_UNLOCK_SPACE, ITEM_TOGGLE);
+			ITEMS_VALUE_POSITION[ITEMS_NUMBER] = hdd0_is_unlocked();
+		}
 	}
 
 	add_item_MENU("MGZ log", ITEM_TOGGLE);
@@ -38327,7 +38402,7 @@ void update_SETTINGS()
 			}	
 		}
 	} else 
-	if( item_title_is(STR_ROOT_DISPLAY)){
+	if( item_title_is(STR_FILEMANAGER)){
 		if(item_is(STR_STYLE)) {
 			if( root_display != ITEMS_VALUE_POSITION[ITEMS_POSITION]) {
 				root_display = ITEMS_VALUE_POSITION[ITEMS_POSITION];
@@ -38460,6 +38535,11 @@ void update_SETTINGS()
 				}
 			}
 		} else
+		if(item_is(STR_HDD_UNLOCK_SPACE)) {
+			if( ITEMS_VALUE_POSITION[ITEMS_POSITION] != hdd0_is_unlocked() ) {
+				hdd0_unlock(ITEMS_VALUE_POSITION[ITEMS_POSITION]);
+			}
+		} else
 		if(item_is("MGZ log")) {
 			LOG = ITEMS_VALUE_POSITION[ITEMS_POSITION];
 		} else
@@ -38998,6 +39078,8 @@ void open_SETTINGS()
 	update_RootDisplay();
 	read_setting();
 
+	if( !UFS_SB_ADDR ) UFS_SB_ADDR = get_ufs_sb_addr();
+
 	REC_UI_position=UI_position;
 	REC_Show_COVER=Show_COVER;
 	REC_Show_ICON0=Show_ICON0;

MGZ/source/str.h

@@ -827,6 +827,10 @@ char *STR_DUMPER_MAX_TRY=NULL;
 #define STR_DUMPER_MAX_TRY_DEFAULT			"Read attempts"
 char *STR_DUMPER_MAX_TRY_DESC=NULL;
 #define STR_DUMPER_MAX_TRY_DESC_DEFAULT		"Set the number of read attempts when there is a disc read error."
+char *STR_HDD_UNLOCK_SPACE=NULL;
+#define STR_HDD_UNLOCK_SPACE_DEFAULT		"Hdd0 unlock"
+char *STR_HDD_UNLOCK_SPACE_DESC=NULL;
+#define STR_HDD_UNLOCK_SPACE_DESC_DEFAULT	"Reduce the amount of reserved space in hdd0 from 8% to 1%."
 
 
 #endif

OffsetFinder/main.c

@@ -1478,6 +1478,10 @@ u8 init_fw()\n\
 		u64 HTAB_PATCH2=0;
 		u64 HTAB_PATCH3=0;
 
+		// need to do a dynamic search. It can be at different offset with the same firmware.
+		//u64 UFS_SB_ADDR=0;
+
+		//u8 ufs_sb_addr_flag[]={0x19, 0x54, 0x01, 0x19};
 		u8 htab_patch1_flag[]={0x44, 0x00, 0x00, 0x22, 0x2C, 0x23, 0x00, 0x00, 0x7C, 0x7C, 0x1B, 0x78, 0x41, 0xE2, 0xFD, 0x64};
 		u8 htab_patch2_flag[]={0x44, 0x00, 0x00, 0x22, 0x2C, 0x23, 0x00, 0x00, 0x7C, 0x7B, 0x1B, 0x78, 0x40, 0xC2, 0x00, 0xAC};
 		u8 htab_patch3_flag[]={0x44, 0x00, 0x00, 0x22, 0x2C, 0x23, 0x00, 0x00, 0x7C, 0x78, 0x1B, 0x78, 0x40, 0xC2, 0x02, 0xD8};
@@ -2199,6 +2203,10 @@ u8 init_fw()\n\
 					}
 				}
 			}
+
+			// if(compare(0xFF, (char *) &memLV2[n], (char *) ufs_sb_addr_flag, sizeof(ufs_sb_addr_flag))) {
+				// UFS_SB_ADDR = n - 0x55C;
+			// }
 			if(compare(0xFF, (char *) &memLV2[n], (char *) htab_patch1_flag, sizeof(htab_patch1_flag))) {
 				HTAB_PATCH1 = n;
 			}
@@ -2927,6 +2935,7 @@ u8 init_fw()\n\
 		if(OFFSET_1_IDPS != 0) OFFSET_1_IDPS = 0x8000000000000000ULL + OFFSET_1_IDPS;
 		if(OFFSET_2_IDPS != 0) OFFSET_2_IDPS = 0x8000000000000000ULL + OFFSET_2_IDPS;
 		if(LPAR != 0) LPAR = 0x8000000000000000ULL + LPAR;
+		// if(UFS_SB_ADDR != 0) UFS_SB_ADDR += 0x8000000000000000ULL; 
 
 
 		char str[255];
@@ -2981,6 +2990,7 @@ u8 init_fw()\n\
 		sprintf(str, "#define FW_DATE_2_%lld%c             0x%llXULL\n", FIRMWARE, D, FW_DATE_2); fputs(str, common);
 		sprintf(str, "#define OFFSET_1_IDPS_%lld%c         0x%llXULL\n", FIRMWARE, D, OFFSET_1_IDPS); fputs(str, common);
 		sprintf(str, "#define OFFSET_2_IDPS_%lld%c         0x%llXULL\n", FIRMWARE, D, OFFSET_2_IDPS); fputs(str, common);
+		//sprintf(str, "#define UFS_SB_ADDR_%lld%c           0x%llXULL\n", FIRMWARE, D, UFS_SB_ADDR); fputs(str, common);