Add 12.50/12.52 support

README.md

@@ -1,10 +1,10 @@
-# ![PS4](https://img.shields.io/badge/-PS4-003791?style=flat&logo=PlayStation) Linux Payloads for FW 5.05 - 12.02
+# ![PS4](https://img.shields.io/badge/-PS4-003791?style=flat&logo=PlayStation) Linux Payloads for FW 5.05 - 13.02
 (Southbridge: Aeolia & Belize(2) & Baikal)
 
 **Linux-Payloads** kexec for PlayStation 4.
 
 The host with precompiled Linux payloads only works with GoldHEN v2.4b18.5/v2.4b18.6 BinLoader. Just open the web browser and cache the host—it will also work offline too.
-https://ps4boot.github.io [▶️ click](https://www.youtube.com/watch?v=T3rXMWw6nIM)
+[PSFree-Enhanced](https://arabpixel.github.io/PSFree-Enhanced) [▶️ click](https://www.youtube.com/watch?v=T3rXMWw6nIM)
 
 you’ll find Linux payloads for your firmware, along with some extra payloads. The rest are already included in GoldHEN.
 
@@ -23,6 +23,9 @@ you’ll find Linux payloads for your firmware, along with some extra payloads.
 *   FW 11.02 ✅ 
 *   FW 11.50 / 11.52 ✅
 *   FW 12.00 / 12.02 ✅ 
+*   FW 12.50 / 12.52 ✅
+*   FW 13.00 ✅
+*   13.02(?) ✅
 
 
 ## New
@@ -63,6 +66,6 @@ Baikal: ``console=uart8250,mmio32,0xC890E000``
 * marcan, shuffle2, eeply, rancido, valeryy, ethylamine, Joonie86 (Linux)
 * sleirsgoevy (for the script and better exploit FW 672) 
 * AlAzif / KiwiDog / Specter / Celesteblue / ChendoChap / zecoxao / SocraticBliss / ctn123 (Exploit and Fun Stuff for the Console)
-* bestpig / EchoStretch / EinTim23 / tihmstar (Offsets)
+* bestpig / EchoStretch / EinTim23 / tihmstar / ArabPixel (Offsets)
 * others ... 
 

freebsd-headers/ps4-offsets/1250.h

@@ -0,0 +1,14 @@
+#pragma once
+#define kernel_offset_xfast_syscall 0x1c0
+#define kernel_offset_allproc 0x1B28538
+#define kernel_offset_vmspace_acquire_ref 0x2F6F60
+#define kernel_offset_vmspace_free 0x2F6D90
+#define kernel_offset_printf 0x2E0420
+#define kernel_offset_kmem_alloc 0x465A20
+#define kernel_offset_kernel_map 0x22D1D50
+#define kernel_offset_sysent 0x1102B70
+#define kernel_offset_proc_rwmem 0x365FE0
+#define kernel_offset_copyin 0x2BD6B0
+
+#define kernel_patch_kmem_alloc_1 0x465AEC
+#define kernel_patch_kmem_alloc_2 0x465AF4

freebsd-headers/ps4-offsets/1300.h

@@ -0,0 +1,14 @@
+#pragma once
+#define kernel_offset_xfast_syscall 0x1c0
+#define kernel_offset_allproc 0x1b28538
+#define kernel_offset_vmspace_acquire_ref 0x2F6F80
+#define kernel_offset_vmspace_free 0x2F6DB0
+#define kernel_offset_printf 0x2E0440
+#define kernel_offset_kmem_alloc 0x465A40
+#define kernel_offset_kernel_map 0x22D1D50
+#define kernel_offset_sysent 0x1102B70
+#define kernel_offset_proc_rwmem 0x366000
+#define kernel_offset_copyin 0x2BD6D0
+
+#define kernel_patch_kmem_alloc_1 0x465B0C
+#define kernel_patch_kmem_alloc_2 0x465B14

freebsd-headers/ps4-offsets/1302.h

@@ -0,0 +1,14 @@
+#pragma once
+#define kernel_offset_xfast_syscall 0x1c0
+#define kernel_offset_allproc 0x1b28538
+#define kernel_offset_vmspace_acquire_ref 0x2F6F90
+#define kernel_offset_vmspace_free 0x2F6DC0
+#define kernel_offset_printf 0x2E0450
+#define kernel_offset_kmem_alloc 0x465A50
+#define kernel_offset_kernel_map 0x22D1D50
+#define kernel_offset_sysent 0x1102B70
+#define kernel_offset_proc_rwmem 0x366010
+#define kernel_offset_copyin 0x2BD6E0
+
+#define kernel_patch_kmem_alloc_1 0x465B1C
+#define kernel_patch_kmem_alloc_2 0x465B24

freebsd-headers/ps4-offsets/kernel.h

@@ -34,6 +34,15 @@
 #ifdef __12_00__
 #include "1200.h"
 #else
+#ifdef __12_50__
+#include "1250.h"
+#else
+#ifdef __13_00__
+#include "1300.h"
+#else
+#ifdef __13_02__
+#include "1302.h"
+#else
 #error "unsupported firmware"
 #endif
 #endif
@@ -47,3 +56,6 @@
 #endif
 #endif
 #endif
+#endif
+#endif
+#endif

linux/fw1250/.keepgithub

@@ -0,0 +1 @@
+

linux/fw1300/.keepgithub

@@ -0,0 +1 @@
+

linux/fw1302/.keepgithub

@@ -0,0 +1 @@
+

linux/magic.h

@@ -450,4 +450,110 @@
 #define kern_off_set_cu_power_gate 0x4ba3e0
 #define kern_off_pstate_before_shutdown 0x3a2360
 #define kern_off_set_nclk_mem_spd 0
+
+#elif defined PS4_12_50 //ArabPixel
+#define kern_off_printf 0x2E0420
+#define kern_off_snprintf 0x2E0720
+#define kern_off_copyin 0x2BD6B0
+#define kern_off_copyout 0x2BD5C0
+#define kern_off_copyinstr 0x2BDB60
+#define kern_off_kmem_alloc_contig 0x24D410
+#define kern_off_kmem_free 0x465BF0
+#define kern_off_pmap_extract 0x573D0
+#define kern_off_pmap_protect 0x58570
+#define kern_off_sched_pin 0x231640
+#define kern_off_sched_unpin 0x231660
+#define kern_off_smp_rendezvous 0x1AD520
+#define kern_off_smp_no_rendevous_barrier 0x1AD330
+#define kern_off_icc_query_nowait 0x447B10
+#define kern_off_kernel_map 0x22D1D50
+#define kern_off_sysent 0x1102B70
+#define kern_off_kernel_pmap_store 0x1b2c3a0
+#define kern_off_Starsha_UcodeInfo 0
+#define kern_off_gpu_devid_is_9924 0x4AC560
+#define kern_off_gc_get_fw_info 0x4BAF30
+#define kern_off_pml4pml4i 0x1B2C390
+#define kern_off_dmpml4i 0x1B2C394
+#define kern_off_dmpdpi 0x1B2C398
+#define kern_off_eap_hdd_key 0x26C4CF0
+#define kern_off_edid 0x275E148
+#define kern_off_wlanbt 0x478A30
+#define kern_off_kern_reboot 0x3A1DB0
+#define kern_off_set_gpu_freq 0x4B9A70
+#define kern_off_set_pstate 0x4BBE40
+#define kern_off_update_vddnp 0x4BA010
+#define kern_off_set_cu_power_gate 0x4BA420
+#define kern_off_pstate_before_shutdown 0x3A23A0
+#define kern_off_set_nclk_mem_spd 0
+
+#elif defined PS4_13_00 //ArabPixel
+#define kern_off_printf 0x2E0440 // Done
+#define kern_off_snprintf 0x2E0740 // Done
+#define kern_off_copyin 0x2BD6D0 // Done
+#define kern_off_copyout 0x2BD5E0 // Done
+#define kern_off_copyinstr 0x2BDB80 // Done
+#define kern_off_kmem_alloc_contig 0x24D430 // Done
+#define kern_off_kmem_free 0x465C10 // Done
+#define kern_off_pmap_extract 0x573D0 // Done
+#define kern_off_pmap_protect 0x58570 // Done
+#define kern_off_sched_pin 0x231660 // Done
+#define kern_off_sched_unpin 0x231680 // Done
+#define kern_off_smp_rendezvous 0x1AD520 // Done
+#define kern_off_smp_no_rendevous_barrier 0x1AD330 // Done
+#define kern_off_icc_query_nowait 0x447B30 // Done
+#define kern_off_kernel_map 0x22D1D50 // Done
+#define kern_off_sysent 0x1102B70 // Done
+#define kern_off_kernel_pmap_store 0x1B2C3A0 // Done
+#define kern_off_Starsha_UcodeInfo 0x0
+#define kern_off_gpu_devid_is_9924 0x4AC5A0 // Done
+#define kern_off_gc_get_fw_info 0x4BAF50 // Done 
+#define kern_off_pml4pml4i 0x1B2C390 // Done
+#define kern_off_dmpml4i 0x1B2C394 // Done
+#define kern_off_dmpdpi 0x1B2C398 // Done
+#define kern_off_eap_hdd_key 0x26C4CF0 // Done
+#define kern_off_edid 0x275E148 // Done
+#define kern_off_wlanbt 0x478A50 // Done
+#define kern_off_kern_reboot 0x3A1DD0 // Done
+#define kern_off_set_gpu_freq 0x4B9A90 // Done
+#define kern_off_set_pstate 0x4BBE60 // Done
+#define kern_off_update_vddnp 0x4BA030 // Done
+#define kern_off_set_cu_power_gate 0x4BA440 // Done
+#define kern_off_pstate_before_shutdown 0x3A23C0 // Done
+#define kern_off_set_nclk_mem_spd 0
+
+#elif defined PS4_13_02 //ArabPixel
+#define kern_off_printf 0x2E0450 // Done
+#define kern_off_snprintf 0x2E0750 // Done
+#define kern_off_copyin 0x2BD6E0 // Done
+#define kern_off_copyout 0x2BD5F0 // Done
+#define kern_off_copyinstr 0x2BDB90 // Done 
+#define kern_off_kmem_alloc_contig 0x24D440 // Done
+#define kern_off_kmem_free 0x465C20 // Done
+#define kern_off_pmap_extract 0x573D0 // Done
+#define kern_off_pmap_protect 0x58570 // Done
+#define kern_off_sched_pin 0x231670 // Done
+#define kern_off_sched_unpin 0x231690 // Done
+#define kern_off_smp_rendezvous 0x1AD530 // Done
+#define kern_off_smp_no_rendevous_barrier 0x1AD340 // Done
+#define kern_off_icc_query_nowait 0x447B40 // Done
+#define kern_off_kernel_map 0x22D1D50 // Done
+#define kern_off_sysent 0x1102B70 // Done
+#define kern_off_kernel_pmap_store 0x1B2C3A0 // Done
+#define kern_off_Starsha_UcodeInfo 0x0
+#define kern_off_gpu_devid_is_9924 0x4AC5A0 // Done
+#define kern_off_gc_get_fw_info 0x4BAF60 // Done
+#define kern_off_pml4pml4i 0x1B2C390 // Done
+#define kern_off_dmpml4i 0x1B2C394 // Done
+#define kern_off_dmpdpi 0x1B2C398 // Done
+#define kern_off_eap_hdd_key 0x26C4CF0 // Done
+#define kern_off_edid 0x275E148 // Done
+#define kern_off_wlanbt 0x478A60 // Done
+#define kern_off_kern_reboot 0x3A1DE0 // Done
+#define kern_off_set_gpu_freq 0x4B9AA0 // Done
+#define kern_off_set_pstate 0x4BBE70 // Done
+#define kern_off_update_vddnp 0x4BA040 // Done
+#define kern_off_set_cu_power_gate 0x4BA450 // Done
+#define kern_off_pstate_before_shutdown 0x3A23D0 // Done
+#define kern_off_set_nclk_mem_spd 0
+
 #endif

linux/main-baikal.c

@@ -44,6 +44,15 @@ asm("ps4kexec:\n.incbin \"ps4-kexec-1150-baikal/kexec.bin\"\nps4kexec_end:\n");
 #elif defined(__12_00__)
 asm("ps4kexec:\n.incbin \"ps4-kexec-1200-baikal/kexec.bin\"\nps4kexec_end:\n");
 #include "magic.h"
+#elif defined(__12_50__)
+asm("ps4kexec:\n.incbin \"ps4-kexec-1250-baikal/kexec.bin\"\nps4kexec_end:\n");
+#include "magic.h"
+#elif defined(__13_00__)
+asm("ps4kexec:\n.incbin \"ps4-kexec-1300-baikal/kexec.bin\"\nps4kexec_end:\n");
+#include "magic.h"
+#elif defined(__13_02__)
+asm("ps4kexec:\n.incbin \"ps4-kexec-1302-baikal/kexec.bin\"\nps4kexec_end:\n");
+#include "magic.h"
 #else
 #error "unsupported firmware"
 #endif

linux/main.c

@@ -44,6 +44,15 @@ asm("ps4kexec:\n.incbin \"ps4-kexec-1150/kexec.bin\"\nps4kexec_end:\n");
 #elif defined(__12_00__)
 asm("ps4kexec:\n.incbin \"ps4-kexec-1200/kexec.bin\"\nps4kexec_end:\n");
 #include "magic.h"
+#elif defined(__12_50__)
+asm("ps4kexec:\n.incbin \"ps4-kexec-1250/kexec.bin\"\nps4kexec_end:\n");
+#include "magic.h"
+#elif defined(__13_00__)
+asm("ps4kexec:\n.incbin \"ps4-kexec-1300/kexec.bin\"\nps4kexec_end:\n");
+#include "magic.h"
+#elif defined(__13_02__)
+asm("ps4kexec:\n.incbin \"ps4-kexec-1302/kexec.bin\"\nps4kexec_end:\n");
+#include "magic.h"
 #else
 #error "unsupported firmware"
 #endif

linux/ps4-kexec-1250-baikal/LICENSE

@@ -0,0 +1,24 @@
+Copyright (C) 2015-2016 shuffle2 <godisgovernment@gmail.com>
+Copyright (C) 2015-2016 Hector Martin "marcan" <marcan@marcan.st>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+   this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.

linux/ps4-kexec-1250-baikal/Makefile

@@ -0,0 +1,37 @@
+TOOLCHAIN_PREFIX ?=
+CC = $(TOOLCHAIN_PREFIX)gcc
+AR = $(TOOLCHAIN_PREFIX)ar
+OBJCOPY = $(TOOLCHAIN_PREFIX)objcopy
+
+CFLAGS=$(CFLAG) -DPS4_12_50 -DKASLR -DNO_SYMTAB -DDO_NOT_REMAP_RWX
+CFLAGS += -march=btver2 -masm=intel -std=gnu11 -ffreestanding -fno-common \
+	-fPIE -pie -fno-stack-protector -fomit-frame-pointer -nostdlib -nostdinc \
+	-fno-asynchronous-unwind-tables \
+	-Os -Wall -Werror -Wl,--no-dynamic-linker,--build-id=none,-T,kexec.ld,--nmagic \
+	-mcmodel=small -mno-red-zone
+
+SOURCES := kernel.c kexec.c linux_boot.c linux_thunk.S uart.c firmware.c \
+	acpi.c crc32.c
+
+OBJS := $(patsubst %.S,%.o,$(patsubst %.c,%.o,$(SOURCES)))
+DEPS := $(OBJS) $(SOURCES) $(INCLUDES:%=$(INC_DIR)/%) Makefile kexec.ld
+
+all: libkexec.a kexec.bin
+
+%.o: %.c *.h
+	$(CC) -c $(CFLAGS) -o $@ $<
+
+%.o: %.S
+	$(CC) -c $(CFLAGS) -o $@ $<
+
+libkexec.a: $(OBJS)
+	$(AR) -rc $@ $(OBJS)
+
+kexec.elf: libkexec.a kexec.ld
+	$(CC) $(CFLAGS) -o $@ libkexec.a
+
+%.bin: %.elf
+	$(OBJCOPY) -O binary $< $@
+
+clean:
+	rm -f libkexec.a kexec.elf kexec.bin $(OBJS)