etaHEN Goes Open Source

etaHEN Goes Open Source

clean tmp files

....

Source Code/.clang-tidy

@@ -0,0 +1,8 @@
+---
+Checks:          'bugprone-*,-bugprone-reserved-identifier,-bugprone-easily-swappable-parameters,clang-diagnostic-*,clang-analyzer-*,cppcoreguidelines-*,-cppcoreguidelines-pro-type-reinterpret-cast,-cppcoreguidelines-pro-type-union-access,-cppcoreguidelines-avoid-c-arrays,-cppcoreguidelines-pro-bounds-pointer-arithmetic,-cppcoreguidelines-non-private-member-variables-in-classes,-cppcoreguidelines-pro-bounds-array-to-pointer-decay,-cppcoreguidelines-pro-type-vararg,-cppcoreguidelines-pro-bounds-constant-array-index,performance*,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling'
+WarningsAsErrors: true
+HeaderFilterRegex: '.*'
+AnalyzeTemporaryDtors: false
+FormatStyle:     none
+...
+

Source Code/.gitignore

@@ -0,0 +1,29 @@
+.cache
+.vscode
+.ninja_deps
+.ninja_log
+cmake_install.cmake
+compile_commands.json
+build.ninja
+CMakeCache.txt
+**/CMakeFiles
+**/bin
+*.o
+*.elf
+*.txt
+!**/CMakeLists.txt
+/BREW00000
+aerolib.csv
+stubber/main.exe
+stubber/out/
+homebrew/
+*.i64
+*.lnk
+*.til
+lib/libNidResolver.a
+lib/libNineS.a
+lib/libhijacker.a
+Makefile
+bootstrapper/Makefile
+hen.bin
+util/assets/shellui.elf

Source Code/.gitmodules

@@ -0,0 +1,3 @@
+[submodule "libNidResolver"]
+	path = libNidResolver
+	url = https://github.com/astrelsky/libNidResolver.git

Source Code/CMakeLists.txt

@@ -0,0 +1,23 @@
+cmake_minimum_required (VERSION 3.20)
+
+project("etaHEN")
+
+set(PROJECT_ROOT "${CMAKE_CURRENT_SOURCE_DIR}")
+set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${PROJECT_ROOT}/bin)
+set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${PROJECT_ROOT}/lib)
+set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${PROJECT_ROOT}/lib)	# static libs are archive
+
+include_directories	(SYSTEM "${PROJECT_ROOT}/include")
+include_directories(SYSTEM "${PS5_PAYLOAD_SDK}")
+include_directories(SYSTEM "${PS5_PAYLOAD_SDK}/include")
+
+add_subdirectory(libhijacker)
+add_subdirectory(libNidResolver)
+# add_subdirectory(libRPI)
+add_subdirectory(libSelfDecryptor)
+add_subdirectory(libNineS)
+add_subdirectory(shellui)
+add_subdirectory(daemon)
+add_subdirectory(util)
+add_subdirectory(bootstrapper)
+add_subdirectory(unpacker)

Source Code/CMakePresets.json

@@ -0,0 +1,103 @@
+{
+	"buildPresets": [
+		{
+			"hidden": false,
+			"verbose": true,
+			"name": "default-build-windows",
+			"displayName": "DefaultBuild",
+			"configurePreset": "ps5-base",
+			"description": "default build"
+		},
+		{
+			"hidden": false,
+			"verbose": true,
+			"name": "default-build-nix",
+			"displayName": "DefaultBuild",
+			"configurePreset": "nix-base",
+			"description": "default build"
+		}
+	],
+	"configurePresets": [
+		{
+			"name": "ps5-base",
+			"hidden": true,
+			"generator": "Ninja",
+			"binaryDir": "${sourceDir}/build/${presetName}",
+			"installDir": "${sourceDir}/build/install/${presetName}",
+			"toolchainFile": "${env:PS5SDK}/cmake/toolchain-ps5.cmake",
+			"cacheVariables": {
+				"CMAKE_C_COMPILER": "clang.exe",
+				"CMAKE_CXX_COMPILER": "clang++.exe"
+			},
+			"condition": {
+				"type": "equals",
+				"lhs": "${hostSystemName}",
+				"rhs": "Windows"
+			}
+		},
+		{
+			"name": "nix-base",
+			"hidden": true,
+			"generator": "Ninja",
+			"binaryDir": "${sourceDir}/build/${presetName}",
+			"installDir": "${sourceDir}/build/install/${presetName}",
+			"toolchainFile": "${env:PS5SDK}/cmake/toolchain-ps5.cmake",
+			"cacheVariables": {
+				"CMAKE_C_COMPILER": "clang",
+				"CMAKE_CXX_COMPILER": "clang++"
+			},
+			"condition": {
+				"type": "notEquals",
+				"lhs": "${hostSystemName}",
+				"rhs": "Windows"
+			}
+		},
+		{
+			"name": "ps5-debug",
+			"displayName": "PS5 Debug",
+			"inherits": "ps5-base",
+			"architecture": {
+				"value": "x64",
+				"strategy": "external"
+			},
+			"cacheVariables": {
+				"CMAKE_BUILD_TYPE": "Debug"
+			}
+		},
+		{
+			"name": "ps5-release",
+			"displayName": "PS5 Release",
+			"inherits": "ps5-debug",
+			"cacheVariables": {
+				"CMAKE_BUILD_TYPE": "Release"
+			}
+		},
+		{
+			"name": "linux-debug",
+			"displayName": "Linux Debug",
+			"inherits": "nix-base",
+			"cacheVariables": {
+				"CMAKE_BUILD_TYPE": "Debug"
+			},
+			"vendor": {
+				"microsoft.com/VisualStudioRemoteSettings/CMake/1.0": {
+					"sourceDir": "$env{HOME}/.vs/$ms{projectDirName}"
+				}
+			}
+		},
+		{
+			"name": "macos-debug",
+			"displayName": "macOS Debug",
+			"inherits": "nix-base",
+			"cacheVariables": {
+				"CMAKE_BUILD_TYPE": "Debug"
+			},
+			"vendor": {
+				"microsoft.com/VisualStudioRemoteSettings/CMake/1.0": {
+					"sourceDir": "$env{HOME}/.vs/$ms{projectDirName}"
+				}
+			}
+		}
+	],
+	"version": 3
+}

Source Code/README.md

@@ -0,0 +1,258 @@
+# etaHEN - AIO Homebrew enabler
+
+![etaHEN](https://github.com/LightningMods/etaHEN/blob/main/etaHEN-Icon.jpg)
+
+## 🚀 **Support the Project**
+
+If you find this project useful and would like to support its continued development, consider buying me a coffee!
+[![ko-fi](https://www.ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/lightningmods)
+
+## Building from Source
+
+The Source code is provided in the Source code folder under GPLv3 with all the necessary files to build it as required under GPLv3 
+However I will not be providing instructions on how to build it since any dev should know how to use cmake 
+
+## Official PS5 exploit website 
+- https://tinyurl.com/PS5IPV6 (requires you to manually send the payload but has the best stability)
+- https://ps5jb.pages.dev/ (auto loads the payload for you, id recommand the IPV6 exploit over UMTX)
+
+## Recommended self-host exploits
+- [Modified IPV6 exploit for etaHEN support](https://github.com/LightningMods/PS5-IPV6-Kernel-Exploit)
+
+## Payload PowerShell Script usage for Windows (send_payload.ps1)
+
+if you haven't already, you will need to either enable script execution globally via 
+
+```
+Set-ExecutionPolicy Bypass
+```
+in an admin PowerShell window or run the script with this command after replacing the script path
+
+```
+powershell.exe -ExecutionPolicy Bypass -File C:\Path\To\send_payload.ps1
+```
+**Script Usage**
+
+```
+.\send_payload.ps1 -Payload "C:\path\to\example.elf" -IP "192.168.xxx.xxx" -Port XXXX
+```
+
+**OR**
+
+```
+.\send_payload.ps1
+
+cmdlet send_payload.ps1 at command pipeline position 1
+Supply values for the following parameters:
+(Type !? for Help.)
+Payload: C:\path\to\example.elf
+IP: 192.168.xxx.xxx
+Port: XXXX
+```
+- Common Ports: SB elfldr 9021, exploit elfldr 9020
+
+## Features
+ - ★ etaHEN toolbox (debug settings replacement)
+ - Custom etaHEN [Plugins](https://github.com/LightningMods/etaHEN-SDK/tree/main/Plugin_samples)
+ - [Toolbox] Install the Homebrew Store on the console
+ - [Toolbox] ★Rest Mode Options
+ - [Toolbox] Remote Play Menu
+ - [Toolbox] Plugin / Payload ELF Menu with auto start options
+ - [Toolbox] External HDD Menu
+ - [Toolbox] TestKit Menu  
+ - [Toolbox] Cheats Menu (WIP)
+ - [Toolbox] Controller Shortcuts
+ - [Toolbox] PS5 webMAN Games menu
+ - [Toolbox] Custom Game Options Menu
+ - [Toolbox] Display Title IDs on Home menu
+ - [Toolbox] Disable toolbox auto start
+ - [Toolbox] Blu-Ray license activation 
+ - [Toolbox] Disc auto eject for BD-J and LUA based exploits
+ - [Toolbox] etaHEN credits and supporters
+ - [Toolbox] Custom debug settings text and icon
+ - [Toolbox] Auto open menu after etaHEN loads
+ - [Toolbox] a number of different toolbox settings
+ - React bundle (all FWs) & Self (only on 2.xx) FTP decryption Support
+ - 2 seperate daemons for improved stability and reliability
+ - The Util daemon will be auto restarted by the main etaHEN daemon
+ - Custom System Software version (custom System info)
+ - kstuff for fself and fpkg support 
+ - etaHEN log in /data/etaHEN
+ - (optional) System-wide controller shortcut to open itemzflow
+ - Debug Settings
+ - Game Dumper (Intrgrated with Itemzflow)
+ - HEN config file for settings
+ - Jailbreak IPC call (jailbreaks Homebrew apps)
+ - Update blocker (unmounts update partition)
+ - *Optional* Illusions cheats/patches [Plugin](https://github.com/LightningMods/etaHEN-SDK/tree/main/Plugin_samples/Illusion_cheats)
+ - *Optional* FTP server on port 1337
+ - *Optional* /data allowed inside apps sandboxes
+ - Klog server on port 9081
+ - elf loader on port 9021 (use Johns elfldr)
+ - *Optional* PS5Debug
+ - Itemzflow intergration
+ - *Optional* Discord RPC server on port 8000, click [here](https://github.com/jeroendev-one/ps5-rpc-client) for setup instructions 
+ - *Optional* Direct PKG installer V2 service with WebUI on http://PS5_IP:12800
+ - *Optional* Direct PKG installer service on port 9090
+
+## etaHEN SDK
+make your own custom plugins via the [etaHEN SDK](https://github.com/lightningmods/etaHEN-SDK)
+More info [Here](https://github.com/LightningMods/etaHEN-SDK/blob/main/README.md)
+
+## Upcoming features
+ - [Toolbox] FPS Counter
+ - [Toolbox] On-Screen temps and other info (for retails)
+ - More userland patches
+ - Improved PS5 Game support (itemzflow)
+ - More (consider donating)
+
+## etaHEN INI Configuration file 
+etaHEN's ini settings file can be found at `/data/etaHEN/config.ini` and can be accessed using the built-in FTP
+and is automatically created when you run etaHEN for the first time
+
+| INI Key             | Description                                                 | Default value |
+|---------------------|-------------------------------------------------------------|---------------|
+| `PS5Debug`          | 0 = disables PS5Debug (Sistr0) auto load, 1 = enable PS5Debug auto load | 0 (disabled) |
+| `FTP`               | 0 = disables etaHEN built-in FTP, 1 = enables it          | 1 (enabled) |
+| `discord_rpc`       | 0 = disables Discord RPC server, 1 = enables it           | 0 (disabled) |
+| `toolbox_auto_start` | 0 = disabled, 1 = enabled                                 | 1 (enabled) |
+| `Allow_data_in_sandbox` | 0 = disables /data in an apps sandbox, 1 = enables it | 1 (enabled) |
+| `DPI`               | 0 = disables The Direct PKG Installer service, 1 = enables it | 0 (disabled) |
+| `DPI_v2`            | 0 = disables DPI version 2, 1 = enables it                | 0 (disabled) |
+| `Klog`              | 0 = disables kernel logging, 1 = enables it               | 0 (disabled) |
+| `ALLOW_FTP_DEV_ACCESS` | 0 = disables FTP developer access, 1 = enables it      | 0 (disabled) |
+| `StartOption`       | 0=None, 1=Home menu, 2=Settings, 3=Toolbox, 4=itemzflow  | 0 (None) |
+| `Rest_Mode_Delay_Seconds` | Delay in seconds before patching shellui coming out rest mode | 0 (no delay) |
+| `Util_rest_kill`    | 0 = don't kill the util daemon during rest, 1 = Do kill it on rest | 0 (disabled) |
+| `Game_rest_kill`    | 0 = don't kill the open game during rest, 1 = Do kill it on rest | 0 (disabled) |
+| `disable_toolbox_auto_start_for_rest_mode` | 0 = disabled, 1 = enabled | 0 (disabled) |
+| `libhijacker_cheats` | 0 = disables libhijacker cheats, 1 = enables it          | 0 (disabled) |
+| `launch_itemzflow`  | 0 = disabled, 1 = enables auto launch of itemzflow        | 0 (disabled) |
+| `testkit`           | 0 = disabled, 1 = enables testkit mode                    | 0 (disabled) |
+| `Display_tids`      | 0 = disabled, 1 = enables display of title IDs            | 0 (disabled) |
+| `APP_JB_Debug_Msg`  | 0 = disabled, 1 = enables app jailbreak debug messages    | 0 (disabled) |
+| `etaHEN_Game_Options` | 0 = disabled, 1 = enables etaHEN game options           | 1 (enabled) |
+| `auto_eject_disc`   | 0 = disabled, 1 = enables automatic disc ejection         | 0 (disabled) |
+| `Cheats_shortcut_opt` | Multi-select option for cheats shortcut                 | 0 (CHEATS_SC_OFF) |
+| `Toolbox_shortcut_opt` | Multi-select option for toolbox shortcut               | 0 (TOOLBOX_SC_OFF) |
+| `Games_shortcut_opt` | Multi-select option for games shortcut                   | 0 (GAMES_SC_OFF) |
+| `Kstuff_shortcut_opt` | Multi-select option for kstuff shortcut                | 0 (KSTUFF_SC_OFF) |
+
+## DPI API details for tool creators 
+etaHEN's Direct PKG Installer currently is very simple and is considered a WIP
+the service flow is as follows
+
+1. Connect to etaHEN's TCP server via port 9090 (using the PS5s IP)
+2. Send a URL to etaHEN in the following json format
+```
+{ "url" : "http://xxxx" }
+```
+3. etaHEN will then send back the return value (0 on success)
+```
+{ "res" : "0" }
+```
+4. etaHEN will close the client socket after the return json is sent
+
+
+## Jailbreaking an app (FPKG) using etaHEN (non-whitelist method, Network required)
+
+```
+enum Commands : int {
+  INVALID_CMD = -1,
+  ACTIVE_CMD = 0,
+  LAUNCH_CMD,
+  PROCLIST_CMD,
+  KILL_CMD,
+  KILL_APP_CMD,
+  JAILBREAK_CMD
+};
+
+struct HijackerCommand
+{
+  int magic = 0xDEADBEEF;
+  Commands cmd = INVALID_CMD;
+  int PID = -1;
+  int ret = -1337;
+  char msg1[0x500];
+  char msg2[0x500];
+};
+
+int HJOpenConnectionforBC() {
+
+  SceNetSockaddrIn address;
+  address.sin_len = sizeof(address);
+  address.sin_family = AF_INET;
+  address.sin_port = sceNetHtons(9028); //command serve port
+  memset(address.sin_zero, 0, sizeof(address.sin_zero));
+  sceNetInetPton(AF_INET, "127.0.0.1", &address.sin_addr.s_addr);
+
+  int socket = sceNetSocket("IPC_CMD_SERVER", AF_INET, SOCK_STREAM, 0);
+  if (sceNetConnect(socket, (SceNetSockaddr*)&address, sizeof(address)) < 0) {
+    close(socket), socket = -1;
+  }
+
+  return socket;
+}
+
+bool HJJailbreakforBC(int& sock) {
+
+  // send jailbreak IPC command
+  HijackerCommand cmd;
+  cmd.PID = getpid();
+  cmd.cmd = JAILBREAK_CMD;
+
+  if (send(sock, (void*)&cmd, sizeof(cmd), MSG_NOSIGNAL) == -1) {
+      puts("failed to send command");
+      return false;
+  }
+  else {
+    // get ret val from daemon
+    recv(sock, reinterpret_cast<void*>(&cmd), sizeof(cmd), MSG_NOSIGNAL);
+    close(sock), sock = -1;
+    if (cmd.ret != 0 && cmd.ret != -1337) {
+      puts("Jailbreak has failed");
+      return false;
+    }
+    return true;
+  }
+
+  return false;
+}
+
+int main()
+{
+
+     int ret = HJOpenConnectionforBC();
+     if (ret < 0) {
+         puts("Failed to connect to daemon");
+         return -1;
+     }
+     if (!HJJailbreakforBC(ret))
+     {
+          puts("Jailbreak failed");
+          return -1;
+     }
+
+     return 0;
+}
+```
+
+## Contributors
+- [Buzzer](https://github.com/buzzer-re)
+- [sleirsgoevy](https://github.com/sleirsgoevy)
+- [ChendoChap](https://github.com/ChendoChap)
+- [astrelsky](https://github.com/astrelsky)
+- [illusion](https://github.com/illusion0001)
+- CTN & [SiSTR0](https://github.com/SiSTR0) for PS5Debug
+- [Nomadic](https://github.com/jeroendev-one) (Discord RPC feature)
+
+## Testers
+- [Echo Stretch](https://twitter.com/StretchEcho)
+- [idlesauce](https://github.com/idlesauce)
+- [Dizz](https://github.com/DizzRL)
+- [BedroZen](https://twitter.com/BedroZen)
+- [MODDED WARFARE](https://twitter.com/MODDED_WARFARE)
+
+
+## Join us on the Support Discord
+- https://discord.gg/xs2F46tKzK

Source Code/bootstrapper/Byepervisor/hen/include/config.h

@@ -0,0 +1,24 @@
+#ifndef CONFIG_H
+#define CONFIG_H
+
+/*
+ * Enable debug logging via TCP connection to PC
+ */
+#define PC_DEBUG_ENABLED                    1
+
+/*
+ * PC IP address for debug logging
+ */
+#define PC_DEBUG_IP                         "10.0.0.143"
+
+/*
+ * PC IP port for debug logging
+ */
+#define PC_DEBUG_PORT                       5655
+
+/*
+ * TCP port to run the RPC server on
+ */
+#define RPC_TCP_PORT                        9002
+
+#endif // CONFIG_H

Source Code/bootstrapper/Byepervisor/hen/include/fake.h

@@ -0,0 +1,225 @@
+/**
+ * Credits:
+ *      Inital Structures: flat_z
+ *      Structs and asserts: mira-vnext/kiwidog
+*/
+#ifndef FAKE_H
+#define FAKE_H
+
+#include <stdint.h>
+#include <assert.h>
+#include <stddef.h>
+#include <string.h>
+
+#include <sys/stdint.h>
+#include <sys/elf.h>
+#include <sys/param.h>
+#include <sys/lock.h>
+#include <sys/mutex.h>
+
+/**
+ * @brief This is just here to prevent errors, too lazy to remove logging
+ * 
+ */
+#define WriteLog(x, y, ...)
+
+/**
+ * C++ to C fixes
+*/
+#define false 0
+#define true 1
+
+/**
+ * Fake Self
+*/
+#pragma region FAKE SELF
+
+// Forward declarations
+struct self_auth_info_t;
+struct self_context_t;
+struct self_ex_info_t;
+struct self_header_t;
+enum self_format_t : int;
+struct self_fake_auth_info_t;
+struct self_entry_t;
+
+/**
+ * SELF authentication information
+*/
+typedef struct self_auth_info_t 
+{
+    uint64_t paid;
+    uint64_t caps[4];
+    uint64_t attrs[4];
+    uint8_t unk[0x40];
+}self_auth_info_t, SelfAuthInfo;
+
+/**
+ * SELF kernel context
+*/
+typedef struct self_context_t 
+{
+    uint32_t format;
+    uint32_t elf_auth_type;
+    uint32_t total_header_size;
+    uint32_t unk_0C;
+    void *segment;
+    uint32_t unk_18;
+    uint32_t ctx_id;
+    uint64_t svc_id;
+    uint64_t unk_28;
+    uint32_t buf_id;
+    uint32_t unk_34;
+    struct self_header_t *header;
+    uint8_t mtx_struct[0x20];
+} self_context_t, SelfContext;
+
+/**
+ * SELF extra information
+*/
+typedef struct self_ex_info_t
+{
+    uint64_t paid;
+    uint64_t ptype;
+    uint64_t app_version;
+    uint64_t firmware_version;
+    uint8_t digest[0x20];
+} self_ex_info_t, SelfExInfo;
+
+/**
+ * SELF entry
+*/
+typedef struct self_entry_t 
+{
+    uint32_t props;
+    uint32_t reserved;
+    uint64_t offset;
+    uint64_t filesz;
+    uint64_t memsz;
+} self_entry_t, SelfEntry;
+
+/**
+ * SELF header
+*/
+typedef struct self_header_t 
+{
+    uint32_t magic;
+    uint8_t version;
+    uint8_t mode;
+    uint8_t endian;
+    uint8_t attr;
+    uint32_t key_type;
+    uint16_t header_size;
+    uint16_t meta_size;
+    uint64_t file_size;
+    uint16_t num_entries;
+    uint16_t flags;
+    uint32_t reserved;
+    struct self_entry_t entries[0];
+} self_header_t, SelfHeader;
+
+/**
+ * SELF fake authentication information
+*/
+typedef struct self_fake_auth_info_t
+{
+    uint64_t size;
+    SelfAuthInfo info;
+} self_fake_auth_info_t, SelfFakeAuthInfo;
+
+/**
+ * SELF formats
+*/
+enum self_format_t : int
+{
+    /**
+     * No Specified format
+    */
+    SF_None,
+
+    /**
+     * RAW elf format
+    */
+    SF_Elf,
+
+    /**
+     * SELF format
+    */
+    SF_Self,
+
+    /**
+     * Count of formats
+    */
+    SF_Count
+};
+
+enum
+{
+    LoadSelfSegment = 2,
+    LoadSelfBlock = 6,
+
+    SelfMagic = 0x1D3D154F,
+    ElfMagic = 0x464C457F,
+
+    SelfPtypeFake = 1,
+
+    AuthInfoSize = 136,
+};
+
+struct mailbox_authmgr_verify_header_msg {
+    uint32_t cmd;
+    uint32_t res;
+    uint64_t headerPa;
+    uint64_t headerSize;
+    uint32_t unk18;
+    uint32_t serviceId;
+    uint64_t paid;
+};
+
+struct mailbox_authmgr_load_self_segment_msg {
+    uint32_t cmd;
+    uint32_t res;
+    uint64_t pa;
+    uint32_t segmentIndex;
+    uint16_t unk14;
+    uint16_t unk16;
+    uint8_t unk18[0x18];
+    uint32_t serviceId;
+};
+
+struct mailbox_authmgr_load_self_block_msg {
+    uint32_t cmd;
+    uint32_t res;
+    uint64_t unk08;
+    uint64_t unk10;
+    uint64_t unk18;
+    uint64_t unk20;
+    uint64_t unk28;
+    uint32_t unk30;
+    uint32_t unk34;
+    uint32_t unk38;
+    uint32_t segmentIndex;
+    uint32_t blockIndex;
+    uint32_t serviceId;
+    uint8_t digest[0x20];
+    uint8_t ext_info[0x8];
+    uint16_t unk70;
+    uint16_t unk72;
+    uint16_t unk74;
+};
+
+struct mailbox_authmgr_load_multiple_self_blocks_msg {
+    uint32_t cmd;
+    uint32_t res;
+    uint64_t unk08; //pa to 8 pa's of input
+    uint64_t unk10; //pa to 8 pa's of output (right after the above)
+    uint64_t unk18; //pa to digests
+    uint32_t segmentIndex;
+    uint32_t firstBlockIndex;
+    uint32_t nBlocks;
+    uint32_t serviceId;
+};
+
+#pragma endregion
+
+#endif /* FAKE_H */

Source Code/bootstrapper/Byepervisor/hen/include/fkeys.h

@@ -0,0 +1,19 @@
+#ifndef FKEYS_H
+#define FKEYS_H
+
+#include <stdint.h>
+
+struct key_area
+{
+    uint64_t bitmask;
+    char pad[24];
+    char key_data[63][32];
+};
+
+extern struct key_area shared_area;
+
+int register_fake_key(const char key_data[32]);
+int unregister_fake_key(int key_id);
+int get_fake_key(int key_id, char key_data[32]);
+
+#endif // FKEYS_H

Source Code/bootstrapper/Byepervisor/hen/include/fpkg.h

@@ -0,0 +1,133 @@
+#ifndef FPKG_H
+#define FPKG_H
+
+#include <stdint.h>
+
+struct NpDrmCmd5 {
+    uint32_t cmd;
+    uint32_t res;
+    uint64_t rif_pa;
+    uint32_t unk10;
+};
+
+struct NpDrmCmd6 {
+    uint32_t cmd;
+    uint32_t res;
+    uint64_t rif_pa;
+    uint8_t unk10[0x10];
+    uint8_t unk20[0x10];
+    uint32_t unk30; // 0 or 1
+};
+
+struct ClearKey {
+    uint32_t cmd;
+    uint32_t res;
+    uint64_t keyHandle;
+};
+
+struct Rif {
+    uint32_t magic;
+    uint16_t version;
+    uint16_t unk06;
+    uint64_t psnid;
+    uint64_t startTimestamp;
+    uint64_t endTimestamp;
+    uint8_t contentId[0x30];
+    uint16_t type;
+    uint16_t drmType;
+    uint16_t contentType;
+    uint16_t skuFlag;
+    uint64_t extraFlags;
+    uint32_t unk60;
+    uint32_t unk64;
+    uint32_t unk68;
+    uint32_t unk6C;
+    uint32_t unk70;
+    uint32_t unk74;
+    uint32_t unk78;
+    uint32_t unk7C;
+    uint8_t unk80[0x10];
+    uint8_t unk90[0x1B0];
+    uint8_t discKey[0x20];
+    uint8_t rifIv[0x10];
+    uint8_t rifSecret[0x90];
+    uint8_t rifSignature[0x100];
+};
+
+struct RifOutput {
+    /* 0x00 */ uint32_t version;
+    /* 0x04 */ uint32_t unk04;
+    /* 0x08 */ uint64_t psnid;
+    /* 0x10 */ uint64_t startTimestamp;
+    /* 0x18 */ uint64_t endTimestamp;
+    /* 0x20 */ uint64_t extraFlags;
+    /* 0x28 */ uint32_t type;
+    /* 0x2C */ uint32_t contentType;
+    /* 0x30 */ uint32_t skuFlag;
+    /* 0x34 */ uint32_t unk34;
+    /* 0x38 */ uint32_t unk38;
+    /* 0x3C */ uint32_t unk3C; //not set
+    /* 0x40 */ uint32_t unk40; //not set
+    /* 0x44 */ uint32_t unk44; //not set
+    /* 0x48 */ uint8_t contentId[0x30];
+    /* 0x78 */ uint8_t rifIv[0x10];
+    /* 0x88 */ uint32_t unk88;
+    /* 0x8C */ uint32_t unk8C;
+    /* 0x90 */ uint32_t unk90;
+    /* 0x94 */ uint32_t unk94;
+    /* 0x98 */ uint8_t unk98[0x10];
+};
+
+struct RifCmd5MemoryLayout {
+    Rif rif;
+    RifOutput output;
+};
+
+struct PfsmgrCmd11 {
+    uint32_t cmd;
+    uint32_t res;
+    uint32_t keyHandle0;
+    uint32_t keyHandle1; //also pubkey_ver
+    uint64_t tablePa;
+    uint64_t headerPa;
+    uint64_t headerCapacity;
+    uint64_t unk28;
+    uint64_t unk30;
+    uint64_t unk38;
+    uint64_t unk40;
+    uint64_t unk48;
+    uint32_t unk50;
+    uint8_t contentId[0x24];
+};
+
+struct sbl_chunk_table_entry
+{
+    uint64_t pa;
+    uint64_t size;
+};
+struct sbl_chunk_table_header
+{
+    uint64_t first_pa;
+    uint64_t data_size;
+    uint64_t used_entries;
+    uint64_t unk18;
+    sbl_chunk_table_entry entries[];
+};
+
+struct RsaBuffer {
+    uint8_t* ptr;
+    uint32_t size;
+};
+
+struct RsaKey {
+    const uint8_t _pad00[0x20];
+    const uint8_t* p;
+    const uint8_t* q;
+    const uint8_t* dmp1;
+    const uint8_t* dmq1;
+    const uint8_t* iqmp;
+};
+
+void apply_fpkg_hooks();
+
+#endif /* FPKG_H */

Source Code/bootstrapper/Byepervisor/hen/include/fself.h

@@ -0,0 +1,148 @@
+#ifndef FSELF_H
+#define FSELF_H
+
+#define ET_EXEC             0x0002
+#define ET_SCE_EXEC         0xFE00
+#define ET_SCE_DYNEXEC      0xFE10
+#define ET_SCE_DYNAMIC      0xFE18
+
+extern "C" {
+    #include <stdint.h>
+    #include <sys/types.h>
+    #include <sys/param.h>
+}
+
+enum SelfFormat {
+    NONE,
+    ELF,
+    SELF
+};
+
+struct ElfHeader {
+    uint8_t e_ident[0x10];
+    uint16_t e_type;
+    uint16_t e_machine;
+    uint32_t e_version;
+    uint64_t e_entry;
+    uint64_t e_phoff;
+    uint64_t e_shoff;
+    uint32_t e_flags;
+    uint16_t e_ehsize;
+    uint16_t e_phentsize;
+    uint16_t e_phnum;
+    uint16_t e_shentsize;
+    uint16_t e_shnum;
+    uint16_t e_shstrndx;
+};
+
+struct SelfHeader {
+    uint32_t magic;
+    uint32_t unk04;
+    union {
+        uint32_t raw;
+        struct {
+            uint8_t content_type;
+            uint8_t program_type : 4;
+            uint8_t key_revision : 4;
+        };
+    };
+    uint16_t header_size;
+    uint16_t metadata_size;
+    uint64_t file_size;
+    uint16_t entry_num;
+    uint16_t flags;
+    uint8_t padding[0x4];
+};
+
+struct SelfContext {
+    SelfFormat format;
+    uint32_t authType;
+    uint64_t headerSize;
+    uint64_t currentSegmentTable;
+    uint32_t currentSegmentTableIndex;
+    uint32_t unk1C;
+    uint64_t unk20;
+    uint64_t sizeInPages; //smth like that
+    uint32_t serviceId;
+    uint32_t unk34;
+    union {
+        SelfHeader* selfHeader;
+        ElfHeader* elfHeader;
+    };
+    uint8_t mtx[0x20];
+};
+
+struct SelfAuthInfo {
+    uint64_t cr_paid;
+    uint64_t cr_capability[4];
+    uint64_t cr_attribute[4];
+    uint64_t cr_sharedSecret[8];
+};
+struct SelfFakeAuthInfo {
+    uint64_t size;
+    SelfAuthInfo info;
+};
+
+struct MailboxVerifyHeaderMessage {
+    uint32_t cmd;
+    uint32_t res;
+    uint64_t headerPa;
+    uint64_t headerSize;
+    uint32_t unk18;
+    uint32_t serviceId;
+    uint64_t paid;
+};
+
+struct MailboxLoadSelfSegmentMessage {
+    uint32_t cmd;
+    uint32_t res;
+    uint64_t pa;
+    uint32_t segmentIndex;
+    uint16_t unk14;
+    uint16_t unk16;
+    uint8_t unk18[0x18];
+    uint32_t serviceId;
+};
+
+struct MailboxLoadSelfBlockMessage {
+    uint32_t cmd;
+    uint32_t res;
+    uint64_t unk08;
+    uint64_t unk10;
+    uint64_t unk18;
+    uint64_t unk20;
+    uint64_t unk28;
+    uint32_t unk30;
+    uint32_t unk34;
+    uint32_t unk38;
+    uint32_t segmentIndex;
+    uint32_t blockIndex;
+    uint32_t serviceId;
+    uint8_t digest[0x20];
+    uint8_t ext_info[0x8];
+    uint16_t unk70;
+    uint16_t unk72;
+    uint16_t unk74;
+};
+
+struct MailboxLoadMultipleSelfBlocksMessage {
+    uint32_t cmd;
+    uint32_t res;
+    uint64_t unk08; //pa to 8 pa's of input
+    uint64_t unk10; //pa to 8 pa's of output (right after the above)
+    uint64_t unk18; //pa to digests
+    uint32_t segmentIndex;
+    uint32_t firstBlockIndex;
+    uint32_t nBlocks;
+    uint32_t serviceId;
+};
+
+int sceSblAuthMgrIsLoadable__sceSblAuthMgrCheckSelfIsLoadable_hook(SelfContext* ctx, SelfAuthInfo* parentAuth, int pathid, SelfAuthInfo* selfAuth);
+int _sceSblAuthMgrVerifySelfHeader_hook(SelfContext* ctx);
+int _sceSblAuthMgrSmLoadSelfSegment_sceSblServiceMailbox(uint64_t handle, MailboxLoadSelfSegmentMessage* input, MailboxLoadSelfSegmentMessage* output);
+int _sceSblAuthMgrSmLoadSelfBlock_sceSblServiceMailbox(uint64_t handle, MailboxLoadSelfBlockMessage* input, MailboxLoadSelfBlockMessage* output);
+int _sceSblAuthMgrSmLoadMultipleSelfBlocks_sceSblServiceMailbox(uint64_t handle, MailboxLoadMultipleSelfBlocksMessage* input, MailboxLoadMultipleSelfBlocksMessage* output);
+int sceSblACMgrGetPathId_hook(const char* path);
+void apply_fself_hooks();
+
+#endif // FSELF_H

Source Code/bootstrapper/Byepervisor/hen/include/hook.h

@@ -0,0 +1,39 @@
+#pragma once
+#ifndef HOOK_H
+#define HOOK_H
+
+enum hook_id
+{
+    HOOK_TEST_SYS_IS_DEVELOPMENT_MODE = 0,
+    HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_IS_LOADABLE,
+    HOOK_FSELF_SCE_SBL_AUTHMGR_AUTH_HEADER,
+    HOOK_FSELF_SCE_SBL_AUTHMGR_RESUME,
+    HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_SEGMENT,
+    HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_BLOCK,
+    HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_MULTIPLE_SELF_BLOCKS,
+    HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_GET_PATHID,
+    HOOK_FPKG_NPDRM_IOCTL_CMD_5_CALL_SCE_SBL_SERVICE_MAILBOX,
+    HOOK_FPKG_NPDRM_IOCTL_CMD_6_CALL_SCE_SBL_SERVICE_MAILBOX,
+    HOOK_FPKG_PFS_VERIFY_SUPER_BLOCK_CALL_SCE_SBL_SERVICE_MAILBOX,
+    HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_1_CALL_SCE_SBL_SERVICE_MAILBOX,
+    HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_2_CALL_SCE_SBL_SERVICE_MAILBOX,
+    HOOK_FPKG_SCE_SBL_SERVICE_CRYPT_ASYNC_CALL_CCP_MSG_ENQUEUE,
+    HOOK_TEST_DIGEST_CHECK,
+    HOOK_CHECK_DIR_DEPTH,
+    HOOK_DEVACT_IOCTL,
+    HOOK_MAX
+};
+
+struct hook
+{
+    enum hook_id id;
+    uint64_t call_offset;
+    uint64_t orig_func_offset;
+};
+
+int install_raw_hook(uint64_t call_addr, void *func);
+int install_hook(hook_id id, void *func);
+void reset_hook(hook_id id);
+int apply_test_hook();
+
+#endif // HOOK_H

Source Code/bootstrapper/Byepervisor/hen/include/hooks/1_00.h

@@ -0,0 +1,84 @@
+#ifndef HOOKS_1_00_H
+#define HOOKS_1_00_H
+
+#include "hook.h"
+
+struct hook g_kernel_hooks_100[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        0x90719b,
+        0x990d80
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_IS_LOADABLE,
+        0x2dcd71,
+        0x8a5850
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_AUTH_HEADER,
+        0x2dd4ee,
+        0x8a5820
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_RESUME,
+        0x2de339,
+        0x8a5820
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_SEGMENT,
+        0x371075,
+        0x563a50
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_BLOCK,
+        0x37157f,
+        0x563a50
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_MULTIPLE_SELF_BLOCKS,
+        0x371b25,
+        0x563a50
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_GET_PATHID,
+        0x2dcc5d,
+        0x5a9740
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_5_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x8664bc,
+        0x563a50
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_6_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x866761,
+        0x563a50
+    },
+    {
+        HOOK_FPKG_PFS_VERIFY_SUPER_BLOCK_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d5646,
+        0x563a50
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_1_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d506f,
+        0x563a50
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_2_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d50db,
+        0x563a50
+    },
+    {
+        HOOK_FPKG_SCE_SBL_SERVICE_CRYPT_ASYNC_CALL_CCP_MSG_ENQUEUE,
+        0x32e0dd,
+        0x729990
+    },
+    {
+        HOOK_CHECK_DIR_DEPTH,
+        0x59C44E,
+	0xB0E730
+    },
+};
+
+#endif // HOOKS_1_00_H

Source Code/bootstrapper/Byepervisor/hen/include/hooks/1_01.h

@@ -0,0 +1,84 @@
+#ifndef HOOKS_1_01_H
+#define HOOKS_1_01_H
+
+#include "hook.h"
+
+struct hook g_kernel_hooks_101[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        0x90720b,
+        0x990df0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_IS_LOADABLE,
+        0x2dcd71,
+        0x8a5890
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_AUTH_HEADER,
+        0x2dd4ee,
+        0x8a58f0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_RESUME,
+        0x2de339,
+        0x8a58f0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_SEGMENT,
+        0x371075,
+        0x563a70
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_BLOCK,
+        0x37157f,
+        0x563a70
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_MULTIPLE_SELF_BLOCKS,
+        0x371b25,
+        0x563a70
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_GET_PATHID,
+        0x2dcc5d,
+        0x5a9760
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_5_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x86652c,
+        0x563a70
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_6_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x8667d1,
+        0x563a70
+    },
+    {
+        HOOK_FPKG_PFS_VERIFY_SUPER_BLOCK_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d5646,
+        0x563a70
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_1_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d506f,
+        0x563a70
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_2_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d50db,
+        0x563a70
+    },
+    {
+        HOOK_FPKG_SCE_SBL_SERVICE_CRYPT_ASYNC_CALL_CCP_MSG_ENQUEUE,
+        0x32e0dd,
+        0x729a00
+    },
+    {
+        HOOK_CHECK_DIR_DEPTH,
+        0x59C46E,
+	0xB0E7A0
+    },
+};
+
+#endif // HOOKS_1_01_H

Source Code/bootstrapper/Byepervisor/hen/include/hooks/1_02.h

@@ -0,0 +1,84 @@
+#ifndef HOOKS_1_02_H
+#define HOOKS_1_02_H
+
+#include "hook.h"
+
+struct hook g_kernel_hooks_102[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        0x9071cb,
+        0x990db0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_IS_LOADABLE,
+        0x2dcd71,
+        0x8a5850
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_AUTH_HEADER,
+        0x2dd4ee,
+        0x8a58b0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_RESUME,
+        0x2de339,
+        0x8a58b0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_SEGMENT,
+        0x371075,
+        0x563a80
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_BLOCK,
+        0x37157f,
+        0x563a80
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_MULTIPLE_SELF_BLOCKS,
+        0x371b25,
+        0x563a80
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_GET_PATHID,
+        0x2dcc5d,
+        0x5a9770
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_5_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x8664ec,
+        0x563a80
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_6_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x866791,
+        0x563a80
+    },
+    {
+        HOOK_FPKG_PFS_VERIFY_SUPER_BLOCK_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d5646,
+        0x563a80
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_1_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d506f,
+        0x563a80
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_2_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d50db,
+        0x563a80
+    },
+    {
+        HOOK_FPKG_SCE_SBL_SERVICE_CRYPT_ASYNC_CALL_CCP_MSG_ENQUEUE,
+        0x32e0dd,
+        0x7299c0
+    },
+    {
+        HOOK_CHECK_DIR_DEPTH,
+        0x59C47E,
+        0xB0E760
+    },
+};
+
+#endif // HOOKS_1_02_H

Source Code/bootstrapper/Byepervisor/hen/include/hooks/1_05.h

@@ -0,0 +1,84 @@
+#ifndef HOOKS_1_05_H
+#define HOOKS_1_05_H
+
+#include "hook.h"
+
+struct hook g_kernel_hooks_105[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        0x9079ab,
+        0x9915f0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_IS_LOADABLE,
+        0x2dcda1,
+        0x8a6960
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_AUTH_HEADER,
+        0x2dd51e,
+        0x8a69c0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_RESUME,
+        0x2de369,
+        0x8a69c0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_SEGMENT,
+        0x371295,
+        0x563f60
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_BLOCK,
+        0x37179f,
+        0x563f60
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_MULTIPLE_SELF_BLOCKS,
+        0x371d45,
+        0x563f60
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_GET_PATHID,
+        0x2dcc8d,
+        0x5a9c50
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_5_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x8675fc,
+        0x563f60
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_6_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x8678a1,
+        0x563f60
+    },
+    {
+        HOOK_FPKG_PFS_VERIFY_SUPER_BLOCK_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d5676,
+        0x563f60
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_1_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d509f,
+        0x563f60
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_2_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d510b,
+        0x563f60
+    },
+    {
+        HOOK_FPKG_SCE_SBL_SERVICE_CRYPT_ASYNC_CALL_CCP_MSG_ENQUEUE,
+        0x32e2fd,
+        0x729f30
+    },
+    {
+        HOOK_CHECK_DIR_DEPTH,
+        0x59C95E,
+        0xB0F120
+    },
+};
+
+#endif // HOOKS_1_05_H

Source Code/bootstrapper/Byepervisor/hen/include/hooks/1_10.h

@@ -0,0 +1,84 @@
+#ifndef HOOKS_1_10_H
+#define HOOKS_1_10_H
+
+#include "hook.h"
+
+struct hook g_kernel_hooks_110[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        0x9079bb,
+        0x991600
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_IS_LOADABLE,
+        0x2dcde1,
+        0x8a6970
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_AUTH_HEADER,
+        0x2dd55e,
+        0x8a69d0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_RESUME,
+        0x2de3a9,
+        0x8a69d0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_SEGMENT,
+        0x3712d5,
+        0x563fa0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_BLOCK,
+        0x3717df,
+        0x563fa0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_MULTIPLE_SELF_BLOCKS,
+        0x371d85,
+        0x563fa0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_GET_PATHID,
+        0x2dcccd,
+        0x5a9c90
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_5_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x86760c,
+        0x563fa0
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_6_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x8678b1,
+        0x563fa0
+    },
+    {
+        HOOK_FPKG_PFS_VERIFY_SUPER_BLOCK_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d56b6,
+        0x563fa0
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_1_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d50df,
+        0x563fa0
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_2_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d514b,
+        0x563fa0
+    },
+    {
+        HOOK_FPKG_SCE_SBL_SERVICE_CRYPT_ASYNC_CALL_CCP_MSG_ENQUEUE,
+        0x32e33d,
+        0x729f40
+    },
+    {
+        HOOK_CHECK_DIR_DEPTH,
+        0x59C99E,
+        0xB0F140
+    },
+};
+
+#endif // HOOKS_1_10_H

Source Code/bootstrapper/Byepervisor/hen/include/hooks/1_11.h

@@ -0,0 +1,84 @@
+#ifndef HOOKS_1_11_H
+#define HOOKS_1_11_H
+
+#include "hook.h"
+
+struct hook g_kernel_hooks_111[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        0x907b0b,
+        0x991760
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_IS_LOADABLE,
+        0x2dcde1,
+        0x8a6a70
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_AUTH_HEADER,
+        0x2dd55e,
+        0x8a6ad0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_RESUME,
+        0x2de3a9,
+        0x8a6ad0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_SEGMENT,
+        0x3712d5,
+        0x563fc0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_BLOCK,
+        0x3717df,
+        0x563fc0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_MULTIPLE_SELF_BLOCKS,
+        0x371d85,
+        0x563fc0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_GET_PATHID,
+        0x2dcccd,
+        0x5a9cb0
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_5_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x86770c,
+        0x563fc0
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_6_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x8679b1,
+        0x563fc0
+    },
+    {
+        HOOK_FPKG_PFS_VERIFY_SUPER_BLOCK_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d56b6,
+        0x563fc0
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_1_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d50df,
+        0x563fc0
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_2_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d514b,
+        0x563fc0
+    },
+    {
+        HOOK_FPKG_SCE_SBL_SERVICE_CRYPT_ASYNC_CALL_CCP_MSG_ENQUEUE,
+        0x32e33d,
+        0x72a030
+    },
+    {
+        HOOK_CHECK_DIR_DEPTH,
+        0x59C9BE,
+        0xB0F210
+    },
+};
+
+#endif // HOOKS_1_11_H

Source Code/bootstrapper/Byepervisor/hen/include/hooks/1_12.h

@@ -0,0 +1,84 @@
+#ifndef HOOKS_1_12_H
+#define HOOKS_1_12_H
+
+#include "hook.h"
+
+struct hook g_kernel_hooks_112[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        0x907c5b,
+        0x36cabc
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_IS_LOADABLE,
+        0x2dcde1,
+        0x8a6bc0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_AUTH_HEADER,
+        0x2dd55e,
+        0x8a6c20
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_RESUME,
+        0x2de3a9,
+        0x8a6c20
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_SEGMENT,
+        0x371305,
+        0x564030
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_BLOCK,
+        0x37180f,
+        0x564030
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_MULTIPLE_SELF_BLOCKS,
+        0x371db5,
+        0x564030
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_GET_PATHID,
+        0x2dcccd,
+        0x5a9d20
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_5_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x86785c,
+        0x564030
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_6_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x867b01,
+        0x564030
+    },
+    {
+        HOOK_FPKG_PFS_VERIFY_SUPER_BLOCK_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d56b6,
+        0x564030
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_1_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d50df,
+        0x564030
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_2_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d514b,
+        0x564030
+    },
+    {
+        HOOK_FPKG_SCE_SBL_SERVICE_CRYPT_ASYNC_CALL_CCP_MSG_ENQUEUE,
+        0x32e33d,
+        0x72a180
+    },
+    {
+        HOOK_CHECK_DIR_DEPTH,
+        0x59CA2E,
+        0xB0F360
+    },
+};
+
+#endif // HOOKS_1_12_H

Source Code/bootstrapper/Byepervisor/hen/include/hooks/1_13.h

@@ -0,0 +1,84 @@
+#ifndef HOOKS_1_13_H
+#define HOOKS_1_13_H
+
+#include "hook.h"
+
+struct hook g_kernel_hooks_113[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        0x907c2b,
+        0x991880
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_IS_LOADABLE,
+        0x2dcde1,
+        0x8a6b70
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_AUTH_HEADER,
+        0x2dd55e,
+        0x8a6bd0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_RESUME,
+        0x2de3a9,
+        0x8a6bd0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_SEGMENT,
+        0x371305,
+        0x564030
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_BLOCK,
+        0x37180f,
+        0x564030
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_MULTIPLE_SELF_BLOCKS,
+        0x371db5,
+        0x564030
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_GET_PATHID,
+        0x2dcccd,
+        0x5a9d20
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_5_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x86780c,
+        0x564030
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_6_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x867ab1,
+        0x564030
+    },
+    {
+        HOOK_FPKG_PFS_VERIFY_SUPER_BLOCK_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d56b6,
+        0x564030
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_1_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d50df,
+        0x564030
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_2_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d514b,
+        0x564030
+    },
+    {
+        HOOK_FPKG_SCE_SBL_SERVICE_CRYPT_ASYNC_CALL_CCP_MSG_ENQUEUE,
+        0x32e33d,
+        0x72a130
+    },
+    {
+        HOOK_CHECK_DIR_DEPTH,
+        0x59CA2E,
+        0xB0F330
+    },
+};
+
+#endif // HOOKS_1_13_H

Source Code/bootstrapper/Byepervisor/hen/include/hooks/1_14.h

@@ -0,0 +1,84 @@
+#ifndef HOOKS_1_14_H
+#define HOOKS_1_14_H
+
+#include "hook.h"
+
+struct hook g_kernel_hooks_114[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        0x9081db,
+        0x991e30
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_IS_LOADABLE,
+        0x2dcde1,
+        0x8a6be0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_AUTH_HEADER,
+        0x2dd55e,
+        0x8a6c40
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_RESUME,
+        0x2de3a9,
+        0x8a6c40
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_SEGMENT,
+        0x371305,
+        0x564050
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_BLOCK,
+        0x37180f,
+        0x564050
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_MULTIPLE_SELF_BLOCKS,
+        0x371db5,
+        0x564050
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_GET_PATHID,
+        0x2dcccd,
+        0x5a9d40
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_5_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x86787c,
+        0x564050
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_6_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x867b21,
+        0x564050
+    },
+    {
+        HOOK_FPKG_PFS_VERIFY_SUPER_BLOCK_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d56b6,
+        0x564050
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_1_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d50df,
+        0x564050
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_2_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2d514b,
+        0x564050
+    },
+    {
+        HOOK_FPKG_SCE_SBL_SERVICE_CRYPT_ASYNC_CALL_CCP_MSG_ENQUEUE,
+        0x32e33d,
+        0x72a1a0
+    },
+    {
+        HOOK_CHECK_DIR_DEPTH,
+        0x59CA4E,
+        0xB0F8E0
+    },
+};
+
+#endif // HOOKS_1_14_H

Source Code/bootstrapper/Byepervisor/hen/include/hooks/2_00.h

@@ -0,0 +1,84 @@
+#ifndef HOOKS_2_00_H
+#define HOOKS_2_00_H
+
+#include "hook.h"
+
+struct hook g_kernel_hooks_200[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        0x92976b,
+        0x9b7840
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_IS_LOADABLE,
+        0x2915a1,
+        0x8c2da0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_AUTH_HEADER,
+        0x291d29,
+        0x8c2e00
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_RESUME,
+        0x292b4b,
+        0x8c2e00
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_SEGMENT,
+        0x32c915,
+        0x534060
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_BLOCK,
+        0x32cdff,
+        0x534060
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_MULTIPLE_SELF_BLOCKS,
+        0x32d3a5,
+        0x534060
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_GET_PATHID,
+        0x29148d,
+        0x580890
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_5_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x87d60c,
+        0x534060
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_6_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x87d8b1,
+        0x534060
+    },
+    {
+        HOOK_FPKG_PFS_VERIFY_SUPER_BLOCK_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x28a116,
+        0x534060
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_1_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x289b3f,
+        0x534060
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_2_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x289bab,
+        0x534060
+    },
+    {
+        HOOK_FPKG_SCE_SBL_SERVICE_CRYPT_ASYNC_CALL_CCP_MSG_ENQUEUE,
+        0x2e587d,
+        0x725e40
+    },
+    {
+        HOOK_CHECK_DIR_DEPTH,
+        0x5723DE,
+        0xB4C940
+    },
+};
+
+#endif // HOOKS_2_00_H

Source Code/bootstrapper/Byepervisor/hen/include/hooks/2_20.h

@@ -0,0 +1,84 @@
+#ifndef HOOKS_2_20_H
+#define HOOKS_2_20_H
+
+#include "hook.h"
+
+struct hook g_kernel_hooks_220[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        0x929c2b,
+        0x9b7d00
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_IS_LOADABLE,
+        0x2915e1,
+        0x8c3250
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_AUTH_HEADER,
+        0x291d69,
+        0x8c32a0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_RESUME,
+        0x292b8b,
+        0x8c32a0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_SEGMENT,
+        0x32c955,
+        0x5340b0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_BLOCK,
+        0x32ce3f,
+        0x5340b0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_MULTIPLE_SELF_BLOCKS,
+        0x32d3e5,
+        0x5340b0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_GET_PATHID,
+        0x2914cd,
+        0x580a00
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_5_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x87daac,
+        0x5340b0
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_6_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x87dd51,
+        0x5340b0
+    },
+    {
+        HOOK_FPKG_PFS_VERIFY_SUPER_BLOCK_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x28a156,
+        0x5340b0
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_1_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x289b7f,
+        0x5340b0
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_2_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x289beb,
+        0x5340b0
+    },
+    {
+        HOOK_FPKG_SCE_SBL_SERVICE_CRYPT_ASYNC_CALL_CCP_MSG_ENQUEUE,
+        0x2e58bd,
+        0x726300
+    },
+    {
+        HOOK_CHECK_DIR_DEPTH,
+        0x57254E,
+        0xB4D2B0
+    },
+};
+
+#endif // HOOKS_2_20_H

Source Code/bootstrapper/Byepervisor/hen/include/hooks/2_25.h

@@ -0,0 +1,84 @@
+#ifndef HOOKS_2_25_H
+#define HOOKS_2_25_H
+
+#include "hook.h"
+
+struct hook g_kernel_hooks_225[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        0x929cdb,
+        0x9b7db0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_IS_LOADABLE,
+        0x2915e1,
+        0x8c32f0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_AUTH_HEADER,
+        0x291d69,
+        0x8c3350
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_RESUME,
+        0x292b8b,
+        0x8c3350
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_SEGMENT,
+        0x32c955,
+        0x534160
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_BLOCK,
+        0x32ce3f,
+        0x534160
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_MULTIPLE_SELF_BLOCKS,
+        0x32d3e5,
+        0x534160
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_GET_PATHID,
+        0x2914cd,
+        0x580ab0
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_5_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x87db5c,
+        0x534160
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_6_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x87de01,
+        0x534160
+    },
+    {
+        HOOK_FPKG_PFS_VERIFY_SUPER_BLOCK_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x28a156,
+        0x534160
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_1_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x289b7f,
+        0x534160
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_2_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x289beb,
+        0x534160
+    },
+    {
+        HOOK_FPKG_SCE_SBL_SERVICE_CRYPT_ASYNC_CALL_CCP_MSG_ENQUEUE,
+        0x2e58bd,
+        0x7263b0
+    },
+    {
+        HOOK_CHECK_DIR_DEPTH,
+        0x5725FE,
+        0xB4D440
+    },
+};
+
+#endif // HOOKS_2_25_H

Source Code/bootstrapper/Byepervisor/hen/include/hooks/2_26.h

@@ -0,0 +1,84 @@
+#ifndef HOOKS_2_26_H
+#define HOOKS_2_26_H
+
+#include "hook.h"
+
+struct hook g_kernel_hooks_226[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        0x929d0b,
+        0x9b7de0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_IS_LOADABLE,
+        0x2915e1,
+        0x8c3320
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_AUTH_HEADER,
+        0x291d69,
+        0x8c3380
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_RESUME,
+        0x292b8b,
+        0x8c3380
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_SEGMENT,
+        0x32c955,
+        0x534160
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_BLOCK,
+        0x32ce3f,
+        0x534160
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_MULTIPLE_SELF_BLOCKS,
+        0x32d3e5,
+        0x534160
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_GET_PATHID,
+        0x2914cd,
+        0x580ab0
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_5_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x87db8c,
+        0x534160
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_6_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x87de31,
+        0x534160
+    },
+    {
+        HOOK_FPKG_PFS_VERIFY_SUPER_BLOCK_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x28a156,
+        0x534160
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_1_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x289b7f,
+        0x534160
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_2_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x289beb,
+        0x534160
+    },
+    {
+        HOOK_FPKG_SCE_SBL_SERVICE_CRYPT_ASYNC_CALL_CCP_MSG_ENQUEUE,
+        0x2e58bd,
+        0x7263b0
+    },
+    {
+        HOOK_CHECK_DIR_DEPTH,
+        0x5725FE,
+        0xB4D470
+    },
+};
+
+#endif // HOOKS_2_26_H

Source Code/bootstrapper/Byepervisor/hen/include/hooks/2_30.h

@@ -0,0 +1,90 @@
+#ifndef HOOKS_2_30_H
+#define HOOKS_2_30_H
+
+#include "hook.h"
+
+struct hook g_kernel_hooks_230[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        0x929fdb,
+        0x9b80b0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_IS_LOADABLE,
+        0x2912c1,
+        0x8c35f0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_AUTH_HEADER,
+        0x291a49,
+        0x8c3650
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_RESUME,
+        0x29286b,
+        0x8c3650
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_SEGMENT,
+        0x32c635,
+        0x5340c0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_BLOCK,
+        0x32cb1f,
+        0x5340c0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_MULTIPLE_SELF_BLOCKS,
+        0x32d0c5,
+        0x5340c0
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_GET_PATHID,
+        0x2911ad,
+        0x580d80
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_5_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x87de5c,
+        0x5340c0
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_6_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x87e101,
+        0x5340c0
+    },
+    {
+        HOOK_FPKG_PFS_VERIFY_SUPER_BLOCK_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x289e36,
+        0x5340c0
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_1_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x28985f,
+        0x5340c0
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_2_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2898cb,
+        0x5340c0
+    },
+    {
+        HOOK_FPKG_SCE_SBL_SERVICE_CRYPT_ASYNC_CALL_CCP_MSG_ENQUEUE,
+        0x2e559d,
+        0x726680
+    },
+    {
+        HOOK_CHECK_DIR_DEPTH,
+        0x5728CE,
+        0xB4D890
+
+    },
+    {
+        HOOK_DEVACT_IOCTL,
+        0x2679D8,
+        0x93BA40         //devact_ioctl,
+    }
+};
+
+#endif // HOOKS_2_30_H

Source Code/bootstrapper/Byepervisor/hen/include/hooks/2_50.h

@@ -0,0 +1,91 @@
+#ifndef HOOKS_2_50_H
+#define HOOKS_2_50_H
+
+#include "hook.h"
+
+struct hook g_kernel_hooks_250[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        0x92A1EB,
+        0x9B8350
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_IS_LOADABLE,
+        0x2913C1,
+        0x8C3800
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_AUTH_HEADER,
+        0x291B49,
+        0x8C3860
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_RESUME,
+        0x29296B,
+        0x8C3860
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_SEGMENT,
+        0x32C735,
+        0x534220
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_BLOCK,
+        0x32CC1F,
+        0x534220
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_MULTIPLE_SELF_BLOCKS,
+        0x32D1C5,
+        0x534220
+    },
+    {
+        HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_GET_PATHID,
+        0x2912AD,
+        0x580EE0
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_5_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x87E06C,
+        0x534220
+    },
+    {
+        HOOK_FPKG_NPDRM_IOCTL_CMD_6_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x87E311,
+        0x534220
+    },
+    {
+        HOOK_FPKG_PFS_VERIFY_SUPER_BLOCK_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x289F36,
+        0x534220
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_1_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x28995F,
+        0x534220
+    },
+    {
+        HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_2_CALL_SCE_SBL_SERVICE_MAILBOX,
+        0x2899CB,
+        0x534220
+    },
+    {
+        HOOK_FPKG_SCE_SBL_SERVICE_CRYPT_ASYNC_CALL_CCP_MSG_ENQUEUE,
+        0x2E569D,
+        0x726700
+    },
+    {
+        HOOK_CHECK_DIR_DEPTH,
+        0x572A2E,
+        0xB4DB30
+
+    },
+
+  {
+        HOOK_DEVACT_IOCTL,
+        0x268D28,
+        0x93BCC0
+    }
+};
+
+#endif // HOOKS_2_50_H

Source Code/bootstrapper/Byepervisor/hen/include/kdlsym.h

@@ -0,0 +1,52 @@
+#pragma once
+#ifndef KDLSYM_H
+#define KDLSYM_H
+
+#include <stdint.h>
+
+typedef enum {
+    KERNEL_SYM_TEXT_END,
+    KERNEL_SYM_DMPML4I,
+    KERNEL_SYM_DMPDPI,
+    KERNEL_SYM_PML4PML4I,
+    KERNEL_SYM_PMAP_STORE,
+    KERNEL_SYM_DATA_CAVE,
+    KERNEL_SYM_PRINTF,
+    KERNEL_SYM_SCESBLAUTHMGRISLOADABLE2,
+    KERNEL_SYM_SCESBLAUTHMGRGETSELFINFO,
+    KERNEL_SYM_SCESBLACMGRGETPATHID,
+    KERNEL_SYM_M_TEMP,
+    KERNEL_SYM_MALLOC,
+    KERNEL_SYM_FREE,
+    KERNEL_SYM_MINI_SYSCORE_BIN,
+    KERNEL_SYM_SCESBLAUTHMGRVERIFYHEADER,
+    KERNEL_SYM_SCESBLSERVICEMAILBOX,
+    KERNEL_SYM_CTXTABLE_MTX,
+    KERNEL_SYM_CTXSTATUS,
+    KERNEL_SYM_CTXTABLE,
+    KERNEL_SYM_MTX_LOCK_FLAGS,
+    KERNEL_SYM_MTX_UNLOCK_FLAGS,
+    KERNEL_SYM_RW_MEM,
+    KERNEL_SYM_ALLPROC,
+    KERNEL_SYM_VM_MAP_LOCK_READ,
+    KERNEL_SYM_VM_MAP_UNLOCK_READ,
+    KERNEL_SYM_VM_MAP_LOOKUP_ENTRY,
+    KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_ENCRYPT,
+    KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_DECRYPT,
+    KERNEL_SYM_FPU_KERN_ENTER,
+    KERNEL_SYM_FPU_KERN_LEAVE,
+    KERNEL_SYM_LACACRYPTO_RSADPCRT_CORE,
+    KERNEL_SYM_SHA256_HMAC,
+    KERNEL_SYM_SCE_SBL_SERVICE_CRYPT_ASYNC,
+    KERNEL_SYM_SCE_SBL_FINALIZE_CRYPT_ASYNC,
+    KERNEL_SYM_SYS_FOPEN,
+    KERNEL_SYM_DEVACTIOCTL,
+    KERNEL_SYM_MAX,
+} ksym_t;
+
+void init_kdlsym(uint64_t fw_ver, uint64_t kernel_base);
+uint64_t get_fw_version();
+uint64_t kdlsym(ksym_t sym);
+uint64_t ktext(uint64_t offset);
+
+#endif // KDLSYM_H

Source Code/bootstrapper/Byepervisor/hen/include/offsets/1_00.h

@@ -0,0 +1,42 @@
+#ifndef OFFSETS_1_00_H
+#define OFFSETS_1_00_H
+
+uint64_t g_sym_map_100[] = {
+    0x0B30000,        // KERNEL_SYM_TEXT_END
+    0x4ADF540,        // KERNEL_SYM_DMPML4I
+    0x4ADF544,        // KERNEL_SYM_DMPDPI
+    0x4ADF29C,        // KERNEL_SYM_PML4PML4I
+    0x4ADF2B8,        // KERNEL_SYM_PMAP_STORE
+    0x7980000,        // KERNEL_SYM_DATA_CAVE
+    0x04A0070,        // KERNEL_SYM_PRINTF
+    0x08A5820,        // KERNEL_SYM_SCESBLAUTHMGRISLOADABLE2
+    0x08A63D0,        // KERNEL_SYM_SCESBLAUTHMGRGETSELFINFO
+    0x05A9740,        // KERNEL_SYM_SCESBLACMGRGETPATHID
+    0x3457540,        // KERNEL_SYM_M_TEMP
+    0x0A9C6A0,        // KERNEL_SYM_MALLOC
+    0x0A9CA50,        // KERNEL_SYM_FREE
+    0x28D1C48,        // KERNEL_SYM_MINI_SYSCORE_BIN
+    0x08A5880,        // KERNEL_SYM_SCESBLAUTHMGRVERIFYHEADER
+    0x0563A50,        // KERNEL_SYM_SCESBLSERVICEMAILBOX
+    0x38AC358,        // KERNEL_SYM_CTXTABLE_MTX
+    0x38AC380,        // KERNEL_SYM_CTXSTATUS
+    0x38AC3A0,        // KERNEL_SYM_CTXTABLE
+    0x04B04D0,        // KERNEL_SYM_MTX_LOCK_FLAGS
+    0x04B09C0,        // KERNEL_SYM_MTX_UNLOCK_FLAGS
+    0x0907510,        // KERNEL_SYM_RW_MEM
+    0x4211BF8,        // KERNEL_SYM_ALLPROC
+    0x030D7B0,        // KERNEL_SYM_VM_MAP_LOCK_READ
+    0x030D7F0,        // KERNEL_SYM_VM_MAP_UNLOCK_READ
+    0x030DCC0,        // KERNEL_SYM_VM_MAP_LOOKUP_ENTRY
+    0x059EC40,        // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_ENCRYPT
+    0x059ED40,        // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_DECRYPT
+    0x0689380,        // KERNEL_SYM_FPU_KERN_ENTER
+    0x06894E0,        // KERNEL_SYM_FPU_KERN_LEAVE
+    0x040B200,        // KERNEL_SYM_LACACRYPTO_RSADPCRT_CORE
+    0x0814F30,        // KERNEL_SYM_SHA256_HMAC
+    0x032E0D0,        // KERNEL_SYM_SCE_SBL_SERVICE_CRYPT_ASYNC
+    0x0729A50,        // KERNEL_SYM_SCE_SBL_FINALIZE_CRYPT_ASYNC
+    0x03AF170,        // SYS_FOPEN
+};
+
+#endif // OFFSETS_1_00_H

Source Code/bootstrapper/Byepervisor/hen/include/offsets/1_01.h

@@ -0,0 +1,42 @@
+#ifndef OFFSETS_1_01_H
+#define OFFSETS_1_01_H
+
+uint64_t g_sym_map_101[] = {
+    0x0B30000,        // KERNEL_SYM_TEXT_END
+    0x4ADF540,        // KERNEL_SYM_DMPML4I
+    0x4ADF544,        // KERNEL_SYM_DMPDPI
+    0x4ADF29C,        // KERNEL_SYM_PML4PML4I
+    0x4ADF2B8,        // KERNEL_SYM_PMAP_STORE
+    0x7980000,        // KERNEL_SYM_DATA_CAVE
+    0x04A0070,        // KERNEL_SYM_PRINTF
+    0x08A5890,        // KERNEL_SYM_SCESBLAUTHMGRISLOADABLE2
+    0x08A6440,        // KERNEL_SYM_SCESBLAUTHMGRGETSELFINFO
+    0x05A9760,        // KERNEL_SYM_SCESBLACMGRGETPATHID
+    0x3457540,        // KERNEL_SYM_M_TEMP
+    0x0A9C710,        // KERNEL_SYM_MALLOC
+    0x0A9CAC0,        // KERNEL_SYM_FREE
+    0x28D1C48,        // KERNEL_SYM_MINI_SYSCORE_BIN
+    0x08A58F0,        // KERNEL_SYM_SCESBLAUTHMGRVERIFYHEADER
+    0x0563A70,        // KERNEL_SYM_SCESBLSERVICEMAILBOX
+    0x38AC358,        // KERNEL_SYM_CTXTABLE_MTX
+    0x38AC380,        // KERNEL_SYM_CTXSTATUS
+    0x38AC3A0,        // KERNEL_SYM_CTXTABLE
+    0x04B04D0,        // KERNEL_SYM_MTX_LOCK_FLAGS
+    0x04B09C0,        // KERNEL_SYM_MTX_UNLOCK_FLAGS
+    0x0907580,        // KERNEL_SYM_RW_MEM
+    0x4211BF8,        // KERNEL_SYM_ALLPROC
+    0x030D7B0,        // KERNEL_SYM_VM_MAP_LOCK_READ
+    0x030D7F0,        // KERNEL_SYM_VM_MAP_UNLOCK_READ
+    0x030DCC0,        // KERNEL_SYM_VM_MAP_LOOKUP_ENTRY
+    0x059EC60,        // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_ENCRYPT
+    0x059ED60,        // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_DECRYPT
+    0x06893A0,        // KERNEL_SYM_FPU_KERN_ENTER
+    0x0689500,        // KERNEL_SYM_FPU_KERN_LEAVE
+    0x040B200,        // KERNEL_SYM_LACACRYPTO_RSADPCRT_CORE
+    0x0814FA0,        // KERNEL_SYM_SHA256_HMAC
+    0x032E0D0,        // KERNEL_SYM_SCE_SBL_SERVICE_CRYPT_ASYNC
+    0x0729AC0,        // KERNEL_SYM_SCE_SBL_FINALIZE_CRYPT_ASYNC
+    0x03AF170,        // SYS_FOPEN
+};
+
+#endif // OFFSETS_1_01_H

Source Code/bootstrapper/Byepervisor/hen/include/offsets/1_02.h

@@ -0,0 +1,42 @@
+#ifndef OFFSETS_1_02_H
+#define OFFSETS_1_02_H
+
+uint64_t g_sym_map_102[] = {
+    0x0B30000,        // KERNEL_SYM_TEXT_END
+    0x4ADF540,        // KERNEL_SYM_DMPML4I
+    0x4ADF544,        // KERNEL_SYM_DMPDPI
+    0x4ADF29C,        // KERNEL_SYM_PML4PML4I
+    0x4ADF2B8,        // KERNEL_SYM_PMAP_STORE
+    0x7980000,        // KERNEL_SYM_DATA_CAVE
+    0x04A0070,        // KERNEL_SYM_PRINTF
+    0x08A5850,        // KERNEL_SYM_SCESBLAUTHMGRISLOADABLE2
+    0x08A6400,        // KERNEL_SYM_SCESBLAUTHMGRGETSELFINFO
+    0x05A9770,        // KERNEL_SYM_SCESBLACMGRGETPATHID
+    0x3457540,        // KERNEL_SYM_M_TEMP
+    0x0A9C6D0,        // KERNEL_SYM_MALLOC
+    0x0A9CA80,        // KERNEL_SYM_FREE
+    0x28D1C48,        // KERNEL_SYM_MINI_SYSCORE_BIN
+    0x08A58B0,        // KERNEL_SYM_SCESBLAUTHMGRVERIFYHEADER
+    0x0563A80,        // KERNEL_SYM_SCESBLSERVICEMAILBOX
+    0x38AC358,        // KERNEL_SYM_CTXTABLE_MTX
+    0x38AC380,        // KERNEL_SYM_CTXSTATUS
+    0x38AC3A0,        // KERNEL_SYM_CTXTABLE
+    0x04B04D0,        // KERNEL_SYM_MTX_LOCK_FLAGS
+    0x04B09C0,        // KERNEL_SYM_MTX_UNLOCK_FLAGS
+    0x0907540,        // KERNEL_SYM_RW_MEM
+    0x4211BF8,        // KERNEL_SYM_ALLPROC
+    0x030D7B0,        // KERNEL_SYM_VM_MAP_LOCK_READ
+    0x030D7F0,        // KERNEL_SYM_VM_MAP_UNLOCK_READ
+    0x030DCC0,        // KERNEL_SYM_VM_MAP_LOOKUP_ENTRY
+    0x059EC70,        // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_ENCRYPT
+    0x059ED70,        // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_DECRYPT
+    0x06893B0,        // KERNEL_SYM_FPU_KERN_ENTER
+    0x0689510,        // KERNEL_SYM_FPU_KERN_LEAVE
+    0x040B200,        // KERNEL_SYM_LACACRYPTO_RSADPCRT_CORE
+    0x0814F60,        // KERNEL_SYM_SHA256_HMAC
+    0x032E0D0,        // KERNEL_SYM_SCE_SBL_SERVICE_CRYPT_ASYNC
+    0x0729A80,        // KERNEL_SYM_SCE_SBL_FINALIZE_CRYPT_ASYNC
+    0x03AF170,        // SYS_FOPEN
+};
+
+#endif // OFFSETS_1_02_H

Source Code/bootstrapper/Byepervisor/hen/include/offsets/1_05.h

@@ -0,0 +1,42 @@
+#ifndef OFFSETS_1_05_H
+#define OFFSETS_1_05_H
+
+uint64_t g_sym_map_105[] = {
+    0x0b30000,          // KERNEL_SYM_TEXT_END
+    0x4adf5b0,          // KERNEL_SYM_DMPML4I
+    0x4adf5b4,          // KERNEL_SYM_DMPDPI
+    0x4adf30c,          // KERNEL_SYM_PML4PML4I
+    0x4adf328,          // KERNEL_SYM_PMAP_STORE
+    0x7980000,          // KERNEL_SYM_DATA_CAVE // NEEDS TO BE CHECKED
+    0x04a05a0,          // KERNEL_SYM_PRINTF
+    0x08a6960,          // KERNEL_SYM_SCESBLAUTHMGRISLOADABLE2
+    0x08a7510,          // KERNEL_SYM_SCESBLAUTHMGRGETSELFINFO
+    0x05a9c50,          // KERNEL_SYM_SCESBLACMGRGETPATHID
+    0x3457580,          // KERNEL_SYM_M_TEMP
+    0x0a9cf90,          // KERNEL_SYM_MALLOC
+    0x0a9d340,          // KERNEL_SYM_FREE
+    0x28d1c58,          // KERNEL_SYM_MINI_SYSCORE_BIN
+    0x08a69c0,          // KERNEL_SYM_SCESBLAUTHMGRVERIFYHEADER
+    0x0563f60,          // KERNEL_SYM_SCESBLSERVICEMAILBOX
+    0x38ac368,          // KERNEL_SYM_CTXTABLE_MTX
+    0x38ac390,          // KERNEL_SYM_CTXSTATUS
+    0x38ac3a0,          // KERNEL_SYM_CTXTABLE
+    0x04b0a00,          // KERNEL_SYM_MTX_LOCK_FLAGS
+    0x04b0ef0,          // KERNEL_SYM_MTX_UNLOCK_FLAGS
+    0x0907d20,          // KERNEL_SYM_RW_MEM
+    0x4211c18,          // KERNEL_SYM_ALLPROC
+    0x030d860,          // KERNEL_SYM_VM_MAP_LOCK_READ
+    0x030d8a0,          // KERNEL_SYM_VM_MAP_UNLOCK_READ
+    0x030dd70,          // KERNEL_SYM_VM_MAP_LOOKUP_ENTRY
+    0x059f150,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_ENCRYPT
+    0x059f250,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_DECRYPT
+    0x06898d0,          // KERNEL_SYM_FPU_KERN_ENTER
+    0x0689a30,          // KERNEL_SYM_FPU_KERN_LEAVE
+    0x040b6d0,          // KERNEL_SYM_LACACRYPTO_RSADPCRT_CORE
+    0x0816070,          // KERNEL_SYM_SHA256_HMAC
+    0x032e2f0,          // KERNEL_SYM_SCE_SBL_SERVICE_CRYPT_ASYNC
+    0x0729ff0,          // KERNEL_SYM_SCE_SBL_FINALIZE_CRYPT_ASYNC
+    0x03AF600,          // SYS_FOPEN
+};
+
+#endif // OFFSETS_1_05_H

Source Code/bootstrapper/Byepervisor/hen/include/offsets/1_10.h

@@ -0,0 +1,42 @@
+#ifndef OFFSETS_1_10_H
+#define OFFSETS_1_10_H
+
+uint64_t g_sym_map_110[] = {
+    0x0B30000,          // KERNEL_SYM_TEXT_END
+    0x4ADF5B0,          // KERNEL_SYM_DMPML4I
+    0x4ADF5B4,          // KERNEL_SYM_DMPDPI
+    0x4ADF30C,          // KERNEL_SYM_PML4PML4I
+    0x4ADF328,          // KERNEL_SYM_PMAP_STORE
+    0x7980000,          // KERNEL_SYM_DATA_CAVE // NEEDS TO BE CHECKED
+    0x04A05E0,          // KERNEL_SYM_PRINTF
+    0x08A6970,          // KERNEL_SYM_SCESBLAUTHMGRISLOADABLE2
+    0x08A7520,          // KERNEL_SYM_SCESBLAUTHMGRGETSELFINFO
+    0x05A9C90,          // KERNEL_SYM_SCESBLACMGRGETPATHID
+    0x3457580,          // KERNEL_SYM_M_TEMP
+    0x0A9CFB0,          // KERNEL_SYM_MALLOC
+    0x0A9D360,          // KERNEL_SYM_FREE
+    0x28D1C58,          // KERNEL_SYM_MINI_SYSCORE_BIN
+    0x08A69D0,          // KERNEL_SYM_SCESBLAUTHMGRVERIFYHEADER
+    0x0563FA0,          // KERNEL_SYM_SCESBLSERVICEMAILBOX
+    0x38AC368,          // KERNEL_SYM_CTXTABLE_MTX
+    0x38AC390,          // KERNEL_SYM_CTXSTATUS
+    0x38AC3A0,          // KERNEL_SYM_CTXTABLE
+    0x04B0A40,          // KERNEL_SYM_MTX_LOCK_FLAGS
+    0x04B0F30,          // KERNEL_SYM_MTX_UNLOCK_FLAGS
+    0x0907D30,          // KERNEL_SYM_RW_MEM
+    0x4211C18,          // KERNEL_SYM_ALLPROC
+    0x030D8A0,          // KERNEL_SYM_VM_MAP_LOCK_READ
+    0x030D8E0,          // KERNEL_SYM_VM_MAP_UNLOCK_READ
+    0x030DDB0,          // KERNEL_SYM_VM_MAP_LOOKUP_ENTRY
+    0x059F190,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_ENCRYPT
+    0x059F290,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_DECRYPT
+    0x0689930,          // KERNEL_SYM_FPU_KERN_ENTER
+    0x0689A90,          // KERNEL_SYM_FPU_KERN_LEAVE
+    0x040B710,          // KERNEL_SYM_LACACRYPTO_RSADPCRT_CORE
+    0x0816080,          // KERNEL_SYM_SHA256_HMAC
+    0x032E330,          // KERNEL_SYM_SCE_SBL_SERVICE_CRYPT_ASYNC
+    0x072A000,          // KERNEL_SYM_SCE_SBL_FINALIZE_CRYPT_ASYNC
+    0x03AF640,          // SYS_FOPEN
+};
+
+#endif // OFFSETS_1_10_H

Source Code/bootstrapper/Byepervisor/hen/include/offsets/1_11.h

@@ -0,0 +1,42 @@
+#ifndef OFFSETS_1_11_H
+#define OFFSETS_1_11_H
+
+uint64_t g_sym_map_111[] = {
+    0x0B30000,          // KERNEL_SYM_TEXT_END
+    0x4ADF5B0,          // KERNEL_SYM_DMPML4I
+    0x4ADF5B4,          // KERNEL_SYM_DMPDPI
+    0x4ADF30C,          // KERNEL_SYM_PML4PML4I
+    0x4ADF328,          // KERNEL_SYM_PMAP_STORE
+    0x7980000,          // KERNEL_SYM_DATA_CAVE // NEEDS TO BE CHECKED
+    0x04A05E0,          // KERNEL_SYM_PRINTF
+    0x08A6A70,          // KERNEL_SYM_SCESBLAUTHMGRISLOADABLE2
+    0x08A7620,          // KERNEL_SYM_SCESBLAUTHMGRGETSELFINFO
+    0x05A9CB0,          // KERNEL_SYM_SCESBLACMGRGETPATHID
+    0x3457580,          // KERNEL_SYM_M_TEMP
+    0x0A9D110,          // KERNEL_SYM_MALLOC
+    0x0A9D370,          // KERNEL_SYM_FREE
+    0x28D1C58,          // KERNEL_SYM_MINI_SYSCORE_BIN
+    0x08A6AD0,          // KERNEL_SYM_SCESBLAUTHMGRVERIFYHEADER
+    0x0563FC0,          // KERNEL_SYM_SCESBLSERVICEMAILBOX
+    0x38AC368,          // KERNEL_SYM_CTXTABLE_MTX
+    0x38AC390,          // KERNEL_SYM_CTXSTATUS
+    0x38AC3A0,          // KERNEL_SYM_CTXTABLE
+    0x04B0A40,          // KERNEL_SYM_MTX_LOCK_FLAGS
+    0x04B0F30,          // KERNEL_SYM_MTX_UNLOCK_FLAGS
+    0x0907E80,          // KERNEL_SYM_RW_MEM
+    0x4211C18,          // KERNEL_SYM_ALLPROC
+    0x030D8A0,          // KERNEL_SYM_VM_MAP_LOCK_READ
+    0x030D8E0,          // KERNEL_SYM_VM_MAP_UNLOCK_READ
+    0x030DDB0,          // KERNEL_SYM_VM_MAP_LOOKUP_ENTRY
+    0x059F1B0,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_ENCRYPT
+    0x059F2B0,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_DECRYPT
+    0x06899D0,          // KERNEL_SYM_FPU_KERN_ENTER
+    0x0689B30,          // KERNEL_SYM_FPU_KERN_LEAVE
+    0x040B710,          // KERNEL_SYM_LACACRYPTO_RSADPCRT_CORE
+    0x0816170,          // KERNEL_SYM_SHA256_HMAC
+    0x032E330,          // KERNEL_SYM_SCE_SBL_SERVICE_CRYPT_ASYNC
+    0x072A0F0,          // KERNEL_SYM_SCE_SBL_FINALIZE_CRYPT_ASYNC
+    0x03AF640,          // SYS_FOPEN
+};
+
+#endif // OFFSETS_1_11_H

Source Code/bootstrapper/Byepervisor/hen/include/offsets/1_12.h

@@ -0,0 +1,42 @@
+#ifndef OFFSETS_1_12_H
+#define OFFSETS_1_12_H
+
+uint64_t g_sym_map_112[] = {
+    0x0B30000,          // KERNEL_SYM_TEXT_END
+    0x4ADF5B0,          // KERNEL_SYM_DMPML4I
+    0x4ADF5B4,          // KERNEL_SYM_DMPDPI
+    0x4ADF30C,          // KERNEL_SYM_PML4PML4I
+    0x4ADF328,          // KERNEL_SYM_PMAP_STORE
+    0x7980000,          // KERNEL_SYM_DATA_CAVE
+    0x04A0640,          // KERNEL_SYM_PRINTF
+    0x08A6BC0,          // KERNEL_SYM_SCESBLAUTHMGRISLOADABLE2
+    0x08A7770,          // KERNEL_SYM_SCESBLAUTHMGRGETSELFINFO
+    0x05A9D20,          // KERNEL_SYM_SCESBLACMGRGETPATHID
+    0x3457580,          // KERNEL_SYM_M_TEMP
+    0x0A9D260,          // KERNEL_SYM_MALLOC
+    0x0A9D4C0,          // KERNEL_SYM_FREE
+    0x28D1C58,          // KERNEL_SYM_MINI_SYSCORE_BIN
+    0x08A6C20,          // KERNEL_SYM_SCESBLAUTHMGRVERIFYHEADER
+    0x0564030,          // KERNEL_SYM_SCESBLSERVICEMAILBOX
+    0x38AC368,          // KERNEL_SYM_CTXTABLE_MTX
+    0x38AC390,          // KERNEL_SYM_CTXSTATUS
+    0x38AC3A0,          // KERNEL_SYM_CTXTABLE
+    0x04B0AA0,          // KERNEL_SYM_MTX_LOCK_FLAGS
+    0x04B0F90,          // KERNEL_SYM_MTX_UNLOCK_FLAGS
+    0x0907FD0,          // KERNEL_SYM_RW_MEM
+    0x4211C18,          // KERNEL_SYM_ALLPROC
+    0x030D8A0,          // KERNEL_SYM_VM_MAP_LOCK_READ
+    0x030D8E0,          // KERNEL_SYM_VM_MAP_UNLOCK_READ
+    0x030DDB0,          // KERNEL_SYM_VM_MAP_LOOKUP_ENTRY
+    0x059F220,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_ENCRYPT
+    0x059F320,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_DECRYPT
+    0x0689B20,          // KERNEL_SYM_FPU_KERN_ENTER
+    0x0689C80,          // KERNEL_SYM_FPU_KERN_LEAVE
+    0x040B770,          // KERNEL_SYM_LACACRYPTO_RSADPCRT_CORE
+    0x08162C0,          // KERNEL_SYM_SHA256_HMAC
+    0x032E330,          // KERNEL_SYM_SCE_SBL_SERVICE_CRYPT_ASYNC
+    0x072A240,          // KERNEL_SYM_SCE_SBL_FINALIZE_CRYPT_ASYNC
+    0x03AF6A0,          // SYS_FOPEN
+};
+
+#endif      // OFFSETS_1_12_H

Source Code/bootstrapper/Byepervisor/hen/include/offsets/1_13.h

@@ -0,0 +1,42 @@
+#ifndef OFFSETS_1_13_H
+#define OFFSETS_1_13_H
+
+uint64_t g_sym_map_113[] = {
+    0x0B30000,          // KERNEL_SYM_TEXT_END
+    0x4ADF5B0,          // KERNEL_SYM_DMPML4I
+    0x4ADF5B4,          // KERNEL_SYM_DMPDPI
+    0x4ADF30C,          // KERNEL_SYM_PML4PML4I
+    0x4ADF328,          // KERNEL_SYM_PMAP_STORE
+    0x7980000,          // KERNEL_SYM_DATA_CAVE
+    0x04A0640,          // KERNEL_SYM_PRINTF
+    0x08A6B70,          // KERNEL_SYM_SCESBLAUTHMGRISLOADABLE2
+    0x08A7720,          // KERNEL_SYM_SCESBLAUTHMGRGETSELFINFO
+    0x05A9D20,          // KERNEL_SYM_SCESBLACMGRGETPATHID
+    0x34575C0,          // KERNEL_SYM_M_TEMP
+    0x0A9D230,          // KERNEL_SYM_MALLOC
+    0x0A9D490,          // KERNEL_SYM_FREE
+    0x28D1CB8,          // KERNEL_SYM_MINI_SYSCORE_BIN
+    0x08A6BD0,          // KERNEL_SYM_SCESBLAUTHMGRVERIFYHEADER
+    0x0564030,          // KERNEL_SYM_SCESBLSERVICEMAILBOX
+    0x38AC368,          // KERNEL_SYM_CTXTABLE_MTX
+    0x38AC390,          // KERNEL_SYM_CTXSTATUS
+    0x38AC3A0,          // KERNEL_SYM_CTXTABLE
+    0x04B0AA0,          // KERNEL_SYM_MTX_LOCK_FLAGS
+    0x04B0F90,          // KERNEL_SYM_MTX_UNLOCK_FLAGS
+    0x0907FA0,          // KERNEL_SYM_RW_MEM
+    0x4211C18,          // KERNEL_SYM_ALLPROC
+    0x030D8A0,          // KERNEL_SYM_VM_MAP_LOCK_READ
+    0x030D8E0,          // KERNEL_SYM_VM_MAP_UNLOCK_READ
+    0x030DDB0,          // KERNEL_SYM_VM_MAP_LOOKUP_ENTRY
+    0x059F220,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_ENCRYPT
+    0x059F320,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_DECRYPT
+    0x0689B20,          // KERNEL_SYM_FPU_KERN_ENTER
+    0x0689C80,          // KERNEL_SYM_FPU_KERN_LEAVE
+    0x040B770,          // KERNEL_SYM_LACACRYPTO_RSADPCRT_CORE
+    0x0816270,          // KERNEL_SYM_SHA256_HMAC
+    0x032E330,          // KERNEL_SYM_SCE_SBL_SERVICE_CRYPT_ASYNC
+    0x072A1F0,          // KERNEL_SYM_SCE_SBL_FINALIZE_CRYPT_ASYNC
+    0x03AF6A0,          // SYS_FOPEN
+};
+
+#endif      // OFFSETS_1_13_H

Source Code/bootstrapper/Byepervisor/hen/include/offsets/1_14.h

@@ -0,0 +1,42 @@
+#ifndef OFFSETS_1_14_H
+#define OFFSETS_1_14_H
+
+uint64_t g_sym_map_114[] = {
+    0x0B30000,          // KERNEL_SYM_TEXT_END
+    0x4ADF5B0,          // KERNEL_SYM_DMPML4I
+    0x4ADF5B4,          // KERNEL_SYM_DMPDPI
+    0x4ADF30C,          // KERNEL_SYM_PML4PML4I
+    0x4ADF328,          // KERNEL_SYM_PMAP_STORE
+    0x7980000,          // KERNEL_SYM_DATA_CAVE
+    0x04A0640,          // KERNEL_SYM_PRINTF
+    0x08A6BE0,          // KERNEL_SYM_SCESBLAUTHMGRISLOADABLE2
+    0x08A7790,          // KERNEL_SYM_SCESBLAUTHMGRGETSELFINFO
+    0x05A9D40,          // KERNEL_SYM_SCESBLACMGRGETPATHID
+    0x34575C0,          // KERNEL_SYM_M_TEMP
+    0x0A9D7E0,          // KERNEL_SYM_MALLOC
+    0x0A9DA40,          // KERNEL_SYM_FREE
+    0x2805CB8,          // KERNEL_SYM_MINI_SYSCORE_BIN
+    0x08A6C40,          // KERNEL_SYM_SCESBLAUTHMGRVERIFYHEADER
+    0x0564050,          // KERNEL_SYM_SCESBLSERVICEMAILBOX
+    0x38AC368,          // KERNEL_SYM_CTXTABLE_MTX // NEEDS TO BE CHECKED
+    0x38AC390,          // KERNEL_SYM_CTXSTATUS
+    0x38AC3A0,          // KERNEL_SYM_CTXTABLE
+    0x04B0AA0,          // KERNEL_SYM_MTX_LOCK_FLAGS
+    0x04B0F90,          // KERNEL_SYM_MTX_UNLOCK_FLAGS
+    0x0908550,          // KERNEL_SYM_RW_MEM
+    0x4211C18,          // KERNEL_SYM_ALLPROC
+    0x030D8A0,          // KERNEL_SYM_VM_MAP_LOCK_READ
+    0x030D8E0,          // KERNEL_SYM_VM_MAP_UNLOCK_READ
+    0x030DDB0,          // KERNEL_SYM_VM_MAP_LOOKUP_ENTRY
+    0x059F240,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_ENCRYPT
+    0x059F340,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_DECRYPT
+    0x0689B40,          // KERNEL_SYM_FPU_KERN_ENTER
+    0x0689CA0,          // KERNEL_SYM_FPU_KERN_LEAVE
+    0x040B770,          // KERNEL_SYM_LACACRYPTO_RSADPCRT_CORE
+    0x08162E0,          // KERNEL_SYM_SHA256_HMAC
+    0x032E330,          // KERNEL_SYM_SCE_SBL_SERVICE_CRYPT_ASYNC
+    0x072A260,          // KERNEL_SYM_SCE_SBL_FINALIZE_CRYPT_ASYNC
+    0x03AF6A0,          // SYS_FOPEN
+};
+
+#endif // OFFSETS_1_14_H

Source Code/bootstrapper/Byepervisor/hen/include/offsets/2_00.h

@@ -0,0 +1,42 @@
+#ifndef OFFSETS_2_00_H
+#define OFFSETS_2_00_H
+
+static uint64_t g_sym_map_200[] = {
+    0x0B70000,          // KERNEL_SYM_TEXT_END
+    0x4CB3B50,          // KERNEL_SYM_DMPML4I
+    0x4CB3B54,          // KERNEL_SYM_DMPDPI
+    0x4CB38AC,          // KERNEL_SYM_PML4PML4I
+    0x4CB38C8,          // KERNEL_SYM_PMAP_STORE
+    0x7C40000,          // KERNEL_SYM_DATA_CAVE
+    0x0468450,          // KERNEL_SYM_PRINTF
+    0x08C2DA0,          // KERNEL_SYM_SCESBLAUTHMGRISLOADABLE2
+    0x08C3940,          // KERNEL_SYM_SCESBLAUTHMGRGETSELFINFO
+    0x0580890,          // KERNEL_SYM_SCESBLACMGRGETPATHID
+    0x34D31F0,          // KERNEL_SYM_M_TEMP
+    0x0AD1450,          // KERNEL_SYM_MALLOC
+    0x0AD1680,          // KERNEL_SYM_FREE
+    0x27FB448,          // KERNEL_SYM_MINI_SYSCORE_BIN
+    0x08C2E00,          // KERNEL_SYM_SCESBLAUTHMGRVERIFYHEADER
+    0x0534060,          // KERNEL_SYM_SCESBLSERVICEMAILBOX
+    0x3910370,          // KERNEL_SYM_CTXTABLE_MTX
+    0x3910390,          // KERNEL_SYM_CTXSTATUS
+    0x39103A0,          // KERNEL_SYM_CTXTABLE
+    0x047AD10,          // KERNEL_SYM_MTX_LOCK_FLAGS
+    0x047B200,          // KERNEL_SYM_MTX_UNLOCK_FLAGS
+    0x0929AF0,          // KERNEL_SYM_RW_MEM
+    0x4281C28,          // KERNEL_SYM_ALLPROC
+    0x02C3BD0,          // KERNEL_SYM_VM_MAP_LOCK_READ
+    0x02C3C10,          // KERNEL_SYM_VM_MAP_UNLOCK_READ
+    0x02C40E0,          // KERNEL_SYM_VM_MAP_LOOKUP_ENTRY
+    0x0574C40,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_ENCRYPT
+    0x0574D40,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_DECRYPT
+    0x067A460,          // KERNEL_SYM_FPU_KERN_ENTER
+    0x067A590,          // KERNEL_SYM_FPU_KERN_LEAVE
+    0x03CDC30,          // KERNEL_SYM_LACACRYPTO_RSADPCRT_CORE
+    0x08252C0,          // KERNEL_SYM_SHA256_HMAC
+    0x02E5870,          // KERNEL_SYM_SCE_SBL_SERVICE_CRYPT_ASYNC
+    0x0725F00,          // KERNEL_SYM_SCE_SBL_FINALIZE_CRYPT_ASYNC
+    0x036D890,          // SYS_FOPEN
+};
+
+#endif // OFFSETS_2_00_H

Source Code/bootstrapper/Byepervisor/hen/include/offsets/2_20.h

@@ -0,0 +1,42 @@
+#ifndef OFFSETS_2_20_H
+#define OFFSETS_2_20_H
+
+uint64_t g_sym_map_220[] = {
+    0x0B70000,          // KERNEL_SYM_TEXT_END
+    0x4CB3B50,          // KERNEL_SYM_DMPML4I
+    0x4CB3B54,          // KERNEL_SYM_DMPDPI
+    0x4CB38AC,          // KERNEL_SYM_PML4PML4I
+    0x4CB38C8,          // KERNEL_SYM_PMAP_STORE
+    0x7C40000,          // KERNEL_SYM_DATA_CAVE
+    0x04684A0,          // KERNEL_SYM_PRINTF
+    0x08C3240,          // KERNEL_SYM_SCESBLAUTHMGRISLOADABLE2
+    0x08C3DE0,          // KERNEL_SYM_SCESBLAUTHMGRGETSELFINFO
+    0x0580A00,          // KERNEL_SYM_SCESBLACMGRGETPATHID
+    0x34D32F0,          // KERNEL_SYM_M_TEMP
+    0x0AD1910,          // KERNEL_SYM_MALLOC
+    0x0AD1B40,          // KERNEL_SYM_FREE
+    0x2818488,          // KERNEL_SYM_MINI_SYSCORE_BIN
+    0x08C32A0,          // KERNEL_SYM_SCESBLAUTHMGRVERIFYHEADER
+    0x05340B0,          // KERNEL_SYM_SCESBLSERVICEMAILBOX
+    0x3910370,          // KERNEL_SYM_CTXTABLE_MTX
+    0x3910390,          // KERNEL_SYM_CTXSTATUS
+    0x39103A0,          // KERNEL_SYM_CTXTABLE
+    0x047AD60,          // KERNEL_SYM_MTX_LOCK_FLAGS
+    0x047B250,          // KERNEL_SYM_MTX_UNLOCK_FLAGS
+    0x0929FB0,          // KERNEL_SYM_RW_MEM
+    0x4281C28,          // KERNEL_SYM_ALLPROC
+    0x02C3C10,          // KERNEL_SYM_VM_MAP_LOCK_READ
+    0x02C3C50,          // KERNEL_SYM_VM_MAP_UNLOCK_READ
+    0x02C4120,          // KERNEL_SYM_VM_MAP_LOOKUP_ENTRY
+    0x0574DB0,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_ENCRYPT
+    0x0574EB0,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_DECRYPT
+    0x067A610,          // KERNEL_SYM_FPU_KERN_ENTER
+    0x067A740,          // KERNEL_SYM_FPU_KERN_LEAVE
+    0x03CDC80,          // KERNEL_SYM_LACACRYPTO_RSADPCRT_CORE
+    0x0825760,          // KERNEL_SYM_SHA256_HMAC
+    0x02E58B0,          // KERNEL_SYM_SCE_SBL_SERVICE_CRYPT_ASYNC
+    0x07263C0,          // KERNEL_SYM_SCE_SBL_FINALIZE_CRYPT_ASYNC
+    0x036D8D0,          // SYS_FOPEN
+};
+
+#endif // OFFSETS_2_20_H

Source Code/bootstrapper/Byepervisor/hen/include/offsets/2_25.h

@@ -0,0 +1,42 @@
+#ifndef OFFSETS_2_25_H
+#define OFFSETS_2_25_H
+
+uint64_t g_sym_map_225[] = {
+    0x0B70000,          // KERNEL_SYM_TEXT_END
+    0x4CB3B50,          // KERNEL_SYM_DMPML4I
+    0x4CB3B54,          // KERNEL_SYM_DMPDPI
+    0x4CB38AC,          // KERNEL_SYM_PML4PML4I
+    0x4CB38C8,          // KERNEL_SYM_PMAP_STORE
+    0x7C40000,          // KERNEL_SYM_DATA_CAVE
+    0x04684A0,          // KERNEL_SYM_PRINTF
+    0x08C32F0,          // KERNEL_SYM_SCESBLAUTHMGRISLOADABLE2
+    0x08C3E90,          // KERNEL_SYM_SCESBLAUTHMGRGETSELFINFO
+    0x0580AB0,          // KERNEL_SYM_SCESBLACMGRGETPATHID
+    0x34D32F0,          // KERNEL_SYM_M_TEMP
+    0x0AD19C0,          // KERNEL_SYM_MALLOC
+    0x0AD1BF0,          // KERNEL_SYM_FREE
+    0x2818488,          // KERNEL_SYM_MINI_SYSCORE_BIN
+    0x08C3350,          // KERNEL_SYM_SCESBLAUTHMGRVERIFYHEADER
+    0x0534160,          // KERNEL_SYM_SCESBLSERVICEMAILBOX
+    0x3910370,          // KERNEL_SYM_CTXTABLE_MTX
+    0x3910390,          // KERNEL_SYM_CTXSTATUS
+    0x39103A0,          // KERNEL_SYM_CTXTABLE
+    0x047AD60,          // KERNEL_SYM_MTX_LOCK_FLAGS
+    0x047B250,          // KERNEL_SYM_MTX_UNLOCK_FLAGS
+    0x092A060,          // KERNEL_SYM_RW_MEM
+    0x4281C28,          // KERNEL_SYM_ALLPROC
+    0x02C3C10,          // KERNEL_SYM_VM_MAP_LOCK_READ
+    0x02C3C50,          // KERNEL_SYM_VM_MAP_UNLOCK_READ
+    0x02C4120,          // KERNEL_SYM_VM_MAP_LOOKUP_ENTRY
+    0x0574E60,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_ENCRYPT
+    0x0574F60,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_DECRYPT
+    0x067A6C0,          // KERNEL_SYM_FPU_KERN_ENTER
+    0x067A7F0,          // KERNEL_SYM_FPU_KERN_LEAVE
+    0x03CDC80,          // KERNEL_SYM_LACACRYPTO_RSADPCRT_CORE
+    0x0825810,          // KERNEL_SYM_SHA256_HMAC
+    0x02E58B0,          // KERNEL_SYM_SCE_SBL_SERVICE_CRYPT_ASYNC
+    0x0726470,          // KERNEL_SYM_SCE_SBL_FINALIZE_CRYPT_ASYNC
+    0x036D8D0,          // SYS_FOPEN
+};
+
+#endif // OFFSETS_2_25_H

Source Code/bootstrapper/Byepervisor/hen/include/offsets/2_26.h

@@ -0,0 +1,42 @@
+#ifndef OFFSETS_2_26_H
+#define OFFSETS_2_26_H
+
+uint64_t g_sym_map_226[] = {
+    0x0B70000,          // KERNEL_SYM_TEXT_END
+    0x4CB3B50,          // KERNEL_SYM_DMPML4I
+    0x4CB3B54,          // KERNEL_SYM_DMPDPI
+    0x4CB38AC,          // KERNEL_SYM_PML4PML4I
+    0x4CB38C8,          // KERNEL_SYM_PMAP_STORE
+    0x7C40000,          // KERNEL_SYM_DATA_CAVE
+    0x04684A0,          // KERNEL_SYM_PRINTF
+    0x08C3320,          // KERNEL_SYM_SCESBLAUTHMGRISLOADABLE2
+    0x08C3EC0,          // KERNEL_SYM_SCESBLAUTHMGRGETSELFINFO
+    0x0580AB0,          // KERNEL_SYM_SCESBLACMGRGETPATHID
+    0x34D32F0,          // KERNEL_SYM_M_TEMP
+    0x0AD19F0,          // KERNEL_SYM_MALLOC
+    0x0AD1C20,          // KERNEL_SYM_FREE
+    0x2818488,          // KERNEL_SYM_MINI_SYSCORE_BIN
+    0x08C3380,          // KERNEL_SYM_SCESBLAUTHMGRVERIFYHEADER
+    0x0534160,          // KERNEL_SYM_SCESBLSERVICEMAILBOX
+    0x3910370,          // KERNEL_SYM_CTXTABLE_MTX
+    0x3910390,          // KERNEL_SYM_CTXSTATUS
+    0x39103A0,          // KERNEL_SYM_CTXTABLE
+    0x047AD60,          // KERNEL_SYM_MTX_LOCK_FLAGS
+    0x047B250,          // KERNEL_SYM_MTX_UNLOCK_FLAGS
+    0x092A090,          // KERNEL_SYM_RW_MEM
+    0x4281C28,          // KERNEL_SYM_ALLPROC
+    0x02C3C10,          // KERNEL_SYM_VM_MAP_LOCK_READ
+    0x02C3C50,          // KERNEL_SYM_VM_MAP_UNLOCK_READ
+    0x02C4120,          // KERNEL_SYM_VM_MAP_LOOKUP_ENTRY
+    0x0574E60,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_ENCRYPT
+    0x0574F60,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_DECRYPT
+    0x067A6C0,          // KERNEL_SYM_FPU_KERN_ENTER
+    0x067A7F0,          // KERNEL_SYM_FPU_KERN_LEAVE
+    0x03CDC80,          // KERNEL_SYM_LACACRYPTO_RSADPCRT_CORE
+    0x0825840,          // KERNEL_SYM_SHA256_HMAC
+    0x02E58B0,          // KERNEL_SYM_SCE_SBL_SERVICE_CRYPT_ASYNC
+    0x0726470,          // KERNEL_SYM_SCE_SBL_FINALIZE_CRYPT_ASYNC
+    0x036D8D0,          // SYS_FOPEN
+};
+
+#endif      // OFFSETS_2_26_H

Source Code/bootstrapper/Byepervisor/hen/include/offsets/2_30.h

@@ -0,0 +1,44 @@
+#ifndef OFFSETS_2_30_H
+#define OFFSETS_2_30_H
+
+uint64_t g_sym_map_230[] = {
+    0x0B70000,          // KERNEL_SYM_TEXT_END
+    0x4CB3B50,          // KERNEL_SYM_DMPML4I
+    0x4CB3B54,          // KERNEL_SYM_DMPDPI
+    0x4CB38AC,          // KERNEL_SYM_PML4PML4I
+    0x4CB38C8,          // KERNEL_SYM_PMAP_STORE
+    0x7C40000,          // KERNEL_SYM_DATA_CAVE
+    0x0468400,          // KERNEL_SYM_PRINTF
+    0x08C35F0,          // KERNEL_SYM_SCESBLAUTHMGRISLOADABLE2
+    0x08C4190,          // KERNEL_SYM_SCESBLAUTHMGRGETSELFINFO
+    0x0580D80,          // KERNEL_SYM_SCESBLACMGRGETPATHID
+    0x34D3470,          // KERNEL_SYM_M_TEMP
+    0x0AD1E00,          // KERNEL_SYM_MALLOC
+    0x0AD2030,          // KERNEL_SYM_FREE
+    0x286E628,          // KERNEL_SYM_MINI_SYSCORE_BIN
+    0x08C3650,          // KERNEL_SYM_SCESBLAUTHMGRVERIFYHEADER
+    0x05340C0,          // KERNEL_SYM_SCESBLSERVICEMAILBOX
+    0x3910370,          // KERNEL_SYM_CTXTABLE_MTX
+    0x3910390,          // KERNEL_SYM_CTXSTATUS
+    0x39103A0,          // KERNEL_SYM_CTXTABLE
+    0x047ACC0,          // KERNEL_SYM_MTX_LOCK_FLAGS
+    0x047B1B0,          // KERNEL_SYM_MTX_UNLOCK_FLAGS
+    0x092A360,          // KERNEL_SYM_RW_MEM
+    0x4281C28,          // KERNEL_SYM_ALLPROC
+    0x02C38F0,          // KERNEL_SYM_VM_MAP_LOCK_READ
+    0x02C3930,          // KERNEL_SYM_VM_MAP_UNLOCK_READ
+    0x02C3E00,          // KERNEL_SYM_VM_MAP_LOOKUP_ENTRY
+    0x0575130,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_ENCRYPT
+    0x0575230,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_DECRYPT
+    0x067A990,          // KERNEL_SYM_FPU_KERN_ENTER
+    0x067AAC0,          // KERNEL_SYM_FPU_KERN_LEAVE
+    0x03CD980,          // KERNEL_SYM_LACACRYPTO_RSADPCRT_CORE
+    0x0825B10,          // KERNEL_SYM_SHA256_HMAC
+    0x02E5590,          // KERNEL_SYM_SCE_SBL_SERVICE_CRYPT_ASYNC
+    0x0726740,          // KERNEL_SYM_SCE_SBL_FINALIZE_CRYPT_ASYNC
+    0x036D5B0,          // SYS_FOPEN
+    0x093BA40, //KERNEL_SYM_DEVACTIOCTL
+
+};
+
+#endif // OFFSETS_2_30_H

Source Code/bootstrapper/Byepervisor/hen/include/offsets/2_50.h

@@ -0,0 +1,43 @@
+#ifndef OFFSETS_2_50_H
+#define OFFSETS_2_50_H
+
+uint64_t g_sym_map_250[] = {
+    0x0B70000,          // KERNEL_SYM_TEXT_END
+    0x4CB3B50,          // KERNEL_SYM_DMPML4I
+    0x4CB3B54,          // KERNEL_SYM_DMPDPI
+    0x4CB38AC,          // KERNEL_SYM_PML4PML4I
+    0x4CB38C8,          // KERNEL_SYM_PMAP_STORE
+    0x7C40000,          // KERNEL_SYM_DATA_CAVE
+    0x0468560,          // KERNEL_SYM_PRINTF
+    0x08C3800,          // KERNEL_SYM_SCESBLAUTHMGRISLOADABLE2
+    0x08C43A0,          // KERNEL_SYM_SCESBLAUTHMGRGETSELFINFO
+    0x0580EE0,          // KERNEL_SYM_SCESBLACMGRGETPATHID
+    0x34D34B0,          // KERNEL_SYM_M_TEMP
+    0x0AD20A0,          // KERNEL_SYM_MALLOC
+    0x0AD22D0,          // KERNEL_SYM_FREE
+    0x286E628,          // KERNEL_SYM_MINI_SYSCORE_BIN
+    0x08C3860,          // KERNEL_SYM_SCESBLAUTHMGRVERIFYHEADER
+    0x0534220,          // KERNEL_SYM_SCESBLSERVICEMAILBOX
+    0x3910370,          // KERNEL_SYM_CTXTABLE_MTX
+    0x3910390,          // KERNEL_SYM_CTXSTATUS
+    0x39103A0,          // KERNEL_SYM_CTXTABLE
+    0x047AE20,          // KERNEL_SYM_MTX_LOCK_FLAGS
+    0x047B310,          // KERNEL_SYM_MTX_UNLOCK_FLAGS
+    0x092A570,          // KERNEL_SYM_RW_MEM
+    0x4281C28,          // KERNEL_SYM_ALLPROC
+    0x02C39F0,          // KERNEL_SYM_VM_MAP_LOCK_READ
+    0x02C3A30,          // KERNEL_SYM_VM_MAP_UNLOCK_READ
+    0x02C3F00,          // KERNEL_SYM_VM_MAP_LOOKUP_ENTRY
+    0x0575290,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_ENCRYPT
+    0x0575390,          // KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_DECRYPT
+    0x067AA10,          // KERNEL_SYM_FPU_KERN_ENTER
+    0x067AB40,          // KERNEL_SYM_FPU_KERN_LEAVE
+    0x03CDAB0,          // KERNEL_SYM_LACACRYPTO_RSADPCRT_CORE
+    0x0825D20,          // KERNEL_SYM_SHA256_HMAC
+    0x02E5690,          // KERNEL_SYM_SCE_SBL_SERVICE_CRYPT_ASYNC
+    0x07267C0,          // KERNEL_SYM_SCE_SBL_FINALIZE_CRYPT_ASYNC
+    0x036D6D0,          // SYS_FOPEN
+    0x093BCC0           //
+};
+
+#endif // OFFSETS_2_50_H

Source Code/bootstrapper/Byepervisor/hen/include/patch_shellcore.h

@@ -0,0 +1,6 @@
+#ifndef PATCH_SHELLCORE_H
+#define PATCH_SHELLCORE_H
+
+void apply_shellcore_patches();
+
+#endif // PATCH_SHELLCORE_H

Source Code/bootstrapper/Byepervisor/hen/include/proc.h

@@ -0,0 +1,14 @@
+#ifndef PROC_H
+#define PROC_H
+
+#define PROC_OFFSET_P_PID       0x0BC
+#define PROC_OFFSET_P_VMSPACE   0x200
+#define PROC_OFFSET_P_COMM      0x564
+
+#define VM_ENTRY_OFFSET_NEXT    0x008
+#define VM_ENTRY_OFFSET_START   0x020
+#define VM_ENTRY_OFFSET_PROT    0x064
+#define VM_ENTRY_OFFSET_NAME    0x142
+
+
+#endif // PROC_H

Source Code/bootstrapper/Byepervisor/hen/include/shellcore_patches/1_00.h

@@ -0,0 +1,242 @@
+#ifndef SHELLCORE_PATCHES_1_00
+#define SHELLCORE_PATCHES_1_00
+
+#include "common.h"
+
+struct patch g_shellcore_patches_100[] = {
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x1e6a93,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x1e6adf,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x1e6b4b,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x91d263,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x91d2af,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x91d31b,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9a96e2,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xb70733,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xb7077f,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xb707eb,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * longjmp
+         */
+        0x42ef81,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * strfree
+         */
+        0x11e56f5,
+        "\x66\x72\x65\x65",
+        4
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x371137,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x371172,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x371501,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; ret
+         */
+        0x47af30,
+        "\x31\xC0\xFF\xC0\xC3",
+        5
+    },
+
+    {
+        /*
+         * PS4 Disc Installer Patch 1
+         */
+        0x1DDB1B,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 Disc Installer Patch 1
+         */
+        0x1DDB98,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 1
+         */
+        0x1DDC9B,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 1
+         */
+        0x1DDD6F,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 2
+         */
+        0x1DE1DA,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 2
+         */
+        0x1DE3AE,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 3
+         */
+        0x1DE75E,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 3
+         */
+        0x1DE824,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 4
+         */
+        0x41C6D7,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 4
+         */
+        0x41C7EC,
+        "\xEB",
+        1
+    }
+};
+
+#endif // SHELLCORE_PATCHES_1_00

Source Code/bootstrapper/Byepervisor/hen/include/shellcore_patches/1_02.h

@@ -0,0 +1,242 @@
+#ifndef SHELLCORE_PATCHES_1_02
+#define SHELLCORE_PATCHES_1_02
+
+#include "common.h"
+
+struct patch g_shellcore_patches_102[] = {
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x1e6a93,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x1e6adf,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x1e6b4b,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x91d263,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x91d2af,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x91d31b,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9a96e2,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xb70733,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xb7077f,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xb707eb,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * longjmp
+         */
+        0x42ef81,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * strfree
+         */
+        0x11e544e,
+        "\x66\x72\x65\x65",
+        4
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x371137,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x371172,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x371501,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; ret
+         */
+        0x47af30,
+        "\x31\xC0\xFF\xC0\xC3",
+        5
+    },
+
+    {
+        /*
+         * PS4 Disc Installer Patch 1
+         */
+        0x1DDB1B,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 Disc Installer Patch 1
+         */
+        0x1DDB98,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 1
+         */
+        0x1DDC9B,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 1
+         */
+        0x1DDD6F,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 2
+         */
+        0x1DE1DA,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 2
+         */
+        0x1DE3AE,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 3
+         */
+        0x1DE75E,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 3
+         */
+        0x1DE824,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 4
+         */
+        0x41C6D7,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 4
+         */
+        0x41C7EC,
+        "\xEB",
+        1
+    }
+};
+
+#endif // SHELLCORE_PATCHES_1_02

Source Code/bootstrapper/Byepervisor/hen/include/shellcore_patches/1_12.h

@@ -0,0 +1,242 @@
+#ifndef SHELLCORE_PATCHES_1_12
+#define SHELLCORE_PATCHES_1_12
+
+#include "common.h"
+
+struct patch g_shellcore_patches_112[] = {
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x1E69E3,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x1E6A2F,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x1E6A9B,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x91D9B3,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x91D9FF,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x91DA6B,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9A9E42,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xB70F13,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xB70F5F,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xB70FCB,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * longjmp
+         */
+        0x42F411,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * strfree
+         */
+        0x11E9EEE,
+        "\x66\x72\x65\x65",
+        4
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x371547,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x371582,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x371911,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; ret
+         */
+        0x47B3C0,
+        "\x31\xC0\xFF\xC0\xC3",
+        5
+    },
+
+    {
+        /*
+         * PS4 Disc Installer Patch 1
+         */
+        0x1DDAFB,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 Disc Installer Patch 1
+         */
+        0x1DDB78,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 1
+         */
+        0x1DDC7B,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 1
+         */
+        0x1DDD4F,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 2
+         */
+        0x1DE1BA,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 2
+         */
+        0x1DE38E,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 3
+         */
+        0x1DE73E,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 3
+         */
+        0x1DE804,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 4
+         */
+        0x41CB67,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 4
+         */
+        0x41CC7C,
+        "\xEB",
+        1
+    }
+};
+
+#endif // SHELLCORE_PATCHES_1_12

Source Code/bootstrapper/Byepervisor/hen/include/shellcore_patches/1_14.h

@@ -0,0 +1,242 @@
+#ifndef SHELLCORE_PATCHES_1_14
+#define SHELLCORE_PATCHES_1_14
+
+#include "common.h"
+
+struct patch g_shellcore_patches_114[] = {
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x1E69E3,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x1E6A2F,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x1E6A9B,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x91DC83,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x91DCCF,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x91DD3B,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9AA102,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xB711D3,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xB7121F,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xB7128B,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * longjmp
+         */
+        0x42F511,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * strfree
+         */
+        0x11E9741,
+        "\x66\x72\x65\x65",
+        4
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x371547,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x371582,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x371911,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; ret
+         */
+        0x47B5C0,
+        "\x31\xC0\xFF\xC0\xC3",
+        5
+    },
+
+    {
+        /*
+         * PS4 Disc Installer Patch 1
+         */
+        0x1DDAFB,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 Disc Installer Patch 1
+         */
+        0x1DDB78,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 1
+         */
+        0x1DDC7B,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 1
+         */
+        0x1DDD4F,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 2
+         */
+        0x1DE1BA,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 2
+         */
+        0x1DE38E,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 3
+         */
+        0x1DE73E,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 3
+         */
+        0x1DE804,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 4
+         */
+        0x41CBC7,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 4
+         */
+        0x41CCDC,
+        "\xEB",
+        1
+    }
+};
+
+#endif // SHELLCORE_PATCHES_1_14

Source Code/bootstrapper/Byepervisor/hen/include/shellcore_patches/2_00.h

@@ -0,0 +1,251 @@
+#ifndef SHELLCORE_PATCHES_2_00
+#define SHELLCORE_PATCHES_2_00
+
+#include "common.h"
+
+struct patch g_shellcore_patches_200[] = {
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x21E513,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x21E55C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x21E5CC,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D4433,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D447C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D44EC,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xA62A32,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC61D13,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC61D5C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC61DCC,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * longjmp
+         */
+        0x49C0D1,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * strfree
+         */
+        0x136DE1C,
+        "\x66\x72\x65\x65",
+        4
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D3764,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D379F,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D3B2E,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; ret
+         */
+        0x4E7020,
+        "\x31\xC0\xFF\xC0\xC3",
+        5
+    },
+
+    {
+        /*
+         * PS4 Disc Installer Patch 1
+         */
+        0x21585B,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 Disc Installer Patch 1
+         */
+        0x2158D8,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 1
+         */
+        0x2159DB,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 1
+         */
+        0x215AAF,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 2
+         */
+        0x215F1A,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 2
+         */
+        0x2160EE,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 3
+         */
+        0x2164A5,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 3
+         */
+        0x216542,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 4
+         */
+        0x487847,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 4
+         */
+        0x48795C,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PKG Installer Patch
+         */
+        0x4897B0,
+        "\x48\x31\xC0\xC3",
+        4
+    }
+};
+
+#endif // SHELLCORE_PATCHES_2_00

Source Code/bootstrapper/Byepervisor/hen/include/shellcore_patches/2_20.h

@@ -0,0 +1,251 @@
+#ifndef SHELLCORE_PATCHES_2_20
+#define SHELLCORE_PATCHES_2_20
+
+#include "common.h"
+
+struct patch g_shellcore_patches_220[] = {
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x21E7B3,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x21E7FC,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x21E86C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D4783,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D47CC,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D483C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xA62D92,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC62073,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC620BC,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC6212C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * longjmp
+         */
+        0x49C421,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * strfree
+         */
+        0x1371F7E,
+        "\x66\x72\x65\x65",
+        4
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D3A34,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D3A6F,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D3DFE,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; ret
+         */
+        0x4E7370,
+        "\x31\xC0\xFF\xC0\xC3",
+        5
+    },
+
+    {
+        /*
+         * PS4 Disc Installer Patch 1
+         */
+        0x215AFB,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 Disc Installer Patch 1
+         */
+        0x215B78,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 1
+         */
+        0x215C7B,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 1
+         */
+        0x215D4F,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 2
+         */
+        0x2161BA,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 2
+         */
+        0x21638E,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 3
+         */
+        0x216745,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 3
+         */
+        0x2167E2,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 4
+         */
+        0x487B97,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 4
+         */
+        0x487CAC,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PKG Installer Patch
+         */
+        0x489B00,
+        "\x48\x31\xC0\xC3",
+        4
+    }
+};
+
+#endif // SHELLCORE_PATCHES_2_20

Source Code/bootstrapper/Byepervisor/hen/include/shellcore_patches/2_25.h

@@ -0,0 +1,252 @@
+#ifndef SHELLCORE_PATCHES_2_25
+#define SHELLCORE_PATCHES_2_25
+
+#include "common.h"
+
+struct patch g_shellcore_patches_225[] = {
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x21ED03,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x21ED4C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x21EDBC,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D4CD3,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D4D1C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D4D8C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xA632D2,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC625B3,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC625FC,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC6266C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * longjmp
+         */
+        0x49C971,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * strfree
+         */
+        0x1371C5F,
+        "\x66\x72\x65\x65",
+        4
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D3F84,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D3FBF,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D434E,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; ret
+         */
+        0x4E78C0,
+        "\x31\xC0\xFF\xC0\xC3",
+        5
+    },
+
+    {
+        /*
+         * PS4 Disc Installer Patch 1
+         */
+        0x215AFB,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 Disc Installer Patch 1
+         */
+        0x215B78,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 1
+         */
+        0x215C7B,
+        "\xEB",
+        1
+    },
+
+
+    {
+        /*
+         * PS5 PKG Installer Patch 1
+         */
+         0x215D4F,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 2
+         */
+        0x2161BA,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 2
+         */
+         0x21638E,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 3
+         */
+        0x216745,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 3
+         */
+        0x2167E2,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 4
+         */
+        0x4880E7,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 4
+         */
+        0x4881FC,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PKG Installer Patch
+         */
+        0x48A050,
+        "\x48\x31\xC0\xC3",
+        4
+    }
+};
+
+#endif // SHELLCORE_PATCHES_2_25

Source Code/bootstrapper/Byepervisor/hen/include/shellcore_patches/2_26.h

@@ -0,0 +1,251 @@
+#ifndef SHELLCORE_PATCHES_2_26
+#define SHELLCORE_PATCHES_2_26
+
+#include "common.h"
+
+struct patch g_shellcore_patches_226[] = {
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x220473,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x2204BC,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x22052C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D6483,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D64CC,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D653C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xA64A92,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC63D73,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC63DBC,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC63E2C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * longjmp
+         */
+        0x49E121,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * strfree
+         */
+        0x13724D4,
+        "\x66\x72\x65\x65",
+        4
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D56F4,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D572F,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D5ABE,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; ret
+         */
+        0x4E9070,
+        "\x31\xC0\xFF\xC0\xC3",
+        5
+    },
+
+    {
+        /*
+         * PS4 Disc Installer Patch 1
+         */
+        0x21726B,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 Disc Installer Patch 1
+         */
+        0x2172E8,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 1
+         */
+        0x2173EB,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 1
+         */
+        0x2174BF,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 2
+         */
+        0x21792A,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 2
+         */
+        0x217AFE,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 3
+         */
+        0x217EB5,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 3
+         */
+        0x217F52,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 4
+         */
+        0x489897,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 4
+         */
+        0x4899C3,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PKG Installer Patch
+         */
+        0x48B800,
+        "\x48\x31\xC0\xC3",
+        4
+    }
+};
+
+#endif // SHELLCORE_PATCHES_2_26

Source Code/bootstrapper/Byepervisor/hen/include/shellcore_patches/2_30.h

@@ -0,0 +1,251 @@
+#ifndef SHELLCORE_PATCHES_2_30
+#define SHELLCORE_PATCHES_2_30
+
+#include "common.h"
+
+struct patch g_shellcore_patches_230[] = {
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x220623,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x22066C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x2206DC,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D7043,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D708C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D70FC,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xA65652,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC64933,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC6497C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC649EC,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * longjmp
+         */
+        0x49E8C1,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * strfree
+         */
+        0x1371BFD,
+        "\x66\x72\x65\x65",
+        4
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D5E94,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D5ECF,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D625E,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; ret
+         */
+        0x4E9890,
+        "\x31\xC0\xFF\xC0\xC3",
+        5
+    },
+
+    {
+        /*
+         * PS4 Disc Installer Patch 1
+         */
+        0x21741B,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 Disc Installer Patch 1
+         */
+        0x217498,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 1
+         */
+        0x21759B,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 1
+         */
+        0x21766F,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 2
+         */
+        0x217ADA,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 2
+         */
+        0x217CAE,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 3
+         */
+        0x218065,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 3
+         */
+        0x218102,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 4
+         */
+        0x48A037,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 4
+         */
+        0x48A14C,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PKG Installer Patch
+         */
+        0x48BFA0,
+        "\x48\x31\xC0\xC3",
+        4
+    }
+};
+
+#endif // SHELLCORE_PATCHES_2_30

Source Code/bootstrapper/Byepervisor/hen/include/shellcore_patches/2_50.h

@@ -0,0 +1,251 @@
+#ifndef SHELLCORE_PATCHES_2_50
+#define SHELLCORE_PATCHES_2_50
+
+#include "common.h"
+
+struct patch g_shellcore_patches_250[] = {
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x2203C3,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x22040C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x22047C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D83F3,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D843C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D84AC,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xA669F2,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC65CD3,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC65D1C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC65D8C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * longjmp
+         */
+        0x49FC71,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * strfree
+         */
+        0x1376A0B,
+        "\x66\x72\x65\x65",
+        4
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D7244,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D727F,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D760E,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; ret
+         */
+        0x4EAC40,
+        "\x31\xC0\xFF\xC0\xC3",
+        5
+    },
+
+    {
+        /*
+         * PS4 Disc Installer Patch 1
+         */
+        0x2171BB,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 Disc Installer Patch 1
+         */
+        0x217238,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 1
+         */
+        0x21733B,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 1
+         */
+        0x21740F,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 2
+         */
+        0x21787A,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 2
+         */
+         0x217A4E,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 3
+         */
+        0x217E05,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 3
+         */
+        0x217EA2,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 4
+         */
+        0x48B3E7,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 4
+         */
+        0x48B4FC,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PKG Installer
+         */
+        0x48D350,
+        "\x48\x31\xC0\xC3",
+        4
+    }
+};
+
+#endif // SHELLCORE_PATCHES_2_50

Source Code/bootstrapper/Byepervisor/hen/include/shellcore_patches/2_70.h

@@ -0,0 +1,251 @@
+#ifndef SHELLCORE_PATCHES_2_70
+#define SHELLCORE_PATCHES_2_70
+
+#include "common.h"
+
+struct patch g_shellcore_patches_270[] = {
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x2203C3,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x22040C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x22047C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D83F3,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D843C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0x9D84AC,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xA669F2,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC65CD3,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC65D1C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; nop; nop; nop
+         */
+        0xC65D8C,
+        "\x31\xC0\x90\x90\x90",
+        5
+    },
+
+    {
+        /*
+         * longjmp
+         */
+        0x49FC71,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * strfree
+         */
+        0x13767F5,
+        "\x66\x72\x65\x65",
+        4
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D7244,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D727F,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; nop
+         */
+        0x3D760E,
+        "\x31\xC0\xFF\xC0\x90",
+        5
+    },
+
+    {
+        /*
+         * xor eax, eax; inc eax; ret
+         */
+        0x4EAC40,
+        "\x31\xC0\xFF\xC0\xC3",
+        5
+    },
+
+    {
+        /*
+         * PS4 Disc Installer Patch 1
+         */
+        0x2171BB,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 Disc Installer Patch 1
+         */
+        0x217238,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 1
+         */
+        0x21733B,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 1
+         */
+        0x21740F,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 2
+         */
+        0x21787A,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 2
+         */
+         0x217A4E,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 3
+         */
+        0x217E05,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 3
+         */
+        0x217EA2,
+        "\x90\xE9",
+        2
+    },
+
+    {
+        /*
+         * PS4 PKG Installer Patch 4
+         */
+        0x48B3E7,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PS5 PKG Installer Patch 4
+         */
+        0x48B4FC,
+        "\xEB",
+        1
+    },
+
+    {
+        /*
+         * PKG Installer Patch
+         */
+        0x48D350,
+        "\x48\x31\xC0\xC3",
+        4
+    }
+};
+
+#endif // SHELLCORE_PATCHES_2_70

Source Code/bootstrapper/Byepervisor/hen/include/shellcore_patches/common.h

@@ -0,0 +1,30 @@
+#ifndef COMMON_H
+#define COMMON_H
+
+struct patch
+{
+    uint64_t offset;
+    const char data[0x100];
+    int size;
+};
+
+enum	uio_rw { UIO_READ, UIO_WRITE };
+
+/* Segment flag values. */
+enum uio_seg {
+	UIO_USERSPACE,		/* from user data space */
+	UIO_SYSSPACE,		/* from system space */
+	UIO_NOCOPY		    /* don't copy, already in object */
+};
+
+struct uio {
+	struct	iovec *uio_iov;		/* scatter/gather list */
+	int	uio_iovcnt;		/* length of scatter/gather list */
+	off_t	uio_offset;		/* offset in target object */
+	ssize_t	uio_resid;		/* remaining bytes to process */
+	enum	uio_seg uio_segflg;	/* address space */
+	enum	uio_rw uio_rw;		/* operation */
+	void *uio_td;		/* owner */
+};
+
+#endif // COMMON_H

Source Code/bootstrapper/Byepervisor/hen/include/util.h

@@ -0,0 +1,23 @@
+#pragma once
+#ifndef UTIL_H
+#define UTIL_H
+
+#include <sys/types.h>
+
+#define PAD_(t) (sizeof(register_t) <= sizeof(t) ? \
+                    0 : sizeof(register_t) - sizeof(t))
+
+uint64_t get_dmap_addr(uint64_t pa);
+
+void *find_proc_by_name(const char *name);
+void *get_proc_vmmap(void *proc);
+
+void memcpy(void *dest, const void *src, size_t n);
+size_t strlen(const char *str);
+char *strstr(const char *str, const char *substring);
+int strncmp(const char * s1, const char * s2, size_t n);
+bool if_exists(const char * path);
+
+extern void *curthread;
+
+#endif // UTIL_H

Source Code/bootstrapper/Byepervisor/hen/link.x

@@ -0,0 +1,83 @@
+OUTPUT_FORMAT("elf64-x86-64")
+OUTPUT_ARCH(i386:x86-64)
+
+ENTRY(_start)
+
+PHDRS
+{
+	/*
+	 * PF_X = 0x1
+	 * PF_W = 0x2
+	 * PF_R = 0x4
+	 */
+
+	ph_text PT_LOAD FLAGS (0x1 | 0x4);
+	ph_relro PT_LOAD FLAGS (0x4);
+	ph_data PT_LOAD FLAGS (0x2 | 0x4);
+	ph_dyn PT_DYNAMIC FLAGS(0x2 | 0x4);
+}
+
+SECTIONS
+{
+	__payload_base = .;
+
+	.text :
+	{
+		KEEP (*(.init))
+		KEEP (*(.fini))
+
+        *(.text.prologue);
+		*(.text .text.*)
+
+		. = ALIGN(4);
+	} : ph_text = 0x90909090
+
+	.rodata :
+	{
+		*(.rodata .rodata.*)
+	}
+
+	.eh_frame :
+	{
+ 		*(.eh_frame.*)
+	}
+
+	. = ALIGN(0x4000);
+
+	.data.rel.ro :
+	{
+		*(.data.rel.ro .data.rel.ro.*)
+	} : ph_relro
+
+	.rela :
+	{
+		*(.rela *.rela.*)
+
+		. = ALIGN(4);
+	}
+
+	. = ALIGN(0x4000);
+
+	.data :
+	{
+		*(.data .data.*)
+
+		. = ALIGN(0x10);
+
+		__imports_start = .;
+		KEEP(*(.imports .imports.*))
+		__imports_end = .;
+
+		__patches_start = .;
+		KEEP(*(.patches .patches.*))
+		QUAD(0); BYTE(0); BYTE(0);
+		__patches_end = .;
+
+		__bss_start = .;
+		*(.bss .bss.*) *(COMMON)
+		__bss_end = .;
+
+		. = . + 4;
+		. = ALIGN(4);
+	} : ph_data
+}

Source Code/bootstrapper/Byepervisor/hen/src/crt0.s

@@ -0,0 +1,7 @@
+.intel_syntax noprefix
+.text
+
+.section .text.prologue
+.global _start
+_start:
+    jmp		kernel_main

Source Code/bootstrapper/Byepervisor/hen/src/fkeys.cpp

@@ -0,0 +1,54 @@
+/*
+ * Credit: sleirsgoevy
+ * https://github.com/sleirsgoevy/ps4jb-payloads/blob/87f31afca6afc573d953e8343113c179a416e1b0/ps5-kstuff/uelf/fakekeys.c
+ */
+
+#include <stdint.h>
+
+#include "fkeys.h"
+#include "util.h"
+
+struct key_area shared_area = {};
+
+int register_fake_key(const char key_data[32])
+{
+    uint64_t mask, mask1;
+    mask = __atomic_load_n(&shared_area.bitmask, __ATOMIC_ACQUIRE);
+    do
+    {
+        mask1 = (mask | (mask + 1)) & ((1ull << 63) - 1);
+        if(mask1 == mask)
+            return -1;
+    }
+    while(!__atomic_compare_exchange_n(&shared_area.bitmask, &mask, mask1, 1, __ATOMIC_RELEASE, __ATOMIC_ACQUIRE));
+    int key_idx = 63 - __builtin_clzll(mask ^ mask1);
+    memcpy(shared_area.key_data[key_idx], key_data, 32);
+    return key_idx;
+}
+
+int unregister_fake_key(int key_id)
+{
+    if(key_id < 0 || key_id >= 63)
+        return 0;
+    uint64_t mask, mask1;
+    mask = __atomic_load_n(&shared_area.bitmask, __ATOMIC_ACQUIRE);
+    do
+    {
+        if(!(mask & (1ull << key_id)))
+            return 0;
+        mask1 = mask & ~(1ull << key_id);
+    }
+    while(!__atomic_compare_exchange_n(&shared_area.bitmask, &mask, mask1, 1, __ATOMIC_RELEASE, __ATOMIC_ACQUIRE));
+    return 1;
+}
+
+int get_fake_key(int key_id, char key_data[32])
+{
+    if(key_id < 0 || key_id >= 63)
+        return 0;
+    uint64_t mask = __atomic_load_n(&shared_area.bitmask, __ATOMIC_ACQUIRE);
+    if(!(mask & (1ull << key_id)))
+        return 0;
+    memcpy(key_data, shared_area.key_data[key_id], 32);
+    return 1;
+}

Source Code/bootstrapper/Byepervisor/hen/src/fpkg.cpp

@@ -0,0 +1,585 @@
+#include <sys/types.h>
+#include <sys/param.h>
+
+#include "fkeys.h"
+#include "fpkg.h"
+#include "hook.h"
+#include "kdlsym.h"
+#include "util.h"
+
+#define IDX_TO_HANDLE(x) (0x13374100 | ((uint8_t)((x)+1)))
+#define HANDLE_TO_IDX(x) ((((x) & 0xffffff00) == 0x13374100 ? ((int)(uint8_t)(x)) : (int)0) - 1)
+
+constexpr uint8_t rif_debug_key[] = {
+    0x96, 0xC2, 0x26, 0x8D, 0x69, 0x26, 0x1C, 0x8B, 0x1E, 0x3B, 0x6B, 0xFF, 0x2F, 0xE0, 0x4E, 0x12
+};
+
+const uint8_t g_ypkg_p[] =
+{
+    0x2D, 0xE8, 0xB4, 0x65, 0xBE, 0x05, 0x78, 0x6A, 0x89, 0x31, 0xC9, 0x5A, 0x44, 0xDE, 0x50, 0xC1,
+    0xC7, 0xFD, 0x9D, 0x3E, 0x21, 0x42, 0x17, 0x40, 0x79, 0xF9, 0xC9, 0x41, 0xC1, 0xFC, 0xD7, 0x0F,
+    0x34, 0x76, 0xA3, 0xE2, 0xC0, 0x1B, 0x5A, 0x20, 0x0F, 0xAF, 0x2F, 0x52, 0xCD, 0x83, 0x34, 0x72,
+    0xAF, 0xB3, 0x12, 0x33, 0x21, 0x2C, 0x20, 0xB0, 0xC6, 0xA0, 0x2D, 0xB1, 0x59, 0xE3, 0xA7, 0xB0,
+    0x4E, 0x1C, 0x4C, 0x5B, 0x5F, 0x10, 0x9A, 0x50, 0x18, 0xCC, 0x86, 0x79, 0x25, 0xFF, 0x10, 0x02,
+    0x8F, 0x90, 0x03, 0xA9, 0x37, 0xBA, 0xF2, 0x1C, 0x13, 0xCC, 0x09, 0x45, 0x15, 0xB8, 0x55, 0x74,
+    0x0A, 0x28, 0x24, 0x04, 0xD1, 0x19, 0xAB, 0xB3, 0xCA, 0x44, 0xB6, 0xF8, 0x3D, 0xB1, 0x2A, 0x72,
+    0x88, 0x35, 0xE4, 0x86, 0x6B, 0x55, 0x47, 0x08, 0x25, 0x16, 0xAB, 0x69, 0x1D, 0xBF, 0xF6, 0xFE,
+};
+
+const uint8_t g_ypkg_q[] =
+{
+    0x23, 0x80, 0x77, 0x84, 0x4D, 0x6F, 0x9B, 0x24, 0x51, 0xFE, 0x2A, 0x6B, 0x28, 0x80, 0xA1, 0x9E,
+    0xBD, 0x6D, 0x18, 0xCA, 0x8D, 0x7D, 0x9E, 0x79, 0x5A, 0xE0, 0xB8, 0xEB, 0xD1, 0x3D, 0xF3, 0xD9,
+    0x02, 0x90, 0x2A, 0xA7, 0xB5, 0x7E, 0x9A, 0xA2, 0xD7, 0x2F, 0x21, 0xA8, 0x50, 0x7D, 0x8C, 0xA1,
+    0x91, 0x2F, 0xBF, 0x97, 0xBE, 0x92, 0xC2, 0xC1, 0x0D, 0x8C, 0x0C, 0x1F, 0xDE, 0x31, 0x35, 0x15,
+    0x39, 0x90, 0xCC, 0x97, 0x47, 0x2E, 0x7F, 0x09, 0xE9, 0xC3, 0x9C, 0xCE, 0x91, 0xB2, 0xC8, 0x58,
+    0x76, 0xE8, 0x70, 0x1D, 0x72, 0x5F, 0x4A, 0xE6, 0xAA, 0x36, 0x22, 0x94, 0xC6, 0x52, 0x90, 0xB3,
+    0x9F, 0x9B, 0xF0, 0xEF, 0x57, 0x8E, 0x53, 0xC3, 0xE3, 0x30, 0xC9, 0xD7, 0xB0, 0x3A, 0x0C, 0x79,
+    0x1B, 0x97, 0xA8, 0xD4, 0x81, 0x22, 0xD2, 0xB0, 0x82, 0x62, 0x7D, 0x00, 0x58, 0x47, 0x9E, 0xC7,
+};
+
+const uint8_t g_ypkg_dmp1[] =
+{
+    0x25, 0x54, 0xDB, 0xFD, 0x86, 0x45, 0x97, 0x9A, 0x1E, 0x17, 0xF0, 0xE3, 0xA5, 0x92, 0x0F, 0x12,
+    0x2A, 0x5C, 0x4C, 0xA6, 0xA5, 0xCF, 0x7F, 0xE8, 0x5B, 0xF3, 0x65, 0x1A, 0xC8, 0xCF, 0x9B, 0xB9,
+    0x2A, 0xC9, 0x90, 0x5D, 0xD4, 0x08, 0xCF, 0xF6, 0x03, 0x5A, 0x5A, 0xFC, 0x9E, 0xB6, 0xDB, 0x11,
+    0xED, 0xE2, 0x3D, 0x62, 0xC1, 0xFC, 0x88, 0x5D, 0x97, 0xAC, 0x31, 0x2D, 0xC3, 0x15, 0xAD, 0x70,
+    0x05, 0xBE, 0xA0, 0x5A, 0xE6, 0x34, 0x9C, 0x44, 0x78, 0x2B, 0xE5, 0xFE, 0x38, 0x56, 0xD4, 0x68,
+    0x83, 0x13, 0xA4, 0xE6, 0xFA, 0xD2, 0x9C, 0xAB, 0xAC, 0x89, 0x5F, 0x10, 0x8F, 0x75, 0x6F, 0x04,
+    0xBC, 0xAE, 0xB9, 0xBC, 0xB7, 0x1D, 0x42, 0xFA, 0x4E, 0x94, 0x1F, 0xB4, 0x0A, 0x27, 0x9C, 0x6B,
+    0xAB, 0xC7, 0xD2, 0xEB, 0x27, 0x42, 0x52, 0x29, 0x41, 0xC8, 0x25, 0x40, 0x54, 0xE0, 0x48, 0x6D,
+};
+
+const uint8_t g_ypkg_dmq1[] =
+{
+    0x4D, 0x35, 0x67, 0x38, 0xBC, 0x90, 0x3E, 0x3B, 0xAA, 0x6C, 0xBC, 0xF2, 0xEB, 0x9E, 0x45, 0xD2,
+    0x09, 0x2F, 0xCA, 0x3A, 0x9C, 0x02, 0x36, 0xAD, 0x2E, 0xC1, 0xB1, 0xB2, 0x6D, 0x7C, 0x1F, 0x6B,
+    0xA1, 0x8F, 0x62, 0x20, 0x8C, 0xD6, 0x6C, 0x36, 0xD6, 0x5A, 0x54, 0x9E, 0x30, 0xA9, 0xA8, 0x25,
+    0x3D, 0x94, 0x12, 0x3E, 0x0D, 0x16, 0x1B, 0xF0, 0x86, 0x42, 0x72, 0xE0, 0xD6, 0x9C, 0x39, 0x68,
+    0xDB, 0x11, 0x80, 0x96, 0x18, 0x2B, 0x71, 0x41, 0x48, 0x78, 0xE8, 0x17, 0x8B, 0x7D, 0x00, 0x1F,
+    0x16, 0x68, 0xD2, 0x75, 0x97, 0xB5, 0xE0, 0xF2, 0x6D, 0x0C, 0x75, 0xAC, 0x16, 0xD9, 0xD5, 0xB1,
+    0xB5, 0x8B, 0xE8, 0xD0, 0xBF, 0xA7, 0x1F, 0x61, 0x5B, 0x08, 0xF8, 0x68, 0xE7, 0xF0, 0xD1, 0xBC,
+    0x39, 0x60, 0xBF, 0x55, 0x9C, 0x7C, 0x20, 0x30, 0xE8, 0x50, 0x28, 0x44, 0x02, 0xCE, 0x51, 0x2A,
+};
+
+const uint8_t g_ypkg_iqmp[] =
+{
+    0xF5, 0x73, 0xB8, 0x7E, 0x5C, 0x98, 0x7C, 0x87, 0x67, 0xF1, 0xDA, 0xAE, 0xA0, 0xF9, 0x4B, 0xAB,
+    0x77, 0xD8, 0xCE, 0x64, 0x6A, 0xC1, 0x4F, 0xA6, 0x9B, 0xB9, 0xAA, 0xCC, 0x76, 0x09, 0xA4, 0x3F,
+    0xB9, 0xFA, 0xF5, 0x62, 0x84, 0x0A, 0xB8, 0x49, 0x02, 0xDF, 0x9E, 0xC4, 0x1A, 0x37, 0xD3, 0x56,
+    0x0D, 0xA4, 0x6E, 0x15, 0x07, 0x15, 0xA0, 0x8D, 0x97, 0x9D, 0x92, 0x20, 0x43, 0x52, 0xC3, 0xB2,
+    0xFD, 0xF7, 0xD3, 0xF3, 0x69, 0xA2, 0x28, 0x4F, 0x62, 0x6F, 0x80, 0x40, 0x5F, 0x3B, 0x80, 0x1E,
+    0x5E, 0x38, 0x0D, 0x8B, 0x56, 0xA8, 0x56, 0x58, 0xD8, 0xD9, 0x6F, 0xEA, 0x12, 0x2A, 0x40, 0x16,
+    0xC1, 0xED, 0x3D, 0x27, 0x16, 0xA0, 0x63, 0x97, 0x61, 0x39, 0x55, 0xCC, 0x8A, 0x05, 0xFA, 0x08,
+    0x28, 0xFD, 0x55, 0x56, 0x31, 0x94, 0x65, 0x05, 0xE7, 0xD3, 0x57, 0x6C, 0x0D, 0x1C, 0x67, 0x0B,
+};
+
+const uint8_t g_FakeKeySeed[] =
+{
+    0x46, 0x41, 0x4B, 0x45, 0x46, 0x41, 0x4B, 0x45, 0x46, 0x41, 0x4B, 0x45, 0x46, 0x41, 0x4B, 0x45,
+};
+
+int npdrm_cmd_5_sceSblServiceMailbox(uint64_t handle, const NpDrmCmd5* input, NpDrmCmd5* output) {
+    //auto printf                 = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+    auto sceSblServiceMailbox   = (int (*)(uint64_t handle, void *in, void *out)) kdlsym(KERNEL_SYM_SCESBLSERVICEMAILBOX);
+
+    //printf("npdrm_cmd_5_sceSblServiceMailbox pre call\n");
+
+    int res = sceSblServiceMailbox(handle, (void *) input, output);
+    if(output->res == 0x800F0A01) {
+        //printf("fixup npdrm cmd 5\n");
+        auto layout = reinterpret_cast<RifCmd5MemoryLayout*>(get_dmap_addr(input->rif_pa));
+        if(layout->rif.type == 2) {
+
+            layout->output.version = __builtin_bswap16(layout->rif.version);
+            layout->output.unk04 = __builtin_bswap16(layout->rif.unk06);
+            layout->output.psnid = __builtin_bswap64(layout->rif.psnid);
+            layout->output.startTimestamp = __builtin_bswap64(layout->rif.startTimestamp);
+            layout->output.endTimestamp = __builtin_bswap64(layout->rif.endTimestamp);
+            layout->output.extraFlags = __builtin_bswap64(layout->rif.extraFlags);
+            layout->output.type = __builtin_bswap16(layout->rif.type);
+            layout->output.contentType = __builtin_bswap16(layout->rif.contentType);
+            layout->output.skuFlag = __builtin_bswap16(layout->rif.skuFlag);
+            layout->output.unk34 = __builtin_bswap32(layout->rif.unk60);
+            layout->output.unk38 = __builtin_bswap32(layout->rif.unk64);
+            layout->output.unk3C = 0;
+            layout->output.unk40 = 0;
+            layout->output.unk44 = 0;
+            memcpy(layout->output.contentId, layout->rif.contentId, 0x30);
+            memcpy(layout->output.rifIv, layout->rif.rifIv, 0x10);
+            layout->output.unk88 = __builtin_bswap32(layout->rif.unk70);
+            layout->output.unk8C = __builtin_bswap32(layout->rif.unk74);
+            layout->output.unk90 = __builtin_bswap32(layout->rif.unk78);
+            layout->output.unk94 = __builtin_bswap32(layout->rif.unk7C);
+            memcpy(layout->output.unk98, layout->rif.unk80, 0x10);
+            if (layout->output.skuFlag == 2) {
+                layout->output.skuFlag = 1;
+            }
+
+            output->res = 0;
+            res = 0;
+        }
+    }
+
+    return res;
+}
+
+int npdrm_cmd_6_sceSblServiceMailbox(uint64_t handle, const NpDrmCmd6* input, NpDrmCmd6* output) {
+    //auto printf                 = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+    auto sceSblServiceMailbox   = (int (*)(uint64_t handle, void *in, void *out)) kdlsym(KERNEL_SYM_SCESBLSERVICEMAILBOX);
+    auto bnet_crypto_aes_cbc_cfb128_decrypt = (void (*)(void *, void *, size_t, void *, size_t, void *)) kdlsym(KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_DECRYPT);
+
+    //printf("npdrm_cmd_6_sceSblServiceMailbox pre call\n");
+
+    int res = sceSblServiceMailbox(handle, (void *) input, output);
+    if(output->res == 0x800F0A01) {
+        //printf("fixup npdrm cmd\n");
+        auto va = reinterpret_cast<Rif*>(get_dmap_addr(input->rif_pa));
+        if(va->type == 0x2) {
+            bnet_crypto_aes_cbc_cfb128_decrypt(va->rifSecret, va->rifSecret, sizeof(va->rifSecret), (void *) rif_debug_key, 128, va->rifIv);
+            memcpy(output->unk10, &va->rifSecret[0x70], 0x10);
+            memcpy(output->unk20, &va->rifSecret[0x80], 0x10);
+            output->res = 0;
+        }
+
+    }
+
+    return res;
+}
+
+int RsaesPkcs1v15Dec2048CRT(RsaBuffer *output, RsaBuffer *input, RsaKey *key) {
+    //auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+    auto M_TEMP = (void *) kdlsym(KERNEL_SYM_M_TEMP);
+    auto malloc = (void*(*)(unsigned long size, void* type, int flags)) kdlsym(KERNEL_SYM_MALLOC);
+    auto free   = (void(*)(void* addr, void* type)) kdlsym(KERNEL_SYM_FREE);
+    auto fpu_kern_enter = (int (*)(void *td, void *ctx, int)) kdlsym(KERNEL_SYM_FPU_KERN_ENTER);
+    auto fpu_kern_leave = (int (*)(void *td, void *ctx)) kdlsym(KERNEL_SYM_FPU_KERN_LEAVE);
+    auto LoCACRYPTO_rsadpCRT_core = (int (*)(void *, void *, void *, size_t)) kdlsym(KERNEL_SYM_LACACRYPTO_RSADPCRT_CORE);
+
+    auto fpu_ctx = (void *) malloc(0x1000, M_TEMP, 0x102);
+    auto thr = curthread;
+    fpu_kern_enter(thr, fpu_ctx, 0);
+
+    uint8_t buffer[0x200];
+    int res = -1;
+    if(input->size != 0x100) {
+        fpu_kern_leave(thr, fpu_ctx);
+        free(fpu_ctx, M_TEMP);
+        return res;
+    }
+
+    for(int i = 0; i < 0x100; i++) {
+        buffer[0x80 + i] = input->ptr[0xFF - i];
+    }
+
+    if(LoCACRYPTO_rsadpCRT_core(&buffer[0x80], &buffer[0x80], key, 0x40) == -1) {
+        fpu_kern_leave(thr, fpu_ctx);
+        free(fpu_ctx, M_TEMP);
+        return res;
+    }
+
+    for(int i = 0; i < 0x20; i++) {
+        output->ptr[i] = buffer[0x9F - i];
+    }
+
+    fpu_kern_leave(thr, fpu_ctx);
+    free(fpu_ctx, M_TEMP);
+    return 0;
+}
+
+int aes_ecb_128_enc_one_block(char *key, char *data)
+{
+    auto bnet_crypto_aes_cbc_cfb128_encrypt = (int (*)(void *, void *, size_t, void *, size_t, void *)) kdlsym(KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_ENCRYPT);
+
+    uint8_t iv[0x10] = {};
+    return bnet_crypto_aes_cbc_cfb128_encrypt(data, data, 0x10, key, 128, iv);
+}
+
+int aes_ecb_128_dec_one_block(char *key, char *data)
+{
+    auto bnet_crypto_aes_cbc_cfb128_decrypt = (int (*)(void *, void *, size_t, void *, size_t, void *)) kdlsym(KERNEL_SYM_BNET_CRYPTO_AES_CBC_CFB128_DECRYPT);
+
+    uint8_t iv[0x10] = {};
+    return bnet_crypto_aes_cbc_cfb128_decrypt(data, data, 0x10, key, 128, iv);
+}
+
+void aes_xts_4096_dec(void *buffer, void *out, uint32_t num_sectors, uint32_t start_sector, const void *xts_data, const void *xts_tweak, int is_enc)
+{
+    uint8_t *_buffer = (uint8_t*)buffer;
+    uint8_t *_out    = (uint8_t*)out;
+
+    //auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+
+    //printf("aes_xts_4096_dec: num_sectors = %d (start_sector = %d), is_enc = %d\n", num_sectors, start_sector, is_enc);
+
+    if (_buffer != _out)
+        memcpy(_out, _buffer, num_sectors * 0x1000);
+    for(uint32_t i = 0; i < num_sectors; i++) {
+        uint8_t tweak[0x10] = {};
+
+        *(uint64_t*)(&tweak[0x0]) = start_sector + i;
+        aes_ecb_128_enc_one_block((char *) xts_tweak, (char *) tweak);
+
+        for(int ii = 0; ii < 0x1000; ii+=0x10) {
+            for(int iii = 0; iii < 0x10; iii++) {
+                _out[i * 0x1000 + ii + iii] ^= tweak[iii];
+            }
+            if (!is_enc) {
+                aes_ecb_128_dec_one_block((char *) xts_data, (char *) &_out[i * 0x1000 + ii]);
+            } else {
+                aes_ecb_128_enc_one_block((char *) xts_data, (char *) &_out[i * 0x1000 + ii]);
+            }
+            for(int iii = 0; iii < 0x10; iii++) {
+                _out[i * 0x1000 + ii + iii] ^= tweak[iii];
+            }
+
+            uint8_t carry_out = 0;
+            for(int iii = 0; iii < 0x10; iii++) {
+                uint8_t tmp = tweak[iii];
+                tweak[iii] = 2* tweak[iii] | carry_out;
+                carry_out = (tmp & 0x80) >> 7;
+            }
+            if(carry_out != 0x0) {
+                tweak[0] ^= 0x87;
+            }
+        }
+    }
+}
+
+int verifySuperBlock_sceSblServiceMailbox(uint64_t handle, const PfsmgrCmd11* input, PfsmgrCmd11 *output)
+{
+    int ret;
+
+    auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+    auto sceSblServiceMailbox = (int (*)(uint64_t handle, void *in, void *out)) kdlsym(KERNEL_SYM_SCESBLSERVICEMAILBOX);
+    auto Sha256Hmac = (void (*)(void *hash, void *data, size_t data_sz, void *key, size_t key_size)) kdlsym(KERNEL_SYM_SHA256_HMAC);
+
+    //printf("sceSblPfsSetKeys verify superblock\n");
+
+    ret = sceSblServiceMailbox(handle, (void *) input, (void *) output);
+    if (ret != 0 || output->res != 0) {
+        //printf("verifySuperBlock_sceSblServiceMailbox: register fake keys\n");
+        auto tablePA    = input->tablePa;
+        auto headerPA   = input->headerPa;
+        auto header     = (uint8_t *) get_dmap_addr(headerPA);
+
+        if (!tablePA || !headerPA) {
+            printf("verifySuperBlock_sceSblServiceMailbox: no tablePA or headerPA (0x%lx, 0x%lx)\n", tablePA, headerPA);
+            return ret;
+        }
+
+        auto table = (struct sbl_chunk_table_header *) get_dmap_addr(tablePA);
+        // printf("first pa:       0x%lx\n", table->first_pa);
+        // printf("data_size:      0x%lx\n", table->data_size);
+        // printf("used_entries:   0x%lx\n", table->used_entries);
+        // printf("unk18:          0x%lx\n", table->unk18);
+        // printf("entry[0] pa:    0x%lx\n", table->entries[0].pa);
+        // printf("entry[0] sz:    0x%lx\n", table->entries[0].size);
+
+        auto keyPA      = table->entries[0].pa;
+        auto key        = (uint8_t *) get_dmap_addr(keyPA);
+        if (!keyPA) {
+            printf("verifySuperBlock_sceSblServiceMailbox: no keyPA (0x%lx)\n", keyPA);
+            return ret;
+        }
+
+        if (table->data_size == 0x100) {
+            RsaBuffer rsaInput{};
+            rsaInput.ptr    = key;
+            rsaInput.size   = 0x100;
+
+            uint8_t ekpfs[0x20]{0};
+            RsaBuffer rsaOutput{};
+            rsaOutput.ptr = ekpfs;
+            rsaOutput.size = 0x20;
+
+            RsaKey rsaKey{};
+            rsaKey.p    = g_ypkg_p;
+            rsaKey.q    = g_ypkg_q;
+            rsaKey.dmp1 = g_ypkg_dmp1;
+            rsaKey.dmq1 = g_ypkg_dmq1;
+            rsaKey.iqmp = g_ypkg_iqmp;
+
+            RsaesPkcs1v15Dec2048CRT(&rsaOutput, &rsaInput, &rsaKey);
+
+            auto pfsSeed = &header[0x370];
+            uint8_t pfs_seed[0x14]{};
+            memcpy(&pfs_seed[0x4], pfsSeed, 0x10);
+            *(uint32_t*)(pfs_seed) = 0x1;
+            uint8_t xts_key[0x20]{};
+            Sha256Hmac(xts_key, pfs_seed, 0x14, ekpfs, 0x20);
+            *(uint32_t*)(pfs_seed) = 0x2;
+            uint8_t hmac_key[0x20]{};
+            Sha256Hmac(hmac_key, pfs_seed, 0x14, ekpfs, 0x20);
+
+            int key0 = register_fake_key((const char *) &xts_key);
+            int key1 = register_fake_key((const char *) &hmac_key);
+            output->keyHandle0 = IDX_TO_HANDLE(key0);
+            output->keyHandle1 = IDX_TO_HANDLE(key1);
+
+            //printf("verifySuperBlock_sceSblServiceMailbox: key0 = 0x%x (handle = 0x%x), key1 = 0x%x (handle = 0x%x)\n", key0, output->keyHandle0, key1, output->keyHandle1);
+            output->res = 0;
+            ret = 0;
+        }
+    }
+
+    return ret;
+}
+
+struct ccp_msg
+{
+    uint64_t unk_00h;
+    uint64_t unk_08h;
+    uint64_t unk_10h;
+    uint64_t unk_18h;
+    uint64_t unk_20h;
+    uint64_t unk_28h;
+    uint64_t unk_30h;
+    uint64_t unk_38h;
+    uint64_t unk_40h;
+    uint64_t unk_48h;
+    uint64_t unk_50h;
+    uint64_t unk_58h;
+    uint64_t unk_60h;
+    uint64_t unk_68h;
+    uint64_t unk_70h;
+    uint64_t unk_78h;
+    uint64_t unk_80h;
+    uint64_t unk_88h;
+    uint64_t unk_90h;
+    uint64_t unk_98h;
+    uint64_t unk_A0h;
+    uint64_t unk_A8h;
+    uint64_t unk_B0h;
+    uint64_t unk_C0h;
+    uint64_t unk_C8h;
+    uint64_t unk_D0h;
+    uint64_t unk_D8h;
+    uint64_t unk_E0h;
+    uint64_t unk_E8h;
+    uint64_t unk_F0h;
+    uint64_t unk_F8h;
+    uint64_t unk_100h;
+    uint64_t unk_108h;
+    uint64_t unk_110h;
+    uint64_t unk_118h;
+    uint64_t unk_120h;
+    uint64_t unk_128h;
+    uint64_t unk_130h;
+    uint64_t unk_138h;
+    struct ccp_msg *next;
+    uint64_t unk_148h;
+};
+
+struct ccp_common
+{
+    uint32_t cmd;               // 0x00
+    uint32_t status;            // 0x10
+};
+
+struct ccp_hmac
+{
+    struct ccp_common common;   // 0x00
+    uint64_t data_size;         // 0x08
+    void *data;                 // 0x10
+    uint64_t data_size_bits;    // 0x18
+    union {                     // 0x20
+        uint16_t keygen_index;
+        uint8_t hash[0x20];
+    };
+    char unk_40h[0x60];         // 0x40
+    union {                     // 0xA0
+        uint32_t key_index;     
+        uint8_t key[0x40];
+    };
+    char unk_E0h[0x50];         // 0xE0
+    uint64_t key_size;          // 0x130
+};
+
+struct ccp_xts
+{
+    struct ccp_common common;   // 0x00
+    uint32_t num_sectors;       // 0x08
+    void *in_data;              // 0x10
+    void *out_data;             // 0x18
+    uint64_t start_sector;      // 0x20
+    union {                     // 0x28
+        uint32_t key_index;
+        uint8_t key[0x20];
+    };
+};
+
+struct ccp_req {
+    struct ccp_msg* tqh_first;
+    struct ccp_msg** tqh_last;
+    void(*cb)(void*, int);
+    void* args;
+    uint64_t mid;
+    void* le_next;
+    void** le_prev;
+};
+
+int dump_hmac_output = 0;
+int dump_xts_output = 0;
+
+void hex_dump(const char *name, uint8_t *buf, int len)
+{
+    auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+
+    printf("%s hexdump (0x%x bytes)\n", name, len);
+    for (int i = 0; i < len; i += 0x10) {
+        printf("%02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", 
+            buf[i + 0x00], buf[i + 0x01], buf[i + 0x02], buf[i + 0x03],
+            buf[i + 0x04], buf[i + 0x05], buf[i + 0x06], buf[i + 0x07], 
+            buf[i + 0x08], buf[i + 0x09], buf[i + 0x0A], buf[i + 0x0B], 
+            buf[i + 0x0C], buf[i + 0x0D], buf[i + 0x0E], buf[i + 0x0F]);
+    }
+}
+
+int sceSblServiceCryptAsync_hook(void *async_req)
+{
+    struct ccp_common *msg;
+    struct ccp_common *next;
+    struct ccp_req* req;
+    int idx = -1;
+
+    //auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+    auto sceSblServiceCryptAsync = (int (*)(void *req)) kdlsym(KERNEL_SYM_SCE_SBL_SERVICE_CRYPT_ASYNC);
+    auto Sha256Hmac = (void (*)(void *hash, void *data, size_t data_sz, void *key, size_t key_size)) kdlsym(KERNEL_SYM_SHA256_HMAC);
+
+    req = (struct ccp_req *) async_req;
+    msg = (struct ccp_common *) (*(uint64_t *) (async_req));
+    //printf("sceSblServiceCryptAsync_hook: msg = %p, before (msg->cmd = 0x%x) (first=%p, last=%p)\n", msg, msg->cmd, req->tqh_first, *req->tqh_last);
+
+    while (msg) {
+        next = (struct ccp_common *) (*(uint64_t *) ((uint64_t) (msg) + 0x140));
+        //printf("msg = %p (msg->cmd = 0x%x), next = %p \n", msg, msg->cmd, next);
+
+        if ((msg->cmd & 0x7FFFFFFF) == 0x9132000) { // SHA256 HMAC with key handle
+            struct ccp_hmac *hmac_msg = (struct ccp_hmac *) msg;
+            idx = HANDLE_TO_IDX(hmac_msg->key_index);
+            //printf("sceSblServiceCryptAsync_hook: SHA256 hmac key idx = 0x%x\n", idx);
+
+            if (idx < 0) {
+                return sceSblServiceCryptAsync(async_req);
+            } else {
+                char hmac_key[0x40];
+                get_fake_key(idx, (char *) &hmac_key);
+
+                // hex_dump("hmac ccp msg", (uint8_t *) hmac_msg, 0x200);
+                // hex_dump("hmac key", (uint8_t *) hmac_key, 0x40);
+
+                Sha256Hmac(hmac_msg->hash, hmac_msg->data, hmac_msg->data_size, hmac_key, 0x20);
+
+                // printf("hmac data=%p, data_size = 0x%lx\n", hmac_msg->data, hmac_msg->data_size);
+                // hex_dump("hmac input (first 0x20 bytes)", (uint8_t *) hmac_msg->data, 0x20);
+                // hex_dump("hmac hash output", (uint8_t *) hmac_msg->hash, 0x20);
+            }
+        } else if ((msg->cmd & 0x7FFFF7FF) == 0x2108000) { // AES-XTS with key handle
+            struct ccp_xts *xts_msg = (struct ccp_xts *) msg;
+            idx = HANDLE_TO_IDX(xts_msg->key_index);
+            //printf("sceSblServiceCryptAsync_hook: AES-XTS key idx = 0x%x\n", idx);
+
+            if (idx < 0) {
+                return sceSblServiceCryptAsync(async_req);
+            } else {
+                char xts_key[0x40];
+                get_fake_key(idx, (char *) &xts_key);
+
+                // printf("xts in=%p, out=%p (is_encrypt=%d)\n", xts_msg->in_data, xts_msg->out_data, ((xts_msg->common.cmd & 0x800) >> 11));
+                // printf("xts->start_sector = 0x%lx, num_sectors = 0x%lx\n", xts_msg->start_sector, xts_msg->num_sectors);
+                // hex_dump("xts ccp msg", (uint8_t *) xts_msg, 0x200);
+                // hex_dump("xts tweak/key", (uint8_t *) xts_key, 0x20);
+                // hex_dump("xta data", (uint8_t *) xts_msg->in_data, 0x20);
+
+                void *tweak = (void *) ((uint64_t) (xts_key) + 0x00);
+                void *key   = (void *) ((uint64_t) (xts_key) + 0x10);
+                if (((xts_msg->common.cmd & 0x800) >> 11)) {
+                    aes_xts_4096_dec(xts_msg->in_data, xts_msg->out_data, xts_msg->num_sectors, xts_msg->start_sector, key, tweak, 1);
+                } else {
+                    aes_xts_4096_dec(xts_msg->in_data, xts_msg->out_data, xts_msg->num_sectors, xts_msg->start_sector, key, tweak, 0);
+                }
+
+                // hex_dump("xts decrypted output (first 0x20 bytes)", (uint8_t *) xts_msg->out_data, 0x20);
+            }
+        }
+
+        msg = next;
+    }
+
+    if (idx == -1) {
+        return sceSblServiceCryptAsync(async_req);
+    }
+
+    req->cb(req->args, 0);
+    return 0;
+}
+
+int sceSblPfsClearKey_sceSblServiceMailbox(uint64_t handle, const ClearKey* input, ClearKey* output) 
+{
+    //auto printf                 = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+    auto sceSblServiceMailbox   = (int (*)(uint64_t handle, void *in, void *out)) kdlsym(KERNEL_SYM_SCESBLSERVICEMAILBOX);
+
+    uint32_t key = 0;
+
+    //printf("sceSblPfsClearKey_sceSblServiceMailbox\n");
+
+    key = HANDLE_TO_IDX(input->keyHandle);
+    if (key < 0)
+        return sceSblServiceMailbox(handle, (void *) input, output);
+
+    //printf("sceSblPfsClearKey_sceSblServiceMailbox: key idx = 0x%x, clearing\n", key);
+    unregister_fake_key(key);
+    output->keyHandle = 0;
+    output->res = 0;
+    return 0;
+}
+
+int check_dir_depth(long zone, const char *path, int unk)
+{
+   // auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+   // printf("[HEN][HOOK] check_dir_depth(\"%s\"), returning 0\n", path);
+    return 0;
+}
+
+void apply_fpkg_hooks()
+{
+    auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+
+    printf("[HEN] [FPKG] npdrm_ioctl(cmd=5) -> sceSblServiceMailbox()\n");
+    install_hook(HOOK_FPKG_NPDRM_IOCTL_CMD_5_CALL_SCE_SBL_SERVICE_MAILBOX, (void *) &npdrm_cmd_5_sceSblServiceMailbox);
+
+    printf("[HEN] [FPKG] npdrm_ioctl(cmd=6) -> sceSblServiceMailbox()\n");
+    install_hook(HOOK_FPKG_NPDRM_IOCTL_CMD_6_CALL_SCE_SBL_SERVICE_MAILBOX, (void *) &npdrm_cmd_6_sceSblServiceMailbox);
+
+    printf("[HEN] [FPKG] sceSblPfsVerifySuperBlock() -> sceSblServiceMailbox()\n");
+    install_hook(HOOK_FPKG_PFS_VERIFY_SUPER_BLOCK_CALL_SCE_SBL_SERVICE_MAILBOX, (void *) &verifySuperBlock_sceSblServiceMailbox);
+
+    printf("[HEN] [FPKG] sceSblPfsClearKey() -> sceSblServiceMailbox() 1\n");
+    install_hook(HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_1_CALL_SCE_SBL_SERVICE_MAILBOX, (void *) &sceSblPfsClearKey_sceSblServiceMailbox);
+
+    printf("[HEN] [FPKG] sceSblPfsClearKey() -> sceSblServiceMailbox() 2\n");
+    install_hook(HOOK_FPKG_SCE_SBL_PFS_CLEAR_KEY_2_CALL_SCE_SBL_SERVICE_MAILBOX, (void *) &sceSblPfsClearKey_sceSblServiceMailbox);
+
+    printf("[HEN] [FPKG] check_dir_depth() -> return 0\n");
+    install_hook(HOOK_CHECK_DIR_DEPTH, (void *) &check_dir_depth);
+
+    // Install hook on all calls to sceSblServiceCryptAsync()
+    printf("[HEN] [FPKG] installing hooks to sceSblServiceCryptAsync() [0x%lx, 0x%lx]\n", ktext(0), kdlsym(KERNEL_SYM_TEXT_END));
+    for (uint64_t scan_ptr = ktext(0); scan_ptr < kdlsym(KERNEL_SYM_TEXT_END); scan_ptr++) {
+        uint8_t *scan = (uint8_t *) scan_ptr;
+        int32_t target_rel32;
+        int32_t rel32;
+
+        if (scan[0] == 0xE8) {
+            target_rel32 = (int32_t) ((uint64_t) (kdlsym(KERNEL_SYM_SCE_SBL_SERVICE_CRYPT_ASYNC)) - scan_ptr) - 5;
+            rel32 = *(int32_t *) (scan + 1);
+
+            if (rel32 == target_rel32) {
+                install_raw_hook(scan_ptr, (void *) &sceSblServiceCryptAsync_hook);
+            }
+        }
+    }
+
+    printf("[HEN] [FPKG] done\n");
+}

Source Code/bootstrapper/Byepervisor/hen/src/fself.cpp

@@ -0,0 +1,279 @@
+#include "fself.h"
+#include "hook.h"
+#include "kdlsym.h"
+#include "util.h"
+
+extern "C" {
+    #include <sys/types.h>
+    #include <sys/param.h>
+}
+
+constexpr uint8_t orbisExecAuthInfo[] {
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x31, 0x00, 0x00, 0x00, 0x00, 0x80, 0x03, 0x00, 0x20,
+        0x00, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x40, 0x00, 0x40,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00,
+        0x00, 0x40, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0xF0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+constexpr uint8_t orbisPrxAuthInfo[] {
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x31, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x30, 0x00, 0x30,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00,
+        0x00, 0x40, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0xF0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+extern "C" {
+    static volatile int enableHook1 = 1;
+    static volatile int enableHook2 = 1;
+    static volatile int enableHook3 = 1;
+    static volatile int enableHook4 = 1;
+    static volatile int enableHook5 = 1;
+    static volatile int enableHook6 = 1;
+}
+
+struct mtx {
+    uint8_t dontcare[0x18];
+    volatile uintptr_t mtx_lock;
+};
+
+SelfContext* getSelfContextByServiceId(uint32_t serviceId) {
+    auto ctxTable       = (SelfContext *) kdlsym(KERNEL_SYM_CTXTABLE);
+    auto ctxStatus       = (int*) kdlsym(KERNEL_SYM_CTXSTATUS);
+    auto ctxTableMtx    = (mtx*) kdlsym(KERNEL_SYM_CTXTABLE_MTX);
+    auto __mtx_lock_flags = (void(*)(volatile uintptr_t*, int, const char*, int)) kdlsym(KERNEL_SYM_MTX_LOCK_FLAGS);
+    auto __mtx_unlock_flags = (void(*)(volatile uintptr_t*, int, const char*, int)) kdlsym(KERNEL_SYM_MTX_UNLOCK_FLAGS);
+
+    __mtx_lock_flags(&ctxTableMtx->mtx_lock, 0, nullptr, 0);
+    for(int i = 0; i < 4; i++) {
+        if(ctxStatus[i] != 3 && ctxStatus[i] != 4) { continue; }
+        auto ctx = &ctxTable[i];
+        if(ctx->unk1C == serviceId) {
+            __mtx_unlock_flags(&ctxTableMtx->mtx_lock, 0, nullptr, 0);
+            return ctx;
+        }
+    }
+    __mtx_unlock_flags(&ctxTableMtx->mtx_lock, 0, nullptr, 0);
+    return nullptr;
+}
+
+bool isFakeSelf(SelfContext* ctx) {
+    if(ctx) {
+        if(ctx->format == SelfFormat::ELF) {
+            return true;
+        }
+        return ctx->selfHeader && ctx->selfHeader->program_type == 0x1;
+    }
+    return false;
+}
+
+int sceSblAuthMgrIsLoadable__sceSblAuthMgrCheckSelfIsLoadable_hook(SelfContext* ctx, SelfAuthInfo* parentAuth, int pathid, SelfAuthInfo* selfAuth) {
+    //auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+    auto _sceSblAuthMgrCheckSelfIsLoadable = (int (*)(SelfContext *ctx, SelfAuthInfo *parentAuthInfo, int pathId, SelfAuthInfo *selfAuthInfo)) kdlsym(KERNEL_SYM_SCESBLAUTHMGRISLOADABLE2);
+
+   // printf("sceSblAuthMgrIsLoadable__sceSblAuthMgrCheckSelfIsLoadable_hook: 0x%016lX 0x%016lX 0x%016lX 0x%016lX\n", ctx, parentAuth, pathid, selfAuth);
+    if(enableHook1 && ctx && parentAuth && selfAuth && isFakeSelf(ctx)) {
+        uint32_t type;
+
+        if(ctx->format == SelfFormat::ELF) {
+            auto hdr = ctx->elfHeader;
+            type = hdr->e_type;
+            //printf("sceSblAuthMgrIsLoadable__sceSblAuthMgrCheckSelfIsLoadable_hook: is Fake ELF %i\n", type);
+        }
+        else {
+            auto info = reinterpret_cast<SelfFakeAuthInfo*>(reinterpret_cast<uint8_t*>(ctx->selfHeader) + ctx->selfHeader->header_size + ctx->selfHeader->metadata_size - 0x100);
+            if(info->size == sizeof(SelfAuthInfo)) {
+                //printf("sceSblAuthMgrIsLoadable__sceSblAuthMgrCheckSelfIsLoadable_hook: is Fake SELF with own auth info\n");
+                memcpy(selfAuth, &info->info, sizeof(SelfAuthInfo));
+                return 0;
+            }
+            auto hdr = reinterpret_cast<ElfHeader*>(ctx->selfHeader + (ctx->selfHeader->entry_num + 1));
+            type = hdr->e_type;
+            //printf("sceSblAuthMgrIsLoadable__sceSblAuthMgrCheckSelfIsLoadable_hook: is Fake SELF %i\n", type);
+        }
+
+        switch (type) {
+            case ET_EXEC:
+            case ET_SCE_EXEC:
+            case ET_SCE_DYNEXEC: {
+                //printf("sceSblAuthMgrIsLoadable__sceSblAuthMgrCheckSelfIsLoadable_hook: is EXEC AUTH\n");
+                memcpy(selfAuth, orbisExecAuthInfo, sizeof(SelfAuthInfo));
+                break;
+            }
+            case ET_SCE_DYNAMIC: {
+                //printf("sceSblAuthMgrIsLoadable__sceSblAuthMgrCheckSelfIsLoadable_hook: is PRX AUTH\n");
+                memcpy(selfAuth, orbisPrxAuthInfo, sizeof(SelfAuthInfo));
+                break;
+            }
+        }
+        return 0;
+    }
+    return _sceSblAuthMgrCheckSelfIsLoadable(ctx, parentAuth, pathid, selfAuth);
+}
+//condtionally check them
+int _sceSblAuthMgrVerifySelfHeader_hook(SelfContext* ctx) {
+    //auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+    auto M_TEMP = (void *) kdlsym(KERNEL_SYM_M_TEMP);
+    auto malloc = (void*(*)(unsigned long size, void* type, int flags)) kdlsym(KERNEL_SYM_MALLOC);
+    auto free   = (void(*)(void* addr, void* type)) kdlsym(KERNEL_SYM_FREE);
+    auto mini_syscore = (SelfHeader *) kdlsym(KERNEL_SYM_MINI_SYSCORE_BIN);
+    auto _sceSblAuthMgrVerifySelfHeader = (int(*)(SelfContext *context)) kdlsym(KERNEL_SYM_SCESBLAUTHMGRVERIFYHEADER);
+
+    //printf("_sceSblAuthMgrVerifySelfHeader_hook: 0x%016lX\n", ctx);
+    if(!ctx) {
+        return -1;
+    }
+    if(!enableHook2 || !isFakeSelf(ctx)) {
+        return _sceSblAuthMgrVerifySelfHeader(ctx);
+    }
+    //printf("_sceSblAuthMgrVerifySelfHeader_hook: fake self\n");
+
+    auto backup = malloc(0x1000, M_TEMP, 0x102);
+    auto ogSize = ctx->headerSize;
+    auto ogFormat = ctx->format;
+    auto newSize = mini_syscore->header_size + mini_syscore->metadata_size;
+    //printf("_sceSblAuthMgrVerifySelfHeader_hook: memcpy: %lx\n", ogSize);
+    memcpy(backup, ctx->selfHeader, ogSize);
+
+    //printf("_sceSblAuthMgrVerifySelfHeader_hook: memcpy2: %lx\n", newSize);
+    memcpy(ctx->selfHeader, mini_syscore, newSize);
+    ctx->headerSize = newSize;
+    ctx->format = SelfFormat::SELF;
+
+    ////printf("_sceSblAuthMgrVerifySelfHeader_hook: before _sceSblAuthMgrVerifySelfHeader\n");
+    auto res = _sceSblAuthMgrVerifySelfHeader(ctx);
+    ////printf("_sceSblAuthMgrVerifySelfHeader_hook: _sceSblAuthMgrVerifySelfHeader %i\n", res);
+
+    ctx->format = ogFormat;
+    ctx->headerSize = ogSize;
+    ////printf("_sceSblAuthMgrVerifySelfHeader_hook: memcpy3: %lx\n", ogSize);
+    memcpy(ctx->selfHeader, backup, ogSize);
+    free(backup, M_TEMP);
+
+    return res;
+}
+
+int _sceSblAuthMgrSmLoadSelfSegment_sceSblServiceMailbox(uint64_t handle, MailboxLoadSelfSegmentMessage* input, MailboxLoadSelfSegmentMessage* output) {
+    //auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+    auto sceSblServiceMailbox = (int (*)(uint64_t handle, void *input, void *output)) kdlsym(KERNEL_SYM_SCESBLSERVICEMAILBOX);
+
+    //printf("_sceSblAuthMgrSmLoadSelfSegment_sceSblServiceMailbox: 0x%016lX 0x%016lX 0x%016lX\n", handle, input, output);
+    //hexdump(input, 0x80, NULL, 0x0);
+    if(enableHook3 && input && output) {
+        auto ctx = getSelfContextByServiceId(input->serviceId);
+        if(ctx && isFakeSelf(ctx)) {
+            //printf("_sceSblAuthMgrSmLoadSelfSegment_sceSblServiceMailbox: fake self ctx: %016lX\n", ctx);
+            output->res = 0;
+            return 0;
+        }
+    }
+    return sceSblServiceMailbox(handle, input, output);
+}
+
+int _sceSblAuthMgrSmLoadSelfBlock_sceSblServiceMailbox(uint64_t handle, MailboxLoadSelfBlockMessage* input, MailboxLoadSelfBlockMessage* output) {
+    //auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+    auto sceSblServiceMailbox = (int (*)(uint64_t handle, void *input, void *output)) kdlsym(KERNEL_SYM_SCESBLSERVICEMAILBOX);
+
+    //printf("_sceSblAuthMgrSmLoadSelfBlock_sceSblServiceMailbox: ctx: %016lX input: %016lX output: %016lX\n", handle, input, output);
+    //hexdump(input, 0x80, NULL, 0x0);
+    if(enableHook4 && input && output) {
+        auto ctx = getSelfContextByServiceId(input->serviceId);
+        if(ctx && isFakeSelf(ctx)) {
+            //printf("_sceSblAuthMgrSmLoadSelfBlock_sceSblServiceMailbox: fake self ctx: %016lX\n", ctx);
+            auto destBlock = get_dmap_addr(input->unk08);
+            auto srcBlock =  get_dmap_addr(input->unk10);
+            auto lenBlock =  input->unk30;
+            //printf("_sceSblAuthMgrSmLoadSelfBlock_sceSblServiceMailbox: d %016lX s %016lX l %016lX\n", destBlock, srcBlock, lenBlock);
+            memcpy((void *) destBlock, (const void *) srcBlock, lenBlock);
+            output->res = 0;
+            return 0;
+        }
+    }
+    return sceSblServiceMailbox(handle, input, output);
+}
+
+int _sceSblAuthMgrSmLoadMultipleSelfBlocks_sceSblServiceMailbox(uint64_t handle, MailboxLoadMultipleSelfBlocksMessage* input, MailboxLoadMultipleSelfBlocksMessage* output) {
+    //auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+    auto sceSblServiceMailbox = (int (*)(uint64_t handle, void *input, void *output)) kdlsym(KERNEL_SYM_SCESBLSERVICEMAILBOX);
+
+    //printf("_sceSblAuthMgrSmLoadMultipleSelfBlocks_sceSblServiceMailbox: 0x%016lX 0x%016lX 0x%016lX\n", handle, input, output);
+    //hexdump(input, 0x80, NULL, 0x0);
+    if(enableHook5 && input && output) {
+        auto ctx = getSelfContextByServiceId(input->serviceId);
+        if(ctx && isFakeSelf(ctx)) {
+            //printf("_sceSblAuthMgrSmLoadMultipleSelfBlocks_sceSblServiceMailbox: fake self ctx: %016lX\n", ctx);
+            auto inputPa = (uint64_t*)get_dmap_addr(input->unk08);
+            auto outputPa = (uint64_t*)get_dmap_addr(input->unk10);
+
+            for(int i = 0; i < 8; i++) {
+                auto sPa = inputPa[i];
+                auto dPa = outputPa[i];
+                if(!sPa || !dPa) {continue;}
+                auto src = get_dmap_addr(sPa);
+                auto dst = get_dmap_addr(dPa);
+                //printf("_sceSblAuthMgrSmLoadMultipleSelfBlocks %016X -> %016X\n", src, dst);
+                memcpy((void *) dst, (const void *) src, 0x4000);
+            }
+            output->res = 0;
+            return 0;
+        }
+    }
+    return sceSblServiceMailbox(handle, input, output);
+}
+
+int sceSblACMgrGetPathId_hook(const char* path) {
+    //auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+    auto sceSblACMgrGetPathId = (int(*)(const char *path)) kdlsym(KERNEL_SYM_SCESBLACMGRGETPATHID);
+
+    //printf("sceSblACMgrGetPathId_hook: %s\n", path);
+    if(enableHook6) {
+        constexpr const char *selfDir = "/data/self";
+        constexpr const char *hostappDir = "/hostapp";
+
+        if (strstr(path, selfDir) == path) {
+            path = path + strlen(selfDir);
+            //printf("sceSblACMgrGetPathId_hook: new path %s\n", path);
+        } else if (strstr(path, hostappDir) == path) {
+            path = path + strlen(hostappDir);
+            //printf("sceSblACMgrGetPathId_hook: new path %s\n", path);
+        }
+    }
+
+    return sceSblACMgrGetPathId(path);
+}
+
+void apply_fself_hooks()
+{
+    //auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+    auto _sceSblAuthMgrVerifySelfHeader = (int(*)(SelfContext *context)) kdlsym(KERNEL_SYM_SCESBLAUTHMGRVERIFYHEADER);
+
+    //printf("[HEN] [FSELF] sceSblAuthMgrIsLoadable() -> sceSblAuthMgrCheckSelfIsLoadable()\n");
+    install_hook(HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_IS_LOADABLE, (void *) &sceSblAuthMgrIsLoadable__sceSblAuthMgrCheckSelfIsLoadable_hook);
+
+    //printf("[HEN] [FSELF] sceSblAuthMgrAuthHeader() -> sceSblAuthMgrVerifySelfHeader()()\n");
+    install_hook(HOOK_FSELF_SCE_SBL_AUTHMGR_AUTH_HEADER, (void *) &_sceSblAuthMgrVerifySelfHeader_hook);
+
+    //printf("[HEN] [FSELF] resumeAuthMgr() -> sceSblAuthMgrVerifySelfHeader()\n");
+    install_hook(HOOK_FSELF_SCE_SBL_AUTHMGR_RESUME, (void *) &_sceSblAuthMgrVerifySelfHeader);
+
+    //printf("[HEN] [FSELF] sceSblAuthMgrLoadSelfSegment() -> sceSblServiceMailbox()\n");
+    install_hook(HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_SEGMENT, (void *) &_sceSblAuthMgrSmLoadSelfSegment_sceSblServiceMailbox);
+
+    //printf("[HEN] [FSELF] sceSblAuthMgrLoadSelfBlock() -> sceSblServiceMailbox()\n");
+    install_hook(HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_SELF_BLOCK, (void *) &_sceSblAuthMgrSmLoadSelfBlock_sceSblServiceMailbox);
+
+    //printf("[HEN] [FSELF] sceSblAuthMgrLoadMultipleSelfBlocks() -> sceSblServiceMailbox()\n");
+    install_hook(HOOK_FSELF_SCE_SBL_AUTHMGR_LOAD_MULTIPLE_SELF_BLOCKS, (void *) &_sceSblAuthMgrSmLoadMultipleSelfBlocks_sceSblServiceMailbox);
+
+    //printf("[HEN] [FSELF] sceSblAuthMgrIsLoadable() -> sceSblACMgrGetPathId()\n");
+    install_hook(HOOK_FSELF_SCE_SBL_AUTHMGR_IS_LOADABLE_CALL_GET_PATHID, (void *) &sceSblACMgrGetPathId_hook);
+}

Source Code/bootstrapper/Byepervisor/hen/src/hook.cpp

@@ -0,0 +1,208 @@
+#include <errno.h>
+#include <stdint.h>
+#include <sys/types.h>
+
+#include "hook.h"
+#include "kdlsym.h"
+
+#include "hooks/1_00.h"
+#include "hooks/1_01.h"
+#include "hooks/1_02.h"
+#include "hooks/1_05.h"
+#include "hooks/1_10.h"
+#include "hooks/1_11.h"
+#include "hooks/1_12.h"
+#include "hooks/1_13.h"
+#include "hooks/1_14.h"
+#include "hooks/2_00.h"
+#include "hooks/2_20.h"
+#include "hooks/2_25.h"
+#include "hooks/2_26.h"
+#include "hooks/2_30.h"
+#include "hooks/2_50.h"
+
+struct hook *find_hook(hook_id id)
+{
+    uint64_t fw_ver;
+    struct hook *hooks;
+    struct hook *cur_hook;
+    int num_hooks;
+
+    fw_ver = get_fw_version();
+    auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+
+    switch (fw_ver) {
+    case 0x1000000:
+         hooks = (struct hook *) &g_kernel_hooks_100;
+         num_hooks = sizeof(g_kernel_hooks_100) / sizeof(struct hook);
+         break;
+    case 0x1010000:
+    case 0x1020000:
+         hooks = (struct hook *) &g_kernel_hooks_102;
+         num_hooks = sizeof(g_kernel_hooks_102) / sizeof(struct hook);
+         break;
+    case 0x1050000:
+         hooks = (struct hook *) &g_kernel_hooks_105;
+         num_hooks = sizeof(g_kernel_hooks_105) / sizeof(struct hook);
+         break;
+    case 0x1100000:
+        hooks = (struct hook *) &g_kernel_hooks_110;
+        num_hooks = sizeof(g_kernel_hooks_110) / sizeof(struct hook);
+        break;
+    case 0x1110000:
+        hooks = (struct hook *) &g_kernel_hooks_111;
+        num_hooks = sizeof(g_kernel_hooks_111) / sizeof(struct hook);
+        break;
+    case 0x1120000:
+        hooks = (struct hook *) &g_kernel_hooks_112;
+        num_hooks = sizeof(g_kernel_hooks_112) / sizeof(struct hook);
+        break;
+    case 0x1130000:
+        hooks = (struct hook *) &g_kernel_hooks_113;
+        num_hooks = sizeof(g_kernel_hooks_113) / sizeof(struct hook);
+        break;
+    case 0x1140000:
+        hooks = (struct hook *) &g_kernel_hooks_114;
+        num_hooks = sizeof(g_kernel_hooks_114) / sizeof(struct hook);
+        break;
+    case 0x2000000:
+        hooks = (struct hook *) &g_kernel_hooks_200;
+        num_hooks = sizeof(g_kernel_hooks_200) / sizeof(struct hook);
+        break;
+    case 0x2200000:
+        hooks = (struct hook *) &g_kernel_hooks_220;
+        num_hooks = sizeof(g_kernel_hooks_220) / sizeof(struct hook);
+        break;
+    case 0x2250000:
+        hooks = (struct hook *) &g_kernel_hooks_225;
+        num_hooks = sizeof(g_kernel_hooks_225) / sizeof(struct hook);
+        break;
+    case 0x2260000:
+        hooks = (struct hook *) &g_kernel_hooks_226;
+        num_hooks = sizeof(g_kernel_hooks_226) / sizeof(struct hook);
+        break;
+    case 0x2300000:
+        hooks = (struct hook *) &g_kernel_hooks_230;
+        num_hooks = sizeof(g_kernel_hooks_230) / sizeof(struct hook);
+        break;
+    case 0x2500000:
+    case 0x2700000:
+        hooks = (struct hook *) &g_kernel_hooks_250;
+        num_hooks = sizeof(g_kernel_hooks_250) / sizeof(struct hook);
+        break;
+    default:
+        return 0;
+    }
+
+    printf("find_hook: num_hooks = %d\n", num_hooks);
+
+    for (int i = 0; i < num_hooks; i++) {
+        cur_hook = &hooks[i];
+        printf("hook_func_call: hook->id = %d\n", cur_hook->id);
+        if (cur_hook->id == id) {
+            return cur_hook;
+        }
+    }
+
+    return 0;
+}
+
+int install_raw_hook(uint64_t call_addr, void *func)
+{
+    uint64_t call_install;
+    int32_t call_rel32;
+
+    auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+
+    printf("install_raw_hook: call_addr = 0x%llx, func = %p\n", call_addr, func);
+
+    // Calculate rel32
+    call_rel32  = (int32_t) ((uint64_t) (func) - call_addr) - 5; // Subtract 5 for call opcodes
+
+    printf("install_raw_hook: call_rel32=0x%x\n", call_rel32);
+
+    // Install hook
+    printf("hook_func_call: installing hook to 0x%lx (rel32=0x%x)\n", call_addr, call_rel32);
+
+    call_install = call_addr + 1;
+    *(uint32_t *) (call_install) = call_rel32;
+    return 0;
+}
+
+int install_hook(hook_id id, void *func)
+{
+    struct hook *hook_info;
+    uint64_t call_addr;
+    uint64_t call_install;
+    int32_t call_rel32;
+
+    auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+    printf("hook_func_call: hook id = %d\n", id);
+
+    // Find info for this hook
+    hook_info = find_hook(id);
+    if (hook_info == 0)
+        return -ENOENT;
+
+    printf("hook_func_call: found hook\n");
+
+    // Calculate rel32
+    call_addr   = ktext(hook_info->call_offset);
+    call_rel32  = (int32_t) ((uint64_t) (func) - call_addr) - 5; // Subtract 5 for call opcodes
+
+    printf("hook_func_call: call_addr=0x%llx (call_rel32=0x%x)\n", call_addr, call_rel32);
+
+    // Install hook
+    printf("hook_func_call: installing hook to 0x%lx (rel32=0x%x)\n", call_addr, call_rel32);
+
+    call_install = call_addr + 1;
+    *(uint32_t *) (call_install) = call_rel32;
+    return 0;
+}
+
+void reset_hook(hook_id id)
+{
+    struct hook *hook_info;
+    uint64_t call_addr;
+    uint64_t call_install;
+    int32_t call_rel32;
+    void *func;
+
+    auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+    printf("reset_hook: hook id = %d\n", id);
+
+    // Find info for this hook
+    hook_info = find_hook(id);
+    if (hook_info == 0)
+        return;
+
+    printf("reset_hook: found hook\n");
+
+    // Calculate rel32
+    func        = (void *) ktext(hook_info->orig_func_offset);
+    call_addr   = ktext(hook_info->call_offset);
+    call_rel32  = (int32_t) ((uint64_t) (func) - call_addr) - 5; // Subtract 5 for call opcodes
+
+    printf("reset_hook: call_addr=0x%llx (call_rel32=0x%x)\n", call_addr, call_rel32);
+
+    printf("reset_hook: orig func_offset=0x%llx, call_addr=0=%llx\n", hook_info->orig_func_offset, hook_info->call_offset);
+
+    // Install hook
+    printf("reset_hook: installing hook to 0x%lx (rel32=0x%x)\n", call_addr, call_rel32);
+
+    call_install = call_addr + 1;
+    *(uint32_t *) (call_install) = call_rel32;
+}
+
+int hook_is_development_mode()
+{
+    return 0xc001;
+}
+
+int apply_test_hook()
+{
+    auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+
+    printf("sys_is_development_mode() -> isDevelopmentMode()\n");
+    return install_hook(HOOK_TEST_SYS_IS_DEVELOPMENT_MODE, (void *) &hook_is_development_mode);
+}

Source Code/bootstrapper/Byepervisor/hen/src/kdlsym.cpp

@@ -0,0 +1,87 @@
+#include <stdint.h>
+
+#include "kdlsym.h"
+
+#include "offsets/1_00.h"
+#include "offsets/1_01.h"
+#include "offsets/1_02.h"
+#include "offsets/1_05.h"
+#include "offsets/1_10.h"
+#include "offsets/1_11.h"
+#include "offsets/1_12.h"
+#include "offsets/1_13.h"
+#include "offsets/1_14.h"
+#include "offsets/2_00.h"
+#include "offsets/2_20.h"
+#include "offsets/2_25.h"
+#include "offsets/2_26.h"
+#include "offsets/2_30.h"
+#include "offsets/2_50.h"
+
+uint64_t g_fw_version;
+uint64_t g_kernel_base = 0;
+
+void init_kdlsym(uint64_t fw_ver, uint64_t kernel_base)
+{
+    g_fw_version    = fw_ver;
+    g_kernel_base   = kernel_base;
+}
+
+uint64_t get_fw_version()
+{
+    return g_fw_version;
+}
+
+uint64_t ktext(uint64_t offset)
+{
+    if (g_kernel_base == 0)
+        return 0;
+
+    return g_kernel_base + offset;
+}
+
+uint64_t kdlsym(ksym_t sym)
+{
+    if (g_kernel_base == 0)
+        return 0;
+
+    // Don't overflow sym table
+    if (sym >= KERNEL_SYM_MAX)
+        return 0;
+
+    switch (g_fw_version) {
+    case 0x1000000:
+        return g_kernel_base + g_sym_map_100[sym];
+    case 0x1010000:
+        return g_kernel_base + g_sym_map_101[sym];
+    case 0x1020000:
+        return g_kernel_base + g_sym_map_102[sym];
+    case 0x1050000:
+        return g_kernel_base + g_sym_map_105[sym];
+    case 0x1100000:
+        return g_kernel_base + g_sym_map_110[sym];
+    case 0x1110000:
+        return g_kernel_base + g_sym_map_111[sym];
+    case 0x1120000:
+        return g_kernel_base + g_sym_map_112[sym];
+    case 0x1130000:
+        return g_kernel_base + g_sym_map_113[sym];
+    case 0x1140000:
+        return g_kernel_base + g_sym_map_114[sym];
+    case 0x2000000:
+        return g_kernel_base + g_sym_map_200[sym];
+    case 0x2200000:
+        return g_kernel_base + g_sym_map_220[sym];
+    case 0x2250000:
+        return g_kernel_base + g_sym_map_225[sym];
+    case 0x2260000:
+        return g_kernel_base + g_sym_map_226[sym];
+    case 0x2300000:
+        return g_kernel_base + g_sym_map_230[sym];
+    case 0x2500000:
+    case 0x2700000:
+        return g_kernel_base + g_sym_map_250[sym];
+    }
+
+    return 0;
+}

Source Code/bootstrapper/Byepervisor/hen/src/main.cpp

@@ -0,0 +1,60 @@
+#include <climits>
+#include <stdint.h>
+
+#include "fpkg.h"
+#include "fself.h"
+#include "hook.h"
+#include "kdlsym.h"
+#include "patch_shellcore.h"
+#include "util.h"
+
+struct args
+{
+    uint64_t fptr;
+    uint64_t fw;
+    uint64_t kernel_base;
+};
+
+extern "C" {
+    int kernel_main(void *td, struct args *args);
+}
+
+/**
+ * @brief The kernel sysent entrypoint
+ * 
+ * @param td struct thread* The calling thread
+ * @param args struct args* Syscall arguments
+ * @return int 0 on success, error otherwise
+ */
+int kernel_main(void *td, struct args *args)
+{
+    int ret = -1;
+
+    curthread = td;
+    init_kdlsym(args->fw, args->kernel_base);
+
+    // kdlsym assignments
+    auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+
+    // Reset hooks before installing new ones
+    printf("[HEN] Resetting hooks\n");
+    for (int i = 0; i < HOOK_MAX; i++) {
+        reset_hook((hook_id) i);
+    }
+
+    // Install new hooks
+    printf("[HEN] Applying test hook\n");
+    ret = apply_test_hook();
+    if (ret != 0) {
+        printf("[HEN] Failed to apply test hook\n");
+        return -1;
+    }
+
+    printf("[HEN] Applying fself hooks\n");
+    apply_fself_hooks();
+
+    printf("[HEN] Applying fpkg hooks\n");
+    apply_fpkg_hooks();
+
+    return 0;
+}

Source Code/bootstrapper/Byepervisor/hen/src/patch_shellcore.cpp

@@ -0,0 +1,248 @@
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/uio.h>
+
+#include "kdlsym.h"
+#include "util.h"
+#include "patch_shellcore.h"
+#include "proc.h"
+
+#include "shellcore_patches/1_00.h"
+#include "shellcore_patches/1_02.h"
+#include "shellcore_patches/1_12.h"
+#include "shellcore_patches/1_14.h"
+#include "shellcore_patches/2_00.h"
+#include "shellcore_patches/2_20.h"
+#include "shellcore_patches/2_25.h"
+#include "shellcore_patches/2_26.h"
+#include "shellcore_patches/2_30.h"
+#include "shellcore_patches/2_50.h"
+#include "shellcore_patches/2_70.h"
+
+/**
+ * @brief Implementation of read/write memory for a process (from kernel)
+ * 
+ * @param p struct proc* Process to read/write to/from
+ * @param procAddr off_t Address to read/write to/from
+ * @param sz size_t Size to read/write
+ * @param kAddr void* Kernel buffer
+ * @param ioSz size_t io size
+ * @param write int32_t 1 for write, 0 for read
+ * @return int 0 on success, error otherwise
+ */
+int proc_rw_mem(void *p, off_t procAddr, size_t sz, void *kAddr, size_t *ioSz, int write)
+{
+    // Assign kdlsym
+    auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+    auto debug_rwmem = (int (*)(void *proc, struct uio *uio)) kdlsym(KERNEL_SYM_RW_MEM);
+
+    // Debug logging
+    // printf("proc_rw_mem(%p, 0x%lx, %lx, %p, %p, %d)\n", p, procAddr, sz, kAddr, ioSz, write);
+
+    // Validate process
+    if (!p) {
+        printf("no proc\n");
+        return -1;
+    }
+
+    // Validate process address, and kernel address
+    if (!procAddr || !kAddr) {
+        printf("no addrs\n");
+        return -1;
+    }
+
+    // Validate size
+    if (!sz) {
+        if (ioSz) {
+            *ioSz = 0;
+        }
+        return 0;
+    }
+
+    struct iovec _iov{};
+    struct uio _uio{};
+
+    _iov.iov_base = kAddr;
+    _iov.iov_len = sz;
+
+    _uio.uio_iov = &_iov;
+    _uio.uio_iovcnt = 1;
+    _uio.uio_offset = procAddr;
+    _uio.uio_resid = sz;
+    _uio.uio_segflg = UIO_SYSSPACE;
+    _uio.uio_rw = (write) ? UIO_WRITE : UIO_READ;
+    _uio.uio_td = curthread;
+
+    // Read/Write memory (ignoring faults)
+    // printf("debug_rwmem: try\n");
+    int ret = debug_rwmem(p, &_uio);
+    // printf("debug_rwmem: ret = 0x%x\n", ret);
+
+    if (ioSz) {
+        *ioSz = (sz - _uio.uio_resid);
+    }
+
+    return ret;
+}
+
+/**
+ * @brief Gets the shellcore base address for patching from kernel->user space
+ * 
+ * @param shellcore_proc struct proc* Shellcore process
+ * @return uint64_t Base address of shellcore, or 0 on error
+ */
+uint64_t shellcore_get_addr(void *shellcore_proc)
+{
+    void *vm_map;
+    void *first_entry;
+    void *entry;
+    uint64_t entry_start;
+    uint8_t entry_prot;
+    char *entry_name;
+    uint64_t addr;
+
+    // kdlsym function pointers
+    auto printf                 = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+    auto _vm_map_lock_read      = (void (*)(void *map, const char *file, int line)) kdlsym(KERNEL_SYM_VM_MAP_LOCK_READ);
+    auto _vm_map_unlock_read    = (void (*)(void *map, const char *file, int line)) kdlsym(KERNEL_SYM_VM_MAP_UNLOCK_READ);
+    auto _vm_map_lookup_entry   = (int (*)(void *map, uint64_t offset, void *entry)) kdlsym(KERNEL_SYM_VM_MAP_LOOKUP_ENTRY);
+
+    // Get the process vm map
+    vm_map = get_proc_vmmap(shellcore_proc);
+    // printf("[HEN] [SHELLCORE] vm_map = %p\n", vm_map);
+
+    // Lock the vm map
+    _vm_map_lock_read(vm_map, "", 0);    
+
+    // Lookup the vm map entry
+    if (_vm_map_lookup_entry(vm_map, 0, &entry) != 0) {
+        // On failure log and unlock
+        printf("[HEN] [SHELLCORE] Failed to lookup first entry\n");
+        _vm_map_unlock_read(vm_map, "", 0);
+        return 0;
+    }
+
+    first_entry = entry;
+    addr = 0;
+
+    // Iterate over all of the entries and check the name, offset, and protection
+    do {
+        entry_name  = (char *) ((char *) (entry) + VM_ENTRY_OFFSET_NAME);
+        entry_start = *(uint64_t *) ((char *) (entry) + VM_ENTRY_OFFSET_START);
+        entry_prot  = *(uint8_t *) ((char *) (entry) + VM_ENTRY_OFFSET_PROT);
+
+        printf("  vm entry (start=0x%lx, prot=0x%x), '%s'\n", entry_start, entry_prot, entry_name);
+        entry = (void *) *(uint64_t *) ((char *) (entry) + VM_ENTRY_OFFSET_NEXT);
+
+        if (!strncmp(entry_name, "executable", strlen("executable")) && entry_prot == 4) {
+            // for (int i = 0; i < 0x200; i += 0x8) {
+            //     printf("  +%02x: 0x%lx\n", i, *(uint64_t *) ((char *) (entry) + i));
+            // }
+            addr = entry_start;
+            break;
+        }
+    } while (entry != NULL && entry != first_entry);
+
+    // Unlock the vm map
+    _vm_map_unlock_read(vm_map, "", 0);
+
+    // return the found address
+    return addr;
+}
+
+/**
+ * @brief Applies the shellcore patches in memory
+ * 
+ */
+void apply_shellcore_patches()
+{
+    uint64_t fw_ver;
+    struct patch *patches;
+    struct patch *cur_patch;
+    void *shellcore_proc;
+    uint64_t shellcore_base_addr;
+    int num_patches;
+
+    // Get kdlsym function pointers
+    auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+
+    // Resolve patches for this fw
+    fw_ver = get_fw_version();
+    printf("apply_shellcore_patches: fw_ver = 0x%lx\n", fw_ver);
+
+    switch (fw_ver) {
+    case 0x1000000:
+        patches = (struct patch *) &g_shellcore_patches_100;
+        num_patches = sizeof(g_shellcore_patches_100) / sizeof(struct patch);
+        break;
+    case 0x1010000:
+    case 0x1020000:
+        patches = (struct patch *) &g_shellcore_patches_102;
+        num_patches = sizeof(g_shellcore_patches_102) / sizeof(struct patch);
+        break;
+    case 0x1050000:
+    case 0x1100000:
+    case 0x1110000:
+    case 0x1120000:
+        patches = (struct patch *) &g_shellcore_patches_112;
+        num_patches = sizeof(g_shellcore_patches_112) / sizeof(struct patch);
+        break;
+    case 0x1130000:
+    case 0x1140000:
+        patches = (struct patch *) &g_shellcore_patches_114;
+        num_patches = sizeof(g_shellcore_patches_114) / sizeof(struct patch);
+        break;
+    case 0x2000000:
+        patches = (struct patch *) &g_shellcore_patches_200;
+        num_patches = sizeof(g_shellcore_patches_200) / sizeof(struct patch);
+        break;
+    case 0x2200000:
+        patches = (struct patch *) &g_shellcore_patches_220;
+        num_patches = sizeof(g_shellcore_patches_220) / sizeof(struct patch);
+        break;
+    case 0x2250000:
+        patches = (struct patch *) &g_shellcore_patches_225;
+        num_patches = sizeof(g_shellcore_patches_225) / sizeof(struct patch);
+        break;
+    case 0x2260000:
+        patches = (struct patch *) &g_shellcore_patches_226;
+        num_patches = sizeof(g_shellcore_patches_226) / sizeof(struct patch);
+        break;
+    case 0x2300000:
+        patches = (struct patch *) &g_shellcore_patches_230;
+        num_patches = sizeof(g_shellcore_patches_230) / sizeof(struct patch);
+        break;
+    case 0x2500000:
+        patches = (struct patch *) &g_shellcore_patches_250;
+        num_patches = sizeof(g_shellcore_patches_250) / sizeof(struct patch);
+        break;
+    case 0x2700000:
+        patches = (struct patch *) &g_shellcore_patches_270;
+        num_patches = sizeof(g_shellcore_patches_270) / sizeof(struct patch);
+        break;
+    default:
+        printf("apply_shellcore_patches: don't have offsets for this firmware\n");
+        return;
+    }
+
+    // Get shellcore proc
+    printf("[HEN] [SHELLCORE] Finding shellcore\n");
+    shellcore_proc = find_proc_by_name("SceShellCore");
+    if (shellcore_proc == NULL) {
+        printf("[HEN] [SHELLCORE] Failed to find shellcore\n");
+        return;
+    }
+    printf("[HEN] [SHELLCORE] shellcore proc = %p\n", shellcore_proc);
+
+    // Resolve shellcore base address
+    shellcore_base_addr = shellcore_get_addr(shellcore_proc);
+    printf("[HEN] [SHELLCORE] Found shellcore base = 0x%lx\n", shellcore_base_addr);
+
+    printf("[HEN] [SHELLCORE] Applying shellcore patches...\n");
+    for (int i = 0; i < num_patches; i++) {
+        cur_patch = &patches[i];
+        printf("  offset=0x%lx, size=0x%x, data=%p\n", cur_patch->offset, cur_patch->size, &cur_patch->data);
+
+        proc_rw_mem(shellcore_proc, (shellcore_base_addr + cur_patch->offset), cur_patch->size, (void *) &cur_patch->data, NULL, 1);
+    }
+}

Source Code/bootstrapper/Byepervisor/hen/src/util.cpp

@@ -0,0 +1,129 @@
+#include <stdint.h>
+#include <stddef.h>		   
+
+#include "kdlsym.h"
+#include "proc.h"
+#include "util.h"
+
+
+static uint64_t g_dmap_base = 0;
+void *curthread;
+
+void init_dmap_resolve()
+{
+    uint32_t DMPML4I;
+    uint32_t DMPDPI;
+
+    DMPML4I = *(uint32_t *) (kdlsym(KERNEL_SYM_DMPML4I));
+    DMPDPI  = *(uint32_t *) (kdlsym(KERNEL_SYM_DMPDPI));
+
+    g_dmap_base = ((uint64_t) (DMPDPI) << 30) | ((uint64_t ) (DMPML4I) << 39) | 0xFFFF800000000000;
+}
+
+uint64_t get_dmap_addr(uint64_t pa)
+{
+    // Init dmap resolve if it's not initialized already
+    if (g_dmap_base == 0)
+        init_dmap_resolve();
+
+    return g_dmap_base + pa;
+}
+
+void *find_proc_by_name(const char *name)
+{
+    void *p;
+    char *proc_name;
+    //int proc_pid;
+
+    //auto printf = (void (*)(const char *fmt, ...)) kdlsym(KERNEL_SYM_PRINTF);
+    auto allproc = (void *) *(uint64_t *) kdlsym(KERNEL_SYM_ALLPROC);
+
+    if (!name) {
+        return NULL;
+    }
+
+    //printf("find_proc_by_name: proc0 = %p\n", allproc);
+
+    p = allproc;
+    while (p) {
+        proc_name = (char *) ((char *) (p) + PROC_OFFSET_P_COMM);
+        //proc_pid  = *(int *) ((char *) (p) + PROC_OFFSET_P_PID);
+        //printf("  proc '%s' (pid: 0x%x)\n", proc_name, proc_pid);
+
+        if (!strncmp(proc_name, name, strlen(name))) {
+            return p;
+        }
+
+        p = (void *) *(uint64_t *) p;
+    }
+
+    return NULL;
+}
+
+void *get_proc_vmmap(void *p)
+{
+    return (void *) *(uint64_t *) ((char *) (p) + PROC_OFFSET_P_VMSPACE);
+}
+
+void memcpy(void *dest, const void *src, size_t n)
+{
+    char *csrc = (char *) src;
+    char *cdest = (char *) dest;
+
+    for (size_t i = 0; i < n; i++) {
+        cdest[i] = csrc[i];
+    }
+}
+
+size_t strlen(const char *str)
+{
+    const char *s;
+
+    for (s = str; *s; s++) ;
+    return (s - str);
+}
+
+char *strstr(const char *str, const char *substring)
+{
+    const char *a;
+    const char *b;
+
+    b = substring;
+
+    if (*b == 0) {
+        return (char *) str;
+    }
+
+    for ( ; *str != 0; str += 1) {
+        if (*str != *b) {
+            continue;
+        }
+
+        a = str;
+        while (1) {
+            if (*b == 0) {
+                return (char *) str;
+            }
+            if (*a++ != *b++) {
+                break;
+            }
+        }
+        b = substring;
+    }
+
+    return NULL;
+}
+
+int strncmp(const char * s1, const char * s2, size_t n)
+{
+    while (n && *s1 && (*s1 == *s2)) {
+        ++s1;
+        ++s2;
+        --n;
+    }
+    if (n == 0) {
+        return 0;
+    } else {
+        return (*(unsigned char *) s1 - *(unsigned char *) s2);
+    }
+}

Source Code/bootstrapper/Byepervisor/include/config.h

@@ -0,0 +1,24 @@
+#ifndef CONFIG_H
+#define CONFIG_H
+
+/*
+ * Enable debug logging via TCP connection to PC
+ */
+#define PC_DEBUG_ENABLED                    0
+
+/*
+ * PC IP address for debug logging
+ */
+#define PC_DEBUG_IP                         "10.0.0.143"
+
+/*
+ * PC IP port for debug logging
+ */
+#define PC_DEBUG_PORT                       5655
+
+/*
+ * TCP port to run the RPC server on
+ */
+#define RPC_TCP_PORT                        9002
+
+#endif // CONFIG_H

Source Code/bootstrapper/Byepervisor/include/debug_log.h

@@ -0,0 +1,10 @@
+#ifndef DEBUG_LOG_H
+#define DEBUG_LOG_H
+
+extern int g_debug_sock;
+
+#define SOCK_LOG(format, ...)  
+
+void DumpHex(const void* data, size_t size);
+
+#endif // DEBUG_LOG_H

Source Code/bootstrapper/Byepervisor/include/hen.h

@@ -0,0 +1,17 @@
+/* Autogenerated by hxtools bin2c */
+#ifndef HEN_H
+#define HEN_H 1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern uint8_t KELF[];
+extern uint64_t KELF_SZ;
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+
+#endif /* HEN_H */

Source Code/bootstrapper/Byepervisor/include/kdlsym.h

@@ -0,0 +1,30 @@
+#pragma once
+#ifndef KDLSYM_H
+#define KDLSYM_H
+
+typedef enum {
+    KERNEL_SYM_DMPML4I,
+    KERNEL_SYM_DMPDPI,
+    KERNEL_SYM_PML4PML4I,
+    KERNEL_SYM_PMAP_STORE,
+    KERNEL_SYM_DATA_CAVE,
+    KERNEL_SYM_CODE_CAVE,
+    KERNEL_SYM_PS4_SYSENT,
+    KERNEL_SYM_PPR_SYSENT,
+    KERNEL_SYM_GADGET_JMP_PTR_RSI,
+    KERNEL_SYM_MAX
+} ksym_t;
+
+typedef enum {
+    KERNEL_PATCH_HAS_MMAP_SELF_CAPABILITY,
+    KERNEL_PATCH_IS_ALLOWED_TO_MMAP_SELF,
+    KERNEL_PATCH_MMAP_SELF_CALL_IS_LOADABLE,
+    KERNEL_PATCH_SYS_GETGID,
+    KERNEL_PATCH_MAX
+} kpatch_t;
+
+uint64_t kdlsym(ksym_t sym);
+uint64_t kdlpatch(kpatch_t patch);
+uint64_t ktext(uint64_t offset);
+
+#endif // KDLSYM_H

Source Code/bootstrapper/Byepervisor/include/kexec.h

@@ -0,0 +1,27 @@
+#pragma once
+#ifndef KEXEC_H
+#define KEXEC_H
+
+struct sysent {
+    uint32_t n_arg;             // 0x00
+    uint32_t pad_04h;           // 0x04
+    uint64_t sy_call;           // 0x08
+    uint64_t sy_auevent;        // 0x10
+    uint64_t sy_systrace_args;  // 0x18
+    uint32_t sy_entry;          // 0x20
+    uint32_t sy_return;         // 0x24
+    uint32_t sy_flags;          // 0x28
+    uint32_t sy_thrcnt;         // 0x2C
+};
+
+struct kexec_args {
+    uint64_t fptr;              // 0x00
+    uint64_t fw;                // 0x08
+    uint64_t kernel_base;       // 0x10
+};
+
+void install_custom_syscall(int sysc, uint32_t num_args, uint64_t gadget);
+void install_kexec();
+int kexec(uint64_t fptr);
+
+#endif // KEXEC_H

Source Code/bootstrapper/Byepervisor/include/mirror.h

@@ -0,0 +1,10 @@
+#ifndef MIRROR_H
+#define MIRROR_H
+
+void *mirror_page(uint64_t kernel_va);
+void *mirror_page_no_store(uint64_t kernel_va);
+void *mirror_page_range(uint64_t kernel_va, int num_pages);
+void *get_mirrored_addr(uint64_t kernel_va);
+void reset_mirrors();
+
+#endif // MIRROR_H

Source Code/bootstrapper/Byepervisor/include/offsets/1_00.h

@@ -0,0 +1,23 @@
+#ifndef OFFSETS_1_00_H
+#define OFFSETS_1_00_H
+
+uint64_t g_sym_map_100[] = {
+    0x4ADF540,          // KERNEL_SYM_DMPML4I
+    0x4ADF544,          // KERNEL_SYM_DMPDPI
+    0x4ADF29C,          // KERNEL_SYM_PML4PML4I
+    0x4ADF2B8,          // KERNEL_SYM_PMAP_STORE
+    0x7980000,          // KERNEL_SYM_DATA_CAVE
+    0x0044000,          // KERNEL_SYM_CODE_CAVE
+    0x1CA25B0,          // KERNEL_SYM_PS4_SYSENT
+    0x1CAA7B0,          // KERNEL_SYM_PPR_SYSENT
+    0x0042000,          // KERNEL_SYM_GADGET_JMP_PTR_RSI
+};
+
+uint64_t g_patch_map_100[] = {
+    0x05A9710,          // KERNEL_PATCH_HAS_MMAP_SELF_CAPABILITY
+    0x05A9720,          // KERNEL_PATCH_IS_ALLOWED_TO_MMAP_SELF
+    0x0981099,          // KERNEL_PATCH_MMAP_SELF_CALL_IS_LOADABLE
+    0x02F17A0,          // KERNEL_PATCH_SYS_GETGID
+};
+
+#endif // OFFSETS_1_00_H

Source Code/bootstrapper/Byepervisor/include/offsets/1_01.h

@@ -0,0 +1,23 @@
+#ifndef OFFSETS_1_01_H
+#define OFFSETS_1_01_H
+
+uint64_t g_sym_map_101[] = {
+    0x4ADF540,          // KERNEL_SYM_DMPML4I
+    0x4ADF544,          // KERNEL_SYM_DMPDPI
+    0x4ADF29C,          // KERNEL_SYM_PML4PML4I
+    0x4ADF2B8,          // KERNEL_SYM_PMAP_STORE
+    0x7980000,          // KERNEL_SYM_DATA_CAVE
+    0x0044000,          // KERNEL_SYM_CODE_CAVE
+    0x1CA25B0,          // KERNEL_SYM_PS4_SYSENT
+    0x1CAA7B0,          // KERNEL_SYM_PPR_SYSENT
+    0x0042000,          // KERNEL_SYM_GADGET_JMP_PTR_RSI
+};
+
+uint64_t g_patch_map_101[] = {
+    0x05A9730,          // KERNEL_PATCH_HAS_MMAP_SELF_CAPABILITY
+    0x05A9740,          // KERNEL_PATCH_IS_ALLOWED_TO_MMAP_SELF
+    0x0981109,          // KERNEL_PATCH_MMAP_SELF_CALL_IS_LOADABLE
+    0x02F17A0,          // KERNEL_PATCH_SYS_GETGID
+};
+
+#endif // OFFSETS_1_01_H

Source Code/bootstrapper/Byepervisor/include/offsets/1_02.h

@@ -0,0 +1,23 @@
+#ifndef OFFSETS_1_02_H
+#define OFFSETS_1_02_H
+
+uint64_t g_sym_map_102[] = {
+    0x4ADF540,          // KERNEL_SYM_DMPML4I
+    0x4ADF544,          // KERNEL_SYM_DMPDPI
+    0x4ADF29C,          // KERNEL_SYM_PML4PML4I
+    0x4ADF2B8,          // KERNEL_SYM_PMAP_STORE
+    0x7980000,          // KERNEL_SYM_DATA_CAVE
+    0x0044000,          // KERNEL_SYM_CODE_CAVE
+    0x1CA25B0,          // KERNEL_SYM_PS4_SYSENT
+    0x1CAA7B0,          // KERNEL_SYM_PPR_SYSENT
+    0x0042000,          // KERNEL_SYM_GADGET_JMP_PTR_RSI
+};
+
+uint64_t g_patch_map_102[] = {
+    0x05A9740,          // KERNEL_PATCH_HAS_MMAP_SELF_CAPABILITY
+    0x05A9750,          // KERNEL_PATCH_IS_ALLOWED_TO_MMAP_SELF
+    0x09810C9,          // KERNEL_PATCH_MMAP_SELF_CALL_IS_LOADABLE
+    0x02F17A0,          // KERNEL_PATCH_SYS_GETGID
+};
+
+#endif // OFFSETS_1_02_H

Source Code/bootstrapper/Byepervisor/include/offsets/1_05.h

@@ -0,0 +1,23 @@
+#ifndef OFFSETS_1_05_H
+#define OFFSETS_1_05_H
+
+uint64_t g_sym_map_105[] = {
+    0x4ADF5B0,          // KERNEL_SYM_DMPML4I
+    0x4ADF5B4,          // KERNEL_SYM_DMPDPI
+    0x4ADF30C,          // KERNEL_SYM_PML4PML4I
+    0x4ADF328,          // KERNEL_SYM_PMAP_STORE
+    0x7980000,          // KERNEL_SYM_DATA_CAVE
+    0x0044000,          // KERNEL_SYM_CODE_CAVE
+    0x1CA2690,          // KERNEL_SYM_PS4_SYSENT
+    0x1CAA890,          // KERNEL_SYM_PPR_SYSENT
+    0x0042000,          // KERNEL_SYM_GADGET_JMP_PTR_RSI
+};
+
+uint64_t g_patch_map_105[] = {
+    0x05A9C20,          // KERNEL_PATCH_HAS_MMAP_SELF_CAPABILITY
+    0x05A9C30,          // KERNEL_PATCH_IS_ALLOWED_TO_MMAP_SELF
+    0x0981909,          // KERNEL_PATCH_MMAP_SELF_CALL_IS_LOADABLE
+    0x02F17D0,          // KERNEL_PATCH_SYS_GETGID
+};
+
+#endif // OFFSETS_1_05_H

Source Code/bootstrapper/Byepervisor/include/offsets/1_10.h

@@ -0,0 +1,23 @@
+#ifndef OFFSETS_1_10_H
+#define OFFSETS_1_10_H
+
+uint64_t g_sym_map_110[] = {
+    0x4ADF5B0,          // KERNEL_SYM_DMPML4I
+    0x4ADF5B4,          // KERNEL_SYM_DMPDPI
+    0x4ADF30C,          // KERNEL_SYM_PML4PML4I
+    0x4ADF328,          // KERNEL_SYM_PMAP_STORE
+    0x7980000,          // KERNEL_SYM_DATA_CAVE
+    0x0044000,          // KERNEL_SYM_CODE_CAVE
+    0x1CA2690,          // KERNEL_SYM_PS4_SYSENT
+    0x1CAA890,          // KERNEL_SYM_PPR_SYSENT
+    0x0042000,          // KERNEL_SYM_GADGET_JMP_PTR_RSI
+};
+
+uint64_t g_patch_map_110[] = {
+    0x05A9C60,          // KERNEL_PATCH_HAS_MMAP_SELF_CAPABILITY
+    0x05A9C70,          // KERNEL_PATCH_IS_ALLOWED_TO_MMAP_SELF
+    0x0981919,          // KERNEL_PATCH_MMAP_SELF_CALL_IS_LOADABLE
+    0x02F1810,          // KERNEL_PATCH_SYS_GETGID
+};
+
+#endif // OFFSETS_1_10_H

Source Code/bootstrapper/Byepervisor/include/offsets/1_11.h

@@ -0,0 +1,23 @@
+#ifndef OFFSETS_1_11_H
+#define OFFSETS_1_11_H
+
+uint64_t g_sym_map_111[] = {
+    0x4ADF5B0,          // KERNEL_SYM_DMPML4I
+    0x4ADF5B4,          // KERNEL_SYM_DMPDPI
+    0x4ADF30C,          // KERNEL_SYM_PML4PML4I
+    0x4ADF328,          // KERNEL_SYM_PMAP_STORE
+    0x7980000,          // KERNEL_SYM_DATA_CAVE
+    0x0044000,          // KERNEL_SYM_CODE_CAVE
+    0x1CA2690,          // KERNEL_SYM_PS4_SYSENT
+    0x1CAA890,          // KERNEL_SYM_PPR_SYSENT
+    0x0042000,          // KERNEL_SYM_GADGET_JMP_PTR_RSI
+};
+
+uint64_t g_patch_map_111[] = {
+    0x05A9C80,          // KERNEL_PATCH_HAS_MMAP_SELF_CAPABILITY
+    0x05A9C90,          // KERNEL_PATCH_IS_ALLOWED_TO_MMAP_SELF
+    0x0981A69,          // KERNEL_PATCH_MMAP_SELF_CALL_IS_LOADABLE
+    0x02F1810,          // KERNEL_PATCH_SYS_GETGID
+};
+
+#endif // OFFSETS_1_11_H

Source Code/bootstrapper/Byepervisor/include/offsets/1_12.h

@@ -0,0 +1,23 @@
+#ifndef OFFSETS_1_12_H
+#define OFFSETS_1_12_H
+
+uint64_t g_sym_map_112[] = {
+    0x4ADF5B0,          // KERNEL_SYM_DMPML4I
+    0x4ADF5B4,          // KERNEL_SYM_DMPDPI
+    0x4ADF30C,          // KERNEL_SYM_PML4PML4I
+    0x4ADF328,          // KERNEL_SYM_PMAP_STORE
+    0x7980000,          // KERNEL_SYM_DATA_CAVE
+    0x0044000,          // KERNEL_SYM_CODE_CAVE
+    0x1CA2690,          // KERNEL_SYM_PS4_SYSENT
+    0x1CAA890,          // KERNEL_SYM_PPR_SYSENT
+    0x0042000,          // KERNEL_SYM_GADGET_JMP_PTR_RSI
+};
+
+uint64_t g_patch_map_112[] = {
+    0x05A9CF0,          // KERNEL_PATCH_HAS_MMAP_SELF_CAPABILITY
+    0x05A9D00,          // KERNEL_PATCH_IS_ALLOWED_TO_MMAP_SELF
+    0x0981BB9,          // KERNEL_PATCH_MMAP_SELF_CALL_IS_LOADABLE
+    0x02F1810,          // KERNEL_PATCH_SYS_GETGID
+};
+
+#endif // OFFSETS_1_12_H

Source Code/bootstrapper/Byepervisor/include/offsets/1_13.h

@@ -0,0 +1,23 @@
+#ifndef OFFSETS_1_13_H
+#define OFFSETS_1_13_H
+
+uint64_t g_sym_map_113[] = {
+    0x4ADF5B0,          // KERNEL_SYM_DMPML4I
+    0x4ADF5B4,          // KERNEL_SYM_DMPDPI
+    0x4ADF30C,          // KERNEL_SYM_PML4PML4I
+    0x4ADF328,          // KERNEL_SYM_PMAP_STORE
+    0x7980000,          // KERNEL_SYM_DATA_CAVE
+    0x0044000,          // KERNEL_SYM_CODE_CAVE
+    0x1CA2690,          // KERNEL_SYM_PS4_SYSENT
+    0x1CAA890,          // KERNEL_SYM_PPR_SYSENT
+    0x0042000,          // KERNEL_SYM_GADGET_JMP_PTR_RSI
+};
+
+uint64_t g_patch_map_113[] = {
+    0x05A9CF0,          // KERNEL_PATCH_HAS_MMAP_SELF_CAPABILITY
+    0x05A9D00,          // KERNEL_PATCH_IS_ALLOWED_TO_MMAP_SELF
+    0x0981B89,          // KERNEL_PATCH_MMAP_SELF_CALL_IS_LOADABLE
+    0x02F1810,          // KERNEL_PATCH_SYS_GETGID
+};
+
+#endif // OFFSETS_1_13_H

Source Code/bootstrapper/Byepervisor/include/offsets/1_14.h

@@ -0,0 +1,23 @@
+#ifndef OFFSETS_1_14_H
+#define OFFSETS_1_14_H
+
+uint64_t g_sym_map_114[] = {
+    0x4ADF5B0,          // KERNEL_SYM_DMPML4I
+    0x4ADF5B4,          // KERNEL_SYM_DMPDPI
+    0x4ADF30C,          // KERNEL_SYM_PML4PML4I
+    0x4ADF328,          // KERNEL_SYM_PMAP_STORE
+    0x7980000,          // KERNEL_SYM_DATA_CAVE
+    0x0044000,          // KERNEL_SYM_CODE_CAVE
+    0x1CA2690,          // KERNEL_SYM_PS4_SYSENT
+    0x1CAA890,          // KERNEL_SYM_PPR_SYSENT
+    0x0042000,          // KERNEL_SYM_GADGET_JMP_PTR_RSI
+};
+
+uint64_t g_patch_map_114[] = {
+    0x05A9D10,          // KERNEL_PATCH_HAS_MMAP_SELF_CAPABILITY
+    0x05A9D20,          // KERNEL_PATCH_IS_ALLOWED_TO_MMAP_SELF
+    0x0982139,          // KERNEL_PATCH_MMAP_SELF_CALL_IS_LOADABLE
+    0x02F1810,          // KERNEL_PATCH_SYS_GETGID
+};
+
+#endif // OFFSETS_1_14_H

Source Code/bootstrapper/Byepervisor/include/offsets/2_00.h

@@ -0,0 +1,23 @@
+#ifndef OFFSETS_2_00_H
+#define OFFSETS_2_00_H
+
+uint64_t g_sym_map_200[] = {
+    0x4CB3B50,          // KERNEL_SYM_DMPML4I
+    0x4CB3B54,          // KERNEL_SYM_DMPDPI
+    0x4CB38AC,          // KERNEL_SYM_PML4PML4I
+    0x4CB38C8,          // KERNEL_SYM_PMAP_STORE
+    0x7C40000,          // KERNEL_SYM_DATA_CAVE
+    0x0044000,          // KERNEL_SYM_CODE_CAVE
+    0x1CDE4F0,          // KERNEL_SYM_PS4_SYSENT
+    0x1CE6D10,          // KERNEL_SYM_PPR_SYSENT
+    0x0042000,          // KERNEL_SYM_GADGET_JMP_PTR_RSI
+};
+
+uint64_t g_patch_map_200[] = {
+    0x0580860,          // KERNEL_PATCH_HAS_MMAP_SELF_CAPABILITY
+    0x0580870,          // KERNEL_PATCH_IS_ALLOWED_TO_MMAP_SELF
+    0x09A5F49,          // KERNEL_PATCH_MMAP_SELF_CALL_IS_LOADABLE
+    0x02A69B0,          // KERNEL_PATCH_SYS_GETGID
+};
+
+#endif // OFFSETS_2_00_H

Source Code/bootstrapper/Byepervisor/include/offsets/2_20.h

@@ -0,0 +1,23 @@
+#ifndef OFFSETS_2_20_H
+#define OFFSETS_2_20_H
+
+uint64_t g_sym_map_220[] = {
+    0x4CB3B50,          // KERNEL_SYM_DMPML4I
+    0x4CB3B54,          // KERNEL_SYM_DMPDPI
+    0x4CB38AC,          // KERNEL_SYM_PML4PML4I
+    0x4CB38C8,          // KERNEL_SYM_PMAP_STORE
+    0x7C40000,          // KERNEL_SYM_DATA_CAVE
+    0x0044000,          // KERNEL_SYM_CODE_CAVE
+    0x1CDE5B0,          // KERNEL_SYM_PS4_SYSENT
+    0x1CE6DD0,          // KERNEL_SYM_PPR_SYSENT
+    0x0042000,          // KERNEL_SYM_GADGET_JMP_PTR_RSI
+};
+
+uint64_t g_patch_map_220[] = {
+    0x05809D0,          // KERNEL_PATCH_HAS_MMAP_SELF_CAPABILITY
+    0x05809E0,          // KERNEL_PATCH_IS_ALLOWED_TO_MMAP_SELF
+    0x09A6409,          // KERNEL_PATCH_MMAP_SELF_CALL_IS_LOADABLE
+    0x02A69F0,          // KERNEL_PATCH_SYS_GETGID
+};
+
+#endif // OFFSETS_2_20_H

Source Code/bootstrapper/Byepervisor/include/offsets/2_25.h

@@ -0,0 +1,23 @@
+#ifndef OFFSETS_2_25_H
+#define OFFSETS_2_25_H
+
+uint64_t g_sym_map_225[] = {
+    0x4CB3B50,          // KERNEL_SYM_DMPML4I
+    0x4CB3B54,          // KERNEL_SYM_DMPDPI
+    0x4CB38AC,          // KERNEL_SYM_PML4PML4I
+    0x4CB38C8,          // KERNEL_SYM_PMAP_STORE
+    0x7C40000,          // KERNEL_SYM_DATA_CAVE
+    0x0044000,          // KERNEL_SYM_CODE_CAVE
+    0x1CDE5B0,          // KERNEL_SYM_PS4_SYSENT
+    0x1CE6DD0,          // KERNEL_SYM_PPR_SYSENT
+    0x0042000,          // KERNEL_SYM_GADGET_JMP_PTR_RSI
+};
+
+uint64_t g_patch_map_225[] = {
+    0x0580A80,          // KERNEL_PATCH_HAS_MMAP_SELF_CAPABILITY
+    0x0580A90,          // KERNEL_PATCH_IS_ALLOWED_TO_MMAP_SELF
+    0x09A64B9,          // KERNEL_PATCH_MMAP_SELF_CALL_IS_LOADABLE
+    0x02A69F0,          // KERNEL_PATCH_SYS_GETGID
+};
+
+#endif // OFFSETS_2_25_H

Source Code/bootstrapper/Byepervisor/include/offsets/2_26.h

@@ -0,0 +1,23 @@
+#ifndef OFFSETS_2_26_H
+#define OFFSETS_2_26_H
+
+uint64_t g_sym_map_226[] = {
+    0x4CB3B50,          // KERNEL_SYM_DMPML4I
+    0x4CB3B54,          // KERNEL_SYM_DMPDPI
+    0x4CB38AC,          // KERNEL_SYM_PML4PML4I
+    0x4CB38C8,          // KERNEL_SYM_PMAP_STORE
+    0x7C40000,          // KERNEL_SYM_DATA_CAVE
+    0x0044000,          // KERNEL_SYM_CODE_CAVE
+    0x1CDE5B0,          // KERNEL_SYM_PS4_SYSENT
+    0x1CE6DD0,          // KERNEL_SYM_PPR_SYSENT
+    0x0042000,          // KERNEL_SYM_GADGET_JMP_PTR_RSI
+};
+
+uint64_t g_patch_map_226[] = {
+    0x0580A80,          // KERNEL_PATCH_HAS_MMAP_SELF_CAPABILITY
+    0x0580A90,          // KERNEL_PATCH_IS_ALLOWED_TO_MMAP_SELF
+    0x09A64E9,          // KERNEL_PATCH_MMAP_SELF_CALL_IS_LOADABLE
+    0x02A69F0,          // KERNEL_PATCH_SYS_GETGID
+};
+
+#endif // OFFSETS_2_26_H

Source Code/bootstrapper/Byepervisor/include/offsets/2_30.h

@@ -0,0 +1,23 @@
+#ifndef OFFSETS_2_30_H
+#define OFFSETS_2_30_H
+
+uint64_t g_sym_map_230[] = {
+    0x4CB3B50,          // KERNEL_SYM_DMPML4I
+    0x4CB3B54,          // KERNEL_SYM_DMPDPI
+    0x4CB38AC,          // KERNEL_SYM_PML4PML4I
+    0x4CB38C8,          // KERNEL_SYM_PMAP_STORE
+    0x7C40000,          // KERNEL_SYM_DATA_CAVE
+    0x0044000,          // KERNEL_SYM_CODE_CAVE
+    0x1CDE5C0,          // KERNEL_SYM_PS4_SYSENT
+    0x1CE6DE0,          // KERNEL_SYM_PPR_SYSENT
+    0x0042000,          // KERNEL_SYM_GADGET_JMP_PTR_RSI
+};
+
+uint64_t g_patch_map_230[] = {
+    0x0580D50,          // KERNEL_PATCH_HAS_MMAP_SELF_CAPABILITY
+    0x0580D60,          // KERNEL_PATCH_IS_ALLOWED_TO_MMAP_SELF
+    0x09A67B9,          // KERNEL_PATCH_MMAP_SELF_CALL_IS_LOADABLE
+    0x02A66D0,          // KERNEL_PATCH_SYS_GETGID
+};
+
+#endif // OFFSETS_2_30_H

Source Code/bootstrapper/Byepervisor/include/offsets/2_50.h

@@ -0,0 +1,23 @@
+#ifndef OFFSETS_2_50_H
+#define OFFSETS_2_50_H
+
+uint64_t g_sym_map_250[] = {
+    0x4CB3B50,          // KERNEL_SYM_DMPML4I
+    0x4CB3B54,          // KERNEL_SYM_DMPDPI
+    0x4CB38AC,          // KERNEL_SYM_PML4PML4I
+    0x4CB38C8,          // KERNEL_SYM_PMAP_STORE
+    0x7C40000,          // KERNEL_SYM_DATA_CAVE
+    0x0044000,          // KERNEL_SYM_CODE_CAVE
+    0x1CDE5E0,          // KERNEL_SYM_PS4_SYSENT
+    0x1CE6E00,          // KERNEL_SYM_PPR_SYSENT
+    0x0042000,          // KERNEL_SYM_GADGET_JMP_PTR_RSI
+};
+
+uint64_t g_patch_map_250[] = {
+    0x0580EB0,          // KERNEL_PATCH_HAS_MMAP_SELF_CAPABILITY
+    0x0580EC0,          // KERNEL_PATCH_IS_ALLOWED_TO_MMAP_SELF
+    0x09A6A59,          // KERNEL_PATCH_MMAP_SELF_CALL_IS_LOADABLE
+    0x02A67D0,          // KERNEL_PATCH_SYS_GETGID
+};
+
+#endif // OFFSETS_2_50_H

Source Code/bootstrapper/Byepervisor/include/paging.h

@@ -0,0 +1,59 @@
+#ifndef PAGING_H
+#define PAGING_H
+
+enum pde_shift {
+    PDE_PRESENT = 0,
+    PDE_RW,
+    PDE_USER,
+    PDE_WRITE_THROUGH,
+    PDE_CACHE_DISABLE,
+    PDE_ACCESSED,
+    PDE_DIRTY,
+    PDE_PS,
+    PDE_GLOBAL,
+    PDE_XOTEXT = 58,
+    PDE_PROTECTION_KEY = 59,
+    PDE_EXECUTE_DISABLE = 63
+};
+
+#define PDE_PRESENT_MASK                1UL
+#define PDE_RW_MASK                     1UL
+#define PDE_USER_MASK                   1UL
+#define PDE_WRITE_THROUGH_MASK          1UL
+#define PDE_CACHE_DISABLE_MASK          1UL
+#define PDE_ACCESSED_MASK               1UL
+#define PDE_DIRTY_MASK                  1UL
+#define PDE_PS_MASK                     1UL
+#define PDE_GLOBAL_MASK                 1UL
+#define PDE_XOTEXT_MASK                 1UL
+#define PDE_PROTECTION_KEY_MASK         0xFUL
+#define PDE_EXECUTE_DISABLE_MASK        1UL
+#define PDE_ADDR_MASK                   0xffffffffff800ULL  // bits [12, 51]
+
+#define PDE_FIELD(pde, name)            (((pde) >> PDE_##name) & PDE_##name##_MASK)
+#define PDE_ADDR(pde)                   (pde & PDE_ADDR_MASK)
+#define SET_PDE_FIELD(pde, name, val)   (pde |= (val << PDE_##name))
+#define SET_PDE_BIT(pde, name)          (pde |= (PDE_##name##_MASK << PDE_##name))
+#define CLEAR_PDE_BIT(pde, name)        (pde &= ~(PDE_##name##_MASK << PDE_##name))
+#define SET_PDE_ADDR(pde, addr)         do { \
+                                            pde &= ~(PDE_ADDR_MASK); \
+                                            pde |= (addr & PDE_ADDR_MASK); \
+                                        } while (0)
+
+#define KERNEL_OFFSET_PROC_P_VMSPACE    0x200
+#define KERNEL_OFFSET_VMSPACE_VM_PMAP   0x1D0
+#define KERNEL_OFFSET_PMAP_PM_PML4      0x020
+
+uint64_t get_proc_pmap();
+uint64_t pmap_kextract(uint64_t va);
+uint64_t get_dmap_addr(uint64_t pa);
+
+uint64_t find_pml4e(uint64_t pmap, uint64_t va, uint64_t *out_pml4e);
+uint64_t find_pdpe(uint64_t pmap, uint64_t va, uint64_t *out_pdpe);
+uint64_t find_pde(uint64_t pmap, uint64_t va, uint64_t *out_pde);
+uint64_t find_pte(uint64_t pmap, uint64_t va, uint64_t *out_pte);
+
+int downgrade_kernel_superpages(uint64_t va, uint64_t kernel_pt_addr);
+uint64_t remap_page(uint64_t pmap, uint64_t va, uint64_t new_pa);
+
+#endif // PAGING_H

Source Code/bootstrapper/Byepervisor/include/patches/1_00.h

@@ -0,0 +1,178 @@
+#ifndef PATCHES_1_00_H
+#define PATCHES_1_00_H
+
+#include "patch_common.h"
+
+struct hook g_kernel_hooks_100[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        "sys_is_development_mode() -> isDevelopmentMode()",
+        0x44000,
+        0x9071AB
+    },
+};
+
+struct patch g_kernel_patches_100[] = {
+    {
+        /*
+            mov qword ptr [rdi + 0x408], 0xc0ffee;
+            xor eax, eax;
+            ret
+        */
+        "sys_getgid()", 
+        0x2f17a0, 
+        "\x48\xC7\x87\x08\x04\x00\x00\xEE\xFF\xC0\x00\x31\xC0\xC3",
+        14 
+    }, 
+    {
+        // mov eax, 1; ret
+        "sceSblACMgrHasMmapSelfCapability()", 
+        0x5a9710, 
+        "\xB8\x01\x00\x00\x00\xC3", 
+        6 
+    }, 
+    {
+        // mov eax, 1; ret
+        "sceSblACMgrIsAllowedToMmapSelf()", 
+        0x5a9720, 
+        "\xB8\x01\x00\x00\x00\xC3", 
+        6
+    }, 
+    {
+        // xor eax, eax; 3x nop
+        "vm_mmap sceSblAuthMgrIsLoadable() call", 
+        0x981099, 
+        "\x31\xC0\x90\x90\x90", 
+        5
+    }, 
+    {
+        // xor eax, eax; ret
+        "cfi_check_fail()",
+        0x4587e0,
+        "\xC3",
+        1
+    }, 
+    {
+        // jmp qword ptr [rsi]
+        "kexec trampoline gadget",
+        0x0042000,
+        "\xFF\x26",
+        2
+    }, 
+    {
+        "sysveri flag",
+        0x40b0d20,
+        "\x00",
+        1
+    }, 
+    {
+        "panic patch 1",
+        0x721d40,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 2",
+        0x40514b,
+        "\xEB\xFE",
+        2
+    }, 
+    {
+        "panic patch 3",
+        0x7223b0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 4",
+        0x7228a0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 5",
+        0x722450,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 6",
+        0x7225a0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 7",
+        0x722720,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 8",
+        0x722950,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 9",
+        0x722a10,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 10",
+        0x722ad0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 11",
+        0x722ba0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 12",
+        0x722c70,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 13",
+        0x722d50,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 14",
+        0x71d12e,
+        "\xB8\x00\x00\x00\x00",
+        5
+    }, 
+    {
+        "panic patch 15",
+        0x71d15b,
+        "\xB8\x00\x00\x00\x00",
+        5
+    },	
+	{
+        "MMAP_RWX_PATCH_1",
+        0x97F914,
+        "\xF7",
+        1
+    },
+	{
+        "MMAP_RWX_PATCH_1",
+        0x97F997,
+        "\xF7",
+        1
+    },
+	{
+        "MPTROTECT_PATCH",
+        0x312A01,
+        "\x00\x00\x00\x00",
+        4
+    }
+};
+
+#endif // PATCHES_1_00_H

Source Code/bootstrapper/Byepervisor/include/patches/1_01.h

@@ -0,0 +1,172 @@
+#ifndef PATCHES_1_01_H
+#define PATCHES_1_01_H
+
+#include "patch_common.h"
+
+struct hook g_kernel_hooks_101[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        "sys_is_development_mode() -> isDevelopmentMode()",
+        0x44000,
+        0x90720B
+    },
+};
+
+struct patch g_kernel_patches_101[] = {
+    {
+        /*
+            mov qword ptr [rdi + 0x408], 0xc0ffee;
+            xor eax, eax;
+            ret
+        */
+        "sys_getgid()", 
+        0x2f17a0, 
+        "\x48\xC7\x87\x08\x04\x00\x00\xEE\xFF\xC0\x00\x31\xC0\xC3",
+        14 
+    }, 
+    {
+        // mov eax, 1; ret
+        "sceSblACMgrHasMmapSelfCapability()", 
+        0x5a9730, 
+        "\xB8\x01\x00\x00\x00\xC3", 
+        6 
+    }, 
+    {
+        // mov eax, 1; ret
+        "sceSblACMgrIsAllowedToMmapSelf()", 
+        0x5a9740, 
+        "\xB8\x01\x00\x00\x00\xC3", 
+        6
+    }, 
+    {
+        // xor eax, eax; 3x nop
+        "vm_mmap sceSblAuthMgrIsLoadable() call", 
+        0x981109, 
+        "\x31\xC0\x90\x90\x90", 
+        5
+    }, 
+    {
+        // xor eax, eax; ret
+        "cfi_check_fail()",
+        0x4587e0,
+        "\xC3",
+        1
+    }, 
+    {
+        // jmp qword ptr [rsi]
+        "kexec trampoline gadget",
+        0x0042000,
+        "\xFF\x26",
+        2
+    }, 
+    {
+        "sysveri flag",
+        0x40b0d20,
+        "\x00",
+        1
+    }, 
+    {
+        "panic patch 1",
+        0x721db0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 2",
+        0x40514b,
+        "\xEB\xFE",
+        2
+    }, 
+    {
+        "panic patch 3",
+        0x722420,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 4",
+        0x722910,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 5",
+        0x7224C0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 6",
+        0x722610,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 7",
+        0x722790,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 8",
+        0x7229C0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 9",
+        0x722A80,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 10",
+        0x722B40,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 11",
+        0x722C10,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 12",
+        0x722CE0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 13",
+        0x722DC0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 14",
+        0x71D19E,
+        "\xB8\x00\x00\x00\x00",
+        5
+    },	
+	{
+        "MMAP_RWX_PATCH_1",
+        0x97F984,
+        "\xF7",
+        1
+    },
+	{
+        "MMAP_RWX_PATCH_1",
+        0x97FA07,
+        "\xF7",
+        1
+    },
+	{
+        "MPTROTECT_PATCH",
+        0x312A01,
+        "\x00\x00\x00\x00",
+        4
+    }
+};
+
+#endif // PATCHES_1_01_H

Source Code/bootstrapper/Byepervisor/include/patches/1_02.h

@@ -0,0 +1,178 @@
+#ifndef PATCHES_1_02_H
+#define PATCHES_1_02_H
+
+#include "patch_common.h"
+
+struct hook g_kernel_hooks_102[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        "sys_is_development_mode() -> isDevelopmentMode()",
+        0x44000,
+        0x9071CB
+    },
+};
+
+struct patch g_kernel_patches_102[] = {
+    {
+        /*
+            mov qword ptr [rdi + 0x408], 0xc0ffee;
+            xor eax, eax;
+            ret
+        */
+        "sys_getgid()", 
+        0x2f17a0, 
+        "\x48\xC7\x87\x08\x04\x00\x00\xEE\xFF\xC0\x00\x31\xC0\xC3",
+        14 
+    }, 
+    {
+        // mov eax, 1; ret
+        "sceSblACMgrHasMmapSelfCapability()", 
+        0x5a9740, 
+        "\xB8\x01\x00\x00\x00\xC3", 
+        6 
+    }, 
+    {
+        // mov eax, 1; ret
+        "sceSblACMgrIsAllowedToMmapSelf()", 
+        0x5a9750, 
+        "\xB8\x01\x00\x00\x00\xC3", 
+        6
+    }, 
+    {
+        // xor eax, eax; 3x nop
+        "vm_mmap sceSblAuthMgrIsLoadable() call", 
+        0x9810c9, 
+        "\x31\xC0\x90\x90\x90", 
+        5
+    }, 
+    {
+        // xor eax, eax; ret
+        "cfi_check_fail()",
+        0x4587e0,
+        "\xC3",
+        1
+    }, 
+    {
+        // jmp qword ptr [rsi]
+        "kexec trampoline gadget",
+        0x0042000,
+        "\xFF\x26",
+        2
+    }, 
+    {
+        "sysveri flag",
+        0x40b0d20,
+        "\x00",
+        1
+    }, 
+    {
+        "panic patch 1",
+        0x721d70,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 2",
+        0x40514b,
+        "\xEB\xFE",
+        2
+    }, 
+    {
+        "panic patch 3",
+        0x7223e0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 4",
+        0x7228d0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 5",
+        0x722480,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 6",
+        0x7225d0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 7",
+        0x722750,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 8",
+        0x722980,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 9",
+        0x722a40,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 10",
+        0x722b00,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 11",
+        0x722bd0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 12",
+        0x722ca0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 13",
+        0x722d80,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 14",
+        0x71d15e,
+        "\xB8\x00\x00\x00\x00",
+        5
+    }, 
+    {
+        "panic patch 15",
+        0x71d18b,
+        "\xB8\x00\x00\x00\x00",
+        5
+    },	
+	{
+        "MMAP_RWX_PATCH_1",
+        0x97F944,
+        "\xF7",
+        1
+    },
+	{
+        "MMAP_RWX_PATCH_1",
+        0x97F9C7,
+        "\xF7",
+        1
+    },
+	{
+        "MPTROTECT_PATCH",
+        0x312A01,
+        "\x00\x00\x00\x00",
+        4
+    }
+};
+
+#endif // PATCHES_1_02_H

Source Code/bootstrapper/Byepervisor/include/patches/1_05.h

@@ -0,0 +1,178 @@
+#ifndef PATCHES_1_05_H
+#define PATCHES_1_05_H
+
+#include "patch_common.h"
+
+struct hook g_kernel_hooks_105[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        "sys_is_development_mode() -> isDevelopmentMode()",
+        0x44000,
+        0x9079BB
+    },
+};
+
+struct patch g_kernel_patches_105[] = {
+    {
+        /*
+            mov qword ptr [rdi + 0x408], 0xc0ffee;
+            xor eax, eax;
+            ret
+        */
+        "sys_getgid()", 
+        0x02f17d0, 
+        "\x48\xC7\x87\x08\x04\x00\x00\xEE\xFF\xC0\x00\x31\xC0\xC3",
+        14 
+    }, 
+    {
+        // mov eax, 1; ret
+        "sceSblACMgrHasMmapSelfCapability()", 
+        0x5a9c20, 
+        "\xB8\x01\x00\x00\x00\xC3", 
+        6 
+    }, 
+    {
+        // mov eax, 1; ret
+        "sceSblACMgrIsAllowedToMmapSelf()", 
+        0x5a9c30, 
+        "\xB8\x01\x00\x00\x00\xC3", 
+        6
+    }, 
+    {
+        // xor eax, eax; 3x nop
+        "vm_mmap sceSblAuthMgrIsLoadable() call", 
+        0x981909, 
+        "\x31\xC0\x90\x90\x90", 
+        5
+    }, 
+    {
+        // xor eax, eax; ret
+        "cfi_check_fail()",
+        0x458c10,
+        "\xC3",
+        1
+    }, 
+    {
+        // jmp qword ptr [rsi]
+        "kexec trampoline gadget",
+        0x0042000,
+        "\xFF\x26",
+        2
+    }, 
+    {
+        "sysveri flag",
+        0x40b0da0,
+        "\x00",
+        1
+    }, 
+    {
+        "panic patch 1",
+        0x7222e0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 2",
+        0x40561b,
+        "\xEB\xFE",
+        2
+    }, 
+    {
+        "panic patch 3",
+        0x722950,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 4",
+        0x722e40,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 5",
+        0x7229f0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 6",
+        0x722b40,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 7",
+        0x722cc0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 8",
+        0x722ef0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 9",
+        0x722fb0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 10",
+        0x723070,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 11",
+        0x723140,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 12",
+        0x723210,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 13",
+        0x7232f0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 14",
+        0x71d6ce,
+        "\xB8\x00\x00\x00\x00",
+        5
+    }, 
+    {
+        "panic patch 15",
+        0x71d6fb,
+        "\xB8\x00\x00\x00\x00",
+        5
+    },	
+	{
+        "MMAP_RWX_PATCH_1",
+        0x980184,
+        "\xF7",
+        1
+    },
+	{
+        "MMAP_RWX_PATCH_1",
+        0x980207,
+        "\xF7",
+        1
+    },
+	{
+        "MPTROTECT_PATCH",
+        0x312B41,
+        "\x00\x00\x00\x00",
+        4
+    }
+};
+
+#endif // PATCHES_1_05_H

Source Code/bootstrapper/Byepervisor/include/patches/1_10.h

@@ -0,0 +1,178 @@
+#ifndef PATCHES_1_10_H
+#define PATCHES_1_10_H
+
+#include "patch_common.h"
+
+struct hook g_kernel_hooks_110[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        "sys_is_development_mode() -> isDevelopmentMode()",
+        0x44000,
+        0x9079BB
+    },
+};
+
+struct patch g_kernel_patches_110[] = {
+    {
+        /*
+            mov qword ptr [rdi + 0x408], 0xc0ffee;
+            xor eax, eax;
+            ret
+        */
+        "sys_getgid()", 
+        0x2F1810, 
+        "\x48\xC7\x87\x08\x04\x00\x00\xEE\xFF\xC0\x00\x31\xC0\xC3",
+        14 
+    }, 
+    {
+        // mov eax, 1; ret
+        "sceSblACMgrHasMmapSelfCapability()", 
+        0x5A9C60, 
+        "\xB8\x01\x00\x00\x00\xC3", 
+        6 
+    }, 
+    {
+        // mov eax, 1; ret
+        "sceSblACMgrIsAllowedToMmapSelf()", 
+        0x5A9C70, 
+        "\xB8\x01\x00\x00\x00\xC3", 
+        6
+    }, 
+    {
+        // xor eax, eax; 3x nop
+        "vm_mmap sceSblAuthMgrIsLoadable() call", 
+        0x981919, 
+        "\x31\xC0\x90\x90\x90", 
+        5
+    }, 
+    {
+        // xor eax, eax; ret
+        "cfi_check_fail()",
+        0x458C50,
+        "\xC3",
+        1
+    }, 
+    {
+        // jmp qword ptr [rsi]
+        "kexec trampoline gadget",
+        0x0042000,
+        "\xFF\x26",
+        2
+    }, 
+    {
+        "sysveri flag",
+        0x40B0DA0,
+        "\x00",
+        1
+    }, 
+    {
+        "panic patch 1",
+        0x7222F0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 2",
+        0x40565b,
+        "\xEB\xFE",
+        2
+    }, 
+    {
+        "panic patch 3",
+        0x722960,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 4",
+        0x722E50,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 5",
+        0x722A00,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 6",
+        0x722B50,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 7",
+        0x722CD0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 8",
+        0x722F00,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 9",
+        0x722FC0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 10",
+        0x723080,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 11",
+        0x723150,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 12",
+        0x723220,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 13",
+        0x723300,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 14",
+        0x71D6DE,
+        "\xB8\x00\x00\x00\x00",
+        5
+    }, 
+    {
+        "panic patch 15",
+        0x71D70B,
+        "\xB8\x00\x00\x00\x00",
+        5
+    },	
+	{
+        "MMAP_RWX_PATCH_1",
+        0x980194,
+        "\xF7",
+        1
+    },
+	{
+        "MMAP_RWX_PATCH_1",
+        0x980217,
+        "\xF7",
+        1
+    },
+	{
+        "MPTROTECT_PATCH",
+        0x312B81,
+        "\x00\x00\x00\x00",
+        4
+    }
+};
+
+#endif // PATCHES_1_10_H

Source Code/bootstrapper/Byepervisor/include/patches/1_11.h

@@ -0,0 +1,178 @@
+#ifndef PATCHES_1_11_H
+#define PATCHES_1_11_H
+
+#include "patch_common.h"
+
+struct hook g_kernel_hooks_111[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        "sys_is_development_mode() -> isDevelopmentMode()",
+        0x44000,
+        0x907b0b
+    },
+};
+
+struct patch g_kernel_patches_111[] = {
+    {
+        /*
+            mov qword ptr [rdi + 0x408], 0xc0ffee;
+            xor eax, eax;
+            ret
+        */
+        "sys_getgid()", 
+        0x2F1810, 
+        "\x48\xC7\x87\x08\x04\x00\x00\xEE\xFF\xC0\x00\x31\xC0\xC3",
+        14 
+    }, 
+    {
+        // mov eax, 1; ret
+        "sceSblACMgrHasMmapSelfCapability()", 
+        0x5A9C80, 
+        "\xB8\x01\x00\x00\x00\xC3", 
+        6 
+    }, 
+    {
+        // mov eax, 1; ret
+        "sceSblACMgrIsAllowedToMmapSelf()", 
+        0x5A9C90, 
+        "\xB8\x01\x00\x00\x00\xC3", 
+        6
+    }, 
+    {
+        // xor eax, eax; 3x nop
+        "vm_mmap sceSblAuthMgrIsLoadable() call", 
+        0x981A69, 
+        "\x31\xC0\x90\x90\x90", 
+        5
+    }, 
+    {
+        // xor eax, eax; ret
+        "cfi_check_fail()",
+        0x458D10,
+        "\xC3",
+        1
+    }, 
+    {
+        // jmp qword ptr [rsi]
+        "kexec trampoline gadget",
+        0x0042000,
+        "\xFF\x26",
+        2
+    }, 
+    {
+        "sysveri flag",
+        0x40B0DA0,
+        "\x00",
+        1
+    }, 
+    {
+        "panic patch 1",
+        0x7223E0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 2",
+        0x40565B,
+        "\xEB\xFE",
+        2
+    }, 
+    {
+        "panic patch 3",
+        0x722A50,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 4",
+        0x722F40,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 5",
+        0x722AF0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 6",
+        0x722C40,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 7",
+        0x722DC0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 8",
+        0x722FF0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 9",
+        0x7230B0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 10",
+        0x723170,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 11",
+        0x723240,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 12",
+        0x723310,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 13",
+        0x7233F0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 14",
+        0x71D7CE,
+        "\xB8\x00\x00\x00\x00",
+        5
+    }, 
+    {
+        "panic patch 15",
+        0x71D7FB,
+        "\xB8\x00\x00\x00\x00",
+        5
+    },	
+	{
+        "MMAP_RWX_PATCH_1",
+        0x9802E4,
+        "\xF7",
+        1
+    },
+	{
+        "MMAP_RWX_PATCH_1",
+        0x980367,
+        "\xF7",
+        1
+    },
+	{
+        "MPTROTECT_PATCH",
+        0x312B81,
+        "\x00\x00\x00\x00",
+        4
+    }
+};
+
+#endif // PATCHES_1_11_H

Source Code/bootstrapper/Byepervisor/include/patches/1_12.h

@@ -0,0 +1,178 @@
+#ifndef PATCHES_1_12_H
+#define PATCHES_1_12_H
+
+#include "patch_common.h"
+
+struct hook g_kernel_hooks_112[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        "sys_is_development_mode() -> isDevelopmentMode()",
+        0x44000,
+        0x907c5b
+    },
+};
+
+struct patch g_kernel_patches_112[] = {
+    {
+        /*
+            mov qword ptr [rdi + 0x408], 0xc0ffee;
+            xor eax, eax;
+            ret
+        */
+        "sys_getgid()", 
+        0x2F1810, 
+        "\x48\xC7\x87\x08\x04\x00\x00\xEE\xFF\xC0\x00\x31\xC0\xC3",
+        14 
+    }, 
+    {
+        // mov eax, 1; ret
+        "sceSblACMgrHasMmapSelfCapability()", 
+        0x5A9CF0, 
+        "\xB8\x01\x00\x00\x00\xC3", 
+        6 
+    }, 
+    {
+        // mov eax, 1; ret
+        "sceSblACMgrIsAllowedToMmapSelf()", 
+        0x5A9D00, 
+        "\xB8\x01\x00\x00\x00\xC3", 
+        6
+    }, 
+    {
+        // xor eax, eax; 3x nop
+        "vm_mmap sceSblAuthMgrIsLoadable() call", 
+        0x981BB9, 
+        "\x31\xC0\x90\x90\x90", 
+        5
+    }, 
+    {
+        // xor eax, eax; ret
+        "cfi_check_fail()",
+        0x458D70,
+        "\xC3",
+        1
+    }, 
+    {
+        // jmp qword ptr [rsi]
+        "kexec trampoline gadget",
+        0x0042000,
+        "\xFF\x26",
+        2
+    }, 
+    {
+        "sysveri flag",
+        0x40B0DA0,
+        "\x00",
+        1
+    }, 
+    {
+        "panic patch 1",
+        0x722530,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 2",
+        0x4056BB,
+        "\xEB\xFE",
+        2
+    }, 
+    {
+        "panic patch 3",
+        0x722BA0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 4",
+        0x723090,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 5",
+        0x722C40,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 6",
+        0x722D90,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 7",
+        0x722F10,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 8",
+        0x723140,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 9",
+        0x723200,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 10",
+        0x7232C0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 11",
+        0x723390,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 12",
+        0x723460,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 13",
+        0x723540,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 14",
+        0x71D91E,
+        "\xB8\x00\x00\x00\x00",
+        5
+    }, 
+    {
+        "panic patch 15",
+        0x71D94B,
+        "\xB8\x00\x00\x00\x00",
+        5
+    },	
+	{
+        "MMAP_RWX_PATCH_1",
+        0x980434,
+        "\xF7",
+        1
+    },
+	{
+        "MMAP_RWX_PATCH_1",
+        0x9804B7,
+        "\xF7",
+        1
+    },
+	{
+        "MPTROTECT_PATCH",
+        0x312B81,
+        "\x00\x00\x00\x00",
+        4
+    }
+};
+
+#endif // PATCHES_1_12_H

Source Code/bootstrapper/Byepervisor/include/patches/1_13.h

@@ -0,0 +1,178 @@
+#ifndef PATCHES_1_13_H
+#define PATCHES_1_13_H
+
+#include "patch_common.h"
+
+struct hook g_kernel_hooks_113[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        "sys_is_development_mode() -> isDevelopmentMode()",
+        0x44000,
+        0x907c2b
+    },
+};
+
+struct patch g_kernel_patches_113[] = {
+    {
+        /*
+            mov qword ptr [rdi + 0x408], 0xc0ffee;
+            xor eax, eax;
+            ret
+        */
+        "sys_getgid()", 
+        0x2F1810, 
+        "\x48\xC7\x87\x08\x04\x00\x00\xEE\xFF\xC0\x00\x31\xC0\xC3",
+        14 
+    }, 
+    {
+        // mov eax, 1; ret
+        "sceSblACMgrHasMmapSelfCapability()", 
+        0x5A9CF0, 
+        "\xB8\x01\x00\x00\x00\xC3", 
+        6 
+    }, 
+    {
+        // mov eax, 1; ret
+        "sceSblACMgrIsAllowedToMmapSelf()", 
+        0x5A9D00, 
+        "\xB8\x01\x00\x00\x00\xC3", 
+        6
+    }, 
+    {
+        // xor eax, eax; 3x nop
+        "vm_mmap sceSblAuthMgrIsLoadable() call", 
+        0x981B89, 
+        "\x31\xC0\x90\x90\x90", 
+        5
+    }, 
+    {
+        // xor eax, eax; ret
+        "cfi_check_fail()",
+        0x458D70,
+        "\xC3",
+        1
+    }, 
+    {
+        // jmp qword ptr [rsi]
+        "kexec trampoline gadget",
+        0x0042000,
+        "\xFF\x26",
+        2
+    }, 
+    {
+        "sysveri flag",
+        0x40B0DA0,
+        "\x00",
+        1
+    }, 
+    {
+        "panic patch 1",
+        0x7224E0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 2",
+        0x4056B6,
+        "\xEB\xFE",
+        2
+    }, 
+    {
+        "panic patch 3",
+        0x722B50,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 4",
+        0x723040,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 5",
+        0x722BF0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 6",
+        0x722D40,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 7",
+        0x722EC0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 8",
+        0x7230F0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 9",
+        0x7231B0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 10",
+        0x723270,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 11",
+        0x723340,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 12",
+        0x723410,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 13",
+        0x7234F0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 14",
+        0x71D8CE,
+        "\xB8\x00\x00\x00\x00",
+        5
+    }, 
+    {
+        "panic patch 15",
+        0x71D8FB,
+        "\xB8\x00\x00\x00\x00",
+        5
+    },	
+	{
+        "MMAP_RWX_PATCH_1",
+        0x980404,
+        "\xF7",
+        1
+    },
+	{
+        "MMAP_RWX_PATCH_1",
+        0x980487,
+        "\xF7",
+        1
+    },
+	{
+        "MPTROTECT_PATCH",
+        0x312B81,
+        "\x00\x00\x00\x00",
+        4
+    }
+};
+
+#endif // PATCHES_1_13_H

Source Code/bootstrapper/Byepervisor/include/patches/1_14.h

@@ -0,0 +1,178 @@
+#ifndef PATCHES_1_14_H
+#define PATCHES_1_14_H
+
+#include "patch_common.h"
+
+struct hook g_kernel_hooks_114[] = {
+    {
+        HOOK_TEST_SYS_IS_DEVELOPMENT_MODE,
+        "sys_is_development_mode() -> isDevelopmentMode()",
+        0x44000,
+        0x9081db
+    },
+};
+
+struct patch g_kernel_patches_114[] = {
+    {
+        /*
+            mov qword ptr [rdi + 0x408], 0xc0ffee;
+            xor eax, eax;
+            ret
+        */
+        "sys_getgid()", 
+        0x2F1810, 
+        "\x48\xC7\x87\x08\x04\x00\x00\xEE\xFF\xC0\x00\x31\xC0\xC3",
+        14 
+    }, 
+    {
+        // mov eax, 1; ret
+        "sceSblACMgrHasMmapSelfCapability()", 
+        0x5A9D10, 
+        "\xB8\x01\x00\x00\x00\xC3", 
+        6 
+    }, 
+    {
+        // mov eax, 1; ret
+        "sceSblACMgrIsAllowedToMmapSelf()", 
+        0x5A9D20, 
+        "\xB8\x01\x00\x00\x00\xC3", 
+        6
+    }, 
+    {
+        // xor eax, eax; 3x nop
+        "vm_mmap sceSblAuthMgrIsLoadable() call", 
+        0x982139, 
+        "\x31\xC0\x90\x90\x90", 
+        5
+    }, 
+    {
+        // xor eax, eax; ret
+        "cfi_check_fail()",
+        0x458D70,
+        "\xC3",
+        1
+    }, 
+    {
+        // jmp qword ptr [rsi]
+        "kexec trampoline gadget",
+        0x0042000,
+        "\xFF\x26",
+        2
+    }, 
+    {
+        "sysveri flag",
+        0x40B0DA0,
+        "\x00",
+        1
+    }, 
+    {
+        "panic patch 1",
+        0x722550,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 2",
+        0x4056BB,
+        "\xEB\xFE",
+        2
+    }, 
+    {
+        "panic patch 3",
+        0x722BC0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 4",
+        0x7230B0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 5",
+        0x722C60,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 6",
+        0x722DB0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 7",
+        0x722F30,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 8",
+        0x723160,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 9",
+        0x723220,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 10",
+        0x7232E0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 11",
+        0x7233B0,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 12",
+        0x723480,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 13",
+        0x723560,
+        "\xC3",
+        1
+    }, 
+    {
+        "panic patch 14",
+        0x71D93E,
+        "\xB8\x00\x00\x00\x00",
+        5
+    }, 
+    {
+        "panic patch 15",
+        0x71D96B,
+        "\xB8\x00\x00\x00\x00",
+        5
+    },	
+	{
+        "MMAP_RWX_PATCH_1",
+        0x9809B4,
+        "\xF7",
+        1
+    },
+	{
+        "MMAP_RWX_PATCH_1",
+        0x980A37,
+        "\xF7",
+        1
+    },
+	{
+        "MPTROTECT_PATCH",
+        0x312B81,
+        "\x00\x00\x00\x00",
+        4
+    }
+};
+
+#endif // PATCHES_1_14_H