Skip to content

Navigation Menu

Explore
For
- Enterprise
- Teams
- Startups
- Education
By Solution
Resources
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

AlexAltea / orbital Public

Notifications
Fork 262
Star 3.6k

Code
Pull requests
Actions
Wiki
Security
Insights

Additional navigation options

Code
Pull requests
Actions
Wiki
Security
Insights

Roadmap

Jump to bottom

Alexandro Sanchez edited this page Oct 31, 2021 · 17 revisions

[DISCLAIMER: THIS PAGE AS BEEN ARCHIVED AND IS NOT MAINTAINED ANYMORE]

The following points refer to tests done with the PS4 5.00 kernel on Orbital.

Status

Kernel
- Emulator survives hammer_time.
- Emulator survives driver initialization.
- Emulator survives start_init (boots first userland process).
Userspace.
- Emulator survives /mini-syscore.elf.
- Emulator survives /SceAvControl.elf.
- Emulator survives /safemode.elf.
- Emulator survives /system/sys/SceSysCore.elf.
- ...

Tasks

Emulator.
- Adding Vulkan support to QEMU.
Bootloader.
- Added support for decrypted kernel images.
- Added support for encrypted kernel images.
Kernel
- Kernel debugging with symbols [1].
Hardware
- Emulating Aeolia's UART interface.
- Emulating Aeolia's SFlash interface. (partial).
- Implemented Liverpool GC/Starsha.
  - Implemented IH ringbuffer.
  - Implemented Command Processor.
  - Processing SAMU commands (30% completed).
  - Vulkan backend for GFX engine (requires more work!).
  - GCN-to-SPIRV translator (requires more work!).
High-Level Emulation.
- SBL ACMgr (0/? completed).
- SBL AuthMgr (3/5 completed).
Virtualization.
- Added guest debugging to HAXM.
- Added AMD MSR support to HAXM.
- Added required CPU features support to HAXM.
- Added bextr instruction to KVM.
- Added bextr instruction to HAXM.
- Extended HAXM API for overriding MSR values and CPUID leaves.
Tools.
- PS4 HDD creation tool.
- Dumper.
  - Released 5.00 payload
  - Released 4.55 payload
  - Released 5.00 exploit
  - Released 4.55 exploit

Optimizations

While these are not part of the roadmap, these are ideas worth experimenting with:

Hypervisor: During each VM-exit event, several functions are called to save/load the guest/host state. These functions are heavily dependent in the host features and thus contain lots of conditional branching, and in some hypervisor like HAXM even dozens of CPUID calls. Since these features stay constant, we could improve performance by JIT-compiling said functions to remove all conditional code and feature checks.
GPU: Sometimes the drivers dispatch INDIRECT_BUFFER and INDIRECT_BUFFER_CONST packets with size=1. The only packets that are 1-byte in size are PM4 type-2 packets, which means we could detect this head of time, and skip the INDIRECT_BUFFER* instruction, thus preventing wasting resources in mapping the buffer into host virtual memory.

Toggle table of contents Pages 4

Home
Contribute
Resources
Roadmap

Clone this wiki locally

Footer

© 2024 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.