added arm11 patches for nim and ns

Hartie95 · Jul 10, 2015 · 89be273 · 89be273
1 parent 20d3b08
commit 89be273
Show file tree

Hide file tree

Showing 3 changed files with 107 additions and 31 deletions.
diff --git a/rxmode/native_firm/source/arm9/source/myThread/lib.c b/rxmode/native_firm/source/arm9/source/myThread/lib.c
@@ -49,6 +49,14 @@ int memcmp(void* buf1, void* buf2, int size){
 	return equal;
 }
 
+void* memcpy(void * destination, const void * source, int sizeSource){
+	char *dp = destination;
+    const char *sp = source;
+	while(sizeSource--)
+		*dp++ = *sp++;
+	return destination;
+}
+
 unsigned int getHID(){
 	return ~*(unsigned int*)0x10146000;
 }
diff --git a/rxmode/native_firm/source/arm9/source/myThread/lib.h b/rxmode/native_firm/source/arm9/source/myThread/lib.h
@@ -11,6 +11,7 @@ int rx_strcmp(char* s1, char*s2, unsigned int size, unsigned int w1, unsigned in
 void rx_strcpy(char* dest, char* source, unsigned int size, unsigned int w1, unsigned int w2);
 void rx_hextostr(unsigned int num, char* str);
 int memcmp(void* buf1, void* buf2, int size);
+void* memcpy(void * destination, const void * source, int sizeSource);
 static inline void svc_Backdoor(void *addr)
 {
     register void *_r0 __asm ("r0") = addr;

diff --git a/rxmode/native_firm/source/arm9/source/myThread/myThread.c b/rxmode/native_firm/source/arm9/source/myThread/myThread.c
@@ -7,8 +7,15 @@
 #include <wchar.h>
 #include <stdio.h>
 
-unsigned char handle[32];
+#define NSREGION 0
+#define MENUREGION 1
+#define NIMFWSPOOF 2
+//#define NIMNOAUTOUPDATE 3
+#define MSETLABLE 4
+
 
+unsigned char handle[32];
+/*
 void memdump(wchar_t* filename, unsigned char* buf, unsigned int size){
 	unsigned int br;
 	for(int i = 0; i < 0x600000; i++){
@@ -21,43 +28,103 @@ void memdump(wchar_t* filename, unsigned char* buf, unsigned int size){
 	for(int i = 0; i < 0x600000; i++){
 		*(VRAM + i) = 0xFF;			//White flush : Finished Dumping
 	}
-}
-static unsigned char originalcode[] = { 0x00, 0x00, 0x55, 0xE3, 0x01, 0x10, 0xA0, 0xE3, 0x11, 0x00, 0xA0, 0xE1, 0x03, 0x00, 0x00, 0x0A };
-static unsigned char patchcode[] = { 0x01, 0x00, 0xA0, 0xE3, 0x70, 0x80, 0xBD, 0xE8 };
-static char* dest = (void*)0x20000400;
-void patchregion(){
-	for(int i = 0; i < 8; i++) *(dest + i) = patchcode[i];
-}	
-
-void patch_processes(){
-	char* mset = (void*)0x24000000;
-	char* menu = (void*)0x26A00000;
-	for(int i = 0; i < 0x600000; i+=4){
-		//System Menu code, which locks the region
-		if(dest == (void*)0x20000400){	//This means we haven't still found our code
-			if( (*((unsigned int*)(menu + i + 0x0)) == *((unsigned int*)&originalcode[0x0])) &&
-				(*((unsigned int*)(menu + i + 0x4)) == *((unsigned int*)&originalcode[0x4])) &&
-				(*((unsigned int*)(menu + i + 0x8)) == *((unsigned int*)&originalcode[0x8])) &&
-				(*((unsigned int*)(menu + i + 0xC)) == *((unsigned int*)&originalcode[0xC]))){	
-				dest = menu + i;    //Basically, once we found where the code is, there is no point on searching it again
-				break;
-			}
-		}
-		//System Settings label
-		if(rx_strcmp(mset - i, "Ver.", 4, 2, 1)){
-			rx_strcpy(mset - i, "Shit", 4, 2, 1);
-		}
+}*/
+
+static unsigned char* curDest=0;
+static const char* curPatchCode=0;
+static short curPatchCodeSize=0;
+static int patched[5];
+
+void rx_memcpy(){
+	if(curPatchCodeSize>0)
+	{
+		memcpy(curDest,curPatchCode,curPatchCodeSize);
+	    curPatchCode=curDest=0; 
+	    curPatchCodeSize=0;
 	}
 }
 
+int findAndReplace(unsigned char* startAddress, short numberOfReplaces, unsigned char originalcode[], short originalcodeSize, const char patchcode[], short patchcodeSize, short patchedID){
+    char* mset = (void*)0x24000000; 
+
+    char numberOfFounds=0;
+    for(unsigned int i = 0; i < 0x600000 && numberOfFounds < numberOfReplaces; i+=4)
+    {  
+        //check for the original code position
+        if(patched[patchedID]==0){
+        	short found=1;
+
+	        for(unsigned int x = 0; x < originalcodeSize && found == 1; x+=4){
+	            if((*((unsigned int*)(startAddress + i + x)) != *((unsigned int*)&originalcode[x]))){
+	                found=0;
+	            }
+	        }
+
+	        //patch code if found
+	        if(found==1){    
+	            curDest=(unsigned char*)(startAddress + i);
+	    		curPatchCode=patchcode;
+	    		curPatchCodeSize=patchcodeSize;
+	        	svc_Backdoor(&rx_memcpy);
+	            numberOfFounds++;
+	            while(curPatchCodeSize!=0);
+	        }
+        }
+        if(patchedID==NIMFWSPOOF)
+        {
+        	if(patched[MSETLABLE]==0){
+	        	if(rx_strcmp(mset - i, "Ver.", 4, 2, 1)){ 
+		 			rx_strcpy(mset - i, "Shit", 4, 2, 1); 
+		 			patched[MSETLABLE]=1;
+		 		} 
+	 		}
+        }
+    }
+
+    if(numberOfFounds>0){  
+    	patched[patchedID]=1;
+    }
+
+    return 0;
+}
+
+int patchProcesses(){
+	// patch NS to return update doesnt need to be installed intead of CVer not found error code after Update Check
+    static unsigned char originalcodeNS[] = { 0x0C, 0x18, 0xE1, 0xD8 };  
+    static const char patchcodeNS[] = { 0x0B, 0x18, 0x21, 0xC8 };
+    findAndReplace((unsigned char*) 0x26800000, 2, originalcodeNS, 4, patchcodeNS, 4,NSREGION);
+
+   	// patch Homemenu to show out of region applications
+    static unsigned char originalcodeMenu[] = { 0x00, 0x00, 0x55, 0xE3, 0x01, 0x10, 0xA0, 0xE3, 0x11, 0x00, 0xA0, 0xE1, 0x03, 0x00, 0x00, 0x0A };  
+    static const char patchcodeMenu[] = { 0x01, 0x00, 0xA0, 0xE3, 0x70, 0x80, 0xBD, 0xE8 };
+    findAndReplace((unsigned char*) 0x26A00000, 1, originalcodeMenu, 16, patchcodeMenu, 8,MENUREGION);
+
+    // Patch nim to answer, that no update is available
+    static unsigned char originalcodeNimFWS[] = { 0x35, 0x22, 0x10, 0xB5, 0xD2, 0x01, 0x80, 0x18, 0x00, 0x79, 0x00, 0x28, 0x03, 0xD0, 0x08, 0x46};
+    static const char patchcodeNimFWS[] = { 0x00, 0x20, 0x08, 0x60, 0x70, 0x47 };
+    findAndReplace((unsigned char*) 0x27000000, 1, originalcodeNimFWS, 16, patchcodeNimFWS, 6,NIMFWSPOOF);
+
+/*
+    // Patch nim to stop automatic update download(could be unstable)
+    //static unsigned char originalcodeNimAU[] = { 0x25, 0x79, 0x0B, 0x99, 0x00, 0x24, 0x00, 0x2D, 0x29, 0xD0, 0x16, 0x4D, 0x2D, 0x68, 0x01, 0x91};
+    //static const char patchcodeNimAU[] = { 0xE3, 0xA0, 0x00, 0x00 };
+    //findAndReplace((unsigned char*) 0x27000000, 1, originalcodeNimAU, 16, patchcodeNimAU, 4,NIMNOAUTOUPDATE);
+}*/
+
+
+    return 0;
+}
+
 void myThread(){
+	for(int i=0; i<5; i++)
+	{
+		patched[i]=0;
+	}
 	while(1){
 		/*if(getHID() & BUTTON_SELECT){
 			memdump(L"sdmc:/FCRAM.bin", 0x20000000, 0x10000);
-		}*/
-		patch_processes();
-		if(*((unsigned int*)dest) != *((unsigned int*)&patchcode[0]))
-			svc_Backdoor(&patchregion);		//Edit just if the code is not patched, or the arm9 will get mad
+		}*/	
+		patchProcesses();
 	}
 	__asm("SVC 0x09");
 }