Skip to content
Permalink
Browse files

minor fixes

  • Loading branch information...
Reisyukaku committed Apr 21, 2019
1 parent afb7cab commit 0da52fb4ac4f896e6d7d89307bfd634ff2aa6408
Showing with 35 additions and 44 deletions.
  1. +19 −16 src/firmware.c
  2. +8 −13 src/package.h
  3. +8 −15 src/patches.c
@@ -135,9 +135,12 @@ u8 loadFirm() {
//If firmware is 8.0, remake package2 by moving ini1 into its section from kernel
//TODO: find better way to differentiate the firmware version that isn't TSEC firmware offset
if (pk11Offs->tsec_off == 0xE00 && pk11Offs->kb == KB_FIRMWARE_VERSION_800) {
pkg2_ini1_t *old_ini1 = (pkg2_ini1_t *)(dec_pkg2->data + 0x95000);
*((vu64 *)((uPtr)dec_pkg2->data + 0x168)) = (u64)dec_pkg2->sec_size[0];

KernelNewOffs *kOffs = (KernelNewOffs*)(dec_pkg2->data + kernelInfo[8].krnl_offs); //TODO
print("New kernel detected!\n");
print("Ini off: %X\n", kOffs->ini_off);
print("KernelLdr off: %X\n", kOffs->krnlLdr_off);

pkg2_ini1_t *old_ini1 = (pkg2_ini1_t *)(dec_pkg2->data + kOffs->ini_off);
dec_pkg2->sec_off[PKG2_SEC_INI1] = dec_pkg2->sec_off[PKG2_SEC_KERNEL] + dec_pkg2->sec_size[PKG2_SEC_KERNEL];
size_t rebuilt_package2_size = sizeof(pkg2_hdr_t) + dec_pkg2->sec_size[0] + ALIGN(old_ini1->size, 4);

@@ -296,21 +299,21 @@ void firmware() {

//Chainload ReiNX if applicable
if(PMC(APBDEV_PMC_SCRATCH49) != 69 && PMC(APBDEV_PMC_SCRATCH49) != 67 && fopen("/ReiNX.bin", "rb")) {
size_t size = fsize();
u8 *payload = malloc(size);
size_t size = fsize();
u8 *payload = malloc(size);
fread((void*)PAYLOAD_ADDR, size, 1);
fclose();
metadata_t *metadata = (metadata_t*)(payload + METADATA_OFFSET);
if(metadata->magic == metadata_section.magic) {
if(metadata->major > metadata_section.major || (metadata->major == metadata_section.major && metadata->minor > metadata_section.minor)) {
sdUnmount();
display_end();
CLOCK(CLK_RST_CONTROLLER_CLK_OUT_ENB_V) |= 0x400; // Enable AHUB clock.
CLOCK(CLK_RST_CONTROLLER_CLK_OUT_ENB_Y) |= 0x40; // Enable APE clock.
PMC(APBDEV_PMC_SCRATCH49) = 69;
((void (*)())PAYLOAD_ADDR)();
}
}
metadata_t *metadata = (metadata_t*)(payload + METADATA_OFFSET);
if(metadata->magic == metadata_section.magic) {
if(metadata->major > metadata_section.major || (metadata->major == metadata_section.major && metadata->minor > metadata_section.minor)) {
sdUnmount();
display_end();
CLOCK(CLK_RST_CONTROLLER_CLK_OUT_ENB_V) |= 0x400; // Enable AHUB clock.
CLOCK(CLK_RST_CONTROLLER_CLK_OUT_ENB_Y) |= 0x40; // Enable APE clock.
PMC(APBDEV_PMC_SCRATCH49) = 69;
((void (*)())PAYLOAD_ADDR)();
}
}
}
SYSREG(AHB_AHB_SPARE_REG) &= (vu32)0xFFFFFF9F;
PMC(APBDEV_PMC_SCRATCH49) = 0;
@@ -229,6 +229,11 @@ static u32 PRC_ID_RCV_800[] =

extern kippatchset_t kip_patches[];

typedef struct {
u32 ini_off;
u32 krnlLdr_off;
} KernelNewOffs;

typedef struct {
u8 Hash[0x20];
u32 SvcVerify;
@@ -238,8 +243,7 @@ typedef struct {
u32 GenericOff;
u8 CodeSndOff;
u8 CodeRcvOff;
size_t hash_offset;
size_t hash_size;
u32 krnl_offs;
} KernelMeta;

static const KernelMeta kernelInfo[] = {
@@ -253,7 +257,6 @@ static const KernelMeta kernelInfo[] = {
0,
4,
4,
0,
0
},
{ //2.0.0
@@ -266,7 +269,6 @@ static const KernelMeta kernelInfo[] = {
0,
4,
4,
0,
0
},
{ //3.0.0
@@ -279,7 +281,6 @@ static const KernelMeta kernelInfo[] = {
0,
4,
4,
0,
0
},
{ //3.0.2
@@ -292,7 +293,6 @@ static const KernelMeta kernelInfo[] = {
0,
4,
4,
0,
0
},
{ //4.0.0
@@ -305,7 +305,6 @@ static const KernelMeta kernelInfo[] = {
0,
8,
4,
0,
0
},
{ //5.0.0
@@ -318,7 +317,6 @@ static const KernelMeta kernelInfo[] = {
0x38C2C,
8,
8,
0,
0
},
{ //6.0.0
@@ -331,7 +329,6 @@ static const KernelMeta kernelInfo[] = {
0x3A8CC,
0x10,
0x10,
0,
0
},
{ //7.0.0
@@ -344,11 +341,10 @@ static const KernelMeta kernelInfo[] = {
0x3C6E0,
0x10,
0x10,
0,
0
},
{ //8.0.0
{0xA6, 0xAD, 0x5D, 0x7F, 0xCF, 0x25, 0x80, 0xAE, 0xE6, 0x57, 0x9F, 0x6F, 0xC5, 0xC5, 0xF6, 0x13,
{0xA6, 0xAD, 0x5D, 0x7F, 0xCF, 0x25, 0x80, 0xAE, 0xE6, 0x57, 0x9F, 0x6F, 0xC5, 0xC5, 0xF6, 0x13,
0x77, 0x23, 0xAC, 0x88, 0x79, 0x76, 0xF7, 0x25, 0x06, 0x16, 0x35, 0x3B, 0x3F, 0xA7, 0x59, 0x49},
0x4D15C,
0x5BFAC,
@@ -357,8 +353,7 @@ static const KernelMeta kernelInfo[] = {
0x3FAD0,
0x10,
0x10,
0x1A8,
0x95000 - 0x1A8
0x168
},
};

@@ -221,24 +221,17 @@ void patchKernel(pkg2_hdr_t *pkg2){
if(!hasCustomKern()) {
print("Patching Kernel...\n");
u8 hash[0x20];
se_calc_sha256(hash, pkg2->data, pkg2->sec_size[PKG2_SEC_KERNEL]);
if(pkg2->sec_size[PKG2_SEC_INI1] == 0) {
se_calc_sha256(hash, (void*)(pkg2->data + 0x1A8), 0x95000 - 0x1A8); //TODO unhardcode
*((vu64 *)((uPtr)pkg2->data + 0x168)) = (u64)pkg2->sec_size[PKG2_SEC_KERNEL];
}else{
se_calc_sha256(hash, pkg2->data, pkg2->sec_size[PKG2_SEC_KERNEL]);
}
uPtr kern = (uPtr)&pkg2->data;
uPtr sendOff, recvOff, codeRcvOff, codeSndOff, svcVerifOff, svcDebugOff;

int i; for(i = 0; i < sizeof(kernelInfo)/sizeof(KernelMeta); i++) {
if(memcmp(hash, kernelInfo[i].Hash, 0x20)) {
//Due to ini1 being embedded in kernel in firmware 8.0, we cannot hash the entire kernel as the ini1 changes between exFAT firmware versions and FAT32 firmware versions
u8 tmp_hash[0x20];
if ((kernelInfo[i].hash_offset != 0 && kernelInfo[i].hash_size != 0)) {
se_calc_sha256(tmp_hash, pkg2->data + kernelInfo[i].hash_offset, kernelInfo[i].hash_size);
if (!memcmp(tmp_hash, kernelInfo[i].Hash, 0x20))
memcpy(hash, tmp_hash, 0x20);
else
continue;
} else
continue;

}
if(memcmp(hash, kernelInfo[i].Hash, 0x20)) continue;
print("Patching kernel %d\n", i);

//ID Send

0 comments on commit 0da52fb

Please sign in to comment.
You can’t perform that action at this time.