Skip to content
Permalink
Browse files

9.0.0 support

  • Loading branch information...
EliseZeroTwo committed Sep 30, 2019
1 parent acac829 commit 5ac078c5c6d649ed367dff97a0fe1fc3cbb65f03
Showing with 75 additions and 12 deletions.
  1. +1 −0 src/bootloader.h
  2. +5 −4 src/firmware.c
  3. +3 −1 src/hwinit/types.h
  4. +20 −0 src/kippatches/fs.inc
  5. +22 −5 src/package.c
  6. +1 −1 src/patches.c
  7. +22 −0 src/patches.h
  8. +1 −1 src/sept.c
@@ -32,6 +32,7 @@ static const pk11_offs _pk11_offs[] = {
{ "20190208150037", KB_FIRMWARE_VERSION_701, HOS_FIRMWARE_VERSION_700, 0x0F00, 0x6FE0, { 1, 2, 0 }, 0x40030000, 0x4003E000 }, //7.0.1
{ "20190314172056", KB_FIRMWARE_VERSION_800, HOS_FIRMWARE_VERSION_800, 0x0E00, 0x6FE0, { 1, 2, 0 }, 0x40030000, 0x4003E000 }, //8.0.0
{ "20190531152432", KB_FIRWAMRE_VERSION_810, HOS_FIRMWARE_VERSION_810, 0x0E00, 0x6FE0, { 1, 2, 0 }, 0x4002B000, 0x4003E000 }, //8.1.0
{ "20190809135709", KB_FIRMWARE_VERSION_900, HOS_FIRMWARE_VERSION_900, 0x0E00, 0x6FE0, { 1, 2, 0 }, 0x40030000, 0x4003E000 },
{ NULL } // End.
};

@@ -118,11 +118,12 @@ u8 loadFirm() {

// Patch firmware.
print("%k\nPatching HOS:\n%k", WHITE, DEFAULT_TEXT_COL);
patchWarmboot(pk11Offs->warmboot_base);
patchSecmon(pk11Offs->secmon_base, pk11Offs->kb);
//patchWarmboot(pk11Offs->warmboot_base);
//patchSecmon(pk11Offs->secmon_base, pk11Offs->kb);
patchKernel(dec_pkg2);
patchKernelExtensions(&kip1_info);

//memcpy((void *)0xA9800000, pkg2, pkg2_size);
// Build Package2.
buildFirmwarePackage(dec_pkg2->data, dec_pkg2->sec_size[PKG2_SEC_KERNEL], &kip1_info, pk11Offs);
}
@@ -282,12 +283,12 @@ void firmware() {
}
}

//Determine if booting in verbose mode
/* //Determine if booting in verbose mode
if (btn_read() & BTN_VOL_DOWN) {
print("%kWelcome to ReiNX %d.%d!\n%k", WHITE, VERSION_MAJOR, VERSION_MINOR, DEFAULT_TEXT_COL);
} else if (drawSplash()) {
gfx_con.mute = 1;
}
}*/

//Setup cfw
loadFirm();
@@ -60,6 +60,7 @@ enum KB_FIRMWARE_VERSION {
KB_FIRMWARE_VERSION_701 = 7,
KB_FIRMWARE_VERSION_800 = 7,
KB_FIRWAMRE_VERSION_810 = 8,
KB_FIRMWARE_VERSION_900 = 9,
};

enum HOS_FIRMWARE_VERSION {
@@ -72,7 +73,8 @@ enum HOS_FIRMWARE_VERSION {
HOS_FIRMWARE_VERSION_620 = 7,
HOS_FIRMWARE_VERSION_700 = 8,
HOS_FIRMWARE_VERSION_800 = 9,
HOS_FIRMWARE_VERSION_810 = 10,
HOS_FIRMWARE_VERSION_810 = 10,
HOS_FIRMWARE_VERSION_900 = 11,
};

#endif
@@ -280,6 +280,20 @@ static kipdiff_t fs_diffs_810_exfat_nogc[3] = {
{ 0, 0, NULL, NULL }
};

static kipdiff_t fs_diffs_900_nosigchk[4] = {
{ 0x61E54, 4, "\x23\xD7\xFF\x97", "\xE0\x03\x1F\x2A" },
{ 0x61E8C, 4, "\x4D\x31\x00\x94", "\xE0\x03\x1F\x2A" },
{ 0xCA040, 4, "\x40\x04\x00\x36", "\x1F\x20\x03\xD5" },
{ 0, 0, NULL, NULL }
};

static kipdiff_t fs_diffs_900_nogc[3] = {
{ 0x129420, 8, "\xF4\x4F\xBE\xA9\xFD\x7B\x01\xA9", "\xE0\x03\x1F\x2A\xC0\x03\x5F\xD6" },
{ 0x143268, 4, "\x14\x40\x80\x52", "\x14\x80\x80\x52" },
{ 0, 0, NULL, NULL }
};


/* patches */

static kippatch_t fs_kip_patches_100[] = {
@@ -403,4 +417,10 @@ static kippatch_t fs_kip_patches_810_exfat[] = {
{ "nosigchk", fs_diffs_810_exfat_nosigchk },
{ "nogc", fs_diffs_810_exfat_nogc },
{ NULL, NULL }
};

static kippatch_t fs_kip_patches_900[] = {
{ "nosighchk", fs_diffs_900_nosigchk },
{ "nogcc", fs_diffs_900_nogc },
{ NULL, NULL}
};
@@ -182,6 +182,17 @@ bool hasCustomKern() {
return customKernel;
}

u32 pkg2_newkern_ini1_val = 0;
u32 pkg2_newkern_ini1_start = 0;
u32 pkg2_newkern_ini1_end = 0;
void pkg2_get_newkern_info(u8 *kern_data)
{
u32 info_op = *(u32 *)(kern_data + 0x44);
pkg2_newkern_ini1_val = ((info_op & 0xFFFF) >> 3) + 0x44; // Parse ADR and PC.

pkg2_newkern_ini1_start = *(u32 *)(kern_data + pkg2_newkern_ini1_val);
pkg2_newkern_ini1_end = *(u32 *)(kern_data + pkg2_newkern_ini1_val + 0x8);
}

static u32 buildIni1(pkg2_hdr_t *hdr, void *ini, link_t *kips_info, bool hasCustSecmon)
{
@@ -238,15 +249,15 @@ void buildFirmwarePackage(u8 *kernel, u32 kernel_size, link_t *kips_info, pk11_o

//Newer (8.0+) pk21 embeds ini1 in kernel section, so add ini1 size to kernel size
if (new_pkg2) {
*(u32*)(hdr->data + kernelInfo[8].krnl_offs) = kernel_size; //TODO
*(u32*)(hdr->data + pkg2_newkern_ini1_val) = kernel_size;
kernel_size += iniSize;
}

//Fill in rest of the header
hdr->sec_off[PKG2_SEC_KERNEL] = hdr->base;
hdr->sec_size[PKG2_SEC_KERNEL] = kernel_size;
hdr->sec_off[PKG2_SEC_INI1] = new_pkg2 ? 0 : 0x14080000;
hdr->sec_size[PKG2_SEC_INI1] = new_pkg2 ? 0 : iniSize;
hdr->sec_size[PKG2_SEC_INI1] = new_pkg2 ? 0 : 0;

// Encrypt header.
*(u32 *)hdr->ctr = 0x100 + sizeof(pkg2_hdr_t) + kernel_size + hdr->sec_size[PKG2_SEC_INI1];
@@ -263,13 +274,17 @@ size_t calcKipSize(pkg2_kip1_t *kip1) {
return size;
}



void pkg2_parse_kips(link_t *info, pkg2_hdr_t *pkg2) {
u8 *ptr = pkg2->data + pkg2->sec_size[PKG2_SEC_KERNEL];
if (pkg2->sec_size[PKG2_SEC_INI1] == 0)
ptr = pkg2->data + *(u32 *)(pkg2->data + 0x168);
if (pkg2->sec_size[PKG2_SEC_INI1] == 0) {
pkg2_get_newkern_info(pkg2->data);

ptr = pkg2->data + pkg2_newkern_ini1_start;
}
pkg2_ini1_t *ini1 = (pkg2_ini1_t *)ptr;
ptr += sizeof(pkg2_ini1_t);

for (u32 i = 0; i < ini1->num_procs; i++) {
pkg2_kip1_t *kip1 = (pkg2_kip1_t *)ptr;
pkg2_kip1_info_t *ki = (pkg2_kip1_info_t *)malloc(sizeof(pkg2_kip1_info_t));
@@ -329,6 +344,8 @@ kippatchset_t kip_patches[] = {
{ "FS", "\xdb\xd9\x41\xc0\xc5\x3c\x52\xcc\xf7\x20\x2c\x84\xd8\xe0\xf7\x80", fs_kip_patches_800_exfat },
{ "FS", "\x6b\x09\xb6\x7b\x29\xc0\x20\x24\x6d\xc3\x4f\x5a\x04\xf5\xd3\x09", fs_kip_patches_810 },
{ "FS", "\xb4\xca\xe1\xf2\x49\x65\xd9\x2e\xd2\x4e\xbe\x9e\x97\xf6\x09\xc3", fs_kip_patches_810_exfat },
{ "FS", "\x46\x87\x40\x76\x1e\x19\x3e\xb7\x58\x79\x46\x88\xf1\xd9\xf7\x62", fs_kip_patches_900 },

This comment has been minimized.

Copy link
@EliseZeroTwo

EliseZeroTwo Oct 1, 2019

Author Contributor

Nope

{ "FS", "\x7c\x95\x13\x76\xe5\xc1\x2d\xf8\x5f\xa6\xa9\xf4\x6f\x69\x57\xa4", fs_kip_patches_900 },
{ NULL, NULL, NULL },
};

@@ -227,7 +227,7 @@ void patchKernel(pkg2_hdr_t *pkg2){
u8 hash[0x20];
if(pkg2->sec_size[PKG2_SEC_INI1] == 0) {
se_calc_sha256(hash, (void*)(pkg2->data + 0x1A8), 0x95000 - 0x1A8); //TODO unhardcode
*((vu64 *)((uPtr)pkg2->data + 0x168)) = (u64)pkg2->sec_size[PKG2_SEC_KERNEL];
//*((vu64 *)((uPtr)pkg2->data + 0x168)) = (u64)pkg2->sec_size[PKG2_SEC_KERNEL];
}else{
se_calc_sha256(hash, pkg2->data, pkg2->sec_size[PKG2_SEC_KERNEL]);
}
@@ -130,6 +130,18 @@ static const KernelMeta kernelInfo[] = {
0x10,
0x168
},
{
{0x0F, 0x6B, 0x22, 0xB8, 0xF1, 0x75, 0x8A, 0xF7, 0x81, 0xBF, 0xBC, 0x05, 0x59, 0x18, 0x65, 0x9A,
0x00, 0xA9, 0xDE, 0x22, 0x97, 0x49, 0x82, 0xAF, 0xB8, 0x0A, 0x6E, 0x54, 0xCD, 0xAA, 0xE8, 0xEB},
0x50628,
0x609E8,
0x329A0,
0x309B4,
0x10,
0x10,


}
};

//FS_MITM
@@ -235,6 +247,16 @@ static u32 PRC_ID_RCV_800[] =
0xA9BF2FEA, 0xF9404FEB, 0x2A1603EA, 0xD37EF54A, 0xF86A696A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000100, 0xA9BF27E8, 0xF9400368, 0xF9401D08, 0xAA1B03E0, 0xD63F0100, 0xA8C127E8, 0xAA0003E8, 0xA8C12FEA, 0xAA0803E0
};

static u32 PRC_ID_SND_900[] =
{
0xA9BF2FEA, 0xF94037EB, 0x2A1603EA, 0xD37EF54A, 0xF86A696A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000100, 0xA9BF27E8, 0xF94002E8, 0xF9401D08, 0xAA1703E0, 0xD63F0100, 0xA8C127E8, 0xAA0003E8, 0xA8C12FEA, 0xAA0803E0
};

static u32 PRC_ID_RCV_900[] =
{
0xA9BF2FEA, 0xF9404BEB, 0x2A1703EA, 0xD37EF54A, 0xF86A696A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000100, 0xA9BF27E8, 0xF9400368, 0xF9401D08, 0xAA1B03E0, 0xD63F0100, 0xA8C127E8, 0xAA0003E8, 0xA8C12FEA, 0xAA0803E0
};

extern kippatchset_t kip_patches[];

void patchFS(pkg2_kip1_info_t* ki);
@@ -80,7 +80,7 @@ int reboot_to_sept(const u8 *tsec_fw, u32 hosver)
case HOS_FIRMWARE_VERSION_800:
sec_path = "/sept/sept-secondary_00.enc";
break;
case HOS_FIRMWARE_VERSION_810:
default:
sec_path = "/sept/sept-secondary_01.enc";
break;
}

0 comments on commit 5ac078c

Please sign in to comment.
You can’t perform that action at this time.