|
|
@@ -32,7 +32,8 @@ static u8 customWarmboot = 0; |
|
|
|
|
|
// TODO: Maybe find these with memsearch
|
|
|
static const pk11_offs _pk11_offs[] = {
|
|
|
{ "20161121183008", 0, 0x1900, 0x3FE0, { 2, 1, 0 }, 0x4002B020, 0x8000D000, 1 }, //1.0.0
|
|
|
//{ "20161121183008", 0, 0x1900, 0x3FE0, { 2, 1, 0 }, 0x4002B020, 0x8000D000, 1 }, //TODO: relocator patch for 1.0.0
|
|
|
{ "20161121183008", 0, 0x1900, 0x3FE0, { 2, 1, 0 }, 0x40014020, 0x8000D000, 1 }, //1.0.0
|
|
|
{ "20170210155124", 0, 0x1900, 0x3FE0, { 0, 1, 2 }, 0x4002D000, 0x8000D000, 1 }, //2.0.0 - 2.3.0
|
|
|
{ "20170519101410", 1, 0x1A00, 0x3FE0, { 0, 1, 2 }, 0x4002D000, 0x8000D000, 1 }, //3.0.0
|
|
|
{ "20170710161758", 2, 0x1A00, 0x3FE0, { 0, 1, 2 }, 0x4002D000, 0x8000D000, 1 }, //3.0.1 - 3.0.2
|
|
|
@@ -112,32 +113,34 @@ void loadKip(link_t *info, char *path) { |
|
|
|
|
|
void patch(pk11_offs *pk11, pkg2_hdr_t *pkg2) {
|
|
|
if(!customSecmon){
|
|
|
uPtr *rlc_ptr = NULL;
|
|
|
uPtr *ver_ptr = NULL;
|
|
|
uPtr *pk21_ptr = NULL;
|
|
|
uPtr *hdrsig_ptr = NULL;
|
|
|
uPtr *sha2_ptr = NULL;
|
|
|
switch(pk11->kb) {
|
|
|
case KB_FIRMWARE_VERSION_100_200: { // Currently only for 2.0.0
|
|
|
u8 verPattern[] = {0x40, 0x19, 0x00, 0x36, 0x2B, 0xD7, 0xFF, 0x97};
|
|
|
u8 hdrSigPattern[] = {0x80, 0x1E, 0x00, 0x36, 0x4F, 0xD7, 0xFF, 0x97};
|
|
|
u8 sha2Pattern[] = {0xC0, 0x18, 0x00, 0x36, 0x24, 0xD7, 0xFF, 0x97};
|
|
|
|
|
|
ver_ptr = (uPtr*)memsearch((void *)pk11->secmon_base, 0x10000, verPattern, sizeof(verPattern));
|
|
|
hdrsig_ptr = (uPtr*)memsearch((void *)pk11->secmon_base, 0x10000, hdrSigPattern, sizeof(hdrSigPattern));
|
|
|
sha2_ptr = (uPtr*)memsearch((void *)pk11->secmon_base, 0x10000, sha2Pattern, sizeof(sha2Pattern));
|
|
|
case KB_FIRMWARE_VERSION_100_200: {
|
|
|
//u8 rlcPattern[] = {0xE0, 0xFF, 0x1D, 0xF0, 0x00, 0x00, 0x00, 0x91}; //TODO: relocator patch for 1.0.0
|
|
|
u8 verPattern[] = {0x19, 0x00, 0x36, 0xE0, 0x03, 0x08, 0x91};
|
|
|
u8 hdrSigPattern[] = {0xFF, 0x97, 0xC0, 0x00, 0x00, 0x34, 0xA1, 0xFF, 0xFF};
|
|
|
u8 sha2Pattern[] = {0xE0, 0x03, 0x08, 0x91, 0xE1, 0x03, 0x13, 0xAA};
|
|
|
|
|
|
ver_ptr = (uPtr*)(memsearch((void *)pk11->secmon_base, 0x10000, verPattern, sizeof(verPattern)) + 0xB);
|
|
|
hdrsig_ptr = (uPtr*)(memsearch((void *)pk11->secmon_base, 0x10000, hdrSigPattern, sizeof(hdrSigPattern)) + 0x3A);
|
|
|
sha2_ptr = (uPtr*)(memsearch((void *)pk11->secmon_base, 0x10000, sha2Pattern, sizeof(sha2Pattern)) + 0x10);
|
|
|
break;
|
|
|
}
|
|
|
case KB_FIRMWARE_VERSION_300:
|
|
|
case KB_FIRMWARE_VERSION_301: {
|
|
|
u8 verPattern[] = {0x40, 0x19, 0x00, 0x36, 0x47, 0xD7, 0xFF, 0x97};
|
|
|
u8 hdrSigPattern[] = {0x80, 0x1E, 0x00, 0x36, 0x6B, 0xD7, 0xFF, 0x97};
|
|
|
u8 sha2Pattern[] = {0xC0, 0x18, 0x00, 0x36, 0x40, 0xD7, 0xFF, 0x97};
|
|
|
u8 verPattern[] = {0x2B, 0xFF, 0xFF, 0x97, 0x40, 0x19, 0x00, 0x36};
|
|
|
u8 hdrSigPattern[] = {0xF7, 0xFE, 0xFF, 0x97, 0x80, 0x1E, 0x00, 0x36};
|
|
|
u8 sha2Pattern[] = {0x07, 0xFF, 0xFF, 0x97, 0xC0, 0x18, 0x00, 0x36};
|
|
|
u8 pk21Pattern[] = {0x40, 0x19, 0x00, 0x36, 0xE0, 0x03, 0x08, 0x91};
|
|
|
|
|
|
ver_ptr = (uPtr*)memsearch((void *)pk11->secmon_base, 0x10000, verPattern, sizeof(verPattern));
|
|
|
ver_ptr = (uPtr*)(memsearch((void *)pk11->secmon_base, 0x10000, verPattern, sizeof(verPattern)) + 0x4);
|
|
|
pk21_ptr = (uPtr*)memsearch((void *)pk11->secmon_base, 0x10000, pk21Pattern, sizeof(pk21Pattern));
|
|
|
hdrsig_ptr = (uPtr*)memsearch((void *)pk11->secmon_base, 0x10000, hdrSigPattern, sizeof(hdrSigPattern));
|
|
|
sha2_ptr = (uPtr*)memsearch((void *)pk11->secmon_base, 0x10000, sha2Pattern, sizeof(sha2Pattern));
|
|
|
hdrsig_ptr = (uPtr*)(memsearch((void *)pk11->secmon_base, 0x10000, hdrSigPattern, sizeof(hdrSigPattern)) + 0x4);
|
|
|
sha2_ptr = (uPtr*)(memsearch((void *)pk11->secmon_base, 0x10000, sha2Pattern, sizeof(sha2Pattern)) + 0x4);
|
|
|
break;
|
|
|
}
|
|
|
case KB_FIRMWARE_VERSION_400: {
|
|
|
@@ -148,7 +151,7 @@ void patch(pk11_offs *pk11, pkg2_hdr_t *pkg2) { |
|
|
|
|
|
ver_ptr = (uPtr*)memsearch((void *)pk11->secmon_base, 0x10000, verPattern, sizeof(verPattern));
|
|
|
pk21_ptr = (uPtr*)memsearch((void *)pk11->secmon_base, 0x10000, pk21Pattern, sizeof(pk21Pattern));
|
|
|
hdrsig_ptr = (uPtr*)(memsearch((void *)pk11->secmon_base, 0x10000, hdrSigPattern, sizeof(hdrSigPattern)) + 8);
|
|
|
hdrsig_ptr = (uPtr*)(memsearch((void *)pk11->secmon_base, 0x10000, hdrSigPattern, sizeof(hdrSigPattern)) + 0x8);
|
|
|
sha2_ptr = (uPtr*)memsearch((void *)pk11->secmon_base, 0x10000, sha2Pattern, sizeof(sha2Pattern));
|
|
|
break;
|
|
|
}
|
|
|
@@ -159,12 +162,15 @@ void patch(pk11_offs *pk11, pkg2_hdr_t *pkg2) { |
|
|
|
|
|
ver_ptr = (uPtr*)memsearch((void *)pk11->secmon_base, 0x10000, verPattern, sizeof(verPattern));
|
|
|
pk21_ptr = (uPtr*)((u32)ver_ptr - 0xC);
|
|
|
hdrsig_ptr = (uPtr*)(memsearch((void *)pk11->secmon_base, 0x10000, hdrSigPattern, sizeof(hdrSigPattern)) + 4);
|
|
|
hdrsig_ptr = (uPtr*)(memsearch((void *)pk11->secmon_base, 0x10000, hdrSigPattern, sizeof(hdrSigPattern)) + 0x4);
|
|
|
sha2_ptr = (uPtr*)memsearch((void *)pk11->secmon_base, 0x10000, sha2Pattern, sizeof(sha2Pattern));
|
|
|
break;
|
|
|
}
|
|
|
}
|
|
|
if (pk11Offs->kb != KB_FIRMWARE_VERSION_100_200) {
|
|
|
/*if (pre2x) { //TODO: relocator patch for 1.0.0
|
|
|
*rlc_ptr = ADRP(0, 0x3BFE8020);
|
|
|
};*/
|
|
|
if (pk11->kb != KB_FIRMWARE_VERSION_100_200) {
|
|
|
*pk21_ptr = NOP;
|
|
|
};
|
|
|
*ver_ptr = NOP;
|
|
|
|
This comment has been minimized.
NekoNoorJul 24, 2018
CollaboratorPeople have reported it working fine on 3.0.1 so not sure why it wasn't working for the one person that tested it on 3.0.1
NekoNoor repliedJul 24, 2018
People have reported it working fine on 3.0.1 so not sure why it wasn't working for the one person that tested it on 3.0.1
This comment has been minimized.
exentioJul 26, 2018
Working for me on 3.0.2
exentio repliedJul 26, 2018
•
edited
Working for me on 3.0.2
This comment has been minimized.
lunalik2Jul 29, 2018
sig patches too?
lunalik2 repliedJul 29, 2018
sig patches too?