From 746fded2d0b423c02e8b8f5f17036828f4ac1c34 Mon Sep 17 00:00:00 2001 From: Rei Date: Sat, 22 Sep 2018 18:50:27 -0400 Subject: [PATCH] fix last commit + TAB->SPACE --- src/firmware.c | 37 +++++++----- src/package.c | 103 +++++++++++++++++++++++++++------ src/package.h | 152 +++++++++++++++++++++++++------------------------ 3 files changed, 186 insertions(+), 106 deletions(-) diff --git a/src/firmware.c b/src/firmware.c index 242dcf6..9d0f935 100644 --- a/src/firmware.c +++ b/src/firmware.c @@ -122,69 +122,76 @@ void patch(pk11_offs *pk11, pkg2_hdr_t *pkg2, link_t *kips) { if(!customKern) { u32 crc = crc32c(pkg2->data, pkg2->sec_size[PKG2_SEC_KERNEL]); uPtr kern = (uPtr)&pkg2->data; - uPtr sendOff, recvOff, codeRcvOff, codeSndOff, svcVerifOff, svcDebugOff; + uPtr sendOff, recvOff, codeRcvOff, codeSndOff, svcVerifOff, svcDebugOff, ver; switch(crc){ - case 0x427f2647:{ + case 0x427f2647:{ //1.0.0 svcVerifOff = 0x3764C; svcDebugOff = 0x44074; sendOff = 0x23CC0; recvOff = 0x219F0; codeSndOff = 4; codeRcvOff = 4; + ver = 0; break; } - case 0xae19cf1b:{ + case 0xae19cf1b:{ //2.0.0 svcVerifOff = 0x54834; svcDebugOff = 0x6086C; sendOff = 0x3F134; recvOff = 0x3D1A8; codeSndOff = 4; codeRcvOff = 4; + ver = 1; break; } - case 0x73c9e274:{ + case 0x73c9e274:{ //3.0.0 svcVerifOff = 0x3BD24; svcDebugOff = 0x483FC; sendOff = 0x26080; recvOff = 0x240F0; codeSndOff = 4; codeRcvOff = 4; + ver = 2; break; } - case 0xe0e8cdc4:{ + case 0xe0e8cdc4:{ //3.0.2 svcVerifOff = 0x3BD24; svcDebugOff = 0x48414; sendOff = 0x26080; recvOff = 0x240F0; codeSndOff = 4; codeRcvOff = 4; + ver = 3; break; } - case 0x485d0157:{ + case 0x485d0157:{ //4.0.0 svcVerifOff = 0x41EB4; svcDebugOff = 0x4EBFC; sendOff = 0x2AF64; recvOff = 0x28F6C; codeSndOff = 8; codeRcvOff = 4; + ver = 4; break; } - case 0xf3c363f2:{ + case 0xf3c363f2:{ //5.0.0 svcVerifOff = 0x45E6C; svcDebugOff = 0x5513C; sendOff = 0x2AD34; recvOff = 0x28DAC; codeSndOff = 8; codeRcvOff = 8; + ver = 5; break; } - case 0x64ce1a44:{ + case 0x64ce1a44:{ //6.0.0 svcVerifOff = 0x47EA0; svcDebugOff = 0x57548; sendOff = 0x2BB8C; recvOff = 0x29B6C; codeSndOff = 0x10; codeRcvOff = 0x10; + ver = 6; break; } default: @@ -193,17 +200,19 @@ void patch(pk11_offs *pk11, pkg2_hdr_t *pkg2, link_t *kips) { } //ID Send - uPtr freeSpace = getFreeSpace((void*)pkg2->data, 0x200, pkg2->sec_size[PKG2_SEC_KERNEL]); //Find area to write payload - size_t payloadSize = sizeof(PRC_ID_SND_600); + uPtr freeSpace = getFreeSpace((void*)(kern+0x45000), 0x200, 0x20000) + 0x45000; //Find area to write payload + print("Kernel Freespace: 0x%08X\n", freeSpace); + size_t payloadSize; + u32 *sndPayload = getSndPayload(ver, &payloadSize); *(vu32*)(kern + sendOff) = _B(sendOff, freeSpace); //write hook to payload - memcpy((void*)(kern + freeSpace), (void*)PRC_ID_SND_600, payloadSize); //Copy payload to free space + memcpy((void*)(kern + freeSpace), sndPayload, payloadSize); //Copy payload to free space *(vu32*)(kern + freeSpace + payloadSize) = _B(freeSpace + payloadSize, sendOff + codeSndOff); //Jump back skipping the hook //ID Receive freeSpace += (payloadSize+4); - payloadSize = sizeof(PRC_ID_RCV_600); + u32 *rcvPayload = getRcvPayload(ver, &payloadSize); *(vu32*)(kern + recvOff) = _B(recvOff, freeSpace); - memcpy((void*)(kern + freeSpace), (void*)PRC_ID_RCV_600, payloadSize); + memcpy((void*)(kern + freeSpace), rcvPayload, payloadSize); *(vu32*)(kern + freeSpace + payloadSize) = _B(freeSpace + payloadSize, recvOff + codeRcvOff); //SVC patches @@ -400,7 +409,7 @@ void firmware() { ((void (*)())PAYLOAD_ADDR)(); } SYSREG(AHB_AHB_SPARE_REG) = (volatile vu32)0xFFFFFF9F; - PMC(APBDEV_PMC_SCRATCH49) = 0; + PMC(APBDEV_PMC_SCRATCH49) = 0; if (btn_read() & BTN_VOL_DOWN) { print("Booting verbosely\n"); diff --git a/src/package.c b/src/package.c index 149c16b..7a1284e 100644 --- a/src/package.c +++ b/src/package.c @@ -264,23 +264,92 @@ int kippatch_apply(u8 *kipdata, u64 kipdata_len, kippatch_t *patch) { return 0; } +u32 *getSndPayload(u32 id, size_t *size) { + u32 *ret; + switch(id){ + case 0: + *size = sizeof(PRC_ID_SND_100); + ret = PRC_ID_SND_100; + break; + case 1: + *size = sizeof(PRC_ID_SND_200); + ret = PRC_ID_SND_200; + break; + case 2: + *size = sizeof(PRC_ID_SND_300); + ret = PRC_ID_SND_300; + break; + case 3: + *size = sizeof(PRC_ID_SND_302); + ret = PRC_ID_SND_302; + break; + case 4: + *size = sizeof(PRC_ID_SND_400); + ret = PRC_ID_SND_400; + break; + case 5: + *size = sizeof(PRC_ID_SND_500); + ret = PRC_ID_SND_500; + break; + case 6: + *size = sizeof(PRC_ID_SND_600); + ret = PRC_ID_SND_600; + break; + } + return ret; +} + +u32 *getRcvPayload(u32 id, size_t *size) { + u32 *ret; + switch(id){ + case 0: + *size = sizeof(PRC_ID_RCV_100); + ret = PRC_ID_RCV_100; + break; + case 1: + *size = sizeof(PRC_ID_RCV_200); + ret = PRC_ID_RCV_200; + break; + case 2: + *size = sizeof(PRC_ID_RCV_300); + ret = PRC_ID_RCV_300; + break; + case 3: + *size = sizeof(PRC_ID_RCV_302); + ret = PRC_ID_RCV_302; + break; + case 4: + *size = sizeof(PRC_ID_RCV_400); + ret = PRC_ID_RCV_400; + break; + case 5: + *size = sizeof(PRC_ID_RCV_500); + ret = PRC_ID_RCV_500; + break; + case 6: + *size = sizeof(PRC_ID_RCV_600); + ret = PRC_ID_RCV_600; + break; + } + return ret; +} int nca_patch(u8 * kipdata, u64 kipdata_len) { - char pattern[8] = {0xE5, 0x07, 0x00, 0x32, 0xE0, 0x03, 0x16, 0xAA}; - char buf[0x10]; - memcpy(buf, kipdata+0x1C450, 0x10); - u32 * addr = memsearch(kipdata, kipdata_len, pattern, sizeof(pattern)); - int ret=0; - int max_dist = 0x10; - for(int i=0; ikip_name, 2)) - nca_patch(kipdata, kipdata_len); + if(!strncmp("FS", patchset->kip_name, 2)) + nca_patch(kipdata, kipdata_len); return 0; } diff --git a/src/package.h b/src/package.h index 6179524..c6f3bd0 100644 --- a/src/package.h +++ b/src/package.h @@ -34,151 +34,151 @@ static u8 customKern = 0; typedef struct _pkg2_hdr_t { - u8 ctr[0x10]; - u8 sec_ctr[0x40]; - u32 magic; - u32 base; - u32 pad0; - u16 version; - u16 pad1; - u32 sec_size[4]; - u32 sec_off[4]; - u8 sec_sha256[0x80]; - u8 data[]; + u8 ctr[0x10]; + u8 sec_ctr[0x40]; + u32 magic; + u32 base; + u32 pad0; + u16 version; + u16 pad1; + u32 sec_size[4]; + u32 sec_off[4]; + u8 sec_sha256[0x80]; + u8 data[]; } pkg2_hdr_t; typedef struct _pkg2_ini1_t { - u32 magic; - u32 size; - u32 num_procs; - u32 pad; + u32 magic; + u32 size; + u32 num_procs; + u32 pad; } pkg2_ini1_t; typedef struct _pkg2_kip1_sec_t { - u32 offset; - u32 size_decomp; - u32 size_comp; - u32 attrib; + u32 offset; + u32 size_decomp; + u32 size_comp; + u32 attrib; } pkg2_kip1_sec_t; #define KIP1_NUM_SECTIONS 6 typedef struct _pkg2_kip1_t { - u32 magic; - char name[12]; - u64 tid; - u32 proc_cat; - u8 main_thrd_prio; - u8 def_cpu_core; - u8 res; - u8 flags; - pkg2_kip1_sec_t sections[KIP1_NUM_SECTIONS]; - u32 caps[0x20]; - u8 data[]; + u32 magic; + char name[12]; + u64 tid; + u32 proc_cat; + u8 main_thrd_prio; + u8 def_cpu_core; + u8 res; + u8 flags; + pkg2_kip1_sec_t sections[KIP1_NUM_SECTIONS]; + u32 caps[0x20]; + u8 data[]; } pkg2_kip1_t; typedef struct _pkg2_kip1_info_t { - pkg2_kip1_t *kip1; - u32 size; - link_t link; + pkg2_kip1_t *kip1; + u32 size; + link_t link; } pkg2_kip1_info_t; typedef struct { - const char *id; - u32 kb; - u32 tsec_off; - u32 pkg11_off; - u32 sec_map[3]; - u32 secmon_base; - u32 warmboot_base; - int set_warmboot; + const char *id; + u32 kb; + u32 tsec_off; + u32 pkg11_off; + u32 sec_map[3]; + u32 secmon_base; + u32 warmboot_base; + int set_warmboot; } pk11_offs; typedef struct { - u32 magic; - u32 wb_size; - u32 wb_off; - u32 pad; - u32 ldr_size; - u32 ldr_off; - u32 sm_size; - u32 sm_off; + u32 magic; + u32 wb_size; + u32 wb_off; + u32 pad; + u32 ldr_size; + u32 ldr_off; + u32 sm_size; + u32 sm_off; } pk11_header; static u32 PRC_ID_SND_100[] = { - 0xA9BF2FEA, 0x2A0E03EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, - 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9412948, 0xA8C12FEA + 0xA9BF2FEA, 0x2A0E03EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, + 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9412948, 0xA8C12FEA }; static u32 PRC_ID_RCV_100[] = { - 0xA9BF2FEA, 0x2A1C03EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, - 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9412968, 0xA8C12FEA + 0xA9BF2FEA, 0x2A1C03EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, + 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9412968, 0xA8C12FEA }; static u32 PRC_ID_SND_200[] = { - 0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, - 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9413148, 0xA8C12FEA + 0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, + 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9413148, 0xA8C12FEA }; static u32 PRC_ID_RCV_200[] = { - 0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148, - 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9413168, 0xA8C12FEA + 0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148, + 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9413168, 0xA8C12FEA }; static u32 PRC_ID_SND_300[] = { - 0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, - 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9415548, 0xA8C12FEA + 0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, + 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9415548, 0xA8C12FEA }; static u32 PRC_ID_RCV_300[] = { - 0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148, - 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415568, 0xA8C12FEA + 0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148, + 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415568, 0xA8C12FEA }; static u32 PRC_ID_SND_302[] = { - 0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, - 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9415548, 0xA8C12FEA + 0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, + 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9415548, 0xA8C12FEA }; static u32 PRC_ID_RCV_302[] = { - 0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148, - 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415568, 0xA8C12FEA + 0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148, + 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415568, 0xA8C12FEA }; static u32 PRC_ID_SND_400[] = { - 0x2A1703EA, 0xD37EF54A, 0xF86A6B8A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, - 0xEB09015F, 0x54000060, 0xF94053EA, 0xF9415948, 0xF94053EA + 0x2A1703EA, 0xD37EF54A, 0xF86A6B8A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, + 0xEB09015F, 0x54000060, 0xF94053EA, 0xF9415948, 0xF94053EA }; static u32 PRC_ID_RCV_400[] = { - 0xF9403BED, 0x2A0E03EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, - 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415B28, 0xD503201F + 0xF9403BED, 0x2A0E03EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, + 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415B28, 0xD503201F }; static u32 PRC_ID_SND_500[] = { - 0x2A1703EA, 0xD37EF54A, 0xF86A6B6A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, - 0xEB09015F, 0x54000060, 0xF94043EA, 0xF9415948, 0xF94043EA + 0x2A1703EA, 0xD37EF54A, 0xF86A6B6A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, + 0xEB09015F, 0x54000060, 0xF94043EA, 0xF9415948, 0xF94043EA }; static u32 PRC_ID_RCV_500[] = { - 0xF9403BED, 0x2A1503EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, - 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415B08, 0xF9406FEA + 0xF9403BED, 0x2A1503EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, + 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415B08, 0xF9406FEA }; static u32 PRC_ID_SND_600[] = @@ -188,7 +188,7 @@ static u32 PRC_ID_SND_600[] = static u32 PRC_ID_RCV_600[] = { - 0xA9BF2FEA, 0xF94043EB, 0x2A1503EA, 0xD37EF54A, 0xF86A696A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000100, 0xA9BF27E8, 0xF9400308, 0xF9401D08, 0xAA1803E0, 0xD63F0100, 0xA8C127E8, 0xAA0003E8, 0xA8C12FEA, 0xAA0803E0 + 0xA9BF2FEA, 0xF94043EB, 0x2A1503EA, 0xD37EF54A, 0xF86A696A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000100, 0xA9BF27E8, 0xF9400308, 0xF9401D08, 0xAA1803E0, 0xD63F0100, 0xA8C127E8, 0xAA0003E8, 0xA8C12FEA, 0xAA0803E0 }; typedef struct kipdiff_s { @@ -223,4 +223,6 @@ void pkg1_unpack(pk11_offs *offs, u8 *pkg1); void buildFirmwarePackage(u8 *kernel, u32 kernel_size, link_t *kips_info); size_t calcKipSize(pkg2_kip1_t *kip1); void pkg2_parse_kips(link_t *info, pkg2_hdr_t *pkg2); -void loadKip(link_t *info, char *path); \ No newline at end of file +void loadKip(link_t *info, char *path); +u32 *getSndPayload(u32 id, size_t *size); +u32 *getRcvPayload(u32 id, size_t *size); \ No newline at end of file