/ReiNX

Permalink
Browse files

fix last commit + TAB->SPACE

  • Loading branch information...
@Reisyukaku
Reisyukaku committed Sep 22, 2018
1 parent cefc174 commit 746fded2d0b423c02e8b8f5f17036828f4ac1c34
Unified Split
Showing with 186 additions and 106 deletions.
  1. +23 −14 src/firmware.c
  2. +86 −17 src/package.c
  3. +77 −75 src/package.h
View
37 src/firmware.c
@@ -122,69 +122,76 @@ void patch(pk11_offs *pk11, pkg2_hdr_t *pkg2, link_t *kips) {
if(!customKern) { if(!customKern) {
u32 crc = crc32c(pkg2->data, pkg2->sec_size[PKG2_SEC_KERNEL]); u32 crc = crc32c(pkg2->data, pkg2->sec_size[PKG2_SEC_KERNEL]);
uPtr kern = (uPtr)&pkg2->data; uPtr kern = (uPtr)&pkg2->data;
uPtr sendOff, recvOff, codeRcvOff, codeSndOff, svcVerifOff, svcDebugOff; uPtr sendOff, recvOff, codeRcvOff, codeSndOff, svcVerifOff, svcDebugOff, ver;
switch(crc){ switch(crc){
case 0x427f2647:{ case 0x427f2647:{ //1.0.0
svcVerifOff = 0x3764C; svcVerifOff = 0x3764C;
svcDebugOff = 0x44074; svcDebugOff = 0x44074;
sendOff = 0x23CC0; sendOff = 0x23CC0;
recvOff = 0x219F0; recvOff = 0x219F0;
codeSndOff = 4; codeSndOff = 4;
codeRcvOff = 4; codeRcvOff = 4;
ver = 0;
break; break;
} }
case 0xae19cf1b:{ case 0xae19cf1b:{ //2.0.0
svcVerifOff = 0x54834; svcVerifOff = 0x54834;
svcDebugOff = 0x6086C; svcDebugOff = 0x6086C;
sendOff = 0x3F134; sendOff = 0x3F134;
recvOff = 0x3D1A8; recvOff = 0x3D1A8;
codeSndOff = 4; codeSndOff = 4;
codeRcvOff = 4; codeRcvOff = 4;
ver = 1;
break; break;
} }
case 0x73c9e274:{ case 0x73c9e274:{ //3.0.0
svcVerifOff = 0x3BD24; svcVerifOff = 0x3BD24;
svcDebugOff = 0x483FC; svcDebugOff = 0x483FC;
sendOff = 0x26080; sendOff = 0x26080;
recvOff = 0x240F0; recvOff = 0x240F0;
codeSndOff = 4; codeSndOff = 4;
codeRcvOff = 4; codeRcvOff = 4;
ver = 2;
break; break;
} }
case 0xe0e8cdc4:{ case 0xe0e8cdc4:{ //3.0.2
svcVerifOff = 0x3BD24; svcVerifOff = 0x3BD24;
svcDebugOff = 0x48414; svcDebugOff = 0x48414;
sendOff = 0x26080; sendOff = 0x26080;
recvOff = 0x240F0; recvOff = 0x240F0;
codeSndOff = 4; codeSndOff = 4;
codeRcvOff = 4; codeRcvOff = 4;
ver = 3;
break; break;
} }
case 0x485d0157:{ case 0x485d0157:{ //4.0.0
svcVerifOff = 0x41EB4; svcVerifOff = 0x41EB4;
svcDebugOff = 0x4EBFC; svcDebugOff = 0x4EBFC;
sendOff = 0x2AF64; sendOff = 0x2AF64;
recvOff = 0x28F6C; recvOff = 0x28F6C;
codeSndOff = 8; codeSndOff = 8;
codeRcvOff = 4; codeRcvOff = 4;
ver = 4;
break; break;
} }
case 0xf3c363f2:{ case 0xf3c363f2:{ //5.0.0
svcVerifOff = 0x45E6C; svcVerifOff = 0x45E6C;
svcDebugOff = 0x5513C; svcDebugOff = 0x5513C;
sendOff = 0x2AD34; sendOff = 0x2AD34;
recvOff = 0x28DAC; recvOff = 0x28DAC;
codeSndOff = 8; codeSndOff = 8;
codeRcvOff = 8; codeRcvOff = 8;
ver = 5;
break; break;
} }
case 0x64ce1a44:{ case 0x64ce1a44:{ //6.0.0
svcVerifOff = 0x47EA0; svcVerifOff = 0x47EA0;
svcDebugOff = 0x57548; svcDebugOff = 0x57548;
sendOff = 0x2BB8C; sendOff = 0x2BB8C;
recvOff = 0x29B6C; recvOff = 0x29B6C;
codeSndOff = 0x10; codeSndOff = 0x10;
codeRcvOff = 0x10; codeRcvOff = 0x10;
ver = 6;
break; break;
} }
default: default:
@@ -193,17 +200,19 @@ void patch(pk11_offs *pk11, pkg2_hdr_t *pkg2, link_t *kips) {
} }
//ID Send //ID Send
uPtr freeSpace = getFreeSpace((void*)pkg2->data, 0x200, pkg2->sec_size[PKG2_SEC_KERNEL]); //Find area to write payload uPtr freeSpace = getFreeSpace((void*)(kern+0x45000), 0x200, 0x20000) + 0x45000; //Find area to write payload
size_t payloadSize = sizeof(PRC_ID_SND_600); print("Kernel Freespace: 0x%08X\n", freeSpace);
size_t payloadSize;
u32 *sndPayload = getSndPayload(ver, &payloadSize);
*(vu32*)(kern + sendOff) = _B(sendOff, freeSpace); //write hook to payload *(vu32*)(kern + sendOff) = _B(sendOff, freeSpace); //write hook to payload
memcpy((void*)(kern + freeSpace), (void*)PRC_ID_SND_600, payloadSize); //Copy payload to free space memcpy((void*)(kern + freeSpace), sndPayload, payloadSize); //Copy payload to free space
*(vu32*)(kern + freeSpace + payloadSize) = _B(freeSpace + payloadSize, sendOff + codeSndOff); //Jump back skipping the hook *(vu32*)(kern + freeSpace + payloadSize) = _B(freeSpace + payloadSize, sendOff + codeSndOff); //Jump back skipping the hook
//ID Receive //ID Receive
freeSpace += (payloadSize+4); freeSpace += (payloadSize+4);
payloadSize = sizeof(PRC_ID_RCV_600); u32 *rcvPayload = getRcvPayload(ver, &payloadSize);
*(vu32*)(kern + recvOff) = _B(recvOff, freeSpace); *(vu32*)(kern + recvOff) = _B(recvOff, freeSpace);
memcpy((void*)(kern + freeSpace), (void*)PRC_ID_RCV_600, payloadSize); memcpy((void*)(kern + freeSpace), rcvPayload, payloadSize);
*(vu32*)(kern + freeSpace + payloadSize) = _B(freeSpace + payloadSize, recvOff + codeRcvOff); *(vu32*)(kern + freeSpace + payloadSize) = _B(freeSpace + payloadSize, recvOff + codeRcvOff);
//SVC patches //SVC patches
@@ -400,7 +409,7 @@ void firmware() {
((void (*)())PAYLOAD_ADDR)(); ((void (*)())PAYLOAD_ADDR)();
} }
SYSREG(AHB_AHB_SPARE_REG) = (volatile vu32)0xFFFFFF9F; SYSREG(AHB_AHB_SPARE_REG) = (volatile vu32)0xFFFFFF9F;
PMC(APBDEV_PMC_SCRATCH49) = 0; PMC(APBDEV_PMC_SCRATCH49) = 0;
if (btn_read() & BTN_VOL_DOWN) { if (btn_read() & BTN_VOL_DOWN) {
print("Booting verbosely\n"); print("Booting verbosely\n");
View
103 src/package.c
@@ -264,23 +264,92 @@ int kippatch_apply(u8 *kipdata, u64 kipdata_len, kippatch_t *patch) {
return 0; return 0;
} }
u32 *getSndPayload(u32 id, size_t *size) {
u32 *ret;
switch(id){
case 0:
*size = sizeof(PRC_ID_SND_100);
ret = PRC_ID_SND_100;
break;
case 1:
*size = sizeof(PRC_ID_SND_200);
ret = PRC_ID_SND_200;
break;
case 2:
*size = sizeof(PRC_ID_SND_300);
ret = PRC_ID_SND_300;
break;
case 3:
*size = sizeof(PRC_ID_SND_302);
ret = PRC_ID_SND_302;
break;
case 4:
*size = sizeof(PRC_ID_SND_400);
ret = PRC_ID_SND_400;
break;
case 5:
*size = sizeof(PRC_ID_SND_500);
ret = PRC_ID_SND_500;
break;
case 6:
*size = sizeof(PRC_ID_SND_600);
ret = PRC_ID_SND_600;
break;
}
return ret;
}
u32 *getRcvPayload(u32 id, size_t *size) {
u32 *ret;
switch(id){
case 0:
*size = sizeof(PRC_ID_RCV_100);
ret = PRC_ID_RCV_100;
break;
case 1:
*size = sizeof(PRC_ID_RCV_200);
ret = PRC_ID_RCV_200;
break;
case 2:
*size = sizeof(PRC_ID_RCV_300);
ret = PRC_ID_RCV_300;
break;
case 3:
*size = sizeof(PRC_ID_RCV_302);
ret = PRC_ID_RCV_302;
break;
case 4:
*size = sizeof(PRC_ID_RCV_400);
ret = PRC_ID_RCV_400;
break;
case 5:
*size = sizeof(PRC_ID_RCV_500);
ret = PRC_ID_RCV_500;
break;
case 6:
*size = sizeof(PRC_ID_RCV_600);
ret = PRC_ID_RCV_600;
break;
}
return ret;
}
int nca_patch(u8 * kipdata, u64 kipdata_len) { int nca_patch(u8 * kipdata, u64 kipdata_len) {
char pattern[8] = {0xE5, 0x07, 0x00, 0x32, 0xE0, 0x03, 0x16, 0xAA}; char pattern[8] = {0xE5, 0x07, 0x00, 0x32, 0xE0, 0x03, 0x16, 0xAA};
char buf[0x10]; char buf[0x10];
memcpy(buf, kipdata+0x1C450, 0x10); memcpy(buf, kipdata+0x1C450, 0x10);
u32 * addr = memsearch(kipdata, kipdata_len, pattern, sizeof(pattern)); u32 * addr = memsearch(kipdata, kipdata_len, pattern, sizeof(pattern));
int ret=0; int ret=0;
int max_dist = 0x10; int max_dist = 0x10;
for(int i=0; i<max_dist; i++) { for(int i=0; i<max_dist; i++) {
u32 op = addr[i]; u32 op = addr[i];
if((op & 0xFC000000)==0x94000000) { //is a BL op if((op & 0xFC000000)==0x94000000) { //is a BL op
addr[i] = NOP; addr[i] = NOP;
ret=1; ret=1;
break; break;
} }
} }
return ret; return ret;
} }
int kippatch_apply_set(u8 *kipdata, u64 kipdata_len, kippatchset_t *patchset) { int kippatch_apply_set(u8 *kipdata, u64 kipdata_len, kippatchset_t *patchset) {
@@ -305,8 +374,8 @@ int kippatch_apply_set(u8 *kipdata, u64 kipdata_len, kippatchset_t *patchset) {
int r = kippatch_apply(kipdata, kipdata_len, p); int r = kippatch_apply(kipdata, kipdata_len, p);
if (r) return r; if (r) return r;
} }
if(!strncmp("FS", patchset->kip_name, 2)) if(!strncmp("FS", patchset->kip_name, 2))
nca_patch(kipdata, kipdata_len); nca_patch(kipdata, kipdata_len);
return 0; return 0;
} }
Oops, something went wrong.

0 comments on commit 746fded

Please sign in to comment.