Permalink
Browse files

Merge branch 'warmboot' into 'master'

Warmboot

See merge request reinx/reinx!14
  • Loading branch information...
Reisyukaku committed Dec 19, 2018
2 parents 2d16282 + 08ed7d9 commit da8adc5a90a6d964b9fed74d227c47ba87213a04
Showing with 107 additions and 77 deletions.
  1. +1 −0 Makefile
  2. +1 −1 NX_Sysmodules
  3. +48 −29 src/firmware.c
  4. +10 −3 src/hwinit/sdram.c
  5. +22 −21 src/hwinit/sdram.inl
  6. +20 −19 src/hwinit/sdram_lz.inl
  7. +2 −2 src/package.c
  8. +3 −2 src/package.h
@@ -71,3 +71,4 @@ $(dir_build)/%.o: $(dir_source)/%.c
$(dir_build)/%.o: $(dir_source)/%.s
@mkdir -p "$(@D)"
$(CC) $(CFLAGS) -c $< -o $@

@@ -38,7 +38,7 @@ int drawSplash() {

void patchFS(pkg2_kip1_info_t* ki) {
print("Patching FS\n");

u8 kipHash[0x20];

se_calc_sha256(&kipHash, ki->kip1, ki->size);
@@ -89,6 +89,35 @@ pkg2_kip1_info_t* find_by_tid(link_t* kip_list, u64 tid) {
return NULL;
}

void patchWarmboot(u32 warmbootBase, u32 fw) {
print("Patching Warmboot...\n");
if(!customWarmboot) {
uPtr *fuseCheck = NULL;
uPtr *segmentID = NULL;
switch(fw) {
case KB_FIRMWARE_VERSION_300:
case KB_FIRMWARE_VERSION_301: {
u8 segmentIDPat[] = {0x6B, 0x01, 0x00, 0x1A, 0x18, 0x05, 0x9F};
segmentID = (uPtr*)(memsearch((void *)warmbootBase, 0x10000, segmentIDPat, sizeof(segmentIDPat)));
}
case KB_FIRMWARE_VERSION_200: {
u8 fuseCheckPat[] = {0x70, 0x01, 0x00, 0x1A, 0x20, 0x15, 0x9F};
fuseCheck = (uPtr*)(memsearch((void *)warmbootBase, 0x10000, fuseCheckPat, sizeof(fuseCheckPat)));
break;
}
default: {
u8 fuseCheckPat[] = {0xFF, 0x77, 0x6E, 0xEF, 0x00, 0xC3, 0x92};
u8 segmentIDPat[] = {0xF7, 0xFF, 0xDE, 0xDD, 0x24, 0x02, 0x28};
fuseCheck = (uPtr*)(memsearch((void *)warmbootBase, 0x10000, fuseCheckPat, sizeof(fuseCheckPat) + 0x4));
segmentID = (uPtr*)(memsearch((void *)warmbootBase, 0x10000, segmentIDPat, sizeof(segmentIDPat) + 0x4));
}
}
*fuseCheck = NOP_v7;
if(segmentID != NULL)
*segmentID = NOP_v7;
}
}

void patchSecmon(u32 secmonBase, u32 fw){
print("Patching Secmon...\n");
//Patch Secmon
@@ -146,17 +175,6 @@ void patchSecmon(u32 secmonBase, u32 fw){
sha2_ptr = (uPtr*)(memsearch((void *)secmonBase, 0x10000, sha2Pattern, sizeof(sha2Pattern)));
break;
}
case KB_FIRMWARE_VERSION_600: {
u8 verPattern[] = {0x00, 0x01, 0x00, 0x36, 0xFD, 0x7B, 0x41, 0xA9};
u8 hdrSigPattern[] = { 0x9A, 0xFF, 0xFF, 0x97, 0x80, 0x00, 0x00, 0x36};
u8 sha2Pattern[] = {0x81, 0x00, 0x80, 0x72, 0xB5, 0xFB, 0xFF, 0x97};

ver_ptr = (uPtr*)memsearch((void *)secmonBase, 0x10000, verPattern, sizeof(verPattern));
pk21_ptr = (uPtr*)((u32)ver_ptr - 0xC);
hdrsig_ptr = (uPtr*)(memsearch((void *)secmonBase, 0x10000, hdrSigPattern, sizeof(hdrSigPattern)) + 0x4);
sha2_ptr = (uPtr*)(memsearch((void *)secmonBase, 0x10000, sha2Pattern, sizeof(sha2Pattern)) + 0x4);
break;
}
default:{
u8 verPattern[] = {0x00, 0x01, 0x00, 0x36, 0xFD, 0x7B, 0x41, 0xA9};
u8 hdrSigPattern[] = {0x9A, 0xFF, 0xFF, 0x97, 0x80, 0x00, 0x00, 0x36};
@@ -170,11 +188,11 @@ void patchSecmon(u32 secmonBase, u32 fw){
}

if (fw > KB_FIRMWARE_VERSION_200) {
*pk21_ptr = NOP;
*pk21_ptr = NOP_v8;
};
*ver_ptr = NOP;
*hdrsig_ptr = NOP;
*sha2_ptr = NOP;
*ver_ptr = NOP_v8;
*hdrsig_ptr = NOP_v8;
*sha2_ptr = NOP_v8;
}
}

@@ -282,7 +300,7 @@ void patchKernel(pkg2_hdr_t *pkg2){
*(vu32*)(kern + freeSpace + payloadSize) = _B(freeSpace + payloadSize, recvOff + codeRcvOff);

//SVC patches
*(vu32*)(kern + svcVerifOff) = NOP;
*(vu32*)(kern + svcVerifOff) = NOP_v8;
if (fopen("/ReiNX/debug", "rb")) {
fclose();
*(vu32*)(kern + svcDebugOff) = _MOVZX(8, 1, 0);
@@ -304,7 +322,7 @@ void patchKernelExtensions(link_t *kips){
} else {
patchFS(FS_module);
}

// Load all KIPs.
char **sysmods = NULL;
size_t cnt = enumerateDir(&sysmods, "/ReiNX/sysmodules", "*.kip");
@@ -353,29 +371,30 @@ u8 loadFirm() {
//Decrypt if needed
if(pk11Offs->kb < KB_FIRMWARE_VERSION_620)
se_aes_crypt_ctr(11, pkg11 + 0x20, pkg11_size, pkg11 + 0x20, pkg11_size, pkg11 + 0x10);

print("Unpacking pkg1\n");
pkg1_unpack(pk11Offs, (u32)pkg11);
PMC(APBDEV_PMC_SCRATCH1) = pk11Offs->warmboot_base;
free(pkg1ldr);

//Read package2
u8 *pkg2 = ReadPackage2(&storage);

// Unpack Package2.
print("Unpacking package2...\n");
pkg2_hdr_t *dec_pkg2 = unpackFirmwarePackage(pkg2);
LIST_INIT(kip1_info);
pkg2_parse_kips(&kip1_info, dec_pkg2);

// Patch firmware.
patchWarmboot(pk11Offs->warmboot_base, pk11Offs->kb);
patchSecmon(pk11Offs->secmon_base, pk11Offs->kb);
patchKernel(dec_pkg2);
patchKernelExtensions(&kip1_info);

// Build Package2.
buildFirmwarePackage(dec_pkg2->data, dec_pkg2->sec_size[PKG2_SEC_KERNEL], &kip1_info);

//We're done with SD now
sdUnmount();
}
@@ -416,7 +435,7 @@ void launch() {
se_key_acc_ctrl(12, 0xFF);
se_key_acc_ctrl(15, 0xFF);
}

if(pk11Offs->kb < KB_FIRMWARE_VERSION_620){
SE_lock();
}else{
@@ -444,19 +463,19 @@ void launch() {

// Disable display.
display_end();

// Boot secmon and Wait for it get ready, if aplicable.
if (smmu_is_used())
smmu_exit();
else
cluster_boot_cpu0(pk11Offs->secmon_base);

while (!*SECMON_STATE_ADDR)
usleep(1);

// Signal to finish boot process.
*BOOT_STATE_ADDR = (pk11Offs->kb < KB_FIRMWARE_VERSION_400 ? BOOT_DONE : BOOT_DONE_4X);

// Halt ourselves in waitevent state.
while (1) FLOW_CTLR(0x4) = 0x50000000;
}
@@ -467,7 +486,7 @@ void firmware() {
gfx_clear_color(&gfx_ctxt, 0xFF000000);
gfx_con_init(&gfx_con, &gfx_ctxt);
gfx_con_setcol(&gfx_con, DEFAULT_TEXT_COL, 0, 0);

u8 fo[] = {0xF0, 0xE0, 0xD0, 0x00};
if (!sdMount()) {
error("Failed to init SD card!\n");
print("Press POWER to power off, or any other key to continue without SD.\n");
@@ -488,7 +507,7 @@ void firmware() {
}
SYSREG(AHB_AHB_SPARE_REG) = (volatile vu32)0xFFFFFF9F;
PMC(APBDEV_PMC_SCRATCH49) = 0;

if(btn_read() & BTN_VOL_UP){
if(fopen("/ReiNX/Recovery.bin", "rb") != 0) {
fread((void*)PAYLOAD_ADDR, fsize(), 1);
@@ -502,7 +521,7 @@ void firmware() {
btn_wait();
}
}

if (btn_read() & BTN_VOL_DOWN) {
print("Booting verbosely\n");
} else if (drawSplash()) {
@@ -490,15 +490,22 @@ static void _sdram_config(const sdram_params_t *params)

const void *sdram_get_params()
{
//TODO: sdram_id should be in [0, 7].
sdram_params_t *sdram_params;

#ifdef CONFIG_SDRAM_COMPRESS_CFG
u8 *buf = (u8 *)0x40030000;
LZ_Uncompress(_dram_cfg_lz, buf, sizeof(_dram_cfg_lz));
return (const void *)&buf[sizeof(sdram_params_t) * _get_sdram_id()];
sdram_params = (const void *)&buf[sizeof(sdram_params_t) * _get_sdram_id()];
#else
return _dram_cfgs[_get_sdram_id()];
sdram_params = _dram_cfgs[_get_sdram_id()];
#endif

sdram_params->boot_rom_patch_control = (1 << 31) | (((IPATCH_BASE + 4) - APB_MISC_BASE) / 4);
u32 addr = 0x10459E; // Bootrom address for warmboot sig check.
u32 data = 0x2000; // MOV R0, #0.
sdram_params->boot_rom_patch_data = ((addr/2) << 16) | (data & 0xffff);

return sdram_params;
}

void sdram_init()
@@ -1,18 +1,19 @@
/*
* Copyright (c) 2018 naehrwert
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
* Copyright (c) 2018 naehrwert
* Copyright (c) 2018 balika011
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/

static const u8 _dram_cfg_0[1896] = {
0x03, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x22, 0x00, 0x00, 0x00,
@@ -171,7 +172,7 @@ static const u8 _dram_cfg_0[1896] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x46, 0x2C, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0xEC, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xF0, 0xFF,
0x01, 0x77, 0x00, 0xFC, 0x00, 0x20, 0xCF, 0x22, 0x00, 0x00, 0xF0, 0xFF,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

@@ -332,7 +333,7 @@ static const u8 _dram_cfg_1[1896] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x46, 0x2C, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0xEC, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xF0, 0xFF,
0x01, 0x77, 0x00, 0xFC, 0x00, 0x20, 0xCF, 0x22, 0x00, 0x00, 0xF0, 0xFF,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

@@ -493,7 +494,7 @@ static const u8 _dram_cfg_2[1896] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x46, 0x2C, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0xEC, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xF0, 0xFF,
0x01, 0x77, 0x00, 0xFC, 0x00, 0x20, 0xCF, 0x22, 0x00, 0x00, 0xF0, 0xFF,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

@@ -654,7 +655,7 @@ static const u8 _dram_cfg_3[1896] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x46, 0x2C, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0xEC, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xF0, 0xFF,
0x01, 0x77, 0x00, 0xFC, 0x00, 0x20, 0xCF, 0x22, 0x00, 0x00, 0xF0, 0xFF,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

@@ -815,7 +816,7 @@ static const u8 _dram_cfg_4[1896] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x46, 0x2C, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0xEC, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xF0, 0xFF,
0x01, 0x77, 0x00, 0xFC, 0x00, 0x20, 0xCF, 0x22, 0x00, 0x00, 0xF0, 0xFF,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

@@ -976,7 +977,7 @@ static const u8 _dram_cfg_5[1896] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x46, 0x2C, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0xEC, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xF0, 0xFF,
0x01, 0x77, 0x00, 0xFC, 0x00, 0x20, 0xCF, 0x22, 0x00, 0x00, 0xF0, 0xFF,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

@@ -1137,7 +1138,7 @@ static const u8 _dram_cfg_6[1896] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x46, 0x2C, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0xEC, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xF0, 0xFF,
0x01, 0x77, 0x00, 0xFC, 0x00, 0x20, 0xCF, 0x22, 0x00, 0x00, 0xF0, 0xFF,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

@@ -1,5 +1,6 @@
/*
* Copyright (c) 2018 naehrwert
* Copyright (c) 2018 balika011
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
@@ -14,7 +15,7 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/

static const u8 _dram_cfg_lz[1262] = {
static const u8 _dram_cfg_lz[1270] = {
0x17, 0x03, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x22, 0x00, 0x00,
0x00, 0x2C, 0x17, 0x04, 0x09, 0x00, 0x17, 0x04, 0x04, 0x17, 0x08, 0x08,
0x17, 0x10, 0x10, 0x00, 0x00, 0x68, 0xBC, 0x01, 0x70, 0x0A, 0x00, 0x00,
@@ -103,22 +104,22 @@ static const u8 _dram_cfg_lz[1262] = {
0x17, 0x17, 0x3A, 0x7E, 0x16, 0x40, 0x17, 0x0C, 0x8B, 0x1F, 0x17, 0x2A,
0x38, 0x1E, 0x17, 0x0A, 0x38, 0x17, 0x13, 0x81, 0x28, 0x00, 0xC0, 0x17,
0x17, 0x55, 0x46, 0x24, 0x17, 0x0A, 0x81, 0x28, 0x17, 0x14, 0x38, 0x17,
0x18, 0x81, 0x60, 0x46, 0x2C, 0x17, 0x06, 0x38, 0xEC, 0x17, 0x0D, 0x16,
0x17, 0x0E, 0x82, 0x3C, 0x17, 0x82, 0x0C, 0x8E, 0x68, 0x17, 0x04, 0x24,
0x17, 0x5C, 0x8E, 0x68, 0x17, 0x07, 0x82, 0x5F, 0x80, 0x17, 0x87, 0x01,
0x8E, 0x68, 0x02, 0x17, 0x81, 0x4A, 0x8E, 0x68, 0x17, 0x0C, 0x87, 0x78,
0x17, 0x85, 0x28, 0x8E, 0x68, 0x17, 0x8E, 0x68, 0x9D, 0x50, 0x17, 0x81,
0x24, 0x8E, 0x68, 0x17, 0x04, 0x2C, 0x17, 0x28, 0x8E, 0x68, 0x17, 0x04,
0x30, 0x17, 0x85, 0x3C, 0x8E, 0x68, 0x12, 0x17, 0x07, 0x85, 0x70, 0x17,
0x88, 0x74, 0x8E, 0x68, 0x17, 0x87, 0x3E, 0x9D, 0x50, 0x0C, 0x17, 0x04,
0x04, 0x17, 0x12, 0x8E, 0x68, 0x18, 0x17, 0x87, 0x12, 0xBB, 0x20, 0x17,
0x83, 0x04, 0x9D, 0x50, 0x15, 0x17, 0x05, 0x8D, 0x76, 0x17, 0x0F, 0x8B,
0x49, 0x17, 0x0B, 0x18, 0x32, 0x00, 0x2F, 0x00, 0x32, 0x00, 0x31, 0x00,
0x34, 0x00, 0x36, 0x00, 0x2F, 0x00, 0x33, 0x17, 0x09, 0x84, 0x0C, 0x17,
0x18, 0x18, 0x17, 0x20, 0x8E, 0x68, 0x15, 0x17, 0x07, 0x5A, 0x17, 0x06,
0x5E, 0x16, 0x00, 0x15, 0x17, 0x82, 0x40, 0x9D, 0x50, 0x17, 0x86, 0x5F,
0xBB, 0x20, 0x3A, 0x00, 0x00, 0x00, 0x1D, 0x17, 0x81, 0x4F, 0xAC, 0x38,
0x3B, 0x17, 0x04, 0x04, 0x17, 0x86, 0x30, 0x8E, 0x68, 0x17, 0x81, 0x53,
0xAC, 0x38, 0x07, 0x17, 0x0D, 0x8E, 0x68, 0xA3, 0x72, 0x17, 0x83, 0x10,
0x8E, 0x68
0x18, 0x81, 0x60, 0x46, 0x2C, 0x17, 0x06, 0x38, 0xEC, 0x00, 0x00, 0x00,
0x01, 0x77, 0x00, 0xFC, 0x00, 0x20, 0xCF, 0x22, 0x17, 0x10, 0x82, 0x3C,
0x17, 0x82, 0x0C, 0x8E, 0x68, 0x17, 0x04, 0x24, 0x17, 0x5C, 0x8E, 0x68,
0x17, 0x07, 0x82, 0x5F, 0x80, 0x17, 0x87, 0x01, 0x8E, 0x68, 0x02, 0x17,
0x81, 0x4A, 0x8E, 0x68, 0x17, 0x0C, 0x87, 0x78, 0x17, 0x85, 0x28, 0x8E,
0x68, 0x17, 0x8E, 0x68, 0x9D, 0x50, 0x17, 0x81, 0x24, 0x8E, 0x68, 0x17,
0x04, 0x2C, 0x17, 0x28, 0x8E, 0x68, 0x17, 0x04, 0x30, 0x17, 0x85, 0x3C,
0x8E, 0x68, 0x12, 0x17, 0x07, 0x85, 0x70, 0x17, 0x88, 0x74, 0x8E, 0x68,
0x17, 0x87, 0x3E, 0x9D, 0x50, 0x0C, 0x17, 0x04, 0x04, 0x17, 0x12, 0x8E,
0x68, 0x18, 0x17, 0x87, 0x12, 0xBB, 0x20, 0x17, 0x83, 0x04, 0x9D, 0x50,
0x15, 0x17, 0x05, 0x8D, 0x76, 0x17, 0x0F, 0x8B, 0x49, 0x17, 0x0B, 0x18,
0x32, 0x00, 0x2F, 0x00, 0x32, 0x00, 0x31, 0x00, 0x34, 0x00, 0x36, 0x00,
0x2F, 0x00, 0x33, 0x17, 0x09, 0x84, 0x0C, 0x17, 0x18, 0x18, 0x17, 0x20,
0x8E, 0x68, 0x15, 0x17, 0x07, 0x5A, 0x17, 0x06, 0x5E, 0x16, 0x00, 0x15,
0x17, 0x82, 0x40, 0x9D, 0x50, 0x17, 0x86, 0x5F, 0xBB, 0x20, 0x3A, 0x00,
0x00, 0x00, 0x1D, 0x17, 0x81, 0x4F, 0xAC, 0x38, 0x3B, 0x17, 0x04, 0x04,
0x17, 0x86, 0x30, 0x8E, 0x68, 0x17, 0x81, 0x53, 0xAC, 0x38, 0x07, 0x17,
0x0D, 0x8E, 0x68, 0xA3, 0x72, 0x17, 0x83, 0x10, 0x8E, 0x68
};
@@ -131,7 +131,7 @@ void pkg1_unpack(pk11_offs *offs, u32 pkg1Off) {

void buildFirmwarePackage(u8 *kernel, u32 kernel_size, link_t *kips_info) {
u8 *pdst = (u8 *)0xA9800000;

// Signature.
memset(pdst, 0, 0x100);
pdst += 0x100;
@@ -347,7 +347,7 @@ int nca_patch(u8 * kipdata, u64 kipdata_len) {
for(int i=0; i<max_dist; i++) {
u32 op = addr[i];
if((op & 0xFC000000)==0x94000000) { //is a BL op
addr[i] = NOP;
addr[i] = NOP_v8;
ret=1;
break;
}
Oops, something went wrong.

0 comments on commit da8adc5

Please sign in to comment.