Merge branch 'warmboot' into 'master'

Warmboot See merge request reinx/reinx!14
Reisyukaku · Dec 19, 2018 · da8adc5 · da8adc5
2 parents 2d16282 + 08ed7d9
commit da8adc5
Show file tree

Hide file tree

Showing 8 changed files with 107 additions and 77 deletions.
diff --git a/Makefile b/Makefile
@@ -71,3 +71,4 @@ $(dir_build)/%.o: $(dir_source)/%.c
 $(dir_build)/%.o: $(dir_source)/%.s
 	@mkdir -p "$(@D)"
 	$(CC) $(CFLAGS) -c $< -o $@
+
diff --git a/NX_Sysmodules b/NX_Sysmodules
diff --git a/src/firmware.c b/src/firmware.c
@@ -38,7 +38,7 @@ int drawSplash() {
 
 void patchFS(pkg2_kip1_info_t* ki) {
     print("Patching FS\n");
-    
+
     u8 kipHash[0x20];
 
     se_calc_sha256(&kipHash, ki->kip1, ki->size);
@@ -89,6 +89,35 @@ pkg2_kip1_info_t* find_by_tid(link_t* kip_list, u64 tid) {
     return NULL;
 }
 
+void patchWarmboot(u32 warmbootBase, u32 fw) {
+    print("Patching Warmboot...\n");
+    if(!customWarmboot) {
+        uPtr *fuseCheck = NULL;
+        uPtr *segmentID = NULL;
+        switch(fw) {
+            case KB_FIRMWARE_VERSION_300:
+            case KB_FIRMWARE_VERSION_301: {
+                u8 segmentIDPat[] = {0x6B, 0x01, 0x00, 0x1A, 0x18, 0x05, 0x9F};
+                segmentID = (uPtr*)(memsearch((void *)warmbootBase, 0x10000, segmentIDPat, sizeof(segmentIDPat)));
+            }
+            case KB_FIRMWARE_VERSION_200: {
+                u8 fuseCheckPat[] = {0x70, 0x01, 0x00, 0x1A, 0x20, 0x15, 0x9F};
+                fuseCheck = (uPtr*)(memsearch((void *)warmbootBase, 0x10000, fuseCheckPat, sizeof(fuseCheckPat)));
+                break;
+            }
+            default: {
+                u8 fuseCheckPat[] = {0xFF, 0x77, 0x6E, 0xEF, 0x00, 0xC3, 0x92};
+                u8 segmentIDPat[] = {0xF7, 0xFF, 0xDE, 0xDD, 0x24, 0x02, 0x28};
+                fuseCheck = (uPtr*)(memsearch((void *)warmbootBase, 0x10000, fuseCheckPat, sizeof(fuseCheckPat) + 0x4));
+                segmentID = (uPtr*)(memsearch((void *)warmbootBase, 0x10000, segmentIDPat, sizeof(segmentIDPat) + 0x4));
+            }
+        }
+        *fuseCheck = NOP_v7;
+        if(segmentID != NULL)
+            *segmentID = NOP_v7;
+    }
+}
+
 void patchSecmon(u32 secmonBase, u32 fw){
     print("Patching Secmon...\n");
     //Patch Secmon
@@ -146,17 +175,6 @@ void patchSecmon(u32 secmonBase, u32 fw){
                 sha2_ptr = (uPtr*)(memsearch((void *)secmonBase, 0x10000, sha2Pattern, sizeof(sha2Pattern)));
                 break;
             }
-            case KB_FIRMWARE_VERSION_600: {
-                u8 verPattern[] = {0x00, 0x01, 0x00, 0x36, 0xFD, 0x7B, 0x41, 0xA9};
-                u8 hdrSigPattern[] = { 0x9A, 0xFF, 0xFF, 0x97, 0x80, 0x00, 0x00, 0x36};
-                u8 sha2Pattern[] = {0x81, 0x00, 0x80, 0x72, 0xB5, 0xFB, 0xFF, 0x97};
-
-                ver_ptr = (uPtr*)memsearch((void *)secmonBase, 0x10000, verPattern, sizeof(verPattern));
-                pk21_ptr = (uPtr*)((u32)ver_ptr - 0xC);
-                hdrsig_ptr = (uPtr*)(memsearch((void *)secmonBase, 0x10000, hdrSigPattern, sizeof(hdrSigPattern)) + 0x4);
-                sha2_ptr = (uPtr*)(memsearch((void *)secmonBase, 0x10000, sha2Pattern, sizeof(sha2Pattern)) + 0x4);
-                break;
-            }
             default:{
                 u8 verPattern[] = {0x00, 0x01, 0x00, 0x36, 0xFD, 0x7B, 0x41, 0xA9};
                 u8 hdrSigPattern[] = {0x9A, 0xFF, 0xFF, 0x97, 0x80, 0x00, 0x00, 0x36};
@@ -170,11 +188,11 @@ void patchSecmon(u32 secmonBase, u32 fw){
         }
 
         if (fw > KB_FIRMWARE_VERSION_200) {
-            *pk21_ptr = NOP;
+            *pk21_ptr = NOP_v8;
         };
-        *ver_ptr = NOP;
-        *hdrsig_ptr = NOP;
-        *sha2_ptr = NOP;
+        *ver_ptr = NOP_v8;
+        *hdrsig_ptr = NOP_v8;
+        *sha2_ptr = NOP_v8;
     }
 }
 
@@ -282,7 +300,7 @@ void patchKernel(pkg2_hdr_t *pkg2){
         *(vu32*)(kern + freeSpace + payloadSize) = _B(freeSpace + payloadSize, recvOff + codeRcvOff);
 
         //SVC patches
-        *(vu32*)(kern + svcVerifOff) = NOP;
+        *(vu32*)(kern + svcVerifOff) = NOP_v8;
         if (fopen("/ReiNX/debug", "rb")) {
             fclose();
             *(vu32*)(kern + svcDebugOff) = _MOVZX(8, 1, 0);
@@ -304,7 +322,7 @@ void patchKernelExtensions(link_t *kips){
     } else {
         patchFS(FS_module);
     }
-    
+
     // Load all KIPs.
     char **sysmods = NULL;
     size_t cnt = enumerateDir(&sysmods, "/ReiNX/sysmodules", "*.kip");
@@ -353,29 +371,30 @@ u8 loadFirm() {
     //Decrypt if needed
     if(pk11Offs->kb < KB_FIRMWARE_VERSION_620)
       se_aes_crypt_ctr(11, pkg11 + 0x20, pkg11_size, pkg11 + 0x20, pkg11_size, pkg11 + 0x10);
-  
+
     print("Unpacking pkg1\n");
     pkg1_unpack(pk11Offs, (u32)pkg11);
     PMC(APBDEV_PMC_SCRATCH1) = pk11Offs->warmboot_base;
     free(pkg1ldr);
 
     //Read package2
     u8 *pkg2 = ReadPackage2(&storage);
-    
+
     // Unpack Package2.
     print("Unpacking package2...\n");
     pkg2_hdr_t *dec_pkg2 = unpackFirmwarePackage(pkg2);
     LIST_INIT(kip1_info);
     pkg2_parse_kips(&kip1_info, dec_pkg2);
 
     // Patch firmware.
+    patchWarmboot(pk11Offs->warmboot_base, pk11Offs->kb);
     patchSecmon(pk11Offs->secmon_base, pk11Offs->kb);
     patchKernel(dec_pkg2);
     patchKernelExtensions(&kip1_info);
-    
+
     // Build Package2.
     buildFirmwarePackage(dec_pkg2->data, dec_pkg2->sec_size[PKG2_SEC_KERNEL], &kip1_info);
-    
+
     //We're done with SD now
     sdUnmount();
 }
@@ -416,7 +435,7 @@ void launch() {
             se_key_acc_ctrl(12, 0xFF);
             se_key_acc_ctrl(15, 0xFF);
     }
-    
+
     if(pk11Offs->kb < KB_FIRMWARE_VERSION_620){
         SE_lock();
     }else{
@@ -444,19 +463,19 @@ void launch() {
 
     // Disable display.
     display_end();
-    
+
     // Boot secmon and Wait for it get ready, if aplicable.
     if (smmu_is_used())
         smmu_exit();
     else
         cluster_boot_cpu0(pk11Offs->secmon_base);
-    
+
     while (!*SECMON_STATE_ADDR)
         usleep(1);
 
     // Signal to finish boot process.
     *BOOT_STATE_ADDR = (pk11Offs->kb < KB_FIRMWARE_VERSION_400 ? BOOT_DONE : BOOT_DONE_4X);
-    
+
     // Halt ourselves in waitevent state.
     while (1) FLOW_CTLR(0x4) = 0x50000000;
 }
@@ -467,7 +486,7 @@ void firmware() {
     gfx_clear_color(&gfx_ctxt, 0xFF000000);
     gfx_con_init(&gfx_con, &gfx_ctxt);
     gfx_con_setcol(&gfx_con, DEFAULT_TEXT_COL, 0, 0);
-
+    u8 fo[] = {0xF0, 0xE0, 0xD0, 0x00};
     if (!sdMount()) {
         error("Failed to init SD card!\n");
         print("Press POWER to power off, or any other key to continue without SD.\n");
@@ -488,7 +507,7 @@ void firmware() {
     }
     SYSREG(AHB_AHB_SPARE_REG) = (volatile vu32)0xFFFFFF9F;
     PMC(APBDEV_PMC_SCRATCH49) = 0;
-
+    
     if(btn_read() & BTN_VOL_UP){
         if(fopen("/ReiNX/Recovery.bin", "rb") != 0) {
             fread((void*)PAYLOAD_ADDR, fsize(), 1);
@@ -502,7 +521,7 @@ void firmware() {
             btn_wait();
         }
     }
-    
+
     if (btn_read() & BTN_VOL_DOWN) {
         print("Booting verbosely\n");
     } else if (drawSplash()) {

diff --git a/src/hwinit/sdram.c b/src/hwinit/sdram.c
@@ -490,15 +490,22 @@ static void _sdram_config(const sdram_params_t *params)
 
 const void *sdram_get_params()
 {
-	//TODO: sdram_id should be in [0, 7].
+    sdram_params_t *sdram_params;
 
 #ifdef CONFIG_SDRAM_COMPRESS_CFG
 	u8 *buf = (u8 *)0x40030000;
 	LZ_Uncompress(_dram_cfg_lz, buf, sizeof(_dram_cfg_lz));
-	return (const void *)&buf[sizeof(sdram_params_t) * _get_sdram_id()];
+	sdram_params = (const void *)&buf[sizeof(sdram_params_t) * _get_sdram_id()];
 #else
-	return _dram_cfgs[_get_sdram_id()];
+	sdram_params = _dram_cfgs[_get_sdram_id()];
 #endif
+
+    sdram_params->boot_rom_patch_control = (1 << 31) | (((IPATCH_BASE + 4) - APB_MISC_BASE) / 4);
+	u32 addr = 0x10459E; // Bootrom address for warmboot sig check.
+	u32 data = 0x2000;   // MOV R0, #0.
+	sdram_params->boot_rom_patch_data = ((addr/2) << 16) | (data & 0xffff);
+
+    return sdram_params;
 }
 
 void sdram_init()

diff --git a/src/hwinit/sdram.inl b/src/hwinit/sdram.inl
@@ -1,18 +1,19 @@
 /*
-* Copyright (c) 2018 naehrwert
-*
-* This program is free software; you can redistribute it and/or modify it
-* under the terms and conditions of the GNU General Public License,
-* version 2, as published by the Free Software Foundation.
-*
-* This program is distributed in the hope it will be useful, but WITHOUT
-* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-* FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
-* more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
+ * Copyright (c) 2018 naehrwert
+ * Copyright (c) 2018 balika011
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
 
 static const u8 _dram_cfg_0[1896] = {
 	0x03, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x22, 0x00, 0x00, 0x00,
@@ -171,7 +172,7 @@ static const u8 _dram_cfg_0[1896] = {
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x46, 0x2C, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0xEC, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xF0, 0xFF,
+	0x01, 0x77, 0x00, 0xFC, 0x00, 0x20, 0xCF, 0x22, 0x00, 0x00, 0xF0, 0xFF,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 };
 
@@ -332,7 +333,7 @@ static const u8 _dram_cfg_1[1896] = {
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x46, 0x2C, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0xEC, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xF0, 0xFF,
+	0x01, 0x77, 0x00, 0xFC, 0x00, 0x20, 0xCF, 0x22, 0x00, 0x00, 0xF0, 0xFF,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 };
 
@@ -493,7 +494,7 @@ static const u8 _dram_cfg_2[1896] = {
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x46, 0x2C, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0xEC, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xF0, 0xFF,
+	0x01, 0x77, 0x00, 0xFC, 0x00, 0x20, 0xCF, 0x22, 0x00, 0x00, 0xF0, 0xFF,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 };
 
@@ -654,7 +655,7 @@ static const u8 _dram_cfg_3[1896] = {
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x46, 0x2C, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0xEC, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xF0, 0xFF,
+	0x01, 0x77, 0x00, 0xFC, 0x00, 0x20, 0xCF, 0x22, 0x00, 0x00, 0xF0, 0xFF,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 };
 
@@ -815,7 +816,7 @@ static const u8 _dram_cfg_4[1896] = {
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x46, 0x2C, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0xEC, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xF0, 0xFF,
+	0x01, 0x77, 0x00, 0xFC, 0x00, 0x20, 0xCF, 0x22, 0x00, 0x00, 0xF0, 0xFF,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 };
 
@@ -976,7 +977,7 @@ static const u8 _dram_cfg_5[1896] = {
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x46, 0x2C, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0xEC, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xF0, 0xFF,
+	0x01, 0x77, 0x00, 0xFC, 0x00, 0x20, 0xCF, 0x22, 0x00, 0x00, 0xF0, 0xFF,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 };
 
@@ -1137,7 +1138,7 @@ static const u8 _dram_cfg_6[1896] = {
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x46, 0x2C, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0xEC, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xF0, 0xFF,
+	0x01, 0x77, 0x00, 0xFC, 0x00, 0x20, 0xCF, 0x22, 0x00, 0x00, 0xF0, 0xFF,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 };
 

diff --git a/src/hwinit/sdram_lz.inl b/src/hwinit/sdram_lz.inl
@@ -1,5 +1,6 @@
 /*
 * Copyright (c) 2018 naehrwert
+* Copyright (c) 2018 balika011
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms and conditions of the GNU General Public License,
@@ -14,7 +15,7 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-static const u8 _dram_cfg_lz[1262] = {
+static const u8 _dram_cfg_lz[1270] = {
 	0x17, 0x03, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x22, 0x00, 0x00,
 	0x00, 0x2C, 0x17, 0x04, 0x09, 0x00, 0x17, 0x04, 0x04, 0x17, 0x08, 0x08,
 	0x17, 0x10, 0x10, 0x00, 0x00, 0x68, 0xBC, 0x01, 0x70, 0x0A, 0x00, 0x00,
@@ -103,22 +104,22 @@ static const u8 _dram_cfg_lz[1262] = {
 	0x17, 0x17, 0x3A, 0x7E, 0x16, 0x40, 0x17, 0x0C, 0x8B, 0x1F, 0x17, 0x2A,
 	0x38, 0x1E, 0x17, 0x0A, 0x38, 0x17, 0x13, 0x81, 0x28, 0x00, 0xC0, 0x17,
 	0x17, 0x55, 0x46, 0x24, 0x17, 0x0A, 0x81, 0x28, 0x17, 0x14, 0x38, 0x17,
-	0x18, 0x81, 0x60, 0x46, 0x2C, 0x17, 0x06, 0x38, 0xEC, 0x17, 0x0D, 0x16,
-	0x17, 0x0E, 0x82, 0x3C, 0x17, 0x82, 0x0C, 0x8E, 0x68, 0x17, 0x04, 0x24,
-	0x17, 0x5C, 0x8E, 0x68, 0x17, 0x07, 0x82, 0x5F, 0x80, 0x17, 0x87, 0x01,
-	0x8E, 0x68, 0x02, 0x17, 0x81, 0x4A, 0x8E, 0x68, 0x17, 0x0C, 0x87, 0x78,
-	0x17, 0x85, 0x28, 0x8E, 0x68, 0x17, 0x8E, 0x68, 0x9D, 0x50, 0x17, 0x81,
-	0x24, 0x8E, 0x68, 0x17, 0x04, 0x2C, 0x17, 0x28, 0x8E, 0x68, 0x17, 0x04,
-	0x30, 0x17, 0x85, 0x3C, 0x8E, 0x68, 0x12, 0x17, 0x07, 0x85, 0x70, 0x17,
-	0x88, 0x74, 0x8E, 0x68, 0x17, 0x87, 0x3E, 0x9D, 0x50, 0x0C, 0x17, 0x04,
-	0x04, 0x17, 0x12, 0x8E, 0x68, 0x18, 0x17, 0x87, 0x12, 0xBB, 0x20, 0x17,
-	0x83, 0x04, 0x9D, 0x50, 0x15, 0x17, 0x05, 0x8D, 0x76, 0x17, 0x0F, 0x8B,
-	0x49, 0x17, 0x0B, 0x18, 0x32, 0x00, 0x2F, 0x00, 0x32, 0x00, 0x31, 0x00,
-	0x34, 0x00, 0x36, 0x00, 0x2F, 0x00, 0x33, 0x17, 0x09, 0x84, 0x0C, 0x17,
-	0x18, 0x18, 0x17, 0x20, 0x8E, 0x68, 0x15, 0x17, 0x07, 0x5A, 0x17, 0x06,
-	0x5E, 0x16, 0x00, 0x15, 0x17, 0x82, 0x40, 0x9D, 0x50, 0x17, 0x86, 0x5F,
-	0xBB, 0x20, 0x3A, 0x00, 0x00, 0x00, 0x1D, 0x17, 0x81, 0x4F, 0xAC, 0x38,
-	0x3B, 0x17, 0x04, 0x04, 0x17, 0x86, 0x30, 0x8E, 0x68, 0x17, 0x81, 0x53,
-	0xAC, 0x38, 0x07, 0x17, 0x0D, 0x8E, 0x68, 0xA3, 0x72, 0x17, 0x83, 0x10,
-	0x8E, 0x68
+	0x18, 0x81, 0x60, 0x46, 0x2C, 0x17, 0x06, 0x38, 0xEC, 0x00, 0x00, 0x00,
+	0x01, 0x77, 0x00, 0xFC, 0x00, 0x20, 0xCF, 0x22, 0x17, 0x10, 0x82, 0x3C,
+	0x17, 0x82, 0x0C, 0x8E, 0x68, 0x17, 0x04, 0x24, 0x17, 0x5C, 0x8E, 0x68,
+	0x17, 0x07, 0x82, 0x5F, 0x80, 0x17, 0x87, 0x01, 0x8E, 0x68, 0x02, 0x17,
+	0x81, 0x4A, 0x8E, 0x68, 0x17, 0x0C, 0x87, 0x78, 0x17, 0x85, 0x28, 0x8E,
+	0x68, 0x17, 0x8E, 0x68, 0x9D, 0x50, 0x17, 0x81, 0x24, 0x8E, 0x68, 0x17,
+	0x04, 0x2C, 0x17, 0x28, 0x8E, 0x68, 0x17, 0x04, 0x30, 0x17, 0x85, 0x3C,
+	0x8E, 0x68, 0x12, 0x17, 0x07, 0x85, 0x70, 0x17, 0x88, 0x74, 0x8E, 0x68,
+	0x17, 0x87, 0x3E, 0x9D, 0x50, 0x0C, 0x17, 0x04, 0x04, 0x17, 0x12, 0x8E,
+	0x68, 0x18, 0x17, 0x87, 0x12, 0xBB, 0x20, 0x17, 0x83, 0x04, 0x9D, 0x50,
+	0x15, 0x17, 0x05, 0x8D, 0x76, 0x17, 0x0F, 0x8B, 0x49, 0x17, 0x0B, 0x18,
+	0x32, 0x00, 0x2F, 0x00, 0x32, 0x00, 0x31, 0x00, 0x34, 0x00, 0x36, 0x00,
+	0x2F, 0x00, 0x33, 0x17, 0x09, 0x84, 0x0C, 0x17, 0x18, 0x18, 0x17, 0x20,
+	0x8E, 0x68, 0x15, 0x17, 0x07, 0x5A, 0x17, 0x06, 0x5E, 0x16, 0x00, 0x15,
+	0x17, 0x82, 0x40, 0x9D, 0x50, 0x17, 0x86, 0x5F, 0xBB, 0x20, 0x3A, 0x00,
+	0x00, 0x00, 0x1D, 0x17, 0x81, 0x4F, 0xAC, 0x38, 0x3B, 0x17, 0x04, 0x04,
+	0x17, 0x86, 0x30, 0x8E, 0x68, 0x17, 0x81, 0x53, 0xAC, 0x38, 0x07, 0x17,
+	0x0D, 0x8E, 0x68, 0xA3, 0x72, 0x17, 0x83, 0x10, 0x8E, 0x68
 };
diff --git a/src/package.c b/src/package.c
@@ -131,7 +131,7 @@ void pkg1_unpack(pk11_offs *offs, u32 pkg1Off) {
 
 void buildFirmwarePackage(u8 *kernel, u32 kernel_size, link_t *kips_info) {
     u8 *pdst = (u8 *)0xA9800000;
-    
+
     // Signature.
     memset(pdst, 0, 0x100);
     pdst += 0x100;
@@ -347,7 +347,7 @@ int nca_patch(u8 * kipdata, u64 kipdata_len) {
     for(int i=0; i<max_dist; i++) {
         u32 op = addr[i];
         if((op & 0xFC000000)==0x94000000) { //is a BL op
-            addr[i] = NOP;
+            addr[i] = NOP_v8;
             ret=1;
             break;
         }