From 2cc51b5cfe3d85fbbee3b79ba9f5cf4bc660f40c Mon Sep 17 00:00:00 2001 From: Rasmus Moorats Date: Sat, 8 Sep 2018 14:08:25 +0300 Subject: [PATCH 01/14] Display splash before loading firmware Removes 3 second delay for booting into Horizon, and mutes the console. Errors unmute. --- src/error.c | 1 + src/firmware.c | 16 +++++++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/src/error.c b/src/error.c index 6dcd62b..e790cc6 100644 --- a/src/error.c +++ b/src/error.c @@ -30,6 +30,7 @@ void panic() { } void error(char *errStr) { + gfx_con.mute = 0; gfx_con_setcol(&gfx_con, RED, 0, 0); print("Error: %s", errStr); gfx_con_setcol(&gfx_con, DEFAULT_TEXT_COL, 0, 0); diff --git a/src/firmware.c b/src/firmware.c index 0a2eac1..f2f50ab 100644 --- a/src/firmware.c +++ b/src/firmware.c @@ -25,13 +25,14 @@ static pk11_offs *pk11Offs = NULL; -void drawSplash() { +int drawSplash() { // Draw splashscreen to framebuffer. if(fopen("/ReiNX/splash.bin", "rb") != 0) { fread((void*)0xC0000000, fsize(), 1); fclose(); - usleep(3000000); + return 1; } + return 0; } pk11_offs *pkg11_offsentify(u8 *pkg1) { @@ -309,7 +310,7 @@ void firmware() { i2c_send_byte(I2C_5, 0x3C, MAX77620_REG_ONOFFCNFG1, MAX77620_ONOFFCNFG1_PWR_OFF); btn_wait(); } - + if(PMC(APBDEV_PMC_SCRATCH49) != 69 && fopen("/ReiNX.bin", "rb")) { fread((void*)PAYLOAD_ADDR, fsize(), 1); fclose(); @@ -322,9 +323,14 @@ void firmware() { } SYSREG(AHB_AHB_SPARE_REG) = (volatile vu32)0xFFFFFF9F; PMC(APBDEV_PMC_SCRATCH49) = 0; - + + if (btn_read() & BTN_VOL_DOWN) { + print("Booting verbosely\n"); + } else if (drawSplash()) { + gfx_con.mute = 1; + } + print("Welcome to ReiNX %s!\n", VERSION); loadFirm(); - drawSplash(); launch(); } From d5064a2135775e7030668dd8cbfaab68f8d7669c Mon Sep 17 00:00:00 2001 From: Rei Date: Sat, 8 Sep 2018 19:02:42 -0400 Subject: [PATCH 02/14] memes --- NX_Sysmodules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NX_Sysmodules b/NX_Sysmodules index 281c052..3320a30 160000 --- a/NX_Sysmodules +++ b/NX_Sysmodules @@ -1 +1 @@ -Subproject commit 281c0521dd09ec6c5af6cfef75f505602dd0888c +Subproject commit 3320a30dd28951f657635c51bcc6d3f7aafd1ed4 From 5eb0a07dacbb7f9a07dc28bddd99c75bff3f47d6 Mon Sep 17 00:00:00 2001 From: shchmue Date: Sun, 9 Sep 2018 13:52:28 -0400 Subject: [PATCH 03/14] Fix build on Windows --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 853f98c..e7a5d0e 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ ifeq ($(strip $(DEVKITARM)),) $(error "Please set DEVKITARM in your environment. export DEVKITARM=devkitARM") endif -CC = $(DEVKITARM)/bin/arm-none-eabi-gcc +include $(DEVKITARM)/base_tools LD = $(DEVKITARM)/bin/arm-none-eabi-ld OBJCOPY = $(DEVKITARM)/bin/arm-none-eabi-objcopy From ac48b75f10b900532609cfbc3bab3d8370b80091 Mon Sep 17 00:00:00 2001 From: Rei Date: Sun, 9 Sep 2018 14:49:57 -0400 Subject: [PATCH 04/14] sysmod update --- NX_Sysmodules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NX_Sysmodules b/NX_Sysmodules index 3320a30..7c92325 160000 --- a/NX_Sysmodules +++ b/NX_Sysmodules @@ -1 +1 @@ -Subproject commit 3320a30dd28951f657635c51bcc6d3f7aafd1ed4 +Subproject commit 7c9232535fb356a7f3d4afccab869f3608d44a68 From 8367cf2f2935ebb17f8c4c1870ef87ab3edc0546 Mon Sep 17 00:00:00 2001 From: Rei Date: Sun, 9 Sep 2018 23:15:06 -0400 Subject: [PATCH 05/14] fix version string for 6.x --- NX_Sysmodules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NX_Sysmodules b/NX_Sysmodules index 7c92325..610cdd3 160000 --- a/NX_Sysmodules +++ b/NX_Sysmodules @@ -1 +1 @@ -Subproject commit 7c9232535fb356a7f3d4afccab869f3608d44a68 +Subproject commit 610cdd34c34ebd23797db54e8170a166c2f64d98 From c6234528213eb62fbbecca710d05f2abad40418b Mon Sep 17 00:00:00 2001 From: Rei Date: Mon, 10 Sep 2018 21:19:54 -0400 Subject: [PATCH 06/14] fixed kern hooks to add full 6.0 support [thanks Mike ;^) ] --- src/package.h | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/src/package.h b/src/package.h index f944970..2a1605f 100644 --- a/src/package.h +++ b/src/package.h @@ -39,7 +39,7 @@ #define ID_SND_OFF_302 0x26080 #define ID_SND_OFF_400 0x2AF64 #define ID_SND_OFF_500 0x2AD34 -#define ID_SND_OFF_600 0x2BB88 +#define ID_SND_OFF_600 0x2BB8C #define ID_RCV_OFF_100 0x219F0 #define ID_RCV_OFF_200 0x3D1A8 @@ -232,14 +232,12 @@ static u32 PRC_ID_RCV_500[] = static u32 PRC_ID_SND_600[] = { - 0x2A1703EA, 0xD37EF54A, 0xF86A6B6A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, - 0xEB09015F, 0x54000060, 0xF94043EA, 0xF9415948, 0xF94043EA + 0xA9BF2FEA, 0xF94037EB, 0x2A1503EA, 0xD37EF54A, 0xF86A696A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000100, 0xA9BF27E8, 0xF9400308, 0xF9401D08, 0xAA1803E0, 0xD63F0100, 0xA8C127E8, 0xAA0003E8, 0xA8C12FEA, 0xAA0803E0 }; #define FREE_CODE_OFF_2ND_600 (FREE_CODE_OFF_1ST_600 + sizeof(PRC_ID_SND_600) + 4) static u32 PRC_ID_RCV_600[] = { - 0xF9403BED, 0x2A1503EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, - 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415B08, 0xF9406FEA + 0xA9BF2FEA, 0xF94043EB, 0x2A1503EA, 0xD37EF54A, 0xF86A696A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000100, 0xA9BF27E8, 0xF9400308, 0xF9401D08, 0xAA1803E0, 0xD63F0100, 0xA8C127E8, 0xAA0003E8, 0xA8C12FEA, 0xAA0803E0 }; @@ -334,14 +332,14 @@ static kernel_patch_t kern6[] = { { SVC_VERIFY_DS, 0x47EA0, _NOP(), NULL }, // Disable SVC verifications { DEBUG_MODE_EN, 0x57548, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch // Atmosphère kernel patches. - /*{ ATM_GEN_PATCH, ID_SND_OFF_600, _B(ID_SND_OFF_600, FREE_CODE_OFF_1ST_600), NULL}, // Send process id branch. + { ATM_GEN_PATCH, ID_SND_OFF_600, _B(ID_SND_OFF_600, FREE_CODE_OFF_1ST_600), NULL}, // Send process id branch. { ATM_ARR_PATCH, FREE_CODE_OFF_1ST_600, sizeof(PRC_ID_SND_600) >> 2, PRC_ID_SND_600}, // Send process id code. { ATM_GEN_PATCH, FREE_CODE_OFF_1ST_600 + sizeof(PRC_ID_SND_600), // Branch back and skip 2 instructions. - _B(FREE_CODE_OFF_1ST_600 + sizeof(PRC_ID_SND_600), ID_SND_OFF_600 + 8), NULL}, + _B(FREE_CODE_OFF_1ST_600 + sizeof(PRC_ID_SND_600), ID_SND_OFF_600 + 0x10), NULL}, { ATM_GEN_PATCH, ID_RCV_OFF_600, _B(ID_RCV_OFF_600, FREE_CODE_OFF_2ND_600), NULL}, // Receive process id branch. { ATM_ARR_PATCH, FREE_CODE_OFF_2ND_600, sizeof(PRC_ID_RCV_600) >> 2, PRC_ID_RCV_600}, // Receive process id code. { ATM_GEN_PATCH, FREE_CODE_OFF_2ND_600 + sizeof(PRC_ID_RCV_600), // Branch back and skip 2 instructions. - _B(FREE_CODE_OFF_2ND_600 + sizeof(PRC_ID_RCV_600), ID_RCV_OFF_600 + 8), NULL},*/ + _B(FREE_CODE_OFF_2ND_600 + sizeof(PRC_ID_RCV_600), ID_RCV_OFF_600 + 0x10), NULL}, {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, (u32*)0xFFFFFFFF} }; From a4f171dcd975a7cba296f51c77bc41ae87d36e98 Mon Sep 17 00:00:00 2001 From: Rei Date: Wed, 19 Sep 2018 21:59:57 -0400 Subject: [PATCH 07/14] allow booting without SD; quick temp fix for sleepmode bug --- src/firmware.c | 4 ++-- src/package.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/firmware.c b/src/firmware.c index f2f50ab..5af7833 100644 --- a/src/firmware.c +++ b/src/firmware.c @@ -303,9 +303,9 @@ void firmware() { gfx_con_init(&gfx_con, &gfx_ctxt); gfx_con_setcol(&gfx_con, DEFAULT_TEXT_COL, 0, 0); - while (!sdMount()) { + if (!sdMount()) { error("Failed to init SD card!\n"); - print("Press POWER to power off, any other key to retry\n"); + print("Press POWER to power off, or any other key to continue without SD.\n"); if (btn_wait() & BTN_POWER) i2c_send_byte(I2C_5, 0x3C, MAX77620_REG_ONOFFCNFG1, MAX77620_ONOFFCNFG1_PWR_OFF); btn_wait(); diff --git a/src/package.h b/src/package.h index 2a1605f..a5dce52 100644 --- a/src/package.h +++ b/src/package.h @@ -330,7 +330,7 @@ static kernel_patch_t kern5[] = { static kernel_patch_t kern6[] = { { SVC_VERIFY_DS, 0x47EA0, _NOP(), NULL }, // Disable SVC verifications - { DEBUG_MODE_EN, 0x57548, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch + //{ DEBUG_MODE_EN, 0x57548, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch // Atmosphère kernel patches. { ATM_GEN_PATCH, ID_SND_OFF_600, _B(ID_SND_OFF_600, FREE_CODE_OFF_1ST_600), NULL}, // Send process id branch. { ATM_ARR_PATCH, FREE_CODE_OFF_1ST_600, sizeof(PRC_ID_SND_600) >> 2, PRC_ID_SND_600}, // Send process id code. From 76d77f6526ad4c637741f8ac9bf8f2cfb15aa531 Mon Sep 17 00:00:00 2001 From: The-4n Date: Fri, 21 Sep 2018 12:51:57 +0430 Subject: [PATCH 08/14] Added FS hashes for 6.0.0-5.0 --- src/kippatches/fs.inc | 18 ++++++++++++++++-- src/package.c | 6 ++++-- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/src/kippatches/fs.inc b/src/kippatches/fs.inc index 1128c51..7a41e55 100644 --- a/src/kippatches/fs.inc +++ b/src/kippatches/fs.inc @@ -252,14 +252,28 @@ static kippatch_t fs_kip_patches_510[] = { { NULL, NULL } }; -static kippatch_t fs_kip_patches_600[] = { +static kippatch_t fs_kip_patches_600_40[] = { { "nosigchk", fs_diffs_600_nosigchk }, { "nocmac", fs_diffs_600_nocmac }, { "nogc", fs_diffs_600_nogc }, { NULL, NULL } }; -static kippatch_t fs_kip_patches_600_exfat[] = { +static kippatch_t fs_kip_patches_600_40_exfat[] = { + { "nosigchk", fs_diffs_600_exfat_nosigchk }, + { "nocmac", fs_diffs_600_exfat_nocmac }, + { "nogc", fs_diffs_600_exfat_nogc }, + { NULL, NULL } +}; + +static kippatch_t fs_kip_patches_600_50[] = { + { "nosigchk", fs_diffs_600_nosigchk }, + { "nocmac", fs_diffs_600_nocmac }, + { "nogc", fs_diffs_600_nogc }, + { NULL, NULL } +}; + +static kippatch_t fs_kip_patches_600_50_exfat[] = { { "nosigchk", fs_diffs_600_exfat_nosigchk }, { "nocmac", fs_diffs_600_exfat_nocmac }, { "nogc", fs_diffs_600_exfat_nogc }, diff --git a/src/package.c b/src/package.c index 02ccd61..2952c62 100644 --- a/src/package.c +++ b/src/package.c @@ -249,8 +249,10 @@ kippatchset_t kip_patches[] = { { "FS", "\xce\x3e\xcb\xa2\xf2\xf0\x62\xf5\x75\xf8\xf3\x60\x84\x2b\x32\xb4", fs_kip_patches_500 }, { "FS", "\x76\xf8\x74\x02\xc9\x38\x7c\x0f\x0a\x2f\xab\x1b\x45\xce\xbb\x93", fs_kip_patches_510 }, { "FS", "\x10\xb2\xd8\x16\x05\x48\x85\x99\xdf\x22\x42\xcb\x6b\xac\x2d\xf1", fs_kip_patches_510 }, - { "FS", "\x1b\x82\xcb\x22\x18\x67\xcb\x52\xc4\x4a\x86\x9e\xa9\x1a\x1a\xdd", fs_kip_patches_600 }, - { "FS", "\x96\x6a\xdd\x3d\x20\xb6\x27\x13\x2c\x5a\x8d\xa4\x9a\xc9\xd8\xdd", fs_kip_patches_600_exfat }, + { "FS", "\x1b\x82\xcb\x22\x18\x67\xcb\x52\xc4\x4a\x86\x9e\xa9\x1a\x1a\xdd", fs_kip_patches_600_40 }, + { "FS", "\x96\x6a\xdd\x3d\x20\xb6\x27\x13\x2c\x5a\x8d\xa4\x9a\xc9\xd8\xdd", fs_kip_patches_600_40_exfat }, + { "FS", "\x3a\x57\x4d\x43\x61\x86\x19\x1d\x17\x88\xeb\x2c\x0f\x07\x6b\x11", fs_kip_patches_600_50 }, + { "FS", "\x33\x05\x53\xf6\xb5\xfb\x55\xc4\xc2\xd7\xb7\x36\x24\x02\x76\xb3", fs_kip_patches_600_50_exfat }, { NULL, NULL, NULL }, }; From 315dfad74d8f9a77fd938da2566eb3d66f692387 Mon Sep 17 00:00:00 2001 From: Rei Date: Fri, 21 Sep 2018 05:54:13 -0400 Subject: [PATCH 09/14] add default disabled kips :wheelchair: --- Makefile | 3 +++ NX_Sysmodules | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index e7a5d0e..6d632a8 100644 --- a/Makefile +++ b/Makefile @@ -51,9 +51,12 @@ $(dir_out)/sysmodules: $(dir_sysmod) $(dir_out)/$(name).bin: $(dir_build)/$(name).elf @mkdir -p "$(@D)" @mkdir -p "$(dir_out)/ReiNX/sysmodules" + @mkdir -p "$(dir_out)/ReiNX/sysmodules.dis" @mkdir -p "$(dir_out)/ReiNX/patches" @cp $(dir_sysmod)/loader/loader.kip $(dir_out)/ReiNX/sysmodules/ @cp $(dir_sysmod)/sm/sm.kip $(dir_out)/ReiNX/sysmodules/ + @cp $(dir_sysmod)/pm/pm.kip $(dir_out)/ReiNX/sysmodules.dis/ + @cp $(dir_sysmod)/fs_mitm/fs_mitm.kip $(dir_out)/ReiNX/sysmodules.dis/ @cp -R $(dir_data)/*.bin $(dir_out)/ReiNX/ @cp -R $(dir_data)/*.rxp $(dir_out)/ReiNX/patches $(OBJCOPY) -S -O binary $< $@ diff --git a/NX_Sysmodules b/NX_Sysmodules index 610cdd3..3c12add 160000 --- a/NX_Sysmodules +++ b/NX_Sysmodules @@ -1 +1 @@ -Subproject commit 610cdd34c34ebd23797db54e8170a166c2f64d98 +Subproject commit 3c12add04883b893698cfa04451c834e34bcbe66 From cefc17432c593e8f749342bfbe0708b562eb2051 Mon Sep 17 00:00:00 2001 From: Rei Date: Sat, 22 Sep 2018 16:12:03 -0400 Subject: [PATCH 10/14] Rewrite kernel patching system --- README.md | 2 + src/firmware.c | 108 +++++++++++++++++++++++---- src/hwinit/util.c | 2 +- src/package.c | 8 -- src/package.h | 181 ++-------------------------------------------- 5 files changed, 104 insertions(+), 197 deletions(-) diff --git a/README.md b/README.md index bcb4191..cf43cbf 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,8 @@ To compile with Docker, `chmod +x docker-build.sh` and run the shell script `./d * FS patches on the fly (NCA verify/cmac and optional nogc) +* Kernel patches on the fly (optional debug mode) + * Exclusive ReiNX sysmodules * ES patch in RXP patch format (used with custom loader.kip) diff --git a/src/firmware.c b/src/firmware.c index 5af7833..242dcf6 100644 --- a/src/firmware.c +++ b/src/firmware.c @@ -121,21 +121,99 @@ void patch(pk11_offs *pk11, pkg2_hdr_t *pkg2, link_t *kips) { //Patch Kernel if(!customKern) { u32 crc = crc32c(pkg2->data, pkg2->sec_size[PKG2_SEC_KERNEL]); - const pkg2_kernel_id_t * id = pkg2_identify(crc); - - kernel_patch_t * kpatch = id->kernel_patchset; - if(kpatch!=NULL) { - for(int i=0; kpatch[i].id!=-1; i++) { - if(kpatch[i].id != ATM_ARR_PATCH) - *(vu32 *)(pkg2->data + kpatch[i].off) = kpatch[i].val; - else { - u32 * temp = (u32 *)kpatch[i].ptr; - for(int j=0; j< kpatch[i].val; j++) { - *(vu32*)(pkg2->data + kpatch[i].off + j*4) = temp[j]; - } - } - } - } + uPtr kern = (uPtr)&pkg2->data; + uPtr sendOff, recvOff, codeRcvOff, codeSndOff, svcVerifOff, svcDebugOff; + switch(crc){ + case 0x427f2647:{ + svcVerifOff = 0x3764C; + svcDebugOff = 0x44074; + sendOff = 0x23CC0; + recvOff = 0x219F0; + codeSndOff = 4; + codeRcvOff = 4; + break; + } + case 0xae19cf1b:{ + svcVerifOff = 0x54834; + svcDebugOff = 0x6086C; + sendOff = 0x3F134; + recvOff = 0x3D1A8; + codeSndOff = 4; + codeRcvOff = 4; + break; + } + case 0x73c9e274:{ + svcVerifOff = 0x3BD24; + svcDebugOff = 0x483FC; + sendOff = 0x26080; + recvOff = 0x240F0; + codeSndOff = 4; + codeRcvOff = 4; + break; + } + case 0xe0e8cdc4:{ + svcVerifOff = 0x3BD24; + svcDebugOff = 0x48414; + sendOff = 0x26080; + recvOff = 0x240F0; + codeSndOff = 4; + codeRcvOff = 4; + break; + } + case 0x485d0157:{ + svcVerifOff = 0x41EB4; + svcDebugOff = 0x4EBFC; + sendOff = 0x2AF64; + recvOff = 0x28F6C; + codeSndOff = 8; + codeRcvOff = 4; + break; + } + case 0xf3c363f2:{ + svcVerifOff = 0x45E6C; + svcDebugOff = 0x5513C; + sendOff = 0x2AD34; + recvOff = 0x28DAC; + codeSndOff = 8; + codeRcvOff = 8; + break; + } + case 0x64ce1a44:{ + svcVerifOff = 0x47EA0; + svcDebugOff = 0x57548; + sendOff = 0x2BB8C; + recvOff = 0x29B6C; + codeSndOff = 0x10; + codeRcvOff = 0x10; + break; + } + default: + error("Kernel not supported"); + goto end; + } + + //ID Send + uPtr freeSpace = getFreeSpace((void*)pkg2->data, 0x200, pkg2->sec_size[PKG2_SEC_KERNEL]); //Find area to write payload + size_t payloadSize = sizeof(PRC_ID_SND_600); + *(vu32*)(kern + sendOff) = _B(sendOff, freeSpace); //write hook to payload + memcpy((void*)(kern + freeSpace), (void*)PRC_ID_SND_600, payloadSize); //Copy payload to free space + *(vu32*)(kern + freeSpace + payloadSize) = _B(freeSpace + payloadSize, sendOff + codeSndOff); //Jump back skipping the hook + + //ID Receive + freeSpace += (payloadSize+4); + payloadSize = sizeof(PRC_ID_RCV_600); + *(vu32*)(kern + recvOff) = _B(recvOff, freeSpace); + memcpy((void*)(kern + freeSpace), (void*)PRC_ID_RCV_600, payloadSize); + *(vu32*)(kern + freeSpace + payloadSize) = _B(freeSpace + payloadSize, recvOff + codeRcvOff); + + //SVC patches + *(vu32*)(kern + svcVerifOff) = NOP; + if (fopen("/ReiNX/debug", "rb")) { + fclose(); + *(vu32*)(kern + svcDebugOff) = _MOVZX(8, 1, 0); + } + + end:; } u8 kipHash[0x20]; diff --git a/src/hwinit/util.c b/src/hwinit/util.c index 016a7c9..375f6e2 100644 --- a/src/hwinit/util.c +++ b/src/hwinit/util.c @@ -70,7 +70,7 @@ uPtr getFreeSpace(void *start, size_t space, size_t searchSize) { if(*(u8*)(start+i) == 0) { for(int j=0;j> 12) & 0x3) << 29) | ((((o) >> 12) & 0x1FFFFC) << 3) | ((r) & 0x1F) @@ -133,37 +109,12 @@ typedef struct { u32 sm_off; } pk11_header; -enum -{ - // Generic instruction patches - SVC_VERIFY_DS = 0x10, // 0x0-0xF are RESERVED. - DEBUG_MODE_EN, - ATM_GEN_PATCH, - // >4 bytes patches. Value is a pointer of a u32 array. - ATM_ARR_PATCH, -}; - -typedef struct _kernel_patch_t -{ - u32 id; - u32 off; - u32 val; - u32 *ptr; -} kernel_patch_t; - -typedef struct _pkg2_kernel_id_t -{ - u32 crc32c_id; - kernel_patch_t *kernel_patchset; -} pkg2_kernel_id_t; - - static u32 PRC_ID_SND_100[] = { 0xA9BF2FEA, 0x2A0E03EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9412948, 0xA8C12FEA }; -#define FREE_CODE_OFF_2ND_100 (FREE_CODE_OFF_1ST_100 + sizeof(PRC_ID_SND_100) + 4) + static u32 PRC_ID_RCV_100[] = { 0xA9BF2FEA, 0x2A1C03EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, @@ -175,7 +126,7 @@ static u32 PRC_ID_SND_200[] = 0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9413148, 0xA8C12FEA }; -#define FREE_CODE_OFF_2ND_200 (FREE_CODE_OFF_1ST_200 + sizeof(PRC_ID_SND_200) + 4) + static u32 PRC_ID_RCV_200[] = { 0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148, @@ -187,7 +138,7 @@ static u32 PRC_ID_SND_300[] = 0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9415548, 0xA8C12FEA }; -#define FREE_CODE_OFF_2ND_300 (FREE_CODE_OFF_1ST_300 + sizeof(PRC_ID_SND_300) + 4) + static u32 PRC_ID_RCV_300[] = { 0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148, @@ -199,7 +150,7 @@ static u32 PRC_ID_SND_302[] = 0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9415548, 0xA8C12FEA }; -#define FREE_CODE_OFF_2ND_302 (FREE_CODE_OFF_1ST_302 + sizeof(PRC_ID_SND_302) + 4) + static u32 PRC_ID_RCV_302[] = { 0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148, @@ -211,7 +162,7 @@ static u32 PRC_ID_SND_400[] = 0x2A1703EA, 0xD37EF54A, 0xF86A6B8A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000060, 0xF94053EA, 0xF9415948, 0xF94053EA }; -#define FREE_CODE_OFF_2ND_400 (FREE_CODE_OFF_1ST_400 + sizeof(PRC_ID_SND_400) + 4) + static u32 PRC_ID_RCV_400[] = { 0xF9403BED, 0x2A0E03EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, @@ -223,7 +174,7 @@ static u32 PRC_ID_SND_500[] = 0x2A1703EA, 0xD37EF54A, 0xF86A6B6A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000060, 0xF94043EA, 0xF9415948, 0xF94043EA }; -#define FREE_CODE_OFF_2ND_500 (FREE_CODE_OFF_1ST_500 + sizeof(PRC_ID_SND_500) + 4) + static u32 PRC_ID_RCV_500[] = { 0xF9403BED, 0x2A1503EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, @@ -234,127 +185,12 @@ static u32 PRC_ID_SND_600[] = { 0xA9BF2FEA, 0xF94037EB, 0x2A1503EA, 0xD37EF54A, 0xF86A696A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000100, 0xA9BF27E8, 0xF9400308, 0xF9401D08, 0xAA1803E0, 0xD63F0100, 0xA8C127E8, 0xAA0003E8, 0xA8C12FEA, 0xAA0803E0 }; -#define FREE_CODE_OFF_2ND_600 (FREE_CODE_OFF_1ST_600 + sizeof(PRC_ID_SND_600) + 4) + static u32 PRC_ID_RCV_600[] = { 0xA9BF2FEA, 0xF94043EB, 0x2A1503EA, 0xD37EF54A, 0xF86A696A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000100, 0xA9BF27E8, 0xF9400308, 0xF9401D08, 0xAA1803E0, 0xD63F0100, 0xA8C127E8, 0xAA0003E8, 0xA8C12FEA, 0xAA0803E0 }; - -static kernel_patch_t kern1[] = { - { SVC_VERIFY_DS, 0x3764C, _NOP(), NULL }, // Disable SVC verifications - { DEBUG_MODE_EN, 0x44074, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch - // Atmosphère kernel patches. - { ATM_GEN_PATCH, ID_SND_OFF_100, _B(ID_SND_OFF_100, FREE_CODE_OFF_1ST_100), NULL}, // Send process id branch. - { ATM_ARR_PATCH, FREE_CODE_OFF_1ST_100, sizeof(PRC_ID_SND_100) >> 2, PRC_ID_SND_100}, // Send process id code. - { ATM_GEN_PATCH, FREE_CODE_OFF_1ST_100 + sizeof(PRC_ID_SND_100), // Branch back and skip 1 instruction. - _B(FREE_CODE_OFF_1ST_100 + sizeof(PRC_ID_SND_100), ID_SND_OFF_100 + 4), NULL}, - { ATM_GEN_PATCH, ID_RCV_OFF_100, _B(ID_RCV_OFF_100, FREE_CODE_OFF_2ND_100), NULL}, // Receive process id branch. - { ATM_ARR_PATCH, FREE_CODE_OFF_2ND_100, sizeof(PRC_ID_RCV_100) >> 2, PRC_ID_RCV_100}, // Receive process id code. - { ATM_GEN_PATCH, FREE_CODE_OFF_2ND_100 + sizeof(PRC_ID_RCV_100), // Branch back and skip 1 instruction. - _B(FREE_CODE_OFF_2ND_100 + sizeof(PRC_ID_RCV_100), ID_RCV_OFF_100 + 4), NULL}, - {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, (u32*)0xFFFFFFFF} -}; - -static kernel_patch_t kern2[] = { - { SVC_VERIFY_DS, 0x54834, _NOP(), NULL }, // Disable SVC verifications - { DEBUG_MODE_EN, 0x6086C, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch - // Atmosphère kernel patches. - { ATM_GEN_PATCH, ID_SND_OFF_200, _B(ID_SND_OFF_200, FREE_CODE_OFF_1ST_200), NULL}, // Send process id branch. - { ATM_ARR_PATCH, FREE_CODE_OFF_1ST_200, sizeof(PRC_ID_SND_200) >> 2, PRC_ID_SND_200}, // Send process id code. - { ATM_GEN_PATCH, FREE_CODE_OFF_1ST_200 + sizeof(PRC_ID_SND_200), // Branch back and skip 1 instruction. - _B(FREE_CODE_OFF_1ST_200 + sizeof(PRC_ID_SND_200), ID_SND_OFF_200 + 4), NULL}, - { ATM_GEN_PATCH, ID_RCV_OFF_200, _B(ID_RCV_OFF_200, FREE_CODE_OFF_2ND_200), NULL}, // Receive process id branch. - { ATM_ARR_PATCH, FREE_CODE_OFF_2ND_200, sizeof(PRC_ID_RCV_200) >> 2, PRC_ID_RCV_200}, // Receive process id code. - { ATM_GEN_PATCH, FREE_CODE_OFF_2ND_200 + sizeof(PRC_ID_RCV_200), // Branch back and skip 1 instruction. - _B(FREE_CODE_OFF_2ND_200 + sizeof(PRC_ID_RCV_200), ID_RCV_OFF_200 + 4), NULL}, - {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, (u32*)0xFFFFFFFF} -}; -static kernel_patch_t kern3[] = { - { SVC_VERIFY_DS, 0x3BD24, _NOP(), NULL }, // Disable SVC verifications - { DEBUG_MODE_EN, 0x483FC, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch - // Atmosphère kernel patches. - { ATM_GEN_PATCH, ID_SND_OFF_300, _B(ID_SND_OFF_300, FREE_CODE_OFF_1ST_300), NULL}, // Send process id branch. - { ATM_ARR_PATCH, FREE_CODE_OFF_1ST_300, sizeof(PRC_ID_SND_300) >> 2, PRC_ID_SND_300}, // Send process id code. - { ATM_GEN_PATCH, FREE_CODE_OFF_1ST_300 + sizeof(PRC_ID_SND_300), // Branch back and skip 1 instruction. - _B(FREE_CODE_OFF_1ST_300 + sizeof(PRC_ID_SND_300), ID_SND_OFF_300 + 4), NULL}, - { ATM_GEN_PATCH, ID_RCV_OFF_300, _B(ID_RCV_OFF_300, FREE_CODE_OFF_2ND_300), NULL}, // Receive process id branch. - { ATM_ARR_PATCH, FREE_CODE_OFF_2ND_300, sizeof(PRC_ID_RCV_300) >> 2, PRC_ID_RCV_300}, // Receive process id code. - { ATM_GEN_PATCH, FREE_CODE_OFF_2ND_300 + sizeof(PRC_ID_RCV_300), // Branch back and skip 1 instruction. - _B(FREE_CODE_OFF_2ND_300 + sizeof(PRC_ID_RCV_300), ID_RCV_OFF_300 + 4), NULL}, - {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, (u32*)0xFFFFFFFF} -}; -static kernel_patch_t kern302[] = { - { SVC_VERIFY_DS, 0x3BD24, _NOP(), NULL }, // Disable SVC verifications - { DEBUG_MODE_EN, 0x48414, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch - // Atmosphère kernel patches. - { ATM_GEN_PATCH, ID_SND_OFF_302, _B(ID_SND_OFF_302, FREE_CODE_OFF_1ST_302), NULL}, // Send process id branch. - { ATM_ARR_PATCH, FREE_CODE_OFF_1ST_302, sizeof(PRC_ID_SND_302) >> 2, PRC_ID_SND_302}, // Send process id code. - { ATM_GEN_PATCH, FREE_CODE_OFF_1ST_302 + sizeof(PRC_ID_SND_302), // Branch back and skip 1 instruction. - _B(FREE_CODE_OFF_1ST_302 + sizeof(PRC_ID_SND_302), ID_SND_OFF_302 + 4), NULL}, - { ATM_GEN_PATCH, ID_RCV_OFF_302, _B(ID_RCV_OFF_302, FREE_CODE_OFF_2ND_302), NULL}, // Receive process id branch. - { ATM_ARR_PATCH, FREE_CODE_OFF_2ND_302, sizeof(PRC_ID_RCV_302) >> 2, PRC_ID_RCV_302}, // Receive process id code. - { ATM_GEN_PATCH, FREE_CODE_OFF_2ND_302 + sizeof(PRC_ID_RCV_302), // Branch back and skip 1 instruction. - _B(FREE_CODE_OFF_2ND_302 + sizeof(PRC_ID_RCV_302), ID_RCV_OFF_302 + 4), NULL}, - {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, (u32*)0xFFFFFFFF} -}; -static kernel_patch_t kern4[] = { - { SVC_VERIFY_DS, 0x41EB4, _NOP(), NULL }, // Disable SVC verifications - { DEBUG_MODE_EN, 0x4EBFC, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch - // Atmosphère kernel patches. - { ATM_GEN_PATCH, ID_SND_OFF_400, _B(ID_SND_OFF_400, FREE_CODE_OFF_1ST_400), NULL}, // Send process id branch. - { ATM_ARR_PATCH, FREE_CODE_OFF_1ST_400, sizeof(PRC_ID_SND_400) >> 2, PRC_ID_SND_400}, // Send process id code. - { ATM_GEN_PATCH, FREE_CODE_OFF_1ST_400 + sizeof(PRC_ID_SND_400), // Branch back and skip 2 instructions. - _B(FREE_CODE_OFF_1ST_400 + sizeof(PRC_ID_SND_400), ID_SND_OFF_400 + 8), NULL}, - { ATM_GEN_PATCH, ID_RCV_OFF_400, _B(ID_RCV_OFF_400, FREE_CODE_OFF_2ND_400), NULL}, // Receive process id branch. - { ATM_ARR_PATCH, FREE_CODE_OFF_2ND_400, sizeof(PRC_ID_RCV_400) >> 2, PRC_ID_RCV_400}, // Receive process id code. - { ATM_GEN_PATCH, FREE_CODE_OFF_2ND_400 + sizeof(PRC_ID_RCV_400), // Branch back and skip 1 instruction. - _B(FREE_CODE_OFF_2ND_400 + sizeof(PRC_ID_RCV_400), ID_RCV_OFF_400 + 4), NULL}, - {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, (u32*)0xFFFFFFFF} -}; - -static kernel_patch_t kern5[] = { - { SVC_VERIFY_DS, 0x45E6C, _NOP(), NULL }, // Disable SVC verifications - { DEBUG_MODE_EN, 0x5513C, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch - // Atmosphère kernel patches. - { ATM_GEN_PATCH, ID_SND_OFF_500, _B(ID_SND_OFF_500, FREE_CODE_OFF_1ST_500), NULL}, // Send process id branch. - { ATM_ARR_PATCH, FREE_CODE_OFF_1ST_500, sizeof(PRC_ID_SND_500) >> 2, PRC_ID_SND_500}, // Send process id code. - { ATM_GEN_PATCH, FREE_CODE_OFF_1ST_500 + sizeof(PRC_ID_SND_500), // Branch back and skip 2 instructions. - _B(FREE_CODE_OFF_1ST_500 + sizeof(PRC_ID_SND_500), ID_SND_OFF_500 + 8), NULL}, - { ATM_GEN_PATCH, ID_RCV_OFF_500, _B(ID_RCV_OFF_500, FREE_CODE_OFF_2ND_500), NULL}, // Receive process id branch. - { ATM_ARR_PATCH, FREE_CODE_OFF_2ND_500, sizeof(PRC_ID_RCV_500) >> 2, PRC_ID_RCV_500}, // Receive process id code. - { ATM_GEN_PATCH, FREE_CODE_OFF_2ND_500 + sizeof(PRC_ID_RCV_500), // Branch back and skip 2 instructions. - _B(FREE_CODE_OFF_2ND_500 + sizeof(PRC_ID_RCV_500), ID_RCV_OFF_500 + 8), NULL}, - {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, (u32*)0xFFFFFFFF} -}; - -static kernel_patch_t kern6[] = { - { SVC_VERIFY_DS, 0x47EA0, _NOP(), NULL }, // Disable SVC verifications - //{ DEBUG_MODE_EN, 0x57548, _MOVZX(8, 1, 0), NULL }, // Enable Debug Patch - // Atmosphère kernel patches. - { ATM_GEN_PATCH, ID_SND_OFF_600, _B(ID_SND_OFF_600, FREE_CODE_OFF_1ST_600), NULL}, // Send process id branch. - { ATM_ARR_PATCH, FREE_CODE_OFF_1ST_600, sizeof(PRC_ID_SND_600) >> 2, PRC_ID_SND_600}, // Send process id code. - { ATM_GEN_PATCH, FREE_CODE_OFF_1ST_600 + sizeof(PRC_ID_SND_600), // Branch back and skip 2 instructions. - _B(FREE_CODE_OFF_1ST_600 + sizeof(PRC_ID_SND_600), ID_SND_OFF_600 + 0x10), NULL}, - { ATM_GEN_PATCH, ID_RCV_OFF_600, _B(ID_RCV_OFF_600, FREE_CODE_OFF_2ND_600), NULL}, // Receive process id branch. - { ATM_ARR_PATCH, FREE_CODE_OFF_2ND_600, sizeof(PRC_ID_RCV_600) >> 2, PRC_ID_RCV_600}, // Receive process id code. - { ATM_GEN_PATCH, FREE_CODE_OFF_2ND_600 + sizeof(PRC_ID_RCV_600), // Branch back and skip 2 instructions. - _B(FREE_CODE_OFF_2ND_600 + sizeof(PRC_ID_RCV_600), ID_RCV_OFF_600 + 0x10), NULL}, - {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, (u32*)0xFFFFFFFF} -}; - -static const pkg2_kernel_id_t _pkg2_kernel_ids[] = -{ - { 0x427f2647, kern1 }, //1.0.0 - { 0xae19cf1b, kern2 }, //2.0.0 - 2.3.0 - { 0x73c9e274, kern3 }, //3.0.0 - 3.0.1 - { 0xe0e8cdc4, kern302 }, //3.0.2 - { 0x485d0157, kern4 }, //4.0.0 - 4.1.0 - { 0xf3c363f2, kern5 }, //5.0.0 - 5.1.0 - { 0x64ce1a44, kern6 }, //6.0.0 - { 0, 0 } //End. -}; - typedef struct kipdiff_s { u64 offset; // offset from start of kip's .text segment u32 len; // length of below strings, NULL signifies end of patch @@ -387,5 +223,4 @@ void pkg1_unpack(pk11_offs *offs, u8 *pkg1); void buildFirmwarePackage(u8 *kernel, u32 kernel_size, link_t *kips_info); size_t calcKipSize(pkg2_kip1_t *kip1); void pkg2_parse_kips(link_t *info, pkg2_hdr_t *pkg2); -void loadKip(link_t *info, char *path); -const pkg2_kernel_id_t *pkg2_identify(u32 id); \ No newline at end of file +void loadKip(link_t *info, char *path); \ No newline at end of file From 746fded2d0b423c02e8b8f5f17036828f4ac1c34 Mon Sep 17 00:00:00 2001 From: Rei Date: Sat, 22 Sep 2018 18:50:27 -0400 Subject: [PATCH 11/14] fix last commit + TAB->SPACE --- src/firmware.c | 37 +++++++----- src/package.c | 103 +++++++++++++++++++++++++++------ src/package.h | 152 +++++++++++++++++++++++++------------------------ 3 files changed, 186 insertions(+), 106 deletions(-) diff --git a/src/firmware.c b/src/firmware.c index 242dcf6..9d0f935 100644 --- a/src/firmware.c +++ b/src/firmware.c @@ -122,69 +122,76 @@ void patch(pk11_offs *pk11, pkg2_hdr_t *pkg2, link_t *kips) { if(!customKern) { u32 crc = crc32c(pkg2->data, pkg2->sec_size[PKG2_SEC_KERNEL]); uPtr kern = (uPtr)&pkg2->data; - uPtr sendOff, recvOff, codeRcvOff, codeSndOff, svcVerifOff, svcDebugOff; + uPtr sendOff, recvOff, codeRcvOff, codeSndOff, svcVerifOff, svcDebugOff, ver; switch(crc){ - case 0x427f2647:{ + case 0x427f2647:{ //1.0.0 svcVerifOff = 0x3764C; svcDebugOff = 0x44074; sendOff = 0x23CC0; recvOff = 0x219F0; codeSndOff = 4; codeRcvOff = 4; + ver = 0; break; } - case 0xae19cf1b:{ + case 0xae19cf1b:{ //2.0.0 svcVerifOff = 0x54834; svcDebugOff = 0x6086C; sendOff = 0x3F134; recvOff = 0x3D1A8; codeSndOff = 4; codeRcvOff = 4; + ver = 1; break; } - case 0x73c9e274:{ + case 0x73c9e274:{ //3.0.0 svcVerifOff = 0x3BD24; svcDebugOff = 0x483FC; sendOff = 0x26080; recvOff = 0x240F0; codeSndOff = 4; codeRcvOff = 4; + ver = 2; break; } - case 0xe0e8cdc4:{ + case 0xe0e8cdc4:{ //3.0.2 svcVerifOff = 0x3BD24; svcDebugOff = 0x48414; sendOff = 0x26080; recvOff = 0x240F0; codeSndOff = 4; codeRcvOff = 4; + ver = 3; break; } - case 0x485d0157:{ + case 0x485d0157:{ //4.0.0 svcVerifOff = 0x41EB4; svcDebugOff = 0x4EBFC; sendOff = 0x2AF64; recvOff = 0x28F6C; codeSndOff = 8; codeRcvOff = 4; + ver = 4; break; } - case 0xf3c363f2:{ + case 0xf3c363f2:{ //5.0.0 svcVerifOff = 0x45E6C; svcDebugOff = 0x5513C; sendOff = 0x2AD34; recvOff = 0x28DAC; codeSndOff = 8; codeRcvOff = 8; + ver = 5; break; } - case 0x64ce1a44:{ + case 0x64ce1a44:{ //6.0.0 svcVerifOff = 0x47EA0; svcDebugOff = 0x57548; sendOff = 0x2BB8C; recvOff = 0x29B6C; codeSndOff = 0x10; codeRcvOff = 0x10; + ver = 6; break; } default: @@ -193,17 +200,19 @@ void patch(pk11_offs *pk11, pkg2_hdr_t *pkg2, link_t *kips) { } //ID Send - uPtr freeSpace = getFreeSpace((void*)pkg2->data, 0x200, pkg2->sec_size[PKG2_SEC_KERNEL]); //Find area to write payload - size_t payloadSize = sizeof(PRC_ID_SND_600); + uPtr freeSpace = getFreeSpace((void*)(kern+0x45000), 0x200, 0x20000) + 0x45000; //Find area to write payload + print("Kernel Freespace: 0x%08X\n", freeSpace); + size_t payloadSize; + u32 *sndPayload = getSndPayload(ver, &payloadSize); *(vu32*)(kern + sendOff) = _B(sendOff, freeSpace); //write hook to payload - memcpy((void*)(kern + freeSpace), (void*)PRC_ID_SND_600, payloadSize); //Copy payload to free space + memcpy((void*)(kern + freeSpace), sndPayload, payloadSize); //Copy payload to free space *(vu32*)(kern + freeSpace + payloadSize) = _B(freeSpace + payloadSize, sendOff + codeSndOff); //Jump back skipping the hook //ID Receive freeSpace += (payloadSize+4); - payloadSize = sizeof(PRC_ID_RCV_600); + u32 *rcvPayload = getRcvPayload(ver, &payloadSize); *(vu32*)(kern + recvOff) = _B(recvOff, freeSpace); - memcpy((void*)(kern + freeSpace), (void*)PRC_ID_RCV_600, payloadSize); + memcpy((void*)(kern + freeSpace), rcvPayload, payloadSize); *(vu32*)(kern + freeSpace + payloadSize) = _B(freeSpace + payloadSize, recvOff + codeRcvOff); //SVC patches @@ -400,7 +409,7 @@ void firmware() { ((void (*)())PAYLOAD_ADDR)(); } SYSREG(AHB_AHB_SPARE_REG) = (volatile vu32)0xFFFFFF9F; - PMC(APBDEV_PMC_SCRATCH49) = 0; + PMC(APBDEV_PMC_SCRATCH49) = 0; if (btn_read() & BTN_VOL_DOWN) { print("Booting verbosely\n"); diff --git a/src/package.c b/src/package.c index 149c16b..7a1284e 100644 --- a/src/package.c +++ b/src/package.c @@ -264,23 +264,92 @@ int kippatch_apply(u8 *kipdata, u64 kipdata_len, kippatch_t *patch) { return 0; } +u32 *getSndPayload(u32 id, size_t *size) { + u32 *ret; + switch(id){ + case 0: + *size = sizeof(PRC_ID_SND_100); + ret = PRC_ID_SND_100; + break; + case 1: + *size = sizeof(PRC_ID_SND_200); + ret = PRC_ID_SND_200; + break; + case 2: + *size = sizeof(PRC_ID_SND_300); + ret = PRC_ID_SND_300; + break; + case 3: + *size = sizeof(PRC_ID_SND_302); + ret = PRC_ID_SND_302; + break; + case 4: + *size = sizeof(PRC_ID_SND_400); + ret = PRC_ID_SND_400; + break; + case 5: + *size = sizeof(PRC_ID_SND_500); + ret = PRC_ID_SND_500; + break; + case 6: + *size = sizeof(PRC_ID_SND_600); + ret = PRC_ID_SND_600; + break; + } + return ret; +} + +u32 *getRcvPayload(u32 id, size_t *size) { + u32 *ret; + switch(id){ + case 0: + *size = sizeof(PRC_ID_RCV_100); + ret = PRC_ID_RCV_100; + break; + case 1: + *size = sizeof(PRC_ID_RCV_200); + ret = PRC_ID_RCV_200; + break; + case 2: + *size = sizeof(PRC_ID_RCV_300); + ret = PRC_ID_RCV_300; + break; + case 3: + *size = sizeof(PRC_ID_RCV_302); + ret = PRC_ID_RCV_302; + break; + case 4: + *size = sizeof(PRC_ID_RCV_400); + ret = PRC_ID_RCV_400; + break; + case 5: + *size = sizeof(PRC_ID_RCV_500); + ret = PRC_ID_RCV_500; + break; + case 6: + *size = sizeof(PRC_ID_RCV_600); + ret = PRC_ID_RCV_600; + break; + } + return ret; +} int nca_patch(u8 * kipdata, u64 kipdata_len) { - char pattern[8] = {0xE5, 0x07, 0x00, 0x32, 0xE0, 0x03, 0x16, 0xAA}; - char buf[0x10]; - memcpy(buf, kipdata+0x1C450, 0x10); - u32 * addr = memsearch(kipdata, kipdata_len, pattern, sizeof(pattern)); - int ret=0; - int max_dist = 0x10; - for(int i=0; ikip_name, 2)) - nca_patch(kipdata, kipdata_len); + if(!strncmp("FS", patchset->kip_name, 2)) + nca_patch(kipdata, kipdata_len); return 0; } diff --git a/src/package.h b/src/package.h index 6179524..c6f3bd0 100644 --- a/src/package.h +++ b/src/package.h @@ -34,151 +34,151 @@ static u8 customKern = 0; typedef struct _pkg2_hdr_t { - u8 ctr[0x10]; - u8 sec_ctr[0x40]; - u32 magic; - u32 base; - u32 pad0; - u16 version; - u16 pad1; - u32 sec_size[4]; - u32 sec_off[4]; - u8 sec_sha256[0x80]; - u8 data[]; + u8 ctr[0x10]; + u8 sec_ctr[0x40]; + u32 magic; + u32 base; + u32 pad0; + u16 version; + u16 pad1; + u32 sec_size[4]; + u32 sec_off[4]; + u8 sec_sha256[0x80]; + u8 data[]; } pkg2_hdr_t; typedef struct _pkg2_ini1_t { - u32 magic; - u32 size; - u32 num_procs; - u32 pad; + u32 magic; + u32 size; + u32 num_procs; + u32 pad; } pkg2_ini1_t; typedef struct _pkg2_kip1_sec_t { - u32 offset; - u32 size_decomp; - u32 size_comp; - u32 attrib; + u32 offset; + u32 size_decomp; + u32 size_comp; + u32 attrib; } pkg2_kip1_sec_t; #define KIP1_NUM_SECTIONS 6 typedef struct _pkg2_kip1_t { - u32 magic; - char name[12]; - u64 tid; - u32 proc_cat; - u8 main_thrd_prio; - u8 def_cpu_core; - u8 res; - u8 flags; - pkg2_kip1_sec_t sections[KIP1_NUM_SECTIONS]; - u32 caps[0x20]; - u8 data[]; + u32 magic; + char name[12]; + u64 tid; + u32 proc_cat; + u8 main_thrd_prio; + u8 def_cpu_core; + u8 res; + u8 flags; + pkg2_kip1_sec_t sections[KIP1_NUM_SECTIONS]; + u32 caps[0x20]; + u8 data[]; } pkg2_kip1_t; typedef struct _pkg2_kip1_info_t { - pkg2_kip1_t *kip1; - u32 size; - link_t link; + pkg2_kip1_t *kip1; + u32 size; + link_t link; } pkg2_kip1_info_t; typedef struct { - const char *id; - u32 kb; - u32 tsec_off; - u32 pkg11_off; - u32 sec_map[3]; - u32 secmon_base; - u32 warmboot_base; - int set_warmboot; + const char *id; + u32 kb; + u32 tsec_off; + u32 pkg11_off; + u32 sec_map[3]; + u32 secmon_base; + u32 warmboot_base; + int set_warmboot; } pk11_offs; typedef struct { - u32 magic; - u32 wb_size; - u32 wb_off; - u32 pad; - u32 ldr_size; - u32 ldr_off; - u32 sm_size; - u32 sm_off; + u32 magic; + u32 wb_size; + u32 wb_off; + u32 pad; + u32 ldr_size; + u32 ldr_off; + u32 sm_size; + u32 sm_off; } pk11_header; static u32 PRC_ID_SND_100[] = { - 0xA9BF2FEA, 0x2A0E03EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, - 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9412948, 0xA8C12FEA + 0xA9BF2FEA, 0x2A0E03EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, + 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9412948, 0xA8C12FEA }; static u32 PRC_ID_RCV_100[] = { - 0xA9BF2FEA, 0x2A1C03EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, - 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9412968, 0xA8C12FEA + 0xA9BF2FEA, 0x2A1C03EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, + 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9412968, 0xA8C12FEA }; static u32 PRC_ID_SND_200[] = { - 0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, - 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9413148, 0xA8C12FEA + 0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, + 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9413148, 0xA8C12FEA }; static u32 PRC_ID_RCV_200[] = { - 0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148, - 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9413168, 0xA8C12FEA + 0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148, + 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9413168, 0xA8C12FEA }; static u32 PRC_ID_SND_300[] = { - 0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, - 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9415548, 0xA8C12FEA + 0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, + 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9415548, 0xA8C12FEA }; static u32 PRC_ID_RCV_300[] = { - 0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148, - 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415568, 0xA8C12FEA + 0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148, + 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415568, 0xA8C12FEA }; static u32 PRC_ID_SND_302[] = { - 0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, - 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9415548, 0xA8C12FEA + 0xA9BF2FEA, 0x2A1803EB, 0xD37EF56B, 0xF86B6B8B, 0x92FFFFE9, 0x8A090168, 0xD2FFFFE9, 0x8A09016B, + 0xD2FFFFC9, 0xEB09017F, 0x54000040, 0xF9415548, 0xA8C12FEA }; static u32 PRC_ID_RCV_302[] = { - 0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148, - 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415568, 0xA8C12FEA + 0xA9BF2FEA, 0x2A0F03EA, 0xD37EF54A, 0xF9405FEB, 0xF86A696A, 0xF9407BEB, 0x92FFFFE9, 0x8A090148, + 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415568, 0xA8C12FEA }; static u32 PRC_ID_SND_400[] = { - 0x2A1703EA, 0xD37EF54A, 0xF86A6B8A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, - 0xEB09015F, 0x54000060, 0xF94053EA, 0xF9415948, 0xF94053EA + 0x2A1703EA, 0xD37EF54A, 0xF86A6B8A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, + 0xEB09015F, 0x54000060, 0xF94053EA, 0xF9415948, 0xF94053EA }; static u32 PRC_ID_RCV_400[] = { - 0xF9403BED, 0x2A0E03EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, - 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415B28, 0xD503201F + 0xF9403BED, 0x2A0E03EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, + 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415B28, 0xD503201F }; static u32 PRC_ID_SND_500[] = { - 0x2A1703EA, 0xD37EF54A, 0xF86A6B6A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, - 0xEB09015F, 0x54000060, 0xF94043EA, 0xF9415948, 0xF94043EA + 0x2A1703EA, 0xD37EF54A, 0xF86A6B6A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, + 0xEB09015F, 0x54000060, 0xF94043EA, 0xF9415948, 0xF94043EA }; static u32 PRC_ID_RCV_500[] = { - 0xF9403BED, 0x2A1503EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, - 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415B08, 0xF9406FEA + 0xF9403BED, 0x2A1503EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, + 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415B08, 0xF9406FEA }; static u32 PRC_ID_SND_600[] = @@ -188,7 +188,7 @@ static u32 PRC_ID_SND_600[] = static u32 PRC_ID_RCV_600[] = { - 0xA9BF2FEA, 0xF94043EB, 0x2A1503EA, 0xD37EF54A, 0xF86A696A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000100, 0xA9BF27E8, 0xF9400308, 0xF9401D08, 0xAA1803E0, 0xD63F0100, 0xA8C127E8, 0xAA0003E8, 0xA8C12FEA, 0xAA0803E0 + 0xA9BF2FEA, 0xF94043EB, 0x2A1503EA, 0xD37EF54A, 0xF86A696A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000100, 0xA9BF27E8, 0xF9400308, 0xF9401D08, 0xAA1803E0, 0xD63F0100, 0xA8C127E8, 0xAA0003E8, 0xA8C12FEA, 0xAA0803E0 }; typedef struct kipdiff_s { @@ -223,4 +223,6 @@ void pkg1_unpack(pk11_offs *offs, u8 *pkg1); void buildFirmwarePackage(u8 *kernel, u32 kernel_size, link_t *kips_info); size_t calcKipSize(pkg2_kip1_t *kip1); void pkg2_parse_kips(link_t *info, pkg2_hdr_t *pkg2); -void loadKip(link_t *info, char *path); \ No newline at end of file +void loadKip(link_t *info, char *path); +u32 *getSndPayload(u32 id, size_t *size); +u32 *getRcvPayload(u32 id, size_t *size); \ No newline at end of file From f88fe95e36c1f9abda8c7f782f7a96b25bcfaf53 Mon Sep 17 00:00:00 2001 From: Guillem Orellana Trullols Date: Thu, 27 Sep 2018 17:35:27 +0200 Subject: [PATCH 12/14] Clean up of FS module patch --- src/firmware.c | 103 +++++++++++++++++++++++++++---------------------- 1 file changed, 57 insertions(+), 46 deletions(-) diff --git a/src/firmware.c b/src/firmware.c index 9d0f935..2ccf664 100644 --- a/src/firmware.c +++ b/src/firmware.c @@ -42,6 +42,58 @@ pk11_offs *pkg11_offsentify(u8 *pkg1) { return NULL; } +void patchFS(pkg2_kip1_info_t* ki) { + u8 kipHash[0x20]; + + print("Patching FS\n"); + + se_calc_sha256(&kipHash, ki->kip1, ki->size); + se_calc_sha256(&kipHash, ki->kip1, ki->size); + + //Create header + size_t sizeDiff = ki->kip1->sections[0].size_decomp - ki->kip1->sections[0].size_comp; + size_t newSize = ki->size + sizeDiff; + pkg2_kip1_t *moddedKip = malloc(newSize); + memcpy(moddedKip, ki->kip1, newSize); + u32 pos = 0; + for(int i = 0; i < KIP1_NUM_SECTIONS; i++) { + if(!i) { + //Get decomp .text segment + u8 *kipDecompText = blz_decompress(moddedKip->data, moddedKip->sections[i].size_comp); + + kippatchset_t *pset = kippatch_find_set(kipHash, kip_patches); + if (!pset) { + print(" could not find patchset with matching hash\n"); + } else { + int res = kippatch_apply_set(kipDecompText, moddedKip->sections[i].size_decomp, pset); + if (res) error("kippatch_apply_set() failed\n"); + } + + moddedKip->flags &= ~1; + memcpy((void*)moddedKip->data, kipDecompText, moddedKip->sections[i].size_decomp); + free(kipDecompText); + pos += moddedKip->sections[i].size_comp; + moddedKip->sections[i].size_comp = moddedKip->sections[i].size_decomp; + } else { + if(moddedKip->sections[i].offset == 0) continue; + memcpy((void*)moddedKip->data + pos + sizeDiff, (void*)ki->kip1->data + pos, moddedKip->sections[i].size_comp); + pos += moddedKip->sections[i].size_comp; + } + } + + free(ki->kip1); + ki->size = newSize; + ki->kip1 = moddedKip; +} + +pkg2_kip1_info_t* find_by_tid(link_t* kip_list, u64 tid) { + LIST_FOREACH_ENTRY(pkg2_kip1_info_t, ki, kip_list, link) { + if(ki->kip1->tid == 0x0100000000000000) + return ki; + } + return NULL; +} + void patch(pk11_offs *pk11, pkg2_hdr_t *pkg2, link_t *kips) { //Patch Secmon if(!customSecmon){ @@ -224,53 +276,12 @@ void patch(pk11_offs *pk11, pkg2_hdr_t *pkg2, link_t *kips) { end:; } - - u8 kipHash[0x20]; - //Patch FS module (truly not my proudest code TODO cleanup) - LIST_FOREACH_ENTRY(pkg2_kip1_info_t, ki, kips, link) { - //Patch FS - if(ki->kip1->tid == 0x0100000000000000) { - print("Patching FS\n"); - - se_calc_sha256(&kipHash, ki->kip1, ki->size); - se_calc_sha256(&kipHash, ki->kip1, ki->size); - - //Create header - size_t sizeDiff = ki->kip1->sections[0].size_decomp - ki->kip1->sections[0].size_comp; - size_t newSize = ki->size + sizeDiff; - pkg2_kip1_t *moddedKip = malloc(newSize); - memcpy(moddedKip, ki->kip1, newSize); - u32 pos = 0; - for(int i = 0; i < KIP1_NUM_SECTIONS; i++) { - if(!i) { - //Get decomp .text segment - u8 *kipDecompText = blz_decompress(moddedKip->data, moddedKip->sections[i].size_comp); - - kippatchset_t *pset = kippatch_find_set(kipHash, kip_patches); - if (!pset) { - print(" could not find patchset with matching hash\n"); - } else { - int res = kippatch_apply_set(kipDecompText, moddedKip->sections[i].size_decomp, pset); - if (res) error("kippatch_apply_set() failed\n"); - } - - moddedKip->flags &= ~1; - memcpy((void*)moddedKip->data, kipDecompText, moddedKip->sections[i].size_decomp); - free(kipDecompText); - pos += moddedKip->sections[i].size_comp; - moddedKip->sections[i].size_comp = moddedKip->sections[i].size_decomp; - } else { - if(moddedKip->sections[i].offset == 0) continue; - memcpy((void*)moddedKip->data + pos + sizeDiff, (void*)ki->kip1->data + pos, moddedKip->sections[i].size_comp); - pos += moddedKip->sections[i].size_comp; - } - } - - free(ki->kip1); - ki->size = newSize; - ki->kip1 = moddedKip; - } + pkg2_kip1_info_t* FS_module = find_by_tid(kips, 0x0100000000000000); + if(FS_module == NULL) { + error("Could not find FS Module.\n"); + } else { + patchFS(FS_module); } } From 6fae934ca7dbfea06c7c8e8381fe8640906828e6 Mon Sep 17 00:00:00 2001 From: Guillem Orellana Date: Thu, 27 Sep 2018 21:23:38 +0200 Subject: [PATCH 13/14] Delete useless if inside for loop --- src/firmware.c | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/src/firmware.c b/src/firmware.c index 2ccf664..b7ac7b2 100644 --- a/src/firmware.c +++ b/src/firmware.c @@ -52,30 +52,31 @@ void patchFS(pkg2_kip1_info_t* ki) { //Create header size_t sizeDiff = ki->kip1->sections[0].size_decomp - ki->kip1->sections[0].size_comp; + size_t newSize = ki->size + sizeDiff; pkg2_kip1_t *moddedKip = malloc(newSize); memcpy(moddedKip, ki->kip1, newSize); + u32 pos = 0; - for(int i = 0; i < KIP1_NUM_SECTIONS; i++) { - if(!i) { - //Get decomp .text segment - u8 *kipDecompText = blz_decompress(moddedKip->data, moddedKip->sections[i].size_comp); - - kippatchset_t *pset = kippatch_find_set(kipHash, kip_patches); - if (!pset) { - print(" could not find patchset with matching hash\n"); - } else { - int res = kippatch_apply_set(kipDecompText, moddedKip->sections[i].size_decomp, pset); - if (res) error("kippatch_apply_set() failed\n"); - } + //Get decomp .text segment + u8 *kipDecompText = blz_decompress(moddedKip->data, moddedKip->sections[0].size_comp); - moddedKip->flags &= ~1; - memcpy((void*)moddedKip->data, kipDecompText, moddedKip->sections[i].size_decomp); - free(kipDecompText); - pos += moddedKip->sections[i].size_comp; - moddedKip->sections[i].size_comp = moddedKip->sections[i].size_decomp; - } else { - if(moddedKip->sections[i].offset == 0) continue; + kippatchset_t *pset = kippatch_find_set(kipHash, kip_patches); + if (!pset) { + print(" could not find patchset with matching hash\n"); + } else { + int res = kippatch_apply_set(kipDecompText, moddedKip->sections[0].size_decomp, pset); + if (res) error("kippatch_apply_set() failed\n"); + } + + moddedKip->flags &= ~1; + memcpy((void*)moddedKip->data, kipDecompText, moddedKip->sections[0].size_decomp); + free(kipDecompText); + pos += moddedKip->sections[0].size_comp; + moddedKip->sections[0].size_comp = moddedKip->sections[0].size_decomp; + + for(int i = 0; i < KIP1_NUM_SECTIONS; i++) { + if(moddedKip->sections[i].offset != 0) { memcpy((void*)moddedKip->data + pos + sizeDiff, (void*)ki->kip1->data + pos, moddedKip->sections[i].size_comp); pos += moddedKip->sections[i].size_comp; } From c5850b2a5de77cf53feec8cdd0be12d1477db96b Mon Sep 17 00:00:00 2001 From: Guillem Orellana Date: Thu, 27 Sep 2018 21:25:20 +0200 Subject: [PATCH 14/14] Loop shoud start with i = 1 now --- src/firmware.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/firmware.c b/src/firmware.c index b7ac7b2..fd9daff 100644 --- a/src/firmware.c +++ b/src/firmware.c @@ -75,7 +75,7 @@ void patchFS(pkg2_kip1_info_t* ki) { pos += moddedKip->sections[0].size_comp; moddedKip->sections[0].size_comp = moddedKip->sections[0].size_decomp; - for(int i = 0; i < KIP1_NUM_SECTIONS; i++) { + for(int i = 1; i < KIP1_NUM_SECTIONS; i++) { if(moddedKip->sections[i].offset != 0) { memcpy((void*)moddedKip->data + pos + sizeDiff, (void*)ki->kip1->data + pos, moddedKip->sections[i].size_comp); pos += moddedKip->sections[i].size_comp;