This guide will cover how to make a specific ES patch, with System Firmware Version 13.0.0 targeted. It also assumes you have sorted your firmware files as described in part 2. (This guide assumes you've already familiarized yourself with ghidra and have the decompressed version of ES already. Make note of the build-id that was printed by the firmware organizer script.)
-
Import "uncompressed_es.nso0" into ghidra.
- press s, search for type hex "63 00 .. .. .. 00 94 a0 .. .. d1 .. .. ff 97" (this search pattern is applicable for 9.0.0 to 13.0.0+) below the search result is what you're patching. The patch being applied is "MOV X0, XZR" (E0 03 1F AA) the offset is 03 15 28.
- press s, search for type hex "63 00 .. .. .. 00 94 a0 .. .. d1 .. .. ff 97" (this search pattern is applicable for 9.0.0 to 13.0.0+) below the search result is what you're patching. The patch being applied is "MOV X0, XZR" (E0 03 1F AA) the offset is 03 15 28.
-
save "50 41 54 43 48 03 15 28 00 04 E0 03 1F AA 45 4F 46" as D0ECC9483E636AE19FE3E314DB41CB18019977D7.ips (for 13.0.0, the image is from 10.0.0) (You can look at the table below to get a more visual concept of how this patch is structured)
| PATCH magic | Offset | Size | Patch | EOF magic |
|---|---|---|---|---|
| 50 41 54 43 48 | 03 15 28 | 00 04 | E0 03 1F AA | 45 4F 46 |
You should now have a patch for ES that can be used by placing "D0ECC9483E636AE19FE3E314DB41CB18019977D7.ips" under "atmospher/exefs_patches/es_patches/D0ECC9483E636AE19FE3E314DB41CB18019977D7.ips"