-
Notifications
You must be signed in to change notification settings - Fork 103
/
stage1.cpp
44 lines (34 loc) · 1.32 KB
/
stage1.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
#include <syscall-list.h>
#include <syscall-addrs.h>
#include <syscall.h>
#include <nucleus.h>
extern "C" void ut_read_os_version_index();
extern "C" int ut_os_version_index;
#define RES_PATH_REL "./ndless/ndless_resources.tns"
int main()
{
ut_read_os_version_index();
//Unregister exploit
*reinterpret_cast<unsigned int*>(ut_os_version_index == 23 ? 0x1118F260 : 0x1112B260) = 0;
syscall_local<e_NU_Set_Current_Dir, void>(syscall_local<e_get_documents_dir, const char*>());
NUC_FILE *res_fp = syscall_local<e_fopen, NUC_FILE*>(RES_PATH_REL, "rb");
char *res_argv = nullptr;
const int x = 0;
if (!res_fp)
{
syscall_local<e_disp_str, void>("ndless_resources not found.", &x, 0);
return 0;
}
struct nuc_stat res_stat;
syscall_local<e_stat, int>(RES_PATH_REL, &res_stat);
char *core = syscall_local<e_malloc, char*>(res_stat.st_size);
syscall_local<e_fread, int>(core, res_stat.st_size, 1, res_fp);
syscall_local<e_fclose, int>(res_fp);
asm volatile( "0: mrc p15, 0, r15, c7, c10, 3 @ test and clean DCache \n"
" bne 0b \n"
" mov r0, #0 \n"
" mcr p15, 0, r0, c7, c7, 0 @ invalidate ICache and DCache \n" ::: "r0");
((int (*)(int argc, void* argv))(core + sizeof("PRG")))(1, &res_argv);
syscall_local<e_disp_str, void>("Ndless installed!", &x, 0);
return 0;
}