-SUBDIRS = include host external source patch contrib
+SUBDIRS = include host external source
ACLOCAL_AMFLAGS = -I m4
install:
mkdir -p out@sysconfdir@
mkdir -p out@localstatedir@
cp source/corbenik.bin out/arm9loaderhax.bin
- cp external/loader/loader.cxi out@libdir@/module/loader.cxi
cp external/bits/*.bin out@libexecdir@/
cp external/screeninit/build/screeninit.bin out@libexecdir@/
cp host/termfont.bin out@datarootdir@/
- cp patch/*.vco out@sbindir@
- cp contrib/*.vco out@bindir@
- cat host/generate_localeemu.sh | sed "s|\@localedir\@|@localedir@|g" > out/generate_localeemu.sh
- chmod +x out/generate_localeemu.sh
- echo "#!/bin/bash" > out/o3ds_firm.sh
- echo "wget http://nus.cdn.c.shop.nintendowifi.net/ccs/download/0004013800000002/00000052 -O .@libdir@/firmware/native" >> out/o3ds_firm.sh
- echo "wget http://nus.cdn.c.shop.nintendowifi.net/ccs/download/0004013800000002/cetk -O .@datarootdir@/keys/native.cetk" >> out/o3ds_firm.sh
- echo "wget http://nus.cdn.c.shop.nintendowifi.net/ccs/download/0004013800000102/00000016 -O .@libdir@/firmware/twl" >> out/o3ds_firm.sh
- echo "wget http://nus.cdn.c.shop.nintendowifi.net/ccs/download/0004013800000102/cetk -O .@datarootdir@/keys/twl.cetk" >> out/o3ds_firm.sh
- echo "wget http://nus.cdn.c.shop.nintendowifi.net/ccs/download/0004013800000202/0000000B -O .@libdir@/firmware/agb" >> out/o3ds_firm.sh
- echo "wget http://nus.cdn.c.shop.nintendowifi.net/ccs/download/0004013800000202/cetk -O .@datarootdir@/keys/agb.cetk" >> out/o3ds_firm.sh
- echo "#!/bin/bash" > out/n3ds_firm.sh
- echo "wget http://nus.cdn.c.shop.nintendowifi.net/ccs/download/0004013820000002/00000021 -O .@libdir@/firmware/native" >> out/n3ds_firm.sh
- echo "wget http://nus.cdn.c.shop.nintendowifi.net/ccs/download/0004013820000002/cetk -O .@datarootdir@/keys/native.cetk" >> out/n3ds_firm.sh
- echo "wget http://nus.cdn.c.shop.nintendowifi.net/ccs/download/0004013820000102/00000000 -O .@libdir@/firmware/twl" >> out/n3ds_firm.sh
- echo "wget http://nus.cdn.c.shop.nintendowifi.net/ccs/download/0004013820000102/cetk -O .@datarootdir@/keys/twl.cetk" >> out/n3ds_firm.sh
- echo "wget http://nus.cdn.c.shop.nintendowifi.net/ccs/download/0004013820000202/00000000 -O .@libdir@/firmware/agb" >> out/n3ds_firm.sh
- echo "wget http://nus.cdn.c.shop.nintendowifi.net/ccs/download/0004013820000202/cetk -O .@datarootdir@/keys/agb.cetk" >> out/n3ds_firm.sh
- chmod 755 out/*.sh
cp README.md LICENSE.txt out/
-AC_INIT([Corbenik], [0.1.2], [https://github.com/chaoskagami/corbenik], [corbenik])
+AC_INIT([Corbchain], [0.1.2], [https://github.com/chaoskagami/corbenik], [corbenik])
AM_INIT_AUTOMAKE([foreign no-dist-gzip dist-xz subdir-objects])
AC_CONFIG_MACRO_DIRS([m4])
LT_INIT
-AC_ARG_ENABLE([chainloader],
- AS_HELP_STRING([--disable-chainloader], [Disable chainloading of external programs]))
-
-AC_PREFIX_DEFAULT([/corbenik])
+AC_PREFIX_DEFAULT([])
CHAINLOADER=1
-test "$enable_chainloader" = "no" && CHAINLOADER=0
-
AC_DEFINE_UNQUOTED([CHAINLOADER], [$CHAINLOADER])
AC_CONFIG_FILES([Makefile source/Makefile external/Makefile include/Makefile])
AC_CONFIG_SUBDIRS([external/libctr9])
echo "
-Corbenik $VERSION
+Corbenik (chainloader only) $VERSION
========================
Prefix: ${prefix}
cxxflags: ${CXXFLAGS}
ldflags: ${LDFLAGS}
ocflags: ${OCFLAGS}
-
-Chainloader: ${CHAINLOADER}
"
AC_OUTPUT
+++ /dev/null
-.PHONY: all
-all: build
-
-.PHONY: build
-build: clean $(patsubst %.pco, %.vco, $(wildcard *.pco))
-
-.PHONY: install
-install:
-
-%.vco: %.pco
- ../host/bytecode_asm.py $< $@
-
-clean:
- rm -f *.vco
+++ /dev/null
-Contributed patches
-----------------------
-
-This directory is for any patches not part of the official distribution and potentially contributed by users. Anything in here must be distributed under the GPLv3, otherwise it cannot be included. I'll make an effort to maintain these as part of the official release zips, but these may not have the same quality standards as `patch/` due to being non-essential to operation.
-
-If you want your patch in the release zips, submit a PR! As long as it does what it says on the tin can and uses GPLv3 as the license, I'll merge it. ;P I can only hope someday this becomes a useful repository of patches for people.
-
-Current contrib patches:
-
- * mysterymachine.pco
- * Patches mystery gift in ORAS/XY to point to SALT servers (Based on work by @shinyquagsire23, contributed by @Wolfvak)
-
- * svc_permission_chk_dis.pco
- * Disables SVC call permission checks. Potential security hazard. (Based on work by @Subv, contributed by @Wolfvak)
+++ /dev/null
-# $name MysteryMachine Patcher (Loader)
-# $desc Patches Mystery Gift in Pokemon X, Y, Omega Ruby, and Alpha Sapphire to point to SALT's servers. See <https://mys.salthax.org/>
-# $title 000400000011C400 000400000011C500 0004000000055D00 0004000000055E00
-# $ver 01
-# $uuid 0001
-
-# This is for current-gen pokemon games, and points mystery gift
-# to SALT's servers. See here:
-# http://mys.salthax.org/
-# This performs the same patching done by the official HANS-based
-# patcher here:
-# https://github.com/shinyquagsire23/MysteryMachine-Patcher
-# You do not need to use HBLauncher to use this, either. ;P
-
-# This patch was originally created by @Wolfvak although there's
-# really only one way to implement it. Forward all kudos to him.
-
-# I extended it to the other games using newer VM features - that's
-# about it.
-
-rel exe_ro
-
-find "https://3ds1-fushigi.pokemon-gl.com/api/"
-jmpf seturl
-
-rewind
-find "https://3ds2-fushigi.pokemon-gl.com/api/"
-abortnf
-
-seturl:
-
-set "http://mys.salthax.org/api/"
-set 00
-rewind
-
-find "https://npdl.cdn.nintendowifi.net/p01/nsa/%s/%s/%s"
-abortnf
-set "http://mys.salthax.org/p01/nsa/%s/%s/%s"
-set 00
-rewind
-
-find "https://npfl.c.app.nintendowifi.net/p01/filelist/"
-abortnf
-set "http://mys.salthax.org/p01/filelist/"
-set 00
+++ /dev/null
-# $name Disable SVC Permission Checks
-# $desc Disables permission checks on SVC calls, so all titles have permission to use all SVC calls. This is a potential security hazard, especially with svcBackdoor Fixup.
-# $ver 01
-# $uuid 0002
-
-# Status: Working
-
-# Original patch by Subv. Conversion by @Wolfvak.
-
-rel native_s1
-
-find EAFFFF0A
-abortnf
-set 00F020E3
-SUBDIRS = libctr9 loader bits screeninit
+SUBDIRS = libctr9 bits screeninit
install:
+++ /dev/null
-// This is svcBackdoor's code from earlier FIRMs
-// Luckily, no ARM9/ARM11 specific instructions are used here.
-// It can just be assembled via ARM9 gas.
-.section .text
-.global _start
-_start:
- bic r1, sp, #0xff
- orr r1, r1, #0xf00
- add r1, r1, #0x28
- ldr r2, [r1]
- stmdb r2!, {sp, lr}
- mov sp, r2
- blx r0
- pop {r0, r1}
- mov sp, r0
- bx r1
+++ /dev/null
-.section .text
-.global _start
-_start:
- // Original code that still needs to be executed.
- mov r4, r0
- mov r5, r1
- mov r7, r2
- mov r6, r3
-
-main:
- // If we're already trying to access the SD, return.
- ldr r2, [r0, #4]
- ldr r1, sdmmc // In armips this instruction uses pc-releative loading. Specifying it like this causes gcc to emit the same code.
- cmp r2, r1
- beq nand_sd_ret
-
- str r1, [r0, #4] // Set object to be SD
- ldr r2, [r0, #8] // Get sector to read
- cmp r2, #0 // Gateway compat
-
- ldr r3, nand_offset // ^ see above
- add r2, r3 // Add the offset to the NAND in the SD.
-
- ldreq r3, ncsd_offset // ^ see above
- addeq r2, r3
-
- str r2, [r0, #8] // Store sector to read
-
- nand_sd_ret:
- // Restore registers.
- mov r0, r4
- mov r1, r5
- mov r2, r7
- mov r3, r6
-
- // Return 4 bytes behind where we got called,
- // due to the offset of this function being stored there.
- mov r0, lr
- add r0, #4
- bx r0
-
-sdmmc: .ascii "SDMC" // The offset of the sdmmc object.
-nand_offset: .ascii "NAND" // The starting offset of the emuNAND on the SD.
-ncsd_offset: .ascii "NCSD" // Location of the NCSD header relative to nand_offset
-
+++ /dev/null
-.set firm_addr, 0x24000000 // Temporary location where we'll load the FIRM to
-.set firm_maxsize, 0x200000 // Random value that's bigger than any of the currently known firm's sizes.
-
-.section .text
-.global _start
-_start:
-
- // Set MPU settings
- mrc p15, 0, r0, c2, c0, 0 // dcacheable
- mrc p15, 0, r12, c2, c0, 1 // icacheable
- mrc p15, 0, r1, c3, c0, 0 // write bufferable
- mrc p15, 0, r2, c5, c0, 2 // daccess
- mrc p15, 0, r3, c5, c0, 3 // iaccess
- ldr r4, =0x18000035 // 0x18000000 128M
- bic r2, r2, #0xF0000 // unprotect region 4
- bic r3, r3, #0xF0000 // unprotect region 4
- orr r0, r0, #0x10 // dcacheable region 4
- orr r2, r2, #0x30000 // region 4 r/w
- orr r3, r3, #0x30000 // region 4 r/w
- orr r12, r12, #0x10 // icacheable region 4
- orr r1, r1, #0x10 // write bufferable region 4
- mcr p15, 0, r0, c2, c0, 0
- mcr p15, 0, r12, c2, c0, 1
- mcr p15, 0, r1, c3, c0, 0 // write bufferable
- mcr p15, 0, r2, c5, c0, 2 // daccess
- mcr p15, 0, r3, c5, c0, 3 // iaccess
- mcr p15, 0, r4, c6, c4, 0 // region 4 (hmmm)
-
- mrc p15, 0, r0, c2, c0, 0 // dcacheable
- mrc p15, 0, r1, c2, c0, 1 // icacheable
- mrc p15, 0, r2, c3, c0, 0 // write bufferable
- orr r0, r0, #0x20 // dcacheable region 5
- orr r1, r1, #0x20 // icacheable region 5
- orr r2, r2, #0x20 // write bufferable region 5
- mcr p15, 0, r0, c2, c0, 0 // dcacheable
- mcr p15, 0, r1, c2, c0, 1 // icacheable
- mcr p15, 0, r2, c3, c0, 0 // write bufferable
-
- // Copy the firmware
- mov r4, #firm_addr
- add r5, r4, #0x40 // Start of loop
- add r6, r5, #0x30 * 3 // End of loop (scan 4 entries)
-
- copy_firm_loop:
- ldr r0, [r5]
- cmp r0, #0
- addne r0, r4 // src
- ldrne r1, [r5, #4] // dest
- ldrne r2, [r5, #8] // size
- blne memcpy32
-
- cmp r5, r6
- addlo r5, #0x30
- blo copy_firm_loop
-
- // Flush cache
- mov r2, #0
- mov r1, r2
- flush_cache:
- mov r0, #0
- mov r3, r2, lsl #30
- flush_cache_inner_loop:
- orr r12, r3, r0, lsl#5
- mcr p15, 0, r1, c7, c10, 4 // drain write buffer
- mcr p15, 0, r12, c7, c14, 2 // clean and flush dcache entry (index and segment)
- add r0, #1
- cmp r0, #0x20
- bcc flush_cache_inner_loop
- add r2, #1
- cmp r2, #4
- bcc flush_cache
-
- // Enable MPU
- ldr r0, =0x42078 // alt vector select, enable itcm
- mcr p15, 0, r0, c1, c0, 0
- mcr p15, 0, r1, c7, c5, 0 // flush dcache
- mcr p15, 0, r1, c7, c6, 0 // flush icache
- mcr p15, 0, r1, c7, c10, 4 // drain write buffer
- mov r0, #firm_addr
-
- // Boot FIRM
- mov r1, #0x1FFFFFFC
- ldr r2, [r0, #8] // arm11 entry
- str r2, [r1]
- ldr r0, [r0, #0xC] // arm9 entry
- bx r0
-.pool
-
-memcpy32: // memcpy32(void *src, void *dst, unsigned int size)
- add r2, r0
- memcpy32_loop:
- ldmia r0!, {r3}
- stmia r1!, {r3}
- cmp r0, r2
- blo memcpy32_loop
- bx lr
+++ /dev/null
-.set firm_addr, 0x24000000 // Temporary location where we'll load the FIRM to
-.set firm_maxsize, 0x200000 // Random value that's bigger than any of the currently known firm's sizes.
-
-.section .text
-.global _start
-_start:
- // Interesting registers and locations to keep in mind, set before this code is ran:
- // - sp + 0x3A8 - 0x70: FIRM path in exefs.
- // - r7 (which is sp + 0x3A8 - 0x198): Reserved space for file handle
- // - *(sp + 0x3A8 - 0x198) + 0x28: fread function.
-
- pxi_wait_recv:
- ldr r2, =0x44846
- ldr r0, =0x10008000
- readPxiLoop1:
- ldrh r1, [r0, #4]
- lsls r1, #0x17
- bmi readPxiLoop1
- ldr r0, [r0, #0xC]
- cmp r0, r2
- bne pxi_wait_recv
-
- // Convert 2 bytes of the path string
- // This will be the method of getting the lower 2 bytes of the title ID
- // until someone bothers figuring out where the value is derived from.
- mov r0, #0 // Result
- add r1, sp, #0x3A8 - 0x70
- add r1, #0x22 // The significant bytes
- mov r2, #4 // Maximum loops (amount of bytes * 2)
-
- hex_string_to_int_loop:
- ldr r3, [r1], #2 // 2 because it's a utf-16 string.
- and r3, #0xFF
-
- // Check if it"s a number
- cmp r3, #'0'
- blo hex_string_to_int_end
- sub r3, #'0'
- cmp r3, #9
- bls hex_string_to_int_calc
-
- // Check if it"s a capital letter
- cmp r3, #'A' - '0'
- blo hex_string_to_int_end
- sub r3, #'A' - '0' - 0xA // Make the correct value: 0xF >= al >= 0xA
- cmp r3, #0xF
- bls hex_string_to_int_calc
-
- // Incorrect value: x > "A"
- bhi hex_string_to_int_end
-
- hex_string_to_int_calc:
- orr r0, r3, r0, lsl #4
- subs r2, #1
- bne hex_string_to_int_loop
- hex_string_to_int_end:
-
- // Get the FIRM path
- cmp r0, #0x0002 // NATIVE_FIRM
- ldreq r1, firm_fname
- beq check_fname
-
- ldr r5, =0x0102 // TWL_FIRM
- cmp r0, r5
- ldreq r1, twl_firm_fname
- beq check_fname
-
- ldr r5, =0x0202 // AGB_FIRM
- cmp r0, r5
- ldreq r1, agb_firm_fname
- beq check_fname
-
- fallback:
- // Fallback: Load specified FIRM from exefs
- add r1, sp, #0x3A8-0x70 // Location of exefs string.
- b load_firm
-
- check_fname:
- // Check the given string offset
- cmp r1, #0
- beq fallback
-
- load_firm:
- // Open file
- add r0, r7, #8
- mov r2, #1
- ldr r6, fopen
- orr r6, #1
- blx r6
-
- cmp r0, #0 // Check if we were able to load the FIRM
- bne fallback // Otherwise, try again with the FIRM from exefs.
- // This will loop indefinitely if the exefs FIRM fails to load, but whatever.
-
- // Read file
- mov r0, r7
- adr r1, bytes_read
- mov r2, #firm_addr
- mov r3, #firm_maxsize
- ldr r6, [sp, #0x3A8-0x198]
- ldr r6, [r6, #0x28]
- blx r6
-
- // Set kernel state
- mov r0, #0
- mov r1, #0
- mov r2, #0
- mov r3, #0
- swi 0x7C
-
- // Jump to reboot code
- ldr r0, reboot_code
- swi 0x7B
-
- die:
- b die
-
-.align 4
-bytes_read: .word 0
-fopen: .ascii "open"
-reboot_code: .ascii "rebc"
-.pool
-firm_fname: .ascii "NATF"
-twl_firm_fname: .ascii "TWLF"
-agb_firm_fname: .ascii "AGBF"
+++ /dev/null
-// This is not intended to be built, but is what a stub service's code is
-.section .text
-.global _start
-_start:
- ldr r0, =0xf8c007f4
- bx lr
-Subproject commit 0cb25b034cb07a96077f1b0af4fd84960fdcd151
+Subproject commit eb78012240776d8143a2c6eede4802410d606f85
+++ /dev/null
-The MIT License (MIT)
-
-Copyright (c) 2016 Yifan Lu
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+++ /dev/null
-#---------------------------------------------------------------------------------
-.SUFFIXES:
-#---------------------------------------------------------------------------------
-
-PATH := $(PATH):$(DEVKITARM)/bin
-
-ifeq ($(strip $(DEVKITARM)),)
-$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
-endif
-
-TOPDIR ?= $(CURDIR)
-MAKEROM ?= makerom
-PYTHON ?= python2
-include $(DEVKITARM)/3ds_rules
-
-ifeq "$(root)" "clusterfuck"
- PATHARGS := -DPATH_ROOT=\"\"
- PATHARGS += -DPATH_DATA=\"/$(fw_folder)\"
-else ifeq "$(root)" "cruel"
- PATHARGS := -DPATH_ROOT=\"/3ds/apps\"
- PATHARGS += -DPATH_DATA=\"/3ds/appdata/$(fw_folder)\"
-else ifeq "$(root)" "shadowhand"
- PATHARGS := -DPATH_ROOT=\"/homebrew/3ds\"
- PATHARGS += -DPATH_DATA=\"/homebrew/3ds/$(fw_folder)\"
-endif
-
-#---------------------------------------------------------------------------------
-# TARGET is the name of the output
-# BUILD is the directory where object files & intermediate files will be placed
-# SOURCES is a list of directories containing source code
-# DATA is a list of directories containing data files
-# INCLUDES is a list of directories containing header files
-#---------------------------------------------------------------------------------
-TARGET := loader
-BUILD := build
-SOURCES := source source/patch
-DATA := data
-INCLUDES := include
-
-#---------------------------------------------------------------------------------
-# options for code generation
-#---------------------------------------------------------------------------------
-ARCH := -march=armv6k -mtune=mpcore -mfloat-abi=hard -mtp=soft
-
-ERROR := -Werror -Wextra
-CFLAGS := -flto -Wall -Os -mword-relocations $(ERROR) \
- -fomit-frame-pointer -ffunction-sections -fdata-sections -fshort-wchar \
- $(ARCH)
-
-CFLAGS += $(INCLUDE) -DARM11 -D_3DS -DLOADER=1 -I../../../include $(PATHARGS)
-
-CXXFLAGS := $(CFLAGS) -fno-rtti -fno-exceptions -std=gnu99
-
-ASFLAGS := $(ARCH)
-LDFLAGS = -flto -Xlinker --defsym="__start__=0x14000000" -specs=3dsx.specs $(ARCH) -Wl,-Map,$(notdir $*.map) -z defs
-
-LIBS := -lctru
-
-#---------------------------------------------------------------------------------
-# list of directories containing libraries, this must be the top level containing
-# include and lib
-#---------------------------------------------------------------------------------
-LIBDIRS := $(CTRULIB)
-
-
-#---------------------------------------------------------------------------------
-# no real need to edit anything past this point unless you need to add additional
-# rules for different file extensions
-#---------------------------------------------------------------------------------
-ifneq ($(BUILD),$(notdir $(CURDIR)))
-#---------------------------------------------------------------------------------
-
-export OUTPUT := $(CURDIR)/$(TARGET)
-export TOPDIR := $(CURDIR)
-
-export VPATH := $(foreach dir,$(SOURCES),$(CURDIR)/$(dir)) \
- $(foreach dir,$(DATA),$(CURDIR)/$(dir))
-
-export DEPSDIR := $(CURDIR)/$(BUILD)
-
-CFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.c)))
-CPPFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.cpp)))
-SFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.s)))
-PICAFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.v.pica)))
-SHLISTFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.shlist)))
-BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.*)))
-
-#---------------------------------------------------------------------------------
-# use CXX for linking C++ projects, CC for standard C
-#---------------------------------------------------------------------------------
-ifeq ($(strip $(CPPFILES)),)
-#---------------------------------------------------------------------------------
- export LD := $(CC)
-#---------------------------------------------------------------------------------
-else
-#---------------------------------------------------------------------------------
- export LD := $(CXX)
-#---------------------------------------------------------------------------------
-endif
-#---------------------------------------------------------------------------------
-
-export OFILES := $(addsuffix .o,$(BINFILES)) \
- $(PICAFILES:.v.pica=.shbin.o) $(SHLISTFILES:.shlist=.shbin.o) \
- $(CPPFILES:.cpp=.o) $(CFILES:.c=.o) $(SFILES:.s=.o)
-
-export INCLUDE := $(foreach dir,$(INCLUDES),-I$(CURDIR)/$(dir)) \
- $(foreach dir,$(LIBDIRS),-I$(dir)/include) \
- -I$(CURDIR)/$(BUILD)
-
-export LIBPATHS := $(foreach dir,$(LIBDIRS),-L$(dir)/lib)
-
-.PHONY: $(BUILD) clean all
-
-#---------------------------------------------------------------------------------
-all: $(BUILD)
-
-$(BUILD):
- @[ -d $@ ] || mkdir -p $@
- @$(MAKE) --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile
-
-#---------------------------------------------------------------------------------
-clean:
- @echo clean ...
- @rm -fr $(BUILD) $(OUTPUT).cxi $(TARGET).elf
-
-
-#---------------------------------------------------------------------------------
-else
-
-DEPENDS := $(OFILES:.o=.d)
-
-#---------------------------------------------------------------------------------
-# main targets
-#---------------------------------------------------------------------------------
-$(OUTPUT).cxi : $(OUTPUT).elf
- $(MAKEROM) -f ncch -rsf ../loader.rsf -nocodepadding -o $@ -elf $<
-
-$(OUTPUT).elf : $(OFILES)
-
-#---------------------------------------------------------------------------------
-# you need a rule like this for each extension you use as binary data
-#---------------------------------------------------------------------------------
-%.bin.o : %.bin
-#---------------------------------------------------------------------------------
- @echo $(notdir $<)
- @$(bin2o)
-
-#---------------------------------------------------------------------------------
-# rules for assembling GPU shaders
-#---------------------------------------------------------------------------------
-define shader-as
- $(eval CURBIN := $(patsubst %.shbin.o,%.shbin,$(notdir $@)))
- picasso -o $(CURBIN) $1
- bin2s $(CURBIN) | $(AS) -o $@
- echo "extern const u8" `(echo $(CURBIN) | sed -e 's/^\([0-9]\)/_\1/' | tr . _)`"_end[];" > `(echo $(CURBIN) | tr . _)`.h
- echo "extern const u8" `(echo $(CURBIN) | sed -e 's/^\([0-9]\)/_\1/' | tr . _)`"[];" >> `(echo $(CURBIN) | tr . _)`.h
- echo "extern const u32" `(echo $(CURBIN) | sed -e 's/^\([0-9]\)/_\1/' | tr . _)`_size";" >> `(echo $(CURBIN) | tr . _)`.h
-endef
-
-%.shbin.o : %.v.pica %.g.pica
- @echo $(notdir $^)
- @$(call shader-as,$^)
-
-%.shbin.o : %.v.pica
- @echo $(notdir $<)
- @$(call shader-as,$<)
-
-%.shbin.o : %.shlist
- @echo $(notdir $<)
- @$(call shader-as,$(foreach file,$(shell cat $<),$(dir $<)/$(file)))
-
--include $(DEPENDS)
-
-#---------------------------------------------------------------------------------------
-endif
-#---------------------------------------------------------------------------------------
-
-.PHONY: install
-install:
+++ /dev/null
-3DS Loader Replacement
-======================
-
-This is an open source implementation of 3DS `loader` system module--with
-additional features. The current aim of the project is to provide a nice
-entry point for patching 3DS modules.
-
-## Roadmap
-Right now, this can serve as an open-source replacement for the built in loader,
-and then some.
-
-There is support for patching any executable after it's loaded but
-before it starts. For example, you can patch `menu` to skip region checks and
-have region free game launching directly from the home menu.
-
-There is also support for SDMC read/write (not found in original loader
-implementation) which means that information can be logged to SD.
-
-## About this fork
-
-A lot of the 'disassembled' looking code has been rewritten for readability
-(notable the lzss decompressor), and some cruft was cleaned out. Notably,
-IFile increased the cxi size by two (!) pages, and therefore has been removed,
-as it offers nothing over direct use of FSFILE and FSLDR.
-
-This version of loader is capable of logging to the filesystem through added
-write support. Tecnically, all the work for this was already in place, but IFile
-didn't allow accessing this functionality. This makes debugging much easier,
-since you can now actually figure out what went wrong.
-
-Experimental support for resizing segments before loading the executable was
-added. This means that segments can be appended to. Notably, this allows tacking
-code onto the end.
-
-The text, data, and ro segments are now handled separately to speed things up
-marginally, since if you know a patch is applied to text there's no reason to
-search the data segment, etc.
-
-## Imported changes from other 3ds_injector forks
-
-This was updated to the latest git ctrulib (in which FS_Archive typing has
-changed to allow mountpoints.)
-
-@TuxSH did this work before me, although I had to implement changes
-manually due to my tree sharing almost nothing at this point with upstream or
-Luma. It did serve as a useful reference, though. :)
-
-## Build
-You need a working 3DS build environment with a fairly recent copy of devkitARM,
-ctrulib, and makerom.
-
-This will automatically be built by corbenik's top-level makefile, so you shouldn't
-need to monkey around in here if you aren't making changes.
-
-## Misc
-
-This is not intended to be used with anything but corbenik due to specific use of
-structures incompatible with other CFW, so don't attempt to inject this with other
-CFWs. At best, it doesn't work. At worst, you can't boot without removing it.
-
-For devs - message me if there's any changes you want help merging to your fork.
-I'll be glad to help, either to explain what has been done here or to port changes.
-I'm not into anti-competitive behavior, since we're all just trying to make the 3DS
-better as a whole. ;P
+++ /dev/null
-BasicInfo:
- Title : loader
- CompanyCode : "00"
- ProductCode : injectload
-# The system doesn't actually care about this, 0282builder was
-# likely an artifact of their toolchain. We change it just because.
- ContentType : Application
- Logo : None
-
-TitleInfo:
- UniqueId : 0x13
- Category : Base
- Version : 2
-
-Option:
- UseOnSD : false
- FreeProductCode : true # Removes limitations on ProductCode
- MediaFootPadding : false # If true CCI files are created with padding
- EnableCrypt : false # Enables encryption for NCCH and CIA
- EnableCompress : true # Compresses exefs code
-
-AccessControlInfo:
- IdealProcessor : 1
- AffinityMask : 3
-
- Priority : 20
-
- DisableDebug : true
- EnableForceDebug : true # For future use, this will be helpful.
- CanWriteSharedPage : false
- CanUsePrivilegedPriority : false
- CanUseNonAlphabetAndNumber : false
- PermitMainFunctionArgument : false
- CanShareDeviceMemory : false
- RunnableOnSleep : true
- SpecialMemoryArrange : true
- ResourceLimitCategory : Other
-
- CoreVersion : 2
- DescVersion : 2
-
- MemoryType : Base # Application / System / Base
- HandleTableSize: 0
- SystemCallAccess:
- AcceptSession: 74
- ArbitrateAddress: 34
- Break: 60
- CancelTimer: 28
- ClearEvent: 25
- ClearTimer: 29
- CloseHandle: 35
- ConnectToPort: 45
- ControlMemory: 1
- CreateAddressArbiter: 33
- CreateCodeSet: 115
- CreateEvent: 23
- CreateMemoryBlock: 30
- CreateMutex: 19
- CreatePort: 71
- CreateProcess: 117
- CreateSemaphore: 21
- CreateSessionToPort: 72
- CreateThread: 8
- CreateTimer: 26
- DuplicateHandle: 39
- ExitProcess: 3
- ExitThread: 9
- GetCurrentProcessorNumber: 17
- GetHandleInfo: 41
- GetProcessId: 53
- GetProcessIdealProcessor: 6
- GetProcessIdOfThread: 54
- GetProcessInfo: 43
- GetResourceLimit: 56
- GetResourceLimitCurrentValues: 58
- GetResourceLimitLimitValues: 57
- GetSystemInfo: 42
- GetSystemTick: 40
- GetThreadContext: 59
- GetThreadId: 55
- GetThreadIdealProcessor: 15
- GetThreadInfo: 44
- GetThreadPriority: 11
- MapMemoryBlock: 31
- OutputDebugString: 61
- QueryMemory: 2
- RandomStub: 116
- ReleaseMutex: 20
- ReleaseSemaphore: 22
- ReplyAndReceive1: 75
- ReplyAndReceive2: 76
- ReplyAndReceive3: 77
- ReplyAndReceive4: 78
- ReplyAndReceive: 79
- SendSyncRequest1: 46
- SendSyncRequest2: 47
- SendSyncRequest3: 48
- SendSyncRequest4: 49
- SendSyncRequest: 50
- SetThreadPriority: 12
- SetTimer: 27
- SignalEvent: 24
- SleepThread: 10
- UnmapMemoryBlock: 32
- WaitSynchronization1: 36
- WaitSynchronizationN: 37
- KernelSetState: 124
- DebugActiveProcess: 96
- InterruptNumbers:
- ServiceAccessControl:
- - fs:LDR
- FileSystemAccess:
- - DirectSdmc
- - CtrNandRw
-
-SystemControlInfo:
- SaveDataSize: 0KB # It doesn't use any save data.
- RemasterVersion: 0
- StackSize: 0x1000
+++ /dev/null
-#ifndef __EXHEADER_H
-#define __EXHEADER_H
-
-#include <3ds/types.h>
-
-typedef struct
-{
- u32 text_addr;
- u32 text_size;
- u32 ro_addr;
- u32 ro_size;
- u32 data_addr;
- u32 data_size;
- u32 total_size;
-} prog_addrs_t;
-
-typedef struct
-{
- u8 reserved[5];
- u8 flag; // Maybe a feature - Bits 2-7 are unused. We could allow uh, custom flags here. Like zlib compression on code rather than lzss.
- u8 remasterversion[2];
-} PACKED exheader_systeminfoflags;
-
-typedef struct
-{
- u32 address;
- u32 nummaxpages;
- u32 codesize;
-} PACKED exheader_codesegmentinfo;
-
-typedef struct
-{
- u8 name[8];
- exheader_systeminfoflags flags;
- exheader_codesegmentinfo text;
- u8 stacksize[4];
- exheader_codesegmentinfo ro;
- u8 reserved[4];
- exheader_codesegmentinfo data;
- u32 bsssize;
-} PACKED exheader_codesetinfo;
-
-typedef struct
-{
- u64 programid[0x30];
-} PACKED exheader_dependencylist;
-
-typedef struct
-{
- u8 savedatasize[4];
- u8 reserved[4];
- u8 jumpid[8];
- u8 reserved2[0x30];
-} PACKED exheader_systeminfo;
-
-typedef struct
-{
- u8 extsavedataid[8];
- u8 systemsavedataid[8];
- u8 reserved[8];
- u8 accessinfo[7];
- u8 otherattributes;
-} PACKED exheader_storageinfo;
-
-// New3DS speed is flags[1]:1
-
-typedef struct
-{
- u64 programid;
- u8 coreVersion[4]; // Kernel version required for this.
- u8 flag2;
- u8 flag1;
- u8 flag0; // CPU speed settings.
- u8 priority;
- u16 resourcelimitdescriptor[0x10];
- exheader_storageinfo storageinfo;
- u64 serviceaccesscontrol[0x20];
- u8 reserved[0x1f];
- u8 resourcelimitcategory;
-} PACKED exheader_arm11systemlocalcaps;
-
-typedef struct
-{
- u32 descriptors[28];
- u8 reserved[0x10];
-} PACKED exheader_arm11kernelcapabilities;
-
-typedef struct
-{
- u8 descriptors[15];
- u8 descversion;
-} PACKED exheader_arm9accesscontrol;
-
-typedef struct
-{
- exheader_codesetinfo codesetinfo;
- exheader_dependencylist deplist;
- exheader_systeminfo systeminfo;
- exheader_arm11systemlocalcaps arm11systemlocalcaps;
- exheader_arm11kernelcapabilities arm11kernelcaps;
- exheader_arm9accesscontrol arm9accesscontrol;
- struct
- {
- u8 signature[0x100];
- u8 ncchpubkeymodulus[0x100];
- exheader_arm11systemlocalcaps arm11systemlocalcaps;
- exheader_arm11kernelcapabilities arm11kernelcaps;
- exheader_arm9accesscontrol arm9accesscontrol;
- } PACKED accessdesc;
-} PACKED exheader_header;
-
-#endif
+++ /dev/null
-#include <3ds.h>
-#include "fsldr.h"
-#include "fsreg.h"
-#include "srvsys.h"
-
-#define SDK_VERSION 0x70200C8
-
-static Handle fsldrHandle;
-static int fsldrRefCount;
-
-// MAKE SURE fsreg has been init before calling this
-static Result
-fsldrPatchPermissions(void)
-{
- u32 pid;
- Result res;
- FS_ProgramInfo info;
- u32 storage[8] = { 0 };
-
- storage[6] = 0x680; // SDMC access and NAND access flag
- info.programId = 0x0004013000001302LL; // loader PID
- info.mediaType = MEDIATYPE_NAND;
- res = svcGetProcessId(&pid, 0xFFFF8001);
- if (R_SUCCEEDED(res)) {
- res = FSREG_Register(pid, 0xFFFF000000000000LL, &info, (u8 *)storage);
- }
- return res;
-}
-
-Result
-fsldrInit(void)
-{
- Result ret = 0;
-
- if (AtomicPostIncrement(&fsldrRefCount))
- return 0;
-
- ret = srvSysGetServiceHandle(&fsldrHandle, "fs:LDR");
- if (R_SUCCEEDED(ret)) {
- fsldrPatchPermissions();
- ret = FSLDR_InitializeWithSdkVersion(fsldrHandle, SDK_VERSION);
- ret = FSLDR_SetPriority(0);
- if (R_FAILED(ret))
- svcBreak(USERBREAK_ASSERT);
- } else {
- AtomicDecrement(&fsldrRefCount);
- }
-
- return ret;
-}
-
-void
-fsldrExit(void)
-{
- if (AtomicDecrement(&fsldrRefCount))
- return;
- svcCloseHandle(fsldrHandle);
-}
-
-Result
-FSLDR_InitializeWithSdkVersion(Handle session, u32 version)
-{
- u32 *cmdbuf = getThreadCommandBuffer();
-
- cmdbuf[0] = IPC_MakeHeader(0x861, 1, 2); // 0x8610042
- cmdbuf[1] = version;
- cmdbuf[2] = 32;
-
- Result ret = 0;
- if (R_FAILED(ret = svcSendSyncRequest(session)))
- return ret;
-
- return cmdbuf[1];
-}
-
-Result
-FSLDR_SetPriority(u32 priority)
-{
- u32 *cmdbuf = getThreadCommandBuffer();
-
- cmdbuf[0] = IPC_MakeHeader(0x862, 1, 0); // 0x8620040
- cmdbuf[1] = priority;
-
- Result ret = 0;
- if (R_FAILED(ret = svcSendSyncRequest(fsldrHandle)))
- return ret;
-
- return cmdbuf[1];
-}
-
-Result
-FSLDR_OpenFileDirectly(Handle *out, FS_ArchiveID archiveId, FS_Path archivePath, FS_Path filePath, u32 openFlags, u32 attributes)
-{
- u32 *cmdbuf = getThreadCommandBuffer();
-
- cmdbuf[0] = IPC_MakeHeader(0x803, 8, 4); // 0x8030204
- cmdbuf[1] = 0;
- cmdbuf[2] = archiveId;
- cmdbuf[3] = archivePath.type;
- cmdbuf[4] = archivePath.size;
- cmdbuf[5] = filePath.type;
- cmdbuf[6] = filePath.size;
- cmdbuf[7] = openFlags;
- cmdbuf[8] = attributes;
- cmdbuf[9] = IPC_Desc_StaticBuffer(archivePath.size, 2);
- cmdbuf[10] = (u32)archivePath.data;
- cmdbuf[11] = IPC_Desc_StaticBuffer(filePath.size, 0);
- cmdbuf[12] = (u32)filePath.data;
-
- Result ret = 0;
- if (R_FAILED(ret = svcSendSyncRequest(fsldrHandle)))
- return ret;
-
- if (out)
- *out = cmdbuf[3];
-
- return cmdbuf[1];
-}
+++ /dev/null
-#ifndef __FSLDR_H
-#define __FSLDR_H
-
-#include <3ds/types.h>
-
-Result fsldrInit(void);
-void fsldrExit(void);
-Result FSLDR_InitializeWithSdkVersion(Handle session, u32 version);
-Result FSLDR_SetPriority(u32 priority);
-Result FSLDR_OpenFileDirectly(Handle *out, FS_ArchiveID archiveId, FS_Path archivePath, FS_Path filePath, u32 openFlags, u32 attributes);
-
-#endif
+++ /dev/null
-#include <3ds.h>
-#include <string.h>
-#include "fsreg.h"
-#include "srvsys.h"
-
-static Handle fsregHandle;
-static int fsregRefCount;
-
-Result
-fsregInit(void)
-{
- Result ret = 0;
-
- if (AtomicPostIncrement(&fsregRefCount))
- return 0;
-
- ret = srvSysGetServiceHandle(&fsregHandle, "fs:REG");
-
- if (R_FAILED(ret))
- AtomicDecrement(&fsregRefCount);
- return ret;
-}
-
-void
-fsregExit(void)
-{
- if (AtomicDecrement(&fsregRefCount))
- return;
- svcCloseHandle(fsregHandle);
-}
-
-Result
-FSREG_CheckHostLoadId(u64 prog_handle)
-{
- u32 *cmdbuf = getThreadCommandBuffer();
-
- cmdbuf[0] = IPC_MakeHeader(0x406, 2, 0); // 0x4060080
- cmdbuf[1] = (u32)(prog_handle);
- cmdbuf[2] = (u32)(prog_handle >> 32);
-
- Result ret = 0;
- if (R_FAILED(ret = svcSendSyncRequest(fsregHandle)))
- return ret;
-
- return cmdbuf[1];
-}
-
-Result
-FSREG_LoadProgram(u64 *prog_handle, FS_ProgramInfo *title)
-{
- u32 *cmdbuf = getThreadCommandBuffer();
-
- cmdbuf[0] = IPC_MakeHeader(0x404, 4, 0); // 0x4040100
- memcpy(&cmdbuf[1], &title->programId, sizeof(u64));
- *(u8 *)&cmdbuf[3] = title->mediaType;
- memcpy(((u8 *)&cmdbuf[3]) + 1, &title->padding, 7);
-
- Result ret = 0;
- if (R_FAILED(ret = svcSendSyncRequest(fsregHandle)))
- return ret;
- *prog_handle = *(u64 *)&cmdbuf[2];
-
- return cmdbuf[1];
-}
-
-Result
-FSREG_GetProgramInfo(exheader_header *exheader, u32 entry_count, u64 prog_handle)
-{
- u32 *cmdbuf = getThreadCommandBuffer();
-
- cmdbuf[0] = IPC_MakeHeader(0x403, 3, 0); // 0x40300C0
- cmdbuf[1] = entry_count;
- *(u64 *)&cmdbuf[2] = prog_handle;
- cmdbuf[64] = ((entry_count << 10) << 14) | 2;
- cmdbuf[65] = (u32)exheader;
-
- Result ret = 0;
- if (R_FAILED(ret = svcSendSyncRequest(fsregHandle)))
- return ret;
-
- return cmdbuf[1];
-}
-
-Result
-FSREG_UnloadProgram(u64 prog_handle)
-{
- u32 *cmdbuf = getThreadCommandBuffer();
-
- cmdbuf[0] = IPC_MakeHeader(0x405, 2, 0); // 0x4050080
- cmdbuf[1] = (u32)(prog_handle);
- cmdbuf[2] = (u32)(prog_handle >> 32);
-
- Result ret = 0;
- if (R_FAILED(ret = svcSendSyncRequest(fsregHandle)))
- return ret;
-
- return cmdbuf[1];
-}
-
-Result
-FSREG_Unregister(u32 pid)
-{
- u32 *cmdbuf = getThreadCommandBuffer();
-
- cmdbuf[0] = IPC_MakeHeader(0x402, 1, 0); // 0x4020040
- cmdbuf[1] = pid;
-
- Result ret = 0;
- if (R_FAILED(ret = svcSendSyncRequest(fsregHandle)))
- return ret;
-
- return cmdbuf[1];
-}
-
-Result
-FSREG_Register(u32 pid, u64 prog_handle, FS_ProgramInfo *info, void *storageinfo)
-{
- u32 *cmdbuf = getThreadCommandBuffer();
-
- cmdbuf[0] = IPC_MakeHeader(0x401, 0xf, 0); // 0x40103C0
- cmdbuf[1] = pid;
- *(u64 *)&cmdbuf[2] = prog_handle;
- memcpy(&cmdbuf[4], &info->programId, sizeof(u64));
- *(u8 *)&cmdbuf[6] = info->mediaType;
- memcpy(((u8 *)&cmdbuf[6]) + 1, &info->padding, 7);
- memcpy((u8 *)&cmdbuf[8], storageinfo, 32);
-
- Result ret = 0;
- if (R_FAILED(ret = svcSendSyncRequest(fsregHandle)))
- return ret;
-
- return cmdbuf[1];
-}
+++ /dev/null
-#ifndef __FSREG_H
-#define __FSREG_H
-
-#include <3ds/types.h>
-#include "exheader.h"
-
-Result fsregInit(void);
-void fsregExit(void);
-Result FSREG_CheckHostLoadId(u64 prog_handle);
-Result FSREG_LoadProgram(u64 *prog_handle, FS_ProgramInfo *title);
-Result FSREG_GetProgramInfo(exheader_header *exheader, u32 entry_count, u64 prog_handle);
-Result FSREG_UnloadProgram(u64 prog_handle);
-Result FSREG_Unregister(u32 pid);
-Result FSREG_Register(u32 pid, u64 prog_handle, FS_ProgramInfo *info, void *storageinfo);
-
-#endif
+++ /dev/null
-#ifndef __INTERNAL_H
-#define __INTERNAL_H
-
-// These are libc builtins, so there's no need to carry an implementation here.
-void *memcpy(void *dest, const void *src, size_t len);
-size_t strlen(const char *string);
-
-#endif
+++ /dev/null
-// 'Tis not ready for the world at large yet.
-// I don't want to delete it since I'm working on it though,
-// so it's temporarliy #if'd 0.
-#include <3ds.h>
-#include "patcher.h"
-#include "exheader.h"
-#include "fsldr.h"
-#include "internal.h"
-#include "memory.h"
-#include "logger.h"
-
-#ifndef PATH_MAX
-#define PATH_MAX 255
-#define _MAX_LFN 255
-#endif
-#include <option.h>
-#include <patch_format.h>
-
-// Patches must consist of fewer bytes than this.
-// 16K is reasonable, IMO, and doesn't cause issues.
-
-// I'm too lazy to implement file buffering here,
-// and 16K is large enough for anything.
-
-#define MAX_PATCHSIZE 16384
-
-// Yes, we're including a C file. Problem?
-#include "../../../source/interp.c"
-
-#if 0
-
-#endif
+++ /dev/null
-#ifndef __INTERP_H
-#define __INTERP_H
-
-int execb(uint64_t tid, uint16_t ver, uint8_t *text_mem, uint32_t text_len, uint8_t *data_mem, uint32_t data_size, uint8_t *ro_mem, uint32_t ro_size);
-
-#endif
+++ /dev/null
-#include <3ds.h>
-#include "patcher.h"
-#include "exheader.h"
-#include "fsldr.h"
-#include "fsreg.h"
-#include "pxipm.h"
-#include "srvsys.h"
-#include "lzss.h"
-#include "internal.h"
-#include "logger.h"
-
-// TODO - a lot of this is unecessarily verbose and shitty. Clean it up to be
-// tidy.
-
-#define MAX_SESSIONS 1
-
-const char CODE_PATH[] = { 0x01, 0x00, 0x00, 0x00, 0x2E, 0x63, 0x6F, 0x64, 0x65, 0x00, 0x00, 0x00 };
-
-static Handle g_handles[MAX_SESSIONS + 2];
-static int g_active_handles;
-static u64 g_cached_prog_handle;
-static exheader_header g_exheader;
-static char g_ret_buf[1024];
-
-static Result
-allocate_shared_mem(prog_addrs_t *shared, prog_addrs_t *vaddr, int flags)
-{
- // Somehow, we need to allow reallocating.
-
- u32 dummy;
-
- memcpy(shared, vaddr, sizeof(prog_addrs_t));
- shared->text_addr = 0x10000000; // Code is forcibly relocated to this
- // address to kill ASLR (I believe.)
- shared->ro_addr = shared->text_addr + (shared->text_size << 12);
- shared->data_addr = shared->ro_addr + (shared->ro_size << 12);
- return svcControlMemory(&dummy, shared->text_addr, 0, shared->total_size << 12, (flags & 0xF00) | MEMOP_ALLOC, MEMPERM_READ | MEMPERM_WRITE);
-}
-
-static Result
-load_code(u64 progid, u16 progver, prog_addrs_t *shared, prog_addrs_t *original, u64 prog_handle, int is_compressed)
-{
- Handle handle;
- FS_Path archivePath;
- FS_Path path;
- Result res;
- u64 size;
- u32 total;
-
- archivePath.type = PATH_BINARY;
- archivePath.data = &prog_handle;
- archivePath.size = 8;
-
- path.type = PATH_BINARY;
- path.data = CODE_PATH;
- path.size = sizeof(CODE_PATH);
-
- if (R_FAILED(FSLDR_OpenFileDirectly(&handle, ARCHIVE_SAVEDATA_AND_CONTENT2, archivePath, path, FS_OPEN_READ, 0))) {
- svcBreak(USERBREAK_ASSERT);
- }
-
- // get file size
- if (R_FAILED(FSFILE_GetSize(handle, &size))) {
- FSFILE_Close(handle);
- svcBreak(USERBREAK_ASSERT);
- }
-
- // check size
- if (size > (u64)shared->total_size << 12) {
- FSFILE_Close(handle);
- return 0xC900464F;
- }
-
- // read code
- res = FSFILE_Read(handle, &total, 0, (void *)shared->text_addr, size);
- FSFILE_Close(handle); // done reading
- if (R_FAILED(res)) {
- svcBreak(USERBREAK_ASSERT);
- }
-
- // decompress in place
- if (is_compressed) {
- lzss_decompress((u8 *)shared->text_addr + size);
- }
-
- // Load/Dump code sections
- code_handler(progid, shared);
-
- // Patch segments
- patch_exe(progid, progver, (u8 *)shared->text_addr, shared->text_size << 12, original->text_size << 12, (u8 *)shared->data_addr, shared->data_size << 12,
- original->data_size << 12, (u8 *)shared->ro_addr, shared->ro_size << 12, original->ro_size << 12);
-
- return 0;
-}
-
-static Result
-loader_GetProgramInfo(exheader_header *exheader, u64 prog_handle)
-{
- Result res;
-
- if (prog_handle >> 32 == 0xFFFF0000) {
- return FSREG_GetProgramInfo(exheader, 1, prog_handle);
- } else {
- res = FSREG_CheckHostLoadId(prog_handle);
- // if ((res >= 0 && (unsigned)res >> 27) || (res < 0 && ((unsigned)res
- // >> 27)-32))
- // so use PXIPM if FSREG fails OR returns "info", is the second
- // condition a bug?
- if (R_FAILED(res) || (R_SUCCEEDED(res) && R_LEVEL(res) != RL_SUCCESS)) {
- return PXIPM_GetProgramInfo(exheader, prog_handle);
- } else {
- return FSREG_GetProgramInfo(exheader, 1, prog_handle);
- }
- }
-}
-
-static Result
-loader_LoadProcess(Handle *process, u64 prog_handle)
-{
- Result res;
- int count;
- u32 flags;
- u32 desc;
- u32 dummy;
- prog_addrs_t shared_addr;
- prog_addrs_t vaddr;
- prog_addrs_t original_vaddr;
- Handle codeset;
- CodeSetInfo codesetinfo;
- u32 data_mem_size;
- u64 progid;
- u32 text_grow, data_grow, ro_grow;
- u16 progver;
-
- load_config(); // First order of business - we need the config file.
- openLogger(); // Open logs if enabled in config.
-
- // make sure the cached info corrosponds to the current prog_handle
- if (g_cached_prog_handle != prog_handle) {
- res = loader_GetProgramInfo(&g_exheader, prog_handle);
- g_cached_prog_handle = prog_handle;
- if (res < 0) {
- g_cached_prog_handle = 0;
- return res;
- }
- }
-
- // get kernel flags
- flags = 0;
- for (count = 0; count < 28; count++) {
- desc = g_exheader.arm11kernelcaps.descriptors[count];
- if (0x1FE == desc >> 23) {
- flags = desc & 0xF00;
- }
- }
- if (flags == 0) {
- return MAKERESULT(RL_PERMANENT, RS_INVALIDARG, 1, 2);
- }
-
- // load code
- progid = g_exheader.arm11systemlocalcaps.programid;
- progver = g_exheader.codesetinfo.flags.remasterversion[0] + g_exheader.codesetinfo.flags.remasterversion[1] * 0x100;
-
- logu64(progid);
- logstr(" validated params\n");
-
- // TODO - clean up this shit below. Not only is it unoptimized but it reads like garbage.
-
- // What the addressing info would be if not for expansion. This is passed to
- // patchCode.
- original_vaddr.text_size = (g_exheader.codesetinfo.text.codesize + 4095) >> 12; // (Text size + one page) >> page size
- original_vaddr.ro_size = (g_exheader.codesetinfo.ro.codesize + 4095) >> 12;
- original_vaddr.data_size = (g_exheader.codesetinfo.data.codesize + 4095) >> 12;
- original_vaddr.total_size = original_vaddr.text_size + original_vaddr.ro_size + original_vaddr.data_size;
-
- // Allow changing code, ro, data sizes to allow adding code
- text_grow = get_text_extend(progid, progver, g_exheader.codesetinfo.text.codesize);
- ro_grow = get_ro_extend(progid, progver, g_exheader.codesetinfo.ro.codesize);
- data_grow = get_data_extend(progid, progver, g_exheader.codesetinfo.data.codesize);
-
- // One page is 4096 bytes, thus all the 4095 constants.
-
- // Allocate process memory, growing as needed for extra patches
- vaddr.text_addr = g_exheader.codesetinfo.text.address;
- vaddr.text_size = (g_exheader.codesetinfo.text.codesize + text_grow + 4095) >> 12; // (Text size + one page) >> page size
- vaddr.ro_addr = g_exheader.codesetinfo.ro.address;
- vaddr.ro_size = (g_exheader.codesetinfo.ro.codesize + ro_grow + 4095) >> 12;
- vaddr.data_addr = g_exheader.codesetinfo.data.address;
- vaddr.data_size = (g_exheader.codesetinfo.data.codesize + data_grow + 4095) >> 12;
- data_mem_size = (g_exheader.codesetinfo.data.codesize + text_grow + g_exheader.codesetinfo.bsssize + 4095) >> 12;
- vaddr.total_size = vaddr.text_size + vaddr.ro_size + vaddr.data_size + text_grow + ro_grow + data_grow;
-
- if ((res = allocate_shared_mem(&shared_addr, &vaddr, flags)) < 0) {
- return res;
- }
-
- if ((res = load_code(progid, progver, &shared_addr, &original_vaddr, prog_handle, g_exheader.codesetinfo.flags.flag & 1)) >= 0) {
- memcpy(&codesetinfo.name, g_exheader.codesetinfo.name, 8);
- codesetinfo.program_id = progid;
- codesetinfo.text_addr = vaddr.text_addr;
- codesetinfo.text_size = vaddr.text_size;
- codesetinfo.text_size_total = vaddr.text_size;
- codesetinfo.ro_addr = vaddr.ro_addr;
- codesetinfo.ro_size = vaddr.ro_size;
- codesetinfo.ro_size_total = vaddr.ro_size;
- codesetinfo.rw_addr = vaddr.data_addr;
- codesetinfo.rw_size = vaddr.data_size;
- codesetinfo.rw_size_total = data_mem_size;
- res = svcCreateCodeSet(&codeset, &codesetinfo, (void *)shared_addr.text_addr, (void *)shared_addr.ro_addr, (void *)shared_addr.data_addr);
- if (res >= 0) {
- res = svcCreateProcess(process, codeset, g_exheader.arm11kernelcaps.descriptors, count);
-
- logstr("Created process\n");
-
- closeLogger();
-
- svcCloseHandle(codeset);
- if (res >= 0) {
- return 0; // Succeeded in loading process.
- }
- }
- }
-
- // Failed to load process, unmap shared memory and return error.
- svcControlMemory(&dummy, shared_addr.text_addr, 0, shared_addr.total_size << 12, MEMOP_FREE, 0);
- return res;
-}
-
-static Result
-loader_RegisterProgram(u64 *prog_handle, FS_ProgramInfo *title, FS_ProgramInfo *update)
-{
- Result res;
- u64 prog_id;
-
- prog_id = title->programId;
- if (prog_id >> 32 != 0xFFFF0000) {
- res = FSREG_CheckHostLoadId(prog_id);
- if (R_FAILED(res) || (R_SUCCEEDED(res) && R_LEVEL(res) != RL_SUCCESS)) {
- res = PXIPM_RegisterProgram(prog_handle, title, update);
- if (res < 0) {
- return res;
- }
- if (*prog_handle >> 32 != 0xFFFF0000) {
- res = FSREG_CheckHostLoadId(*prog_handle);
- if (R_FAILED(res) || (R_SUCCEEDED(res) && R_LEVEL(res) != RL_SUCCESS)) {
- return 0;
- }
- }
- svcBreak(USERBREAK_ASSERT);
- }
- }
-
- if ((title->mediaType != update->mediaType) || (prog_id != update->programId)) {
- svcBreak(USERBREAK_ASSERT);
- }
- res = FSREG_LoadProgram(prog_handle, title);
- if (R_SUCCEEDED(res)) {
- if (*prog_handle >> 32 == 0xFFFF0000) {
- return 0;
- }
- res = FSREG_CheckHostLoadId(*prog_handle);
- if (R_FAILED(res) || (R_SUCCEEDED(res) && R_LEVEL(res) != RL_SUCCESS)) {
- svcBreak(USERBREAK_ASSERT);
- }
- }
- return res;
-}
-
-static Result
-loader_UnregisterProgram(u64 prog_handle)
-{
- Result res;
-
- if (prog_handle >> 32 == 0xFFFF0000) {
- return FSREG_UnloadProgram(prog_handle);
- } else {
- res = FSREG_CheckHostLoadId(prog_handle);
- if (R_FAILED(res) || (R_SUCCEEDED(res) && R_LEVEL(res) != RL_SUCCESS)) {
- return PXIPM_UnregisterProgram(prog_handle);
- } else {
- return FSREG_UnloadProgram(prog_handle);
- }
- }
-}
-
-#define LoadProcess 1
-#define RegisterProgram 2
-#define UnregisterProgram 3
-#define GetProgramInfo 4
-
-static void
-handle_commands(void)
-{
- FS_ProgramInfo title;
- FS_ProgramInfo update;
- u32 *cmdbuf;
- u16 cmdid;
- int res;
- Handle handle;
- u64 prog_handle;
-
- cmdbuf = getThreadCommandBuffer();
- cmdid = cmdbuf[0] >> 16;
- res = 0;
- switch (cmdid) {
- case LoadProcess:
- {
- res = loader_LoadProcess(&handle, *(u64 *)&cmdbuf[1]);
- cmdbuf[0] = 0x10042;
- cmdbuf[1] = res;
- cmdbuf[2] = 16;
- cmdbuf[3] = handle;
- break;
- }
- case RegisterProgram:
- {
- memcpy(&title, &cmdbuf[1], sizeof(FS_ProgramInfo));
- memcpy(&update, &cmdbuf[5], sizeof(FS_ProgramInfo));
- res = loader_RegisterProgram(&prog_handle, &title, &update);
- cmdbuf[0] = 0x200C0;
- cmdbuf[1] = res;
- *(u64 *)&cmdbuf[2] = prog_handle;
- break;
- }
- case UnregisterProgram:
- {
- if (g_cached_prog_handle == prog_handle) {
- g_cached_prog_handle = 0;
- }
- cmdbuf[0] = 0x30040;
- cmdbuf[1] = loader_UnregisterProgram(*(u64 *)&cmdbuf[1]);
- break;
- }
- case GetProgramInfo:
- {
- prog_handle = *(u64 *)&cmdbuf[1];
- if (prog_handle != g_cached_prog_handle) {
- res = loader_GetProgramInfo(&g_exheader, prog_handle);
- if (res >= 0) {
- g_cached_prog_handle = prog_handle;
- } else {
- g_cached_prog_handle = 0;
- }
- }
- memcpy(&g_ret_buf, &g_exheader, 1024);
- cmdbuf[0] = 0x40042;
- cmdbuf[1] = res;
- cmdbuf[2] = 0x1000002;
- cmdbuf[3] = (u32)&g_ret_buf;
- break;
- }
- default: // error
- {
- cmdbuf[0] = 0x40;
- cmdbuf[1] = 0xD900182F;
- break;
- }
- // I don't see why it shouldn't be possible to add extra
- // functions callable by threadbuf. This can be used. ;)
- }
-}
-
-static Result
-should_terminate(int *term_request)
-{
- u32 notid;
- Result ret;
-
- ret = srvSysReceiveNotification(¬id);
- if (R_FAILED(ret)) {
- return ret;
- }
- if (notid == 0x100) // term request
- {
- *term_request = 1;
- }
- return 0;
-}
-
-// this is called before main
-void
-__appInit()
-{
- srvSysInit();
- fsregInit();
- fsldrInit();
- pxipmInit();
-}
-
-// this is called after main exits
-void
-__appExit()
-{
- pxipmExit();
- fsldrExit();
- fsregExit();
- srvSysExit();
-}
-
-// stubs for non-needed pre-main functions
-void __sync_init();
-void __sync_fini();
-void __system_initSyscalls();
-
-void
-__ctru_exit()
-{
- __appExit();
- __sync_fini();
- svcExitProcess();
-}
-
-void
-initSystem()
-{
- __sync_init();
- __system_initSyscalls();
- __appInit();
-}
-
-int
-main()
-{
- Result ret;
- Handle handle;
- Handle reply_target;
- Handle *srv_handle;
- Handle *notification_handle;
- s32 index;
- int i;
- int term_request;
- u32 *cmdbuf;
-
- ret = 0;
-
- srv_handle = &g_handles[1];
- notification_handle = &g_handles[0];
-
- if (R_FAILED(srvSysRegisterService(srv_handle, "Loader", MAX_SESSIONS))) {
- svcBreak(USERBREAK_ASSERT);
- }
-
- if (R_FAILED(srvSysEnableNotification(notification_handle))) {
- svcBreak(USERBREAK_ASSERT);
- }
-
- g_active_handles = 2;
- g_cached_prog_handle = 0;
- index = 1;
-
- reply_target = 0;
- term_request = 0;
- do {
- if (reply_target == 0) {
- cmdbuf = getThreadCommandBuffer();
- cmdbuf[0] = 0xFFFF0000;
- }
- ret = svcReplyAndReceive(&index, g_handles, g_active_handles, reply_target);
-
- if (R_FAILED(ret)) {
- // check if any handle has been closed
- if (ret == (int)0xC920181A) {
- if (index == -1) {
- for (i = 2; i < MAX_SESSIONS + 2; i++) {
- if (g_handles[i] == reply_target) {
- index = i;
- break;
- }
- }
- }
- svcCloseHandle(g_handles[index]);
- g_handles[index] = g_handles[g_active_handles - 1];
- g_active_handles--;
- reply_target = 0;
- } else {
- svcBreak(USERBREAK_ASSERT);
- }
- } else {
- // process responses
- reply_target = 0;
- switch (index) {
- case 0: // notification
- {
- if (R_FAILED(should_terminate(&term_request))) {
- svcBreak(USERBREAK_ASSERT);
- }
- break;
- }
- case 1: // new session
- {
- if (R_FAILED(svcAcceptSession(&handle, *srv_handle))) {
- svcBreak(USERBREAK_ASSERT);
- }
- if (g_active_handles < MAX_SESSIONS + 2) {
- g_handles[g_active_handles] = handle;
- g_active_handles++;
- } else {
- svcCloseHandle(handle);
- }
- break;
- }
- default: // session
- {
- handle_commands();
- reply_target = g_handles[index];
- break;
- }
- }
- }
- } while (!term_request || g_active_handles != 2);
-
- srvSysUnregisterService("Loader");
- svcCloseHandle(*srv_handle);
- svcCloseHandle(*notification_handle);
-
- return 0;
-}
+++ /dev/null
-#include <3ds.h>
-#include "patcher.h"
-#include "fsldr.h"
-#include "internal.h"
-#include "memory.h"
-
-#ifndef PATH_MAX
-#define PATH_MAX 255
-#define _MAX_LFN 255
-#endif
-#include <option.h>
-#include <patch_format.h>
-
-Handle log_file_hdl;
-int logger_is_initd = 0;
-
-extern struct config_file config;
-
-void
-openLogger()
-{
- if (config.options[OPTION_SAVE_LOGS] == 0) {
- logger_is_initd = -1; // Setting -1 effectively disables logs.
- }
- Result r;
-
- if (logger_is_initd)
- return;
-
- r = fileOpen(&log_file_hdl, ARCHIVE_SDMC, PATH_LOADERLOG, FS_OPEN_WRITE | FS_OPEN_READ | FS_OPEN_CREATE);
-
- if (R_FAILED(r)) {
- logger_is_initd = -1;
- }
-
- logger_is_initd = 1;
-}
-
-void
-logstr(const char *str)
-{
- if (logger_is_initd == -1)
- return; // Errored during init. Don't bother.
-
- u32 len = strlen(str);
- u64 size;
- u32 wrote;
- Result r;
-
- // Get current size.
- r = FSFILE_GetSize(log_file_hdl, &size);
- if (R_FAILED(r))
- return;
-
- // Expand file size.
- r = FSFILE_SetSize(log_file_hdl, size + len);
- if (R_FAILED(r))
- return;
-
- // Write data.
- FSFILE_Write(log_file_hdl, &wrote, size, str, len, FS_WRITE_FLUSH);
-}
-
-void
-logu64(u64 progId)
-{
- char str[] = "Title: 0000000000000000\n";
- u32 i = 22;
- while (progId) {
- static const char hexDigits[] = "0123456789ABCDEF";
- str[i--] = hexDigits[(u32)(progId & 0xF)];
- progId >>= 4;
- }
-
- logstr(str);
-}
-
-void
-closeLogger()
-{
- FSFILE_Close(log_file_hdl);
- logger_is_initd = 0;
-}
+++ /dev/null
-#ifndef __LOGGER_H
-#define __LOGGER_H
-
-void openLogger();
-void logstr(const char *str);
-void logu64(u64 progId);
-void closeLogger();
-
-#endif
+++ /dev/null
-#include <3ds.h>
-
-// TODO - In the future, why not ADD code compression modes? Like, zlib, for example. Or lzss+zlib.
-
-int
-lzss_decompress(u8 *buffer)
-{
- // This WAS originally a decompilation in @yifan_lu's repo; it was rewritten
- // for readability following ctrtool's namings.
- // You can thank me for making it more readable if you'd like; I don't
- // really care. Did it for myself.
- unsigned int decompSize, v15;
- u8 *compressEndOff, *index, *stopIndex;
- char control;
- int v9, v13, v14, v16;
- int ret = 0;
-
- if (!buffer) // Return immediately when buffer is invalid.
- return 0;
-
- // v1=decompressedSize, v2=compressedSize, v3=index, v4=stopIndex
- decompSize = *((u32 *)buffer - 2);
- compressEndOff = &buffer[*((u32 *)buffer - 1)];
- index = &buffer[-(decompSize >> 24)]; // FIXME - The integer negation is due
- // to a compiler optimization. It's
- // probably okay, but...
- stopIndex = &buffer[-(decompSize & 0xFFFFFF)];
-
- while (index > stopIndex) // index > stopIndex
- {
- control = *(index-- - 1); // control (just scoping though)
- for (int i = 0; i < 8; i++) {
- if (control & 0x80) // control & 0x80
- {
- v13 = *(index - 1);
- v14 = *(index - 2);
- index -= 2;
- v15 = ((v14 | (v13 << 8)) & 0xFFFF0FFF) + 2;
- v16 = v13 + 32;
- do {
- ret = compressEndOff[v15];
- *(compressEndOff-- - 1) = ret;
- v16 -= 16;
- } while (!(v16 < 0));
- } else {
- v9 = *(index-- - 1);
- ret = v9;
- *(compressEndOff-- - 1) = v9;
- }
- control *= 2;
- if (index <= stopIndex)
- return ret;
- }
- }
-
- return ret;
-}
+++ /dev/null
-#ifndef __LZSS_H
-#define __LZSS_H
-
-int lzss_decompress(u8 *buffer);
-
-#endif
+++ /dev/null
-#include <3ds.h>
-#include <string.h>
-#include "patcher.h"
-#include "fsldr.h"
-#include "internal.h"
-
-#ifndef PATH_MAX
-#define PATH_MAX 255
-#define _MAX_LFN 255
-#endif
-#include <option.h>
-#include <patch_format.h>
-
-// Quick Search algorithm, adapted from
-// http://igm.univ-mlv.fr/~lecroq/string/node19.html#SECTION00190
-u8 *
-memfind(u8 *startPos, u32 size, const void *pattern, u32 patternSize)
-{
- const u8 *patternc = (const u8 *)pattern;
-
- // Preprocessing
- u32 table[256];
-
- for (u32 i = 0; i < 256; ++i)
- table[i] = patternSize + 1;
- for (u32 i = 0; i < patternSize; ++i)
- table[patternc[i]] = patternSize - i;
-
- // Searching
- u32 j = 0;
-
- while (j <= size - patternSize) {
- if (memcmp(patternc, startPos + j, patternSize) == 0)
- return startPos + j;
- j += table[startPos[j + patternSize]];
- }
-
- return NULL;
-}
-
-u32
-patchMemory(u8 *start, u32 size, const void *pattern, u32 patSize, int offset, const void *replace, u32 repSize, u32 count)
-{
- u32 i;
-
- for (i = 0; i < count; i++) {
- u8 *found = memfind(start, size, pattern, patSize);
-
- if (found == NULL)
- break;
-
- // FIXME - This is throwing on Werror.
- memcpy(found + offset, replace, repSize);
-
- u32 at = (u32)(found - start);
-
- if (at + patSize > size)
- break;
-
- size -= at + patSize;
- start = found + patSize;
- }
-
- return i;
-}
-
-size_t
-strnlen(const char *string, size_t maxlen)
-{
- size_t size;
-
- for (size = 0; *string && size < maxlen; string++, size++)
- ;
-
- return size;
-}
+++ /dev/null
-#ifndef __MEMORY_H
-#define __MEMORY_H
-
-//int memcmp(const void *buf1, const void *buf2, u32 size);
-u8 *memfind(u8 *startPos, u32 size, const void *pattern, u32 patternSize);
-u32 patchMemory(u8 *start, u32 size, const void *pattern, u32 patSize, int offset, const void *replace, u32 repSize, u32 count);
-size_t strnlen(const char *string, size_t maxlen);
-
-#endif
+++ /dev/null
-#include <3ds.h>
-#include <string.h>
-#include "patcher.h"
-#include "exheader.h"
-#include "fsldr.h"
-#include "internal.h"
-#include "memory.h"
-#include "logger.h"
-#include <patch_format.h>
-#include <std/unused.h>
-#include "interp.h"
-
-#ifndef PATH_MAX
-#define PATH_MAX 255
-#define _MAX_LFN 255
-#endif
-#include <option.h>
-
-#define TEXT_PATH PATH_EXEFS_TEXT "/0000000000000000"
-#define DATA_PATH PATH_EXEFS_DATA "/0000000000000000"
-#define RO_PATH PATH_EXEFS_RO "/0000000000000000"
-#define LANG_PATH PATH_LOCEMU "/0000000000000000"
-
-const char hexDigits[] = "0123456789ABCDEF";
-
-int
-fileOpen(Handle *file, FS_ArchiveID id, const char *path, int flags)
-{
- FS_Path apath;
- FS_Path ppath;
-
- apath.type = PATH_EMPTY;
- apath.size = 1;
- apath.data = (u8 *)"";
-
- ppath.type = PATH_ASCII;
- ppath.data = path;
- ppath.size = strnlen(path, PATH_MAX) + 1;
-
- return FSLDR_OpenFileDirectly(file, id, apath, ppath, flags, 0);
-}
-
-struct config_file config;
-static int failed_load_config = 1;
-
-void
-load_config()
-{
- static Handle file;
- static u32 total;
-
- // Open file.
- if (!R_SUCCEEDED(fileOpen(&file, ARCHIVE_SDMC, PATH_CONFIG, FS_OPEN_READ))) {
- // Failed to open.
- return;
- }
-
- // Read file.
- if (!R_SUCCEEDED(FSFILE_Read(file, &total, 0, &config, sizeof(struct config_file)))) {
- FSFILE_Close(file); // Read to memory.
-
- // Failed to read.
- return;
- }
-
- FSFILE_Close(file); // Read to memory.
-
- if (memcmp(config.magic, "OVAN", 4)) {
- // Incorrect magic.
- // Failed to read.
- return;
- }
-
- if (config.config_ver != config_version) {
- // Invalid version.
- return;
- }
-
- failed_load_config = 0;
-
- logstr(" loaded config file\n");
-
- return;
-}
-
-void
-hexdump_titleid(u64 progId, char *buf)
-{
- u32 i = strlen(buf) - 1;
- u32 j = 16;
- while (j--) {
- buf[i--] = hexDigits[(u32)(progId & 0xF)];
- progId >>= 4;
- }
-}
-
-static int
-loadTitleLocaleConfig(u64 progId, u8 *regionId, u8 *languageId)
-{
- // FIXME - Rewrite this function to use a single line-based config of
- // the grammar:
-
- // lang := "ja" | "en" | "fr" | "de" | "it" | "es" | "zh" | "ko" | "nl" | "pt" | "ru" | "tw"
- // region := "JP" | "US" | "EU" | "AU" | "CN" | "KO" | "TW"
- // title := (0123456789abcdef)16
- // langcode := lang . "_" . country
- // line := title langcode
-
- // So this would be valid as an example file:
- // 0040000000012300 en_US
- // 0040000000032100 ja_JP
-
- // Directory seeks have severe issues on FAT and
- // dumping configs based on 3dsdb (more than 1000) causes things
- // to kinda choke. FAT is not meant for large numbers of files per
- // directory due to linear seeks rather than tree or hash-based indexes.
-
- // This really does need a rewrite.
-
- static char path[] = LANG_PATH;
- hexdump_titleid(progId, path);
-
- static const char *regions[] = { "JPN", "USA", "EUR", "AUS", "CHN", "KOR", "TWN" };
- static const char *languages[] = { "JA", "EN", "FR", "DE", "IT", "ES", "ZH", "KO", "NL", "PT", "RU", "TW" };
- Handle file;
- Result ret = fileOpen(&file, ARCHIVE_SDMC, path, FS_OPEN_READ);
- if (R_SUCCEEDED(ret)) {
- char buf[6];
- u32 total;
- ret = FSFILE_Read(file, &total, 0, buf, 6);
- FSFILE_Close(file);
-
- if (!R_SUCCEEDED(ret) || total < 6)
- return -1;
-
- for (u32 i = 0; i < 7; i++) {
- if (memcmp(buf, regions[i], 3) == 0) {
- *regionId = (u8)i;
- logstr(" localeemu region - ");
- logstr(regions[i]);
- logstr("\n");
- break;
- }
- }
-
- for (u32 i = 0; i < 12; i++) {
- if (memcmp(buf + 4, languages[i], 2) == 0) {
- *languageId = (u8)i;
- logstr(" localeemu lang - ");
- logstr(languages[i]);
- logstr("\n");
- break;
- }
- }
-
- logstr(" localeemu read for ");
- logstr(path);
- logstr("\n");
- }
- return ret;
-}
-
-static u8 *
-getCfgOffsets(u8 *code, u32 size, u32 *CFGUHandleOffset)
-{
- // HANS:
- // Look for error code which is known to be stored near cfg:u handle
- // this way we can find the right candidate
- // (handle should also be stored right after end of candidate function)
-
- u32 n = 0, possible[24];
-
- for (u8 *pos = code + 4; n < 24 && pos < code + size - 4; pos += 4) {
- if (*(u32 *)pos == 0xD8A103F9) {
- for (u32 *l = (u32 *)pos - 4; n < 24 && l < (u32 *)pos + 4; l++)
- if (*l <= 0x10000000)
- possible[n++] = *l;
- }
- }
-
- for (u8 *CFGU_GetConfigInfoBlk2_endPos = code; CFGU_GetConfigInfoBlk2_endPos < code + size - 8; CFGU_GetConfigInfoBlk2_endPos += 4) {
- static const u32 CFGU_GetConfigInfoBlk2_endPattern[] = { 0xE8BD8010, 0x00010082 };
-
- // There might be multiple implementations of GetConfigInfoBlk2 but
- // let's search for the one we want
- u32 *cmp = (u32 *)CFGU_GetConfigInfoBlk2_endPos;
-
- if (cmp[0] == CFGU_GetConfigInfoBlk2_endPattern[0] && cmp[1] == CFGU_GetConfigInfoBlk2_endPattern[1]) {
- *CFGUHandleOffset = *((u32 *)CFGU_GetConfigInfoBlk2_endPos + 2);
-
- for (u32 i = 0; i < n; i++)
- if (possible[i] == *CFGUHandleOffset)
- return CFGU_GetConfigInfoBlk2_endPos;
-
- CFGU_GetConfigInfoBlk2_endPos += 4;
- }
- }
-
- return NULL;
-}
-
-static void
-patchCfgGetLanguage(u8 *code, u32 size, u8 languageId, u8 *CFGU_GetConfigInfoBlk2_endPos)
-{
- u8 *CFGU_GetConfigInfoBlk2_startPos; // Let's find STMFD SP (there might be
- // a NOP before, but nevermind)
-
- for (CFGU_GetConfigInfoBlk2_startPos = CFGU_GetConfigInfoBlk2_endPos - 4;
- CFGU_GetConfigInfoBlk2_startPos >= code && *((u16 *)CFGU_GetConfigInfoBlk2_startPos + 1) != 0xE92D; CFGU_GetConfigInfoBlk2_startPos -= 2)
- ;
-
- for (u8 *languageBlkIdPos = code; languageBlkIdPos < code + size; languageBlkIdPos += 4) {
- if (*(u32 *)languageBlkIdPos == 0xA0002) {
- for (u8 *instr = languageBlkIdPos - 8; instr >= languageBlkIdPos - 0x1008 && instr >= code + 4; instr -= 4) // Should be enough
- {
- if (instr[3] == 0xEB) // We're looking for BL
- {
- u8 *calledFunction = instr;
- u32 i = 0, found;
-
- do {
- u32 low24 = (*(u32 *)calledFunction & 0x00FFFFFF) << 2;
- u32 signMask = (u32)(-(low24 >> 25)) & 0xFC000000; // Sign extension
- s32 offset = (s32)(low24 | signMask) + 8; // Branch offset + 8 for prefetch
-
- calledFunction += offset;
-
- found = calledFunction >= CFGU_GetConfigInfoBlk2_startPos - 4 && calledFunction <= CFGU_GetConfigInfoBlk2_endPos;
- i++;
- } while (i < 2 && !found && calledFunction[3] == 0xEA);
-
- if (found) {
- *((u32 *)instr - 1) = 0xE3A00000 | languageId; // mov r0, sp
- // => mov r0, =languageId
- *(u32 *)instr = 0xE5CD0000; // bl
- // CFGU_GetConfigInfoBlk2 =>
- // strb r0, [sp]
- *((u32 *)instr + 1) = 0xE3B00000; // (1 or 2 instructions) => movs
- // r0, 0 (result code)
-
- logstr(" patched cfggetlanguage\n");
-
- // We're done
- return;
- }
- }
- }
- }
- }
-}
-
-static void
-patchCfgGetRegion(u8 *code, u32 size, u8 regionId, u32 CFGUHandleOffset)
-{
- for (u8 *cmdPos = code; cmdPos < code + size - 28; cmdPos += 4) {
- static const u32 cfgSecureInfoGetRegionCmdPattern[] = { 0xEE1D4F70, 0xE3A00802, 0xE5A40080 };
-
- u32 *cmp = (u32 *)cmdPos;
-
- if (cmp[0] == cfgSecureInfoGetRegionCmdPattern[0] && cmp[1] == cfgSecureInfoGetRegionCmdPattern[1] && cmp[2] == cfgSecureInfoGetRegionCmdPattern[2] &&
- *((u16 *)cmdPos + 7) == 0xE59F && *(u32 *)(cmdPos + 20 + *((u16 *)cmdPos + 6)) == CFGUHandleOffset) {
- *((u32 *)cmdPos + 4) = 0xE3A00000 | regionId; // mov r0, =regionId
- *((u32 *)cmdPos + 5) = 0xE5C40008; // strb r0, [r4, 8]
- *((u32 *)cmdPos + 6) = 0xE3B00000; // movs r0, 0 (result
- // code) ('s' not needed but nvm)
- *((u32 *)cmdPos + 7) = 0xE5840004; // str r0, [r4, 4]
-
- // The remaining, not patched, function code will do the rest for us
- break;
- }
- }
-
- logstr(" patched cfggetregion\n");
-}
-
-static void
-adjust_cpu_settings(_UNUSED u64 progId, u8 *code, u32 size)
-{
- if (!failed_load_config) {
- u32 cpuSetting = 0;
- // L2
- cpuSetting |= config.options[OPTION_LOADER_CPU_L2];
- // Speed
- cpuSetting |= config.options[OPTION_LOADER_CPU_800MHZ] << 1;
-
- if (cpuSetting) {
- static const u8 cfgN3dsCpuPattern[] = { 0x00, 0x40, 0xA0, 0xE1, 0x07, 0x00 };
-
- u32 *cfgN3dsCpuLoc = (u32 *)memfind(code, size, cfgN3dsCpuPattern, sizeof(cfgN3dsCpuPattern));
-
- // Patch N3DS CPU Clock and L2 cache setting
- if (cfgN3dsCpuLoc != NULL) {
- *(cfgN3dsCpuLoc + 1) = 0xE1A00000;
- *(cfgN3dsCpuLoc + 8) = 0xE3A00000 | cpuSetting;
- }
- }
- }
-
- logstr(" patched cpu\n");
-}
-
-void
-language_emu(u64 progId, u8 *code, u32 size)
-{
- if (!failed_load_config && config.options[OPTION_LOADER_LANGEMU]) {
- u32 tidHigh = (progId & 0xFFFFFFF000000000LL) >> 0x24;
-
- if (tidHigh == 0x0004000) { // Normal Game
- // Language emulation
- u8 regionId = 0xFF, languageId = 0xFF;
-
- if (R_SUCCEEDED(loadTitleLocaleConfig(progId, ®ionId, &languageId))) {
- u32 CFGUHandleOffset;
-
- u8 *CFGU_GetConfigInfoBlk2_endPos = getCfgOffsets(code, size, &CFGUHandleOffset);
-
- if (CFGU_GetConfigInfoBlk2_endPos != NULL) {
- if (languageId != 0xFF)
- patchCfgGetLanguage(code, size, languageId, CFGU_GetConfigInfoBlk2_endPos);
- if (regionId != 0xFF)
- patchCfgGetRegion(code, size, regionId, CFGUHandleOffset);
- }
- }
- }
- }
-}
-
-void
-overlay_patch(_UNUSED u64 progId, _UNUSED u8 *code, _UNUSED u32 size)
-{
- // TODO - Implement. Needs some thought. This should allow usage of files off SD rather than RomFS.
-
- /* Okay, so in a nutshell, here's how the alternatives work:
- * -----------------------------------------------------------------
- * NTR / layeredFS
- *
- * NTR injects itself in the process' memory, so the plugin running
- * is a part of the program for all intents. That explains a few
- * things.
- *
- * What layeredFS does is hook fsRegArchive with its' own callback,
- * and fsOpenFile as well (in the program.) The fsRegArchive hook
- * registers a SDMC archive as ram:/ (instead of rom:/) as well as
- * the usual setup. When calling fsOpenFile, it checks to see if
- * a rom:/ path is used and if a file exists at ram:/ (and if so,
- * replaces o -> a.
- *
- * Things running in NTR are automatically patched for SD access,
- * too, which can be solved from here (considering we patch OURSELF
- * to do so in loader)
- *
- * layeredFS lacks any comments to help decipher but that's what I
- * understand, at least.
- *
- * While it also could memsearch at runtime and work as generic,
- * it doesn't. It uses a python script to find static offsets.
- * There's really no good reason for it to be implemented this way.
- *
- * -----------------------------------------------------------------
- * HANS
- *
- * So, considering the code isn't terribly well documented, this may
- * be wrong. Feel free to correct me.
- *
- * All the archive mounting/reading functions are taken over by HANS
- * and replaced with its own hooks instead.
- *
- * HANS does so in an incredibly interesting way using darm. It
- * disassembles the code to find what it's looking for, and extracts
- * offsets from branches. It calculates where it can inject the code
- * and re-allocates the space for its own hooks.
- *
- * In the end, HANS takes over the RomFS mounting code so it mounts
- * off the SD rather than the game. It doesn't take over fsOpenFile
- * because the game has correct handles passed around for the RomFS.
- *
- * This is probably incredibly inefficient but also entirely fool-
- * proof.
- * -----------------------------------------------------------------
- *
- * The best approach here is to implement the hooks like layeredFS
- * does and append code to the text segment. This has a few
- * negatives, namely, we have to write it as assembler.
- *
- * Otherwise, it is completely viable to do this from loader.
- */
-}
-
-void
-code_handler(u64 progId, prog_addrs_t *shared)
-{
- // If configuration was not loaded, or both options (load / dump) are disabled
- if (failed_load_config || (!config.options[OPTION_LOADER_DUMPCODE] && !config.options[OPTION_LOADER_LOADCODE]))
- return;
-
- u32 highTid = progId >> 0x20;
-
- if (!(highTid == 0x00040000 || highTid == 0x00040002) && !config.options[OPTION_LOADER_DUMPCODE_ALL])
- return;
-
- static char text_path[] = TEXT_PATH;
- static char data_path[] = DATA_PATH;
- static char ro_path[] = RO_PATH;
- Handle code_f;
-
- hexdump_titleid(progId, text_path);
- hexdump_titleid(progId, data_path);
- hexdump_titleid(progId, ro_path);
-
- u32 len;
-
- // Text section.
-
- // Attempts to load code section from SD card, including system titles/modules/etc.
- if (R_SUCCEEDED(fileOpen(&code_f, ARCHIVE_SDMC, text_path, FS_OPEN_READ)) && config.options[OPTION_LOADER_LOADCODE]) {
- FSFILE_Read(code_f, &len, 0, (void*)shared->text_addr, shared->text_size << 12);
- logstr(" loaded text from ");
- logstr(text_path);
- logstr("\n");
- }
- // Either system title with OPTION_LOADER_DUMPCODE_ALL enabled, or regular title
- else if (config.options[OPTION_LOADER_DUMPCODE]) {
- if (R_SUCCEEDED(fileOpen(&code_f, ARCHIVE_SDMC, text_path, FS_OPEN_WRITE | FS_OPEN_CREATE))) {
- FSFILE_Write(code_f, &len, 0, (void*)shared->text_addr, shared->text_size << 12, FS_WRITE_FLUSH | FS_WRITE_UPDATE_TIME);
- logstr(" dumped text to ");
- logstr(text_path);
- logstr("\n");
- }
- }
- FSFILE_Close(code_f);
-
- // Data section.
-
- // Attempts to load code section from SD card, including system titles/modules/etc.
- if (R_SUCCEEDED(fileOpen(&code_f, ARCHIVE_SDMC, data_path, FS_OPEN_READ)) && config.options[OPTION_LOADER_LOADCODE]) {
- FSFILE_Read(code_f, &len, 0, (void*)shared->data_addr, shared->data_size << 12);
- logstr(" loaded data from ");
- logstr(data_path);
- logstr("\n");
- }
- // Either system title with OPTION_LOADER_DUMPCODE_ALL enabled, or regular title
- else if (config.options[OPTION_LOADER_DUMPCODE]) {
- if (R_SUCCEEDED(fileOpen(&code_f, ARCHIVE_SDMC, data_path, FS_OPEN_WRITE | FS_OPEN_CREATE))) {
- FSFILE_Write(code_f, &len, 0, (void*)shared->data_addr, shared->data_size << 12, FS_WRITE_FLUSH | FS_WRITE_UPDATE_TIME);
- logstr(" dumped data to ");
- logstr(data_path);
- logstr("\n");
- }
- }
- FSFILE_Close(code_f);
-
- // RO Section.
-
- // Attempts to load code section from SD card, including system titles/modules/etc.
- if (R_SUCCEEDED(fileOpen(&code_f, ARCHIVE_SDMC, ro_path, FS_OPEN_READ)) && config.options[OPTION_LOADER_LOADCODE]) {
- FSFILE_Read(code_f, &len, 0, (void*)shared->ro_addr, shared->ro_size << 12);
- logstr(" loaded ro from ");
- logstr(ro_path);
- logstr("\n");
- }
- // Either system title with OPTION_LOADER_DUMPCODE_ALL enabled, or regular title
- else if (config.options[OPTION_LOADER_DUMPCODE]) {
- if (R_SUCCEEDED(fileOpen(&code_f, ARCHIVE_SDMC, ro_path, FS_OPEN_WRITE | FS_OPEN_CREATE))) {
- FSFILE_Write(code_f, &len, 0, (void*)shared->ro_addr, shared->ro_size << 12, FS_WRITE_FLUSH | FS_WRITE_UPDATE_TIME);
- logstr(" dumped ro to ");
- logstr(ro_path);
- logstr("\n");
- }
- }
- FSFILE_Close(code_f);
-}
-
-// This is only for the .code segment.
-void
-patch_exe(u64 progId, u16 progver, u8 *text, _UNUSED u32 text_size, u32 orig_text, u8 *data, _UNUSED u32 data_size, u32 orig_data, u8 *ro, _UNUSED u32 ro_size, u32 orig_ro)
-{
- if (progId == 0x0004013000008002LL)
- adjust_cpu_settings(progId, text, orig_text);
-
- execb(progId, progver, text, orig_text, data, orig_data, ro, orig_ro);
-
- language_emu(progId, text, orig_text);
-}
-
-// Gets how many bytes .text must be extended by for patches to fit.
-u32
-get_text_extend(_UNUSED u64 progId, _UNUSED u16 progver, _UNUSED u32 size_orig)
-{
- return 0; // Stub - nothing needs this yet
-}
-
-// Gets how many bytes .ro must be extended.
-u32
-get_ro_extend(_UNUSED u64 progId, _UNUSED u16 progver, _UNUSED u32 size_orig)
-{
- return 0; // Stub - nothing needs this yet
-}
-
-// Again, same, but for .data.
-u32
-get_data_extend(_UNUSED u64 progId, _UNUSED u16 progver, _UNUSED u32 size_orig)
-{
- return 0; // Stub - nothing needs this yet
-}
-
-// Get CPU speed for progId.
-u8
-get_cpumode(_UNUSED u64 progId)
-{
- return 0xff; // Skip.
-}
+++ /dev/null
-#ifndef __PATCHER_H
-#define __PATCHER_H
-
-#include <3ds/types.h>
-#include "exheader.h"
-
-void patch_exe(u64 progId, u16 progver, u8 *text, u32 text_size, u32 orig_text, u8 *data, u32 data_size, u32 orig_data, u8 *ro, u32 ro_size, u32 orig_ro);
-
-void code_handler(u64 progId, prog_addrs_t* shared);
-
-u32 get_text_extend(u64 progId, u16 progver, u32 size_orig);
-u32 get_ro_extend(u64 progId, u16 progver, u32 size_orig);
-u32 get_data_extend(u64 progId, u16 progver, u32 size_orig);
-
-void load_config();
-
-int fileOpen(Handle *file, FS_ArchiveID id, const char *path, int flags);
-
-u8 get_cpumode(u64 progId);
-
-void hexdump_titleid(u64 progId, char *buf);
-
-#endif
+++ /dev/null
-#include <3ds.h>
-#include <string.h>
-#include "pxipm.h"
-#include "srvsys.h"
-
-static Handle pxipmHandle;
-static int pxipmRefCount;
-
-Result
-pxipmInit(void)
-{
- Result ret = 0;
-
- if (AtomicPostIncrement(&pxipmRefCount))
- return 0;
-
- ret = srvSysGetServiceHandle(&pxipmHandle, "PxiPM");
-
- if (R_FAILED(ret))
- AtomicDecrement(&pxipmRefCount);
- return ret;
-}
-
-void
-pxipmExit(void)
-{
- if (AtomicDecrement(&pxipmRefCount))
- return;
- svcCloseHandle(pxipmHandle);
-}
-
-Result
-PXIPM_RegisterProgram(u64 *prog_handle, FS_ProgramInfo *title, FS_ProgramInfo *update)
-{
- u32 *cmdbuf = getThreadCommandBuffer();
-
- cmdbuf[0] = IPC_MakeHeader(0x2, 8, 0); // 0x20200
- memcpy(&cmdbuf[1], &title->programId, sizeof(u64));
- *(u8 *)&cmdbuf[3] = title->mediaType;
- memcpy(((u8 *)&cmdbuf[3]) + 1, &title->padding, 7);
- memcpy(&cmdbuf[5], &update->programId, sizeof(u64));
- *(u8 *)&cmdbuf[7] = update->mediaType;
- memcpy(((u8 *)&cmdbuf[7]) + 1, &update->padding, 7);
-
- Result ret = 0;
- if (R_FAILED(ret = svcSendSyncRequest(pxipmHandle)))
- return ret;
- *prog_handle = *(u64 *)&cmdbuf[2];
-
- return cmdbuf[1];
-}
-
-Result
-PXIPM_GetProgramInfo(exheader_header *exheader, u64 prog_handle)
-{
- u32 *cmdbuf = getThreadCommandBuffer();
-
- cmdbuf[0] = IPC_MakeHeader(0x1, 2, 2); // 0x10082
- cmdbuf[1] = (u32)(prog_handle);
- cmdbuf[2] = (u32)(prog_handle >> 32);
- cmdbuf[3] = (0x400 << 8) | 0x4;
- cmdbuf[4] = (u32)exheader;
-
- Result ret = 0;
- if (R_FAILED(ret = svcSendSyncRequest(pxipmHandle)))
- return ret;
-
- return cmdbuf[1];
-}
-
-Result
-PXIPM_UnregisterProgram(u64 prog_handle)
-{
- u32 *cmdbuf = getThreadCommandBuffer();
-
- cmdbuf[0] = IPC_MakeHeader(0x3, 2, 0); // 0x30080
- cmdbuf[1] = (u32)(prog_handle);
- cmdbuf[2] = (u32)(prog_handle >> 32);
-
- Result ret = 0;
- if (R_FAILED(ret = svcSendSyncRequest(pxipmHandle)))
- return ret;
-
- return cmdbuf[1];
-}
+++ /dev/null
-#ifndef __PXIPM_H
-#define __PXIPM_H
-
-#include <3ds/types.h>
-#include "exheader.h"
-
-Result pxipmInit(void);
-void pxipmExit(void);
-Result PXIPM_RegisterProgram(u64 *prog_handle, FS_ProgramInfo *title, FS_ProgramInfo *update);
-Result PXIPM_GetProgramInfo(exheader_header *exheader, u64 prog_handle);
-Result PXIPM_UnregisterProgram(u64 prog_handle);
-
-#endif
+++ /dev/null
-#include <3ds.h>
-#include <string.h>
-#include "srvsys.h"
-
-static Handle srvHandle;
-static int srvRefCount;
-static RecursiveLock initLock;
-static int initLockinit = 0;
-
-Result
-srvSysInit()
-{
- Result rc = 0;
-
- if (!initLockinit) {
- RecursiveLock_Init(&initLock);
- }
-
- RecursiveLock_Lock(&initLock);
-
- if (srvRefCount > 0) {
- RecursiveLock_Unlock(&initLock);
- return MAKERESULT(RL_INFO, RS_NOP, 25, RD_ALREADY_INITIALIZED);
- }
-
- while (1) {
- rc = svcConnectToPort(&srvHandle, "srv:");
- if (R_LEVEL(rc) != RL_PERMANENT || R_SUMMARY(rc) != RS_NOTFOUND || R_DESCRIPTION(rc) != RD_NOT_FOUND)
- break;
- svcSleepThread(500000);
- }
- if (R_SUCCEEDED(rc)) {
- rc = srvSysRegisterClient();
- srvRefCount++;
- }
-
- RecursiveLock_Unlock(&initLock);
- return rc;
-}
-
-Result
-srvSysRegisterClient(void)
-{
- Result rc = 0;
- u32 *cmdbuf = getThreadCommandBuffer();
-
- cmdbuf[0] = IPC_MakeHeader(0x1, 0, 2); // 0x10002
- cmdbuf[1] = IPC_Desc_CurProcessHandle();
-
- if (R_FAILED(rc = svcSendSyncRequest(srvHandle)))
- return rc;
-
- return cmdbuf[1];
-}
-
-Result
-srvSysExit()
-{
- Result rc;
- RecursiveLock_Lock(&initLock);
-
- if (srvRefCount > 1) {
- srvRefCount--;
- RecursiveLock_Unlock(&initLock);
- return MAKERESULT(RL_INFO, RS_NOP, 25, RD_BUSY);
- }
-
- if (srvHandle != 0)
- svcCloseHandle(srvHandle);
- else
- svcBreak(USERBREAK_ASSERT);
- rc = (Result)srvHandle; // yeah, I think this is a benign bug
- srvHandle = 0;
- srvRefCount--;
- RecursiveLock_Unlock(&initLock);
- return rc;
-}
-
-Result
-srvSysGetServiceHandle(Handle *out, const char *name)
-{
- Result rc = 0;
- u32 *cmdbuf = getThreadCommandBuffer();
-
- cmdbuf[0] = IPC_MakeHeader(0x5, 4, 0); // 0x50100
- strncpy((char *)&cmdbuf[1], name, 8);
- cmdbuf[3] = strlen(name);
- cmdbuf[4] = 0x0;
-
- if (R_FAILED(rc = svcSendSyncRequest(srvHandle)))
- return rc;
-
- if (out)
- *out = cmdbuf[3];
-
- return cmdbuf[1];
-}
-
-Result
-srvSysEnableNotification(Handle *semaphoreOut)
-{
- Result rc = 0;
- u32 *cmdbuf = getThreadCommandBuffer();
-
- cmdbuf[0] = IPC_MakeHeader(0x2, 0, 0);
-
- if (R_FAILED(rc = svcSendSyncRequest(srvHandle)))
- return rc;
-
- if (semaphoreOut)
- *semaphoreOut = cmdbuf[3];
-
- return cmdbuf[1];
-}
-
-Result
-srvSysReceiveNotification(u32 *notificationIdOut)
-{
- Result rc = 0;
- u32 *cmdbuf = getThreadCommandBuffer();
-
- cmdbuf[0] = IPC_MakeHeader(0xB, 0, 0); // 0xB0000
-
- if (R_FAILED(rc = svcSendSyncRequest(srvHandle)))
- return rc;
-
- if (notificationIdOut)
- *notificationIdOut = cmdbuf[2];
-
- return cmdbuf[1];
-}
-
-Result
-srvSysRegisterService(Handle *out, const char *name, int maxSessions)
-{
- Result rc = 0;
- u32 *cmdbuf = getThreadCommandBuffer();
-
- cmdbuf[0] = IPC_MakeHeader(0x3, 4, 0); // 0x30100
- strncpy((char *)&cmdbuf[1], name, 8);
- cmdbuf[3] = strlen(name);
- cmdbuf[4] = maxSessions;
-
- if (R_FAILED(rc = svcSendSyncRequest(srvHandle)))
- return rc;
-
- if (out)
- *out = cmdbuf[3];
-
- return cmdbuf[1];
-}
-
-Result
-srvSysUnregisterService(const char *name)
-{
- Result rc = 0;
- u32 *cmdbuf = getThreadCommandBuffer();
-
- cmdbuf[0] = IPC_MakeHeader(0x4, 3, 0); // 0x400C0
- strncpy((char *)&cmdbuf[1], name, 8);
- cmdbuf[3] = strlen(name);
-
- if (R_FAILED(rc = svcSendSyncRequest(srvHandle)))
- return rc;
-
- return cmdbuf[1];
-}
+++ /dev/null
-/**
- * @file srv.h
- * @brief Service API.
- */
-#ifndef __SRVSYS_H
-#define __SRVSYS_H
-
-/// Initializes the service API.
-Result srvSysInit(void);
-
-/// Exits the service API.
-Result srvSysExit(void);
-
-/**
- * @brief Retrieves a service handle, retrieving from the environment handle
- * list if possible.
- * @param out Pointer to write the handle to.
- * @param name Name of the service.
- */
-Result srvSysGetServiceHandle(Handle *out, const char *name);
-
-/// Registers the current process as a client to the service API.
-Result srvSysRegisterClient(void);
-
-/**
- * @brief Enables service notificatios, returning a notification semaphore.
- * @param semaphoreOut Pointer to output the notification semaphore to.
- */
-Result srvSysEnableNotification(Handle *semaphoreOut);
-
-/**
- * @brief Receives a notification.
- * @param notificationIdOut Pointer to output the ID of the received
- * notification to.
- */
-Result srvSysReceiveNotification(u32 *notificationIdOut);
-
-/**
- * @brief Registers the current process as a service.
- * @param out Pointer to write the service handle to.
- * @param name Name of the service.
- * @param maxSessions Maximum number of sessions the service can handle.
- */
-Result srvSysRegisterService(Handle *out, const char *name, int maxSessions);
-
-/**
- * @brief Unregisters the current process as a service.
- * @param name Name of the service.
- */
-Result srvSysUnregisterService(const char *name);
-
-#endif
+++ /dev/null
-#!/usr/bin/env python2
-# -*- encoding: utf8 -*-
-
-# This assembler is very dumb and needs severe improvement.
-# Maybe I should rewrite it as an LLVM backend. That would
-# be much easier to maintain and far less hackish.
-
-# Either way, expect this code to change, a lot. The bytecode
-# format probably won't.
-
-import os
-import sys
-import re
-import struct
-
-in_file = ""
-out_file = ""
-
-def usage():
- print("Usage: " + sys.argv[0] + " <input.bas> <output.bco>")
-
-lines = 0
-def syn_err(x):
- print("error - " + str(line) + " - " + x)
- exit(2)
-
-def rel_name(x):
- return {
- 'native' : "00",
- 'agb' : "01",
- 'twl' : "02",
-
- 'native_p9': "03",
- 'agb_p9' : "04",
- 'twl_p9' : "05",
-
- 'native_s0': "06",
- 'native_s1': "07",
- 'native_s2': "08",
- 'native_s3': "09",
-
- 'agb_s0' : "0A",
- 'agb_s1' : "0B",
- 'agb_s2' : "0C",
- 'agb_s3' : "0D",
-
- 'twl_s0' : "0E",
- 'twl_s1' : "0F",
- 'twl_s2' : "10",
- 'twl_s3' : "11",
-
- 'exe_text' : "12",
- 'exe_data' : "13",
- 'exe_ro' : "14",
- }.get(x, "-1")
-
-name = "NO NAME"
-desc = "NO DESC"
-title = []
-ver = "01"
-flags = []
-uuid = ""
-deps = []
-size = 0
-offsets = {}
-
-def pad_zero_r(x, c):
- while len(x) < c:
- x = x + bytearray([0])
- return x
-
-
-def pad_zero_l(x, c):
- while len(x) < c:
- x = bytearray([0]) + x
- return x
-
-def cat_list(list):
- retstr = ""
- for str in list:
- retstr += str + " "
- return retstr
-
-def parse_op(token_list, instr_offs):
- global title
- global desc
- global name
- global ver
- global flags
- global uuid
- global deps
- s = len(token_list) # Get size.
- if s == 0:
- return bytearray() # Empty.
-
- elif token_list[0][-1:] == ":":
- if instr_offs == None: # Label.
- offsets[token_list[0][:-1]] = size
- return bytearray()
-
- elif token_list[0] == "#": # Comment.
- if s < 3:
- return bytearray() # Nope.
- elif token_list[1] == "$name": # Meta: name
- name = cat_list(token_list[2:])
- elif token_list[1] == "$desc": # Description
- desc = cat_list(token_list[2:])
- elif token_list[1] == "$title": # Title list
- title = token_list[2:]
- elif token_list[1] == "$ver": # Version
- ver = token_list[2]
- elif token_list[1] == "$uuid": # UUID
- uuid = token_list[2]
- elif token_list[1] == "$flags": # Flags
- flags = token_list[2:]
- elif token_list[1] == "$deps": # Flags
- deps = token_list[2:]
-
- return bytearray()
-
- if token_list[0] == "nop": # Nop. Expects 0 args.
- return bytearray.fromhex("00")
- elif token_list[0] == "rel": # Rel. Expects one argument. Possibly requires mapping.
- if s != 2:
- syn_err("expected one argument")
-
- index = rel_name(token_list[1])
- if index == "-1":
- # TODO - Check if an integer was passed.
- syn_err("invalid argument")
-
- return bytearray.fromhex("01" + index)
- elif token_list[0] == "find":
- if s != 2:
- syn_err("invalid number of arguments")
-
- if token_list[1][:1] == "\"": # Quoted string.
- data = bytearray(eval(token_list[1]).encode('utf-8'))
- return bytearray.fromhex("02") + bytearray([len(data)]) + data
- elif token_list[1][:2] == "u\"": # Wide quoted string.
- data = bytearray(eval(token_list[1]).encode('utf-16le'))
- return bytearray.fromhex("02") + bytearray([len(data)]) + data
- else:
- # We cut corners and calculate stuff manually.
- return bytearray.fromhex("02") + bytearray([len(token_list[1]) / 2]) + bytearray.fromhex(token_list[1])
- elif token_list[0] == "back":
- if s != 2:
- syn_err("invalid number of arguments")
-
- return bytearray.fromhex("03" + token_list[1])
- elif token_list[0] == "fwd":
- if s != 2:
- syn_err("invalid number of arguments")
-
- return bytearray.fromhex("04" + token_list[1])
- elif token_list[0] == "set":
- if s != 2:
- syn_err("invalid number of arguments")
-
- if token_list[1][:1] == "\"": # Quoted string.
- data = bytearray(eval(token_list[1]).encode('utf-8'))
- return bytearray.fromhex("05") + bytearray([len(data)]) + data
- elif token_list[1][:2] == "u\"": # Wide quoted string.
- data = bytearray(eval(token_list[1]).encode('utf-16le'))
- return bytearray.fromhex("05") + bytearray([len(data)]) + data
- else:
- # We cut corners and calculate stuff manually.
- return bytearray.fromhex("05") + bytearray([len(token_list[1]) / 2]) + bytearray.fromhex(token_list[1])
- elif token_list[0] == "test":
- if s != 2:
- syn_err("invalid number of arguments")
-
- if token_list[1][:1] == "\"": # Quoted string.
- data = bytearray(eval(token_list[1]).encode('utf-8'))
- return bytearray.fromhex("06") + bytearray([len(data)]) + data
- elif token_list[1][:2] == "u\"": # Wide quoted string.
- data = bytearray(eval(token_list[1]).encode('utf-16le'))
- return bytearray.fromhex("06") + bytearray([len(data)]) + data
- else:
- # We cut corners and calculate stuff manually.
- return bytearray.fromhex("06") + bytearray([len(token_list[1]) / 2]) + bytearray.fromhex(token_list[1])
- elif token_list[0] == "jmp":
- if s != 2:
- syn_err("invalid number of arguments")
-
- if instr_offs == None:
- return bytearray.fromhex("070000")
- else:
- val = bytearray(struct.pack(">H", offsets[token_list[1]]))
- val.reverse()
- return bytearray.fromhex("07") + pad_zero_r(val, 2)
- elif token_list[0] == "rewind":
- return bytearray.fromhex("08")
- elif token_list[0] == "and":
- if s != 2:
- syn_err("invalid number of arguments")
-
- # We cut corners and calculate stuff manually.
- return bytearray.fromhex("09") + bytearray([len(token_list[1]) / 2]) + bytearray.fromhex(token_list[1])
- elif token_list[0] == "or":
- if s != 2:
- syn_err("invalid number of arguments")
-
- # We cut corners and calculate stuff manually.
- return bytearray.fromhex("0A") + bytearray([len(token_list[1]) / 2]) + bytearray.fromhex(token_list[1])
- elif token_list[0] == "xor":
- if s != 2:
- syn_err("invalid number of arguments")
-
- # We cut corners and calculate stuff manually.
- return bytearray.fromhex("0B") + bytearray([len(token_list[1]) / 2]) + bytearray.fromhex(token_list[1])
- elif token_list[0] == "not":
- if s != 2:
- syn_err("invalid number of arguments")
-
- return bytearray.fromhex("0C") + bytearray.fromhex(token_list[1])
- elif token_list[0] == "ver":
- if s != 2:
- syn_err("invalid number of arguments")
-
- return bytearray.fromhex("0D") + bytearray.fromhex(token_list[1])
- elif token_list[0] == "clf":
- return bytearray.fromhex("0E")
- elif token_list[0] == "seek":
- if s != 2:
- syn_err("invalid number of arguments")
-
- val = bytearray.fromhex(token_list[1])
- val.reverse()
- return bytearray.fromhex("0F") + val
- elif token_list[0] == "jmpeq":
- if s != 2:
- syn_err("invalid number of arguments")
-
- if instr_offs == None:
- return bytearray.fromhex("070000")
- else:
- val = bytearray(struct.pack(">H", offsets[token_list[1]]))
- val.reverse()
- return bytearray.fromhex("17") + pad_zero_r(val, 2)
- elif token_list[0] == "jmpne":
- if s != 2:
- syn_err("invalid number of arguments")
-
- if instr_offs == None:
- return bytearray.fromhex("070000")
- else:
- val = bytearray(struct.pack(">H", offsets[token_list[1]]))
- val.reverse()
- return bytearray.fromhex("27") + pad_zero_r(val, 2)
- elif token_list[0] == "jmplt":
- if s != 2:
- syn_err("invalid number of arguments")
-
- if instr_offs == None:
- return bytearray.fromhex("070000")
- else:
- val = bytearray(struct.pack(">H", offsets[token_list[1]]))
- val.reverse()
- return bytearray.fromhex("37") + pad_zero_r(val, 2)
- elif token_list[0] == "jmpgt":
- if s != 2:
- syn_err("invalid number of arguments")
-
- if instr_offs == None:
- return bytearray.fromhex("070000")
- else:
- val = bytearray(struct.pack(">H", offsets[token_list[1]]))
- val.reverse()
- return bytearray.fromhex("47") + pad_zero_r(val, 2)
- elif token_list[0] == "jmple":
- if s != 2:
- syn_err("invalid number of arguments")
-
- if instr_offs == None:
- return bytearray.fromhex("070000")
- else:
- val = bytearray(struct.pack(">H", offsets[token_list[1]]))
- val.reverse()
- return bytearray.fromhex("57") + pad_zero_r(val, 2)
- elif token_list[0] == "jmpge":
- if s != 2:
- syn_err("invalid number of arguments")
-
- if instr_offs == None:
- return bytearray.fromhex("070000")
- else:
- val = bytearray(struct.pack(">H", offsets[token_list[1]]))
- val.reverse()
- return bytearray.fromhex("67") + pad_zero_r(val, 2)
- elif token_list[0] == "jmpf":
- if s != 2:
- syn_err("invalid number of arguments")
-
- if instr_offs == None:
- return bytearray.fromhex("070000")
- else:
- val = bytearray(struct.pack(">H", offsets[token_list[1]]))
- val.reverse()
- return bytearray.fromhex("77") + pad_zero_r(val, 2)
- elif token_list[0] == "jmpnf":
- if s != 2:
- syn_err("invalid number of arguments")
-
- if instr_offs == None:
- return bytearray.fromhex("070000")
- else:
- val = bytearray(struct.pack(">H", offsets[token_list[1]]))
- val.reverse()
- return bytearray.fromhex("87") + pad_zero_r(val, 2)
- elif token_list[0] == "n3ds": # Sets the eq flag if this is an n3ds.
- return bytearray.fromhex("10")
- elif token_list[0] == "abort":
- return bytearray.fromhex("18")
- elif token_list[0] == "aborteq":
- return bytearray.fromhex("28")
- elif token_list[0] == "abortne":
- return bytearray.fromhex("38")
- elif token_list[0] == "abortlt":
- return bytearray.fromhex("48")
- elif token_list[0] == "abortgt":
- return bytearray.fromhex("58")
- elif token_list[0] == "abortf":
- return bytearray.fromhex("68")
- elif token_list[0] == "abortnf":
- return bytearray.fromhex("78")
-
-def flag_convert(x):
- flags = 0
- for f in x:
- if f == "require":
- flags &= 0x1
- if f == "devmode":
- flags &= 0x2
- if f == "noabort":
- flags &= 0x4
- return pad_zero_r(bytearray([flags]), 4)
-
-try:
- # Read input and output files.
- in_file = sys.argv[1]
- out_file = sys.argv[2]
-except:
- usage()
- exit(1)
-
-with open(in_file, "r") as ins:
- with open(out_file, "wb") as writ:
- bytecode = bytearray()
-
- # We have to do two passes because of JMP.
- # One to figure out the opcode offsets, one
- # to actually parse everything.
-
- # FIXME - We need label support ASAP. The AGB and TWL patches I wrote make my head hurt.
-
- for line in ins:
- lines += 1
- tokens = re.split("\s+", line.strip("\n")) # Split by whitespace.
- bytes = parse_op(tokens, None) # Parse.
- if bytes:
- size += len(bytes)
-
- ins.seek(0)
-
- for line in ins:
- lines += 1
- tokens = re.split("\s+", line.strip("\n")) # Split by whitespace.
- bytes = parse_op(tokens, offsets) # Parse.
- if bytes:
- bytecode += bytes
-
- data = bytearray("AIDA")
- data += bytearray.fromhex(ver)
- data += pad_zero_r(bytearray(name), 64)
- data += pad_zero_r(bytearray(desc), 256)
- data += pad_zero_r(bytearray.fromhex(uuid), 8)
- data += flag_convert(flags)
- data += struct.pack('I', len(title))
- data += struct.pack('I', len(deps))
- data += struct.pack('I', size)
- if title:
- for f in title:
- tid = bytearray.fromhex(f) # Endianness.
- tid.reverse()
- data += tid
- if deps:
- for f in deps:
- data += pad_zero_r(bytearray.fromhex(f), 8)
- data += bytecode
- writ.write(data)
-
+++ /dev/null
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-const static char* get_desc(unsigned int index) {
- const static char *strs[] = {
- "Not found",
- "Exists already",
- "Out of space",
- "Invalidated archive",
- "Unacceptable",
- "Verification Failure",
- "Not supported",
- "Unknown",
- "Success,"
- };
-
- if (index == 0)
- return strs[8];
-
- if (index >= 100 && index < 180)
- return strs[0];
- else if (index >= 180 && index < 200)
- return strs[1];
- else if (index >= 200 && index < 220)
- return strs[2];
- else if (index >= 220 && index < 230)
- return strs[3];
- else if (index >= 230 && index < 340)
- return strs[4];
- else if (index >= 390 && index < 400)
- return strs[5];
- else if (index >= 760 && index < 780)
- return strs[6];
- return strs[7];
-}
-
-
-
-int main(int c, char** v) {
- unsigned int error, desc, module, summary, level;
- sscanf(v[1], "%08x", &error);
- printf("Code: %08x\n", error);
-
- desc = error & 0b1111111111;
- module = (error >> 10) & 0b11111111;
- summary = (error >> 21) & 0b111111;
- level = (error >> 27) & 0b11111;
-
- printf("Desc: %s (%u)\n", get_desc(desc), desc);
-
- return 0;
-}
+++ /dev/null
-#!/bin/bash
-
-# Downloads the XML from 3dsdb, parses it, and using this information generates
-# a langemu config for single-language single-region games, which can have langemu
-# without any ill consequences.
-
-ROOT=.@localedir@/emu
-
-mkdir -p $ROOT
-
-# Fetch XML.
-wget "http://3dsdb.com/xml.php" -O 3ds.tmp
-
-# Extract all needed fields: titleID, region, language
-grep '<titleid>' 3ds.tmp | sed -e 's|[[:space:]]*||g' -e 's|</*titleid>||g' > titleid.tmp
-grep '<region>' 3ds.tmp | sed -e 's|[[:space:]]*||g' -e 's|</*region>||g' > region.tmp
-grep '<languages>' 3ds.tmp | sed -e 's|[[:space:]]*||g' -e 's|</*languages>||g' > languages.tmp
-
-ENTS=0
-
-# Open all three files and read into full file, checking validity as we go
-while true; do
- read -r titleid <&3 || break
- read -r region <&4 || break
- read -r languages <&5 || break
-
- if [ "${#titleid}" == "16" ]; then
- # Length of TID is correct.
- echo "$languages" | grep ',' 2>&1 >/dev/null
- R=$?
- if [ ! $R = 0 ]; then
- # Only one language found, since no comma.
- # Output an entry.
- echo "$region $languages" | tr [:lower:] [:upper:] | sed -e 's|GER|EUR|g' -e 's|ITA|EUR|g' -e 's|FRA|EUR|g' -e 's|UKV|EUR|g' -e 's|NLD|EUR|g' > "$ROOT/$titleid"
- ENTS=$((ENTS + 1))
- fi
- fi
-done 3<titleid.tmp 4<region.tmp 5<languages.tmp
-
-echo "$(date) - $ENTS entries" > $ROOT/info
-
-rm *.tmp
#include <interrupt.h>
#include <option.h>
#include <input.h>
-#include <interp.h>
-#include <patcher.h>
-
-#include <patch/patch_file.h>
-#include <patch/emunand.h>
#endif
#include <config.h>
#ifndef ROOT
-#define ROOT "/corbenik"
+#define ROOT ""
#endif
#ifndef DATA
+++ /dev/null
-#ifndef __EMUNAND_H
-#define __EMUNAND_H
-
-#include <stdint.h>
-
-void patch_emunand(uint32_t size);
-
-#endif
+++ /dev/null
-#ifndef __PATCH_HEADER__
-#define __PATCH_HEADER__
-
-#include <stdint.h>
-
-// Build patch into CFW instead of as module.
-#define PATCH(name) int patch_##name()
-
-#endif
+++ /dev/null
-#ifndef __PATCHER_H
-#define __PATCHER_H
-
-int patch_firm_all();
-int generate_patch_cache();
-
-#endif
+++ /dev/null
-.PHONY: all
-all: build
-
-.PHONY: build
-build: clean $(patsubst %.pco, %.vco, $(wildcard *.pco))
-
-.PHONY: install
-install:
-
-%.vco: %.pco
- ../host/bytecode_asm.py $< $@
-
-clean:
- rm -f *.vco
+++ /dev/null
-# $name Title Downgrade Fix (11.0 NFIRM)
-# $desc Removes added checks to prevent downgrade of system titles (in 11.0 NATIVE_FIRM.) Do not use on any other native_firm.
-# $ver 09
-# $uuid 00
-# $flags require
-
-# Status: Working
-
-# Anti-anti-downgrade fix.
-
-# Relative to process9.
-rel native_p9
-
-# We want to patch the fifth byte of this pattern.
-find 890a814202D2
-abortnf
-fwd 05
-set E0
+++ /dev/null
-# $name AGB Bootscreen
-# $desc Force usage of GBA bios in AGB_FIRM. Games must pass the Nintendo logo check. If you see garbage instead of Nintendo, turn this off.
-# $ver 09
-# $uuid 35
-
-# TODO - Make dynamic. Also broken on O3DS.
-
-# Note - The bootscreen patch literally boots the GBA BIOS,
-# so games have to pass the Nintendo logo check. If
-# they don't, they'll fail like on a real GBA.
-
-rel agb
-
-# #############################
-
-# Bootscreen (1)
-find 000001ef
-abortnf
-fwd 02
-set 26
+++ /dev/null
-# $name AGB Signature Fix
-# $desc Patches signatures in AGB_FIRM. This allows booting unsigned GBA games.
-# $ver 09
-# $uuid 39
-
-# TODO - Use proper section.
-
-rel agb
-
-# #############################
-
-find C117491C31D0
-abortnf
-set 00204EB070BD
+++ /dev/null
-# $name Block Cart Update / Cart RF (Loader)
-# $desc Blocks update checks on cartridges and also allows region free carts, as a byproduct.
-# $title 0004013000008002
-# $ver 09
-# $uuid 01
-
-rel exe_text
-
-# Status: needs loader
-
-find 0C18E1D8
-abortnf
-set 0B1821C8
-
-find 0C18E1D8
-abortnf
-set 0B1821C8
+++ /dev/null
-# $name Block eShop Updates (Loader)
-# $desc Prevents eShop from checking for system updates.
-# $title 0004013000002C02
-# $ver 09
-# $uuid 02
-
-rel exe_text
-
-# Status: needs loader
-
-find 30B5F1B0
-abortnf
-set 002008607047
+++ /dev/null
-# $name Block NIM updates (Loader)
-# $desc Prevents NIM from downloading system updates. This is what causes the HOME menu nag.
-# $title 0004013000002C02
-# $ver 09
-# $uuid 03
-
-rel exe_text
-
-# Status: needs loader
-
-find 25790B99
-abortnf
-set E3A0
+++ /dev/null
-# $name ErrDisp devmode (Loader)
-# $desc Forces ErrDisp into displaying developer info on crashes without developer UNITINFO. Doesn't break eShop, so there's no harm in enabling this.
-# $title 0004003000008A02
-# $ver 09
-# $uuid 04
-# $flags devmode
-
-rel exe_text
-
-# Status: needs loader
-
-find 1400D0E5DB9A9FED
-abortnf
-set 0000A0E3
-
-find 1400D0E5010010E3
-abortnf
-set 0000A0E3
-
-find 1400D0E5010010E3
-abortnf
-set 0000A0E3
-
-find 1400D0E5010010E3
-abortnf
-set 0000A0E3
+++ /dev/null
-# $name Fake Friends module version (Loader)
-# $desc Allows going online without the latest firmware. Only enable on non-11.0.0 firmware.
-# $title 0004013000003202
-# $ver 09
-# $uuid 05
-# $flags noabort
-
-rel exe_text
-
-# Status: needs loader
-
-find E01EFF2FE1010101
-abortnf
-fwd 09
-set 06
+++ /dev/null
-# $name ARM11 XN Disable
-# $desc Disables the XN bit on the ARM11 kernel to allow executing code from memory. May be a security hazard.
-# $ver 09
-# $uuid 06
-# $flags devmode
-
-# 0: Relative to NATIVE_FIRM, section index [1]
-rel native_s1
-
-# 1: Find this byte string.
-find 9705000015E40000
-abortnf
-
-# Move backwards until we find what we want.
-loop_back:
-
-back 04
-test 16640100
-jmpne loop_back
-
-and ef
+++ /dev/null
-# $name Settings Version String (Loader)
-# $desc Replaces 'Ver.' with a custom string like '.hack//1100:32U'
-# $title 0004001000021000 0004001000020000 0004001000022000 0004001000026000 0004001000027000 0004001000028000
-# $ver 09
-# $uuid 07
-
-rel exe_text
-
-find u"Ver."
-
-abortnf
-
-set u".hack//%d%d%d:%d%ls"
+++ /dev/null
-# $name Force TestMenu (Loader)
-# $desc Force NS to boot TestMenu rather than HOME. TestMenu must be installed, and I can't tell you where to acquire it.
-# $title 0004013000008002
-# $ver 09
-# $uuid 1e
-
-rel exe_text
-
-# This was originally based on the code from @Reisyukaku's pastebin.
-
-# Suggestion from @TuxSH / @Steveice10.
-# Searching for a relative bl is error prone,
-# so find the code before the bl and seek forward instead
-find 1b00000abc009fe5
-abortnf
-fwd 04
-
-# mov r0, r9 (== 0x00008102)
-# mov r1, r8 (== 0x00040030)
-set 0910a0e10800a0e1
+++ /dev/null
-# $name FIRM Protection
-# $desc Prevents writing FIRM to the NAND during updates. Enable this if booting sysNAND.
-# $ver 09
-# $uuid 08
-# $flags require
-
-# Status: Untested, but theoretically fine (Next system update I'll either brick or I won't.)
-
-rel native_p9
-# String: 'exe:'
-find 6578653a
-abortnf
-
-back 01
-back ff
-
-find 002801DA
-abortnf
-set 0020C046
+++ /dev/null
-# $name Region Free HOME (Loader)
-# $desc Allows launching installed software from any region. This is only for CIA titles, not carts.
-# $title 0004003000008F02 0004003000008202 0004003000009802 000400300000A102 000400300000A902 000400300000B102
-# $ver 09
-# $uuid 09
-
-rel exe_text
-
-# Status: needs loader
-
-find 000055E30110A0E3
-abortnf
-
-# 16
-back 10
-set 0100A0E31EFF2FE1
+++ /dev/null
-# $name RO Signature Fix (Loader)
-# $desc Allows usage of unsigned/invalidly signed CRO files (shared objects/libraries) This is useful for romhacks of ORAS, for example.
-# $title 0004013000003702
-# $ver 09
-# $uuid 0a
-
-rel exe_text
-
-# Status: needs loader
-
-find 30402DE90250A0E1
-abortnf
-set 0000A0E31EFF2FE1
-
-find 30402DE924D04DE2
-abortnf
-set 0000A0E31EFF2FE1
-
-find F84F2DE90170A0E1
-abortnf
-set 0000A0E31EFF2FE1
+++ /dev/null
-# $name SecureInfo_A Signature Fix (Loader)
-# $desc Allows using unsigned or improperly signed SecureInfo_A files. Needed for region changed consoles.
-# $title 0004013000001702
-# $ver 09
-# $uuid 0b
-
-rel exe_text
-
-# Status: needs loader
-
-find 06461048FC
-abortnf
-set 0026
+++ /dev/null
-# $name Signature Fix
-# $desc Disables signature checks on all content.
-# $ver 09
-# $uuid 0c
-# $flags require
-
-# Status: Working
-
-# Signature patch.
-
-# Relative to exefs.
-rel native_p9
-
-# Pattern one.
-find c01c76e7
-abortnf
-set 0020
-
-# Rewind to beginning.
-rewind
-
-# Pattern 2.
-find b5224d0c
-abortnf
-back 01
-set 00207047
+++ /dev/null
-# $name TWL Patches
-# $desc Disables a large number of validity checks on DS, DSi and DSiware titles.
-# $ver 09
-# $uuid 34
-
-# TODO - Make dynamic. Not that hard, but some
-# fixes need more context bytes than on Steveice10's
-# pastebin
-
-# Relative to twl_firm (0)
-rel twl
-
-###########################################
-# New3ds
-
-n3ds
-jmpne old
-
-# Disable main signature checks (1)
-seek 00165D64
-set 00204EB070BD
-
-# Patch RSA function to not report invalid signatures (5)
-seek 0017474A
-set 0120
-
-# Disable header Nintendo logo check (not generally needed) (7)
-seek 0017553E
-set 00200000
-
-# Disable whitelist check (9)
-seek 001756A0
-set 00200000
-
-# Disable cartridge blacklist check (mostly, if not entirely, demo carts) (11)
-seek 00175A8E
-set 01200000
-
-# Disable save type check (13)
-seek 00175A9A
-set 01200000
-
-# Disable DSi cartridge save exploit check (15)
-seek 00175AA6
-set 01200000
-
-# Stub function commonly used to compare SHA hashes to always succeed (17)
-seek 00175B92
-set 01207047
-
-jmp end
-
-###########################################
-# Old3ds
-
-old:
-
-# Disable main signature checks (20)
-seek 001650C0
-set 00204EB070BD
-
-# Patch RSA function to not report invalid signatures (22)
-seek 00173A0E
-set 0120
-
-# Disable header Nintendo logo check (not generally needed) (24)
-seek 00174802
-set 00200000
-
-# Disable whitelist check (26)
-seek 00174964
-set 00200000
-
-# Disable cartridge blacklist check (mostly, if not entirely, demo carts) (28)
-seek 00174D52
-set 01200000
-
-# Disable save type check (30)
-seek 00174D5E
-set 01200000
-
-# Disable DSi cartridge save exploit check (32)
-seek 00174D6A
-set 01200000
-
-# Stub function commonly used to compare SHA hashes to always succeed (34)
-seek 00174E56
-set 01207047
-
-end:
+++ /dev/null
-# $name Developer UNITINFO
-# $desc Pretend to be a developer console. For the average user, loader ErrDisp is enough. This will break eShop/online access as long as it is enabled.
-# $ver 09
-# $uuid 0d
-# $flags devmode
-
-# Status: untested, but should work
-
-rel native_s2
-
-find 0110A013
-abortnf
-fwd 03
-set E3
inc_dir = $(top_srcdir)/include
-corbenik_SOURCES = patch/reboot.c patch/svc.c patch/module.c patch/emunand.c main.c option.c std/fs.c std/draw.c std/memory.c std/abort.c menu.c chain.c firm/version.c firm/firm.c firm/decryptor.c firm/fcram.c interp.c input.c patcher.c display.c start.s interrupt.c screeninit.c
+corbenik_SOURCES = main.c option.c std/fs.c std/draw.c std/memory.c std/abort.c menu.c chain.c firm/firm.c firm/decryptor.c firm/fcram.c input.c display.c start.s interrupt.c screeninit.c
#include <corbconf.h>
-#if defined(CHAINLOADER) && CHAINLOADER == 1
#include <common.h>
#include <screeninit.h>
show_menu(chains, NULL);
}
-#endif
#include <ctr9/sha.h>
#include <common.h>
-firm_h *firm_loc = (firm_h *)FCRAM_FIRM_LOC;
-uint32_t firm_size = FCRAM_SPACING;
-firm_section_h firm_proc9;
-exefs_h *firm_p9_exefs;
-
-firm_h *twl_firm_loc = (firm_h *)FCRAM_TWL_FIRM_LOC;
-uint32_t twl_firm_size = FCRAM_SPACING * 2;
-firm_section_h twl_firm_proc9;
-exefs_h *twl_firm_p9_exefs;
-
-firm_h *agb_firm_loc = (firm_h *)FCRAM_AGB_FIRM_LOC;
-uint32_t agb_firm_size = FCRAM_SPACING * 2;
-firm_section_h agb_firm_proc9;
-exefs_h *agb_firm_p9_exefs;
-
firm_h* firm0 = NULL;
firm_h* firm1 = NULL;
}
return 0;
}
-
-extern int patch_services();
-
-int
-load_firm(firm_h *dest, char *path, char *path_firmkey, char *path_cetk, uint32_t *size, uint64_t firm_title)
-{
- int status = 0;
- int firmware_changed = 0;
-
- if (read_file(dest, path, *size) == 0) {
- fprintf(stderr, " FIRM file is missing.\n");
- return 1;
- } else {
- fprintf(stderr, " Loaded FIRM off filesystem\n");
- }
-
- // Check and decrypt FIRM if it is encrypted.
- if (dest->magic != FIRM_MAGIC) {
- status = decrypt_firm(dest, path_firmkey, path_cetk, size);
- if (status != 0) {
- fprintf(stderr, " Decryption seems to have failed\n");
- return 1;
- }
- firmware_changed = 1; // Decryption performed.
- } else {
- fprintf(stderr, " FIRM is decrypted\n");
- }
-
- struct firm_signature *fsig = get_firm_info(dest);
-
- // The N3DS firm has an additional encryption layer for ARM9
- if (fsig->console == console_n3ds) {
- // Look for the arm9 section
- for (firm_section_h *section = dest->section; section < dest->section + 4; section++) {
- if (section->type == FIRM_TYPE_ARM9) {
- // Check whether the arm9bin is encrypted.
- int arm9bin_iscrypt = 0;
- uint32_t magic = *(uint32_t *)((uintptr_t)dest + section->offset + 0x800);
- if (firm_title == NATIVE_FIRM_TITLEID)
- arm9bin_iscrypt = (magic != ARM9BIN_MAGIC);
- else if (firm_title == AGB_FIRM_TITLEID || firm_title == TWL_FIRM_TITLEID)
- arm9bin_iscrypt = (magic != LGY_ARM9BIN_MAGIC);
-
- if (arm9bin_iscrypt) {
- // Decrypt the arm9bin.
- if (decrypt_arm9bin((arm9bin_h *)((uintptr_t)dest + section->offset), firm_title, fsig->version)) {
- return 1;
- }
- firmware_changed = 1; // Decryption of arm9bin performed.
- } else {
- fprintf(stderr, " ARM9 segment is decrypted\n");
- if (firm_title == NATIVE_FIRM_TITLEID && fsig->version > 0x0F) {
- slot0x11key96_init(); // This has to be loaded
- // regardless, otherwise boot will
- // fail.
- }
- }
-
- // We assume there's only one section to decrypt.
- break;
- }
- }
- }
-
- // Save firmware.bin if decryption was done.
- if (firmware_changed) {
- fprintf(stderr, " Overwriting FIRM with decrypted FIRM\n");
- write_file(dest, path, *size);
- }
-
- if (fsig->console == console_n3ds) {
- fprintf(stderr, " Patching arm9 entrypoint\n");
-
- // Patch the entrypoint to skip arm9loader
- if (firm_title == NATIVE_FIRM_TITLEID) {
- dest->a9Entry = 0x0801B01C;
- } else if (firm_title == AGB_FIRM_TITLEID || firm_title == TWL_FIRM_TITLEID) {
- dest->a9Entry = 0x0801301C;
- }
- // The entrypoints seem to be the same across different FIRM versions,
- // so we don't change them.
- }
-
- return 0;
-}
-
-// FAIR WARNING; This function is arm11 code, not ARM9.
-// They share enough in common that this isn't a problem,
-// but still worth documenting.
-void __attribute__((naked)) arm11_preboot_halt()
-{
- *a11_entry = 0; // Don't wait for us
-
- // Disables the LCD.
- *(volatile uint32_t *)0x10202A44 = 0;
- *(volatile uint32_t *)0x10202244 = 0;
- *(volatile uint32_t *)0x1020200C = 0;
- *(volatile uint32_t *)0x10202014 = 0;
-
- while (!*a11_entry)
- ;
- ((void (*)()) * a11_entry)();
-}
-
-extern void wait();
-
-void
-boot_firm()
-{
- struct firm_signature *fsig = get_firm_info(firm_loc);
-
- // Set up the keys needed to boot a few firmwares, due to them being unset,
- // depending on which firmware you're booting from.
- // TODO: Don't use the hardcoded offset.
- if (update_96_keys && fsig->console == console_n3ds && fsig->version > 0x0F) {
- uint8_t *keydata = find_section_key();
- if (!keydata) {
- abort("Couldn't find section key.\n");
- }
-
- wait();
-
- use_aeskey(0x11);
- uint8_t keyx[AES_BLOCK_SIZE];
- for (int slot = 0x19; slot < 0x20; slot++) {
- aes(keyx, keydata, 1, NULL, AES_ECB_DECRYPT_MODE);
- setup_aeskeyX(slot, keyx);
- *(uint8_t *)(keydata + 0xF) += 1;
- }
-
- fprintf(stderr, "Updated keyX keyslots.\n");
- }
-
- for (firm_section_h *section = firm_loc->section; section < firm_loc->section + 4 && section->address != 0; section++) {
- memcpy((void *)section->address, (void *)((uint8_t*)firm_loc + section->offset), section->size);
- }
- fprintf(stderr, "Copied FIRM.\n");
-
- wait();
-
- clear_disp(stderr);
- set_cursor(stderr, 0, 0);
-
- fflush(stderr); // Flush logs if need be before unmount.
-
- fumount(); // Unmount SD. No longer needed.
-
- // No fprintf will work from here on out.
-
- *a11_entry = (uint32_t)arm11_preboot_halt;
- while (*a11_entry)
- ; // Make sure it jumped there correctly before changing it.
- *a11_entry = (uint32_t)firm_loc->a11Entry;
-
- ((void (*)())firm_loc->a9Entry)();
-}
-
-int
-find_proc9(firm_h *firm, firm_section_h *process9, exefs_h **p9exefs)
-{
- for (firm_section_h *section = firm->section; section < firm->section + 4; section++) {
- if (section->address == 0)
- break;
-
- if (section->type == FIRM_TYPE_ARM9) {
- uint8_t *arm9section = (uint8_t *)firm + section->offset;
- while (arm9section < arm9section + section->size) {
- if (!memcmp(arm9section, "Process9", 8)) { // Process9
- ncch_h *ncch = (ncch_h *)((uint8_t*)arm9section - sizeof(ncch_h));
- if (ncch->magic == NCCH_MAGIC) {
- // Found Process9
- ncch_ex_h *p9exheader = (ncch_ex_h *)(ncch + 1);
- *p9exefs = (exefs_h *)(p9exheader + 1);
- process9->address = p9exheader->sci.textCodeSet.address;
- process9->size = (*p9exefs)->fileHeaders[0].size;
- process9->offset = (uint32_t)((*p9exefs) + 1) - (uint32_t)firm;
- fprintf(stderr, " Found process9 offset\n");
- return 0;
- }
- }
- ++arm9section;
- }
- }
- }
- fprintf(stderr, " Couldn't find Process9?\n");
- return 1;
-}
-
-int firm_loaded = 0;
-
-int
-load_firms()
-{
- int state = 0;
-
- if (firm_loaded)
- return 0;
-
- fprintf(stderr, "FIRM load triggered.\n");
-
- fprintf(stderr, "Loading NATIVE_FIRM\n");
- if (load_firm(firm_loc, PATH_NATIVE_F, PATH_NATIVE_FIRMKEY, PATH_NATIVE_CETK, &firm_size, NATIVE_FIRM_TITLEID) != 0) {
- abort("\n Failed to load NATIVE_FIRM.\n");
- }
- find_proc9(firm_loc, &firm_proc9, &firm_p9_exefs);
- fprintf(stderr, " Ver: %x, %u\n", get_firm_info(firm_loc)->version, get_firm_info(firm_loc)->console );
-
- fprintf(stderr, "TWL_FIRM\n");
- if (load_firm(twl_firm_loc, PATH_TWL_F, PATH_TWL_FIRMKEY, PATH_TWL_CETK, &twl_firm_size, TWL_FIRM_TITLEID) != 0) {
- fprintf(stderr, "\n TWL_FIRM failed to load.\n");
- state = 1;
- } else {
- find_proc9(twl_firm_loc, &twl_firm_proc9, &twl_firm_p9_exefs);
- fprintf(stderr, " Ver: %x, %u\n", get_firm_info(twl_firm_loc)->version, get_firm_info(twl_firm_loc)->console );
- }
-
- fprintf(stderr, "AGB_FIRM\n");
- if (load_firm(agb_firm_loc, PATH_AGB_F, PATH_AGB_FIRMKEY, PATH_AGB_CETK, &agb_firm_size, AGB_FIRM_TITLEID) != 0) {
- fprintf(stderr, "\n AGB_FIRM failed to load.\n");
- state = 1;
- } else {
- find_proc9(agb_firm_loc, &agb_firm_proc9, &agb_firm_p9_exefs);
- fprintf(stderr, " Ver: %x, %u\n", get_firm_info(agb_firm_loc)->version, get_firm_info(agb_firm_loc)->console );
- }
-
- firm_loaded = 1; // Loaded.
-
- return state;
-}
-
-void
-boot_cfw()
-{
- fprintf(stderr, "Loading firmware...\n");
-
- load_firms();
-
- if (config.options[OPTION_RECONFIGURED]) {
- fprintf(stderr, "Generating patch cache...\n");
- generate_patch_cache();
- }
-
- fprintf(stderr, "Patching firmware...\n");
- if (patch_firm_all() != 0)
- return;
-
- if (config.options[OPTION_REBOOT] && config.options[OPTION_RECONFIGURED]) {
- fprintf(stderr, "Saving FIRM for reboot...\n");
- if (!write_file(firm_loc, PATH_NATIVE_P, firm_size))
- abort("Failed to save prepatched native\n");
-
- if (!write_file(twl_firm_loc, PATH_TWL_P, twl_firm_size))
- abort("Failed to save prepatched twl\n");
-
- if (!write_file(agb_firm_loc, PATH_AGB_P, agb_firm_size))
- abort("Failed to save prepatched agb\n");
- }
-
- boot_firm();
-}
+++ /dev/null
-#include <common.h>
-
-// We use the firm's section 0's hash to identify the version
-struct firm_signature firm_signatures[] = {
- {.sig = { 0xEE, 0xE2, 0x81, 0x2E, 0xB9, 0x10, 0x0D, 0x03, 0xFE, 0xA2, 0x3F, 0x44, 0xB5, 0x1C, 0xB3, 0x5E },
- .version = 0x1F,
- .version_string = "4.1.0",
- .console = console_o3ds },
- {.sig = { 0x8C, 0x29, 0xDA, 0x7B, 0xB5, 0x5F, 0xFE, 0x44, 0x1F, 0x66, 0x79, 0x70, 0x8E, 0xE4, 0x42, 0xE3 },
- .version = 0x2A,
- .version_string = "6.1.0",
- .console = console_o3ds },
- {.sig = { 0x1D, 0x96, 0x80, 0xD9, 0x0A, 0xA9, 0xDB, 0xE8, 0x29, 0x77, 0xCB, 0x7D, 0x90, 0x55, 0xB7, 0xF9 },
- .version = 0x30,
- .version_string = "7.2.0",
- .console = console_o3ds },
- {.sig = { 0x3B, 0x61, 0x2E, 0xBA, 0x42, 0xAE, 0x24, 0x46, 0xAD, 0x60, 0x2F, 0x7B, 0x52, 0x16, 0x82, 0x91 },
- .version = 0x37,
- .version_string = "8.0.0",
- .console = console_o3ds },
- {.sig = { 0x3F, 0xBF, 0x14, 0x06, 0x33, 0x77, 0x82, 0xDE, 0xB2, 0x68, 0x83, 0x01, 0x6B, 0x1A, 0x71, 0x69 },
- .version = 0x38,
- .version_string = "9.0.0",
- .console = console_o3ds },
- {.sig = { 0x5C, 0x6A, 0x51, 0xF3, 0x79, 0x4D, 0x21, 0x91, 0x0B, 0xBB, 0xFD, 0x17, 0x7B, 0x72, 0x6B, 0x59 },
- .version = 0x49,
- .version_string = "9.6.0",
- .console = console_o3ds },
- {.sig = { 0xF5, 0x7E, 0xC3, 0x86, 0x1F, 0x8D, 0x8E, 0xFB, 0x44, 0x61, 0xF3, 0x16, 0x51, 0x0A, 0x57, 0x7D },
- .version = 0x50,
- .version_string = "10.4.0",
- .console = console_o3ds },
- {.sig = { 0xE9, 0xAD, 0x74, 0x9D, 0x46, 0x9C, 0x9C, 0xF4, 0x96, 0x9E, 0x1A, 0x7A, 0xDF, 0x40, 0x2A, 0x82 },
- .version = 0x52,
- .version_string = "11.0.0",
- .console = console_o3ds },
- {.sig = { 0x31, 0xCC, 0x46, 0xCD, 0x61, 0x7A, 0xE7, 0x13, 0x7F, 0xE5, 0xFC, 0x20, 0x46, 0x91, 0x6A, 0xBB },
- .version = 0x04,
- .version_string = "9.0.0",
- .console = console_n3ds },
- {.sig = { 0x40, 0x35, 0x6C, 0x9A, 0x24, 0x36, 0x93, 0x7B, 0x76, 0xFE, 0x5D, 0xB1, 0x4D, 0x05, 0x06, 0x52 },
- .version = 0x0F,
- .version_string = "9.5.0",
- .console = console_n3ds },
- {.sig = { 0x07, 0xFE, 0x9A, 0x62, 0x3F, 0xDE, 0x54, 0xC1, 0x9B, 0x06, 0x91, 0xD8, 0x4F, 0x44, 0x9C, 0x21 },
- .version = 0x1B,
- .version_string = "10.2.0",
- .console = console_n3ds },
- {.sig = { 0x1A, 0x56, 0x5C, 0xFF, 0xC9, 0xCC, 0x62, 0xBB, 0x2B, 0xC2, 0x23, 0xB6, 0x4F, 0x48, 0xD1, 0xCC },
- .version = 0x1F,
- .version_string = "10.4.0",
- .console = console_n3ds },
- {.sig = { 0x52, 0x30, 0x0F, 0x55, 0xA2, 0x64, 0x4E, 0xFF, 0x96, 0x90, 0xF0, 0xE5, 0x6E, 0xC8, 0x2E, 0xB3 },
- .version = 0x21,
- .version_string = "11.0.0",
- .console = console_n3ds },
- {.sig = { 0xE8, 0xB8, 0x82, 0xF5, 0x8C, 0xC4, 0x1B, 0x24, 0x05, 0x60, 0x6D, 0xB8, 0x74, 0xF5, 0xE5, 0xDD },
- .version = 0x16,
- .version_string = "6.2.0",
- .console = console_o3ds },
- {.sig = { 0x0F, 0x05, 0xC5, 0xF3, 0x60, 0x83, 0x8B, 0x9D, 0xC8, 0x44, 0x3F, 0xB3, 0x06, 0x4D, 0x30, 0xC7 },
- .version = 0x00,
- .version_string = "9.0.0",
- .console = console_n3ds },
- {.sig = { 0x65, 0xB7, 0x55, 0x78, 0x97, 0xE6, 0x5C, 0xD6, 0x11, 0x74, 0x95, 0xDD, 0x61, 0xE8, 0x08, 0x40 },
- .version = 0x0B,
- .version_string = "6.0.0",
- .console = console_o3ds },
- {.sig = { 0xAF, 0x81, 0xA1, 0xAB, 0xBA, 0xAC, 0xAC, 0xA7, 0x30, 0xE8, 0xD8, 0x74, 0x7C, 0x47, 0x1C, 0x5D },
- .version = 0x00,
- .version_string = "9.0.0",
- .console = console_n3ds },
-
- // I don't actually know what legitimate situation the below firmware would be encountered in.
- // Better safe than sorry.
- {.sig = { 0x16, 0x3B, 0x88, 0xD1, 0x7D, 0x7C, 0x13, 0x19, 0xB5, 0x8C, 0x7D, 0x59, 0x16, 0x81, 0x02, 0x03 },
- .version = 0x50, // I don't actually know, honestly. Developer 11.4 seems to be 10.X based.
- .version_string = "Dev 11.4",
- .console = console_o3ds },
-
- {.version = 0xFF, .version_string = "Not found" } // Terminate list
-};
-
-struct firm_signature *
-get_firm_info(firm_h *firm)
-{
- for (struct firm_signature *signature = firm_signatures;; signature++) {
- if (memcmp(signature->sig, firm->section[0].hash, 0x10) == 0) {
- return signature;
- }
- if (signature->version == 0xFF) {
- return signature; // Error. Not found, invalid, etc.
- }
- }
-
- return NULL;
-}
+++ /dev/null
-#include <stdint.h>
-#include <stddef.h>
-#include "std/unused.h"
-
-#ifndef LOADER
- #include <common.h>
-#else
- #include <string.h>
-#endif
-
-#define OP_NOP 0x00
-#define OP_REL 0x01
-#define OP_FIND 0x02
-#define OP_BACK 0x03
-#define OP_FWD 0x04
-#define OP_SET 0x05
-#define OP_TEST 0x06
-#define OP_JMP 0x07
-#define OP_REWIND 0x08
-#define OP_AND 0x09
-#define OP_OR 0x0A
-#define OP_XOR 0x0B
-#define OP_NOT 0x0C
-#define OP_VER 0x0D
-#define OP_CLF 0x0E
-#define OP_SEEK 0x0F
-#define OP_N3DS 0x10
-
-#define OP_ABORT 0x18
-#define OP_ABORTEQ 0x28
-#define OP_ABORTNE 0x38
-#define OP_ABORTLT 0x48
-#define OP_ABORTGT 0x58
-#define OP_ABORTF 0x68
-#define OP_ABORTNF 0x78
-
-#define OP_JMPEQ 0x17
-#define OP_JMPNE 0x27
-#define OP_JMPLT 0x37
-#define OP_JMPGT 0x47
-#define OP_JMPLE 0x57
-#define OP_JMPGE 0x67
-#define OP_JMPF 0x77
-#define OP_JMPNF 0x87
-
-#define OP_NEXT 0xFF
-
-#ifdef LOADER
- #define log(a) logstr(a)
- #define abort(a) \
- { \
- logstr(a); \
- svcBreak(USERBREAK_ASSERT); \
- }
-#else
- #define log(a) fprintf(stderr, a)
- int wait();
-#endif
-
-struct mode
-{
- uint8_t *memory;
- uint32_t size;
-};
-struct mode modes[21];
-int init_bytecode = 0;
-
-#ifndef LOADER
-extern int is_n3ds;
-static const char hexDigits[] = "0123456789ABCDEF";
-#else
-int is_n3ds = 1; // TODO - We don't really need to care, but it should still work from loader
-#endif
-
-#define STACK_SIZE 4096
-#ifdef LOADER
- static uint8_t stack_glob[STACK_SIZE];
-#else
- static uint8_t *stack_glob = NULL;
-#endif
-
-int
-exec_bytecode(uint8_t *bytecode, uint32_t len, uint8_t* stack, uint32_t stack_size, uint16_t ver, int debug)
-{
- if (!init_bytecode) {
-#ifndef LOADER
- modes[0].memory = (uint8_t *)firm_loc;
- modes[0].size = firm_loc->section[0].size + firm_loc->section[1].size + sizeof(firm_h) +
- firm_loc->section[2].size + firm_loc->section[3].size; // NATIVE_FIRM
-
- modes[1].memory = (uint8_t *)agb_firm_loc;
- modes[1].size = agb_firm_loc->section[0].size + agb_firm_loc->section[1].size + sizeof(firm_h) +
- agb_firm_loc->section[2].size + agb_firm_loc->section[3].size; // AGB_FIRM
-
- modes[2].memory = (uint8_t *)twl_firm_loc;
- modes[2].size = twl_firm_loc->section[0].size + twl_firm_loc->section[1].size + sizeof(firm_h) +
- twl_firm_loc->section[2].size + twl_firm_loc->section[3].size; // TWL_FIRM
-
- // NATIVE_FIRM Process9 (This is also the default mode.)
- modes[3].memory = (uint8_t *)firm_p9_exefs + sizeof(exefs_h) + firm_p9_exefs->fileHeaders[0].offset;
- modes[3].size = firm_p9_exefs->fileHeaders[0].size;
- // AGB_FIRM Process9
- modes[4].memory = (uint8_t *)agb_firm_p9_exefs + sizeof(exefs_h) + firm_p9_exefs->fileHeaders[0].offset;
- modes[4].size = firm_p9_exefs->fileHeaders[0].size;
- // TWL_FIRM Process9
- modes[5].memory = (uint8_t *)twl_firm_p9_exefs + sizeof(exefs_h) + firm_p9_exefs->fileHeaders[0].offset;
- modes[5].size = firm_p9_exefs->fileHeaders[0].size;
-
- // NATIVE_FIRM Sect 0
- modes[6].memory = (uint8_t *)firm_loc + firm_loc->section[0].offset;
- modes[6].size = firm_loc->section[0].size;
- // NATIVE_FIRM Sect 1
- modes[7].memory = (uint8_t *)firm_loc + firm_loc->section[1].offset;
- modes[7].size = firm_loc->section[1].size;
- // NATIVE_FIRM Sect 2
- modes[8].memory = (uint8_t *)firm_loc + firm_loc->section[2].offset;
- modes[8].size = firm_loc->section[2].size;
- // NATIVE_FIRM Sect 3
- modes[9].memory = (uint8_t *)firm_loc + firm_loc->section[3].offset;
- modes[9].size = firm_loc->section[3].size;
-
- // AGB_FIRM Sect 0
- modes[10].memory = (uint8_t *)agb_firm_loc + agb_firm_loc->section[0].offset;
- modes[10].size = agb_firm_loc->section[0].size;
- // AGB_FIRM Sect 1
- modes[11].memory = (uint8_t *)agb_firm_loc + agb_firm_loc->section[1].offset;
- modes[11].size = agb_firm_loc->section[1].size;
- // AGB_FIRM Sect 2
- modes[12].memory = (uint8_t *)agb_firm_loc + agb_firm_loc->section[2].offset;
- modes[12].size = agb_firm_loc->section[2].size;
- // AGB_FIRM Sect 3
- modes[13].memory = (uint8_t *)agb_firm_loc + agb_firm_loc->section[3].offset;
- modes[13].size = agb_firm_loc->section[3].size;
-
- // TWL_FIRM Sect 0
- modes[14].memory = (uint8_t *)twl_firm_loc + twl_firm_loc->section[0].offset;
- modes[14].size = twl_firm_loc->section[0].size;
- // TWL_FIRM Sect 1
- modes[15].memory = (uint8_t *)twl_firm_loc + twl_firm_loc->section[1].offset;
- modes[15].size = twl_firm_loc->section[1].size;
- // TWL_FIRM Sect 2
- modes[16].memory = (uint8_t *)twl_firm_loc + twl_firm_loc->section[2].offset;
- modes[16].size = twl_firm_loc->section[2].size;
- // TWL_FIRM Sect 3
- modes[17].memory = (uint8_t *)twl_firm_loc + twl_firm_loc->section[3].offset;
- modes[17].size = twl_firm_loc->section[3].size;
-#endif
-
- init_bytecode = 1;
- }
-
- memset(stack, 0, stack_size); // Clear stack.
-
- _UNUSED uint32_t top = stack_size - 1;
-
-#ifdef LOADER
- uint32_t set_mode = 18;
-#else
- uint32_t set_mode = 3;
-#endif
- struct mode *current_mode = &modes[set_mode];
-
- uint32_t offset = 0, new_offset = 0;
-
- uint32_t i;
-
- int eq = 0, gt = 0, lt = 0, found = 0; // Flags.
-
- uint8_t *code = bytecode;
- uint8_t *end = code + len;
- while (code < end && code >= bytecode) {
- switch (*code) {
- case OP_NOP:
- if (debug) {
- log("nop\n");
- }
- code++;
- break;
- case OP_REL: // Change relativity.
- if (debug) {
-#ifdef LOADER
- log("rel\n");
-#else
- fprintf(stderr, "rel %hhu\n", code[1]);
-#endif
- }
- code++;
- current_mode = &modes[*code];
- set_mode = *code;
- code++;
- break;
- case OP_FIND: // Find pattern.
- if (debug) {
-#ifdef LOADER
- log("find\n");
-#else
- fprintf(stderr, "find %hhu ...\n", code[1]);
-#endif
- }
- found = 0;
- new_offset = (size_t)memfind(current_mode->memory + offset, current_mode->size - offset, &code[2], code[1]);
- if ((uint8_t *)new_offset != NULL) {
- // Pattern found, set found state flag
- found = 1;
- offset = new_offset - (size_t)current_mode->memory;
- }
- code += code[1] + 2;
- break;
- case OP_BACK:
- if (debug) {
-#ifdef LOADER
- log("back\n");
-#else
- fprintf(stderr, "back %hhu\n", code[1]);
-#endif
- }
- offset -= code[1];
- code += 2;
- break;
- case OP_FWD:
- if (debug) {
-#ifdef LOADER
- log("fwd\n");
-#else
- fprintf(stderr, "fwd %u\n", code[1]);
-#endif
- }
- offset += code[1];
- code += 2;
- break;
- case OP_SET: // Set data.
- if (debug) {
-#ifdef LOADER
- log("set\n");
-#else
- fprintf(stderr, "set %u, ...\n", code[1]);
-#endif
- }
- memcpy(current_mode->memory + offset, &code[2], code[1]);
- offset += code[1];
- code += code[1] + 2;
- break;
- case OP_TEST: // Test data.
- if (debug) {
-#ifdef LOADER
- log("test\n");
-#else
- fprintf(stderr, "test %u, ...\n", code[1]);
-#endif
- }
- eq = memcmp(current_mode->memory + offset, &code[2], code[1]);
- if (eq < 0)
- lt = 1;
- if (eq > 0)
- gt = 1;
- eq = !eq;
- code += code[1] + 2;
- break;
- case OP_JMP: // Jump to offset.
- code++;
- code = bytecode + (code[0] + (code[1] << 8));
- if (debug) {
-#ifdef LOADER
- log("jmp\n");
-#else
- fprintf(stderr, "jmp %u\n", code - bytecode);
-#endif
- }
- break;
- case OP_JMPEQ: // Jump to offset if equal
- code++;
- if (eq)
- code = bytecode + (code[0] + (code[1] << 8));
- else
- code += 2;
- if (debug) {
-#ifdef LOADER
- log("jmpeq\n");
-#else
- fprintf(stderr, "jmpeq %u\n", code - bytecode);
-#endif
- }
- break;
- case OP_JMPNE: // Jump to offset if not equal
- code++;
- if (!eq)
- code = bytecode + (code[0] + (code[1] << 8));
- else
- code += 2;
- if (debug) {
-#ifdef LOADER
- log("jmpne\n");
-#else
- fprintf(stderr, "jmpeq %u\n", code - bytecode);
-#endif
- }
- break;
- case OP_JMPLT: // Jump to offset if less than
- code++;
- if (lt)
- code = bytecode + (code[0] + (code[1] << 8));
- else
- code += 2;
- if (debug) {
-#ifdef LOADER
- log("jmplt\n");
-#else
- fprintf(stderr, "jmplt %u\n", code - bytecode);
-#endif
- }
- break;
- case OP_JMPGT: // Jump to offset if greater than
- code++;
- if (gt)
- code = bytecode + (code[0] + (code[1] << 8));
- else
- code += 2;
- if (debug) {
-#ifdef LOADER
- log("jmplt\n");
-#else
- fprintf(stderr, "jmplt %u\n", code - bytecode);
-#endif
- }
- break;
- case OP_JMPLE: // Jump to offset if less than or equal
- code++;
- if (lt || eq)
- code = bytecode + (code[0] + (code[1] << 8));
- else
- code += 2;
- if (debug) {
-#ifdef LOADER
- log("jmplt\n");
-#else
- fprintf(stderr, "jmplt %u\n", code - bytecode);
-#endif
- }
- break;
- case OP_JMPF: // Jump to offset if pattern found
- code++;
- if (found)
- code = bytecode + (code[0] + (code[1] << 8));
- else
- code += 2;
- if (debug) {
-#ifdef LOADER
- log("jmplt\n");
-#else
- fprintf(stderr, "jmplt %u\n", code - bytecode);
-#endif
- }
- break;
- case OP_JMPNF: // Jump to offset if pattern NOT found
- code++;
- if (!found)
- code = bytecode + (code[0] + (code[1] << 8));
- else
- code += 2;
- if (debug) {
-#ifdef LOADER
- log("jmplt\n");
-#else
- fprintf(stderr, "jmplt %u\n", code - bytecode);
-#endif
- }
- break;
- case OP_CLF: // Clear flags.
- if (debug) {
- log("clf\n");
- }
- code++;
- found = gt = lt = eq = 0;
- break;
- case OP_REWIND:
- if (debug)
- log("rewind\n");
- code++;
- offset = 0;
- break;
- case OP_AND:
- if (debug) {
- log("and\n");
- }
- for (i = 0; i < code[1]; i++) {
- current_mode->memory[offset] &= code[i+2];
- }
- offset += code[1];
- code += code[1] + 2;
- break;
- case OP_OR:
- if (debug) {
- log("or\n");
- }
- for (i = 0; i < code[1]; i++) {
- current_mode->memory[offset] |= code[i+2];
- }
- offset += code[1];
- code += code[1] + 2;
- break;
- case OP_XOR:
- if (debug) {
- log("xor\n");
- }
- for (i = 0; i < code[1]; i++) {
- current_mode->memory[offset] ^= code[i+2];
- }
- offset += code[1];
- code += code[1] + 2;
- break;
- case OP_NOT:
- if (debug) {
- log("not\n");
- }
- for (i = 0; i < code[1]; i++) {
- current_mode->memory[offset] = ~current_mode->memory[offset];
- }
- offset += code[1];
- code += 2;
- break;
- case OP_VER:
- if (debug) {
- log("ver\n");
- }
- code++;
- eq = memcmp(&ver, code, 2);
- if (eq < 0)
- lt = 1;
- if (eq > 0)
- gt = 1;
- eq = !eq;
- code += 2;
- break;
- case OP_N3DS:
- if (debug) {
- log("n3ds\n");
- }
- code++;
- eq = is_n3ds;
- break;
- case OP_SEEK: // Jump to offset if greater than or equal
- code++;
- offset = (uint32_t)(code[0] + (code[1] << 8) + (code[2] << 16) + (code[3] << 24));
- if (debug) {
-#ifdef LOADER
- log("seek\n");
-#else
- fprintf(stderr, "seek %lu\n", offset);
-#endif
- }
- code += 4;
- break;
- case OP_ABORT:
- code++;
- if (debug)
- log("abort\n");
-
- abort("abort triggered, halting VM!\n");
- break;
- case OP_ABORTEQ:
- code++;
- if (debug)
- log("aborteq\n");
- if (eq)
- abort("eq flag not set, halting VM!\n");
- break;
- case OP_ABORTNE:
- code++;
- if (debug)
- log("abortlt\n");
- if (!eq)
- abort("eq flag not set, halting VM!\n");
- break;
- case OP_ABORTLT:
- code++;
- if (debug)
- log("abortlt\n");
- if (lt)
- abort("lt flag set, halting VM!\n");
- break;
- case OP_ABORTGT:
- code++;
- if (debug)
- log("abortgt\n");
- if (gt)
- abort("gt flag set, halting VM!\n");
- break;
- case OP_ABORTF:
- code++;
- if (debug)
- log("abortf\n");
- if (found)
- abort("f flag set, halting VM!\n");
- break;
- case OP_ABORTNF:
- code++;
- if (debug)
- log("abortnf\n");
- if (!found)
- abort("f flag is not set, halting VM!\n");
- break;
- case OP_NEXT:
- if (debug) {
- log("next\n");
- }
- found = gt = lt = eq = 0;
-
- memset(stack, 0, stack_size); // Clear stack.
- top = stack_size - 1;
-
- bytecode = code + 1;
-#ifndef LOADER
- set_mode = 3;
- current_mode = &modes[set_mode];
-#else
- set_mode = 18;
- current_mode = &modes[set_mode];
-#endif
- offset = new_offset = 0;
- code = bytecode;
- break;
- default:
-#ifndef LOADER
- // Panic; not proper opcode.
- fprintf(stderr, "Invalid opcode. State:\n"
- " Relative: %lu\n"
- " Actual: %lx:%lu\n"
- " Memory: %lx\n"
- " Actual: %lx\n"
- " Code Loc: %lx\n"
- " Actual: %lx\n"
- " Opcode: %hhu\n",
- (uint32_t)set_mode,
- (uint32_t)current_mode->memory,
- (uint32_t)current_mode->size,
- (uint32_t)offset,
- (uint32_t)(current_mode->memory + offset),
- (uint32_t)(code - bytecode),
- (uint32_t)code,
- *code);
-#endif
- abort("Halting startup.\n");
- break;
- }
-
- if (offset > current_mode->size) { // Went out of bounds. Error.
-#ifndef LOADER
- fprintf(stderr, " -> %lx", offset);
-#endif
- abort("seeked out of bounds\n");
- }
-
-#ifndef LOADER
- if (debug) {
- fprintf(stderr, "l:%d g:%d e:%d f:%d m:%lu o:0x%lx\nc:0x%lx m:0x%lx n:%lx\n",
- lt, gt, eq, found,
- set_mode,
- (uint32_t)offset, (uint32_t)(code - bytecode), (uint32_t)(current_mode->memory + offset), (uint32_t)code);
- wait();
- }
-#endif
- }
-
- return 0;
-}
-
-#ifdef LOADER
-int
-execb(uint64_t tid, uint16_t ver, uint8_t *text_mem, uint32_t text_len, uint8_t *data_mem, uint32_t data_len, uint8_t *ro_mem, uint32_t ro_len)
-{
-#else
-int
-execb(char *filename, int build_cache)
-{
- uint16_t ver = 0; // FIXME - Provide native_firm version
-#endif
- uint32_t patch_len;
-#ifdef LOADER
- char cache_path[] = PATH_LOADER_CACHE "/0000000000000000";
-
- hexdump_titleid(tid, cache_path);
-
- static uint8_t patch_dat[MAX_PATCHSIZE];
-
- Handle file;
- u32 total;
-
- // Open file.
- if (!R_SUCCEEDED(fileOpen(&file, ARCHIVE_SDMC, cache_path, FS_OPEN_READ))) {
- // Failed to open.
- return 0; // No patches.
- }
-
- log(" patch: ");
- log(cache_path);
- log("\n");
-
- u64 file_size;
-
- if (!R_SUCCEEDED(FSFILE_GetSize(file, &file_size))) {
- FSFILE_Close(file); // Read to memory.
-
- return 1;
- }
-
- if (file_size > MAX_PATCHSIZE) {
- log(" too large (please report)\n");
-
- FSFILE_Close(file); // Read to memory.
-
- return 1;
- }
-
- // Read file.
- if (!R_SUCCEEDED(FSFILE_Read(file, &total, 0, patch_dat, file_size))) {
- FSFILE_Close(file); // Read to memory.
-
- // Failed to read.
- return 1;
- }
-
- FSFILE_Close(file); // Done reading in.
-
- // Set memory.
- modes[18].memory = text_mem;
- modes[18].size = text_len;
-
- // Set memory.
- modes[19].memory = data_mem;
- modes[19].size = data_len;
-
- // Set memory.
- modes[20].memory = ro_mem;
- modes[20].size = ro_len;
-
- log(" exec\n");
-
- uint8_t *patch_mem = (uint8_t *)patch_dat;
- patch_len = file_size;
-#else
- struct system_patch *patch;
- uint8_t *patch_mem;
- // Read patch to scrap memory.
-
- FILE *f = fopen(filename, "r");
- if (!f) {
- // File wasn't found. The user didn't enable anything.
- return 0;
- }
- uint32_t len = fsize(f);
- fread((uint8_t *)FCRAM_PATCH_LOC, 1, len, f);
- fclose(f);
-
- if (build_cache == 1) {
- patch = (struct system_patch *)FCRAM_PATCH_LOC;
-
- // Make sure various bits are correct.
- if (memcmp(patch->magic, "AIDA", 4)) {
- // Incorrect magic.
- return 1;
- }
-
- fprintf(stderr, "Cache: %s\n", patch->name);
-
- patch_mem = (uint8_t *)patch + sizeof(struct system_patch) + (patch->depends * 8) + (patch->titles * 8);
- patch_len = patch->size;
-
- if (patch->titles != 0) {
- // Not an error, per se, but it means this patch is meant for loader, not us.
- // Patches intended for use during boot will always be applied to zero titles.
- // We should generate a cache for loader in a file intended for titleid.
- uint8_t *title_buf = (uint8_t *)patch + sizeof(struct system_patch);
-
- fprintf(stderr, " Version: %u\n", patch->version);
-
- for (uint32_t i = 0; i < patch->titles; i++) {
- char cache_path[] = PATH_LOADER_CACHE "/0000000000000000";
-
- uint64_t title = 0;
- memcpy(&title, &title_buf[i * 8], 8);
-
- uint32_t tlen = strlen(cache_path) - 1;
- int j = 16;
- while (j--) {
- cache_path[tlen--] = hexDigits[title & 0xF];
- title >>= 4;
- }
-
- fprintf(stderr, " cache: %s\n", &cache_path[strlen(cache_path) - 16]);
-
- char reset = 0xFF;
-
- FILE *cache = fopen(cache_path, "w");
- fseek(cache, 0, SEEK_END);
- fwrite(patch_mem, 1, patch_len, cache);
- fwrite(&reset, 1, 1, cache);
- fclose(cache);
- // Add to cache.
- }
- } else {
- // BOOT patch
- char cache_path[] = PATH_LOADER_CACHE "/BOOT";
- char reset = 0xFF;
-
- FILE *cache = fopen(cache_path, "w");
- fseek(cache, 0, SEEK_END);
- fwrite(patch_mem, 1, patch_len, cache);
- fwrite(&reset, 1, 1, cache);
- fclose(cache);
- }
-
- return 0;
- } else {
- patch_mem = (uint8_t *)FCRAM_PATCH_LOC;
- patch_len = len;
- }
-#endif
-
- int debug = 0;
- if (config.options[OPTION_OVERLY_VERBOSE]) {
- debug = 1;
- }
-
-#ifndef LOADER
- if (stack_glob == NULL) {
- stack_glob = static_allocate(STACK_SIZE);
- }
-#endif
-
- return exec_bytecode(patch_mem, patch_len, stack_glob, STACK_SIZE, ver, debug);
-}
install_interrupts(); // Get some free debug info.
- if (CFG_BOOTENV == 7) {
- fprintf(stderr, "Rebooted from AGB, disabling EmuNAND.\n");
- config.options[OPTION_EMUNAND] = 0;
- }
-
- // Autoboot. Non-standard code path.
- if (config.options[OPTION_AUTOBOOT] && !(ctr_hid_get_buttons() & CTR_HID_RT)) {
- if (config.options[OPTION_SILENCE])
- shut_up(); // This does exactly what it sounds like.
- doing_autoboot = 1;
- } else {
- menu_handler();
- }
-
- boot_cfw();
- // Under ideal conditions, we never get here.
+ menu_handler();
}
#include <common.h>
#include <ctr9/ctr_system.h>
-#define MAX_PATCHES ((FCRAM_SPACING / 2) / sizeof(struct options_s))
-struct options_s *patches = (struct options_s *)FCRAM_MENU_LOC;
-uint8_t *enable_list = (uint8_t *)FCRAM_PATCHLIST_LOC;
-
static struct options_s options[] = {
// Patches.
{ 0, "General Options", "", not_option, 1, 0 },
- { OPTION_SVCS, "svcBackdoor Fixup", "Reinserts svcBackdoor on 11.0 NATIVE_FIRM. svcBackdoor allows executing arbitrary functions with ARM11 kernel permissions, and is required by some (poorly coded) applications.", boolean_val, 0, 0 },
-
- { OPTION_REBOOT, "Reboot Hook", "Hooks firmlaunch to allow largemem games on o3DS. Also allows patching TWL/AGB on all consoles.", boolean_val, 0, 0 },
-
- { OPTION_EMUNAND, "Use EmuNAND", "Redirects NAND write/read to the SD. This supports both Gateway and redirected layouts.", boolean_val, 0, 0 },
- { OPTION_EMUNAND_INDEX, " Index", "Which EmuNAND to use. If you only have one, you want 0. Currently the maximum supported is 10 (0-9), but this is arbitrary.", ranged_val, 0, 0x9 },
-// { OPTION_EMUNAND_REVERSE, " Reverse layout", "(Warning - Experimental!) Calculate EmuNAND sector from the end of the disk, not the start. This isn't supported by tools like Decrypt9, but has some advantages.", boolean_val, 0, 0x9 },
-
{ OPTION_AUTOBOOT, "Autoboot", "Boot the system automatically, unless the R key is held while booting.", boolean_val, 0, 0 },
{ OPTION_SILENCE, " Silent mode", "Suppress all debug output during autoboot. You'll see the screen turn on and then off once.", boolean_val, 0, 0 },
{ OPTION_DIM_MODE, "Dim Background", "Experimental! Dims colors on lighter backgrounds to improve readability with text. You won't notice the change until scrolling or exiting the current menu due to the way rendering works.", boolean_val, 0, 0 },
{ OPTION_BRIGHTNESS, "Brightness", "Changes the screeninit brightness in menu. WIP, only takes effect on reboot (this will change.)", ranged_val, 0, 3},
- // space
- { 0, "", "", not_option, 0, 0 },
- // Patches.
- { 0, "Loader Options", "", not_option, 1, 0 },
-
- { OPTION_LOADER, "Use Loader Replacement", "Replaces loader with one capable of extra features. You should enable this even if you don't plan to use loader-based patches to kill ASLR and the Ninjhax/OOThax checks.", boolean_val, 0, 0 },
- { OPTION_LOADER_CPU_L2, " CPU - L2 cache", "Forces the system to use the L2 cache on all applications. If you have issues with crashes, try turning this off.", boolean_val_n3ds, 0, 0 },
- { OPTION_LOADER_CPU_800MHZ, " CPU - 804Mhz", "Forces the system to run in 804Mhz mode on all applications.", boolean_val_n3ds, 0, 0 },
- { OPTION_LOADER_LANGEMU, " Language Emulation", "Reads language emulation configuration from `" PATH_LOCEMU "` and imitates the region/language.", boolean_val, 0, 0 },
- { OPTION_LOADER_LOADCODE, " Load Code Sections", "Loads code sections (text/ro/data) from SD card and patches afterwards.", boolean_val, 0, 0 },
-
- { OPTION_LOADER_DUMPCODE, " Dump Code Sections",
- "Dumps code sections for titles to SD card the first time they're loaded. Slows things down on first launch.", boolean_val, 0, 0 },
-
- { OPTION_LOADER_DUMPCODE_ALL, " + System Titles",
- "Dumps code sections for system titles, too. Expect to sit at a blank screen for >3mins on the first time you do this, because it dumps everything.", boolean_val, 0, 0 },
-
- // space
- { 0, "", "", not_option, 0, 0 },
- // Patches.
- { 0, "Developer Options", "", not_option, 1, 0 },
-
- { OPTION_TRACE, "Step Through", "After each important step, [WAIT] will be shown and you'll need to press a key. Debug feature.", boolean_val, 0, 0 },
- { OPTION_OVERLY_VERBOSE, "Verbose", "Output more debug information than the average user needs.", boolean_val, 0, 0 },
- { OPTION_SAVE_LOGS, "Logging", "Save logs to `" LOCALSTATEDIR "` as `boot.log` and `loader.log`. Slows operation a bit.", boolean_val, 0, 0 },
-
- // { OPTION_ARM9THREAD, "ARM9 Thread", boolean_val, 0, 0 },
- // { IGNORE_PATCH_DEPS, "Ignore dependencies", boolean_val, 0, 0 },
- // { IGNORE_BROKEN_SHIT, "Allow unsafe options", boolean_val, 0, 0 },
-
// Sentinel.
{ -1, "", "", 0, 0, 0 }, // cursor_min and cursor_max are stored in the last two.
};
static int current_menu_index_patches = 0;
-// This function is based on PathDeleteWorker from GodMode9.
-// It was easier to just import it.
-int
-list_patches_build_back(char *fpath, int desc_is_path)
-{
- FILINFO fno;
- DIR pdir;
- char *fname = &fpath[strnlen(fpath, 255)];
- if (f_opendir(&pdir, fpath) != FR_OK)
- return 1;
-
- fname[0] = '/';
- fname++;
-
- while (f_readdir(&pdir, &fno) == FR_OK) {
- strncpy(fname, fno.fname, strlen(fno.fname));
-
- if (fno.fname[0] == 0)
- break;
-
- FILINFO f2;
- if (f_stat(fpath, &f2) != FR_OK)
- break;
-
- if (f2.fattrib & AM_DIR) {
- // return value won't matter
- list_patches_build_back(fpath, desc_is_path);
- } else {
- struct system_patch p;
- read_file(&p, fpath, sizeof(struct system_patch));
-
- if (memcmp(p.magic, "AIDA", 4))
- return 0;
-
- strncpy(patches[current_menu_index_patches].name, p.name, 64);
- if (desc_is_path)
- strncpy(patches[current_menu_index_patches].desc, fpath, 255);
- else
- strncpy(patches[current_menu_index_patches].desc, p.desc, 255);
- patches[current_menu_index_patches].index = p.uuid;
- patches[current_menu_index_patches].allowed = boolean_val;
- patches[current_menu_index_patches].a = 0;
- patches[current_menu_index_patches].b = 0;
- if (desc_is_path)
- enable_list[p.uuid] = 0;
-
- current_menu_index_patches++;
- }
- }
-
- f_closedir(&pdir);
- --fname;
- fname[0] = 0;
-
- return 0;
-}
-
-// This is dual purpose. When we actually list
-// patches to build the cache - desc_is_fname
-// will be set to 1.
-
-void
-list_patches_build(char *name, int desc_is_fname)
-{
- current_menu_index_patches = 0;
-
- memset(enable_list, 0, FCRAM_SPACING / 2);
-
- if (!desc_is_fname) {
- strncpy(patches[0].name, "Patches", 64);
- strncpy(patches[0].desc, "", 255);
- patches[0].index = 0;
- patches[0].allowed = not_option;
- patches[0].a = 1;
- patches[0].b = 0;
-
- current_menu_index_patches += 1;
- }
-
- char fpath[256];
- strncpy(fpath, name, 256);
- list_patches_build_back(fpath, desc_is_fname);
- patches[current_menu_index_patches].index = -1;
-
- FILE *f;
- if ((f = fopen(PATH_TEMP "/PATCHENABLE", "r"))) {
- fread(enable_list, 1, FCRAM_SPACING / 2, f);
- fclose(f);
- }
-}
-
int show_menu(struct options_s *options, uint8_t *toggles);
-void
-menu_patches()
-{
- show_menu(patches, enable_list);
-}
-
void
menu_options()
{
#define REL "master"
#endif
-static struct options_s info_d[] = {
- { 0, " Native FIRM: ", "The version of NATIVE_FIRM in use.", not_option, 0, 0},
- { 0, " AGB FIRM: ", "The version of AGB_FIRM in use. This is used to run GBA games.", not_option, 0, 0},
- { 0, " TWL FIRM: ", "The version of TWL_FIRM in use. This is used to run DS games and DSiWare.", not_option, 0, 0},
- { 0, " " FW_NAME ": " REVISION " (" REL ")", FW_NAME "'s version.", not_option, 0, 0},
- { -1, "", "", not_option, 0, 0 }
-};
-static int is_setup_info = 0;
-
-void
-menu_info()
-{
- if (!is_setup_info) {
- // This menu requres firm to be loaded. Unfortunately.
- load_firms(); // Lazy load!
-
- struct firm_signature *native = get_firm_info(firm_loc);
- struct firm_signature *agb = get_firm_info(agb_firm_loc);
- struct firm_signature *twl = get_firm_info(twl_firm_loc);
-
- memcpy(&info_d[0].name[strlen(info_d[0].name)], native->version_string, strlen(native->version_string));
- memcpy(&info_d[1].name[strlen(info_d[1].name)], agb->version_string, strlen(agb->version_string));
- memcpy(&info_d[2].name[strlen(info_d[2].name)], twl->version_string, strlen(twl->version_string));
-
- is_setup_info = 1;
- }
-
- show_menu(info_d, NULL);
-}
-
-#define ln(s) { 0, s, "", not_option, 0, 0 }
-#define lnh(s) { 0, s, "", not_option, 1, 0 }
-
-static struct options_s help_d[] = {
- lnh("About"),
- ln(" This is another 3DS CFW for power users."),
- ln(" It seeks to address some faults in other"),
- ln(" CFWs and is generally just another choice"),
- ln(" for users - but primarily is intended for"),
- ln(" developers. It is not for the faint of heart."),
- ln(""),
- lnh("Usage"),
- ln(" A -> Select/Toggle/Increment"),
- ln(" B -> Back/Boot"),
- ln(" X -> Decrement"),
- ln(" Select -> Help/Information"),
- ln(" Down -> Down"),
- ln(" Right -> Down five"),
- ln(" Up -> Up"),
- ln(" Left -> Up five"),
- ln(" L+R+Start -> Menu Screenshot"),
- ln(""),
- lnh("Credits"),
- ln(" @mid-kid, @Wolfvak, @Reisyukaku, @AuroraWright"),
- ln(" @d0k3, @TuxSH, @Steveice10, @delebile,"),
- ln(" @Normmatt, @b1l1s, @dark-samus, @TiniVi,"),
- ln(" @gemarcano, and anyone else I may have"),
- ln(" forgotten (yell at me, please!)"),
- ln(""),
- ln(" <https://github.com/chaoskagami/corbenik>"),
- { -1, "", "", not_option, 0, 0 }
-};
-
-void
-menu_help()
-{
- show_menu(help_d, NULL);
-}
-
void
reset()
{
ctr_system_poweroff();
}
-#if defined(CHAINLOADER) && CHAINLOADER == 1
void chainload_menu();
-#endif
-
-static struct options_s main_s[] = {
- { 0, "Options", "Internal options for the CFW.\nThese are part of " FW_NAME " itself.", call_fun, (uint32_t)menu_options, 0 },
- { 0, "Patches", "External bytecode patches found in `" PATH_PATCHES "`.\nYou can choose which to enable.", call_fun, (uint32_t)menu_patches, 0 },
- { 0, "Info", "Shows the current FIRM versions (and loads them, if needed)", call_fun, (uint32_t)menu_info, 0 },
- { 0, "Readme", "Mini-readme.\nWhy are you opening help on this, though?\nThat's kind of silly.", call_fun, (uint32_t)menu_help, 0 },
- { 0, "Reboot", "Reboots the console.", call_fun, (uint32_t)reset, 0 },
- { 0, "Power off", "Powers off the console.", call_fun, (uint32_t)poweroff, 0 },
- { 0, "Save Configuration", "Save the configuration.\nYou must do this prior to booting,\notherwise the cache will not be (re)generated..", call_fun, (uint32_t)save_config, 0 },
-#if defined(CHAINLOADER) && CHAINLOADER == 1
- { 0, "Chainload", "Boot another ARM9 payload file.", call_fun, (uint32_t)chainload_menu, 0 },
-#endif
- { 0, "Boot Firmware", "Generates caches, patches the firmware, and boots it.\nMake sure to 'Save Configuration' first if any options changed.", break_menu, 0, 0 },
-
- // Sentinel.
- { -1, "", "", 0, 0, 0 }, // cursor_min and cursor_max are stored in the last two.
-};
void
menu_handler()
{
- show_menu(main_s, NULL);
+ while(1) {
+ chainload_menu();
+ menu_options();
+ }
}
FILE *conf_handle;
struct config_file config;
-extern uint8_t *enable_list;
-void list_patches_build(char *name, int desc_is_fname);
void
regenerate_config()
}
}
- list_patches_build(PATH_PATCHES, 0);
-
if (!config.options[OPTION_SILENCE])
fprintf(BOTTOM_SCREEN, "Config file loaded.\n");
void
save_config()
{
- write_file(enable_list, PATH_TEMP "/PATCHENABLE", FCRAM_SPACING / 2);
-
f_unlink(PATH_CONFIG);
if (!(conf_handle = fopen(PATH_CONFIG, "w")))
+++ /dev/null
-/*
-* emunand.c
-*/
-
-#include <ctr9/io.h>
-#include <common.h>
-
-uint8_t *emunand_temp = (uint8_t *)FCRAM_JUNK_LOC;
-
-void
-verify_emunand(uint32_t index, uint32_t *off, uint32_t *head)
-{
- uint32_t nandSize = getMMCDevice(0)->total_size;
-
- uint32_t offset;
- if (nandSize > 0x200000)
- offset = 0x400000 * index;
- else
- offset = 0x200000 * index;
-
- // Check for RedNAND/Normal physical layout on SD
- if (!sdmmc_sdcard_readsectors(offset + 1, 1, emunand_temp) && *(uint32_t *)(emunand_temp + 0x100) == NCSD_MAGIC) {
- *off = offset + 1;
- *head = offset + 1;
-
- fprintf(stderr, "emunand: found NCSD magic for %lu\n", index);
- fprintf(stderr, "emunand: layout is normal\n");
- }
- // Check for GW EmuNAND on SD
- else if (!sdmmc_sdcard_readsectors(offset + nandSize, 1, emunand_temp) && *(uint32_t *)(emunand_temp + 0x100) == NCSD_MAGIC) {
- *off = offset;
- *head = offset + nandSize;
-
- fprintf(stderr, "emunand: found NCSD magic for %lu\n", index);
- fprintf(stderr, "emunand: layout is gateway\n");
- } else {
- abort("emunand: selected NAND image is not valid.\n");
- }
-}
-
-static void *
-getEmuCode(uint8_t *pos, uint32_t size)
-{
- const uint8_t pattern[] = { 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0x00 };
-
- // Looking for the last free space before Process9
- uint8_t *ret = memfind(pos + 0x13500, size - 0x13500, pattern, 6) + 0x455;
-
- if (ret) {
- fprintf(stderr, "emunand: free space @ %lx\n", (uint32_t)ret);
- fprintf(stderr, "emunand: size is %lu bytes\n", (uint32_t) (ret - pos));
- }
-
- return ret;
-}
-
-static uint32_t
-getSDMMC(uint8_t *pos, uint32_t size)
-{
- // Look for struct code
- const uint8_t pattern[] = { 0x21, 0x20, 0x18, 0x20 };
- const uint8_t *off = memfind(pos, size, pattern, 4);
-
- uint32_t ret = *(uint32_t *)(off + 9) + *(uint32_t *)(off + 0xD);
-
- fprintf(stderr, "emunand: SDMMC code @ %lx\n", ret);
-
- return ret;
-}
-
-static void
-patchNANDRW(uint8_t *pos, uint32_t size, uint32_t branchOffset)
-{
- const uint16_t nandRedir[2] = { 0x4C00, 0x47A0 };
-
- // Look for read/write code
- const uint8_t pattern[] = { 0x1E, 0x00, 0xC8, 0x05 };
-
- uint16_t *readOffset = (uint16_t *)memfind(pos, size, pattern, 4) - 3;
- uint16_t *writeOffset = (uint16_t *)memfind((uint8_t*)(readOffset + 5), 0x100, pattern, 4) - 3;
-
- if (!readOffset || !writeOffset)
- abort("emunand: pattern for r/w missing!\n");
-
- readOffset[0] = nandRedir[0];
- readOffset[1] = nandRedir[1];
- ((uint32_t *)readOffset)[1] = branchOffset;
-
- writeOffset[0] = nandRedir[0];
- writeOffset[1] = nandRedir[1];
- ((uint32_t *)writeOffset)[1] = branchOffset;
-
- fprintf(stderr, "emunand: write @ %lx\n", (uint32_t)writeOffset);
- fprintf(stderr, "emunand: read @ %lx\n", (uint32_t)readOffset);
-}
-
-static void
-patchMPU(uint8_t *pos, uint32_t size)
-{
- const uint32_t mpuPatch[3] = { 0x00360003, 0x00200603, 0x001C0603 };
-
- // Look for MPU pattern
- const uint8_t pattern[] = { 0x03, 0x00, 0x24, 0x00 };
-
- uint32_t *off = (uint32_t *)memfind(pos, size, pattern, 4);
-
- off[0] = mpuPatch[0];
- off[6] = mpuPatch[1];
- off[9] = mpuPatch[2];
-
- fprintf(stderr, "emunand: mpu @ %lx\n", (uint32_t)off);
-}
-
-void
-patch_emunand(uint32_t index)
-{
- // ARM9 section.
- uint8_t *arm9Section = (uint8_t *)firm_loc + firm_loc->section[2].offset;
- uint32_t arm9SectionSize = firm_loc->section[2].size;
-
- uint8_t *process9Offset = (uint8_t *)firm_p9_exefs + sizeof(exefs_h) + firm_p9_exefs->fileHeaders[0].offset;
- uint32_t process9Size = firm_p9_exefs->fileHeaders[0].size;
-
- // Copy emuNAND code
- void *emuCodeOffset = getEmuCode(arm9Section, arm9SectionSize);
- if (!emuCodeOffset)
- abort("emunand: code missing from arm9?\n");
-
- FILE *f = fopen(PATH_EMUNAND_CODE, "r");
- if (!f)
- abort("emunand: code not found on SD.\n");
-
- uint32_t emunand_size = fsize(f);
- fread(emuCodeOffset, 1, emunand_size, f);
- fclose(f);
-
- uint32_t branchOffset = (uintptr_t)emuCodeOffset - ((uintptr_t)firm_loc + firm_loc->section[2].offset - firm_loc->section[2].address);
-
- fprintf(stderr, "emunand: read in emunand code\n");
-
- // Add the data of the found emuNAND
- uint32_t *pos_offset = (uint32_t *)memfind(emuCodeOffset, emunand_size, "NAND", 4),
- *pos_head = (uint32_t *)memfind(emuCodeOffset, emunand_size, "NCSD", 4),
- *pos_sdmmc = (uint32_t *)memfind(emuCodeOffset, emunand_size, "SDMC", 4);
-
- if (!pos_offset || !pos_head || !pos_sdmmc)
- abort("emunand: couldn't find pattern in hook?\n");
-
- verify_emunand(index, pos_offset, pos_head);
-
- fprintf(stderr, "emunand: nand is on sector %lu\n", *pos_offset);
- fprintf(stderr, "emunand: head is on sector %lu\n", *pos_head);
-
- // Add emuNAND hooks
- patchNANDRW(process9Offset, process9Size, branchOffset);
-
- fprintf(stderr, "emunand: patched read/write calls\n");
-
- // Find and add the SDMMC struct
-
- *pos_sdmmc = getSDMMC(process9Offset, process9Size);
-
- // Set MPU for emu code region
- patchMPU(arm9Section, arm9SectionSize);
-
- fprintf(stderr, "emunand: patched MPU settings\n");
-}
+++ /dev/null
-#include <common.h>
-
-/* Not possible to be implemented as bytecode. Hey, can't win em all. */
-
-int
-patch_modules()
-{
- // TODO - load other module cxis here
- FILE *f = fopen(PATH_MODULES "/loader.cxi", "r");
- if (!f) {
- fprintf(stderr, "Module: loader.cxi not found on FS\n");
- return 2;
- }
-
- size_t size = fsize(f);
- fread((void *)FCRAM_JUNK_LOC, 1, size, f);
- fclose(f);
-
- // Look for the section that holds all the sysmodules
- int section_index = 0;
- firm_section_h *sysmodule_section = NULL;
- for (firm_section_h *section = firm_loc->section; section < firm_loc->section + 4; section++) {
- if (section->address == 0x1FF00000 && section->type == FIRM_TYPE_ARM11) {
- sysmodule_section = section;
- break;
- }
- section_index++;
- }
-
- if (!sysmodule_section) {
- fprintf(stderr, "Module: sysmodule section not found\n");
- return 1;
- }
-
- ncch_h *module = (ncch_h *)FCRAM_JUNK_LOC;
- ncch_h *sysmodule = (ncch_h *)((uint32_t)firm_loc + sysmodule_section->offset);
-
- // Check if we want to replace an existing sysmodule
- while (sysmodule->magic == NCCH_MAGIC) {
- if (memcmp(sysmodule->programID, module->programID, 8) == 0) {
- // Expand firmware module size if needed to accomodate replacement.
- if (module->contentSize > sysmodule->contentSize) {
- uint32_t need_units = (module->contentSize - sysmodule->contentSize);
-
- memmove((uint8_t *)sysmodule + module->contentSize * 0x200, (uint8_t *)sysmodule + sysmodule->contentSize * 0x200,
- ((uint8_t *)firm_loc + firm_size) - ((uint8_t *)sysmodule + (module->contentSize * 0x200)));
-
- sysmodule_section->size += 0x200 * need_units;
- for (int i = section_index + 1; i < 4; i++) {
- if (firm_loc->section[i].size != 0) { // The last section (3) is usually empty.
- firm_loc->section[i].offset += 0x200 * need_units;
- firm_loc->section[i].size += 0x200 * need_units;
- }
- }
-
- fprintf(stderr, "module: Grow %lu units\n", need_units);
- }
-
- // Move the remaining modules closer
- else if (module->contentSize < sysmodule->contentSize) {
- // NOTE - This doesn't change the sysmodule section size; it isn't needed to do so.
- fprintf(stderr, "Module: Shrink %lu units\n", sysmodule->contentSize - module->contentSize);
- int remaining_size =
- sysmodule_section->size - (((uint32_t)sysmodule + sysmodule->contentSize * 0x200) - ((uint32_t)firm_loc + sysmodule_section->offset));
- // Sysmodule section size - (End location of this sysmodule -
- // Sysmodule section) =>
- memmove((uint8_t *)sysmodule + module->contentSize * 0x200, (uint8_t *)sysmodule + sysmodule->contentSize * 0x200, remaining_size);
- // Move end of section to be adjacent
- }
-
- fprintf(stderr, "Module: Injecting module\n");
- // Copy the module into the firm
- memcpy(sysmodule, module, module->contentSize * 0x200);
- }
- sysmodule = (ncch_h *)((uint32_t)sysmodule + sysmodule->contentSize * 0x200);
- }
-
- fprintf(stderr, "Module: injected modules.\n");
-
- return 0;
-}
+++ /dev/null
-/* This code was all nicked from Luma (before the GPL headers were corrected by TuxSH)
- Someone please remind me to fix this code.*/
-
-#include <common.h>
-#include <ctr9/io.h>
-
-int wait();
-
-uint8_t *
-getProcess9(uint8_t *pos, uint32_t size, uint32_t *process9Size, uint32_t *process9MemAddr)
-{
- uint8_t *off = memfind(pos, size, "ess9", 4);
- *process9Size = *(uint32_t *)(off - 0x60) * 0x200;
- *process9MemAddr = *(uint32_t *)(off + 0xC);
- // Process9 code offset (start of NCCH + ExeFS offset + ExeFS header size)
- return off - 0x204 + (*(uint32_t *)(off - 0x64) * 0x200) + 0x200;
-}
-
-void
-patch_reboot()
-{
- // Look for firmlaunch code
- const uint8_t pattern[] = { 0xDE, 0x1F, 0x8D, 0xE2 };
-
- uint32_t process9Size, process9MemAddr;
- uint8_t *process9Offset =
- getProcess9((uint8_t *)firm_loc + firm_loc->section[2].offset + 0x15000, firm_loc->section[2].size - 0x15000, &process9Size, &process9MemAddr);
-
- fprintf(stderr, "reboot: proc9 mem @ %lx\n", (uint32_t)process9MemAddr);
-
- wait();
-
- uint8_t *off = memfind(process9Offset, process9Size, pattern, 4) - 0x10;
-
- fprintf(stderr, "reboot: firmlaunch @ %lx\n", (uint32_t)off);
-
- // Firmlaunch function offset - offset in BLX opcode (A4-16 - ARM DDI 0100E) + 1
- uint32_t fOpenOffset = (uint32_t)(off + 9 - (-((*(uint32_t *)off & 0x00FFFFFF) << 2) & (0xFFFFFF << 2)) - process9Offset + process9MemAddr);
-
- fprintf(stderr, "reboot: fopen @ %lx\n", fOpenOffset);
-
- wait();
-
- // Copy firmlaunch code
- FILE *f = fopen(PATH_REBOOT_HOOK, "r");
- if (!f)
- abort("reboot: hook not found on SD\n");
-
- uint32_t size = fsize(f);
- fread(off, 1, size, f);
- fclose(f);
-
- // Put the fOpen offset in the right location
- uint32_t *pos_fopen = (uint32_t *)memfind(off, size, "open", 4);
- if (!pos_fopen)
- abort("reboot: fopen location missing\n");
-
- *pos_fopen = fOpenOffset;
-
- uint32_t *pos_native = (uint32_t *)memfind(off, size, "NATF", 4);
- uint32_t *pos_twl = (uint32_t *)memfind(off, size, "TWLF", 4);
- uint32_t *pos_agb = (uint32_t *)memfind(off, size, "AGBF", 4);
-
- if (!pos_native && !pos_twl && !pos_agb)
- abort("reboot: missing string placeholder?\n");
-
- fprintf(stderr, "reboot: NATF @ %lx\n", (uint32_t)pos_native);
- fprintf(stderr, "reboot: TWLF @ %lx\n", (uint32_t)pos_twl);
- fprintf(stderr, "reboot: AGBF @ %lx\n", (uint32_t)pos_agb);
-
- uint8_t *mem = (uint8_t *)0x01FF8000; // 0x8000 space that will be resident. This is AXI WRAM. We have about 0x3700 bytes here.
- // According to 3dbrew, this space's props from userland:
- // [L2L] VA fff00000..fff20000 -> PA 1ff80000..1ffa0000 [ X ] [ Priv: R-, User: -- ]
- // It can be executed by the system but not written (and can only be executed with privs)
- // This seems to be the perfect place to stick some code to be resident in memory. Beyond this,
- // it might be needed to replace a svc call to access it. I'm rather sure that NTR does this.
-
- *pos_native = (uint32_t)mem;
- memcpy(mem, L"sdmc:", 10);
- mem += 10;
- for (size_t i = 0; i < sizeof(PATH_NATIVE_P); i++, mem += 2) {
- *mem = PATH_NATIVE_P[i];
- *(mem + 1) = 0;
- }
-
- *pos_twl = (uint32_t)mem;
- memcpy(mem, L"sdmc:", 10);
- mem += 10;
- for (size_t i = 0; i < sizeof(PATH_TWL_P); i++, mem += 2) {
- *mem = PATH_TWL_P[i];
- *(mem + 1) = 0;
- }
-
- *pos_agb = (uint32_t)mem;
- memcpy(mem, L"sdmc:", 10);
- mem += 10;
- for (size_t i = 0; i < sizeof(PATH_AGB_P); i++, mem += 2) {
- *mem = PATH_AGB_P[i];
- *(mem + 1) = 0;
- }
-
- uint32_t *pos_rebc = (uint32_t *)memfind(off, size, "rebc", 4);
- *pos_rebc = (uint32_t)mem;
-
- fprintf(stderr, "reboot: rebc @ %lx\n", (uint32_t)pos_rebc);
-
- f = fopen(PATH_REBOOT_CODE, "r");
- if (!f)
- abort("reboot: boot not found on SD\n");
-
- fread(mem, 1, fsize(f), f);
- fclose(f);
-}
+++ /dev/null
-#include <common.h>
-
-uint8_t *arm11Section1 = NULL;
-uint32_t *svc_tab_open = NULL, *exceptionsPage = NULL, *svcTable = NULL;
-int svc_offs_init = 0;
-
-// This code handles restoration of backdoor
-
-int
-patch_services()
-{
- if (svc_offs_init == 0) {
- arm11Section1 = (uint8_t *)firm_loc + firm_loc->section[1].offset;
-
- uint8_t pattern[] = { 0x00, 0xB0, 0x9C, 0xE5 }; // cpsid aif
-
- exceptionsPage = (uint32_t *)memfind(arm11Section1, firm_loc->section[1].size, pattern, 4) - 0xB;
-
- uint32_t svcOffset = (-(((exceptionsPage)[2] & 0xFFFFFF) << 2) & (0xFFFFFF << 2)) - 8; // Branch offset + 8 for prefetch
- svcTable = (uint32_t *)(arm11Section1 + *(uint32_t *)(arm11Section1 + 0xFFFF0008 - svcOffset - 0xFFF00000 + 8) - 0xFFF00000); // SVC handler address
- while (*svcTable)
- svcTable++; // Look for SVC0 (NULL)
-
- // Skip to free space
- for (svc_tab_open = exceptionsPage; *svc_tab_open != 0xFFFFFFFF; svc_tab_open++)
- ;
- svc_offs_init = 1;
- }
-
- // Make sure svcBackdoor is there.
- if (!svcTable[0x7B]) {
- fprintf(stderr, "svc: 0x7B (backdoor) missing.\n");
-
- FILE *data = fopen(PATH_BACKDOOR, "r");
- uint32_t size = fsize(data);
-
- fprintf(stderr, "Svc: backdoor is %lu bytes\n", size);
- fprintf(stderr, "Svc: Read code to %lx\n", (uint32_t)svc_tab_open);
-
- fread(svc_tab_open, 1, size, data);
-
- fclose(data);
-
- // memcpy(svc_tab_open, svcbackdoor, sizeof(svcbackdoor));
- svcTable[0x7B] = 0xFFFF0000 + (uint32_t)((uint8_t *)svc_tab_open - (uint8_t *)exceptionsPage);
-
- svc_tab_open += size;
-
- fprintf(stderr, "svc: Injected 0x7B.\n");
- } else {
- fprintf(stderr, "svc: No change needed.\n");
- }
-
- return 0;
-}
+++ /dev/null
-#include <common.h>
-#include <stdint.h>
-
-// TODO - Basically all this needs to move to patcher programs.
-
-extern int patch_services();
-extern int patch_modules();
-extern int patch_reboot();
-
-extern int doing_autoboot;
-
-extern uint8_t *enable_list;
-
-void
-wait()
-{
- if (config.options[OPTION_TRACE] && !doing_autoboot) {
- fprintf(stderr, "[Waiting...]");
- wait_key(0); // No delay on traces.
- }
- fprintf(stderr, " \r");
-}
-
-void list_patches_build(char *name, int desc_is_fname);
-
-int
-generate_patch_cache()
-{
- // Remove cache
- rrmdir(PATH_LOADER_CACHE);
- f_mkdir(PATH_LOADER_CACHE);
-
- list_patches_build(PATH_PATCHES, 1);
-
- struct options_s *patches = (struct options_s *)FCRAM_MENU_LOC;
-
- for (int i = 0; patches[i].index != -1; i++) {
- if (enable_list[patches[i].index]) {
- // Patch is enabled. Cache it.
- if (execb(patches[i].desc, 1)) {
- abort("Failed to apply:\n %s\n", patches[i].name);
- }
-
- wait();
- }
- }
-
- return 0;
-}
-
-int
-patch_firm_all()
-{
- execb(PATH_LOADER_CACHE "/BOOT", 0);
-
- fprintf(stderr, "VM exited without issue\n");
-
- // Hook firmlaunch?
- if (config.options[OPTION_REBOOT]) {
- patch_reboot();
-
- wait();
- }
-
- // Use EmuNAND?
- if (config.options[OPTION_EMUNAND]) {
- // Yes.
- patch_emunand(config.options[OPTION_EMUNAND_INDEX]);
-
- wait();
- }
-
- // Inject services?
- if (config.options[OPTION_SVCS]) {
- if (patch_services()) {
- abort("Fatal. Svc inject has failed.");
- }
- wait();
- }
-
- // Replace loader?
- if (config.options[OPTION_LOADER]) {
- if (patch_modules()) {
- abort("Fatal. Loader inject has failed.");
- }
- // This requires OPTION_SIGPATCH.
- wait();
- }
-
- // Use ARM9 hook thread?
- if (config.options[OPTION_ARM9THREAD]) {
- // Yes.
-
- // FIXME - NYI
- wait();
- }
-
- return 0;
-}
projects / corbenik / corbenik.git / commitdiff