From 5cceb0946f467f70340a157b48f31ea5fdd7f88e Mon Sep 17 00:00:00 2001
From: Jon Feldman <chaos.kagami@gmail.com>
Date: Thu, 9 Feb 2017 08:33:52 -0500
Subject: [PATCH] Save path string the same way as Luma, rather than convert
 the path string like Cakes; that's way too much assembly imho

It's not like there's really any other way to implement this, unless I were to stick it in memory elsewhere. The assembly would still be the same other than the offset.
---
 bits/reboot_hook.s | 25 ++++++++++++++++++++++---
 boot/corbenik.c    | 11 ++++++++++-
 boot/start.s       | 14 ++++++++------
 3 files changed, 40 insertions(+), 10 deletions(-)

diff --git a/bits/reboot_hook.s b/bits/reboot_hook.s
index 18bc435..53c0e7c 100644
--- a/bits/reboot_hook.s
+++ b/bits/reboot_hook.s
@@ -5,9 +5,11 @@
 .global _start
 _start:
     // Interesting registers and locations to keep in mind, set before this code is ran:
-    // - sp + 0x3A8 - 0x70: FIRM path in exefs.
-    // - r7 (which is sp + 0x3A8 - 0x198): Reserved space for file handle
-    // - *(sp + 0x3A8 - 0x198) + 0x28: fread function.
+    // - r1: FIRM path in exefs.
+    // - r7: Reserved space for file handle
+    // - *(*r7 + 0x28): fread function.
+
+    mov r8, r1
 
     pxi_wait_recv:
         ldr r2, =0x44846
@@ -42,6 +44,13 @@ _start:
         ldr r6, [r6, #0x28]
         blx r6
 
+    // Copy the low TID (in UTF-16) of the wanted firm to the 5th byte of the payload
+    ldr r0, =load_addr
+    add r0, #4
+    add r1, r8, #0x1A
+    mov r2, #0x10
+    bl memcpy16
+
     // Set kernel state
     mov r0, #0
     mov r1, #0
@@ -58,6 +67,16 @@ _start:
     die:
         b die
 
+    memcpy16:
+        add r2, r0, r2
+        copy_loop:
+            ldrh r3, [r1], #2
+            strh r3, [r0], #2
+            cmp r0, r2
+            blo copy_loop
+        bx lr
+
+title:           .word 0
 bytes_read:      .word 0
 fopen:           .ascii "OPEN"
 koffset_base:    .word kernel_code-jump_to_kernel-12
diff --git a/boot/corbenik.c b/boot/corbenik.c
index 737ec27..526302c 100644
--- a/boot/corbenik.c
+++ b/boot/corbenik.c
@@ -24,10 +24,19 @@ void shut_up(void);
 
 extern int changed_consoles;
 
+extern uint16_t titleid_passthru[8];
+
+int get_firmtype() {
+    if (titleid_passthru[5] >= u'0' && titleid_passthru[5] <= u'2')
+        return titleid_passthru[5] - u'0';
+
+    return 0;
+}
+
 int
 main(int argc, char** argv)
 {
-    if (ctr_hid_get_buttons() & CTR_HID_LT)
+    if (get_firmtype() != 0)
         ctr_system_poweroff();
 
     int have_bg = 0;
diff --git a/boot/start.s b/boot/start.s
index a379eca..09398ef 100644
--- a/boot/start.s
+++ b/boot/start.s
@@ -2,18 +2,20 @@
 .global _start
 .section .text.start, "x"
 _start:
+    b init
+
+.global titleid_passthru
+titleid_passthru: .fill 8, 2, 0
+argc: .int 0
+argv: .int 0
+
+init:
     ldr r2, =argc
     str r0, [r2]
 
     ldr r2, =argv
     str r1, [r2]
 
-    b init
-
-argc: .int 0x00000000
-argv: .int 0x00000000
-
-init:
     // Disable IRQ
     mrs r0, cpsr
     orr r0, r0, #0x80
-- 
2.39.5