From d2af032e819868a6f1bfca133ee839ed5ebefcac Mon Sep 17 00:00:00 2001
From: chaoskagami <chaos.kagami@gmail.com>
Date: Sat, 14 May 2016 19:43:38 -0400
Subject: [PATCH] Added firmprot patcher

---
 source/config.h  | 29 ++++++++++++------------
 source/menu.c    |  7 +++---
 source/patcher.c | 58 +++++++++++++++++++++++++++++++++++++++++++++---
 3 files changed, 74 insertions(+), 20 deletions(-)

diff --git a/source/config.h b/source/config.h
index 6325543..f4a6abe 100644
--- a/source/config.h
+++ b/source/config.h
@@ -18,24 +18,25 @@ struct config_file {
 extern struct config_file config;
 
 #define OPTION_SIGPATCH     0  // Use builtin signature patch.
-#define OPTION_LOADER       1  // Use builtin loader module replacer.
-#define OPTION_ARM9THREAD   2  // Use builtin ARM9 thread injector.
+#define OPTION_FIRMPROT     1  // Protect firmware from writes.
+#define OPTION_LOADER       2  // Use builtin loader module replacer.
+#define OPTION_ARM9THREAD   3  // Use builtin ARM9 thread injector.
 
-#define OPTION_AUTOBOOT     3  // Skip menu unless L is held.
-#define OPTION_SILENCE      4  // Don't print debug information.
-#define OPTION_TRACE        5  // Pause for A key on each step.
+#define OPTION_AUTOBOOT     4  // Skip menu unless L is held.
+#define OPTION_SILENCE      5  // Don't print debug information.
+#define OPTION_TRACE        6  // Pause for A key on each step.
 
-#define OPTION_TRANSP_BG    6  // Background color is not drawn under text.
-#define OPTION_NO_CLEAR_BG  7  // Framebuffer is preserved from whatever ran before us.
-#define OPTION_READ_ME      8  // Remove Help/Readme from menu.
+#define OPTION_TRANSP_BG    7  // Background color is not drawn under text.
+#define OPTION_NO_CLEAR_BG  8  // Framebuffer is preserved from whatever ran before us.
+#define OPTION_READ_ME      9  // Remove Help/Readme from menu.
 
-#define IGNORE_PATCH_DEPS   9  // Ignore patch UUID dependencies. Not recommended.
-#define IGNORE_BROKEN_SHIT  10 // Allow enabling patches which are marked as 'incompatible'. Chances are there's a reason.
+#define IGNORE_PATCH_DEPS   10  // Ignore patch UUID dependencies. Not recommended.
+#define IGNORE_BROKEN_SHIT  11 // Allow enabling patches which are marked as 'incompatible'. Chances are there's a reason.
 
-#define HEADER_COLOR        11 // Color of header text.
-#define BG_COLOR            12 // Color of background.
-#define TEXT_COLOR          13 // Color of most text.
-#define ARROW_COLOR         14 // Color of Arrow.
+//#define HEADER_COLOR        12 // Color of header text.
+//#define BG_COLOR            13 // Color of background.
+//#define TEXT_COLOR          14 // Color of most text.
+//#define ARROW_COLOR         15 // Color of Arrow.
 
 void load_config();
 void save_config();
diff --git a/source/menu.c b/source/menu.c
index a44090b..1b68c47 100644
--- a/source/menu.c
+++ b/source/menu.c
@@ -58,9 +58,10 @@ int menu_options() {
     set_cursor(TOP_SCREEN, 0, 0);
 
     const char *list[] = {
-        "Signature patch (builtin)",
-        "Loader module (builtin)",
-        "ARM9 thread (builtin)",
+        "Signature Patch",
+        "FIRM Write Protection",
+        "Inject Loader",
+        "Enable ARM9 Thread",
 
         "Autoboot",
         "Silence debug output",
diff --git a/source/patcher.c b/source/patcher.c
index 344f859..e5cf3c7 100644
--- a/source/patcher.c
+++ b/source/patcher.c
@@ -89,16 +89,70 @@ int patch_signatures() {
 	return 0;
 }
 
+int patch_firmprot() {
+	uint8_t *firm_mem = (uint8_t*)firm_p9_exefs + sizeof(exefs_h) + firm_p9_exefs->fileHeaders[0].offset;
+	uint32_t size = firm_p9_exefs->fileHeaders[0].size;
+
+    //Look for FIRM writing code
+    uint8_t* off = memfind(firm_mem, size, (uint8_t*)"exe:", 4);
+
+	if(off == NULL) {
+		fprintf(stderr, "Couldn't find 'exe:' string.\n");
+		return 1;
+	}
+
+	fprintf(stderr, "Firmprot: 'exe:' string @ %x\n", (uint32_t)off);
+
+    uint8_t pattern[] = {0x00, 0x28, 0x01, 0xDA};
+
+    uint8_t* firmprot = memfind(off - 0x100, 0x100, pattern, 4);
+
+	if(firmprot == NULL) {
+		fprintf(stderr, "Couldn't find firmprot code.\n");
+		return 2;
+	}
+
+	fprintf(stderr, "Firmprot: %x\n", (uint32_t)firmprot);
+
+	uint8_t patch[] = {0x00, 0x20, 0xC0, 0x46};
+	memcpy(firmprot, patch, 4);
+
+	fprintf(stderr, "Applied firmprot patch.\n");
+
+	return 0;
+}
+
+void wait() {
+	if (config.options[OPTION_TRACE]) {
+		fprintf(stderr, "Pausing because trace is on.\n");
+		wait_key();
+	}
+}
+
 int patch_firm_all() {
 	// Use builtin signature patcher?
 
-	fprintf(stderr, "Signature patch: %s\n", ((config.options[OPTION_SIGPATCH]) ? "yes" : "no" ));
+	fprintf(stderr, "Sigpatch: %s\n", ((config.options[OPTION_SIGPATCH]) ? "yes" : "no" ));
+	fprintf(stderr, "Protect: %s\n", ((config.options[OPTION_FIRMPROT]) ? "yes" : "no" ));
+
+	wait();
+
 	if (config.options[OPTION_SIGPATCH]) {
 		if(patch_signatures()) {
 			abort("Fatal. Sigpatch has failed.");
 		}
 	}
 
+	wait();
+
+	if (config.options[OPTION_FIRMPROT]) {
+		if(patch_firmprot()) {
+			abort("Fatal. Firmprot has failed.");
+		}
+	}
+
+	wait();
+
 	// Replace loader?
 	if (config.options[OPTION_LOADER]) {
 		// Yes.
@@ -113,7 +167,5 @@ int patch_firm_all() {
 		// FIXME - NYI
 	}
 
-	wait_key();
-
 	return 0;
 }
-- 
2.39.5