This repository has been archived on 2022-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
Luma3DS-3GX/patches/reboot.s

210 lines
4.3 KiB
ArmAsm
Raw Permalink Normal View History

; Code originally from delebile and mid-kid
.arm.little
2016-02-08 03:37:03 +01:00
copy_launch_stub_stack_top equ 0x01FFB800
copy_launch_stub_stack_bottom equ 0x01FFA800
copy_launch_stub_addr equ 0x01FF9000
2016-02-08 03:37:03 +01:00
argv_addr equ (copy_launch_stub_stack_bottom - 0x100)
fname_addr equ (copy_launch_stub_stack_bottom - 0x200)
low_tid_addr equ (copy_launch_stub_stack_bottom - 0x300)
firm_addr equ 0x20001000
firm_maxsize equ 0x07FFF000
.create "build/reboot.bin", 0
2016-02-08 03:37:03 +01:00
.arm
2016-08-27 18:10:51 +02:00
; Interesting registers and locations to keep in mind, set just before this code is ran:
; - r1: FIRM path in exefs.
; - r7 (or r8): pointer to file object
2016-08-27 18:10:51 +02:00
; - *r7: vtable
2017-05-23 16:11:39 +02:00
; - *(vtable + 0x28): fread function
2016-08-28 02:38:30 +02:00
; - *(r7 + 8): file handle
2016-08-27 18:10:51 +02:00
sub r7, r0, #8
2016-08-27 18:10:51 +02:00
mov r8, r1
pxi_wait_recv:
ldr r2, =0x44846
ldr r0, =0x10008000
readPxiLoop1:
ldrh r1, [r0, #4]
lsls r1, #0x17
bmi readPxiLoop1
ldr r0, [r0, #0xC]
cmp r0, r2
bne pxi_wait_recv
; Open file
add r0, r7, #8
adr r1, fname
mov r2, #1
ldr r6, [fopen]
orr r6, 1
blx r6
cmp r0, #0
bne panic
; Read file
mov r0, r7
adr r1, bytes_read
ldr r2, =firm_addr
ldr r3, =firm_maxsize
ldr r6, [r7]
ldr r6, [r6, #0x28]
blx r6
2017-05-20 03:49:03 +02:00
; Copy the low TID (in UTF-16) of the wanted firm
ldr r0, =low_tid_addr
2016-10-23 03:47:10 +02:00
add r1, r8, #0x1A
mov r2, #0x10
bl memcpy16
2016-02-08 03:37:03 +01:00
2017-05-20 03:49:03 +02:00
; Copy argv[0]
ldr r0, =fname_addr
adr r1, fname
2017-06-14 02:05:32 +02:00
mov r2, #82
bl memcpy16
ldr r0, =argv_addr
ldr r1, =fname_addr
ldr r2, =low_tid_addr
stmia r0, {r1, r2}
; Set kernel state
mov r0, #0
mov r1, #0
mov r2, #0
mov r3, #0
swi 0x7C
goto_reboot:
; Jump to reboot code
ldr r0, =(kernelcode_start - goto_reboot - 12)
2016-08-27 18:10:51 +02:00
add r0, pc ; pc is two instructions ahead of the instruction being executed (12 = 2*4 + 4)
swi 0x7B
die:
b die
memcpy16:
cmp r2, #0
bxeq lr
add r2, r0, r2
copy_loop16:
ldrh r3, [r1], #2
strh r3, [r0], #2
cmp r0, r2
blo copy_loop16
bx lr
2016-10-22 23:38:26 +02:00
panic:
2016-10-23 03:47:10 +02:00
mov r1, r0 ; unused register
2016-10-22 23:38:26 +02:00
mov r0, #0
2016-10-23 03:47:10 +02:00
swi 0x3C ; svcBreak(USERBREAK_PANIC)
b die
bytes_read: .word 0
fopen: .ascii "OPEN"
2016-02-08 03:37:03 +01:00
.pool
2017-05-19 22:40:07 +02:00
.area 82, 0
2017-05-20 02:29:26 +02:00
fname: .ascii "FILE"
2017-05-19 22:40:07 +02:00
.endarea
.align 4
kernelcode_start:
2016-07-01 20:27:28 +02:00
mrs r0, cpsr ; disable interrupts
orr r0, #0xC0
msr cpsr, r0
ldr sp, =copy_launch_stub_stack_top
ldr r0, =copy_launch_stub_addr
adr r1, copy_launch_stub
mov r2, #(copy_launch_stub_end - copy_launch_stub)
bl memcpy32
2016-07-01 20:27:28 +02:00
; Disable MPU
2016-10-23 03:47:10 +02:00
ldr r0, =0x42078 ; alt vector select, enable itcm
mcr p15, 0, r0, c1, c0, 0
2016-07-01 20:27:28 +02:00
bl flushCaches
ldr r0, =copy_launch_stub_addr
bx r0
copy_launch_stub:
ldr r4, =firm_addr
mov r5, #0
load_section_loop:
; Such checks. Very ghetto. Wow.
add r3, r4, #0x40
add r3, r5,lsl #5
add r3, r5,lsl #4
ldmia r3, {r6-r8}
2017-05-20 03:49:03 +02:00
cmp r8, #0
movne r0, r7
addne r1, r4, r6
movne r2, r8
blne memcpy32
add r5, #1
2017-06-13 23:08:32 +02:00
cmp r5, #4
blo load_section_loop
mov r0, #2 ; argc
ldr r1, =argv_addr ; argv
2017-05-23 16:11:39 +02:00
ldr r2, =0xBABE ; magic word
mov r5, #0x20000000
ldr r6, [r4, #0x08]
str r6, [r5, #-4] ; store arm11 entrypoint
ldr lr, [r4, #0x0c]
bx lr
memcpy32:
add r2, r0, r2
copy_loop32:
ldr r3, [r1], #4
str r3, [r0], #4
cmp r0, r2
blo copy_loop32
bx lr
2017-05-20 00:18:41 +02:00
.pool
copy_launch_stub_end:
flushCaches:
2016-07-01 20:27:28 +02:00
; Clean and flush data cache
2016-10-23 03:47:10 +02:00
mov r1, #0 ; segment counter
2016-07-01 20:27:28 +02:00
outer_loop:
2016-10-23 03:47:10 +02:00
mov r0, #0 ; line counter
2016-07-01 20:27:28 +02:00
inner_loop:
2016-10-23 03:47:10 +02:00
orr r2, r1, r0 ; generate segment and line address
mcr p15, 0, r2, c7, c14, 2 ; clean and flush the line
add r0, #0x20 ; increment to next line
2016-07-01 20:27:28 +02:00
cmp r0, #0x400
bne inner_loop
add r1, #0x40000000
cmp r1, #0
bne outer_loop
2016-10-23 03:47:10 +02:00
; Drain write buffer
mcr p15, 0, r1, c7, c10, 4
2016-07-01 20:27:28 +02:00
; Flush instruction cache
mcr p15, 0, r1, c7, c5, 0
bx lr
.close