More cleanup
This commit is contained in:
parent
7e46046e3b
commit
158659e5b0
@ -48,13 +48,13 @@ u32 getSDMMC(u8 *pos, u32 size)
|
|||||||
return *(u32 *)(off + 9) + *(u32 *)(off + 0xD);
|
return *(u32 *)(off + 9) + *(u32 *)(off + 0xD);
|
||||||
}
|
}
|
||||||
|
|
||||||
void getEmuRW(u8 *pos, u32 size, u32 *readOff, u32 *writeOff)
|
void getEmuRW(u8 *pos, u32 size, u32 *readOffset, u32 *writeOffset)
|
||||||
{
|
{
|
||||||
//Look for read/write code
|
//Look for read/write code
|
||||||
const u8 pattern[] = {0x1E, 0x00, 0xC8, 0x05};
|
const u8 pattern[] = {0x1E, 0x00, 0xC8, 0x05};
|
||||||
|
|
||||||
*readOff = (u32)memsearch(pos, pattern, size, 4) - 6;
|
*readOffset = (u32)memsearch(pos, pattern, size, 4) - 6;
|
||||||
*writeOff = (u32)memsearch((u8 *)(*readOff + 0xA), pattern, 0x100, 4) - 6;
|
*writeOffset = (u32)memsearch((u8 *)(*readOffset + 0xA), pattern, 0x100, 4) - 6;
|
||||||
}
|
}
|
||||||
|
|
||||||
u32 *getMPU(u8 *pos, u32 size)
|
u32 *getMPU(u8 *pos, u32 size)
|
||||||
|
@ -369,31 +369,19 @@ static inline void reimplementSvcBackdoor(void)
|
|||||||
{
|
{
|
||||||
u8 *arm11Section1 = (u8 *)firm + section[1].offset;
|
u8 *arm11Section1 = (u8 *)firm + section[1].offset;
|
||||||
|
|
||||||
u32 *exceptionsPage = getExceptionVectorsPage(arm11Section1, section[1].size);
|
u32 exceptionsPage;
|
||||||
|
|
||||||
u32 offset = (-((exceptionsPage[2] & 0xFFFFFF) << 2) & 0xFFFFF) + 8; //Branch offset + 8 for prefetch
|
u32 *svcTable = getSvcAndExceptions(arm11Section1, section[1].size, &exceptionsPage);
|
||||||
u32 *svcTable = (u32 *)(arm11Section1 + *(u32 *)(arm11Section1 + 0xFFFF0008 - offset - 0xFFF00000 + 8) - 0xFFF00000); //SVC handler address
|
|
||||||
while(*svcTable != 0) svcTable++; //SVC0 = NULL
|
|
||||||
|
|
||||||
if(!svcTable[0x7B])
|
if(!svcTable[0x7B])
|
||||||
{
|
{
|
||||||
u32 *freeSpace;
|
u32 *freeSpace;
|
||||||
|
|
||||||
for(freeSpace = exceptionsPage; *freeSpace != 0xFFFFFFFF; freeSpace++);
|
for(freeSpace = (u32 *)exceptionsPage; *freeSpace != 0xFFFFFFFF; freeSpace++);
|
||||||
|
|
||||||
//Official implementation of svcBackdoor
|
memcpy(freeSpace, svcBackdoor, 40);
|
||||||
freeSpace[0] = 0xE3CD10FF; //bic r1, sp, #0xff
|
|
||||||
freeSpace[1] = 0xE3811C0F; //orr r1, r1, #0xf00
|
|
||||||
freeSpace[2] = 0xE2811028; //add r1, r1, #0x28
|
|
||||||
freeSpace[3] = 0xE5912000; //ldr r2, [r1]
|
|
||||||
freeSpace[4] = 0xE9226000; //stmdb r2!, {sp, lr}
|
|
||||||
freeSpace[5] = 0xE1A0D002; //mov sp, r2
|
|
||||||
freeSpace[6] = 0xE12FFF30; //blx r0
|
|
||||||
freeSpace[7] = 0xE8BD0003; //pop {r0, r1}
|
|
||||||
freeSpace[8] = 0xE1A0D000; //mov sp, r0
|
|
||||||
freeSpace[9] = 0xE12FFF11; //bx r1
|
|
||||||
|
|
||||||
svcTable[0x7B] = 0xFFFF0000 + ((u8 *)freeSpace - (u8 *)exceptionsPage);
|
svcTable[0x7B] = 0xFFFF0000 + (u32)((u8 *)freeSpace - exceptionsPage);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -487,11 +475,11 @@ static inline void patchLegacyFirm(u32 firmType)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline void launchFirm(u32 firstSectionToCopy, u32 bootType)
|
static inline void launchFirm(u32 sectionNum, u32 bootType)
|
||||||
{
|
{
|
||||||
//Copy FIRM sections to respective memory locations
|
//Copy FIRM sections to respective memory locations
|
||||||
for(u32 i = firstSectionToCopy; i < 4 && section[i].size; i++)
|
for(; sectionNum < 4 && section[sectionNum].size; sectionNum++)
|
||||||
memcpy(section[i].address, (u8 *)firm + section[i].offset, section[i].size);
|
memcpy(section[sectionNum].address, (u8 *)firm + section[sectionNum].offset, section[sectionNum].size);
|
||||||
|
|
||||||
//Determine the ARM11 entry to use
|
//Determine the ARM11 entry to use
|
||||||
vu32 *arm11;
|
vu32 *arm11;
|
||||||
|
@ -46,4 +46,4 @@ static inline void copySection0AndInjectLoader(void);
|
|||||||
static inline void patchSafeFirm(void);
|
static inline void patchSafeFirm(void);
|
||||||
static void patchFirmWrites(u8 *offset, u32 size, u32 mode);
|
static void patchFirmWrites(u8 *offset, u32 size, u32 mode);
|
||||||
static inline void patchLegacyFirm(u32 firmType);
|
static inline void patchLegacyFirm(u32 firmType);
|
||||||
static inline void launchFirm(u32 firstSectionToCopy, u32 bootType);
|
static inline void launchFirm(u32 sectionNum, u32 bootType);
|
@ -16,6 +16,18 @@ const u16 nandRedir[2] = {0x4C00, 0x47A0},
|
|||||||
writeBlock[2] = {0x2000, 0x46C0},
|
writeBlock[2] = {0x2000, 0x46C0},
|
||||||
writeBlockSafe[2] = {0x2400, 0xE01D};
|
writeBlockSafe[2] = {0x2400, 0xE01D};
|
||||||
|
|
||||||
|
//Official implementation of svcBackdoor
|
||||||
|
const u8 svcBackdoor[40] = {0xFF, 0x10, 0xCD, 0xE3, //bic r1, sp, #0xff
|
||||||
|
0x0F, 0x1C, 0x81, 0xE3, //orr r1, r1, #0xf00
|
||||||
|
0x28, 0x10, 0x81, 0xE2, //add r1, r1, #0x28
|
||||||
|
0x00, 0x20, 0x91, 0xE5, //ldr r2, [r1]
|
||||||
|
0x00, 0x60, 0x22, 0xE9, //stmdb r2!, {sp, lr}
|
||||||
|
0x02, 0xD0, 0xA0, 0xE1, //mov sp, r2
|
||||||
|
0x30, 0xFF, 0x2F, 0xE1, //blx r0
|
||||||
|
0x03, 0x00, 0xBD, 0xE8, //pop {r0, r1}
|
||||||
|
0x00, 0xD0, 0xA0, 0xE1, //mov sp, r0
|
||||||
|
0x11, 0xFF, 0x2F, 0xE1}; //bx r1
|
||||||
|
|
||||||
/**************************************************
|
/**************************************************
|
||||||
* Functions
|
* Functions
|
||||||
**************************************************/
|
**************************************************/
|
||||||
@ -24,7 +36,7 @@ u8 *getProcess9(u8 *pos, u32 size, u32 *process9Size, u32 *process9MemAddr)
|
|||||||
{
|
{
|
||||||
u8 *off = memsearch(pos, "ess9", size, 4);
|
u8 *off = memsearch(pos, "ess9", size, 4);
|
||||||
|
|
||||||
*process9Size = *(u32 *)(off - 0x100) * 0x200;
|
*process9Size = *(u32 *)(off - 0x60) * 0x200;
|
||||||
*process9MemAddr = *(u32 *)(off + 0xC);
|
*process9MemAddr = *(u32 *)(off + 0xC);
|
||||||
|
|
||||||
//Process9 code offset (start of NCCH + ExeFS offset + ExeFS header size)
|
//Process9 code offset (start of NCCH + ExeFS offset + ExeFS header size)
|
||||||
@ -88,9 +100,15 @@ u32 getLoader(u8 *pos, u32 *loaderSize)
|
|||||||
return (u32)(off - pos);
|
return (u32)(off - pos);
|
||||||
}
|
}
|
||||||
|
|
||||||
u32 *getExceptionVectorsPage(u8 *pos, u32 size)
|
u32 *getSvcAndExceptions(u8 *pos, u32 size, u32 *exceptionsPage)
|
||||||
{
|
{
|
||||||
const u8 pattern[] = {0x00, 0xB0, 0x9C, 0xE5};
|
const u8 pattern[] = {0x00, 0xB0, 0x9C, 0xE5};
|
||||||
|
|
||||||
return (u32 *)(memsearch(pos, pattern, size, 4) - 0x2C);
|
*exceptionsPage = (u32)memsearch(pos, pattern, size, 4) - 0x2C;
|
||||||
|
|
||||||
|
u32 svcOffset = (-((*(u32 *)(*exceptionsPage + 8) & 0xFFFFFF) << 2) & 0xFFFFF) - 8; //Branch offset + 8 for prefetch
|
||||||
|
u32 *svcTable = (u32 *)(pos + *(u32 *)(pos + 0xFFFF0008 - svcOffset - 0xFFF00000 + 8) - 0xFFF00000); //SVC handler address
|
||||||
|
while(*svcTable) svcTable++; //Look for SVC0 (NULL)
|
||||||
|
|
||||||
|
return svcTable;
|
||||||
}
|
}
|
@ -14,6 +14,7 @@ const u16 nandRedir[2],
|
|||||||
sigPatch[2],
|
sigPatch[2],
|
||||||
writeBlock[2],
|
writeBlock[2],
|
||||||
writeBlockSafe[2];
|
writeBlockSafe[2];
|
||||||
|
const u8 svcBackdoor[40];
|
||||||
|
|
||||||
/**************************************************
|
/**************************************************
|
||||||
* Functions
|
* Functions
|
||||||
@ -24,4 +25,4 @@ void *getReboot(u8 *pos, u32 size, u32 process9MemAddr, u32 *fOpenOffset);
|
|||||||
u16 *getFirmWrite(u8 *pos, u32 size);
|
u16 *getFirmWrite(u8 *pos, u32 size);
|
||||||
u16 *getFirmWriteSafe(u8 *pos, u32 size);
|
u16 *getFirmWriteSafe(u8 *pos, u32 size);
|
||||||
u32 getLoader(u8 *pos, u32 *loaderSize);
|
u32 getLoader(u8 *pos, u32 *loaderSize);
|
||||||
u32 *getExceptionVectorsPage(u8 *pos, u32 size);
|
u32 *getSvcAndExceptions(u8 *pos, u32 size, u32 *exceptionsPage);
|
@ -6,8 +6,6 @@
|
|||||||
#include "i2c.h"
|
#include "i2c.h"
|
||||||
#include "buttons.h"
|
#include "buttons.h"
|
||||||
|
|
||||||
u32 chronoStarted = 0;
|
|
||||||
|
|
||||||
u32 waitInput(void)
|
u32 waitInput(void)
|
||||||
{
|
{
|
||||||
u32 pressedKey = 0,
|
u32 pressedKey = 0,
|
||||||
@ -42,7 +40,7 @@ void mcuReboot(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
//TODO: add support for TIMER IRQ
|
//TODO: add support for TIMER IRQ
|
||||||
void startChrono(u64 initialTicks)
|
static void startChrono(u64 initialTicks)
|
||||||
{
|
{
|
||||||
//Based on a NATIVE_FIRM disassembly
|
//Based on a NATIVE_FIRM disassembly
|
||||||
|
|
||||||
@ -57,7 +55,13 @@ void startChrono(u64 initialTicks)
|
|||||||
|
|
||||||
u64 chrono(void)
|
u64 chrono(void)
|
||||||
{
|
{
|
||||||
if(!chronoStarted) startChrono(0);
|
static u32 chronoStarted = 0;
|
||||||
|
|
||||||
|
if(!chronoStarted)
|
||||||
|
{
|
||||||
|
startChrono(0);
|
||||||
|
chronoStarted++;
|
||||||
|
}
|
||||||
|
|
||||||
u64 res = 0;
|
u64 res = 0;
|
||||||
|
|
||||||
@ -68,5 +72,5 @@ u64 chrono(void)
|
|||||||
|
|
||||||
void stopChrono(void)
|
void stopChrono(void)
|
||||||
{
|
{
|
||||||
if(chronoStarted) for(u32 i = 1; i < 4; i++) *(vu16 *)(0x10003002 + 4 * i) &= ~0x80;
|
for(u32 i = 1; i < 4; i++) *(vu16 *)(0x10003002 + 4 * i) &= ~0x80;
|
||||||
}
|
}
|
@ -11,6 +11,5 @@ void mcuReboot(void);
|
|||||||
|
|
||||||
#define TICKS_PER_SEC 67027964ULL
|
#define TICKS_PER_SEC 67027964ULL
|
||||||
|
|
||||||
void startChrono(u64 initialTicks);
|
|
||||||
u64 chrono(void);
|
u64 chrono(void);
|
||||||
void stopChrono(void);
|
void stopChrono(void);
|
Reference in New Issue
Block a user