Added Rosalina, see details

- see release notes - ( ͡° ͜ʖ ͡°)( ͡° ͜ʖ ͡°)( ͡° ͜ʖ ͡°) - (∩ ͡° ͜ʖ ͡°)⊃━☆ﾟ - ( ͡ᵔ ͜ʖ ͡ᵔ) ♫┌( ͡° ͜ʖ ͡°)┘♪ ♫└( ͡° ͜ʖ ͡°)┐♪
2017-06-05 02:02:04 +02:00
parent 4429cb2095
commit 21db0d45bd
226 changed files with 20505 additions and 1320 deletions
--- a/patches/k11MainHook.s
+++ b/patches/k11MainHook.s
@@ -0,0 +1,73 @@
+.arm.little
+
+.create "build/k11MainHook.bin", 0
+.arm
+
+bindSGI0:
+    ; hook __kernel_main to bind SGI0 for own purposes
+    push {r0-r4, lr}
+    sub sp, #16                  ; 3 args passed through the stack + alignment
+    ldr r0, [interruptManager]
+    adr r1, interruptEvent
+    mov r2, #0
+    mrc p15, 0, r3, c0, c0, 5
+    and r3, #3
+    mov r4, #0
+    str r4, [sp]
+    str r4, [sp, #4]
+    str r4, [sp, #8]
+
+    ldr r12, [InterruptManager_mapInterrupt]
+    blx r12
+    cmp r0, #0
+    blt .
+
+    add sp, #16
+    pop {r0-r4, pc}
+
+executeCustomHandler:
+    push {r4, lr}
+    mrs r4, cpsr
+    adr r0, customHandler
+    bl convertVAToPA
+    orr r0, #(1 << 31)
+    ldr r12, [r0]
+
+    blx r12
+
+    mov r0, #0
+    msr cpsr_cx, r4
+    pop {r4, pc}
+
+convertVAToPA:
+    mov r1, #0x1000
+    sub r1, #1
+    and r2, r0, r1
+    bic r0, r1
+    mcr p15, 0, r0, c7, c8, 0    ; VA to PA translation with privileged read permission check
+    mrc p15, 0, r0, c7, c4, 0    ; read PA register
+    tst r0, #1                   ; failure bit
+    bic r0, r1
+    addeq r0, r2
+    movne r0, #0
+    bx lr
+
+.pool
+
+; Result InterruptManager::mapInterrupt(InterruptManager *this, InterruptEvent *iEvent, u32 interruptID, u32 coreID, s32 priority, bool willBeMasked, bool isLevelHighActive);
+InterruptManager_mapInterrupt: .ascii "bind"
+
+_vtable: .word executeCustomHandler
+interruptEvent: .word _vtable
+
+parameters:
+customHandler: .ascii "hdlr"
+interruptManager: .word 0
+L2MMUTable: .word 0
+funcs: .word 0,0,0
+TTBCR: .word 0
+L1MMUTableAddrs: .word 0,0,0,0
+kernelVersion: .word 0
+CFWInfo: .word 0,0,0,0
+
+.close
--- a/patches/k11modules.s
+++ b/patches/k11modules.s
@@ -1,105 +0,0 @@
-;
-;   This file is part of Luma3DS
-;   Copyright (C) 2016 Aurora Wright, TuxSH
-;
-;   This program is free software: you can redistribute it and/or modify
-;   it under the terms of the GNU General Public License as published by
-;   the Free Software Foundation, either version 3 of the License, or
-;   (at your option) any later version.
-;
-;   This program is distributed in the hope that it will be useful,
-;   but WITHOUT ANY WARRANTY; without even the implied warranty of
-;   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-;   GNU General Public License for more details.
-;
-;   You should have received a copy of the GNU General Public License
-;   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-;
-;   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
-;   reasonable legal notices or author attributions in that material or in the Appropriate Legal
-;   Notices displayed by works containing it.
-;
-
-; Code originally from Subv
-
-.arm.little
-
-.create "build/k11modules.bin", 0
-.arm
-    ; This code searches the sm module for a specific byte pattern and patches some of the instructions
-    ; in the code to disable service access checks when calling srv:GetServiceHandle
-
-    ; It also searches the fs module for archive access check code
-
-    ; Save the registers we'll be using
-    ; Register contents:
-    ; r4: Pointer to a pointer to the exheader of the current NCCH
-    ; r6: Constant 0
-    ; SP + 4: Pointer to the memory location where the NCCH text was loaded
-
-    ; Execute the instruction we overwrote in our detour
-    ldr r0, [r4]
-
-    ; Save the value of the register we use
-    push {r0-r4}
-
-    ldr r1, [sp, #24]    ; Load the .text address
-    ldr r2, [r0, #0x200] ; Load the low title id of the current NCCH
-    ldr r0, [r0, #0x18]  ; Load the size of the .text
-    add r0, r1, r0       ; Max bounds of the memory region
-
-    ldr r3, =0x1002 ; Low title id of the sm module
-    cmp r2, r3 ; Compare the low title id to the id of the sm module
-    bne fs_patch ; Skip if they're not the same
-
-    ldr r2, =0xE1A01006 ; mov r1, r6
-
-    loop:
-        cmp r0, r1
-        blo die ; Check if we didn't go past the bounds of the memory region
-        ldr r3, [r1]
-        cmp r3, r2
-        ldreqh r3, [r1, #4]
-        cmpeq r3, #5
-        addne r1, #4
-        bne loop
-
-    ; r1 now contains the start address of the pattern we found
-    ldr r0, =0xE3A00001 ; mov r0, #1
-    str r0, [r1, #8] ; Patch the bl
-    b out
-
-    fs_patch: ; patch adapted from BootNTR
-        ldr r3, =0x1102 ; Low title id of the fs module
-        cmp r2, r3 ; Compare the low title id to the id of the sm module
-        bne out ; Skip if they're not the same
-
-        ldr r2, =0x7401 ; strb r1, [r0, #16]
-        ldr r3, =0x2000 ; movs r0, #0
-
-        loop_fs:
-            cmp r0, r1
-            blo die
-            ldrh r4, [r1]
-            cmp r4, r2
-            ldreqh r4, [r1, #2]
-            cmpeq r4, r3
-            addeq r1, #8
-            addne r1, #2
-            bne loop_fs
-
-        ; r1 now contains the start address of the pattern we found
-        ldr r0, =0x2001 ; mov r0, #1
-        ldr r2, =0x4770 ; bx lr
-        strh r0, [r1]
-        strh r2, [r1, #2]
-
-    out:
-        pop {r0-r4} ; Restore the registers we used
-        bx lr ; Jump back to whoever called us
-
-    die:
-        b die
-
-.pool
-.close
--- a/patches/mmuHook.s
+++ b/patches/mmuHook.s
@@ -0,0 +1,36 @@
+.arm.little
+
+.create "build/mmuHook.bin", 0
+.arm
+    ; r2 = L1 table
+    ; Thanks @Dazzozo for giving me that idea
+    ; Maps physmem so that, if addr is in physmem(0, 0x30000000), it can be accessed uncached&rwx as addr|(1<<31)
+    ; Save the value of all registers
+
+    push {r0-r1, r3-r7}
+    mov r0, #0
+    mov r1, #0x30000000 ; end address
+    ldr r3, =#0x40C02   ; supersection (rwx for all) of strongly ordered memory, shared
+    loop:
+        orr r4, r0, #0x80000000
+        orr r5, r0, r3
+
+        mov r6, #0 ;
+        loop2:
+            add r7, r6, r4,lsr #20
+            str r5, [r2, r7,lsl #2]
+            add r6, #1
+            cmp r6, #16
+            blo loop2
+
+        add r0, #0x01000000
+        cmp r0, r1
+        blo loop
+    pop {r0-r1, r3-r7}
+
+    mov r3, #0xe0000000 ; instruction that has been patched
+    bx lr
+
+
+.pool
+.close
--- a/patches/reboot.s
+++ b/patches/reboot.s
@@ -120,7 +120,7 @@ fname: .ascii "FILE"
    orr r0, #0xC0
    msr cpsr, r0

-    ldr sp, =0x27FFDF00
+    ldr sp, =copy_launch_stub_stack_top

    ldr r0, =copy_launch_stub_addr
    adr r1, copy_launch_stub
--- a/patches/svcConnectToPortInitHook.s
+++ b/patches/svcConnectToPortInitHook.s
@@ -0,0 +1,43 @@
+.arm.little
+
+.create "build/svcConnectToPortInitHook.bin", 0
+.arm
+    push {r0-r4, lr}
+    adr r0, jumpAddress
+    bl convertVAToPA
+    orr r4, r0, #(1 << 31)
+
+    loop:
+        ldr r12, [r4]
+        cmp r12, #0
+        bne loop_end
+        ldr r12, [SleepThread]
+        ldr r0, =(10 * 1000 * 1000)
+        mov r1, #0
+        blx r12
+        b loop
+
+    loop_end:
+    pop {r0-r4, lr}
+    bx r12
+
+convertVAToPA:
+    mov r1, #0x1000
+    sub r1, #1
+    and r2, r0, r1
+    bic r0, r1
+    mcr p15, 0, r0, c7, c8, 0    ; VA to PA translation with privileged read permission check
+    mrc p15, 0, r0, c7, c4, 0    ; read PA register
+    tst r0, #1                   ; failure bit
+    bic r0, r1
+    addeq r0, r2
+    movne r0, #0
+    bx lr
+
+.pool
+_base: .ascii "base"
+jumpAddressOrig: .ascii "orig"
+SleepThread: .ascii "SlpT"
+jumpAddress: .word 0
+
+.close
--- a/patches/svcCustomBackdoor.s
+++ b/patches/svcCustomBackdoor.s
@@ -0,0 +1,20 @@
+.arm.little
+
+.create "build/svcCustomBackdoor.bin", 0
+.arm
+
+; Result svcCustomBackdoor(void *func, ... <up to 3 args>)
+svcCustomBackdoor:
+    b skip_orig
+orig: .word 0
+skip_orig:
+    push {r4, lr}
+    mov r4, r0
+    mov r0, r1
+    mov r1, r2
+    mov r2, r3
+    blx r4
+    pop {r4, pc}
+
+.pool
+.close
--- a/patches/svcGetCFWInfo.s
+++ b/patches/svcGetCFWInfo.s
@@ -1,48 +0,0 @@
-;
-;   This file is part of Luma3DS
-;   Copyright (C) 2016 Aurora Wright, TuxSH
-;
-;   This program is free software: you can redistribute it and/or modify
-;   it under the terms of the GNU General Public License as published by
-;   the Free Software Foundation, either version 3 of the License, or
-;   (at your option) any later version.
-;
-;   This program is distributed in the hope that it will be useful,
-;   but WITHOUT ANY WARRANTY; without even the implied warranty of
-;   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-;   GNU General Public License for more details.
-;
-;   You should have received a copy of the GNU General Public License
-;   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-;
-;   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
-;   reasonable legal notices or author attributions in that material or in the Appropriate Legal
-;   Notices displayed by works containing it.
-;
-
-.arm.little
-
-.create "build/svcGetCFWInfo.bin", 0
-.arm
-
-    adr r1, infoStart
-    add r2, r0, #(infoEnd - infoStart)
-
-    loop:
-        ldrb r3, [r1], #1
-        strbt r3, [r0], #1
-        cmp r0, r2
-        blo loop
-
-    mov r0, #0
-
-    bx lr
-
-.pool
-infoStart:
-    .ascii "LUMA"   ; magic
-    .word 0         ; version
-    .word 0         ; truncated commit hash
-    .word 0         ; config
-infoEnd:
-.close