10.2 firmlaunch + emunand partition bug fix

2016-01-18 15:24:12 -05:00 · 2016-01-18 15:24:12 -05:00 · 2465cb0fa9
commit 2465cb0fa9
parent c01a06711b
9 changed files with 39 additions and 59 deletions
--- a/emunand/emuCode.s
+++ b/emunand/emuCode.s
@ -1,9 +1,9 @@
 .nds
-sdmmc equ 0x080D86F0
+sdmmc equ 0x080F0AB0
-.create "emunand.bin", 0x0801A4C0
+.create "emunand.bin", 0x0801A5C0
-.org 0x0801A4C0
+.org 0x0801A5C0
 .arm
 nand_sd:
    ; Original code that still needs to be executed.
--- a/source/crypto.c
+++ b/source/crypto.c
@ -387,12 +387,12 @@ void arm9loader(void *armHdr){
    aes((void *)(armHdr+0x800), (void *)(armHdr+0x800), size/AES_BLOCK_SIZE, CTR, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
    //Set keys 0x19..0x1F keyXs
-    u8* decKey = (void *)((uintptr_t)armHdr+0x8A824);
+    u8* decKey = (void *)((uintptr_t)armHdr+0x89824);
    aes_use_keyslot(0x11);
    for(slot = 0x19; slot < 0x20; slot++) {
        aes_setkey(0x11, (u8*)key2, AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
-        aes(decKey, (void *)((uintptr_t)armHdr+0x8A814), 1, NULL, AES_ECB_DECRYPT_MODE, 0);
+        aes(decKey, (void *)((uintptr_t)armHdr+0x89814), 1, NULL, AES_ECB_DECRYPT_MODE, 0);
        aes_setkey(slot, (u8*)decKey, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
-        *(u8 *)((void *)((uintptr_t)armHdr+0x8A814+0xF)) += 1;
+        *(u8 *)((void *)((uintptr_t)armHdr+0x89814+0xF)) += 1;
    }
 }
--- a/source/emunand.c
+++ b/source/emunand.c
@ -8,34 +8,14 @@
 #include "fatfs/ff.h"
 #include "fatfs/sdmmc/sdmmc.h"
-typedef struct emunand {
+static u8 *temp = (u8*)0x24300000;
    u32 offset;
    u32 header;
    const char* name;
 } emunand;
-emunand emunands[] = {
+void getEmunand(u32 *off, u32 *head){
-        {.offset = 1, .header = 1, .name = "redNAND"},
+    u32 nandSize = getMMCDevice(0)->total_size;
-        {.offset = 0, .header = 0x1D7800, .name = "Toshiba GW/MT"},
+    if (sdmmc_sdcard_readsectors(nandSize, 1, temp) == 0) {
-        {.offset = 0, .header = 0x1DD000, .name = "Samsung GW/MT"},
+        if (*(u32*)(temp + 0x100) == NCSD_MAGIC) {
-        {.offset = 0, .header = 0x26C000, .name = "Samsung N3DS GW"},
+            *off = 0;
-        {.offset = 0, .header = 0x3B0000, .name = "Unknown N3DS GW"},
+            *head = nandSize;
        {.offset = 0, .header = 0, .name = 0},
 };
 static u8 *temp = (u8 *)0x24300000;
 u8 getEmunand(u32 *off, u32 *head){
    u8 ret = 0;
    for(int i = 0; emunands[i].name; i++){
        if (sdmmc_sdcard_readsectors(emunands[i].header, 1, temp) == 0) {
            if (*(u32 *)(temp + 0x100) == NCSD_MAGIC) {
                *off = (u32)&emunands[i].offset;
                *head = (u32)&emunands[i].header;
                ret = 1;
                break;
            }
        }
    }
    return ret;
 }
--- a/source/emunand.h
+++ b/source/emunand.h
@ -11,6 +11,6 @@
 #define NCSD_MAGIC (0x4453434E)
-u8 getEmunand(u32 *off, u32 *head);
+void getEmunand(u32 *off, u32 *head);
 #endif
--- a/source/firm.c
+++ b/source/firm.c
@ -12,7 +12,6 @@
 #include "crypto.h"
 const firmHeader *firmLocation = (firmHeader *)0x24000000;
 const u32 firmSize = 0xF3000;
 firmSectionHeader *section;
 u32 emuOffset = 0;
 u32 emuHeader = 0;
@ -20,7 +19,7 @@ u32 emuHeader = 0;
 //Load firm into FCRAM
 void loadFirm(void){
    //Read FIRM from SD card and write to FCRAM
-    fileRead((u8*)firmLocation, "/rei/firmware.bin", firmSize);
+    fileRead((u8*)firmLocation, "/rei/firmware.bin", 0);
    section = firmLocation->section;
    arm9loader((u8*)firmLocation + section[2].offset);
 }
@ -33,11 +32,12 @@ void loadEmu(void){
    fileRead(code, "/rei/emunand/emunand.bin", 0);
    u32 *pos_offset = memsearch(code, "NAND", 0x218, 4);
    u32 *pos_header = memsearch(code, "NCSD", 0x218, 4);
    getEmunand(&emuOffset, &emuHeader);
    if (pos_offset && pos_header) {
        *pos_offset = emuOffset;
        *pos_header = emuHeader;
    }
-    
+
    //Add emunand hooks
    memcpy((u8*)emuHook(1), nandRedir, sizeof(nandRedir));
    memcpy((u8*)emuHook(2), nandRedir, sizeof(nandRedir));
@ -48,7 +48,7 @@ void patchFirm(){
    //Part1: Set MPU for payload area
    memcpy((u8*)mpuCode(), mpu, sizeof(mpu));
-    
+
    //Part2: Disable signature checks
    memcpy((u8*)sigPatch(1), sigPat1, sizeof(sigPat1));
    memcpy((u8*)sigPatch(2), sigPat2, sizeof(sigPat2));
--- a/source/patches.c
+++ b/source/patches.c
@ -8,8 +8,8 @@
 #define FIRM 0x24000000
-#define KERNEL9 (FIRM + 0x68000)
+#define KERNEL9 (FIRM + 0x68400)
-#define PROC9 (FIRM + 0x7ED00)
+#define PROC9 (FIRM + 0x7F100)
 #define K9_ADDR 0x08006000
 #define P9_ADDR 0x08028000
@ -27,7 +27,7 @@ u8 mpu[0x2C] = {    //MPU shit
    0x01, 0x01, 0x01, 0x01, 0x03, 0x06, 0x1C, 0x00, 0x00, 0x00, 0x02, 0x08
    };
-u8 nandRedir[0x08] = {0x00, 0x4C, 0xA0, 0x47, 0xC0, 0xA4, 0x01, 0x08};    //Branch to emunand function
+u8 nandRedir[0x08] = {0x00, 0x4C, 0xA0, 0x47, 0xC0, 0xA5, 0x01, 0x08};    //Branch to emunand function
 /*
 *   Sig checks
@ -38,8 +38,8 @@ u8 sigPat2[4] = {0x00, 0x20, 0x70, 0x47};
 /*
 *   Arm9 thread
 */
-u8 th1[4] = {0x2C, 0xF0, 0x9F, 0xE5};   //ldr pc, =0x0801A6E0
+u8 th1[4] = {0x2C, 0xF0, 0x9F, 0xE5};   //ldr pc, =0x0801A7E0
-u8 th2[4] = {0xE0, 0xA6, 0x01, 0x08};   //0x0801A6E0
+u8 th2[4] = {0xE0, 0xA7, 0x01, 0x08};   //0x0801A7E0
@ -49,12 +49,12 @@ u8 th2[4] = {0xE0, 0xA6, 0x01, 0x08};   //0x0801A6E0
 //Where the emunand code is stored in firm
 u32 emuCode(void){
-    return KERNEL9 + (0x0801A4C0 - K9_ADDR);
+    return KERNEL9 + (0x0801A5C0 - K9_ADDR);
 }
 //Where thread code is stored in firm
 u32 threadCode(void){
-    return KERNEL9 + (0x0801A6E0 - K9_ADDR);
+    return KERNEL9 + (0x0801A7E0 - K9_ADDR);
 }
 //Area of MPU setting code
@ -65,20 +65,20 @@ u32 mpuCode(void){
 //Offsets to redirect to thread code
 u32 threadHook(u8 val){
    return val == 1 ? 
-            PROC9 + (0x08086140 - P9_ADDR): 
+            PROC9 + (0x08085198 - P9_ADDR): 
-            PROC9 + (0x08086174 - P9_ADDR);
+            PROC9 + (0x080851CC - P9_ADDR);
 }
 //Offsets to redirect to Emunand code
 u32 emuHook(u8 val){ //latest only
    return val == 1 ? 
-            PROC9 + (0x0807882C - P9_ADDR): 
+            PROC9 + (0x08077B40 - P9_ADDR): 
-            PROC9 + (0x0807886C - P9_ADDR);
+            PROC9 + (0x08077B80 - P9_ADDR);
 }
 //Offsets to redirect to thread code
 u32 sigPatch(u8 val){
    return val == 1 ?
-            PROC9 + (0x080632B8 - P9_ADDR) :
+            PROC9 + (0x08062B08 - P9_ADDR) :
-            PROC9 + (0x0805D628 - P9_ADDR);
+            PROC9 + (0x0805C31C - P9_ADDR);
 }
--- a/thread/3ds.ld
+++ b/thread/3ds.ld
@ -6,7 +6,7 @@ ENTRY(_start)
 SECTIONS
 {
-  . = 0x0801A6E0;
+  . = 0x0801A7E0;
  start_addr = .;
  .text.start : { *(.text.start) }
  .text       : { *(.text) *(.text*) }
--- a/thread/source/FS.s
+++ b/thread/source/FS.s
@ -11,7 +11,7 @@
 .type fopen9, %function
 	fopen9:
 		push {r0-r6, lr}
-		ldr r4, =0x0805B181
+		ldr r4, =0x08059D0D
 		blx r4
 		pop {r0-r6, pc}
 .pool
@ -21,7 +21,7 @@
 .type fwrite9, %function
 	fwrite9:
 		push {r4, lr}
-		ldr r4, =0x0805C4D1
+		ldr r4, =0x0805B20D
 		blx r4
 		pop {r4, pc}
 .pool
@ -31,7 +31,7 @@
 .type fread9, %function
 	fread9:
 		push {r4, lr}
-		ldr r4, =0x0804D855
+		ldr r4, =0x0804CC15
 		blx r4
 		pop {r4, pc}
 .pool
@ -41,7 +41,7 @@
 .type fclose9, %function
 	fclose9:
 		push {r4, lr}
-		ldr r4, =0x08053CF9
+		ldr r4, =0x08052DA1
 		blx r4
 		pop {r4, pc}
 .pool
@ -51,7 +51,7 @@
 .type fsize9, %function
    fsize9:
        push {r4, lr}
-        ldr r4, =0x0805C2CD
+        ldr r4, =0x0805B0E9
        blx r4
        pop {r4, pc}
 .pool
--- a/thread/source/_start.s
+++ b/thread/source/_start.s
@ -16,5 +16,5 @@ _start:
 	ldr r4, =0x1
 	svc 0x8
 	pop {r0-r12 , lr}
-	ldr r0, =0x80CB028
+	ldr r0, =0x80E3408
-	ldr pc, =0x08086144
+	ldr pc, =0x0808519C