From 60c4956290043f5afac18b3f16e8cbfb15df790e Mon Sep 17 00:00:00 2001 From: Aurora Date: Fri, 26 Aug 2016 18:44:39 +0200 Subject: [PATCH 1/2] Fix wrong bootconfig being picked up by 3ds_injector, cleanup --- injector/source/patcher.c | 30 +++++---------------- injector/source/patcher.h | 19 +++++++++++++ source/config.c | 10 +------ source/config.h | 2 +- source/draw.c | 2 +- source/firm.c | 56 +++++++++++++++++---------------------- source/firm.h | 2 +- source/patches.c | 18 +------------ source/patches.h | 15 +++++++++++ 9 files changed, 69 insertions(+), 85 deletions(-) diff --git a/injector/source/patcher.c b/injector/source/patcher.c index a2e63c3..1039747 100644 --- a/injector/source/patcher.c +++ b/injector/source/patcher.c @@ -3,28 +3,7 @@ #include "patcher.h" #include "ifile.h" -typedef struct __attribute__((packed)) -{ - char magic[4]; - - u8 versionMajor; - u8 versionMinor; - u8 versionBuild; - u8 flags; /* bit 0: dev branch; bit 1: is release */ - - u32 commitHash; - - u32 config; -} CFWInfo; - -CFWInfo info = {0}; - -#ifndef PATH_MAX -#define PATH_MAX 255 -#define CONFIG(a) (((info.config >> (a + 16)) & 1) != 0) -#define MULTICONFIG(a) ((info.config >> (a * 2 + 6)) & 3) -#define BOOTCONFIG(a, b) ((info.config >> a) & b) -#endif +static CFWInfo info = {0}; static int memcmp(const void *buf1, const void *buf2, u32 size) { @@ -114,6 +93,7 @@ int __attribute__((naked)) svcGetCFWInfo(CFWInfo __attribute__((unused)) *out) static void loadCFWInfo(void) { static bool infoLoaded = false; + if(!infoLoaded) { svcGetCFWInfo(&info); @@ -122,8 +102,9 @@ static void loadCFWInfo(void) { IFile_Close(&file); } + + infoLoaded = true; } - infoLoaded = true; } static bool secureInfoExists(void) @@ -338,6 +319,7 @@ static void patchCfgGetRegion(u8 *code, u32 size, u8 regionId, u32 CFGUHandleOff void patchCode(u64 progId, u8 *code, u32 size) { loadCFWInfo(); + switch(progId) { case 0x0004003000008F02LL: // USA Menu @@ -592,4 +574,4 @@ void patchCode(u64 progId, u8 *code, u32 size) break; } -} +} \ No newline at end of file diff --git a/injector/source/patcher.h b/injector/source/patcher.h index 4bb48ea..4c4a356 100644 --- a/injector/source/patcher.h +++ b/injector/source/patcher.h @@ -2,4 +2,23 @@ #include <3ds/types.h> +#define PATH_MAX 255 +#define CONFIG(a) (((info.config >> (a + 16)) & 1) != 0) +#define MULTICONFIG(a) ((info.config >> (a * 2 + 6)) & 3) +#define BOOTCONFIG(a, b) ((info.config >> a) & b) + +typedef struct __attribute__((packed)) +{ + char magic[4]; + + u8 versionMajor; + u8 versionMinor; + u8 versionBuild; + u8 flags; /* bit 0: dev branch; bit 1: is release */ + + u32 commitHash; + + u32 config; +} CFWInfo; + void patchCode(u64 progId, u8 *code, u32 size); \ No newline at end of file diff --git a/source/config.c b/source/config.c index 9a1af2b..48726cb 100644 --- a/source/config.c +++ b/source/config.c @@ -24,10 +24,9 @@ #include "utils.h" #include "screen.h" #include "draw.h" -#include "fs.h" #include "buttons.h" -void configureCFW(const char *configPath) +void configureCFW(void) { initScreens(); @@ -193,13 +192,6 @@ void configureCFW(const char *configPath) for(u32 i = 0; i < singleOptionsAmount; i++) config |= (singleOptions[i].enabled ? 1 : 0) << (i + 16); - if(!fileWrite(&config, configPath, 4)) - { - createDirectory("luma"); - if(!fileWrite(&config, configPath, 4)) - error("Error writing the configuration file"); - } - //Wait for the pressed buttons to change while(HID_PAD == BUTTON_START); } \ No newline at end of file diff --git a/source/config.h b/source/config.h index 40e350a..95fa0c6 100644 --- a/source/config.h +++ b/source/config.h @@ -30,4 +30,4 @@ extern u32 config; -void configureCFW(const char *configPath); \ No newline at end of file +void configureCFW(void); \ No newline at end of file diff --git a/source/draw.c b/source/draw.c index e715554..a6a99f5 100644 --- a/source/draw.c +++ b/source/draw.c @@ -98,4 +98,4 @@ int drawString(const char *string, int posX, int posY, u32 color) } return posY; -} +} \ No newline at end of file diff --git a/source/firm.c b/source/firm.c index 1631f1e..f8edea0 100755 --- a/source/firm.c +++ b/source/firm.c @@ -100,7 +100,7 @@ void main(void) //Determine if the user chose to use the SysNAND FIRM as default for a R boot bool useSysAsDefault = isA9lh ? CONFIG(1) : false; - newConfig = (u32)isA9lh << 3; + newConfig = (config & 0xFFFFFFC0) | ((u32)isA9lh << 3); //If it's a MCU reboot, try to force boot options if(isA9lh && CFG_BOOTENV) @@ -141,7 +141,7 @@ void main(void) if(shouldLoadConfigurationMenu) { - configureCFW(configPath); + configureCFW(); if(!pinExists && CONFIG(7)) newPin(); @@ -207,13 +207,17 @@ void main(void) /* If the boot configuration is different from previously, overwrite it. Just the no-forcing flag being set is not enough */ - if((newConfig & 0x2F) != (config & 0x3F)) + if((newConfig & 0xFFFFFFEF) != config) { - //Preserve user settings (last 26 bits) - newConfig |= config & 0xFFFFFFC0; + //Update the last boot configuration + config |= newConfig & 0x3F; - if(!fileWrite(&newConfig, configPath, 4)) - error("Error writing the configuration file"); + if(!fileWrite(&config, configPath, 4)) + { + createDirectory("luma"); + if(!fileWrite(&config, configPath, 4)) + error("Error writing the configuration file"); + } } } @@ -335,56 +339,44 @@ static inline void patchSafeFirm(void) else patchFirmWriteSafe(arm9Section, section[2].size); } -static inline void copySection0AndInjectSystemModules(FirmwareType firmType) +static inline void copySection0AndInjectSystemModules(void) { u8 *arm11Section0 = (u8 *)firm + section[0].offset; struct { u32 size; - char name[8]; const u8 *addr; - } modules[5] = {{0}}; + } modules[5]; - u8 *pos = arm11Section0, *end = pos + section[0].size; - u32 n = 0; + u32 n = 0, + loaderIndex; + u8 *pos = arm11Section0; - u32 loaderIndex = 0; - - while(pos < end) + for(u8 *end = pos + section[0].size; pos < end; pos += modules[n++].size) { modules[n].addr = pos; modules[n].size = *(u32 *)(pos + 0x104) * 0x200; - - memcpy(modules[n].name, pos + 0x200, 8); - pos += modules[n].size; - if(firmType == NATIVE_FIRM && memcmp(modules[n].name, "loader", 7) == 0) loaderIndex = n; - n++; + if(memcmp(modules[n].addr + 0x200, "loader", 7) == 0) loaderIndex = n; } - if(firmType == NATIVE_FIRM) - { - modules[loaderIndex].size = injector_size; - modules[loaderIndex].addr = injector; - } + modules[loaderIndex].addr = injector; + modules[loaderIndex].size = injector_size; pos = section[0].address; - for(u32 i = 0; i < n; i++) - { - memcpy(pos, modules[i].addr, modules[i].size); - pos += modules[i].size; - } + for(u32 i = 0; i < n; pos += modules[i++].size) + memcpy(pos, modules[i].addr, modules[i].size); } static inline void launchFirm(FirmwareType firmType) { //If we're booting NATIVE_FIRM, section0 needs to be copied separately to inject 3ds_injector u32 sectionNum; - if(firmType != SAFE_FIRM) + if(firmType == NATIVE_FIRM) { - copySection0AndInjectSystemModules(firmType); + copySection0AndInjectSystemModules(); sectionNum = 1; } else sectionNum = 0; diff --git a/source/firm.h b/source/firm.h index 84c74ed..2898a35 100644 --- a/source/firm.h +++ b/source/firm.h @@ -53,5 +53,5 @@ static inline u32 loadFirm(FirmwareType firmType); static inline void patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32 emuHeader, bool isA9lh); static inline void patchLegacyFirm(FirmwareType firmType); static inline void patchSafeFirm(void); -static inline void copySection0AndInjectSystemModules(FirmwareType firmType); +static inline void copySection0AndInjectSystemModules(void); static inline void launchFirm(FirmwareType firmType); \ No newline at end of file diff --git a/source/patches.c b/source/patches.c index e86f50f..cb8bad5 100644 --- a/source/patches.c +++ b/source/patches.c @@ -167,26 +167,10 @@ void reimplementSvcBackdoor(u8 *pos, u32 size) } } -extern u32 config; - void implementSvcGetCFWInfo(u8 *pos, u32 size) { - typedef struct __attribute__((packed)) - { - char magic[4]; - - u8 versionMajor; - u8 versionMinor; - u8 versionBuild; - u8 flags; - - u32 commitHash; - - u32 config; - } CFWInfo; - const char *rev = REVISION; - bool isRelease = false; + bool isRelease; findArm11ExceptionsPageAndSvcHandlerAndTable(pos, size); findFreeK11Space(pos, size); diff --git a/source/patches.h b/source/patches.h index e1f203d..5b162c4 100644 --- a/source/patches.h +++ b/source/patches.h @@ -33,7 +33,22 @@ typedef struct patchData { u32 type; } patchData; +typedef struct __attribute__((packed)) +{ + char magic[4]; + + u8 versionMajor; + u8 versionMinor; + u8 versionBuild; + u8 flags; + + u32 commitHash; + + u32 config; +} CFWInfo; + extern bool isN3DS; +extern u32 config; u8 *getProcess9(u8 *pos, u32 size, u32 *process9Size, u32 *process9MemAddr); void patchSignatureChecks(u8 *pos, u32 size); From 7afdc2b3b58b53a3902dd7bde5ba83197a9a7260 Mon Sep 17 00:00:00 2001 From: TuxSH Date: Fri, 26 Aug 2016 19:09:14 +0200 Subject: [PATCH 2/2] "Fix" the twlbg patches and make them optional --- patches/twl_k11modules.s | 2 +- source/config.c | 3 ++- source/firm.c | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/patches/twl_k11modules.s b/patches/twl_k11modules.s index dcda791..117888d 100644 --- a/patches/twl_k11modules.s +++ b/patches/twl_k11modules.s @@ -135,7 +135,7 @@ patchesStart: .halfword 1 .halfword 8 .byte 0x83, 0x30, 0x2e, 0xa4, 0xb0, 0xe2, 0xc2, 0xd6 ; (decrypted = 0x02, 0x01, 0x1a, 0xe3, 0x08, 0x60, 0x87, 0x05) - .byte 0x89, 0x53, 0xb2, 0xa4, 0xb0, 0xe2, 0xc2, 0xd6 ; (decrypted = 0x08, 0x62, 0x86, 0xe3, 0x08, 0x60, 0x87, 0xe5) + .byte 0x83, 0x50, 0xf2, 0xa4, 0xb0, 0xe2, 0xc2, 0xd6 ; (decrypted = 0x02, 0x61, 0xc6, 0xe3, 0x08, 0x60, 0x87, 0xe5) patchesEnd: diff --git a/source/config.c b/source/config.c index 48726cb..8c9c962 100644 --- a/source/config.c +++ b/source/config.c @@ -43,7 +43,8 @@ void configureCFW(void) "( ) Show current NAND in System Settings", "( ) Show GBA boot screen in patched AGB_FIRM", "( ) Display splash screen before payloads", - "( ) Use a PIN" }; + "( ) Use a PIN", + "( ) Enable experimental TwlBg patches" }; struct multiOption { int posXs[4]; diff --git a/source/firm.c b/source/firm.c index f8edea0..8d939f5 100755 --- a/source/firm.c +++ b/source/firm.c @@ -320,7 +320,7 @@ static inline void patchLegacyFirm(FirmwareType firmType) applyLegacyFirmPatches((u8 *)firm, firmType); - if(firmType == TWL_FIRM) + if(firmType == TWL_FIRM && CONFIG(8)) patchTwlBg((u8 *)firm + section[1].offset); }