Implement on-the-fly patching of TwlBg
(and port the patches from https://github.com/ahezard/twl_firm_patcher; big thanks to ahezard and people mentioned in this page; also to Subv for the original patching idea (for NATIVE_FIRM))
This commit is contained in:
TuxSH
@@ -260,6 +260,7 @@ static inline u32 loadFirm(FirmwareType firmType)
|
||||
static inline void patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32 emuHeader, bool isA9lh)
|
||||
{
|
||||
u8 *arm9Section = (u8 *)firm + section[2].offset;
|
||||
u8 *arm11Section1 = (u8 *)firm + section[1].offset;
|
||||
|
||||
if(isN3DS)
|
||||
{
|
||||
@@ -299,10 +300,10 @@ static inline void patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32
|
||||
patchTitleInstallMinVersionCheck(process9Offset, process9Size);
|
||||
|
||||
//Restore svcBackdoor
|
||||
reimplementSvcBackdoor((u8 *)firm + section[1].offset, section[1].size);
|
||||
reimplementSvcBackdoor(arm11Section1, section[1].size);
|
||||
}
|
||||
|
||||
implementSvcGetCFWInfo((u8 *)firm + section[1].offset, section[1].size);
|
||||
implementSvcGetCFWInfo(arm11Section1, section[1].size);
|
||||
}
|
||||
|
||||
static inline void patchLegacyFirm(FirmwareType firmType)
|
||||
@@ -315,6 +316,9 @@ static inline void patchLegacyFirm(FirmwareType firmType)
|
||||
}
|
||||
|
||||
applyLegacyFirmPatches((u8 *)firm, firmType);
|
||||
|
||||
if(firmType == TWL_FIRM)
|
||||
patchTwlBg((u8 *)firm + section[1].offset);
|
||||
}
|
||||
|
||||
static inline void patchSafeFirm(void)
|
||||
|
||||
@@ -24,11 +24,6 @@
|
||||
|
||||
#include "types.h"
|
||||
|
||||
#define PDN_MPCORE_CFG (*(vu32 *)0x10140FFC)
|
||||
#define PDN_SPI_CNT (*(vu32 *)0x101401C0)
|
||||
#define CFG_BOOTENV (*(vu32 *)0x10010000)
|
||||
#define CFG_UNITINFO (*(vu8 *)0x10010010)
|
||||
|
||||
//FIRM Header layout
|
||||
typedef struct firmSectionHeader {
|
||||
u32 offset;
|
||||
|
||||
@@ -25,6 +25,7 @@
|
||||
#include "config.h"
|
||||
#include "../build/rebootpatch.h"
|
||||
#include "../build/svcGetCFWInfopatch.h"
|
||||
#include "../build/twl_k11modulespatch.h"
|
||||
|
||||
static u32 *arm11ExceptionsPage = NULL;
|
||||
static u32 *arm11SvcTable = NULL;
|
||||
@@ -260,4 +261,22 @@ void applyLegacyFirmPatches(u8 *pos, FirmwareType firmType)
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void patchTwlBg(u8 *pos)
|
||||
{
|
||||
u8 *dst = pos + ((isN3DS) ? 0xFEA4 : 0xFCA0);
|
||||
u16 *src1 = (u16 *)(pos + ((isN3DS) ? 0xE38 : 0xE3C)), *src2 = (u16 *)(pos + ((isN3DS) ? 0xE54 : 0xE58));
|
||||
memcpy(dst, twl_k11modules, twl_k11modules_size); //install k11 hook
|
||||
|
||||
u32 *off;
|
||||
for(off = (u32 *)dst; *off != 0xABCDABCD; off++);
|
||||
*off = (isN3DS) ? 0xCDE88 : 0xCD5F8; //dev SRL launcher offset
|
||||
|
||||
//Construct BLX instructions:
|
||||
src1[0] = 0xF000 | ((((u32)dst - (u32)src1 - 4) & (0xFFF << 11)) >> 12);
|
||||
src1[1] = 0xE800 | ((((u32)dst - (u32)src1 - 4) & 0xFFF) >> 1);
|
||||
|
||||
src2[0] = 0xF000 | ((((u32)dst - (u32)src2 - 4) & (0xFFF << 11)) >> 12);
|
||||
src2[1] = 0xE800 | ((((u32)dst - (u32)src2 - 4) & 0xFFF) >> 1);
|
||||
}
|
||||
@@ -43,4 +43,5 @@ void patchFirmWrites(u8 *pos, u32 size);
|
||||
void patchFirmWriteSafe(u8 *pos, u32 size);
|
||||
void reimplementSvcBackdoor(u8 *pos, u32 size);
|
||||
void implementSvcGetCFWInfo(u8 *pos, u32 size);
|
||||
void applyLegacyFirmPatches(u8 *pos, FirmwareType firmType);
|
||||
void applyLegacyFirmPatches(u8 *pos, FirmwareType firmType);
|
||||
void patchTwlBg(u8 *pos);
|
||||
@@ -26,6 +26,11 @@
|
||||
#include <stdlib.h>
|
||||
#include <stdbool.h>
|
||||
|
||||
#define PDN_MPCORE_CFG (*(vu32 *)0x10140FFC)
|
||||
#define PDN_SPI_CNT (*(vu32 *)0x101401C0)
|
||||
#define CFG_BOOTENV (*(vu32 *)0x10010000)
|
||||
#define CFG_UNITINFO (*(vu8 *)0x10010010)
|
||||
|
||||
//Common data types
|
||||
typedef uint8_t u8;
|
||||
typedef uint16_t u16;
|
||||
|
||||
Reference in New Issue
Block a user