Merged my changes
There you have it!
This commit is contained in:
Aurora
parent
7f2597fe2f
commit
42b39c9ab8
64
Makefile
64
Makefile
@ -20,7 +20,7 @@ dir_build := build
|
||||
dir_mset := CakeHax
|
||||
dir_out := out
|
||||
dir_emu := emunand
|
||||
dir_thread := thread
|
||||
dir_reboot := reboot
|
||||
dir_ninjhax := CakeBrah
|
||||
|
||||
ASFLAGS := -mlittle-endian -mcpu=arm946e-s -march=armv5te
|
||||
@ -33,16 +33,28 @@ objects_cfw = $(patsubst $(dir_source)/%.s, $(dir_build)/%.o, \
|
||||
|
||||
|
||||
.PHONY: all
|
||||
all: launcher emunand thread ninjhax
|
||||
all: launcher emunand emunando3ds reboot reboot2 rebootntr reboot2ntr ninjhax
|
||||
|
||||
.PHONY: launcher
|
||||
launcher: $(dir_out)/$(name).dat
|
||||
|
||||
.PHONY: emunand
|
||||
emunand: $(dir_out)/rei/emunand/emunand.bin
|
||||
emunand: $(dir_out)/rei-n3ds/emunand/emunand.bin
|
||||
|
||||
.PHONY: thread
|
||||
thread: $(dir_out)/rei/thread/arm9.bin
|
||||
.PHONY: emunando3ds
|
||||
emunand: $(dir_out)/rei-o3ds/emunand/emunand.bin
|
||||
|
||||
.PHONY: reboot
|
||||
reboot: $(dir_out)/rei-o3ds/reboot/reboot1.bin
|
||||
|
||||
.PHONY: reboot2
|
||||
reboot: $(dir_out)/rei-o3ds/reboot/reboot2.bin
|
||||
|
||||
.PHONY: rebootntr
|
||||
reboot: $(dir_out)/ntr-o3ds/reboot/reboot1.bin
|
||||
|
||||
.PHONY: reboot2ntr
|
||||
reboot: $(dir_out)/ntr-o3ds/reboot/reboot2.bin
|
||||
|
||||
.PHONY: ninjhax
|
||||
ninjhax: $(dir_out)/3ds/$(name)
|
||||
@ -54,7 +66,7 @@ clean:
|
||||
rm -rf $(dir_out) $(dir_build)
|
||||
|
||||
.PHONY: $(dir_out)/$(name).dat
|
||||
$(dir_out)/$(name).dat: $(dir_build)/main.bin $(dir_out)/rei/
|
||||
$(dir_out)/$(name).dat: $(dir_build)/main.bin $(dir_out)/rei-n3ds/ $(dir_out)/rei-o3ds/
|
||||
@$(MAKE) $(FLAGS) -C $(dir_mset) launcher
|
||||
dd if=$(dir_build)/main.bin of=$@ bs=512 seek=144
|
||||
|
||||
@ -64,19 +76,39 @@ $(dir_out)/3ds/$(name):
|
||||
@mv $(dir_out)/$(name).3dsx $@
|
||||
@mv $(dir_out)/$(name).smdh $@
|
||||
|
||||
$(dir_out)/rei/: $(dir_data)/firmware.bin $(dir_data)/splash.bin $(dir_data)/RAM.txt
|
||||
@mkdir -p "$(dir_out)/rei"
|
||||
@cp -av $(dir_data)/* $@
|
||||
$(dir_out)/rei-n3ds/: $(dir_data)/firmware.bin
|
||||
@mkdir -p "$(dir_out)/rei-n3ds"
|
||||
@cp -av $(dir_data)/firmware.bin $@
|
||||
|
||||
$(dir_out)/rei/thread/arm9.bin: $(dir_thread)
|
||||
@$(MAKE) $(FLAGS) -C $(dir_thread)
|
||||
@mkdir -p "$(dir_out)/rei/thread"
|
||||
@mv $(dir_thread)/arm9.bin $(dir_out)/rei/thread
|
||||
$(dir_out)/rei-o3ds/: $(dir_data)/firmwareo3ds.bin
|
||||
@mkdir -p "$(dir_out)/rei-o3ds"
|
||||
@cp -av $(dir_data)/firmwareo3ds.bin $(dir_out)/rei-o3ds/firmware.bin
|
||||
|
||||
$(dir_out)/rei/emunand/emunand.bin: $(dir_emu)/emuCode.s
|
||||
$(dir_out)/rei-n3ds/emunand/emunand.bin: $(dir_emu)/emuCode.s
|
||||
@armips $<
|
||||
@mkdir -p "$(dir_out)/rei/emunand"
|
||||
@mv emunand.bin $(dir_out)/rei/emunand
|
||||
@mkdir -p "$(dir_out)/rei-n3ds/emunand"
|
||||
@mv emunand.bin $(dir_out)/rei-n3ds/emunand
|
||||
|
||||
$(dir_out)/rei-o3ds/emunand/emunand.bin: $(dir_emu)/emuCodeo3ds.s
|
||||
@armips $<
|
||||
@mkdir -p "$(dir_out)/rei-o3ds/emunand"
|
||||
@mv emunand.bin $(dir_out)/rei-o3ds/emunand
|
||||
|
||||
$(dir_out)/rei-o3ds/reboot/reboot1.bin: $(dir_reboot)/rebootCode.s
|
||||
@armips $<
|
||||
@mkdir -p "$(dir_out)/rei-o3ds/reboot"
|
||||
@mv reboot1.bin $(dir_out)/rei-o3ds/reboot
|
||||
|
||||
$(dir_out)/rei-o3ds/reboot/reboot2.bin: $(dir_reboot)/rebootCode.s
|
||||
@mv reboot2.bin $(dir_out)/rei-o3ds/reboot
|
||||
|
||||
$(dir_out)/ntr-o3ds/reboot/reboot1.bin: $(dir_reboot)/rebootCodeNtr.s
|
||||
@armips $<
|
||||
@mkdir -p "$(dir_out)/ntr-o3ds/reboot"
|
||||
@mv reboot1.bin $(dir_out)/ntr-o3ds/reboot
|
||||
|
||||
$(dir_out)/ntr-o3ds/reboot/reboot2.bin: $(dir_reboot)/rebootCodeNtr.s
|
||||
@mv reboot2.bin $(dir_out)/ntr-o3ds/reboot
|
||||
|
||||
$(dir_build)/main.bin: $(dir_build)/main.elf
|
||||
$(OC) -S -O binary $< $@
|
||||
|
||||
@ -1 +0,0 @@
|
||||
536870912
|
||||
Binary file not shown.
BIN
data/splash.bin
BIN
data/splash.bin
Binary file not shown.
50
emunand/emuCodeo3ds.s
Normal file
50
emunand/emuCodeo3ds.s
Normal file
@ -0,0 +1,50 @@
|
||||
.nds
|
||||
|
||||
sdmmc equ 0x434D4453 ;dummy
|
||||
|
||||
.create "emunand.bin", 0x0801A4C0
|
||||
.org 0x0801A4C0
|
||||
.arm
|
||||
nand_sd:
|
||||
; Original code that still needs to be executed.
|
||||
mov r4, r0
|
||||
mov r5, r1
|
||||
mov r7, r2
|
||||
mov r6, r3
|
||||
; End.
|
||||
|
||||
; If we're already trying to access the SD, return.
|
||||
ldr r2, [r0, #4]
|
||||
ldr r1, =sdmmc
|
||||
cmp r2, r1
|
||||
beq nand_sd_ret
|
||||
|
||||
str r1, [r0, #4] ; Set object to be SD
|
||||
ldr r2, [r0, #8] ; Get sector to read
|
||||
cmp r2, #0 ; For GW compatibility, see if we're trying to read the ncsd header (sector 0)
|
||||
|
||||
ldr r3, =nand_offset
|
||||
ldr r3, [r3]
|
||||
add r2, r3 ; Add the offset to the NAND in the SD.
|
||||
|
||||
ldreq r3, =ncsd_header_offset
|
||||
ldreq r3, [r3]
|
||||
addeq r2, r3 ; If we're reading the ncsd header, add the offset of that sector.
|
||||
|
||||
str r2, [r0, #8] ; Store sector to read
|
||||
|
||||
nand_sd_ret:
|
||||
; Restore registers.
|
||||
mov r1, r5
|
||||
mov r2, r7
|
||||
mov r3, r6
|
||||
|
||||
; Return 4 bytes behind where we got called,
|
||||
; due to the offset of this function being stored there.
|
||||
mov r0, lr
|
||||
add r0, #4
|
||||
bx r0
|
||||
.pool
|
||||
nand_offset: .ascii "NAND" ; for rednand this should be 1
|
||||
ncsd_header_offset: .ascii "NCSD" ; depends on nand manufacturer + emunand type (GW/RED)
|
||||
.close
|
||||
159
reboot/rebootCode.s
Normal file
159
reboot/rebootCode.s
Normal file
@ -0,0 +1,159 @@
|
||||
.nds
|
||||
|
||||
firm_size equ 0x000EA000
|
||||
firm_addr equ 0x24000000
|
||||
fopen equ 0x08059D10
|
||||
fread equ 0x0804CC54
|
||||
pxi_wait_recv equ 0x08054134
|
||||
|
||||
.macro svc, num
|
||||
.if isArm()
|
||||
.word 0xEF000000 | num
|
||||
.else
|
||||
.if num > 0xFF
|
||||
.error "bitch you crazu"
|
||||
.endif
|
||||
.halfword 0xDF00 | num
|
||||
.endif
|
||||
.endmacro
|
||||
|
||||
.create "reboot1.bin", 0x080849DC
|
||||
.org 0x080849DC
|
||||
.arm
|
||||
patch005:
|
||||
ldr r0, =0x2000E000
|
||||
mov r1, #0x200
|
||||
mov r2, #0
|
||||
add r1, r1, r0
|
||||
@@memset_loop:
|
||||
str r2, [r0]
|
||||
add r0, r0, #4
|
||||
cmp r0, r1
|
||||
blt @@memset_loop
|
||||
ldr r0, =0x2000E000
|
||||
ldr r1, =firm_fname
|
||||
mov r2, #1
|
||||
blx fopen
|
||||
ldr r0, =0x2000E000
|
||||
ldr r1, =0x2000E100
|
||||
mov r2, #firm_addr
|
||||
mov r3, #firm_size
|
||||
blx fread
|
||||
|
||||
ldr r4, =0x44846
|
||||
blx pxi_wait_recv
|
||||
cmp r0, r4
|
||||
bne patch005
|
||||
mov r2, #0
|
||||
mov r3, r2
|
||||
mov r1, r2
|
||||
mov r0, r2
|
||||
svc 0x7C
|
||||
ldr r0, =0x80FF4FC
|
||||
svc 0x7B
|
||||
|
||||
@@inf_loop:
|
||||
b @@inf_loop
|
||||
.pool
|
||||
firm_fname:
|
||||
.close
|
||||
|
||||
.create "reboot2.bin", 0x080933CC
|
||||
.org 0x080933CC
|
||||
.arm
|
||||
stmfd sp!, {r4-r11,lr}
|
||||
sub sp, sp, #0x3C
|
||||
mrc p15, 0, r0, c2, c0, 0 ; dcacheable
|
||||
mrc p15, 0, r12, c2, c0, 1 ; icacheable
|
||||
mrc p15, 0, r1, c3, c0, 0 ; write bufferable
|
||||
mrc p15, 0, r2, c5, c0, 2 ; daccess
|
||||
mrc p15, 0, r3, c5, c0, 3 ; iaccess
|
||||
ldr r4, =0x18000035 ; 0x18000000 128M
|
||||
bic r2, r2, #0xF0000 ; unprotect region 4
|
||||
bic r3, r3, #0xF0000 ; unprotect region 4
|
||||
orr r0, r0, #0x10 ; dcacheable region 4
|
||||
orr r2, r2, #0x30000 ; region 4 r/w
|
||||
orr r3, r3, #0x30000 ; region 4 r/w
|
||||
orr r12, r12, #0x10 ; icacheable region 4
|
||||
orr r1, r1, #0x10 ; write bufferable region 4
|
||||
mcr p15, 0, r0, c2, c0, 0
|
||||
mcr p15, 0, r12, c2, c0, 1
|
||||
mcr p15, 0, r1, c3, c0, 0 ; write bufferable
|
||||
mcr p15, 0, r2, c5, c0, 2 ; daccess
|
||||
mcr p15, 0, r3, c5, c0, 3 ; iaccess
|
||||
mcr p15, 0, r4, c6, c4, 0 ; region 4 (hmmm)
|
||||
|
||||
mrc p15, 0, r0, c2, c0, 0 ; dcacheable
|
||||
mrc p15, 0, r1, c2, c0, 1 ; icacheable
|
||||
mrc p15, 0, r2, c3, c0, 0 ; write bufferable
|
||||
orr r0, r0, #0x20 ; dcacheable region 5
|
||||
orr r1, r1, #0x20 ; icacheable region 5
|
||||
orr r2, r2, #0x20 ; write bufferable region 5
|
||||
mcr p15, 0, r0, c2, c0, 0 ; dcacheable
|
||||
mcr p15, 0, r1, c2, c0, 1 ; icacheable
|
||||
mcr p15, 0, r2, c3, c0, 0 ; write bufferable
|
||||
|
||||
mov r4, #firm_addr
|
||||
add r3, r4, #0x40
|
||||
ldr r0, [r3] ; offset
|
||||
add r0, r0, r4 ; src
|
||||
ldr r1, [r3,#4] ; dst
|
||||
ldr r2, [r3,#8] ; size
|
||||
bl memcpy32
|
||||
add r3, r4, #0x70
|
||||
ldr r0, [r3]
|
||||
add r0, r0, r4 ; src
|
||||
ldr r1, [r3,#4] ; dst
|
||||
ldr r2, [r3,#8] ; size
|
||||
bl memcpy32
|
||||
add r3, r4, #0xA0
|
||||
ldr r0, [r3]
|
||||
add r0, r0, r4 ; src
|
||||
ldr r1, [r3,#4] ; dst
|
||||
ldr r2, [r3,#8] ; size
|
||||
bl memcpy32
|
||||
mov r2, #0
|
||||
mov r1, r2
|
||||
@flush_cache:
|
||||
mov r0, #0
|
||||
mov r3, r2, lsl#30
|
||||
@flush_cache_inner_loop:
|
||||
orr r12, r3, r0, lsl#5
|
||||
mcr p15, 0, r1, c7, c10, 4 ; drain write buffer
|
||||
mcr p15, 0, r12, c7, c14, 2 ; clean and flush dcache entry (index and segment)
|
||||
add r0, r0, #1
|
||||
cmp r0, #0x20
|
||||
bcc @flush_cache_inner_loop
|
||||
add r2, r2, #1
|
||||
cmp r2, #4
|
||||
bcc @flush_cache
|
||||
mcr p15, 0, r1, c7, c10, 4 ; drain write buffer
|
||||
@mpu_enable:
|
||||
ldr r0, =0x42078 ; alt vector select, enable itcm
|
||||
mcr p15, 0, r0, c1, c0, 0
|
||||
mcr p15, 0, r1, c7, c5, 0 ; flush dcache
|
||||
mcr p15, 0, r1, c7, c6, 0 ; flush icache
|
||||
mcr p15, 0, r1, c7, c10, 4 ; drain write buffer
|
||||
mov r0, #firm_addr
|
||||
mov r1, 0X1FFFFFFC
|
||||
ldr r2, [r0,#8] ; arm11 entry
|
||||
str r2, [r1]
|
||||
ldr r0, [r0,#0xC] ; arm9 entry
|
||||
add sp, sp, #0x3C
|
||||
ldmfd sp!, {r4-r11,lr}
|
||||
bx r0
|
||||
.pool
|
||||
memcpy32: ; memcpy32(void *src, void *dst, unsigned int size)
|
||||
mov r12, lr
|
||||
stmfd sp!, {r0-r4}
|
||||
add r2, r2, r0
|
||||
@memcpy_loop:
|
||||
ldr r3, [r0], #4
|
||||
str r3, [r1], #4
|
||||
cmp r0, r2
|
||||
blt @memcpy_loop
|
||||
ldmfd sp!, {r0-r4}
|
||||
mov lr, r12
|
||||
bx lr
|
||||
.pool
|
||||
.close
|
||||
159
reboot/rebootCodeNtr.s
Normal file
159
reboot/rebootCodeNtr.s
Normal file
@ -0,0 +1,159 @@
|
||||
.nds
|
||||
|
||||
firm_size equ 0x000EB000
|
||||
firm_addr equ 0x24000000
|
||||
fopen equ 0x0805B180
|
||||
fread equ 0x0804D9B0
|
||||
pxi_wait_recv equ 0x08055178
|
||||
|
||||
.macro svc, num
|
||||
.if isArm()
|
||||
.word 0xEF000000 | num
|
||||
.else
|
||||
.if num > 0xFF
|
||||
.error "bitch you crazu"
|
||||
.endif
|
||||
.halfword 0xDF00 | num
|
||||
.endif
|
||||
.endmacro
|
||||
|
||||
.create "reboot1.bin", 0x080859C8
|
||||
.org 0x080859C8
|
||||
.arm
|
||||
patch005:
|
||||
ldr r0, =0x2000E000
|
||||
mov r1, #0x200
|
||||
mov r2, #0
|
||||
add r1, r1, r0
|
||||
@@memset_loop:
|
||||
str r2, [r0]
|
||||
add r0, r0, #4
|
||||
cmp r0, r1
|
||||
blt @@memset_loop
|
||||
ldr r0, =0x2000E000
|
||||
ldr r1, =firm_fname
|
||||
mov r2, #1
|
||||
blx fopen
|
||||
ldr r0, =0x2000E000
|
||||
ldr r1, =0x2000E100
|
||||
mov r2, #firm_addr
|
||||
mov r3, #firm_size
|
||||
blx fread
|
||||
|
||||
ldr r4, =0x44846
|
||||
blx pxi_wait_recv
|
||||
cmp r0, r4
|
||||
bne patch005
|
||||
mov r2, #0
|
||||
mov r3, r2
|
||||
mov r1, r2
|
||||
mov r0, r2
|
||||
svc 0x7C
|
||||
ldr r0, =0x80FF4FC
|
||||
svc 0x7B
|
||||
|
||||
@@inf_loop:
|
||||
b @@inf_loop
|
||||
.pool
|
||||
firm_fname:
|
||||
.close
|
||||
|
||||
.create "reboot2.bin", 0x08094454
|
||||
.org 0x08094454
|
||||
.arm
|
||||
stmfd sp!, {r4-r11,lr}
|
||||
sub sp, sp, #0x3C
|
||||
mrc p15, 0, r0, c2, c0, 0 ; dcacheable
|
||||
mrc p15, 0, r12, c2, c0, 1 ; icacheable
|
||||
mrc p15, 0, r1, c3, c0, 0 ; write bufferable
|
||||
mrc p15, 0, r2, c5, c0, 2 ; daccess
|
||||
mrc p15, 0, r3, c5, c0, 3 ; iaccess
|
||||
ldr r4, =0x18000035 ; 0x18000000 128M
|
||||
bic r2, r2, #0xF0000 ; unprotect region 4
|
||||
bic r3, r3, #0xF0000 ; unprotect region 4
|
||||
orr r0, r0, #0x10 ; dcacheable region 4
|
||||
orr r2, r2, #0x30000 ; region 4 r/w
|
||||
orr r3, r3, #0x30000 ; region 4 r/w
|
||||
orr r12, r12, #0x10 ; icacheable region 4
|
||||
orr r1, r1, #0x10 ; write bufferable region 4
|
||||
mcr p15, 0, r0, c2, c0, 0
|
||||
mcr p15, 0, r12, c2, c0, 1
|
||||
mcr p15, 0, r1, c3, c0, 0 ; write bufferable
|
||||
mcr p15, 0, r2, c5, c0, 2 ; daccess
|
||||
mcr p15, 0, r3, c5, c0, 3 ; iaccess
|
||||
mcr p15, 0, r4, c6, c4, 0 ; region 4 (hmmm)
|
||||
|
||||
mrc p15, 0, r0, c2, c0, 0 ; dcacheable
|
||||
mrc p15, 0, r1, c2, c0, 1 ; icacheable
|
||||
mrc p15, 0, r2, c3, c0, 0 ; write bufferable
|
||||
orr r0, r0, #0x20 ; dcacheable region 5
|
||||
orr r1, r1, #0x20 ; icacheable region 5
|
||||
orr r2, r2, #0x20 ; write bufferable region 5
|
||||
mcr p15, 0, r0, c2, c0, 0 ; dcacheable
|
||||
mcr p15, 0, r1, c2, c0, 1 ; icacheable
|
||||
mcr p15, 0, r2, c3, c0, 0 ; write bufferable
|
||||
|
||||
mov r4, #firm_addr
|
||||
add r3, r4, #0x40
|
||||
ldr r0, [r3] ; offset
|
||||
add r0, r0, r4 ; src
|
||||
ldr r1, [r3,#4] ; dst
|
||||
ldr r2, [r3,#8] ; size
|
||||
bl memcpy32
|
||||
add r3, r4, #0x70
|
||||
ldr r0, [r3]
|
||||
add r0, r0, r4 ; src
|
||||
ldr r1, [r3,#4] ; dst
|
||||
ldr r2, [r3,#8] ; size
|
||||
bl memcpy32
|
||||
add r3, r4, #0xA0
|
||||
ldr r0, [r3]
|
||||
add r0, r0, r4 ; src
|
||||
ldr r1, [r3,#4] ; dst
|
||||
ldr r2, [r3,#8] ; size
|
||||
bl memcpy32
|
||||
mov r2, #0
|
||||
mov r1, r2
|
||||
@flush_cache:
|
||||
mov r0, #0
|
||||
mov r3, r2, lsl#30
|
||||
@flush_cache_inner_loop:
|
||||
orr r12, r3, r0, lsl#5
|
||||
mcr p15, 0, r1, c7, c10, 4 ; drain write buffer
|
||||
mcr p15, 0, r12, c7, c14, 2 ; clean and flush dcache entry (index and segment)
|
||||
add r0, r0, #1
|
||||
cmp r0, #0x20
|
||||
bcc @flush_cache_inner_loop
|
||||
add r2, r2, #1
|
||||
cmp r2, #4
|
||||
bcc @flush_cache
|
||||
mcr p15, 0, r1, c7, c10, 4 ; drain write buffer
|
||||
@mpu_enable:
|
||||
ldr r0, =0x42078 ; alt vector select, enable itcm
|
||||
mcr p15, 0, r0, c1, c0, 0
|
||||
mcr p15, 0, r1, c7, c5, 0 ; flush dcache
|
||||
mcr p15, 0, r1, c7, c6, 0 ; flush icache
|
||||
mcr p15, 0, r1, c7, c10, 4 ; drain write buffer
|
||||
mov r0, #firm_addr
|
||||
mov r1, 0X1FFFFFFC
|
||||
ldr r2, [r0,#8] ; arm11 entry
|
||||
str r2, [r1]
|
||||
ldr r0, [r0,#0xC] ; arm9 entry
|
||||
add sp, sp, #0x3C
|
||||
ldmfd sp!, {r4-r11,lr}
|
||||
bx r0
|
||||
.pool
|
||||
memcpy32: ; memcpy32(void *src, void *dst, unsigned int size)
|
||||
mov r12, lr
|
||||
stmfd sp!, {r0-r4}
|
||||
add r2, r2, r0
|
||||
@memcpy_loop:
|
||||
ldr r3, [r0], #4
|
||||
str r3, [r1], #4
|
||||
cmp r0, r2
|
||||
blt @memcpy_loop
|
||||
ldmfd sp!, {r0-r4}
|
||||
mov lr, r12
|
||||
bx lr
|
||||
.pool
|
||||
.close
|
||||
39
source/crypto.c
Normal file → Executable file
39
source/crypto.c
Normal file → Executable file
@ -353,43 +353,54 @@ int rsa_verify(const void* data, u32 size, const void* sig, u32 mode)
|
||||
return memcmp(dataHash, decSig + (sigSize - SHA_256_HASH_SIZE), SHA_256_HASH_SIZE) == 0;
|
||||
}
|
||||
|
||||
void xor(u8 *dest, u8 *data1, u8 *data2, u32 size){
|
||||
int i; for(i = 0; i < size; i++) *(dest+i) = *(data1+i) ^ *(data2+i);
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
* Nand/FIRM Crypto stuff
|
||||
****************************************************************/
|
||||
const u8 memeKey[0x10] = {
|
||||
0x52, 0x65, 0x69, 0x20, 0x69, 0x73, 0x20, 0x62, 0x65, 0x73, 0x74, 0x20, 0x67, 0x69, 0x72, 0x6C
|
||||
};
|
||||
|
||||
//Get Nand CTR key
|
||||
void getNandCTR(u8 *buf, u8 console) {
|
||||
u8 *addr = console ? (u8*)0x080D8BBC : (u8*)0x080D797C;
|
||||
u8 keyLen = 0x10; //CTR length
|
||||
addr += 0x0F;
|
||||
while (keyLen --) { *(buf++) = *(addr--); }
|
||||
}
|
||||
|
||||
//Read firm0 from NAND and write to buffer
|
||||
void nandFirm0(u8 *outbuf, const u32 size, u8 console){
|
||||
u8 CTR[0x10];
|
||||
getNandCTR(CTR, console);
|
||||
aes_advctr(CTR, 0x0B130000/0x10, AES_INPUT_BE | AES_INPUT_NORMAL);
|
||||
sdmmc_nand_readsectors(0x0B130000 / 0x200, size / 0x200, outbuf);
|
||||
aes_use_keyslot(0x06);
|
||||
aes(outbuf, outbuf, size / AES_BLOCK_SIZE, CTR, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
|
||||
}
|
||||
|
||||
//Emulates the Arm9loader process
|
||||
void arm9loader(void *armHdr){
|
||||
void arm9loader(void *armHdr, u8 mode){
|
||||
//Nand key#2 (0x12C10)
|
||||
u8 key2[0x10] = {
|
||||
0x10, 0x5A, 0xE8, 0x5A, 0x4A, 0x21, 0x78, 0x53, 0x0B, 0x06, 0xFA, 0x1A, 0x5E, 0x2A, 0x5C, 0xBC
|
||||
0x42, 0x3F, 0x81, 0x7A, 0x23, 0x52, 0x58, 0x31, 0x6E, 0x75, 0x8E, 0x3A, 0x39, 0x43, 0x2E, 0xD0
|
||||
};
|
||||
|
||||
//Firm keys
|
||||
u8 keyX[0x10];
|
||||
u8 keyY[0x10];
|
||||
u8 CTR[0x10];
|
||||
u32 slot = 0x16;
|
||||
u32 slot = mode ? 0x16 : 0x15;
|
||||
|
||||
//Setup keys needed for arm9bin decryption
|
||||
xor(key2, key2, memeKey, 0x10);
|
||||
memcpy((u8*)keyY, (void *)((uintptr_t)armHdr+0x10), 0x10);
|
||||
memcpy((u8*)CTR, (void *)((uintptr_t)armHdr+0x20), 0x10);
|
||||
u32 size = atoi((void *)((uintptr_t)armHdr+0x30));
|
||||
|
||||
if(mode){
|
||||
//Set 0x11 to key2 for the arm9bin and misc keys
|
||||
aes_setkey(0x11, (u8*)key2, AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
|
||||
aes_use_keyslot(0x11);
|
||||
|
||||
//Set 0x16 keyX, keyY and CTR
|
||||
aes((u8*)keyX, (void *)((uintptr_t)armHdr+0x60), 1, NULL, AES_ECB_DECRYPT_MODE, 0);
|
||||
aes_setkey(slot, (u8*)keyX, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
|
||||
}
|
||||
|
||||
aes_setkey(slot, (u8*)keyY, AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL);
|
||||
aes_setiv((u8*)CTR, AES_INPUT_BE | AES_INPUT_NORMAL);
|
||||
aes_use_keyslot(slot);
|
||||
@ -397,6 +408,7 @@ void arm9loader(void *armHdr){
|
||||
//Decrypt arm9bin
|
||||
aes((void *)(armHdr+0x800), (void *)(armHdr+0x800), size/AES_BLOCK_SIZE, CTR, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
|
||||
|
||||
if(mode){
|
||||
//Set keys 0x19..0x1F keyXs
|
||||
u8* decKey = (void *)((uintptr_t)armHdr+0x89824);
|
||||
aes_use_keyslot(0x11);
|
||||
@ -407,3 +419,4 @@ void arm9loader(void *armHdr){
|
||||
*(u8 *)((void *)((uintptr_t)armHdr+0x89814+0xF)) += 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
6
source/crypto.h
Normal file → Executable file
6
source/crypto.h
Normal file → Executable file
@ -129,10 +129,10 @@ void sha(void* res, const void* src, u32 size, u32 mode);
|
||||
void rsa_setkey(u32 keyslot, const void* mod, const void* exp, u32 mode);
|
||||
void rsa_use_keyslot(u32 keyslot);
|
||||
int rsa_verify(const void* data, u32 size, const void* sig, u32 mode);
|
||||
void xor(u8 *dest, u8 *data1, u8 *data2, u32 size);
|
||||
|
||||
//NAND/FIRM stuff
|
||||
extern const u8 memeKey[0x10];
|
||||
void arm9loader(void *armHdr);
|
||||
void getNandCTR(u8 *buf, u8 console);
|
||||
void nandFirm0(u8 *outbuf, const u32 size, u8 console);
|
||||
void arm9loader(void *armHdr, u8 mode);
|
||||
|
||||
#endif /*__CRYPTO_H*/
|
||||
|
||||
@ -8,6 +8,8 @@
|
||||
#include "fs.h"
|
||||
#include "memory.h"
|
||||
|
||||
static struct fb* fb = (struct fb*) 0x23FFFE00;
|
||||
|
||||
void clearScreen(void){
|
||||
memset(fb->top_left, 0, 0x38400);
|
||||
memset(fb->top_right, 0, 0x38400);
|
||||
@ -16,6 +18,6 @@ void clearScreen(void){
|
||||
|
||||
void loadSplash(void){
|
||||
clearScreen();
|
||||
fileRead(fb->top_left, "/rei/splash.bin", 0x46500);
|
||||
unsigned i,t; for(t=120;t>0;t--){for(i=0xFFFF;i>0;i--);}; //Ghetto sleep func
|
||||
if(fileRead(fb->top_left, "/rei/splash.bin", 0x46500) != 0) return;
|
||||
unsigned i,t; for(t=220;t>0;t--){for(i=0xFFFF;i>0;i--);}; //Ghetto sleep func
|
||||
}
|
||||
@ -6,11 +6,11 @@
|
||||
|
||||
#include "types.h"
|
||||
|
||||
static struct fb {
|
||||
struct fb {
|
||||
u8 *top_left;
|
||||
u8 *top_right;
|
||||
u8 *bottom;
|
||||
} *fb = (struct fb *)0x23FFFE00;
|
||||
};
|
||||
|
||||
void clearScreen(void);
|
||||
void loadSplash(void);
|
||||
@ -24,7 +24,7 @@ void getEmunandSect(u32 *off, u32 *head){
|
||||
void getSDMMC(void *pos, u32 *off, u32 size){
|
||||
//Look for struct code
|
||||
unsigned char pattern[] = {0x01, 0x21, 0x20, 0x18, 0x20, 0x30};
|
||||
*off = memsearch(pos, pattern, size, 4);
|
||||
*off = (u32)memsearch(pos, pattern, size, 6);
|
||||
|
||||
//Get DCD values
|
||||
unsigned char buf[4];
|
||||
@ -44,13 +44,21 @@ void getEmuRW(void *pos, u32 size, u32 *readOff, u32 *writeOff){
|
||||
//Look for read/write code
|
||||
unsigned char pattern[] = {0x04, 0x00, 0x0D, 0x00, 0x17, 0x00, 0x1E, 0x00, 0xC8, 0x05};
|
||||
|
||||
*readOff = memsearch(pos, pattern, size, 4);
|
||||
*writeOff = memsearch(readOff, pattern, 0x1000, 4);
|
||||
//fileWrite(readOff, "/readoff.bin", 4);
|
||||
*readOff = 0x240CEC40;
|
||||
*writeOff = 0x240CEC80;
|
||||
*writeOff = (u32)memsearch(pos, pattern, size, 10);
|
||||
*readOff = (u32)memsearch((void *)(*writeOff - 0x1000), pattern, 0x1000, 10);
|
||||
}
|
||||
|
||||
void getMPU(void *pos, u32 *off){
|
||||
*off = 0x2407D7D4;
|
||||
void getMPU(void *pos, u32 *off, u32 size){
|
||||
//Look for MPU code
|
||||
unsigned char pattern[] = {0x03, 0x00, 0x24, 0x00, 0x00, 0x00, 0x10};
|
||||
|
||||
*off = (u32)memsearch(pos, pattern, size, 7);
|
||||
}
|
||||
|
||||
void getEmuCode(void *pos, u32 *off, u32 size){
|
||||
void *proc9 = memsearch(pos, "Process9", size, 8);
|
||||
unsigned char pattern[] = {0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF};
|
||||
|
||||
//We're looking for the last spot before Process9
|
||||
*off = (u32)memsearch(pos, pattern, size - (size - (u32)(proc9 - pos)), 6) + 0xF;
|
||||
}
|
||||
@ -14,6 +14,7 @@
|
||||
void getEmunandSect(u32 *off, u32 *head);
|
||||
void getSDMMC(void *pos, u32 *off, u32 size);
|
||||
void getEmuRW(void *pos, u32 size, u32 *readOff, u32 *writeOff);
|
||||
void getMPU(void *pos, u32 *off);
|
||||
void getMPU(void *pos, u32 *off, u32 size);
|
||||
void getEmuCode(void *pos, u32 *off, u32 size);
|
||||
|
||||
#endif
|
||||
121
source/firm.c
Normal file → Executable file
121
source/firm.c
Normal file → Executable file
@ -11,73 +11,116 @@
|
||||
#include "emunand.h"
|
||||
#include "crypto.h"
|
||||
|
||||
const firmHeader *firmLocation = (firmHeader *)0x24000000;
|
||||
firmHeader *firmLocation = (firmHeader *)0x24000000;
|
||||
firmSectionHeader *section;
|
||||
u32 firmSize = 0;
|
||||
u8 mode = 1,
|
||||
console = 1;
|
||||
u16 pressed;
|
||||
|
||||
//Load firm into FCRAM
|
||||
u8 loadFirm(void){
|
||||
|
||||
if(PDN_MPCORE_CFG == 1) console = 0;
|
||||
pressed = HID_PAD;
|
||||
section = firmLocation->section;
|
||||
|
||||
//If L and R are pressed, boot SysNAND with the NAND FIRM
|
||||
if((pressed & BUTTON_L1R1) == BUTTON_L1R1){
|
||||
mode = 0;
|
||||
//Read FIRM from NAND and write to FCRAM
|
||||
firmSize = console ? 0xF2C00 : 0xE9000;
|
||||
nandFirm0((u8*)firmLocation, firmSize, console);
|
||||
if(memcmp((u8*)firmLocation, "FIRM", 4) != 0) return 1;
|
||||
}
|
||||
//Load FIRM from SDCard
|
||||
else{
|
||||
const char firmPath[] = "/rei/firmware.bin";
|
||||
firmSize = fileSize(firmPath);
|
||||
if (!firmSize) return 1;
|
||||
fileRead((u8*)firmLocation, firmPath, firmSize);
|
||||
if((((u32)section[2].address >> 8) & 0xFF) != (console ? 0x60 : 0x68)) return 1;
|
||||
}
|
||||
|
||||
if(console) arm9loader((u8*)firmLocation + section[2].offset, mode);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
//Nand redirection
|
||||
u8 loadEmu(void){
|
||||
|
||||
u32 emuOffset = 0,
|
||||
emuHeader = 0,
|
||||
emuRead = 0,
|
||||
emuWrite = 0,
|
||||
sdmmcOffset = 0,
|
||||
firmSize = 0,
|
||||
mpuOffset = 0;
|
||||
|
||||
//Load firm into FCRAM
|
||||
void loadFirm(void){
|
||||
//Read FIRM from SD card and write to FCRAM
|
||||
const char firmPath[] = "/rei/firmware.bin";
|
||||
firmSize = fileSize(firmPath);
|
||||
fileRead((u8*)firmLocation, firmPath, firmSize);
|
||||
|
||||
//Decrypt firmware blob
|
||||
u8 firmIV[0x10] = {0};
|
||||
aes_setkey(0x16, memeKey, AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
|
||||
aes_use_keyslot(0x16);
|
||||
aes((u8*)firmLocation, (u8*)firmLocation, firmSize / AES_BLOCK_SIZE, firmIV, AES_CBC_DECRYPT_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
|
||||
|
||||
//Parse firmware
|
||||
section = firmLocation->section;
|
||||
arm9loader((u8*)firmLocation + section[2].offset);
|
||||
}
|
||||
|
||||
//Nand redirection
|
||||
void loadEmu(void){
|
||||
mpuOffset = 0,
|
||||
emuCodeOffset = 0;
|
||||
|
||||
//Read emunand code from SD
|
||||
u32 code = emuCode();
|
||||
getEmuCode(firmLocation, &emuCodeOffset, firmSize);
|
||||
const char path[] = "/rei/emunand/emunand.bin";
|
||||
u32 size = fileSize(path);
|
||||
fileRead((u8*)code, path, size);
|
||||
if (!size) return 1;
|
||||
fileRead((u8*)emuCodeOffset, path, size);
|
||||
|
||||
//Find and patch emunand related offsets
|
||||
u32 *pos_sdmmc = memsearch(code, "SDMC", size, 4);
|
||||
u32 *pos_offset = memsearch(code, "NAND", size, 4);
|
||||
u32 *pos_header = memsearch(code, "NCSD", size, 4);
|
||||
u32 *pos_sdmmc = memsearch((u32*)emuCodeOffset, "SDMC", size, 4);
|
||||
u32 *pos_offset = memsearch((u32*)emuCodeOffset, "NAND", size, 4);
|
||||
u32 *pos_header = memsearch((u32*)emuCodeOffset, "NCSD", size, 4);
|
||||
getSDMMC(firmLocation, &sdmmcOffset, firmSize);
|
||||
getEmunandSect(&emuOffset, &emuHeader);
|
||||
getEmuRW(firmLocation, firmSize, &emuRead, &emuWrite);
|
||||
getMPU(firmLocation, &mpuOffset);
|
||||
getMPU(firmLocation, &mpuOffset, firmSize);
|
||||
*pos_sdmmc = sdmmcOffset;
|
||||
*pos_offset = emuOffset;
|
||||
*pos_header = emuHeader;
|
||||
|
||||
//Add emunand hooks
|
||||
if(!console) nandRedir[5] = 0xA4;
|
||||
memcpy((u8*)emuRead, nandRedir, sizeof(nandRedir));
|
||||
memcpy((u8*)emuWrite, nandRedir, sizeof(nandRedir));
|
||||
|
||||
//Set MPU for emu code region
|
||||
memcpy((u8*)mpuOffset, mpu, sizeof(mpu));
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
//Patches
|
||||
void patchFirm(){
|
||||
//Disable signature checks
|
||||
memcpy((u8*)sigPatch(1), sigPat1, sizeof(sigPat1));
|
||||
memcpy((u8*)sigPatch(2), sigPat2, sizeof(sigPat2));
|
||||
u8 patchFirm(void){
|
||||
|
||||
//Create arm9 thread
|
||||
fileRead((u8*)threadCode(), "/rei/thread/arm9.bin", 0);
|
||||
memcpy((u8*)threadHook(1), th1, sizeof(th1));
|
||||
memcpy((u8*)threadHook(2), th2, sizeof(th2));
|
||||
//If L is pressed, boot SysNAND with the SDCard FIRM
|
||||
if(mode && !(pressed & BUTTON_L1)) if (loadEmu()) return 1;
|
||||
|
||||
//Disable signature checks
|
||||
u32 sigOffset = 0,
|
||||
sigOffset2 = 0;
|
||||
getSignatures(firmLocation, firmSize, &sigOffset, &sigOffset2);
|
||||
memcpy((u8*)sigOffset, sigPat1, sizeof(sigPat1));
|
||||
memcpy((u8*)sigOffset2, sigPat2, sizeof(sigPat2));
|
||||
|
||||
//Apply reboot patch and write patched FIRM
|
||||
if(!console && mode &&
|
||||
((fileSize("/rei/reversereboot") > 0) == (pressed & BUTTON_A))){
|
||||
u32 rebootOffset = 0,
|
||||
rebootOffset2 = 0;
|
||||
getReboot(firmLocation, firmSize, &rebootOffset, &rebootOffset2);
|
||||
char path[] = "/rei/reboot/reboot1.bin";
|
||||
u32 size = fileSize(path);
|
||||
if (!size) return 1;
|
||||
fileRead((u8*)rebootOffset, path, size);
|
||||
memcpy((u8*)rebootOffset + size, L"sdmc:", 10);
|
||||
memcpy((u8*)rebootOffset + size + 10, L"" PATCHED_FIRM_PATH, sizeof(PATCHED_FIRM_PATH) * 2);
|
||||
path[18] = '2';
|
||||
size = fileSize(path);
|
||||
if (!size) return 1;
|
||||
fileRead((u8*)rebootOffset2, path, size);
|
||||
if (fileWrite((u8*)firmLocation, PATCHED_FIRM_PATH, firmSize) != 0) return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
//Firmlaunchhax
|
||||
@ -117,5 +160,5 @@ void launchFirm(void){
|
||||
*(u32 *)0x1FFFFFF8 = (u32)firmLocation->arm11Entry;
|
||||
|
||||
//Final jump to arm9 binary
|
||||
((void (*)())0x801B01C)();
|
||||
console ? ((void (*)())0x801B01C)() : ((void (*)())firmLocation->arm9Entry)();
|
||||
}
|
||||
@ -8,10 +8,16 @@
|
||||
|
||||
#include "types.h"
|
||||
|
||||
void loadSplash(void);
|
||||
void loadFirm(void);
|
||||
void loadEmu(void);
|
||||
void patchFirm(void);
|
||||
#define PDN_MPCORE_CFG (*(u8*)0x10140FFC)
|
||||
#define HID_PAD ((~*(u16*)0x10146000) & 0xFFF)
|
||||
#define BUTTON_L1R1 (3 << 8)
|
||||
#define BUTTON_L1 (1 << 9)
|
||||
#define BUTTON_A 1
|
||||
#define PATCHED_FIRM_PATH "/rei/patched_firmware.bin"
|
||||
|
||||
u8 loadFirm(void);
|
||||
u8 loadEmu(void);
|
||||
u8 patchFirm(void);
|
||||
void launchFirm(void);
|
||||
|
||||
#endif
|
||||
144
source/font.h
144
source/font.h
@ -1,144 +0,0 @@
|
||||
/*
|
||||
This file was autogenerated by raw2c.
|
||||
Visit http://www.devkitpro.org
|
||||
*/
|
||||
|
||||
//---------------------------------------------------------------------------------
|
||||
#ifndef _font_h_
|
||||
#define _font_h_
|
||||
//---------------------------------------------------------------------------------
|
||||
static const unsigned char font[] = {
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7e, 0x81, 0xa5, 0x81, 0xbd, 0x99, 0x81, 0x7e,
|
||||
0x7e, 0xff, 0xdb, 0xff, 0xc3, 0xe7, 0xff, 0x7e, 0x6c, 0xfe, 0xfe, 0xfe, 0x7c, 0x38, 0x10, 0x00,
|
||||
0x10, 0x38, 0x7c, 0xfe, 0x7c, 0x38, 0x10, 0x00, 0x3c, 0x3c, 0x18, 0xff, 0xe7, 0x18, 0x3c, 0x00,
|
||||
0x10, 0x38, 0x7c, 0xfe, 0xee, 0x10, 0x38, 0x00, 0x00, 0x00, 0x18, 0x3c, 0x3c, 0x18, 0x00, 0x00,
|
||||
0xff, 0xff, 0xe7, 0xc3, 0xc3, 0xe7, 0xff, 0xff, 0x00, 0x3c, 0x66, 0x42, 0x42, 0x66, 0x3c, 0x00,
|
||||
0xff, 0xc3, 0x99, 0xbd, 0xbd, 0x99, 0xc3, 0xff, 0x0f, 0x07, 0x0f, 0x7d, 0xcc, 0xcc, 0xcc, 0x78,
|
||||
0x3c, 0x66, 0x66, 0x66, 0x3c, 0x18, 0x7e, 0x18, 0x08, 0x0c, 0x0a, 0x0a, 0x08, 0x78, 0xf0, 0x00,
|
||||
0x18, 0x14, 0x1a, 0x16, 0x72, 0xe2, 0x0e, 0x1c, 0x10, 0x54, 0x38, 0xee, 0x38, 0x54, 0x10, 0x00,
|
||||
0x80, 0xe0, 0xf8, 0xfe, 0xf8, 0xe0, 0x80, 0x00, 0x02, 0x0e, 0x3e, 0xfe, 0x3e, 0x0e, 0x02, 0x00,
|
||||
0x18, 0x3c, 0x5a, 0x18, 0x5a, 0x3c, 0x18, 0x00, 0x66, 0x66, 0x66, 0x66, 0x66, 0x00, 0x66, 0x00,
|
||||
0x7f, 0xdb, 0xdb, 0xdb, 0x7b, 0x1b, 0x1b, 0x00, 0x1c, 0x22, 0x38, 0x44, 0x44, 0x38, 0x88, 0x70,
|
||||
0x00, 0x00, 0x00, 0x00, 0x7e, 0x7e, 0x7e, 0x00, 0x18, 0x3c, 0x5a, 0x18, 0x5a, 0x3c, 0x18, 0x7e,
|
||||
0x18, 0x3c, 0x5a, 0x18, 0x18, 0x18, 0x18, 0x00, 0x18, 0x18, 0x18, 0x18, 0x5a, 0x3c, 0x18, 0x00,
|
||||
0x00, 0x18, 0x0c, 0xfe, 0x0c, 0x18, 0x00, 0x00, 0x00, 0x30, 0x60, 0xfe, 0x60, 0x30, 0x00, 0x00,
|
||||
0x00, 0x00, 0xc0, 0xc0, 0xc0, 0xfe, 0x00, 0x00, 0x00, 0x24, 0x42, 0xff, 0x42, 0x24, 0x00, 0x00,
|
||||
0x00, 0x10, 0x38, 0x7c, 0xfe, 0xfe, 0x00, 0x00, 0x00, 0xfe, 0xfe, 0x7c, 0x38, 0x10, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x3c, 0x3c, 0x18, 0x18, 0x00, 0x18, 0x00,
|
||||
0x6c, 0x24, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x6c, 0x6c, 0xfe, 0x6c, 0xfe, 0x6c, 0x6c, 0x00,
|
||||
0x10, 0x7c, 0xd0, 0x7c, 0x16, 0xfc, 0x10, 0x00, 0x00, 0x66, 0xac, 0xd8, 0x36, 0x6a, 0xcc, 0x00,
|
||||
0x38, 0x4c, 0x38, 0x78, 0xce, 0xcc, 0x7a, 0x00, 0x30, 0x10, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x18, 0x30, 0x60, 0x60, 0x60, 0x30, 0x18, 0x00, 0x60, 0x30, 0x18, 0x18, 0x18, 0x30, 0x60, 0x00,
|
||||
0x00, 0x66, 0x3c, 0xff, 0x3c, 0x66, 0x00, 0x00, 0x00, 0x30, 0x30, 0xfc, 0x30, 0x30, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x10, 0x20, 0x00, 0x00, 0x00, 0xfc, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x06, 0x0c, 0x18, 0x30, 0x60, 0xc0, 0x00,
|
||||
0x7c, 0xce, 0xde, 0xf6, 0xe6, 0xe6, 0x7c, 0x00, 0x18, 0x38, 0x78, 0x18, 0x18, 0x18, 0x7e, 0x00,
|
||||
0x7c, 0xc6, 0x06, 0x1c, 0x70, 0xc6, 0xfe, 0x00, 0x7c, 0xc6, 0x06, 0x3c, 0x06, 0xc6, 0x7c, 0x00,
|
||||
0x1c, 0x3c, 0x6c, 0xcc, 0xfe, 0x0c, 0x1e, 0x00, 0xfe, 0xc0, 0xfc, 0x06, 0x06, 0xc6, 0x7c, 0x00,
|
||||
0x7c, 0xc6, 0xc0, 0xfc, 0xc6, 0xc6, 0x7c, 0x00, 0xfe, 0xc6, 0x0c, 0x18, 0x30, 0x30, 0x30, 0x00,
|
||||
0x7c, 0xc6, 0xc6, 0x7c, 0xc6, 0xc6, 0x7c, 0x00, 0x7c, 0xc6, 0xc6, 0x7e, 0x06, 0xc6, 0x7c, 0x00,
|
||||
0x00, 0x30, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x30, 0x10, 0x20,
|
||||
0x0c, 0x18, 0x30, 0x60, 0x30, 0x18, 0x0c, 0x00, 0x00, 0x00, 0x7e, 0x00, 0x00, 0x7e, 0x00, 0x00,
|
||||
0x60, 0x30, 0x18, 0x0c, 0x18, 0x30, 0x60, 0x00, 0x78, 0xcc, 0x0c, 0x18, 0x30, 0x00, 0x30, 0x00,
|
||||
0x7c, 0x82, 0x9e, 0xa6, 0x9e, 0x80, 0x7c, 0x00, 0x7c, 0xc6, 0xc6, 0xfe, 0xc6, 0xc6, 0xc6, 0x00,
|
||||
0xfc, 0x66, 0x66, 0x7c, 0x66, 0x66, 0xfc, 0x00, 0x7c, 0xc6, 0xc0, 0xc0, 0xc0, 0xc6, 0x7c, 0x00,
|
||||
0xfc, 0x66, 0x66, 0x66, 0x66, 0x66, 0xfc, 0x00, 0xfe, 0x62, 0x68, 0x78, 0x68, 0x62, 0xfe, 0x00,
|
||||
0xfe, 0x62, 0x68, 0x78, 0x68, 0x60, 0xf0, 0x00, 0x7c, 0xc6, 0xc6, 0xc0, 0xce, 0xc6, 0x7e, 0x00,
|
||||
0xc6, 0xc6, 0xc6, 0xfe, 0xc6, 0xc6, 0xc6, 0x00, 0x3c, 0x18, 0x18, 0x18, 0x18, 0x18, 0x3c, 0x00,
|
||||
0x1e, 0x0c, 0x0c, 0x0c, 0xcc, 0xcc, 0x78, 0x00, 0xe6, 0x66, 0x6c, 0x78, 0x6c, 0x66, 0xe6, 0x00,
|
||||
0xf0, 0x60, 0x60, 0x60, 0x62, 0x66, 0xfe, 0x00, 0x82, 0xc6, 0xee, 0xfe, 0xd6, 0xc6, 0xc6, 0x00,
|
||||
0xc6, 0xe6, 0xf6, 0xde, 0xce, 0xc6, 0xc6, 0x00, 0x7c, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0x7c, 0x00,
|
||||
0xfc, 0x66, 0x66, 0x7c, 0x60, 0x60, 0xf0, 0x00, 0x7c, 0xc6, 0xc6, 0xc6, 0xd6, 0xde, 0x7c, 0x06,
|
||||
0xfc, 0x66, 0x66, 0x7c, 0x66, 0x66, 0xe6, 0x00, 0x7c, 0xc6, 0xc0, 0x7c, 0x06, 0xc6, 0x7c, 0x00,
|
||||
0x7e, 0x5a, 0x5a, 0x18, 0x18, 0x18, 0x3c, 0x00, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0x7c, 0x00,
|
||||
0xc6, 0xc6, 0xc6, 0xc6, 0x6c, 0x38, 0x10, 0x00, 0xc6, 0xc6, 0xd6, 0xfe, 0xee, 0xc6, 0x82, 0x00,
|
||||
0xc6, 0x6c, 0x38, 0x38, 0x38, 0x6c, 0xc6, 0x00, 0x66, 0x66, 0x66, 0x3c, 0x18, 0x18, 0x3c, 0x00,
|
||||
0xfe, 0xc6, 0x8c, 0x18, 0x32, 0x66, 0xfe, 0x00, 0x78, 0x60, 0x60, 0x60, 0x60, 0x60, 0x78, 0x00,
|
||||
0xc0, 0x60, 0x30, 0x18, 0x0c, 0x06, 0x02, 0x00, 0x78, 0x18, 0x18, 0x18, 0x18, 0x18, 0x78, 0x00,
|
||||
0x10, 0x38, 0x6c, 0xc6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff,
|
||||
0x30, 0x20, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x78, 0x0c, 0x7c, 0xcc, 0x76, 0x00,
|
||||
0xe0, 0x60, 0x60, 0x7c, 0x66, 0x66, 0x7c, 0x00, 0x00, 0x00, 0x7c, 0xc6, 0xc0, 0xc6, 0x7c, 0x00,
|
||||
0x1c, 0x0c, 0x0c, 0x7c, 0xcc, 0xcc, 0x76, 0x00, 0x00, 0x00, 0x7c, 0xc6, 0xfe, 0xc0, 0x7c, 0x00,
|
||||
0x1c, 0x36, 0x30, 0x78, 0x30, 0x30, 0x78, 0x00, 0x00, 0x00, 0x76, 0xcc, 0xcc, 0x7c, 0x0c, 0x78,
|
||||
0xe0, 0x60, 0x6c, 0x76, 0x66, 0x66, 0xe6, 0x00, 0x18, 0x00, 0x38, 0x18, 0x18, 0x18, 0x3c, 0x00,
|
||||
0x00, 0x0c, 0x00, 0x1c, 0x0c, 0x0c, 0xcc, 0x78, 0xe0, 0x60, 0x66, 0x6c, 0x78, 0x6c, 0xe6, 0x00,
|
||||
0x38, 0x18, 0x18, 0x18, 0x18, 0x18, 0x3c, 0x00, 0x00, 0x00, 0xcc, 0xfe, 0xd6, 0xd6, 0xd6, 0x00,
|
||||
0x00, 0x00, 0xdc, 0x66, 0x66, 0x66, 0x66, 0x00, 0x00, 0x00, 0x7c, 0xc6, 0xc6, 0xc6, 0x7c, 0x00,
|
||||
0x00, 0x00, 0xdc, 0x66, 0x66, 0x7c, 0x60, 0xf0, 0x00, 0x00, 0x7c, 0xcc, 0xcc, 0x7c, 0x0c, 0x1e,
|
||||
0x00, 0x00, 0xde, 0x76, 0x60, 0x60, 0xf0, 0x00, 0x00, 0x00, 0x7c, 0xc0, 0x7c, 0x06, 0x7c, 0x00,
|
||||
0x10, 0x30, 0xfc, 0x30, 0x30, 0x34, 0x18, 0x00, 0x00, 0x00, 0xcc, 0xcc, 0xcc, 0xcc, 0x76, 0x00,
|
||||
0x00, 0x00, 0xc6, 0xc6, 0x6c, 0x38, 0x10, 0x00, 0x00, 0x00, 0xc6, 0xd6, 0xd6, 0xfe, 0x6c, 0x00,
|
||||
0x00, 0x00, 0xc6, 0x6c, 0x38, 0x6c, 0xc6, 0x00, 0x00, 0x00, 0xcc, 0xcc, 0xcc, 0x7c, 0x0c, 0xf8,
|
||||
0x00, 0x00, 0xfc, 0x98, 0x30, 0x64, 0xfc, 0x00, 0x0e, 0x18, 0x18, 0x30, 0x18, 0x18, 0x0e, 0x00,
|
||||
0x18, 0x18, 0x18, 0x00, 0x18, 0x18, 0x18, 0x00, 0xe0, 0x30, 0x30, 0x18, 0x30, 0x30, 0xe0, 0x00,
|
||||
0x76, 0xdc, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x38, 0x6c, 0xc6, 0xc6, 0xfe, 0x00,
|
||||
0x7c, 0xc6, 0xc0, 0xc0, 0xc6, 0x7c, 0x18, 0x70, 0xcc, 0x00, 0xcc, 0xcc, 0xcc, 0xcc, 0x76, 0x00,
|
||||
0x0e, 0x10, 0x7c, 0xc6, 0xfe, 0xc0, 0x7c, 0x00, 0x7c, 0x82, 0x38, 0x0c, 0x7c, 0xcc, 0x76, 0x00,
|
||||
0xcc, 0x00, 0x78, 0x0c, 0x7c, 0xcc, 0x76, 0x00, 0xe0, 0x10, 0x78, 0x0c, 0x7c, 0xcc, 0x76, 0x00,
|
||||
0x30, 0x30, 0x78, 0x0c, 0x7c, 0xcc, 0x76, 0x00, 0x00, 0x00, 0x7c, 0xc0, 0xc0, 0x7c, 0x18, 0x70,
|
||||
0x7c, 0x82, 0x7c, 0xc6, 0xfe, 0xc0, 0x7c, 0x00, 0xc6, 0x00, 0x7c, 0xc6, 0xfe, 0xc0, 0x7c, 0x00,
|
||||
0xe0, 0x10, 0x7c, 0xc6, 0xfe, 0xc0, 0x7c, 0x00, 0x66, 0x00, 0x38, 0x18, 0x18, 0x18, 0x3c, 0x00,
|
||||
0x7c, 0x82, 0x38, 0x18, 0x18, 0x18, 0x3c, 0x00, 0xe0, 0x10, 0x38, 0x18, 0x18, 0x18, 0x3c, 0x00,
|
||||
0xc6, 0x00, 0x7c, 0xc6, 0xfe, 0xc6, 0xc6, 0x00, 0x38, 0x38, 0x7c, 0xc6, 0xfe, 0xc6, 0xc6, 0x00,
|
||||
0x0e, 0x10, 0xfe, 0x60, 0x78, 0x60, 0xfe, 0x00, 0x00, 0x00, 0x7c, 0x12, 0x7e, 0xd0, 0x7e, 0x00,
|
||||
0x7e, 0xc8, 0xc8, 0xfe, 0xc8, 0xc8, 0xce, 0x00, 0x7c, 0x82, 0x7c, 0xc6, 0xc6, 0xc6, 0x7c, 0x00,
|
||||
0xc6, 0x00, 0x7c, 0xc6, 0xc6, 0xc6, 0x7c, 0x00, 0xe0, 0x10, 0x7c, 0xc6, 0xc6, 0xc6, 0x7c, 0x00,
|
||||
0x7c, 0x82, 0xcc, 0xcc, 0xcc, 0xcc, 0x76, 0x00, 0xe0, 0x10, 0xcc, 0xcc, 0xcc, 0xcc, 0x76, 0x00,
|
||||
0xcc, 0x00, 0xcc, 0xcc, 0xcc, 0x7c, 0x0c, 0xf8, 0xc6, 0x7c, 0xc6, 0xc6, 0xc6, 0xc6, 0x7c, 0x00,
|
||||
0xc6, 0x00, 0xc6, 0xc6, 0xc6, 0xc6, 0x7c, 0x00, 0x18, 0x7c, 0xd6, 0xd0, 0xd6, 0x7c, 0x18, 0x00,
|
||||
0x38, 0x6c, 0x60, 0xf0, 0x60, 0xf2, 0xdc, 0x00, 0x66, 0x3c, 0x18, 0x7e, 0x18, 0x7e, 0x18, 0x00,
|
||||
0xf8, 0xcc, 0xf8, 0xc4, 0xcc, 0xde, 0xcc, 0x06, 0x0e, 0x1b, 0x18, 0x3c, 0x18, 0x18, 0xd8, 0x70,
|
||||
0x0e, 0x10, 0x78, 0x0c, 0x7c, 0xcc, 0x76, 0x00, 0x0e, 0x10, 0x38, 0x18, 0x18, 0x18, 0x3c, 0x00,
|
||||
0x0e, 0x10, 0x7c, 0xc6, 0xc6, 0xc6, 0x7c, 0x00, 0x0e, 0x10, 0xcc, 0xcc, 0xcc, 0xcc, 0x76, 0x00,
|
||||
0x66, 0x98, 0xdc, 0x66, 0x66, 0x66, 0x66, 0x00, 0x66, 0x98, 0xe6, 0xf6, 0xde, 0xce, 0xc6, 0x00,
|
||||
0x38, 0x0c, 0x3c, 0x34, 0x00, 0x7e, 0x00, 0x00, 0x38, 0x6c, 0x6c, 0x38, 0x00, 0x7c, 0x00, 0x00,
|
||||
0x30, 0x00, 0x30, 0x60, 0xc6, 0xc6, 0x7c, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xc0, 0xc0, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0xfc, 0x0c, 0x0c, 0x00, 0x00, 0xc0, 0xc8, 0xd0, 0xfe, 0x46, 0x8c, 0x1e, 0x00,
|
||||
0xc0, 0xc8, 0xd0, 0xec, 0x5c, 0xbe, 0x0c, 0x00, 0x18, 0x00, 0x18, 0x18, 0x3c, 0x3c, 0x18, 0x00,
|
||||
0x00, 0x36, 0x6c, 0xd8, 0x6c, 0x36, 0x00, 0x00, 0x00, 0xd8, 0x6c, 0x36, 0x6c, 0xd8, 0x00, 0x00,
|
||||
0x22, 0x88, 0x22, 0x88, 0x22, 0x88, 0x22, 0x88, 0x55, 0xaa, 0x55, 0xaa, 0x55, 0xaa, 0x55, 0xaa,
|
||||
0xdb, 0x77, 0xdb, 0xee, 0xdb, 0x77, 0xdb, 0xee, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18,
|
||||
0x18, 0x18, 0x18, 0x18, 0xf8, 0x18, 0x18, 0x18, 0x18, 0x18, 0xf8, 0x18, 0xf8, 0x18, 0x18, 0x18,
|
||||
0x36, 0x36, 0x36, 0x36, 0xf6, 0x36, 0x36, 0x36, 0x00, 0x00, 0x00, 0x00, 0xfe, 0x36, 0x36, 0x36,
|
||||
0x00, 0x00, 0xf8, 0x18, 0xf8, 0x18, 0x18, 0x18, 0x36, 0x36, 0xf6, 0x06, 0xf6, 0x36, 0x36, 0x36,
|
||||
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x00, 0x00, 0xfe, 0x06, 0xf6, 0x36, 0x36, 0x36,
|
||||
0x36, 0x36, 0xf6, 0x06, 0xfe, 0x00, 0x00, 0x00, 0x36, 0x36, 0x36, 0x36, 0xfe, 0x00, 0x00, 0x00,
|
||||
0x18, 0x18, 0xf8, 0x18, 0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0x18, 0x18, 0x18,
|
||||
0x18, 0x18, 0x18, 0x18, 0x1f, 0x00, 0x00, 0x00, 0x18, 0x18, 0x18, 0x18, 0xff, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0xff, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x1f, 0x18, 0x18, 0x18,
|
||||
0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x00, 0x18, 0x18, 0x18, 0x18, 0xff, 0x18, 0x18, 0x18,
|
||||
0x18, 0x18, 0x1f, 0x18, 0x1f, 0x18, 0x18, 0x18, 0x36, 0x36, 0x36, 0x36, 0x37, 0x36, 0x36, 0x36,
|
||||
0x36, 0x36, 0x37, 0x30, 0x3f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3f, 0x30, 0x37, 0x36, 0x36, 0x36,
|
||||
0x36, 0x36, 0xf7, 0x00, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0xf7, 0x36, 0x36, 0x36,
|
||||
0x36, 0x36, 0x37, 0x30, 0x37, 0x36, 0x36, 0x36, 0x00, 0x00, 0xff, 0x00, 0xff, 0x00, 0x00, 0x00,
|
||||
0x36, 0x36, 0xf7, 0x00, 0xf7, 0x36, 0x36, 0x36, 0x18, 0x18, 0xff, 0x00, 0xff, 0x00, 0x00, 0x00,
|
||||
0x36, 0x36, 0x36, 0x36, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0xff, 0x18, 0x18, 0x18,
|
||||
0x00, 0x00, 0x00, 0x00, 0xff, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x3f, 0x00, 0x00, 0x00,
|
||||
0x18, 0x18, 0x1f, 0x18, 0x1f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1f, 0x18, 0x1f, 0x18, 0x18, 0x18,
|
||||
0x00, 0x00, 0x00, 0x00, 0x3f, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0xff, 0x36, 0x36, 0x36,
|
||||
0x18, 0x18, 0xff, 0x18, 0xff, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0xf8, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x1f, 0x18, 0x18, 0x18, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xf0, 0xf0, 0xf0, 0xf0, 0xf0, 0xf0, 0xf0, 0xf0,
|
||||
0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x74, 0xcc, 0xc8, 0xdc, 0x76, 0x00, 0x78, 0xcc, 0xd8, 0xcc, 0xc6, 0xc6, 0xdc, 0x40,
|
||||
0xfe, 0x62, 0x60, 0x60, 0x60, 0x60, 0xf0, 0x00, 0x00, 0x02, 0x7e, 0xec, 0x6c, 0x6c, 0x48, 0x00,
|
||||
0xfe, 0x62, 0x30, 0x18, 0x30, 0x62, 0xfe, 0x00, 0x00, 0x00, 0x7e, 0xd0, 0xc8, 0xc8, 0x70, 0x00,
|
||||
0x00, 0x00, 0xcc, 0xcc, 0xcc, 0xcc, 0xf8, 0x80, 0x00, 0x00, 0x7e, 0xd8, 0x18, 0x18, 0x10, 0x00,
|
||||
0x38, 0x10, 0x7c, 0xd6, 0xd6, 0x7c, 0x10, 0x38, 0x7c, 0xc6, 0xc6, 0xfe, 0xc6, 0xc6, 0x7c, 0x00,
|
||||
0x7c, 0xc6, 0xc6, 0xc6, 0x6c, 0x28, 0xee, 0x00, 0x3c, 0x22, 0x18, 0x7c, 0xcc, 0xcc, 0x78, 0x00,
|
||||
0x00, 0x00, 0x66, 0x99, 0x99, 0x66, 0x00, 0x00, 0x00, 0x06, 0x7c, 0x9e, 0xf2, 0x7c, 0xc0, 0x00,
|
||||
0x00, 0x00, 0x7c, 0xc0, 0xf8, 0xc0, 0x7c, 0x00, 0x00, 0x7c, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0x00,
|
||||
0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0x00, 0x18, 0x18, 0x7e, 0x18, 0x18, 0x00, 0x7e, 0x00,
|
||||
0x30, 0x18, 0x0c, 0x18, 0x30, 0x00, 0x7c, 0x00, 0x18, 0x30, 0x60, 0x30, 0x18, 0x00, 0x7c, 0x00,
|
||||
0x0e, 0x1b, 0x1b, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0xd8, 0xd8, 0x70,
|
||||
0x00, 0x18, 0x00, 0x7e, 0x00, 0x18, 0x00, 0x00, 0x00, 0x76, 0xdc, 0x00, 0x76, 0xdc, 0x00, 0x00,
|
||||
0x38, 0x6c, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x18, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x0f, 0x0c, 0x0c, 0x0c, 0xec, 0x6c, 0x3c, 0x00,
|
||||
0xd8, 0x6c, 0x6c, 0x6c, 0x00, 0x00, 0x00, 0x00, 0xf0, 0x30, 0xc0, 0xf0, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x3c, 0x3c, 0x3c, 0x3c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
|
||||
|
||||
};
|
||||
const int font_size = sizeof(font);
|
||||
//---------------------------------------------------------------------------------
|
||||
#endif //_font_h_
|
||||
//---------------------------------------------------------------------------------
|
||||
@ -31,7 +31,7 @@ int unmountSD()
|
||||
int fileReadOffset(u8 *dest, const char *path, u32 size, u32 offset){
|
||||
FRESULT fr;
|
||||
FIL fp;
|
||||
u32 br = 0;
|
||||
unsigned int br = 0;
|
||||
|
||||
fr = f_open(&fp, path, FA_READ);
|
||||
if (fr != FR_OK)goto error;
|
||||
@ -61,7 +61,7 @@ int fileRead(u8 *dest, const char *path, u32 size){
|
||||
int fileWrite(const u8 *buffer, const char *path, u32 size){
|
||||
FRESULT fr;
|
||||
FIL fp;
|
||||
u32 br = 0;
|
||||
unsigned int br = 0;
|
||||
|
||||
if(f_open(&fp, path, FA_WRITE | FA_OPEN_ALWAYS) == FR_OK){
|
||||
fr = f_write(&fp, buffer, size, &br);
|
||||
|
||||
@ -10,12 +10,11 @@
|
||||
#include "firm.h"
|
||||
#include "draw.h"
|
||||
|
||||
int main(){
|
||||
u8 main(){
|
||||
mountSD();
|
||||
loadSplash();
|
||||
loadFirm();
|
||||
loadEmu();
|
||||
patchFirm();
|
||||
if (loadFirm()) return 1;
|
||||
if (patchFirm()) return 1;
|
||||
launchFirm();
|
||||
return 0;
|
||||
}
|
||||
@ -5,14 +5,7 @@
|
||||
*/
|
||||
|
||||
#include "patches.h"
|
||||
|
||||
#define FIRM 0x24000000
|
||||
|
||||
#define KERNEL9 (FIRM + 0x68400)
|
||||
#define PROC9 (FIRM + 0x7F100)
|
||||
|
||||
#define K9_ADDR 0x08006000
|
||||
#define P9_ADDR 0x08028000
|
||||
#include "memory.h"
|
||||
|
||||
/**************************************************
|
||||
* Patches
|
||||
@ -26,6 +19,7 @@ u8 mpu[0x2C] = { //MPU shit
|
||||
0x00, 0x00, 0x00, 0x20, 0x01, 0x01, 0x01, 0x01, 0x03, 0x06, 0x20, 0x00, 0x00, 0x00, 0x00, 0x08,
|
||||
0x01, 0x01, 0x01, 0x01, 0x03, 0x06, 0x1C, 0x00, 0x00, 0x00, 0x02, 0x08
|
||||
};
|
||||
|
||||
u8 nandRedir[0x08] = {0x00, 0x4C, 0xA0, 0x47, 0xC0, 0xA5, 0x01, 0x08}; //Branch to emunand function
|
||||
|
||||
/*
|
||||
@ -34,38 +28,24 @@ u8 nandRedir[0x08] = {0x00, 0x4C, 0xA0, 0x47, 0xC0, 0xA5, 0x01, 0x08}; //Bran
|
||||
u8 sigPat1[2] = {0x00, 0x20};
|
||||
u8 sigPat2[4] = {0x00, 0x20, 0x70, 0x47};
|
||||
|
||||
/*
|
||||
* Arm9 thread
|
||||
*/
|
||||
u8 th1[4] = {0x2C, 0xF0, 0x9F, 0xE5}; //ldr pc, =0x08006070
|
||||
u8 th2[4] = {0x70, 0x60, 0x00, 0x08}; //0x08006070
|
||||
|
||||
|
||||
|
||||
/**************************************************
|
||||
* Functions
|
||||
**************************************************/
|
||||
|
||||
//Where the emunand code is stored in firm
|
||||
u32 emuCode(void){
|
||||
return KERNEL9 + (0x0801A5C0 - K9_ADDR);
|
||||
void getSignatures(void *pos, u32 size, u32 *off, u32 *off2){
|
||||
//Look for signature checks
|
||||
unsigned char pattern[] = {0xC0, 0x1C, 0x76, 0xE7, 0x20};
|
||||
unsigned char pattern2[] = {0x70, 0xB5, 0x22, 0x4D, 0x0C};
|
||||
|
||||
*off = (u32)memsearch(pos, pattern, size, 5);
|
||||
*off2 = (u32)memsearch(pos, pattern2, size, 5);
|
||||
}
|
||||
|
||||
//Where thread code is stored in firm
|
||||
u32 threadCode(void){
|
||||
return KERNEL9 + (0x08006070 - K9_ADDR);
|
||||
}
|
||||
void getReboot(void *pos, u32 size, u32 *off, u32 *off2){
|
||||
//Look for FIRM reboot code
|
||||
unsigned char pattern[] = {0x8D, 0xE5, 0x00, 0xC0, 0x91, 0xE5};
|
||||
unsigned char pattern2[] = {0xF0, 0x4F, 0x2D, 0xE9, 0x3C};
|
||||
|
||||
//Offsets to redirect to thread code
|
||||
u32 threadHook(u8 val){
|
||||
return val == 1 ?
|
||||
PROC9 + (0x08085198 - P9_ADDR):
|
||||
PROC9 + (0x080851CC - P9_ADDR);
|
||||
}
|
||||
|
||||
//Offsets to redirect to thread code
|
||||
u32 sigPatch(u8 val){
|
||||
return val == 1 ?
|
||||
PROC9 + (0x08062B08 - P9_ADDR) :
|
||||
PROC9 + (0x0805C31C - P9_ADDR);
|
||||
*off = (u32)memsearch(pos, pattern, size, 6) + 2;
|
||||
*off2 = (u32)memsearch(pos, pattern2, size, 5);
|
||||
}
|
||||
@ -15,17 +15,11 @@ u8 mpu[0x2C];
|
||||
u8 nandRedir[0x08];
|
||||
u8 sigPat1[2];
|
||||
u8 sigPat2[4];
|
||||
u8 th1[4];
|
||||
u8 th2[4];
|
||||
|
||||
/**************************************************
|
||||
* Functions
|
||||
**************************************************/
|
||||
u32 emuCode(void);
|
||||
u32 mpuCode(void);
|
||||
u32 threadCode(void);
|
||||
u32 threadHook(u8 val);
|
||||
u32 emuHook(u8 val);
|
||||
u32 sigPatch(u8 val);
|
||||
void getSignatures(void *pos, u32 size, u32 *off, u32 *off2);
|
||||
void getReboot(void *pos, u32 size, u32 *off, u32 *off2);
|
||||
|
||||
#endif
|
||||
@ -1,24 +0,0 @@
|
||||
OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm")
|
||||
OUTPUT_ARCH(arm)
|
||||
|
||||
/*0x080C3EE0*/
|
||||
ENTRY(_start)
|
||||
|
||||
SECTIONS
|
||||
{
|
||||
. = 0x08006070;
|
||||
start_addr = .;
|
||||
.text.start : { *(.text.start) }
|
||||
.text : { *(.text) *(.text*) }
|
||||
.rodata : { *(.rodata) *(.rodata*) }
|
||||
.data : { *(.data) *(.data*) }
|
||||
.bss : { *(.bss) *(.bss*) }
|
||||
/*. = ALIGN(32);*/
|
||||
/*.stack : {
|
||||
stack_start = .;
|
||||
. += 0x40;
|
||||
. = ALIGN(32);
|
||||
stack_end = .;
|
||||
}*/
|
||||
total_size = . - start_addr;
|
||||
}
|
||||
@ -1,16 +0,0 @@
|
||||
ifeq ($(strip $(DEVKITARM)),)
|
||||
$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
|
||||
endif
|
||||
|
||||
include $(DEVKITARM)/ds_rules
|
||||
|
||||
SFLAGS=-c -mcpu=arm946e-s -march=armv5te -mlittle-endian -fshort-wchar
|
||||
CFLAGS=$(SFLAGS) -std=c99
|
||||
|
||||
all:
|
||||
$(CC) -g source/thread.c source/lib.c $(CFLAGS)
|
||||
$(CC) -g source/_start.s source/FS.s -I source $(SFLAGS)
|
||||
$(CC) -nostdlib -T 3ds.ld _start.o thread.o lib.o FS.o
|
||||
$(OBJCOPY) -O binary a.out arm9.bin
|
||||
rm -f *.o *.out
|
||||
|
||||
@ -1,16 +0,0 @@
|
||||
/*
|
||||
* FS.h
|
||||
* by Reisyukaku
|
||||
* Copyright (c) 2015 All Rights Reserved
|
||||
*/
|
||||
|
||||
#ifndef FS_H
|
||||
#define FS_H
|
||||
#include <stdio.h>
|
||||
extern unsigned int fopen9(void *handle, wchar_t* name, unsigned int flag);
|
||||
extern void fwrite9(void* handle, unsigned int* bytesWritten, void* dst, unsigned int size);
|
||||
extern void fread9(void* handle, unsigned int* bytesRead, void *src, unsigned int size);
|
||||
extern void fsize9(void *handle, long *size);
|
||||
extern void fclose9(void *handle);
|
||||
|
||||
#endif
|
||||
@ -1,57 +0,0 @@
|
||||
#
|
||||
# FS.s
|
||||
# by Reisyukaku
|
||||
# Copyright (c) 2015 All Rights Reserved
|
||||
#/
|
||||
|
||||
.text
|
||||
|
||||
.thumb
|
||||
.global fopen9
|
||||
.type fopen9, %function
|
||||
fopen9:
|
||||
push {r0-r6, lr}
|
||||
ldr r4, =0x08059D0D
|
||||
blx r4
|
||||
pop {r0-r6, pc}
|
||||
.pool
|
||||
|
||||
.thumb
|
||||
.global fwrite9
|
||||
.type fwrite9, %function
|
||||
fwrite9:
|
||||
push {r4, lr}
|
||||
ldr r4, =0x0805B20D
|
||||
blx r4
|
||||
pop {r4, pc}
|
||||
.pool
|
||||
|
||||
.thumb
|
||||
.global fread9
|
||||
.type fread9, %function
|
||||
fread9:
|
||||
push {r4, lr}
|
||||
ldr r4, =0x0804CC15
|
||||
blx r4
|
||||
pop {r4, pc}
|
||||
.pool
|
||||
|
||||
.thumb
|
||||
.global fclose9
|
||||
.type fclose9, %function
|
||||
fclose9:
|
||||
push {r4, lr}
|
||||
ldr r4, =0x08052DA1
|
||||
blx r4
|
||||
pop {r4, pc}
|
||||
.pool
|
||||
|
||||
.thumb
|
||||
.global fsize9
|
||||
.type fsize9, %function
|
||||
fsize9:
|
||||
push {r4, lr}
|
||||
ldr r4, =0x0805B0E9
|
||||
blx r4
|
||||
pop {r4, pc}
|
||||
.pool
|
||||
@ -1,20 +0,0 @@
|
||||
.arm
|
||||
.global _start
|
||||
_start:
|
||||
push {r0-r12 , lr}
|
||||
ldr r0, =0x08000c00
|
||||
mov r1, #0xA00
|
||||
mov r2, #0x0
|
||||
thread_stack_loop:
|
||||
str r2, [r0], #0x4
|
||||
subs r1, r1, #4
|
||||
bgt thread_stack_loop
|
||||
mov r0, #0x3F @ thread priority
|
||||
ldr r1, =thread @ thread_addr
|
||||
mov r2, #0x0 @ arg
|
||||
ldr r3, =0x08000c00 @ StackTop
|
||||
ldr r4, =0xFFFFFFFE
|
||||
svc 0x8
|
||||
pop {r0-r12 , lr}
|
||||
ldr r0, =0x080E3408
|
||||
ldr pc, =0x0808519C
|
||||
@ -1,54 +0,0 @@
|
||||
#include "lib.h"
|
||||
|
||||
void *memset(void * ptr, int value, unsigned int num){
|
||||
unsigned char *p = ptr;
|
||||
while (num) {
|
||||
*p++ = value;
|
||||
num--;
|
||||
}
|
||||
return ptr;
|
||||
}
|
||||
|
||||
int strcomp(char* s1, char* s2, unsigned int size){
|
||||
for(int i = 0; i < size*2; i++){
|
||||
if(s1[i] != s2[i]) return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
void strcopy(char* dest, char* source, unsigned int size){
|
||||
for(int i = 0; i < size*2; i++) dest[i] = source[i];
|
||||
}
|
||||
|
||||
int memcmp(void* buf1, void* buf2, int size){
|
||||
int equal = 0;
|
||||
for(int i = 0; i < size; i++){
|
||||
if(*((unsigned char*)buf1 + i) != *((unsigned char*)buf2 + i)){
|
||||
equal = i;
|
||||
break;
|
||||
}
|
||||
}
|
||||
return equal;
|
||||
}
|
||||
|
||||
int atoi(const char* nptr){
|
||||
int result = 0,
|
||||
position = 1;
|
||||
const char* p = nptr;
|
||||
|
||||
while(*p) ++p;
|
||||
|
||||
for(--p; p >= nptr; p--){
|
||||
if(*p < 0x30 || *p > 0x39) break;
|
||||
else{
|
||||
result += (position) * (*p - 0x30);
|
||||
position *= 10;
|
||||
}
|
||||
}
|
||||
result = ((nptr[0] == '-')? -result : result);
|
||||
return result;
|
||||
}
|
||||
|
||||
unsigned isPressed(unsigned bitfield){
|
||||
return ((~*(unsigned *)0x10146000) & 0xFFF) == (bitfield & 0xFFF) ? 1 : 0;
|
||||
}
|
||||
@ -1,26 +0,0 @@
|
||||
#ifndef LIB_H
|
||||
#define LIB_H
|
||||
|
||||
#define BUTTON_A (1 << 0)
|
||||
#define BUTTON_B (1 << 1)
|
||||
#define BUTTON_SELECT (1 << 2)
|
||||
#define BUTTON_START (1 << 3)
|
||||
#define BUTTON_RIGHT (1 << 4)
|
||||
#define BUTTON_LEFT (1 << 5)
|
||||
#define BUTTON_UP (1 << 6)
|
||||
#define BUTTON_DOWN (1 << 7)
|
||||
#define BUTTON_R1 (1 << 8)
|
||||
#define BUTTON_L1 (1 << 9)
|
||||
#define BUTTON_X (1 << 10)
|
||||
#define BUTTON_Y (1 << 11)
|
||||
#define BUTTON_ZL (1 << 14)
|
||||
#define BUTTON_ZR (1 << 15)
|
||||
|
||||
void* memset(void * ptr, int value, unsigned int num);
|
||||
int strcomp(char* s1, char*s2, unsigned int size);
|
||||
void strcopy(char* dest, char* source, unsigned int size);
|
||||
int memcmp(void* buf1, void* buf2, int size);
|
||||
int atoi(const char* nptr);
|
||||
unsigned isPressed(unsigned bitfield);
|
||||
|
||||
#endif
|
||||
@ -1,59 +0,0 @@
|
||||
/*
|
||||
* thread.c
|
||||
* by Reisyukaku
|
||||
* Copyright (c) 2015 All Rights Reserved
|
||||
*/
|
||||
|
||||
#include <wchar.h>
|
||||
#include <stdio.h>
|
||||
#include "thread.h"
|
||||
#include "lib.h"
|
||||
#include "FS.h"
|
||||
|
||||
//ram stuff
|
||||
#define VRAM (unsigned char*)0x18000000
|
||||
#define FCRAM (unsigned char*)0x20000000
|
||||
#define FCRAM_EXT (unsigned char*)0x28000000
|
||||
|
||||
//file stuff
|
||||
#define READ 0
|
||||
#define WRITE 1
|
||||
|
||||
unsigned char handle[32];
|
||||
|
||||
void fileReadWrite(void *buf, void *path, int size, char rw){
|
||||
unsigned int br = 0;
|
||||
memset(&handle, 0, 32);
|
||||
fopen9(&handle, path, 6);
|
||||
if(rw == 0) fread9(&handle, &br, buf, size);
|
||||
else fwrite9(&handle, &br, buf, size);
|
||||
fclose9(&handle);
|
||||
}
|
||||
|
||||
void memdump(void* filename, void* buf, unsigned int size){
|
||||
fileReadWrite(buf, filename, size, WRITE);
|
||||
memset(VRAM+0x1E6000, 0xFF, 0x46500);
|
||||
}
|
||||
|
||||
void patches(void){
|
||||
//Change version string
|
||||
for(int i = 0; i < 0x600000; i+=4){
|
||||
if(strcomp((void*)0x27B00000 - i, (void*)L"Ver.", 4)){
|
||||
if(strcomp((void*)0x27B00000 - i + 0x28, (void*)"T_ver_00", 4)) strcopy((void*)0x27B00000 - i, (void*)L"\uE024Rei", 4);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void thread(void){
|
||||
while(1){
|
||||
if(isPressed(BUTTON_START | BUTTON_X)){
|
||||
unsigned char buf[0x10] = {0};
|
||||
int loc = 0;
|
||||
fileReadWrite(buf, L"sdmc:/rei/RAM.txt", 0x20, READ);
|
||||
loc = atoi(buf);
|
||||
memdump(L"sdmc:/RAMdmp.bin", (void*)loc, 0x10000);
|
||||
}
|
||||
patches();
|
||||
}
|
||||
__asm("SVC 0x09");
|
||||
}
|
||||
@ -1,6 +0,0 @@
|
||||
/*
|
||||
* thread.h
|
||||
* by Reisyukaku
|
||||
*/
|
||||
|
||||
void thread(void);
|
||||
Reference in New Issue
Block a user