Even moar clean-up

This commit is contained in:
Aurora 2016-03-06 16:24:42 +01:00
parent 99829b3cf7
commit 4bdba9f8e9
8 changed files with 61 additions and 68 deletions

View File

@ -4,11 +4,6 @@
#include "memory.h"
#include "fatfs/sdmmc/sdmmc.h"
//Nand key#2 (0x12C10)
u8 key2[0x10] = {
0x42, 0x3F, 0x81, 0x7A, 0x23, 0x52, 0x58, 0x31, 0x6E, 0x75, 0x8E, 0x3A, 0x39, 0x43, 0x2E, 0xD0
};
/****************************************************************
* Crypto Libs
****************************************************************/
@ -232,16 +227,20 @@ void aes(void* dst, const void* src, u32 blockCount, void* iv, u32 mode, u32 ivM
* Nand/FIRM Crypto stuff
****************************************************************/
//Nand key#2 (0x12C10)
u8 key2[0x10] = {
0x42, 0x3F, 0x81, 0x7A, 0x23, 0x52, 0x58, 0x31, 0x6E, 0x75, 0x8E, 0x3A, 0x39, 0x43, 0x2E, 0xD0
};
//Get Nand CTR key
void getNandCTR(u8 *buf, u8 console) {
u8 *addr = console ? (u8*)0x080D8BBC : (u8*)0x080D797C;
u8 keyLen = 0x10; //CTR length
addr += 0x0F;
while (keyLen --) { *(buf++) = *(addr--); }
void getNandCTR(u8 *buf, u8 console){
u8 *addr = (console ? (u8*)0x080D8BBC : (u8*)0x080D797C) + 0x0F;
for(u8 keyLen = 0x10; keyLen; keyLen--)
*(buf++) = *(addr--);
}
//Read firm0 from NAND and write to buffer
void nandFirm0(u8 *outbuf, const u32 size, u8 console){
void nandFirm0(u8 *outbuf, u32 size, u8 console){
u8 CTR[0x10];
getNandCTR(CTR, console);
aes_advctr(CTR, 0x0B130000/0x10, AES_INPUT_BE | AES_INPUT_NORMAL);
@ -287,12 +286,13 @@ void decArm9Bin(void *armHdr, u8 mode){
//Sets the N3DS 9.6 KeyXs
void setKeyXs(void *armHdr){
void *keyData = armHdr+0x89814;
void *decKey = keyData+0x10;
//Set keys 0x19..0x1F keyXs
aes_setkey(0x11, key2, AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
aes_use_keyslot(0x11);
for(u8 slot = 0x19; slot < 0x20; slot++){
void *keyData = armHdr+0x89814;
void *decKey = keyData+0x10;
aes(decKey, keyData, 1, NULL, AES_ECB_DECRYPT_MODE, 0);
aes_setkey(slot, decKey, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
*(u8*)(keyData+0xF) += 1;

View File

@ -49,7 +49,7 @@
#define AES_KEYY 2
//NAND/FIRM stuff
void nandFirm0(u8 *outbuf, const u32 size, u8 console);
void nandFirm0(u8 *outbuf, u32 size, u8 console);
void decArm9Bin(void *armHdr, u8 mode);
void setKeyXs(void *armHdr);

View File

@ -23,7 +23,7 @@ void shutdownLCD(void){
*(vu32*)0x10202014 = 0;
//Wait for the ARM11 entrypoint to be set
while (!*arm11);
while(!*arm11);
//Jump to it
((void (*)())*arm11)();
}
@ -36,7 +36,7 @@ void clearScreen(void){
void loadSplash(void){
//Check if it's a no-screen-init A9LH boot via PDN_GPU_CNT
if (*(u8*)0x10141200 == 0x1) return;
if(*(u8*)0x10141200 == 0x1) return;
clearScreen();
if(!fileRead(fb->top_left, "/rei/splash.bin", 0x46500)) return;
u64 i = 0xFFFFFF; while(--i) __asm("mov r0, r0"); //Less Ghetto sleep func

View File

@ -12,8 +12,8 @@ static u8 *temp = (u8*)0x24300000;
void getEmunandSect(u32 *off, u32 *head){
u32 nandSize = getMMCDevice(0)->total_size;
if (sdmmc_sdcard_readsectors(nandSize, 1, temp) == 0) {
if (*(u32*)(temp + 0x100) == NCSD_MAGIC) {
if(sdmmc_sdcard_readsectors(nandSize, 1, temp) == 0){
if(*(u32*)(temp + 0x100) == NCSD_MAGIC){
*off = 0;
*head = nandSize;
}
@ -26,17 +26,17 @@ void getSDMMC(void *pos, u32 *off, u32 size){
*off = (u32)memsearch(pos, pattern, size, 4) - 1;
//Get DCD values
unsigned char buf[4];
int p;
u8 buf[4],
p;
u32 addr = 0,
additive = 0;
memcpy((void*)buf, (void*)(*off+0x0A), 4);
memcpy(buf, (void *)(*off+0x0A), 4);
for (p = 0; p < 4; p++) addr |= ((u32) buf[p]) << (8 * p);
memcpy((void*)buf, (void*)(*off+0x0E), 4);
memcpy(buf, (void *)(*off+0x0E), 4);
for (p = 0; p < 4; p++) additive |= ((u32) buf[p]) << (8 * p);
//Return result
*off = addr + additive;
*off = addr + additive;
}
void getEmuRW(void *pos, u32 size, u32 *readOff, u32 *writeOff){

View File

@ -31,7 +31,7 @@ void setupCFW(void){
//Retrieve the last booted FIRM via CFG_BOOTENV
u8 previousFirm = *(u8*)0x10010000;
u8 overrideConfig = 0;
char lastConfigPath[] = "rei/lastbootcfg";
const char lastConfigPath[] = "rei/lastbootcfg";
//Detect the console being used
if(PDN_MPCORE_CFG == 1) console = 0;
@ -49,7 +49,7 @@ void setupCFW(void){
//If booting with A9LH and it's a MCU reboot, try to force boot options
if(a9lhBoot && previousFirm && fileExists(lastConfigPath)){
u8 tempConfig;
fileRead((u8*)&tempConfig, lastConfigPath, 1);
fileRead(&tempConfig, lastConfigPath, 1);
//Always force a sysNAND boot when quitting AGB_FIRM
if(previousFirm == 0x7) {
@ -77,7 +77,7 @@ void setupCFW(void){
//Write the current boot options on A9LH
if(a9lhBoot){
u8 tempConfig = (mode | (emuNAND << 1)) & 0x3;
fileWrite((u8*)&tempConfig, lastConfigPath, 1);
fileWrite(&tempConfig, lastConfigPath, 1);
}
}
@ -105,8 +105,8 @@ u8 loadFirm(void){
}
//Load FIRM from SD
else{
char *path = usePatchedFirm ? firmPathPatched :
(mode ? "/rei/firmware.bin" : "/rei/firmware90.bin");
const char *path = usePatchedFirm ? firmPathPatched :
(mode ? "/rei/firmware.bin" : "/rei/firmware90.bin");
firmSize = fileSize(path);
if(!firmSize) return 0;
fileRead((u8*)firmLocation, path, firmSize);
@ -135,20 +135,19 @@ u8 loadEmu(void){
emuCodeOffset = 0;
//Read emunand code from SD
char path[] = "/rei/emunand/emunand.bin";
const char path[] = "/rei/emunand/emunand.bin";
u32 size = fileSize(path);
if(!size) return 0;
if(!console || !mode) nandRedir[5] = 0xA4;
//Find offset for emuNAND code from the offset in nandRedir
u8 *emuCodeTmp = &nandRedir[4];
emuCodeOffset = *(u32*)emuCodeTmp - (u32)section[2].address +
emuCodeOffset = *(u32 *)(nandRedir + 4) - (u32)section[2].address +
section[2].offset + (u32)firmLocation;
fileRead((u8*)emuCodeOffset, path, size);
//Find and patch emunand related offsets
u32 *pos_sdmmc = memsearch((u32*)emuCodeOffset, "SDMC", size, 4);
u32 *pos_offset = memsearch((u32*)emuCodeOffset, "NAND", size, 4);
u32 *pos_header = memsearch((u32*)emuCodeOffset, "NCSD", size, 4);
u32 *pos_sdmmc = (u32 *)memsearch((u32*)emuCodeOffset, "SDMC", size, 4);
u32 *pos_offset = (u32 *)memsearch((u32*)emuCodeOffset, "NAND", size, 4);
u32 *pos_header = (u32 *)memsearch((u32*)emuCodeOffset, "NCSD", size, 4);
getSDMMC(firmLocation, &sdmmcOffset, firmSize);
getEmunandSect(&emuOffset, &emuHeader);
getEmuRW(firmLocation, firmSize, &emuRead, &emuWrite);
@ -159,16 +158,16 @@ u8 loadEmu(void){
//Patch emuNAND code in memory for O3DS and 9.0 N3DS
if(!console || !mode){
u32 *pos_instr = memsearch((u32*)emuCodeOffset, "\xA6\x01\x08\x30", size, 4);
memcpy((u8*)pos_instr, emuInstr, sizeof(emuInstr));
void *pos_instr = memsearch((u32*)emuCodeOffset, "\xA6\x01\x08\x30", size, 4);
memcpy(pos_instr, emuInstr, sizeof(emuInstr));
}
//Add emunand hooks
memcpy((u8*)emuRead, nandRedir, sizeof(nandRedir));
memcpy((u8*)emuWrite, nandRedir, sizeof(nandRedir));
memcpy((void *)emuRead, nandRedir, sizeof(nandRedir));
memcpy((void *)emuWrite, nandRedir, sizeof(nandRedir));
//Set MPU for emu code region
memcpy((u8*)mpuOffset, mpu, sizeof(mpu));
memcpy((void *)mpuOffset, mpu, sizeof(mpu));
return 1;
}
@ -187,7 +186,7 @@ u8 patchFirm(void){
//Patch FIRM partitions writes on SysNAND to protect A9LH
u32 writeOffset = 0;
getFIRMWrite(firmLocation, firmSize, &writeOffset);
memcpy((u8*)writeOffset, FIRMblock, sizeof(FIRMblock));
memcpy((void *)writeOffset, FIRMblock, sizeof(FIRMblock));
}
//Disable signature checks
@ -195,8 +194,8 @@ u8 patchFirm(void){
sigOffset2 = 0;
getSignatures(firmLocation, firmSize, &sigOffset, &sigOffset2);
memcpy((u8*)sigOffset, sigPat1, sizeof(sigPat1));
memcpy((u8*)sigOffset2, sigPat2, sizeof(sigPat2));
memcpy((void *)sigOffset, sigPat1, sizeof(sigPat1));
memcpy((void *)sigOffset2, sigPat2, sizeof(sigPat2));
//Patch ARM9 entrypoint on N3DS to skip arm9loader
if(console){
@ -210,21 +209,21 @@ u8 patchFirm(void){
fOpenOffset = 0;
//Read reboot code from SD
char path[] = "/rei/reboot/reboot.bin";
const char path[] = "/rei/reboot/reboot.bin";
u32 size = fileSize(path);
if(!size) return 0;
getReboot(firmLocation, firmSize, &rebootOffset);
fileRead((u8*)rebootOffset, path, size);
//Calculate the fOpen offset and put it in the right location
u32 *pos_fopen = memsearch((u32*)rebootOffset, "OPEN", size, 4);
u32 *pos_fopen = (u32 *)memsearch((u32*)rebootOffset, "OPEN", size, 4);
getfOpen(firmLocation, firmSize, &fOpenOffset);
*pos_fopen = fOpenOffset;
//Patch path for emuNAND-patched FIRM
if(emuNAND){
u32 *pos_path = memsearch((u32*)rebootOffset, L"sy", size, 4);
memcpy((u8*)pos_path, L"emu", 5);
void *pos_path = memsearch((u32*)rebootOffset, L"sy", size, 4);
memcpy(pos_path, L"emu", 5);
}
}

View File

@ -14,8 +14,8 @@ u8 main(){
mountSD();
loadSplash();
setupCFW();
if (!loadFirm()) return 0;
if (!patchFirm()) return 0;
if(!loadFirm()) return 0;
if(!patchFirm()) return 0;
launchFirm();
return 1;
}

View File

@ -7,33 +7,31 @@
#include "memory.h"
void memcpy(void *dest, const void *src, u32 size){
u32 i; for (i = 0; i < size; i++) {
char *destc = (char *)dest;
const char *srcc = (const char *)src;
u8 *destc = (u8 *)dest;
const u8 *srcc = (const u8 *)src;
for(u32 i = 0; i < size; i++)
destc[i] = srcc[i];
}
}
void memset(void *dest, int filler, u32 size){
u32 i; for (i = 0; i < size; i++) {
char *destc = (char *)dest;
destc[i] = filler;
}
u8 *destc = (u8 *)dest;
for(u32 i = 0; i < size; i++)
destc[i] = (u8)filler;
}
int memcmp(const void *buf1, const void *buf2, u32 size){
u32 i; for (i = 0; i < size; i++) {
const char *buf1c = (const char *)buf1;
const char *buf2c = (const char *)buf2;
const u8 *buf1c = (const u8 *)buf1;
const u8 *buf2c = (const u8 *)buf2;
for(u32 i = 0; i < size; i++){
int cmp = buf1c[i] - buf2c[i];
if (cmp) return cmp;
if(cmp) return cmp;
}
return 0;
}
void *memsearch(void *start_pos, void *search, u32 size, u32 size_search){
for (void *pos = start_pos + size - size_search; pos >= start_pos; pos--) {
if (memcmp(pos, search, size_search) == 0) return pos;
for(void *pos = start_pos + size - size_search; pos >= start_pos; pos--){
if(memcmp(pos, search, size_search) == 0) return pos;
}
return NULL;
}

View File

@ -11,9 +11,6 @@
* Patches
**************************************************/
/*
* MPU
*/
u8 mpu[0x2C] = { //MPU shit
0x03, 0x00, 0x36, 0x00, 0x00, 0x00, 0x10, 0x10, 0x01, 0x00, 0x00, 0x01, 0x03, 0x00, 0x36, 0x00,
0x00, 0x00, 0x00, 0x20, 0x01, 0x01, 0x01, 0x01, 0x03, 0x06, 0x20, 0x00, 0x00, 0x00, 0x00, 0x08,
@ -22,12 +19,11 @@ u8 mpu[0x2C] = { //MPU shit
u8 nandRedir[0x08] = {0x00, 0x4C, 0xA0, 0x47, 0xC0, 0xA5, 0x01, 0x08}; //Branch to emunand function
/*
* Sig checks
*/
u8 sigPat1[2] = {0x00, 0x20};
u8 sigPat2[4] = {0x00, 0x20, 0x70, 0x47};
u8 FIRMblock[4] = {0x00, 0x20, 0xC0, 0x46};
u8 emuInstr[5] = {0xA5, 0x01, 0x08, 0x30, 0xA5};
/**************************************************