From 4d47d891d1dfd8f3a74acda65ad7aa3c83cf3fc4 Mon Sep 17 00:00:00 2001 From: Aurora Wright Date: Fri, 9 Jun 2017 17:29:26 +0200 Subject: [PATCH] Fix max module size check, static-ify more strings --- source/crypto.c | 6 +++--- source/draw.c | 4 ++-- source/exceptions.c | 12 +++++------- source/firm.c | 39 +++++++++++++++++++-------------------- source/main.c | 2 +- source/patches.c | 6 +++--- source/pin.c | 4 ++-- 7 files changed, 35 insertions(+), 38 deletions(-) diff --git a/source/crypto.c b/source/crypto.c index 2f782cc..65030d2 100755 --- a/source/crypto.c +++ b/source/crypto.c @@ -484,8 +484,8 @@ static inline void twlConsoleInfoInit(void) aes_setkey(2, (u8 *)0x01FFD398, AES_KEYX, AES_INPUT_TWLNORMAL); if(CFG_TWLUNITINFO != 0) { - __attribute__((aligned(4))) u8 key2YDev[AES_BLOCK_SIZE] = {0x3B, 0x06, 0x86, 0x57, 0x33, 0x04, 0x88, 0x11, 0x49, 0x04, 0x6B, 0x33, 0x12, 0x02, 0xAC, 0xF3}, - key3YDev[AES_BLOCK_SIZE] = {0xAA, 0xBF, 0x76, 0xF1, 0x7A, 0xB8, 0xE8, 0x66, 0x97, 0x64, 0x6A, 0x26, 0x05, 0x00, 0xA0, 0xE1}; + __attribute__((aligned(4))) static const u8 key2YDev[AES_BLOCK_SIZE] = {0x3B, 0x06, 0x86, 0x57, 0x33, 0x04, 0x88, 0x11, 0x49, 0x04, 0x6B, 0x33, 0x12, 0x02, 0xAC, 0xF3}, + key3YDev[AES_BLOCK_SIZE] = {0xAA, 0xBF, 0x76, 0xF1, 0x7A, 0xB8, 0xE8, 0x66, 0x97, 0x64, 0x6A, 0x26, 0x05, 0x00, 0xA0, 0xE1}; k3X[1] = 0xEE7A4B1E; k3X[2] = 0xAF42C08B; @@ -518,7 +518,7 @@ void setupKeyslots(void) {0xCE, 0xE7, 0xD8, 0xAB, 0x30, 0xC0, 0x0D, 0xAE, 0x85, 0x0E, 0xF5, 0xE3, 0x82, 0xAC, 0x5A, 0xF3}, {0x81, 0x90, 0x7A, 0x4B, 0x6F, 0x1B, 0x47, 0x32, 0x3A, 0x67, 0x79, 0x74, 0xCE, 0x4A, 0xD7, 0x1B} }, - keyY0x2Fs[2][AES_BLOCK_SIZE] = { + keyY0x2Fs[2][AES_BLOCK_SIZE] = { {0xC3, 0x69, 0xBA, 0xA2, 0x1E, 0x18, 0x8A, 0x88, 0xA9, 0xAA, 0x94, 0xE5, 0x50, 0x6A, 0x9F, 0x16}, {0x73, 0x25, 0xC4, 0xEB, 0x14, 0x3A, 0x0D, 0x5F, 0x5D, 0xB6, 0xE5, 0xC5, 0x7A, 0x21, 0x95, 0xAC} }; diff --git a/source/draw.c b/source/draw.c index f4ac1a4..e743c28 100644 --- a/source/draw.c +++ b/source/draw.c @@ -39,8 +39,8 @@ bool loadSplash(void) { - const char *topSplashFile = "splash.bin", - *bottomSplashFile = "splashbottom.bin"; + static const char *topSplashFile = "splash.bin", + *bottomSplashFile = "splashbottom.bin"; bool isTopSplashValid = getFileSize(topSplashFile) == SCREEN_TOP_FBSIZE, isBottomSplashValid = getFileSize(bottomSplashFile) == SCREEN_BOTTOM_FBSIZE; diff --git a/source/exceptions.c b/source/exceptions.c index 216b414..414a697 100644 --- a/source/exceptions.c +++ b/source/exceptions.c @@ -60,15 +60,13 @@ void detectAndProcessExceptionDumps(void) const vu8 *stackDump = (vu8 *)regs + dumpHeader->registerDumpSize + dumpHeader->codeDumpSize; const vu8 *additionalData = stackDump + dumpHeader->stackDumpSize; - const char *handledExceptionNames[] = { + static const char *handledExceptionNames[] = { "FIQ", "undefined instruction", "prefetch abort", "data abort" - }; - - const char *specialExceptions[] = { + }, + *specialExceptions[] = { "kernel panic", "svcBreak" - }; - - const char *registerNames[] = { + }, + *registerNames[] = { "R0", "R1", "R2", "R3", "R4", "R5", "R6", "R7", "R8", "R9", "R10", "R11", "R12", "SP", "LR", "PC", "CPSR", "FPEXC" }; diff --git a/source/firm.c b/source/firm.c index e68739f..7031331 100755 --- a/source/firm.c +++ b/source/firm.c @@ -80,11 +80,9 @@ static inline bool loadFirmFromStorage(FirmwareType firmType) static inline void mergeSection0(FirmwareType firmType, bool loadFromStorage) { - u32 srcModuleSize; - const char *extModuleSizeError = "The external FIRM modules are too large."; + u32 srcModuleSize, + nbModules = 0; - u32 nbModules = 0, - isCustomModule = false; struct { char name[8]; @@ -108,24 +106,25 @@ static inline void mergeSection0(FirmwareType firmType, bool loadFromStorage) const char *name = ((Cxi *)src)->exHeader.systemControlInfo.appTitle; u32 i; - for(i = 0; i < nbModules && memcmp(name, moduleList[i].name, 8) != 0; i++); - if(i == nbModules) isCustomModule = true; + for(i = 0; i < 5 && memcmp(name, moduleList[i].name, 8) != 0; i++); + + if(i == 5) + { + nbModules++; + memcpy(moduleList[i].name, ((Cxi *)src)->exHeader.systemControlInfo.appTitle, 8); + } - memcpy(moduleList[i].name, ((Cxi *)src)->exHeader.systemControlInfo.appTitle, 8); moduleList[i].src = src; srcModuleSize = moduleList[i].size = ((Cxi *)src)->ncch.contentSize * 0x200; } - - if(isCustomModule) nbModules++; } //3) Read or copy the modules u8 *dst = firm->section[0].address; - for(u32 i = 0, dstModuleSize; i < nbModules; i++) + const char *extModuleSizeError = "The external FIRM modules are too large."; + for(u32 i = 0, dstModuleSize, maxModuleSize = 0x60000; i < nbModules; i++, dst += dstModuleSize, maxModuleSize -= dstModuleSize) { - dstModuleSize = 0; - if(loadFromStorage) { char fileName[24]; @@ -137,7 +136,7 @@ static inline void mergeSection0(FirmwareType firmType, bool loadFromStorage) if(dstModuleSize != 0) { - if(dstModuleSize > 0x60000) error(extModuleSizeError); + if(dstModuleSize > maxModuleSize) error(extModuleSizeError); if(dstModuleSize <= sizeof(Cxi) + 0x200 || fileRead(dst, fileName, dstModuleSize) != dstModuleSize || @@ -145,19 +144,19 @@ static inline void mergeSection0(FirmwareType firmType, bool loadFromStorage) memcmp(moduleList[i].name, ((Cxi *)dst)->exHeader.systemControlInfo.appTitle, sizeof(((Cxi *)dst)->exHeader.systemControlInfo.appTitle)) != 0) error("An external FIRM module is invalid or corrupted."); - dst += dstModuleSize; + continue; } } - if(!dstModuleSize) - { - memcpy(dst, moduleList[i].src, moduleList[i].size); - dst += moduleList[i].size; - } + dstModuleSize = moduleList[i].size; + + if(dstModuleSize > maxModuleSize) error(extModuleSizeError); + + memcpy(dst, moduleList[i].src, dstModuleSize); } //4) Patch NATIVE_FIRM if necessary - if(isCustomModule) + if(nbModules == 6) { if(patchK11ModuleLoading(firm->section[0].size, dst - firm->section[0].address, (u8 *)firm + firm->section[1].offset, firm->section[1].size) != 0) error("Failed to inject custom sysmodule"); diff --git a/source/main.c b/source/main.c index 0605e80..cbc1d6b 100644 --- a/source/main.c +++ b/source/main.c @@ -72,7 +72,7 @@ void main(int argc, char **argv, u32 magicWord) } else { - const char argv[] = "firm0:"; + static const char argv[] = "firm0:"; for(u32 i = 0; i < sizeof(argv); i++) //Copy and convert the path to UTF-16 launchedPath[i] = argv[i]; } diff --git a/source/patches.c b/source/patches.c index 9290393..4abca77 100644 --- a/source/patches.c +++ b/source/patches.c @@ -206,7 +206,7 @@ u32 patchSignatureChecks(u8 *pos, u32 size) { //Look for signature checks static const u8 pattern[] = {0xC0, 0x1C, 0x76, 0xE7}, - pattern2[] = {0xB5, 0x22, 0x4D, 0x0C}; + pattern2[] = {0xB5, 0x22, 0x4D, 0x0C}; u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern)); u8 *temp = memsearch(pos, pattern2, size, sizeof(pattern2)); @@ -224,7 +224,7 @@ u32 patchOldSignatureChecks(u8 *pos, u32 size) { // Look for signature checks static const u8 pattern[] = {0xC0, 0x1C, 0xBD, 0xE7}, - pattern2[] = {0xB5, 0x23, 0x4E, 0x0C}; + pattern2[] = {0xB5, 0x23, 0x4E, 0x0C}; u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern)); u8 *temp = memsearch(pos, pattern2, size, sizeof(pattern2)); @@ -364,7 +364,7 @@ u32 patchCheckForDevCommonKey(u8 *pos, u32 size) u32 patchK11ModuleLoading(u32 section0size, u32 modulesSize, u8 *pos, u32 size) { static const u8 moduleLoadingPattern[] = {0xE2, 0x05, 0x00, 0x57}, - modulePidPattern[] = {0x06, 0xA0, 0xE1, 0xF2}; //GetSystemInfo + modulePidPattern[] = {0x06, 0xA0, 0xE1, 0xF2}; //GetSystemInfo u8 *off = memsearch(pos, moduleLoadingPattern, size, 4); diff --git a/source/pin.c b/source/pin.c index 9d7e406..77c47f4 100644 --- a/source/pin.c +++ b/source/pin.c @@ -40,7 +40,7 @@ static char pinKeyToLetter(u32 pressed) { - const char keys[] = "AB--RLUD--XY"; + static const char *keys = "AB--RLUD--XY"; u32 i; for(i = 31; pressed > 1; i--) pressed /= 2; @@ -151,7 +151,7 @@ bool verifyPin(u32 pinMode) drawFormattedString(true, 10, 10 + 3 * SPACING_Y, COLOR_WHITE, "PIN (%u digits): ", lengthBlock[0]); - const char *messageFile = "pinmessage.txt"; + static const char *messageFile = "pinmessage.txt"; char message[801]; u32 messageSize = fileRead(message, messageFile, sizeof(message) - 1);