LowLevel/Luma3DS-3GX
Archived
1
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

Merge branch 'master' into developer

Browse Source 
Conflicts:
	source/firm.c
This commit is contained in:
TuxSH 2016-05-13 08:46:24 +02:00
commit 58a33ee6e9
5 changed files with 31 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
source/crypto.c
View File

@ -368,7 +368,7 @@ void arm9Loader(u8 *arm9Section, u32 mode)
key2[0x10] = {0x42, 0x3F, 0x81, 0x7A, 0x23, 0x52, 0x58, 0x31, 0x6E, 0x75, 0x8E, 0x3A, 0x39, 0x43, 0x2E, 0xD0};
u8 keyX[0x10];
aes_setkey(0x11, mode == 1 ? key1 : key2, AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
aes_setkey(0x11, mode == 1 ? key2 : key1, AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
aes_use_keyslot(0x11);
aes(keyX, arm9Section + 0x60, 1, NULL, AES_ECB_DECRYPT_MODE, 0);
aes_setkey(arm9BinSlot, keyX, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
@ -382,7 +382,7 @@ void arm9Loader(u8 *arm9Section, u32 mode)
aes(arm9Section + 0x800, arm9Section + 0x800, arm9BinSize / AES_BLOCK_SIZE, arm9BinCTR, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
//Set >=9.6 KeyXs
if(mode == 2)
if(mode == 1)
{
u8 keyData[0x10] = {0xDD, 0xDA, 0xA4, 0xC6, 0x2C, 0xC4, 0x50, 0xE9, 0xDA, 0xB6, 0x9B, 0x0D, 0x9D, 0x2A, 0x21, 0x98},
decKey[0x10];

32
source/firm.c
View File

@ -68,9 +68,8 @@ void main(void)
updatedSys,
needConfig,
newConfig,
emuHeader;
u64 chronoStarted = 0;
emuHeader,
chronoStarted = 0;
//Detect the console being used
console = PDN_MPCORE_CFG == 7;
@ -111,9 +110,9 @@ void main(void)
//Zero the last booted FIRM flag
CFG_BOOTENV = 0;
chronoStarted = chrono();
while(chrono() - chronoStarted < 2 * TICKS_PER_SEC); //Wait for 2s
chronoStarted = 1;
chrono(0);
chrono(2);
//Update pressed buttons
pressed = HID_PAD;
@ -196,7 +195,10 @@ void main(void)
//If screens are inited or the corresponding option is set, load splash screen
if((PDN_GPU_CNT != 1 || CONFIG(8)) && loadSplash())
chronoStarted = chrono();
{
chronoStarted = 2;
chrono(0);
}
//If R is pressed, boot the non-updated NAND with the FIRM of the opposite one
if(pressed & BUTTON_R1)
@ -264,7 +266,7 @@ void main(void)
if(chronoStarted)
{
while(chronoStarted > 1 && chrono() - chronoStarted < 3 * TICKS_PER_SEC);
if(chronoStarted == 2) chrono(3);
stopChrono();
}
@ -323,10 +325,10 @@ static inline void patchNativeFirm(u32 nandType, u32 emuHeader, u32 a9lhMode)
nativeFirmType = 0;
break;
case '1':
nativeFirmType = 1;
nativeFirmType = 2;
break;
default:
nativeFirmType = 2;
nativeFirmType = 1;
break;
}
@ -341,10 +343,9 @@ static inline void patchNativeFirm(u32 nandType, u32 emuHeader, u32 a9lhMode)
nativeFirmType = memcmp(section[2].hash, firm90Hash, 0x10) != 0;
}
//Find the Process9 .code location, size and memory address
u32 process9Size,
process9MemAddr;
//Find the Process9 NCCH location
u8 *process9Offset = getProcess9(arm9Section + 0x15000, section[2].size - 0x15000, &process9Size, &process9MemAddr);
//Apply emuNAND patches
@ -359,14 +360,13 @@ static inline void patchNativeFirm(u32 nandType, u32 emuHeader, u32 a9lhMode)
//Apply signature checks patches
u16 *sigOffset,
*sigOffset2;
getSigChecks(process9Offset, process9Size, &sigOffset, &sigOffset2);
*sigOffset = sigPatch[0];
sigOffset2[0] = sigPatch[0];
sigOffset2[1] = sigPatch[1];
//Does nothing if svcBackdoor is still there
reimplementSvcBackdoor();
if(nativeFirmType == 1) reimplementSvcBackdoor();
if(CONFIG(5))
{
@ -422,9 +422,8 @@ static inline void patchEmuNAND(u8 *arm9Section, u8 *process9Offset, u32 process
static inline void patchReboots(u8 *process9Offset, u32 process9Size, u32 process9MemAddr)
{
//Calculate offset for the firmlaunch code and fOpen
u32 fOpenOffset;
//Calculate offset for the firmlaunch code
void *rebootOffset = getReboot(process9Offset, process9Size, process9MemAddr, &fOpenOffset);
//Copy firmlaunch code
@ -440,13 +439,11 @@ static inline void reimplementSvcBackdoor(void)
u8 *arm11Section1 = (u8 *)firm + section[1].offset;
u32 *exceptionsPage;
u32 *svcTable = getSvcAndExceptions(arm11Section1, section[1].size, &exceptionsPage);
if(!svcTable[0x7B])
{
u32 *freeSpace;
for(freeSpace = exceptionsPage; *freeSpace != 0xFFFFFFFF; freeSpace++);
memcpy(freeSpace, svcBackdoor, 40);
@ -458,6 +455,7 @@ static inline void reimplementSvcBackdoor(void)
static inline void copySection0AndInjectLoader(void)
{
u8 *arm11Section0 = (u8 *)firm + section[0].offset;
u32 loaderSize;
u32 loaderOffset = getLoader(arm11Section0, &loaderSize);

2
source/patches.c
View File

@ -114,7 +114,7 @@ u32 *getSvcAndExceptions(u8 *pos, u32 size, u32 **exceptionsPage)
{
const u8 pattern[] = {0x00, 0xB0, 0x9C, 0xE5}; //cpsid aif
*exceptionsPage = (u32 *)(memsearch(pos, pattern, size, 4) - 0x2C);
*exceptionsPage = (u32 *)memsearch(pos, pattern, size, 4) - 0xB;
u32 svcOffset = (-(((*exceptionsPage)[2] & 0xFFFFFF) << 2) & (0xFFFFFF << 2)) - 8; //Branch offset + 8 for prefetch
u32 *svcTable = (u32 *)(pos + *(u32 *)(pos + 0xFFFF0008 - svcOffset - 0xFFF00000 + 8) - 0xFFF00000); //SVC handler address

23
source/utils.c
View File

@ -40,7 +40,7 @@ void mcuReboot(void)
}
//TODO: add support for TIMER IRQ
static void startChrono(u64 initialTicks)
static inline void startChrono(u64 initialTicks)
{
//Based on a NATIVE_FIRM disassembly
@ -53,21 +53,22 @@ static void startChrono(u64 initialTicks)
for(u32 i = 1; i < 4; i++) *(vu16 *)(0x10003002 + 4 * i) = 0x84; //Count-up; enabled
}
u64 chrono(void)
void chrono(u32 seconds)
{
static u32 chronoStarted = 0;
static u64 startingTicks = 0;
if(!chronoStarted)
if(!startingTicks) startChrono(0);
u64 res;
do
{
startChrono(0);
chronoStarted++;
res = 0;
for(u32 i = 0; i < 4; i++) res |= *(vu16 *)(0x10003000 + 4 * i) << (16 * i);
}
while(res - startingTicks < seconds * TICKS_PER_SEC);
u64 res = 0;
for(u32 i = 0; i < 4; i++) res |= *(vu16 *)(0x10003000 + 4 * i) << (16 * i);
return res;
if(!seconds) startingTicks = res;
}
void stopChrono(void)

2
source/utils.h
View File

@ -11,5 +11,5 @@ void mcuReboot(void);
#define TICKS_PER_SEC 67027964ULL
u64 chrono(void);
void chrono(u32 seconds);
void stopChrono(void);