LowLevel/Luma3DS-3GX
Archived
1
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

Fix and restrain module access checks

Browse Source
This commit is contained in:
TuxSH 2016-08-31 13:11:41 +02:00
parent e8b9e49f57
commit 697c64abe4
3 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
source/config.c
View File

@ -85,7 +85,7 @@ void configMenu(bool oldPinStatus)
"( ) Show GBA boot screen in patched AGB_FIRM", "( ) Show GBA boot screen in patched AGB_FIRM",
"( ) Display splash screen before payloads", "( ) Display splash screen before payloads",
"( ) Use a PIN", "( ) Use a PIN",
"( ) Disable access checks" }; "( ) Disable access checks (modules: O3DS only)" };
struct multiOption { struct multiOption {
int posXs[4]; int posXs[4];

2
source/firm.c
View File

@ -367,7 +367,7 @@ static inline void patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32
if(CONFIG(9)) if(CONFIG(9))
{ {
patchArm11SvcAccessChecks(arm11SvcHandler); patchArm11SvcAccessChecks(arm11SvcHandler);
patchK11ModuleChecks(arm11Section1, section[1].size, &freeK11Space); if(!isN3DS) patchK11ModuleChecks(arm11Section1, section[1].size, &freeK11Space);
patchP9AccessChecks(process9Offset, process9Size); patchP9AccessChecks(process9Offset, process9Size);
} }
} }

33
source/patches.c
View File

@ -341,27 +341,32 @@ void patchArm11SvcAccessChecks(u32 *arm11SvcHandler)
//It's mainly Subv's code here: //It's mainly Subv's code here:
void patchK11ModuleChecks(u8 *pos, u32 size, u8 **freeK11Space) void patchK11ModuleChecks(u8 *pos, u32 size, u8 **freeK11Space)
{ {
//We have to detour a function in the ARM11 kernel because builtin modules // We have to detour a function in the ARM11 kernel because builtin modules
//are compressed in memory and are only decompressed at runtime. // are compressed in memory and are only decompressed at runtime.
//Inject our code into the free space
memcpy(*freeK11Space, k11modules, k11modules_size);
(*freeK11Space) += k11modules_size;
//Find the code that decompresses the .code section of the builtin modules and detour it with a jump to our code u8 *freeSpace = *freeK11Space;
(*freeK11Space) += k11modules_size;
// Inject our code into the free space
memcpy(freeSpace, k11modules, k11modules_size);
// Find the code that decompresses the .code section of the builtin modules and detour it with a jump to our code
const u8 pattern[] = { 0x00, 0x00, 0x94, 0xE5, 0x18, 0x10, 0x90, 0xE5, 0x28, 0x20, const u8 pattern[] = { 0x00, 0x00, 0x94, 0xE5, 0x18, 0x10, 0x90, 0xE5, 0x28, 0x20,
0x90, 0xE5, 0x48, 0x00, 0x9D, 0xE5 }; 0x90, 0xE5, 0x48, 0x00, 0x9D, 0xE5 };
u32 *off = (u32 *)memsearch(pos, pattern, size, 16); u8 *off = memsearch(pos, pattern, size, 16);
//We couldn't find the code that decompresses the module // We couldn't find the code that decompresses the module
if(off == NULL) return; if (off == NULL)
return;
//Inject a jump instruction to our code at the offset we found // Inject a jump instruction to our code at the offset we found
//Construct a jump (BL) instruction to our code // Construct a jump (BL) instruction to our code
u32 offset = ((((u32)*freeK11Space) - ((u32)off + 8)) >> 2) & 0xFFFFFF; u32 offset = ((((u32)freeSpace) - ((u32)off + 8)) >> 2) & 0xFFFFFF;
u32 instruction = offset | (1 << 24) | (0x5 << 25) | (0xE << 28);
*off = offset | (1 << 24) | (0x5 << 25) | (0xE << 28); // Write our jump
memcpy(off, &instruction, 4);
} }
void patchP9AccessChecks(u8 *pos, u32 size) void patchP9AccessChecks(u8 *pos, u32 size)