Backport FIRM whitelist from b9s

2017-05-26 18:17:40 +02:00 · 2017-05-26 18:17:40 +02:00 · 8e22080e05
commit 8e22080e05
parent 692a94fe5e
2 changed files with 17 additions and 8 deletions
--- a/source/firm.c
+++ b/source/firm.c
@ -409,13 +409,20 @@ u32 patch1x2xNativeAndSafeFirm(bool enableExceptionHandlers)

 static __attribute__((noinline)) bool overlaps(u32 as, u32 ae, u32 bs, u32 be)
 {
-    if (as <= bs && bs <= ae)
+    if(as <= bs && bs <= ae)
        return true;
-    else if (bs <= as && as <= be)
+    if(bs <= as && as <= be)
        return true;
    return false;
 }

+static __attribute__((noinline)) bool inRange(u32 as, u32 ae, u32 bs, u32 be)
+{
+   if(as >= bs && ae <= be)
+        return true;
+   return false;
+}
+
 bool checkFirmPayload(void)
 {
    if(memcmp(firm->magic, "FIRM", 4) != 0 || firm->arm9Entry == NULL) //Allow for the ARM11 entrypoint to be zero in which case nothing is done on the ARM11 side
@ -441,9 +448,11 @@ bool checkFirmPayload(void)
        if((section->offset < 0x200) ||
           (section->address + section->size < section->address) || //Overflow check
           ((u32)section->address & 3) || (section->offset & 0x1FF) || (section->size & 0x1FF) || //Alignment check
-           (overlaps((u32)section->address, (u32)section->address + section->size, 0x01FF8000, 0x01FF8000 + 0x8000)) ||
-           (overlaps((u32)section->address, (u32)section->address + section->size, 0x1FFFFC00, 0x20000000)) ||
-           (overlaps((u32)section->address, (u32)section->address + section->size, (u32)firm + section->offset, (u32)firm + size)))
+           (overlaps((u32)section->address, (u32)section->address + section->size, (u32)firm + section->offset, (u32)firm + size)) ||
+           ((!inRange((u32)section->address, (u32)section->address + section->size, 0x08000000, 0x08000000 + 0x00100000)) &&
+            (!inRange((u32)section->address, (u32)section->address + section->size, 0x18000000, 0x18000000 + 0x00600000)) &&
+            (!inRange((u32)section->address, (u32)section->address + section->size, 0x1FF00000, 0x1FFFFC00)) &&
+            (!inRange((u32)section->address, (u32)section->address + section->size, 0x20000000, 0x20000000 + 0x8000000))))
            return false;

        sha(hash, (u8 *)firm + section->offset, section->size, SHA_256_MODE);
--- a/source/start.s
+++ b/source/start.s
@ -58,11 +58,11 @@ _start:

    @ Set MPU permissions and cache settings
    ldr r0, =0xFFFF001D @ ffff0000 32k  | bootrom (unprotected part)
-    ldr r1, =0xFFF0001B @ fff00000 16k  | dtcm
+    ldr r1, =0xFFF0801B @ fff00000 16k  | dtcm
    ldr r2, =0x01FF801D @ 01ff8000 32k  | itcm
-    ldr r3, =0x08000029 @ 08000000 2M   | arm9 mem (O3DS / N3DS)
+    ldr r3, =0x08000027 @ 08000000 1M   | arm9 mem
    ldr r4, =0x10000029 @ 10000000 2M   | io mem (ARM9 / first 2MB)
-    ldr r5, =0x20000037 @ 20000000 256M | fcram (O3DS / N3DS)
+    ldr r5, =0x20000035 @ 20000000 128M | fcram
    ldr r6, =0x1FF00027 @ 1FF00000 1M   | dsp / axi wram
    ldr r7, =0x1800002D @ 18000000 8M   | vram (+ 2MB)
    mov r8, #0x29