Slightly improved the reboot patch, added emuNAND patch improvements from CakesFW, made the emuNAND patch completely version-independent

Should work as-is with future firmwares!
This commit is contained in:
Aurora 2016-03-21 03:20:15 +01:00
parent 6b88953517
commit a437e533f5
6 changed files with 30 additions and 29 deletions

View File

@ -1,9 +1,6 @@
.nds .arm.little
sdmmc equ 0x434D4453 ;dummy .create "emunand.bin", 0
.create "emunand.bin", 0x0801A5C0
.org 0x0801A5C0
.arm .arm
nand_sd: nand_sd:
; Original code that still needs to be executed. ; Original code that still needs to be executed.
@ -15,7 +12,7 @@ nand_sd:
; If we're already trying to access the SD, return. ; If we're already trying to access the SD, return.
ldr r2, [r0, #4] ldr r2, [r0, #4]
ldr r1, =sdmmc ldr r1, [sdmmc]
cmp r2, r1 cmp r2, r1
beq nand_sd_ret beq nand_sd_ret
@ -23,12 +20,10 @@ nand_sd:
ldr r2, [r0, #8] ; Get sector to read ldr r2, [r0, #8] ; Get sector to read
cmp r2, #0 ; For GW compatibility, see if we're trying to read the ncsd header (sector 0) cmp r2, #0 ; For GW compatibility, see if we're trying to read the ncsd header (sector 0)
ldr r3, =nand_offset ldr r3, [nand_offset]
ldr r3, [r3]
add r2, r3 ; Add the offset to the NAND in the SD. add r2, r3 ; Add the offset to the NAND in the SD.
ldreq r3, =ncsd_header_offset ldreq r3, [ncsd_header_offset]
ldreq r3, [r3]
addeq r2, r3 ; If we're reading the ncsd header, add the offset of that sector. addeq r2, r3 ; If we're reading the ncsd header, add the offset of that sector.
str r2, [r0, #8] ; Store sector to read str r2, [r0, #8] ; Store sector to read
@ -45,6 +40,7 @@ nand_sd:
add r0, #4 add r0, #4
bx r0 bx r0
.pool .pool
sdmmc: .ascii "SDMC"
nand_offset: .ascii "NAND" ; for rednand this should be 1 nand_offset: .ascii "NAND" ; for rednand this should be 1
ncsd_header_offset: .ascii "NCSD" ; depends on nand manufacturer + emunand type (GW/RED) ncsd_header_offset: .ascii "NCSD" ; depends on nand manufacturer + emunand type (GW/RED)
.close .close

View File

@ -1,12 +1,11 @@
.nds .arm.little
.create "reboot.bin", 0
byteswritten equ 0x2000E000 byteswritten equ 0x2000E000
externalFirm equ 0x2000A000
kernelCode equ 0x080F0000 kernelCode equ 0x080F0000
buffer equ 0x24000000 buffer equ 0x24000000
fileOpen equ 0x4E45504F ;dummy fileOpen equ 0x4E45504F ;dummy
.create "reboot.bin", 0
.arm .arm
//Code jumps here right after the sprintf call //Code jumps here right after the sprintf call
process9Reboot: process9Reboot:
@ -34,18 +33,16 @@ process9Reboot:
ldreq r1, =(FileName - OpenFirm - 12) ldreq r1, =(FileName - OpenFirm - 12)
addeq r1, pc addeq r1, pc
addne r1, sp, #0x3A8-0x70 addne r1, sp, #0x3A8-0x70
ldr r0, =externalFirm
moveq r2, #1 moveq r2, #1
movne r2, #0 movne r2, #0
str r2, [r0] str r2, [externalFirm]
mov r2, #1 mov r2, #1
add r0, r7, #8 add r0, r7, #8
ldr r6, =fileOpen ldr r6, =fileOpen
blx r6 blx r6
SeekFirm: SeekFirm:
ldr r0, =externalFirm ldr r0, [externalFirm]
ldr r0, [r0]
cmp r0, #1 cmp r0, #1
moveq r0, r7 moveq r0, r7
ldreq r1, =byteswritten ldreq r1, =byteswritten
@ -102,6 +99,9 @@ FileName:
.dcw "sdmc:/aurei/patched_firmware_sys.bin" .dcw "sdmc:/aurei/patched_firmware_sys.bin"
.word 0x0 .word 0x0
externalFirm:
.word 0x2000A000
.pool .pool
// Kernel Code // Kernel Code

View File

@ -63,3 +63,11 @@ void getMPU(void *pos, u32 *off, u32 size){
*off = (u32)memsearch(pos, pattern, size, 4); *off = (u32)memsearch(pos, pattern, size, 4);
} }
void getEmuCode(void *pos, u32 *off, u32 size){
u8 *proc9 = (u8 *)memsearch(pos, "ess9", size, 4);
const unsigned char pattern[] = {0x00, 0xFF, 0xFF, 0xFF};
//Looking for the last spot before Process9
*off = (u32)memsearch(pos, pattern, size - (size - (u32)(proc9 - (u8 *)pos)), 4) + 0xD;
}

View File

@ -14,3 +14,4 @@ void getEmunandSect(u32 *off, u32 *head, u32 emuNAND);
void getSDMMC(void *pos, u32 *off, u32 size); void getSDMMC(void *pos, u32 *off, u32 size);
void getEmuRW(void *pos, u32 size, u32 *readOff, u32 *writeOff); void getEmuRW(void *pos, u32 size, u32 *readOff, u32 *writeOff);
void getMPU(void *pos, u32 *off, u32 size); void getMPU(void *pos, u32 *off, u32 size);
void getEmuCode(void *pos, u32 *off, u32 size);

View File

@ -150,10 +150,7 @@ static u32 loadEmu(void){
const char path[] = "/aurei/emunand/emunand.bin"; const char path[] = "/aurei/emunand/emunand.bin";
u32 size = fileSize(path); u32 size = fileSize(path);
if(!size) return 0; if(!size) return 0;
if(!console || !mode) nandRedir[5] = 0xA4; getEmuCode(firmLocation, &emuCodeOffset, firmSize);
//Find offset for emuNAND code from the offset in nandRedir
emuCodeOffset = *(u32 *)(nandRedir + 4) - (u32)section[2].address +
section[2].offset + (u32)firmLocation;
fileRead((u8 *)emuCodeOffset, path, size); fileRead((u8 *)emuCodeOffset, path, size);
//Find and patch emunand related offsets //Find and patch emunand related offsets
@ -171,11 +168,9 @@ static u32 loadEmu(void){
//No emuNAND detected //No emuNAND detected
if(!*pos_header) return 0; if(!*pos_header) return 0;
//Patch emuNAND code in memory for O3DS and 9.0 N3DS //Calculate offset for the hooks
if(!console || !mode){ *(u32 *)(nandRedir + 4) = emuCodeOffset - (u32)firmLocation -
void *pos_instr = memsearch((void *)emuCodeOffset, "\xA6\x01\x08\x30", size, 4); section[2].offset + (u32)section[2].address;
memcpy(pos_instr, emuInstr, sizeof(emuInstr));
}
//Add emunand hooks //Add emunand hooks
memcpy((void *)emuRead, nandRedir, sizeof(nandRedir)); memcpy((void *)emuRead, nandRedir, sizeof(nandRedir));

View File

@ -17,7 +17,8 @@ const u8 mpu[0x2C] = { //MPU shit
0x01, 0x01, 0x01, 0x01, 0x03, 0x06, 0x1C, 0x00, 0x00, 0x00, 0x02, 0x08 0x01, 0x01, 0x01, 0x01, 0x03, 0x06, 0x1C, 0x00, 0x00, 0x00, 0x02, 0x08
}; };
u8 nandRedir[0x08] = {0x00, 0x4C, 0xA0, 0x47, 0xC0, 0xA5, 0x01, 0x08}; //Branch to emunand function //Branch to emunand function. To be filled in
u8 nandRedir[0x08] = {0x00, 0x4C, 0xA0, 0x47, 0x00, 0x00, 0x00, 0x00};
const u8 sigPat1[2] = {0x00, 0x20}; const u8 sigPat1[2] = {0x00, 0x20};
const u8 sigPat2[4] = {0x00, 0x20, 0x70, 0x47}; const u8 sigPat2[4] = {0x00, 0x20, 0x70, 0x47};