Slightly improved the reboot patch, added emuNAND patch improvements from CakesFW, made the emuNAND patch completely version-independent
Should work as-is with future firmwares!
This commit is contained in:
Aurora
parent
6b88953517
commit
a437e533f5
@ -1,9 +1,6 @@
|
|||||||
.nds
|
.arm.little
|
||||||
|
|
||||||
sdmmc equ 0x434D4453 ;dummy
|
.create "emunand.bin", 0
|
||||||
|
|
||||||
.create "emunand.bin", 0x0801A5C0
|
|
||||||
.org 0x0801A5C0
|
|
||||||
.arm
|
.arm
|
||||||
nand_sd:
|
nand_sd:
|
||||||
; Original code that still needs to be executed.
|
; Original code that still needs to be executed.
|
||||||
@ -15,7 +12,7 @@ nand_sd:
|
|||||||
|
|
||||||
; If we're already trying to access the SD, return.
|
; If we're already trying to access the SD, return.
|
||||||
ldr r2, [r0, #4]
|
ldr r2, [r0, #4]
|
||||||
ldr r1, =sdmmc
|
ldr r1, [sdmmc]
|
||||||
cmp r2, r1
|
cmp r2, r1
|
||||||
beq nand_sd_ret
|
beq nand_sd_ret
|
||||||
|
|
||||||
@ -23,12 +20,10 @@ nand_sd:
|
|||||||
ldr r2, [r0, #8] ; Get sector to read
|
ldr r2, [r0, #8] ; Get sector to read
|
||||||
cmp r2, #0 ; For GW compatibility, see if we're trying to read the ncsd header (sector 0)
|
cmp r2, #0 ; For GW compatibility, see if we're trying to read the ncsd header (sector 0)
|
||||||
|
|
||||||
ldr r3, =nand_offset
|
ldr r3, [nand_offset]
|
||||||
ldr r3, [r3]
|
|
||||||
add r2, r3 ; Add the offset to the NAND in the SD.
|
add r2, r3 ; Add the offset to the NAND in the SD.
|
||||||
|
|
||||||
ldreq r3, =ncsd_header_offset
|
ldreq r3, [ncsd_header_offset]
|
||||||
ldreq r3, [r3]
|
|
||||||
addeq r2, r3 ; If we're reading the ncsd header, add the offset of that sector.
|
addeq r2, r3 ; If we're reading the ncsd header, add the offset of that sector.
|
||||||
|
|
||||||
str r2, [r0, #8] ; Store sector to read
|
str r2, [r0, #8] ; Store sector to read
|
||||||
@ -45,6 +40,7 @@ nand_sd:
|
|||||||
add r0, #4
|
add r0, #4
|
||||||
bx r0
|
bx r0
|
||||||
.pool
|
.pool
|
||||||
|
sdmmc: .ascii "SDMC"
|
||||||
nand_offset: .ascii "NAND" ; for rednand this should be 1
|
nand_offset: .ascii "NAND" ; for rednand this should be 1
|
||||||
ncsd_header_offset: .ascii "NCSD" ; depends on nand manufacturer + emunand type (GW/RED)
|
ncsd_header_offset: .ascii "NCSD" ; depends on nand manufacturer + emunand type (GW/RED)
|
||||||
.close
|
.close
|
||||||
|
|||||||
@ -1,12 +1,11 @@
|
|||||||
.nds
|
.arm.little
|
||||||
.create "reboot.bin", 0
|
|
||||||
|
|
||||||
byteswritten equ 0x2000E000
|
byteswritten equ 0x2000E000
|
||||||
externalFirm equ 0x2000A000
|
|
||||||
kernelCode equ 0x080F0000
|
kernelCode equ 0x080F0000
|
||||||
buffer equ 0x24000000
|
buffer equ 0x24000000
|
||||||
fileOpen equ 0x4E45504F ;dummy
|
fileOpen equ 0x4E45504F ;dummy
|
||||||
|
|
||||||
|
.create "reboot.bin", 0
|
||||||
.arm
|
.arm
|
||||||
//Code jumps here right after the sprintf call
|
//Code jumps here right after the sprintf call
|
||||||
process9Reboot:
|
process9Reboot:
|
||||||
@ -34,18 +33,16 @@ process9Reboot:
|
|||||||
ldreq r1, =(FileName - OpenFirm - 12)
|
ldreq r1, =(FileName - OpenFirm - 12)
|
||||||
addeq r1, pc
|
addeq r1, pc
|
||||||
addne r1, sp, #0x3A8-0x70
|
addne r1, sp, #0x3A8-0x70
|
||||||
ldr r0, =externalFirm
|
|
||||||
moveq r2, #1
|
moveq r2, #1
|
||||||
movne r2, #0
|
movne r2, #0
|
||||||
str r2, [r0]
|
str r2, [externalFirm]
|
||||||
mov r2, #1
|
mov r2, #1
|
||||||
add r0, r7, #8
|
add r0, r7, #8
|
||||||
ldr r6, =fileOpen
|
ldr r6, =fileOpen
|
||||||
blx r6
|
blx r6
|
||||||
|
|
||||||
SeekFirm:
|
SeekFirm:
|
||||||
ldr r0, =externalFirm
|
ldr r0, [externalFirm]
|
||||||
ldr r0, [r0]
|
|
||||||
cmp r0, #1
|
cmp r0, #1
|
||||||
moveq r0, r7
|
moveq r0, r7
|
||||||
ldreq r1, =byteswritten
|
ldreq r1, =byteswritten
|
||||||
@ -97,11 +94,14 @@ Memcpy:
|
|||||||
LDMFD SP!, {R0-R4}
|
LDMFD SP!, {R0-R4}
|
||||||
MOV LR, R12
|
MOV LR, R12
|
||||||
BX LR
|
BX LR
|
||||||
|
|
||||||
FileName:
|
FileName:
|
||||||
.dcw "sdmc:/aurei/patched_firmware_sys.bin"
|
.dcw "sdmc:/aurei/patched_firmware_sys.bin"
|
||||||
.word 0x0
|
.word 0x0
|
||||||
|
|
||||||
|
externalFirm:
|
||||||
|
.word 0x2000A000
|
||||||
|
|
||||||
.pool
|
.pool
|
||||||
|
|
||||||
// Kernel Code
|
// Kernel Code
|
||||||
|
|||||||
@ -62,4 +62,12 @@ void getMPU(void *pos, u32 *off, u32 size){
|
|||||||
const unsigned char pattern[] = {0x03, 0x00, 0x24, 0x00};
|
const unsigned char pattern[] = {0x03, 0x00, 0x24, 0x00};
|
||||||
|
|
||||||
*off = (u32)memsearch(pos, pattern, size, 4);
|
*off = (u32)memsearch(pos, pattern, size, 4);
|
||||||
|
}
|
||||||
|
|
||||||
|
void getEmuCode(void *pos, u32 *off, u32 size){
|
||||||
|
u8 *proc9 = (u8 *)memsearch(pos, "ess9", size, 4);
|
||||||
|
const unsigned char pattern[] = {0x00, 0xFF, 0xFF, 0xFF};
|
||||||
|
|
||||||
|
//Looking for the last spot before Process9
|
||||||
|
*off = (u32)memsearch(pos, pattern, size - (size - (u32)(proc9 - (u8 *)pos)), 4) + 0xD;
|
||||||
}
|
}
|
||||||
@ -13,4 +13,5 @@
|
|||||||
void getEmunandSect(u32 *off, u32 *head, u32 emuNAND);
|
void getEmunandSect(u32 *off, u32 *head, u32 emuNAND);
|
||||||
void getSDMMC(void *pos, u32 *off, u32 size);
|
void getSDMMC(void *pos, u32 *off, u32 size);
|
||||||
void getEmuRW(void *pos, u32 size, u32 *readOff, u32 *writeOff);
|
void getEmuRW(void *pos, u32 size, u32 *readOff, u32 *writeOff);
|
||||||
void getMPU(void *pos, u32 *off, u32 size);
|
void getMPU(void *pos, u32 *off, u32 size);
|
||||||
|
void getEmuCode(void *pos, u32 *off, u32 size);
|
||||||
@ -150,10 +150,7 @@ static u32 loadEmu(void){
|
|||||||
const char path[] = "/aurei/emunand/emunand.bin";
|
const char path[] = "/aurei/emunand/emunand.bin";
|
||||||
u32 size = fileSize(path);
|
u32 size = fileSize(path);
|
||||||
if(!size) return 0;
|
if(!size) return 0;
|
||||||
if(!console || !mode) nandRedir[5] = 0xA4;
|
getEmuCode(firmLocation, &emuCodeOffset, firmSize);
|
||||||
//Find offset for emuNAND code from the offset in nandRedir
|
|
||||||
emuCodeOffset = *(u32 *)(nandRedir + 4) - (u32)section[2].address +
|
|
||||||
section[2].offset + (u32)firmLocation;
|
|
||||||
fileRead((u8 *)emuCodeOffset, path, size);
|
fileRead((u8 *)emuCodeOffset, path, size);
|
||||||
|
|
||||||
//Find and patch emunand related offsets
|
//Find and patch emunand related offsets
|
||||||
@ -171,11 +168,9 @@ static u32 loadEmu(void){
|
|||||||
//No emuNAND detected
|
//No emuNAND detected
|
||||||
if(!*pos_header) return 0;
|
if(!*pos_header) return 0;
|
||||||
|
|
||||||
//Patch emuNAND code in memory for O3DS and 9.0 N3DS
|
//Calculate offset for the hooks
|
||||||
if(!console || !mode){
|
*(u32 *)(nandRedir + 4) = emuCodeOffset - (u32)firmLocation -
|
||||||
void *pos_instr = memsearch((void *)emuCodeOffset, "\xA6\x01\x08\x30", size, 4);
|
section[2].offset + (u32)section[2].address;
|
||||||
memcpy(pos_instr, emuInstr, sizeof(emuInstr));
|
|
||||||
}
|
|
||||||
|
|
||||||
//Add emunand hooks
|
//Add emunand hooks
|
||||||
memcpy((void *)emuRead, nandRedir, sizeof(nandRedir));
|
memcpy((void *)emuRead, nandRedir, sizeof(nandRedir));
|
||||||
|
|||||||
@ -17,7 +17,8 @@ const u8 mpu[0x2C] = { //MPU shit
|
|||||||
0x01, 0x01, 0x01, 0x01, 0x03, 0x06, 0x1C, 0x00, 0x00, 0x00, 0x02, 0x08
|
0x01, 0x01, 0x01, 0x01, 0x03, 0x06, 0x1C, 0x00, 0x00, 0x00, 0x02, 0x08
|
||||||
};
|
};
|
||||||
|
|
||||||
u8 nandRedir[0x08] = {0x00, 0x4C, 0xA0, 0x47, 0xC0, 0xA5, 0x01, 0x08}; //Branch to emunand function
|
//Branch to emunand function. To be filled in
|
||||||
|
u8 nandRedir[0x08] = {0x00, 0x4C, 0xA0, 0x47, 0x00, 0x00, 0x00, 0x00};
|
||||||
|
|
||||||
const u8 sigPat1[2] = {0x00, 0x20};
|
const u8 sigPat1[2] = {0x00, 0x20};
|
||||||
const u8 sigPat2[4] = {0x00, 0x20, 0x70, 0x47};
|
const u8 sigPat2[4] = {0x00, 0x20, 0x70, 0x47};
|
||||||
|
|||||||
Reference in New Issue
Block a user