Updated to support hax 2.5, edited README, supports devkitpro 45, etc

ninjhax/include/brahma.h

@@ -2,30 +2,25 @@
 
 #include "exploitdata.h"
 
-s32 load_arm9_payload (char *filename);
+u32 brahma_init (void);
+u32 brahma_exit (void);
+s32 load_arm9_payload_offset (char *filename, u32 offset, u32 max_psize);
 s32 load_arm9_payload_from_mem (u8* data, u32 dsize);
 void redirect_codeflow (u32 *dst_addr, u32 *src_addr);
-void do_gshax_copy (void *dst, void *src, u32 len);
-void priv_write_four (u32 address);
-void user_clear_icache (void);
-s32 corrupt_svcCreateThread (void);
 s32 map_arm9_payload (void);
 s32 map_arm11_payload (void);
 void exploit_arm9_race_condition (void);
-void repair_svcCreateThread (void);
 s32 get_exploit_data (struct exploit_data *data);
 s32 firm_reboot ();
 
+#define load_arm9_payload(filename) load_arm9_payload_offset(filename, 0, 0)
+
 #define BRAHMA_NETWORK_PORT 80
 
 #define ARM_JUMPOUT 0xE51FF004 // LDR PC, [PC, -#04]
 #define ARM_RET     0xE12FFF1E // BX LR
 #define ARM_NOP     0xE1A00000 // NOP
 
-static u8  *g_ext_arm9_buf;
-static u32 g_ext_arm9_size = 0;
-static s32 g_ext_arm9_loaded = 0;
-
 extern void *arm11_start;
 extern void *arm11_end;
 extern void *arm9_start;

ninjhax/include/exploitdata.h

@@ -17,18 +17,17 @@
 /* any changes to this structure must also be applied to
    the data structure following the 'arm11_globals_start'
    label of arm11.s */
-typedef struct arm11_shared_data {
+struct arm11_shared_data {
 	u32 va_pdn_regs;
 	u32 va_pxi_regs;
 	u32 va_hook1_ret;
 };
 
-typedef struct exploit_data {
+struct exploit_data {
 
 	u32 firm_version;
 	u32 sys_model; // mask
 
-	u32 va_patch_createthread;
 	u32 va_patch_hook1;
 	u32 va_patch_hook2;
 	u32 va_hook1_ret;
@@ -42,43 +41,37 @@ typedef struct exploit_data {
 	u32 va_pxi_regs;
 };
 
-static struct exploit_data g_expdata;
-static struct arm11_shared_data g_arm11shared;
-
 // add all vulnerable systems below
 static const struct exploit_data supported_systems[] = {
 	{
 		0x022E0000,        // FIRM version
 		SYS_MODEL_NEW_3DS, // model
-		0xDFF83837,        // VA of CreateThread code to corrupt
 		0xDFFE7A50,        // VA of 1st hook for firmlaunch
 		0xDFFF4994,        // VA of 2nd hook for firmlaunch
-		0xFFF28A58,        // VA of return address from 1st hook 
+		0xFFF28A58,        // VA of return address from 1st hook
 		0xE0000000,        // VA of FCRAM
 		0xDFFF4000,        // VA of lower mapped exception handler base
 		0xFFFF0000,        // VA of upper mapped exception handler base
 		0xFFF158F8,        // VA of the KernelSetState syscall (upper mirror)
 		0xFFFBE000,        // VA PDN registers
-		0xFFFC0000         // VA PXI registers		
+		0xFFFC0000         // VA PXI registers
 	},
 	{
 		0x022C0600,        // FIRM version
 		SYS_MODEL_NEW_3DS, // model
-		0xDFF83837,        // VA of CreateThread code to corrupt
 		0xDFFE7A50,        // VA of 1st hook for firmlaunch
 		0xDFFF4994,        // VA of 2nd hook for firmlaunch
-		0xFFF28A58,        // VA of return address from 1st hook 
+		0xFFF28A58,        // VA of return address from 1st hook
 		0xE0000000,        // VA of FCRAM
 		0xDFFF4000,        // VA of lower mapped exception handler base
 		0xFFFF0000,        // VA of upper mapped exception handler base
 		0xFFF158F8,        // VA of the KernelSetState syscall (upper mirror)
 		0xFFFBE000,        // VA PDN registers
-		0xFFFC0000         // VA PXI registers		
+		0xFFFC0000         // VA PXI registers
 	},
 	{
 		0x02220000,
 		SYS_MODEL_OLD_3DS | SYS_MODEL_NEW_3DS,
-		0xEFF83C9F,
 		0xEFFE4DD4,
 		0xEFFF497C,
 		0xFFF84DDC,
@@ -92,7 +85,6 @@ static const struct exploit_data supported_systems[] = {
 	{
 		0x02230600,
 		SYS_MODEL_OLD_3DS | SYS_MODEL_NEW_3DS,
-		0xEFF83737,
 		0xEFFE55BC,
 		0xEFFF4978,
 		0xFFF765C4,
@@ -106,7 +98,6 @@ static const struct exploit_data supported_systems[] = {
 	{
 		0x022E0000,
 		SYS_MODEL_OLD_3DS,
-		0xDFF8383F,
 		0xDFFE59D0,
 		0xDFFF4974,
 		0xFFF279D8,
@@ -120,7 +111,6 @@ static const struct exploit_data supported_systems[] = {
 	{
 		0x022C0600,
 		SYS_MODEL_OLD_3DS,
-		0xDFF8376F,
 		0xDFFE4F28,
 		0xDFFF4974,
 		0xFFF66F30,
@@ -134,21 +124,19 @@ static const struct exploit_data supported_systems[] = {
 	{
 		0x02280000,
 		SYS_MODEL_OLD_3DS | SYS_MODEL_NEW_3DS,
-		0xEFF83733,
 		0xEFFE5B30,
-		0xEFFF4974,
+		0xEFFF4978,
 		0xFFF76B38,
 		0xF0000000,
 		0xEFFF4000,
 		0xFFFF0000,
-		0xFFF54BAC,
+		0xFFF64AAC,
 		0xFFFD0000,
 		0xFFFD2000
 	},
 	{
 		0x02270400,
 		SYS_MODEL_OLD_3DS | SYS_MODEL_NEW_3DS,
-		0xEFF83737,
 		0xEFFE5B34,
 		0xEFFF4978,
 		0xFFF76B3C,
@@ -162,7 +150,6 @@ static const struct exploit_data supported_systems[] = {
 	{
 		0x02250000,
 		SYS_MODEL_OLD_3DS | SYS_MODEL_NEW_3DS,
-		0xEFF83733,
 		0xEFFE5AE8,
 		0xEFFF4978,
 		0xFFF76AF0,
@@ -176,7 +163,6 @@ static const struct exploit_data supported_systems[] = {
 	{
 		0x02260000,
 		SYS_MODEL_OLD_3DS | SYS_MODEL_NEW_3DS,
-		0xEFF83733,
 		0xEFFE5AE8,
 		0xEFFF4978,
 		0xFFF76AF0,
@@ -190,7 +176,6 @@ static const struct exploit_data supported_systems[] = {
 	{
 		0x02240000,
 		SYS_MODEL_OLD_3DS | SYS_MODEL_NEW_3DS,
-		0xEFF83733,
 		0xEFFE55B8,
 		0xEFFF4978,
 		0xFFF765C0,

ninjhax/include/utils.h

@@ -1,4 +1,8 @@
 #pragma once
 
 void InvalidateEntireInstructionCache (void);
+void CleanEntireDataCache (void);
+void dsb(void);
+void DisableInterrupts (void);
+void EnableInterrupts (void);
 void InvalidateEntireDataCache (void);