fixed ninjhax boot code

This commit is contained in:
Reisyukaku 2015-08-05 08:27:35 -04:00
parent 1e6b65b4d2
commit afbdf20d28
22 changed files with 48 additions and 837 deletions

View File

@ -43,7 +43,7 @@ emunand: $(dir_out)/rei/emunand/emunand.bin
thread: $(dir_out)/rei/thread/arm9.bin
.PHONY: ninjhax
ninjhax: $(dir_out)/3ds/
ninjhax: $(dir_out)/3ds/ReiNand
.PHONY: clean
clean:
@ -56,11 +56,11 @@ $(dir_out)/ReiNand.dat: $(dir_build)/main.bin $(dir_out)/rei/
@$(MAKE) $(FLAGS) -C $(dir_mset) launcher
dd if=$(dir_build)/main.bin of=$@ bs=512 seek=256
$(dir_out)/3ds/:
$(dir_out)/3ds/ReiNand:
@mkdir -p "$(dir_out)/3ds/ReiNand"
@$(MAKE) -C $(dir_ninjhax)
@cp -av $(dir_ninjhax)/ninjhax.3dsx $(dir_out)/3ds/ReiNand/ReiNand.3dsx
@cp -av $(dir_ninjhax)/ninjhax.smdh $(dir_out)/3ds/ReiNand/ReiNand.smdh
@cp -av $(dir_ninjhax)/ReiNand.3dsx $@
@cp -av $(dir_ninjhax)/ReiNand.smdh $@
$(dir_out)/rei/: $(dir_data)/firmware.bin $(dir_data)/splash.bin
@mkdir -p "$(dir_out)/rei"

View File

@ -28,10 +28,10 @@ Pre-compiled version can still be found on my [pastebin](http://pastebin.com/c5A
**Credits:**
Cakes team for teaching me a few things and just being helpful in general! And for ROP/mset related code.
Cakes team for teaching me a few things and just being helpful in general! And for ROP/mset related code.
3DBREW for saving me plenty of reverse engineering time.
3DBREW for saving me plenty of reverse engineering time.
Patois for Brahma code.
Patois for Brahma code.
Me (Rei) for coding everything else.
Me (Rei) for coding everything else.

View File

@ -26,10 +26,9 @@ include $(DEVKITARM)/3ds_rules
# - icon.png
# - <libctru folder>/default_icon.png
#---------------------------------------------------------------------------------
TARGET := $(notdir $(CURDIR))
TARGET := ReiNand
BUILD := build
SOURCES := source
DATA := data
INCLUDES := include
APP_TITLE := ReiNAND
APP_DESCRIPTION := N3DS CFW
@ -78,7 +77,6 @@ export DEPSDIR := $(CURDIR)/$(BUILD)
CFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.c)))
CPPFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.cpp)))
SFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.s)))
BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.*))) payload.bin
#---------------------------------------------------------------------------------
# use CXX for linking C++ projects, CC for standard C
@ -94,8 +92,7 @@ else
endif
#---------------------------------------------------------------------------------
export OFILES := $(addsuffix .o,$(BINFILES)) \
$(CPPFILES:.cpp=.o) $(CFILES:.c=.o) $(SFILES:.s=.o)
export OFILES := $(CPPFILES:.cpp=.o) $(CFILES:.c=.o) $(SFILES:.s=.o)
export INCLUDE := $(foreach dir,$(INCLUDES),-I$(CURDIR)/$(dir)) \
$(foreach dir,$(LIBDIRS),-I$(dir)/include) \
@ -119,20 +116,17 @@ endif
.PHONY: $(BUILD) clean all
#---------------------------------------------------------------------------------
all: payload.bin $(BUILD)
all: $(BUILD)
$(BUILD):
@echo $(SFILES)
@[ -d $@ ] || mkdir -p $@
@make --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile
payload.bin :
@cd data/payload && make
#---------------------------------------------------------------------------------
clean:
@echo clean ...
@rm -fr $(BUILD) $(TARGET).3dsx $(OUTPUT).smdh $(TARGET).elf
@cd data/payload && make clean
#---------------------------------------------------------------------------------
else

View File

@ -1,134 +0,0 @@
#---------------------------------------------------------------------------------
.SUFFIXES:
#---------------------------------------------------------------------------------
ifeq ($(strip $(DEVKITARM)),)
$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
endif
include $(DEVKITARM)/ds_rules
#---------------------------------------------------------------------------------
# TARGET is the name of the output
# BUILD is the directory where object files & intermediate files will be placed
# SOURCES is a list of directories containing source code
# DATA is a list of directories containing data files
# INCLUDES is a list of directories containing header files
# SPECS is the directory containing the important build and link files
#---------------------------------------------------------------------------------
export TARGET := $(shell basename $(CURDIR))
BUILD := build
SOURCES := source source/fatfs source/decryptor
DATA := data
INCLUDES := include source source/fatfs
#---------------------------------------------------------------------------------
# Setup some defines
#---------------------------------------------------------------------------------
#---------------------------------------------------------------------------------
# options for code generation
#---------------------------------------------------------------------------------
ARCH := -mthumb -mthumb-interwork
CFLAGS := -g -Wall -O2\
-march=armv5te -mtune=arm946e-s -fomit-frame-pointer\
-ffast-math -std=c99 -mthumb\
$(ARCH)
CFLAGS += $(INCLUDE) -DARM9
CXXFLAGS := $(CFLAGS) -fno-rtti -fno-exceptions
ASFLAGS := -g $(ARCH)
LDFLAGS = -nostartfiles -g --specs=../stub.specs $(ARCH) -Wl,-Map,$(TARGET).map
LIBS :=
#---------------------------------------------------------------------------------
# list of directories containing libraries, this must be the top level containing
# include and lib
#---------------------------------------------------------------------------------
LIBDIRS :=
#---------------------------------------------------------------------------------
# no real need to edit anything past this point unless you need to add additional
# rules for different file extensions
#---------------------------------------------------------------------------------
ifneq ($(BUILD),$(notdir $(CURDIR)))
#---------------------------------------------------------------------------------
export OUTPUT := $(CURDIR)
export VPATH := $(foreach dir,$(SOURCES),$(CURDIR)/$(dir)) \
$(foreach dir,$(DATA),$(CURDIR)/$(dir))
export DEPSDIR := $(CURDIR)/$(BUILD)
CFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.c)))
CPPFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.cpp)))
SFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.s)))
BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.*)))
#---------------------------------------------------------------------------------
# use CXX for linking C++ projects, CC for standard C
#---------------------------------------------------------------------------------
ifeq ($(strip $(CPPFILES)),)
#---------------------------------------------------------------------------------
export LD := $(CC)
#---------------------------------------------------------------------------------
else
#---------------------------------------------------------------------------------
export LD := $(CXX)
#---------------------------------------------------------------------------------
endif
#---------------------------------------------------------------------------------
export OFILES := $(addsuffix .o,$(BINFILES)) \
$(CPPFILES:.cpp=.o) $(CFILES:.c=.o) $(SFILES:.s=.o)
export INCLUDE := $(foreach dir,$(INCLUDES),-I$(CURDIR)/$(dir)) \
$(foreach dir,$(LIBDIRS),-I$(dir)/include) \
-I$(CURDIR)/$(BUILD)
export LIBPATHS := $(foreach dir,$(LIBDIRS),-L$(dir)/lib)
.PHONY: $(BUILD) clean all
#---------------------------------------------------------------------------------
all: $(BUILD)
$(BUILD):
@[ -d $@ ] || mkdir -p $@
@make --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile
#---------------------------------------------------------------------------------
clean:
@echo clean ...
@rm -fr $(BUILD) $(OUTPUT).elf $(OUTPUT).bin
#---------------------------------------------------------------------------------
else
DEPENDS := $(OFILES:.o=.d)
#---------------------------------------------------------------------------------
# main targets
#---------------------------------------------------------------------------------
$(OUTPUT).bin : $(OUTPUT).elf
$(OUTPUT).elf : $(OFILES)
#---------------------------------------------------------------------------------
%.bin: %.elf
@$(OBJCOPY) -O binary $< $@
@rm $<
@echo built ... $(notdir $@)
-include $(DEPENDS)
#---------------------------------------------------------------------------------------
endif
#---------------------------------------------------------------------------------------

View File

@ -1,50 +0,0 @@
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
void* (*reiNand)() = 0x08000030;
void main()
{
/*int fbfound = 0;
unsigned char* screen = 0x20000000;
for(int i = 0; i < 0x30; i++){
if( *((unsigned int*)(screen + i + 0)) == 0xABADF00D &&
*((unsigned int*)(screen + i + 4)) == 0xDEADBEEF ){
fbfound = 1;
screen += i;
}
}
if(!fbfound){
screen = 0x20046500;
for(int i = 0; i < 0x30; i++){
if( *((unsigned int*)(screen + i + 0)) == 0xABADF00D &&
*((unsigned int*)(screen + i + 4)) == 0xDEADBEEF ){
fbfound = 1;
screen += i;
}
}
}
*/
*((unsigned int*)0x080FFFC0) = 0x20000000;
*((unsigned int*)0x080FFFC4) = 0x20046500;
*((unsigned int*)0x080FFFD8) = 0;
unsigned int* buf = 0x20400000;
unsigned int base = 0x67893421;
unsigned int seed = 0x12756342;
for(int i = 0; i < 400*1024/4; i++){
buf[i] ^= base;
base += seed;
}
unsigned char*src = 0x20400000;
unsigned char*dst = 0x08000000;
for(int i = 0; i < 320*1024; i++){
dst[i] = src[i];
}
*(unsigned int*)0x10000020 = 0;
*(unsigned int*)0x10000020 = 0x340;
reiNand();
}

View File

@ -1,75 +0,0 @@
@---------------------------------------------------------------------------------
.section ".init"
@---------------------------------------------------------------------------------
.global _start
.extern main
.align 4
.arm
@---------------------------------------------------------------------------------
b _start
NOP
NOP
NOP
_start:
MSR CPSR_c, #0xDF
LDR R0, =0x2078
MCR p15, 0, R0,c1,c0, 0
LDR R0, =0xFFFF001D
LDR R1, =0x1FF801D
LDR R2, =0x8000027
LDR R3, =0x10000021
LDR R4, =0x10100025
LDR R5, =0x20000035
LDR R6, =0x2800801B
LDR R7, =0x1800002D
LDR R8, =0x33333336
LDR R9, =0x60600666
MOV R10, #0x25
MOV R11, #0x25
MOV R12, #0x25
MCR p15, 0, R0,c6,c0, 0
MCR p15, 0, R1,c6,c1, 0
MCR p15, 0, R2,c6,c2, 0
MCR p15, 0, R3,c6,c3, 0
MCR p15, 0, R4,c6,c4, 0
MCR p15, 0, R5,c6,c5, 0
MCR p15, 0, R6,c6,c6, 0
MCR p15, 0, R7,c6,c7, 0
MCR p15, 0, R8,c5,c0, 2
MCR p15, 0, R9,c5,c0, 3
MCR p15, 0, R10,c3,c0, 0
MCR p15, 0, R11,c2,c0, 0
MCR p15, 0, R12,c2,c0, 1
LDR R0, =0x2800800C
MCR p15, 0, R0,c9,c1, 0
MOV R0, #0x1E
MCR p15, 0, R0,c9,c1, 1
MOV R12, #0
loc_9D3D54:
MOV R0, #0
MOV R2, R12,LSL#30
loc_9D3D5C:
ORR R1, R2, R0,LSL#5
MCR p15, 0, R1,c7,c14, 2
ADD R0, R0, #1
CMP R0, #0x20
BCC loc_9D3D5C
ADD R12, R12, #1
CMP R12, #4
BCC loc_9D3D54
MOV R0, #0
MCR p15, 0, R0,c7,c10, 4
MOV R0, #0
MCR p15, 0, R0,c7,c5, 0
LDR R0, =0x5307D
MCR p15, 0, R0,c1,c0, 0
ldr r3, =main;
blx r3
InfiniteLoop:
b InfiniteLoop
.pool

View File

@ -1,164 +0,0 @@
OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm")
OUTPUT_ARCH(arm)
ENTRY(_start)
MEMORY
{
ram : ORIGIN = 0x23F00000, LENGTH = 128K
}
SECTIONS
{
.init :
{
__text_start = . ;
KEEP (*(.init))
. = ALIGN(4); /* REQUIRED. LD is flaky without it. */
} >ram = 0xff
.plt : { *(.plt) } >ram = 0xff
.text : /* ALIGN (4): */
{
*(.text .stub .text.* .gnu.linkonce.t.*)
KEEP (*(.text.*personality*))
/* .gnu.warning sections are handled specially by elf32.em. */
*(.gnu.warning)
*(.glue_7t) *(.glue_7) *(.vfp11_veneer)
. = ALIGN(4); /* REQUIRED. LD is flaky without it. */
} >ram = 0xff
.fini :
{
KEEP (*(.fini))
} >ram =0xff
__text_end = . ;
.rodata :
{
*(.rodata)
*all.rodata*(*)
*(.roda)
*(.rodata.*)
*(.gnu.linkonce.r*)
SORT(CONSTRUCTORS)
. = ALIGN(4); /* REQUIRED. LD is flaky without it. */
} >ram = 0xff
.ARM.extab : { *(.ARM.extab* .gnu.linkonce.armextab.*) } >ram
__exidx_start = .;
.ARM.exidx : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) } >ram
__exidx_end = .;
/* Ensure the __preinit_array_start label is properly aligned. We
could instead move the label definition inside the section, but
the linker would then create the section even if it turns out to
be empty, which isn't pretty. */
. = ALIGN(32 / 8);
PROVIDE (__preinit_array_start = .);
.preinit_array : { KEEP (*(.preinit_array)) } >ram = 0xff
PROVIDE (__preinit_array_end = .);
PROVIDE (__init_array_start = .);
.init_array : { KEEP (*(.init_array)) } >ram = 0xff
PROVIDE (__init_array_end = .);
PROVIDE (__fini_array_start = .);
.fini_array : { KEEP (*(.fini_array)) } >ram = 0xff
PROVIDE (__fini_array_end = .);
.ctors :
{
/* gcc uses crtbegin.o to find the start of the constructors, so
we make sure it is first. Because this is a wildcard, it
doesn't matter if the user does not actually link against
crtbegin.o; the linker won't look for a file to match a
wildcard. The wildcard also means that it doesn't matter which
directory crtbegin.o is in. */
KEEP (*crtbegin.o(.ctors))
KEEP (*(EXCLUDE_FILE (*crtend.o) .ctors))
KEEP (*(SORT(.ctors.*)))
KEEP (*(.ctors))
. = ALIGN(4); /* REQUIRED. LD is flaky without it. */
} >ram = 0xff
.dtors :
{
KEEP (*crtbegin.o(.dtors))
KEEP (*(EXCLUDE_FILE (*crtend.o) .dtors))
KEEP (*(SORT(.dtors.*)))
KEEP (*(.dtors))
. = ALIGN(4); /* REQUIRED. LD is flaky without it. */
} >ram = 0xff
.eh_frame :
{
KEEP (*(.eh_frame))
. = ALIGN(4); /* REQUIRED. LD is flaky without it. */
} >ram = 0xff
.gcc_except_table :
{
*(.gcc_except_table)
. = ALIGN(4); /* REQUIRED. LD is flaky without it. */
} >ram = 0xff
.jcr : { KEEP (*(.jcr)) } >ram = 0
.got : { *(.got.plt) *(.got) } >ram = 0
.data ALIGN(4) : {
__data_start = ABSOLUTE(.);
*(.data)
*(.data.*)
*(.gnu.linkonce.d*)
CONSTRUCTORS
. = ALIGN(4);
__data_end = ABSOLUTE(.) ;
} >ram = 0xff
.bss ALIGN(4) :
{
__bss_start = ABSOLUTE(.);
__bss_start__ = ABSOLUTE(.);
*(.dynbss)
*(.gnu.linkonce.b*)
*(.bss*)
*(COMMON)
. = ALIGN(4); /* REQUIRED. LD is flaky without it. */
__bss_end__ = ABSOLUTE(.);
__end__ = ABSOLUTE(.);
} >ram
/* Stabs debugging sections. */
.stab 0 : { *(.stab) }
.stabstr 0 : { *(.stabstr) }
.stab.excl 0 : { *(.stab.excl) }
.stab.exclstr 0 : { *(.stab.exclstr) }
.stab.index 0 : { *(.stab.index) }
.stab.indexstr 0 : { *(.stab.indexstr) }
.comment 0 : { *(.comment) }
/* DWARF debug sections.
Symbols in the DWARF debugging sections are relative to the beginning
of the section so we begin them at 0. */
/* DWARF 1 */
.debug 0 : { *(.debug) }
.line 0 : { *(.line) }
/* GNU DWARF 1 extensions */
.debug_srcinfo 0 : { *(.debug_srcinfo) }
.debug_sfnames 0 : { *(.debug_sfnames) }
/* DWARF 1.1 and DWARF 2 */
.debug_aranges 0 : { *(.debug_aranges) }
.debug_pubnames 0 : { *(.debug_pubnames) }
/* DWARF 2 */
.debug_info 0 : { *(.debug_info) }
.debug_abbrev 0 : { *(.debug_abbrev) }
.debug_line 0 : { *(.debug_line) }
.debug_frame 0 : { *(.debug_frame) }
.debug_str 0 : { *(.debug_str) }
.debug_loc 0 : { *(.debug_loc) }
.debug_macinfo 0 : { *(.debug_macinfo) }
/* SGI/MIPS DWARF 2 extensions */
.debug_weaknames 0 : { *(.debug_weaknames) }
.debug_funcnames 0 : { *(.debug_funcnames) }
.debug_typenames 0 : { *(.debug_typenames) }
.debug_varnames 0 : { *(.debug_varnames) }
.stack 0x80000 : { _stack = .; *(.stack) }
/* These must appear regardless of . */
}

View File

@ -1,5 +0,0 @@
%rename link old_link
*link:
%(old_link) -T ../stub.ld%s

View File

@ -1,16 +0,0 @@
import sys;
import os
f1 = 0
f2 = 0
f3 = 0
f1size = 0
with open(sys.argv[1], "rb+") as file1:
with open(sys.argv[2], "rb") as file2:
f1 = file1.read()
f2 = file2.read()
file1.seek(int(sys.argv[3], 16), os.SEEK_SET)
file1.write(f2);

View File

@ -1,42 +0,0 @@
#pragma once
#include "textmenu.h"
#define BRAHMADIR "/brahma/"
s32 print_menu (s32 idx, struct menu_t *menu);
s32 print_file_list (s32 idx, struct menu_t *menu);
s32 print_main_menu (s32 idx, struct menu_t *menu);
s32 get_filename (s32 idx, char *buf, u32 size);
s32 menu_cb_load (s32 idx, void *param);
s32 menu_cb_choose_file (s32 idx, void *param);
s32 menu_cb_run (s32 idx, void *param);
s32 menu_cb_recv (s32 idx, void *param);
s32 menu_cb_patch_svc (s32 idx, void *param);
static const struct menu_t g_main_menu = {
3,
{
{"Load ARM9 payload", &menu_cb_choose_file},
{"Receive ARM9 payload", &menu_cb_recv},
{"Run ARM9 payload", &menu_cb_run}
}
};
static const struct menu_t g_file_list = {
10,
{
{"Slot 0", &menu_cb_load},
{"Slot 1", &menu_cb_load},
{"Slot 2", &menu_cb_load},
{"Slot 3", &menu_cb_load},
{"Slot 4", &menu_cb_load},
{"Slot 5", &menu_cb_load},
{"Slot 6", &menu_cb_load},
{"Slot 7", &menu_cb_load},
{"Slot 8", &menu_cb_load},
{"Slot 9", &menu_cb_load}
}
};

View File

@ -1,9 +0,0 @@
#pragma once
#define SOC_ALIGN 0x1000
#define SOC_BUFFERSIZE 0x100000
u32 soc_init (void);
u32 soc_exit (void);
static u32 *SOC_buffer = 0;

View File

@ -1,20 +0,0 @@
#pragma once
typedef int menu_func_t (s32, void *);
typedef struct menu_elem_t {
const char *name;
menu_func_t *func;
} _menu_elem_t;
typedef struct menu_t {
s32 element_count;
struct menu_elem_t element[];
} _menu_t;
s32 menu_get_element_count (struct menu_t *menu);
s32 menu_is_valid_index (s32 idx, struct menu_t *menu);
s32 menu_update_index (s32 idx, struct menu_t *menu);
const char *menu_get_element_name (s32 idx, struct menu_t *menu);
menu_func_t *menu_get_element_function (s32 idx, struct menu_t *menu);
s32 menu_execute_function (s32 idx, struct menu_t *menu, void *param);

View File

@ -96,7 +96,7 @@ wait_arm11_loop:
BX R1
pa_hijack_arm9_dst: .long 0x1FFFFC00
pa_arm11_code: .long 0x1FFFFFF8
pa_arm11_code: .long 0x1FFFFFFC
pa_pxi_regs: .long 0x10163000
some_pxi_cmd: .long 0x44846
pa_firm_header: .long 0x24000000

View File

@ -1,24 +0,0 @@
.arm
.align 4
.code 32
.text
@ default ARM9 payload, simply launches FIRM (reboots without clearing mem)
.global arm9_start
arm9_start:
B skipvars
@ offs 4, will contain backup copy of FIRM ARM9
@ entry point so execution can be returned to FIRM
pa_arm9_entrypoint_backup: .long 0xFFFF0000
skipvars:
STMFD SP!, {R0-R12,LR}
@ insert your funky stuff here
LDMFD SP!, {R0-R12,LR}
LDR PC, pa_arm9_entrypoint_backup
.global arm9_end
arm9_end:

View File

@ -10,7 +10,9 @@
#include <arpa/inet.h>
#include "brahma.h"
#include "exploitdata.h"
#include "utils.h"
GSP_FramebufferInfo topFramebufferInfo, bottomFramebufferInfo;
/* should be the very first call. allocates heap buffer
for ARM9 payload */
@ -318,9 +320,7 @@ s32 map_arm9_payload (void) {
dst = (void *)(g_expdata.va_fcram_base + OFFS_FCRAM_ARM9_PAYLOAD);
if (!g_ext_arm9_loaded) {
// defaul ARM9 payload
src = &arm9_start;
size = (u8 *)&arm9_end - (u8 *)&arm9_start;
return 0;
}
else {
// external ARM9 payload
@ -426,6 +426,18 @@ priv_firm_reboot (void) {
asm volatile ("add sp, sp, #8\t\n");
repair_svcCreateThread();
// Save the framebuffers for arm9,
u32 *save = (u32 *)(g_expdata.va_fcram_base + 0x3FFFE00);
save[0] = topFramebufferInfo.framebuf0_vaddr;
save[1] = topFramebufferInfo.framebuf1_vaddr;
save[2] = bottomFramebufferInfo.framebuf0_vaddr;
// Working around a GCC bug to translate the va address to pa...
save[0] += 0xC000000; // (pa FCRAM address - va FCRAM address)
save[1] += 0xC000000;
save[2] += 0xC000000;
exploit_arm9_race_condition();
asm volatile ("movs r0, #0\t\n"

View File

@ -1,19 +1,7 @@
#include <3ds.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <malloc.h>
#include "brahma.h"
#include "hid.h"
#include "menus.h"
#include "sochlp.h"
#include "payload_bin.h"
s32 quick_boot_firm (s32 load_from_disk) {
if (load_from_disk)
load_arm9_payload_from_mem(payload_bin, payload_bin_size);
firm_reboot();
}
s32 main (void) {
// Initialize services
@ -26,26 +14,26 @@ s32 main (void) {
hbInit();
qtmInit();
Handle fileHandle;
u32 bytesRead;
FS_archive sdmcArchive=(FS_archive){ARCH_SDMC, (FS_path){PATH_EMPTY, 1, (u8*)""}};
FS_path filePath=FS_makePath(PATH_CHAR, "/reiNand.dat");
Result ret=FSUSER_OpenFileDirectly(NULL, &fileHandle, sdmcArchive, filePath, FS_OPEN_READ, FS_ATTRIBUTE_NONE);
if(ret) goto EXIT;
FSFILE_Read(fileHandle, &bytesRead, 0x20000, 0x14400000, 320*1024);
FSFILE_Close(fileHandle);
gfxSwapBuffers();
consoleInit(GFX_BOTTOM, NULL);
if (brahma_init()) {
quick_boot_firm(1);
printf("[!] Quickload failed\n");
brahma_exit();
u32 payload_size = 0x10000;
void *payload = malloc(payload_size);
FILE *fp = fopen("/reiNand.dat", "r");
if (!fp) goto exit;
fseek(fp, 0x20000, SEEK_SET);
fread(payload, payload_size, 1, fp);
fclose(fp);
if (brahma_init()) {
load_arm9_payload_from_mem(payload, payload_size);
firm_reboot();
brahma_exit();
}
exit:
if (payload) free(payload);
} else {
printf("* BRAHMA *\n\n[!]Not enough memory\n");
wait_any_key();
}
EXIT:
hbExit();
sdmcExit();
fsExit();
@ -53,6 +41,5 @@ s32 main (void) {
hidExit();
aptExit();
srvExit();
// Return to hbmenu
return 0;
return 0;
}

View File

@ -1,171 +0,0 @@
#include <dirent.h>
#include <3ds.h>
#include "menus.h"
s32 print_menu (s32 idx, struct menu_t *menu) {
s32 i;
s32 newidx;
s32 count = menu_get_element_count(menu);
newidx = menu_update_index(idx, menu);
for (i=0; i<count; i++) {
if (newidx == i)
printf("[ %s ]\n", menu_get_element_name(i, menu));
else
printf(" %s \n", menu_get_element_name(i, menu));
}
return newidx;
}
s32 print_file_list (s32 idx, struct menu_t *menu) {
s32 i = 0;
s32 newidx;
DIR *dp;
struct dirent *entry;
char *filename = 0;
s32 totalfiles = 0;
s32 num_printed = 0;
consoleClear();
printf("ARM9 payload (%s):\n\n\n", BRAHMADIR);
printf("===========================\n");
s32 count = menu_get_element_count(menu);
newidx = menu_update_index(idx, menu);
if((dp = opendir(BRAHMADIR))) {
for (i=0; i<count; i++) {
if ((entry = readdir(dp)) != 0) {
filename = entry->d_name;
}
else {
filename = "---";
}
if (newidx == i)
printf("[ %s ] %s\n", menu_get_element_name(i, menu), filename);
else
printf(" %s %s\n", menu_get_element_name(i, menu), filename);
}
closedir(dp);
}
else {
printf("[!] Could not open '%s'\n", BRAHMADIR);
}
printf("===========================\n\n");
printf("A: Confirm\n");
printf("B: Back\n");
return newidx;
}
s32 print_main_menu (s32 idx, struct menu_t *menu) {
s32 newidx = 0;
consoleClear();
printf("\n* BRAHMA *\n\n\n");
printf("===========================\n");
newidx = print_menu(idx, menu);
printf("===========================\n\n");
printf("A: Confirm\n");
printf("B: Exit\n");
return newidx;
}
s32 get_filename (s32 idx, char *buf, u32 size) {
DIR *dp;
struct dirent *entry;
s32 result = 0;
s32 numfiles = 0;
if((dp = opendir(BRAHMADIR)) && buf && size) {
while((entry = readdir(dp)) != NULL) {
if (numfiles == idx) {
snprintf(buf, size-1, "%s%s", BRAHMADIR, entry->d_name);
result = 1;
break;
}
numfiles++;
}
closedir(dp);
}
return result;
}
s32 menu_cb_recv (s32 idx, void *param) {
return recv_arm9_payload();
}
s32 menu_cb_load(s32 idx, void *param) {
char filename[256];
s32 result = 0;
if (param) {
if (get_filename(*(u32 *)param, &filename, sizeof(filename))) {
printf("[+] Loading %s\n", filename);
result = load_arm9_payload(filename);
}
}
return result;
}
s32 menu_cb_choose_file (s32 idx, void *param) {
s32 curidx = idx;
s32 loaded = 0;
while (aptMainLoop()) {
gspWaitForVBlank();
curidx = print_file_list(curidx, &g_file_list);
u32 kDown = wait_key();
if (kDown & KEY_B) {
break;
}
else if (kDown & KEY_A) {
consoleClear();
loaded = menu_execute_function(curidx, &g_file_list, &curidx);
printf("%s\n", loaded? "[+] Success":"[!] Failure");
wait_any_key();
if (loaded)
break;
}
else if (kDown & KEY_UP) {
curidx--;
}
else if (kDown & KEY_DOWN) {
curidx++;
}
gfxFlushBuffers();
gfxSwapBuffers();
}
return 0;
}
s32 menu_cb_run (s32 idx, void *param) {
s32 fail_stage;
/* we're kinda screwed if the exploit fails
and soc has been deinitialized. not sure
whether cleaning up here improves existing
problems with using sockets either */
soc_exit();
printf("[+] Running ARM9 payload\n");
fail_stage = firm_reboot();
char *msg;
switch (fail_stage) {
case 1:
msg = "[!] ARM11 exploit failed";
break;
case 2:
msg = "[!] ARM9 exploit failed";
break;
default:
msg = "[!] Unexpected error";
}
printf("%s\n", msg);
return 1;
}

View File

@ -1,27 +0,0 @@
#include <3ds.h>
#include "sochlp.h"
u32 soc_init (void) {
Result ret;
u32 result = 0;
SOC_buffer = (u32*)memalign(SOC_ALIGN, SOC_BUFFERSIZE);
if (SOC_buffer != 0) {
ret = SOC_Initialize(SOC_buffer, SOC_BUFFERSIZE);
if (ret == 0) {
result = 1;
} else {
free(SOC_buffer);
}
}
return result;
}
u32 soc_exit (void) {
if (SOC_buffer) {
SOC_Shutdown();
free(SOC_buffer);
SOC_buffer = 0;
}
return 0;
}

View File

@ -1,45 +0,0 @@
#include <3ds.h>
#include "textmenu.h"
s32 menu_get_element_count (struct menu_t *menu) {
s32 i = 0;
if (menu) {
i = menu->element_count;
}
return i;
}
s32 menu_is_valid_index (s32 idx, struct menu_t *menu) {
return (menu != 0 && (idx >= 0 && idx < menu_get_element_count(menu)));
}
s32 menu_update_index (s32 idx, struct menu_t *menu) {
s32 newidx = 0;
s32 count = menu_get_element_count(menu);
newidx = idx < 0 ? count - 1 : idx >= count ? 0 : idx;
return newidx;
}
const char *menu_get_element_name (s32 idx, struct menu_t *menu) {
return menu_is_valid_index(idx, menu) ? menu->element[idx].name : 0;
}
menu_func_t *menu_get_element_function (s32 idx, struct menu_t *menu) {
return menu_is_valid_index(idx, menu) ? menu->element[idx].func : 0;
}
s32 menu_execute_function (s32 idx, struct menu_t *menu, void *param) {
s32 result = 0;
menu_func_t *f;
if (menu_is_valid_index(idx, menu)) {
f = menu_get_element_function(idx, menu);
if (f)
result = f(idx, param);
}
return result;
}