Skip the svcBackdoor function on 9.0 O3DS FIRM - <= 9.5 N3DS FIRM
This commit is contained in:
Aurora
parent
8cbc535755
commit
ffee64c67f
@ -368,7 +368,7 @@ void arm9Loader(u8 *arm9Section, u32 mode)
|
|||||||
key2[0x10] = {0x42, 0x3F, 0x81, 0x7A, 0x23, 0x52, 0x58, 0x31, 0x6E, 0x75, 0x8E, 0x3A, 0x39, 0x43, 0x2E, 0xD0};
|
key2[0x10] = {0x42, 0x3F, 0x81, 0x7A, 0x23, 0x52, 0x58, 0x31, 0x6E, 0x75, 0x8E, 0x3A, 0x39, 0x43, 0x2E, 0xD0};
|
||||||
u8 keyX[0x10];
|
u8 keyX[0x10];
|
||||||
|
|
||||||
aes_setkey(0x11, mode == 1 ? key1 : key2, AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
|
aes_setkey(0x11, mode == 1 ? key2 : key1, AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
|
||||||
aes_use_keyslot(0x11);
|
aes_use_keyslot(0x11);
|
||||||
aes(keyX, arm9Section + 0x60, 1, NULL, AES_ECB_DECRYPT_MODE, 0);
|
aes(keyX, arm9Section + 0x60, 1, NULL, AES_ECB_DECRYPT_MODE, 0);
|
||||||
aes_setkey(arm9BinSlot, keyX, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
|
aes_setkey(arm9BinSlot, keyX, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
|
||||||
@ -382,7 +382,7 @@ void arm9Loader(u8 *arm9Section, u32 mode)
|
|||||||
aes(arm9Section + 0x800, arm9Section + 0x800, arm9BinSize / AES_BLOCK_SIZE, arm9BinCTR, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
|
aes(arm9Section + 0x800, arm9Section + 0x800, arm9BinSize / AES_BLOCK_SIZE, arm9BinCTR, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
|
||||||
|
|
||||||
//Set >=9.6 KeyXs
|
//Set >=9.6 KeyXs
|
||||||
if(mode == 2)
|
if(mode == 1)
|
||||||
{
|
{
|
||||||
u8 keyData[0x10] = {0xDD, 0xDA, 0xA4, 0xC6, 0x2C, 0xC4, 0x50, 0xE9, 0xDA, 0xB6, 0x9B, 0x0D, 0x9D, 0x2A, 0x21, 0x98},
|
u8 keyData[0x10] = {0xDD, 0xDA, 0xA4, 0xC6, 0x2C, 0xC4, 0x50, 0xE9, 0xDA, 0xB6, 0x9B, 0x0D, 0x9D, 0x2A, 0x21, 0x98},
|
||||||
decKey[0x10];
|
decKey[0x10];
|
||||||
|
|||||||
@ -262,10 +262,10 @@ static inline void patchNativeFirm(u32 nandType, u32 emuHeader, u32 a9lhMode)
|
|||||||
nativeFirmType = 0;
|
nativeFirmType = 0;
|
||||||
break;
|
break;
|
||||||
case '1':
|
case '1':
|
||||||
nativeFirmType = 1;
|
nativeFirmType = 2;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
nativeFirmType = 2;
|
nativeFirmType = 1;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -280,10 +280,9 @@ static inline void patchNativeFirm(u32 nandType, u32 emuHeader, u32 a9lhMode)
|
|||||||
nativeFirmType = memcmp(section[2].hash, firm90Hash, 0x10) != 0;
|
nativeFirmType = memcmp(section[2].hash, firm90Hash, 0x10) != 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//Find the Process9 .code location, size and memory address
|
||||||
u32 process9Size,
|
u32 process9Size,
|
||||||
process9MemAddr;
|
process9MemAddr;
|
||||||
|
|
||||||
//Find the Process9 NCCH location
|
|
||||||
u8 *process9Offset = getProcess9(arm9Section + 0x15000, section[2].size - 0x15000, &process9Size, &process9MemAddr);
|
u8 *process9Offset = getProcess9(arm9Section + 0x15000, section[2].size - 0x15000, &process9Size, &process9MemAddr);
|
||||||
|
|
||||||
//Apply emuNAND patches
|
//Apply emuNAND patches
|
||||||
@ -298,14 +297,13 @@ static inline void patchNativeFirm(u32 nandType, u32 emuHeader, u32 a9lhMode)
|
|||||||
//Apply signature checks patches
|
//Apply signature checks patches
|
||||||
u16 *sigOffset,
|
u16 *sigOffset,
|
||||||
*sigOffset2;
|
*sigOffset2;
|
||||||
|
|
||||||
getSigChecks(process9Offset, process9Size, &sigOffset, &sigOffset2);
|
getSigChecks(process9Offset, process9Size, &sigOffset, &sigOffset2);
|
||||||
*sigOffset = sigPatch[0];
|
*sigOffset = sigPatch[0];
|
||||||
sigOffset2[0] = sigPatch[0];
|
sigOffset2[0] = sigPatch[0];
|
||||||
sigOffset2[1] = sigPatch[1];
|
sigOffset2[1] = sigPatch[1];
|
||||||
|
|
||||||
//Does nothing if svcBackdoor is still there
|
//Does nothing if svcBackdoor is still there
|
||||||
reimplementSvcBackdoor();
|
if(nativeFirmType == 1) reimplementSvcBackdoor();
|
||||||
|
|
||||||
//Replace the FIRM loader with the injector while copying section0
|
//Replace the FIRM loader with the injector while copying section0
|
||||||
copySection0AndInjectLoader();
|
copySection0AndInjectLoader();
|
||||||
@ -373,7 +371,6 @@ static inline void reimplementSvcBackdoor(void)
|
|||||||
if(!svcTable[0x7B])
|
if(!svcTable[0x7B])
|
||||||
{
|
{
|
||||||
u32 *freeSpace;
|
u32 *freeSpace;
|
||||||
|
|
||||||
for(freeSpace = exceptionsPage; *freeSpace != 0xFFFFFFFF; freeSpace++);
|
for(freeSpace = exceptionsPage; *freeSpace != 0xFFFFFFFF; freeSpace++);
|
||||||
|
|
||||||
memcpy(freeSpace, svcBackdoor, 40);
|
memcpy(freeSpace, svcBackdoor, 40);
|
||||||
|
|||||||
Reference in New Issue
Block a user