LowLevel/Luma3DS-3GX
Archived
1
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

Compare commits

base: LowLevel:v3.8
Branches Tags
LowLevel:3gx-master LowLevel:master LowLevel:release
LowLevel:v10.2-beta3 LowLevel:v10.2 LowLevel:v10.1.3-beta2 LowLevel:v10.1.4 LowLevel:v10.1.3-beta LowLevel:v10.1.3 LowLevel:v10.1.2 LowLevel:v10.1.1 LowLevel:v10.1 LowLevel:v10.0.1 LowLevel:v10.0 LowLevel:v9.1 LowLevel:v9.0-joyconhax LowLevel:v9.0 LowLevel:v8.1.1 LowLevel:v8.1 LowLevel:v8.0 LowLevel:v7.1 LowLevel:v7.0.5 LowLevel:v7.0.4 LowLevel:v7.0.3 LowLevel:v7.0.2 LowLevel:v7.0.1 LowLevel:v7.0 LowLevel:v6.6 LowLevel:v6.5 LowLevel:v6.3.1 LowLevel:v6.3 LowLevel:v6.2.3 LowLevel:v6.2.2 LowLevel:v6.2.1 LowLevel:v6.2 LowLevel:v6.1.2 LowLevel:v6.1.1 LowLevel:v6.1 LowLevel:v6.0.1 LowLevel:v6.0 LowLevel:v5.5 LowLevel:v5.4 LowLevel:v5.3.1 LowLevel:v5.3 LowLevel:v5.2 LowLevel:v5.1.2 LowLevel:v5.1.1 LowLevel:v5.1 LowLevel:v5.0 LowLevel:v4.2 LowLevel:v4.1 LowLevel:v4.0.1 LowLevel:v4.0 LowLevel:v3.14 LowLevel:v3.13 LowLevel:v3.12 LowLevel:v3.11 LowLevel:v3.9 LowLevel:v3.8.1-r2 LowLevel:v3.8 LowLevel:v3.7.3 LowLevel:v3.7.2 LowLevel:v3.7.1 LowLevel:v3.7 LowLevel:v3.6 LowLevel:v3.5.3 LowLevel:v3.5.2 LowLevel:v3.5.1 LowLevel:v3.5 LowLevel:v3.4 LowLevel:v3.3
..
compare: LowLevel:v4.0
Branches Tags
LowLevel:3gx-master LowLevel:master LowLevel:release
LowLevel:v10.2-beta3 LowLevel:v10.2 LowLevel:v10.1.3-beta2 LowLevel:v10.1.4 LowLevel:v10.1.3-beta LowLevel:v10.1.3 LowLevel:v10.1.2 LowLevel:v10.1.1 LowLevel:v10.1 LowLevel:v10.0.1 LowLevel:v10.0 LowLevel:v9.1 LowLevel:v9.0-joyconhax LowLevel:v9.0 LowLevel:v8.1.1 LowLevel:v8.1 LowLevel:v8.0 LowLevel:v7.1 LowLevel:v7.0.5 LowLevel:v7.0.4 LowLevel:v7.0.3 LowLevel:v7.0.2 LowLevel:v7.0.1 LowLevel:v7.0 LowLevel:v6.6 LowLevel:v6.5 LowLevel:v6.3.1 LowLevel:v6.3 LowLevel:v6.2.3 LowLevel:v6.2.2 LowLevel:v6.2.1 LowLevel:v6.2 LowLevel:v6.1.2 LowLevel:v6.1.1 LowLevel:v6.1 LowLevel:v6.0.1 LowLevel:v6.0 LowLevel:v5.5 LowLevel:v5.4 LowLevel:v5.3.1 LowLevel:v5.3 LowLevel:v5.2 LowLevel:v5.1.2 LowLevel:v5.1.1 LowLevel:v5.1 LowLevel:v5.0 LowLevel:v4.2 LowLevel:v4.1 LowLevel:v4.0.1 LowLevel:v4.0 LowLevel:v3.14 LowLevel:v3.13 LowLevel:v3.12 LowLevel:v3.11 LowLevel:v3.9 LowLevel:v3.8.1-r2 LowLevel:v3.8 LowLevel:v3.7.3 LowLevel:v3.7.2 LowLevel:v3.7.1 LowLevel:v3.7 LowLevel:v3.6 LowLevel:v3.5.3 LowLevel:v3.5.2 LowLevel:v3.5.1 LowLevel:v3.5 LowLevel:v3.4 LowLevel:v3.3

60 Commits
v3.8 ... v4.0

Author SHA1 Message Date
Aurora
945f80993b Zero the last-FIRM-booted flag when exiting config 2016-03-29 17:58:33 +02:00
Aurora
5f32779ceb Lots of changes/new features 
- To override the last used boot mode on soft reboot, you only need to press A if you want to boot to the default option. Holding L(+payload button)/R is enough for the other modes.
- Added version number to the config menu
- Replaced the memsearch algorithm with a faster one
- Integrated 3ds_injector from @yifanlu. This brings us region free and all the other FreeMultiPatcher patches. Other than that, you now have the possibility to display the currently booted NAND/FIRM in System Settings!
- Rewritten most code for the config menu. You now can navigate to the first/last options with left and right.
- You can now choose the 9.0 FIRM to be default in the config menu. This will essentially switch "no buttons" and L in both modes.
- You can now choose the second emuNAND to be default in the config menu. This will essentially switch "B is not pressed" and "B is pressed".
- When the second emuNAND is booted, it will persist like the other boot options on soft reboot
- Bugfixes
 2016-03-29 17:43:53 +02:00
Aurora
e8ebb2f7fe Fixed signature patterns searching area, aligned variable/function names to the latest ReiNand 2016-03-27 19:19:35 +02:00
Aurora
034e63669a Readability 2016-03-27 18:47:08 +02:00
Aurora
c75ed567fc Added version number to the config menu 2016-03-27 18:39:16 +02:00
Aurora
1e2bf61dcf Possibly makes FatFs faster, does not affect loader size much 2016-03-27 16:42:19 +02:00
Aurora
de4fea77a1 Make the code more readable by defining variables locally, avoid useless redefinitions, when rebooting from TWL and NATIVE_FIRM you can now override with just A (same as pressing nothing), L(+payload buttons) or R 2016-03-27 16:31:05 +02:00
Aurora
441c143b3e No reason for these not to be u8s 2016-03-26 19:28:46 +01:00
Aurora
feff28a4fe Added multi redNAND support (thanks to @Desterly for the original commit) 2016-03-26 17:48:12 +01:00
Aurora
b3d25ce64a Better commenting 2016-03-26 17:28:47 +01:00
Aurora
0f44205959 Simplified patching, yet one memsearch less, fixed override with A+L when boot options are forced 2016-03-26 17:25:05 +01:00
Aurora
1861d556a6 Spaces and stuff 
Makes things more uniform
 2016-03-25 18:17:12 +01:00
Aurora
9b1df43687 Useless casts again 2016-03-25 01:58:42 +01:00
Aurora
56e0157d64 Forgot about MCU reboots 2016-03-24 17:33:32 +01:00
Aurora
d23cd5acd5 More logical this way 2016-03-24 17:24:16 +01:00
Aurora
39a9eb5ccb Explicitly block Safe Mode access on A9LH 
Prevents bricking
 2016-03-24 17:05:19 +01:00
Aurora
c413b6d07f Simplified button stuff 2016-03-24 16:11:53 +01:00
Aurora
85a59264c9 Comment 2016-03-24 02:40:43 +01:00
Aurora
7f96e47b4f Updated sysNAND (A9LH) & SAFE_MODE FIRM update = brick 2016-03-24 02:26:04 +01:00
Aurora
02b5c69802 New way of launching payloads (L+R/up/down/right/left/START/SELECT/B/X/Y) 2016-03-24 01:57:56 +01:00
Aurora
b5eb108393 Increased the screen-init brightness 2016-03-24 00:11:02 +01:00
Aurora
0a9cd09cc3 Reorganized folder layout, cleaned Makefile (we do not need Python) 2016-03-23 20:29:19 +01:00
Aurora
af451b4997 Update submodules 2016-03-23 17:51:21 +01:00
Aurora
a5f8ccc3ea Fixed loader.bin not cleared after compiling 2016-03-23 17:09:52 +01:00
Aurora
28cdcfed9c Updated ReadMe 2016-03-23 17:00:18 +01:00
Aurora
ea3e45d40a Move clearScreens calls and screen-init checks 2016-03-23 16:14:28 +01:00
Aurora
8daf3ebe3f Detect emuNAND first 2016-03-23 15:52:21 +01:00
Aurora
7ad55ed61e Chainloading works from CakeBrah too, by now 2016-03-23 15:26:52 +01:00
Aurora
96e46b2234 Remove unneeded casts 2016-03-23 15:16:40 +01:00
Aurora
094b88b6aa Forgot this 2016-03-23 15:03:14 +01:00
Aurora
03a6e343db Merge emunand.bin, reboot.bin and loader.bin in the main executable 
Less SD accesses, more noob-proof
 2016-03-23 15:00:28 +01:00
Aurora
b42f9ffb41 Warn that Updated SysNAND does not work if not using A9LH 2016-03-23 04:56:02 +01:00
Aurora
39280e397a Fix typo 2016-03-23 04:27:07 +01:00
Aurora
887707ea87 Better errors 2016-03-23 04:06:21 +01:00
Aurora
279f39bc13 Added error messages, moved emunand and reboot.bin to aurei/patches 2016-03-23 03:46:44 +01:00
Aurora
b7b734bad1 Added configuration menu (thanks to Cakes for the screen printing code - no more flags!), auto-delete of patched FIRMs when switching to/from A9LH or the CFW gets updated, moved screen init from the loader, general reorganization 2016-03-23 02:46:41 +01:00
Aurora
d01d9b53f2 No need to search for the Process9 .code, calculate it (one memsearch less) 2016-03-21 20:27:01 +01:00
Aurora
c542bc5cf3 More readable this way 2016-03-21 19:20:26 +01:00
Aurora
1f5b824c27 Clean-up, optimized the SDMMC struct searching function, lots of useless casts removed, Process9 only gets searched once 2016-03-21 19:14:32 +01:00
Aurora
cb84a6c7ea Added interrupts disabling to the deinit function 
Did not cause any issues, but it is better this way
 2016-03-21 04:58:20 +01:00
Aurora
61564e5fcf Check for emuNAND earlier 2016-03-21 04:39:00 +01:00
Aurora
a437e533f5 Slightly improved the reboot patch, added emuNAND patch improvements from CakesFW, made the emuNAND patch completely version-independent 
Should work as-is with future firmwares!
 2016-03-21 03:21:22 +01:00
Aurora
6b88953517 Moved D9 launching fix to the loader 2016-03-20 22:03:43 +01:00
Aurora
9b9f784c26 Fixed intermittent splash from CakeBrah, made splash last slightly longer, added shutdown on error, slimmed down FatFs, added error on missing emuNAND, changed folder to "aurei", changed the dat name to "AuReiNand.dat", propered the built-in screen init of the chainloader, remade the look of the 3dsx 
(First luma-powered CFW!)
 2016-03-20 17:38:45 +01:00
Aurora
6dfb33191f Minor changes 2016-03-17 04:51:07 +01:00
Aurora
078fce4b3d Better here 2016-03-17 00:37:43 +01:00
Aurora
dcb09a9472 Added dual emuNAND support, multi-payload loader with built-in screen init (inspired by arm9select, thanks Fix94) 2016-03-17 00:15:38 +01:00
Aurora
8ce395caa5 Switch to Normmatt's iodelay 
Seems to be more reliable in all conditions
 2016-03-16 04:01:38 +01:00
Aurora
e9410c86b1 Added RedNAND support (untested) 2016-03-14 14:51:30 +01:00
Aurora
42885560ed Some clean-up 2016-03-13 17:01:00 +01:00
Aurora
796e4dd060 Forgot this 2016-03-13 04:03:07 +01:00
Aurora
9468582d83 Clean-up, fixed mistake 
GCC, why no u warn me of strict aliasing
 2016-03-12 15:48:20 +01:00
Aurora
6707a36ffe Minor changes 2016-03-10 16:06:44 +01:00
Aurora
09cc7c903c Oops #2 2016-03-10 04:25:38 +01:00
Aurora
9be7481c14 Minor formatting updates 2016-03-10 03:06:44 +01:00
Aurora
9f68ce0d70 Oops 2016-03-10 01:59:25 +01:00
Aurora
4748c0292c Added bottom screen splash image support 
As suggested by Apache Thunder
 2016-03-10 01:31:39 +01:00
Aurora
c3ebce1666 Crush loader warnings 2016-03-09 15:09:46 +01:00
Aurora
b1a428f6bc Disable splash screen when forcing boot options 2016-03-09 14:59:20 +01:00
Aurora
3e0b928db0 Not needed 2016-03-08 15:45:04 +01:00
74 changed files with 3316 additions and 910 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -1,8 +1,7 @@
out
CakeHax
CakeBrah
build
loader/build
injector/build
*.bin
*.3dsx
*.smdh

2
CakeBrah

Submodule CakeBrah updated: aca4aa7d3b...42ebe0d0bc

82
Makefile
View File

@@ -4,29 +4,23 @@ CC := arm-none-eabi-gcc
AS := arm-none-eabi-as
LD := arm-none-eabi-ld
OC := arm-none-eabi-objcopy
OPENSSL := openssl
PYTHON3 := python
PYTHON_VER_MAJOR := $(word 2, $(subst ., , $(shell python --version 2>&1)))
ifneq ($(PYTHON_VER_MAJOR), 3)
PYTHON3 := py -3
endif
name := ReiNand
name := AuReiNand
version := $(shell git describe --abbrev=0 --tags)
dir_source := source
dir_data := data
dir_build := build
dir_mset := CakeHax
dir_out := out
dir_emu := emunand
dir_reboot := reboot
dir_ninjhax := CakeBrah
dir_patches := patches
dir_loader := loader
dir_injector := injector
dir_mset := CakeHax
dir_ninjhax := CakeBrah
dir_build := build
dir_out := out
ASFLAGS := -mlittle-endian -mcpu=arm946e-s -march=armv5te
CFLAGS := -Wall -Wextra -MMD -MP -marm $(ASFLAGS) -fno-builtin -fshort-wchar -std=c11 -Wno-main -O2 -ffast-math
FLAGS := name=$(name).dat dir_out=$(abspath $(dir_out)) ICON=$(abspath icon.png) --no-print-directory
CFLAGS += -DCONFIG_TITLE="\"$(name) $(version) configuration\""
FLAGS := name=$(name).dat dir_out=$(abspath $(dir_out)) ICON=$(abspath icon.png) APP_DESCRIPTION="Noob-friendly 3DS CFW." APP_AUTHOR="Reisyukaku/Aurora Wright" --no-print-directory
objects_cfw = $(patsubst $(dir_source)/%.s, $(dir_build)/%.o, \
$(patsubst $(dir_source)/%.c, $(dir_build)/%.o, \
@@ -34,61 +28,59 @@ objects_cfw = $(patsubst $(dir_source)/%.s, $(dir_build)/%.o, \
.PHONY: all
all: launcher a9lh emunand reboot ninjhax loader
all: launcher a9lh ninjhax
.PHONY: launcher
launcher: $(dir_out)/$(name).dat
launcher: $(dir_out)/$(name).dat
.PHONY: a9lh
a9lh: $(dir_out)/arm9loaderhax.bin
.PHONY: emunand
emunand: $(dir_out)/rei/emunand/emunand.bin
.PHONY: reboot
reboot: $(dir_out)/rei/reboot/reboot.bin
.PHONY: ninjhax
ninjhax: $(dir_out)/3ds/$(name)
.PHONY: loader
loader: $(dir_out)/rei/loader.bin
.PHONY: release
release: $(dir_out)/$(name).zip
.PHONY: clean
clean:
@$(MAKE) $(FLAGS) -C $(dir_mset) clean
@$(MAKE) $(FLAGS) -C $(dir_ninjhax) clean
rm -rf $(dir_out) $(dir_build) $(dir_loader)/build $(dir_loader)/loader.elf
@rm -rf $(dir_out) $(dir_build)
@$(MAKE) -C $(dir_loader) clean
@$(MAKE) -C $(dir_injector) clean
$(dir_out)/$(name).dat: $(dir_build)/main.bin $(dir_out)/rei
$(dir_out):
@mkdir -p "$(dir_out)/aurei/payloads"
$(dir_out)/$(name).dat: $(dir_build)/main.bin $(dir_out)
@$(MAKE) $(FLAGS) -C $(dir_mset) launcher
dd if=$(dir_build)/main.bin of=$@ bs=512 seek=144
@dd if=$(dir_build)/main.bin of=$@ bs=512 seek=144
$(dir_out)/arm9loaderhax.bin: $(dir_build)/main.bin $(dir_out)/rei
$(dir_out)/arm9loaderhax.bin: $(dir_build)/main.bin $(dir_out)
@cp -av $(dir_build)/main.bin $@
$(dir_out)/3ds/$(name):
$(dir_out)/3ds/$(name): $(dir_out)
@mkdir -p "$(dir_out)/3ds/$(name)"
@$(MAKE) $(FLAGS) -C $(dir_ninjhax)
@mv $(dir_out)/$(name).3dsx $@
@mv $(dir_out)/$(name).smdh $@
$(dir_out)/rei:
@mkdir -p "$(dir_out)/rei"
$(dir_out)/$(name).zip: launcher a9lh ninjhax
@cd $(dir_out) && zip -9 -r $(name) *
$(dir_out)/rei/emunand/emunand.bin: $(dir_emu)/emuCode.s
$(dir_build)/patches.h: $(dir_patches)/emunand.s $(dir_patches)/reboot.s $(dir_injector)/Makefile
@mkdir -p "$(dir_build)"
@armips $<
@mkdir -p "$(dir_out)/rei/emunand"
@mv emunand.bin $@
@armips $(word 2,$^)
@$(MAKE) -C $(dir_injector)
@mv emunand.bin reboot.bin $(dir_injector)/injector.cxi $(dir_build)
@bin2c -o $@ -n emunand $(dir_build)/emunand.bin -n reboot $(dir_build)/reboot.bin -n injector $(dir_build)/injector.cxi
$(dir_out)/rei/reboot/reboot.bin: $(dir_reboot)/rebootCode.s
@armips $<
@mkdir -p "$(dir_out)/rei/reboot"
@mv reboot.bin $@
$(dir_out)/rei/loader.bin: $(dir_out)/rei $(dir_loader)/Makefile
@cd $(dir_loader) && make
@mv $(dir_loader)/loader.bin $@
$(dir_build)/loader.h: $(dir_loader)/Makefile
@$(MAKE) -C $(dir_loader)
@mv $(dir_loader)/loader.bin $(dir_build)
@bin2c -o $@ -n loader $(dir_build)/loader.bin
$(dir_build)/main.bin: $(dir_build)/main.elf
$(OC) -S -O binary $< $@
@@ -97,7 +89,7 @@ $(dir_build)/main.elf: $(objects_cfw)
# FatFs requires libgcc for __aeabi_uidiv
$(CC) -nostartfiles $(LDFLAGS) -T linker.ld $(OUTPUT_OPTION) $^
$(dir_build)/%.o: $(dir_source)/%.c
$(dir_build)/%.o: $(dir_source)/%.c $(dir_build)/patches.h $(dir_build)/loader.h
@mkdir -p "$(@D)"
$(COMPILE.c) $(OUTPUT_OPTION) $<

20
README.md
View File

@@ -3,7 +3,7 @@
**Compiling:**
You'll need armips added to your Path. [HERE](https://www.dropbox.com/s/ceuv2qeqp38lpah/armips.exe?dl=0) is a pre-compiled version.
You'll need armips and [bin2c](https://sourceforge.net/projects/bin2c/) added to your Path. [HERE](http://www91.zippyshare.com/v/ePGpjk9r/file.html) is a pre-compiled version of armips.
Lastly, just run Make and everything should work!
@@ -13,12 +13,20 @@ Copy everything in 'out' folder to SD root and run!
See https://github.com/Reisyukaku/ReiNand and http://gbatemp.net/threads/reinand-mod-o3ds-n3ds-sysnand.411110
The FIRMs you need are here:
http://www99.zippyshare.com/v/kEIiQl0x/file.html
The FIRMs you need are [HERE](http://www99.zippyshare.com/v/kEIiQl0x/file.html).
**Credits:**
Rei as this is 99% his code (this is no more than a mod)
Rei as this is mostly his code.
Everyone he credited on his GitHub :P
The offset to detect the console, and to calculate the O3DS NAND CTR are from Decrypt9.
tiniVi suggested me a way to detect a A9LH environment, and figured out screen deinit.
Delebile provided me with the FIRM writes blocking patch.
A skilled reverser gave me the new reboot patch.
The screen init code is from dark_samus, bil1s, Normmatt, delebile and everyone who contributed.
The code for printing to the screen is from CakesFW.

BIN
icon.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 6.1 KiB

After

Width:  |  Height:  |  Size: 3.1 KiB

21
injector/LICENSE Normal file
View File

@@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) 2016 Yifan Lu
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

161
injector/Makefile Normal file
View File

@@ -0,0 +1,161 @@
#---------------------------------------------------------------------------------
.SUFFIXES:
#---------------------------------------------------------------------------------
ifeq ($(strip $(DEVKITARM)),)
$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
endif
TOPDIR ?= $(CURDIR)
MAKEROM ?= makerom
include $(DEVKITARM)/3ds_rules
#---------------------------------------------------------------------------------
# TARGET is the name of the output
# BUILD is the directory where object files & intermediate files will be placed
# SOURCES is a list of directories containing source code
# DATA is a list of directories containing data files
# INCLUDES is a list of directories containing header files
#---------------------------------------------------------------------------------
TARGET := $(notdir $(CURDIR))
BUILD := build
SOURCES := source
DATA := data
INCLUDES := include
#---------------------------------------------------------------------------------
# options for code generation
#---------------------------------------------------------------------------------
ARCH := -march=armv6k -mtune=mpcore -mfloat-abi=hard -mtp=soft
CFLAGS := -flto -Wall -O2 -mword-relocations \
-ffast-math -ffunction-sections -fdata-sections \
$(ARCH)
CFLAGS += $(INCLUDE) -DARM11 -D_3DS
CXXFLAGS := $(CFLAGS) -fno-rtti -fno-exceptions -std=gnu99
ASFLAGS := $(ARCH)
LDFLAGS = -flto -Xlinker --defsym="__start__=0x14000000" -specs=3dsx.specs $(ARCH) -Wl,-Map,$(notdir $*.map)
LIBS := -lctru
#---------------------------------------------------------------------------------
# list of directories containing libraries, this must be the top level containing
# include and lib
#---------------------------------------------------------------------------------
LIBDIRS := $(CTRULIB)
#---------------------------------------------------------------------------------
# no real need to edit anything past this point unless you need to add additional
# rules for different file extensions
#---------------------------------------------------------------------------------
ifneq ($(BUILD),$(notdir $(CURDIR)))
#---------------------------------------------------------------------------------
export OUTPUT := $(CURDIR)/$(TARGET)
export TOPDIR := $(CURDIR)
export VPATH := $(foreach dir,$(SOURCES),$(CURDIR)/$(dir)) \
$(foreach dir,$(DATA),$(CURDIR)/$(dir))
export DEPSDIR := $(CURDIR)/$(BUILD)
CFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.c)))
CPPFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.cpp)))
SFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.s)))
PICAFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.v.pica)))
SHLISTFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.shlist)))
BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.*)))
#---------------------------------------------------------------------------------
# use CXX for linking C++ projects, CC for standard C
#---------------------------------------------------------------------------------
ifeq ($(strip $(CPPFILES)),)
#---------------------------------------------------------------------------------
export LD := $(CC)
#---------------------------------------------------------------------------------
else
#---------------------------------------------------------------------------------
export LD := $(CXX)
#---------------------------------------------------------------------------------
endif
#---------------------------------------------------------------------------------
export OFILES := $(addsuffix .o,$(BINFILES)) \
$(PICAFILES:.v.pica=.shbin.o) $(SHLISTFILES:.shlist=.shbin.o) \
$(CPPFILES:.cpp=.o) $(CFILES:.c=.o) $(SFILES:.s=.o)
export INCLUDE := $(foreach dir,$(INCLUDES),-I$(CURDIR)/$(dir)) \
$(foreach dir,$(LIBDIRS),-I$(dir)/include) \
-I$(CURDIR)/$(BUILD)
export LIBPATHS := $(foreach dir,$(LIBDIRS),-L$(dir)/lib)
.PHONY: $(BUILD) clean all
#---------------------------------------------------------------------------------
all: $(BUILD)
$(BUILD):
@[ -d $@ ] || mkdir -p $@
@$(MAKE) --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile
#---------------------------------------------------------------------------------
clean:
@echo clean ...
@rm -fr $(BUILD) $(OUTPUT).cxi $(TARGET).elf
#---------------------------------------------------------------------------------
else
DEPENDS := $(OFILES:.o=.d)
#---------------------------------------------------------------------------------
# main targets
#---------------------------------------------------------------------------------
$(OUTPUT).cxi : $(OUTPUT).elf
$(MAKEROM) -f ncch -rsf ../loader.rsf -nocodepadding -o $@ -elf $<
$(OUTPUT).elf : $(OFILES)
#---------------------------------------------------------------------------------
# you need a rule like this for each extension you use as binary data
#---------------------------------------------------------------------------------
%.bin.o : %.bin
#---------------------------------------------------------------------------------
@echo $(notdir $<)
@$(bin2o)
#---------------------------------------------------------------------------------
# rules for assembling GPU shaders
#---------------------------------------------------------------------------------
define shader-as
$(eval CURBIN := $(patsubst %.shbin.o,%.shbin,$(notdir $@)))
picasso -o $(CURBIN) $1
bin2s $(CURBIN) | $(AS) -o $@
echo "extern const u8" `(echo $(CURBIN) | sed -e 's/^\([0-9]\)/_\1/' | tr . _)`"_end[];" > `(echo $(CURBIN) | tr . _)`.h
echo "extern const u8" `(echo $(CURBIN) | sed -e 's/^\([0-9]\)/_\1/' | tr . _)`"[];" >> `(echo $(CURBIN) | tr . _)`.h
echo "extern const u32" `(echo $(CURBIN) | sed -e 's/^\([0-9]\)/_\1/' | tr . _)`_size";" >> `(echo $(CURBIN) | tr . _)`.h
endef
%.shbin.o : %.v.pica %.g.pica
@echo $(notdir $^)
@$(call shader-as,$^)
%.shbin.o : %.v.pica
@echo $(notdir $<)
@$(call shader-as,$<)
%.shbin.o : %.shlist
@echo $(notdir $<)
@$(call shader-as,$(foreach file,$(shell cat $<),$(dir $<)/$(file)))
-include $(DEPENDS)
#---------------------------------------------------------------------------------------
endif
#---------------------------------------------------------------------------------------

30
injector/README.md Normal file
View File

@@ -0,0 +1,30 @@
3DS Loader Replacement
======================
This is an open source implementation of 3DS `loader` system module--with
additional features. The current aim of the project is to provide a nice
entry point for patching 3DS modules.
## Roadmap
Right now, this can serve as an open-source replacement for the built in loader.
There is additional support for patching any executable after it's loaded but
before it starts. For example, you can patch `menu` to skip region checks and
have region free game launching directly from the home menu. There is also
support for SDMC reading (not found in original loader implementation) which
means that patches can be loaded from the SD card. Ultimately, there would be
a patch system that supports easy loading of patches from the SD card.
## Build
You need a working 3DS build environment with a fairly recent copy of devkitARM,
ctrulib, and makerom. If you see any errors in the build process, it's likely
that you're using an older version.
Currently, there is no support for FIRM building, so you need to do some steps
manually. First, you have to add padding to make sure the NCCH is of the right
size to drop in as a replacement. A hacky way is
[this patch](http://pastebin.com/nyKXLnNh) which adds junk data. Play around
with the size value to get the NCCH to be the exact same size as the one
found in your decrypted FIRM dump.
Once you have a NCCH of the right size, just replace it in your decrypted FIRM
and find a way to launch it (for example with ReiNAND).

115
injector/loader.rsf Normal file
View File

@@ -0,0 +1,115 @@
BasicInfo:
Title : loader
CompanyCode : "00"
ProductCode : 0828builder
ContentType : Application
Logo : None
TitleInfo:
UniqueId : 0x13
Category : Base
Version : 2
Option:
UseOnSD : false
FreeProductCode : true # Removes limitations on ProductCode
MediaFootPadding : false # If true CCI files are created with padding
EnableCrypt : false # Enables encryption for NCCH and CIA
EnableCompress : true # Compresses exefs code
AccessControlInfo:
IdealProcessor : 1
AffinityMask : 3
Priority : 20
DisableDebug : true
EnableForceDebug : false
CanWriteSharedPage : false
CanUsePrivilegedPriority : false
CanUseNonAlphabetAndNumber : false
PermitMainFunctionArgument : false
CanShareDeviceMemory : false
RunnableOnSleep : true
SpecialMemoryArrange : true
ResourceLimitCategory : Other
CoreVersion : 2
DescVersion : 2
MemoryType : Base # Application / System / Base
HandleTableSize: 0
SystemCallAccess:
AcceptSession: 74
ArbitrateAddress: 34
Break: 60
CancelTimer: 28
ClearEvent: 25
ClearTimer: 29
CloseHandle: 35
ConnectToPort: 45
ControlMemory: 1
CreateAddressArbiter: 33
CreateCodeSet: 115
CreateEvent: 23
CreateMemoryBlock: 30
CreateMutex: 19
CreatePort: 71
CreateProcess: 117
CreateSemaphore: 21
CreateSessionToPort: 72
CreateThread: 8
CreateTimer: 26
DuplicateHandle: 39
ExitProcess: 3
ExitThread: 9
GetCurrentProcessorNumber: 17
GetHandleInfo: 41
GetProcessId: 53
GetProcessIdealProcessor: 6
GetProcessIdOfThread: 54
GetProcessInfo: 43
GetResourceLimit: 56
GetResourceLimitCurrentValues: 58
GetResourceLimitLimitValues: 57
GetSystemInfo: 42
GetSystemTick: 40
GetThreadContext: 59
GetThreadId: 55
GetThreadIdealProcessor: 15
GetThreadInfo: 44
GetThreadPriority: 11
MapMemoryBlock: 31
OutputDebugString: 61
QueryMemory: 2
RandomStub: 116
ReleaseMutex: 20
ReleaseSemaphore: 22
ReplyAndReceive1: 75
ReplyAndReceive2: 76
ReplyAndReceive3: 77
ReplyAndReceive4: 78
ReplyAndReceive: 79
SendSyncRequest1: 46
SendSyncRequest2: 47
SendSyncRequest3: 48
SendSyncRequest4: 49
SendSyncRequest: 50
SetThreadPriority: 12
SetTimer: 27
SignalEvent: 24
SleepThread: 10
UnmapMemoryBlock: 32
WaitSynchronization1: 36
WaitSynchronizationN: 37
InterruptNumbers:
ServiceAccessControl:
- fs:LDR
FileSystemAccess:
- DirectSdmc
- CtrNandRw
SystemControlInfo:
SaveDataSize: 0KB # It doesn't use any save data.
RemasterVersion: 0
StackSize: 0x1000

97
injector/source/exheader.h Executable file
View File

@@ -0,0 +1,97 @@
#pragma once
#include <3ds/types.h>
typedef struct
{
u8 reserved[5];
u8 flag;
u8 remasterversion[2];
} PACKED exheader_systeminfoflags;
typedef struct
{
u32 address;
u32 nummaxpages;
u32 codesize;
} PACKED exheader_codesegmentinfo;
typedef struct
{
u8 name[8];
exheader_systeminfoflags flags;
exheader_codesegmentinfo text;
u8 stacksize[4];
exheader_codesegmentinfo ro;
u8 reserved[4];
exheader_codesegmentinfo data;
u32 bsssize;
} PACKED exheader_codesetinfo;
typedef struct
{
u64 programid[0x30];
} PACKED exheader_dependencylist;
typedef struct
{
u8 savedatasize[4];
u8 reserved[4];
u8 jumpid[8];
u8 reserved2[0x30];
} PACKED exheader_systeminfo;
typedef struct
{
u8 extsavedataid[8];
u8 systemsavedataid[8];
u8 reserved[8];
u8 accessinfo[7];
u8 otherattributes;
} PACKED exheader_storageinfo;
typedef struct
{
u64 programid;
u8 flags[8];
u16 resourcelimitdescriptor[0x10];
exheader_storageinfo storageinfo;
u64 serviceaccesscontrol[0x20];
u8 reserved[0x1f];
u8 resourcelimitcategory;
} PACKED exheader_arm11systemlocalcaps;
typedef struct
{
u32 descriptors[28];
u8 reserved[0x10];
} PACKED exheader_arm11kernelcapabilities;
typedef struct
{
u8 descriptors[15];
u8 descversion;
} PACKED exheader_arm9accesscontrol;
typedef struct
{
// systemcontrol info {
// coreinfo {
exheader_codesetinfo codesetinfo;
exheader_dependencylist deplist;
// }
exheader_systeminfo systeminfo;
// }
// accesscontrolinfo {
exheader_arm11systemlocalcaps arm11systemlocalcaps;
exheader_arm11kernelcapabilities arm11kernelcaps;
exheader_arm9accesscontrol arm9accesscontrol;
// }
struct {
u8 signature[0x100];
u8 ncchpubkeymodulus[0x100];
exheader_arm11systemlocalcaps arm11systemlocalcaps;
exheader_arm11kernelcapabilities arm11kernelcaps;
exheader_arm9accesscontrol arm9accesscontrol;
} PACKED accessdesc;
} PACKED exheader_header;

109
injector/source/fsldr.c Normal file
View File

@@ -0,0 +1,109 @@
#include <3ds.h>
#include "fsldr.h"
#include "fsreg.h"
#include "srvsys.h"
#define SDK_VERSION 0x70200C8
static Handle fsldrHandle;
static int fsldrRefCount;
// MAKE SURE fsreg has been init before calling this
static Result fsldrPatchPermissions(void)
{
u32 pid;
Result res;
FS_ProgramInfo info;
u32 storage[8] = {0};
storage[6] = 0x680; // SDMC access and NAND access flag
info.programId = 0x0004013000001302LL; // loader PID
info.mediaType = MEDIATYPE_NAND;
res = svcGetProcessId(&pid, 0xFFFF8001);
if (R_SUCCEEDED(res))
{
res = FSREG_Register(pid, 0xFFFF000000000000LL, &info, (u8 *)storage);
}
return res;
}
Result fsldrInit(void)
{
Result ret = 0;
if (AtomicPostIncrement(&fsldrRefCount)) return 0;
ret = srvSysGetServiceHandle(&fsldrHandle, "fs:LDR");
if (R_SUCCEEDED(ret))
{
fsldrPatchPermissions();
ret = FSLDR_InitializeWithSdkVersion(fsldrHandle, SDK_VERSION);
ret = FSLDR_SetPriority(0);
if (R_FAILED(ret)) svcBreak(USERBREAK_ASSERT);
}
else
{
AtomicDecrement(&fsldrRefCount);
}
return ret;
}
void fsldrExit(void)
{
if (AtomicDecrement(&fsldrRefCount)) return;
svcCloseHandle(fsldrHandle);
}
Result FSLDR_InitializeWithSdkVersion(Handle session, u32 version)
{
u32 *cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(0x861,1,2); // 0x8610042
cmdbuf[1] = version;
cmdbuf[2] = 32;
Result ret = 0;
if(R_FAILED(ret = svcSendSyncRequest(session))) return ret;
return cmdbuf[1];
}
Result FSLDR_SetPriority(u32 priority)
{
u32 *cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(0x862,1,0); // 0x8620040
cmdbuf[1] = priority;
Result ret = 0;
if(R_FAILED(ret = svcSendSyncRequest(fsldrHandle))) return ret;
return cmdbuf[1];
}
Result FSLDR_OpenFileDirectly(Handle* out, FS_Archive archive, FS_Path path, u32 openFlags, u32 attributes)
{
u32 *cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(0x803,8,4); // 0x8030204
cmdbuf[1] = 0;
cmdbuf[2] = archive.id;
cmdbuf[3] = archive.lowPath.type;
cmdbuf[4] = archive.lowPath.size;
cmdbuf[5] = path.type;
cmdbuf[6] = path.size;
cmdbuf[7] = openFlags;
cmdbuf[8] = attributes;
cmdbuf[9] = IPC_Desc_StaticBuffer(archive.lowPath.size, 2);
cmdbuf[10] = (u32) archive.lowPath.data;
cmdbuf[11] = IPC_Desc_StaticBuffer(path.size, 0);
cmdbuf[12] = (u32) path.data;
Result ret = 0;
if(R_FAILED(ret = svcSendSyncRequest(fsldrHandle))) return ret;
if(out) *out = cmdbuf[3];
return cmdbuf[1];
}

9
injector/source/fsldr.h Normal file
View File

@@ -0,0 +1,9 @@
#pragma once
#include <3ds/types.h>
Result fsldrInit(void);
void fsldrExit(void);
Result FSLDR_InitializeWithSdkVersion(Handle session, u32 version);
Result FSLDR_SetPriority(u32 priority);
Result FSLDR_OpenFileDirectly(Handle* out, FS_Archive archive, FS_Path path, u32 openFlags, u32 attributes);

116
injector/source/fsreg.c Normal file
View File

@@ -0,0 +1,116 @@
#include <3ds.h>
#include <string.h>
#include "fsreg.h"
#include "srvsys.h"
static Handle fsregHandle;
static int fsregRefCount;
Result fsregInit(void)
{
Result ret = 0;
if (AtomicPostIncrement(&fsregRefCount)) return 0;
ret = srvSysGetServiceHandle(&fsregHandle, "fs:REG");
if (R_FAILED(ret)) AtomicDecrement(&fsregRefCount);
return ret;
}
void fsregExit(void)
{
if (AtomicDecrement(&fsregRefCount)) return;
svcCloseHandle(fsregHandle);
}
Result FSREG_CheckHostLoadId(u64 prog_handle)
{
u32 *cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(0x406,2,0); // 0x4060080
cmdbuf[1] = (u32) (prog_handle);
cmdbuf[2] = (u32) (prog_handle >> 32);
Result ret = 0;
if(R_FAILED(ret = svcSendSyncRequest(fsregHandle))) return ret;
return cmdbuf[1];
}
Result FSREG_LoadProgram(u64 *prog_handle, FS_ProgramInfo *title)
{
u32 *cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(0x404,4,0); // 0x4040100
memcpy(&cmdbuf[1], &title->programId, sizeof(u64));
*(u8 *)&cmdbuf[3] = title->mediaType;
memcpy(((u8 *)&cmdbuf[3])+1, &title->padding, 7);
Result ret = 0;
if(R_FAILED(ret = svcSendSyncRequest(fsregHandle))) return ret;
*prog_handle = *(u64 *)&cmdbuf[2];
return cmdbuf[1];
}
Result FSREG_GetProgramInfo(exheader_header *exheader, u32 entry_count, u64 prog_handle)
{
u32 *cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(0x403,3,0); // 0x40300C0
cmdbuf[1] = entry_count;
*(u64 *)&cmdbuf[2] = prog_handle;
cmdbuf[64] = ((entry_count << 10) << 14) | 2;
cmdbuf[65] = (u32) exheader;
Result ret = 0;
if(R_FAILED(ret = svcSendSyncRequest(fsregHandle))) return ret;
return cmdbuf[1];
}
Result FSREG_UnloadProgram(u64 prog_handle)
{
u32 *cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(0x405,2,0); // 0x4050080
cmdbuf[1] = (u32) (prog_handle);
cmdbuf[2] = (u32) (prog_handle >> 32);
Result ret = 0;
if(R_FAILED(ret = svcSendSyncRequest(fsregHandle))) return ret;
return cmdbuf[1];
}
Result FSREG_Unregister(u32 pid)
{
u32 *cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(0x402,1,0); // 0x4020040
cmdbuf[1] = pid;
Result ret = 0;
if(R_FAILED(ret = svcSendSyncRequest(fsregHandle))) return ret;
return cmdbuf[1];
}
Result FSREG_Register(u32 pid, u64 prog_handle, FS_ProgramInfo *info, void *storageinfo)
{
u32 *cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(0x401,0xf,0); // 0x40103C0
cmdbuf[1] = pid;
*(u64 *)&cmdbuf[2] = prog_handle;
memcpy(&cmdbuf[4], &info->programId, sizeof(u64));
*(u8 *)&cmdbuf[6] = info->mediaType;
memcpy(((u8 *)&cmdbuf[6])+1, &info->padding, 7);
memcpy((u8 *)&cmdbuf[8], storageinfo, 32);
Result ret = 0;
if(R_FAILED(ret = svcSendSyncRequest(fsregHandle))) return ret;
return cmdbuf[1];
}

13
injector/source/fsreg.h Normal file
View File

@@ -0,0 +1,13 @@
#pragma once
#include <3ds/types.h>
#include "exheader.h"
Result fsregInit(void);
void fsregExit(void);
Result FSREG_CheckHostLoadId(u64 prog_handle);
Result FSREG_LoadProgram(u64 *prog_handle, FS_ProgramInfo *title);
Result FSREG_GetProgramInfo(exheader_header *exheader, u32 entry_count, u64 prog_handle);
Result FSREG_UnloadProgram(u64 prog_handle);
Result FSREG_Unregister(u32 pid);
Result FSREG_Register(u32 pid, u64 prog_handle, FS_ProgramInfo *info, void *storageinfo);

105
injector/source/ifile.c Normal file
View File

@@ -0,0 +1,105 @@
#include <3ds.h>
#include "ifile.h"
#include "fsldr.h"
Result IFile_Open(IFile *file, FS_Archive archive, FS_Path path, u32 flags)
{
Result res;
res = FSLDR_OpenFileDirectly(&file->handle, archive, path, flags, 0);
file->pos = 0;
file->size = 0;
return res;
}
Result IFile_Close(IFile *file)
{
return FSFILE_Close(file->handle);
}
Result IFile_GetSize(IFile *file, u64 *size)
{
Result res;
res = FSFILE_GetSize(file->handle, size);
file->size = *size;
return res;
}
Result IFile_Read(IFile *file, u64 *total, void *buffer, u32 len)
{
u32 read;
u32 left;
char *buf;
u64 cur;
Result res;
if (len == 0)
{
*total = 0;
return 0;
}
buf = (char *)buffer;
cur = 0;
left = len;
while (1)
{
res = FSFILE_Read(file->handle, &read, file->pos, buf, left);
if (R_FAILED(res))
{
break;
}
cur += read;
file->pos += read;
if (read == left)
{
break;
}
buf += read;
left -= read;
}
*total = cur;
return res;
}
Result IFile_Write(IFile *file, u64 *total, void *buffer, u32 len, u32 flags)
{
u32 written;
u32 left;
char *buf;
u64 cur;
Result res;
if (len == 0)
{
*total = 0;
return 0;
}
buf = (char *)buffer;
cur = 0;
left = len;
while (1)
{
res = FSFILE_Write(file->handle, &written, file->pos, buf, left, flags);
if (R_FAILED(res))
{
break;
}
cur += written;
file->pos += written;
if (written == left)
{
break;
}
buf += written;
left -= written;
}
*total = cur;
return res;
}

16
injector/source/ifile.h Normal file
View File

@@ -0,0 +1,16 @@
#pragma once
#include <3ds/types.h>
typedef struct
{
Handle handle;
u64 pos;
u64 size;
} IFile;
Result IFile_Open(IFile *file, FS_Archive archive, FS_Path path, u32 flags);
Result IFile_Close(IFile *file);
Result IFile_GetSize(IFile *file, u64 *size);
Result IFile_Read(IFile *file, u64 *total, void *buffer, u32 len);
Result IFile_Write(IFile *file, u64 *total, void *buffer, u32 len, u32 flags);

593
injector/source/loader.c Normal file
View File

@@ -0,0 +1,593 @@
#include <3ds.h>
#include <string.h>
#include <sys/iosupport.h>
#include "patcher.h"
#include "exheader.h"
#include "ifile.h"
#include "fsldr.h"
#include "fsreg.h"
#include "pxipm.h"
#include "srvsys.h"
#define MAX_SESSIONS 1
const char CODE_PATH[] = {0x01, 0x00, 0x00, 0x00, 0x2E, 0x63, 0x6F, 0x64, 0x65, 0x00, 0x00, 0x00};
typedef struct
{
u32 text_addr;
u32 text_size;
u32 ro_addr;
u32 ro_size;
u32 data_addr;
u32 data_size;
u32 total_size;
} prog_addrs_t;
static Handle g_handles[MAX_SESSIONS+2];
static int g_active_handles;
static u64 g_cached_prog_handle;
static exheader_header g_exheader;
static char g_ret_buf[1024];
static int lzss_decompress(u8 *end)
{
unsigned int v1; // r1@2
u8 *v2; // r2@2
u8 *v3; // r3@2
u8 *v4; // r1@2
char v5; // r5@4
char v6; // t1@4
signed int v7; // r6@4
int v9; // t1@7
u8 *v11; // r3@8
int v12; // r12@8
int v13; // t1@8
int v14; // t1@8
unsigned int v15; // r7@8
int v16; // r12@8
int ret;
ret = 0;
if ( end )
{
v1 = *((u32 *)end - 2);
v2 = &end[*((u32 *)end - 1)];
v3 = &end[-(v1 >> 24)];
v4 = &end[-(v1 & 0xFFFFFF)];
while ( v3 > v4 )
{
v6 = *(v3-- - 1);
v5 = v6;
v7 = 8;
while ( 1 )
{
if ( (v7-- < 1) )
break;
if ( v5 & 0x80 )
{
v13 = *(v3 - 1);
v11 = v3 - 1;
v12 = v13;
v14 = *(v11 - 1);
v3 = v11 - 1;
v15 = ((v14 | (v12 << 8)) & 0xFFFF0FFF) + 2;
v16 = v12 + 32;
do
{
ret = v2[v15];
*(v2-- - 1) = ret;
v16 -= 16;
}
while ( !(v16 < 0) );
}
else
{
v9 = *(v3-- - 1);
ret = v9;
*(v2-- - 1) = v9;
}
v5 *= 2;
if ( v3 <= v4 )
return ret;
}
}
}
return ret;
}
static Result allocate_shared_mem(prog_addrs_t *shared, prog_addrs_t *vaddr, int flags)
{
u32 dummy;
memcpy(shared, vaddr, sizeof(prog_addrs_t));
shared->text_addr = 0x10000000;
shared->ro_addr = shared->text_addr + (shared->text_size << 12);
shared->data_addr = shared->ro_addr + (shared->ro_size << 12);
return svcControlMemory(&dummy, shared->text_addr, 0, shared->total_size << 12, (flags & 0xF00) | MEMOP_ALLOC, MEMPERM_READ | MEMPERM_WRITE);
}
static Result load_code(u64 progid, prog_addrs_t *shared, u64 prog_handle, int is_compressed)
{
IFile file;
FS_Archive archive;
FS_Path path;
Result res;
u64 size;
u64 total;
archive.id = ARCHIVE_SAVEDATA_AND_CONTENT2;
archive.lowPath.type = PATH_BINARY;
archive.lowPath.data = &prog_handle;
archive.lowPath.size = 8;
//archive.handle = prog_handle; // not needed
path.type = PATH_BINARY;
path.data = CODE_PATH;
path.size = sizeof(CODE_PATH);
if (R_FAILED(IFile_Open(&file, archive, path, FS_OPEN_READ)))
{
svcBreak(USERBREAK_ASSERT);
}
// get file size
if (R_FAILED(IFile_GetSize(&file, &size)))
{
IFile_Close(&file);
svcBreak(USERBREAK_ASSERT);
}
// check size
if (size > (u64)shared->total_size << 12)
{
IFile_Close(&file);
return 0xC900464F;
}
// read code
res = IFile_Read(&file, &total, (void *)shared->text_addr, size);
IFile_Close(&file); // done reading
if (R_FAILED(res))
{
svcBreak(USERBREAK_ASSERT);
}
// decompress
if (is_compressed)
{
lzss_decompress((u8 *)shared->text_addr + size);
}
// patch
patch_code(progid, (u8 *)shared->text_addr, shared->total_size << 12);
return 0;
}
static Result loader_GetProgramInfo(exheader_header *exheader, u64 prog_handle)
{
Result res;
if (prog_handle >> 32 == 0xFFFF0000)
{
return FSREG_GetProgramInfo(exheader, 1, prog_handle);
}
else
{
res = FSREG_CheckHostLoadId(prog_handle);
//if ((res >= 0 && (unsigned)res >> 27) || (res < 0 && ((unsigned)res >> 27)-32))
//so use PXIPM if FSREG fails OR returns "info", is the second condition a bug?
if (R_FAILED(res) || (R_SUCCEEDED(res) && R_LEVEL(res) != RL_SUCCESS))
{
return PXIPM_GetProgramInfo(exheader, prog_handle);
}
else
{
return FSREG_GetProgramInfo(exheader, 1, prog_handle);
}
}
}
static Result loader_LoadProcess(Handle *process, u64 prog_handle)
{
Result res;
int count;
u32 flags;
u32 desc;
u32 dummy;
prog_addrs_t shared_addr;
prog_addrs_t vaddr;
Handle codeset;
CodeSetInfo codesetinfo;
u32 data_mem_size;
u64 progid;
// make sure the cached info corrosponds to the current prog_handle
if (g_cached_prog_handle != prog_handle)
{
res = loader_GetProgramInfo(&g_exheader, prog_handle);
g_cached_prog_handle = prog_handle;
if (res < 0)
{
g_cached_prog_handle = 0;
return res;
}
}
// get kernel flags
flags = 0;
for (count = 0; count < 28; count++)
{
desc = g_exheader.arm11kernelcaps.descriptors[count];
if (0x1FE == desc >> 23)
{
flags = desc & 0xF00;
}
}
if (flags == 0)
{
return MAKERESULT(RL_PERMANENT, RS_INVALIDARG, 1, 2);
}
// allocate process memory
vaddr.text_addr = g_exheader.codesetinfo.text.address;
vaddr.text_size = (g_exheader.codesetinfo.text.codesize + 4095) >> 12;
vaddr.ro_addr = g_exheader.codesetinfo.ro.address;
vaddr.ro_size = (g_exheader.codesetinfo.ro.codesize + 4095) >> 12;
vaddr.data_addr = g_exheader.codesetinfo.data.address;
vaddr.data_size = (g_exheader.codesetinfo.data.codesize + 4095) >> 12;
data_mem_size = (g_exheader.codesetinfo.data.codesize + g_exheader.codesetinfo.bsssize + 4095) >> 12;
vaddr.total_size = vaddr.text_size + vaddr.ro_size + vaddr.data_size;
if ((res = allocate_shared_mem(&shared_addr, &vaddr, flags)) < 0)
{
return res;
}
// load code
progid = g_exheader.arm11systemlocalcaps.programid;
if ((res = load_code(progid, &shared_addr, prog_handle, g_exheader.codesetinfo.flags.flag & 1)) >= 0)
{
memcpy(&codesetinfo.name, g_exheader.codesetinfo.name, 8);
codesetinfo.program_id = progid;
codesetinfo.text_addr = vaddr.text_addr;
codesetinfo.text_size = vaddr.text_size;
codesetinfo.text_size_total = vaddr.text_size;
codesetinfo.ro_addr = vaddr.ro_addr;
codesetinfo.ro_size = vaddr.ro_size;
codesetinfo.ro_size_total = vaddr.ro_size;
codesetinfo.rw_addr = vaddr.data_addr;
codesetinfo.rw_size = vaddr.data_size;
codesetinfo.rw_size_total = data_mem_size;
res = svcCreateCodeSet(&codeset, &codesetinfo, (void *)shared_addr.text_addr, (void *)shared_addr.ro_addr, (void *)shared_addr.data_addr);
if (res >= 0)
{
res = svcCreateProcess(process, codeset, g_exheader.arm11kernelcaps.descriptors, count);
svcCloseHandle(codeset);
if (res >= 0)
{
return 0;
}
}
}
svcControlMemory(&dummy, shared_addr.text_addr, 0, shared_addr.total_size << 12, MEMOP_FREE, 0);
return res;
}
static Result loader_RegisterProgram(u64 *prog_handle, FS_ProgramInfo *title, FS_ProgramInfo *update)
{
Result res;
u64 prog_id;
prog_id = title->programId;
if (prog_id >> 32 != 0xFFFF0000)
{
res = FSREG_CheckHostLoadId(prog_id);
//if ((res >= 0 && (unsigned)res >> 27) || (res < 0 && ((unsigned)res >> 27)-32))
if (R_FAILED(res) || (R_SUCCEEDED(res) && R_LEVEL(res) != RL_SUCCESS))
{
res = PXIPM_RegisterProgram(prog_handle, title, update);
if (res < 0)
{
return res;
}
if (*prog_handle >> 32 != 0xFFFF0000)
{
res = FSREG_CheckHostLoadId(*prog_handle);
//if ((res >= 0 && (unsigned)res >> 27) || (res < 0 && ((unsigned)res >> 27)-32))
if (R_FAILED(res) || (R_SUCCEEDED(res) && R_LEVEL(res) != RL_SUCCESS))
{
return 0;
}
}
svcBreak(USERBREAK_ASSERT);
}
}
if ((title->mediaType != update->mediaType) || (prog_id != update->programId))
{
svcBreak(USERBREAK_ASSERT);
}
res = FSREG_LoadProgram(prog_handle, title);
if (R_SUCCEEDED(res))
{
if (*prog_handle >> 32 == 0xFFFF0000)
{
return 0;
}
res = FSREG_CheckHostLoadId(*prog_handle);
//if ((res >= 0 && (unsigned)res >> 27) || (res < 0 && ((unsigned)res >> 27)-32))
if (R_FAILED(res) || (R_SUCCEEDED(res) && R_LEVEL(res) != RL_SUCCESS))
{
svcBreak(USERBREAK_ASSERT);
}
}
return res;
}
static Result loader_UnregisterProgram(u64 prog_handle)
{
Result res;
if (prog_handle >> 32 == 0xFFFF0000)
{
return FSREG_UnloadProgram(prog_handle);
}
else
{
res = FSREG_CheckHostLoadId(prog_handle);
//if ((res >= 0 && (unsigned)res >> 27) || (res < 0 && ((unsigned)res >> 27)-32))
if (R_FAILED(res) || (R_SUCCEEDED(res) && R_LEVEL(res) != RL_SUCCESS))
{
return PXIPM_UnregisterProgram(prog_handle);
}
else
{
return FSREG_UnloadProgram(prog_handle);
}
}
}
static void handle_commands(void)
{
FS_ProgramInfo title;
FS_ProgramInfo update;
u32* cmdbuf;
u16 cmdid;
int res;
Handle handle;
u64 prog_handle;
cmdbuf = getThreadCommandBuffer();
cmdid = cmdbuf[0] >> 16;
res = 0;
switch (cmdid)
{
case 1: // LoadProcess
{
res = loader_LoadProcess(&handle, *(u64 *)&cmdbuf[1]);
cmdbuf[0] = 0x10042;
cmdbuf[1] = res;
cmdbuf[2] = 16;
cmdbuf[3] = handle;
break;
}
case 2: // RegisterProgram
{
memcpy(&title, &cmdbuf[1], sizeof(FS_ProgramInfo));
memcpy(&update, &cmdbuf[5], sizeof(FS_ProgramInfo));
res = loader_RegisterProgram(&prog_handle, &title, &update);
cmdbuf[0] = 0x200C0;
cmdbuf[1] = res;
*(u64 *)&cmdbuf[2] = prog_handle;
break;
}
case 3: // UnregisterProgram
{
if (g_cached_prog_handle == prog_handle)
{
g_cached_prog_handle = 0;
}
cmdbuf[0] = 0x30040;
cmdbuf[1] = loader_UnregisterProgram(*(u64 *)&cmdbuf[1]);
break;
}
case 4: // GetProgramInfo
{
prog_handle = *(u64 *)&cmdbuf[1];
if (prog_handle != g_cached_prog_handle)
{
res = loader_GetProgramInfo(&g_exheader, prog_handle);
if (res >= 0)
{
g_cached_prog_handle = prog_handle;
}
else
{
g_cached_prog_handle = 0;
}
}
memcpy(&g_ret_buf, &g_exheader, 1024);
cmdbuf[0] = 0x40042;
cmdbuf[1] = res;
cmdbuf[2] = 0x1000002;
cmdbuf[3] = (u32) &g_ret_buf;
break;
}
default: // error
{
cmdbuf[0] = 0x40;
cmdbuf[1] = 0xD900182F;
break;
}
}
}
static Result should_terminate(int *term_request)
{
u32 notid;
Result ret;
ret = srvSysReceiveNotification(&notid);
if (R_FAILED(ret))
{
return ret;
}
if (notid == 0x100) // term request
{
*term_request = 1;
}
return 0;
}
// this is called before main
void __appInit()
{
srvSysInit();
fsregInit();
fsldrInit();
pxipmInit();
}
// this is called after main exits
void __appExit()
{
pxipmExit();
fsldrExit();
fsregExit();
srvSysExit();
}
// stubs for non-needed pre-main functions
void __sync_init();
void __sync_fini();
void __system_initSyscalls();
void __ctru_exit(int rc)
{
__appExit();
__sync_fini();
svcExitProcess();
}
void initSystem(void (*retAddr)(void))
{
__sync_init();
__system_initSyscalls();
__appInit();
}
int main()
{
Result ret;
Handle handle;
Handle reply_target;
Handle *srv_handle;
Handle *notification_handle;
s32 index;
int i;
int term_request;
u32* cmdbuf;
ret = 0;
srv_handle = &g_handles[1];
notification_handle = &g_handles[0];
if (R_FAILED(srvSysRegisterService(srv_handle, "Loader", MAX_SESSIONS)))
{
svcBreak(USERBREAK_ASSERT);
}
if (R_FAILED(srvSysEnableNotification(notification_handle)))
{
svcBreak(USERBREAK_ASSERT);
}
g_active_handles = 2;
g_cached_prog_handle = 0;
index = 1;
reply_target = 0;
term_request = 0;
do
{
if (reply_target == 0)
{
cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = 0xFFFF0000;
}
ret = svcReplyAndReceive(&index, g_handles, g_active_handles, reply_target);
if (R_FAILED(ret))
{
// check if any handle has been closed
if (ret == 0xC920181A)
{
if (index == -1)
{
for (i = 2; i < MAX_SESSIONS+2; i++)
{
if (g_handles[i] == reply_target)
{
index = i;
break;
}
}
}
svcCloseHandle(g_handles[index]);
g_handles[index] = g_handles[g_active_handles-1];
g_active_handles--;
reply_target = 0;
}
else
{
svcBreak(USERBREAK_ASSERT);
}
}
else
{
// process responses
reply_target = 0;
switch (index)
{
case 0: // notification
{
if (R_FAILED(should_terminate(&term_request)))
{
svcBreak(USERBREAK_ASSERT);
}
break;
}
case 1: // new session
{
if (R_FAILED(svcAcceptSession(&handle, *srv_handle)))
{
svcBreak(USERBREAK_ASSERT);
}
if (g_active_handles < MAX_SESSIONS+2)
{
g_handles[g_active_handles] = handle;
g_active_handles++;
}
else
{
svcCloseHandle(handle);
}
break;
}
default: // session
{
handle_commands();
reply_target = g_handles[index];
break;
}
}
}
} while (!term_request || g_active_handles != 2);
srvSysUnregisterService("Loader");
svcCloseHandle(*srv_handle);
svcCloseHandle(*notification_handle);
return 0;
}

274
injector/source/patcher.c Normal file
View File

@@ -0,0 +1,274 @@
#include <3ds.h>
#include <string.h>
#include "patcher.h"
#include "ifile.h"
#ifndef PATH_MAX
#define PATH_MAX 255
#endif
static u32 config = 0;
static u8 secureinfo[0x111] = {0};
//Quick Search algorithm, adapted from http://igm.univ-mlv.fr/~lecroq/string/node19.html#SECTION00190
static u8 *memsearch(u8 *startPos, const void *pattern, u32 size, u32 patternSize){
const u8 *patternc = (const u8 *)pattern;
//Preprocessing
int table[256];
for(u32 i = 0; i < 256; ++i)
table[i] = patternSize + 1;
for(u32 i = 0; i < patternSize; ++i)
table[patternc[i]] = patternSize - i;
//Searching
u32 j = 0;
while(j <= size - patternSize){
if(memcmp(patternc, startPos + j, patternSize) == 0)
return startPos + j;
j += table[startPos[j + patternSize]];
}
return NULL;
}
static u32 patch_memory(u8 *start, u32 size, const void *pattern, u32 patsize, int offset, const void *replace, u32 repsize, u32 count){
u32 i;
for(i = 0; i < count; i++){
u8 *found = memsearch(start, pattern, size, patsize);
if(found == NULL)
break;
memcpy(found + offset, replace, repsize);
u32 at = (u32)(found - start);
if(at + patsize > size) size = 0;
else size = size - (at + patsize);
start = found + patsize;
}
return i;
}
static int file_open(IFile *file, FS_ArchiveID id, const char *path, int flags){
FS_Archive archive;
FS_Path ppath;
size_t len = strnlen(path, PATH_MAX);
archive.id = id;
archive.lowPath.type = PATH_EMPTY;
archive.lowPath.size = 1;
archive.lowPath.data = (u8 *)"";
ppath.type = PATH_ASCII;
ppath.data = path;
ppath.size = len+1;
return IFile_Open(file, archive, ppath, flags);
}
static int patch_secureinfo(){
IFile file;
Result ret;
u64 total;
if(secureinfo[0] == 0xFF)
return 0;
ret = file_open(&file, ARCHIVE_SDMC, "/SecureInfo_A", FS_OPEN_READ);
if(R_SUCCEEDED(ret)){
ret = IFile_Read(&file, &total, secureinfo, sizeof(secureinfo));
IFile_Close(&file);
if(R_SUCCEEDED(ret) && total == sizeof(secureinfo)){
ret = file_open(&file, ARCHIVE_NAND_RW, "/sys/SecureInfo_C", FS_OPEN_WRITE | FS_OPEN_CREATE);
if(R_SUCCEEDED(ret)){
ret = IFile_Write(&file, &total, secureinfo, sizeof(secureinfo), FS_WRITE_FLUSH);
IFile_Close(&file);
}
secureinfo[0] = 0xFF; // we repurpose this byte as status
}
}
else { // get file from NAND
ret = file_open(&file, ARCHIVE_NAND_RW, "/sys/SecureInfo_C", FS_OPEN_READ);
if(R_SUCCEEDED(ret)){
ret = IFile_Read(&file, &total, secureinfo, sizeof(secureinfo));
IFile_Close(&file);
if(R_SUCCEEDED(ret) && total == sizeof(secureinfo))
secureinfo[0] = 0xFF;
}
}
return ret;
}
static int open_config(){
IFile file;
Result ret;
u64 total;
if(config)
return 0;
ret = file_open(&file, ARCHIVE_SDMC, "/aurei/config.bin", FS_OPEN_READ);
if(R_SUCCEEDED(ret)){
ret = IFile_Read(&file, &total, (void *)&config, 3);
IFile_Close(&file);
}
return ret;
}
u32 patch_code(u64 progid, u8 *code, u32 size){
if( progid == 0x0004003000008F02LL || // USA Menu
progid == 0x0004003000008202LL || // JPN Menu
progid == 0x0004003000009802LL || // EUR Menu
progid == 0x000400300000A102LL || // CHN Menu
progid == 0x000400300000A902LL || // KOR Menu
progid == 0x000400300000B102LL // TWN Menu
){
static const u8 regionFreePattern[] = {
0x00, 0x00, 0x55, 0xE3, 0x01, 0x10, 0xA0, 0xE3
};
static const u8 regionFreePatch[] = {
0x01, 0x00, 0xA0, 0xE3, 0x1E, 0xFF, 0x2F, 0xE1
};
patch_memory(code, size,
regionFreePattern,
sizeof(regionFreePattern), -16,
regionFreePatch,
sizeof(regionFreePatch), 1
);
}
else if(progid == 0x0004013000002C02LL){ // NIM
static const u8 blockAutoUpdatesPattern[] = {
0x25, 0x79, 0x0B, 0x99
};
static const u8 blockAutoUpdatesPatch[] = {
0xE3, 0xA0
};
static const u8 blockEShopUpdateCheckPattern[] = {
0x30, 0xB5, 0xF1, 0xB0
};
static const u8 blockEShopUpdateCheckPatch[] = {
0x00, 0x20, 0x08, 0x60, 0x70, 0x47
};
static const u8 countryRespPattern[] = {
0x01, 0x20, 0x01, 0x90, 0x22, 0x46, 0x06, 0x9B
};
static const char countryRespPatchModel[] = {
0x06, 0x9A, 0x03, 0x20, 0x90, 0x47, 0x55, 0x21, 0x01, 0x70, 0x53, 0x21, 0x41, 0x70, 0x00, 0x21,
0x81, 0x70, 0x60, 0x61, 0x00, 0x20
};
const char *country;
char countryRespPatch[sizeof(countryRespPatchModel)];
patch_memory(code, size,
blockAutoUpdatesPattern,
sizeof(blockAutoUpdatesPattern), 0,
blockAutoUpdatesPatch,
sizeof(blockAutoUpdatesPatch), 1
);
patch_memory(code, size,
blockEShopUpdateCheckPattern,
sizeof(blockEShopUpdateCheckPattern), 0,
blockEShopUpdateCheckPatch,
sizeof(blockEShopUpdateCheckPatch), 1
);
if(R_SUCCEEDED(patch_secureinfo())){
switch(secureinfo[0x100]){
case 1: country = "US"; break;
case 2: country = "GB"; break; // sorry rest-of-Europe, you have to change this
case 3: country = "AU"; break;
case 4: country = "CN"; break;
case 5: country = "KR"; break;
case 6: country = "TW"; break;
default: case 0: country = "JP"; break;
}
// patch XML response Country
memcpy(countryRespPatch,
countryRespPatchModel,
sizeof(countryRespPatchModel)
);
countryRespPatch[6] = country[0];
countryRespPatch[10] = country[1];
patch_memory(code, size,
countryRespPattern,
sizeof(countryRespPattern), 0,
countryRespPatch,
sizeof(countryRespPatch), 1
);
}
}
else if(
progid == 0x0004001000021000LL || // USA MSET
progid == 0x0004001000020000LL || // JPN MSET
progid == 0x0004001000022000LL || // EUR MSET
progid == 0x0004001000026000LL || // CHN MSET
progid == 0x0004001000027000LL || // KOR MSET
progid == 0x0004001000028000LL // TWN MSET
){
if(R_SUCCEEDED(open_config()) && ((config >> 5) & 0x1)){
static const u16 VerPattern[] = u"Ver.";
const u32 currentFirm = ((config >> 12) & 0x1);
const u32 currentNand = ((config >> 13) & 0x3);
patch_memory(code, size,
VerPattern,
sizeof(VerPattern) - sizeof(u16), 0,
currentNand ? ((currentNand == 1) ? ((currentFirm == 1) ? u" Emu" : u"Emu9") : u"Emu2") :
((currentFirm == 1) ? u" Sys" : u"Sys9"),
sizeof(VerPattern) - sizeof(u16), 1
);
}
}
else if (progid == 0x0004013000008002LL){ // NS
static const u8 stopCartUpdatesPattern[] = {
0x0C, 0x18, 0xE1, 0xD8
};
static const u8 stopCartUpdatesPatch[] = {
0x0B, 0x18, 0x21, 0xC8
};
patch_memory(code, size,
stopCartUpdatesPattern,
sizeof(stopCartUpdatesPattern), 0,
stopCartUpdatesPatch,
sizeof(stopCartUpdatesPatch), 2
);
}
else if(progid == 0x0004013000001702LL){ // CFG
static const u8 secureinfoSigCheckPattern[] = {
0x06, 0x46, 0x10, 0x48, 0xFC
};
static const u8 secureinfoSigCheckPatch[] = {
0x00, 0x26
};
static const u16 secureinfoFilenamePattern[] = u"SecureInfo_";
static const u16 secureinfoFilenamePatch[] = u"C";
// disable SecureInfo signature check
patch_memory(code, size,
secureinfoSigCheckPattern,
sizeof(secureinfoSigCheckPattern), 0,
secureinfoSigCheckPatch,
sizeof(secureinfoSigCheckPatch), 1
);
if(R_SUCCEEDED(patch_secureinfo())){
// use SecureInfo_C
patch_memory(code, size,
secureinfoFilenamePattern,
sizeof(secureinfoFilenamePattern) - sizeof(u16),
sizeof(secureinfoFilenamePattern) - sizeof(u16),
secureinfoFilenamePatch,
sizeof(secureinfoFilenamePatch) - sizeof(u16), 2
);
}
}
return 0;
}

5
injector/source/patcher.h Normal file
View File

@@ -0,0 +1,5 @@
#pragma once
#include <3ds/types.h>
u32 patch_code(u64 progid, u8 *code, u32 size);

74
injector/source/pxipm.c Normal file
View File

@@ -0,0 +1,74 @@
#include <3ds.h>
#include <string.h>
#include "pxipm.h"
#include "srvsys.h"
static Handle pxipmHandle;
static int pxipmRefCount;
Result pxipmInit(void)
{
Result ret = 0;
if (AtomicPostIncrement(&pxipmRefCount)) return 0;
ret = srvSysGetServiceHandle(&pxipmHandle, "PxiPM");
if (R_FAILED(ret)) AtomicDecrement(&pxipmRefCount);
return ret;
}
void pxipmExit(void)
{
if (AtomicDecrement(&pxipmRefCount)) return;
svcCloseHandle(pxipmHandle);
}
Result PXIPM_RegisterProgram(u64 *prog_handle, FS_ProgramInfo *title, FS_ProgramInfo *update)
{
u32 *cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(0x2,8,0); // 0x20200
memcpy(&cmdbuf[1], &title->programId, sizeof(u64));
*(u8 *)&cmdbuf[3] = title->mediaType;
memcpy(((u8 *)&cmdbuf[3])+1, &title->padding, 7);
memcpy(&cmdbuf[5], &update->programId, sizeof(u64));
*(u8 *)&cmdbuf[7] = update->mediaType;
memcpy(((u8 *)&cmdbuf[7])+1, &update->padding, 7);
Result ret = 0;
if(R_FAILED(ret = svcSendSyncRequest(pxipmHandle))) return ret;
*prog_handle = *(u64*)&cmdbuf[2];
return cmdbuf[1];
}
Result PXIPM_GetProgramInfo(exheader_header *exheader, u64 prog_handle)
{
u32 *cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(0x1,2,2); // 0x10082
cmdbuf[1] = (u32) (prog_handle);
cmdbuf[2] = (u32) (prog_handle >> 32);
cmdbuf[3] = (0x400 << 8) | 0x4;
cmdbuf[4] = (u32) exheader;
Result ret = 0;
if(R_FAILED(ret = svcSendSyncRequest(pxipmHandle))) return ret;
return cmdbuf[1];
}
Result PXIPM_UnregisterProgram(u64 prog_handle)
{
u32 *cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(0x3,2,0); // 0x30080
cmdbuf[1] = (u32) (prog_handle);
cmdbuf[2] = (u32) (prog_handle >> 32);
Result ret = 0;
if(R_FAILED(ret = svcSendSyncRequest(pxipmHandle))) return ret;
return cmdbuf[1];
}

10
injector/source/pxipm.h Normal file
View File

@@ -0,0 +1,10 @@
#pragma once
#include <3ds/types.h>
#include "exheader.h"
Result pxipmInit(void);
void pxipmExit(void);
Result PXIPM_RegisterProgram(u64 *prog_handle, FS_ProgramInfo *title, FS_ProgramInfo *update);
Result PXIPM_GetProgramInfo(exheader_header *exheader, u64 prog_handle);
Result PXIPM_UnregisterProgram(u64 prog_handle);

154
injector/source/srvsys.c Normal file
View File

@@ -0,0 +1,154 @@
#include <3ds.h>
#include <string.h>
#include "srvsys.h"
static Handle srvHandle;
static int srvRefCount;
static RecursiveLock initLock;
static int initLockinit = 0;
Result srvSysInit()
{
Result rc = 0;
if (!initLockinit)
{
RecursiveLock_Init(&initLock);
}
RecursiveLock_Lock(&initLock);
if (srvRefCount > 0)
{
RecursiveLock_Unlock(&initLock);
return MAKERESULT(RL_INFO, RS_NOP, 25, RD_ALREADY_INITIALIZED);
}
while (1)
{
rc = svcConnectToPort(&srvHandle, "srv:");
if (R_LEVEL(rc) != RL_PERMANENT ||
R_SUMMARY(rc) != RS_NOTFOUND ||
R_DESCRIPTION(rc) != RD_NOT_FOUND
) break;
svcSleepThread(500000);
}
if (R_SUCCEEDED(rc))
{
rc = srvSysRegisterClient();
srvRefCount++;
}
RecursiveLock_Unlock(&initLock);
return rc;
}
Result srvSysRegisterClient(void)
{
Result rc = 0;
u32* cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(0x1,0,2); // 0x10002
cmdbuf[1] = IPC_Desc_CurProcessHandle();
if(R_FAILED(rc = svcSendSyncRequest(srvHandle)))return rc;
return cmdbuf[1];
}
Result srvSysExit()
{
Result rc;
RecursiveLock_Lock(&initLock);
if (srvRefCount > 1)
{
srvRefCount--;
RecursiveLock_Unlock(&initLock);
return MAKERESULT(RL_INFO, RS_NOP, 25, RD_BUSY);
}
if (srvHandle != 0) svcCloseHandle(srvHandle);
else svcBreak(USERBREAK_ASSERT);
rc = (Result)srvHandle; // yeah, I think this is a benign bug
srvHandle = 0;
srvRefCount--;
RecursiveLock_Unlock(&initLock);
return rc;
}
Result srvSysGetServiceHandle(Handle* out, const char* name)
{
Result rc = 0;
u32* cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(0x5,4,0); // 0x50100
strncpy((char*) &cmdbuf[1], name,8);
cmdbuf[3] = strlen(name);
cmdbuf[4] = 0x0;
if(R_FAILED(rc = svcSendSyncRequest(srvHandle)))return rc;
if(out) *out = cmdbuf[3];
return cmdbuf[1];
}
Result srvSysEnableNotification(Handle* semaphoreOut)
{
Result rc = 0;
u32* cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(0x2,0,0);
if(R_FAILED(rc = svcSendSyncRequest(srvHandle)))return rc;
if(semaphoreOut) *semaphoreOut = cmdbuf[3];
return cmdbuf[1];
}
Result srvSysReceiveNotification(u32* notificationIdOut)
{
Result rc = 0;
u32* cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(0xB,0,0); // 0xB0000
if(R_FAILED(rc = svcSendSyncRequest(srvHandle)))return rc;
if(notificationIdOut) *notificationIdOut = cmdbuf[2];
return cmdbuf[1];
}
Result srvSysRegisterService(Handle* out, const char* name, int maxSessions)
{
Result rc = 0;
u32* cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(0x3,4,0); // 0x30100
strncpy((char*) &cmdbuf[1], name,8);
cmdbuf[3] = strlen(name);
cmdbuf[4] = maxSessions;
if(R_FAILED(rc = svcSendSyncRequest(srvHandle)))return rc;
if(out) *out = cmdbuf[3];
return cmdbuf[1];
}
Result srvSysUnregisterService(const char* name)
{
Result rc = 0;
u32* cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(0x4,3,0); // 0x400C0
strncpy((char*) &cmdbuf[1], name,8);
cmdbuf[3] = strlen(name);
if(R_FAILED(rc = svcSendSyncRequest(srvHandle)))return rc;
return cmdbuf[1];
}

47
injector/source/srvsys.h Normal file
View File

@@ -0,0 +1,47 @@
/**
* @file srv.h
* @brief Service API.
*/
#pragma once
/// Initializes the service API.
Result srvSysInit(void);
/// Exits the service API.
Result srvSysExit(void);
/**
* @brief Retrieves a service handle, retrieving from the environment handle list if possible.
* @param out Pointer to write the handle to.
* @param name Name of the service.
*/
Result srvSysGetServiceHandle(Handle* out, const char* name);
/// Registers the current process as a client to the service API.
Result srvSysRegisterClient(void);
/**
* @brief Enables service notificatios, returning a notification semaphore.
* @param semaphoreOut Pointer to output the notification semaphore to.
*/
Result srvSysEnableNotification(Handle* semaphoreOut);
/**
* @brief Receives a notification.
* @param notificationIdOut Pointer to output the ID of the received notification to.
*/
Result srvSysReceiveNotification(u32* notificationIdOut);
/**
* @brief Registers the current process as a service.
* @param out Pointer to write the service handle to.
* @param name Name of the service.
* @param maxSessions Maximum number of sessions the service can handle.
*/
Result srvSysRegisterService(Handle* out, const char* name, int maxSessions);
/**
* @brief Unregisters the current process as a service.
* @param name Name of the service.
*/
Result srvSysUnregisterService(const char* name);

6
loader/Makefile
View File

@@ -32,8 +32,8 @@ INCLUDES := include source/fatfs source/fatfs/sdmmc
ARCH := -mthumb -mthumb-interwork
CFLAGS := -g -Wall -O2\
-march=armv5te -mtune=arm946e-s -fomit-frame-pointer\
-ffast-math -std=c99\
-march=armv5te -mtune=arm946e-s\
-ffast-math -Wno-main -std=c99\
$(ARCH)
CFLAGS += $(INCLUDE) -DARM9
@@ -105,7 +105,7 @@ $(BUILD):
#---------------------------------------------------------------------------------
clean:
@echo clean ...
@rm -fr $(BUILD) $(OUTPUT).elf arm9loaderhax.bin
@rm -fr $(BUILD) $(OUTPUT).elf
#---------------------------------------------------------------------------------

14
loader/source/buttons.h Normal file
View File

@@ -0,0 +1,14 @@
#pragma once
#include "types.h"
#define HID_PAD (*(vu16 *)0x10146000 ^ 0xFFF)
#define BUTTON_B (1 << 1)
#define BUTTON_X (1 << 10)
#define BUTTON_Y (1 << 11)
#define BUTTON_SELECT (1 << 2)
#define BUTTON_START (1 << 3)
#define BUTTON_RIGHT (1 << 4)
#define BUTTON_LEFT (1 << 5)
#define BUTTON_UP (1 << 6)
#define BUTTON_DOWN (1 << 7)

2
loader/source/fatfs/diskio.c
View File

@@ -69,7 +69,7 @@ DRESULT disk_read (
DRESULT disk_write (
__attribute__((unused))
BYTE pdrv, /* Physical drive nmuber to identify the drive */
const BYTE *buff, /* Data to be written */
const BYTE *buff, /* Data to be written */
DWORD sector, /* Sector address in LBA */
UINT count /* Number of sectors to write */
)

11
loader/source/fatfs/ff.c
View File

@@ -811,7 +811,7 @@ FRESULT sync_fs ( /* FR_OK: successful, FR_DISK_ERR: failed */
/*-----------------------------------------------------------------------*/
/* Hidden API for hacks and disk tools */
DWORD clust2sect ( /* !=0: Sector number, 0: Failed - invalid cluster# */
static DWORD clust2sect ( /* !=0: Sector number, 0: Failed - invalid cluster# */
FATFS* fs, /* File system object */
DWORD clst /* Cluster# to be converted */
)
@@ -829,7 +829,7 @@ DWORD clust2sect ( /* !=0: Sector number, 0: Failed - invalid cluster# */
/*-----------------------------------------------------------------------*/
/* Hidden API for hacks and disk tools */
DWORD get_fat ( /* 0xFFFFFFFF:Disk error, 1:Internal error, 2..0x0FFFFFFF:Cluster status */
static DWORD get_fat ( /* 0xFFFFFFFF:Disk error, 1:Internal error, 2..0x0FFFFFFF:Cluster status */
FATFS* fs, /* File system object */
DWORD clst /* FAT index number (cluster number) to get the value */
)
@@ -884,7 +884,7 @@ DWORD get_fat ( /* 0xFFFFFFFF:Disk error, 1:Internal error, 2..0x0FFFFFFF:Cluste
/* Hidden API for hacks and disk tools */
#if !_FS_READONLY
FRESULT put_fat (
static FRESULT put_fat (
FATFS* fs, /* File system object */
DWORD clst, /* FAT index number (cluster number) to be changed */
DWORD val /* New value to be set to the entry */
@@ -1314,7 +1314,7 @@ int cmp_lfn ( /* 1:Matched, 0:Not matched */
}
#if _FS_MINIMIZE <= 1 || _USE_LABEL || _FS_RPATH >= 2
static
int pick_lfn ( /* 1:Succeeded, 0:Buffer overflow */
WCHAR* lfnbuf, /* Pointer to the Unicode-LFN buffer */
@@ -1345,6 +1345,7 @@ int pick_lfn ( /* 1:Succeeded, 0:Buffer overflow */
return 1;
}
#endif
#if !_FS_READONLY
@@ -1385,7 +1386,7 @@ void fit_lfn (
/*-----------------------------------------------------------------------*/
/* Create numbered name */
/*-----------------------------------------------------------------------*/
#if _USE_LFN
#if _USE_LFN && !_FS_READONLY
static
void gen_numname (
BYTE* dst, /* Pointer to the buffer to store numbered SFN */

2
loader/source/fatfs/ffconf.h
View File

@@ -8,7 +8,7 @@
/ Functions and Buffer Configurations
/---------------------------------------------------------------------------*/
#define _FS_TINY 1
#define _FS_TINY 0
/* This option switches tiny buffer configuration. (0:Normal or 1:Tiny)
/ At the tiny configuration, size of the file object (FIL) is reduced _MAX_SS
/ bytes. Instead of private sector buffer eliminated from the file object,

151
loader/source/fatfs/option/syscall.c
View File

@@ -1,151 +0,0 @@
/*------------------------------------------------------------------------*/
/* Sample code of OS dependent controls for FatFs */
/* (C)ChaN, 2014 */
/*------------------------------------------------------------------------*/
#include "../ff.h"
#if _FS_REENTRANT
/*------------------------------------------------------------------------*/
/* Create a Synchronization Object */
/*------------------------------------------------------------------------*/
/* This function is called in f_mount() function to create a new
/ synchronization object, such as semaphore and mutex. When a 0 is returned,
/ the f_mount() function fails with FR_INT_ERR.
*/
int ff_cre_syncobj ( /* !=0:Function succeeded, ==0:Could not create due to any error */
BYTE vol, /* Corresponding logical drive being processed */
_SYNC_t *sobj /* Pointer to return the created sync object */
)
{
int ret;
*sobj = CreateMutex(NULL, FALSE, NULL); /* Win32 */
ret = (int)(*sobj != INVALID_HANDLE_VALUE);
// *sobj = SyncObjects[vol]; /* uITRON (give a static created sync object) */
// ret = 1; /* The initial value of the semaphore must be 1. */
// *sobj = OSMutexCreate(0, &err); /* uC/OS-II */
// ret = (int)(err == OS_NO_ERR);
// *sobj = xSemaphoreCreateMutex(); /* FreeRTOS */
// ret = (int)(*sobj != NULL);
return ret;
}
/*------------------------------------------------------------------------*/
/* Delete a Synchronization Object */
/*------------------------------------------------------------------------*/
/* This function is called in f_mount() function to delete a synchronization
/ object that created with ff_cre_syncobj function. When a 0 is returned,
/ the f_mount() function fails with FR_INT_ERR.
*/
int ff_del_syncobj ( /* !=0:Function succeeded, ==0:Could not delete due to any error */
_SYNC_t sobj /* Sync object tied to the logical drive to be deleted */
)
{
int ret;
ret = CloseHandle(sobj); /* Win32 */
// ret = 1; /* uITRON (nothing to do) */
// OSMutexDel(sobj, OS_DEL_ALWAYS, &err); /* uC/OS-II */
// ret = (int)(err == OS_NO_ERR);
// vSemaphoreDelete(sobj); /* FreeRTOS */
// ret = 1;
return ret;
}
/*------------------------------------------------------------------------*/
/* Request Grant to Access the Volume */
/*------------------------------------------------------------------------*/
/* This function is called on entering file functions to lock the volume.
/ When a 0 is returned, the file function fails with FR_TIMEOUT.
*/
int ff_req_grant ( /* 1:Got a grant to access the volume, 0:Could not get a grant */
_SYNC_t sobj /* Sync object to wait */
)
{
int ret;
ret = (int)(WaitForSingleObject(sobj, _FS_TIMEOUT) == WAIT_OBJECT_0); /* Win32 */
// ret = (int)(wai_sem(sobj) == E_OK); /* uITRON */
// OSMutexPend(sobj, _FS_TIMEOUT, &err)); /* uC/OS-II */
// ret = (int)(err == OS_NO_ERR);
// ret = (int)(xSemaphoreTake(sobj, _FS_TIMEOUT) == pdTRUE); /* FreeRTOS */
return ret;
}
/*------------------------------------------------------------------------*/
/* Release Grant to Access the Volume */
/*------------------------------------------------------------------------*/
/* This function is called on leaving file functions to unlock the volume.
*/
void ff_rel_grant (
_SYNC_t sobj /* Sync object to be signaled */
)
{
ReleaseMutex(sobj); /* Win32 */
// sig_sem(sobj); /* uITRON */
// OSMutexPost(sobj); /* uC/OS-II */
// xSemaphoreGive(sobj); /* FreeRTOS */
}
#endif
#if _USE_LFN == 3 /* LFN with a working buffer on the heap */
/*------------------------------------------------------------------------*/
/* Allocate a memory block */
/*------------------------------------------------------------------------*/
/* If a NULL is returned, the file function fails with FR_NOT_ENOUGH_CORE.
*/
void* ff_memalloc ( /* Returns pointer to the allocated memory block */
UINT msize /* Number of bytes to allocate */
)
{
return malloc(msize); /* Allocate a new memory block with POSIX API */
}
/*------------------------------------------------------------------------*/
/* Free a memory block */
/*------------------------------------------------------------------------*/
void ff_memfree (
void* mblock /* Pointer to the memory block to free */
)
{
free(mblock); /* Discard the memory block with POSIX API */
}
#endif

13
loader/source/fatfs/sdmmc/common.h
View File

@@ -1,15 +1,4 @@
#pragma once
#include <stdint.h>
#include <stddef.h>
#include <stdbool.h>
#define u8 uint8_t
#define u16 uint16_t
#define u32 uint32_t
#define u64 uint64_t
#define vu8 volatile u8
#define vu16 volatile u16
#define vu32 volatile u32
#define vu64 volatile u64
#include "../../types.h"

2
loader/source/fatfs/sdmmc/delay.h
View File

@@ -6,4 +6,4 @@
#include "common.h"
void waitcycles(u32 us);
void ioDelay(u32 us);

30
loader/source/fatfs/sdmmc/delay.s
View File

@@ -1,15 +1,17 @@
.arm
.global waitcycles
.type waitcycles STT_FUNC
// Copyright 2014 Normmatt
// Licensed under GPLv2 or any later version
// Refer to the license.txt file included.
@waitcycles ( u32 us )
waitcycles:
PUSH {R0-R2,LR}
STR R0, [SP,#4]
waitcycles_loop:
LDR R3, [SP,#4]
SUBS R2, R3, #1
STR R2, [SP,#4]
CMP R3, #0
BNE waitcycles_loop
POP {R0-R2,PC}
.arm
.global ioDelay
.type ioDelay STT_FUNC
@ioDelay ( u32 us )
ioDelay:
ldr r1, =0x18000000 @ VRAM
1:
@ Loop doing uncached reads from VRAM to make loop timing more reliable
ldr r2, [r1]
subs r0, #1
bgt 1b
bx lr

6
loader/source/fatfs/sdmmc/sdmmc.c
View File

@@ -2,8 +2,6 @@
// Licensed under GPLv2 or any later version
// Refer to the license.txt file included.
#include "common.h"
#include "sdmmc.h"
#include "delay.h"
@@ -286,7 +284,7 @@ static void InitSD()
static int Nand_Init()
{
inittarget(&handleNAND);
waitcycles(0xF000);
ioDelay(0xF000);
sdmmc_send_command(&handleNAND,0,0);
@@ -337,7 +335,7 @@ static int SD_Init()
{
inittarget(&handleSD);
waitcycles(1u << 18); //Card needs a little bit of time to be detected, it seems
ioDelay(1u << 18); //Card needs a little bit of time to be detected, it seems
//If not inserted
if (!(*((vu16*)0x1000601c) & TMIO_STAT0_SIGSTATE)) return -1;

3
loader/source/fatfs/sdmmc/sdmmc.h
View File

@@ -124,5 +124,4 @@ u32 sdmmc_sdcard_writesectors(u32 sector_no, u32 numsectors, vu8 *in);
mmcdevice *getMMCDevice(int drive);
u32 sdmmc_nand_readsectors(u32 sector_no, u32 numsectors, vu8 *out);
u32 sdmmc_nand_writesectors(u32 sector_no, u32 numsectors, vu8 *in);
u32 sdmmc_nand_writesectors(u32 sector_no, u32 numsectors, vu8 *in);

36
loader/source/main.c
View File

@@ -1,19 +1,39 @@
#include "types.h"
#include "buttons.h"
#include "fatfs/ff.h"
#define PAYLOAD_ADDRESS 0x23F00000
int main()
{
FATFS fs;
static u32 loadPayload(const char *path){
FIL payload;
unsigned int br;
f_mount(&fs, "0:", 1);
if(f_open(&payload, "rei/arm9payload.bin", FA_READ) == FR_OK)
if(f_open(&payload, path, FA_READ) == FR_OK)
{
f_read(&payload, (void *)PAYLOAD_ADDRESS, f_size(&payload), &br);
((void (*)())PAYLOAD_ADDRESS)();
f_close(&payload);
return 1;
}
return 1;
return 0;
}
void main(void){
FATFS fs;
f_mount(&fs, "0:", 1);
//Get pressed buttons
u16 pressed = HID_PAD;
if(((pressed & BUTTON_B) && loadPayload("/aurei/payloads/b.bin")) ||
((pressed & BUTTON_X) && loadPayload("/aurei/payloads/x.bin")) ||
((pressed & BUTTON_Y) && loadPayload("/aurei/payloads/y.bin")) ||
((pressed & BUTTON_SELECT) && loadPayload("/aurei/payloads/select.bin")) ||
((pressed & BUTTON_START) && loadPayload("/aurei/payloads/start.bin")) ||
((pressed & BUTTON_RIGHT) && loadPayload("/aurei/payloads/right.bin")) ||
((pressed & BUTTON_LEFT) && loadPayload("/aurei/payloads/left.bin")) ||
((pressed & BUTTON_UP) && loadPayload("/aurei/payloads/up.bin")) ||
((pressed & BUTTON_DOWN) && loadPayload("/aurei/payloads/down.bin")) ||
loadPayload("/aurei/payloads/default.bin"))
((void (*)())PAYLOAD_ADDRESS)();
}

3
loader/source/start.s
View File

@@ -2,6 +2,9 @@
.align 4
.global _start
_start:
@ Fix payloads like Decrypt9
mov r0, #0x5
mcr p15, 0, r0, c3, c0, 0 @ data bufferable
@ Flush caches
mov r0, #0

20
loader/source/types.h Normal file
View File

@@ -0,0 +1,20 @@
/*
* types.h
* by Reisyukaku
* Copyright (c) 2015 All Rights Reserved
*/
#pragma once
#include <stdint.h>
#include <stdlib.h>
//Common data types
typedef uint8_t u8;
typedef uint16_t u16;
typedef uint32_t u32;
typedef uint64_t u64;
typedef volatile u8 vu8;
typedef volatile u16 vu16;
typedef volatile u32 vu32;
typedef volatile u64 vu64;

16
emunand/emuCode.s → patches/emunand.s
View File

@@ -1,9 +1,6 @@
.nds
.arm.little
sdmmc equ 0x434D4453 ;dummy
.create "emunand.bin", 0x0801A5C0
.org 0x0801A5C0
.create "emunand.bin", 0
.arm
nand_sd:
; Original code that still needs to be executed.
@@ -15,7 +12,7 @@ nand_sd:
; If we're already trying to access the SD, return.
ldr r2, [r0, #4]
ldr r1, =sdmmc
ldr r1, [sdmmc]
cmp r2, r1
beq nand_sd_ret
@@ -23,12 +20,10 @@ nand_sd:
ldr r2, [r0, #8] ; Get sector to read
cmp r2, #0 ; For GW compatibility, see if we're trying to read the ncsd header (sector 0)
ldr r3, =nand_offset
ldr r3, [r3]
ldr r3, [nand_offset]
add r2, r3 ; Add the offset to the NAND in the SD.
ldreq r3, =ncsd_header_offset
ldreq r3, [r3]
ldreq r3, [ncsd_header_offset]
addeq r2, r3 ; If we're reading the ncsd header, add the offset of that sector.
str r2, [r0, #8] ; Store sector to read
@@ -45,6 +40,7 @@ nand_sd:
add r0, #4
bx r0
.pool
sdmmc: .ascii "SDMC"
nand_offset: .ascii "NAND" ; for rednand this should be 1
ncsd_header_offset: .ascii "NCSD" ; depends on nand manufacturer + emunand type (GW/RED)
.close

18
reboot/rebootCode.s → patches/reboot.s
View File

@@ -1,12 +1,11 @@
.nds
.create "reboot.bin", 0
.arm.little
byteswritten equ 0x2000E000
externalFirm equ 0x2000A000
kernelCode equ 0x080F0000
buffer equ 0x24000000
fileOpen equ 0x4E45504F ;dummy
.create "reboot.bin", 0
.arm
//Code jumps here right after the sprintf call
process9Reboot:
@@ -34,18 +33,16 @@ process9Reboot:
ldreq r1, =(FileName - OpenFirm - 12)
addeq r1, pc
addne r1, sp, #0x3A8-0x70
ldr r0, =externalFirm
moveq r2, #1
movne r2, #0
str r2, [r0]
str r2, [externalFirm]
mov r2, #1
add r0, r7, #8
ldr r6, =fileOpen
blx r6
SeekFirm:
ldr r0, =externalFirm
ldr r0, [r0]
ldr r0, [externalFirm]
cmp r0, #1
moveq r0, r7
ldreq r1, =byteswritten
@@ -97,11 +94,14 @@ Memcpy:
LDMFD SP!, {R0-R4}
MOV LR, R12
BX LR
FileName:
.dcw "sdmc:/rei/patched_firmware_sys.bin"
.dcw "sdmc:/aurei/patched_firmware_sys.bin"
.word 0x0
externalFirm:
.word 0x2000A000
.pool
// Kernel Code

26
source/buttons.h Normal file
View File

@@ -0,0 +1,26 @@
/*
* buttons.h
* by Aurora Wright
* Copyright (c) 2016 All Rights Reserved
*/
#pragma once
#include "types.h"
#define HID_PAD (*(vu16 *)0x10146000 ^ 0xFFF)
#define BUTTON_R1 (1 << 8)
#define BUTTON_L1 (1 << 9)
#define BUTTON_A 1
#define BUTTON_B (1 << 1)
#define BUTTON_SELECT (1 << 2)
#define BUTTON_START (1 << 3)
#define BUTTON_RIGHT (1 << 4)
#define BUTTON_LEFT (1 << 5)
#define BUTTON_UP (1 << 6)
#define BUTTON_DOWN (1 << 7)
#define BUTTON_L1R1 ((1 << 8) | (1 << 9))
#define SAFE_MODE (BUTTON_L1R1 | BUTTON_A | BUTTON_UP)
#define OPTION_BUTTONS (BUTTON_L1R1 | BUTTON_A)
#define PAYLOAD_BUTTONS ((BUTTON_L1 | BUTTON_A) ^ 0xFFF)
#define MENU_BUTTONS (BUTTON_LEFT | BUTTON_RIGHT | BUTTON_UP | BUTTON_DOWN | BUTTON_A | BUTTON_START)

56
source/crypto.c
View File

@@ -1,4 +1,10 @@
// From http://github.com/b1l1s/ctr
/*
* crypto.c
* by Reisyukaku / Aurora Wright
* Crypto libs from http://github.com/b1l1s/ctr
*
* Copyright (c) 2016 All Rights Reserved
*/
#include "crypto.h"
#include "memory.h"
@@ -54,10 +60,10 @@ __asm__\
}
#endif /*__thumb__*/
void aes_setkey(u8 keyslot, const void* key, u32 keyType, u32 mode)
static void aes_setkey(u8 keyslot, const void *key, u32 keyType, u32 mode)
{
if(keyslot <= 0x03) return; // Ignore TWL keys for now
u32 * key32 = (u32 *)key;
u32 *key32 = (u32 *)key;
*REG_AESCNT = (*REG_AESCNT & ~(AES_CNT_INPUT_ENDIAN | AES_CNT_INPUT_ORDER)) | mode;
*REG_AESKEYCNT = (*REG_AESKEYCNT >> 6 << 6) | keyslot | AES_KEYCNT_WRITE;
@@ -67,7 +73,7 @@ void aes_setkey(u8 keyslot, const void* key, u32 keyType, u32 mode)
REG_AESKEYFIFO[keyType] = key32[3];
}
void aes_use_keyslot(u8 keyslot)
static void aes_use_keyslot(u8 keyslot)
{
if(keyslot > 0x3F)
return;
@@ -76,7 +82,7 @@ void aes_use_keyslot(u8 keyslot)
*REG_AESCNT = *REG_AESCNT | 0x04000000; /* mystery bit */
}
void aes_setiv(const void* iv, u32 mode)
static void aes_setiv(const void *iv, u32 mode)
{
const u32 *iv32 = (const u32 *)iv;
*REG_AESCNT = (*REG_AESCNT & ~(AES_CNT_INPUT_ENDIAN | AES_CNT_INPUT_ORDER)) | mode;
@@ -98,9 +104,9 @@ void aes_setiv(const void* iv, u32 mode)
}
}
void aes_advctr(void *ctr, u32 val, u32 mode)
static void aes_advctr(void *ctr, u32 val, u32 mode)
{
u32 *ctr32 = (u32*)ctr;
u32 *ctr32 = (u32 *)ctr;
int i;
if(mode & AES_INPUT_BE)
@@ -125,7 +131,7 @@ void aes_advctr(void *ctr, u32 val, u32 mode)
}
}
void aes_change_ctrmode(void *ctr, u32 fromMode, u32 toMode)
static void aes_change_ctrmode(void *ctr, u32 fromMode, u32 toMode)
{
u32 *ctr32 = (u32 *)ctr;
int i;
@@ -147,7 +153,7 @@ void aes_change_ctrmode(void *ctr, u32 fromMode, u32 toMode)
}
}
void aes_batch(void *dst, const void *src, u32 blockCount)
static void aes_batch(void *dst, const void *src, u32 blockCount)
{
*REG_AESBLKCNT = blockCount << 16;
*REG_AESCNT |= AES_CNT_START;
@@ -180,7 +186,7 @@ void aes_batch(void *dst, const void *src, u32 blockCount)
}
}
void aes(void *dst, const void *src, u32 blockCount, void *iv, u32 mode, u32 ivMode)
static void aes(void *dst, const void *src, u32 blockCount, void *iv, u32 mode, u32 ivMode)
{
*REG_AESCNT = mode |
AES_CNT_INPUT_ORDER | AES_CNT_OUTPUT_ORDER |
@@ -228,12 +234,12 @@ void aes(void *dst, const void *src, u32 blockCount, void *iv, u32 mode, u32 ivM
****************************************************************/
//Nand key#2 (0x12C10)
const u8 key2[0x10] = {
static const u8 key2[0x10] = {
0x42, 0x3F, 0x81, 0x7A, 0x23, 0x52, 0x58, 0x31, 0x6E, 0x75, 0x8E, 0x3A, 0x39, 0x43, 0x2E, 0xD0
};
//Get Nand CTR key
void getNandCTR(u8 *buf, u32 console){
static void getNandCTR(u8 *buf, u32 console){
u8 *addr = (console ? (u8 *)0x080D8BBC : (u8 *)0x080D797C) + 0x0F;
for(u8 keyLen = 0x10; keyLen; keyLen--)
*(buf++) = *(addr--);
@@ -243,14 +249,16 @@ void getNandCTR(u8 *buf, u32 console){
void nandFirm0(u8 *outbuf, u32 size, u32 console){
u8 CTR[0x10];
getNandCTR(CTR, console);
aes_advctr(CTR, 0x0B130000/0x10, AES_INPUT_BE | AES_INPUT_NORMAL);
sdmmc_nand_readsectors(0x0B130000 / 0x200, size / 0x200, outbuf);
aes_advctr(CTR, 0x0B130000/0x10, AES_INPUT_BE | AES_INPUT_NORMAL);
aes_use_keyslot(0x06);
aes(outbuf, outbuf, size / AES_BLOCK_SIZE, CTR, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
}
//Decrypts the N3DS arm9bin
void decArm9Bin(u8 *armHdr, u32 mode){
void decryptArm9Bin(u8 *arm9Section, u32 mode){
//Firm keys
u8 keyY[0x10];
@@ -258,12 +266,12 @@ void decArm9Bin(u8 *armHdr, u32 mode){
u8 slot = mode ? 0x16 : 0x15;
//Setup keys needed for arm9bin decryption
memcpy(keyY, armHdr+0x10, 0x10);
memcpy(CTR, armHdr+0x20, 0x10);
memcpy(keyY, arm9Section + 0x10, 0x10);
memcpy(CTR, arm9Section + 0x20, 0x10);
u32 size = 0;
//http://stackoverflow.com/questions/12791077/atoi-implementation-in-c
for(u8 *tmp = armHdr+0x30; *tmp; tmp++)
size = (size<<3)+(size<<1)+(*tmp)-'0';
for(u8 *tmp = arm9Section + 0x30; *tmp; tmp++)
size = (size << 3) + (size << 1) + (*tmp) - '0';
if(mode){
u8 keyX[0x10];
@@ -271,7 +279,7 @@ void decArm9Bin(u8 *armHdr, u32 mode){
//Set 0x11 to key2 for the arm9bin and misc keys
aes_setkey(0x11, key2, AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
aes_use_keyslot(0x11);
aes(keyX, armHdr+0x60, 1, NULL, AES_ECB_DECRYPT_MODE, 0);
aes(keyX, arm9Section + 0x60, 1, NULL, AES_ECB_DECRYPT_MODE, 0);
aes_setkey(slot, keyX, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
}
@@ -280,14 +288,14 @@ void decArm9Bin(u8 *armHdr, u32 mode){
aes_use_keyslot(slot);
//Decrypt arm9bin
aes(armHdr+0x800, armHdr+0x800, size/AES_BLOCK_SIZE, CTR, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
aes(arm9Section + 0x800, arm9Section + 0x800, size/AES_BLOCK_SIZE, CTR, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
}
//Sets the N3DS 9.6 KeyXs
void setKeyXs(u8 *armHdr){
void setKeyXs(u8 *arm9Section){
u8 *keyData = armHdr+0x89814;
u8 *decKey = keyData+0x10;
u8 *keyData = arm9Section + 0x89814;
u8 *decKey = keyData + 0x10;
//Set keys 0x19..0x1F keyXs
aes_setkey(0x11, key2, AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
@@ -295,6 +303,6 @@ void setKeyXs(u8 *armHdr){
for(u8 slot = 0x19; slot < 0x20; slot++){
aes(decKey, keyData, 1, NULL, AES_ECB_DECRYPT_MODE, 0);
aes_setkey(slot, decKey, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
*(keyData+0xF) += 1;
*(keyData + 0xF) += 1;
}
}

69
source/crypto.h
View File

@@ -1,56 +1,59 @@
// From http://github.com/b1l1s/ctr
/*
* crypto.h
* by Reisyukaku / Aurora Wright
* Crypto libs from http://github.com/b1l1s/ctr
*
* Copyright (c) 2016 All Rights Reserved
*/
#ifndef CRYPTO_INC
#define CRYPTO_INC
#pragma once
#include "types.h"
/**************************AES****************************/
#define REG_AESCNT ((volatile u32*)0x10009000)
#define REG_AESBLKCNT ((volatile u32*)0x10009004)
#define REG_AESWRFIFO ((volatile u32*)0x10009008)
#define REG_AESRDFIFO ((volatile u32*)0x1000900C)
#define REG_AESKEYSEL ((volatile u8 *)0x10009010)
#define REG_AESKEYCNT ((volatile u8 *)0x10009011)
#define REG_AESCTR ((volatile u32*)0x10009020)
#define REG_AESCNT ((vu32 *)0x10009000)
#define REG_AESBLKCNT ((vu32 *)0x10009004)
#define REG_AESWRFIFO ((vu32 *)0x10009008)
#define REG_AESRDFIFO ((vu32 *)0x1000900C)
#define REG_AESKEYSEL ((vu8 *)0x10009010)
#define REG_AESKEYCNT ((vu8 *)0x10009011)
#define REG_AESCTR ((vu32 *)0x10009020)
#define REG_AESKEYFIFO ((volatile u32*)0x10009100)
#define REG_AESKEYXFIFO ((volatile u32*)0x10009104)
#define REG_AESKEYYFIFO ((volatile u32*)0x10009108)
#define REG_AESKEYFIFO ((vu32 *)0x10009100)
#define REG_AESKEYXFIFO ((vu32 *)0x10009104)
#define REG_AESKEYYFIFO ((vu32 *)0x10009108)
#define AES_CCM_DECRYPT_MODE (0u << 27)
#define AES_CCM_ENCRYPT_MODE (1u << 27)
#define AES_CTR_MODE (2u << 27)
#define AES_CTR_MODE (2u << 27)
#define AES_CTR_MODE (2u << 27)
#define AES_CTR_MODE (2u << 27)
#define AES_CBC_DECRYPT_MODE (4u << 27)
#define AES_CBC_ENCRYPT_MODE (5u << 27)
#define AES_ECB_DECRYPT_MODE (6u << 27)
#define AES_ECB_ENCRYPT_MODE (7u << 27)
#define AES_ALL_MODES (7u << 27)
#define AES_ALL_MODES (7u << 27)
#define AES_CNT_START 0x80000000
#define AES_CNT_INPUT_ORDER 0x02000000
#define AES_CNT_START 0x80000000
#define AES_CNT_INPUT_ORDER 0x02000000
#define AES_CNT_OUTPUT_ORDER 0x01000000
#define AES_CNT_INPUT_ENDIAN 0x00800000
#define AES_CNT_OUTPUT_ENDIAN 0x00400000
#define AES_CNT_FLUSH_READ 0x00000800
#define AES_CNT_FLUSH_WRITE 0x00000400
#define AES_CNT_FLUSH_READ 0x00000800
#define AES_CNT_FLUSH_WRITE 0x00000400
#define AES_INPUT_BE (AES_CNT_INPUT_ENDIAN)
#define AES_INPUT_LE 0
#define AES_INPUT_NORMAL (AES_CNT_INPUT_ORDER)
#define AES_INPUT_REVERSED 0
#define AES_INPUT_BE (AES_CNT_INPUT_ENDIAN)
#define AES_INPUT_LE 0
#define AES_INPUT_NORMAL (AES_CNT_INPUT_ORDER)
#define AES_INPUT_REVERSED 0
#define AES_BLOCK_SIZE 0x10
#define AES_BLOCK_SIZE 0x10
#define AES_KEYCNT_WRITE (1 << 0x7)
#define AES_KEYNORMAL 0
#define AES_KEYX 1
#define AES_KEYY 2
#define AES_KEYCNT_WRITE (1 << 0x7)
#define AES_KEYNORMAL 0
#define AES_KEYX 1
#define AES_KEYY 2
//NAND/FIRM stuff
void nandFirm0(u8 *outbuf, u32 size, u32 console);
void decArm9Bin(u8 *armHdr, u32 mode);
void setKeyXs(u8 *armHdr);
#endif
void decryptArm9Bin(u8 *arm9Section, u32 mode);
void setKeyXs(u8 *arm9Section);

93
source/draw.c
View File

@@ -1,43 +1,82 @@
/*
* draw.c
* by Reisyukaku
* Copyright (c) 2015 All Rights Reserved
* by Reisyukaku / Aurora Wright
* Code to print to the screen by mid-kid @CakesFW
*
* Copyright (c) 2016 All Rights Reserved
*/
#include "draw.h"
#include "fs.h"
#include "memory.h"
#include "font.h"
static struct fb *fb = (struct fb *)0x23FFFE00;
#define SCREEN_TOP_WIDTH 400
#define SCREEN_TOP_HEIGHT 240
void shutdownLCD(void){
static const struct fb {
u8 *top_left;
u8 *top_right;
u8 *bottom;
} *const fb = (struct fb *)0x23FFFE00;
vu32 *arm11 = (vu32 *)0x1FFFFFF8;
//Clear ARM11 entry offset
*arm11 = 0;
//Shutdown LCDs
*(vu32*)0x10202A44 = 0;
*(vu32*)0x10202244 = 0;
*(vu32*)0x10202014 = 0;
//Wait for the ARM11 entrypoint to be set
while(!*arm11);
//Jump to it
((void (*)())*arm11)();
static int strlen(const char *string){
char *stringEnd = (char *)string;
while(*stringEnd) stringEnd++;
return stringEnd - string;
}
void clearScreen(void){
memset(fb->top_left, 0, 0x46500);
memset(fb->top_right, 0, 0x46500);
memset(fb->bottom, 0, 0x38400);
void clearScreens(void){
memset32(fb->top_left, 0, 0x46500);
memset32(fb->top_right, 0, 0x46500);
memset32(fb->bottom, 0, 0x38400);
}
void loadSplash(void){
//Check if it's a no-screen-init A9LH boot via PDN_GPU_CNT
if(*(u8 *)0x10141200 == 0x1) return;
clearScreen();
if(!fileRead(fb->top_left, "/rei/splash.bin", 0x46500)) return;
u64 i = 0xFFFFFF; while(--i) __asm("mov r0, r0"); //Less Ghetto sleep func
clearScreens();
//Don't delay boot if no splash image is on the SD
if(fileRead(fb->top_left, "/aurei/splash.bin", 0x46500) +
fileRead(fb->bottom, "/aurei/splashbottom.bin", 0x38400)){
u64 i = 0x1300000; while(--i) __asm("mov r0, r0"); //Less Ghetto sleep func
}
}
void drawCharacter(char character, int posX, int posY, u32 color){
u8 *const select = fb->top_left;
for(int y = 0; y < 8; y++){
char charPos = font[character * 8 + y];
for(int x = 7; x >= 0; x--){
int screenPos = (posX * SCREEN_TOP_HEIGHT * 3 + (SCREEN_TOP_HEIGHT - y - posY - 1) * 3) + (7 - x) * 3 * SCREEN_TOP_HEIGHT;
if ((charPos >> x) & 1) {
select[screenPos] = color >> 16;
select[screenPos + 1] = color >> 8;
select[screenPos + 2] = color;
}
}
}
}
int drawString(const char *string, int posX, int posY, u32 color){
int length = strlen(string);
for(int i = 0, line_i = 0; i < length; i++, line_i++){
if(string[i] == '\n'){
posY += SPACING_Y;
line_i = 0;
i++;
} else if(line_i >= (SCREEN_TOP_WIDTH - posX) / SPACING_X){
// Make sure we never get out of the screen.
posY += SPACING_Y;
line_i = 2; // Little offset so we know the same string continues.
if(string[i] == ' ') i++; // Spaces at the start look weird
}
drawCharacter(string[i], posX + line_i * SPACING_X, posY, color);
}
return posY;
}

22
source/draw.h
View File

@@ -1,21 +1,19 @@
/*
* draw.h
* by Reisyukaku
* Copyright (c) 2015 All Rights Reserved
* by Reisyukaku / Aurora Wright
* Code to print to the screen by mid-kid @CakesFW
*
* Copyright (c) 2016 All Rights Reserved
*/
#ifndef DRAW_INC
#define DRAW_INC
#pragma once
#include "types.h"
struct fb {
u8 *top_left;
u8 *top_right;
u8 *bottom;
};
#define SPACING_Y 10
#define SPACING_X 8
void loadSplash(void);
void shutdownLCD(void);
#endif
void clearScreens(void);
void drawCharacter(char character, int posX, int posY, u32 color);
int drawString(const char *string, int posX, int posY, u32 color);

69
source/emunand.c
View File

@@ -1,55 +1,64 @@
/*
* emunand.c
* by Reisyukaku
* Copyright (c) 2015 All Rights Reserved
* by Reisyukaku / Aurora Wright
* Copyright (c) 2016 All Rights Reserved
*/
#include "emunand.h"
#include "memory.h"
#include "fatfs/sdmmc/sdmmc.h"
static u8 *temp = (u8 *)0x24300000;
void getEmunandSect(u32 *off, u32 *head, u32 emuNAND){
u8 *const temp = (u8 *)0x24300000;
void getEmunandSect(u32 *off, u32 *head){
u32 nandSize = getMMCDevice(0)->total_size;
if(sdmmc_sdcard_readsectors(nandSize, 1, temp) == 0){
u32 nandOffset = emuNAND == 1 ? 0 :
(nandSize > 0x200000 ? 0x400000 : 0x200000);
//Check for RedNAND
if(sdmmc_sdcard_readsectors(nandOffset + 1, 1, temp) == 0){
if(*(u32 *)(temp + 0x100) == NCSD_MAGIC){
*off = 0;
*head = nandSize;
*off = nandOffset + 1;
*head = nandOffset + 1;
}
//Check for Gateway emuNAND
else if(sdmmc_sdcard_readsectors(nandOffset + nandSize, 1, temp) == 0){
if(*(u32 *)(temp + 0x100) == NCSD_MAGIC){
*off = nandOffset;
*head = nandOffset + nandSize;
}
//Fallback to the first emuNAND if there's no second one
else if(emuNAND == 2) getEmunandSect(off, head, 1);
}
}
}
void getSDMMC(void *pos, u32 *off, u32 size){
u32 getSDMMC(u8 *pos, u32 size){
//Look for struct code
const unsigned char pattern[] = {0x21, 0x20, 0x18, 0x20};
*off = (u32)memsearch(pos, pattern, size, 4) - 1;
//Get DCD values
u8 buf[4];
u32 addr = 0,
additive = 0,
p;
memcpy(buf, (void *)(*off+0x0A), 4);
for (p = 0; p < 4; p++) addr |= ((u32) buf[p]) << (8 * p);
memcpy(buf, (void *)(*off+0x0E), 4);
for (p = 0; p < 4; p++) additive |= ((u32) buf[p]) << (8 * p);
//Return result
*off = addr + additive;
const u8 pattern[] = {0x21, 0x20, 0x18, 0x20};
const u8 *off = memsearch(pos, pattern, size, 4) - 1;
return *(u32 *)(off + 0x0A) + *(u32 *)(off + 0x0E);
}
void getEmuRW(void *pos, u32 size, u32 *readOff, u32 *writeOff){
void getEmuRW(u8 *pos, u32 size, u32 *readOff, u32 *writeOff){
//Look for read/write code
const unsigned char pattern[] = {0x1E, 0x00, 0xC8, 0x05};
const u8 pattern[] = {0x1E, 0x00, 0xC8, 0x05};
*writeOff = (u32)memsearch(pos, pattern, size, 4) - 6;
*readOff = (u32)memsearch((void *)(*writeOff - 0x1000), pattern, 0x1000, 4) - 6;
*readOff = (u32)memsearch(pos, pattern, size, 4) - 6;
*writeOff = (u32)memsearch((u8 *)(*readOff + 0xA), pattern, 0x100, 4) - 6;
}
void getMPU(void *pos, u32 *off, u32 size){
u32 *getMPU(u8 *pos, u32 size){
//Look for MPU pattern
const unsigned char pattern[] = {0x03, 0x00, 0x24, 0x00};
const u8 pattern[] = {0x03, 0x00, 0x24, 0x00};
*off = (u32)memsearch(pos, pattern, size, 4);
return (u32 *)memsearch(pos, pattern, size, 4);
}
void *getEmuCode(u8 *proc9Offset){
const u8 pattern[] = {0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0x00};
//Looking for the last free space before Process9
return memsearch(proc9Offset - 0x3000, pattern, 0x3000, 6) + 0x455;
}

18
source/emunand.h
View File

@@ -1,19 +1,17 @@
/*
* emunand.h
* by Reisyukaku
* Copyright (c) 2015 All Rights Reserved
* by Reisyukaku / Aurora Wright
* Copyright (c) 2016 All Rights Reserved
*/
#ifndef EMUNAND_INC
#define EMUNAND_INC
#pragma once
#include "types.h"
#define NCSD_MAGIC (0x4453434E)
void getEmunandSect(u32 *off, u32 *head);
void getSDMMC(void *pos, u32 *off, u32 size);
void getEmuRW(void *pos, u32 size, u32 *readOff, u32 *writeOff);
void getMPU(void *pos, u32 *off, u32 size);
#endif
void getEmunandSect(u32 *off, u32 *head, u32 emuNAND);
u32 getSDMMC(u8 *pos, u32 size);
void getEmuRW(u8 *pos, u32 size, u32 *readOff, u32 *writeOff);
u32 *getMPU(u8 *pos, u32 size);
void *getEmuCode(u8 *proc9Offset);

2
source/fatfs/diskio.c
View File

@@ -69,7 +69,7 @@ DRESULT disk_read (
DRESULT disk_write (
__attribute__((unused))
BYTE pdrv, /* Physical drive nmuber to identify the drive */
const BYTE *buff, /* Data to be written */
const BYTE *buff, /* Data to be written */
DWORD sector, /* Sector address in LBA */
UINT count /* Number of sectors to write */
)

11
source/fatfs/ff.c
View File

@@ -811,7 +811,7 @@ FRESULT sync_fs ( /* FR_OK: successful, FR_DISK_ERR: failed */
/*-----------------------------------------------------------------------*/
/* Hidden API for hacks and disk tools */
DWORD clust2sect ( /* !=0: Sector number, 0: Failed - invalid cluster# */
static DWORD clust2sect ( /* !=0: Sector number, 0: Failed - invalid cluster# */
FATFS* fs, /* File system object */
DWORD clst /* Cluster# to be converted */
)
@@ -829,7 +829,7 @@ DWORD clust2sect ( /* !=0: Sector number, 0: Failed - invalid cluster# */
/*-----------------------------------------------------------------------*/
/* Hidden API for hacks and disk tools */
DWORD get_fat ( /* 0xFFFFFFFF:Disk error, 1:Internal error, 2..0x0FFFFFFF:Cluster status */
static DWORD get_fat ( /* 0xFFFFFFFF:Disk error, 1:Internal error, 2..0x0FFFFFFF:Cluster status */
FATFS* fs, /* File system object */
DWORD clst /* FAT index number (cluster number) to get the value */
)
@@ -884,7 +884,7 @@ DWORD get_fat ( /* 0xFFFFFFFF:Disk error, 1:Internal error, 2..0x0FFFFFFF:Cluste
/* Hidden API for hacks and disk tools */
#if !_FS_READONLY
FRESULT put_fat (
static FRESULT put_fat (
FATFS* fs, /* File system object */
DWORD clst, /* FAT index number (cluster number) to be changed */
DWORD val /* New value to be set to the entry */
@@ -1314,7 +1314,7 @@ int cmp_lfn ( /* 1:Matched, 0:Not matched */
}
#if _FS_MINIMIZE <= 1 || _USE_LABEL || _FS_RPATH >= 2
static
int pick_lfn ( /* 1:Succeeded, 0:Buffer overflow */
WCHAR* lfnbuf, /* Pointer to the Unicode-LFN buffer */
@@ -1345,6 +1345,7 @@ int pick_lfn ( /* 1:Succeeded, 0:Buffer overflow */
return 1;
}
#endif
#if !_FS_READONLY
@@ -1385,7 +1386,7 @@ void fit_lfn (
/*-----------------------------------------------------------------------*/
/* Create numbered name */
/*-----------------------------------------------------------------------*/
#if _USE_LFN
#if _USE_LFN && !_FS_READONLY
static
void gen_numname (
BYTE* dst, /* Pointer to the buffer to store numbered SFN */

151
source/fatfs/option/syscall.c
View File

@@ -1,151 +0,0 @@
/*------------------------------------------------------------------------*/
/* Sample code of OS dependent controls for FatFs */
/* (C)ChaN, 2014 */
/*------------------------------------------------------------------------*/
#include "../ff.h"
#if _FS_REENTRANT
/*------------------------------------------------------------------------*/
/* Create a Synchronization Object */
/*------------------------------------------------------------------------*/
/* This function is called in f_mount() function to create a new
/ synchronization object, such as semaphore and mutex. When a 0 is returned,
/ the f_mount() function fails with FR_INT_ERR.
*/
int ff_cre_syncobj ( /* !=0:Function succeeded, ==0:Could not create due to any error */
BYTE vol, /* Corresponding logical drive being processed */
_SYNC_t *sobj /* Pointer to return the created sync object */
)
{
int ret;
*sobj = CreateMutex(NULL, FALSE, NULL); /* Win32 */
ret = (int)(*sobj != INVALID_HANDLE_VALUE);
// *sobj = SyncObjects[vol]; /* uITRON (give a static created sync object) */
// ret = 1; /* The initial value of the semaphore must be 1. */
// *sobj = OSMutexCreate(0, &err); /* uC/OS-II */
// ret = (int)(err == OS_NO_ERR);
// *sobj = xSemaphoreCreateMutex(); /* FreeRTOS */
// ret = (int)(*sobj != NULL);
return ret;
}
/*------------------------------------------------------------------------*/
/* Delete a Synchronization Object */
/*------------------------------------------------------------------------*/
/* This function is called in f_mount() function to delete a synchronization
/ object that created with ff_cre_syncobj function. When a 0 is returned,
/ the f_mount() function fails with FR_INT_ERR.
*/
int ff_del_syncobj ( /* !=0:Function succeeded, ==0:Could not delete due to any error */
_SYNC_t sobj /* Sync object tied to the logical drive to be deleted */
)
{
int ret;
ret = CloseHandle(sobj); /* Win32 */
// ret = 1; /* uITRON (nothing to do) */
// OSMutexDel(sobj, OS_DEL_ALWAYS, &err); /* uC/OS-II */
// ret = (int)(err == OS_NO_ERR);
// vSemaphoreDelete(sobj); /* FreeRTOS */
// ret = 1;
return ret;
}
/*------------------------------------------------------------------------*/
/* Request Grant to Access the Volume */
/*------------------------------------------------------------------------*/
/* This function is called on entering file functions to lock the volume.
/ When a 0 is returned, the file function fails with FR_TIMEOUT.
*/
int ff_req_grant ( /* 1:Got a grant to access the volume, 0:Could not get a grant */
_SYNC_t sobj /* Sync object to wait */
)
{
int ret;
ret = (int)(WaitForSingleObject(sobj, _FS_TIMEOUT) == WAIT_OBJECT_0); /* Win32 */
// ret = (int)(wai_sem(sobj) == E_OK); /* uITRON */
// OSMutexPend(sobj, _FS_TIMEOUT, &err)); /* uC/OS-II */
// ret = (int)(err == OS_NO_ERR);
// ret = (int)(xSemaphoreTake(sobj, _FS_TIMEOUT) == pdTRUE); /* FreeRTOS */
return ret;
}
/*------------------------------------------------------------------------*/
/* Release Grant to Access the Volume */
/*------------------------------------------------------------------------*/
/* This function is called on leaving file functions to unlock the volume.
*/
void ff_rel_grant (
_SYNC_t sobj /* Sync object to be signaled */
)
{
ReleaseMutex(sobj); /* Win32 */
// sig_sem(sobj); /* uITRON */
// OSMutexPost(sobj); /* uC/OS-II */
// xSemaphoreGive(sobj); /* FreeRTOS */
}
#endif
#if _USE_LFN == 3 /* LFN with a working buffer on the heap */
/*------------------------------------------------------------------------*/
/* Allocate a memory block */
/*------------------------------------------------------------------------*/
/* If a NULL is returned, the file function fails with FR_NOT_ENOUGH_CORE.
*/
void* ff_memalloc ( /* Returns pointer to the allocated memory block */
UINT msize /* Number of bytes to allocate */
)
{
return malloc(msize); /* Allocate a new memory block with POSIX API */
}
/*------------------------------------------------------------------------*/
/* Free a memory block */
/*------------------------------------------------------------------------*/
void ff_memfree (
void* mblock /* Pointer to the memory block to free */
)
{
free(mblock); /* Discard the memory block with POSIX API */
}
#endif

13
source/fatfs/sdmmc/common.h
View File

@@ -1,15 +1,4 @@
#pragma once
#include <stdint.h>
#include <stddef.h>
#include <stdbool.h>
#define u8 uint8_t
#define u16 uint16_t
#define u32 uint32_t
#define u64 uint64_t
#define vu8 volatile u8
#define vu16 volatile u16
#define vu32 volatile u32
#define vu64 volatile u64
#include "../../types.h"

2
source/fatfs/sdmmc/delay.h
View File

@@ -6,4 +6,4 @@
#include "common.h"
void waitcycles(u32 us);
void ioDelay(u32 us);

30
source/fatfs/sdmmc/delay.s
View File

@@ -1,15 +1,17 @@
.arm
.global waitcycles
.type waitcycles STT_FUNC
// Copyright 2014 Normmatt
// Licensed under GPLv2 or any later version
// Refer to the license.txt file included.
@waitcycles ( u32 us )
waitcycles:
PUSH {R0-R2,LR}
STR R0, [SP,#4]
waitcycles_loop:
LDR R3, [SP,#4]
SUBS R2, R3, #1
STR R2, [SP,#4]
CMP R3, #0
BNE waitcycles_loop
POP {R0-R2,PC}
.arm
.global ioDelay
.type ioDelay STT_FUNC
@ioDelay ( u32 us )
ioDelay:
ldr r1, =0x18000000 @ VRAM
1:
@ Loop doing uncached reads from VRAM to make loop timing more reliable
ldr r2, [r1]
subs r0, #1
bgt 1b
bx lr

6
source/fatfs/sdmmc/sdmmc.c
View File

@@ -2,8 +2,6 @@
// Licensed under GPLv2 or any later version
// Refer to the license.txt file included.
#include "common.h"
#include "sdmmc.h"
#include "delay.h"
@@ -286,7 +284,7 @@ static void InitSD()
static int Nand_Init()
{
inittarget(&handleNAND);
waitcycles(0xF000);
ioDelay(0xF000);
sdmmc_send_command(&handleNAND,0,0);
@@ -337,7 +335,7 @@ static int SD_Init()
{
inittarget(&handleSD);
waitcycles(1u << 18); //Card needs a little bit of time to be detected, it seems
ioDelay(1u << 18); //Card needs a little bit of time to be detected, it seems
//If not inserted
if (!(*((vu16*)0x1000601c) & TMIO_STAT0_SIGSTATE)) return -1;

3
source/fatfs/sdmmc/sdmmc.h
View File

@@ -124,5 +124,4 @@ u32 sdmmc_sdcard_writesectors(u32 sector_no, u32 numsectors, vu8 *in);
mmcdevice *getMMCDevice(int drive);
u32 sdmmc_nand_readsectors(u32 sector_no, u32 numsectors, vu8 *out);
u32 sdmmc_nand_writesectors(u32 sector_no, u32 numsectors, vu8 *in);
u32 sdmmc_nand_writesectors(u32 sector_no, u32 numsectors, vu8 *in);

389
source/firm.c
View File

@@ -1,7 +1,7 @@
/*
* firm.c
* by Reisyukaku
* Copyright (c) 2015 All Rights Reserved
* by Reisyukaku / Aurora Wright
* Copyright (c) 2016 All Rights Reserved
*/
#include "firm.h"
@@ -11,250 +11,295 @@
#include "emunand.h"
#include "crypto.h"
#include "draw.h"
#include "screeninit.h"
#include "loader.h"
#include "utils.h"
#include "buttons.h"
#include "../build/patches.h"
firmHeader *firmLocation = (firmHeader *)0x24000000;
firmSectionHeader *section;
u32 firmSize = 0,
mode = 1,
console = 1,
emuNAND = 0,
a9lhSetup = 0,
updatedSys = 0,
usePatchedFirm = 0;
u16 pressed;
char *firmPathPatched = NULL;
//FIRM patches version
#define PATCH_VER 2
static firmHeader *const firm = (firmHeader *)0x24000000;
static const firmSectionHeader *section;
static u8 *arm9Section;
static const char *patchedFirms[] = { "/aurei/patched_firmware_sys.bin",
"/aurei/patched_firmware_emu.bin",
"/aurei/patched_firmware_em2.bin",
"/aurei/patched_firmware90.bin" };
static u32 firmSize,
console,
mode,
emuNAND,
a9lhSetup,
selectedFirm,
usePatchedFirm;
void setupCFW(void){
//Determine if booting with A9LH via PDN_SPI_CNT
u8 a9lhBoot = (*(u8 *)0x101401C0 == 0x0) ? 1 : 0;
//Retrieve the last booted FIRM via CFG_BOOTENV
u8 previousFirm = *(u8 *)0x10010000;
u32 overrideConfig = 0;
const char lastConfigPath[] = "rei/lastbootcfg";
//Determine if booting with A9LH
u32 a9lhBoot = (PDN_SPI_CNT == 0x0) ? 1 : 0;
//Retrieve the last booted FIRM
u8 previousFirm = CFG_BOOTENV;
//Detect the console being used
if(PDN_MPCORE_CFG == 1) console = 0;
console = (PDN_MPCORE_CFG == 1) ? 0 : 1;
//Get pressed buttons
pressed = HID_PAD;
u16 pressed = HID_PAD;
//Attempt to read the configuration file
const char configPath[] = "aurei/config.bin";
u32 config = 0;
u32 needConfig = fileRead(&config, configPath, 3) ? 1 : 2;
//Determine if A9LH is installed and the user has an updated sysNAND
u32 updatedSys;
if(a9lhBoot || (config >> 2) & 0x1){
if(pressed == SAFE_MODE)
error("Using Safe Mode would brick you, or remove A9LH!");
//Determine if A9LH is installed
if(a9lhBoot || fileExists("/rei/installeda9lh")){
a9lhSetup = 1;
//Check flag for > 9.2 SysNAND
if(fileExists("/rei/updatedsysnand")) updatedSys = 1;
//Check setting for > 9.2 sysNAND
updatedSys = config & 0x1;
} else{
a9lhSetup = 0;
updatedSys = 0;
}
//If booting with A9LH and it's a MCU reboot, try to force boot options
if(a9lhBoot && previousFirm && fileExists(lastConfigPath)){
u8 tempConfig;
fileRead(&tempConfig, lastConfigPath, 1);
/* If booting with A9LH, it's a MCU reboot and a previous configuration exists,
try to force boot options */
if(a9lhBoot && previousFirm && needConfig == 1){
//Always force a sysNAND boot when quitting AGB_FIRM
if(previousFirm == 0x7) {
if(!updatedSys) mode = tempConfig & 0x1;
overrideConfig = 1;
//Else, force the last used boot options unless A is pressed
} else if(!(pressed & BUTTON_A)) {
mode = tempConfig & 0x1;
emuNAND = (tempConfig >> 1) & 0x1;
overrideConfig = 1;
if(previousFirm == 0x7){
if(!updatedSys) mode = (config >> 12) & 0x1;
emuNAND = 0;
needConfig = 0;
//Else, force the last used boot options unless A, L or R are pressed
} else if(!(pressed & OPTION_BUTTONS)){
mode = (config >> 12) & 0x1;
emuNAND = (config >> 13) & 0x3;
needConfig = 0;
}
}
if(!overrideConfig){
if(needConfig){
//If L and R are pressed, chainload an external payload
if(a9lhBoot && (pressed & BUTTON_L1R1) == BUTTON_L1R1) loadPayload();
/* If L and one of the payload buttons are pressed, and if not using A9LH
the Safe Mode combo is not pressed, chainload an external payload */
if((pressed & BUTTON_L1) && (pressed & PAYLOAD_BUTTONS) &&
pressed != SAFE_MODE) loadPayload();
/* If L is pressed, and on an updated SysNAND setup the SAFE MODE combo
is not pressed, boot 9.0 FIRM */
if((pressed & BUTTON_L1) && !(updatedSys && pressed == SAFEMODE)) mode = 0;
//If no configuration file exists or SELECT is held, load configuration menu
if(needConfig == 2 || (pressed & BUTTON_SELECT))
configureCFW(configPath, patchedFirms[3]);
/* If L or R aren't pressed on a 9.0/9.2 SysNAND, or the 9.0 FIRM is selected
or R is pressed on a > 9.2 SysNAND, boot emuNAND */
if((updatedSys && (!mode || ((pressed & BUTTON_R1) && pressed != SAFEMODE))) ||
(!updatedSys && mode && !(pressed & BUTTON_R1))) emuNAND = 1;
//If screens are inited, load splash screen
if(PDN_GPU_CNT != 0x1) loadSplash();
//Write the current boot options on A9LH
if(a9lhBoot){
u8 tempConfig = (mode | (emuNAND << 1)) & 0x3;
fileWrite(&tempConfig, lastConfigPath, 1);
/* If L is pressed, boot 9.0 FIRM */
mode = ((config >> 3) & 0x1) ? ((!(pressed & BUTTON_L1R1)) ? 0 : 1) :
((pressed & BUTTON_L1) ? 0 : 1);
/* If L or R aren't pressed on a 9.0/9.2 sysNAND, or the 9.0 FIRM is selected
or R is pressed on a > 9.2 sysNAND, boot emuNAND */
if((updatedSys && (!mode || (pressed & BUTTON_R1))) ||
(!updatedSys && mode && !(pressed & BUTTON_R1))){
//If not 9.0 FIRM and B is pressed, attempt booting the second emuNAND
emuNAND = (mode && ((!(pressed & BUTTON_B)) == ((config >> 4) & 0x1))) ? 2 : 1;
} else emuNAND = 0;
u32 tempConfig = (PATCH_VER << 17) | (a9lhSetup << 16) | (emuNAND << 13) | (mode << 12);
/* If tha FIRM patches version is different or user switched to/from A9LH,
delete all patched FIRMs */
if((tempConfig & 0xFF0000) != (config & 0xFF0000))
deleteFirms(patchedFirms, sizeof(patchedFirms) / sizeof(char *));
//If the boot configuration is different from previously, overwrite it
if((tempConfig & 0xFFF000) != (config & 0xFFF000)){
//Preserve user settings (first 12 bits)
tempConfig |= config & 0xFFF;
fileWrite(&tempConfig, configPath, 3);
}
}
if(mode) firmPathPatched = emuNAND ? "/rei/patched_firmware_emu.bin" :
"/rei/patched_firmware_sys.bin";
/* Determine which patched FIRM we need to write or attempt to use (if any).
Patched 9.0 FIRM is only needed if "Use pre-patched FIRMs" is set */
selectedFirm = mode ? (emuNAND ? (emuNAND == 1 ? 2 : 3) : 1) :
(((config >> 1) & 0x1) ? 4 : 0);
//Skip decrypting and patching FIRM
if(fileExists("/rei/usepatchedfw")){
//Only needed with this flag
if(!mode) firmPathPatched = "/rei/patched_firmware90.bin";
if(fileExists(firmPathPatched)) usePatchedFirm = 1;
}
//If "Use pre-patched FIRMs" is set and the appropriate FIRM exists, use it
usePatchedFirm = (((config >> 1) & 0x1) && fileExists(patchedFirms[selectedFirm - 1])) ? 1 : 0;
}
//Load firm into FCRAM
u32 loadFirm(void){
//Load FIRM into FCRAM
void loadFirm(void){
//If not using an A9LH setup or the patched FIRM, load 9.0 FIRM from NAND
if(!usePatchedFirm && !a9lhSetup && !mode){
//Read FIRM from NAND and write to FCRAM
firmSize = console ? 0xF2000 : 0xE9000;
nandFirm0((u8 *)firmLocation, firmSize, console);
nandFirm0((u8 *)firm, firmSize, console);
//Check for correct decryption
if(memcmp(firmLocation, "FIRM", 4) != 0) return 0;
if(memcmp(firm, "FIRM", 4) != 0)
error("Couldn't decrypt NAND FIRM0 (O3DS not on 9.x?)");
}
//Load FIRM from SD
else{
const char *path = usePatchedFirm ? firmPathPatched :
(mode ? "/rei/firmware.bin" : "/rei/firmware90.bin");
const char *path = usePatchedFirm ? patchedFirms[selectedFirm - 1] :
(mode ? "/aurei/firmware.bin" : "/aurei/firmware90.bin");
firmSize = fileSize(path);
if(!firmSize) return 0;
fileRead((u8 *)firmLocation, path, firmSize);
if(!firmSize) error("aurei/firmware(90).bin doesn't exist");
fileRead(firm, path, firmSize);
}
section = firmLocation->section;
section = firm->section;
//Check that the loaded FIRM matches the console
if((((u32)section[2].address >> 8) & 0xFF) != (console ? 0x60 : 0x68)) return 0;
if((((u32)section[2].address >> 8) & 0xFF) != (console ? 0x60 : 0x68))
error("aurei/firmware(90).bin doesn't match this\nconsole, or it's encrypted");
if(console && !usePatchedFirm)
decArm9Bin((u8 *)firmLocation + section[2].offset, mode);
arm9Section = (u8 *)firm + section[2].offset;
return 1;
if(console && !usePatchedFirm) decryptArm9Bin(arm9Section, mode);
}
//Nand redirection
u32 loadEmu(void){
//NAND redirection
static void loadEmu(u8 *proc9Offset){
u32 emuOffset = 0,
u32 emuOffset,
emuHeader = 0,
emuRead = 0,
emuWrite = 0,
sdmmcOffset = 0,
mpuOffset = 0,
emuCodeOffset = 0;
emuRead,
emuWrite;
//Read emunand code from SD
const char path[] = "/rei/emunand/emunand.bin";
u32 size = fileSize(path);
if(!size) return 0;
if(!console || !mode) nandRedir[5] = 0xA4;
//Find offset for emuNAND code from the offset in nandRedir
emuCodeOffset = *(u32 *)(nandRedir + 4) - (u32)section[2].address +
section[2].offset + (u32)firmLocation;
fileRead((u8 *)emuCodeOffset, path, size);
//Look for emuNAND
getEmunandSect(&emuOffset, &emuHeader, emuNAND);
//Find and patch emunand related offsets
u32 *pos_sdmmc = (u32 *)memsearch((void *)emuCodeOffset, "SDMC", size, 4);
u32 *pos_offset = (u32 *)memsearch((void *)emuCodeOffset, "NAND", size, 4);
u32 *pos_header = (u32 *)memsearch((void *)emuCodeOffset, "NCSD", size, 4);
getSDMMC(firmLocation, &sdmmcOffset, firmSize);
getEmunandSect(&emuOffset, &emuHeader);
getEmuRW(firmLocation, firmSize, &emuRead, &emuWrite);
getMPU(firmLocation, &mpuOffset, firmSize);
*pos_sdmmc = sdmmcOffset;
//No emuNAND detected
if(!emuHeader) error("No emuNAND has been detected");
//Copy emuNAND code
void *emuCodeOffset = getEmuCode(proc9Offset);
memcpy(emuCodeOffset, emunand, emunand_size);
//Add the data of the found emuNAND
u32 *pos_offset = (u32 *)memsearch(emuCodeOffset, "NAND", emunand_size, 4);
u32 *pos_header = (u32 *)memsearch(emuCodeOffset, "NCSD", emunand_size, 4);
*pos_offset = emuOffset;
*pos_header = emuHeader;
//Patch emuNAND code in memory for O3DS and 9.0 N3DS
if(!console || !mode){
void *pos_instr = memsearch((void *)emuCodeOffset, "\xA6\x01\x08\x30", size, 4);
memcpy(pos_instr, emuInstr, sizeof(emuInstr));
}
//Find and add the SDMMC struct
u32 *pos_sdmmc = (u32 *)memsearch(emuCodeOffset, "SDMC", emunand_size, 4);
*pos_sdmmc = getSDMMC(arm9Section, section[2].size);
//Calculate offset for the hooks
u32 branchOffset = (u32)emuCodeOffset - (u32)firm -
section[2].offset + (u32)section[2].address;
//Add emunand hooks
memcpy((void *)emuRead, nandRedir, sizeof(nandRedir));
memcpy((void *)emuWrite, nandRedir, sizeof(nandRedir));
getEmuRW(arm9Section, section[2].size, &emuRead, &emuWrite);
*(u16 *)emuRead = nandRedir[0];
*((u16 *)emuRead + 1) = nandRedir[1];
*((u32 *)emuRead + 1) = branchOffset;
*(u16 *)emuWrite = nandRedir[0];
*((u16 *)emuWrite + 1) = nandRedir[1];
*((u32 *)emuWrite + 1) = branchOffset;
//Set MPU for emu code region
memcpy((void *)mpuOffset, mpu, sizeof(mpu));
return 1;
u32 *mpuOffset = getMPU(arm9Section, section[2].size);
*mpuOffset = mpuPatch[0];
*(mpuOffset + 6) = mpuPatch[1];
*(mpuOffset + 9) = mpuPatch[2];
}
//Patches
u32 patchFirm(void){
void patchFirm(void){
//Skip patching
if(usePatchedFirm) return 1;
if(usePatchedFirm) return;
//Apply emuNAND patches
if(emuNAND){
if(!loadEmu()) return 0;
}
else if(a9lhSetup){
//Patch FIRM partitions writes on SysNAND to protect A9LH
u32 writeOffset = 0;
getFIRMWrite(firmLocation, firmSize, &writeOffset);
memcpy((void *)writeOffset, FIRMblock, sizeof(FIRMblock));
}
if(mode || emuNAND){
//Find the Process9 NCCH location
u8 *proc9Offset = getProc9(arm9Section, section[2].size);
//Disable signature checks
u32 sigOffset = 0,
sigOffset2 = 0;
//Apply emuNAND patches
if(emuNAND) loadEmu(proc9Offset);
getSignatures(firmLocation, firmSize, &sigOffset, &sigOffset2);
memcpy((void *)sigOffset, sigPat1, sizeof(sigPat1));
memcpy((void *)sigOffset2, sigPat2, sizeof(sigPat2));
//Patch FIRM reboots, not on 9.0 FIRM as it breaks firmlaunchhax
if(mode){
//Calculate offset for the firmlaunch code
void *rebootOffset = getReboot(arm9Section, section[2].size);
//Calculate offset for the fOpen function
u32 fOpenOffset = getfOpen(proc9Offset, rebootOffset);
//Patch ARM9 entrypoint on N3DS to skip arm9loader
if(console){
u32 *arm9 = (u32 *)&firmLocation->arm9Entry;
*arm9 = 0x801B01C;
}
//Copy firmlaunch code
memcpy(rebootOffset, reboot, reboot_size);
//Patch FIRM reboots, not on 9.0 FIRM as it breaks firmlaunchhax
if(mode){
u32 rebootOffset = 0,
fOpenOffset = 0;
//Put the fOpen offset in the right location
u32 *pos_fopen = (u32 *)memsearch(rebootOffset, "OPEN", reboot_size, 4);
*pos_fopen = fOpenOffset;
//Read reboot code from SD
const char path[] = "/rei/reboot/reboot.bin";
u32 size = fileSize(path);
if(!size) return 0;
getReboot(firmLocation, firmSize, &rebootOffset);
fileRead((u8 *)rebootOffset, path, size);
//Calculate the fOpen offset and put it in the right location
u32 *pos_fopen = (u32 *)memsearch((void *)rebootOffset, "OPEN", size, 4);
getfOpen(firmLocation, firmSize, &fOpenOffset);
*pos_fopen = fOpenOffset;
//Patch path for emuNAND-patched FIRM
if(emuNAND){
void *pos_path = memsearch((void *)rebootOffset, L"sy", size, 4);
memcpy(pos_path, L"emu", 5);
//Patch path for emuNAND-patched FIRM
if(emuNAND){
void *pos_path = memsearch(rebootOffset, L"sy", reboot_size, 4);
memcpy(pos_path, emuNAND == 1 ? L"emu" : L"em2", 5);
}
}
}
//Write patched FIRM to SD if needed
if(firmPathPatched)
if(!fileWrite((u8 *)firmLocation, firmPathPatched, firmSize)) return 0;
if(a9lhSetup && !emuNAND){
//Patch FIRM partitions writes on sysNAND to protect A9LH
u16 *writeOffset = getFirmWrite(arm9Section, section[2].size);
*writeOffset = writeBlock[0];
*(writeOffset + 1) = writeBlock[1];
}
return 1;
//Disable signature checks
u32 sigOffset,
sigOffset2;
getSigChecks(arm9Section, section[2].size, &sigOffset, &sigOffset2);
*(u16 *)sigOffset = sigPatch[0];
*(u16 *)sigOffset2 = sigPatch[0];
*((u16 *)sigOffset2 + 1) = sigPatch[1];
//Replace the FIRM loader with the injector
u32 loaderOffset,
loaderSize;
getLoader((u8 *)firm + section[0].offset, section[0].size, &loaderOffset, &loaderSize);
if(injector_size <= (int)loaderSize){
memset((void *)loaderOffset, 0, loaderSize);
memcpy((void *)loaderOffset, injector, injector_size);
*((u32 *)loaderOffset + 0x41) = loaderSize / 0x200;
*((u32 *)loaderOffset + 0x69) = loaderSize / 0x200 - 5;
}
//Patch ARM9 entrypoint on N3DS to skip arm9loader
if(console)
firm->arm9Entry = (u8 *)0x801B01C;
//Write patched FIRM to SD if needed
if(selectedFirm)
if(!fileWrite(firm, patchedFirms[selectedFirm - 1], firmSize))
error("Couldn't write the patched FIRM (no free space?)");
}
void launchFirm(void){
if(console && mode) setKeyXs((u8 *)firmLocation + section[2].offset);
if(console && mode) setKeyXs(arm9Section);
//Copy firm partitions to respective memory locations
memcpy(section[0].address, (u8 *)firmLocation + section[0].offset, section[0].size);
memcpy(section[1].address, (u8 *)firmLocation + section[1].offset, section[1].size);
memcpy(section[2].address, (u8 *)firmLocation + section[2].offset, section[2].size);
memcpy(section[0].address, (u8 *)firm + section[0].offset, section[0].size);
memcpy(section[1].address, (u8 *)firm + section[1].offset, section[1].size);
memcpy(section[2].address, arm9Section, section[2].size);
//Run ARM11 screen stuff
vu32 *arm11 = (vu32 *)0x1FFFFFF8;
*arm11 = (u32)shutdownLCD;
while(*arm11);
//Set ARM11 kernel
*arm11 = (u32)firmLocation->arm11Entry;
//Final jump to arm9 binary
((void (*)())firmLocation->arm9Entry)();
//Fixes N3DS 3D
deinitScreens();
//Set ARM11 kernel entrypoint
*(vu32 *)0x1FFFFFF8 = (u32)firm->arm11Entry;
//Final jump to arm9 kernel
((void (*)())firm->arm9Entry)();
}

42
source/firm.h
View File

@@ -1,25 +1,35 @@
/*
* firm.h
* by Reisyukaku
* Copyright (c) 2015 All Rights Reserved
* by Reisyukaku / Aurora Wright
* Copyright (c) 2016 All Rights Reserved
*/
#ifndef FIRM_INC
#define FIRM_INC
#pragma once
#include "types.h"
#define PDN_MPCORE_CFG (*(u8*)0x10140FFC)
#define HID_PAD ((~*(u16*)0x10146000) & 0xFFF)
#define BUTTON_R1 (1 << 8)
#define BUTTON_L1 (1 << 9)
#define BUTTON_L1R1 (BUTTON_R1 | BUTTON_L1)
#define BUTTON_A 1
#define SAFEMODE (BUTTON_L1R1 | BUTTON_A | (1 << 6))
#define PDN_MPCORE_CFG (*(vu8 *)0x10140FFC)
#define PDN_SPI_CNT (*(vu8 *)0x101401C0)
//FIRM Header layout
typedef struct firmSectionHeader {
u32 offset;
u8 *address;
u32 size;
u32 procType;
u8 hash[0x20];
} firmSectionHeader;
typedef struct firmHeader {
u32 magic;
u32 reserved1;
u8 *arm11Entry;
u8 *arm9Entry;
u8 reserved2[0x30];
firmSectionHeader section[4];
} firmHeader;
void setupCFW(void);
u32 loadFirm(void);
u32 patchFirm(void);
void launchFirm(void);
#endif
void loadFirm(void);
void patchFirm(void);
void launchFirm(void);

144
source/font.h Normal file
View File

@@ -0,0 +1,144 @@
/*
This file was autogenerated by raw2c.
Visit http://www.devkitpro.org
*/
//---------------------------------------------------------------------------------
#ifndef _font_h_
#define _font_h_
//---------------------------------------------------------------------------------
static const unsigned char font[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7e, 0x81, 0xa5, 0x81, 0xbd, 0x99, 0x81, 0x7e,
0x7e, 0xff, 0xdb, 0xff, 0xc3, 0xe7, 0xff, 0x7e, 0x6c, 0xfe, 0xfe, 0xfe, 0x7c, 0x38, 0x10, 0x00,
0x10, 0x38, 0x7c, 0xfe, 0x7c, 0x38, 0x10, 0x00, 0x3c, 0x3c, 0x18, 0xff, 0xe7, 0x18, 0x3c, 0x00,
0x10, 0x38, 0x7c, 0xfe, 0xee, 0x10, 0x38, 0x00, 0x00, 0x00, 0x18, 0x3c, 0x3c, 0x18, 0x00, 0x00,
0xff, 0xff, 0xe7, 0xc3, 0xc3, 0xe7, 0xff, 0xff, 0x00, 0x3c, 0x66, 0x42, 0x42, 0x66, 0x3c, 0x00,
0xff, 0xc3, 0x99, 0xbd, 0xbd, 0x99, 0xc3, 0xff, 0x0f, 0x07, 0x0f, 0x7d, 0xcc, 0xcc, 0xcc, 0x78,
0x3c, 0x66, 0x66, 0x66, 0x3c, 0x18, 0x7e, 0x18, 0x08, 0x0c, 0x0a, 0x0a, 0x08, 0x78, 0xf0, 0x00,
0x18, 0x14, 0x1a, 0x16, 0x72, 0xe2, 0x0e, 0x1c, 0x10, 0x54, 0x38, 0xee, 0x38, 0x54, 0x10, 0x00,
0x80, 0xe0, 0xf8, 0xfe, 0xf8, 0xe0, 0x80, 0x00, 0x02, 0x0e, 0x3e, 0xfe, 0x3e, 0x0e, 0x02, 0x00,
0x18, 0x3c, 0x5a, 0x18, 0x5a, 0x3c, 0x18, 0x00, 0x66, 0x66, 0x66, 0x66, 0x66, 0x00, 0x66, 0x00,
0x7f, 0xdb, 0xdb, 0xdb, 0x7b, 0x1b, 0x1b, 0x00, 0x1c, 0x22, 0x38, 0x44, 0x44, 0x38, 0x88, 0x70,
0x00, 0x00, 0x00, 0x00, 0x7e, 0x7e, 0x7e, 0x00, 0x18, 0x3c, 0x5a, 0x18, 0x5a, 0x3c, 0x18, 0x7e,
0x18, 0x3c, 0x5a, 0x18, 0x18, 0x18, 0x18, 0x00, 0x18, 0x18, 0x18, 0x18, 0x5a, 0x3c, 0x18, 0x00,
0x00, 0x18, 0x0c, 0xfe, 0x0c, 0x18, 0x00, 0x00, 0x00, 0x30, 0x60, 0xfe, 0x60, 0x30, 0x00, 0x00,
0x00, 0x00, 0xc0, 0xc0, 0xc0, 0xfe, 0x00, 0x00, 0x00, 0x24, 0x42, 0xff, 0x42, 0x24, 0x00, 0x00,
0x00, 0x10, 0x38, 0x7c, 0xfe, 0xfe, 0x00, 0x00, 0x00, 0xfe, 0xfe, 0x7c, 0x38, 0x10, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x3c, 0x3c, 0x18, 0x18, 0x00, 0x18, 0x00,
0x6c, 0x24, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x6c, 0x6c, 0xfe, 0x6c, 0xfe, 0x6c, 0x6c, 0x00,
0x10, 0x7c, 0xd0, 0x7c, 0x16, 0xfc, 0x10, 0x00, 0x00, 0x66, 0xac, 0xd8, 0x36, 0x6a, 0xcc, 0x00,
0x38, 0x4c, 0x38, 0x78, 0xce, 0xcc, 0x7a, 0x00, 0x30, 0x10, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
0x18, 0x30, 0x60, 0x60, 0x60, 0x30, 0x18, 0x00, 0x60, 0x30, 0x18, 0x18, 0x18, 0x30, 0x60, 0x00,
0x00, 0x66, 0x3c, 0xff, 0x3c, 0x66, 0x00, 0x00, 0x00, 0x30, 0x30, 0xfc, 0x30, 0x30, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x10, 0x20, 0x00, 0x00, 0x00, 0xfc, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x06, 0x0c, 0x18, 0x30, 0x60, 0xc0, 0x00,
0x7c, 0xce, 0xde, 0xf6, 0xe6, 0xe6, 0x7c, 0x00, 0x18, 0x38, 0x78, 0x18, 0x18, 0x18, 0x7e, 0x00,
0x7c, 0xc6, 0x06, 0x1c, 0x70, 0xc6, 0xfe, 0x00, 0x7c, 0xc6, 0x06, 0x3c, 0x06, 0xc6, 0x7c, 0x00,
0x1c, 0x3c, 0x6c, 0xcc, 0xfe, 0x0c, 0x1e, 0x00, 0xfe, 0xc0, 0xfc, 0x06, 0x06, 0xc6, 0x7c, 0x00,
0x7c, 0xc6, 0xc0, 0xfc, 0xc6, 0xc6, 0x7c, 0x00, 0xfe, 0xc6, 0x0c, 0x18, 0x30, 0x30, 0x30, 0x00,
0x7c, 0xc6, 0xc6, 0x7c, 0xc6, 0xc6, 0x7c, 0x00, 0x7c, 0xc6, 0xc6, 0x7e, 0x06, 0xc6, 0x7c, 0x00,
0x00, 0x30, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x30, 0x10, 0x20,
0x0c, 0x18, 0x30, 0x60, 0x30, 0x18, 0x0c, 0x00, 0x00, 0x00, 0x7e, 0x00, 0x00, 0x7e, 0x00, 0x00,
0x60, 0x30, 0x18, 0x0c, 0x18, 0x30, 0x60, 0x00, 0x78, 0xcc, 0x0c, 0x18, 0x30, 0x00, 0x30, 0x00,
0x7c, 0x82, 0x9e, 0xa6, 0x9e, 0x80, 0x7c, 0x00, 0x7c, 0xc6, 0xc6, 0xfe, 0xc6, 0xc6, 0xc6, 0x00,
0xfc, 0x66, 0x66, 0x7c, 0x66, 0x66, 0xfc, 0x00, 0x7c, 0xc6, 0xc0, 0xc0, 0xc0, 0xc6, 0x7c, 0x00,
0xfc, 0x66, 0x66, 0x66, 0x66, 0x66, 0xfc, 0x00, 0xfe, 0x62, 0x68, 0x78, 0x68, 0x62, 0xfe, 0x00,
0xfe, 0x62, 0x68, 0x78, 0x68, 0x60, 0xf0, 0x00, 0x7c, 0xc6, 0xc6, 0xc0, 0xce, 0xc6, 0x7e, 0x00,
0xc6, 0xc6, 0xc6, 0xfe, 0xc6, 0xc6, 0xc6, 0x00, 0x3c, 0x18, 0x18, 0x18, 0x18, 0x18, 0x3c, 0x00,
0x1e, 0x0c, 0x0c, 0x0c, 0xcc, 0xcc, 0x78, 0x00, 0xe6, 0x66, 0x6c, 0x78, 0x6c, 0x66, 0xe6, 0x00,
0xf0, 0x60, 0x60, 0x60, 0x62, 0x66, 0xfe, 0x00, 0x82, 0xc6, 0xee, 0xfe, 0xd6, 0xc6, 0xc6, 0x00,
0xc6, 0xe6, 0xf6, 0xde, 0xce, 0xc6, 0xc6, 0x00, 0x7c, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0x7c, 0x00,
0xfc, 0x66, 0x66, 0x7c, 0x60, 0x60, 0xf0, 0x00, 0x7c, 0xc6, 0xc6, 0xc6, 0xd6, 0xde, 0x7c, 0x06,
0xfc, 0x66, 0x66, 0x7c, 0x66, 0x66, 0xe6, 0x00, 0x7c, 0xc6, 0xc0, 0x7c, 0x06, 0xc6, 0x7c, 0x00,
0x7e, 0x5a, 0x5a, 0x18, 0x18, 0x18, 0x3c, 0x00, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0x7c, 0x00,
0xc6, 0xc6, 0xc6, 0xc6, 0x6c, 0x38, 0x10, 0x00, 0xc6, 0xc6, 0xd6, 0xfe, 0xee, 0xc6, 0x82, 0x00,
0xc6, 0x6c, 0x38, 0x38, 0x38, 0x6c, 0xc6, 0x00, 0x66, 0x66, 0x66, 0x3c, 0x18, 0x18, 0x3c, 0x00,
0xfe, 0xc6, 0x8c, 0x18, 0x32, 0x66, 0xfe, 0x00, 0x78, 0x60, 0x60, 0x60, 0x60, 0x60, 0x78, 0x00,
0xc0, 0x60, 0x30, 0x18, 0x0c, 0x06, 0x02, 0x00, 0x78, 0x18, 0x18, 0x18, 0x18, 0x18, 0x78, 0x00,
0x10, 0x38, 0x6c, 0xc6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff,
0x30, 0x20, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x78, 0x0c, 0x7c, 0xcc, 0x76, 0x00,
0xe0, 0x60, 0x60, 0x7c, 0x66, 0x66, 0x7c, 0x00, 0x00, 0x00, 0x7c, 0xc6, 0xc0, 0xc6, 0x7c, 0x00,
0x1c, 0x0c, 0x0c, 0x7c, 0xcc, 0xcc, 0x76, 0x00, 0x00, 0x00, 0x7c, 0xc6, 0xfe, 0xc0, 0x7c, 0x00,
0x1c, 0x36, 0x30, 0x78, 0x30, 0x30, 0x78, 0x00, 0x00, 0x00, 0x76, 0xcc, 0xcc, 0x7c, 0x0c, 0x78,
0xe0, 0x60, 0x6c, 0x76, 0x66, 0x66, 0xe6, 0x00, 0x18, 0x00, 0x38, 0x18, 0x18, 0x18, 0x3c, 0x00,
0x00, 0x0c, 0x00, 0x1c, 0x0c, 0x0c, 0xcc, 0x78, 0xe0, 0x60, 0x66, 0x6c, 0x78, 0x6c, 0xe6, 0x00,
0x38, 0x18, 0x18, 0x18, 0x18, 0x18, 0x3c, 0x00, 0x00, 0x00, 0xcc, 0xfe, 0xd6, 0xd6, 0xd6, 0x00,
0x00, 0x00, 0xdc, 0x66, 0x66, 0x66, 0x66, 0x00, 0x00, 0x00, 0x7c, 0xc6, 0xc6, 0xc6, 0x7c, 0x00,
0x00, 0x00, 0xdc, 0x66, 0x66, 0x7c, 0x60, 0xf0, 0x00, 0x00, 0x7c, 0xcc, 0xcc, 0x7c, 0x0c, 0x1e,
0x00, 0x00, 0xde, 0x76, 0x60, 0x60, 0xf0, 0x00, 0x00, 0x00, 0x7c, 0xc0, 0x7c, 0x06, 0x7c, 0x00,
0x10, 0x30, 0xfc, 0x30, 0x30, 0x34, 0x18, 0x00, 0x00, 0x00, 0xcc, 0xcc, 0xcc, 0xcc, 0x76, 0x00,
0x00, 0x00, 0xc6, 0xc6, 0x6c, 0x38, 0x10, 0x00, 0x00, 0x00, 0xc6, 0xd6, 0xd6, 0xfe, 0x6c, 0x00,
0x00, 0x00, 0xc6, 0x6c, 0x38, 0x6c, 0xc6, 0x00, 0x00, 0x00, 0xcc, 0xcc, 0xcc, 0x7c, 0x0c, 0xf8,
0x00, 0x00, 0xfc, 0x98, 0x30, 0x64, 0xfc, 0x00, 0x0e, 0x18, 0x18, 0x30, 0x18, 0x18, 0x0e, 0x00,
0x18, 0x18, 0x18, 0x00, 0x18, 0x18, 0x18, 0x00, 0xe0, 0x30, 0x30, 0x18, 0x30, 0x30, 0xe0, 0x00,
0x76, 0xdc, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x38, 0x6c, 0xc6, 0xc6, 0xfe, 0x00,
0x7c, 0xc6, 0xc0, 0xc0, 0xc6, 0x7c, 0x18, 0x70, 0xcc, 0x00, 0xcc, 0xcc, 0xcc, 0xcc, 0x76, 0x00,
0x0e, 0x10, 0x7c, 0xc6, 0xfe, 0xc0, 0x7c, 0x00, 0x7c, 0x82, 0x38, 0x0c, 0x7c, 0xcc, 0x76, 0x00,
0xcc, 0x00, 0x78, 0x0c, 0x7c, 0xcc, 0x76, 0x00, 0xe0, 0x10, 0x78, 0x0c, 0x7c, 0xcc, 0x76, 0x00,
0x30, 0x30, 0x78, 0x0c, 0x7c, 0xcc, 0x76, 0x00, 0x00, 0x00, 0x7c, 0xc0, 0xc0, 0x7c, 0x18, 0x70,
0x7c, 0x82, 0x7c, 0xc6, 0xfe, 0xc0, 0x7c, 0x00, 0xc6, 0x00, 0x7c, 0xc6, 0xfe, 0xc0, 0x7c, 0x00,
0xe0, 0x10, 0x7c, 0xc6, 0xfe, 0xc0, 0x7c, 0x00, 0x66, 0x00, 0x38, 0x18, 0x18, 0x18, 0x3c, 0x00,
0x7c, 0x82, 0x38, 0x18, 0x18, 0x18, 0x3c, 0x00, 0xe0, 0x10, 0x38, 0x18, 0x18, 0x18, 0x3c, 0x00,
0xc6, 0x00, 0x7c, 0xc6, 0xfe, 0xc6, 0xc6, 0x00, 0x38, 0x38, 0x7c, 0xc6, 0xfe, 0xc6, 0xc6, 0x00,
0x0e, 0x10, 0xfe, 0x60, 0x78, 0x60, 0xfe, 0x00, 0x00, 0x00, 0x7c, 0x12, 0x7e, 0xd0, 0x7e, 0x00,
0x7e, 0xc8, 0xc8, 0xfe, 0xc8, 0xc8, 0xce, 0x00, 0x7c, 0x82, 0x7c, 0xc6, 0xc6, 0xc6, 0x7c, 0x00,
0xc6, 0x00, 0x7c, 0xc6, 0xc6, 0xc6, 0x7c, 0x00, 0xe0, 0x10, 0x7c, 0xc6, 0xc6, 0xc6, 0x7c, 0x00,
0x7c, 0x82, 0xcc, 0xcc, 0xcc, 0xcc, 0x76, 0x00, 0xe0, 0x10, 0xcc, 0xcc, 0xcc, 0xcc, 0x76, 0x00,
0xcc, 0x00, 0xcc, 0xcc, 0xcc, 0x7c, 0x0c, 0xf8, 0xc6, 0x7c, 0xc6, 0xc6, 0xc6, 0xc6, 0x7c, 0x00,
0xc6, 0x00, 0xc6, 0xc6, 0xc6, 0xc6, 0x7c, 0x00, 0x18, 0x7c, 0xd6, 0xd0, 0xd6, 0x7c, 0x18, 0x00,
0x38, 0x6c, 0x60, 0xf0, 0x60, 0xf2, 0xdc, 0x00, 0x66, 0x3c, 0x18, 0x7e, 0x18, 0x7e, 0x18, 0x00,
0xf8, 0xcc, 0xf8, 0xc4, 0xcc, 0xde, 0xcc, 0x06, 0x0e, 0x1b, 0x18, 0x3c, 0x18, 0x18, 0xd8, 0x70,
0x0e, 0x10, 0x78, 0x0c, 0x7c, 0xcc, 0x76, 0x00, 0x0e, 0x10, 0x38, 0x18, 0x18, 0x18, 0x3c, 0x00,
0x0e, 0x10, 0x7c, 0xc6, 0xc6, 0xc6, 0x7c, 0x00, 0x0e, 0x10, 0xcc, 0xcc, 0xcc, 0xcc, 0x76, 0x00,
0x66, 0x98, 0xdc, 0x66, 0x66, 0x66, 0x66, 0x00, 0x66, 0x98, 0xe6, 0xf6, 0xde, 0xce, 0xc6, 0x00,
0x38, 0x0c, 0x3c, 0x34, 0x00, 0x7e, 0x00, 0x00, 0x38, 0x6c, 0x6c, 0x38, 0x00, 0x7c, 0x00, 0x00,
0x30, 0x00, 0x30, 0x60, 0xc6, 0xc6, 0x7c, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xc0, 0xc0, 0x00, 0x00,
0x00, 0x00, 0x00, 0xfc, 0x0c, 0x0c, 0x00, 0x00, 0xc0, 0xc8, 0xd0, 0xfe, 0x46, 0x8c, 0x1e, 0x00,
0xc0, 0xc8, 0xd0, 0xec, 0x5c, 0xbe, 0x0c, 0x00, 0x18, 0x00, 0x18, 0x18, 0x3c, 0x3c, 0x18, 0x00,
0x00, 0x36, 0x6c, 0xd8, 0x6c, 0x36, 0x00, 0x00, 0x00, 0xd8, 0x6c, 0x36, 0x6c, 0xd8, 0x00, 0x00,
0x22, 0x88, 0x22, 0x88, 0x22, 0x88, 0x22, 0x88, 0x55, 0xaa, 0x55, 0xaa, 0x55, 0xaa, 0x55, 0xaa,
0xdb, 0x77, 0xdb, 0xee, 0xdb, 0x77, 0xdb, 0xee, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18,
0x18, 0x18, 0x18, 0x18, 0xf8, 0x18, 0x18, 0x18, 0x18, 0x18, 0xf8, 0x18, 0xf8, 0x18, 0x18, 0x18,
0x36, 0x36, 0x36, 0x36, 0xf6, 0x36, 0x36, 0x36, 0x00, 0x00, 0x00, 0x00, 0xfe, 0x36, 0x36, 0x36,
0x00, 0x00, 0xf8, 0x18, 0xf8, 0x18, 0x18, 0x18, 0x36, 0x36, 0xf6, 0x06, 0xf6, 0x36, 0x36, 0x36,
0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x00, 0x00, 0xfe, 0x06, 0xf6, 0x36, 0x36, 0x36,
0x36, 0x36, 0xf6, 0x06, 0xfe, 0x00, 0x00, 0x00, 0x36, 0x36, 0x36, 0x36, 0xfe, 0x00, 0x00, 0x00,
0x18, 0x18, 0xf8, 0x18, 0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf8, 0x18, 0x18, 0x18,
0x18, 0x18, 0x18, 0x18, 0x1f, 0x00, 0x00, 0x00, 0x18, 0x18, 0x18, 0x18, 0xff, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xff, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x1f, 0x18, 0x18, 0x18,
0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x00, 0x18, 0x18, 0x18, 0x18, 0xff, 0x18, 0x18, 0x18,
0x18, 0x18, 0x1f, 0x18, 0x1f, 0x18, 0x18, 0x18, 0x36, 0x36, 0x36, 0x36, 0x37, 0x36, 0x36, 0x36,
0x36, 0x36, 0x37, 0x30, 0x3f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3f, 0x30, 0x37, 0x36, 0x36, 0x36,
0x36, 0x36, 0xf7, 0x00, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0xf7, 0x36, 0x36, 0x36,
0x36, 0x36, 0x37, 0x30, 0x37, 0x36, 0x36, 0x36, 0x00, 0x00, 0xff, 0x00, 0xff, 0x00, 0x00, 0x00,
0x36, 0x36, 0xf7, 0x00, 0xf7, 0x36, 0x36, 0x36, 0x18, 0x18, 0xff, 0x00, 0xff, 0x00, 0x00, 0x00,
0x36, 0x36, 0x36, 0x36, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0xff, 0x18, 0x18, 0x18,
0x00, 0x00, 0x00, 0x00, 0xff, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x3f, 0x00, 0x00, 0x00,
0x18, 0x18, 0x1f, 0x18, 0x1f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1f, 0x18, 0x1f, 0x18, 0x18, 0x18,
0x00, 0x00, 0x00, 0x00, 0x3f, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0xff, 0x36, 0x36, 0x36,
0x18, 0x18, 0xff, 0x18, 0xff, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0xf8, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x1f, 0x18, 0x18, 0x18, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xf0, 0xf0, 0xf0, 0xf0, 0xf0, 0xf0, 0xf0, 0xf0,
0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x74, 0xcc, 0xc8, 0xdc, 0x76, 0x00, 0x78, 0xcc, 0xd8, 0xcc, 0xc6, 0xc6, 0xdc, 0x40,
0xfe, 0x62, 0x60, 0x60, 0x60, 0x60, 0xf0, 0x00, 0x00, 0x02, 0x7e, 0xec, 0x6c, 0x6c, 0x48, 0x00,
0xfe, 0x62, 0x30, 0x18, 0x30, 0x62, 0xfe, 0x00, 0x00, 0x00, 0x7e, 0xd0, 0xc8, 0xc8, 0x70, 0x00,
0x00, 0x00, 0xcc, 0xcc, 0xcc, 0xcc, 0xf8, 0x80, 0x00, 0x00, 0x7e, 0xd8, 0x18, 0x18, 0x10, 0x00,
0x38, 0x10, 0x7c, 0xd6, 0xd6, 0x7c, 0x10, 0x38, 0x7c, 0xc6, 0xc6, 0xfe, 0xc6, 0xc6, 0x7c, 0x00,
0x7c, 0xc6, 0xc6, 0xc6, 0x6c, 0x28, 0xee, 0x00, 0x3c, 0x22, 0x18, 0x7c, 0xcc, 0xcc, 0x78, 0x00,
0x00, 0x00, 0x66, 0x99, 0x99, 0x66, 0x00, 0x00, 0x00, 0x06, 0x7c, 0x9e, 0xf2, 0x7c, 0xc0, 0x00,
0x00, 0x00, 0x7c, 0xc0, 0xf8, 0xc0, 0x7c, 0x00, 0x00, 0x7c, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0x00,
0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0x00, 0x18, 0x18, 0x7e, 0x18, 0x18, 0x00, 0x7e, 0x00,
0x30, 0x18, 0x0c, 0x18, 0x30, 0x00, 0x7c, 0x00, 0x18, 0x30, 0x60, 0x30, 0x18, 0x00, 0x7c, 0x00,
0x0e, 0x1b, 0x1b, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0xd8, 0xd8, 0x70,
0x00, 0x18, 0x00, 0x7e, 0x00, 0x18, 0x00, 0x00, 0x00, 0x76, 0xdc, 0x00, 0x76, 0xdc, 0x00, 0x00,
0x38, 0x6c, 0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x18, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x0f, 0x0c, 0x0c, 0x0c, 0xec, 0x6c, 0x3c, 0x00,
0xd8, 0x6c, 0x6c, 0x6c, 0x00, 0x00, 0x00, 0x00, 0xf0, 0x30, 0xc0, 0xf0, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x3c, 0x3c, 0x3c, 0x3c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
const int font_size = sizeof(font);
//---------------------------------------------------------------------------------
#endif //_font_h_
//---------------------------------------------------------------------------------

12
source/fs.c
View File

@@ -1,5 +1,7 @@
/*
* fs.c
* by Reisyukaku / Aurora Wright
* Copyright (c) 2016 All Rights Reserved
*/
#include "fs.h"
@@ -12,7 +14,7 @@ u32 mountSD(void){
return 1;
}
u32 fileRead(u8 *dest, const char *path, u32 size){
u32 fileRead(void *dest, const char *path, u32 size){
FRESULT fr;
FIL fp;
unsigned int br = 0;
@@ -27,7 +29,7 @@ u32 fileRead(u8 *dest, const char *path, u32 size){
return fr ? 0 : 1;
}
u32 fileWrite(const u8 *buffer, const char *path, u32 size){
u32 fileWrite(const void *buffer, const char *path, u32 size){
FRESULT fr;
FIL fp;
unsigned int br = 0;
@@ -52,10 +54,14 @@ u32 fileSize(const char *path){
u32 fileExists(const char *path){
FIL fp;
u8 exists = 0;
u32 exists = 0;
if(f_open(&fp, path, FA_READ) == FR_OK) exists = 1;
f_close(&fp);
return exists;
}
void fileDelete(const char *path){
f_unlink(path);
}

12
source/fs.h
View File

@@ -1,16 +1,16 @@
/*
* fs.h
* by Reisyukaku / Aurora Wright
* Copyright (c) 2016 All Rights Reserved
*/
#ifndef FS_INC
#define FS_INC
#pragma once
#include "types.h"
u32 mountSD(void);
u32 fileRead(u8 *dest, const char *path, u32 size);
u32 fileWrite(const u8 *buffer, const char *path, u32 size);
u32 fileRead(void *dest, const char *path, u32 size);
u32 fileWrite(const void *buffer, const char *path, u32 size);
u32 fileSize(const char *path);
u32 fileExists(const char *path);
#endif
void fileDelete(const char *path);

98
source/i2c.c Normal file
View File

@@ -0,0 +1,98 @@
#include "i2c.h"
//-----------------------------------------------------------------------------
static const struct { u8 bus_id, reg_addr; } dev_data[] = {
{0, 0x4A}, {0, 0x7A}, {0, 0x78},
{1, 0x4A}, {1, 0x78}, {1, 0x2C},
{1, 0x2E}, {1, 0x40}, {1, 0x44},
{2, 0xD6}, {2, 0xD0}, {2, 0xD2},
{2, 0xA4}, {2, 0x9A}, {2, 0xA0},
};
static inline u8 i2cGetDeviceBusId(u8 device_id) {
return dev_data[device_id].bus_id;
}
static inline u8 i2cGetDeviceRegAddr(u8 device_id) {
return dev_data[device_id].reg_addr;
}
//-----------------------------------------------------------------------------
static vu8* reg_data_addrs[] = {
(vu8*)(I2C1_REG_OFF + I2C_REG_DATA),
(vu8*)(I2C2_REG_OFF + I2C_REG_DATA),
(vu8*)(I2C3_REG_OFF + I2C_REG_DATA),
};
static inline vu8* i2cGetDataReg(u8 bus_id) {
return reg_data_addrs[bus_id];
}
//-----------------------------------------------------------------------------
static vu8* reg_cnt_addrs[] = {
(vu8*)(I2C1_REG_OFF + I2C_REG_CNT),
(vu8*)(I2C2_REG_OFF + I2C_REG_CNT),
(vu8*)(I2C3_REG_OFF + I2C_REG_CNT),
};
static inline vu8* i2cGetCntReg(u8 bus_id) {
return reg_cnt_addrs[bus_id];
}
//-----------------------------------------------------------------------------
static inline void i2cWaitBusy(u8 bus_id) {
while (*i2cGetCntReg(bus_id) & 0x80);
}
static inline u32 i2cGetResult(u8 bus_id) {
i2cWaitBusy(bus_id);
return (*i2cGetCntReg(bus_id) >> 4) & 1;
}
static void i2cStop(u8 bus_id, u8 arg0) {
*i2cGetCntReg(bus_id) = (arg0 << 5) | 0xC0;
i2cWaitBusy(bus_id);
*i2cGetCntReg(bus_id) = 0xC5;
}
//-----------------------------------------------------------------------------
static u32 i2cSelectDevice(u8 bus_id, u8 dev_reg) {
i2cWaitBusy(bus_id);
*i2cGetDataReg(bus_id) = dev_reg;
*i2cGetCntReg(bus_id) = 0xC2;
return i2cGetResult(bus_id);
}
static u32 i2cSelectRegister(u8 bus_id, u8 reg) {
i2cWaitBusy(bus_id);
*i2cGetDataReg(bus_id) = reg;
*i2cGetCntReg(bus_id) = 0xC0;
return i2cGetResult(bus_id);
}
//-----------------------------------------------------------------------------
u32 i2cWriteRegister(u8 dev_id, u8 reg, u8 data) {
u8 bus_id = i2cGetDeviceBusId(dev_id);
u8 dev_addr = i2cGetDeviceRegAddr(dev_id);
for (int i = 0; i < 8; i++) {
if (i2cSelectDevice(bus_id, dev_addr) && i2cSelectRegister(bus_id, reg)) {
i2cWaitBusy(bus_id);
*i2cGetDataReg(bus_id) = data;
*i2cGetCntReg(bus_id) = 0xC1;
i2cStop(bus_id, 0);
if (i2cGetResult(bus_id))
return 1;
}
*i2cGetCntReg(bus_id) = 0xC5;
i2cWaitBusy(bus_id);
}
return 0;
}

18
source/i2c.h Normal file
View File

@@ -0,0 +1,18 @@
#pragma once
#include "types.h"
#define I2C1_REG_OFF 0x10161000
#define I2C2_REG_OFF 0x10144000
#define I2C3_REG_OFF 0x10148000
#define I2C_REG_DATA 0
#define I2C_REG_CNT 1
#define I2C_REG_CNTEX 2
#define I2C_REG_SCL 4
#define I2C_DEV_MCU 3
#define I2C_DEV_GYRO 10
#define I2C_DEV_IR 13
u32 i2cWriteRegister(u8 dev_id, u8 reg, u8 data);

11
source/loader.c
View File

@@ -1,14 +1,21 @@
/*
* loader.c
* by Aurora Wright
* Copyright (c) 2016 All Rights Reserved
*/
#include "loader.h"
#include "fs.h"
#include "memory.h"
#include "screeninit.h"
#include "../build/loader.h"
#define PAYLOAD_ADDRESS 0x24F00000
void loadPayload(void){
if(fileExists("rei/arm9payload.bin") &&
fileRead((u8 *)PAYLOAD_ADDRESS, "rei/loader.bin", 0))
if(fileExists("aurei/payloads/default.bin")){
initScreens();
memcpy((void *)PAYLOAD_ADDRESS, loader, loader_size);
((void (*)())PAYLOAD_ADDRESS)();
}
}

9
source/loader.h
View File

@@ -1,12 +1,11 @@
/*
* loader.h
* by Aurora Wright
* Copyright (c) 2016 All Rights Reserved
*/
#ifndef LOADER_INC
#define LOADER_INC
#pragma once
#include "types.h"
void loadPayload(void);
#endif
void loadPayload(void);

17
source/main.c
View File

@@ -1,23 +1,18 @@
/*
* main.c
* by Reisyukaku
* Copyright (c) 2015 All Rights Reserved
* by Reisyukaku / Aurora Wright
* Copyright (c) 2016 All Rights Reserved
*
* Minimalist CFW for N3DS
* Minimalist CFW for (N)3DS
*/
#include "fs.h"
#include "firm.h"
#include "draw.h"
void main(){
void main(void){
mountSD();
setupCFW();
}
void startCFW(){
loadSplash();
if(!loadFirm()) return;
if(!patchFirm()) return;
loadFirm();
patchFirm();
launchFirm();
}

34
source/memory.c
View File

@@ -1,7 +1,9 @@
/*
* memory.c
* by Reisyukaku
* Copyright (c) 2015 All Rights Reserved
* by Reisyukaku / Aurora Wright
* Copyright (c) 2016 All Rights Reserved
*
* Quick Search algorithm adapted from http://igm.univ-mlv.fr/~lecroq/string/node19.html#SECTION00190
*/
#include "memory.h"
@@ -19,6 +21,12 @@ void memset(void *dest, int filler, u32 size){
destc[i] = (u8)filler;
}
void memset32(void *dest, u32 filler, u32 size){
u32 *dest32 = (u32 *)dest;
for (u32 i = 0; i < size / 4; i++)
dest32[i] = filler;
}
int memcmp(const void *buf1, const void *buf2, u32 size){
const u8 *buf1c = (const u8 *)buf1;
const u8 *buf2c = (const u8 *)buf2;
@@ -29,9 +37,25 @@ int memcmp(const void *buf1, const void *buf2, u32 size){
return 0;
}
void *memsearch(void *start_pos, const void *search, u32 size, u32 size_search){
for(void *pos = start_pos + size - size_search; pos >= start_pos; pos--){
if(memcmp(pos, search, size_search) == 0) return pos;
u8 *memsearch(u8 *startPos, const void *pattern, u32 size, u32 patternSize){
const u8 *patternc = (const u8 *)pattern;
//Preprocessing
int table[256];
for(u32 i = 0; i < 256; ++i)
table[i] = patternSize + 1;
for(u32 i = 0; i < patternSize; ++i)
table[patternc[i]] = patternSize - i;
//Searching
u32 j = 0;
while(j <= size - patternSize){
if(memcmp(patternc, startPos + j, patternSize) == 0)
return startPos + j;
j += table[startPos[j + patternSize]];
}
return NULL;
}

14
source/memory.h
View File

@@ -1,17 +1,17 @@
/*
* memory.h
* by Reisyukaku
* Copyright (c) 2015 All Rights Reserved
* by Reisyukaku / Aurora Wright
* Copyright (c) 2016 All Rights Reserved
*
* Quick Search algorithm adapted from http://igm.univ-mlv.fr/~lecroq/string/node19.html#SECTION00190
*/
#ifndef MEMORY_INC
#define MEMORY_INC
#pragma once
#include "types.h"
void memcpy(void *dest, const void *src, u32 size);
void memset(void *dest, int filler, u32 size);
void memset32(void *dest, u32 filler, u32 size);
int memcmp(const void *buf1, const void *buf2, u32 size);
void *memsearch(void *start_pos, const void *search, u32 size, u32 size_search);
#endif
u8 *memsearch(u8 *startPos, const void *pattern, u32 size, u32 patternSize);

63
source/patches.c
View File

@@ -1,7 +1,7 @@
/*
* patches.c
* by Reisyukaku
* Copyright (c) 2015 All Rights Reserved
* by Reisyukaku / Aurora Wright
* Copyright (c) 2016 All Rights Reserved
*/
#include "patches.h"
@@ -11,54 +11,59 @@
* Patches
**************************************************/
const u8 mpu[0x2C] = { //MPU shit
0x03, 0x00, 0x36, 0x00, 0x00, 0x00, 0x10, 0x10, 0x01, 0x00, 0x00, 0x01, 0x03, 0x00, 0x36, 0x00,
0x00, 0x00, 0x00, 0x20, 0x01, 0x01, 0x01, 0x01, 0x03, 0x06, 0x20, 0x00, 0x00, 0x00, 0x00, 0x08,
0x01, 0x01, 0x01, 0x01, 0x03, 0x06, 0x1C, 0x00, 0x00, 0x00, 0x02, 0x08
};
const u32 mpuPatch[3] = {0x00360003, 0x00200603, 0x001C0603};
u8 nandRedir[0x08] = {0x00, 0x4C, 0xA0, 0x47, 0xC0, 0xA5, 0x01, 0x08}; //Branch to emunand function
const u16 nandRedir[2] = {0x4C00, 0x47A0};
const u8 sigPat1[2] = {0x00, 0x20};
const u8 sigPat2[4] = {0x00, 0x20, 0x70, 0x47};
const u16 sigPatch[2] = {0x2000, 0x4770};
const u8 FIRMblock[4] = {0x00, 0x20, 0xC0, 0x46};
const u8 emuInstr[5] = {0xA5, 0x01, 0x08, 0x30, 0xA5};
const u16 writeBlock[2] = {0x2000, 0x46C0};
/**************************************************
* Functions
**************************************************/
void getSignatures(void *pos, u32 size, u32 *off, u32 *off2){
u8 *getProc9(u8 *pos, u32 size){
return memsearch(pos, "ess9", size, 4);
}
void getSigChecks(u8 *pos, u32 size, u32 *off, u32 *off2){
//Look for signature checks
const unsigned char pattern[] = {0xC0, 0x1C, 0x76, 0xE7};
const unsigned char pattern2[] = {0xB5, 0x22, 0x4D, 0x0C};
const u8 pattern[] = {0xC0, 0x1C, 0x76, 0xE7},
pattern2[] = {0xB5, 0x22, 0x4D, 0x0C};
*off = (u32)memsearch(pos, pattern, size, 4);
*off2 = (u32)memsearch(pos, pattern2, size, 4) - 1;
}
void getReboot(void *pos, u32 size, u32 *off){
void *getReboot(u8 *pos, u32 size){
//Look for FIRM reboot code
const unsigned char pattern[] = {0xDE, 0x1F, 0x8D, 0xE2};
const u8 pattern[] = {0xDE, 0x1F, 0x8D, 0xE2};
*off = (u32)memsearch(pos, pattern, size, 4) - 0x10;
return memsearch(pos, pattern, size, 4) - 0x10;
}
void getfOpen(void *pos, u32 size, u32 *off){
//Calculate fOpen
u32 p9addr = *(u32 *)((u8 *)memsearch(pos, "ess9", size, 4) + 0xC);
u32 p9off = (u32)memsearch(pos, "code", size, 4) + 0x1FF;
const unsigned char pattern[] = {0xB0, 0x04, 0x98, 0x0D};
u32 getfOpen(u8 *proc9Offset, void *rebootOffset){
//Offset Process9 code gets loaded to in memory (defined in ExHeader)
u32 p9MemAddr = *(u32 *)(proc9Offset + 0xC);
//Process9 code offset (start of NCCH + ExeFS offset + ExeFS header size)
u32 p9CodeOff = (u32)(proc9Offset - 0x204) + (*(u32 *)(proc9Offset - 0x64) * 0x200) + 0x200;
*off = (u32)memsearch(pos, pattern, size, 4) - 2 - p9off + p9addr;
//Firmlaunch function offset - offset in BLX opcode (A4-16 - ARM DDI 0100E) + 1
return (u32)rebootOffset + 9 - (-((*(u32 *)rebootOffset & 0x00FFFFFF) << 2) & 0xFFFFF) - p9CodeOff + p9MemAddr;
}
void getFIRMWrite(void *pos, u32 size, u32 *off){
u16 *getFirmWrite(u8 *pos, u32 size){
//Look for FIRM writing code
u8 *firmwrite = (u8 *)memsearch(pos, "exe:", size, 4);
const unsigned char pattern[] = {0x00, 0x28, 0x01, 0xDA};
u8 *const off = memsearch(pos, "exe:", size, 4);
const u8 pattern[] = {0x00, 0x28, 0x01, 0xDA};
*off = (u32)memsearch(firmwrite - 0x100, pattern, 0x100, 4);
return (u16 *)memsearch(off - 0x100, pattern, 0x100, 4);
}
void getLoader(u8 *pos, u32 size, u32 *loaderOffset, u32 *loaderSize){
u8 *const off = memsearch(pos, "loade", size, 5);
*loaderOffset = (u32)off - 0x200;
*loaderSize = *(u32 *)(off - 0xFC) * 0x200;
}

29
source/patches.h
View File

@@ -1,30 +1,27 @@
/*
* patches.h
* by Reisyukaku
* Copyright (c) 2015 All Rights Reserved
* by Reisyukaku / Aurora Wright
* Copyright (c) 2016 All Rights Reserved
*/
#ifndef PATCHES_INC
#define PATCHES_INC
#pragma once
#include "types.h"
/**************************************************
* Patches
**************************************************/
const u8 mpu[0x2C];
u8 nandRedir[0x08];
const u8 sigPat1[2];
const u8 sigPat2[4];
const u8 FIRMblock[4];
const u8 emuInstr[5];
const u32 mpuPatch[3];
const u16 nandRedir[2];
const u16 sigPatch[2];
const u16 writeBlock[2];
/**************************************************
* Functions
**************************************************/
void getSignatures(void *pos, u32 size, u32 *off, u32 *off2);
void getReboot(void *pos, u32 size, u32 *off);
void getfOpen(void *pos, u32 size, u32 *off);
void getFIRMWrite(void *pos, u32 size, u32 *off);
#endif
u8 *getProc9(u8 *pos, u32 size);
void getSigChecks(u8 *pos, u32 size, u32 *off, u32 *off2);
void *getReboot(u8 *pos, u32 size);
u32 getfOpen(u8 *proc9Offset, void *rebootOffset);
u16 *getFirmWrite(u8 *pos, u32 size);
void getLoader(u8 *pos, u32 size, u32 *loaderOffset, u32 *loaderSize);

152
source/screeninit.c Normal file
View File

@@ -0,0 +1,152 @@
/*
* screeninit.c
* by Aurora Wright
* Screen init code by dark_samus, bil1s, Normmatt, delebile and others.
* Screen deinit code by tiniVi.
*
* Copyright (c) 2016 All Rights Reserved
*/
#include "screeninit.h"
#include "draw.h"
#include "i2c.h"
static vu32 *const arm11 = (u32 *)0x1FFFFFF8;
void deinitScreens(void){
void __attribute__((naked)) ARM11(void){
//Disable interrupts
__asm(".word 0xF10C01C0");
//Clear ARM11 entry offset
*arm11 = 0;
//Shutdown LCDs
*(vu32 *)0x10202A44 = 0;
*(vu32 *)0x10202244 = 0;
*(vu32 *)0x10202014 = 0;
//Wait for the entry to be set
while(!*arm11);
//Jump to it
((void (*)())*arm11)();
}
if(PDN_GPU_CNT != 0x1){
*arm11 = (u32)ARM11;
while(*arm11);
}
}
void initScreens(void){
void __attribute__((naked)) ARM11(void){
//Disable interrupts
__asm(".word 0xF10C01C0");
*(vu32 *)0x10141200 = 0x1007F;
*(vu32 *)0x10202014 = 0x00000001;
*(vu32 *)0x1020200C &= 0xFFFEFFFE;
*(vu32 *)0x10202240 = 0x45;
*(vu32 *)0x10202A40 = 0x45;
*(vu32 *)0x10202244 = 0x1023E;
*(vu32 *)0x10202A44 = 0x1023E;
// Top screen
*(vu32 *)0x10400400 = 0x000001c2;
*(vu32 *)0x10400404 = 0x000000d1;
*(vu32 *)0x10400408 = 0x000001c1;
*(vu32 *)0x1040040c = 0x000001c1;
*(vu32 *)0x10400410 = 0x00000000;
*(vu32 *)0x10400414 = 0x000000cf;
*(vu32 *)0x10400418 = 0x000000d1;
*(vu32 *)0x1040041c = 0x01c501c1;
*(vu32 *)0x10400420 = 0x00010000;
*(vu32 *)0x10400424 = 0x0000019d;
*(vu32 *)0x10400428 = 0x00000002;
*(vu32 *)0x1040042c = 0x00000192;
*(vu32 *)0x10400430 = 0x00000192;
*(vu32 *)0x10400434 = 0x00000192;
*(vu32 *)0x10400438 = 0x00000001;
*(vu32 *)0x1040043c = 0x00000002;
*(vu32 *)0x10400440 = 0x01960192;
*(vu32 *)0x10400444 = 0x00000000;
*(vu32 *)0x10400448 = 0x00000000;
*(vu32 *)0x1040045C = 0x00f00190;
*(vu32 *)0x10400460 = 0x01c100d1;
*(vu32 *)0x10400464 = 0x01920002;
*(vu32 *)0x10400468 = 0x18300000;
*(vu32 *)0x10400470 = 0x80341;
*(vu32 *)0x10400474 = 0x00010501;
*(vu32 *)0x10400478 = 0;
*(vu32 *)0x10400490 = 0x000002D0;
*(vu32 *)0x1040049C = 0x00000000;
// Disco register
for(vu32 i = 0; i < 256; i++)
*(vu32 *)0x10400484 = 0x10101 * i;
// Bottom screen
*(vu32 *)0x10400500 = 0x000001c2;
*(vu32 *)0x10400504 = 0x000000d1;
*(vu32 *)0x10400508 = 0x000001c1;
*(vu32 *)0x1040050c = 0x000001c1;
*(vu32 *)0x10400510 = 0x000000cd;
*(vu32 *)0x10400514 = 0x000000cf;
*(vu32 *)0x10400518 = 0x000000d1;
*(vu32 *)0x1040051c = 0x01c501c1;
*(vu32 *)0x10400520 = 0x00010000;
*(vu32 *)0x10400524 = 0x0000019d;
*(vu32 *)0x10400528 = 0x00000052;
*(vu32 *)0x1040052c = 0x00000192;
*(vu32 *)0x10400530 = 0x00000192;
*(vu32 *)0x10400534 = 0x0000004f;
*(vu32 *)0x10400538 = 0x00000050;
*(vu32 *)0x1040053c = 0x00000052;
*(vu32 *)0x10400540 = 0x01980194;
*(vu32 *)0x10400544 = 0x00000000;
*(vu32 *)0x10400548 = 0x00000011;
*(vu32 *)0x1040055C = 0x00f00140;
*(vu32 *)0x10400560 = 0x01c100d1;
*(vu32 *)0x10400564 = 0x01920052;
*(vu32 *)0x10400568 = 0x18300000 + 0x46500;
*(vu32 *)0x10400570 = 0x80301;
*(vu32 *)0x10400574 = 0x00010501;
*(vu32 *)0x10400578 = 0;
*(vu32 *)0x10400590 = 0x000002D0;
*(vu32 *)0x1040059C = 0x00000000;
// Disco register
for(vu32 i = 0; i < 256; i++)
*(vu32 *)0x10400584 = 0x10101 * i;
// Enable backlight
i2cWriteRegister(I2C_DEV_MCU, 0x22, 0x2A);
*(vu32 *)0x10400468 = 0x18300000;
*(vu32 *)0x1040046c = 0x18300000;
*(vu32 *)0x10400494 = 0x18300000;
*(vu32 *)0x10400498 = 0x18300000;
*(vu32 *)0x10400568 = 0x18346500;
*(vu32 *)0x1040056c = 0x18346500;
//Set CakeBrah framebuffers
*((vu32 *)0x23FFFE00) = 0x18300000;
*((vu32 *)0x23FFFE04) = 0x18300000;
*((vu32 *)0x23FFFE08) = 0x18346500;
//Clear ARM11 entry offset
*arm11 = 0;
//Wait for the entry to be set
while(!*arm11);
//Jump to it
((void (*)())*arm11)();
}
if(PDN_GPU_CNT == 0x1){
*arm11 = (u32)ARM11;
while(*arm11);
}
clearScreens();
}

17
source/screeninit.h Normal file
View File

@@ -0,0 +1,17 @@
/*
* screeninit.h
* by Aurora Wright
* Screen init code by dark_samus, bil1s, Normmatt, delebile and others.
* Screen deinit code by tiniVi.
*
* Copyright (c) 2016 All Rights Reserved
*/
#pragma once
#include "types.h"
#define PDN_GPU_CNT (*(vu8 *)0x10141200)
void deinitScreens(void);
void initScreens(void);

16
source/start.s
View File

@@ -10,7 +10,7 @@ _start:
mcr p15, 0, r0, c5, c0, 2 @ write data access
mcr p15, 0, r0, c5, c0, 3 @ write instruction access
@ Set MPU permissions
@ Set MPU permissions and cache settings
ldr r0, =0xFFFF001D @ ffff0000 32k
ldr r1, =0x01FF801D @ 01ff8000 32k
ldr r2, =0x08000027 @ 08000000 1M
@@ -27,6 +27,10 @@ _start:
mcr p15, 0, r5, c6, c5, 0
mcr p15, 0, r6, c6, c6, 0
mcr p15, 0, r7, c6, c7, 0
mov r0, #0x25
mcr p15, 0, r0, c2, c0, 0 @ data cacheable
mcr p15, 0, r0, c2, c0, 1 @ instruction cacheable
mcr p15, 0, r0, c3, c0, 0 @ data bufferable
@ Enable caches
mrc p15, 0, r0, c1, c0, 0 @ read control register
@@ -48,15 +52,5 @@ _start:
bl main
@ Set cache settings
mov r0, #0x25
mov r1, #0x25
mov r2, #0x25
mcr p15, 0, r0, c3, c0, 0 @ Write bufferable 0, 2, 5
mcr p15, 0, r1, c2, c0, 0 @ Data cacheable 0, 2, 5
mcr p15, 0, r2, c2, c0, 1 @ Inst cacheable 0, 2, 5
bl startCFW
.die:
b .die

31
source/types.h
View File

@@ -4,8 +4,7 @@
* Copyright (c) 2015 All Rights Reserved
*/
#ifndef TYPES_INC
#define TYPES_INC
#pragma once
#include <stdint.h>
#include <stdlib.h>
@@ -15,27 +14,7 @@ typedef uint8_t u8;
typedef uint16_t u16;
typedef uint32_t u32;
typedef uint64_t u64;
typedef volatile uint8_t vu8;
typedef volatile uint16_t vu16;
typedef volatile uint32_t vu32;
typedef volatile uint64_t vu64;
//FIRM Header layout
typedef struct firmSectionHeader {
u32 offset;
u8 *address;
u32 size;
u32 procType;
u8 hash[0x20];
} firmSectionHeader;
typedef struct firmHeader {
u32 magic;
u32 reserved1;
u8 *arm11Entry;
u8 *arm9Entry;
u8 reserved2[0x30];
firmSectionHeader section[4];
} firmHeader;
#endif
typedef volatile u8 vu8;
typedef volatile u16 vu16;
typedef volatile u32 vu32;
typedef volatile u64 vu64;

143
source/utils.c Normal file
View File

@@ -0,0 +1,143 @@
/*
* utils.c
* by Aurora Wright
* Copyright (c) 2016 All Rights Reserved
*/
#include "utils.h"
#include "screeninit.h"
#include "draw.h"
#include "fs.h"
#include "i2c.h"
#include "buttons.h"
#define COLOR_TITLE 0xFF9900
#define COLOR_WHITE 0xFFFFFF
#define COLOR_RED 0x0000FF
#define COLOR_BLACK 0x000000
struct option {
int posY;
u32 enabled;
};
static u16 waitInput(void){
u32 pressedKey = 0;
u16 key;
//Wait for no keys to be pressed
while(HID_PAD);
do {
//Wait for a key to be pressed
while(!HID_PAD);
key = HID_PAD;
//Make sure it's pressed
for(u32 i = 0x13000; i; i--){
if(key != HID_PAD) break;
if(i == 1) pressedKey = 1;
}
} while(!pressedKey);
return key;
}
void configureCFW(const char *configPath, const char *firm90Path){
initScreens();
drawString(CONFIG_TITLE, 10, 10, COLOR_TITLE);
drawString("Press A to select, START to save and reboot", 10, 30, COLOR_WHITE);
const char *optionsText[] = { "( ) Updated SysNAND mode (A9LH-only)",
"( ) Use pre-patched FIRMs",
"( ) Force A9LH detection",
"( ) Use 9.0 FIRM as default",
"( ) Use second EmuNAND as default",
"( ) Show current NAND in System Settings" };
u32 optionsAmount = sizeof(optionsText) / sizeof(char *);
struct option options[optionsAmount];
//Read and parse the existing configuration
u32 tempConfig = 0;
fileRead(&tempConfig, configPath, 3);
for(u32 i = 0; i < optionsAmount; i++)
options[i].enabled = (tempConfig >> i) & 0x1;
//Pre-select the first configuration option
u32 selectedOption = 0;
//Boring configuration menu
while(1){
u16 pressed = 0;
do{
for(u32 i = 0; i < optionsAmount; i++){
options[i].posY = drawString(optionsText[i], 10, !i ? 60 : options[i - 1].posY + SPACING_Y, selectedOption == i ? COLOR_RED : COLOR_WHITE);
drawCharacter('x', 10 + SPACING_X, options[i].posY, options[i].enabled ? (selectedOption == i ? COLOR_RED : COLOR_WHITE) : COLOR_BLACK);
}
pressed = waitInput();
} while(!(pressed & MENU_BUTTONS));
switch(pressed){
case BUTTON_UP:
selectedOption = !selectedOption ? optionsAmount - 1 : selectedOption - 1;
break;
case BUTTON_DOWN:
selectedOption = selectedOption == optionsAmount - 1 ? 0 : selectedOption + 1;
break;
case BUTTON_LEFT:
selectedOption = 0;
break;
case BUTTON_RIGHT:
selectedOption = optionsAmount - 1;
break;
case BUTTON_A:
options[selectedOption].enabled = !options[selectedOption].enabled;
break;
}
if(pressed == BUTTON_START) break;
}
//If the user has been using A9LH and the "Updated SysNAND" setting changed, delete the patched 9.0 FIRM
if(((tempConfig >> 16) & 0x1) && ((tempConfig & 0x1) != options[0].enabled))
fileDelete(firm90Path);
//Preserve the last-used boot options (last 12 bits)
tempConfig &= 0xFFF000;
//Parse and write the selected options
for(u32 i = 0; i < optionsAmount; i++)
tempConfig |= options[i].enabled << i;
fileWrite(&tempConfig, configPath, 3);
//Zero the last booted FIRM flag
CFG_BOOTENV = 0;
//Reboot
i2cWriteRegister(I2C_DEV_MCU, 0x20, 1 << 2);
while(1);
}
void deleteFirms(const char *firmPaths[], u32 firms){
while(firms){
fileDelete(firmPaths[firms - 1]);
firms--;
}
}
void error(const char *message){
initScreens();
drawString("An error has occurred:", 10, 10, COLOR_RED);
int posY = drawString(message, 10, 30, COLOR_WHITE);
drawString("Press any button to shutdown", 10, posY + 2 * SPACING_Y, COLOR_WHITE);
waitInput();
//Shutdown
i2cWriteRegister(I2C_DEV_MCU, 0x20, 1);
while(1);
}

15
source/utils.h Normal file
View File

@@ -0,0 +1,15 @@
/*
* utils.h
* by Aurora Wright
* Copyright (c) 2016 All Rights Reserved
*/
#pragma once
#include "types.h"
#define CFG_BOOTENV (*(vu8 *)0x10010000)
void configureCFW(const char *configPath, const char *firm90Path);
void deleteFirms(const char *firmPaths[], u32 firms);
void error(const char *message);