Fix UTF-8 BOM (Windows Notepad seems to like it) being parsed as a regular character

Reduce max file size
Ninty doesn't support 4-byte UTF16
2016-09-17 00:12:09 +02:00 · 2016-09-16 13:30:16 +02:00 · 2016-09-16 12:59:32 +02:00 · 2016-09-16 03:39:12 +02:00 · 2016-09-16 03:14:37 +02:00 · 2016-09-15 23:57:55 +02:00
78 changed files with 4011 additions and 1283 deletions
--- a/70
+++ b/70
@@ -13,13 +13,19 @@ OC := arm-none-eabi-objcopy

 name := Luma3DS
 revision := $(shell git describe --tags --match v[0-9]* --abbrev=8 | sed 's/-[0-9]*-g/-/i')
+commit := $(shell git rev-parse --short=8 HEAD)

 dir_source := source
 dir_patches := patches
 dir_loader := loader
 dir_injector := injector
+dir_exceptions := exceptions
+dir_arm9_exceptions := $(dir_exceptions)/arm9
+dir_arm11_exceptions := $(dir_exceptions)/arm11
 dir_mset := CakeHax
 dir_ninjhax := CakeBrah
+dir_menuhax := menuhax
+dir_pathchanger := pathchanger
 dir_build := build
 dir_out := out

@@ -32,10 +38,18 @@ objects = $(patsubst $(dir_source)/%.s, $(dir_build)/%.o, \
          $(patsubst $(dir_source)/%.c, $(dir_build)/%.o, \
          $(call rwildcard, $(dir_source), *.s *.c)))

-bundled = $(dir_build)/rebootpatch.h $(dir_build)/emunandpatch.h $(dir_build)/injector.h $(dir_build)/loader.h
+bundled = $(dir_build)/rebootpatch.h $(dir_build)/emunandpatch.h $(dir_build)/svcGetCFWInfopatch.h $(dir_build)/injector.h $(dir_build)/loader.h
+
+ifeq ($(strip $(DEV)),TRUE)
+CFLAGS += -DDEV
+bundled += $(dir_build)/k11modulespatch.h $(dir_build)/arm9_exceptions.h $(dir_build)/arm11_exceptions.h
+title := \"$(name) $(revision) (dev) configuration\"
+else
+title := \"$(name) $(revision) configuration\"
+endif

 .PHONY: all
-all: launcher a9lh ninjhax
+all: launcher a9lh ninjhax menuhax

 .PHONY: launcher
 launcher: $(dir_out)/$(name).dat
@@ -46,14 +60,23 @@ a9lh: $(dir_out)/arm9loaderhax.bin
 .PHONY: ninjhax
 ninjhax: $(dir_out)/3ds/$(name)

+.PHONY: menuhax
+menuhax: $(dir_out)/menuhax/boot.3dsx
+
 .PHONY: release
+ifeq ($(strip $(DEV)),TRUE)
+release: $(dir_out)/$(name)$(revision)-dev.7z
+else
 release: $(dir_out)/$(name)$(revision).7z
+endif

 .PHONY: clean
 clean:
 	@$(MAKE) $(FLAGS) -C $(dir_mset) clean
 	@$(MAKE) $(FLAGS) -C $(dir_ninjhax) clean
 	@$(MAKE) -C $(dir_loader) clean
+	@$(MAKE) -C $(dir_arm9_exceptions) clean
+	@$(MAKE) -C $(dir_arm11_exceptions) clean	
 	@$(MAKE) -C $(dir_injector) clean
 	@rm -rf $(dir_out) $(dir_build)

@@ -64,6 +87,12 @@ $(dir_out)/$(name).dat: $(dir_build)/main.bin $(dir_out)
 	@$(MAKE) $(FLAGS) -C $(dir_mset) launcher
 	@dd if=$(dir_build)/main.bin of=$@ bs=512 seek=144

+$(dir_out)/menuhax/boot.3dsx: $(dir_menuhax)/menuhax.diff $(dir_out)
+	@mkdir -p "$(@D)"
+	@cd $(dir_ninjhax); patch -p1 < ../$(dir_menuhax)/menuhax.diff; $(MAKE) $(FLAGS); git reset --hard
+	@mv $(dir_out)/$(name).3dsx $@
+	@rm $(dir_out)/$(name).smdh
+
 $(dir_out)/arm9loaderhax.bin: $(dir_build)/main.bin $(dir_out)
 	@cp -a $(dir_build)/main.bin $@

@@ -72,16 +101,24 @@ $(dir_out)/3ds/$(name): $(dir_out)
 	@$(MAKE) $(FLAGS) -C $(dir_ninjhax)
 	@mv $(dir_out)/$(name).3dsx $(dir_out)/$(name).smdh $@

-$(dir_out)/$(name)$(revision).7z: launcher a9lh ninjhax
+$(dir_out)/pathchanger: $(dir_pathchanger)/pathchanger.py $(dir_pathchanger)/prebuilt $(dir_out)
+	@mkdir -p "$@"
+	@cp $(dir_pathchanger)/pathchanger.py $@
+	@cp -rfT $(dir_pathchanger)/prebuilt $@
+
+$(dir_out)/$(name)$(revision).7z: all $(dir_out)/pathchanger
 	@7z a -mx $@ ./$(@D)/*

+$(dir_out)/$(name)$(revision)-dev.7z: all $(dir_out)/pathchanger
+	@7z a -mx $@ ./$(@D)/* ./$(dir_exceptions)/exception_dump_parser.py
+
 $(dir_build)/main.bin: $(dir_build)/main.elf
 	$(OC) -S -O binary $< $@

 $(dir_build)/main.elf: $(objects)
 	$(LINK.o) -T linker.ld $(OUTPUT_OPTION) $^

-$(dir_build)/emunandpatch.h: $(dir_patches)/emunand.s $(dir_injector)/Makefile
+$(dir_build)/emunandpatch.h: $(dir_patches)/emunand.s
 	@mkdir -p "$(@D)"
 	@armips $<
 	@bin2c -o $@ -n emunand $(@D)/emunand.bin
@@ -91,17 +128,36 @@ $(dir_build)/rebootpatch.h: $(dir_patches)/reboot.s
 	@armips $<
 	@bin2c -o $@ -n reboot $(@D)/reboot.bin

+$(dir_build)/svcGetCFWInfopatch.h: $(dir_patches)/svcGetCFWInfo.s
+	@mkdir -p "$(@D)"
+	@armips $<
+	@bin2c -o $@ -n svcGetCFWInfo $(@D)/svcGetCFWInfo.bin
+
 $(dir_build)/injector.h: $(dir_injector)/Makefile
 	@mkdir -p "$(@D)"
-	@$(MAKE) -C $(dir_injector)
+	@$(MAKE) -C $(dir_injector) DEV=$(DEV)
 	@bin2c -o $@ -n injector $(@D)/injector.cxi

 $(dir_build)/loader.h: $(dir_loader)/Makefile
 	@$(MAKE) -C $(dir_loader)
 	@bin2c -o $@ -n loader $(@D)/loader.bin

-$(dir_build)/memory.o: CFLAGS += -O3
-$(dir_build)/config.o: CFLAGS += -DCONFIG_TITLE="\"$(name) $(revision) configuration\""
+$(dir_build)/k11modulespatch.h: $(dir_patches)/k11modules.s
+	@mkdir -p "$(@D)"
+	@armips $<
+	@bin2c -o $@ -n k11modules $(@D)/k11modules.bin
+
+$(dir_build)/arm9_exceptions.h: $(dir_arm9_exceptions)/Makefile
+	@$(MAKE) -C $(dir_arm9_exceptions)
+	@bin2c -o $@ -n arm9_exceptions $(@D)/arm9_exceptions.bin
+
+$(dir_build)/arm11_exceptions.h: $(dir_arm11_exceptions)/Makefile
+	@$(MAKE) -C $(dir_arm11_exceptions)
+	@bin2c -o $@ -n arm11_exceptions $(@D)/arm11_exceptions.bin
+
+$(dir_build)/memory.o $(dir_build)/strings.o: CFLAGS += -O3
+$(dir_build)/config.o: CFLAGS += -DCONFIG_TITLE="$(title)"
+$(dir_build)/patches.o: CFLAGS += -DREVISION=\"$(revision)\" -DCOMMIT_HASH="0x$(commit)"

 $(dir_build)/%.o: $(dir_source)/%.c $(bundled)
 	@mkdir -p "$(@D)"
--- a/README.md
+++ b/README.md
@@ -1,23 +1,37 @@
 # Luma3DS
 *Noob-proof (N)3DS "Custom Firmware"*

-**Compiling:**
+## What it is

-First you need to clone the repository recursively with: `git clone --recursive https://github.com/AuroraWright/Luma3DS.git`
+**Luma3DS** is a program to patch the system software of (New) Nintendo 3DS handheld consoles "on the fly", adding features (such as per-game language settings and debugging capabilities for developers) and removing restrictions enforced by Nintendo (such as the region lock).
+It also allows you to run unauthorized ("homebrew") content by removing signature checks.  
+To use it, you will need a console capable of running homebrew software on the ARM9 processor. We recommend [Plailect's guide](https://github.com/Plailect/Guide/wiki) for details on how to get your system ready.
+
+---
+
+## Compiling
+
+First you need to clone the repository recursively with: `git clone --recursive https://github.com/AuroraWright/Luma3DS.git`  
 To compile, you'll need [armips](https://github.com/Kingcom/armips), [bin2c](https://sourceforge.net/projects/bin2c/), and a recent build of [makerom](https://github.com/profi200/Project_CTR) added to your PATH.  
 For your convenience, here are [Windows](http://www91.zippyshare.com/v/ePGpjk9r/file.html) and [Linux](https://mega.nz/#!uQ1T1IAD!Q91O0e12LXKiaXh_YjXD3D5m8_W3FuMI-hEa6KVMRDQ) builds of armips (thanks to who compiled them!).  
-Finally just run `make` and everything should work!  
-You can find the compiled files in the 'out' folder.
+Finally just run `make` (for the regular version) or `make DEV=TRUE` (for the dev version) and everything should work!  
+You can find the compiled files in the `out` folder.

-**Setup / Usage / Features:**
+---
+
+## Setup / Usage / Features

 See https://github.com/AuroraWright/Luma3DS/wiki

-**Credits:**
- 
+---
+
+## Credits
+
 See https://github.com/AuroraWright/Luma3DS/wiki/Credits

-**Licensing:**
+---
+
+## Licensing

 This software is licensed under the terms of the GPLv3.  
 You can find a copy of the license in the LICENSE.txt file.
--- a/exceptions/arm11/Makefile
+++ b/exceptions/arm11/Makefile
@@ -0,0 +1,47 @@
+rwildcard = $(foreach d, $(wildcard $1*), $(filter $(subst *, %, $2), $d) $(call rwildcard, $d/, $2))
+
+ifeq ($(strip $(DEVKITARM)),)
+$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
+endif
+
+include $(DEVKITARM)/3ds_rules
+
+CC := arm-none-eabi-gcc
+AS := arm-none-eabi-as
+LD := arm-none-eabi-ld
+OC := arm-none-eabi-objcopy
+
+name := arm11_exceptions
+
+dir_source := source
+dir_build := build
+
+ASFLAGS := -mcpu=mpcore -mfpu=vfp
+CFLAGS  := -Wall -Wextra -MMD -MP -mthumb -mthumb-interwork $(ASFLAGS) -fno-builtin -std=c11 -Wno-main -O2 -flto -ffast-math
+LDFLAGS := -nostdlib
+
+objects = $(patsubst $(dir_source)/%.s, $(dir_build)/%.o, \
+          $(patsubst $(dir_source)/%.c, $(dir_build)/%.o, \
+          $(call rwildcard, $(dir_source), *.s *.c)))
+
+.PHONY: all
+all: ../../$(dir_build)/$(name).bin
+
+.PHONY: clean
+clean:
+	@rm -rf $(dir_build)
+
+../../$(dir_build)/$(name).bin: $(dir_build)/$(name).elf
+	$(OC) -S -O binary $< $@
+
+$(dir_build)/$(name).elf: $(objects)
+	$(CC) $(LDFLAGS) -T linker.ld $(OUTPUT_OPTION) $^
+
+$(dir_build)/%.o: $(dir_source)/%.c
+	@mkdir -p "$(@D)"
+	$(COMPILE.c) $(OUTPUT_OPTION) $<
+
+$(dir_build)/%.o: $(dir_source)/%.s
+	@mkdir -p "$(@D)"
+	$(COMPILE.s) $(OUTPUT_OPTION) $<
+include $(call rwildcard, $(dir_build), *.d)
--- a/exceptions/arm11/linker.ld
+++ b/exceptions/arm11/linker.ld
@@ -0,0 +1,11 @@
+ENTRY(_start)
+SECTIONS
+{
+    . = 0;
+    .text.start : { *(.text.start) }
+    .text : { *(.text) }
+    .data : { *(.data) }
+    .bss : { *(.bss COMMON) }
+    .rodata : { *(.rodata) }
+    . = ALIGN(4);
+}
--- a/exceptions/arm11/source/handlers.h
+++ b/exceptions/arm11/source/handlers.h
@@ -0,0 +1,48 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#pragma once
+
+#include "types.h"
+
+typedef struct __attribute__((packed))
+{
+    u32 magic[2];
+    u16 versionMinor, versionMajor;
+
+    u16 processor, core;
+    u32 type;
+
+    u32 totalSize;
+    u32 registerDumpSize;
+    u32 codeDumpSize;
+    u32 stackDumpSize;
+    u32 additionalDataSize;
+} ExceptionDumpHeader;
+
+void __attribute__((noreturn)) mcuReboot(void);
+void cleanInvalidateDCacheAndDMB(void);
+bool cannotAccessVA(const void *address);
+void FIQHandler(void);
+void undefinedInstructionHandler(void);
+void dataAbortHandler(void);
+void prefetchAbortHandler(void);
--- a/exceptions/arm11/source/handlers.s
+++ b/exceptions/arm11/source/handlers.s
@@ -0,0 +1,150 @@
+@   This file is part of Luma3DS
+@   Copyright (C) 2016 Aurora Wright, TuxSH
+@
+@   This program is free software: you can redistribute it and/or modify
+@   it under the terms of the GNU General Public License as published by
+@   the Free Software Foundation, either version 3 of the License, or
+@   (at your option) any later version.
+@
+@   This program is distributed in the hope that it will be useful,
+@   but WITHOUT ANY WARRANTY; without even the implied warranty of
+@   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+@   GNU General Public License for more details.
+@
+@   You should have received a copy of the GNU General Public License
+@   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+@
+@   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+@   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+@   Notices displayed by works containing it.
+
+.macro GEN_HANDLER name
+    .global \name
+    .type   \name, %function
+    \name:
+        ldr sp, =#0xffff3000
+        stmfd sp!, {r0-r7}
+        mov r1, #\@         @ macro expansion counter
+        b _commonHandler
+
+    .size   \name, . - \name
+.endm
+
+.text
+.arm
+.align 4
+
+.global _commonHandler
+.type   _commonHandler, %function
+_commonHandler:
+    clrex
+    cpsid aif
+    mrs r2, spsr
+    mov r6, sp
+    mrs r3, cpsr
+
+    tst r2, #0x20
+    bne noFPUInitNorSvcBreak
+    sub r0, lr, #4
+    stmfd sp!, {lr}
+    bl cannotAccessVA
+    ldmfd sp!, {lr}
+    cmp r0, #0
+    bne noFPUInitNorSvcBreak
+    ldr r4, [lr, #-4]
+    cmp r1, #1
+    bne noFPUInit
+
+    lsl r4, #4
+    sub r4, #0xc0000000
+    cmp r4, #0x30000000
+    bcs noFPUInitNorSvcBreak
+    fmrx r0, fpexc
+    tst r0, #0x40000000
+    bne noFPUInitNorSvcBreak
+
+    sub lr, #4
+    srsfd sp!, #0x13
+    ldmfd sp!, {r0-r7}          @ restore context
+    cps #0x13                   @ FPU init
+    stmfd sp, {r0-r3, r11-lr}^
+    sub sp, #0x20
+    bl .                        @ will be replaced
+    ldmfd sp, {r0-r3, r11-lr}^
+    add sp, #0x20
+    rfefd sp!
+
+    noFPUInit:
+    cmp r1, #2
+    bne noFPUInitNorSvcBreak
+    ldr r5, =#0xe12fff7f
+    cmp r4, r5
+    bne noFPUInitNorSvcBreak
+    cps #0x13                   @ switch to supervisor mode
+    cmp r10, #0
+    addne sp, #0x28
+    ldr r2, [sp, #0x1c]         @ implementation details of the official svc handler
+    ldr r4, [sp, #0x18]
+    msr cpsr_c, r3              @ restore processor mode
+    tst r2, #0x20
+    addne lr, r4, #2            @ adjust address for later
+    moveq lr, r4
+
+    noFPUInitNorSvcBreak:
+    ands r4, r2, #0xf       @ get the mode that triggered the exception
+    moveq r4, #0xf          @ usr => sys
+    bic r5, r3, #0xf
+    orr r5, r4
+    msr cpsr_c, r5          @ change processor mode
+    stmfd r6!, {r8-lr}
+    msr cpsr_c, r3          @ restore processor mode
+    mov sp, r6
+
+    stmfd sp!, {r2,lr}
+
+    mrc p15,0,r4,c5,c0,0    @ dfsr
+    mrc p15,0,r5,c5,c0,1    @ ifsr
+    mrc p15,0,r6,c6,c0,0    @ far
+    fmrx r7, fpexc
+    fmrx r8, fpinst
+    fmrx r9, fpinst2
+
+    stmfd sp!, {r4-r9}      @ it's a bit of a mess, but we will fix that later
+                            @ order of saved regs now: dfsr, ifsr, far, fpexc, fpinst, fpinst2, cpsr, pc + (2/4/8), r8-r14, r0-r7
+
+    bic r3, #(1<<31)
+    fmxr fpexc, r3          @ clear the VFP11 exception flag (if it's set)
+
+    mov r0, sp
+    mrc p15,0,r2,c0,c0,5    @ CPU ID register
+
+    b mainHandler
+
+GEN_HANDLER FIQHandler
+GEN_HANDLER undefinedInstructionHandler
+GEN_HANDLER prefetchAbortHandler
+GEN_HANDLER dataAbortHandler
+
+.global mcuReboot
+.type   mcuReboot, %function
+mcuReboot:
+    b .                     @ will be replaced
+
+.global cleanInvalidateDCacheAndDMB
+.type   cleanInvalidateDCacheAndDMB, %function
+cleanInvalidateDCacheAndDMB:
+    mov r0, #0
+    mcr p15,0,r0,c7,c14,0   @ Clean and Invalidate Entire Data Cache
+    mcr p15,0,r0,c7,c10,4   @ Drain Memory Barrier
+    bx lr
+
+.global cannotAccessVA
+.type   cannotAccessVA, %function
+cannotAccessVA:
+    @ Thanks yellows8 for the hint 
+    lsr r0, #12
+    lsl r0, #12
+    mcr p15,0,r0,c7,c8,0    @ VA to PA translation with privileged read permission check
+    mrc p15,0,r0,c7,c4,0    @ read PA register
+    and r0, #1              @ failure bit
+    bx lr
--- a/exceptions/arm11/source/mainHandler.c
+++ b/exceptions/arm11/source/mainHandler.c
@@ -0,0 +1,110 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#include "handlers.h"
+
+#define FINAL_BUFFER    0xE5000000 //0x25000000
+
+#define REG_DUMP_SIZE   4 * 23
+#define CODE_DUMP_SIZE  48
+
+#define CODESET_OFFSET  0xBEEFBEEF
+
+static u32 __attribute__((noinline)) copyMemory(void *dst, const void *src, u32 size, u32 alignment)
+{
+    u8 *out = (u8 *)dst;
+    const u8 *in = (const u8 *)src;
+
+    if(((u32)src & (alignment - 1)) != 0 || cannotAccessVA(src) || (size != 0 && cannotAccessVA((u8 *)src + size - 1)))
+        return 0;
+
+    for(u32 i = 0; i < size; i++)
+        *out++ = *in++;
+
+    return size;
+}
+
+void __attribute__((noreturn)) mainHandler(u32 *regs, u32 type, u32 cpuId)
+{
+    ExceptionDumpHeader dumpHeader;
+
+    u32 registerDump[REG_DUMP_SIZE / 4];
+    u8 codeDump[CODE_DUMP_SIZE];
+    u8 *final = (u8 *)FINAL_BUFFER;
+
+    while(*(vu32 *)final == 0xDEADC0DE && *((vu32 *)final + 1) == 0xDEADCAFE);
+
+    dumpHeader.magic[0] = 0xDEADC0DE;
+    dumpHeader.magic[1] = 0xDEADCAFE;
+    dumpHeader.versionMajor = 1;
+    dumpHeader.versionMinor = 2;
+
+    dumpHeader.processor = 11;
+    dumpHeader.core = cpuId & 0xF;
+    dumpHeader.type = type;
+
+    dumpHeader.registerDumpSize = REG_DUMP_SIZE;
+    dumpHeader.codeDumpSize = CODE_DUMP_SIZE;
+
+    //Dump registers
+    //Current order of saved regs: dfsr, ifsr, far, fpexc, fpinst, fpinst2, cpsr, pc, r8-r12, sp, lr, r0-r7
+    u32 cpsr = regs[6];
+    u32 pc   = regs[7] - (type < 3 ? (((cpsr & 0x20) != 0 && type == 1) ? 2 : 4) : 8);
+
+    registerDump[15] = pc;
+    registerDump[16] = cpsr;
+    for(u32 i = 0; i < 6; i++) registerDump[17 + i] = regs[i];
+    for(u32 i = 0; i < 7; i++) registerDump[8 + i]  = regs[8 + i];
+    for(u32 i = 0; i < 8; i++) registerDump[i]      = regs[15 + i];
+
+    //Dump code
+    u8 *instr = (u8 *)pc + ((cpsr & 0x20) ? 2 : 4) - dumpHeader.codeDumpSize; //Doesn't work well on 32-bit Thumb instructions, but it isn't much of a problem
+    dumpHeader.codeDumpSize = copyMemory(codeDump, instr, dumpHeader.codeDumpSize, ((cpsr & 0x20) != 0) ? 2 : 4);
+
+    //Copy register dump and code dump 
+    final = (u8 *)(FINAL_BUFFER + sizeof(ExceptionDumpHeader));
+    final += copyMemory(final, registerDump, dumpHeader.registerDumpSize, 1);
+    final += copyMemory(final, codeDump, dumpHeader.codeDumpSize, 1);
+
+    //Dump stack in place
+    dumpHeader.stackDumpSize = copyMemory(final, (const void *)registerDump[13], 0x1000 - (registerDump[13] & 0xFFF), 1);
+    final += dumpHeader.stackDumpSize;
+
+    if(!cannotAccessVA((u8 *)0xFFFF9004))
+    {
+        vu64 *additionalData = (vu64 *)final;
+        dumpHeader.additionalDataSize = 16;
+        vu8 *currentKCodeSet = *(vu8 **)(*(vu8 **)0xFFFF9004 + CODESET_OFFSET); //currentKProcess + CodeSet
+
+        additionalData[0] = *(vu64 *)(currentKCodeSet + 0x50); //Process name        
+        additionalData[1] = *(vu64 *)(currentKCodeSet + 0x5C); //Title ID
+    }
+    else dumpHeader.additionalDataSize = 0;
+
+    dumpHeader.totalSize = sizeof(ExceptionDumpHeader) + dumpHeader.registerDumpSize + dumpHeader.codeDumpSize + dumpHeader.stackDumpSize + dumpHeader.additionalDataSize;
+
+    //Copy header (actually optimized by the compiler)
+    *(ExceptionDumpHeader *)FINAL_BUFFER = dumpHeader;
+
+    cleanInvalidateDCacheAndDMB();
+    mcuReboot(); //Also contains DCache-cleaning code
+}
--- a/exceptions/arm11/source/start.s
+++ b/exceptions/arm11/source/start.s
@@ -0,0 +1,31 @@
+@   This file is part of Luma3DS
+@   Copyright (C) 2016 Aurora Wright, TuxSH
+@
+@   This program is free software: you can redistribute it and/or modify
+@   it under the terms of the GNU General Public License as published by
+@   the Free Software Foundation, either version 3 of the License, or
+@   (at your option) any later version.
+@
+@   This program is distributed in the hope that it will be useful,
+@   but WITHOUT ANY WARRANTY; without even the implied warranty of
+@   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+@   GNU General Public License for more details.
+@
+@   You should have received a copy of the GNU General Public License
+@   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+@
+@   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+@   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+@   Notices displayed by works containing it.
+
+.section .text.start
+.align 4
+.global _start
+_start:
+    add pc, r0, #(handlers - .) @ Dummy instruction to prevent compiler optimizations
+
+handlers:
+    .word FIQHandler
+    .word undefinedInstructionHandler
+    .word prefetchAbortHandler
+    .word dataAbortHandler
--- a/exceptions/arm11/source/types.h
+++ b/exceptions/arm11/source/types.h
@@ -0,0 +1,37 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#pragma once
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdbool.h>
+
+//Common data types
+typedef uint8_t u8;
+typedef uint16_t u16;
+typedef uint32_t u32;
+typedef uint64_t u64;
+typedef volatile u8 vu8;
+typedef volatile u16 vu16;
+typedef volatile u32 vu32;
+typedef volatile u64 vu64;
--- a/exceptions/arm9/Makefile
+++ b/exceptions/arm9/Makefile
@@ -0,0 +1,47 @@
+rwildcard = $(foreach d, $(wildcard $1*), $(filter $(subst *, %, $2), $d) $(call rwildcard, $d/, $2))
+
+ifeq ($(strip $(DEVKITARM)),)
+$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
+endif
+
+include $(DEVKITARM)/3ds_rules
+
+CC := arm-none-eabi-gcc
+AS := arm-none-eabi-as
+LD := arm-none-eabi-ld
+OC := arm-none-eabi-objcopy
+
+name := arm9_exceptions
+
+dir_source := source
+dir_build := build
+
+ASFLAGS := -mcpu=arm946e-s
+CFLAGS  := -Wall -Wextra -MMD -MP -mthumb -mthumb-interwork $(ASFLAGS) -fno-builtin -std=c11 -Wno-main -O2 -flto -ffast-math
+LDFLAGS := -nostdlib
+
+objects = $(patsubst $(dir_source)/%.s, $(dir_build)/%.o, \
+          $(patsubst $(dir_source)/%.c, $(dir_build)/%.o, \
+          $(call rwildcard, $(dir_source), *.s *.c)))
+
+.PHONY: all
+all: ../../$(dir_build)/$(name).bin
+
+.PHONY: clean
+clean:
+	@rm -rf $(dir_build)
+
+../../$(dir_build)/$(name).bin: $(dir_build)/$(name).elf
+	$(OC) -S -O binary $< $@
+
+$(dir_build)/$(name).elf: $(objects)
+	$(CC) $(LDFLAGS) -T linker.ld $(OUTPUT_OPTION) $^
+
+$(dir_build)/%.o: $(dir_source)/%.c
+	@mkdir -p "$(@D)"
+	$(COMPILE.c) $(OUTPUT_OPTION) $<
+
+$(dir_build)/%.o: $(dir_source)/%.s
+	@mkdir -p "$(@D)"
+	$(COMPILE.s) $(OUTPUT_OPTION) $<
+include $(call rwildcard, $(dir_build), *.d)
--- a/exceptions/arm9/linker.ld
+++ b/exceptions/arm9/linker.ld
@@ -0,0 +1,11 @@
+ENTRY(_start)
+SECTIONS
+{
+    . = 0x01FF7FE0;
+    .text.start : { *(.text.start) }
+    .text : { *(.text) }
+    .data : { *(.data) }
+    .bss : { *(.bss COMMON) }
+    .rodata : { *(.rodata) }
+    . = ALIGN(4);
+}
--- a/exceptions/arm9/source/handlers.h
+++ b/exceptions/arm9/source/handlers.h
@@ -0,0 +1,46 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#pragma once
+
+#include "types.h"
+
+typedef struct __attribute__((packed))
+{
+    u32 magic[2];
+    u16 versionMinor, versionMajor;
+
+    u16 processor, core;
+    u32 type;
+
+    u32 totalSize;
+    u32 registerDumpSize;
+    u32 codeDumpSize;
+    u32 stackDumpSize;
+    u32 additionalDataSize;
+} ExceptionDumpHeader;
+
+u32 readMPUConfig(u32 *regionSettings);
+void FIQHandler(void);
+void undefinedInstructionHandler(void);
+void dataAbortHandler(void);
+void prefetchAbortHandler(void);
--- a/exceptions/arm9/source/handlers.s
+++ b/exceptions/arm9/source/handlers.s
@@ -0,0 +1,108 @@
+@   This file is part of Luma3DS
+@   Copyright (C) 2016 Aurora Wright, TuxSH
+@
+@   This program is free software: you can redistribute it and/or modify
+@   it under the terms of the GNU General Public License as published by
+@   the Free Software Foundation, either version 3 of the License, or
+@   (at your option) any later version.
+@
+@   This program is distributed in the hope that it will be useful,
+@   but WITHOUT ANY WARRANTY; without even the implied warranty of
+@   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+@   GNU General Public License for more details.
+@
+@   You should have received a copy of the GNU General Public License
+@   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+@
+@   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+@   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+@   Notices displayed by works containing it.
+
+.macro GEN_HANDLER name
+    .global \name
+    .type   \name, %function
+    \name:
+        ldr sp, =#0x02000000    @ We make the (full descending) stack point to the end of ITCM for our exception handlers. 
+                                @ It doesn't matter if we're overwriting stuff here, since we're going to reboot.
+
+        stmfd sp!, {r0-r7}      @ FIQ has its own r8-r14 regs
+        ldr r1, =\@             @ macro expansion counter
+        b _commonHandler
+
+    .size   \name, . - \name
+.endm
+
+.text
+.arm
+.align 4
+
+.global _commonHandler
+.type   _commonHandler, %function
+_commonHandler:
+    mrs r2, spsr
+    mov r6, sp
+    mrs r3, cpsr
+
+    orr r3, #0x1c0              @ disable Imprecise Aborts, IRQ and FIQ (equivalent to "cpsid aif" on arm11)
+    msr cpsr_cx, r3
+
+    tst r2, #0x20
+    bne noSvcBreak
+    cmp r1, #2
+    bne noSvcBreak
+
+    sub r0, lr, #4              @ calling cannotAccessAddress cause more problems that it actually solves... (I've to save a lot of regs and that's a pain tbh)
+    lsr r0, #20                 @ we'll just do some address checks (to see if it's in ARM9 internal memory)
+    cmp r0, #0x80
+    bne noSvcBreak
+    ldr r4, [lr, #-4]
+    ldr r5, =#0xe12fff7f
+    cmp r4, r5
+    bne noSvcBreak
+    bic r5, r3, #0xf
+    orr r5, #0x3
+    msr cpsr_c, r5             @ switch to supervisor mode
+    ldr r2, [sp, #0x1c]        @ implementation details of the official svc handler
+    ldr r4, [sp, #0x18]
+    msr cpsr_c, r3             @ restore processor mode
+    tst r2, #0x20
+    addne lr, r4, #2           @ adjust address for later
+    moveq lr, r4
+
+    noSvcBreak:
+    ands r4, r2, #0xf          @ get the mode that triggered the exception
+    moveq r4, #0xf             @ usr => sys
+    bic r5, r3, #0xf
+    orr r5, r4
+    msr cpsr_c, r5             @ change processor mode
+    stmfd r6!, {r8-lr}
+    msr cpsr_c, r3             @ restore processor mode
+    mov sp, r6
+
+    stmfd sp!, {r2,lr}         @ it's a bit of a mess, but we will fix that later
+                               @ order of saved regs now: cpsr, pc + (2/4/8), r8-r14, r0-r7
+
+    mov r0, sp
+
+    b mainHandler
+
+GEN_HANDLER FIQHandler
+GEN_HANDLER undefinedInstructionHandler
+GEN_HANDLER prefetchAbortHandler
+GEN_HANDLER dataAbortHandler
+
+.global readMPUConfig
+.type   readMPUConfig, %function
+readMPUConfig:
+    stmfd sp!, {r4-r8, lr}
+    mrc p15,0,r1,c6,c0,0
+    mrc p15,0,r2,c6,c1,0
+    mrc p15,0,r3,c6,c2,0
+    mrc p15,0,r4,c6,c3,0
+    mrc p15,0,r5,c6,c4,0
+    mrc p15,0,r6,c6,c5,0
+    mrc p15,0,r7,c6,c6,0
+    mrc p15,0,r8,c6,c7,0
+    stmia r0, {r1-r8}
+    mrc p15,0,r0,c5,c0,2       @ read data access permission bits
+    ldmfd sp!, {r4-r8, pc}
--- a/exceptions/arm9/source/i2c.c
+++ b/exceptions/arm9/source/i2c.c
@@ -0,0 +1,139 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+/*
+*   Thanks to the everyone who contributed in the development of this file
+*/
+
+#include "i2c.h"
+
+//-----------------------------------------------------------------------------
+
+static const struct { u8 bus_id, reg_addr; } dev_data[] = {
+    {0, 0x4A}, {0, 0x7A}, {0, 0x78},
+    {1, 0x4A}, {1, 0x78}, {1, 0x2C},
+    {1, 0x2E}, {1, 0x40}, {1, 0x44},
+    {2, 0xD6}, {2, 0xD0}, {2, 0xD2},
+    {2, 0xA4}, {2, 0x9A}, {2, 0xA0},
+};
+
+static inline u8 i2cGetDeviceBusId(u8 device_id)
+{
+    return dev_data[device_id].bus_id;
+}
+
+static inline u8 i2cGetDeviceRegAddr(u8 device_id)
+{
+    return dev_data[device_id].reg_addr;
+}
+
+//-----------------------------------------------------------------------------
+
+static vu8 *reg_data_addrs[] = {
+    (vu8 *)(I2C1_REG_OFF + I2C_REG_DATA),
+    (vu8 *)(I2C2_REG_OFF + I2C_REG_DATA),
+    (vu8 *)(I2C3_REG_OFF + I2C_REG_DATA),
+};
+
+static inline vu8 *i2cGetDataReg(u8 bus_id)
+{
+    return reg_data_addrs[bus_id];
+}
+
+//-----------------------------------------------------------------------------
+
+static vu8 *reg_cnt_addrs[] = {
+    (vu8 *)(I2C1_REG_OFF + I2C_REG_CNT),
+    (vu8 *)(I2C2_REG_OFF + I2C_REG_CNT),
+    (vu8 *)(I2C3_REG_OFF + I2C_REG_CNT),
+};
+
+static inline vu8 *i2cGetCntReg(u8 bus_id)
+{
+    return reg_cnt_addrs[bus_id];
+}
+
+//-----------------------------------------------------------------------------
+
+static inline void i2cWaitBusy(u8 bus_id)
+{
+    while (*i2cGetCntReg(bus_id) & 0x80);
+}
+
+static inline bool i2cGetResult(u8 bus_id)
+{
+    i2cWaitBusy(bus_id);
+
+    return (*i2cGetCntReg(bus_id) >> 4) & 1;
+}
+
+static void i2cStop(u8 bus_id, u8 arg0)
+{
+    *i2cGetCntReg(bus_id) = (arg0 << 5) | 0xC0;
+    i2cWaitBusy(bus_id);
+    *i2cGetCntReg(bus_id) = 0xC5;
+}
+
+//-----------------------------------------------------------------------------
+
+static bool i2cSelectDevice(u8 bus_id, u8 dev_reg)
+{
+    i2cWaitBusy(bus_id);
+    *i2cGetDataReg(bus_id) = dev_reg;
+    *i2cGetCntReg(bus_id) = 0xC2;
+
+    return i2cGetResult(bus_id);
+}
+
+static bool i2cSelectRegister(u8 bus_id, u8 reg)
+{
+    i2cWaitBusy(bus_id);
+    *i2cGetDataReg(bus_id) = reg;
+    *i2cGetCntReg(bus_id) = 0xC0;
+
+    return i2cGetResult(bus_id);
+}
+
+//-----------------------------------------------------------------------------
+
+bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data)
+{
+    u8 bus_id = i2cGetDeviceBusId(dev_id);
+    u8 dev_addr = i2cGetDeviceRegAddr(dev_id);
+
+    for(u32 i = 0; i < 8; i++)
+    {
+        if(i2cSelectDevice(bus_id, dev_addr) && i2cSelectRegister(bus_id, reg))
+        {
+            i2cWaitBusy(bus_id);
+            *i2cGetDataReg(bus_id) = data;
+            *i2cGetCntReg(bus_id) = 0xC1;
+            i2cStop(bus_id, 0);
+
+            if(i2cGetResult(bus_id)) return true;
+        }
+        *i2cGetCntReg(bus_id) = 0xC5;
+        i2cWaitBusy(bus_id);
+    }
+
+    return false;
+}
--- a/exceptions/arm9/source/i2c.h
+++ b/exceptions/arm9/source/i2c.h
@@ -0,0 +1,44 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+/*
+*   Thanks to the everyone who contributed in the development of this file
+*/
+
+#pragma once
+
+#include "types.h"
+
+#define I2C1_REG_OFF 0x10161000
+#define I2C2_REG_OFF 0x10144000
+#define I2C3_REG_OFF 0x10148000
+
+#define I2C_REG_DATA  0
+#define I2C_REG_CNT   1
+#define I2C_REG_CNTEX 2
+#define I2C_REG_SCL   4
+
+#define I2C_DEV_MCU  3
+#define I2C_DEV_GYRO 10
+#define I2C_DEV_IR   13
+
+bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data);
--- a/exceptions/arm9/source/mainHandler.c
+++ b/exceptions/arm9/source/mainHandler.c
@@ -0,0 +1,118 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#include "i2c.h"
+#include "handlers.h"
+
+#define FINAL_BUFFER    0x25000000
+
+#define REG_DUMP_SIZE   4 * 17
+#define CODE_DUMP_SIZE  48
+
+bool cannotAccessAddress(const void *address)
+{
+    u32 regionSettings[8];
+    u32 addr = (u32)address;
+
+    u32 dataAccessPermissions = readMPUConfig(regionSettings);
+    for(u32 i = 0; i < 8; i++)
+    {
+        if((dataAccessPermissions & 0xF) == 0 || (regionSettings[i] & 1) == 0)
+            continue; //No access / region not enabled
+
+        u32 regionAddrBase = regionSettings[i] & ~0xFFF;
+        u32 regionSize = 1 << (((regionSettings[i] >> 1) & 0x1F) + 1);
+
+        if(addr >= regionAddrBase && addr < regionAddrBase + regionSize)
+            return false;
+
+        dataAccessPermissions >>= 4;
+    }
+
+    return true;
+}
+
+static u32 __attribute__((noinline)) copyMemory(void *dst, const void *src, u32 size, u32 alignment)
+{
+    u8 *out = (u8 *)dst;
+    const u8 *in = (const u8 *)src;
+
+    if(((u32)src & (alignment - 1)) != 0 || cannotAccessAddress(src) || (size != 0 && cannotAccessAddress((u8 *)src + size - 1)))
+        return 0;
+
+    for(u32 i = 0; i < size; i++)
+        *out++ = *in++;
+
+    return size;
+}
+
+void __attribute__((noreturn)) mainHandler(u32 *regs, u32 type)
+{
+    ExceptionDumpHeader dumpHeader;
+
+    u32 registerDump[REG_DUMP_SIZE / 4];
+    u8 codeDump[CODE_DUMP_SIZE];
+
+    dumpHeader.magic[0] = 0xDEADC0DE;
+    dumpHeader.magic[1] = 0xDEADCAFE;
+    dumpHeader.versionMajor = 1;
+    dumpHeader.versionMinor = 2;
+
+    dumpHeader.processor = 9;
+    dumpHeader.core = 0;
+    dumpHeader.type = type;
+
+    dumpHeader.registerDumpSize = REG_DUMP_SIZE;
+    dumpHeader.codeDumpSize = CODE_DUMP_SIZE;
+    dumpHeader.additionalDataSize = 0;
+
+    //Dump registers
+    //Current order of saved regs: cpsr, pc, r8-r14, r0-r7
+    u32 cpsr = regs[0];
+    u32 pc   = regs[1] - (type < 3 ? (((cpsr & 0x20) != 0 && type == 1) ? 2 : 4) : 8);
+
+    registerDump[15] = pc;
+    registerDump[16] = cpsr;
+    for(u32 i = 0; i < 7; i++) registerDump[8 + i]  = regs[2 + i];
+    for(u32 i = 0; i < 8; i++) registerDump[i] = regs[9 + i]; 
+
+    //Dump code
+    u8 *instr = (u8 *)pc + ((cpsr & 0x20) ? 2 : 4) - dumpHeader.codeDumpSize; //Doesn't work well on 32-bit Thumb instructions, but it isn't much of a problem
+    dumpHeader.codeDumpSize = copyMemory(codeDump, instr, dumpHeader.codeDumpSize, ((cpsr & 0x20) != 0) ? 2 : 4);
+
+    //Copy register dump and code dump 
+    u8 *final = (u8 *)(FINAL_BUFFER + sizeof(ExceptionDumpHeader));
+    final += copyMemory(final, registerDump, dumpHeader.registerDumpSize, 1);
+    final += copyMemory(final, codeDump, dumpHeader.codeDumpSize, 1);
+
+    //Dump stack in place
+    dumpHeader.stackDumpSize = copyMemory(final, (const void *)registerDump[13], 0x1000 - (registerDump[13] & 0xFFF), 1);
+
+    dumpHeader.totalSize = sizeof(ExceptionDumpHeader) + dumpHeader.registerDumpSize + dumpHeader.codeDumpSize + dumpHeader.stackDumpSize + dumpHeader.additionalDataSize;
+
+    //Copy header (actually optimized by the compiler)
+    *(ExceptionDumpHeader *)FINAL_BUFFER = dumpHeader;
+
+    ((void (*)())0xFFFF0830)(); //Ensure that all memory transfers have completed and that the data cache has been flushed
+    i2cWriteRegister(I2C_DEV_MCU, 0x20, 1 << 2); //Reboot
+    while(true);
+}
--- a/exceptions/arm9/source/start.s
+++ b/exceptions/arm9/source/start.s
@@ -0,0 +1,31 @@
+@   This file is part of Luma3DS
+@   Copyright (C) 2016 Aurora Wright, TuxSH
+@
+@   This program is free software: you can redistribute it and/or modify
+@   it under the terms of the GNU General Public License as published by
+@   the Free Software Foundation, either version 3 of the License, or
+@   (at your option) any later version.
+@
+@   This program is distributed in the hope that it will be useful,
+@   but WITHOUT ANY WARRANTY; without even the implied warranty of
+@   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+@   GNU General Public License for more details.
+@
+@   You should have received a copy of the GNU General Public License
+@   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+@
+@   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+@   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+@   Notices displayed by works containing it.
+
+.section .text.start
+.align 4
+.global _start
+_start:
+    add pc, r0, #(handlers - .) @ Dummy instruction to prevent compiler optimizations
+
+handlers:
+    .word FIQHandler
+    .word undefinedInstructionHandler
+    .word prefetchAbortHandler
+    .word dataAbortHandler
--- a/exceptions/arm9/source/types.h
+++ b/exceptions/arm9/source/types.h
@@ -0,0 +1,37 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#pragma once
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdbool.h>
+
+//Common data types
+typedef uint8_t u8;
+typedef uint16_t u16;
+typedef uint32_t u32;
+typedef uint64_t u64;
+typedef volatile u8 vu8;
+typedef volatile u16 vu16;
+typedef volatile u32 vu32;
+typedef volatile u64 vu64;
--- a/exceptions/exception_dump_parser.py
+++ b/exceptions/exception_dump_parser.py
@@ -0,0 +1,147 @@
+#!/usr/bin/env python
+# Requires Python >= 3.2 or >= 2.7
+
+#   This file is part of Luma3DS
+#   Copyright (C) 2016 Aurora Wright, TuxSH
+#
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+#   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+#   Notices displayed by works containing it.
+
+__author__    = "TuxSH"
+__copyright__ = "Copyright (c) 2016 TuxSH" 
+__license__   = "GPLv3"
+__version__   = "v1.0"
+
+"""
+Parses Luma3DS exception dumps
+"""
+
+import argparse
+from struct import unpack_from
+
+# Source of hexdump: https://gist.github.com/ImmortalPC/c340564823f283fe530b
+# Credits for hexdump go to the original authors
+# Slightly edited by TuxSH
+
+def hexdump(addr, src, length=16, sep='.' ):
+    '''
+    @brief Return {src} in hex dump.
+    @param[in] length   {Int} Nb Bytes by row.
+    @param[in] sep      {Char} For the text part, {sep} will be used for non ASCII char.
+    @return {Str} The hexdump
+    @note Full support for python2 and python3 !
+    '''
+    result = []
+
+    # Python3 support
+    try:
+        xrange(0,1)
+    except NameError:
+        xrange = range
+
+    for i in xrange(0, len(src), length):
+        subSrc = src[i:i+length]
+        hexa = ''
+        isMiddle = False
+        for h in xrange(0,len(subSrc)):
+            if h == length/2:
+                hexa += ' '
+            h = subSrc[h]
+            if not isinstance(h, int):
+                h = ord(h)
+            h = hex(h).replace('0x','')
+            if len(h) == 1:
+                h = '0'+h
+            hexa += h+' '
+        hexa = hexa.strip(' ')
+        text = ''
+        for c in subSrc:
+            if not isinstance(c, int):
+                c = ord(c)
+            if 0x20 <= c < 0x7F:
+                text += chr(c)
+            else:
+                text += sep
+        result.append(('%08X:  %-'+str(length*(2+1)+1)+'s  |%s|') % (addr + i, hexa, text))
+
+    return '\n'.join(result)
+    
+
+def makeRegisterLine(A, rA, B, rB):
+    return "{0:<15}{1:<20}{2:<15}{3:<20}".format(A, "{0:08x}".format(rA), B, "{0:08x}".format(rB))
+    
+handledExceptionNames = ("FIQ", "undefined instruction", "prefetch abort", "data abort")
+registerNames = tuple("r{0}".format(i) for i in range(13)) + ("sp", "lr", "pc", "cpsr") + ("dfsr", "ifsr", "far") + ("fpexc", "fpinst", "fpinst2")
+svcBreakReasons = ("(svcBreak: panic)", "(svcBreak: assertion failed)", "(svcBreak: user-related)")
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description="Parse Luma3DS exception dumps")
+    parser.add_argument("filename")
+    args = parser.parse_args()
+    data = b""
+    with open(args.filename, "rb") as f: data = f.read()
+    if unpack_from("<2I", data) != (0xdeadc0de, 0xdeadcafe):
+        raise SystemExit("Invalid file format")
+    
+    version, processor, exceptionType, _, nbRegisters, codeDumpSize, stackDumpSize, additionalDataSize = unpack_from("<8I", data, 8)
+    nbRegisters //= 4
+    
+    if version < (1 << 16) | 2:
+        raise SystemExit("Incompatible format version, please use the appropriate parser.")
+    
+    registers = unpack_from("<{0}I".format(nbRegisters), data, 40)
+    codeDump = data[40 + 4 * nbRegisters : 40 + 4 * nbRegisters + codeDumpSize]
+    stackOffset = 40 + 4 * nbRegisters + codeDumpSize
+    stackDump = data[stackOffset : stackOffset + stackDumpSize]
+    addtionalDataOffset = stackOffset + stackDumpSize
+    additionalData = data[addtionalDataOffset : addtionalDataOffset + additionalDataSize]
+    
+    if processor == 9: print("Processor: ARM9")
+    else: print("Processor: ARM11 (core {0})".format(processor >> 16))
+    
+    typeDetailsStr = ""
+    if exceptionType == 2:
+        if (registers[16] & 0x20) == 0 and codeDumpSize >= 4:
+            instr = unpack_from("<I", codeDump[-4:])[0]
+            if instr == 0xe12fff7e:
+                typeDetailsStr = " (kernel panic)"
+            elif instr == 0xef00003c:
+                typeDetailsStr = " " + (svcBreakReasons[registers[0]] if registers[0] < 3 else "(svcBreak)")
+        elif (registers[16] & 0x20) == 1 and codeDumpSize >= 2:
+            instr = unpack_from("<I", codeDump[-4:])[0]
+            if instr == 0xdf3c:
+                typeDetailsStr = " " + (svcBreakReasons[registers[0]] if registers[0] < 3 else "(svcBreak)")
+    
+    elif processor != 9 and (registers[20] & 0x80000000) != 0:
+        typeDetailsStr = " (VFP exception)"
+    
+    print("Exception type: {0}{1}".format("unknown" if exceptionType >= len(handledExceptionNames) else handledExceptionNames[exceptionType], typeDetailsStr))
+    if additionalDataSize != 0:
+        print("Current process: {0} ({1:016x})".format(additionalData[:8].decode("ascii"), unpack_from("<Q", additionalData, 8)[0]))
+    
+    print("\nRegister dump:\n")
+    for i in range(0, nbRegisters - (nbRegisters % 2), 2):
+        if i == 16: print("")
+        print(makeRegisterLine(registerNames[i], registers[i], registerNames[i+1], registers[i+1]))
+    if nbRegisters % 2 == 1: print("{0:<15}{1:<20}".format(registerNames[nbRegisters - 1], "{0:08x}".format(registers[nbRegisters - 1])))
+    
+    print("\nCode dump:\n")
+    print(hexdump(registers[15] - codeDumpSize + (4 if (registers[16] & 0x20 == 0) else 2), codeDump))
+    
+    print("\nStack dump:\n")
+    print(hexdump(registers[13], stackDump))
+    
--- a/injector/Makefile
+++ b/injector/Makefile
@@ -22,13 +22,17 @@ LIBPATHS := $(foreach dir,$(LIBDIRS),-L$(dir)/lib)

 INCLUDE	:= $(foreach dir,$(LIBDIRS),-I$(dir)/include)

-ARCH := -mcpu=mpcore -mfloat-abi=hard -mtp=soft
-CFLAGS := -Wall -Wextra -MMD -MP -marm $(ARCH) -fno-builtin -std=c11 -O2 -flto -ffast-math -mword-relocations \
+ASFLAGS := -mcpu=mpcore -mfloat-abi=hard -mtp=soft
+CFLAGS := -Wall -Wextra -MMD -MP -marm $(ASFLAGS) -fno-builtin -std=c11 -O2 -flto -ffast-math -mword-relocations \
 	  -ffunction-sections -fdata-sections $(INCLUDE) -DARM11 -D_3DS
-LDFLAGS := -Xlinker --defsym="__start__=0x14000000" -specs=3dsx.specs $(ARCH)
+LDFLAGS := -Xlinker --defsym="__start__=0x14000000" -specs=3dsx.specs $(ASFLAGS)

 objects = $(patsubst $(dir_source)/%.c, $(dir_build)/%.o, \
-          $(call rwildcard, $(dir_source), *.c))
+          $(call rwildcard, $(dir_source), *.s *.c))
+
+ifeq ($(strip $(DEV)),TRUE)
+CFLAGS += -DDEV
+endif

 .PHONY: all
 all: ../$(dir_build)/$(name).cxi
@@ -43,9 +47,13 @@ clean:
 $(dir_build)/$(name).elf: $(objects)
 	$(LINK.o) $(OUTPUT_OPTION) $^ $(LIBPATHS) $(LIBS)

-$(dir_build)/memory.o : CFLAGS += -O3
+$(dir_build)/memory.o $(dir_build)/strings.o: CFLAGS += -O3

 $(dir_build)/%.o: $(dir_source)/%.c
 	@mkdir -p "$(@D)"
 	$(COMPILE.c) $(OUTPUT_OPTION) $<
+
+$(dir_build)/%.o: $(dir_source)/%.s
+	@mkdir -p "$(@D)"
+	$(COMPILE.s) $(OUTPUT_OPTION) $<
 include $(call rwildcard, $(dir_build), *.d)
--- a/injector/source/CFWInfo.h
+++ b/injector/source/CFWInfo.h
@@ -0,0 +1,19 @@
+#pragma once
+
+#include <3ds/types.h>
+
+typedef struct __attribute__((packed))
+{
+    char magic[4];
+    
+    u8 versionMajor;
+    u8 versionMinor;
+    u8 versionBuild;
+    u8 flags; /* bit 0: dev branch; bit 1: is release */
+
+    u32 commitHash;
+
+    u32 config;
+} CFWInfo;
+
+u32 svcGetCFWInfo(CFWInfo *info);
--- a/injector/source/CFWInfo.s
+++ b/injector/source/CFWInfo.s
@@ -0,0 +1,9 @@
+.text
+.arm
+.align 4
+
+.global svcGetCFWInfo
+.type	svcGetCFWInfo, %function
+svcGetCFWInfo:
+	svc 0x2e
+	bx lr
--- a/injector/source/memory.c
+++ b/injector/source/memory.c
@@ -7,4 +7,43 @@ void memcpy(void *dest, const void *src, u32 size)

    for(u32 i = 0; i < size; i++)
        destc[i] = srcc[i];
+}
+
+int memcmp(const void *buf1, const void *buf2, u32 size)
+{
+    const u8 *buf1c = (const u8 *)buf1;
+    const u8 *buf2c = (const u8 *)buf2;
+
+    for(u32 i = 0; i < size; i++)
+    {
+        int cmp = buf1c[i] - buf2c[i];
+        if(cmp) return cmp;
+    }
+
+    return 0;
+}
+
+//Boyer-Moore Horspool algorithm, adapted from http://www-igm.univ-mlv.fr/~lecroq/string/node18.html#SECTION00180
+u8 *memsearch(u8 *startPos, const void *pattern, u32 size, u32 patternSize)
+{
+    const u8 *patternc = (const u8 *)pattern;
+    u32 table[256];
+
+    //Preprocessing
+    for(u32 i = 0; i < 256; i++)
+        table[i] = patternSize;
+    for(u32 i = 0; i < patternSize - 1; i++)
+        table[patternc[i]] = patternSize - i - 1;
+
+    //Searching
+    u32 j = 0;
+    while(j <= size - patternSize)
+    {
+        u8 c = startPos[j + patternSize - 1];
+        if(patternc[patternSize - 1] == c && memcmp(pattern, startPos + j, patternSize - 1) == 0)
+            return startPos + j;
+        j += table[c];
+    }
+
+    return NULL;
 }
--- a/injector/source/memory.h
+++ b/injector/source/memory.h
@@ -2,4 +2,6 @@

 #include <3ds/types.h>

-void memcpy(void *dest, const void *src, u32 size);
+void memcpy(void *dest, const void *src, u32 size);
+int memcmp(const void *buf1, const void *buf2, u32 size);
+u8 *memsearch(u8 *startPos, const void *pattern, u32 size, u32 patternSize);
--- a/injector/source/patcher.c
+++ b/injector/source/patcher.c
@@ -1,60 +1,15 @@
 #include <3ds.h>
-#include "memory.h"
 #include "patcher.h"
+#include "memory.h"
+#include "strings.h"
 #include "ifile.h"
+#include "CFWInfo.h"

-#ifndef PATH_MAX
-#define PATH_MAX 255
-#define CONFIG(a) (((loadConfig() >> (a + 16)) & 1) != 0)
-#define MULTICONFIG(a) ((loadConfig() >> (a * 2 + 6)) & 3)
-#define BOOTCONFIG(a, b) ((loadConfig() >> a) & b)
-#endif
+static CFWInfo info;

-static int memcmp(const void *buf1, const void *buf2, u32 size)
+static void patchMemory(u8 *start, u32 size, const void *pattern, u32 patSize, int offset, const void *replace, u32 repSize, u32 count)
 {
-    const u8 *buf1c = (const u8 *)buf1;
-    const u8 *buf2c = (const u8 *)buf2;
-
-    for(u32 i = 0; i < size; i++)
-    {
-        int cmp = buf1c[i] - buf2c[i];
-        if(cmp) return cmp;
-    }
-
-    return 0;
-}
-
-//Quick Search algorithm, adapted from http://igm.univ-mlv.fr/~lecroq/string/node19.html#SECTION00190
-static u8 *memsearch(u8 *startPos, const void *pattern, u32 size, u32 patternSize)
-{
-    const u8 *patternc = (const u8 *)pattern;
-
-    //Preprocessing
-    u32 table[256];
-
-    for(u32 i = 0; i < 256; ++i)
-        table[i] = patternSize + 1;
-    for(u32 i = 0; i < patternSize; ++i)
-        table[patternc[i]] = patternSize - i;
-
-    //Searching
-    u32 j = 0;
-
-    while(j <= size - patternSize)
-    {
-        if(memcmp(patternc, startPos + j, patternSize) == 0)
-            return startPos + j;
-        j += table[startPos[j + patternSize]];
-    }
-
-    return NULL;
-}
-
-static u32 patchMemory(u8 *start, u32 size, const void *pattern, u32 patSize, int offset, const void *replace, u32 repSize, u32 count)
-{
-    u32 i;
-
-    for(i = 0; i < count; i++)
+    for(u32 i = 0; i < count; i++)
    {
        u8 *found = memsearch(start, pattern, size, patSize);

@@ -69,27 +24,32 @@ static u32 patchMemory(u8 *start, u32 size, const void *pattern, u32 patSize, in
        size -= at + patSize;
        start = found + patSize;
    }
-
-    return i;
-}
-
-static inline size_t strnlen(const char *string, size_t maxlen)
-{
-    size_t size;
-
-    for(size = 0; *string && size < maxlen; string++, size++);
-
-    return size;
 }

 static int fileOpen(IFile *file, FS_ArchiveID archiveId, const char *path, int flags)
 {
-    FS_Path filePath = {PATH_ASCII, strnlen(path, PATH_MAX) + 1, path},
+    FS_Path filePath = {PATH_ASCII, strnlen(path, 255) + 1, path},
            archivePath = {PATH_EMPTY, 1, (u8 *)""};

    return IFile_Open(file, archiveId, archivePath, filePath, flags);
 }

+static void loadCFWInfo(void)
+{
+    static bool infoLoaded = false;
+
+    if(!infoLoaded)
+    {
+        svcGetCFWInfo(&info);
+
+        IFile file;
+        if(BOOTCFG_SAFEMODE != 0 && R_SUCCEEDED(fileOpen(&file, ARCHIVE_SDMC, "/", FS_OPEN_READ))) //Init SD card if SAFE_MODE is being booted
+            IFile_Close(&file);
+
+        infoLoaded = true;
+    }
+}
+
 static bool secureInfoExists(void)
 {
    static bool exists = false;
@@ -107,31 +67,52 @@ static bool secureInfoExists(void)
    return exists;
 }

-static u32 loadConfig(void)
+static void loadCustomVerString(u16 *out, u32 *verStringSize)
 {
-    static u32 config = 0;
+    static const char path[] = "/luma/customversion.txt";

-    if(!config)
+    IFile file;
+
+    if(R_SUCCEEDED(fileOpen(&file, ARCHIVE_SDMC, path, FS_OPEN_READ)))
    {
-        IFile file;
-        if(R_SUCCEEDED(fileOpen(&file, ARCHIVE_SDMC, "/luma/config.bin", FS_OPEN_READ)))
+        u64 fileSize;
+
+        if(R_SUCCEEDED(IFile_GetSize(&file, &fileSize)) && fileSize <= 60)
        {
+            u8 buf[fileSize];
            u64 total;
-            if(R_SUCCEEDED(IFile_Read(&file, &total, &config, 4))) config |= 1 << 4;
-            IFile_Close(&file);
+
+            if(R_SUCCEEDED(IFile_Read(&file, &total, buf, fileSize)))
+            {
+                static const u8 bom[] = {0xEF, 0xBB, 0xBF};
+                u32 finalSize = 0;
+
+                for(u32 increase, fileSizeTmp = (u32)fileSize, i = (fileSizeTmp > 2 && memcmp(buf, bom, sizeof(bom)) == 0) ? 3 : 0;
+                    i < fileSizeTmp && finalSize < 19; i += increase)
+                {
+                    if((buf[i] & 0x80) == 0)
+                    {
+                        increase = 1;
+                        out[finalSize++] = (u16)buf[i];
+                    }
+                    else if((buf[i] & 0xE0) == 0xC0 && i + 1 < fileSizeTmp && (buf[i + 1] & 0xC0) == 0x80)
+                    {
+                        increase = 2;
+                        out[finalSize++] = (u16)(((buf[i] & 0x1F) << 6) | (buf[i + 1] & 0x3F));
+                    }
+                    else if((buf[i] & 0xF0) == 0xE0 && i + 2 < fileSizeTmp && (buf[i + 1] & 0xC0) == 0x80 && (buf[i + 2] & 0xC0) == 0x80)
+                    {
+                        increase = 3;
+                        out[finalSize++] = (u16)(((buf[i] & 0xF) << 12) | ((buf[i + 1] & 0x3F) << 6) | (buf[i + 2] & 0x3F));
+                    }
+                    else break;
+                }
+
+                if(finalSize > 0) *verStringSize = finalSize * 2;
+            }
        }
-    }

-    return config;
-}
-
-static void progIdToStr(char *strEnd, u64 progId)
-{
-    while(progId)
-    {
-        static const char hexDigits[] = "0123456789ABCDEF";
-        *strEnd-- = hexDigits[(u32)(progId & 0xF)];
-        progId >>= 4;
+        IFile_Close(&file);
    }
 }

@@ -144,23 +125,22 @@ static void loadTitleCodeSection(u64 progId, u8 *code, u32 size)
    progIdToStr(path + 35, progId);

    IFile file;
-    Result ret = fileOpen(&file, ARCHIVE_SDMC, path, FS_OPEN_READ);

-    if(R_SUCCEEDED(ret))
+    if(R_SUCCEEDED(fileOpen(&file, ARCHIVE_SDMC, path, FS_OPEN_READ)))
    {
-        u64 fileSize, total;
+        u64 fileSize;

-        ret = IFile_GetSize(&file, &fileSize);
-
-        if(R_SUCCEEDED(ret) && fileSize <= size)
+        if(R_SUCCEEDED(IFile_GetSize(&file, &fileSize)) && fileSize <= size)
        {
-            ret = IFile_Read(&file, &total, code, fileSize);
-            IFile_Close(&file);
+            u64 total;
+            IFile_Read(&file, &total, code, fileSize);
        }
+
+        IFile_Close(&file);
    }
 }

-static int loadTitleLocaleConfig(u64 progId, u8 *regionId, u8 *languageId)
+static void loadTitleLocaleConfig(u64 progId, u8 *regionId, u8 *languageId)
 {
    /* Here we look for "/luma/locales/[u64 titleID in hex, uppercase].txt"
       If it exists it should contain, for example, "EUR IT" */
@@ -169,41 +149,44 @@ static int loadTitleLocaleConfig(u64 progId, u8 *regionId, u8 *languageId)
    progIdToStr(path + 29, progId);

    IFile file;
-    Result ret = fileOpen(&file, ARCHIVE_SDMC, path, FS_OPEN_READ);
-    if(R_SUCCEEDED(ret))
+
+    if(R_SUCCEEDED(fileOpen(&file, ARCHIVE_SDMC, path, FS_OPEN_READ)))
    {
-        char buf[6];
-        u64 total;
+        u64 fileSize;

-        ret = IFile_Read(&file, &total, buf, 6);
-        IFile_Close(&file);
-
-        if(!R_SUCCEEDED(ret) || total < 6) return -1;
-
-        for(u32 i = 0; i < 7; ++i)
+        if(R_SUCCEEDED(IFile_GetSize(&file, &fileSize)) && fileSize == 6)
        {
-            static const char *regions[] = {"JPN", "USA", "EUR", "AUS", "CHN", "KOR", "TWN"};
+            char buf[6];
+            u64 total;

-            if(memcmp(buf, regions[i], 3) == 0)
+            if(R_SUCCEEDED(IFile_Read(&file, &total, buf, 6)))
            {
-                *regionId = (u8)i;
-                break;
-            }
-        }
+                for(u32 i = 0; i < 7; i++)
+                {
+                    static const char *regions[] = {"JPN", "USA", "EUR", "AUS", "CHN", "KOR", "TWN"};
+
+                    if(memcmp(buf, regions[i], 3) == 0)
+                    {
+                        *regionId = (u8)i;
+                        break;
+                    }
+                }
        
-        for(u32 i = 0; i < 12; ++i)
-        {
-            static const char *languages[] = {"JP", "EN", "FR", "DE", "IT", "ES", "ZH", "KO", "NL", "PT", "RU", "TW"};
+                for(u32 i = 0; i < 12; i++)
+                {
+                    static const char *languages[] = {"JP", "EN", "FR", "DE", "IT", "ES", "ZH", "KO", "NL", "PT", "RU", "TW"};

-            if(memcmp(buf + 4, languages[i], 2) == 0)
-            {
-                *languageId = (u8)i;
-                break;
+                    if(memcmp(buf + 4, languages[i], 2) == 0)
+                    {
+                        *languageId = (u8)i;
+                        break;
+                    }
+                }
            }
        }
-    }

-    return ret;
+        IFile_Close(&file);
+    }
 }

 static u8 *getCfgOffsets(u8 *code, u32 size, u32 *CFGUHandleOffset)
@@ -319,6 +302,8 @@ static void patchCfgGetRegion(u8 *code, u32 size, u8 regionId, u32 CFGUHandleOff

 void patchCode(u64 progId, u8 *code, u32 size)
 {
+    loadCFWInfo();
+
    switch(progId)
    {
        case 0x0004003000008F02LL: // USA Menu
@@ -329,7 +314,7 @@ void patchCode(u64 progId, u8 *code, u32 size)
        case 0x000400300000B102LL: // TWN Menu
        {
            static const u8 regionFreePattern[] = {
-                0x00, 0x00, 0x55, 0xE3, 0x01, 0x10, 0xA0, 0xE3
+                0x00, 0x00, 0x55, 0xE3, 0x01, 0x10, 0xA0
            };
            static const u8 regionFreePatch[] = {
                0x01, 0x00, 0xA0, 0xE3, 0x1E, 0xFF, 0x2F, 0xE1
@@ -363,8 +348,8 @@ void patchCode(u64 progId, u8 *code, u32 size)
                sizeof(blockAutoUpdatesPatch), 1
            );

-            //Apply only if the updated NAND hasn't been booted
-            if((BOOTCONFIG(0, 3) != 0) == (BOOTCONFIG(2, 1) && CONFIG(1)))
+            //Apply only if the user booted with R
+            if((BOOTCFG_NAND != 0) != (BOOTCFG_FIRM != 0))
            {
                static const u8 skipEshopUpdateCheckPattern[] = {
                    0x30, 0xB5, 0xF1, 0xB0
@@ -388,14 +373,14 @@ void patchCode(u64 progId, u8 *code, u32 size)
        case 0x0004013000003202LL: // FRIENDS
        {
            static const u8 fpdVerPattern[] = {
-                0xE0, 0x1E, 0xFF, 0x2F, 0xE1, 0x01, 0x01, 0x01
+                0xE0, 0x1E, 0xFF, 0x2F, 0xE1, 0x01, 0x01
            };
-            
-            static const u8 mostRecentFpdVer = 0x06;
-            
+
+            u8 mostRecentFpdVer = 7;
+
            u8 *fpdVer = memsearch(code, fpdVerPattern, size, sizeof(fpdVerPattern));

-            //Allow online access to work with old friends modules, without breaking newer firmwares
+            //Allow online access to work with old friends modules
            if(fpdVer != NULL && fpdVer[9] < mostRecentFpdVer) fpdVer[9] = mostRecentFpdVer;

            break;
@@ -408,19 +393,69 @@ void patchCode(u64 progId, u8 *code, u32 size)
        case 0x0004001000027000LL: // KOR MSET
        case 0x0004001000028000LL: // TWN MSET
        {
-            if(CONFIG(4))
+            if(CONFIG(PATCHVERSTRING))
            {
                static const u16 verPattern[] = u"Ver.";
-                const u32 currentNand = BOOTCONFIG(0, 3);
-                const u32 matchingFirm = BOOTCONFIG(2, 1) == (currentNand != 0);
+                static u16 *verString;
+                u32 verStringSize = 0;
+
+                u16 customVerString[19];
+                loadCustomVerString(customVerString, &verStringSize);
+
+                if(verStringSize != 0) verString = customVerString;
+                else
+                {
+                    verStringSize = 8;
+                    u32 currentNand = BOOTCFG_NAND,
+                        currentFirm = BOOTCFG_FIRM;
+                    bool matchingFirm = (currentFirm != 0) == (currentNand != 0);
+
+                    static u16 verStringEmu[] = u"Emu ",
+                               verStringEmuSys[] = u"Em S",
+                               verStringSysEmu[] = u"SyE ";
+
+                    switch(currentNand)
+                    {
+                        case 1:
+                            verString = matchingFirm ? u" Emu" : u"EmuS";
+                            break;
+                        case 2:
+                        case 3:
+                        case 4:
+                        {
+                            if(matchingFirm)
+                            {
+                                verStringEmu[3] = '0' + currentNand;
+                                verString = verStringEmu;
+                            }
+                            else
+                            {
+                                verStringEmuSys[2] = '0' + currentNand;
+                                verString = verStringEmuSys;
+                            }
+                            break;
+                        }
+                        default:
+                            if(matchingFirm) verString = u" Sys";
+                            else
+                            {
+                                if(currentFirm == 1) verString = u"SysE";
+                                else
+                                {
+                                    verStringSysEmu[3] = '0' + currentFirm;
+                                    verString = verStringSysEmu;
+                                }
+                            }
+                            break;
+                    }
+                }

                //Patch Ver. string
                patchMemory(code, size,
                    verPattern,
-                    sizeof(verPattern) - sizeof(u16), 0,
-                    !currentNand ? ((matchingFirm) ? u" Sys" : u"SysE") :
-                                   ((currentNand == 1) ? (matchingFirm ? u" Emu" : u"EmuS") : ((matchingFirm) ? u"Emu2" : u"Em2S")),
-                    sizeof(verPattern) - sizeof(u16), 1
+                    sizeof(verPattern) - 2, 0,
+                    verString,
+                    verStringSize, 1
                );
            }

@@ -444,12 +479,12 @@ void patchCode(u64 progId, u8 *code, u32 size)
                sizeof(stopCartUpdatesPatch), 2
            );

-            u32 cpuSetting = MULTICONFIG(1);
+            u32 cpuSetting = MULTICONFIG(NEWCPU);

-            if(cpuSetting)
+            if(cpuSetting != 0)
            {
                static const u8 cfgN3dsCpuPattern[] = {
-                    0x00, 0x40, 0xA0, 0xE1, 0x07, 0x00
+                    0x00, 0x40, 0xA0, 0xE1, 0x07
                };

                u32 *cfgN3dsCpuLoc = (u32 *)memsearch(code, cfgN3dsCpuPattern, size, sizeof(cfgN3dsCpuPattern));
@@ -468,7 +503,7 @@ void patchCode(u64 progId, u8 *code, u32 size)
        case 0x0004013000001702LL: // CFG
        {
            static const u8 secureinfoSigCheckPattern[] = {
-                0x06, 0x46, 0x10, 0x48, 0xFC
+                0x06, 0x46, 0x10, 0x48
            };
            static const u8 secureinfoSigCheckPatch[] = {
                0x00, 0x26
@@ -490,10 +525,10 @@ void patchCode(u64 progId, u8 *code, u32 size)
                //Use SecureInfo_C
                patchMemory(code, size, 
                    secureinfoFilenamePattern, 
-                    sizeof(secureinfoFilenamePattern) - sizeof(u16),
-                    sizeof(secureinfoFilenamePattern) - sizeof(u16), 
+                    sizeof(secureinfoFilenamePattern) - 2,
+                    sizeof(secureinfoFilenamePattern) - 2, 
                    secureinfoFilenamePatch, 
-                    sizeof(secureinfoFilenamePatch) - sizeof(u16), 2
+                    sizeof(secureinfoFilenamePatch) - 2, 2
                );
            }

@@ -542,12 +577,46 @@ void patchCode(u64 progId, u8 *code, u32 size)
            break;
        }

-        default:
-            if(CONFIG(3))
+#ifdef DEV
+        case 0x0004003000008A02LL: // ErrDisp
+        {
+            if(MULTICONFIG(DEVOPTIONS) == 0)
            {
-                u32 tidHigh = (progId & 0xFFFFFFF000000000LL) >> 0x24;
+                static const u8 unitinfoCheckPattern1[] = { 
+                    0x14, 0x00, 0xD0, 0xE5, 0xDB
+                };

-                if(tidHigh == 0x0004000)
+                static const u8 unitinfoCheckPattern2[] = {
+                    0x14, 0x00, 0xD0, 0xE5, 0x01
+                } ;
+
+                static const u8 unitinfoCheckPatch[] = {
+                    0x00, 0x00, 0xA0, 0xE3
+                } ;
+
+                patchMemory(code, size, 
+                    unitinfoCheckPattern1, 
+                    sizeof(unitinfoCheckPattern1), 0, 
+                    unitinfoCheckPatch, 
+                    sizeof(unitinfoCheckPatch), 1
+                );
+
+                patchMemory(code, size, 
+                    unitinfoCheckPattern2, 
+                    sizeof(unitinfoCheckPattern2), 0,
+                    unitinfoCheckPatch, 
+                    sizeof(unitinfoCheckPatch), 3
+                );
+            }
+
+            break;
+        }
+#endif
+
+        default:
+            if(CONFIG(USELANGEMUANDCODE))
+            {
+                if((u32)((progId & 0xFFFFFFF000000000LL) >> 0x24) == 0x0004000)
                {
                    //External .code section loading
                    loadTitleCodeSection(progId, code, size);
@@ -555,11 +624,11 @@ void patchCode(u64 progId, u8 *code, u32 size)
                    //Language emulation
                    u8 regionId = 0xFF,
                       languageId = 0xFF;
+                    loadTitleLocaleConfig(progId, &regionId, &languageId);

-                    if(R_SUCCEEDED(loadTitleLocaleConfig(progId, &regionId, &languageId)))
+                    if(regionId != 0xFF || regionId != 0xFF)
                    {
                        u32 CFGUHandleOffset;
-
                        u8 *CFGU_GetConfigInfoBlk2_endPos = getCfgOffsets(code, size, &CFGUHandleOffset);

                        if(CFGU_GetConfigInfoBlk2_endPos != NULL)
--- a/injector/source/patcher.h
+++ b/injector/source/patcher.h
@@ -2,4 +2,38 @@

 #include <3ds/types.h>

+#define CONFIG(a)        (((info.config >> (a + 21)) & 1) != 0)
+#define MULTICONFIG(a)   ((info.config >> (a * 2 + 9)) & 3)
+#define BOOTCONFIG(a, b) ((info.config >> a) & b)
+
+#define BOOTCFG_NAND         BOOTCONFIG(0, 7)
+#define BOOTCFG_FIRM         BOOTCONFIG(3, 7)
+#define BOOTCFG_A9LH         BOOTCONFIG(6, 1)
+#define BOOTCFG_NOFORCEFLAG  BOOTCONFIG(7, 1)
+#define BOOTCFG_SAFEMODE     BOOTCONFIG(8, 1)
+
+enum multiOptions
+{
+    DEFAULTEMU = 0,
+    BRIGHTNESS,
+    PIN,
+    NEWCPU
+#ifdef DEV
+  , DEVOPTIONS
+#endif
+};
+
+enum singleOptions
+{
+    AUTOBOOTSYS = 0,
+    USESYSFIRM,
+    USELANGEMUANDCODE,
+    PATCHVERSTRING,
+    SHOWGBABOOT,
+    PAYLOADSPLASH
+#ifdef DEV
+  , PATCHACCESS
+#endif
+};
+
 void patchCode(u64 progId, u8 *code, u32 size);
--- a/injector/source/strings.c
+++ b/injector/source/strings.c
@@ -0,0 +1,20 @@
+#include "strings.h"
+
+size_t strnlen(const char *string, size_t maxlen)
+{
+    size_t size;
+
+    for(size = 0; *string && size < maxlen; string++, size++);
+
+    return size;
+}
+
+void progIdToStr(char *strEnd, u64 progId)
+{
+    while(progId)
+    {
+        static const char hexDigits[] = "0123456789ABCDEF";
+        *strEnd-- = hexDigits[(u32)(progId & 0xF)];
+        progId >>= 4;
+    }
+}
--- a/injector/source/strings.h
+++ b/injector/source/strings.h
@@ -0,0 +1,6 @@
+#pragma once
+
+#include <3ds/types.h>
+
+size_t strnlen(const char *string, size_t maxlen);
+void progIdToStr(char *strEnd, u64 progId);
--- a/loader/source/main.c
+++ b/loader/source/main.c
@@ -23,15 +23,16 @@
 #include "memory.h"
 #include "cache.h"

-extern u32 payloadSize; //defined in start.s
+extern u32 payloadSize; //Defined in start.s

 void main(void)
 {
    void *payloadAddress = (void *)0x23F00000;

-    memcpy(payloadAddress, (void*)0x24F00000, payloadSize);
+    memcpy(payloadAddress, (void *)0x24F00000, payloadSize);

+    //Ensure that all memory transfers have completed and that the caches have been flushed
    flushCaches();
-    
+
    ((void (*)())payloadAddress)();
 }
--- a/menuhax/menuhax.diff
+++ b/menuhax/menuhax.diff
@@ -0,0 +1,11 @@
+diff -uNr a/source/main.c b/source/main.c
+--- a/source/main.c	2016-09-11 01:04:25.665231884 +0200
+++ b/source/main.c	2016-09-14 12:36:28.601439550 +0200
+@@ -9,6 +9,7 @@
+ #endif
+ 
+ int main (void) {
+    svcSleepThread(2500 * 1000000ULL);
+     if (brahma_init()) {
+         if (load_arm9_payload_offset("/" LAUNCHER_PATH, 0x12000, 0x10000) != 1)
+             goto error;
--- a/patches/emunand.s
+++ b/patches/emunand.s
@@ -43,4 +43,4 @@ nand_sd:
 sdmmc:	                .ascii "SDMC"
 nand_offset:		.ascii "NAND"       ; for rednand this should be 1
 ncsd_header_offset:	.ascii "NCSD"       ; depends on nand manufacturer + emunand type (GW/RED)
-.close
+.close
--- a/patches/k11modules.s
+++ b/patches/k11modules.s
@@ -0,0 +1,119 @@
+;
+;   This file is part of Luma3DS
+;   Copyright (C) 2016 Aurora Wright, TuxSH
+;
+;   This program is free software: you can redistribute it and/or modify
+;   it under the terms of the GNU General Public License as published by
+;   the Free Software Foundation, either version 3 of the License, or
+;   (at your option) any later version.
+;
+;   This program is distributed in the hope that it will be useful,
+;   but WITHOUT ANY WARRANTY; without even the implied warranty of
+;   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;   GNU General Public License for more details.
+;
+;   You should have received a copy of the GNU General Public License
+;   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+;
+;   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+;   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+;   Notices displayed by works containing it.
+;
+
+; This is mainly Subv's code, big thanks to him.
+
+.arm.little
+
+.create "build/k11modules.bin", 0
+.arm
+    ; This code searches the sm module for a specific byte pattern and patches some of the instructions
+    ; in the code to disable service access checks when calling srv:GetServiceHandle
+
+    ; It also searches the fs module for archive access check code
+
+    ; Save the registers we'll be using
+    ; Register contents:
+    ; r4: Pointer to a pointer to the exheader of the current NCCH
+    ; r6: Constant 0
+    ; SP + 0x80 - 0x7C: Pointer to the memory location where the NCCH text was loaded
+
+    ; Save the value of sp
+    mov r0, sp
+    ; Save the value of all registers
+    push {r0-r12}
+
+    ldr r0, [r0, #(0x80 - 0x7C)] ; Load the .text address
+    ldr r7, [r4]
+    ldr r2, [r7, #0x18]          ; Load the size of the .text
+    ldr r8, [r7, #0x200]         ; Load the low title id of the current NCCH
+    mov r5, r0
+    add r11, r5, r2              ; Max bounds of the memory region
+
+    ldr r9, =0x00001002  ; Low title id of the sm module
+    cmp r8, r9           ; Compare the low title id to the id of the sm module
+    bne fs_patch         ; Skip if they're not the same
+
+    ldr r7, =0xE1A01006   ; mov r1, r6
+    ldr r8, =0xE1A00005   ; mov r0, r5
+    ldr r9, =0xE3500000   ; cmp r0, #0
+    ldr r10, =0xE2850004  ; add r0, r5, #4
+    
+    loop:
+        cmp r11, r5
+        blo out         ; Check if we didn't go past the bounds of the memory region
+        ldr r6, [r5]
+        cmp r6, r7
+        ldreq r6, [r5, #4]
+        cmpeq r6, r8
+        ldreq r6, [r5, #12]
+        cmpeq r6, r9
+        ldreq r6, [r5, #24]
+        cmpeq r6, r10
+        moveq r8, r5
+        addne r5, r5, #4
+        bne loop
+
+    ; r8 now contains the start address of the pattern we found
+
+    ; Write NOPs to the four instructions we want to patch
+    ldr r9, =0xE320F000   ; nop
+    str r9, [r8, #8]      ; Patch the bl
+    str r9, [r8, #12]     ; Patch the cmp
+    str r9, [r8, #16]     ; Patch the ldreq
+    str r9, [r8, #20]     ; Patch the beq
+    b out
+
+    fs_patch: ; patch adapted from BootNTR
+    ldr r9, =0x00001102  ; Low title id of the fs module
+    cmp r8, r9           ; Compare the low title id to the id of the sm module
+    bne out              ; Skip if they're not the same
+
+    ldr r7, =0x4618     ; mov r0, r3
+    ldr r8, =0x3481     ; add r4, #0x81
+
+    loop_fs:
+        cmp r11, r5
+        blo out
+        ldrh r6, [r5]
+        cmp r6, r7
+        ldreqh r6, [r5, #2]
+        cmpeq r6, r8
+        subeq r8, r5, #8
+        addne r5, #2
+        bne loop_fs
+
+    ; r8 now contains the start address of the pattern we found
+    ldr r9, =0x2001     ; mov r0, #1
+    ldr r10, =0x4770    ; bx lr
+    strh r9, [r8]
+    strh r10, [r8, #2]
+    
+    out:
+    pop {r0-r12}               ; Restore the registers we used
+
+    ldr r0, [r4]               ; Execute the instruction we overwrote in our detour
+
+    bx lr                      ; Jump back to whoever called us
+
+.pool
+.close
--- a/patches/reboot.s
+++ b/patches/reboot.s
@@ -5,10 +5,14 @@ payload_maxsize equ 0x10000   ; Maximum size for the payload (maximum that CakeB

 .create "build/reboot.bin", 0
 .arm
-    ; Interesting registers and locations to keep in mind, set before this code is ran:
-    ; - sp + 0x3A8 - 0x70: FIRM path in exefs.
-    ; - r7 (which is sp + 0x3A8 - 0x198): Reserved space for file handle
-    ; - *(sp + 0x3A8 - 0x198) + 0x28: fread function.
+    ; Interesting registers and locations to keep in mind, set just before this code is ran:
+    ; - r1: FIRM path in exefs.
+    ; - r7: pointer to file object
+    ;   - *r7: vtable
+    ;       - *(vtable + 0x28): fread function 
+    ;   - *(r7 + 8): file handle
+
+    mov r8, r1

    pxi_wait_recv:
        ldr r2, =0x44846
@@ -47,7 +51,7 @@ payload_maxsize equ 0x10000   ; Maximum size for the payload (maximum that CakeB
        cmp r4, #0
        movne r3, #0x12000 ; Skip the first 0x12000 bytes.
        moveq r3, payload_maxsize
-        ldr r6, [sp, #0x3A8-0x198]
+        ldr r6, [r7]
        ldr r6, [r6, #0x28]
        blx r6
        cmp r4, #0
@@ -55,8 +59,7 @@ payload_maxsize equ 0x10000   ; Maximum size for the payload (maximum that CakeB
        bne read_payload ; Go read the real payload.

    ; Copy the low TID (in UTF-16) of the wanted firm to the 5th byte of the payload
-    add r0, sp, #0x3A8 - 0x70
-    add r0, 0x1A
+    add r0, r8, 0x1A
    add r1, r0, #0x10
    ldr r2, =payload_addr + 4
    copy_TID_low:
@@ -75,7 +78,7 @@ payload_maxsize equ 0x10000   ; Maximum size for the payload (maximum that CakeB
    goto_reboot:
        ; Jump to reboot code
        ldr r0, =(kernelcode_start - goto_reboot - 12)
-        add r0, pc
+        add r0, pc ; pc is two instructions ahead of the instruction being executed (12 = 2*4 + 4)
        swi 0x7B

    die:
@@ -122,4 +125,4 @@ dat_fname: .dcw "sdmc:/Luma3DS.dat"
    bx r0

 .pool
-.close
+.close
--- a/patches/svcGetCFWInfo.s
+++ b/patches/svcGetCFWInfo.s
@@ -0,0 +1,48 @@
+;
+;   This file is part of Luma3DS
+;   Copyright (C) 2016 Aurora Wright, TuxSH
+;
+;   This program is free software: you can redistribute it and/or modify
+;   it under the terms of the GNU General Public License as published by
+;   the Free Software Foundation, either version 3 of the License, or
+;   (at your option) any later version.
+;
+;   This program is distributed in the hope that it will be useful,
+;   but WITHOUT ANY WARRANTY; without even the implied warranty of
+;   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;   GNU General Public License for more details.
+;
+;   You should have received a copy of the GNU General Public License
+;   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+;
+;   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+;   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+;   Notices displayed by works containing it.
+;
+
+.arm.little
+
+.create "build/svcGetCFWInfo.bin", 0
+.arm
+
+    adr r1, infoStart
+    add r2, r0, #(infoEnd - infoStart)
+
+    loop:
+        ldrb r3, [r1], #1
+        strbt r3, [r0], #1
+        cmp r0, r2
+        blo loop
+
+    mov r0, #0
+
+    bx lr
+
+.pool
+infoStart:
+    .ascii "LUMA"   ; magic
+    .word 0         ; version
+    .word 0         ; truncated commit hash
+    .word 0         ; config
+infoEnd:
+.close
--- a/pathchanger/pathchanger.c
+++ b/pathchanger/pathchanger.c
@@ -8,24 +8,23 @@ typedef uint8_t u8;
 static u8 *memsearch(u8 *startPos, const void *pattern, int size, int patternSize)
 {
    const u8 *patternc = (const u8 *)pattern;
-
-    //Preprocessing
    int table[256];

+    //Preprocessing
    int i;
-    for(i = 0; i < 256; ++i)
-        table[i] = patternSize + 1;
-    for(i = 0; i < patternSize; ++i)
-        table[patternc[i]] = patternSize - i;
+    for(i = 0; i < 256; i++)
+        table[i] = patternSize;
+    for(i = 0; i < patternSize - 1; i++)
+        table[patternc[i]] = patternSize - i - 1;

    //Searching
    int j = 0;
-
    while(j <= size - patternSize)
    {
-        if(memcmp(patternc, startPos + j, patternSize) == 0)
+        u8 c = startPos[j + patternSize - 1];
+        if(patternc[patternSize - 1] == c && memcmp(pattern, startPos + j, patternSize - 1) == 0)
            return startPos + j;
-        j += table[startPos[j + patternSize]];
+        j += table[c];
    }

    return NULL;
--- a/pathchanger/prebuilt/Linux/pathchanger
+++ b/pathchanger/prebuilt/Linux/pathchanger
--- a/pathchanger/prebuilt/Mac
+++ b/pathchanger/prebuilt/Mac
--- a/pathchanger/prebuilt/Windows/pathchanger.exe
+++ b/pathchanger/prebuilt/Windows/pathchanger.exe
--- a/source/buttons.h
+++ b/source/buttons.h
@@ -40,7 +40,8 @@
 #define BUTTON_DOWN            (1 << 7)

 #define SAFE_MODE              (BUTTON_R1 | BUTTON_L1 | BUTTON_A | BUTTON_UP)
-#define SINGLE_PAYLOAD_BUTTONS (BUTTON_LEFT | BUTTON_RIGHT | BUTTON_UP | BUTTON_DOWN | BUTTON_START | BUTTON_X | BUTTON_Y)
+#define SINGLE_PAYLOAD_BUTTONS (BUTTON_LEFT | BUTTON_RIGHT | BUTTON_UP | BUTTON_DOWN | BUTTON_START | BUTTON_B | BUTTON_X | BUTTON_Y)
 #define L_PAYLOAD_BUTTONS      (BUTTON_R1 | BUTTON_A | BUTTON_SELECT)
+#define EMUNAND_BUTTONS        (BUTTON_LEFT | BUTTON_RIGHT | BUTTON_UP | BUTTON_DOWN)
 #define MENU_BUTTONS           (BUTTON_LEFT | BUTTON_RIGHT | BUTTON_UP | BUTTON_DOWN | BUTTON_A | BUTTON_START)
-#define PIN_BUTTONS            (BUTTON_A | BUTTON_B | BUTTON_X | BUTTON_Y | BUTTON_START)
+#define PIN_BUTTONS            (BUTTON_A | BUTTON_B | BUTTON_X | BUTTON_Y | BUTTON_LEFT | BUTTON_RIGHT | BUTTON_UP | BUTTON_DOWN | BUTTON_START)
--- a/source/config.c
+++ b/source/config.c
@@ -21,38 +21,161 @@
 */

 #include "config.h"
+#include "memory.h"
+#include "fs.h"
 #include "utils.h"
 #include "screen.h"
 #include "draw.h"
-#include "fs.h"
 #include "buttons.h"
+#include "pin.h"

-void configureCFW(const char *configPath)
+bool readConfig(void)
 {
-    initScreens();
+    if(fileRead(&configData, CONFIG_PATH, sizeof(CfgData)) != sizeof(CfgData) ||
+       memcmp(configData.magic, "CONF", 4) != 0 ||
+       configData.formatVersionMajor != CONFIG_VERSIONMAJOR ||
+       configData.formatVersionMinor != CONFIG_VERSIONMINOR)
+    {
+        configData.config = 0;
+        return false;
+    }

-    drawString(CONFIG_TITLE, 10, 10, COLOR_TITLE);
-    drawString("Press A to select, START to save", 10, 30, COLOR_WHITE);
+    return true;
+}

-    const char *multiOptionsText[]  = { "Screen brightness: 4( ) 3( ) 2( ) 1( )",
-                                        "New 3DS CPU: Off( ) Clock( ) L2( ) Clock+L2( )" };
+void writeConfig(ConfigurationStatus needConfig, u32 configTemp)
+{
+    /* If the configuration is different from previously, overwrite it.
+       Just the no-forcing flag being set is not enough */
+    if(needConfig == CREATE_CONFIGURATION || (configTemp & 0xFFFFFF7F) != configData.config)
+    {
+        if(needConfig == CREATE_CONFIGURATION)
+        {
+            memcpy(configData.magic, "CONF", 4);
+            configData.formatVersionMajor = CONFIG_VERSIONMAJOR;
+            configData.formatVersionMinor = CONFIG_VERSIONMINOR;
+        }
+
+        //Merge the new options and new boot configuration
+        configData.config = (configData.config & 0xFFFFFE00) | (configTemp & 0x1FF);
+
+        if(!fileWrite(&configData, CONFIG_PATH, sizeof(CfgData)))
+            error("Error writing the configuration file");
+    }
+}
+
+void configMenu(bool oldPinStatus)
+{
+    const char *multiOptionsText[]  = { "Default EmuNAND: 1( ) 2( ) 3( ) 4( )",
+                                        "Screen brightness: 4( ) 3( ) 2( ) 1( )",
+                                        "PIN lock: Off( ) 4( ) 6( ) 8( ) digits",
+                                        "New 3DS CPU: Off( ) Clock( ) L2( ) Clock+L2( )"
+#ifdef DEV
+                                      , "Dev. features: ErrDisp( ) UNITINFO( ) Off( )"
+#endif
+                                      };

    const char *singleOptionsText[] = { "( ) Autoboot SysNAND",
                                        "( ) Use SysNAND FIRM if booting with R (A9LH)",
-                                        "( ) Use second EmuNAND as default",
                                        "( ) Enable region/language emu. and ext. .code",
-                                        "( ) Show current NAND in System Settings",
+                                        "( ) Show NAND or user string in System Settings",
                                        "( ) Show GBA boot screen in patched AGB_FIRM",
-                                        "( ) Display splash screen before payloads",
-                                        "( ) Use a PIN" };
+                                        "( ) Display splash screen before payloads"
+#ifdef DEV
+                                      , "( ) Patch SVC/service/archive/ARM9 access"
+#endif
+                                      };
+
+    const char *optionsDescription[]  = { "Select the default EmuNAND.\n"
+                                          "It will booted with no directional pad\n"
+                                          "buttons pressed",
+
+                                          "Select the screen brightness",
+
+                                          "Activate a PIN lock.\n"
+                                          "The PIN will be asked each time\n"
+                                          "Luma3DS boots.\n"
+                                          "4, 6 or 8 digits can be selected.\n"
+                                          "The ABXY buttons and the directional\n"
+                                          "pad buttons can be used as keys",
+
+                                          "Select the New 3DS CPU mode.\n"
+                                          "It will be always enabled.\n"
+                                          "'Clock+L2' can cause issues with some\n"
+                                          "games",
+#ifdef DEV
+                                          "Select the developer features.\n"
+                                          "'ErrDisp' displays debug information\n"
+                                          "on the 'An error has occurred' screen.\n"
+                                          "'UNITINFO' makes the console be always\n"
+                                          "detected as a development unit (which\n"
+                                          "breaks online features and allows\n"
+                                          "booting some developer software).\n"
+                                          "'Off' disables exception handlers\n"
+                                          "in FIRM",
+#endif
+                                          "If enabled SysNAND will be launched on\n"
+                                          "boot. Otherwise, an EmuNAND will.\n"
+                                          "Hold L on boot to switch NAND.\n"
+                                          "To use a different EmuNAND from the\n"
+                                          "default, hold a directional pad button\n"
+                                          "(Up/Right/Down/Left equal EmuNANDs\n"
+                                          "1/2/3/4)",
+
+                                          "If enabled, when holding R on boot\n"
+                                          "EmuNAND will be booted with the\n"
+                                          "SysNAND FIRM. Otherwise, SysNAND will\n"
+                                          "be booted with an EmuNAND FIRM.\n"
+                                          "To use a different EmuNAND from the\n"
+                                          "default, hold a directional pad button\n"
+                                          "(Up/Right/Down/Left equal EmuNANDs\n"
+                                          "1/2/3/4)",
+
+                                          "Enable overriding the region and\n"
+                                          "language configuration and the usage\n"
+                                          "of patched code binaries for specific\n"
+                                          "games.\n"
+                                          "Also makes certain DLCs for\n"
+                                          "out-of-region games work.\n"
+                                          "Refer to the wiki for instructions",
+
+                                          "Show the currently booted NAND\n"
+                                          "(Sys = SysNAND, Emu = EmuNAND 1,\n"
+                                          "EmuX = EmuNAND X,\n"
+                                          "SysE = SysNAND with EmuNAND 1 FIRM,\n"
+                                          "SyEX = SysNAND with EmuNAND X FIRM,\n"
+                                          "EmXS = EmuNAND X with SysNAND FIRM)\n"
+                                          "or an user-defined custom string in\n"
+                                          "System Settings.\n"
+                                          "Refer to the wiki for instructions",
+
+                                          "Show the GBA boot screen when booting\n"
+                                          "GBA games",
+
+                                          "If enabled, the splash screen will be\n"
+                                          "displayed before booting payloads,\n"
+                                          "otherwise it will be displayed\n"
+                                          "afterwards.\n"
+                                          "Intended for splash screens that\n"
+                                          "display button hints"
+#ifdef DEV
+                                        , "Disable SVC, service, archive and ARM9\n"
+                                          "exheader access checks"
+#endif
+                                       };

    struct multiOption {
-        int posXs[4];
-        int posY;
+        u32 posXs[4];
+        u32 posY;
        u32 enabled;
    } multiOptions[] = {
+        { .posXs = {19, 24, 29, 34} },
        { .posXs = {21, 26, 31, 36} },
+        { .posXs = {14, 19, 24, 29} },
        { .posXs = {17, 26, 32, 44} }
+#ifdef DEV
+      , { .posXs = {23, 35, 43, 0} }
+#endif
    };

    //Calculate the amount of the various kinds of options and pre-select the first single one
@@ -62,7 +185,7 @@ void configureCFW(const char *configPath)
        selectedOption = multiOptionsAmount;

    struct singleOption {
-        int posY;
+        u32 posY;
        bool enabled;
    } singleOptions[singleOptionsAmount];

@@ -72,17 +195,25 @@ void configureCFW(const char *configPath)
    for(u32 i = 0; i < singleOptionsAmount; i++)
        singleOptions[i].enabled = CONFIG(i);

+    initScreens();
+
+    drawString(CONFIG_TITLE, true, 10, 10, COLOR_TITLE);
+    drawString("Press A to select, START to save", true, 10, 30, COLOR_WHITE);
+
    //Character to display a selected option
    char selected = 'x';

-    int endPos = 42;
+    u32 endPos = 42;

    //Display all the multiple choice options in white
    for(u32 i = 0; i < multiOptionsAmount; i++)
    {
-        multiOptions[i].posY = endPos + SPACING_Y;
-        endPos = drawString(multiOptionsText[i], 10, multiOptions[i].posY, COLOR_WHITE);
-        drawCharacter(selected, 10 + multiOptions[i].posXs[multiOptions[i].enabled] * SPACING_X, multiOptions[i].posY, COLOR_WHITE);
+        if(!(i == NEWCPU && !isN3DS))
+        {
+            multiOptions[i].posY = endPos + SPACING_Y;
+            endPos = drawString(multiOptionsText[i], true, 10, multiOptions[i].posY, COLOR_WHITE);
+            drawCharacter(selected, true, 10 + multiOptions[i].posXs[multiOptions[i].enabled] * SPACING_X, multiOptions[i].posY, COLOR_WHITE);
+        }
    }

    endPos += SPACING_Y / 2;
@@ -92,11 +223,13 @@ void configureCFW(const char *configPath)
    for(u32 i = 0; i < singleOptionsAmount; i++)
    {
        singleOptions[i].posY = endPos + SPACING_Y;
-        endPos = drawString(singleOptionsText[i], 10, singleOptions[i].posY, color);
-        if(singleOptions[i].enabled) drawCharacter(selected, 10 + SPACING_X, singleOptions[i].posY, color);
+        endPos = drawString(singleOptionsText[i], true, 10, singleOptions[i].posY, color);
+        if(singleOptions[i].enabled) drawCharacter(selected, true, 10 + SPACING_X, singleOptions[i].posY, color);
        color = COLOR_WHITE;
    }

+    drawString(optionsDescription[selectedOption], false, 10, 10, COLOR_WHITE);
+
    u32 pressed = 0;

    //Boring configuration menu
@@ -116,10 +249,12 @@ void configureCFW(const char *configPath)
            switch(pressed)
            {
                case BUTTON_UP:
-                    selectedOption = !selectedOption ? totalIndexes : selectedOption - 1;
+                    if(!selectedOption) selectedOption = totalIndexes;
+                    else selectedOption = (selectedOption == NEWCPU + 1 && !isN3DS) ? selectedOption - 2 : selectedOption - 1;
                    break;
                case BUTTON_DOWN:
-                    selectedOption = selectedOption == totalIndexes ? 0 : selectedOption + 1;
+                    if(selectedOption == totalIndexes) selectedOption = 0;
+                    else selectedOption = (selectedOption == NEWCPU - 1 && !isN3DS) ? selectedOption + 2 : selectedOption + 1;
                    break;
                case BUTTON_LEFT:
                    selectedOption = 0;
@@ -136,23 +271,26 @@ void configureCFW(const char *configPath)
            //The user moved to a different option, print the old option in white and the new one in red. Only print 'x's if necessary
            if(oldSelectedOption < multiOptionsAmount)
            {
-                drawString(multiOptionsText[oldSelectedOption], 10, multiOptions[oldSelectedOption].posY, COLOR_WHITE);
-                drawCharacter(selected, 10 + multiOptions[oldSelectedOption].posXs[multiOptions[oldSelectedOption].enabled] * SPACING_X, multiOptions[oldSelectedOption].posY, COLOR_WHITE);
+                drawString(multiOptionsText[oldSelectedOption], true, 10, multiOptions[oldSelectedOption].posY, COLOR_WHITE);
+                drawCharacter(selected, true, 10 + multiOptions[oldSelectedOption].posXs[multiOptions[oldSelectedOption].enabled] * SPACING_X, multiOptions[oldSelectedOption].posY, COLOR_WHITE);
            }
            else
            {
                u32 singleOldSelected = oldSelectedOption - multiOptionsAmount;
-                drawString(singleOptionsText[singleOldSelected], 10, singleOptions[singleOldSelected].posY, COLOR_WHITE);
-                if(singleOptions[singleOldSelected].enabled) drawCharacter(selected, 10 + SPACING_X, singleOptions[singleOldSelected].posY, COLOR_WHITE);
+                drawString(singleOptionsText[singleOldSelected], true, 10, singleOptions[singleOldSelected].posY, COLOR_WHITE);
+                if(singleOptions[singleOldSelected].enabled) drawCharacter(selected, true, 10 + SPACING_X, singleOptions[singleOldSelected].posY, COLOR_WHITE);
            }

            if(selectedOption < multiOptionsAmount)
-                drawString(multiOptionsText[selectedOption], 10, multiOptions[selectedOption].posY, COLOR_RED);
+                drawString(multiOptionsText[selectedOption], true, 10, multiOptions[selectedOption].posY, COLOR_RED);
            else
            {
                u32 singleSelected = selectedOption - multiOptionsAmount;
-                drawString(singleOptionsText[singleSelected], 10, singleOptions[singleSelected].posY, COLOR_RED);
+                drawString(singleOptionsText[singleSelected], true, 10, singleOptions[singleSelected].posY, COLOR_RED);
            }
+
+            clearScreens(false, true);
+            drawString(optionsDescription[selectedOption], false, 10, 10, COLOR_WHITE);
        }
        else
        {
@@ -160,46 +298,45 @@ void configureCFW(const char *configPath)
            if(selectedOption < multiOptionsAmount)
            {
                u32 oldEnabled = multiOptions[selectedOption].enabled;
-                drawCharacter(selected, 10 + multiOptions[selectedOption].posXs[oldEnabled] * SPACING_X, multiOptions[selectedOption].posY, COLOR_BLACK);
-                multiOptions[selectedOption].enabled = oldEnabled == 3 ? 0 : oldEnabled + 1;
+                drawCharacter(selected, true, 10 + multiOptions[selectedOption].posXs[oldEnabled] * SPACING_X, multiOptions[selectedOption].posY, COLOR_BLACK);
+                multiOptions[selectedOption].enabled = (oldEnabled == 3 || !multiOptions[selectedOption].posXs[oldEnabled + 1]) ? 0 : oldEnabled + 1;

-                if(!selectedOption)
-                    updateBrightness(multiOptions[selectedOption].enabled);
+                if(selectedOption == BRIGHTNESS) updateBrightness(multiOptions[BRIGHTNESS].enabled);
            }
            else
            {
                bool oldEnabled = singleOptions[selectedOption - multiOptionsAmount].enabled;
                singleOptions[selectedOption - multiOptionsAmount].enabled = !oldEnabled;
-                if(oldEnabled) drawCharacter(selected, 10 + SPACING_X, singleOptions[selectedOption - multiOptionsAmount].posY, COLOR_BLACK);
+                if(oldEnabled) drawCharacter(selected, true, 10 + SPACING_X, singleOptions[selectedOption - multiOptionsAmount].posY, COLOR_BLACK);
            }
        }

        //In any case, if the current option is enabled (or a multiple choice option is selected) we must display a red 'x'
        if(selectedOption < multiOptionsAmount)
-            drawCharacter(selected, 10 + multiOptions[selectedOption].posXs[multiOptions[selectedOption].enabled] * SPACING_X, multiOptions[selectedOption].posY, COLOR_RED);
+            drawCharacter(selected, true, 10 + multiOptions[selectedOption].posXs[multiOptions[selectedOption].enabled] * SPACING_X, multiOptions[selectedOption].posY, COLOR_RED);
        else
        {
            u32 singleSelected = selectedOption - multiOptionsAmount;
-            if(singleOptions[singleSelected].enabled) drawCharacter(selected, 10 + SPACING_X, singleOptions[singleSelected].posY, COLOR_RED);
+            if(singleOptions[singleSelected].enabled) drawCharacter(selected, true, 10 + SPACING_X, singleOptions[singleSelected].posY, COLOR_RED);
        }
    }

-    //Preserve the last-used boot options (last 12 bits)
-    config &= 0x3F;
+    u32 oldPinLength = MULTICONFIG(PIN);
+
+    //Preserve the last-used boot options (first 9 bits)
+    configData.config &= 0x1FF;

    //Parse and write the new configuration
    for(u32 i = 0; i < multiOptionsAmount; i++)
-        config |= multiOptions[i].enabled << (i * 2 + 6);
+        configData.config |= multiOptions[i].enabled << (i * 2 + 9);
    for(u32 i = 0; i < singleOptionsAmount; i++)
-        config |= (singleOptions[i].enabled ? 1 : 0) << (i + 16);
+        configData.config |= (singleOptions[i].enabled ? 1 : 0) << (i + 21);

-    if(!fileWrite(&config, configPath, 4))
-    {
-        createDirectory("luma");
-        if(!fileWrite(&config, configPath, 4))
-            error("Error writing the configuration file");
-    }
+    if(MULTICONFIG(PIN) != 0) newPin(oldPinStatus && MULTICONFIG(PIN) == oldPinLength);
+    else if(oldPinStatus) fileDelete(PIN_PATH);

    //Wait for the pressed buttons to change
-    while(HID_PAD == BUTTON_START);
+    while(HID_PAD & PIN_BUTTONS);
+
+    chrono(2);
 }
--- a/source/config.h
+++ b/source/config.h
@@ -24,10 +24,62 @@

 #include "types.h"

-#define CONFIG(a) (((config >> (a + 16)) & 1) != 0)
-#define MULTICONFIG(a) ((config >> (a * 2 + 6)) & 3)
-#define BOOTCONFIG(a, b) ((config >> a) & b)
+#define CONFIG(a)        (((configData.config >> (a + 21)) & 1) != 0)
+#define MULTICONFIG(a)   ((configData.config >> (a * 2 + 9)) & 3)
+#define BOOTCONFIG(a, b) ((configData.config >> a) & b)

-extern u32 config;
+#define CONFIG_PATH         "/luma/config.bin"
+#define CONFIG_VERSIONMAJOR 1
+#define CONFIG_VERSIONMINOR 4

-void configureCFW(const char *configPath);
+#define BOOTCFG_NAND         BOOTCONFIG(0, 7)
+#define BOOTCFG_FIRM         BOOTCONFIG(3, 7)
+#define BOOTCFG_A9LH         BOOTCONFIG(6, 1)
+#define BOOTCFG_NOFORCEFLAG  BOOTCONFIG(7, 1)
+#define BOOTCFG_SAFEMODE     BOOTCONFIG(8, 1)
+
+enum multiOptions
+{
+    DEFAULTEMU = 0,
+    BRIGHTNESS,
+    PIN,
+    NEWCPU
+#ifdef DEV
+  , DEVOPTIONS
+#endif
+};
+
+enum singleOptions
+{
+    AUTOBOOTSYS = 0,
+    USESYSFIRM,
+    USELANGEMUANDCODE,
+    PATCHVERSTRING,
+    SHOWGBABOOT,
+    PAYLOADSPLASH
+#ifdef DEV
+  , PATCHACCESS
+#endif
+};
+
+typedef struct __attribute__((packed))
+{
+    char magic[4];
+    u16 formatVersionMajor, formatVersionMinor;
+
+    u32 config;
+} CfgData;
+
+typedef enum ConfigurationStatus
+{
+    DONT_CONFIGURE = 0,
+    MODIFY_CONFIGURATION,
+    CREATE_CONFIGURATION
+} ConfigurationStatus;
+
+extern CfgData configData;
+extern bool isN3DS;
+
+bool readConfig(void);
+void writeConfig(ConfigurationStatus needConfig, u32 configTemp);
+void configMenu(bool oldPinStatus);
--- a/source/crypto.c
+++ b/source/crypto.c
@@ -22,6 +22,7 @@

 /*
 *   Crypto libs from http://github.com/b1l1s/ctr
+*   ARM9Loader code originally adapted from https://github.com/Reisyukaku/ReiNand/blob/228c378255ba693133dec6f3368e14d386f2cde7/source/crypto.c#L233
 */

 #include "crypto.h"
@@ -383,8 +384,7 @@ void decryptExeFs(u8 *inbuf)
    aes(inbuf - 0x200, exeFsOffset, exeFsSize / AES_BLOCK_SIZE, ncchCTR, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
 }

-/* ARM9Loader replacement
-   Originally adapted from: https://github.com/Reisyukaku/ReiNand/blob/228c378255ba693133dec6f3368e14d386f2cde7/source/crypto.c#L233 */
+//ARM9Loader replacement
 void arm9Loader(u8 *arm9Section)
 {
    //Determine the arm9loader version
@@ -405,7 +405,7 @@ void arm9Loader(u8 *arm9Section)
    //Firm keys
    u8 __attribute__((aligned(4))) keyY[0x10];
    u8 __attribute__((aligned(4))) arm9BinCTR[0x10];
-    u8 arm9BinSlot = a9lVersion ? 0x16 : 0x15;
+    u8 arm9BinSlot = a9lVersion != 0 ? 0x16 : 0x15;

    //Setup keys needed for arm9bin decryption
    memcpy(keyY, arm9Section + 0x10, 0x10);
@@ -414,7 +414,7 @@ void arm9Loader(u8 *arm9Section)
    //Calculate the size of the ARM9 binary
    u32 arm9BinSize = 0;
    //http://stackoverflow.com/questions/12791077/atoi-implementation-in-c
-    for(u8 *tmp = arm9Section + 0x30; *tmp; tmp++)
+    for(u8 *tmp = arm9Section + 0x30; *tmp != 0; tmp++)
        arm9BinSize = (arm9BinSize << 3) + (arm9BinSize << 1) + *tmp - '0';

    if(a9lVersion)
@@ -457,14 +457,13 @@ void arm9Loader(u8 *arm9Section)
    }
 }

-void computePINHash(u8 out[32], u8 *in, u32 blockCount)
+void computePinHash(u8 *out, u8 *in)
 {
    u8 __attribute__((aligned(4))) cid[0x10];
    u8 __attribute__((aligned(4))) cipherText[0x10];
+
    sdmmc_get_cid(1, (u32 *)cid);
-
-    aes_use_keyslot(4); // console-unique keyslot which keys are set by the Arm9 bootROM
-    aes(cipherText, in, blockCount, cid, AES_CBC_ENCRYPT_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
-
+    aes_use_keyslot(4); //Console-unique keyslot whose keys are set by the ARM9 bootROM
+    aes(cipherText, in, 1, cid, AES_CBC_ENCRYPT_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
    sha(out, cipherText, 0x10, SHA_256_MODE);
 }
--- a/source/crypto.h
+++ b/source/crypto.h
@@ -22,6 +22,7 @@

 /*
 *   Crypto libs from http://github.com/b1l1s/ctr
+*   ARM9Loader code originally adapted from https://github.com/Reisyukaku/ReiNand/blob/228c378255ba693133dec6f3368e14d386f2cde7/source/crypto.c#L233
 */

 #pragma once
@@ -100,8 +101,7 @@
 #define SHA_1_HASH_SIZE     (160 / 8)

 extern u32 emuOffset;
-extern bool isN3DS;
-extern bool isDevUnit;
+extern bool isN3DS, isDevUnit;
 extern FirmwareSource firmSource;

 void ctrNandInit(void);
@@ -109,5 +109,4 @@ u32 ctrNandRead(u32 sector, u32 sectorCount, u8 *outbuf);
 void setRSAMod0DerivedKeys(void);
 void decryptExeFs(u8 *inbuf);
 void arm9Loader(u8 *arm9Section);
-
-void computePINHash(u8 out[32], u8 *in, u32 blockCount);
+void computePinHash(u8 *out, u8 *in);
--- a/source/draw.c
+++ b/source/draw.c
@@ -22,52 +22,50 @@

 /*
 *   Code to print to the screen by mid-kid @CakesFW
-*      https://github.com/mid-kid/CakesForeveryWan/
+*   https://github.com/mid-kid/CakesForeveryWan
 */

 #include "draw.h"
+#include "strings.h"
 #include "screen.h"
 #include "utils.h"
 #include "fs.h"
 #include "font.h"

-static inline int strlen(const char *string)
-{
-    char *stringEnd = (char *)string;
-
-    while(*stringEnd) stringEnd++;
-
-    return stringEnd - string;
-}
-
 bool loadSplash(void)
 {
-    //Don't delay boot nor init the screens if no splash image is on the SD
-    if(getFileSize("/luma/splash.bin") + getFileSize("/luma/splash.bin") == 0)
+    const char topSplashPath[] = "/luma/splash.bin",
+               bottomSplashPath[] = "/luma/splashbottom.bin";
+
+    bool isTopSplashValid = getFileSize(topSplashPath) == SCREEN_TOP_FBSIZE,
+         isBottomSplashValid = getFileSize(bottomSplashPath) == SCREEN_BOTTOM_FBSIZE;
+
+    //Don't delay boot nor init the screens if no splash images or invalid splash images are on the SD
+    if(!isTopSplashValid && !isBottomSplashValid)
        return false;
-    
+
    initScreens();

-    fileRead(fb->top_left, "/luma/splash.bin");
-    fileRead(fb->bottom, "/luma/splashbottom.bin");
+    if(isTopSplashValid) fileRead(fb->top_left, topSplashPath, 0);
+    if(isBottomSplashValid) fileRead(fb->bottom, bottomSplashPath, 0);

    chrono(3);

    return true;
 }

-void drawCharacter(char character, int posX, int posY, u32 color)
+void drawCharacter(char character, bool isTopScreen, u32 posX, u32 posY, u32 color)
 {
-    u8 *const select = fb->top_left;
+    u8 *select = isTopScreen ? fb->top_left : fb->bottom;

-    for(int y = 0; y < 8; y++)
+    for(u32 y = 0; y < 8; y++)
    {
        char charPos = font[character * 8 + y];

-        for(int x = 7; x >= 0; x--)
-            if ((charPos >> x) & 1)
+        for(u32 x = 0; x < 8; x++)
+            if(((charPos >> (7 - x)) & 1) == 1)
            {
-                int screenPos = (posX * SCREEN_TOP_HEIGHT * 3 + (SCREEN_TOP_HEIGHT - y - posY - 1) * 3) + (7 - x) * 3 * SCREEN_TOP_HEIGHT;
+                u32 screenPos = (posX * SCREEN_HEIGHT * 3 + (SCREEN_HEIGHT - y - posY - 1) * 3) + x * 3 * SCREEN_HEIGHT;

                select[screenPos] = color >> 16;
                select[screenPos + 1] = color >> 8;
@@ -76,9 +74,9 @@ void drawCharacter(char character, int posX, int posY, u32 color)
    }
 }

-int drawString(const char *string, int posX, int posY, u32 color)
+u32 drawString(const char *string, bool isTopScreen, u32 posX, u32 posY, u32 color)
 {
-    for(int i = 0, line_i = 0; i < strlen(string); i++, line_i++)
+    for(u32 i = 0, line_i = 0; i < strlen(string); i++, line_i++)
    {
        if(string[i] == '\n')
        {
@@ -86,15 +84,15 @@ int drawString(const char *string, int posX, int posY, u32 color)
            line_i = 0;
            i++;
        }
-        else if(line_i >= (SCREEN_TOP_WIDTH - posX) / SPACING_X)
+        else if(line_i >= ((isTopScreen ? SCREEN_TOP_WIDTH : SCREEN_BOTTOM_WIDTH) - posX) / SPACING_X)
        {
-            // Make sure we never get out of the screen.
+            //Make sure we never get out of the screen
            posY += SPACING_Y;
-            line_i = 2; //Little offset so we know the same string continues.
+            line_i = 1; //Little offset so we know the same string continues
            if(string[i] == ' ') i++; //Spaces at the start look weird
        }

-        drawCharacter(string[i], posX + line_i * SPACING_X, posY, color);
+        drawCharacter(string[i], isTopScreen, posX + line_i * SPACING_X, posY, color);
    }

    return posY;
--- a/source/draw.h
+++ b/source/draw.h
@@ -29,17 +29,21 @@

 #include "types.h"

-#define SCREEN_TOP_WIDTH  400
-#define SCREEN_TOP_HEIGHT 240
+#define SCREEN_TOP_WIDTH     400
+#define SCREEN_BOTTOM_WIDTH  320
+#define SCREEN_HEIGHT        240
+#define SCREEN_TOP_FBSIZE    (3 * SCREEN_TOP_WIDTH * SCREEN_HEIGHT)
+#define SCREEN_BOTTOM_FBSIZE (3 * SCREEN_BOTTOM_WIDTH * SCREEN_HEIGHT)

 #define SPACING_Y 10
 #define SPACING_X 8

-#define COLOR_TITLE 0xFF9900
-#define COLOR_WHITE 0xFFFFFF
-#define COLOR_RED   0x0000FF
-#define COLOR_BLACK 0x000000
+#define COLOR_TITLE  0xFF9900
+#define COLOR_WHITE  0xFFFFFF
+#define COLOR_RED    0x0000FF
+#define COLOR_BLACK  0x000000
+#define COLOR_YELLOW 0x00FFFF

 bool loadSplash(void);
-void drawCharacter(char character, int posX, int posY, u32 color);
-int drawString(const char *string, int posX, int posY, u32 color);
+void drawCharacter(char character, bool isTopScreen, u32 posX, u32 posY, u32 color);
+u32 drawString(const char *string, bool isTopScreen, u32 posX, u32 posY, u32 color);
--- a/source/emunand.c
+++ b/source/emunand.c
@@ -25,65 +25,87 @@
 #include "fatfs/sdmmc/sdmmc.h"
 #include "../build/emunandpatch.h"

-void locateEmuNAND(u32 *off, u32 *head, FirmwareSource *emuNAND)
+void locateEmuNand(u32 *emuHeader, FirmwareSource *nandType)
 {
    static u8 temp[0x200];
-
    const u32 nandSize = getMMCDevice(0)->total_size;
-    u32 nandOffset = *emuNAND == FIRMWARE_EMUNAND ? 0 :
-                                  (nandSize > 0x200000 ? 0x400000 : 0x200000);
+    bool found = false;

-    //Check for RedNAND
-    if(!sdmmc_sdcard_readsectors(nandOffset + 1, 1, temp) &&
-       *(u32 *)(temp + 0x100) == NCSD_MAGIC)
+    for(u32 i = 0; i < 3 && !found; i++)
    {
-        *off = nandOffset + 1;
-        *head = nandOffset + 1;
+        u32 nandOffset;
+        switch(i)
+        {
+            case 1:
+                nandOffset = ROUND_TO_4MB(nandSize + 1); //"Default" layout
+                break;
+            case 2:
+                nandOffset = isN3DS ? 0x26E000 : 0x1D8000; //"Minsize" layout
+                break;
+            default:
+                nandOffset = *nandType == FIRMWARE_EMUNAND ? 0 : (nandSize > 0x200000 ? 0x400000 : 0x200000); //"Legacy" layout
+                break;
+        }
+
+        if(*nandType != FIRMWARE_EMUNAND) nandOffset *= ((u32)*nandType - 1);
+
+        //Check for RedNAND
+        if(!sdmmc_sdcard_readsectors(nandOffset + 1, 1, temp) && *(u32 *)(temp + 0x100) == NCSD_MAGIC)
+        {
+            emuOffset = nandOffset + 1;
+            *emuHeader = nandOffset + 1;
+            found = true;
+        }
+
+        //Check for Gateway EmuNAND
+        else if(i != 2 && !sdmmc_sdcard_readsectors(nandOffset + nandSize, 1, temp) && *(u32 *)(temp + 0x100) == NCSD_MAGIC)
+        {
+            emuOffset = nandOffset;
+            *emuHeader = nandOffset + nandSize;
+            found = true;
+        }
+
+        if(*nandType == FIRMWARE_EMUNAND) break;
    }

-    //Check for Gateway emuNAND
-    else if(!sdmmc_sdcard_readsectors(nandOffset + nandSize, 1, temp) &&
-            *(u32 *)(temp + 0x100) == NCSD_MAGIC)
+    //Fallback to the first EmuNAND if there's no second/third/fourth one, or to SysNAND if there isn't any
+    if(!found)
    {
-        *off = nandOffset;
-        *head = nandOffset + nandSize;
-    }
-
-    /* Fallback to the first emuNAND if there's no second one,
-       or to SysNAND if there isn't any */
-    else
-    {
-        *emuNAND = (*emuNAND == FIRMWARE_EMUNAND2) ? FIRMWARE_EMUNAND : FIRMWARE_SYSNAND;
-        if(*emuNAND) locateEmuNAND(off, head, emuNAND);
+        if(*nandType != FIRMWARE_EMUNAND)
+        {
+            *nandType = FIRMWARE_EMUNAND;
+            locateEmuNand(emuHeader, nandType);
+        }
+        else *nandType = FIRMWARE_SYSNAND;
    }
 }

-static inline void *getEmuCode(u8 *pos, u32 size)
+static inline u8 *getFreeK9Space(u8 *pos, u32 size)
 {
    const u8 pattern[] = {0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0x00};

    //Looking for the last free space before Process9
-    return memsearch(pos + 0x13500, pattern, size - 0x13500, 6) + 0x455;
+    return memsearch(pos + 0x13500, pattern, size - 0x13500, sizeof(pattern)) + 0x455;
 }

-static inline u32 getSDMMC(u8 *pos, u32 size)
+static inline u32 getSdmmc(u8 *pos, u32 size)
 {
    //Look for struct code
    const u8 pattern[] = {0x21, 0x20, 0x18, 0x20};
-    const u8 *off = memsearch(pos, pattern, size, 4);
+    const u8 *off = memsearch(pos, pattern, size, sizeof(pattern));

    return *(u32 *)(off + 9) + *(u32 *)(off + 0xD);
 }

-static inline void patchNANDRW(u8 *pos, u32 size, u32 branchOffset)
+static inline void patchNandRw(u8 *pos, u32 size, u32 branchOffset)
 {
    const u16 nandRedir[2] = {0x4C00, 0x47A0};

    //Look for read/write code
    const u8 pattern[] = {0x1E, 0x00, 0xC8, 0x05};

-    u16 *readOffset = (u16 *)memsearch(pos, pattern, size, 4) - 3,
-        *writeOffset = (u16 *)memsearch((u8 *)(readOffset + 5), pattern, 0x100, 4) - 3;
+    u16 *readOffset = (u16 *)memsearch(pos, pattern, size, sizeof(pattern)) - 3,
+        *writeOffset = (u16 *)memsearch((u8 *)(readOffset + 5), pattern, 0x100, sizeof(pattern)) - 3;

    *readOffset = nandRedir[0];
    readOffset[1] = nandRedir[1];
@@ -93,40 +115,38 @@ static inline void patchNANDRW(u8 *pos, u32 size, u32 branchOffset)
    ((u32 *)writeOffset)[1] = branchOffset;
 }

-static inline void patchMPU(u8 *pos, u32 size)
+static inline void patchMpu(u8 *pos, u32 size)
 {
-    const u32 mpuPatch[3] = {0x00360003, 0x00200603, 0x001C0603};
-
    //Look for MPU pattern
    const u8 pattern[] = {0x03, 0x00, 0x24, 0x00};

-    u32 *off = (u32 *)memsearch(pos, pattern, size, 4);
+    u32 *off = (u32 *)memsearch(pos, pattern, size, sizeof(pattern));

-    off[0] = mpuPatch[0];
-    off[6] = mpuPatch[1];
-    off[9] = mpuPatch[2];
+    off[0] = 0x00360003;
+    off[6] = 0x00200603;
+    off[9] = 0x001C0603;
 }

-void patchEmuNAND(u8 *arm9Section, u32 arm9SectionSize, u8 *process9Offset, u32 process9Size, u32 emuOffset, u32 emuHeader, u32 branchAdditive)
+void patchEmuNand(u8 *arm9Section, u32 arm9SectionSize, u8 *process9Offset, u32 process9Size, u32 emuHeader, u32 branchAdditive)
 {
-    //Copy emuNAND code
-    void *emuCodeOffset = getEmuCode(arm9Section, arm9SectionSize);
-    memcpy(emuCodeOffset, emunand, emunand_size);
+    //Copy EmuNAND code
+    u8 *freeK9Space = getFreeK9Space(arm9Section, arm9SectionSize);
+    memcpy(freeK9Space, emunand, emunand_size);

-    //Add the data of the found emuNAND
-    u32 *pos_offset = (u32 *)memsearch(emuCodeOffset, "NAND", emunand_size, 4),
-        *pos_header = (u32 *)memsearch(emuCodeOffset, "NCSD", emunand_size, 4);
-    *pos_offset = emuOffset;
-    *pos_header = emuHeader;
+    //Add the data of the found EmuNAND
+    u32 *posOffset = (u32 *)memsearch(freeK9Space, "NAND", emunand_size, 4),
+        *posHeader = (u32 *)memsearch(freeK9Space, "NCSD", emunand_size, 4);
+    *posOffset = emuOffset;
+    *posHeader = emuHeader;

    //Find and add the SDMMC struct
-    u32 *pos_sdmmc = (u32 *)memsearch(emuCodeOffset, "SDMC", emunand_size, 4);
-    *pos_sdmmc = getSDMMC(process9Offset, process9Size);
+    u32 *posSdmmc = (u32 *)memsearch(freeK9Space, "SDMC", emunand_size, 4);
+    *posSdmmc = getSdmmc(process9Offset, process9Size);

-    //Add emuNAND hooks
-    u32 branchOffset = (u32)emuCodeOffset - branchAdditive;
-    patchNANDRW(process9Offset, process9Size, branchOffset);
+    //Add EmuNAND hooks
+    u32 branchOffset = (u32)freeK9Space - branchAdditive;
+    patchNandRw(process9Offset, process9Size, branchOffset);

-    //Set MPU for emu code region
-    patchMPU(arm9Section, arm9SectionSize);
+    //Set MPU
+    patchMpu(arm9Section, arm9SectionSize);
 }
--- a/source/emunand.h
+++ b/source/emunand.h
@@ -24,7 +24,11 @@

 #include "types.h"

-#define NCSD_MAGIC 0x4453434E
+#define NCSD_MAGIC      0x4453434E
+#define ROUND_TO_4MB(a) (((a) + 0x2000 - 1) & (~(0x2000 - 1)))

-void locateEmuNAND(u32 *off, u32 *head, FirmwareSource *emuNAND);
-void patchEmuNAND(u8 *arm9Section, u32 arm9SectionSize, u8 *process9Offset, u32 process9Size, u32 emuOffset, u32 emuHeader, u32 branchAdditive);
+extern u32 emuOffset;
+extern bool isN3DS;
+
+void locateEmuNand(u32 *emuHeader, FirmwareSource *nandType);
+void patchEmuNand(u8 *arm9Section, u32 arm9SectionSize, u8 *process9Offset, u32 process9Size, u32 emuHeader, u32 branchAdditive);
--- a/source/exceptions.c
+++ b/source/exceptions.c
@@ -0,0 +1,201 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#ifdef DEV
+#include "exceptions.h"
+#include "fs.h"
+#include "strings.h"
+#include "memory.h"
+#include "screen.h"
+#include "draw.h"
+#include "utils.h"
+#include "../build/arm9_exceptions.h"
+#include "../build/arm11_exceptions.h"
+
+void installArm9Handlers(void)
+{
+    const u32 offsets[] = {0x08, 0x18, 0x20, 0x28};
+
+    memcpy((void *)0x01FF8000, arm9_exceptions + 32, arm9_exceptions_size - 32);
+
+    /* IRQHandler is at 0x08000000, but we won't handle it for some reasons
+       svcHandler is at 0x08000010, but we won't handle svc either */
+
+    for(u32 i = 0; i < 4; i++)
+    {
+        *(vu32 *)(0x08000000 + offsets[i]) = 0xE51FF004;
+        *(vu32 *)(0x08000000 + offsets[i] + 4) = *((u32 *)arm9_exceptions + 1 + i);
+    }
+}
+
+void installArm11Handlers(u32 *exceptionsPage, u32 stackAddress, u32 codeSetOffset)
+{
+    u32 *initFPU;
+    for(initFPU = exceptionsPage; initFPU < (exceptionsPage + 0x400) && (initFPU[0] != 0xE59F0008 || initFPU[1] != 0xE5900000); initFPU++);
+
+    u32 *mcuReboot;
+    for(mcuReboot = exceptionsPage; mcuReboot < (exceptionsPage + 0x400) && (mcuReboot[0] != 0xE59F4104 || mcuReboot[1] != 0xE3A0A0C2); mcuReboot++);
+    mcuReboot--;
+
+    u32 *freeSpace;
+    for(freeSpace = initFPU; freeSpace < (exceptionsPage + 0x400) && (freeSpace[0] != 0xFFFFFFFF || freeSpace[1] != 0xFFFFFFFF); freeSpace++);
+
+    memcpy(freeSpace, arm11_exceptions + 32, arm11_exceptions_size - 32);
+
+    exceptionsPage[1] = MAKE_BRANCH(exceptionsPage + 1, (u8 *)freeSpace + *(u32 *)(arm11_exceptions + 8)  - 32);    //Undefined Instruction
+    exceptionsPage[3] = MAKE_BRANCH(exceptionsPage + 3, (u8 *)freeSpace + *(u32 *)(arm11_exceptions + 12) - 32);    //Prefetch Abort
+    exceptionsPage[4] = MAKE_BRANCH(exceptionsPage + 4, (u8 *)freeSpace + *(u32 *)(arm11_exceptions + 16) - 32);    //Data Abort
+    exceptionsPage[7] = MAKE_BRANCH(exceptionsPage + 7, (u8 *)freeSpace + *(u32 *)(arm11_exceptions + 4)  - 32);    //FIQ
+
+    for(u32 *pos = freeSpace; pos < (u32 *)((u8 *)freeSpace + arm11_exceptions_size - 32); pos++)
+    {
+        switch(*pos) //Perform relocations
+        {
+            case 0xFFFF3000: *pos = stackAddress; break;
+            case 0xEBFFFFFE: *pos = MAKE_BRANCH_LINK(pos, initFPU); break;
+            case 0xEAFFFFFE: *pos = MAKE_BRANCH(pos, mcuReboot); break;
+            case 0xE12FFF1C: pos[1] = 0xFFFF0000 + 4 * (u32)(freeSpace - exceptionsPage) + pos[1] - 32; break; //bx r12 (mainHandler)
+            case 0xBEEFBEEF: *pos = codeSetOffset; break;
+            default: break;
+        }
+    }
+}
+
+void detectAndProcessExceptionDumps(void)
+{
+    volatile ExceptionDumpHeader *dumpHeader = (volatile ExceptionDumpHeader *)0x25000000;
+
+    if(dumpHeader->magic[0] == 0xDEADC0DE && dumpHeader->magic[1] == 0xDEADCAFE && (dumpHeader->processor == 9 || dumpHeader->processor == 11))
+    {
+        const vu32 *regs = (vu32 *)((vu8 *)dumpHeader + sizeof(ExceptionDumpHeader));
+        const vu8 *stackDump = (vu8 *)regs + dumpHeader->registerDumpSize + dumpHeader->codeDumpSize;
+        const vu8 *additionalData = stackDump + dumpHeader->stackDumpSize;
+
+        const char *handledExceptionNames[] = { 
+            "FIQ", "undefined instruction", "prefetch abort", "data abort"
+        };
+
+        const char *specialExceptions[] = {
+            "(kernel panic)", "(svcBreak)"
+        };
+
+        const char *registerNames[] = {
+            "R0", "R1", "R2", "R3", "R4", "R5", "R6", "R7", "R8", "R9", "R10", "R11", "R12",
+            "SP", "LR", "PC", "CPSR", "FPEXC"
+        };
+
+        char hexString[] = "00000000";
+
+        initScreens();
+
+        drawString("An exception occurred", true, 10, 10, COLOR_RED);
+        u32 posY = drawString(dumpHeader->processor == 11 ? "Processor:       ARM11 (core  )" : "Processor:       ARM9", true, 10, 30, COLOR_WHITE);
+        if(dumpHeader->processor == 11) drawCharacter('0' + dumpHeader->core, true, 10 + 29 * SPACING_X, 30, COLOR_WHITE);
+
+        posY = drawString("Exception type:  ", true, 10, posY + SPACING_Y, COLOR_WHITE);
+        drawString(handledExceptionNames[dumpHeader->type], true, 10 + 17 * SPACING_X, posY, COLOR_WHITE);
+
+        if(dumpHeader->type == 2)
+        {
+            if((regs[16] & 0x20) == 0 && dumpHeader->codeDumpSize >= 4)
+            {
+                u32 instr = *(vu32 *)(stackDump - 4);
+                if(instr == 0xE12FFF7E) drawString(specialExceptions[0], true, 10 + 32 * SPACING_X, posY, COLOR_WHITE);
+                else if(instr == 0xEF00003C) drawString(specialExceptions[1], true, 10 + 32 * SPACING_X, posY, COLOR_WHITE);
+            }
+            else if((regs[16] & 0x20) == 0 && dumpHeader->codeDumpSize >= 2)
+            {
+                u16 instr = *(vu16 *)(stackDump - 2);
+                if(instr == 0xDF3C) drawString(specialExceptions[1], true, 10 + 32 * SPACING_X, posY, COLOR_WHITE);
+            }
+        }
+
+        if(dumpHeader->processor == 11 && dumpHeader->additionalDataSize != 0)
+        {
+            char processName[] = "Current process:         ";
+            memcpy(processName + sizeof(processName) - 9, (void *)additionalData, 8);
+            posY = drawString(processName, true, 10, posY + SPACING_Y, COLOR_WHITE);
+        }
+
+        posY += SPACING_Y;
+
+        for(u32 i = 0; i < 17; i += 2)
+        {
+            posY = drawString(registerNames[i], true, 10, posY + SPACING_Y, COLOR_WHITE);
+            hexItoa(regs[i], hexString, 8);
+            drawString(hexString, true, 10 + 7 * SPACING_X, posY, COLOR_WHITE);
+
+            if(i != 16 || dumpHeader->processor != 9)
+            {
+                drawString(registerNames[i + 1], true, 10 + 22 * SPACING_X, posY, COLOR_WHITE);
+                hexItoa(i == 16 ? regs[20] : regs[i + 1], hexString, 8);
+                drawString(hexString, true, 10 + 29 * SPACING_X, posY, COLOR_WHITE);
+            }
+        }
+
+        posY += SPACING_Y;
+
+        u32 mode = regs[16] & 0xF;
+        if(dumpHeader->type == 3 && (mode == 7 || mode == 11))
+            posY = drawString("Incorrect dump: failed to dump code and/or stack", true, 10, posY + SPACING_Y, COLOR_YELLOW) + SPACING_Y;
+
+        u32 posYBottom = drawString("Stack dump:", false, 10, 10, COLOR_WHITE) + SPACING_Y;
+
+        for(u32 line = 0; line < 19 && stackDump < additionalData; line++)
+        {
+            hexItoa(regs[13] + 8 * line, hexString, 8);
+            posYBottom = drawString(hexString, false, 10, posYBottom + SPACING_Y, COLOR_WHITE);
+            drawCharacter(':', false, 10 + 8 * SPACING_X, posYBottom, COLOR_WHITE);
+
+            for(u32 i = 0; i < 8 && stackDump < additionalData; i++, stackDump++)
+            {
+                char byteString[] = "00";
+                hexItoa(*stackDump, byteString, 2);
+                drawString(byteString, false, 10 + 10 * SPACING_X + 3 * i * SPACING_X, posYBottom, COLOR_WHITE);
+            }
+        }
+
+        char path[42];
+        char fileName[] = "crash_dump_00000000.dmp";
+        const char *pathFolder = dumpHeader->processor == 9 ? "/luma/dumps/arm9" : "/luma/dumps/arm11";
+
+        findDumpFile(pathFolder, fileName);
+        memcpy(path, pathFolder, strlen(pathFolder) + 1);
+        concatenateStrings(path, "/");
+        concatenateStrings(path, fileName);
+
+        if(fileWrite((void *)dumpHeader, path, dumpHeader->totalSize))
+        {
+            posY = drawString("You can find a dump in the following file:", true, 10, posY + SPACING_Y, COLOR_WHITE);
+            posY = drawString(path, true, 10, posY + SPACING_Y, COLOR_WHITE) + SPACING_Y;
+        }
+        else posY = drawString("Error writing the dump file", true, 10, posY + SPACING_Y, COLOR_RED);
+
+        drawString("Press any button to shutdown", true, 10, posY + SPACING_Y, COLOR_WHITE);
+
+        memset32((void *)dumpHeader, 0, dumpHeader->totalSize);
+
+        waitInput();
+        mcuPowerOff();
+    }
+}
+#endif
--- a/source/exceptions.h
+++ b/source/exceptions.h
@@ -0,0 +1,49 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#ifdef DEV
+#pragma once
+
+#include "types.h"
+
+#define MAKE_BRANCH(src,dst)      (0xEA000000 | ((u32)((((u8 *)(dst) - (u8 *)(src)) >> 2) - 2) & 0xFFFFFF))
+#define MAKE_BRANCH_LINK(src,dst) (0xEB000000 | ((u32)((((u8 *)(dst) - (u8 *)(src)) >> 2) - 2) & 0xFFFFFF))
+
+typedef struct __attribute__((packed))
+{
+    u32 magic[2];
+    u16 versionMinor, versionMajor;
+
+    u16 processor, core;
+    u32 type;
+
+    u32 totalSize;
+    u32 registerDumpSize;
+    u32 codeDumpSize;
+    u32 stackDumpSize;
+    u32 additionalDataSize;
+} ExceptionDumpHeader;
+
+void installArm9Handlers(void);
+void installArm11Handlers(u32 *exceptionsPage, u32 stackAddress, u32 codeSetOffset);
+void detectAndProcessExceptionDumps(void);
+#endif
--- a/source/fatfs/00history.txt
+++ b/source/fatfs/00history.txt
@@ -260,8 +260,20 @@ R0.12a (July 10, 2016)
  Added support for creating exFAT volume with some changes of f_mkfs().
  Added a file open method FA_OPEN_APPEND. An f_lseek() following f_open() is no longer needed.
  f_forward() is available regardless of _FS_TINY.
-  Fixed f_mkfs() creates wrong volume.
+  Fixed f_mkfs() creates wrong volume. (appeared at R0.12)
+  Fixed wrong memory read in create_name(). (appeared at R0.12)
  Fixed compilation fails at some configurations, _USE_FASTSEEK and _USE_FORWARD.
-  Fixed wrong memory read in create_name().


+
+R0.12b (September 04, 2016)
+
+  Improved f_rename() to be able to rename objects with the same name but case.
+  Fixed an error in the case conversion teble of code page 866. (ff.c)
+  Fixed writing data is truncated at the file offset 4GiB on the exFAT volume. (appeared at R0.12)
+  Fixed creating a file in the root directory of exFAT volume can fail. (appeared at R0.12)
+  Fixed f_mkfs() creating exFAT volume with too small cluster size can collapse unallocated memory. (appeared at R0.12)
+  Fixed wrong object name can be returned when read directory at Unicode cfg. (appeared at R0.12)
+  Fixed large file allocation/removing on the exFAT volume collapses allocation bitmap. (appeared at R0.12)
+  Fixed some internal errors in f_expand() and f_lseek(). (appeared at R0.12)
+
--- a/source/fatfs/ff.c
+++ b/source/fatfs/ff.c
--- a/source/fatfs/ff.h
+++ b/source/fatfs/ff.h
@@ -1,5 +1,5 @@
 /*----------------------------------------------------------------------------/
-/  FatFs - Generic FAT file system module  R0.12a                             /
+/  FatFs - Generic FAT file system module  R0.12b                             /
 /-----------------------------------------------------------------------------/
 /
 / Copyright (C) 2016, ChaN, all right reserved.
@@ -19,7 +19,7 @@


 #ifndef _FATFS
-#define _FATFS	80186	/* Revision ID */
+#define _FATFS	68020	/* Revision ID */

 #ifdef __cplusplus
 extern "C" {
@@ -159,7 +159,7 @@ typedef struct {
 /* File object structure (FIL) */

 typedef struct {
-	_FDID	obj;			/* Object identifier */
+	_FDID	obj;			/* Object identifier (must be the 1st member to detect invalid object pointer) */
 	BYTE	flag;			/* File status flags */
 	BYTE	err;			/* Abort flag (error code) */
 	FSIZE_t	fptr;			/* File read/write pointer (Zeroed on file open) */
--- a/source/fatfs/ffconf.h
+++ b/source/fatfs/ffconf.h
@@ -2,7 +2,7 @@
 /  FatFs - FAT file system module configuration file
 /---------------------------------------------------------------------------*/

-#define _FFCONF 80186	/* Revision ID */
+#define _FFCONF 68020	/* Revision ID */

 /*---------------------------------------------------------------------------/
 / Function Configurations
@@ -204,14 +204,14 @@

 #define	_FS_TINY	0
 /* This option switches tiny buffer configuration. (0:Normal or 1:Tiny)
-/  At the tiny configuration, size of the file object (FIL) is reduced _MAX_SS bytes.
+/  At the tiny configuration, size of file object (FIL) is reduced _MAX_SS bytes.
 /  Instead of private sector buffer eliminated from the file object, common sector
 /  buffer in the file system object (FATFS) is used for the file data transfer. */


 #define _FS_EXFAT	0
-/* This option switches support of exFAT file system in addition to the traditional
-/  FAT file system. (0:Disable or 1:Enable) To enable exFAT, also LFN must be enabled.
+/* This option switches support of exFAT file system. (0:Disable or 1:Enable)
+/  When enable exFAT, also LFN needs to be enabled. (_USE_LFN >= 1)
 /  Note that enabling exFAT discards C89 compatibility. */


@@ -259,7 +259,9 @@
 /  The _FS_TIMEOUT defines timeout period in unit of time tick.
 /  The _SYNC_t defines O/S dependent sync object type. e.g. HANDLE, ID, OS_EVENT*,
 /  SemaphoreHandle_t and etc.. A header file for O/S definitions needs to be
-/  included somewhere in the scope of ff.c. */
+/  included somewhere in the scope of ff.h. */
+
+/* #include <windows.h>	// O/S definitions  */


 /*--- End of configuration options ---*/
--- a/source/fatfs/sdmmc/common.h
+++ b/source/fatfs/sdmmc/common.h
@@ -1,4 +0,0 @@
-#pragma once
-
-#include <stdbool.h>
-#include "../../types.h"
--- a/source/fatfs/sdmmc/delay.h
+++ b/source/fatfs/sdmmc/delay.h
@@ -1,9 +1,5 @@
-// Copyright 2014 Normmatt
-// Licensed under GPLv2 or any later version
-// Refer to the license.txt file included.
-
 #pragma once

-#include "common.h"
+#include "../../types.h"

-void ioDelay(u32 us);
+void waitcycles(u32 us);
--- a/source/fatfs/sdmmc/delay.s
+++ b/source/fatfs/sdmmc/delay.s
@@ -1,17 +1,15 @@
-// Copyright 2014 Normmatt
-// Licensed under GPLv2 or any later version
-// Refer to the license.txt file included.
-
 .arm
-.global ioDelay
-.type   ioDelay STT_FUNC
+.global waitcycles
+.type   waitcycles STT_FUNC

-@ioDelay ( u32 us )
-ioDelay:
-	ldr r1, =0x18000000  @ VRAM
-1:
-	@ Loop doing uncached reads from VRAM to make loop timing more reliable
-	ldr r2, [r1]
-	subs r0, #1
-	bgt 1b
-	bx lr
+@waitcycles ( u32 us )
+waitcycles:
+	PUSH    {R0-R2,LR}
+	STR     R0, [SP,#4]
+	waitcycles_loop:
+		LDR     R3, [SP,#4]
+		SUBS    R2, R3, #1
+		STR     R2, [SP,#4]
+		CMP     R3, #0
+		BNE     waitcycles_loop
+	POP     {R0-R2,PC}
--- a/source/fatfs/sdmmc/sdmmc.c
+++ b/source/fatfs/sdmmc/sdmmc.c
@@ -1,30 +1,55 @@
-// Copyright 2014 Normmatt
-// Licensed under GPLv2 or any later version
-// Refer to the license.txt file included.
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file, 
+ * You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * Copyright (c) 2014-2015, Normmatt
+ *
+ * Alternatively, the contents of this file may be used under the terms
+ * of the GNU General Public License Version 2, as described below:
+ *
+ * This file is free software: you may copy, redistribute and/or modify
+ * it under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+ * Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
+ */

 #include "sdmmc.h"
 #include "delay.h"

-struct mmcdevice handleNAND;
-struct mmcdevice handleSD;
+static struct mmcdevice handleNAND;
+static struct mmcdevice handleSD;

-static inline u16 sdmmc_read16(u16 reg) {
-    return *(vu16*)(SDMMC_BASE + reg);
+static inline u16 sdmmc_read16(u16 reg)
+{
+    return *(vu16 *)(SDMMC_BASE + reg);
 }

-static inline void sdmmc_write16(u16 reg, u16 val) {
-    *(vu16*)(SDMMC_BASE + reg) = val;
+static inline void sdmmc_write16(u16 reg, u16 val)
+{
+    *(vu16 *)(SDMMC_BASE + reg) = val;
 }

-static inline u32 sdmmc_read32(u16 reg) {
-    return *(vu32*)(SDMMC_BASE + reg);
+static inline u32 sdmmc_read32(u16 reg)
+{
+    return *(vu32 *)(SDMMC_BASE + reg);
 }

-static inline void sdmmc_write32(u16 reg, u32 val) {
-    *(vu32*)(SDMMC_BASE + reg) = val;
+static inline void sdmmc_write32(u16 reg, u32 val)
+{
+    *(vu32 *)(SDMMC_BASE + reg) = val;
 }

-static inline void sdmmc_mask16(u16 reg, const u16 clear, const u16 set) {
+static inline void sdmmc_mask16(u16 reg, const u16 clear, const u16 set)
+{
    u16 val = sdmmc_read16(reg);
    val &= ~clear;
    val |= set;
@@ -38,172 +63,215 @@ static inline void setckl(u32 data)
    sdmmc_mask16(REG_SDCLKCTL, 0x0, 0x100);
 }

-
 mmcdevice *getMMCDevice(int drive)
 {
-    if(drive==0) return &handleNAND;
+    if(drive == 0) return &handleNAND;
    return &handleSD;
 }

-static u32 __attribute__((noinline)) geterror(struct mmcdevice *ctx)
+static int geterror(struct mmcdevice *ctx)
 {
-    return (ctx->error << 29) >> 31;
+    return (int)((ctx->error << 29) >> 31);
 }

-static void __attribute__((noinline)) inittarget(struct mmcdevice *ctx)
+static void inittarget(struct mmcdevice *ctx)
 {
-    sdmmc_mask16(REG_SDPORTSEL,0x3,(u16)ctx->devicenumber);
+    sdmmc_mask16(REG_SDPORTSEL, 0x3, (u16)ctx->devicenumber);
    setckl(ctx->clk);
-    if (ctx->SDOPT == 0) {
-        sdmmc_mask16(REG_SDOPT, 0, 0x8000);
-    } else {
-        sdmmc_mask16(REG_SDOPT, 0x8000, 0);
-    }
-
+    if(ctx->SDOPT == 0) sdmmc_mask16(REG_SDOPT, 0, 0x8000);
+    else sdmmc_mask16(REG_SDOPT, 0x8000, 0);
 }

 static void __attribute__((noinline)) sdmmc_send_command(struct mmcdevice *ctx, u32 cmd, u32 args)
 {
-    bool getSDRESP = (cmd << 15) >> 31;
+    u32 getSDRESP = (cmd << 15) >> 31;
    u16 flags = (cmd << 15) >> 31;
-    const bool readdata = cmd & 0x20000;
-    const bool writedata = cmd & 0x40000;
+    const int readdata = cmd & 0x20000;
+    const int writedata = cmd & 0x40000;

-    if (readdata || writedata)
+    if(readdata || writedata)
        flags |= TMIO_STAT0_DATAEND;

    ctx->error = 0;
-    while (sdmmc_read16(REG_SDSTATUS1) & TMIO_STAT1_CMD_BUSY); //mmc working?
-    sdmmc_write16(REG_SDIRMASK0,0);
-    sdmmc_write16(REG_SDIRMASK1,0);
-    sdmmc_write16(REG_SDSTATUS0,0);
-    sdmmc_write16(REG_SDSTATUS1,0);
-    sdmmc_mask16(REG_SDDATACTL32,0x1800,0);
-
-    sdmmc_write16(REG_SDCMDARG0,args &0xFFFF);
-    sdmmc_write16(REG_SDCMDARG1,args >> 16);
-    sdmmc_write16(REG_SDCMD,cmd &0xFFFF);
+    while((sdmmc_read16(REG_SDSTATUS1) & TMIO_STAT1_CMD_BUSY)); //mmc working?
+    sdmmc_write16(REG_SDIRMASK0, 0);
+    sdmmc_write16(REG_SDIRMASK1, 0);
+    sdmmc_write16(REG_SDSTATUS0, 0);
+    sdmmc_write16(REG_SDSTATUS1, 0);
+    sdmmc_mask16(REG_DATACTL32, 0x1800, 0);
+    sdmmc_write16(REG_SDCMDARG0, args & 0xFFFF);
+    sdmmc_write16(REG_SDCMDARG1, args >> 16);
+    sdmmc_write16(REG_SDCMD, cmd & 0xFFFF);

    u32 size = ctx->size;
-    vu8 *dataPtr = ctx->data;
+    u8 *rDataPtr = ctx->rData;
+    const u8 *tDataPtr = ctx->tData;

-    bool useBuf = ( NULL != dataPtr );
+    bool rUseBuf = rDataPtr != NULL;
+    bool tUseBuf = tDataPtr != NULL;

    u16 status0 = 0;
-    while(true) {
-        u16 status1 = sdmmc_read16(REG_SDSTATUS1);
-        if (status1 & TMIO_STAT1_RXRDY) {
-            if (readdata && useBuf) {
-                sdmmc_mask16(REG_SDSTATUS1, TMIO_STAT1_RXRDY, 0);
-                //sdmmc_write16(REG_SDSTATUS1,~TMIO_STAT1_RXRDY);
-                if (size > 0x1FF) {
-                    for(int i = 0; i<0x200; i+=2) {
-                        u16 data = sdmmc_read16(REG_SDFIFO);
-                        *dataPtr++ = data & 0xFF;
-                        *dataPtr++ = data >> 8;
+    while(true)
+    {
+        vu16 status1 = sdmmc_read16(REG_SDSTATUS1);
+        vu16 ctl32 = sdmmc_read16(REG_DATACTL32);
+        if((ctl32 & 0x100))
+        {
+            if(readdata)
+            {
+                if(rUseBuf)
+                {
+                    sdmmc_mask16(REG_SDSTATUS1, TMIO_STAT1_RXRDY, 0);
+                    if(size > 0x1FF)
+                    {
+                        //Gabriel Marcano: This implementation doesn't assume alignment.
+                        //I've removed the alignment check doen with former rUseBuf32 as a result
+                        for(int i = 0; i < 0x200; i += 4)
+                        {
+                            u32 data = sdmmc_read32(REG_SDFIFO32);
+                            *rDataPtr++ = data;
+                            *rDataPtr++ = data >> 8;
+                            *rDataPtr++ = data >> 16;
+                            *rDataPtr++ = data >> 24;
+                        }
+                        size -= 0x200;
                    }
-                    size -= 0x200;
                }
-            }
-        }

-        if (status1 & TMIO_STAT1_TXRQ) {
-            if (writedata && useBuf) {
-                sdmmc_mask16(REG_SDSTATUS1, TMIO_STAT1_TXRQ, 0);
-                //sdmmc_write16(REG_SDSTATUS1,~TMIO_STAT1_TXRQ);
-                if (size > 0x1FF) {
-                    for (int i = 0; i<0x200; i+=2) {
-                        u16 data = *dataPtr++;
-                        data |= *dataPtr++ << 8;
-                        sdmmc_write16(REG_SDFIFO, data);
-                    }
-                    size -= 0x200;
-                }
+                sdmmc_mask16(REG_DATACTL32, 0x800, 0);
            }
        }
-        if (status1 & TMIO_MASK_GW) {
+        if(!(ctl32 & 0x200))
+        {
+            if(writedata)
+            {
+                if(tUseBuf)
+                {
+                    sdmmc_mask16(REG_SDSTATUS1, TMIO_STAT1_TXRQ, 0);
+                    if(size > 0x1FF)
+                    {
+                        for(int i = 0; i < 0x200; i += 4)
+                        {
+                            u32 data = *tDataPtr++;
+                            data |= (u32)*tDataPtr++ << 8;
+                            data |= (u32)*tDataPtr++ << 16;
+                            data |= (u32)*tDataPtr++ << 24;
+                            sdmmc_write32(REG_SDFIFO32, data);
+                        }
+                        size -= 0x200;
+                    }
+                }
+
+                sdmmc_mask16(REG_DATACTL32, 0x1000, 0);
+            }
+        }
+        if(status1 & TMIO_MASK_GW)
+        {
            ctx->error |= 4;
            break;
        }

-        if (!(status1 & TMIO_STAT1_CMD_BUSY)) {
+        if(!(status1 & TMIO_STAT1_CMD_BUSY))
+        {
            status0 = sdmmc_read16(REG_SDSTATUS0);
-            if (sdmmc_read16(REG_SDSTATUS0) & TMIO_STAT0_CMDRESPEND)
+            if(sdmmc_read16(REG_SDSTATUS0) & TMIO_STAT0_CMDRESPEND)
+            {
                ctx->error |= 0x1;
-            if (status0 & TMIO_STAT0_DATAEND)
+            }
+            if(status0 & TMIO_STAT0_DATAEND)
+            {
                ctx->error |= 0x2;
+            }

-            if ((status0 & flags) == flags)
+            if((status0 & flags) == flags)
                break;
        }
    }
    ctx->stat0 = sdmmc_read16(REG_SDSTATUS0);
    ctx->stat1 = sdmmc_read16(REG_SDSTATUS1);
-    sdmmc_write16(REG_SDSTATUS0,0);
-    sdmmc_write16(REG_SDSTATUS1,0);
+    sdmmc_write16(REG_SDSTATUS0, 0);
+    sdmmc_write16(REG_SDSTATUS1, 0);

-    if (getSDRESP != 0) {
-        ctx->ret[0] = (u32)sdmmc_read16(REG_SDRESP0) | (u32)(sdmmc_read16(REG_SDRESP1) << 16);
-        ctx->ret[1] = (u32)sdmmc_read16(REG_SDRESP2) | (u32)(sdmmc_read16(REG_SDRESP3) << 16);
-        ctx->ret[2] = (u32)sdmmc_read16(REG_SDRESP4) | (u32)(sdmmc_read16(REG_SDRESP5) << 16);
-        ctx->ret[3] = (u32)sdmmc_read16(REG_SDRESP6) | (u32)(sdmmc_read16(REG_SDRESP7) << 16);
+    if(getSDRESP != 0)
+    {
+        ctx->ret[0] = (u32)(sdmmc_read16(REG_SDRESP0) | (sdmmc_read16(REG_SDRESP1) << 16));
+        ctx->ret[1] = (u32)(sdmmc_read16(REG_SDRESP2) | (sdmmc_read16(REG_SDRESP3) << 16));
+        ctx->ret[2] = (u32)(sdmmc_read16(REG_SDRESP4) | (sdmmc_read16(REG_SDRESP5) << 16));
+        ctx->ret[3] = (u32)(sdmmc_read16(REG_SDRESP6) | (sdmmc_read16(REG_SDRESP7) << 16));
    }
 }

-u32 __attribute__((noinline)) sdmmc_sdcard_writesectors(u32 sector_no, u32 numsectors, vu8 *in)
+int __attribute__((noinline)) sdmmc_sdcard_writesectors(u32 sector_no, u32 numsectors, const u8 *in)
 {
-    if (handleSD.isSDHC == 0)
-        sector_no <<= 9;
+    if(handleSD.isSDHC == 0) sector_no <<= 9;
    inittarget(&handleSD);
-    sdmmc_write16(REG_SDSTOP,0x100);
-
-    sdmmc_write16(REG_SDBLKCOUNT,numsectors);
-    handleSD.data = in;
+    sdmmc_write16(REG_SDSTOP, 0x100);
+    sdmmc_write16(REG_SDBLKCOUNT32, numsectors);
+    sdmmc_write16(REG_SDBLKLEN32, 0x200);
+    sdmmc_write16(REG_SDBLKCOUNT, numsectors);
+    handleSD.tData = in;
    handleSD.size = numsectors << 9;
-    sdmmc_send_command(&handleSD,0x52C19,sector_no);
+    sdmmc_send_command(&handleSD, 0x52C19, sector_no);
    return geterror(&handleSD);
 }

-u32 __attribute__((noinline)) sdmmc_sdcard_readsectors(u32 sector_no, u32 numsectors, vu8 *out)
+int __attribute__((noinline)) sdmmc_sdcard_readsectors(u32 sector_no, u32 numsectors, u8 *out)
 {
-    if (handleSD.isSDHC == 0)
-        sector_no <<= 9;
+    if(handleSD.isSDHC == 0) sector_no <<= 9;
    inittarget(&handleSD);
-    sdmmc_write16(REG_SDSTOP,0x100);
-
-    sdmmc_write16(REG_SDBLKCOUNT,numsectors);
-    handleSD.data = out;
+    sdmmc_write16(REG_SDSTOP, 0x100);
+    sdmmc_write16(REG_SDBLKCOUNT32, numsectors);
+    sdmmc_write16(REG_SDBLKLEN32, 0x200);
+    sdmmc_write16(REG_SDBLKCOUNT, numsectors);
+    handleSD.rData = out;
    handleSD.size = numsectors << 9;
-    sdmmc_send_command(&handleSD,0x33C12,sector_no);
+    sdmmc_send_command(&handleSD, 0x33C12, sector_no);
    return geterror(&handleSD);
 }

-u32 __attribute__((noinline)) sdmmc_nand_readsectors(u32 sector_no, u32 numsectors, vu8 *out)
+int __attribute__((noinline)) sdmmc_nand_readsectors(u32 sector_no, u32 numsectors, u8 *out)
 {
-    if (handleNAND.isSDHC == 0)
-        sector_no <<= 9;
+    if(handleNAND.isSDHC == 0) sector_no <<= 9;
    inittarget(&handleNAND);
-    sdmmc_write16(REG_SDSTOP,0x100);
-
-    sdmmc_write16(REG_SDBLKCOUNT,numsectors);
-
-    handleNAND.data = out;
+    sdmmc_write16(REG_SDSTOP, 0x100);
+    sdmmc_write16(REG_SDBLKCOUNT32, numsectors);
+    sdmmc_write16(REG_SDBLKLEN32, 0x200);
+    sdmmc_write16(REG_SDBLKCOUNT, numsectors);
+    handleNAND.rData = out;
    handleNAND.size = numsectors << 9;
-    sdmmc_send_command(&handleNAND,0x33C12,sector_no);
+    sdmmc_send_command(&handleNAND, 0x33C12, sector_no);
    inittarget(&handleSD);
    return geterror(&handleNAND);
 }

-static u32 calcSDSize(u8* csd, int type)
+/*
+int __attribute__((noinline)) sdmmc_nand_writesectors(u32 sector_no, u32 numsectors, const u8 *in) //experimental
+{
+    if(handleNAND.isSDHC == 0) sector_no <<= 9;
+    inittarget(&handleNAND);
+    sdmmc_write16(REG_SDSTOP, 0x100);
+    sdmmc_write16(REG_SDBLKCOUNT32, numsectors);
+    sdmmc_write16(REG_SDBLKLEN32, 0x200);
+    sdmmc_write16(REG_SDBLKCOUNT, numsectors);
+    handleNAND.tData = in;
+    handleNAND.size = numsectors << 9;
+    sdmmc_send_command(&handleNAND, 0x52C19, sector_no);
+    inittarget(&handleSD);
+    return geterror(&handleNAND);
+}
+*/
+
+static u32 calcSDSize(u8 *csd, int type)
 {
    u32 result = 0;
-    if (type == -1) type = csd[14] >> 6;
-    switch (type) {
+    if(type == -1) type = csd[14] >> 6;
+    switch(type)
+    {
        case 0:
            {
-                u32 block_len = csd[9] & 0xf;
+                u32 block_len = csd[9] & 0xF;
                block_len = 1u << block_len;
-                u32 mult = (u32)(csd[4] >> 7) | (u32)((csd[5] & 3) << 1);
+                u32 mult = (u32)((csd[4] >> 7) | ((csd[5] & 3) << 1));
                mult = 1u << (mult + 2);
                result = csd[8] & 3;
                result = (result << 8) | csd[7];
@@ -212,18 +280,42 @@ static u32 calcSDSize(u8* csd, int type)
            }
            break;
        case 1:
-            result = csd[7] & 0x3f;
+            result = csd[7] & 0x3F;
            result = (result << 8) | csd[6];
            result = (result << 8) | csd[5];
            result = (result + 1) * 1024;
            break;
-    default:
-        break; //Do nothing otherwise
+        default:
+            break; //Do nothing otherwise FIXME perhaps return some error?
    }
    return result;
 }

 static void InitSD()
+{
+    *(vu16 *)0x10006100 &= 0xF7FFu; //SDDATACTL32
+    *(vu16 *)0x10006100 &= 0xEFFFu; //SDDATACTL32
+    *(vu16 *)0x10006100 |= 0x402u; //SDDATACTL32
+    *(vu16 *)0x100060D8 = (*(vu16 *)0x100060D8 & 0xFFDD) | 2;
+    *(vu16 *)0x10006100 &= 0xFFFFu; //SDDATACTL32
+    *(vu16 *)0x100060D8 &= 0xFFDFu; //SDDATACTL
+    *(vu16 *)0x10006104 = 512; //SDBLKLEN32
+    *(vu16 *)0x10006108 = 1; //SDBLKCOUNT32
+    *(vu16 *)0x100060E0 &= 0xFFFEu; //SDRESET
+    *(vu16 *)0x100060E0 |= 1u; //SDRESET
+    *(vu16 *)0x10006020 |= TMIO_MASK_ALL; //SDIR_MASK0
+    *(vu16 *)0x10006022 |= TMIO_MASK_ALL>>16; //SDIR_MASK1
+    *(vu16 *)0x100060FC |= 0xDBu; //SDCTL_RESERVED7
+    *(vu16 *)0x100060FE |= 0xDBu; //SDCTL_RESERVED8
+    *(vu16 *)0x10006002 &= 0xFFFCu; //SDPORTSEL
+    *(vu16 *)0x10006024 = 0x20;
+    *(vu16 *)0x10006028 = 0x40EE;
+    *(vu16 *)0x10006002 &= 0xFFFCu; ////SDPORTSEL
+    *(vu16 *)0x10006026 = 512; //SDBLKLEN
+    *(vu16 *)0x10006008 = 0; //SDSTOP
+}
+
+static int Nand_Init()
 {
    //NAND
    handleNAND.isSDHC = 0;
@@ -233,80 +325,50 @@ static void InitSD()
    handleNAND.clk = 0x80;
    handleNAND.devicenumber = 1;

-    //SD
-    handleSD.isSDHC = 0;
-    handleSD.SDOPT = 0;
-    handleSD.res = 0;
-    handleSD.initarg = 0;
-    handleSD.clk = 0x80;
-    handleSD.devicenumber = 0;
-
-    *(vu16*)0x10006100 &= 0xF7FFu; //SDDATACTL32
-    *(vu16*)0x10006100 &= 0xEFFFu; //SDDATACTL32
-    *(vu16*)0x10006100 |= 0x402u; //SDDATACTL32
-    *(vu16*)0x100060D8 = (*(vu16*)0x100060D8 & 0xFFDD) | 2;
-    *(vu16*)0x10006100 &= 0xFFFDu; //SDDATACTL32
-    *(vu16*)0x100060D8 &= 0xFFDDu; //SDDATACTL
-    *(vu16*)0x10006104 = 0; //SDBLKLEN32
-    *(vu16*)0x10006108 = 1; //SDBLKCOUNT32
-    *(vu16*)0x100060E0 &= 0xFFFEu; //SDRESET
-    *(vu16*)0x100060E0 |= 1u; //SDRESET
-    *(vu16*)0x10006020 |= TMIO_MASK_ALL; //SDIR_MASK0
-    *(vu16*)0x10006022 |= TMIO_MASK_ALL>>16; //SDIR_MASK1
-    *(vu16*)0x100060FC |= 0xDBu; //SDCTL_RESERVED7
-    *(vu16*)0x100060FE |= 0xDBu; //SDCTL_RESERVED8
-    *(vu16*)0x10006002 &= 0xFFFCu; //SDPORTSEL
-    *(vu16*)0x10006024 = 0x40; //Nintendo sets this to 0x20
-    *(vu16*)0x10006028 = 0x40EB; //Nintendo sets this to 0x40EE
-    *(vu16*)0x10006002 &= 0xFFFCu; ////SDPORTSEL
-    *(vu16*)0x10006026 = 512; //SDBLKLEN
-    *(vu16*)0x10006008 = 0; //SDSTOP
-
-    inittarget(&handleSD);
-}
-
-static int Nand_Init()
-{
    inittarget(&handleNAND);
-    ioDelay(0xF000);
+    waitcycles(0xF000);

-    sdmmc_send_command(&handleNAND,0,0);
+    sdmmc_send_command(&handleNAND, 0, 0);

-    do {
-        do {
-            sdmmc_send_command(&handleNAND,0x10701,0x100000);
-        } while ( !(handleNAND.error & 1) );
-    } while((handleNAND.ret[0] & 0x80000000) == 0);
+    do
+    {
+        do
+        {
+            sdmmc_send_command(&handleNAND, 0x10701, 0x100000);
+        }
+        while(!(handleNAND.error & 1));
+    }
+    while((handleNAND.ret[0] & 0x80000000) == 0);

-    sdmmc_send_command(&handleNAND,0x10602,0x0);
-    if (handleNAND.error & 0x4) return -1;
+    sdmmc_send_command(&handleNAND, 0x10602, 0x0);
+    if((handleNAND.error & 0x4)) return -1;

-    sdmmc_send_command(&handleNAND,0x10403,handleNAND.initarg << 0x10);
-    if (handleNAND.error & 0x4) return -1;
+    sdmmc_send_command(&handleNAND, 0x10403, handleNAND.initarg << 0x10);
+    if((handleNAND.error & 0x4)) return -1;

-    sdmmc_send_command(&handleNAND,0x10609,handleNAND.initarg << 0x10);
-    if (handleNAND.error & 0x4) return -1;
+    sdmmc_send_command(&handleNAND, 0x10609, handleNAND.initarg << 0x10);
+    if((handleNAND.error & 0x4)) return -1;

-    handleNAND.total_size = calcSDSize((u8*)&handleNAND.ret[0],0);
+    handleNAND.total_size = calcSDSize((u8*)&handleNAND.ret[0], 0);
    handleNAND.clk = 1;
    setckl(1);

-    sdmmc_send_command(&handleNAND,0x10407,handleNAND.initarg << 0x10);
-    if (handleNAND.error & 0x4) return -1;
+    sdmmc_send_command(&handleNAND, 0x10407, handleNAND.initarg << 0x10);
+    if((handleNAND.error & 0x4)) return -1;

    handleNAND.SDOPT = 1;

-    sdmmc_send_command(&handleNAND,0x10506,0x3B70100);
-    if (handleNAND.error & 0x4) return -1;
+    sdmmc_send_command(&handleNAND, 0x10506, 0x3B70100);
+    if((handleNAND.error & 0x4)) return -1;

-    sdmmc_send_command(&handleNAND,0x10506,0x3B90100);
-    if (handleNAND.error & 0x4) return -1;
+    sdmmc_send_command(&handleNAND, 0x10506, 0x3B90100);
+    if((handleNAND.error & 0x4)) return -1;

-    sdmmc_send_command(&handleNAND,0x1040D,handleNAND.initarg << 0x10);
-    if (handleNAND.error & 0x4) return -1;
+    sdmmc_send_command(&handleNAND, 0x1040D, handleNAND.initarg << 0x10);
+    if((handleNAND.error & 0x4)) return -1;

-    sdmmc_send_command(&handleNAND,0x10410,0x200);
-    if (handleNAND.error & 0x4) return -1;
+    sdmmc_send_command(&handleNAND, 0x10410, 0x200);
+    if((handleNAND.error & 0x4)) return -1;

    handleNAND.clk |= 0x200;

@@ -317,113 +379,102 @@ static int Nand_Init()

 static int SD_Init()
 {
+    //SD
+    handleSD.isSDHC = 0;
+    handleSD.SDOPT = 0;
+    handleSD.res = 0;
+    handleSD.initarg = 0;
+    handleSD.clk = 0x80;
+    handleSD.devicenumber = 0;
+
    inittarget(&handleSD);

-    ioDelay(1u << 18); //Card needs a little bit of time to be detected, it seems
-    
+    waitcycles(1u << 22); //Card needs a little bit of time to be detected, it seems FIXME test again to see what a good number is for the delay
+
    //If not inserted
-    if (!(*((vu16*)0x1000601c) & TMIO_STAT0_SIGSTATE)) return -1;
-    
-    sdmmc_send_command(&handleSD,0,0);
-    sdmmc_send_command(&handleSD,0x10408,0x1AA);
-    //u32 temp = (handleSD.ret[0] == 0x1AA) << 0x1E;
+    if(!(*((vu16 *)(SDMMC_BASE + REG_SDSTATUS0)) & TMIO_STAT0_SIGSTATE)) return 5;
+
+    sdmmc_send_command(&handleSD, 0, 0);
+    sdmmc_send_command(&handleSD, 0x10408, 0x1AA);
    u32 temp = (handleSD.error & 0x1) << 0x1E;

-    //int count = 0;
    u32 temp2 = 0;
-    do {
-        do {
-            sdmmc_send_command(&handleSD,0x10437,handleSD.initarg << 0x10);
-            sdmmc_send_command(&handleSD,0x10769,0x00FF8000 | temp);
+    do
+    {
+        do
+        {
+            sdmmc_send_command(&handleSD, 0x10437, handleSD.initarg << 0x10);
+            sdmmc_send_command(&handleSD, 0x10769, 0x00FF8000 | temp);
            temp2 = 1;
-        } while ( !(handleSD.error & 1) );
-
-    } while((handleSD.ret[0] & 0x80000000) == 0);
+        }
+        while(!(handleSD.error & 1));
+    }
+    while((handleSD.ret[0] & 0x80000000) == 0);

    if(!((handleSD.ret[0] >> 30) & 1) || !temp)
        temp2 = 0;

    handleSD.isSDHC = temp2;

-    sdmmc_send_command(&handleSD,0x10602,0);
-    if (handleSD.error & 0x4) return -1;
+    sdmmc_send_command(&handleSD, 0x10602, 0);
+    if((handleSD.error & 0x4)) return -1;

-    sdmmc_send_command(&handleSD,0x10403,0);
-    if (handleSD.error & 0x4) return -1;
+    sdmmc_send_command(&handleSD, 0x10403, 0);
+    if((handleSD.error & 0x4)) return -2;
    handleSD.initarg = handleSD.ret[0] >> 0x10;

-    sdmmc_send_command(&handleSD,0x10609,handleSD.initarg << 0x10);
-    if (handleSD.error & 0x4) return -1;
+    sdmmc_send_command(&handleSD, 0x10609, handleSD.initarg << 0x10);
+    if((handleSD.error & 0x4)) return -3;

-    handleSD.total_size = calcSDSize((u8*)&handleSD.ret[0],-1);
+    handleSD.total_size = calcSDSize((u8*)&handleSD.ret[0], -1);
    handleSD.clk = 1;
    setckl(1);

-    sdmmc_send_command(&handleSD,0x10507,handleSD.initarg << 0x10);
-    if (handleSD.error & 0x4) return -1;
+    sdmmc_send_command(&handleSD, 0x10507, handleSD.initarg << 0x10);
+    if((handleSD.error & 0x4)) return -4;

-    sdmmc_send_command(&handleSD,0x10437,handleSD.initarg << 0x10);
-    if (handleSD.error & 0x4) return -1;
+    sdmmc_send_command(&handleSD, 0x10437, handleSD.initarg << 0x10);
+    if((handleSD.error & 0x4)) return -5;

    handleSD.SDOPT = 1;
-    sdmmc_send_command(&handleSD,0x10446,0x2);
-    if (handleSD.error & 0x4) return -1;
+    sdmmc_send_command(&handleSD, 0x10446, 0x2);
+    if((handleSD.error & 0x4)) return -6;

-    sdmmc_send_command(&handleSD,0x1040D,handleSD.initarg << 0x10);
-    if (handleSD.error & 0x4) return -1;
+    sdmmc_send_command(&handleSD, 0x1040D, handleSD.initarg << 0x10);
+    if((handleSD.error & 0x4)) return -7;

-    sdmmc_send_command(&handleSD,0x10410,0x200);
-    if (handleSD.error & 0x4) return -1;
+    sdmmc_send_command(&handleSD, 0x10410, 0x200);
+    if((handleSD.error & 0x4)) return -8;
    handleSD.clk |= 0x200;

    return 0;
 }

+void sdmmc_get_cid(bool isNand, u32 *info)
+{
+    struct mmcdevice *device = isNand ? &handleNAND : &handleSD;
+
+    inittarget(device);
+
+    // use cmd7 to put sd card in standby mode
+    // CMD7
+    sdmmc_send_command(device, 0x10507, 0);
+
+    // get sd card info
+    // use cmd10 to read CID
+    sdmmc_send_command(device, 0x1060A, device->initarg << 0x10);
+
+    for(int i = 0; i < 4; ++i)
+        info[i] = device->ret[i];
+
+    // put sd card back to transfer mode
+    // CMD7
+    sdmmc_send_command(device, 0x10507, device->initarg << 0x10);
+}
+
 void sdmmc_sdcard_init()
 {
    InitSD();
    Nand_Init();
    SD_Init();
-}
-
-int sdmmc_get_cid(int isNand, uint32_t *info)
-{
-	struct mmcdevice *device;
-	if(isNand)
-		device = &handleNAND;
-	else
-		device = &handleSD;
-	
-	inittarget(device);
-	// use cmd7 to put sd card in standby mode
-	// CMD7
-	{
-		sdmmc_send_command(device,0x10507,0);
-		//if((device->error & 0x4)) return -1;
-	}
-
-	// get sd card info
-	// use cmd10 to read CID
-	{
-		sdmmc_send_command(device,0x1060A,device->initarg << 0x10);
-		//if((device->error & 0x4)) return -2;
-
-		for( int i = 0; i < 4; ++i ) {
-			info[i] = device->ret[i];
-		}
-	}
-
-	// put sd card back to transfer mode
-	// CMD7
-	{
-		sdmmc_send_command(device,0x10507,device->initarg << 0x10);
-		//if((device->error & 0x4)) return -3;
-	}
-
-	if(isNand)
-	{
-		inittarget(&handleSD);
-	}
-	
-	return 0;
 }
--- a/source/fatfs/sdmmc/sdmmc.h
+++ b/source/fatfs/sdmmc/sdmmc.h
@@ -1,52 +1,48 @@
-// Copyright 2014 Normmatt
-// Licensed under GPLv2 or any later version
-// Refer to the license.txt file included.
-
 #pragma once

-#include "common.h"
+#include "../../types.h"

-#define SDMMC_BASE              0x10006000u
+#define SDMMC_BASE		0x10006000

-#define REG_SDCMD               0x00
-#define REG_SDPORTSEL           0x02
-#define REG_SDCMDARG            0x04
-#define REG_SDCMDARG0           0x04
-#define REG_SDCMDARG1           0x06
-#define REG_SDSTOP              0x08
-#define REG_SDBLKCOUNT          0x0a
+#define REG_SDCMD		0x00
+#define REG_SDPORTSEL		0x02
+#define REG_SDCMDARG		0x04
+#define REG_SDCMDARG0		0x04
+#define REG_SDCMDARG1		0x06
+#define REG_SDSTOP		0x08
+#define REG_SDBLKCOUNT		0x0A

-#define REG_SDRESP0             0x0c
-#define REG_SDRESP1             0x0e
-#define REG_SDRESP2             0x10
-#define REG_SDRESP3             0x12
-#define REG_SDRESP4             0x14
-#define REG_SDRESP5             0x16
-#define REG_SDRESP6             0x18
-#define REG_SDRESP7             0x1a
+#define REG_SDRESP0		0x0C
+#define REG_SDRESP1		0x0E
+#define REG_SDRESP2		0x10
+#define REG_SDRESP3		0x12
+#define REG_SDRESP4		0x14
+#define REG_SDRESP5		0x16
+#define REG_SDRESP6		0x18
+#define REG_SDRESP7		0x1A

-#define REG_SDSTATUS0           0x1c
-#define REG_SDSTATUS1           0x1e
+#define REG_SDSTATUS0		0x1C
+#define REG_SDSTATUS1		0x1E

-#define REG_SDIRMASK0           0x20
-#define REG_SDIRMASK1           0x22
-#define REG_SDCLKCTL            0x24
+#define REG_SDIRMASK0		0x20
+#define REG_SDIRMASK1		0x22
+#define REG_SDCLKCTL		0x24

-#define REG_SDBLKLEN            0x26
-#define REG_SDOPT               0x28
-#define REG_SDFIFO              0x30
+#define REG_SDBLKLEN		0x26
+#define REG_SDOPT		0x28
+#define REG_SDFIFO		0x30

-#define REG_SDDATACTL           0xd8
-#define REG_SDRESET             0xe0
-#define REG_SDPROTECTED         0xf6 //bit 0 determines if sd is protected or not?
+#define REG_DATACTL 		0xD8
+#define REG_SDRESET		0xE0
+#define REG_SDPROTECTED		0xF6 //bit 0 determines if sd is protected or not?

-#define REG_SDDATACTL32         0x100
-#define REG_SDBLKLEN32          0x104
-#define REG_SDBLKCOUNT32        0x108
-#define REG_SDFIFO32            0x10C
+#define REG_DATACTL32 		0x100
+#define REG_SDBLKLEN32		0x104
+#define REG_SDBLKCOUNT32	0x108
+#define REG_SDFIFO32		0x10C

-#define REG_CLK_AND_WAIT_CTL    0x138
-#define REG_RESET_SDIO          0x1e0
+#define REG_CLK_AND_WAIT_CTL	0x138
+#define REG_RESET_SDIO		0x1E0

 #define TMIO_STAT0_CMDRESPEND    0x0001
 #define TMIO_STAT0_DATAEND       0x0004
@@ -70,31 +66,7 @@
 #define TMIO_STAT1_CMD_BUSY      0x4000
 #define TMIO_STAT1_ILL_ACCESS    0x8000

-//Comes from TWLSDK mongoose.tef DWARF info
-#define SDMC_NORMAL              0x00000000
-#define SDMC_ERR_COMMAND         0x00000001
-#define SDMC_ERR_CRC             0x00000002
-#define SDMC_ERR_END             0x00000004
-#define SDMC_ERR_TIMEOUT         0x00000008
-#define SDMC_ERR_FIFO_OVF        0x00000010
-#define SDMC_ERR_FIFO_UDF        0x00000020
-#define SDMC_ERR_WP              0x00000040
-#define SDMC_ERR_ABORT           0x00000080
-#define SDMC_ERR_FPGA_TIMEOUT    0x00000100
-#define SDMC_ERR_PARAM           0x00000200
-#define SDMC_ERR_R1_STATUS       0x00000800
-#define SDMC_ERR_NUM_WR_SECTORS  0x00001000
-#define SDMC_ERR_RESET           0x00002000
-#define SDMC_ERR_ILA             0x00004000
-#define SDMC_ERR_INFO_DETECT     0x00008000
-
-#define SDMC_STAT_ERR_UNKNOWN    0x00080000
-#define SDMC_STAT_ERR_CC         0x00100000
-#define SDMC_STAT_ERR_ECC_FAILED 0x00200000
-#define SDMC_STAT_ERR_CRC        0x00800000
-#define SDMC_STAT_ERR_OTHER      0xf9c70008
-
-#define TMIO_MASK_ALL           0x837f031d
+#define TMIO_MASK_ALL           0x837F031D

 #define TMIO_MASK_GW            (TMIO_STAT1_ILL_ACCESS | TMIO_STAT1_CMDTIMEOUT | TMIO_STAT1_TXUNDERRUN | TMIO_STAT1_RXOVERFLOW | \
                                 TMIO_STAT1_DATATIMEOUT | TMIO_STAT1_STOPBIT_ERR | TMIO_STAT1_CRCFAIL | TMIO_STAT1_CMD_IDX_ERR)
@@ -103,7 +75,8 @@
 #define TMIO_MASK_WRITEOP (TMIO_STAT1_TXRQ | TMIO_STAT1_DATAEND)

 typedef struct mmcdevice {
-    vu8* data;
+    u8 *rData;
+    const u8 *tData;
    u32 size;
    u32 error;
    u16 stat0;
@@ -118,12 +91,10 @@ typedef struct mmcdevice {
    u32 res;
 } mmcdevice;

-mmcdevice *getMMCDevice(int drive);
-
 void sdmmc_sdcard_init();
-u32 sdmmc_sdcard_readsectors(u32 sector_no, u32 numsectors, vu8 *out);
-u32 sdmmc_sdcard_writesectors(u32 sector_no, u32 numsectors, vu8 *in);
-
-u32 sdmmc_nand_readsectors(u32 sector_no, u32 numsectors, vu8 *out);
-
-int sdmmc_get_cid( int isNand, uint32_t *info);
+int sdmmc_sdcard_readsectors(u32 sector_no, u32 numsectors, u8 *out);
+int sdmmc_sdcard_writesectors(u32 sector_no, u32 numsectors, const u8 *in);
+int sdmmc_nand_readsectors(u32 sector_no, u32 numsectors, u8 *out);
+//int sdmmc_nand_writesectors(u32 sector_no, u32 numsectors, const u8 *in);
+void sdmmc_get_cid(bool isNand, u32 *info);
+mmcdevice *getMMCDevice(int drive);
--- a/source/firm.c
+++ b/source/firm.c
@@ -26,6 +26,7 @@
 #include "fs.h"
 #include "patches.h"
 #include "memory.h"
+#include "strings.h"
 #include "cache.h"
 #include "emunand.h"
 #include "crypto.h"
@@ -35,26 +36,27 @@
 #include "pin.h"
 #include "../build/injector.h"

-extern u16 launchedFirmTIDLow[8]; //defined in start.s
+#ifdef DEV
+#include "exceptions.h"
+#endif

-static firmHeader *const firm = (firmHeader *)0x24000000;
+extern u16 launchedFirmTidLow[8]; //Defined in start.s
+
+static firmHeader *firm = (firmHeader *)0x24000000;
 static const firmSectionHeader *section;

-u32 config,
-    emuOffset;
-
-bool isN3DS, isDevUnit;
-
+u32 emuOffset;
+bool isN3DS,
+     isDevUnit,
+     isFirmlaunch;
+CfgData configData;
 FirmwareSource firmSource;

 void main(void)
 {
-    bool isFirmlaunch,
-         isA9lh;
-
-    u32 newConfig,
+    bool isA9lh;
+    u32 configTemp,
        emuHeader;
-
    FirmwareType firmType;
    FirmwareSource nandType;
    ConfigurationStatus needConfig;
@@ -68,40 +70,48 @@ void main(void)
    //Mount filesystems. CTRNAND will be mounted only if/when needed
    mountFs();

-    const char configPath[] = "/luma/config.bin";
-
    //Attempt to read the configuration file
-    needConfig = fileRead(&config, configPath) ? MODIFY_CONFIGURATION : CREATE_CONFIGURATION;
+    needConfig = readConfig() ? MODIFY_CONFIGURATION : CREATE_CONFIGURATION;
+
+#ifdef DEV
+    detectAndProcessExceptionDumps();
+#endif

    //Determine if this is a firmlaunch boot
-    if(launchedFirmTIDLow[5] != 0)
+    if(launchedFirmTidLow[5] != 0)
    {
-        if(needConfig == CREATE_CONFIGURATION) mcuReboot();
-
        isFirmlaunch = true;

-        //'0' = NATIVE_FIRM, '1' = TWL_FIRM, '2' = AGB_FIRM
-        firmType = launchedFirmTIDLow[7] == u'3' ? SAFE_FIRM : (FirmwareType)(launchedFirmTIDLow[5] - u'0');
+        if(needConfig == CREATE_CONFIGURATION) mcuReboot();

-        nandType = (FirmwareSource)BOOTCONFIG(0, 3);
-        firmSource = (FirmwareSource)BOOTCONFIG(2, 1);
-        isA9lh = BOOTCONFIG(3, 1) != 0;
+        //'0' = NATIVE_FIRM, '1' = TWL_FIRM, '2' = AGB_FIRM
+        firmType = launchedFirmTidLow[7] == u'3' ? SAFE_FIRM : (FirmwareType)(launchedFirmTidLow[5] - u'0');
+
+        nandType = (FirmwareSource)BOOTCFG_NAND;
+        firmSource = (FirmwareSource)BOOTCFG_FIRM;
+        isA9lh = BOOTCFG_A9LH != 0;
+
+#ifdef DEV
+        if(isA9lh) installArm9Handlers();
+#endif
    }
    else
    {
-        //Get pressed buttons
-        u32 pressed = HID_PAD;
-
        isFirmlaunch = false;
        firmType = NATIVE_FIRM;

        //Determine if booting with A9LH
        isA9lh = !PDN_SPI_CNT;

-        //Determine if the user chose to use the SysNAND FIRM as default for a R boot
-        bool useSysAsDefault = isA9lh ? CONFIG(1) : false;
+#ifdef DEV
+        if(isA9lh) installArm9Handlers();
+#endif

-        newConfig = (u32)isA9lh << 3;
+        //Get pressed buttons
+        u32 pressed = HID_PAD;
+
+        //Save old options and begin saving the new boot configuration
+        configTemp = (configData.config & 0xFFFFFE00) | ((u32)isA9lh << 6);

        //If it's a MCU reboot, try to force boot options
        if(isA9lh && CFG_BOOTENV)
@@ -110,19 +120,19 @@ void main(void)
            if(CFG_BOOTENV == 7)
            {
                nandType = FIRMWARE_SYSNAND;
-                firmSource = useSysAsDefault ? FIRMWARE_SYSNAND : (FirmwareSource)BOOTCONFIG(2, 1);
+                firmSource = CONFIG(USESYSFIRM) ? FIRMWARE_SYSNAND : (FirmwareSource)BOOTCFG_FIRM;
                needConfig = DONT_CONFIGURE;

                //Flag to prevent multiple boot options-forcing
-                newConfig |= 1 << 4;
+                configTemp |= 1 << 7;
            }

            /* Else, force the last used boot options unless a button is pressed
               or the no-forcing flag is set */
-            else if(!pressed && !BOOTCONFIG(4, 1))
+            else if(needConfig != CREATE_CONFIGURATION && !pressed && !BOOTCFG_NOFORCEFLAG)
            {
-                nandType = (FirmwareSource)BOOTCONFIG(0, 3);
-                firmSource = (FirmwareSource)BOOTCONFIG(2, 1);
+                nandType = (FirmwareSource)BOOTCFG_NAND;
+                firmSource = (FirmwareSource)BOOTCFG_FIRM;
                needConfig = DONT_CONFIGURE;
            }
        }
@@ -130,23 +140,14 @@ void main(void)
        //Boot options aren't being forced
        if(needConfig != DONT_CONFIGURE)
        {
-            PINData pin;
-
-            bool pinExists = CONFIG(7) && readPin(&pin);
-
-            //If we get here we should check the PIN (if it exists) in all cases
-            if(pinExists) verifyPin(&pin);
+            bool pinExists = MULTICONFIG(PIN) != 0 && verifyPin();

            //If no configuration file exists or SELECT is held, load configuration menu
-            bool shouldLoadConfigurationMenu = needConfig == CREATE_CONFIGURATION || ((pressed & BUTTON_SELECT) && !(pressed & BUTTON_L1));
+            bool shouldLoadConfigMenu = needConfig == CREATE_CONFIGURATION || ((pressed & BUTTON_SELECT) && !(pressed & BUTTON_L1));

-            if(shouldLoadConfigurationMenu)
+            if(shouldLoadConfigMenu)
            {
-                configureCFW(configPath);
-
-                if(!pinExists && CONFIG(7)) newPin();
-
-                chrono(2);
+                configMenu(pinExists);

                //Update pressed buttons
                pressed = HID_PAD;
@@ -156,69 +157,96 @@ void main(void)
            {
                nandType = FIRMWARE_SYSNAND;
                firmSource = FIRMWARE_SYSNAND;
+
+                //Flag to tell loader to init SD
+                configTemp |= 1 << 8;
+
+                //If the PIN has been verified, wait to make it easier to press the SAFE_MODE combo
+                if(pinExists && !shouldLoadConfigMenu)
+                {
+                    while(HID_PAD & PIN_BUTTONS);
+                    chrono(2);
+                }
            }
            else
            {
-                if(CONFIG(6) && loadSplash()) pressed = HID_PAD;
+                if(CONFIG(PAYLOADSPLASH) && loadSplash()) pressed = HID_PAD;

                /* If L and R/A/Select or one of the single payload buttons are pressed,
-                   chainload an external payload (the PIN, if any, has been verified)*/
-                bool shouldLoadPayload = (pressed & SINGLE_PAYLOAD_BUTTONS) || ((pressed & BUTTON_L1) && (pressed & L_PAYLOAD_BUTTONS));
+                   chainload an external payload */
+                bool shouldLoadPayload = ((pressed & SINGLE_PAYLOAD_BUTTONS) && !(pressed & (BUTTON_L1 | BUTTON_R1 | BUTTON_A))) ||
+                                         ((pressed & L_PAYLOAD_BUTTONS) && (pressed & BUTTON_L1));

                if(shouldLoadPayload) loadPayload(pressed);

-                if(!CONFIG(6)) loadSplash();
+                if(!CONFIG(PAYLOADSPLASH)) loadSplash();
+
+                //Determine if the user chose to use the SysNAND FIRM as default for a R boot
+                bool useSysAsDefault = isA9lh ? CONFIG(USESYSFIRM) : false;

                //If R is pressed, boot the non-updated NAND with the FIRM of the opposite one
                if(pressed & BUTTON_R1)
                {
-                    nandType = (useSysAsDefault) ? FIRMWARE_EMUNAND : FIRMWARE_SYSNAND;
-                    firmSource = (useSysAsDefault) ? FIRMWARE_SYSNAND : FIRMWARE_EMUNAND;
+                    nandType = useSysAsDefault ? FIRMWARE_EMUNAND : FIRMWARE_SYSNAND;
+                    firmSource = useSysAsDefault ? FIRMWARE_SYSNAND : FIRMWARE_EMUNAND;
                }

                /* Else, boot the NAND the user set to autoboot or the opposite one, depending on L,
                   with their own FIRM */
                else
                {
-                    nandType = (CONFIG(0) != !(pressed & BUTTON_L1)) ? FIRMWARE_EMUNAND : FIRMWARE_SYSNAND;
+                    nandType = (CONFIG(AUTOBOOTSYS) != !(pressed & BUTTON_L1)) ? FIRMWARE_EMUNAND : FIRMWARE_SYSNAND;
                    firmSource = nandType;
                }

-                /* If we're booting emuNAND the second emuNAND is set as default and B isn't pressed,
-                   or vice-versa, boot the second emuNAND */
-                if(nandType != FIRMWARE_SYSNAND && (CONFIG(2) == !(pressed & BUTTON_B))) nandType = FIRMWARE_EMUNAND2;
+                //If we're booting EmuNAND or using EmuNAND FIRM, determine which one from the directional pad buttons, or otherwise from the config
+                if(nandType == FIRMWARE_EMUNAND || firmSource == FIRMWARE_EMUNAND)
+                {
+                    FirmwareSource temp;
+                    switch(pressed & EMUNAND_BUTTONS)
+                    {
+                        case BUTTON_UP:
+                            temp = FIRMWARE_EMUNAND;
+                            break;
+                        case BUTTON_RIGHT:
+                            temp = FIRMWARE_EMUNAND2;
+                            break;
+                        case BUTTON_DOWN:
+                            temp = FIRMWARE_EMUNAND3;
+                            break;
+                        case BUTTON_LEFT:
+                            temp = FIRMWARE_EMUNAND4;
+                            break;
+                        default:
+                            temp = (FirmwareSource)(1 + MULTICONFIG(DEFAULTEMU));
+                            break;
+                    }
+
+                    if(nandType == FIRMWARE_EMUNAND) nandType = temp;
+                    else firmSource = temp;
+                }
            }
        }
    }

-    //If we need to boot emuNAND, make sure it exists
+    //If we need to boot EmuNAND, make sure it exists
    if(nandType != FIRMWARE_SYSNAND)
    {
-        locateEmuNAND(&emuOffset, &emuHeader, &nandType);
+        locateEmuNand(&emuHeader, &nandType);
        if(nandType == FIRMWARE_SYSNAND) firmSource = FIRMWARE_SYSNAND;
    }

-    //Same if we're using emuNAND as the FIRM source
+    //Same if we're using EmuNAND as the FIRM source
    else if(firmSource != FIRMWARE_SYSNAND)
-        locateEmuNAND(&emuOffset, &emuHeader, &firmSource);
+        locateEmuNand(&emuHeader, &firmSource);

    if(!isFirmlaunch)
    {
-        newConfig |= (u32)nandType | ((u32)firmSource << 2);
-
-        /* If the boot configuration is different from previously, overwrite it.
-           Just the no-forcing flag being set is not enough */
-        if((newConfig & 0x2F) != (config & 0x3F))
-        {
-            //Preserve user settings (last 26 bits)
-            newConfig |= config & 0xFFFFFFC0;
-
-            if(!fileWrite(&newConfig, configPath, 4))
-                error("Error writing the configuration file");
-        }
+        configTemp |= (u32)nandType | ((u32)firmSource << 3);
+        writeConfig(needConfig, configTemp);
    }

-    u32 firmVersion = loadFirm(firmType);
+    u32 firmVersion = loadFirm(&firmType, firmSource);

    switch(firmType)
    {
@@ -226,7 +254,8 @@ void main(void)
            patchNativeFirm(firmVersion, nandType, emuHeader, isA9lh);
            break;
        case SAFE_FIRM:
-            patchSafeFirm();
+        case NATIVE_FIRM1X2X:
+            if(isA9lh) patch1x2xNativeAndSafeFirm();
            break;
        default:
            //Skip patching on unsupported O3DS AGB/TWL FIRMs
@@ -234,32 +263,96 @@ void main(void)
            break;
    }

-    launchFirm(firmType, isFirmlaunch);
+    launchFirm(firmType);
 }

-static inline u32 loadFirm(FirmwareType firmType)
+#ifdef DEV
+static inline u32 loadFirm(FirmwareType *firmType, FirmwareSource firmSource)
 {
    section = firm->section;

-    //Load FIRM from CTRNAND, unless it's an O3DS and we're loading a pre-5.0 NATIVE FIRM
-    u32 firmVersion = firmRead(firm, (u32)firmType);
+    const char *firmwareFiles[4] = {
+        "/luma/firmware.bin",
+        "/luma/firmware_twl.bin",
+        "/luma/firmware_agb.bin",
+        "/luma/firmware_safe.bin"
+    };

-    if(!isN3DS && firmType == NATIVE_FIRM && firmVersion < 0x25)
+    //Load FIRM from CTRNAND
+    u32 firmVersion = firmRead(firm, (u32)*firmType);
+
+    bool loadFromSd = false;
+
+    if(!isN3DS && *firmType == NATIVE_FIRM)
    {
-        if(!fileRead(firm, "/luma/firmware.bin") || (((u32)section[2].address >> 8) & 0xFF) != 0x68)
-            error("An old unsupported FIRM has been detected.\nCopy firmware.bin in /luma to boot");
+        if(firmVersion < 0x18)
+        {
+            //We can't boot < 3.x EmuNANDs
+            if(firmSource != FIRMWARE_SYSNAND) 
+                error("An old unsupported EmuNAND has been detected.\nLuma3DS is unable to boot it");

-        //No assumption regarding FIRM version
-        firmVersion = 0xffffffff;
+            if(BOOTCFG_SAFEMODE != 0) error("SAFE_MODE is not supported on 1.x/2.x FIRM");
+
+            *firmType = NATIVE_FIRM1X2X;
+        }
+
+        //We can't boot a 3.x/4.x NATIVE_FIRM, load one from SD
+        else if(firmVersion < 0x25) loadFromSd = true;
+    }
+
+    //Check that the SD FIRM is right for the console from the ARM9 section address
+    if(fileRead(firm, *firmType == NATIVE_FIRM1X2X ? firmwareFiles[0] : firmwareFiles[(u32)*firmType], 0x400000) &&
+       ((section[3].offset ? section[3].address : section[2].address) == (isN3DS ? (u8 *)0x8006000 : (u8 *)0x8006800)))
+        firmVersion = 0xFFFFFFFF;
+    else
+    {
+        if(loadFromSd) error("An old unsupported FIRM has been detected.\nCopy a valid firmware.bin in /luma to boot");
+        decryptExeFs((u8 *)firm);
    }
-    else decryptExeFs((u8 *)firm);

    return firmVersion;
 }
+#else
+static inline u32 loadFirm(FirmwareType *firmType, FirmwareSource firmSource)
+{
+    section = firm->section;
+
+    //Load FIRM from CTRNAND
+    u32 firmVersion = firmRead(firm, (u32)*firmType);
+
+    if(!isN3DS && *firmType == NATIVE_FIRM)
+    {
+        if(firmVersion < 0x18)
+        {
+            //We can't boot < 3.x EmuNANDs
+            if(firmSource != FIRMWARE_SYSNAND) 
+                error("An old unsupported EmuNAND has been detected.\nLuma3DS is unable to boot it");
+
+            if(BOOTCFG_SAFEMODE != 0) error("SAFE_MODE is not supported on 1.x/2.x FIRM");
+
+            *firmType = NATIVE_FIRM1X2X;
+        }
+
+        //We can't boot a 3.x/4.x NATIVE_FIRM, load one from SD
+        else if(firmVersion < 0x25)
+        {
+            if(!fileRead(firm, "/luma/firmware.bin", 0x400000) || section[2].address != (u8 *)0x8006800)
+                error("An old unsupported FIRM has been detected.\nCopy a valid firmware.bin in /luma to boot");
+
+            firmVersion = 0xFFFFFFFF;
+        }
+    }
+
+    if(firmVersion != 0xFFFFFFFF) decryptExeFs((u8 *)firm);
+
+    return firmVersion;
+}
+#endif

 static inline void patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32 emuHeader, bool isA9lh)
 {
-    u8 *arm9Section = (u8 *)firm + section[2].offset;
+    u8 *arm9Section = (u8 *)firm + section[2].offset,
+       *arm11Section1 = (u8 *)firm + section[1].offset;

    if(isN3DS)
    {
@@ -276,14 +369,28 @@ static inline void patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32
        process9MemAddr;
    u8 *process9Offset = getProcess9(arm9Section + 0x15000, section[2].size - 0x15000, &process9Size, &process9MemAddr);

+#ifdef DEV
+    //Find Kernel11 SVC table and handler, exceptions page and free space locations
+    u32 baseK11VA;
+    u8 *freeK11Space;
+    u32 *arm11SvcHandler, 
+        *arm11ExceptionsPage,
+        *arm11SvcTable = getKernel11Info(arm11Section1, section[1].size, &baseK11VA, &freeK11Space, &arm11SvcHandler, &arm11ExceptionsPage);
+#else
+    //Find Kernel11 SVC table and free space locations
+    u32 baseK11VA;
+    u8 *freeK11Space;
+    u32 *arm11SvcTable = getKernel11Info(arm11Section1, section[1].size, &baseK11VA, &freeK11Space);
+#endif
+
    //Apply signature patches
    patchSignatureChecks(process9Offset, process9Size);

-    //Apply emuNAND patches
+    //Apply EmuNAND patches
    if(nandType != FIRMWARE_SYSNAND)
    {
        u32 branchAdditive = (u32)firm + section[2].offset - (u32)section[2].address;
-        patchEmuNAND(arm9Section, section[2].size, process9Offset, process9Size, emuOffset, emuHeader, branchAdditive);
+        patchEmuNand(arm9Section, section[2].size, process9Offset, process9Size, emuHeader, branchAdditive);
    }

    //Apply FIRM0/1 writes patches on sysNAND to protect A9LH
@@ -299,23 +406,63 @@ static inline void patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32
        patchTitleInstallMinVersionCheck(process9Offset, process9Size);

        //Restore svcBackdoor
-        reimplementSvcBackdoor((u8 *)firm + section[1].offset, section[1].size);
+        reimplementSvcBackdoor(arm11Section1, arm11SvcTable, baseK11VA, &freeK11Space);
    }
+
+    implementSvcGetCFWInfo(arm11Section1, arm11SvcTable, baseK11VA, &freeK11Space);
+
+#ifdef DEV
+    //Apply UNITINFO patch
+    if(MULTICONFIG(DEVOPTIONS) == 1) patchUnitInfoValueSet(arm9Section, section[2].size);
+
+    if(isA9lh && MULTICONFIG(DEVOPTIONS) != 2)
+    {
+        //Install ARM11 exception handlers
+        u32 codeSetOffset;
+        u32 stackAddress = getInfoForArm11ExceptionHandlers(arm11Section1, section[1].size, &codeSetOffset);
+        installArm11Handlers(arm11ExceptionsPage, stackAddress, codeSetOffset);
+
+        //Kernel9/Process9 debugging
+        patchArm9ExceptionHandlersInstall(arm9Section, section[2].size);
+        patchSvcBreak9(arm9Section, section[2].size, (u32)section[2].address);
+        patchKernel9Panic(arm9Section, section[2].size);
+
+        //Stub svcBreak11 with "bkpt 65535"
+        patchSvcBreak11(arm11Section1, arm11SvcTable);
+
+        //Stub kernel11Panic with "bkpt 65534"
+        patchKernel11Panic(arm11Section1, section[1].size);
+    }
+
+    if(CONFIG(PATCHACCESS))
+    {
+        patchArm11SvcAccessChecks(arm11SvcHandler);
+        patchK11ModuleChecks(arm11Section1, section[1].size, &freeK11Space);
+        patchP9AccessChecks(process9Offset, process9Size);
+    }
+#endif
 }

 static inline void patchLegacyFirm(FirmwareType firmType)
 {
+    u8 *arm9Section = (u8 *)firm + section[3].offset;
+    
+    //On N3DS, decrypt ARM9Bin and patch ARM9 entrypoint to skip arm9loader
    if(isN3DS)
    {
-        //Decrypt ARM9Bin and patch ARM9 entrypoint to skip arm9loader
-        arm9Loader((u8 *)firm + section[3].offset);
+        arm9Loader(arm9Section);
        firm->arm9Entry = (u8 *)0x801301C;
    }

    applyLegacyFirmPatches((u8 *)firm, firmType);
+
+#ifdef DEV
+    //Apply UNITINFO patch
+    if(MULTICONFIG(DEVOPTIONS) == 1) patchUnitInfoValueSet(arm9Section, section[3].size);
+#endif
 }

-static inline void patchSafeFirm(void)
+static inline void patch1x2xNativeAndSafeFirm(void)
 {
    u8 *arm9Section = (u8 *)firm + section[2].offset;

@@ -327,34 +474,112 @@ static inline void patchSafeFirm(void)

        patchFirmWrites(arm9Section, section[2].size);
    }
-    else patchFirmWriteSafe(arm9Section, section[2].size);
+    else patchOldFirmWrites(arm9Section, section[2].size);
+
+#ifdef DEV
+    if(MULTICONFIG(DEVOPTIONS) != 2)
+    {
+        //Kernel9/Process9 debugging
+        patchArm9ExceptionHandlersInstall(arm9Section, section[2].size);
+        patchSvcBreak9(arm9Section, section[2].size, (u32)section[2].address);
+    }
+#endif
 }

-static inline void copySection0AndInjectLoader(void)
+#ifdef DEV
+static inline void copySection0AndInjectSystemModules(FirmwareType firmType)
 {
-    u8 *arm11Section0 = (u8 *)firm + section[0].offset;
+    u32 srcModuleSize,
+        dstModuleSize;

-    u32 loaderSize;
-    u32 loaderOffset = getLoader(arm11Section0, &loaderSize);
+    for(u8 *src = (u8 *)firm + section[0].offset, *srcEnd = src + section[0].size, *dst = section[0].address;
+        src < srcEnd; src += srcModuleSize, dst += dstModuleSize)
+    {
+        srcModuleSize = *(u32 *)(src + 0x104) * 0x200;
+        const char *moduleName = (char *)(src + 0x200);

-    memcpy(section[0].address, arm11Section0, loaderOffset);
-    memcpy(section[0].address + loaderOffset, injector, injector_size);
-    memcpy(section[0].address + loaderOffset + injector_size, arm11Section0 + loaderOffset + loaderSize, section[0].size - (loaderOffset + loaderSize));
+        char fileName[30] = "/luma/sysmodules/";
+        const char *ext = ".cxi";
+
+        //Read modules from files if they exist
+        concatenateStrings(fileName, moduleName);
+        concatenateStrings(fileName, ext);
+
+        u32 fileSize = fileRead(dst, fileName, 2 * srcModuleSize);
+        if(fileSize) dstModuleSize = fileSize;
+        else
+        {
+            const void *module;
+
+            if(firmType == NATIVE_FIRM && memcmp(moduleName, "loader", 6) == 0)
+            {
+                module = injector;
+                dstModuleSize = injector_size;
+            }
+            else
+            {
+                module = src;
+                dstModuleSize = srcModuleSize;
+            }
+
+            memcpy(dst, module, dstModuleSize);
+        }
+    }
 }
-
-static inline void launchFirm(FirmwareType firmType, bool isFirmlaunch)
+#else
+static inline void copySection0AndInjectSystemModules(void)
 {
+    u32 srcModuleSize,
+        dstModuleSize;
+
+    for(u8 *src = (u8 *)firm + section[0].offset, *srcEnd = src + section[0].size, *dst = section[0].address;
+        src < srcEnd; src += srcModuleSize, dst += dstModuleSize)
+    {
+        srcModuleSize = *(u32 *)(src + 0x104) * 0x200;
+        const char *moduleName = (const char *)(src + 0x200);
+
+        const void *module;
+
+        if(memcmp(moduleName, "loader", 6) == 0)
+        {
+            module = injector;
+            dstModuleSize = injector_size;
+        }
+        else
+        {
+            module = src;
+            dstModuleSize = srcModuleSize;
+        }
+
+        memcpy(dst, module, dstModuleSize);
+    }
+}
+#endif
+
+static inline void launchFirm(FirmwareType firmType)
+{
+#ifdef DEV
+    //Allow module injection and/or inject 3ds_injector on new NATIVE_FIRMs and LGY FIRMs
+    u32 sectionNum;
+    if(firmType != SAFE_FIRM && firmType != NATIVE_FIRM1X2X)
+    {
+        copySection0AndInjectSystemModules(firmType);
+        sectionNum = 1;
+    }
+    else sectionNum = 0;
+#else
    //If we're booting NATIVE_FIRM, section0 needs to be copied separately to inject 3ds_injector
    u32 sectionNum;
    if(firmType == NATIVE_FIRM)
    {
-        copySection0AndInjectLoader();
+        copySection0AndInjectSystemModules();
        sectionNum = 1;
    }
    else sectionNum = 0;
+#endif

    //Copy FIRM sections to respective memory locations
-    for(; sectionNum < 4 && section[sectionNum].size; sectionNum++)
+    for(; sectionNum < 4 && section[sectionNum].size != 0; sectionNum++)
        memcpy(section[sectionNum].address, (u8 *)firm + section[sectionNum].offset, section[sectionNum].size);

    //Determine the ARM11 entry to use
@@ -369,7 +594,8 @@ static inline void launchFirm(FirmwareType firmType, bool isFirmlaunch)
    //Set ARM11 kernel entrypoint
    *arm11 = (u32)firm->arm11Entry;

-    flushEntireDCache(); //Ensure that all memory transfers have completed and that the data cache has been flushed 
+    //Ensure that all memory transfers have completed and that the caches have been flushed
+    flushEntireDCache();
    flushEntireICache();

    //Final jump to ARM9 kernel
--- a/source/firm.h
+++ b/source/firm.h
@@ -24,10 +24,10 @@

 #include "types.h"

+#define CFG_BOOTENV    (*(vu32 *)0x10010000)
+#define CFG_UNITINFO   (*(vu8  *)0x10010010)
 #define PDN_MPCORE_CFG (*(vu32 *)0x10140FFC)
 #define PDN_SPI_CNT    (*(vu32 *)0x101401C0)
-#define CFG_BOOTENV    (*(vu32 *)0x10010000)
-#define CFG_UNITINFO   (*(vu8 *)0x10010010)

 //FIRM Header layout
 typedef struct firmSectionHeader {
@@ -46,17 +46,16 @@ typedef struct firmHeader {
    u8 reserved2[0x30];
    firmSectionHeader section[4];
 } firmHeader;
-
-typedef enum ConfigurationStatus
-{
-    DONT_CONFIGURE = 0,
-    MODIFY_CONFIGURATION = 1,
-    CREATE_CONFIGURATION = 2
-} ConfigurationStatus;
 
-static inline u32 loadFirm(FirmwareType firmType);
+static inline u32 loadFirm(FirmwareType *firmType, FirmwareSource firmSource);
 static inline void patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32 emuHeader, bool isA9lh);
 static inline void patchLegacyFirm(FirmwareType firmType);
-static inline void patchSafeFirm(void);
-static inline void copySection0AndInjectLoader(void);
-static inline void launchFirm(FirmwareType firmType, bool isFirmlaunch);
+static inline void patch1x2xNativeAndSafeFirm(void);
+
+#ifdef DEV
+static inline void copySection0AndInjectSystemModules(FirmwareType firmType);
+#else
+static inline void copySection0AndInjectSystemModules(void);
+#endif
+
+static inline void launchFirm(FirmwareType firmType);
--- a/source/fs.c
+++ b/source/fs.c
@@ -22,6 +22,7 @@

 #include "fs.h"
 #include "memory.h"
+#include "strings.h"
 #include "cache.h"
 #include "screen.h"
 #include "fatfs/ff.h"
@@ -37,34 +38,35 @@ void mountFs(void)
    f_mount(&nandFs, "1:", 0);
 }

-u32 fileRead(void *dest, const char *path)
+u32 fileRead(void *dest, const char *path, u32 maxSize)
 {
    FIL file;
-    u32 size;
+    u32 ret = 0;

    if(f_open(&file, path, FA_READ) == FR_OK)
    {
-        unsigned int read;
-        size = f_size(&file);
-        if(dest != NULL)
-            f_read(&file, dest, size, &read);
+        u32 size = f_size(&file);
+        if(dest == NULL) ret = size;
+        else if(!(maxSize > 0 && size > maxSize))
+            f_read(&file, dest, size, (unsigned int *)&ret);
        f_close(&file);
    }
-    else size = 0;

-    return size;
+    return ret;
 }

 u32 getFileSize(const char *path)
 {
-    return fileRead(NULL, path);
+    return fileRead(NULL, path, 0);
 }

 bool fileWrite(const void *buffer, const char *path, u32 size)
 {
    FIL file;

-    if(f_open(&file, path, FA_WRITE | FA_OPEN_ALWAYS) == FR_OK)
+    FRESULT result = f_open(&file, path, FA_WRITE | FA_OPEN_ALWAYS);
+
+    if(result == FR_OK)
    {
        unsigned int written;
        f_write(&file, buffer, size, &written);
@@ -73,27 +75,42 @@ bool fileWrite(const void *buffer, const char *path, u32 size)
        return true;
    }

+    if(result == FR_NO_PATH)
+    {
+        for(u32 i = 1; path[i] != 0; i++)
+           if(path[i] == '/')
+           {
+                char folder[i + 1];
+                memcpy(folder, path, i);
+                folder[i] = 0;
+                f_mkdir(folder);
+           }
+
+        return fileWrite(buffer, path, size);
+    }
+
    return false;
 }

-void createDirectory(const char *path)
+void fileDelete(const char *path)
 {
-    f_mkdir(path);
+    f_unlink(path);
 }

 void loadPayload(u32 pressed)
 {
    const char *pattern;

-    if(pressed & BUTTON_RIGHT) pattern = PATTERN("right");
-    else if(pressed & BUTTON_LEFT) pattern = PATTERN("left");
+    if(pressed & BUTTON_LEFT) pattern = PATTERN("left");
+    else if(pressed & BUTTON_RIGHT) pattern = PATTERN("right");
    else if(pressed & BUTTON_UP) pattern = PATTERN("up");
    else if(pressed & BUTTON_DOWN) pattern = PATTERN("down");
+    else if(pressed & BUTTON_START) pattern = PATTERN("start");
+    else if(pressed & BUTTON_B) pattern = PATTERN("b");
    else if(pressed & BUTTON_X) pattern = PATTERN("x");
    else if(pressed & BUTTON_Y) pattern = PATTERN("y");
    else if(pressed & BUTTON_R1) pattern = PATTERN("r");
    else if(pressed & BUTTON_A) pattern = PATTERN("a");
-    else if(pressed & BUTTON_START) pattern = PATTERN("start");
    else pattern = PATTERN("select");

    DIR dir;
@@ -106,21 +123,27 @@ void loadPayload(u32 pressed)

    if(result == FR_OK && info.fname[0])
    {
-        initScreens();
-
-        u32 *const loaderAddress = (u32 *)0x24FFFF00;
+        u32 *loaderAddress = (u32 *)0x24FFFF00;
+        u8 *payloadAddress = (u8 *)0x24F00000;

        memcpy(loaderAddress, loader, loader_size);

-        path[14] = '/';
-        memcpy(&path[15], info.altname, 13);
+        concatenateStrings(path, "/");
+        concatenateStrings(path, info.altname);

-        loaderAddress[1] = fileRead((void *)0x24F00000, path);
+        u32 payloadSize = fileRead(payloadAddress, path, (u8 *)loaderAddress - payloadAddress);

-        flushDCacheRange(loaderAddress, loader_size);
-        flushICacheRange(loaderAddress, loader_size);
+        if(payloadSize > 0)
+        {
+            loaderAddress[1] = payloadSize;

-        ((void (*)())loaderAddress)();
+            initScreens();
+
+            flushDCacheRange(loaderAddress, loader_size);
+            flushICacheRange(loaderAddress, loader_size);
+
+            ((void (*)())loaderAddress)();
+        }
    }
 }

@@ -131,8 +154,9 @@ u32 firmRead(void *dest, u32 firmType)
                                    { "00000202", "20000202" },
                                    { "00000003", "20000003" }};

-    char path[48] = "1:/title/00040138/00000000/content";
-    memcpy(&path[18], firmFolders[firmType][isN3DS ? 1 : 0], 8);
+    char path[48] = "1:/title/00040138/";
+    concatenateStrings(path, firmFolders[firmType][isN3DS ? 1 : 0]);
+    concatenateStrings(path, "/content");

    DIR dir;
    FILINFO info;
@@ -162,21 +186,35 @@ u32 firmRead(void *dest, u32 firmType)
    f_closedir(&dir);

    //Complete the string with the .app name
-    memcpy(&path[34], "/00000000.app", 14);
-
-    //Last digit of the .app
-    u32 i = 42;
+    concatenateStrings(path, "/00000000.app");

    //Convert back the .app name from integer to array
-    u32 tempVersion = firmVersion;
-    while(tempVersion)
-    {
-        static const char hexDigits[] = "0123456789ABCDEF";
-        path[i--] = hexDigits[tempVersion & 0xF];
-        tempVersion >>= 4;
-    }
+    hexItoa(firmVersion, &path[35], 8);

-    fileRead(dest, path);
+    fileRead(dest, path, 0);

    return firmVersion;
-}
+}
+
+#ifdef DEV
+void findDumpFile(const char *path, char *fileName)
+{
+    DIR dir;
+    FILINFO info;
+    u32 n = 0;
+
+    while(f_findfirst(&dir, &info, path, fileName) == FR_OK && info.fname[0])
+    {
+        u32 i = 18,
+            tmp = ++n;
+
+        while(tmp > 0)
+        {
+            fileName[i--] = '0' + (tmp % 10);
+            tmp /= 10;
+        }
+    }
+
+    f_closedir(&dir);
+}
+#endif
--- a/source/fs.h
+++ b/source/fs.h
@@ -24,14 +24,18 @@

 #include "types.h"

-#define PATTERN(a)      a "_*.bin"
+#define PATTERN(a) a "_*.bin"

 extern bool isN3DS;

 void mountFs(void);
-u32 fileRead(void *dest, const char *path);
+u32 fileRead(void *dest, const char *path, u32 maxSize);
 u32 getFileSize(const char *path);
 bool fileWrite(const void *buffer, const char *path, u32 size);
-void createDirectory(const char *path);
+void fileDelete(const char *path);
 void loadPayload(u32 pressed);
-u32 firmRead(void *dest, u32 firmType);
+u32 firmRead(void *dest, u32 firmType);
+
+#ifdef DEV
+void findDumpFile(const char *path, char *fileName);
+#endif
--- a/source/i2c.c
+++ b/source/i2c.c
@@ -20,6 +20,10 @@
 *   Notices displayed by works containing it.
 */

+/*
+*   Thanks to the everyone who contributed in the development of this file
+*/
+
 #include "i2c.h"

 //-----------------------------------------------------------------------------
@@ -75,7 +79,7 @@ static inline void i2cWaitBusy(u8 bus_id)
    while (*i2cGetCntReg(bus_id) & 0x80);
 }

-static inline u32 i2cGetResult(u8 bus_id)
+static inline bool i2cGetResult(u8 bus_id)
 {
    i2cWaitBusy(bus_id);

@@ -91,7 +95,7 @@ static void i2cStop(u8 bus_id, u8 arg0)

 //-----------------------------------------------------------------------------

-static u32 i2cSelectDevice(u8 bus_id, u8 dev_reg)
+static bool i2cSelectDevice(u8 bus_id, u8 dev_reg)
 {
    i2cWaitBusy(bus_id);
    *i2cGetDataReg(bus_id) = dev_reg;
@@ -100,7 +104,7 @@ static u32 i2cSelectDevice(u8 bus_id, u8 dev_reg)
    return i2cGetResult(bus_id);
 }

-static u32 i2cSelectRegister(u8 bus_id, u8 reg)
+static bool i2cSelectRegister(u8 bus_id, u8 reg)
 {
    i2cWaitBusy(bus_id);
    *i2cGetDataReg(bus_id) = reg;
@@ -111,10 +115,10 @@ static u32 i2cSelectRegister(u8 bus_id, u8 reg)

 //-----------------------------------------------------------------------------

-u32 i2cWriteRegister(u8 dev_id, u8 reg, u8 data)
+bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data)
 {
-    u8 bus_id = i2cGetDeviceBusId(dev_id);
-    u8 dev_addr = i2cGetDeviceRegAddr(dev_id);
+    u8 bus_id = i2cGetDeviceBusId(dev_id),
+       dev_addr = i2cGetDeviceRegAddr(dev_id);

    for(u32 i = 0; i < 8; i++)
    {
@@ -125,12 +129,11 @@ u32 i2cWriteRegister(u8 dev_id, u8 reg, u8 data)
            *i2cGetCntReg(bus_id) = 0xC1;
            i2cStop(bus_id, 0);

-            if(i2cGetResult(bus_id))
-                return 1;
+            if(i2cGetResult(bus_id)) return true;
        }
        *i2cGetCntReg(bus_id) = 0xC5;
        i2cWaitBusy(bus_id);
    }

-    return 0;
+    return false;
 }
--- a/source/i2c.h
+++ b/source/i2c.h
@@ -21,7 +21,7 @@
 */

 /*
-*	Thanks to the everyone who contributed in the development of this file 
+*   Thanks to the everyone who contributed in the development of this file
 */

 #pragma once
@@ -41,4 +41,4 @@
 #define I2C_DEV_GYRO 10
 #define I2C_DEV_IR   13

-u32 i2cWriteRegister(u8 dev_id, u8 reg, u8 data);
+bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data);
--- a/source/memory.c
+++ b/source/memory.c
@@ -20,9 +20,8 @@
 *   Notices displayed by works containing it.
 */

-
 /*
-*   Quick Search algorithm adapted from http://igm.univ-mlv.fr/~lecroq/string/node19.html#SECTION00190
+*   Boyer-Moore Horspool algorithm adapted from http://www-igm.univ-mlv.fr/~lecroq/string/node18.html#SECTION00180
 *   memcpy, memset32 and memcmp adapted from https://github.com/mid-kid/CakesForeveryWan/blob/557a8e8605ab3ee173af6497486e8f22c261d0e2/source/memfuncs.c
 */

@@ -41,19 +40,19 @@ void memset32(void *dest, u32 filler, u32 size)
 {
    u32 *dest32 = (u32 *)dest;

-    for (u32 i = 0; i < size / 4; i++)
+    for(u32 i = 0; i < size / 4; i++)
        dest32[i] = filler;
 }

 int memcmp(const void *buf1, const void *buf2, u32 size)
 {
-    const u8 *buf1c = (const u8 *)buf1;
-    const u8 *buf2c = (const u8 *)buf2;
+    const u8 *buf1c = (const u8 *)buf1,
+             *buf2c = (const u8 *)buf2;

    for(u32 i = 0; i < size; i++)
    {
        int cmp = buf1c[i] - buf2c[i];
-        if(cmp) return cmp;
+        if(cmp != 0) return cmp;
    }

    return 0;
@@ -62,23 +61,22 @@ int memcmp(const void *buf1, const void *buf2, u32 size)
 u8 *memsearch(u8 *startPos, const void *pattern, u32 size, u32 patternSize)
 {
    const u8 *patternc = (const u8 *)pattern;
-
-    //Preprocessing
    u32 table[256];

-    for(u32 i = 0; i < 256; ++i)
-        table[i] = patternSize + 1;
-    for(u32 i = 0; i < patternSize; ++i)
-        table[patternc[i]] = patternSize - i;
+    //Preprocessing
+    for(u32 i = 0; i < 256; i++)
+        table[i] = patternSize;
+    for(u32 i = 0; i < patternSize - 1; i++)
+        table[patternc[i]] = patternSize - i - 1;

    //Searching
    u32 j = 0;
-
    while(j <= size - patternSize)
    {
-        if(memcmp(patternc, startPos + j, patternSize) == 0)
+        u8 c = startPos[j + patternSize - 1];
+        if(patternc[patternSize - 1] == c && memcmp(pattern, startPos + j, patternSize - 1) == 0)
            return startPos + j;
-        j += table[startPos[j + patternSize]];
+        j += table[c];
    }

    return NULL;
--- a/source/memory.h
+++ b/source/memory.h
@@ -20,9 +20,8 @@
 *   Notices displayed by works containing it.
 */

-
 /*
-*   Quick Search algorithm adapted from http://igm.univ-mlv.fr/~lecroq/string/node19.html#SECTION00190
+*   Boyer-Moore Horspool algorithm adapted from http://www-igm.univ-mlv.fr/~lecroq/string/node18.html#SECTION00180
 *   memcpy, memset32 and memcmp adapted from https://github.com/mid-kid/CakesForeveryWan/blob/557a8e8605ab3ee173af6497486e8f22c261d0e2/source/memfuncs.c
 */

--- a/source/patches.c
+++ b/source/patches.c
@@ -20,10 +20,19 @@
 *   Notices displayed by works containing it.
 */

+/*
+*   ARM11 modules patching code originally by Subv
+*/
+
 #include "patches.h"
 #include "memory.h"
 #include "config.h"
 #include "../build/rebootpatch.h"
+#include "../build/svcGetCFWInfopatch.h"
+
+#ifdef DEV
+#include "../build/k11modulespatch.h"
+#endif

 u8 *getProcess9(u8 *pos, u32 size, u32 *process9Size, u32 *process9MemAddr)
 {
@@ -36,6 +45,47 @@ u8 *getProcess9(u8 *pos, u32 size, u32 *process9Size, u32 *process9MemAddr)
    return off - 0x204 + (*(u32 *)(off - 0x64) * 0x200) + 0x200;
 }

+#ifdef DEV
+u32 *getKernel11Info(u8 *pos, u32 size, u32 *baseK11VA, u8 **freeK11Space, u32 **arm11SvcHandler, u32 **arm11ExceptionsPage)
+{    
+    const u8 pattern[] = {0x00, 0xB0, 0x9C, 0xE5};
+
+    *arm11ExceptionsPage = (u32 *)memsearch(pos, pattern, size, sizeof(pattern)) - 0xB;
+
+    u32 svcOffset = (-(((*arm11ExceptionsPage)[2] & 0xFFFFFF) << 2) & (0xFFFFFF << 2)) - 8; //Branch offset + 8 for prefetch
+    u32 pointedInstructionVA = 0xFFFF0008 - svcOffset;
+    *baseK11VA = pointedInstructionVA & 0xFFFF0000; //This assumes that the pointed instruction has an offset < 0x10000, iirc that's always the case
+    u32 *arm11SvcTable = (u32 *)(pos + *(u32 *)(pos + pointedInstructionVA - *baseK11VA + 8) - *baseK11VA); //SVC handler address
+    *arm11SvcHandler = arm11SvcTable;
+    while(*arm11SvcTable) arm11SvcTable++; //Look for SVC0 (NULL)
+
+    const u8 pattern2[] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
+
+    *freeK11Space = memsearch(pos, pattern2, size, sizeof(pattern2)) + 1;
+
+    return arm11SvcTable;
+}
+#else
+u32 *getKernel11Info(u8 *pos, u32 size, u32 *baseK11VA, u8 **freeK11Space)
+{    
+    const u8 pattern[] = {0x00, 0xB0, 0x9C, 0xE5};
+
+    u32 *arm11ExceptionsPage = (u32 *)memsearch(pos, pattern, size, sizeof(pattern)) - 0xB;
+
+    u32 svcOffset = (-((arm11ExceptionsPage[2] & 0xFFFFFF) << 2) & (0xFFFFFF << 2)) - 8; //Branch offset + 8 for prefetch
+    u32 pointedInstructionVA = 0xFFFF0008 - svcOffset;
+    *baseK11VA = pointedInstructionVA & 0xFFFF0000; //This assumes that the pointed instruction has an offset < 0x10000, iirc that's always the case
+    u32 *arm11SvcTable = (u32 *)(pos + *(u32 *)(pos + pointedInstructionVA - *baseK11VA + 8) - *baseK11VA); //SVC handler address
+    while(*arm11SvcTable) arm11SvcTable++; //Look for SVC0 (NULL)
+
+    const u8 pattern2[] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
+
+    *freeK11Space = memsearch(pos, pattern2, size, sizeof(pattern2)) + 1;
+
+    return arm11SvcTable;
+}
+#endif
+
 void patchSignatureChecks(u8 *pos, u32 size)
 {
    const u16 sigPatch[2] = {0x2000, 0x4770};
@@ -44,8 +94,8 @@ void patchSignatureChecks(u8 *pos, u32 size)
    const u8 pattern[] = {0xC0, 0x1C, 0x76, 0xE7},
             pattern2[] = {0xB5, 0x22, 0x4D, 0x0C};

-    u16 *off = (u16 *)memsearch(pos, pattern, size, 4),
-        *off2 = (u16 *)(memsearch(pos, pattern2, size, 4) - 1);
+    u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern)),
+        *off2 = (u16 *)(memsearch(pos, pattern2, size, sizeof(pattern2)) - 1);

    *off = sigPatch[0];
    off2[0] = sigPatch[0];
@@ -55,9 +105,9 @@ void patchSignatureChecks(u8 *pos, u32 size)
 void patchFirmlaunches(u8 *pos, u32 size, u32 process9MemAddr)
 {
    //Look for firmlaunch code
-    const u8 pattern[] = {0xDE, 0x1F, 0x8D, 0xE2};
+    const u8 pattern[] = {0xE2, 0x20, 0x20, 0x90};

-    u8 *off = memsearch(pos, pattern, size, 4) - 0x10;
+    u8 *off = memsearch(pos, pattern, size, sizeof(pattern)) - 0x13;

    //Firmlaunch function offset - offset in BLX opcode (A4-16 - ARM DDI 0100E) + 1
    u32 fOpenOffset = (u32)(off + 9 - (-((*(u32 *)off & 0x00FFFFFF) << 2) & (0xFFFFFF << 2)) - pos + process9MemAddr);
@@ -72,70 +122,86 @@ void patchFirmlaunches(u8 *pos, u32 size, u32 process9MemAddr)

 void patchFirmWrites(u8 *pos, u32 size)
 {
-    const u16 writeBlock[2] = {0x2000, 0x46C0};
-
    //Look for FIRM writing code
-    u8 *const off1 = memsearch(pos, "exe:", size, 4);
+    u8 *off1 = memsearch(pos, "exe:", size, 4);
    const u8 pattern[] = {0x00, 0x28, 0x01, 0xDA};

-    u16 *off2 = (u16 *)memsearch(off1 - 0x100, pattern, 0x100, 4);
+    u16 *off2 = (u16 *)memsearch(off1 - 0x100, pattern, 0x100, sizeof(pattern));

-    off2[0] = writeBlock[0];
-    off2[1] = writeBlock[1];
+    off2[0] = 0x2000;
+    off2[1] = 0x46C0;
 }

-void patchFirmWriteSafe(u8 *pos, u32 size)
+void patchOldFirmWrites(u8 *pos, u32 size)
 {
-    const u16 writeBlockSafe[2] = {0x2400, 0xE01D};
-
    //Look for FIRM writing code
    const u8 pattern[] = {0x04, 0x1E, 0x1D, 0xDB};

-    u16 *off = (u16 *)memsearch(pos, pattern, size, 4);
+    u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));

-    off[0] = writeBlockSafe[0];
-    off[1] = writeBlockSafe[1];
+    off[0] = 0x2400;
+    off[1] = 0xE01D;
 }

-void reimplementSvcBackdoor(u8 *pos, u32 size)
+void reimplementSvcBackdoor(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA, u8 **freeK11Space)
 {
    //Official implementation of svcBackdoor
-    const u8  svcBackdoor[40] = {0xFF, 0x10, 0xCD, 0xE3,  //bic   r1, sp, #0xff
-                                 0x0F, 0x1C, 0x81, 0xE3,  //orr   r1, r1, #0xf00
-                                 0x28, 0x10, 0x81, 0xE2,  //add   r1, r1, #0x28
-                                 0x00, 0x20, 0x91, 0xE5,  //ldr   r2, [r1]
-                                 0x00, 0x60, 0x22, 0xE9,  //stmdb r2!, {sp, lr}
-                                 0x02, 0xD0, 0xA0, 0xE1,  //mov   sp, r2
-                                 0x30, 0xFF, 0x2F, 0xE1,  //blx   r0
-                                 0x03, 0x00, 0xBD, 0xE8,  //pop   {r0, r1}
-                                 0x00, 0xD0, 0xA0, 0xE1,  //mov   sp, r0
-                                 0x11, 0xFF, 0x2F, 0xE1}; //bx    r1
+    const u8 svcBackdoor[40] = {0xFF, 0x10, 0xCD, 0xE3,  //bic   r1, sp, #0xff
+                                0x0F, 0x1C, 0x81, 0xE3,  //orr   r1, r1, #0xf00
+                                0x28, 0x10, 0x81, 0xE2,  //add   r1, r1, #0x28
+                                0x00, 0x20, 0x91, 0xE5,  //ldr   r2, [r1]
+                                0x00, 0x60, 0x22, 0xE9,  //stmdb r2!, {sp, lr}
+                                0x02, 0xD0, 0xA0, 0xE1,  //mov   sp, r2
+                                0x30, 0xFF, 0x2F, 0xE1,  //blx   r0
+                                0x03, 0x00, 0xBD, 0xE8,  //pop   {r0, r1}
+                                0x00, 0xD0, 0xA0, 0xE1,  //mov   sp, r0
+                                0x11, 0xFF, 0x2F, 0xE1}; //bx    r1

-    const u8 pattern[] = {0x00, 0xB0, 0x9C, 0xE5}; //cpsid aif
-    
-    u32 *exceptionsPage = (u32 *)memsearch(pos, pattern, size, 4) - 0xB;
-
-    u32 svcOffset = (-((exceptionsPage[2] & 0xFFFFFF) << 2) & (0xFFFFFF << 2)) - 8; //Branch offset + 8 for prefetch
-    u32 *svcTable = (u32 *)(pos + *(u32 *)(pos + 0xFFFF0008 - svcOffset - 0xFFF00000 + 8) - 0xFFF00000); //SVC handler address
-    while(*svcTable) svcTable++; //Look for SVC0 (NULL)
-
-    if(svcTable[0x7B] == 0)
+    if(!arm11SvcTable[0x7B])
    {
-        u32 *freeSpace;
-        for(freeSpace = exceptionsPage; *freeSpace != 0xFFFFFFFF; freeSpace++);
+        memcpy(*freeK11Space, svcBackdoor, 40);

-        memcpy(freeSpace, svcBackdoor, 40);
-
-        svcTable[0x7B] = 0xFFFF0000 + ((u8 *)freeSpace - (u8 *)exceptionsPage);
+        arm11SvcTable[0x7B] = baseK11VA + *freeK11Space - pos;
+        *freeK11Space += 40;
    }
 }

+void implementSvcGetCFWInfo(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA, u8 **freeK11Space)
+{
+    memcpy(*freeK11Space, svcGetCFWInfo, svcGetCFWInfo_size);
+
+    CFWInfo *info = (CFWInfo *)memsearch(*freeK11Space, "LUMA", svcGetCFWInfo_size, 4);
+
+    const char *rev = REVISION;
+    bool isRelease;
+
+    info->commitHash = COMMIT_HASH;
+    info->config = configData.config;
+    info->versionMajor = (u8)(rev[1] - '0');
+    info->versionMinor = (u8)(rev[3] - '0');
+    if(rev[4] == '.')
+    {
+        info->versionBuild = (u8)(rev[5] - '0');
+        isRelease = rev[6] == 0;
+    }
+    else isRelease = rev[4] == 0;
+
+#ifdef DEV
+    info->flags = 1 /* dev build */ | ((isRelease ? 1 : 0) << 1) /* is release */;
+#else
+    info->flags = 0 /* regular build */ | ((isRelease ? 1 : 0) << 1) /* is release */;
+#endif
+
+    arm11SvcTable[0x2E] = baseK11VA + *freeK11Space - pos; //Stubbed svc
+    *freeK11Space += svcGetCFWInfo_size;
+}
+
 void patchTitleInstallMinVersionCheck(u8 *pos, u32 size)
 {
    const u8 pattern[] = {0x0A, 0x81, 0x42, 0x02};
-    
-    u8 *off = memsearch(pos, pattern, size, 4);
-    
+
+    u8 *off = memsearch(pos, pattern, size, sizeof(pattern));
+
    if(off != NULL) off[4] = 0xE0;
 }

@@ -160,7 +226,7 @@ void applyLegacyFirmPatches(u8 *pos, FirmwareType firmType)
    /* Calculate the amount of patches to apply. Only count the boot screen patch for AGB_FIRM
       if the matching option was enabled (keep it as last) */
    u32 numPatches = firmType == TWL_FIRM ? (sizeof(twlPatches) / sizeof(patchData)) :
-                                            (sizeof(agbPatches) / sizeof(patchData) - !CONFIG(5));
+                                            (sizeof(agbPatches) / sizeof(patchData) - !CONFIG(SHOWGBABOOT));
    const patchData *patches = firmType == TWL_FIRM ? twlPatches : agbPatches;

    //Patch
@@ -180,19 +246,131 @@ void applyLegacyFirmPatches(u8 *pos, FirmwareType firmType)
    }
 }

-u32 getLoader(u8 *pos, u32 *loaderSize)
+#ifdef DEV
+void patchArm9ExceptionHandlersInstall(u8 *pos, u32 size)
 {
-    u8 *off = pos;
-    u32 size;
+    const u8 pattern[] = {0x03, 0xA0, 0xE3, 0x18};

-    while(true)
+    u32 *off = (u32 *)(memsearch(pos, pattern, size, sizeof(pattern)) + 0x13);
+
+    for(u32 r0 = 0x08000000; *off != 0xE3A01040; off++) //Until mov r1, #0x40
    {
-        size = *(u32 *)(off + 0x104) * 0x200;
-        if(*(u32 *)(off + 0x200) == 0x64616F6C) break;
-        off += size;
+        //Discard everything that's not str rX, [r0, #imm](!)
+        if((*off & 0xFE5F0000) != 0xE4000000) continue;
+
+        u32 rD = (*off >> 12) & 0xF,
+            offset = (*off & 0xFFF) * ((((*off >> 23) & 1) == 0) ? -1 : 1);
+        bool writeback = ((*off >> 21) & 1) != 0,
+             pre = ((*off >> 24) & 1) != 0;
+
+        u32 addr = r0 + ((pre || !writeback) ? offset : 0);
+        if((addr & 7) != 0 && addr != 0x08000014 && addr != 0x08000004) *off = 0xE1A00000; //nop
+        else *off = 0xE5800000 | (rD << 12) | (addr & 0xFFF); //Preserve IRQ and SVC handlers
+
+        if(!pre) addr += offset;
+        if(writeback) r0 = addr;
    }
+}

-    *loaderSize = size;
+u32 getInfoForArm11ExceptionHandlers(u8 *pos, u32 size, u32 *codeSetOffset)
+{
+    //This function has to succeed. Crash if it doesn't (we'll get an exception dump of it anyways)

-    return (u32)(off - pos);
-}
+    const u8 pattern[] = {0xE3, 0xDC, 0x05, 0xC0}, //Get TitleID from CodeSet
+             pattern2[] = {0xE1, 0x0F, 0x00, 0xBD}; //Call exception dispatcher
+
+    u32 *loadCodeSet = (u32 *)(memsearch(pos, pattern, size, sizeof(pattern)) - 0xB);
+
+    *codeSetOffset = *loadCodeSet & 0xFFF;
+
+    return *(u32 *)(memsearch(pos, pattern2, size, sizeof(pattern2)) + 0xD);
+}
+
+void patchSvcBreak9(u8 *pos, u32 size, u32 kernel9Address)
+{
+    /* Stub svcBreak with "bkpt 65535" so we can debug the panic.
+       Thanks @yellows8 and others for mentioning this idea on #3dsdev */
+
+    //Look for the svc handler
+    const u8 pattern[] = {0x00, 0xE0, 0x4F, 0xE1}; //mrs lr, spsr
+
+    u32 *arm9SvcTable = (u32 *)memsearch(pos, pattern, size, sizeof(pattern));
+    while(*arm9SvcTable) arm9SvcTable++; //Look for SVC0 (NULL)
+
+    u32 *addr = (u32 *)(pos + arm9SvcTable[0x3C] - kernel9Address);
+    *addr = 0xE12FFF7F;
+}
+
+void patchSvcBreak11(u8 *pos, u32 *arm11SvcTable)
+{
+    //Same as above, for NATIVE_FIRM ARM11
+    u32 *addr = (u32 *)(pos + arm11SvcTable[0x3C] - 0xFFF00000);
+    *addr = 0xE12FFF7F;
+}
+
+void patchKernel9Panic(u8 *pos, u32 size)
+{
+    const u8 pattern[] = {0xFF, 0xEA, 0x04, 0xD0};
+
+    u32 *off = (u32 *)(memsearch(pos, pattern, size, sizeof(pattern)) - 0x12);
+    *off = 0xE12FFF7E;
+}
+
+void patchKernel11Panic(u8 *pos, u32 size)
+{
+    const u8 pattern[] = {0x02, 0x0B, 0x44, 0xE2};
+
+    u32 *off = (u32 *)memsearch(pos, pattern, size, sizeof(pattern));
+    *off = 0xE12FFF7E;
+}
+
+void patchP9AccessChecks(u8 *pos, u32 size)
+{
+    const u8 pattern[] = {0xE0, 0x00, 0x40, 0x39};
+
+    u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern)) - 7;
+
+    off[0] = 0x2001; //mov r0, #1
+    off[1] = 0x4770; //bx lr
+}
+
+void patchArm11SvcAccessChecks(u32 *arm11SvcHandler)
+{
+    while(*arm11SvcHandler != 0xE11A0E1B) arm11SvcHandler++; //TST R10, R11,LSL LR
+    *arm11SvcHandler = 0xE3B0A001; //MOVS R10, #1
+}
+
+void patchK11ModuleChecks(u8 *pos, u32 size, u8 **freeK11Space)
+{
+    /* We have to detour a function in the ARM11 kernel because builtin modules
+       are compressed in memory and are only decompressed at runtime */
+
+    //Check that we have enough free space
+    if(*(u32 *)(*freeK11Space + k11modules_size - 4) == 0xFFFFFFFF)
+    {
+        //Inject our code into the free space
+        memcpy(*freeK11Space, k11modules, k11modules_size);
+
+        //Look for the code that decompresses the .code section of the builtin modules
+        const u8 pattern[] = {0xE5, 0x48, 0x00, 0x9D};
+
+        u32 *off = (u32 *)(memsearch(pos, pattern, size, sizeof(pattern)) - 0xB);
+
+        //Inject a jump (BL) instruction to our code at the offset we found
+        *off = 0xEB000000 | (((((u32)*freeK11Space) - ((u32)off + 8)) >> 2) & 0xFFFFFF);
+
+        *freeK11Space += k11modules_size;
+    }
+}
+
+void patchUnitInfoValueSet(u8 *pos, u32 size)
+{
+    //Look for UNITINFO value being set during kernel sync
+    const u8 pattern[] = {0x01, 0x10, 0xA0, 0x13};
+
+    u8 *off = memsearch(pos, pattern, size, sizeof(pattern));
+
+    off[0] = isDevUnit ? 0 : 1;
+    off[3] = 0xE3;
+}
+#endif
--- a/source/patches.h
+++ b/source/patches.h
@@ -20,6 +20,10 @@
 *   Notices displayed by works containing it.
 */

+/*
+*   ARM11 modules patching code originally by Subv
+*/
+
 #pragma once

 #include "types.h"
@@ -33,14 +37,50 @@ typedef struct patchData {
    u32 type;
 } patchData;

-extern bool isN3DS;
+typedef struct __attribute__((packed))
+{
+    char magic[4];
+        
+    u8 versionMajor;
+    u8 versionMinor;
+    u8 versionBuild;
+    u8 flags;
+
+    u32 commitHash;
+
+    u32 config;
+} CFWInfo;
+
+#ifdef DEV
+extern bool isDevUnit;
+#endif

 u8 *getProcess9(u8 *pos, u32 size, u32 *process9Size, u32 *process9MemAddr);
+
+#ifdef DEV
+u32 *getKernel11Info(u8 *pos, u32 size, u32 *baseK11VA, u8 **freeK11Space, u32 **arm11SvcHandler, u32 **arm11ExceptionsPage);
+#else
+u32 *getKernel11Info(u8 *pos, u32 size, u32 *baseK11VA, u8 **freeK11Space);
+#endif
+
 void patchSignatureChecks(u8 *pos, u32 size);
 void patchTitleInstallMinVersionCheck(u8 *pos, u32 size);
 void patchFirmlaunches(u8 *pos, u32 size, u32 process9MemAddr);
 void patchFirmWrites(u8 *pos, u32 size);
-void patchFirmWriteSafe(u8 *pos, u32 size);
-void reimplementSvcBackdoor(u8 *pos, u32 size);
+void patchOldFirmWrites(u8 *pos, u32 size);
+void reimplementSvcBackdoor(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA, u8 **freeK11Space);
+void implementSvcGetCFWInfo(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA, u8 **freeK11Space);
 void applyLegacyFirmPatches(u8 *pos, FirmwareType firmType);
-u32 getLoader(u8 *pos, u32 *loaderSize);
+
+#ifdef DEV
+void patchArm9ExceptionHandlersInstall(u8 *pos, u32 size);
+u32 getInfoForArm11ExceptionHandlers(u8 *pos, u32 size, u32 *codeSetOffset);
+void patchSvcBreak9(u8 *pos, u32 size, u32 kernel9Address);
+void patchSvcBreak11(u8 *pos, u32 *arm11SvcTable);
+void patchKernel9Panic(u8 *pos, u32 size);
+void patchKernel11Panic(u8 *pos, u32 size);
+void patchP9AccessChecks(u8 *pos, u32 size);
+void patchArm11SvcAccessChecks(u32 *arm11SvcHandler);
+void patchK11ModuleChecks(u8 *pos, u32 size, u8 **freeK11Space);
+void patchUnitInfoValueSet(u8 *pos, u32 size);
+#endif
--- a/source/pin.c
+++ b/source/pin.c
@@ -21,11 +21,11 @@
 */

 /*
-*   pin.c
-*   Code to manage pin locking for 3ds. By reworks.
+*   Code originally by reworks
 */

 #include "draw.h"
+#include "config.h"
 #include "screen.h"
 #include "utils.h"
 #include "memory.h"
@@ -34,95 +34,34 @@
 #include "pin.h"
 #include "crypto.h"

-bool readPin(PINData *out)
+static char pinKeyToLetter(u32 pressed)
 {
-    u8 __attribute__((aligned(4))) zeroes[16] = {0};
-    u8 __attribute__((aligned(4))) tmp[32] = {0};
-
-    if(fileRead(out, "/luma/pin.bin") != sizeof(PINData)) return false;
-    if(memcmp(out->magic, "PINF", 4) != 0) return false;
-
-    computePINHash(tmp, zeroes, 1);
-
-    return memcmp(out->testHash, tmp, 32) == 0; //test vector verification (SD card has (or hasn't) been used on another console)
-}
-
-static inline char PINKeyToLetter(u32 pressed)
-{
-    const char keys[] = "AB--------XY";
+    const char keys[] = "AB--RLUD--XY";

    u32 i;
-    __asm__ volatile("clz %[i], %[pressed]" : [i] "=r" (i) : [pressed] "r" (pressed));
+    for(i = 31; pressed > 1; i--) pressed /= 2;

    return keys[31 - i];
 }

-void newPin(void)
+void newPin(bool allowSkipping)
 {
-    clearScreens();
+    clearScreens(true, true);

-    drawString("Enter your NEW PIN: ", 10, 10, COLOR_WHITE);
+    u8 length = 4 + 2 * (MULTICONFIG(PIN) - 1);

-    // Set the default value as 0x00 so we can check if there are any unentered characters.
-    u8 __attribute__((aligned(4))) enteredPassword[16 * ((PIN_LENGTH + 15) / 16)] = {0}; // pad to AES block length
+    char *title = allowSkipping ? "Press START to skip or enter a new PIN" : "Enter a new PIN to proceed";
+    drawString(title, true, 10, 10, COLOR_TITLE);
+    drawString("PIN (  digits): ", true, 10, 10 + 2 * SPACING_Y, COLOR_WHITE);
+    drawCharacter('0' + length, true, 10 + 5 * SPACING_X, 10 + 2 * SPACING_Y, COLOR_WHITE);

-    u32 cnt = 0;
-    int charDrawPos = 20 * SPACING_X;
+    //Pad to AES block length with zeroes
+    u8 __attribute__((aligned(4))) enteredPassword[0x10] = {0};

-    while(cnt < PIN_LENGTH)
-    {
-        u32 pressed;
-        do
-        {
-            pressed = waitInput();
-        }
-        while(!(pressed & PIN_BUTTONS & ~BUTTON_START));
+    u8 cnt = 0;
+    u32 charDrawPos = 16 * SPACING_X;

-        pressed &= PIN_BUTTONS & ~BUTTON_START;
-
-        if(!pressed) continue;
-        char key = PINKeyToLetter(pressed);
-        enteredPassword[cnt++] = (u8)key; // add character to password.
-
-        // visualize character on screen.
-        drawCharacter(key, 10 + charDrawPos, 10, COLOR_WHITE);
-        charDrawPos += 2 * SPACING_X;
-    }
-
-    PINData pin = {0};
-    u8 __attribute__((aligned(4))) tmp[32] = {0};
-    u8 __attribute__((aligned(4))) zeroes[16] = {0};
-
-    memcpy(pin.magic, "PINF", 4);
-    pin.formatVersionMajor = 1;
-    pin.formatVersionMinor = 0;
-
-    computePINHash(tmp, zeroes, 1);
-    memcpy(pin.testHash, tmp, 32);
-
-    computePINHash(tmp, enteredPassword, (PIN_LENGTH + 15) / 16);
-    memcpy(pin.hash, tmp, 32);
-
-    fileWrite(&pin, "/luma/pin.bin", sizeof(PINData));
-    
-    while(HID_PAD & PIN_BUTTONS);
-}
-
-void verifyPin(PINData *in)
-{
-    initScreens();
-
-    drawString("Press START to shutdown or enter pin to proceed.", 10, 10, COLOR_WHITE);
-    drawString("Pin: ", 10, 10 + 2 * SPACING_Y, COLOR_WHITE);
-
-    // Set the default characters as 0x00 so we can check if there are any unentered characters.
-    u8 __attribute__((aligned(4))) enteredPassword[16 * ((PIN_LENGTH + 15) / 16)] = {0};
-
-    u32 cnt = 0;
-    bool unlock = false;
-    int charDrawPos = 5 * SPACING_X;
-
-    while(!unlock)
+    while(cnt < length)
    {
        u32 pressed;
        do
@@ -131,37 +70,121 @@ void verifyPin(PINData *in)
        }
        while(!(pressed & PIN_BUTTONS));

-        pressed &= PIN_BUTTONS & ~BUTTON_START;
+        pressed &= PIN_BUTTONS;
+        if(!allowSkipping) pressed &= ~BUTTON_START;

+        if(pressed & BUTTON_START) return;
        if(!pressed) continue;

+        char key = pinKeyToLetter(pressed);
+        enteredPassword[cnt++] = (u8)key; //Add character to password
+
+        //Visualize character on screen
+        drawCharacter(key, true, 10 + charDrawPos, 10 + 2 * SPACING_Y, COLOR_WHITE);
+        charDrawPos += 2 * SPACING_X;
+    }
+
+    PinData pin;
+
+    memcpy(pin.magic, "PINF", 4);
+    pin.formatVersionMajor = PIN_VERSIONMAJOR;
+    pin.formatVersionMinor = PIN_VERSIONMINOR;
+    pin.length = length;
+
+    u8 __attribute__((aligned(4))) tmp[0x20];
+    u8 __attribute__((aligned(4))) zeroes[0x10] = {0};
+
+    computePinHash(tmp, zeroes);
+    memcpy(pin.testHash, tmp, sizeof(tmp));
+
+    computePinHash(tmp, enteredPassword);
+    memcpy(pin.hash, tmp, sizeof(tmp));
+
+    if(!fileWrite(&pin, PIN_PATH, sizeof(PinData)))
+        error("Error writing the PIN file");
+}
+
+bool verifyPin(void)
+{
+    PinData pin;
+
+    if(fileRead(&pin, PIN_PATH, sizeof(PinData)) != sizeof(PinData) ||
+       memcmp(pin.magic, "PINF", 4) != 0 ||
+       pin.formatVersionMajor != PIN_VERSIONMAJOR ||
+       pin.formatVersionMinor != PIN_VERSIONMINOR ||
+       pin.length != 4 + 2 * (MULTICONFIG(PIN) - 1))
+        return false;
+
+    u8 __attribute__((aligned(4))) zeroes[0x10] = {0};
+    u8 __attribute__((aligned(4))) tmp[0x20];
+
+    computePinHash(tmp, zeroes);
+
+    //Test vector verification (SD card has, or hasn't been used on another console)
+    if(memcmp(pin.testHash, tmp, sizeof(tmp)) != 0) return false;
+
+    initScreens();
+
+    //Pad to AES block length with zeroes
+    u8 __attribute__((aligned(4))) enteredPassword[0x10] = {0};
+
+    bool unlock = false;
+    u8 cnt = 0;
+    u32 charDrawPos = 16 * SPACING_X;
+
+    const char messagePath[] = "/luma/pinmessage.txt";
+
+    u32 messageSize = getFileSize(messagePath);
+    if(messageSize > 0 && messageSize <= 800)
+    {
+        char message[messageSize + 1];
+        fileRead(message, messagePath, 0);
+        message[messageSize] = 0;
+        drawString(message, false, 10, 10, COLOR_WHITE);
+    }
+
+    while(!unlock)
+    {
+        drawString("Press START to shutdown or enter PIN to proceed", true, 10, 10, COLOR_TITLE);
+        drawString("PIN (  digits): ", true, 10, 10 + 2 * SPACING_Y, COLOR_WHITE);
+        drawCharacter('0' + pin.length, true, 10 + 5 * SPACING_X, 10 + 2 * SPACING_Y, COLOR_WHITE);
+
+        u32 pressed;
+        do
+        {
+            pressed = waitInput();
+        }
+        while(!(pressed & PIN_BUTTONS));
+
        if(pressed & BUTTON_START) mcuPowerOff();

-        char key = PINKeyToLetter(pressed);
-        enteredPassword[cnt++] = (u8)key; // add character to password.
+        pressed &= PIN_BUTTONS;

-        // visualize character on screen.
-        drawCharacter(key, 10 + charDrawPos, 10 + 2 * SPACING_Y, COLOR_WHITE);
+        if(!pressed) continue;
+
+        char key = pinKeyToLetter(pressed);
+        enteredPassword[cnt++] = (u8)key; //Add character to password
+
+        //Visualize character on screen
+        drawCharacter(key, true, 10 + charDrawPos, 10 + 2 * SPACING_Y, COLOR_WHITE);
        charDrawPos += 2 * SPACING_X;

-        if(cnt >= PIN_LENGTH)
+        if(cnt >= pin.length)
        {
-            u8 __attribute__((aligned(4))) tmp[32] = {0};
-
-            computePINHash(tmp, enteredPassword, (PIN_LENGTH + 15) / 16);
-            unlock = memcmp(in->hash, tmp, 32) == 0;
+            computePinHash(tmp, enteredPassword);
+            unlock = memcmp(pin.hash, tmp, sizeof(tmp)) == 0;

            if(!unlock)
            {
-                charDrawPos = 5 * SPACING_X;
+                charDrawPos = 16 * SPACING_X;
                cnt = 0;

-                clearScreens();
+                clearScreens(true, false);

-                drawString("Press START to shutdown or enter pin to proceed.", 10, 10, COLOR_WHITE);
-                drawString("Pin: ", 10, 10 + 2 * SPACING_Y, COLOR_WHITE);
-                drawString("Wrong pin! Try again!", 10, 10 + 3 * SPACING_Y, COLOR_RED); 
+                drawString("Wrong PIN, try again", true, 10, 10 + 4 * SPACING_Y, COLOR_RED); 
            }
        }
    }
+
+    return true;
 }
--- a/source/pin.h
+++ b/source/pin.h
@@ -21,26 +21,26 @@
 */

 /*
-*   pin.h
-*
-*   Code to manage pin locking for 3ds. By reworks.
+*   Code originally by reworks
 */

 #pragma once

 #include "types.h"

-#define PIN_LENGTH  4
+#define PIN_PATH         "/luma/pin.bin"
+#define PIN_VERSIONMAJOR 1
+#define PIN_VERSIONMINOR 2

 typedef struct __attribute__((packed))
 {
    char magic[4];
    u16 formatVersionMajor, formatVersionMinor;

+    u8 length;
    u8 testHash[32];
    u8 hash[32];
-} PINData;
+} PinData;

-bool readPin(PINData* out);
-void newPin(void);
-void verifyPin(PINData *in);
+void newPin(bool allowSkipping);
+bool verifyPin(void);
--- a/source/screen.c
+++ b/source/screen.c
@@ -21,8 +21,8 @@
 */

 /*
-*   Screen init code by dark_samus, bil1s, Normmatt, delebile and others.
-*   Screen deinit code by tiniVi.
+*   Screen init code by dark_samus, bil1s, Normmatt, delebile and others
+*   Screen deinit code by tiniVi
 */

 #include "screen.h"
@@ -101,32 +101,45 @@ void updateBrightness(u32 brightnessIndex)
    invokeArm11Function(ARM11);
 }

-void clearScreens(void)
-{   
+void clearScreens(bool clearTop, bool clearBottom)
+{
+    static bool clearTopTmp,
+                clearBottomTmp;
+    clearTopTmp = clearTop;
+    clearBottomTmp = clearBottom;
+
    void __attribute__((naked)) ARM11(void)
    {
        //Disable interrupts
        __asm(".word 0xF10C01C0");

        //Setting up two simultaneous memory fills using the GPU
-        vu32 *REGs_PSC0 = (vu32 *)0x10400010;
-        REGs_PSC0[0] = (u32)fb->top_left >> 3; //Start address
-        REGs_PSC0[1] = (u32)(fb->top_left + 0x46500) >> 3; //End address
-        REGs_PSC0[2] = 0; //Fill value
-        REGs_PSC0[3] = (2 << 8) | 1; //32-bit pattern; start

-        vu32 *REGs_PSC1 = (vu32 *)0x10400020;
-        REGs_PSC1[0] = (u32)fb->bottom >> 3; //Start address
-        REGs_PSC1[1] = (u32)(fb->bottom + 0x38400) >> 3; //End address
-        REGs_PSC1[2] = 0; //Fill value
-        REGs_PSC1[3] = (2 << 8) | 1; //32-bit pattern; start
+        vu32 *REGs_PSC0 = (vu32 *)0x10400010,
+             *REGs_PSC1 = (vu32 *)0x10400020;

-        while(!((REGs_PSC0[3] & 2) && (REGs_PSC1[3] & 2)));
+        if(clearTopTmp)
+        {
+            REGs_PSC0[0] = (u32)fb->top_left >> 3; //Start address
+            REGs_PSC0[1] = (u32)(fb->top_left + SCREEN_TOP_FBSIZE) >> 3; //End address
+            REGs_PSC0[2] = 0; //Fill value
+            REGs_PSC0[3] = (2 << 8) | 1; //32-bit pattern; start
+        }

-        if(fb->top_right != fb->top_left)
+        if(clearBottomTmp)
+        {
+            REGs_PSC1[0] = (u32)fb->bottom >> 3; //Start address
+            REGs_PSC1[1] = (u32)(fb->bottom + SCREEN_BOTTOM_FBSIZE) >> 3; //End address
+            REGs_PSC1[2] = 0; //Fill value
+            REGs_PSC1[3] = (2 << 8) | 1; //32-bit pattern; start
+        }
+
+        while(!((!clearTopTmp || (REGs_PSC0[3] & 2)) && (!clearBottomTmp || (REGs_PSC1[3] & 2))));
+
+        if(fb->top_right != fb->top_left && clearTopTmp)
        {
            REGs_PSC0[0] = (u32)fb->top_right >> 3; //Start address
-            REGs_PSC0[1] = (u32)(fb->top_right + 0x46500) >> 3; //End address
+            REGs_PSC0[1] = (u32)(fb->top_right + SCREEN_TOP_FBSIZE) >> 3; //End address
            REGs_PSC0[2] = 0; //Fill value
            REGs_PSC0[3] = (2 << 8) | 1; //32-bit pattern; start

@@ -136,6 +149,8 @@ void clearScreens(void)
        WAIT_FOR_ARM9();
    }

+    flushDCacheRange(&clearTopTmp, 1);
+    flushDCacheRange(&clearBottomTmp, 1);
    flushDCacheRange((void *)fb, sizeof(struct fb));
    invokeArm11Function(ARM11);
 }
@@ -147,7 +162,7 @@ void initScreens(void)
        //Disable interrupts
        __asm(".word 0xF10C01C0");

-        u32 brightnessLevel = brightness[MULTICONFIG(0)];
+        u32 brightnessLevel = brightness[MULTICONFIG(BRIGHTNESS)];
        
        *(vu32 *)0x10141200 = 0x1007F;
        *(vu32 *)0x10202014 = 0x00000001;
@@ -242,18 +257,18 @@ void initScreens(void)

    if(PDN_GPU_CNT == 1)
    {
-        flushDCacheRange(&config, 4);
+        flushDCacheRange(&configData, sizeof(CfgData));
        flushDCacheRange((void *)fb, sizeof(struct fb));
        invokeArm11Function(ARM11);

-        clearScreens();
+        clearScreens(true, true);

        //Turn on backlight
        i2cWriteRegister(I2C_DEV_MCU, 0x22, 0x2A);
    }
    else
    {
-        clearScreens();
-        updateBrightness(MULTICONFIG(0));
+        clearScreens(true, true);
+        updateBrightness(MULTICONFIG(BRIGHTNESS));
    }
 }
--- a/source/screen.h
+++ b/source/screen.h
@@ -21,17 +21,18 @@
 */

 /*
-*   Screen init code by dark_samus, bil1s, Normmatt, delebile and others.
-*   Screen deinit code by tiniVi.
+*   Screen init code by dark_samus, bil1s, Normmatt, delebile and others
+*   Screen deinit code by tiniVi
 */

 #pragma once

 #include "types.h"

-#define PDN_GPU_CNT         (*(vu8 *)0x10141200)
-#define ARM11_STUB_ADDRESS  (0x25000000 - 0x30) //It's currently only 0x28 bytes large. We're putting 0x30 just to be sure here
-#define WAIT_FOR_ARM9()     *arm11Entry = 0; while(!*arm11Entry); ((void (*)())*arm11Entry)();
+#define PDN_GPU_CNT (*(vu8  *)0x10141200)
+
+#define ARM11_STUB_ADDRESS (0x25000000 - 0x30) //It's currently only 0x28 bytes large. We're putting 0x30 just to be sure here
+#define WAIT_FOR_ARM9()    *arm11Entry = 0; while(!*arm11Entry); ((void (*)())*arm11Entry)();

 static volatile struct fb {
     u8 *top_left;
@@ -41,5 +42,5 @@ static volatile struct fb {

 void deinitScreens(void);
 void updateBrightness(u32 brightnessIndex);
-void clearScreens(void);
+void clearScreens(bool clearTop, bool clearBottom);
 void initScreens(void);
--- a/source/start.s
+++ b/source/start.s
@@ -26,8 +26,8 @@
 _start:
    b start

-.global launchedFirmTIDLow
-launchedFirmTIDLow:
+.global launchedFirmTidLow
+launchedFirmTidLow:
    .hword 0, 0, 0, 0, 0, 0, 0, 0 

 start:
@@ -80,6 +80,7 @@ start:
    @ Enable caches / MPU / ITCM
    mrc p15, 0, r0, c1, c0, 0  @ read control register
    orr r0, r0, #(1<<18)       @ - ITCM enable
+    orr r0, r0, #(1<<13)       @ - alternate exception vectors enable
    orr r0, r0, #(1<<12)       @ - instruction cache enable
    orr r0, r0, #(1<<2)        @ - data cache enable
    orr r0, r0, #(1<<0)        @ - mpu enable
--- a/source/strings.c
+++ b/source/strings.c
@@ -0,0 +1,55 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#include "strings.h"
+#include "memory.h"
+
+u32 strlen(const char *string)
+{
+    char *stringEnd = (char *)string;
+
+    while(*stringEnd) stringEnd++;
+
+    return stringEnd - string;
+}
+
+void concatenateStrings(char *destination, const char *source)
+{
+    u32 i = strlen(source),
+        j = strlen(destination);
+
+    memcpy(&destination[j], source, i + 1);
+}
+
+void hexItoa(u32 number, char *out, u32 digits)
+{
+    const char hexDigits[] = "0123456789ABCDEF";
+    u32 i = 0;
+
+    while(number > 0)
+    {
+        out[digits - 1 - i++] = hexDigits[number & 0xF];
+        number >>= 4;
+    }
+
+    while(i < digits) out[digits - 1 - i++] = '0';
+}
--- a/source/strings.h
+++ b/source/strings.h
@@ -0,0 +1,29 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#pragma once
+
+#include "types.h"
+
+u32 strlen(const char *string);
+void concatenateStrings(char *destination, const char *source);
+void hexItoa(u32 number, char *out, u32 digits);
--- a/source/types.h
+++ b/source/types.h
@@ -36,18 +36,21 @@ typedef volatile u16 vu16;
 typedef volatile u32 vu32;
 typedef volatile u64 vu64;

-//Used by multiple files:
+//Used by multiple files
 typedef enum FirmwareSource
 {
    FIRMWARE_SYSNAND = 0,
-    FIRMWARE_EMUNAND = 1,
-    FIRMWARE_EMUNAND2 = 2
+    FIRMWARE_EMUNAND,
+    FIRMWARE_EMUNAND2,
+    FIRMWARE_EMUNAND3,
+    FIRMWARE_EMUNAND4
 } FirmwareSource;

 typedef enum FirmwareType
 {
    NATIVE_FIRM = 0,
-    TWL_FIRM = 1,
-    AGB_FIRM = 2,
-    SAFE_FIRM = 3
+    TWL_FIRM,
+    AGB_FIRM,
+    SAFE_FIRM,
+    NATIVE_FIRM1X2X
 } FirmwareType;
--- a/source/utils.c
+++ b/source/utils.c
@@ -29,8 +29,8 @@

 u32 waitInput(void)
 {
-    u32 pressedKey = 0,
-        key;
+    bool pressedKey = false;
+    u32 key;

    //Wait for no keys to be pressed
    while(HID_PAD);
@@ -43,10 +43,10 @@ u32 waitInput(void)
        key = HID_PAD;

        //Make sure it's pressed
-        for(u32 i = 0x13000; i; i--)
+        for(u32 i = 0x13000; i > 0; i--)
        {
            if(key != HID_PAD) break;
-            if(i == 1) pressedKey = 1;
+            if(i == 1) pressedKey = true;
        }
    }
    while(!pressedKey);
@@ -56,9 +56,10 @@ u32 waitInput(void)

 void mcuReboot(void)
 {
-    if(PDN_GPU_CNT != 1) clearScreens();
+    if(!isFirmlaunch && PDN_GPU_CNT != 1) clearScreens(true, true);

-    flushEntireDCache(); //Ensure that all memory transfers have completed and that the data cache has been flushed
+    //Ensure that all memory transfers have completed and that the data cache has been flushed
+    flushEntireDCache();

    i2cWriteRegister(I2C_DEV_MCU, 0x20, 1 << 2);
    while(true);
@@ -66,19 +67,17 @@ void mcuReboot(void)

 void mcuPowerOff(void)
 {
-    if(PDN_GPU_CNT != 1) clearScreens();
+    if(!isFirmlaunch && PDN_GPU_CNT != 1) clearScreens(true, true);

-    flushEntireDCache(); //Ensure that all memory transfers have completed and that the data cache has been flushed
+    //Ensure that all memory transfers have completed and that the data cache has been flushed
+    flushEntireDCache();
    
    i2cWriteRegister(I2C_DEV_MCU, 0x20, 1 << 0);
    while(true);
 }

-//TODO: add support for TIMER IRQ
 static inline void startChrono(u64 initialTicks)
 {
-    //Based on a NATIVE_FIRM disassembly
-
    REG_TIMER_CNT(0) = 0; //67MHz
    for(u32 i = 1; i < 4; i++) REG_TIMER_CNT(i) = 4; //Count-up

@@ -115,9 +114,9 @@ void error(const char *message)
 {
    initScreens();

-    drawString("An error has occurred:", 10, 10, COLOR_RED);
-    int posY = drawString(message, 10, 30, COLOR_WHITE);
-    drawString("Press any button to shutdown", 10, posY + 2 * SPACING_Y, COLOR_WHITE);
+    drawString("An error has occurred:", true, 10, 10, COLOR_RED);
+    u32 posY = drawString(message, true, 10, 30, COLOR_WHITE);
+    drawString("Press any button to shutdown", true, 10, posY + 2 * SPACING_Y, COLOR_WHITE);

    waitInput();
    mcuPowerOff();
--- a/source/utils.h
+++ b/source/utils.h
@@ -28,6 +28,8 @@
 #define REG_TIMER_CNT(i)    *(vu16 *)(0x10003002 + 4 * i)
 #define REG_TIMER_VAL(i)    *(vu16 *)(0x10003000 + 4 * i)

+extern bool isFirmlaunch;
+
 u32 waitInput(void);
 void mcuReboot(void);
 void mcuPowerOff(void);