Fix memcmp u"nand" in fs.c

This reverts commit ba88ec25f6.

Conflicts:
	source/firm.c

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,87 @@
+<!--
+-- THIS IS NOT A SUPPORT FORUM! For support please go to:
+-- Luma3DS GBATemp thread: https://gbatemp.net/threads/luma3ds-noob-proof-3ds-custom-firmware.411110/
+-- Nintendo Hacking: https://discord.gg/MjzatM8y
+--
+-- Also check the Wiki (https://github.com/AuroraWright/Luma3DS/wiki) before making an issue.
+--
+-- For those with GBA/DSiWare/DS/AGB_FIRM/TWL_FIRM problems: https://3ds.guide/troubleshooting
+-- If you're using an emu/redNAND anything related to that must also be installed to sysNAND.
+-- Please make sure to read "Enable game patching" https://github.com/AuroraWright/Luma3DS/wiki/Options-and-usage before posting any issues about the "Enable game patching" option(s).
+--
+-- Please fill in the placeholders.
+--
+-->
+**System model:** [e.g. 2DS, New 3DS, Old 3DS]
+
+**SysNAND version (+emu/redNAND version if applicable):** [e.g. 11.4.0-37U]
+
+**Entrypoint (How/what you're using to boot Luma3DS):** [e.g. A9LH]
+
+**Luma3DS version:** [e.g. 7.0.5 stable or if using nightly specify the commit like this https://github.com/AuroraWright/Luma3DS/commit/5fe83588eb4b8faafc7773b3739a3d3307160b04]
+<!--
+-- You can check which version you're on in the configuration menu. It will be on the top of the screen.
+-->
+
+**Luma3DS configuration/options:**
+
+Default EmuNAND: ( )
+
+Screen brightness: ( )
+
+Splash: ( )
+
+PIN lock: ( )
+
+New 3DS CPU: ( )
+<!--
+-- This option is only available for New 3DS/2DS.
+-->
+
+
+--
+
+Autoboot SysNAND: ( )
+
+Use SysNAND FIRM if booting with R: ( )
+
+Enable loading external FIRMs and modules: ( )
+<!--
+-- Firmware (.bin) files are not required by Luma, or NTR CFW anymore.
+-- If you're having issues with this option enabled try deleting them from the luma folder on the root of the SD card and disabling this option.
+-->
+
+Use custom path: ( )
+
+Enable game patching: ( )
+
+Show NAND or user string in System Settings: ( )
+
+Show GBA boot screen in patched AGB_FIRM: ( )
+
+Patch SVC/service/archive/ARM9 access: ( )
+
+Set developer UNITINFO: ( )
+
+Enable exception handlers: ( )
+
+--
+
+**Explanation of the issue:**
+
+
+
+
+
+
+**Steps to reproduce:**
+
+1.
+
+2.
+
+
+**Dump file:**
+<!-- If the issue leads to a crash you can generate a crash dump by checking the "Enable exception handlers" option.
+-- The error message will tell you where the dump is.
+Zip the dmp file and drag & drop it below. -->

.gitignore

@@ -4,6 +4,7 @@ loader/build
 injector/build
 exceptions/arm9/build
 exceptions/arm11/build
+haxloader/build
 *.bin
 *.3dsx
 *.smdh

.gitmodules

@@ -1,6 +0,0 @@
-[submodule "CakeBrah"]
-	path = CakeBrah
-	url = https://github.com/mid-kid/CakeBrah
-[submodule "CakeHax"]
-	path = CakeHax
-	url = https://github.com/mid-kid/CakeHax

Makefile

@@ -4,110 +4,109 @@ ifeq ($(strip $(DEVKITARM)),)
 $(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
 endif
 
-include $(DEVKITARM)/3ds_rules
-
-CC := arm-none-eabi-gcc
-AS := arm-none-eabi-as
-LD := arm-none-eabi-ld
-OC := arm-none-eabi-objcopy
+include $(DEVKITARM)/base_tools
 
 name := Luma3DS
 revision := $(shell git describe --tags --match v[0-9]* --abbrev=8 | sed 's/-[0-9]*-g/-/i')
+commit := $(shell git rev-parse --short=8 HEAD)
 
 dir_source := source
 dir_patches := patches
 dir_loader := loader
 dir_injector := injector
-dir_mset := CakeHax
-dir_ninjhax := CakeBrah
+dir_exceptions := exceptions
+dir_arm9_exceptions := $(dir_exceptions)/arm9
+dir_arm11_exceptions := $(dir_exceptions)/arm11
 dir_build := build
 dir_out := out
 
 ASFLAGS := -mcpu=arm946e-s
-CFLAGS := -Wall -Wextra -MMD -MP -marm $(ASFLAGS) -fno-builtin -fshort-wchar -std=c11 -Wno-main -O2 -flto -ffast-math
+CFLAGS := -Wall -Wextra $(ASFLAGS) -fno-builtin -std=c11 -Wno-main -O2 -flto -ffast-math
 LDFLAGS := -nostartfiles
-FLAGS := name=$(name).dat dir_out=$(abspath $(dir_out)) ICON=$(abspath icon.png) APP_DESCRIPTION="Noob-friendly 3DS CFW." APP_AUTHOR="Aurora Wright/TuxSH" --no-print-directory
 
 objects = $(patsubst $(dir_source)/%.s, $(dir_build)/%.o, \
           $(patsubst $(dir_source)/%.c, $(dir_build)/%.o, \
           $(call rwildcard, $(dir_source), *.s *.c)))
 
-bundled = $(dir_build)/rebootpatch.h $(dir_build)/emunandpatch.h $(dir_build)/injector.h $(dir_build)/loader.h
+bundled = $(dir_build)/reboot.bin.o $(dir_build)/emunand.bin.o $(dir_build)/svcGetCFWInfo.bin.o $(dir_build)/k11modules.bin.o \
+          $(dir_build)/injector.bin.o $(dir_build)/loader.bin.o $(dir_build)/arm9_exceptions.bin.o $(dir_build)/arm11_exceptions.bin.o
+
+define bin2o
+	bin2s $< | $(AS) -o $(@)
+endef
 
 .PHONY: all
-all: launcher a9lh ninjhax
-
-.PHONY: launcher
-launcher: $(dir_out)/$(name).dat
-
-.PHONY: a9lh
-a9lh: $(dir_out)/arm9loaderhax.bin
-
-.PHONY: ninjhax
-ninjhax: $(dir_out)/3ds/$(name)
+all: firm
 
 .PHONY: release
 release: $(dir_out)/$(name)$(revision).7z
 
+.PHONY: firm
+firm: $(dir_out)/boot.firm
+
 .PHONY: clean
 clean:
-	@$(MAKE) $(FLAGS) -C $(dir_mset) clean
-	@$(MAKE) $(FLAGS) -C $(dir_ninjhax) clean
 	@$(MAKE) -C $(dir_loader) clean
+	@$(MAKE) -C $(dir_arm9_exceptions) clean
+	@$(MAKE) -C $(dir_arm11_exceptions) clean
 	@$(MAKE) -C $(dir_injector) clean
 	@rm -rf $(dir_out) $(dir_build)
 
-$(dir_out):
-	@mkdir -p "$(dir_out)"
+.PRECIOUS: $(dir_build)/%.bin
 
-$(dir_out)/$(name).dat: $(dir_build)/main.bin $(dir_out)
-	@$(MAKE) $(FLAGS) -C $(dir_mset) launcher
-	@dd if=$(dir_build)/main.bin of=$@ bs=512 seek=144
+.PHONY: $(dir_loader)
+.PHONY: $(dir_arm9_exceptions)
+.PHONY: $(dir_arm11_exceptions)
+.PHONY: $(dir_injector)
 
-$(dir_out)/arm9loaderhax.bin: $(dir_build)/main.bin $(dir_out)
-	@cp -a $(dir_build)/main.bin $@
+$(dir_out)/$(name)$(revision).7z: all
+	@mkdir -p "$(@D)"
+	@7z a -mx $@ ./$(@D)/* ./$(dir_exceptions)/exception_dump_parser.py
 
-$(dir_out)/3ds/$(name): $(dir_out)
-	@mkdir -p "$@"
-	@$(MAKE) $(FLAGS) -C $(dir_ninjhax)
-	@mv $(dir_out)/$(name).3dsx $(dir_out)/$(name).smdh $@
+$(dir_out)/boot.firm: $(dir_build)/main.elf
+	@mkdir -p "$(@D)"
+	@firmtool build $@ -e 0 -D $^ -C NDMA
 
-$(dir_out)/$(name)$(revision).7z: launcher a9lh ninjhax
-	@7z a -mx $@ ./$(@D)/*
-
-$(dir_build)/main.bin: $(dir_build)/main.elf
-	$(OC) -S -O binary $< $@
-
-$(dir_build)/main.elf: $(objects)
+$(dir_build)/main.elf: $(bundled) $(objects)
 	$(LINK.o) -T linker.ld $(OUTPUT_OPTION) $^
 
-$(dir_build)/emunandpatch.h: $(dir_patches)/emunand.s $(dir_injector)/Makefile
+$(dir_build)/%.bin.o: $(dir_build)/%.bin
+	@$(bin2o)
+
+$(dir_build)/injector.bin: $(dir_injector)
+	@mkdir -p "$(@D)"
+	@$(MAKE) -C $<
+
+$(dir_build)/loader.bin: $(dir_loader)
+	@mkdir -p "$(@D)"
+	@$(MAKE) -C $<
+
+$(dir_build)/arm9_exceptions.bin: $(dir_arm9_exceptions)
+	@mkdir -p "$(@D)"
+	@$(MAKE) -C $<
+
+$(dir_build)/arm11_exceptions.bin: $(dir_arm11_exceptions)
+	@mkdir -p "$(@D)"
+	@$(MAKE) -C $<
+
+$(dir_build)/%.bin: $(dir_patches)/%.s
 	@mkdir -p "$(@D)"
 	@armips $<
-	@bin2c -o $@ -n emunand $(@D)/emunand.bin
 
-$(dir_build)/rebootpatch.h: $(dir_patches)/reboot.s
-	@mkdir -p "$(@D)"
-	@armips $<
-	@bin2c -o $@ -n reboot $(@D)/reboot.bin
-
-$(dir_build)/injector.h: $(dir_injector)/Makefile
-	@mkdir -p "$(@D)"
-	@$(MAKE) -C $(dir_injector)
-	@bin2c -o $@ -n injector $(@D)/injector.cxi
-
-$(dir_build)/loader.h: $(dir_loader)/Makefile
-	@$(MAKE) -C $(dir_loader)
-	@bin2c -o $@ -n loader $(@D)/loader.bin
-
-$(dir_build)/memory.o: CFLAGS += -O3
+$(dir_build)/memory.o $(dir_build)/strings.o: CFLAGS += -O3
 $(dir_build)/config.o: CFLAGS += -DCONFIG_TITLE="\"$(name) $(revision) configuration\""
+$(dir_build)/patches.o: CFLAGS += -DREVISION=\"$(revision)\" -DCOMMIT_HASH="0x$(commit)"
 
-$(dir_build)/%.o: $(dir_source)/%.c $(bundled)
+$(dir_build)/bundled.h: $(bundled)
+	@$(foreach f, $(bundled),\
+	echo "extern const u8" `(echo $(basename $(notdir $(f))) | sed -e 's/^\([0-9]\)/_\1/' | tr . _)`"[];" >> $@;\
+	echo "extern const u32" `(echo $(basename $(notdir $(f)))| sed -e 's/^\([0-9]\)/_\1/' | tr . _)`_size";" >> $@;\
+	)
+
+$(dir_build)/%.o: $(dir_source)/%.c $(dir_build)/bundled.h
 	@mkdir -p "$(@D)"
 	$(COMPILE.c) $(OUTPUT_OPTION) $<
 
 $(dir_build)/%.o: $(dir_source)/%.s
 	@mkdir -p "$(@D)"
 	$(COMPILE.s) $(OUTPUT_OPTION) $<
-include $(call rwildcard, $(dir_build), *.d)

README.md

@@ -1,23 +1,38 @@
 # Luma3DS
 *Noob-proof (N)3DS "Custom Firmware"*
 
-**Compiling:**
+## What it is
 
-First you need to clone the repository recursively with: `git clone --recursive https://github.com/AuroraWright/Luma3DS.git`
-To compile, you'll need [armips](https://github.com/Kingcom/armips), [bin2c](https://sourceforge.net/projects/bin2c/), and a recent build of [makerom](https://github.com/profi200/Project_CTR) added to your PATH.  
+**Luma3DS** is a program to patch the system software of (New) Nintendo 3DS handheld consoles "on the fly", adding features (such as per-game language settings and debugging capabilities for developers) and removing restrictions enforced by Nintendo (such as the region lock).
+It also allows you to run unauthorized ("homebrew") content by removing signature checks.  
+To use it, you will need a console capable of running homebrew software on the ARM9 processor. We recommend [Plailect's guide](https://3ds.guide/) for details on how to get your system ready.
+
+---
+
+## Compiling
+
+First you need to clone the repository recursively with: `git clone --recursive https://github.com/AuroraWright/Luma3DS.git`  
+To compile, you'll need [armips](https://github.com/Kingcom/armips) and a build of a recent commit of [makerom](https://github.com/profi200/Project_CTR) added to your PATH.  
+For now, you'll also need to update your [libctru](https://github.com/smealum/ctrulib) install, building from the latest commit.  
 For your convenience, here are [Windows](http://www91.zippyshare.com/v/ePGpjk9r/file.html) and [Linux](https://mega.nz/#!uQ1T1IAD!Q91O0e12LXKiaXh_YjXD3D5m8_W3FuMI-hEa6KVMRDQ) builds of armips (thanks to who compiled them!).  
 Finally just run `make` and everything should work!  
-You can find the compiled files in the 'out' folder.
+You can find the compiled files in the `out` folder.
 
-**Setup / Usage / Features:**
+---
+
+## Setup / Usage / Features
 
 See https://github.com/AuroraWright/Luma3DS/wiki
 
-**Credits:**
- 
+---
+
+## Credits
+
 See https://github.com/AuroraWright/Luma3DS/wiki/Credits
 
-**Licensing:**
+---
+
+## Licensing
 
 This software is licensed under the terms of the GPLv3.  
 You can find a copy of the license in the LICENSE.txt file.

exceptions/arm11/Makefile

@@ -0,0 +1,42 @@
+rwildcard = $(foreach d, $(wildcard $1*), $(filter $(subst *, %, $2), $d) $(call rwildcard, $d/, $2))
+
+ifeq ($(strip $(DEVKITARM)),)
+$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
+endif
+
+include $(DEVKITARM)/base_tools
+
+name := arm11_exceptions
+
+dir_source := source
+dir_build := build
+dir_out := ../../$(dir_build)
+
+ASFLAGS := -mcpu=mpcore -mfpu=vfp
+CFLAGS := -Wall -Wextra -MMD -MP -mthumb $(ASFLAGS) -fno-builtin -std=c11 -Wno-main -O2 -flto -ffast-math
+LDFLAGS := -nostdlib
+
+objects = $(patsubst $(dir_source)/%.s, $(dir_build)/%.o, \
+          $(patsubst $(dir_source)/%.c, $(dir_build)/%.o, \
+          $(call rwildcard, $(dir_source), *.s *.c)))
+
+.PHONY: all
+all: $(dir_out)/$(name).bin
+
+.PHONY: clean
+clean:
+	@rm -rf $(dir_build)
+
+$(dir_out)/$(name).bin: $(dir_build)/$(name).elf
+	$(OBJCOPY) -S -O binary $< $@
+
+$(dir_build)/$(name).elf: $(objects)
+	$(CC) $(LDFLAGS) -T linker.ld $(OUTPUT_OPTION) $^
+
+$(dir_build)/%.o: $(dir_source)/%.c
+	@mkdir -p "$(@D)"
+	$(COMPILE.c) $(OUTPUT_OPTION) $<
+
+$(dir_build)/%.o: $(dir_source)/%.s
+	@mkdir -p "$(@D)"
+	$(COMPILE.s) $(OUTPUT_OPTION) $<

exceptions/arm11/linker.ld

@@ -0,0 +1,14 @@
+OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm")
+OUTPUT_ARCH(arm)
+
+ENTRY(_start)
+SECTIONS
+{
+    . = 0;
+
+    .text   : ALIGN(4) { *(.text.start) *(.text*); . = ALIGN(4); }
+    .rodata : ALIGN(4) { *(.rodata*); . = ALIGN(4); }
+    .data   : ALIGN(4) { *(.data*); . = ALIGN(8); *(.bss* COMMON); . = ALIGN(8); }
+    
+    . = ALIGN(4);
+}

exceptions/arm11/source/handlers.h

@@ -0,0 +1,48 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#pragma once
+
+#include "types.h"
+
+typedef struct __attribute__((packed))
+{
+    u32 magic[2];
+    u16 versionMinor, versionMajor;
+
+    u16 processor, core;
+    u32 type;
+
+    u32 totalSize;
+    u32 registerDumpSize;
+    u32 codeDumpSize;
+    u32 stackDumpSize;
+    u32 additionalDataSize;
+} ExceptionDumpHeader;
+
+void __attribute__((noreturn)) mcuReboot(void);
+void cleanInvalidateDCacheAndDMB(void);
+bool cannotAccessVA(const void *address);
+void FIQHandler(void);
+void undefinedInstructionHandler(void);
+void dataAbortHandler(void);
+void prefetchAbortHandler(void);

exceptions/arm11/source/handlers.s

@@ -0,0 +1,151 @@
+@   This file is part of Luma3DS
+@   Copyright (C) 2016 Aurora Wright, TuxSH
+@
+@   This program is free software: you can redistribute it and/or modify
+@   it under the terms of the GNU General Public License as published by
+@   the Free Software Foundation, either version 3 of the License, or
+@   (at your option) any later version.
+@
+@   This program is distributed in the hope that it will be useful,
+@   but WITHOUT ANY WARRANTY; without even the implied warranty of
+@   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+@   GNU General Public License for more details.
+@
+@   You should have received a copy of the GNU General Public License
+@   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+@
+@   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+@   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+@   Notices displayed by works containing it.
+
+.macro GEN_HANDLER name
+    .global \name
+    .type   \name, %function
+    \name:
+        ldr sp, =#0xffff3000
+        stmfd sp!, {r0-r7}
+        mov r1, #\@         @ macro expansion counter
+        b _commonHandler
+
+    .size   \name, . - \name
+.endm
+
+.text
+.arm
+.align 4
+
+.global _commonHandler
+.type   _commonHandler, %function
+_commonHandler:
+    clrex
+    cpsid aif
+    mrs r2, spsr
+    mov r6, sp
+    mrs r3, cpsr
+
+    tst r2, #0x20
+    bne noFPUInitNorSvcBreak
+    sub r0, lr, #4
+    stmfd sp!, {lr}
+    bl cannotAccessVA
+    ldmfd sp!, {lr}
+    cmp r0, #0
+    bne noFPUInitNorSvcBreak
+    ldr r4, [lr, #-4]
+    cmp r1, #1
+    bne noFPUInit
+
+    lsl r4, #4
+    sub r4, #0xc0000000
+    cmp r4, #0x30000000
+    bcs noFPUInitNorSvcBreak
+    fmrx r0, fpexc
+    tst r0, #0x40000000
+    bne noFPUInitNorSvcBreak
+
+    sub lr, #4
+    srsfd sp!, #0x13
+    ldmfd sp!, {r0-r7}          @ restore context
+    cps #0x13                   @ FPU init
+    stmfd sp, {r0-r3, r11-lr}^
+    sub sp, #0x20
+    bl .                        @ will be replaced
+    ldmfd sp, {r0-r3, r11-lr}^
+    add sp, #0x20
+    rfefd sp!
+
+    noFPUInit:
+    cmp r1, #2
+    bne noFPUInitNorSvcBreak
+    ldr r5, =#0xe12fff7f
+    cmp r4, r5
+    bne noFPUInitNorSvcBreak
+    cps #0x13                   @ switch to supervisor mode
+    cmp r10, #0
+    addne sp, #0x28
+    ldmfd sp, {r8-r11}^         @ implementation details of the official svc handler
+    ldr r2, [sp, #0x1c]         
+    ldr r4, [sp, #0x18]
+    msr cpsr_c, r3              @ restore processor mode
+    tst r2, #0x20
+    addne lr, r4, #2            @ adjust address for later
+    moveq lr, r4
+
+    noFPUInitNorSvcBreak:
+    ands r4, r2, #0xf       @ get the mode that triggered the exception
+    moveq r4, #0xf          @ usr => sys
+    bic r5, r3, #0xf
+    orr r5, r4
+    msr cpsr_c, r5          @ change processor mode
+    stmfd r6!, {r8-lr}
+    msr cpsr_c, r3          @ restore processor mode
+    mov sp, r6
+
+    stmfd sp!, {r2,lr}
+
+    mrc p15,0,r4,c5,c0,0    @ dfsr
+    mrc p15,0,r5,c5,c0,1    @ ifsr
+    mrc p15,0,r6,c6,c0,0    @ far
+    fmrx r7, fpexc
+    fmrx r8, fpinst
+    fmrx r9, fpinst2
+
+    stmfd sp!, {r4-r9}      @ it's a bit of a mess, but we will fix that later
+                            @ order of saved regs now: dfsr, ifsr, far, fpexc, fpinst, fpinst2, cpsr, pc + (2/4/8), r8-r14, r0-r7
+
+    bic r3, #(1<<31)
+    fmxr fpexc, r3          @ clear the VFP11 exception flag (if it's set)
+
+    mov r0, sp
+    mrc p15,0,r2,c0,c0,5    @ CPU ID register
+
+    b mainHandler
+
+GEN_HANDLER FIQHandler
+GEN_HANDLER undefinedInstructionHandler
+GEN_HANDLER prefetchAbortHandler
+GEN_HANDLER dataAbortHandler
+
+.global mcuReboot
+.type   mcuReboot, %function
+mcuReboot:
+    b .                     @ will be replaced
+
+.global cleanInvalidateDCacheAndDMB
+.type   cleanInvalidateDCacheAndDMB, %function
+cleanInvalidateDCacheAndDMB:
+    mov r0, #0
+    mcr p15,0,r0,c7,c14,0   @ Clean and Invalidate Entire Data Cache
+    mcr p15,0,r0,c7,c10,4   @ Drain Memory Barrier
+    bx lr
+
+.global cannotAccessVA
+.type   cannotAccessVA, %function
+cannotAccessVA:
+    @ Thanks yellows8 for the hint 
+    lsr r0, #12
+    lsl r0, #12
+    mcr p15,0,r0,c7,c8,0    @ VA to PA translation with privileged read permission check
+    mrc p15,0,r0,c7,c4,0    @ read PA register
+    and r0, #1              @ failure bit
+    bx lr

exceptions/arm11/source/mainHandler.c

@@ -0,0 +1,109 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#include "handlers.h"
+
+#define REG_DUMP_SIZE   4 * 23
+#define CODE_DUMP_SIZE  48
+
+#define CODESET_OFFSET  0xBEEFBEEF
+
+static u32 __attribute__((noinline)) copyMemory(void *dst, const void *src, u32 size, u32 alignment)
+{
+    u8 *out = (u8 *)dst;
+    const u8 *in = (const u8 *)src;
+
+    if(((u32)src & (alignment - 1)) != 0 || cannotAccessVA(src) || (size != 0 && cannotAccessVA((u8 *)src + size - 1)))
+        return 0;
+
+    for(u32 i = 0; i < size; i++)
+        *out++ = *in++;
+
+    return size;
+}
+
+void __attribute__((noreturn)) mainHandler(u32 *regs, u32 type, u32 cpuId)
+{
+    ExceptionDumpHeader dumpHeader;
+
+    u32 registerDump[REG_DUMP_SIZE / 4];
+    u8 codeDump[CODE_DUMP_SIZE];
+    u8 *finalBuffer = cannotAccessVA((void *)0xE5000000) ? (u8 *)0xF5000000 : (u8 *)0xE5000000; //VA for 0x25000000
+    u8 *final = finalBuffer;
+
+    while(*(vu32 *)final == 0xDEADC0DE && *((vu32 *)final + 1) == 0xDEADCAFE);
+
+    dumpHeader.magic[0] = 0xDEADC0DE;
+    dumpHeader.magic[1] = 0xDEADCAFE;
+    dumpHeader.versionMajor = 1;
+    dumpHeader.versionMinor = 2;
+
+    dumpHeader.processor = 11;
+    dumpHeader.core = cpuId & 0xF;
+    dumpHeader.type = type;
+
+    dumpHeader.registerDumpSize = REG_DUMP_SIZE;
+    dumpHeader.codeDumpSize = CODE_DUMP_SIZE;
+
+    //Dump registers
+    //Current order of saved regs: dfsr, ifsr, far, fpexc, fpinst, fpinst2, cpsr, pc, r8-r12, sp, lr, r0-r7
+    u32 cpsr = regs[6];
+    u32 pc   = regs[7] - (type < 3 ? (((cpsr & 0x20) != 0 && type == 1) ? 2 : 4) : 0);
+
+    registerDump[15] = pc;
+    registerDump[16] = cpsr;
+    for(u32 i = 0; i < 6; i++) registerDump[17 + i] = regs[i];
+    for(u32 i = 0; i < 7; i++) registerDump[8 + i]  = regs[8 + i];
+    for(u32 i = 0; i < 8; i++) registerDump[i]      = regs[15 + i];
+
+    //Dump code
+    u8 *instr = (u8 *)pc + ((cpsr & 0x20) ? 2 : 4) - dumpHeader.codeDumpSize; //Doesn't work well on 32-bit Thumb instructions, but it isn't much of a problem
+    dumpHeader.codeDumpSize = copyMemory(codeDump, instr, dumpHeader.codeDumpSize, ((cpsr & 0x20) != 0) ? 2 : 4);
+
+    //Copy register dump and code dump
+    final = (u8 *)(finalBuffer + sizeof(ExceptionDumpHeader));
+    final += copyMemory(final, registerDump, dumpHeader.registerDumpSize, 1);
+    final += copyMemory(final, codeDump, dumpHeader.codeDumpSize, 1);
+
+    //Dump stack in place
+    dumpHeader.stackDumpSize = copyMemory(final, (const void *)registerDump[13], 0x1000 - (registerDump[13] & 0xFFF), 1);
+    final += dumpHeader.stackDumpSize;
+
+    if(!cannotAccessVA((void *)0xFFFF9004))
+    {
+        vu64 *additionalData = (vu64 *)final;
+        dumpHeader.additionalDataSize = 16;
+        vu8 *currentKCodeSet = *(vu8 **)(*(vu8 **)0xFFFF9004 + CODESET_OFFSET); //currentKProcess + CodeSet
+
+        additionalData[0] = *(vu64 *)(currentKCodeSet + 0x50); //Process name
+        additionalData[1] = *(vu64 *)(currentKCodeSet + 0x5C); //Title ID
+    }
+    else dumpHeader.additionalDataSize = 0;
+
+    dumpHeader.totalSize = sizeof(ExceptionDumpHeader) + dumpHeader.registerDumpSize + dumpHeader.codeDumpSize + dumpHeader.stackDumpSize + dumpHeader.additionalDataSize;
+
+    //Copy header (actually optimized by the compiler)
+    *(ExceptionDumpHeader *)finalBuffer = dumpHeader;
+
+    cleanInvalidateDCacheAndDMB();
+    mcuReboot(); //Also contains DCache-cleaning code
+}

exceptions/arm11/source/start.s

@@ -0,0 +1,31 @@
+@   This file is part of Luma3DS
+@   Copyright (C) 2016 Aurora Wright, TuxSH
+@
+@   This program is free software: you can redistribute it and/or modify
+@   it under the terms of the GNU General Public License as published by
+@   the Free Software Foundation, either version 3 of the License, or
+@   (at your option) any later version.
+@
+@   This program is distributed in the hope that it will be useful,
+@   but WITHOUT ANY WARRANTY; without even the implied warranty of
+@   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+@   GNU General Public License for more details.
+@
+@   You should have received a copy of the GNU General Public License
+@   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+@
+@   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+@   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+@   Notices displayed by works containing it.
+
+.section .text.start
+.align 4
+.global _start
+_start:
+    add pc, r0, #(handlers - .) @ Dummy instruction to prevent compiler optimizations
+
+handlers:
+    .word FIQHandler
+    .word undefinedInstructionHandler
+    .word prefetchAbortHandler
+    .word dataAbortHandler

exceptions/arm11/source/types.h

@@ -0,0 +1,37 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#pragma once
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdbool.h>
+
+//Common data types
+typedef uint8_t u8;
+typedef uint16_t u16;
+typedef uint32_t u32;
+typedef uint64_t u64;
+typedef volatile u8 vu8;
+typedef volatile u16 vu16;
+typedef volatile u32 vu32;
+typedef volatile u64 vu64;

exceptions/arm9/Makefile

@@ -0,0 +1,42 @@
+rwildcard = $(foreach d, $(wildcard $1*), $(filter $(subst *, %, $2), $d) $(call rwildcard, $d/, $2))
+
+ifeq ($(strip $(DEVKITARM)),)
+$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
+endif
+
+include $(DEVKITARM)/base_tools
+
+name := arm9_exceptions
+
+dir_source := source
+dir_build := build
+dir_out := ../../$(dir_build)
+
+ASFLAGS := -mcpu=arm946e-s
+CFLAGS := -Wall -Wextra -mthumb $(ASFLAGS) -fno-builtin -std=c11 -Wno-main -O2 -flto -ffast-math
+LDFLAGS := -nostdlib
+
+objects = $(patsubst $(dir_source)/%.s, $(dir_build)/%.o, \
+          $(patsubst $(dir_source)/%.c, $(dir_build)/%.o, \
+          $(call rwildcard, $(dir_source), *.s *.c)))
+
+.PHONY: all
+all: $(dir_out)/$(name).bin
+
+.PHONY: clean
+clean:
+	@rm -rf $(dir_build)
+
+$(dir_out)/$(name).bin: $(dir_build)/$(name).elf
+	$(OBJCOPY) -S -O binary $< $@
+
+$(dir_build)/$(name).elf: $(objects)
+	$(CC) $(LDFLAGS) -T linker.ld $(OUTPUT_OPTION) $^
+
+$(dir_build)/%.o: $(dir_source)/%.c
+	@mkdir -p "$(@D)"
+	$(COMPILE.c) $(OUTPUT_OPTION) $<
+
+$(dir_build)/%.o: $(dir_source)/%.s
+	@mkdir -p "$(@D)"
+	$(COMPILE.s) $(OUTPUT_OPTION) $<

exceptions/arm9/linker.ld

@@ -0,0 +1,14 @@
+OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm")
+OUTPUT_ARCH(arm)
+
+ENTRY(_start)
+SECTIONS
+{
+    . = 0x01FF7FE0;
+
+    .text   : ALIGN(4) { *(.text.start) *(.text*); . = ALIGN(4); }
+    .rodata : ALIGN(4) { *(.rodata*); . = ALIGN(4); }
+    .data   : ALIGN(4) { *(.data*); . = ALIGN(8); *(.bss* COMMON); . = ALIGN(8); }
+
+    . = ALIGN(4);
+}

exceptions/arm9/source/handlers.h

@@ -0,0 +1,46 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#pragma once
+
+#include "types.h"
+
+typedef struct __attribute__((packed))
+{
+    u32 magic[2];
+    u16 versionMinor, versionMajor;
+
+    u16 processor, core;
+    u32 type;
+
+    u32 totalSize;
+    u32 registerDumpSize;
+    u32 codeDumpSize;
+    u32 stackDumpSize;
+    u32 additionalDataSize;
+} ExceptionDumpHeader;
+
+u32 readMPUConfig(u32 *regionSettings);
+void FIQHandler(void);
+void undefinedInstructionHandler(void);
+void dataAbortHandler(void);
+void prefetchAbortHandler(void);

exceptions/arm9/source/handlers.s

@@ -0,0 +1,109 @@
+@   This file is part of Luma3DS
+@   Copyright (C) 2016 Aurora Wright, TuxSH
+@
+@   This program is free software: you can redistribute it and/or modify
+@   it under the terms of the GNU General Public License as published by
+@   the Free Software Foundation, either version 3 of the License, or
+@   (at your option) any later version.
+@
+@   This program is distributed in the hope that it will be useful,
+@   but WITHOUT ANY WARRANTY; without even the implied warranty of
+@   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+@   GNU General Public License for more details.
+@
+@   You should have received a copy of the GNU General Public License
+@   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+@
+@   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+@   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+@   Notices displayed by works containing it.
+
+.macro GEN_HANDLER name
+    .global \name
+    .type   \name, %function
+    \name:
+        ldr sp, =#0x02000000    @ We make the (full descending) stack point to the end of ITCM for our exception handlers. 
+                                @ It doesn't matter if we're overwriting stuff here, since we're going to reboot.
+
+        stmfd sp!, {r0-r7}      @ FIQ has its own r8-r14 regs
+        ldr r1, =\@             @ macro expansion counter
+        b _commonHandler
+
+    .size   \name, . - \name
+.endm
+
+.text
+.arm
+.align 4
+
+.global _commonHandler
+.type   _commonHandler, %function
+_commonHandler:
+    mrs r2, spsr
+    mov r6, sp
+    mrs r3, cpsr
+
+    orr r3, #0x1c0              @ disable Imprecise Aborts, IRQ and FIQ (equivalent to "cpsid aif" on arm11)
+    msr cpsr_cx, r3
+
+    tst r2, #0x20
+    bne noSvcBreak
+    cmp r1, #2
+    bne noSvcBreak
+
+    sub r0, lr, #4              @ calling cannotAccessAddress cause more problems that it actually solves... (I've to save a lot of regs and that's a pain tbh)
+    lsr r0, #20                 @ we'll just do some address checks (to see if it's in ARM9 internal memory)
+    cmp r0, #0x80
+    bne noSvcBreak
+    ldr r4, [lr, #-4]
+    ldr r5, =#0xe12fff7f
+    cmp r4, r5
+    bne noSvcBreak
+    bic r5, r3, #0xf
+    orr r5, #0x3
+    msr cpsr_c, r5             @ switch to supervisor mode
+    ldmfd sp, {r8-r11}^
+    ldr r2, [sp, #0x1c]        @ implementation details of the official svc handler
+    ldr r4, [sp, #0x18]
+    msr cpsr_c, r3             @ restore processor mode
+    tst r2, #0x20
+    addne lr, r4, #2           @ adjust address for later
+    moveq lr, r4
+
+    noSvcBreak:
+    ands r4, r2, #0xf          @ get the mode that triggered the exception
+    moveq r4, #0xf             @ usr => sys
+    bic r5, r3, #0xf
+    orr r5, r4
+    msr cpsr_c, r5             @ change processor mode
+    stmfd r6!, {r8-lr}
+    msr cpsr_c, r3             @ restore processor mode
+    mov sp, r6
+
+    stmfd sp!, {r2,lr}         @ it's a bit of a mess, but we will fix that later
+                               @ order of saved regs now: cpsr, pc + (2/4/8), r8-r14, r0-r7
+
+    mov r0, sp
+
+    b mainHandler
+
+GEN_HANDLER FIQHandler
+GEN_HANDLER undefinedInstructionHandler
+GEN_HANDLER prefetchAbortHandler
+GEN_HANDLER dataAbortHandler
+
+.global readMPUConfig
+.type   readMPUConfig, %function
+readMPUConfig:
+    stmfd sp!, {r4-r8, lr}
+    mrc p15,0,r1,c6,c0,0
+    mrc p15,0,r2,c6,c1,0
+    mrc p15,0,r3,c6,c2,0
+    mrc p15,0,r4,c6,c3,0
+    mrc p15,0,r5,c6,c4,0
+    mrc p15,0,r6,c6,c5,0
+    mrc p15,0,r7,c6,c6,0
+    mrc p15,0,r8,c6,c7,0
+    stmia r0, {r1-r8}
+    mrc p15,0,r0,c5,c0,2       @ read data access permission bits
+    ldmfd sp!, {r4-r8, pc}

exceptions/arm9/source/i2c.c

@@ -0,0 +1,139 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+/*
+*   Thanks to the everyone who contributed in the development of this file
+*/
+
+#include "i2c.h"
+
+//-----------------------------------------------------------------------------
+
+static const struct { u8 bus_id, reg_addr; } dev_data[] = {
+    {0, 0x4A}, {0, 0x7A}, {0, 0x78},
+    {1, 0x4A}, {1, 0x78}, {1, 0x2C},
+    {1, 0x2E}, {1, 0x40}, {1, 0x44},
+    {2, 0xD6}, {2, 0xD0}, {2, 0xD2},
+    {2, 0xA4}, {2, 0x9A}, {2, 0xA0},
+};
+
+static inline u8 i2cGetDeviceBusId(u8 device_id)
+{
+    return dev_data[device_id].bus_id;
+}
+
+static inline u8 i2cGetDeviceRegAddr(u8 device_id)
+{
+    return dev_data[device_id].reg_addr;
+}
+
+//-----------------------------------------------------------------------------
+
+static vu8 *reg_data_addrs[] = {
+    (vu8 *)(I2C1_REG_OFF + I2C_REG_DATA),
+    (vu8 *)(I2C2_REG_OFF + I2C_REG_DATA),
+    (vu8 *)(I2C3_REG_OFF + I2C_REG_DATA),
+};
+
+static inline vu8 *i2cGetDataReg(u8 bus_id)
+{
+    return reg_data_addrs[bus_id];
+}
+
+//-----------------------------------------------------------------------------
+
+static vu8 *reg_cnt_addrs[] = {
+    (vu8 *)(I2C1_REG_OFF + I2C_REG_CNT),
+    (vu8 *)(I2C2_REG_OFF + I2C_REG_CNT),
+    (vu8 *)(I2C3_REG_OFF + I2C_REG_CNT),
+};
+
+static inline vu8 *i2cGetCntReg(u8 bus_id)
+{
+    return reg_cnt_addrs[bus_id];
+}
+
+//-----------------------------------------------------------------------------
+
+static inline void i2cWaitBusy(u8 bus_id)
+{
+    while (*i2cGetCntReg(bus_id) & 0x80);
+}
+
+static inline bool i2cGetResult(u8 bus_id)
+{
+    i2cWaitBusy(bus_id);
+
+    return (*i2cGetCntReg(bus_id) >> 4) & 1;
+}
+
+static void i2cStop(u8 bus_id, u8 arg0)
+{
+    *i2cGetCntReg(bus_id) = (arg0 << 5) | 0xC0;
+    i2cWaitBusy(bus_id);
+    *i2cGetCntReg(bus_id) = 0xC5;
+}
+
+//-----------------------------------------------------------------------------
+
+static bool i2cSelectDevice(u8 bus_id, u8 dev_reg)
+{
+    i2cWaitBusy(bus_id);
+    *i2cGetDataReg(bus_id) = dev_reg;
+    *i2cGetCntReg(bus_id) = 0xC2;
+
+    return i2cGetResult(bus_id);
+}
+
+static bool i2cSelectRegister(u8 bus_id, u8 reg)
+{
+    i2cWaitBusy(bus_id);
+    *i2cGetDataReg(bus_id) = reg;
+    *i2cGetCntReg(bus_id) = 0xC0;
+
+    return i2cGetResult(bus_id);
+}
+
+//-----------------------------------------------------------------------------
+
+bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data)
+{
+    u8 bus_id = i2cGetDeviceBusId(dev_id);
+    u8 dev_addr = i2cGetDeviceRegAddr(dev_id);
+
+    for(u32 i = 0; i < 8; i++)
+    {
+        if(i2cSelectDevice(bus_id, dev_addr) && i2cSelectRegister(bus_id, reg))
+        {
+            i2cWaitBusy(bus_id);
+            *i2cGetDataReg(bus_id) = data;
+            *i2cGetCntReg(bus_id) = 0xC1;
+            i2cStop(bus_id, 0);
+
+            if(i2cGetResult(bus_id)) return true;
+        }
+        *i2cGetCntReg(bus_id) = 0xC5;
+        i2cWaitBusy(bus_id);
+    }
+
+    return false;
+}

exceptions/arm9/source/i2c.h

@@ -0,0 +1,44 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+/*
+*   Thanks to the everyone who contributed in the development of this file
+*/
+
+#pragma once
+
+#include "types.h"
+
+#define I2C1_REG_OFF 0x10161000
+#define I2C2_REG_OFF 0x10144000
+#define I2C3_REG_OFF 0x10148000
+
+#define I2C_REG_DATA  0
+#define I2C_REG_CNT   1
+#define I2C_REG_CNTEX 2
+#define I2C_REG_SCL   4
+
+#define I2C_DEV_MCU  3
+#define I2C_DEV_GYRO 10
+#define I2C_DEV_IR   13
+
+bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data);

exceptions/arm9/source/mainHandler.c

@@ -0,0 +1,118 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#include "i2c.h"
+#include "handlers.h"
+
+#define FINAL_BUFFER    0x25000000
+
+#define REG_DUMP_SIZE   4 * 17
+#define CODE_DUMP_SIZE  48
+
+bool cannotAccessAddress(const void *address)
+{
+    u32 regionSettings[8];
+    u32 addr = (u32)address;
+
+    u32 dataAccessPermissions = readMPUConfig(regionSettings);
+    for(u32 i = 0; i < 8; i++)
+    {
+        if((dataAccessPermissions & 0xF) == 0 || (regionSettings[i] & 1) == 0)
+            continue; //No access / region not enabled
+
+        u32 regionAddrBase = regionSettings[i] & ~0xFFF;
+        u32 regionSize = 1 << (((regionSettings[i] >> 1) & 0x1F) + 1);
+
+        if(addr >= regionAddrBase && addr < regionAddrBase + regionSize)
+            return false;
+
+        dataAccessPermissions >>= 4;
+    }
+
+    return true;
+}
+
+static u32 __attribute__((noinline)) copyMemory(void *dst, const void *src, u32 size, u32 alignment)
+{
+    u8 *out = (u8 *)dst;
+    const u8 *in = (const u8 *)src;
+
+    if(((u32)src & (alignment - 1)) != 0 || cannotAccessAddress(src) || (size != 0 && cannotAccessAddress((u8 *)src + size - 1)))
+        return 0;
+
+    for(u32 i = 0; i < size; i++)
+        *out++ = *in++;
+
+    return size;
+}
+
+void __attribute__((noreturn)) mainHandler(u32 *regs, u32 type)
+{
+    ExceptionDumpHeader dumpHeader;
+
+    u32 registerDump[REG_DUMP_SIZE / 4];
+    u8 codeDump[CODE_DUMP_SIZE];
+
+    dumpHeader.magic[0] = 0xDEADC0DE;
+    dumpHeader.magic[1] = 0xDEADCAFE;
+    dumpHeader.versionMajor = 1;
+    dumpHeader.versionMinor = 2;
+
+    dumpHeader.processor = 9;
+    dumpHeader.core = 0;
+    dumpHeader.type = type;
+
+    dumpHeader.registerDumpSize = REG_DUMP_SIZE;
+    dumpHeader.codeDumpSize = CODE_DUMP_SIZE;
+    dumpHeader.additionalDataSize = 0;
+
+    //Dump registers
+    //Current order of saved regs: cpsr, pc, r8-r14, r0-r7
+    u32 cpsr = regs[0];
+    u32 pc   = regs[1] - (type < 3 ? (((cpsr & 0x20) != 0 && type == 1) ? 2 : 4) : 8);
+
+    registerDump[15] = pc;
+    registerDump[16] = cpsr;
+    for(u32 i = 0; i < 7; i++) registerDump[8 + i]  = regs[2 + i];
+    for(u32 i = 0; i < 8; i++) registerDump[i] = regs[9 + i]; 
+
+    //Dump code
+    u8 *instr = (u8 *)pc + ((cpsr & 0x20) ? 2 : 4) - dumpHeader.codeDumpSize; //Doesn't work well on 32-bit Thumb instructions, but it isn't much of a problem
+    dumpHeader.codeDumpSize = copyMemory(codeDump, instr, dumpHeader.codeDumpSize, ((cpsr & 0x20) != 0) ? 2 : 4);
+
+    //Copy register dump and code dump 
+    u8 *final = (u8 *)(FINAL_BUFFER + sizeof(ExceptionDumpHeader));
+    final += copyMemory(final, registerDump, dumpHeader.registerDumpSize, 1);
+    final += copyMemory(final, codeDump, dumpHeader.codeDumpSize, 1);
+
+    //Dump stack in place
+    dumpHeader.stackDumpSize = copyMemory(final, (const void *)registerDump[13], 0x1000 - (registerDump[13] & 0xFFF), 1);
+
+    dumpHeader.totalSize = sizeof(ExceptionDumpHeader) + dumpHeader.registerDumpSize + dumpHeader.codeDumpSize + dumpHeader.stackDumpSize + dumpHeader.additionalDataSize;
+
+    //Copy header (actually optimized by the compiler)
+    *(ExceptionDumpHeader *)FINAL_BUFFER = dumpHeader;
+
+    ((void (*)())0xFFFF0830)(); //Ensure that all memory transfers have completed and that the data cache has been flushed
+    i2cWriteRegister(I2C_DEV_MCU, 0x20, 1 << 2); //Reboot
+    while(true);
+}

exceptions/arm9/source/start.s

@@ -0,0 +1,31 @@
+@   This file is part of Luma3DS
+@   Copyright (C) 2016 Aurora Wright, TuxSH
+@
+@   This program is free software: you can redistribute it and/or modify
+@   it under the terms of the GNU General Public License as published by
+@   the Free Software Foundation, either version 3 of the License, or
+@   (at your option) any later version.
+@
+@   This program is distributed in the hope that it will be useful,
+@   but WITHOUT ANY WARRANTY; without even the implied warranty of
+@   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+@   GNU General Public License for more details.
+@
+@   You should have received a copy of the GNU General Public License
+@   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+@
+@   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+@   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+@   Notices displayed by works containing it.
+
+.section .text.start
+.align 4
+.global _start
+_start:
+    add pc, r0, #(handlers - .) @ Dummy instruction to prevent compiler optimizations
+
+handlers:
+    .word FIQHandler
+    .word undefinedInstructionHandler
+    .word prefetchAbortHandler
+    .word dataAbortHandler

exceptions/arm9/source/types.h

@@ -0,0 +1,37 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#pragma once
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdbool.h>
+
+//Common data types
+typedef uint8_t u8;
+typedef uint16_t u16;
+typedef uint32_t u32;
+typedef uint64_t u64;
+typedef volatile u8 vu8;
+typedef volatile u16 vu16;
+typedef volatile u32 vu32;
+typedef volatile u64 vu64;

exceptions/exception_dump_parser.py

@@ -0,0 +1,169 @@
+#!/usr/bin/env python
+# Requires Python >= 3.2 or >= 2.7
+
+#   This file is part of Luma3DS
+#   Copyright (C) 2016 Aurora Wright, TuxSH
+#
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+#   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+#   Notices displayed by works containing it.
+
+__author__    = "TuxSH"
+__copyright__ = "Copyright (c) 2016 TuxSH"
+__license__   = "GPLv3"
+__version__   = "v1.2"
+
+"""
+Parses Luma3DS exception dumps
+"""
+
+import argparse
+from struct import unpack_from
+
+import os
+import subprocess
+
+# Source of hexdump: https://gist.github.com/ImmortalPC/c340564823f283fe530b
+# Credits for hexdump go to the original authors
+# Slightly edited by TuxSH
+
+def hexdump(addr, src, length=16, sep='.' ):
+    '''
+    @brief Return {src} in hex dump.
+    @param[in] length   {Int} Nb Bytes by row.
+    @param[in] sep      {Char} For the text part, {sep} will be used for non ASCII char.
+    @return {Str} The hexdump
+    @note Full support for python2 and python3 !
+    '''
+    result = []
+
+    # Python3 support
+    try:
+        xrange(0,1)
+    except NameError:
+        xrange = range
+
+    for i in xrange(0, len(src), length):
+        subSrc = src[i:i+length]
+        hexa = ''
+        isMiddle = False
+        for h in xrange(0,len(subSrc)):
+            if h == length/2:
+                hexa += ' '
+            h = subSrc[h]
+            if not isinstance(h, int):
+                h = ord(h)
+            h = hex(h).replace('0x','')
+            if len(h) == 1:
+                h = '0'+h
+            hexa += h+' '
+        hexa = hexa.strip(' ')
+        text = ''
+        for c in subSrc:
+            if not isinstance(c, int):
+                c = ord(c)
+            if 0x20 <= c < 0x7F:
+                text += chr(c)
+            else:
+                text += sep
+        result.append(('%08x:  %-'+str(length*(2+1)+1)+'s  |%s|') % (addr + i, hexa, text))
+
+    return '\n'.join(result)
+
+
+def makeRegisterLine(A, rA, B, rB):
+    return "{0:<15}{1:<20}{2:<15}{3:<20}".format(A, "{0:08x}".format(rA), B, "{0:08x}".format(rB))
+
+handledExceptionNames = ("FIQ", "undefined instruction", "prefetch abort", "data abort")
+registerNames = tuple("r{0}".format(i) for i in range(13)) + ("sp", "lr", "pc", "cpsr") + ("dfsr", "ifsr", "far") + ("fpexc", "fpinst", "fpinst2")
+svcBreakReasons = ("(svcBreak: panic)", "(svcBreak: assertion failed)", "(svcBreak: user-related)")
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description="Parse Luma3DS exception dumps")
+    parser.add_argument("filename")
+    args = parser.parse_args()
+    data = b""
+    with open(args.filename, "rb") as f: data = f.read()
+    if unpack_from("<2I", data) != (0xdeadc0de, 0xdeadcafe):
+        raise SystemExit("Invalid file format")
+
+    version, processor, exceptionType, _, nbRegisters, codeDumpSize, stackDumpSize, additionalDataSize = unpack_from("<8I", data, 8)
+    nbRegisters //= 4
+
+    if version < (1 << 16) | 2:
+        raise SystemExit("Incompatible format version, please use the appropriate parser.")
+
+    registers = unpack_from("<{0}I".format(nbRegisters), data, 40)
+    codeOffset = 40 + 4 * nbRegisters
+    codeDump = data[codeOffset : codeOffset + codeDumpSize]
+    stackOffset = codeOffset + codeDumpSize
+    stackDump = data[stackOffset : stackOffset + stackDumpSize]
+    addtionalDataOffset = stackOffset + stackDumpSize
+    additionalData = data[addtionalDataOffset : addtionalDataOffset + additionalDataSize]
+
+    if processor == 9: print("Processor: ARM9")
+    else: print("Processor: ARM11 (core {0})".format(processor >> 16))
+
+    typeDetailsStr = ""
+    if exceptionType == 2:
+        if (registers[16] & 0x20) == 0 and codeDumpSize >= 4:
+            instr = unpack_from("<I", codeDump[-4:])[0]
+            if instr == 0xe12fff7e:
+                typeDetailsStr = " (kernel panic)"
+            elif instr == 0xef00003c:
+                typeDetailsStr = " " + (svcBreakReasons[registers[0]] if registers[0] < 3 else "(svcBreak)")
+        elif (registers[16] & 0x20) == 1 and codeDumpSize >= 2:
+            instr = unpack_from("<I", codeDump[-4:])[0]
+            if instr == 0xdf3c:
+                typeDetailsStr = " " + (svcBreakReasons[registers[0]] if registers[0] < 3 else "(svcBreak)")
+
+    elif processor != 9 and (registers[20] & 0x80000000) != 0:
+        typeDetailsStr = " (VFP exception)"
+
+    print("Exception type: {0}{1}".format("unknown" if exceptionType >= len(handledExceptionNames) else handledExceptionNames[exceptionType], typeDetailsStr))
+    if additionalDataSize != 0:
+        print("Current process: {0} ({1:016x})".format(additionalData[:8].decode("ascii"), unpack_from("<Q", additionalData, 8)[0]))
+
+    print("\nRegister dump:\n")
+    for i in range(0, nbRegisters - (nbRegisters % 2), 2):
+        if i == 16: print("")
+        print(makeRegisterLine(registerNames[i], registers[i], registerNames[i+1], registers[i+1]))
+    if nbRegisters % 2 == 1: print("{0:<15}{1:<20}".format(registerNames[nbRegisters - 1], "{0:08x}".format(registers[nbRegisters - 1])))
+
+    thumb = registers[16] & 0x20 != 0
+    addr = registers[15] - codeDumpSize + (2 if thumb else 4)
+
+    print("\nCode dump:\n")
+
+    objdump_res = ""
+    try:
+        path = os.path.join(os.environ["DEVKITARM"], "bin", "arm-none-eabi-objdump")
+        if os.name == "nt":
+            path = ''.join((path[1], ':', path[2:])).replace('/', '\\')
+
+        objdump_res = subprocess.check_output((
+                                                    path, "-marm", "-b", "binary",
+                                                     "--adjust-vma="+hex(addr - codeOffset), "--start-address="+hex(addr),
+                                                     "--stop-address="+hex(addr + codeDumpSize), "-D", "-z", "-M",
+                                                     "reg-names-std" + (",force-thumb" if thumb else ""), args.filename
+                                             )).decode("utf-8")
+        objdump_res = '\n'.join(objdump_res[objdump_res.find('<.data+'):].split('\n')[1:])
+    except: objdump_res = ""
+
+    print(objdump_res if objdump_res != "" else hexdump(addr, codeDump))
+
+    print("\nStack dump:\n")
+    print(hexdump(registers[13], stackDump))

injector/Makefile

@@ -6,15 +6,12 @@ endif
 
 include $(DEVKITARM)/3ds_rules
 
-CC := arm-none-eabi-gcc
-AS := arm-none-eabi-as
-LD := arm-none-eabi-ld
-OC := arm-none-eabi-objcopy
-
 name := $(shell basename $(CURDIR))
 
 dir_source := source
+dir_patches := patches
 dir_build := build
+dir_out := ../$(dir_build)
 
 LIBS := -lctru
 LIBDIRS	:= $(CTRULIB)
@@ -22,30 +19,56 @@ LIBPATHS := $(foreach dir,$(LIBDIRS),-L$(dir)/lib)
 
 INCLUDE	:= $(foreach dir,$(LIBDIRS),-I$(dir)/include)
 
-ARCH := -mcpu=mpcore -mfloat-abi=hard -mtp=soft
-CFLAGS := -Wall -Wextra -MMD -MP -marm $(ARCH) -fno-builtin -std=c11 -O2 -flto -ffast-math -mword-relocations \
-	  -ffunction-sections -fdata-sections $(INCLUDE) -DARM11 -D_3DS
-LDFLAGS := -Xlinker --defsym="__start__=0x14000000" -specs=3dsx.specs $(ARCH)
+ASFLAGS := -mcpu=mpcore -mfloat-abi=hard
+CFLAGS := -Wall -Wextra $(ASFLAGS) -fno-builtin -std=c11 -O2 -flto -ffast-math $(INCLUDE) -DARM11 -D_3DS
+LDFLAGS := -specs=3dsx.specs $(ASFLAGS) -Wl,--section-start,.text=0x14000000
 
 objects = $(patsubst $(dir_source)/%.c, $(dir_build)/%.o, \
-          $(call rwildcard, $(dir_source), *.c))
+          $(call rwildcard, $(dir_source), *.s *.c))
+
+bundled = $(dir_build)/romfsredir.bin.o
+
+define bin2o
+	bin2s $< | $(AS) -o $(@)
+endef
 
 .PHONY: all
-all: ../$(dir_build)/$(name).cxi
+all: $(dir_out)/$(name).bin
 
 .PHONY: clean
 clean:
 	@rm -rf $(dir_build)
 
-../$(dir_build)/$(name).cxi: $(dir_build)/$(name).elf
+.PRECIOUS: $(dir_build)/%.bin
+
+$(dir_build):
+	@mkdir -p "$@"
+
+$(dir_out)/$(name).bin: $(dir_build)/$(name).elf
 	@makerom -f ncch -rsf loader.rsf -nocodepadding -o $@ -elf $<
 
-$(dir_build)/$(name).elf: $(objects)
+$(dir_build)/$(name).elf: $(bundled) $(objects)
 	$(LINK.o) $(OUTPUT_OPTION) $^ $(LIBPATHS) $(LIBS)
 
-$(dir_build)/memory.o : CFLAGS += -O3
+$(dir_build)/%.bin.o: $(dir_build)/%.bin
+	@$(bin2o)
 
-$(dir_build)/%.o: $(dir_source)/%.c
+$(dir_build)/%.bin: $(dir_patches)/%.s
+	@mkdir -p "$(@D)"	
+	@armips $<
+
+$(dir_build)/memory.o $(dir_build)/strings.o: CFLAGS += -O3
+
+$(dir_build)/bundled.h: $(bundled)
+	@$(foreach f, $(bundled),\
+	echo "extern const u8" `(echo $(basename $(notdir $(f))) | sed -e 's/^\([0-9]\)/_\1/' | tr . _)`"[];" >> $@;\
+	echo "extern const u32" `(echo $(basename $(notdir $(f)))| sed -e 's/^\([0-9]\)/_\1/' | tr . _)`_size";" >> $@;\
+	)
+
+$(dir_build)/%.o: $(dir_source)/%.c $(dir_build)/bundled.h
 	@mkdir -p "$(@D)"
 	$(COMPILE.c) $(OUTPUT_OPTION) $<
-include $(call rwildcard, $(dir_build), *.d)
+
+$(dir_build)/%.o: $(dir_source)/%.s
+	@mkdir -p "$(@D)"
+	$(COMPILE.s) $(OUTPUT_OPTION) $<

injector/patches/romfsredir.s

@@ -0,0 +1,114 @@
+.arm.little
+.create "build/romfsredir.bin", 0
+
+.macro addr, reg, func
+    add reg, pc, #func-.-8
+.endmacro
+.macro load, reg, func
+    ldr reg, [pc, #func-.-8]
+.endmacro
+
+; Patch by delebile
+
+.arm
+_start:
+
+    ; Jumps here before the fsOpenFileDirectly call
+    _mountArchive:
+        b       mountArchive
+        .word   0xdead0000  ; Substituted opcode
+        .word   0xdead0001  ; Branch to hooked function
+
+    ; Jumps here before every iFileOpen call
+    _fsRedir:
+        b       fsRedir
+        .word   0xdead0002  ; Substituted opcode
+        .word   0xdead0003  ; Branch to hooked function
+
+    ; Mounts the archive and registers it as 'lf:'
+    mountArchive:
+        cmp     r3, #3
+        bne     _mountArchive + 4
+        stmfd   sp!, {r0-r4, lr}
+        sub     sp, sp, #4
+        load    r1, archiveId
+        mov     r0, sp
+        load    r4, fsMountArchive
+        blx     r4
+        mov     r3, #0
+        mov     r2, #0
+        ldr     r1, [sp]
+        addr    r0, archiveName
+        load    r4, fsRegisterArchive
+        blx     r4
+        add     sp, sp, #4
+        ldmfd   sp!, {r0-r4, lr}
+        b       _mountArchive + 4
+
+    ; Check the path passed to iFileOpen.
+    ; If it is trying to access a RomFS file, we try to
+    ; open it from the LayeredFS folder.
+    ; If the file cannot be opened, we just open
+    ; it from its original archive like nothing happened
+    fsRedir:
+        stmfd   sp!, {r0-r12, lr}
+        addr    r3, romFsMount
+        bl      compare
+        addne   r3, pc, #updateRomFsMount-.-8
+        blne    compare
+        bne     endRedir
+        sub     sp, sp, #0x400
+        pathRedir:
+            stmfd   sp!, {r0-r3}
+            add     r0, sp, #0x10
+            load    r3, customPath
+            pathRedir_1:
+                ldrb    r2, [r3], #1
+                strh    r2, [r0], #2
+                cmp     r2, #0
+                bne     pathRedir_1
+            sub     r0, r0, #2
+            pathRedir_2:
+                ldrh    r2, [r1], #2
+                cmp     r2, #0x3A ; ':'
+                bne     pathRedir_2
+            pathRedir_3:
+                ldrh    r2, [r1], #2
+                strh    r2, [r0], #2
+                cmp     r2, #0
+                bne     pathRedir_3
+            ldmfd   sp!, {r0-r3}
+        mov     r1, sp
+        bl      _fsRedir + 4
+        add     sp, sp, #0x400
+        cmp     r0, #0
+
+    endRedir:
+        ldmfd   sp!, {r0-r12, lr}
+        moveq   r0, #0
+        bxeq    lr
+        b       _fsRedir + 4
+
+    compare:
+        mov     r9, r1
+        add     r10, r3, #4
+        loop:
+            ldrb    r12, [r3], #1
+            ldrb    r11, [r9], #2
+            cmp     r11, r12
+            bxne    lr
+            cmp     r10, r3
+            bne     loop
+        bx lr
+
+.pool
+.align 4
+    archiveName       : .dcb "lf:", 0
+    fsMountArchive    : .word 0xdead0005
+    fsRegisterArchive : .word 0xdead0006
+    archiveId         : .word 0xdead0007
+    romFsMount        : .dcb "rom:"
+    updateRomFsMount  : .word 0xdead0008
+    customPath        : .word 0xdead0004
+
+.close

injector/source/CFWInfo.h

@@ -0,0 +1,19 @@
+#pragma once
+
+#include <3ds/types.h>
+
+typedef struct __attribute__((packed))
+{
+    char magic[4];
+    
+    u8 versionMajor;
+    u8 versionMinor;
+    u8 versionBuild;
+    u8 flags;
+
+    u32 commitHash;
+
+    u32 config;
+} CFWInfo;
+
+u32 svcGetCFWInfo(CFWInfo *info);

injector/source/CFWInfo.s

@@ -0,0 +1,9 @@
+.text
+.arm
+.align 4
+
+.global svcGetCFWInfo
+.type	svcGetCFWInfo, %function
+svcGetCFWInfo:
+	svc 0x2e
+	bx lr

injector/source/fsldr.c

@@ -107,3 +107,60 @@ Result FSLDR_OpenFileDirectly(Handle* out, FS_ArchiveID archiveId, FS_Path archi
 
   return cmdbuf[1];
 }
+
+Result FSLDR_OpenArchive(FS_Archive* archive, FS_ArchiveID id, FS_Path path)
+{
+  if(!archive) return -2;
+
+  u32 *cmdbuf = getThreadCommandBuffer();
+
+  cmdbuf[0] = IPC_MakeHeader(0x80C,3,2); // 0x80C00C2
+  cmdbuf[1] = id;
+  cmdbuf[2] = path.type;
+  cmdbuf[3] = path.size;
+  cmdbuf[4] = IPC_Desc_StaticBuffer(path.size, 0);
+  cmdbuf[5] = (u32) path.data;
+
+  Result ret = 0;
+  if(R_FAILED(ret = svcSendSyncRequest(fsldrHandle))) return ret;
+
+  if(archive) *archive = cmdbuf[2] | ((u64) cmdbuf[3] << 32);
+
+  return cmdbuf[1];
+}
+
+Result FSLDR_CloseArchive(FS_Archive archive)
+{
+  if(!archive) return -2;
+
+  u32 *cmdbuf = getThreadCommandBuffer();
+
+  cmdbuf[0] = IPC_MakeHeader(0x80E,2,0); // 0x80E0080
+  cmdbuf[1] = (u32) archive;
+  cmdbuf[2] = (u32) (archive >> 32);
+
+  Result ret = 0;
+  if(R_FAILED(ret = svcSendSyncRequest(fsldrHandle))) return ret;
+
+  return cmdbuf[1];
+}
+
+Result FSLDR_OpenDirectory(Handle* out, FS_Archive archive, FS_Path path)
+{
+  u32 *cmdbuf = getThreadCommandBuffer();
+
+  cmdbuf[0] = IPC_MakeHeader(0x80B,4,2); // 0x80B0102
+  cmdbuf[1] = (u32) archive;
+  cmdbuf[2] = (u32) (archive >> 32);
+  cmdbuf[3] = path.type;
+  cmdbuf[4] = path.size;
+  cmdbuf[5] = IPC_Desc_StaticBuffer(path.size, 0);
+  cmdbuf[6] = (u32) path.data;
+
+  Result ret = 0;
+  if(R_FAILED(ret = svcSendSyncRequest(fsldrHandle))) return ret;
+
+  if(out) *out = cmdbuf[3];
+
+  return cmdbuf[1];
+}

injector/source/fsldr.h

@@ -7,3 +7,6 @@ void fsldrExit(void);
 Result FSLDR_InitializeWithSdkVersion(Handle session, u32 version);
 Result FSLDR_SetPriority(u32 priority);
 Result FSLDR_OpenFileDirectly(Handle* out, FS_ArchiveID archiveId, FS_Path archivePath, FS_Path filePath, u32 openFlags, u32 attributes);
+Result FSLDR_OpenArchive(FS_Archive* archive, FS_ArchiveID id, FS_Path path);
+Result FSLDR_CloseArchive(FS_Archive archive);
+Result FSLDR_OpenDirectory(Handle* out, FS_Archive archive, FS_Path path);

injector/source/ifile.c

@@ -63,4 +63,4 @@ Result IFile_Read(IFile *file, u64 *total, void *buffer, u32 len)
 
   *total = cur;
   return res;
-}
+}

injector/source/loader.c

@@ -155,8 +155,10 @@ static Result load_code(u64 progid, prog_addrs_t *shared, u64 prog_handle, int i
     lzss_decompress((u8 *)shared->text_addr + size);
   }
 
+  u16 progver = g_exheader.codesetinfo.flags.remasterversion[0] | (g_exheader.codesetinfo.flags.remasterversion[1] << 8);
+
   // patch
-  patchCode(progid, (u8 *)shared->text_addr, shared->total_size << 12);
+  patchCode(progid, progver, (u8 *)shared->text_addr, shared->total_size << 12, g_exheader.codesetinfo.text.codesize, g_exheader.codesetinfo.ro.codesize, g_exheader.codesetinfo.data.codesize, g_exheader.codesetinfo.ro.address, g_exheader.codesetinfo.data.address);
 
   return 0;
 }

injector/source/memory.c

@@ -7,4 +7,43 @@ void memcpy(void *dest, const void *src, u32 size)
 
     for(u32 i = 0; i < size; i++)
         destc[i] = srcc[i];
+}
+
+int memcmp(const void *buf1, const void *buf2, u32 size)
+{
+    const u8 *buf1c = (const u8 *)buf1,
+             *buf2c = (const u8 *)buf2;
+
+    for(u32 i = 0; i < size; i++)
+    {
+        int cmp = buf1c[i] - buf2c[i];
+        if(cmp != 0) return cmp;
+    }
+
+    return 0;
+}
+
+//Boyer-Moore Horspool algorithm, adapted from http://www-igm.univ-mlv.fr/~lecroq/string/node18.html#SECTION00180
+u8 *memsearch(u8 *startPos, const void *pattern, u32 size, u32 patternSize)
+{
+    const u8 *patternc = (const u8 *)pattern;
+    u32 table[256];
+
+    //Preprocessing
+    for(u32 i = 0; i < 256; i++)
+        table[i] = patternSize;
+    for(u32 i = 0; i < patternSize - 1; i++)
+        table[patternc[i]] = patternSize - i - 1;
+
+    //Searching
+    u32 j = 0;
+    while(j <= size - patternSize)
+    {
+        u8 c = startPos[j + patternSize - 1];
+        if(patternc[patternSize - 1] == c && memcmp(pattern, startPos + j, patternSize - 1) == 0)
+            return startPos + j;
+        j += table[c];
+    }
+
+    return NULL;
 }

injector/source/memory.h

@@ -2,4 +2,6 @@
 
 #include <3ds/types.h>
 
-void memcpy(void *dest, const void *src, u32 size);
+void memcpy(void *dest, const void *src, u32 size);
+int memcmp(const void *buf1, const void *buf2, u32 size);
+u8 *memsearch(u8 *startPos, const void *pattern, u32 size, u32 patternSize);

injector/source/patcher.h

@@ -2,4 +2,44 @@
 
 #include <3ds/types.h>
 
-void patchCode(u64 progId, u8 *code, u32 size);
+#define MAKE_BRANCH(src,dst)      (0xEA000000 | ((u32)((((u8 *)(dst) - (u8 *)(src)) >> 2) - 2) & 0xFFFFFF))
+#define MAKE_BRANCH_LINK(src,dst) (0xEB000000 | ((u32)((((u8 *)(dst) - (u8 *)(src)) >> 2) - 2) & 0xFFFFFF))
+
+#define CONFIG(a)        (((info.config >> (a + 17)) & 1) != 0)
+#define MULTICONFIG(a)   ((info.config >> (a * 2 + 7)) & 3)
+#define BOOTCONFIG(a, b) ((info.config >> a) & b)
+#define LOADERFLAG(a)    ((info.flags >> (a + 4)) & 1) != 0
+
+#define BOOTCFG_NAND         BOOTCONFIG(0, 7)
+#define BOOTCFG_FIRM         BOOTCONFIG(3, 7)
+#define BOOTCFG_NOFORCEFLAG  BOOTCONFIG(6, 1)
+
+enum multiOptions
+{
+    DEFAULTEMU = 0,
+    BRIGHTNESS,
+    SPLASH,
+    PIN,
+    NEWCPU
+};
+
+enum singleOptions
+{
+    AUTOBOOTEMU = 0,
+    USEEMUFIRM,
+    LOADEXTFIRMSANDMODULES,
+    PATCHGAMES,
+    PATCHVERSTRING,
+    SHOWGBABOOT,
+    PATCHACCESS,
+    PATCHUNITINFO,
+    ENABLEEXCEPTIONHANDLERS
+};
+
+enum flags
+{
+    ISN3DS = 0,
+    ISSAFEMODE
+};
+
+void patchCode(u64 progId, u16 progVer, u8 *code, u32 size, u32 textSize, u32 roSize, u32 dataSize, u32 roAddress, u32 dataAddress);

injector/source/strings.c

@@ -0,0 +1,20 @@
+#include "strings.h"
+
+size_t strnlen(const char *string, size_t maxlen)
+{
+    size_t size;
+
+    for(size = 0; *string && size < maxlen; string++, size++);
+
+    return size;
+}
+
+void progIdToStr(char *strEnd, u64 progId)
+{
+    while(progId > 0)
+    {
+        static const char hexDigits[] = "0123456789ABCDEF";
+        *strEnd-- = hexDigits[(u32)(progId & 0xF)];
+        progId >>= 4;
+    }
+}

injector/source/strings.h

@@ -0,0 +1,6 @@
+#pragma once
+
+#include <3ds/types.h>
+
+size_t strnlen(const char *string, size_t maxlen);
+void progIdToStr(char *strEnd, u64 progId);

linker.ld

@@ -1,11 +1,15 @@
+OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm")
+OUTPUT_ARCH(arm)
+
 ENTRY(_start)
 SECTIONS
 {
     . = 0x23F00000;
-    .text.start : { *(.text.start) }
-    .text : { *(.text) }
-    .data : { *(.data) }
-    .bss : { *(.bss COMMON) }
-    .rodata : { *(.rodata) }
+
+    .text       : ALIGN(4) { *(.text.start) *(.text*); . = ALIGN(4); }
+    .rodata     : ALIGN(4) { *(.rodata*); . = ALIGN(4); }
+    .data       : ALIGN(4) { *(.data*); . = ALIGN(4); }
+    .bss        : ALIGN(8) { __bss_start = .; *(.bss* COMMON); . = ALIGN(8); __bss_end = .; }
+
     . = ALIGN(4);
 }

loader/Makefile

@@ -4,20 +4,16 @@ ifeq ($(strip $(DEVKITARM)),)
 $(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
 endif
 
-include $(DEVKITARM)/3ds_rules
-
-CC := arm-none-eabi-gcc
-AS := arm-none-eabi-as
-LD := arm-none-eabi-ld
-OC := arm-none-eabi-objcopy
+include $(DEVKITARM)/base_tools
 
 name := $(shell basename $(CURDIR))
 
 dir_source := source
 dir_build := build
+dir_out := ../$(dir_build)
 
 ASFLAGS := -mcpu=arm946e-s
-CFLAGS  := -Wall -Wextra -MMD -MP -mthumb -mthumb-interwork $(ASFLAGS) -fno-builtin -std=c11 -Wno-main -O2 -flto -ffast-math
+CFLAGS  := -Wall -Wextra -mthumb $(ASFLAGS) -fno-builtin -std=c11 -Wno-main -O2 -flto -ffast-math
 LDFLAGS := -nostdlib
 
 objects = $(patsubst $(dir_source)/%.s, $(dir_build)/%.o, \
@@ -25,14 +21,14 @@ objects = $(patsubst $(dir_source)/%.s, $(dir_build)/%.o, \
           $(call rwildcard, $(dir_source), *.s *.c)))
 
 .PHONY: all
-all: ../$(dir_build)/$(name).bin
+all: $(dir_out)/$(name).bin
 
 .PHONY: clean
 clean:
 	@rm -rf $(dir_build)
 
-../$(dir_build)/$(name).bin: $(dir_build)/$(name).elf
-	$(OC) -S -O binary $< $@
+$(dir_out)/$(name).bin: $(dir_build)/$(name).elf
+	$(OBJCOPY) -S -O binary $< $@
 
 $(dir_build)/$(name).elf: $(objects)
 	$(LINK.o) -T linker.ld $(OUTPUT_OPTION) $^
@@ -46,4 +42,3 @@ $(dir_build)/%.o: $(dir_source)/%.c
 $(dir_build)/%.o: $(dir_source)/%.s
 	@mkdir -p "$(@D)"
 	$(COMPILE.s) $(OUTPUT_OPTION) $<
-include $(call rwildcard, $(dir_build), *.d)

loader/linker.ld

@@ -1,11 +1,14 @@
+OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm")
+OUTPUT_ARCH(arm)
+
 ENTRY(_start)
 SECTIONS
 {
-    . = 0x24FFFF00;
-    .text.start : { *(.text.start) }
-    .text : { *(.text) }
-    .data : { *(.data) }
-    .bss : { *(.bss COMMON) }
-    .rodata : { *(.rodata) }
+    . = 0x27FFE000;
+
+    .text   : ALIGN(4) { *(.text.start) *(.text*); . = ALIGN(4); }
+    .rodata : ALIGN(4) { *(.rodata*); . = ALIGN(4); }
+    .data   : ALIGN(4) { *(.data*); . = ALIGN(8); *(.bss* COMMON); . = ALIGN(8); }
+
     . = ALIGN(4);
 }

loader/source/cache.s

@@ -18,16 +18,20 @@
 @   reasonable legal notices or author attributions in that material or in the Appropriate Legal
 @   Notices displayed by works containing it.
 
+.text
 .arm
-.global flushCaches
-.type   flushCaches STT_FUNC
+.align 4
 
+.global flushCaches
+.type flushCaches, %function
 flushCaches:
-    @ Clean and flush data cache
+    @ Clean and flush both the data cache and instruction caches
+    
     @ Adpated from http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0155a/ch03s03s05.html ,
     @ and https://github.com/gemarcano/libctr9_io/blob/master/src/ctr_system_ARM.c#L39 as well
     @ Note: ARM's example is actually for a 8KB DCache (which is what the 3DS has)
-    @ Implemented in bootROM at address 0xffff0830
+    
+    @ Implemented in bootROM at addresses 0xffff0830 (DCache) and 0xffff0ab4 (ICache)
 
     mov r1, #0                          @ segment counter
     outer_loop:

loader/source/firm.c

@@ -0,0 +1,44 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2017 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#include "firm.h"
+#include "memory.h"
+#include "cache.h"
+
+void launchFirm(Firm *firm, int argc, char **argv)
+{
+
+    //Copy FIRM sections to respective memory locations
+    for(u32 sectionNum = 0; sectionNum < 4 && firm->section[sectionNum].size != 0; sectionNum++)
+        memcpy(firm->section[sectionNum].address, (u8 *)firm + firm->section[sectionNum].offset, firm->section[sectionNum].size);
+
+    //Set ARM11 entrypoint
+    *(vu32 *)0x1FFFFFFC = (u32)firm->arm11Entry;
+
+    //Ensure that all memory transfers have completed and that the caches have been flushed
+    flushCaches();
+
+    //Jump to ARM9 entrypoint. Also give it additional arguments it can dismiss
+    ((void (*)(int, char**, u32))firm->arm9Entry)(argc, argv, 0x0000BEEF);
+
+    __builtin_unreachable();
+}

loader/source/firm.h

@@ -0,0 +1,46 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2017 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#pragma once
+
+#include "types.h"
+
+typedef struct __attribute__((packed))
+{
+    u32 offset;
+    u8 *address;
+    u32 size;
+    u32 procType;
+    u8 hash[0x20];
+} FirmSection;
+
+typedef struct __attribute__((packed))
+{
+    char magic[4];
+    u32 reserved1;
+    u8 *arm11Entry;
+    u8 *arm9Entry;
+    u8 reserved2[0x30];
+    FirmSection section[4];
+} Firm;
+
+void launchFirm(Firm *firm, int argc, char **argv);

loader/source/main.c

@@ -22,16 +22,20 @@
 
 #include "memory.h"
 #include "cache.h"
+#include "firm.h"
 
-extern u32 payloadSize; //defined in start.s
-
-void main(void)
+void main(int argc __attribute__((unused)), char **argv)
 {
-    void *payloadAddress = (void *)0x23F00000;
+    Firm *firm = (Firm *)0x24000000;
+    char absPath[24 + 255];
 
-    memcpy(payloadAddress, (void*)0x24F00000, payloadSize);
+    u32 i;
+    for(i = 0; i < 23 + 255 && argv[0][i] != 0; i++)
+        absPath[i] = argv[0][i];
+    for(; i < 24 + 255; i++)
+        absPath[i] = 0;
 
-    flushCaches();
-    
-    ((void (*)())payloadAddress)();
-}
+    char *argvPassed[1] = {absPath};
+
+    launchFirm(firm, 1, argvPassed);
+}

loader/source/memory.c

@@ -20,7 +20,6 @@
 *   Notices displayed by works containing it.
 */
 
-
 /*
 *   memcpy adapted from https://github.com/mid-kid/CakesForeveryWan/blob/557a8e8605ab3ee173af6497486e8f22c261d0e2/source/memfuncs.c
 */

loader/source/memory.h

@@ -20,7 +20,6 @@
 *   Notices displayed by works containing it.
 */
 
-
 /*
 *   memcpy adapted from https://github.com/mid-kid/CakesForeveryWan/blob/557a8e8605ab3ee173af6497486e8f22c261d0e2/source/memfuncs.c
 */

loader/source/start.s

@@ -1,5 +1,5 @@
 @   This file is part of Luma3DS
-@   Copyright (C) 2016 Aurora Wright, TuxSH
+@   Copyright (C) 2017 Aurora Wright, TuxSH
 @
 @   This program is free software: you can redistribute it and/or modify
 @   it under the terms of the GNU General Public License as published by
@@ -22,6 +22,7 @@
 .align 4
 .global _start
 _start:
+    ldr sp, =0x27ffe000
     b main
 
 .global payloadSize

patches/emunand.s

@@ -1,46 +1,48 @@
+; Code by Normmatt
+
 .arm.little
 
 .create "build/emunand.bin", 0
 .arm
-nand_sd:
-    ; Original code that still needs to be executed.
+    ; Original code that still needs to be executed
     mov r4, r0
     mov r5, r1
     mov r7, r2
     mov r6, r3
-    ; End.
+    ; End
 
-    ; If we're already trying to access the SD, return.
+    ; If we're already trying to access the SD, return
     ldr r2, [r0, #4]
     ldr r1, [sdmmc]
     cmp r2, r1
-    beq nand_sd_ret
+    beq out
 
-    str r1, [r0, #4]  ; Set object to be SD
-    ldr r2, [r0, #8]  ; Get sector to read
-    cmp r2, #0  ; For GW compatibility, see if we're trying to read the ncsd header (sector 0)
+    str r1, [r0, #4] ; Set object to be SD
+    ldr r2, [r0, #8] ; Get sector to read
+    cmp r2, #0 ; For GW compatibility, see if we're trying to read the ncsd header (sector 0)
 
     ldr r3, [nand_offset]
-    add r2, r3  ; Add the offset to the NAND in the SD.
+    add r2, r3 ; Add the offset to the NAND in the SD
 
     ldreq r3, [ncsd_header_offset]
-    addeq r2, r3  ; If we're reading the ncsd header, add the offset of that sector.
+    addeq r2, r3 ; If we're reading the ncsd header, add the offset of that sector
 
-    str r2, [r0, #8]  ; Store sector to read
+    str r2, [r0, #8] ; Store sector to read
 
-    nand_sd_ret:
+    out:
         ; Restore registers.
         mov r1, r5
         mov r2, r7
         mov r3, r6
 
         ; Return 4 bytes behind where we got called,
-        ;   due to the offset of this function being stored there.
+        ; due to the offset of this function being stored there
         mov r0, lr
         add r0, #4
         bx r0
+
 .pool
 sdmmc:	                .ascii "SDMC"
-nand_offset:		.ascii "NAND"       ; for rednand this should be 1
-ncsd_header_offset:	.ascii "NCSD"       ; depends on nand manufacturer + emunand type (GW/RED)
+nand_offset:		.ascii "NAND" ; For rednand this should be 1
+ncsd_header_offset:	.ascii "NCSD" ; Depends on nand manufacturer + emunand type (GW/RED)
 .close

patches/k11modules.s

@@ -0,0 +1,105 @@
+;
+;   This file is part of Luma3DS
+;   Copyright (C) 2016 Aurora Wright, TuxSH
+;
+;   This program is free software: you can redistribute it and/or modify
+;   it under the terms of the GNU General Public License as published by
+;   the Free Software Foundation, either version 3 of the License, or
+;   (at your option) any later version.
+;
+;   This program is distributed in the hope that it will be useful,
+;   but WITHOUT ANY WARRANTY; without even the implied warranty of
+;   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;   GNU General Public License for more details.
+;
+;   You should have received a copy of the GNU General Public License
+;   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+;
+;   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+;   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+;   Notices displayed by works containing it.
+;
+
+; Code originally from Subv
+
+.arm.little
+
+.create "build/k11modules.bin", 0
+.arm
+    ; This code searches the sm module for a specific byte pattern and patches some of the instructions
+    ; in the code to disable service access checks when calling srv:GetServiceHandle
+
+    ; It also searches the fs module for archive access check code
+
+    ; Save the registers we'll be using
+    ; Register contents:
+    ; r4: Pointer to a pointer to the exheader of the current NCCH
+    ; r6: Constant 0
+    ; SP + 4: Pointer to the memory location where the NCCH text was loaded
+
+    ; Execute the instruction we overwrote in our detour
+    ldr r0, [r4]
+
+    ; Save the value of the register we use
+    push {r0-r4}
+
+    ldr r1, [sp, #24]    ; Load the .text address
+    ldr r2, [r0, #0x200] ; Load the low title id of the current NCCH
+    ldr r0, [r0, #0x18]  ; Load the size of the .text
+    add r0, r1, r0       ; Max bounds of the memory region
+
+    ldr r3, =0x1002 ; Low title id of the sm module
+    cmp r2, r3 ; Compare the low title id to the id of the sm module
+    bne fs_patch ; Skip if they're not the same
+
+    ldr r2, =0xE1A01006 ; mov r1, r6
+
+    loop:
+        cmp r0, r1
+        blo die ; Check if we didn't go past the bounds of the memory region
+        ldr r3, [r1]
+        cmp r3, r2
+        ldreqh r3, [r1, #4]
+        cmpeq r3, #5
+        addne r1, #4
+        bne loop
+
+    ; r1 now contains the start address of the pattern we found
+    ldr r0, =0xE3A00001 ; mov r0, #1
+    str r0, [r1, #8] ; Patch the bl
+    b out
+
+    fs_patch: ; patch adapted from BootNTR
+        ldr r3, =0x1102 ; Low title id of the fs module
+        cmp r2, r3 ; Compare the low title id to the id of the sm module
+        bne out ; Skip if they're not the same
+
+        ldr r2, =0x7401 ; strb r1, [r0, #16]
+        ldr r3, =0x2000 ; movs r0, #0
+
+        loop_fs:
+            cmp r0, r1
+            blo die
+            ldrh r4, [r1]
+            cmp r4, r2
+            ldreqh r4, [r1, #2]
+            cmpeq r4, r3
+            addeq r1, #8
+            addne r1, #2
+            bne loop_fs
+
+        ; r1 now contains the start address of the pattern we found
+        ldr r0, =0x2001 ; mov r0, #1
+        ldr r2, =0x4770 ; bx lr
+        strh r0, [r1]
+        strh r2, [r1, #2]
+
+    out:
+        pop {r0-r4} ; Restore the registers we used
+        bx lr ; Jump back to whoever called us
+
+    die:
+        b die
+
+.pool
+.close

patches/reboot.s

@@ -1,14 +1,27 @@
+; Code originally from delebile and mid-kid
+
 .arm.little
 
-payload_addr equ 0x23F00000   ; Brahma payload address.
-payload_maxsize equ 0x10000   ; Maximum size for the payload (maximum that CakeBrah supports).
+argv_addr equ 0x27FFDF00
+fname_addr equ 0x27FFDF80
+low_tid_addr equ 0x27FFDFE0
+copy_launch_stub_addr equ 0x27FFE000
 
+firm_addr equ 0x24000000
+firm_maxsize equ (copy_launch_stub_addr - 0x1000 - firm_addr)
+
+arm11_entrypoint_addr equ 0x1FFFFFFC
 .create "build/reboot.bin", 0
 .arm
-    ; Interesting registers and locations to keep in mind, set before this code is ran:
-    ; - sp + 0x3A8 - 0x70: FIRM path in exefs.
-    ; - r7 (which is sp + 0x3A8 - 0x198): Reserved space for file handle
-    ; - *(sp + 0x3A8 - 0x198) + 0x28: fread function.
+    ; Interesting registers and locations to keep in mind, set just before this code is ran:
+    ; - r1: FIRM path in exefs.
+    ; - r7 (or r8): pointer to file object
+    ;   - *r7: vtable
+    ;       - *(vtable + 0x28): fread function 
+    ;   - *(r7 + 8): file handle
+
+    sub r7, r0, #8
+    mov r8, r1
 
     pxi_wait_recv:
         ldr r2, =0x44846
@@ -21,49 +34,40 @@ payload_maxsize equ 0x10000   ; Maximum size for the payload (maximum that CakeB
         cmp r0, r2
         bne pxi_wait_recv
 
-        mov r4, #0
-        adr r1, bin_fname
-        b open_payload
+    ; Open file
+    add r0, r7, #8
+    adr r1, fname
+    mov r2, #1
+    ldr r6, [fopen]
+    orr r6, 1
+    blx r6
+    cmp r0, #0
+    bne panic
 
-    fallback:
-        mov r4, #1
-        adr r1, dat_fname
-
-    open_payload:
-        ; Open file
-        add r0, r7, #8
-        mov r2, #1
-        ldr r6, [fopen]
-        orr r6, 1
-        blx r6
-        cmp r0, #0
-        bne fallback ; If the .bin is not found, try the .dat.
-
-    read_payload:
-        ; Read file
-        mov r0, r7
-        adr r1, bytes_read
-        ldr r2, =payload_addr
-        cmp r4, #0
-        movne r3, #0x12000 ; Skip the first 0x12000 bytes.
-        moveq r3, payload_maxsize
-        ldr r6, [sp, #0x3A8-0x198]
-        ldr r6, [r6, #0x28]
-        blx r6
-        cmp r4, #0
-        movne r4, #0
-        bne read_payload ; Go read the real payload.
+    ; Read file
+    mov r0, r7
+    adr r1, bytes_read
+    ldr r2, =firm_addr
+    ldr r3, =firm_maxsize
+    ldr r6, [r7]
+    ldr r6, [r6, #0x28]
+    blx r6
 
     ; Copy the low TID (in UTF-16) of the wanted firm to the 5th byte of the payload
-    add r0, sp, #0x3A8 - 0x70
-    add r0, 0x1A
-    add r1, r0, #0x10
-    ldr r2, =payload_addr + 4
-    copy_TID_low:
-        ldrh r3, [r0], #2
-        strh r3, [r2], #2
-        cmp r0, r1
-        blo copy_TID_low
+    ldr r0, =low_tid_addr
+    add r1, r8, #0x1A
+    mov r2, #0x10
+    bl memcpy16
+
+    ldr r0, =fname_addr
+    adr r1, fname
+    mov r2, #42
+    bl memcpy16
+
+    ldr r0, =argv_addr
+    ldr r1, =fname_addr
+    ldr r2, =low_tid_addr
+    stmia r0, {r1, r2}
 
     ; Set kernel state
     mov r0, #0
@@ -75,36 +79,123 @@ payload_maxsize equ 0x10000   ; Maximum size for the payload (maximum that CakeB
     goto_reboot:
         ; Jump to reboot code
         ldr r0, =(kernelcode_start - goto_reboot - 12)
-        add r0, pc
+        add r0, pc ; pc is two instructions ahead of the instruction being executed (12 = 2*4 + 4)
         swi 0x7B
 
     die:
         b die
 
+    memcpy16:
+        cmp r2, #0
+        bxeq lr
+        add r2, r0, r2
+        copy_loop16:
+            ldrh r3, [r1], #2
+            strh r3, [r0], #2
+            cmp r0, r2
+            blo copy_loop16
+        bx lr
+
+    panic:
+        mov r1, r0 ; unused register
+        mov r0, #0
+        swi 0x3C ; svcBreak(USERBREAK_PANIC)
+        b die
+
 bytes_read: .word 0
 fopen: .ascii "OPEN"
 .pool
-bin_fname:  .dcw "sdmc:/arm9loaderhax.bin"
-            .word 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-dat_fname: .dcw "sdmc:/Luma3DS.dat"
-           .word 0
+
+.area 82, 0
+fname: .ascii "FILE"
+.endarea
+
+.pool
+nand_mount: .dcw "nand"
 
 .align 4
     kernelcode_start:
 
+    mrs r0, cpsr  ; disable interrupts
+    orr r0, #0xC0
+    msr cpsr, r0
+
+    ldr sp, =0x27FFDF00
+
+    ldr r0, =copy_launch_stub_addr
+    adr r1, copy_launch_stub
+    mov r2, #(copy_launch_stub_end - copy_launch_stub)
+    bl memcpy32
+
     ; Disable MPU
-    ldr r0, =0x42078  ; alt vector select, enable itcm
+    ldr r0, =0x42078 ; alt vector select, enable itcm
     mcr p15, 0, r0, c1, c0, 0
 
+    bl flushCaches
+
+    ldr r0, =copy_launch_stub_addr
+    bx r0
+
+    copy_launch_stub:
+
+    ldr r4, =firm_addr
+
+    mov r5, #0
+    load_section_loop:
+        ; Such checks. Very ghetto. Wow.
+        add r3, r4, #0x40
+        add r3, r5,lsl #5
+        add r3, r5,lsl #4
+        ldmia r3, {r6-r8}
+        mov r0, r7
+        add r1, r4, r6
+        mov r2, r8
+        bl memcpy32
+        add r5, #1
+        cmp r5, #3
+        blo load_section_loop
+
+    ldr r0, =arm11_entrypoint_addr
+    ldr r1, [r4, #0x08]
+    str r1, [r0]
+
+    mov r0, #2 ; argc
+    ldr r1, =argv_addr ; argv
+    ldr r2, =0xBEEF    ; magic word
+
+    ldr r5, =arm11_entrypoint_addr
+    ldr r6, [r4, #0x08]
+    str r6, [r5]
+
+    ldr lr, [r4, #0x0c]
+    bx lr
+
+    memcpy32:
+    cmp r2, #0
+    bxeq lr
+    add r2, r0, r2
+    copy_loop32:
+        ldr r3, [r1], #4
+        str r3, [r0], #4
+        cmp r0, r2
+        blo copy_loop32
+    bx lr
+
+    .pool
+
+    copy_launch_stub_end:
+
+    flushCaches:
+
     ; Clean and flush data cache
-    mov r1, #0                          ; segment counter
+    mov r1, #0 ; segment counter
     outer_loop:
-        mov r0, #0                      ; line counter
+        mov r0, #0 ; line counter
 
         inner_loop:
-            orr r2, r1, r0                  ; generate segment and line address
-            mcr p15, 0, r2, c7, c14, 2      ; clean and flush the line
-            add r0, #0x20                   ; increment to next line
+            orr r2, r1, r0 ; generate segment and line address
+            mcr p15, 0, r2, c7, c14, 2 ; clean and flush the line
+            add r0, #0x20 ; increment to next line
             cmp r0, #0x400
             bne inner_loop
 
@@ -112,14 +203,12 @@ dat_fname: .dcw "sdmc:/Luma3DS.dat"
         cmp r1, #0
         bne outer_loop
 
-    mcr p15, 0, r1, c7, c10, 4              ; drain write buffer
+    ; Drain write buffer
+    mcr p15, 0, r1, c7, c10, 4
 
     ; Flush instruction cache
     mcr p15, 0, r1, c7, c5, 0
 
-    ; Jump to payload
-    ldr r0, =payload_addr
-    bx r0
+    bx lr
 
-.pool
 .close

patches/svcGetCFWInfo.s

@@ -0,0 +1,48 @@
+;
+;   This file is part of Luma3DS
+;   Copyright (C) 2016 Aurora Wright, TuxSH
+;
+;   This program is free software: you can redistribute it and/or modify
+;   it under the terms of the GNU General Public License as published by
+;   the Free Software Foundation, either version 3 of the License, or
+;   (at your option) any later version.
+;
+;   This program is distributed in the hope that it will be useful,
+;   but WITHOUT ANY WARRANTY; without even the implied warranty of
+;   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;   GNU General Public License for more details.
+;
+;   You should have received a copy of the GNU General Public License
+;   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+;
+;   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+;   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+;   Notices displayed by works containing it.
+;
+
+.arm.little
+
+.create "build/svcGetCFWInfo.bin", 0
+.arm
+
+    adr r1, infoStart
+    add r2, r0, #(infoEnd - infoStart)
+
+    loop:
+        ldrb r3, [r1], #1
+        strbt r3, [r0], #1
+        cmp r0, r2
+        blo loop
+
+    mov r0, #0
+
+    bx lr
+
+.pool
+infoStart:
+    .ascii "LUMA"   ; magic
+    .word 0         ; version
+    .word 0         ; truncated commit hash
+    .word 0         ; config
+infoEnd:
+.close

pathchanger/pathchanger.c

@@ -1,98 +0,0 @@
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-typedef uint8_t u8;
-
-static u8 *memsearch(u8 *startPos, const void *pattern, int size, int patternSize)
-{
-    const u8 *patternc = (const u8 *)pattern;
-
-    //Preprocessing
-    int table[256];
-
-    int i;
-    for(i = 0; i < 256; ++i)
-        table[i] = patternSize + 1;
-    for(i = 0; i < patternSize; ++i)
-        table[patternc[i]] = patternSize - i;
-
-    //Searching
-    int j = 0;
-
-    while(j <= size - patternSize)
-    {
-        if(memcmp(patternc, startPos + j, patternSize) == 0)
-            return startPos + j;
-        j += table[startPos[j + patternSize]];
-    }
-
-    return NULL;
-}
-
-static int fsize(FILE *fp)
-{
-    fseek(fp, 0, SEEK_END);
-    int size = ftell(fp);
-    rewind(fp);
-
-    return size;
-}
-
-static void error(FILE *payload, const char *message)
-{
-    fclose(payload);
-    printf("%s, are you sure you're using a Luma3DS payload?\n", message);
-    exit(0);
-}
-
-int main(int argc, char **argv)
-{
-    if(argc == 1)
-    {
-        printf("Usage: %s <Luma3DS payload path>\n", argv[0]);
-        exit(0);
-    }
-
-    FILE *payload;
-    size_t size;
-
-    payload = fopen(argv[1], "rb+");
-    size = fsize(payload);
-    if(size > 0x20000)
-        error(payload, "The input file is too large");
-
-    u8 *buffer = (u8 *)malloc(size);
-    fread(buffer, 1, size, payload);
-
-    u8 pattern[] = {'s', 0, 'd', 0, 'm', 0, 'c', 0, ':', 0, '/', 0};
-
-    u8 *found = memsearch(buffer, pattern, size, sizeof(pattern));
-
-    if(found == NULL)
-    {
-        free(buffer);
-        error(payload, "Pattern not found");
-    }
-
-    u8 input[38] = {0};
-    u8 payloadname[2 * (sizeof(input) - 1)] = {0};
-
-    printf("Enter the payload's path (37 characters max): ");
-    scanf("%37s", input);
-
-    unsigned int i;
-    for (i = 0; i < sizeof(input) - 1; i++)
-        payloadname[2 * i] = input[i];
-
-    memcpy(found + 12, payloadname, sizeof(payloadname));
-
-    rewind(payload);
-    fwrite(buffer, 1, size, payload);
-
-    free(buffer);
-    fclose(payload);
-
-    exit(0);
-}

pathchanger/pathchanger.py

@@ -1,40 +0,0 @@
-#!/usr/bin/env python
-# Requires Python >= 3.2 or >= 2.7
-
-# This is part of Luma3DS
-
-__author__    = "TuxSH"
-__copyright__ = "Copyright (c) 2016 TuxSH" 
-__license__   = "GPLv3"
-__version__   = "v1.0"
-
-import argparse
-
-if __name__ == "__main__":
-    parser = argparse.ArgumentParser(description="Changes the path to Luma3DS for reboot patches")
-    parser.add_argument("payload", help="Path to the Luma3DS payload")
-    parser.add_argument("new_path", help="New Luma3DS payload path")
-    args = parser.parse_args()
-    data = b""
-
-    if len(args.new_path) > 37:
-        raise SystemExit("The new payload path is too large (37 characters max.)")
-
-    with open(args.payload, "rb") as f: data = bytearray(f.read())
-
-    if len(data) == 0: raise SystemExit("Could not read {0}".format(args.payload))
-
-    if len(data) > 0x20000: 
-        raise SystemExit("The input file is too large, are you sure you're using a Luma3DS payload?")
-
-    found_index = data.find("sdmc:/".encode("utf-16-le"))
-
-    if found_index == -1: 
-        raise SystemExit("The pattern was not found, are you sure you're usinga a Luma3DS payload?")
-
-    namebuf = args.new_path.encode("utf-16-le")
-    namebuf += b'\x00' * (74 - len(namebuf))
-
-    data[found_index + 12 : found_index + 12 + 74] = namebuf
-
-    with open(args.payload, "wb+") as f: f.write(data)

source/3dsheaders.h

@@ -0,0 +1,163 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+/*
+*   Adapted from 3DBrew and https://github.com/mid-kid/CakesForeveryWan/blob/master/source/headers.h
+*/
+
+#pragma once
+
+typedef struct __attribute__((packed))
+{
+    u32 address;
+    u32 phyRegionSize;
+    u32 size;
+} CodeSetInfo;
+
+typedef struct __attribute__((packed))
+{
+    u32 saveDataSize[2];
+    u32 jumpID[2];
+    u8 reserved[0x30];
+} SystemInfo;
+
+typedef struct __attribute__((packed))
+{
+    char appTitle[8];
+    u8 reserved1[5];
+    u8 flag;
+    u8 remasterVersion[2];
+    CodeSetInfo textCodeSet;
+    u32 stackSize;
+    CodeSetInfo roCodeSet;
+    u8 reserved2[4];
+    CodeSetInfo dataCodeSet;
+    u32 bssSize;
+    char depends[0x180];
+    SystemInfo systemInfo;
+} SystemControlInfo;
+
+typedef struct __attribute__((packed))
+{
+    SystemControlInfo systemControlInfo;
+    u8 aci[0x200];
+    u8 accessDescSig[0x100];
+    u8 ncchPubKey[0x100];
+    u8 aciLim[0x200];
+} ExHeader;
+
+typedef struct __attribute__((packed))
+{
+    u8 sig[0x100]; //RSA-2048 signature of the NCCH header, using SHA-256
+    char magic[4]; //NCCH
+    u32 contentSize; //Media unit
+    u8 partitionId[8];
+    u8 makerCode[2];
+    u16 version;
+    u8 reserved1[4];
+    u8 programID[8];
+    u8 reserved2[0x10];
+    u8 logoHash[0x20]; //Logo Region SHA-256 hash
+    char productCode[0x10];
+    u8 exHeaderHash[0x20]; //Extended header SHA-256 hash
+    u32 exHeaderSize; //Extended header size
+    u32 reserved3;
+    u8 flags[8];
+    u32 plainOffset; //Media unit
+    u32 plainSize; //Media unit
+    u32 logoOffset; //Media unit
+    u32 logoSize; //Media unit
+    u32 exeFsOffset; //Media unit
+    u32 exeFsSize; //Media unit
+    u32 exeFsHashSize; //Media unit
+    u32 reserved4;
+    u32 romFsOffset; //Media unit
+    u32 romFsSize; //Media unit
+    u32 romFsHashSize; //Media unit
+    u32 reserved5;
+    u8 exeFsHash[0x20]; //ExeFS superblock SHA-256 hash
+    u8 romFsHash[0x20]; //RomFS superblock SHA-256 hash
+} Ncch;
+
+typedef struct __attribute__((packed))
+{
+    Ncch ncch;
+    ExHeader exHeader;
+} Cxi;
+
+typedef struct __attribute__((packed))
+{
+    char sigIssuer[0x40];
+    u8 eccPubKey[0x3C];
+    u8 version;
+    u8 caCrlVersion;
+    u8 signerCrlVersion;
+    u8 titleKey[0x10];
+    u8 reserved1;
+    u8 ticketId[8];
+    u8 consoleId[4];
+    u8 titleId[8];
+    u8 reserved2[2];
+    u16 ticketTitleVersion;
+    u8 reserved3[8];
+    u8 licenseType;
+    u8 ticketCommonKeyYIndex; //Ticket common keyY index, usually 0x1 for retail system titles.
+    u8 reserved4[0x2A];
+    u8 unk[4]; //eShop Account ID?
+    u8 reserved5;
+    u8 audit;
+    u8 reserved6[0x42];
+    u8 limits[0x40];
+    u8 contentIndex[0xAC];
+} Ticket;
+
+typedef struct __attribute__((packed))
+{
+    u32 offset;
+    u8 *address;
+    u32 size;
+    u32 procType;
+    u8 hash[0x20];
+} FirmSection;
+
+typedef struct __attribute__((packed))
+{
+    char magic[4];
+    u32 reserved1;
+    u8 *arm11Entry;
+    u8 *arm9Entry;
+    u8 reserved2[0x30];
+    FirmSection section[4];
+} Firm;
+
+typedef struct __attribute__((packed))
+{
+    u8 keyX[0x10];
+    u8 keyY[0x10];
+    u8 ctr[0x10];
+    char size[8];
+    u8 reserved[8];
+    u8 ctlBlock[0x10];
+    char magic[4];
+    u8 reserved2[0xC];
+    u8 slot0x16keyX[0x10];
+} Arm9Bin;

source/buttons.h

@@ -39,8 +39,9 @@
 #define BUTTON_UP              (1 << 6)
 #define BUTTON_DOWN            (1 << 7)
 
+#define DPAD_BUTTONS           (BUTTON_LEFT | BUTTON_RIGHT | BUTTON_UP | BUTTON_DOWN)
 #define SAFE_MODE              (BUTTON_R1 | BUTTON_L1 | BUTTON_A | BUTTON_UP)
-#define SINGLE_PAYLOAD_BUTTONS (BUTTON_LEFT | BUTTON_RIGHT | BUTTON_UP | BUTTON_DOWN | BUTTON_START | BUTTON_X | BUTTON_Y)
-#define L_PAYLOAD_BUTTONS      (BUTTON_R1 | BUTTON_A | BUTTON_SELECT)
-#define MENU_BUTTONS           (BUTTON_LEFT | BUTTON_RIGHT | BUTTON_UP | BUTTON_DOWN | BUTTON_A | BUTTON_START)
-#define PIN_BUTTONS            (BUTTON_A | BUTTON_B | BUTTON_X | BUTTON_Y | BUTTON_START)
+#define SINGLE_PAYLOAD_BUTTONS (DPAD_BUTTONS | BUTTON_B | BUTTON_X | BUTTON_Y)
+#define L_PAYLOAD_BUTTONS      (BUTTON_R1 | BUTTON_A | BUTTON_START | BUTTON_SELECT)
+#define MENU_BUTTONS           (DPAD_BUTTONS | BUTTON_A | BUTTON_START)
+#define PIN_BUTTONS            (BUTTON_A | BUTTON_B | BUTTON_X | BUTTON_Y | DPAD_BUTTONS | BUTTON_START | BUTTON_SELECT)

source/config.c

@@ -21,50 +21,215 @@
 */
 
 #include "config.h"
+#include "memory.h"
+#include "fs.h"
 #include "utils.h"
 #include "screen.h"
 #include "draw.h"
-#include "fs.h"
 #include "buttons.h"
+#include "pin.h"
 
-void configureCFW(const char *configPath)
+CfgData configData;
+ConfigurationStatus needConfig;
+static u32 oldConfig;
+
+bool readConfig(void)
 {
-    initScreens();
+    bool ret;
 
-    drawString(CONFIG_TITLE, 10, 10, COLOR_TITLE);
-    drawString("Press A to select, START to save", 10, 30, COLOR_WHITE);
+    if(fileRead(&configData, CONFIG_FILE, sizeof(CfgData)) != sizeof(CfgData) ||
+       memcmp(configData.magic, "CONF", 4) != 0 ||
+       configData.formatVersionMajor != CONFIG_VERSIONMAJOR ||
+       configData.formatVersionMinor != CONFIG_VERSIONMINOR)
+    {
+        configData.config = 0;
 
-    const char *multiOptionsText[]  = { "Screen brightness: 4( ) 3( ) 2( ) 1( )",
-                                        "New 3DS CPU: Off( ) Clock( ) L2( ) Clock+L2( )" };
+        ret = false;
+    }
+    else ret = true;
 
-    const char *singleOptionsText[] = { "( ) Autoboot SysNAND",
-                                        "( ) Use SysNAND FIRM if booting with R (A9LH)",
-                                        "( ) Use second EmuNAND as default",
-                                        "( ) Enable region/language emu. and ext. .code",
-                                        "( ) Show current NAND in System Settings",
+    oldConfig = configData.config;
+
+    return ret;
+}
+
+void writeConfig(bool isPayloadLaunch)
+{
+    if(isPayloadLaunch) configData.config = (configData.config & 0xFFFFFF80) | (oldConfig & 0x7F);
+
+    /* If the configuration is different from previously, overwrite it.
+       Just the no-forcing flag being set is not enough */
+    if(needConfig != CREATE_CONFIGURATION && (configData.config & 0xFFFFFFBF) == oldConfig) return;
+
+    if(needConfig == CREATE_CONFIGURATION)
+    {
+        memcpy(configData.magic, "CONF", 4);
+        configData.formatVersionMajor = CONFIG_VERSIONMAJOR;
+        configData.formatVersionMinor = CONFIG_VERSIONMINOR;
+    }
+
+    if(!fileWrite(&configData, CONFIG_FILE, sizeof(CfgData)))
+        error("Error writing the configuration file");
+}
+
+void configMenu(bool isSdMode, bool oldPinStatus, u32 oldPinMode)
+{
+    const char *multiOptionsText[]  = { "Default EmuNAND: 1( ) 2( ) 3( ) 4( )",
+                                        "Screen brightness: 4( ) 3( ) 2( ) 1( )",
+                                        "Splash: Off( ) Before( ) After( ) payloads",
+                                        "PIN lock: Off( ) 4( ) 6( ) 8( ) digits",
+                                        "New 3DS CPU: Off( ) Clock( ) L2( ) Clock+L2( )",
+                                      };
+
+    const char *singleOptionsText[] = { "( ) Autoboot EmuNAND",
+                                        "( ) Use EmuNAND FIRM if booting with R",
+                                        "( ) Enable loading external FIRMs and modules",
+                                        "( ) Enable game patching",
+                                        "( ) Show NAND or user string in System Settings",
                                         "( ) Show GBA boot screen in patched AGB_FIRM",
-                                        "( ) Display splash screen before payloads",
-                                        "( ) Use a PIN" };
+                                        "( ) Patch SVC/service/archive/ARM9 access",
+                                        "( ) Set developer UNITINFO",
+                                        "( ) Enable exception handlers"
+                                      };
+
+    const char *optionsDescription[]  = { "Select the default EmuNAND.\n\n"
+                                          "It will be booted when no\n"
+                                          "directional pad buttons are pressed.",
+
+                                          "Select the screen brightness.",
+
+                                          "Enable splash screen support.\n\n"
+                                          "\t* 'Before payloads' displays it\n"
+                                          "before booting payloads\n"
+                                          "(intended for splashes that display\n"
+                                          "button hints).\n\n"
+                                          "\t* 'After payloads' displays it\n"
+                                          "afterwards.",
+
+                                          "Activate a PIN lock.\n\n"
+                                          "The PIN will be asked each time\n"
+                                          "Luma3DS boots.\n\n"
+                                          "4, 6 or 8 digits can be selected.\n\n"
+                                          "The ABXY buttons and the directional\n"
+                                          "pad buttons can be used as keys.\n\n"
+                                          "A message can also be displayed\n"
+                                          "(refer to the wiki for instructions).",
+
+                                          "Select the New 3DS CPU mode.\n\n"
+                                          "This won't apply to\n"
+                                          "New 3DS exclusive/enhanced games.\n\n"
+                                          "'Clock+L2' can cause issues with some\n"
+                                          "games.",
+
+                                          "If enabled, an EmuNAND\n"
+                                          "will be launched on boot.\n\n"
+                                          "Otherwise, SysNAND will.\n\n"
+                                          "Hold L on boot to switch NAND.\n\n"
+                                          "To use a different EmuNAND from the\n"
+                                          "default, hold a directional pad button\n"
+                                          "(Up/Right/Down/Left equal EmuNANDs\n"
+                                          "1/2/3/4).",
+
+                                          "If enabled, when holding R on boot\n"
+                                          "SysNAND will be booted with an\n"
+                                          "EmuNAND FIRM.\n\n"
+                                          "Otherwise, an EmuNAND will be booted\n"
+                                          "with the SysNAND FIRM.\n\n"
+                                          "To use a different EmuNAND from the\n"
+                                          "default, hold a directional pad button\n"
+                                          "(Up/Right/Down/Left equal EmuNANDs\n"
+                                          "1/2/3/4), also add A if you have\n"
+                                          "a matching payload.",
+
+                                          "Enable loading external FIRMs and\n"
+                                          "system modules.\n\n"
+                                          "This isn't needed in most cases.\n\n"
+                                          "Refer to the wiki for instructions.",
+
+                                          "Enable overriding the region and\n"
+                                          "language configuration and the usage\n"
+                                          "of patched code binaries,\n"
+                                          "IPS code patches and LayeredFS\n"
+                                          "for specific games.\n\n"
+                                          "Also makes certain DLCs\n"
+                                          "for out-of-region games work.\n\n"
+                                          "Enabling this requires the\n"
+                                          "archive patch to be applied.\n\n"
+                                          "Refer to the wiki for instructions.",
+
+                                          "Enable showing the current NAND/FIRM:\n\n"
+                                          "\t* Sys  = SysNAND\n"
+                                          "\t* Emu  = EmuNAND 1\n"
+                                          "\t* EmuX = EmuNAND X\n"
+                                          "\t* SysE = SysNAND with EmuNAND 1 FIRM\n"
+                                          "\t* SyEX = SysNAND with EmuNAND X FIRM\n"
+                                          "\t* EmuS = EmuNAND 1 with SysNAND FIRM\n"
+                                          "\t* EmXS = EmuNAND X with SysNAND FIRM\n\n"
+                                          "or an user-defined custom string in\n"
+                                          "System Settings.\n\n"
+                                          "Refer to the wiki for instructions.",
+
+                                          "Enable showing the GBA boot screen\n"
+                                          "when booting GBA games.",
+
+                                          "Disable SVC, service, archive and ARM9\n"
+                                          "exheader access checks.\n\n"
+                                          "The service and archive patches\n"
+                                          "don't work on New 3DS FIRMs between\n"
+                                          "9.3 and 10.4.\n\n"
+                                          "Only select this if you know what you\n"
+                                          "are doing!",
+
+                                          "Make the console be always detected\n"
+                                          "as a development unit, and conversely.\n"
+                                          "(which breaks online features, amiibo\n"
+                                          "and retail CIAs, but allows installing\n"
+                                          "and booting some developer software).\n\n"
+                                          "Only select this if you know what you\n"
+                                          "are doing!",
+
+                                          "Enable Luma3DS's ARM9/ARM11 exception\n"
+                                          "handlers. Luma3DS should be ran as\n"
+                                          "boot.firm\n\n"
+                                          "Useful for debugging."
+                                       };
 
     struct multiOption {
-        int posXs[4];
-        int posY;
+        u32 posXs[4];
+        u32 posY;
         u32 enabled;
+        bool visible;
     } multiOptions[] = {
-        { .posXs = {21, 26, 31, 36} },
-        { .posXs = {17, 26, 32, 44} }
+        { .posXs = {19, 24, 29, 34}, .visible = isSdMode },
+        { .posXs = {21, 26, 31, 36}, .visible = true },
+        { .posXs = {12, 22, 31, 0}, .visible = true  },
+        { .posXs = {14, 19, 24, 29}, .visible = true },
+        { .posXs = {17, 26, 32, 44}, .visible = ISN3DS },
+    };
+
+    struct singleOption {
+        u32 posY;
+        bool enabled;
+        bool visible;
+    } singleOptions[] = {
+        { .visible = isSdMode },
+        { .visible = isSdMode },
+        { .visible = true },
+        { .visible = true },
+        { .visible = true },
+        { .visible = true },
+        { .visible = true },
+        { .visible = true },
+        { .visible = true }
     };
 
     //Calculate the amount of the various kinds of options and pre-select the first single one
     u32 multiOptionsAmount = sizeof(multiOptions) / sizeof(struct multiOption),
-        singleOptionsAmount = sizeof(singleOptionsText) / sizeof(char *),
+        singleOptionsAmount = sizeof(singleOptions) / sizeof(struct singleOption),
         totalIndexes = multiOptionsAmount + singleOptionsAmount - 1,
-        selectedOption = multiOptionsAmount;
-
-    struct singleOption {
-        int posY;
-        bool enabled;
-    } singleOptions[singleOptionsAmount];
+        selectedOption,
+        singleSelected;
+    bool isMultiOption = false;
 
     //Parse the existing options
     for(u32 i = 0; i < multiOptionsAmount; i++)
@@ -72,63 +237,102 @@ void configureCFW(const char *configPath)
     for(u32 i = 0; i < singleOptionsAmount; i++)
         singleOptions[i].enabled = CONFIG(i);
 
+    initScreens();
+
+    drawString(true, 10, 10, COLOR_TITLE, CONFIG_TITLE);
+    drawString(true, 10, 10 + SPACING_Y, COLOR_TITLE, "Press A to select, START to save");
+
     //Character to display a selected option
     char selected = 'x';
 
-    int endPos = 42;
+    u32 endPos = 10 + 2 * SPACING_Y;
 
     //Display all the multiple choice options in white
     for(u32 i = 0; i < multiOptionsAmount; i++)
     {
+        if(!multiOptions[i].visible) continue;
+
         multiOptions[i].posY = endPos + SPACING_Y;
-        endPos = drawString(multiOptionsText[i], 10, multiOptions[i].posY, COLOR_WHITE);
-        drawCharacter(selected, 10 + multiOptions[i].posXs[multiOptions[i].enabled] * SPACING_X, multiOptions[i].posY, COLOR_WHITE);
+        endPos = drawString(true, 10, multiOptions[i].posY, COLOR_WHITE, multiOptionsText[i]);
+        drawCharacter(true, 10 + multiOptions[i].posXs[multiOptions[i].enabled] * SPACING_X, multiOptions[i].posY, COLOR_WHITE, selected);
     }
 
     endPos += SPACING_Y / 2;
-    u32 color = COLOR_RED;
 
     //Display all the normal options in white except for the first one
-    for(u32 i = 0; i < singleOptionsAmount; i++)
+    for(u32 i = 0, color = COLOR_RED; i < singleOptionsAmount; i++)
     {
+        if(!singleOptions[i].visible) continue;
+
         singleOptions[i].posY = endPos + SPACING_Y;
-        endPos = drawString(singleOptionsText[i], 10, singleOptions[i].posY, color);
-        if(singleOptions[i].enabled) drawCharacter(selected, 10 + SPACING_X, singleOptions[i].posY, color);
-        color = COLOR_WHITE;
+        endPos = drawString(true, 10, singleOptions[i].posY, color, singleOptionsText[i]);
+        if(singleOptions[i].enabled) drawCharacter(true, 10 + SPACING_X, singleOptions[i].posY, color, selected);
+
+        if(color == COLOR_RED)
+        {
+            singleSelected = i;
+            selectedOption = i + multiOptionsAmount;
+            color = COLOR_WHITE;
+        }
     }
 
-    u32 pressed = 0;
+    drawString(false, 10, 10, COLOR_WHITE, optionsDescription[selectedOption]);
 
     //Boring configuration menu
-    while(pressed != BUTTON_START)
+    while(true)
     {
+        u32 pressed;
         do
         {
-            pressed = waitInput();
+            pressed = waitInput(true);
         }
         while(!(pressed & MENU_BUTTONS));
 
+        if(pressed == BUTTON_START) break;
+
         if(pressed != BUTTON_A)
         {
             //Remember the previously selected option
             u32 oldSelectedOption = selectedOption;
 
-            switch(pressed)
+            while(true)
             {
-                case BUTTON_UP:
-                    selectedOption = !selectedOption ? totalIndexes : selectedOption - 1;
+                switch(pressed)
+                {
+                    case BUTTON_UP:
+                        selectedOption = !selectedOption ? totalIndexes : selectedOption - 1;
+                        break;
+                    case BUTTON_DOWN:
+                        selectedOption = selectedOption == totalIndexes ? 0 : selectedOption + 1;
+                        break;
+                    case BUTTON_LEFT:
+                        pressed = BUTTON_DOWN;
+                        selectedOption = 0;
+                        break;
+                    case BUTTON_RIGHT:
+                        pressed = BUTTON_UP;
+                        selectedOption = totalIndexes;
+                        break;
+                    default:
+                        break;
+                }
+
+                if(selectedOption < multiOptionsAmount)
+                {
+                    if(!multiOptions[selectedOption].visible) continue;
+
+                    isMultiOption = true;
                     break;
-                case BUTTON_DOWN:
-                    selectedOption = selectedOption == totalIndexes ? 0 : selectedOption + 1;
+                }
+                else
+                {
+                    singleSelected = selectedOption - multiOptionsAmount;
+
+                    if(!singleOptions[singleSelected].visible) continue;
+
+                    isMultiOption = false;
                     break;
-                case BUTTON_LEFT:
-                    selectedOption = 0;
-                    break;
-                case BUTTON_RIGHT:
-                    selectedOption = totalIndexes;
-                    break;
-                default:
-                    continue;
+                }
             }
 
             if(selectedOption == oldSelectedOption) continue;
@@ -136,70 +340,60 @@ void configureCFW(const char *configPath)
             //The user moved to a different option, print the old option in white and the new one in red. Only print 'x's if necessary
             if(oldSelectedOption < multiOptionsAmount)
             {
-                drawString(multiOptionsText[oldSelectedOption], 10, multiOptions[oldSelectedOption].posY, COLOR_WHITE);
-                drawCharacter(selected, 10 + multiOptions[oldSelectedOption].posXs[multiOptions[oldSelectedOption].enabled] * SPACING_X, multiOptions[oldSelectedOption].posY, COLOR_WHITE);
+                drawString(true, 10, multiOptions[oldSelectedOption].posY, COLOR_WHITE, multiOptionsText[oldSelectedOption]);
+                drawCharacter(true, 10 + multiOptions[oldSelectedOption].posXs[multiOptions[oldSelectedOption].enabled] * SPACING_X, multiOptions[oldSelectedOption].posY, COLOR_WHITE, selected);
             }
             else
             {
                 u32 singleOldSelected = oldSelectedOption - multiOptionsAmount;
-                drawString(singleOptionsText[singleOldSelected], 10, singleOptions[singleOldSelected].posY, COLOR_WHITE);
-                if(singleOptions[singleOldSelected].enabled) drawCharacter(selected, 10 + SPACING_X, singleOptions[singleOldSelected].posY, COLOR_WHITE);
+                drawString(true, 10, singleOptions[singleOldSelected].posY, COLOR_WHITE, singleOptionsText[singleOldSelected]);
+                if(singleOptions[singleOldSelected].enabled) drawCharacter(true, 10 + SPACING_X, singleOptions[singleOldSelected].posY, COLOR_WHITE, selected);
             }
 
-            if(selectedOption < multiOptionsAmount)
-                drawString(multiOptionsText[selectedOption], 10, multiOptions[selectedOption].posY, COLOR_RED);
-            else
-            {
-                u32 singleSelected = selectedOption - multiOptionsAmount;
-                drawString(singleOptionsText[singleSelected], 10, singleOptions[singleSelected].posY, COLOR_RED);
-            }
+            if(isMultiOption) drawString(true, 10, multiOptions[selectedOption].posY, COLOR_RED, multiOptionsText[selectedOption]);
+            else drawString(true, 10, singleOptions[singleSelected].posY, COLOR_RED, singleOptionsText[singleSelected]);
+
+            drawString(false, 10, 10, COLOR_BLACK, optionsDescription[oldSelectedOption]);
+            drawString(false, 10, 10, COLOR_WHITE, optionsDescription[selectedOption]);
         }
         else
         {
             //The selected option's status changed, print the 'x's accordingly
-            if(selectedOption < multiOptionsAmount)
+            if(isMultiOption)
             {
                 u32 oldEnabled = multiOptions[selectedOption].enabled;
-                drawCharacter(selected, 10 + multiOptions[selectedOption].posXs[oldEnabled] * SPACING_X, multiOptions[selectedOption].posY, COLOR_BLACK);
-                multiOptions[selectedOption].enabled = oldEnabled == 3 ? 0 : oldEnabled + 1;
+                drawCharacter(true, 10 + multiOptions[selectedOption].posXs[oldEnabled] * SPACING_X, multiOptions[selectedOption].posY, COLOR_BLACK, selected);
+                multiOptions[selectedOption].enabled = (oldEnabled == 3 || !multiOptions[selectedOption].posXs[oldEnabled + 1]) ? 0 : oldEnabled + 1;
 
-                if(!selectedOption)
-                    updateBrightness(multiOptions[selectedOption].enabled);
+                if(selectedOption == BRIGHTNESS) updateBrightness(multiOptions[BRIGHTNESS].enabled);
             }
             else
             {
-                bool oldEnabled = singleOptions[selectedOption - multiOptionsAmount].enabled;
-                singleOptions[selectedOption - multiOptionsAmount].enabled = !oldEnabled;
-                if(oldEnabled) drawCharacter(selected, 10 + SPACING_X, singleOptions[selectedOption - multiOptionsAmount].posY, COLOR_BLACK);
+                bool oldEnabled = singleOptions[singleSelected].enabled;
+                singleOptions[singleSelected].enabled = !oldEnabled;
+                if(oldEnabled) drawCharacter(true, 10 + SPACING_X, singleOptions[singleSelected].posY, COLOR_BLACK, selected);
             }
         }
 
         //In any case, if the current option is enabled (or a multiple choice option is selected) we must display a red 'x'
-        if(selectedOption < multiOptionsAmount)
-            drawCharacter(selected, 10 + multiOptions[selectedOption].posXs[multiOptions[selectedOption].enabled] * SPACING_X, multiOptions[selectedOption].posY, COLOR_RED);
-        else
-        {
-            u32 singleSelected = selectedOption - multiOptionsAmount;
-            if(singleOptions[singleSelected].enabled) drawCharacter(selected, 10 + SPACING_X, singleOptions[singleSelected].posY, COLOR_RED);
-        }
+        if(isMultiOption) drawCharacter(true, 10 + multiOptions[selectedOption].posXs[multiOptions[selectedOption].enabled] * SPACING_X, multiOptions[selectedOption].posY, COLOR_RED, selected);
+        else if(singleOptions[singleSelected].enabled) drawCharacter(true, 10 + SPACING_X, singleOptions[singleSelected].posY, COLOR_RED, selected);
     }
 
-    //Preserve the last-used boot options (last 12 bits)
-    config &= 0x3F;
+    //Preserve the last-used boot options (first 9 bits)
+    configData.config &= 0x7F;
 
     //Parse and write the new configuration
     for(u32 i = 0; i < multiOptionsAmount; i++)
-        config |= multiOptions[i].enabled << (i * 2 + 6);
+        configData.config |= multiOptions[i].enabled << (i * 2 + 7);
     for(u32 i = 0; i < singleOptionsAmount; i++)
-        config |= (singleOptions[i].enabled ? 1 : 0) << (i + 16);
+        configData.config |= (singleOptions[i].enabled ? 1 : 0) << (i + 17);
 
-    if(!fileWrite(&config, configPath, 4))
-    {
-        createDirectory("luma");
-        if(!fileWrite(&config, configPath, 4))
-            error("Error writing the configuration file");
-    }
+    u32 newPinMode = MULTICONFIG(PIN);
 
-    //Wait for the pressed buttons to change
-    while(HID_PAD == BUTTON_START);
-}
+    if(newPinMode != 0) newPin(oldPinStatus && newPinMode == oldPinMode, newPinMode);
+    else if(oldPinStatus) fileDelete(PIN_FILE);
+
+    while(HID_PAD & PIN_BUTTONS);
+    wait(2000ULL);
+}

source/config.h

@@ -24,10 +24,47 @@
 
 #include "types.h"
 
-#define CONFIG(a) (((config >> (a + 16)) & 1) != 0)
-#define MULTICONFIG(a) ((config >> (a * 2 + 6)) & 3)
-#define BOOTCONFIG(a, b) ((config >> a) & b)
+#define CONFIG(a)        (((configData.config >> (a + 17)) & 1) != 0)
+#define MULTICONFIG(a)   ((configData.config >> (a * 2 + 7)) & 3)
+#define BOOTCONFIG(a, b) ((configData.config >> a) & b)
 
-extern u32 config;
+#define CONFIG_FILE         "config.bin"
+#define CONFIG_VERSIONMAJOR 1
+#define CONFIG_VERSIONMINOR 11
 
-void configureCFW(const char *configPath);
+#define BOOTCFG_NAND         BOOTCONFIG(0, 7)
+#define BOOTCFG_FIRM         BOOTCONFIG(3, 7)
+#define BOOTCFG_NOFORCEFLAG  BOOTCONFIG(6, 1)
+
+enum multiOptions
+{
+    DEFAULTEMU = 0,
+    BRIGHTNESS,
+    SPLASH,
+    PIN,
+    NEWCPU,
+};
+
+enum singleOptions
+{
+    AUTOBOOTEMU = 0,
+    USEEMUFIRM,
+    LOADEXTFIRMSANDMODULES,
+    PATCHGAMES,
+    PATCHVERSTRING,
+    SHOWGBABOOT,
+    PATCHACCESS,
+    PATCHUNITINFO,
+    ENABLEEXCEPTIONHANDLERS
+};
+
+typedef enum ConfigurationStatus
+{
+    DONT_CONFIGURE = 0,
+    MODIFY_CONFIGURATION,
+    CREATE_CONFIGURATION
+} ConfigurationStatus;
+
+bool readConfig(void);
+void writeConfig(bool isPayloadLaunch);
+void configMenu(bool isSdMode, bool oldPinStatus, u32 oldPinMode);

source/crypto.c

@@ -22,10 +22,15 @@
 
 /*
 *   Crypto libs from http://github.com/b1l1s/ctr
+*   kernel9Loader code originally adapted from https://github.com/Reisyukaku/ReiNand/blob/228c378255ba693133dec6f3368e14d386f2cde7/source/crypto.c#L233
+*   decryptNusFirm code adapted from https://github.com/mid-kid/CakesForeveryWan/blob/master/source/firm.c
+*   ctrNandWrite logic adapted from https://github.com/d0k3/GodMode9/blob/master/source/nand/nand.c
 */
 
 #include "crypto.h"
 #include "memory.h"
+#include "strings.h"
+#include "utils.h"
 #include "fatfs/sdmmc/sdmmc.h"
 
 /****************************************************************
@@ -80,15 +85,36 @@ __asm__\
 
 static void aes_setkey(u8 keyslot, const void *key, u32 keyType, u32 mode)
 {
-    if(keyslot <= 0x03) return; // Ignore TWL keys for now
     u32 *key32 = (u32 *)key;
     *REG_AESCNT = (*REG_AESCNT & ~(AES_CNT_INPUT_ENDIAN | AES_CNT_INPUT_ORDER)) | mode;
-    *REG_AESKEYCNT = (*REG_AESKEYCNT >> 6 << 6) | keyslot | AES_KEYCNT_WRITE;
 
-    REG_AESKEYFIFO[keyType] = key32[0];
-    REG_AESKEYFIFO[keyType] = key32[1];
-    REG_AESKEYFIFO[keyType] = key32[2];
-    REG_AESKEYFIFO[keyType] = key32[3];
+    if(keyslot <= 3)
+    {
+        if((mode & AES_CNT_INPUT_ORDER) == AES_INPUT_REVERSED)
+        {
+            REGs_AESTWLKEYS[keyslot][keyType][0] = key32[3];
+            REGs_AESTWLKEYS[keyslot][keyType][1] = key32[2];
+            REGs_AESTWLKEYS[keyslot][keyType][2] = key32[1];
+            REGs_AESTWLKEYS[keyslot][keyType][3] = key32[0];
+        }
+        else
+        {
+            REGs_AESTWLKEYS[keyslot][keyType][0] = key32[0];
+            REGs_AESTWLKEYS[keyslot][keyType][1] = key32[1];
+            REGs_AESTWLKEYS[keyslot][keyType][2] = key32[2];
+            REGs_AESTWLKEYS[keyslot][keyType][3] = key32[3];
+        }
+    }
+
+    else if(keyslot < 0x40)
+    {
+        *REG_AESKEYCNT = (*REG_AESKEYCNT >> 6 << 6) | keyslot | AES_KEYCNT_WRITE;
+
+        REG_AESKEYFIFO[keyType] = key32[0];
+        REG_AESKEYFIFO[keyType] = key32[1];
+        REG_AESKEYFIFO[keyType] = key32[2];
+        REG_AESKEYFIFO[keyType] = key32[3];
+    }
 }
 
 static void aes_use_keyslot(u8 keyslot)
@@ -105,7 +131,7 @@ static void aes_setiv(const void *iv, u32 mode)
     const u32 *iv32 = (const u32 *)iv;
     *REG_AESCNT = (*REG_AESCNT & ~(AES_CNT_INPUT_ENDIAN | AES_CNT_INPUT_ORDER)) | mode;
 
-    // Word order for IV can't be changed in REG_AESCNT and always default to reversed
+    //Word order for IV can't be changed in REG_AESCNT and always default to reversed
     if(mode & AES_INPUT_NORMAL)
     {
         REG_AESCTR[0] = iv32[3];
@@ -125,14 +151,14 @@ static void aes_setiv(const void *iv, u32 mode)
 static void aes_advctr(void *ctr, u32 val, u32 mode)
 {
     u32 *ctr32 = (u32 *)ctr;
-    
+
     int i;
     if(mode & AES_INPUT_BE)
     {
-        for(i = 0; i < 4; ++i) // Endian swap
+        for(i = 0; i < 4; ++i) //Endian swap
             BSWAP32(ctr32[i]);
     }
-    
+
     if(mode & AES_INPUT_NORMAL)
     {
         ADD_u128_u32(ctr32[3], ctr32[2], ctr32[1], ctr32[0], val);
@@ -141,10 +167,10 @@ static void aes_advctr(void *ctr, u32 val, u32 mode)
     {
         ADD_u128_u32(ctr32[0], ctr32[1], ctr32[2], ctr32[3], val);
     }
-    
+
     if(mode & AES_INPUT_BE)
     {
-        for(i = 0; i < 4; ++i) // Endian swap
+        for(i = 0; i < 4; ++i) //Endian swap
             BSWAP32(ctr32[i]);
     }
 }
@@ -175,16 +201,16 @@ static void aes_batch(void *dst, const void *src, u32 blockCount)
 {
     *REG_AESBLKCNT = blockCount << 16;
     *REG_AESCNT |=  AES_CNT_START;
-    
+
     const u32 *src32    = (const u32 *)src;
     u32 *dst32          = (u32 *)dst;
-    
+
     u32 wbc = blockCount;
     u32 rbc = blockCount;
-    
+
     while(rbc)
     {
-        if(wbc && ((*REG_AESCNT & 0x1F) <= 0xC)) // There's space for at least 4 ints
+        if(wbc && ((*REG_AESCNT & 0x1F) <= 0xC)) //There's space for at least 4 ints
         {
             *REG_AESWRFIFO = *src32++;
             *REG_AESWRFIFO = *src32++;
@@ -192,8 +218,8 @@ static void aes_batch(void *dst, const void *src, u32 blockCount)
             *REG_AESWRFIFO = *src32++;
             wbc--;
         }
-        
-        if(rbc && ((*REG_AESCNT & (0x1F << 0x5)) >= (0x4 << 0x5))) // At least 4 ints available for read
+
+        if(rbc && ((*REG_AESCNT & (0x1F << 0x5)) >= (0x4 << 0x5))) //At least 4 ints available for read
         {
             *dst32++ = *REG_AESRDFIFO;
             *dst32++ = *REG_AESRDFIFO;
@@ -204,7 +230,7 @@ static void aes_batch(void *dst, const void *src, u32 blockCount)
     }
 }
 
-static void aes(void *dst, const void *src, u32 blockCount, void *iv, u32 mode, u32 ivMode)
+void aes(void *dst, const void *src, u32 blockCount, void *iv, u32 mode, u32 ivMode)
 {
     *REG_AESCNT =   mode |
                     AES_CNT_INPUT_ORDER | AES_CNT_OUTPUT_ORDER |
@@ -220,24 +246,24 @@ static void aes(void *dst, const void *src, u32 blockCount, void *iv, u32 mode,
 
         blocks = (blockCount >= 0xFFFF) ? 0xFFFF : blockCount;
 
-        // Save the last block for the next decryption CBC batch's iv
+        //Save the last block for the next decryption CBC batch's iv
         if((mode & AES_ALL_MODES) == AES_CBC_DECRYPT_MODE)
         {
             memcpy(iv, src + (blocks - 1) * AES_BLOCK_SIZE, AES_BLOCK_SIZE);
             aes_change_ctrmode(iv, AES_INPUT_BE | AES_INPUT_NORMAL, ivMode);
         }
 
-        // Process the current batch
+        //Process the current batch
         aes_batch(dst, src, blocks);
 
-        // Save the last block for the next encryption CBC batch's iv
+        //Save the last block for the next encryption CBC batch's iv
         if((mode & AES_ALL_MODES) == AES_CBC_ENCRYPT_MODE)
         {
             memcpy(iv, dst + (blocks - 1) * AES_BLOCK_SIZE, AES_BLOCK_SIZE);
             aes_change_ctrmode(iv, AES_INPUT_BE | AES_INPUT_NORMAL, ivMode);
         }
-        
-        // Advance counter for CTR mode
+
+        //Advance counter for CTR mode
         else if((mode & AES_ALL_MODES) == AES_CTR_MODE)
             aes_advctr(iv, blocks, ivMode);
 
@@ -252,11 +278,11 @@ static void sha_wait_idle()
     while(*REG_SHA_CNT & 1);
 }
 
-static void sha(void *res, const void *src, u32 size, u32 mode)
+void sha(void *res, const void *src, u32 size, u32 mode)
 {
     sha_wait_idle();
     *REG_SHA_CNT = mode | SHA_CNT_OUTPUT_ENDIAN | SHA_NORMAL_ROUND;
-    
+
     const u32 *src32 = (const u32 *)src;
     int i;
     while(size >= 0x40)
@@ -272,15 +298,15 @@ static void sha(void *res, const void *src, u32 size, u32 mode)
 
         size -= 0x40;
     }
-    
+
     sha_wait_idle();
     memcpy((void *)REG_SHA_INFIFO, src32, size);
-    
+
     *REG_SHA_CNT = (*REG_SHA_CNT & ~SHA_NORMAL_ROUND) | SHA_FINAL_ROUND;
-    
+
     while(*REG_SHA_CNT & SHA_FINAL_ROUND);
     sha_wait_idle();
-    
+
     u32 hashSize = SHA_256_HASH_SIZE;
     if(mode == SHA_224_MODE)
         hashSize = SHA_224_HASH_SIZE;
@@ -290,28 +316,26 @@ static void sha(void *res, const void *src, u32 size, u32 mode)
     memcpy(res, (void *)REG_SHA_HASH, hashSize);
 }
 
-/****************************************************************
-*                  NAND/FIRM crypto
-****************************************************************/
+/*****************************************************************/
 
-static u8 __attribute__((aligned(4))) nandCTR[0x10];
+__attribute__((aligned(4))) static u8 nandCtr[AES_BLOCK_SIZE];
 static u8 nandSlot;
-
 static u32 fatStart;
 
-//Initialize the CTRNAND crypto
+FirmwareSource firmSource;
+
 void ctrNandInit(void)
 {
-    u8 __attribute__((aligned(4))) cid[0x10];
-    u8 __attribute__((aligned(4))) shaSum[0x20];
+    __attribute__((aligned(4))) u8 cid[AES_BLOCK_SIZE],
+                                   shaSum[SHA_256_HASH_SIZE];
 
     sdmmc_get_cid(1, (u32 *)cid);
-    sha(shaSum, cid, 0x10, SHA_256_MODE);
-    memcpy(nandCTR, shaSum, 0x10);
+    sha(shaSum, cid, sizeof(cid), SHA_256_MODE);
+    memcpy(nandCtr, shaSum, sizeof(nandCtr));
 
-    if(isN3DS)
+    if(ISN3DS)
     {
-        u8 __attribute__((aligned(4))) keyY0x5[0x10] = {0x4D, 0x80, 0x4F, 0x4E, 0x99, 0x90, 0x19, 0x46, 0x13, 0xA2, 0x04, 0xAC, 0x58, 0x44, 0x60, 0xBE};
+        __attribute__((aligned(4))) u8 keyY0x5[AES_BLOCK_SIZE] = {0x4D, 0x80, 0x4F, 0x4E, 0x99, 0x90, 0x19, 0x46, 0x13, 0xA2, 0x04, 0xAC, 0x58, 0x44, 0x60, 0xBE};
         aes_setkey(0x05, keyY0x5, AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL);
 
         nandSlot = 0x05;
@@ -324,15 +348,14 @@ void ctrNandInit(void)
     }
 }
 
-//Read and decrypt from the selected CTRNAND
-u32 ctrNandRead(u32 sector, u32 sectorCount, u8 *outbuf)
+int ctrNandRead(u32 sector, u32 sectorCount, u8 *outbuf)
 {
-    u8 __attribute__((aligned(4))) tmpCTR[0x10];
-    memcpy(tmpCTR, nandCTR, 0x10);
-    aes_advctr(tmpCTR, ((sector + fatStart) * 0x200) / AES_BLOCK_SIZE, AES_INPUT_BE | AES_INPUT_NORMAL);
+    __attribute__((aligned(4))) u8 tmpCtr[sizeof(nandCtr)];
+    memcpy(tmpCtr, nandCtr, sizeof(nandCtr));
+    aes_advctr(tmpCtr, ((sector + fatStart) * 0x200) / AES_BLOCK_SIZE, AES_INPUT_BE | AES_INPUT_NORMAL);
 
     //Read
-    u32 result;
+    int result;
     if(firmSource == FIRMWARE_SYSNAND)
         result = sdmmc_nand_readsectors(sector + fatStart, sectorCount, outbuf);
     else
@@ -343,128 +366,143 @@ u32 ctrNandRead(u32 sector, u32 sectorCount, u8 *outbuf)
 
     //Decrypt
     aes_use_keyslot(nandSlot);
-    aes(outbuf, outbuf, sectorCount * 0x200 / AES_BLOCK_SIZE, tmpCTR, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
+    aes(outbuf, outbuf, sectorCount * 0x200 / AES_BLOCK_SIZE, tmpCtr, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
 
     return result;
 }
 
-//Sets the 7.x NCCH KeyX and the 6.x gamecard save data KeyY
-void setRSAMod0DerivedKeys(void)
+int ctrNandWrite(u32 sector, u32 sectorCount, const u8 *inbuf)
 {
-    if(!isDevUnit)
+    u8 *buffer = (u8 *)0x23000000;
+    u32 bufferSize = 0xF00000;
+
+    __attribute__((aligned(4))) u8 tmpCtr[sizeof(nandCtr)];
+    memcpy(tmpCtr, nandCtr, sizeof(nandCtr));
+    aes_advctr(tmpCtr, ((sector + fatStart) * 0x200) / AES_BLOCK_SIZE, AES_INPUT_BE | AES_INPUT_NORMAL);
+    aes_use_keyslot(nandSlot);
+
+    int result = 0;
+    for(u32 tempSector = 0; tempSector < sectorCount && !result; tempSector += bufferSize / 0x200)
     {
-        const u8 __attribute__((aligned(4))) keyX0x25[0x10] = {0xCE, 0xE7, 0xD8, 0xAB, 0x30, 0xC0, 0x0D, 0xAE, 0x85, 0x0E, 0xF5, 0xE3, 0x82, 0xAC, 0x5A, 0xF3};
-        const u8 __attribute__((aligned(4))) keyY0x2F[0x10] = {0xC3, 0x69, 0xBA, 0xA2, 0x1E, 0x18, 0x8A, 0x88, 0xA9, 0xAA, 0x94, 0xE5, 0x50, 0x6A, 0x9F, 0x16};
+        u32 tempCount = (bufferSize / 0x200) < (sectorCount - tempSector) ? (bufferSize / 0x200) : (sectorCount - tempSector);
 
-        aes_setkey(0x25, keyX0x25, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
-        aes_setkey(0x2F, keyY0x2F, AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL);
+        memcpy(buffer, inbuf + (tempSector * 0x200), tempCount * 0x200);
 
-        /* [3dbrew] The first 0x10-bytes are checked by the v6.0/v7.0 NATIVE_FIRM keyinit function, 
-                    when non-zero it clears this block and continues to do the key generation.
-                    Otherwise when this block was already all-zero, it immediately returns. */
-        memset32((void *)0x01FFCD00, 0, 0x10);
+        //Encrypt
+        aes(buffer, buffer, tempCount * 0x200 / AES_BLOCK_SIZE, tmpCtr, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
+
+        //Write
+        result = sdmmc_nand_writesectors(tempSector + sector + fatStart, tempCount, buffer);
     }
+
+    return result;
 }
 
-//Decrypt a FIRM ExeFS
-void decryptExeFs(u8 *inbuf)
+bool decryptExeFs(Cxi *cxi)
 {
-    u8 *exeFsOffset = inbuf + *(u32 *)(inbuf + 0x1A0) * 0x200;
-    u32 exeFsSize = *(u32 *)(inbuf + 0x1A4) * 0x200;
-    u8 ncchCTR[0x10] = {0};
+    if(memcmp(cxi->ncch.magic, "NCCH", 4) != 0) return false;
+
+    u8 *exeFsOffset = (u8 *)cxi + (cxi->ncch.exeFsOffset + 1) * 0x200;
+    u32 exeFsSize = (cxi->ncch.exeFsSize - 1) * 0x200;
+    __attribute__((aligned(4))) u8 ncchCtr[AES_BLOCK_SIZE] = {0};
 
     for(u32 i = 0; i < 8; i++)
-        ncchCTR[7 - i] = *(inbuf + 0x108 + i);
-    ncchCTR[8] = 2;
+        ncchCtr[7 - i] = cxi->ncch.partitionId[i];
+    ncchCtr[8] = 2;
 
-    aes_setkey(0x2C, inbuf, AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL);
-    aes_setiv(ncchCTR, AES_INPUT_BE | AES_INPUT_NORMAL);
+    aes_setkey(0x2C, cxi, AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL);
+    aes_advctr(ncchCtr, 0x200 / AES_BLOCK_SIZE, AES_INPUT_BE | AES_INPUT_NORMAL);
     aes_use_keyslot(0x2C);
-    aes(inbuf - 0x200, exeFsOffset, exeFsSize / AES_BLOCK_SIZE, ncchCTR, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
+    aes(cxi, exeFsOffset, exeFsSize / AES_BLOCK_SIZE, ncchCtr, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
+
+    return memcmp(cxi, "FIRM", 4) == 0;
 }
 
-/* ARM9Loader replacement
-   Originally adapted from: https://github.com/Reisyukaku/ReiNand/blob/228c378255ba693133dec6f3368e14d386f2cde7/source/crypto.c#L233 */
-void arm9Loader(u8 *arm9Section)
+bool decryptNusFirm(const Ticket *ticket, Cxi *cxi, u32 ncchSize)
 {
-    //Determine the arm9loader version
-    u32 a9lVersion;
-    switch(arm9Section[0x53])
+    if(memcmp(ticket->sigIssuer, "Root", 4) != 0) return false;
+
+    __attribute__((aligned(4))) const u8 keyY0x3D[AES_BLOCK_SIZE] = {0x0C, 0x76, 0x72, 0x30, 0xF0, 0x99, 0x8F, 0x1C, 0x46, 0x82, 0x82, 0x02, 0xFA, 0xAC, 0xBE, 0x4C};
+    __attribute__((aligned(4))) u8 titleKey[AES_BLOCK_SIZE],
+                                   cetkIv[AES_BLOCK_SIZE] = {0};
+    memcpy(titleKey, ticket->titleKey, sizeof(titleKey));
+    memcpy(cetkIv, ticket->titleId, sizeof(ticket->titleId));
+
+    aes_setkey(0x3D, keyY0x3D, AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL);
+    aes_use_keyslot(0x3D);
+    aes(titleKey, titleKey, 1, cetkIv, AES_CBC_DECRYPT_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
+
+    __attribute__((aligned(4))) u8 ncchIv[AES_BLOCK_SIZE] = {0};
+
+    aes_setkey(0x16, titleKey, AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
+    aes_use_keyslot(0x16);
+    aes(cxi, cxi, ncchSize / AES_BLOCK_SIZE, ncchIv, AES_CBC_DECRYPT_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
+
+    return decryptExeFs(cxi);
+}
+
+void kernel9Loader(Arm9Bin *arm9Section)
+{
+    //Determine the kernel9loader version
+    u32 k9lVersion;
+    switch(arm9Section->magic[3])
     {
         case 0xFF:
-            a9lVersion = 0;
+            k9lVersion = 0;
             break;
         case '1':
-            a9lVersion = 1;
+            k9lVersion = 1;
             break;
         default:
-            a9lVersion = 2;
-            break;
+            k9lVersion = 2;
     }
 
-    //Firm keys
-    u8 __attribute__((aligned(4))) keyY[0x10];
-    u8 __attribute__((aligned(4))) arm9BinCTR[0x10];
-    u8 arm9BinSlot = a9lVersion ? 0x16 : 0x15;
+    u32 *startOfArm9Bin = (u32 *)((u8 *)arm9Section + 0x800);
+    if(*startOfArm9Bin == 0x47704770 || *startOfArm9Bin == 0xB0862000) return; //Already decrypted
 
-    //Setup keys needed for arm9bin decryption
-    memcpy(keyY, arm9Section + 0x10, 0x10);
-    memcpy(arm9BinCTR, arm9Section + 0x20, 0x10);
+    //Set 0x11 keyslot
+    __attribute__((aligned(4))) const u8 key1s[2][AES_BLOCK_SIZE] = {
+        {0x07, 0x29, 0x44, 0x38, 0xF8, 0xC9, 0x75, 0x93, 0xAA, 0x0E, 0x4A, 0xB4, 0xAE, 0x84, 0xC1, 0xD8},
+        {0xA2, 0xF4, 0x00, 0x3C, 0x7A, 0x95, 0x10, 0x25, 0xDF, 0x4E, 0x9E, 0x74, 0xE3, 0x0C, 0x92, 0x99}
+    },
+                                         key2s[2][AES_BLOCK_SIZE] = {
+        {0x42, 0x3F, 0x81, 0x7A, 0x23, 0x52, 0x58, 0x31, 0x6E, 0x75, 0x8E, 0x3A, 0x39, 0x43, 0x2E, 0xD0},
+        {0xFF, 0x77, 0xA0, 0x9A, 0x99, 0x81, 0xE9, 0x48, 0xEC, 0x51, 0xC9, 0x32, 0x5D, 0x14, 0xEC, 0x25}
+    };
 
-    //Calculate the size of the ARM9 binary
-    u32 arm9BinSize = 0;
-    //http://stackoverflow.com/questions/12791077/atoi-implementation-in-c
-    for(u8 *tmp = arm9Section + 0x30; *tmp; tmp++)
-        arm9BinSize = (arm9BinSize << 3) + (arm9BinSize << 1) + *tmp - '0';
+    aes_setkey(0x11, k9lVersion == 2 ? key2s[ISDEVUNIT ? 1 : 0] : key1s[ISDEVUNIT ? 1 : 0], AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
 
-    if(a9lVersion)
-    {
-        u8 __attribute__((aligned(4))) keyX[0x10];
+    u8 arm9BinSlot = k9lVersion == 0 ? 0x15 : 0x16;
 
-        if(!isDevUnit)
-        {
-            const u8 __attribute__((aligned(4))) key1[0x10] = {0x07, 0x29, 0x44, 0x38, 0xF8, 0xC9, 0x75, 0x93, 0xAA, 0x0E, 0x4A, 0xB4, 0xAE, 0x84, 0xC1, 0xD8};
-            const u8 __attribute__((aligned(4))) key2[0x10] = {0x42, 0x3F, 0x81, 0x7A, 0x23, 0x52, 0x58, 0x31, 0x6E, 0x75, 0x8E, 0x3A, 0x39, 0x43, 0x2E, 0xD0};
-
-            aes_setkey(0x11, a9lVersion == 2 ? key2 : key1, AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
-        }
-
-        aes_use_keyslot(0x11);
-        aes(keyX, arm9Section + 0x60, 1, NULL, AES_ECB_DECRYPT_MODE, 0);
-        aes_setkey(arm9BinSlot, keyX, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
-    }
+    //Set keyX
+    __attribute__((aligned(4))) u8 keyX[AES_BLOCK_SIZE];
+    aes_use_keyslot(0x11);
+    aes(keyX, k9lVersion == 0 ? arm9Section->keyX : arm9Section->slot0x16keyX, 1, NULL, AES_ECB_DECRYPT_MODE, 0);
+    aes_setkey(arm9BinSlot, keyX, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
 
+    //Set keyY
+    __attribute__((aligned(4))) u8 keyY[AES_BLOCK_SIZE];
+    memcpy(keyY, arm9Section->keyY, sizeof(keyY));
     aes_setkey(arm9BinSlot, keyY, AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL);
-    aes_setiv(arm9BinCTR, AES_INPUT_BE | AES_INPUT_NORMAL);
+
+    //Set CTR
+    __attribute__((aligned(4))) u8 arm9BinCtr[AES_BLOCK_SIZE];
+    memcpy(arm9BinCtr, arm9Section->ctr, sizeof(arm9BinCtr));
+
+    //Decrypt ARM9 binary
     aes_use_keyslot(arm9BinSlot);
+    aes(startOfArm9Bin, startOfArm9Bin, decAtoi(arm9Section->size, sizeof(arm9Section->size)) / AES_BLOCK_SIZE, arm9BinCtr, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
 
-    //Decrypt arm9bin
-    aes(arm9Section + 0x800, arm9Section + 0x800, arm9BinSize / AES_BLOCK_SIZE, arm9BinCTR, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
-
-    //Set >=9.6 KeyXs
-    if(a9lVersion == 2 && !isDevUnit)
-    {
-        u8 __attribute__((aligned(4))) keyData[0x10] = {0xDD, 0xDA, 0xA4, 0xC6, 0x2C, 0xC4, 0x50, 0xE9, 0xDA, 0xB6, 0x9B, 0x0D, 0x9D, 0x2A, 0x21, 0x98};
-        u8 __attribute__((aligned(4))) decKey[0x10];
-
-        //Set keys 0x19..0x1F keyXs
-        aes_use_keyslot(0x11);
-        for(u8 slot = 0x19; slot < 0x20; slot++, keyData[0xF]++)
-        {
-            aes(decKey, keyData, 1, NULL, AES_ECB_DECRYPT_MODE, 0);
-            aes_setkey(slot, decKey, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
-        }
-    }
+    if(*startOfArm9Bin != 0x47704770 && *startOfArm9Bin != 0xB0862000) error("Failed to decrypt the ARM9 binary.");
 }
 
-void computePINHash(u8 out[32], u8 *in, u32 blockCount)
+void computePinHash(u8 *outbuf, const u8 *inbuf)
 {
-    u8 __attribute__((aligned(4))) cid[0x10];
-    u8 __attribute__((aligned(4))) cipherText[0x10];
+    __attribute__((aligned(4))) u8 cid[AES_BLOCK_SIZE],
+                                   cipherText[AES_BLOCK_SIZE];
+
     sdmmc_get_cid(1, (u32 *)cid);
-
-    aes_use_keyslot(4); // console-unique keyslot which keys are set by the Arm9 bootROM
-    aes(cipherText, in, blockCount, cid, AES_CBC_ENCRYPT_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
-
-    sha(out, cipherText, 0x10, SHA_256_MODE);
-}
+    aes_use_keyslot(0x04); //Console-unique keyslot whose keys are set by the ARM9 bootROM
+    aes(cipherText, inbuf, 1, cid, AES_CBC_ENCRYPT_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
+    sha(outbuf, cipherText, sizeof(cipherText), SHA_256_MODE);
+}

source/crypto.h

@@ -22,6 +22,9 @@
 
 /*
 *   Crypto libs from http://github.com/b1l1s/ctr
+*   kernel9Loader code originally adapted from https://github.com/Reisyukaku/ReiNand/blob/228c378255ba693133dec6f3368e14d386f2cde7/source/crypto.c#L233
+*   decryptNusFirm code adapted from https://github.com/mid-kid/CakesForeveryWan/blob/master/source/firm.c
+*   ctrNandWrite logic adapted from https://github.com/d0k3/GodMode9/blob/master/source/nand/nand.c
 */
 
 #pragma once
@@ -41,6 +44,8 @@
 #define REG_AESKEYXFIFO     ((vu32 *)0x10009104)
 #define REG_AESKEYYFIFO     ((vu32 *)0x10009108)
 
+#define REGs_AESTWLKEYS     (*((vu32 (*)[4][3][4])0x10009040))
+
 #define AES_CCM_DECRYPT_MODE    (0u << 27)
 #define AES_CCM_ENCRYPT_MODE    (1u << 27)
 #define AES_CTR_MODE            (2u << 27)
@@ -100,14 +105,15 @@
 #define SHA_1_HASH_SIZE     (160 / 8)
 
 extern u32 emuOffset;
-extern bool isN3DS;
-extern bool isDevUnit;
 extern FirmwareSource firmSource;
 
-void ctrNandInit(void);
-u32 ctrNandRead(u32 sector, u32 sectorCount, u8 *outbuf);
-void setRSAMod0DerivedKeys(void);
-void decryptExeFs(u8 *inbuf);
-void arm9Loader(u8 *arm9Section);
+void aes(void *dst, const void *src, u32 blockCount, void *iv, u32 mode, u32 ivMode);
+void sha(void *res, const void *src, u32 size, u32 mode);
 
-void computePINHash(u8 out[32], u8 *in, u32 blockCount);
+void ctrNandInit(void);
+int ctrNandRead(u32 sector, u32 sectorCount, u8 *outbuf);
+int ctrNandWrite(u32 sector, u32 sectorCount, const u8 *inbuf);
+bool decryptExeFs(Cxi *cxi);
+bool decryptNusFirm(const Ticket *ticket, Cxi *cxi, u32 ncchSize);
+void kernel9Loader(Arm9Bin *arm9Section);
+void computePinHash(u8 *outbuf, const u8 *inbuf);

source/draw.c

@@ -22,52 +22,54 @@
 
 /*
 *   Code to print to the screen by mid-kid @CakesFW
-*      https://github.com/mid-kid/CakesForeveryWan/
+*   https://github.com/mid-kid/CakesForeveryWan
 */
 
 #include "draw.h"
+#include "strings.h"
 #include "screen.h"
 #include "utils.h"
 #include "fs.h"
+#include "fmt.h"
 #include "font.h"
 
-static inline int strlen(const char *string)
-{
-    char *stringEnd = (char *)string;
-
-    while(*stringEnd) stringEnd++;
-
-    return stringEnd - string;
-}
-
 bool loadSplash(void)
 {
-    //Don't delay boot nor init the screens if no splash image is on the SD
-    if(getFileSize("/luma/splash.bin") + getFileSize("/luma/splash.bin") == 0)
-        return false;
-    
+    const char *topSplashFile = "splash.bin",
+               *bottomSplashFile = "splashbottom.bin";
+
+    bool isTopSplashValid = getFileSize(topSplashFile) == SCREEN_TOP_FBSIZE,
+         isBottomSplashValid = getFileSize(bottomSplashFile) == SCREEN_BOTTOM_FBSIZE;
+
+    //Don't delay boot nor init the screens if no splash images or invalid splash images are on the SD
+    if(!isTopSplashValid && !isBottomSplashValid) return false;
+
     initScreens();
+    clearScreens(true);
 
-    fileRead(fb->top_left, "/luma/splash.bin");
-    fileRead(fb->bottom, "/luma/splashbottom.bin");
+    if(isTopSplashValid) isTopSplashValid = fileRead(fbs[1].top_left, topSplashFile, SCREEN_TOP_FBSIZE) == SCREEN_TOP_FBSIZE;
+    if(isBottomSplashValid) isBottomSplashValid = fileRead(fbs[1].bottom, bottomSplashFile, SCREEN_BOTTOM_FBSIZE) == SCREEN_BOTTOM_FBSIZE;
 
-    chrono(3);
+    if(!isTopSplashValid && !isBottomSplashValid) return false;
+
+    swapFramebuffers(true);
+    wait(3000ULL);
 
     return true;
 }
 
-void drawCharacter(char character, int posX, int posY, u32 color)
+void drawCharacter(bool isTopScreen, u32 posX, u32 posY, u32 color, char character)
 {
-    u8 *const select = fb->top_left;
+    u8 *select = isTopScreen ? fbs[0].top_left : fbs[0].bottom;
 
-    for(int y = 0; y < 8; y++)
+    for(u32 y = 0; y < 8; y++)
     {
         char charPos = font[character * 8 + y];
 
-        for(int x = 7; x >= 0; x--)
-            if ((charPos >> x) & 1)
+        for(u32 x = 0; x < 8; x++)
+            if(((charPos >> (7 - x)) & 1) == 1)
             {
-                int screenPos = (posX * SCREEN_TOP_HEIGHT * 3 + (SCREEN_TOP_HEIGHT - y - posY - 1) * 3) + (7 - x) * 3 * SCREEN_TOP_HEIGHT;
+                u32 screenPos = (posX * SCREEN_HEIGHT * 3 + (SCREEN_HEIGHT - y - posY - 1) * 3) + x * 3 * SCREEN_HEIGHT;
 
                 select[screenPos] = color >> 16;
                 select[screenPos + 1] = color >> 8;
@@ -76,26 +78,45 @@ void drawCharacter(char character, int posX, int posY, u32 color)
     }
 }
 
-int drawString(const char *string, int posX, int posY, u32 color)
+u32 drawString(bool isTopScreen, u32 posX, u32 posY, u32 color, const char *string)
 {
-    for(int i = 0, line_i = 0; i < strlen(string); i++, line_i++)
-    {
-        if(string[i] == '\n')
+    for(u32 i = 0, line_i = 0; i < strlen(string); i++)
+        switch(string[i])
         {
-            posY += SPACING_Y;
-            line_i = 0;
-            i++;
-        }
-        else if(line_i >= (SCREEN_TOP_WIDTH - posX) / SPACING_X)
-        {
-            // Make sure we never get out of the screen.
-            posY += SPACING_Y;
-            line_i = 2; //Little offset so we know the same string continues.
-            if(string[i] == ' ') i++; //Spaces at the start look weird
-        }
+            case '\n':
+                posY += SPACING_Y;
+                line_i = 0;
+                break;
 
-        drawCharacter(string[i], posX + line_i * SPACING_X, posY, color);
-    }
+            case '\t':
+                line_i += 2;
+                break;
+
+            default:
+                //Make sure we never get out of the screen
+                if(line_i >= ((isTopScreen ? SCREEN_TOP_WIDTH : SCREEN_BOTTOM_WIDTH) - posX) / SPACING_X)
+                {
+                    posY += SPACING_Y;
+                    line_i = 1; //Little offset so we know the same string continues
+                    if(string[i] == ' ') break; //Spaces at the start look weird
+                }
+
+                drawCharacter(isTopScreen, posX + line_i * SPACING_X, posY, color, string[i]);
+
+                line_i++;
+                break;
+        }
 
     return posY;
-}
+}
+
+u32 drawFormattedString(bool isTopScreen, u32 posX, u32 posY, u32 color, const char *fmt, ...)
+{
+    char buf[DRAW_MAX_FORMATTED_STRING_SIZE + 1];
+    va_list args;
+    va_start(args, fmt);
+    vsprintf(buf, fmt, args);
+    va_end(args);
+
+    return drawString(isTopScreen, posX, posY, color, buf);
+}

source/draw.h

@@ -29,17 +29,18 @@
 
 #include "types.h"
 
-#define SCREEN_TOP_WIDTH  400
-#define SCREEN_TOP_HEIGHT 240
-
 #define SPACING_Y 10
 #define SPACING_X 8
 
-#define COLOR_TITLE 0xFF9900
-#define COLOR_WHITE 0xFFFFFF
-#define COLOR_RED   0x0000FF
-#define COLOR_BLACK 0x000000
+#define COLOR_TITLE  0xFF9900
+#define COLOR_WHITE  0xFFFFFF
+#define COLOR_RED    0x0000FF
+#define COLOR_BLACK  0x000000
+#define COLOR_YELLOW 0x00FFFF
+
+#define DRAW_MAX_FORMATTED_STRING_SIZE  512
 
 bool loadSplash(void);
-void drawCharacter(char character, int posX, int posY, u32 color);
-int drawString(const char *string, int posX, int posY, u32 color);
+void drawCharacter(bool isTopScreen, u32 posX, u32 posY, u32 color, char character);
+u32 drawString(bool isTopScreen, u32 posX, u32 posY, u32 color, const char *string);
+u32 drawFormattedString(bool isTopScreen, u32 posX, u32 posY, u32 color, const char *fmt, ...);

source/emunand.c

@@ -20,113 +20,176 @@
 *   Notices displayed by works containing it.
 */
 
+/*
+*   Code for locating the SDMMC struct by Normmatt
+*/
+
 #include "emunand.h"
 #include "memory.h"
 #include "fatfs/sdmmc/sdmmc.h"
-#include "../build/emunandpatch.h"
+#include "../build/bundled.h"
 
-void locateEmuNAND(u32 *off, u32 *head, FirmwareSource *emuNAND)
+u32 emuOffset;
+
+void locateEmuNand(u32 *emuHeader, FirmwareSource *nandType)
 {
-    static u8 temp[0x200];
+    static u8 __attribute__((aligned(4))) temp[0x200];
+    static u32 nandSize = 0,
+               fatStart;
 
-    const u32 nandSize = getMMCDevice(0)->total_size;
-    u32 nandOffset = *emuNAND == FIRMWARE_EMUNAND ? 0 :
-                                  (nandSize > 0x200000 ? 0x400000 : 0x200000);
-
-    //Check for RedNAND
-    if(!sdmmc_sdcard_readsectors(nandOffset + 1, 1, temp) &&
-       *(u32 *)(temp + 0x100) == NCSD_MAGIC)
+    if(!nandSize)
     {
-        *off = nandOffset + 1;
-        *head = nandOffset + 1;
+        nandSize = getMMCDevice(0)->total_size;
+        sdmmc_sdcard_readsectors(0, 1, temp);
+        fatStart = *(u32 *)(temp + 0x1C6); //First sector of the FAT partition
     }
 
-    //Check for Gateway emuNAND
-    else if(!sdmmc_sdcard_readsectors(nandOffset + nandSize, 1, temp) &&
-            *(u32 *)(temp + 0x100) == NCSD_MAGIC)
+    for(u32 i = 0; i < 3; i++)
     {
-        *off = nandOffset;
-        *head = nandOffset + nandSize;
+        static const u32 roundedMinsizes[] = {0x1D8000, 0x26E000};
+
+        u32 nandOffset;
+        switch(i)
+        {
+            case 1:
+                nandOffset = ROUND_TO_4MB(nandSize + 1); //"Default" layout
+                break;
+            case 2:
+                nandOffset = roundedMinsizes[ISN3DS ? 1 : 0]; //"Minsize" layout
+                break;
+            case 0:
+                nandOffset = *nandType == FIRMWARE_EMUNAND ? 0 : (nandSize > 0x200000 ? 0x400000 : 0x200000); //"Legacy" layout
+                break;
+        }
+
+        if(*nandType != FIRMWARE_EMUNAND) nandOffset *= ((u32)*nandType - 1);
+
+        if(fatStart >= nandOffset + roundedMinsizes[ISN3DS ? 1 : 0])
+        {
+            //Check for RedNAND
+            if(!sdmmc_sdcard_readsectors(nandOffset + 1, 1, temp) && memcmp(temp + 0x100, "NCSD", 4) == 0)
+            {
+                emuOffset = nandOffset + 1;
+                *emuHeader = nandOffset + 1;
+                return;
+            }
+
+            //Check for Gateway EmuNAND
+            else if(i != 2 && !sdmmc_sdcard_readsectors(nandOffset + nandSize, 1, temp) && memcmp(temp + 0x100, "NCSD", 4) == 0)
+            {
+                emuOffset = nandOffset;
+                *emuHeader = nandOffset + nandSize;
+                return;
+            }
+        }
+
+        if(*nandType == FIRMWARE_EMUNAND) break;
     }
 
-    /* Fallback to the first emuNAND if there's no second one,
-       or to SysNAND if there isn't any */
-    else
+    //Fallback to the first EmuNAND if there's no second/third/fourth one, or to SysNAND if there isn't any
+    if(*nandType != FIRMWARE_EMUNAND)
     {
-        *emuNAND = (*emuNAND == FIRMWARE_EMUNAND2) ? FIRMWARE_EMUNAND : FIRMWARE_SYSNAND;
-        if(*emuNAND) locateEmuNAND(off, head, emuNAND);
+        *nandType = FIRMWARE_EMUNAND;
+        locateEmuNand(emuHeader, nandType);
     }
+    else *nandType = FIRMWARE_SYSNAND;
 }
 
-static inline void *getEmuCode(u8 *pos, u32 size)
+static inline bool getFreeK9Space(u8 *pos, u32 size, u8 **freeK9Space)
 {
     const u8 pattern[] = {0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0x00};
 
     //Looking for the last free space before Process9
-    return memsearch(pos + 0x13500, pattern, size - 0x13500, 6) + 0x455;
+    *freeK9Space = memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(*freeK9Space == NULL) return false;
+
+    *freeK9Space += 0x455;
+
+    return true;
 }
 
-static inline u32 getSDMMC(u8 *pos, u32 size)
+static inline u32 getSdmmc(u8 *pos, u32 size, u32 *sdmmc)
 {
     //Look for struct code
     const u8 pattern[] = {0x21, 0x20, 0x18, 0x20};
-    const u8 *off = memsearch(pos, pattern, size, 4);
 
-    return *(u32 *)(off + 9) + *(u32 *)(off + 0xD);
+    const u8 *off = memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(off == NULL) return 1;
+
+    *sdmmc = *(u32 *)(off + 9) + *(u32 *)(off + 0xD);
+
+    return 0;
 }
 
-static inline void patchNANDRW(u8 *pos, u32 size, u32 branchOffset)
+static inline u32 patchNandRw(u8 *pos, u32 size, u32 branchOffset)
 {
-    const u16 nandRedir[2] = {0x4C00, 0x47A0};
-
     //Look for read/write code
     const u8 pattern[] = {0x1E, 0x00, 0xC8, 0x05};
 
-    u16 *readOffset = (u16 *)memsearch(pos, pattern, size, 4) - 3,
-        *writeOffset = (u16 *)memsearch((u8 *)(readOffset + 5), pattern, 0x100, 4) - 3;
+    u16 *readOffset = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
 
-    *readOffset = nandRedir[0];
-    readOffset[1] = nandRedir[1];
-    ((u32 *)readOffset)[1] = branchOffset;
-    *writeOffset = nandRedir[0];
-    writeOffset[1] = nandRedir[1];
-    ((u32 *)writeOffset)[1] = branchOffset;
+    if(readOffset == NULL) return 1;
+
+    readOffset -= 3;
+
+    u16 *writeOffset = (u16 *)memsearch((u8 *)(readOffset + 5), pattern, 0x100, sizeof(pattern));
+
+    if(writeOffset == NULL) return 1;
+
+    writeOffset -= 3;
+    *readOffset = *writeOffset = 0x4C00;
+    readOffset[1] = writeOffset[1] = 0x47A0;
+    ((u32 *)writeOffset)[1] = ((u32 *)readOffset)[1] = branchOffset;
+
+    return 0;
 }
 
-static inline void patchMPU(u8 *pos, u32 size)
+static inline u32 patchMpu(u8 *pos, u32 size)
 {
-    const u32 mpuPatch[3] = {0x00360003, 0x00200603, 0x001C0603};
-
     //Look for MPU pattern
     const u8 pattern[] = {0x03, 0x00, 0x24, 0x00};
 
-    u32 *off = (u32 *)memsearch(pos, pattern, size, 4);
+    u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
 
-    off[0] = mpuPatch[0];
-    off[6] = mpuPatch[1];
-    off[9] = mpuPatch[2];
+    if(off == NULL) return 1;
+
+    off[1] = 0x0036;
+    off[0xC] = off[0x12] = 0x0603;
+
+    return 0;
 }
 
-void patchEmuNAND(u8 *arm9Section, u32 arm9SectionSize, u8 *process9Offset, u32 process9Size, u32 emuOffset, u32 emuHeader, u32 branchAdditive)
+u32 patchEmuNand(u8 *arm9Section, u32 kernel9Size, u8 *process9Offset, u32 process9Size, u32 emuHeader, u8 *kernel9Address)
 {
-    //Copy emuNAND code
-    void *emuCodeOffset = getEmuCode(arm9Section, arm9SectionSize);
-    memcpy(emuCodeOffset, emunand, emunand_size);
+    u8 *freeK9Space;
 
-    //Add the data of the found emuNAND
-    u32 *pos_offset = (u32 *)memsearch(emuCodeOffset, "NAND", emunand_size, 4),
-        *pos_header = (u32 *)memsearch(emuCodeOffset, "NCSD", emunand_size, 4);
-    *pos_offset = emuOffset;
-    *pos_header = emuHeader;
+    if(!getFreeK9Space(arm9Section, kernel9Size, &freeK9Space)) return 1;
+
+    u32 ret = 0;
+
+    //Copy EmuNAND code
+    memcpy(freeK9Space, emunand_bin, emunand_bin_size);
+
+    //Add the data of the found EmuNAND
+    u32 *posOffset = (u32 *)memsearch(freeK9Space, "NAND", emunand_bin_size, 4),
+        *posHeader = (u32 *)memsearch(freeK9Space, "NCSD", emunand_bin_size, 4);
+    *posOffset = emuOffset;
+    *posHeader = emuHeader;
 
     //Find and add the SDMMC struct
-    u32 *pos_sdmmc = (u32 *)memsearch(emuCodeOffset, "SDMC", emunand_size, 4);
-    *pos_sdmmc = getSDMMC(process9Offset, process9Size);
+    u32 *posSdmmc = (u32 *)memsearch(freeK9Space, "SDMC", emunand_bin_size, 4);
+    u32 sdmmc;
+    ret += getSdmmc(process9Offset, process9Size, &sdmmc);
+    if(!ret) *posSdmmc = sdmmc;
 
-    //Add emuNAND hooks
-    u32 branchOffset = (u32)emuCodeOffset - branchAdditive;
-    patchNANDRW(process9Offset, process9Size, branchOffset);
+    //Add EmuNAND hooks
+    u32 branchOffset = (u32)(freeK9Space - arm9Section + kernel9Address);
+    ret += patchNandRw(process9Offset, process9Size, branchOffset);
 
-    //Set MPU for emu code region
-    patchMPU(arm9Section, arm9SectionSize);
+    //Set MPU
+    ret += patchMpu(arm9Section, kernel9Size);
+
+    return ret;
 }

source/emunand.h

@@ -20,11 +20,15 @@
 *   Notices displayed by works containing it.
 */
 
+/*
+*   Code for locating the SDMMC struct by Normmatt
+*/
+
 #pragma once
 
 #include "types.h"
 
-#define NCSD_MAGIC 0x4453434E
+#define ROUND_TO_4MB(a) (((a) + 0x2000 - 1) & (~(0x2000 - 1)))
 
-void locateEmuNAND(u32 *off, u32 *head, FirmwareSource *emuNAND);
-void patchEmuNAND(u8 *arm9Section, u32 arm9SectionSize, u8 *process9Offset, u32 process9Size, u32 emuOffset, u32 emuHeader, u32 branchAdditive);
+void locateEmuNand(u32 *emuHeader, FirmwareSource *nandType);
+u32 patchEmuNand(u8 *arm9Section, u32 kernel9Size, u8 *process9Offset, u32 process9Size, u32 emuHeader, u8 *kernel9Address);

source/exceptions.c

@@ -0,0 +1,212 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#include "exceptions.h"
+#include "fs.h"
+#include "strings.h"
+#include "memory.h"
+#include "screen.h"
+#include "draw.h"
+#include "utils.h"
+#include "fmt.h"
+#include "../build/bundled.h"
+
+void installArm9Handlers(void)
+{
+    memcpy((void *)0x01FF8000, arm9_exceptions_bin + 32, arm9_exceptions_bin_size - 32);
+
+    /* IRQHandler is at 0x08000000, but we won't handle it for some reasons
+       svcHandler is at 0x08000010, but we won't handle svc either */
+
+    const u32 offsets[] = {0x08, 0x18, 0x20, 0x28};
+
+    for(u32 i = 0; i < 4; i++)
+    {
+        *(vu32 *)(0x08000000 + offsets[i]) = 0xE51FF004;
+        *(vu32 *)(0x08000000 + offsets[i] + 4) = *((u32 *)arm9_exceptions_bin + 1 + i);
+    }
+}
+
+u32 installArm11Handlers(u32 *exceptionsPage, u32 stackAddress, u32 codeSetOffset, u32 *dAbtHandler, u32 dAbtHandlerMemAddress)
+{
+    u32 *endPos = exceptionsPage + 0x400;
+
+    u32 *initFPU;
+    for(initFPU = exceptionsPage; initFPU < endPos && *initFPU != 0xE1A0D002; initFPU++);
+
+    u32 *freeSpace;
+    for(freeSpace = initFPU; freeSpace < endPos && *freeSpace != 0xFFFFFFFF; freeSpace++);
+
+    u32 *mcuReboot;
+    for(mcuReboot = exceptionsPage; mcuReboot < endPos && *mcuReboot != 0xE3A0A0C2; mcuReboot++);
+
+    if(initFPU == endPos || freeSpace == endPos || mcuReboot == endPos || *(u32 *)((u8 *)freeSpace + arm11_exceptions_bin_size - 36) != 0xFFFFFFFF) return 1;
+
+    initFPU += 3;
+    mcuReboot -= 2;
+
+    memcpy(freeSpace, arm11_exceptions_bin + 32, arm11_exceptions_bin_size - 32);
+
+    exceptionsPage[1] = MAKE_BRANCH(exceptionsPage + 1, (u8 *)freeSpace + *(u32 *)(arm11_exceptions_bin + 8)  - 32); //Undefined Instruction
+    exceptionsPage[3] = MAKE_BRANCH(exceptionsPage + 3, (u8 *)freeSpace + *(u32 *)(arm11_exceptions_bin + 12) - 32); //Prefetch Abort
+    exceptionsPage[7] = MAKE_BRANCH(exceptionsPage + 7, (u8 *)freeSpace + *(u32 *)(arm11_exceptions_bin + 4)  - 32); //FIQ
+
+    for(u32 *pos = dAbtHandler; *pos != stackAddress; pos++)
+    {
+        u32 va_dst = 0xFFFF0000 + (((u8 *)freeSpace + *(u32 *)(arm11_exceptions_bin + 4)) - (u8 *)exceptionsPage);
+        u32 va_src;
+        switch(*pos)
+        {
+            case 0xF96D0513: //srsdb sp!, 0x13
+                va_src = dAbtHandlerMemAddress +  ((u8 *)pos - (u8 *)dAbtHandler);
+                *pos = MAKE_BRANCH((u8 *)va_src, (u8 *)va_dst);
+                break;
+           case 0xE29EF004: //subs pc, lr, 4
+                pos++;
+                *pos++ = 0xE8BD000F;// pop {r0-r3}
+                va_src = dAbtHandlerMemAddress +  ((u8 *)pos - (u8 *)dAbtHandler);
+                *pos = MAKE_BRANCH((u8 *)va_src, (u8 *)va_dst);
+                break;
+        }
+    }
+
+
+    for(u32 *pos = freeSpace; pos < (u32 *)((u8 *)freeSpace + arm11_exceptions_bin_size - 32); pos++)
+    {
+        switch(*pos) //Perform relocations
+        {
+            case 0xFFFF3000: *pos = stackAddress - 0x10; break;
+            case 0xEBFFFFFE: *pos = MAKE_BRANCH_LINK(pos, initFPU); break;
+            case 0xEAFFFFFE: *pos = MAKE_BRANCH(pos, mcuReboot); break;
+            case 0xE12FFF1C: pos[1] = 0xFFFF0000 + 4 * (u32)(freeSpace - exceptionsPage) + pos[1] - 32; break; //bx r12 (mainHandler)
+            case 0xBEEFBEEF: *pos = codeSetOffset; break;
+        }
+    }
+
+    return 0;
+}
+
+void detectAndProcessExceptionDumps(void)
+{
+    volatile ExceptionDumpHeader *dumpHeader = (volatile ExceptionDumpHeader *)0x25000000;
+
+    if(dumpHeader->magic[0] != 0xDEADC0DE || dumpHeader->magic[1] != 0xDEADCAFE || (dumpHeader->processor != 9 && dumpHeader->processor != 11)) return;
+
+    const vu32 *regs = (vu32 *)((vu8 *)dumpHeader + sizeof(ExceptionDumpHeader));
+    const vu8 *stackDump = (vu8 *)regs + dumpHeader->registerDumpSize + dumpHeader->codeDumpSize;
+    const vu8 *additionalData = stackDump + dumpHeader->stackDumpSize;
+
+    const char *handledExceptionNames[] = {
+        "FIQ", "undefined instruction", "prefetch abort", "data abort"
+    };
+
+    const char *specialExceptions[] = {
+        "kernel panic", "svcBreak"
+    };
+
+    const char *registerNames[] = {
+        "R0", "R1", "R2", "R3", "R4", "R5", "R6", "R7", "R8", "R9", "R10", "R11", "R12",
+        "SP", "LR", "PC", "CPSR", "FPEXC"
+    };
+
+    initScreens();
+
+    drawString(true, 10, 10, COLOR_RED, "An exception occurred");
+    u32 posY;
+    if(dumpHeader->processor == 11) posY = drawFormattedString(true, 10, 30, COLOR_WHITE, "Processor:       ARM11 (core %u)", dumpHeader->core);
+    else posY = drawString(true, 10, 30, COLOR_WHITE, "Processor:       ARM9"); 
+
+    if(dumpHeader->type == 2)
+    {
+        if((regs[16] & 0x20) == 0 && dumpHeader->codeDumpSize >= 4)
+        {
+            u32 instr = *(vu32 *)(stackDump - 4);
+            if(instr == 0xE12FFF7E)
+                posY = drawFormattedString(true, 10, posY + SPACING_Y, COLOR_WHITE, "Exception type:  %s (%s)", handledExceptionNames[dumpHeader->type], specialExceptions[0]);
+            else if(instr == 0xEF00003C)
+                posY = drawFormattedString(true, 10, posY + SPACING_Y, COLOR_WHITE, "Exception type:  %s (%s)", handledExceptionNames[dumpHeader->type], specialExceptions[1]);
+            else
+                posY = drawFormattedString(true, 10, posY + SPACING_Y, COLOR_WHITE, "Exception type:  %s", handledExceptionNames[dumpHeader->type]);
+        }
+        else if((regs[16] & 0x20) != 0 && dumpHeader->codeDumpSize >= 2)
+        {
+            u16 instr = *(vu16 *)(stackDump - 2);
+            if(instr == 0xDF3C)
+                posY = drawFormattedString(true, 10, posY + SPACING_Y, COLOR_WHITE, "Exception type:  %s (%s)", handledExceptionNames[dumpHeader->type], specialExceptions[0]);
+            else
+                posY = drawFormattedString(true, 10, posY + SPACING_Y, COLOR_WHITE, "Exception type:  %s", handledExceptionNames[dumpHeader->type]);
+        }
+    }
+    else
+        posY = drawFormattedString(true, 10, posY + SPACING_Y, COLOR_WHITE, "Exception type:  %s", handledExceptionNames[dumpHeader->type]);
+
+    if(dumpHeader->processor == 11 && dumpHeader->additionalDataSize != 0)
+        posY = drawFormattedString(true, 10, posY + SPACING_Y, COLOR_WHITE,
+                                   "Current process: %.8s (%016llX)", (const char *)additionalData, *(vu64 *)(additionalData + 8));
+    posY += SPACING_Y;
+
+    for(u32 i = 0; i < 17; i += 2)
+    {
+        posY = drawFormattedString(true, 10, posY + SPACING_Y, COLOR_WHITE, "%-7s%08X", registerNames[i], regs[i]);
+
+        if(i != 16 || dumpHeader->processor != 9)
+            posY = drawFormattedString(true, 10 + 22 * SPACING_X, posY, COLOR_WHITE, "%-7s%08X", registerNames[i + 1], regs[i + 1]);
+    }
+
+    posY += SPACING_Y;
+
+    u32 mode = regs[16] & 0xF;
+    if(dumpHeader->type == 3 && (mode == 7 || mode == 11))
+        posY = drawString(true, 10, posY + SPACING_Y, COLOR_YELLOW, "Incorrect dump: failed to dump code and/or stack") + SPACING_Y;
+
+    u32 posYBottom = drawString(false, 10, 10, COLOR_WHITE, "Stack dump:") + SPACING_Y;
+
+    for(u32 line = 0; line < 19 && stackDump < additionalData; line++)
+    {
+        posYBottom = drawFormattedString(false, 10, posYBottom + SPACING_Y, COLOR_WHITE, "%08X:", regs[13] + 8 * line);
+
+        for(u32 i = 0; i < 8 && stackDump < additionalData; i++, stackDump++)
+            drawFormattedString(false, 10 + 10 * SPACING_X + 3 * i * SPACING_X, posYBottom, COLOR_WHITE, "%02X", *stackDump);
+    }
+
+    char folderPath[12],
+         path[36],
+         fileName[24];
+
+    sprintf(folderPath, "dumps/arm%u", dumpHeader->processor);
+    findDumpFile(folderPath, fileName);
+    sprintf(path, "%s/%s", folderPath, fileName);
+
+    if(fileWrite((void *)dumpHeader, path, dumpHeader->totalSize))
+    {
+        posY = drawString(true, 10, posY + SPACING_Y, COLOR_WHITE, "You can find a dump in the following file:");
+        posY = drawString(true, 10, posY + SPACING_Y, COLOR_WHITE, path) + SPACING_Y;
+    }
+    else posY = drawString(true, 10, posY + SPACING_Y, COLOR_RED, "Error writing the dump file");
+
+    drawString(true, 10, posY + SPACING_Y, COLOR_WHITE, "Press any button to shutdown");
+
+    memset32((void *)dumpHeader, 0, dumpHeader->totalSize);
+
+    waitInput(false);
+    mcuPowerOff();
+}

source/exceptions.h

@@ -0,0 +1,32 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#pragma once
+
+#include "types.h"
+
+#define MAKE_BRANCH(src,dst)      (0xEA000000 | ((u32)((((u8 *)(dst) - (u8 *)(src)) >> 2) - 2) & 0xFFFFFF))
+#define MAKE_BRANCH_LINK(src,dst) (0xEB000000 | ((u32)((((u8 *)(dst) - (u8 *)(src)) >> 2) - 2) & 0xFFFFFF))
+
+void installArm9Handlers(void);
+u32 installArm11Handlers(u32 *exceptionsPage, u32 stackAddress, u32 codeSetOffset, u32 *dAbtHandler, u32 dAbtHandlerMemAddress);
+void detectAndProcessExceptionDumps(void);

source/fatfs/00history.txt

@@ -212,7 +212,7 @@ R0.10a (January 15, 2014)
 R0.10b (May 19, 2014)
 
   Fixed a hard error in the disk I/O layer can collapse the directory entry.
-  Fixed LFN entry is not deleted on delete/rename an object with lossy converted SFN. (appeared at R0.07)
+  Fixed LFN entry is not deleted when delete/rename an object with lossy converted SFN. (appeared at R0.07)
 
 
 
@@ -260,8 +260,29 @@ R0.12a (July 10, 2016)
   Added support for creating exFAT volume with some changes of f_mkfs().
   Added a file open method FA_OPEN_APPEND. An f_lseek() following f_open() is no longer needed.
   f_forward() is available regardless of _FS_TINY.
-  Fixed f_mkfs() creates wrong volume.
+  Fixed f_mkfs() creates wrong volume. (appeared at R0.12)
+  Fixed wrong memory read in create_name(). (appeared at R0.12)
   Fixed compilation fails at some configurations, _USE_FASTSEEK and _USE_FORWARD.
-  Fixed wrong memory read in create_name().
 
 
+
+R0.12b (September 04, 2016)
+
+  Made f_rename() be able to rename objects with the same name but case.
+  Fixed an error in the case conversion teble of code page 866. (ff.c)
+  Fixed writing data is truncated at the file offset 4GiB on the exFAT volume. (appeared at R0.12)
+  Fixed creating a file in the root directory of exFAT volume can fail. (appeared at R0.12)
+  Fixed f_mkfs() creating exFAT volume with too small cluster size can collapse unallocated memory. (appeared at R0.12)
+  Fixed wrong object name can be returned when read directory at Unicode cfg. (appeared at R0.12)
+  Fixed large file allocation/removing on the exFAT volume collapses allocation bitmap. (appeared at R0.12)
+  Fixed some internal errors in f_expand() and f_lseek(). (appeared at R0.12)
+
+
+
+R0.12c (March 04, 2017)
+
+  Improved write throughput at the fragmented file on the exFAT volume.
+  Made memory usage for exFAT be able to be reduced as decreasing _MAX_LFN.
+  Fixed successive f_getfree() can return wrong count on the FAT12/16 volume. (appeared at R0.12)
+  Fixed configuration option _VOLUMES cannot be set 10. (appeared at R0.10c)
+

source/fatfs/00readme.txt

@@ -1,21 +1,21 @@
-FatFs Module Source Files R0.12a
+FatFs Module Source Files R0.12c
 
 
 FILES
 
-  00readme.txt This file.
-  history.txt  Revision history.
-  ffconf.h     Configuration file for FatFs module.
-  ff.h         Common include file for FatFs and application module.
-  ff.c         FatFs module.
-  diskio.h     Common include file for FatFs and disk I/O module.
-  diskio.c     An example of glue function to attach existing disk I/O module to FatFs.
-  integer.h    Integer type definitions for FatFs.
-  option       Optional external functions.
+  00readme.txt   This file.
+  00history.txt  Revision history.
+  ff.c           FatFs module.
+  ffconf.h       Configuration file of FatFs module.
+  ff.h           Common include file for FatFs and application module.
+  diskio.h       Common include file for FatFs and disk I/O module.
+  diskio.c       An example of glue function to attach existing disk I/O module to FatFs.
+  integer.h      Integer type definitions for FatFs.
+  option         Optional external modules.
 
 
   Low level disk I/O module is not included in this archive because the FatFs
-  module is only a generic file system layer and not depend on any specific
-  storage device. You have to provide a low level disk I/O module that written
-  to control the target storage device.
+  module is only a generic file system layer and it does not depend on any specific
+  storage device. You have to provide a low level disk I/O module written to
+  control the storage device that attached to the target system.
 

source/fatfs/diskio.c

@@ -37,17 +37,23 @@ DSTATUS disk_initialize (
 	BYTE pdrv				/* Physical drive nmuber to identify the drive */
 )
 {
-        switch(pdrv)
-        {
-            case SDCARD:
-                sdmmc_sdcard_init();
-                break;
-            case CTRNAND:
-                ctrNandInit();
-                break;
-        }
+        DSTATUS ret;
+        static u32 sdmmcInitResult = 4;
 
-	return RES_OK;
+        if(sdmmcInitResult == 4) sdmmcInitResult = sdmmc_sdcard_init();
+
+        if(pdrv == CTRNAND)
+        {
+            if(!(sdmmcInitResult & 1))
+            {
+                ctrNandInit();
+                ret = 0;
+            }
+            else ret = STA_NOINIT;
+        }
+        else ret = (!(sdmmcInitResult & 2)) ? 0 : STA_NOINIT;
+
+	return ret;
 }
 
 
@@ -63,19 +69,8 @@ DRESULT disk_read (
 	UINT count		/* Number of sectors to read */
 )
 {
-        switch(pdrv)
-        {
-            case SDCARD:
-                if(sdmmc_sdcard_readsectors(sector, count, (BYTE *)buff))
-		    return RES_PARERR;
-                break;
-            case CTRNAND:
-                if(ctrNandRead(sector, count, (BYTE *)buff))
-		    return RES_PARERR;
-                break;
-        }
-
-        return RES_OK;
+        return ((pdrv == SDCARD && !sdmmc_sdcard_readsectors(sector, count, buff)) ||
+                (pdrv == CTRNAND && !ctrNandRead(sector, count, buff))) ? RES_OK : RES_PARERR;
 }
 
 
@@ -92,10 +87,8 @@ DRESULT disk_write (
 	UINT count			/* Number of sectors to write */
 )
 {
-        if(pdrv == SDCARD && sdmmc_sdcard_writesectors(sector, count, (BYTE *)buff))
-            return RES_PARERR;
-
-        return RES_OK;
+        return ((pdrv == SDCARD && !sdmmc_sdcard_writesectors(sector, count, buff)) ||
+                (pdrv == CTRNAND && !ctrNandWrite(sector, count, buff))) ? RES_OK : RES_PARERR;
 }
 #endif
 

source/fatfs/ff.h

@@ -1,8 +1,8 @@
 /*----------------------------------------------------------------------------/
-/  FatFs - Generic FAT file system module  R0.12a                             /
+/  FatFs - Generic FAT file system module  R0.12c                             /
 /-----------------------------------------------------------------------------/
 /
-/ Copyright (C) 2016, ChaN, all right reserved.
+/ Copyright (C) 2017, ChaN, all right reserved.
 /
 / FatFs module is an open source software. Redistribution and use of FatFs in
 / source and binary forms, with or without modification, are permitted provided
@@ -19,7 +19,7 @@
 
 
 #ifndef _FATFS
-#define _FATFS	80186	/* Revision ID */
+#define _FATFS	68300	/* Revision ID */
 
 #ifdef __cplusplus
 extern "C" {
@@ -42,13 +42,6 @@ typedef struct {
 	BYTE pt;	/* Partition: 0:Auto detect, 1-4:Forced partition) */
 } PARTITION;
 extern PARTITION VolToPart[];	/* Volume - Partition resolution table */
-#define LD2PD(vol) (VolToPart[vol].pd)	/* Get physical drive number */
-#define LD2PT(vol) (VolToPart[vol].pt)	/* Get partition index */
-
-#else							/* Single partition configuration */
-#define LD2PD(vol) (BYTE)(vol)	/* Each logical drive is bound to the same physical drive number */
-#define LD2PT(vol) 0			/* Find first valid partition or in SFD */
-
 #endif
 
 
@@ -140,14 +133,15 @@ typedef struct {
 	FATFS*	fs;			/* Pointer to the owner file system object */
 	WORD	id;			/* Owner file system mount ID */
 	BYTE	attr;		/* Object attribute */
-	BYTE	stat;		/* Object chain status (b1-0: =0:not contiguous, =2:contiguous (no data on FAT), =3:got flagmented, b2:sub-directory stretched) */
+	BYTE	stat;		/* Object chain status (b1-0: =0:not contiguous, =2:contiguous (no data on FAT), =3:flagmented in this session, b2:sub-directory stretched) */
 	DWORD	sclust;		/* Object start cluster (0:no cluster or root directory) */
 	FSIZE_t	objsize;	/* Object size (valid when sclust != 0) */
 #if _FS_EXFAT
-	DWORD	n_cont;		/* Size of coutiguous part, clusters - 1 (valid when stat == 3) */
+	DWORD	n_cont;		/* Size of first fragment, clusters - 1 (valid when stat == 3) */
+	DWORD	n_frag;		/* Size of last fragment needs to be written (valid when not zero) */
 	DWORD	c_scl;		/* Containing directory start cluster (valid when sclust != 0) */
 	DWORD	c_size;		/* b31-b8:Size of containing directory, b7-b0: Chain status (valid when c_scl != 0) */
-	DWORD	c_ofs;		/* Offset in the containing directory (valid when sclust != 0) */
+	DWORD	c_ofs;		/* Offset in the containing directory (valid when sclust != 0 and non-directory object) */
 #endif
 #if _FS_LOCK != 0
 	UINT	lockid;		/* File lock ID origin from 1 (index of file semaphore table Files[]) */
@@ -159,11 +153,11 @@ typedef struct {
 /* File object structure (FIL) */
 
 typedef struct {
-	_FDID	obj;			/* Object identifier */
+	_FDID	obj;			/* Object identifier (must be the 1st member to detect invalid object pointer) */
 	BYTE	flag;			/* File status flags */
 	BYTE	err;			/* Abort flag (error code) */
 	FSIZE_t	fptr;			/* File read/write pointer (Zeroed on file open) */
-	DWORD	clust;			/* Current cluster of fpter (invalid when fprt is 0) */
+	DWORD	clust;			/* Current cluster of fpter (invalid when fptr is 0) */
 	DWORD	sect;			/* Sector number appearing in buf[] (0:invalid) */
 #if !_FS_READONLY
 	DWORD	dir_sect;		/* Sector number containing the directory entry */
@@ -185,7 +179,7 @@ typedef struct {
 	_FDID	obj;			/* Object identifier */
 	DWORD	dptr;			/* Current read/write offset */
 	DWORD	clust;			/* Current cluster */
-	DWORD	sect;			/* Current sector */
+	DWORD	sect;			/* Current sector (0:Read operation has terminated) */
 	BYTE*	dir;			/* Pointer to the directory item in the win[] */
 	BYTE	fn[12];			/* SFN (in/out) {body[8],ext[3],status[1]} */
 #if _USE_LFN != 0
@@ -285,6 +279,7 @@ TCHAR* f_gets (TCHAR* buff, int len, FIL* fp);						/* Get a string from the fil
 #define f_size(fp) ((fp)->obj.objsize)
 #define f_rewind(fp) f_lseek((fp), 0)
 #define f_rewinddir(dp) f_readdir((dp), 0)
+#define f_rmdir(path) f_unlink(path)
 
 #ifndef EOF
 #define EOF (-1)

source/fatfs/ffconf.h

@@ -2,7 +2,7 @@
 /  FatFs - FAT file system module configuration file
 /---------------------------------------------------------------------------*/
 
-#define _FFCONF 80186	/* Revision ID */
+#define _FFCONF 68300	/* Revision ID */
 
 /*---------------------------------------------------------------------------/
 / Function Configurations
@@ -73,7 +73,7 @@
 /* This option specifies the OEM code page to be used on the target system.
 /  Incorrect setting of the code page can cause a file open failure.
 /
-/   1   - ASCII (No extended character. Non-LFN cfg. only)
+/   1   - ASCII (No support of extended character. Non-LFN cfg. only)
 /   437 - U.S.
 /   720 - Arabic
 /   737 - Greek
@@ -134,7 +134,7 @@
 /  This option has no effect when _LFN_UNICODE == 0. */
 
 
-#define _FS_RPATH	0
+#define _FS_RPATH	1
 /* This option configures support of relative path.
 /
 /   0: Disable relative path and remove related functions.
@@ -148,7 +148,7 @@
 /---------------------------------------------------------------------------*/
 
 #define _VOLUMES	2
-/* Number of volumes (logical drives) to be used. */
+/* Number of volumes (logical drives) to be used. (1-10) */
 
 
 #define _STR_VOLUME_ID	0
@@ -172,11 +172,11 @@
 #define	_MIN_SS		512
 #define	_MAX_SS		512
 /* These options configure the range of sector size to be supported. (512, 1024,
-/  2048 or 4096) Always set both 512 for most systems, all type of memory cards and
+/  2048 or 4096) Always set both 512 for most systems, generic memory card and
 /  harddisk. But a larger value may be required for on-board flash memory and some
 /  type of optical media. When _MAX_SS is larger than _MIN_SS, FatFs is configured
-/  to variable sector size and GET_SECTOR_SIZE command must be implemented to the
-/  disk_ioctl() function. */
+/  to variable sector size and GET_SECTOR_SIZE command needs to be implemented to
+/  the disk_ioctl() function. */
 
 
 #define	_USE_TRIM	0
@@ -204,28 +204,28 @@
 
 #define	_FS_TINY	0
 /* This option switches tiny buffer configuration. (0:Normal or 1:Tiny)
-/  At the tiny configuration, size of the file object (FIL) is reduced _MAX_SS bytes.
+/  At the tiny configuration, size of file object (FIL) is shrinked _MAX_SS bytes.
 /  Instead of private sector buffer eliminated from the file object, common sector
 /  buffer in the file system object (FATFS) is used for the file data transfer. */
 
 
 #define _FS_EXFAT	0
-/* This option switches support of exFAT file system in addition to the traditional
-/  FAT file system. (0:Disable or 1:Enable) To enable exFAT, also LFN must be enabled.
-/  Note that enabling exFAT discards C89 compatibility. */
+/* This option switches support of exFAT file system. (0:Disable or 1:Enable)
+/  When enable exFAT, also LFN needs to be enabled. (_USE_LFN >= 1)
+/  Note that enabling exFAT discards ANSI C (C89) compatibility. */
 
 
 #define _FS_NORTC	1
 #define _NORTC_MON	1
 #define _NORTC_MDAY	1
-#define _NORTC_YEAR	2016
+#define _NORTC_YEAR	2017
 /* The option _FS_NORTC switches timestamp functiton. If the system does not have
 /  any RTC function or valid timestamp is not needed, set _FS_NORTC = 1 to disable
 /  the timestamp function. All objects modified by FatFs will have a fixed timestamp
 /  defined by _NORTC_MON, _NORTC_MDAY and _NORTC_YEAR in local time.
 /  To enable timestamp function (_FS_NORTC = 0), get_fattime() function need to be
 /  added to the project to get current time form real-time clock. _NORTC_MON,
-/  _NORTC_MDAY and _NORTC_YEAR have no effect. 
+/  _NORTC_MDAY and _NORTC_YEAR have no effect.
 /  These options have no effect at read-only configuration (_FS_READONLY = 1). */
 
 
@@ -258,8 +258,11 @@
 /
 /  The _FS_TIMEOUT defines timeout period in unit of time tick.
 /  The _SYNC_t defines O/S dependent sync object type. e.g. HANDLE, ID, OS_EVENT*,
-/  SemaphoreHandle_t and etc.. A header file for O/S definitions needs to be
-/  included somewhere in the scope of ff.c. */
+/  SemaphoreHandle_t and etc. A header file for O/S definitions needs to be
+/  included somewhere in the scope of ff.h. */
+
+/* #include <windows.h>	// O/S definitions  */
+
 
 
 /*--- End of configuration options ---*/

source/fatfs/integer.h

@@ -30,7 +30,7 @@ typedef unsigned short	WCHAR;
 typedef long			LONG;
 typedef unsigned long	DWORD;
 
-/* This type MUST be 64-bit (Remove this for C89 compatibility) */
+/* This type MUST be 64-bit (Remove this for ANSI C (C89) compatibility) */
 typedef unsigned long long QWORD;
 
 #endif

source/fatfs/sdmmc/common.h

@@ -1,4 +0,0 @@
-#pragma once
-
-#include <stdbool.h>
-#include "../../types.h"

source/fatfs/sdmmc/delay.h

@@ -1,9 +1,5 @@
-// Copyright 2014 Normmatt
-// Licensed under GPLv2 or any later version
-// Refer to the license.txt file included.
-
 #pragma once
 
-#include "common.h"
+#include "../../types.h"
 
-void ioDelay(u32 us);
+void waitcycles(u32 us);

source/fatfs/sdmmc/delay.s

@@ -1,17 +1,16 @@
-// Copyright 2014 Normmatt
-// Licensed under GPLv2 or any later version
-// Refer to the license.txt file included.
-
+.text
 .arm
-.global ioDelay
-.type   ioDelay STT_FUNC
+.align 4
 
-@ioDelay ( u32 us )
-ioDelay:
-	ldr r1, =0x18000000  @ VRAM
-1:
-	@ Loop doing uncached reads from VRAM to make loop timing more reliable
-	ldr r2, [r1]
-	subs r0, #1
-	bgt 1b
-	bx lr
+.global waitcycles
+.type waitcycles, %function
+waitcycles:
+    push {r0-r2, lr}
+    str r0, [sp, #4]
+    waitcycles_loop:
+        ldr r3, [sp, #4]
+        subs r2, r3, #1
+        str r2, [sp, #4]
+        cmp r3, #0
+        bne waitcycles_loop
+    pop {r0-r2, pc}

source/fatfs/sdmmc/sdmmc.c

@@ -1,30 +1,55 @@
-// Copyright 2014 Normmatt
-// Licensed under GPLv2 or any later version
-// Refer to the license.txt file included.
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file, 
+ * You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * Copyright (c) 2014-2015, Normmatt
+ *
+ * Alternatively, the contents of this file may be used under the terms
+ * of the GNU General Public License Version 2, as described below:
+ *
+ * This file is free software: you may copy, redistribute and/or modify
+ * it under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+ * Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see http://www.gnu.org/licenses/.
+ */
 
 #include "sdmmc.h"
 #include "delay.h"
 
-struct mmcdevice handleNAND;
-struct mmcdevice handleSD;
+static struct mmcdevice handleNAND;
+static struct mmcdevice handleSD;
 
-static inline u16 sdmmc_read16(u16 reg) {
-    return *(vu16*)(SDMMC_BASE + reg);
+static inline u16 sdmmc_read16(u16 reg)
+{
+    return *(vu16 *)(SDMMC_BASE + reg);
 }
 
-static inline void sdmmc_write16(u16 reg, u16 val) {
-    *(vu16*)(SDMMC_BASE + reg) = val;
+static inline void sdmmc_write16(u16 reg, u16 val)
+{
+    *(vu16 *)(SDMMC_BASE + reg) = val;
 }
 
-static inline u32 sdmmc_read32(u16 reg) {
-    return *(vu32*)(SDMMC_BASE + reg);
+static inline u32 sdmmc_read32(u16 reg)
+{
+    return *(vu32 *)(SDMMC_BASE + reg);
 }
 
-static inline void sdmmc_write32(u16 reg, u32 val) {
-    *(vu32*)(SDMMC_BASE + reg) = val;
+static inline void sdmmc_write32(u16 reg, u32 val)
+{
+    *(vu32 *)(SDMMC_BASE + reg) = val;
 }
 
-static inline void sdmmc_mask16(u16 reg, const u16 clear, const u16 set) {
+static inline void sdmmc_mask16(u16 reg, const u16 clear, const u16 set)
+{
     u16 val = sdmmc_read16(reg);
     val &= ~clear;
     val |= set;
@@ -38,192 +63,257 @@ static inline void setckl(u32 data)
     sdmmc_mask16(REG_SDCLKCTL, 0x0, 0x100);
 }
 
-
 mmcdevice *getMMCDevice(int drive)
 {
-    if(drive==0) return &handleNAND;
+    if(drive == 0) return &handleNAND;
     return &handleSD;
 }
 
-static u32 __attribute__((noinline)) geterror(struct mmcdevice *ctx)
+static int geterror(struct mmcdevice *ctx)
 {
-    return (ctx->error << 29) >> 31;
+    return (int)((ctx->error << 29) >> 31);
 }
 
-static void __attribute__((noinline)) inittarget(struct mmcdevice *ctx)
+static void inittarget(struct mmcdevice *ctx)
 {
-    sdmmc_mask16(REG_SDPORTSEL,0x3,(u16)ctx->devicenumber);
+    sdmmc_mask16(REG_SDPORTSEL, 0x3, (u16)ctx->devicenumber);
     setckl(ctx->clk);
-    if (ctx->SDOPT == 0) {
-        sdmmc_mask16(REG_SDOPT, 0, 0x8000);
-    } else {
-        sdmmc_mask16(REG_SDOPT, 0x8000, 0);
-    }
-
+    if(ctx->SDOPT == 0) sdmmc_mask16(REG_SDOPT, 0, 0x8000);
+    else sdmmc_mask16(REG_SDOPT, 0x8000, 0);
 }
 
 static void __attribute__((noinline)) sdmmc_send_command(struct mmcdevice *ctx, u32 cmd, u32 args)
 {
-    bool getSDRESP = (cmd << 15) >> 31;
+    u32 getSDRESP = (cmd << 15) >> 31;
     u16 flags = (cmd << 15) >> 31;
-    const bool readdata = cmd & 0x20000;
-    const bool writedata = cmd & 0x40000;
+    const int readdata = cmd & 0x20000;
+    const int writedata = cmd & 0x40000;
 
-    if (readdata || writedata)
+    if(readdata || writedata)
         flags |= TMIO_STAT0_DATAEND;
 
     ctx->error = 0;
-    while (sdmmc_read16(REG_SDSTATUS1) & TMIO_STAT1_CMD_BUSY); //mmc working?
-    sdmmc_write16(REG_SDIRMASK0,0);
-    sdmmc_write16(REG_SDIRMASK1,0);
-    sdmmc_write16(REG_SDSTATUS0,0);
-    sdmmc_write16(REG_SDSTATUS1,0);
-    sdmmc_mask16(REG_SDDATACTL32,0x1800,0);
-
-    sdmmc_write16(REG_SDCMDARG0,args &0xFFFF);
-    sdmmc_write16(REG_SDCMDARG1,args >> 16);
-    sdmmc_write16(REG_SDCMD,cmd &0xFFFF);
+    while((sdmmc_read16(REG_SDSTATUS1) & TMIO_STAT1_CMD_BUSY)); //mmc working?
+    sdmmc_write16(REG_SDIRMASK0, 0);
+    sdmmc_write16(REG_SDIRMASK1, 0);
+    sdmmc_write16(REG_SDSTATUS0, 0);
+    sdmmc_write16(REG_SDSTATUS1, 0);
+    sdmmc_mask16(REG_DATACTL32, 0x1800, 0);
+    sdmmc_write16(REG_SDCMDARG0, args & 0xFFFF);
+    sdmmc_write16(REG_SDCMDARG1, args >> 16);
+    sdmmc_write16(REG_SDCMD, cmd & 0xFFFF);
 
     u32 size = ctx->size;
-    vu8 *dataPtr = ctx->data;
+    u8 *rDataPtr = ctx->rData;
+    const u8 *tDataPtr = ctx->tData;
 
-    bool useBuf = ( NULL != dataPtr );
+    bool rUseBuf = rDataPtr != NULL;
+    bool tUseBuf = tDataPtr != NULL;
 
     u16 status0 = 0;
-    while(true) {
-        u16 status1 = sdmmc_read16(REG_SDSTATUS1);
-        if (status1 & TMIO_STAT1_RXRDY) {
-            if (readdata && useBuf) {
-                sdmmc_mask16(REG_SDSTATUS1, TMIO_STAT1_RXRDY, 0);
-                //sdmmc_write16(REG_SDSTATUS1,~TMIO_STAT1_RXRDY);
-                if (size > 0x1FF) {
-                    for(int i = 0; i<0x200; i+=2) {
-                        u16 data = sdmmc_read16(REG_SDFIFO);
-                        *dataPtr++ = data & 0xFF;
-                        *dataPtr++ = data >> 8;
+    while(true)
+    {
+        vu16 status1 = sdmmc_read16(REG_SDSTATUS1);
+        vu16 ctl32 = sdmmc_read16(REG_DATACTL32);
+        if((ctl32 & 0x100))
+        {
+            if(readdata)
+            {
+                if(rUseBuf)
+                {
+                    sdmmc_mask16(REG_SDSTATUS1, TMIO_STAT1_RXRDY, 0);
+                    if(size > 0x1FF)
+                    {
+                        //Gabriel Marcano: This implementation doesn't assume alignment.
+                        //I've removed the alignment check doen with former rUseBuf32 as a result
+                        for(int i = 0; i < 0x200; i += 4)
+                        {
+                            u32 data = sdmmc_read32(REG_SDFIFO32);
+                            *rDataPtr++ = data;
+                            *rDataPtr++ = data >> 8;
+                            *rDataPtr++ = data >> 16;
+                            *rDataPtr++ = data >> 24;
+                        }
+                        size -= 0x200;
                     }
-                    size -= 0x200;
                 }
-            }
-        }
 
-        if (status1 & TMIO_STAT1_TXRQ) {
-            if (writedata && useBuf) {
-                sdmmc_mask16(REG_SDSTATUS1, TMIO_STAT1_TXRQ, 0);
-                //sdmmc_write16(REG_SDSTATUS1,~TMIO_STAT1_TXRQ);
-                if (size > 0x1FF) {
-                    for (int i = 0; i<0x200; i+=2) {
-                        u16 data = *dataPtr++;
-                        data |= *dataPtr++ << 8;
-                        sdmmc_write16(REG_SDFIFO, data);
-                    }
-                    size -= 0x200;
-                }
+                sdmmc_mask16(REG_DATACTL32, 0x800, 0);
             }
         }
-        if (status1 & TMIO_MASK_GW) {
+        if(!(ctl32 & 0x200))
+        {
+            if(writedata)
+            {
+                if(tUseBuf)
+                {
+                    sdmmc_mask16(REG_SDSTATUS1, TMIO_STAT1_TXRQ, 0);
+                    if(size > 0x1FF)
+                    {
+                        for(int i = 0; i < 0x200; i += 4)
+                        {
+                            u32 data = *tDataPtr++;
+                            data |= (u32)*tDataPtr++ << 8;
+                            data |= (u32)*tDataPtr++ << 16;
+                            data |= (u32)*tDataPtr++ << 24;
+                            sdmmc_write32(REG_SDFIFO32, data);
+                        }
+                        size -= 0x200;
+                    }
+                }
+
+                sdmmc_mask16(REG_DATACTL32, 0x1000, 0);
+            }
+        }
+        if(status1 & TMIO_MASK_GW)
+        {
             ctx->error |= 4;
             break;
         }
 
-        if (!(status1 & TMIO_STAT1_CMD_BUSY)) {
+        if(!(status1 & TMIO_STAT1_CMD_BUSY))
+        {
             status0 = sdmmc_read16(REG_SDSTATUS0);
-            if (sdmmc_read16(REG_SDSTATUS0) & TMIO_STAT0_CMDRESPEND)
+            if(sdmmc_read16(REG_SDSTATUS0) & TMIO_STAT0_CMDRESPEND)
+            {
                 ctx->error |= 0x1;
-            if (status0 & TMIO_STAT0_DATAEND)
+            }
+            if(status0 & TMIO_STAT0_DATAEND)
+            {
                 ctx->error |= 0x2;
+            }
 
-            if ((status0 & flags) == flags)
+            if((status0 & flags) == flags)
                 break;
         }
     }
     ctx->stat0 = sdmmc_read16(REG_SDSTATUS0);
     ctx->stat1 = sdmmc_read16(REG_SDSTATUS1);
-    sdmmc_write16(REG_SDSTATUS0,0);
-    sdmmc_write16(REG_SDSTATUS1,0);
+    sdmmc_write16(REG_SDSTATUS0, 0);
+    sdmmc_write16(REG_SDSTATUS1, 0);
 
-    if (getSDRESP != 0) {
-        ctx->ret[0] = (u32)sdmmc_read16(REG_SDRESP0) | (u32)(sdmmc_read16(REG_SDRESP1) << 16);
-        ctx->ret[1] = (u32)sdmmc_read16(REG_SDRESP2) | (u32)(sdmmc_read16(REG_SDRESP3) << 16);
-        ctx->ret[2] = (u32)sdmmc_read16(REG_SDRESP4) | (u32)(sdmmc_read16(REG_SDRESP5) << 16);
-        ctx->ret[3] = (u32)sdmmc_read16(REG_SDRESP6) | (u32)(sdmmc_read16(REG_SDRESP7) << 16);
+    if(getSDRESP != 0)
+    {
+        ctx->ret[0] = (u32)(sdmmc_read16(REG_SDRESP0) | (sdmmc_read16(REG_SDRESP1) << 16));
+        ctx->ret[1] = (u32)(sdmmc_read16(REG_SDRESP2) | (sdmmc_read16(REG_SDRESP3) << 16));
+        ctx->ret[2] = (u32)(sdmmc_read16(REG_SDRESP4) | (sdmmc_read16(REG_SDRESP5) << 16));
+        ctx->ret[3] = (u32)(sdmmc_read16(REG_SDRESP6) | (sdmmc_read16(REG_SDRESP7) << 16));
     }
 }
 
-u32 __attribute__((noinline)) sdmmc_sdcard_writesectors(u32 sector_no, u32 numsectors, vu8 *in)
+int __attribute__((noinline)) sdmmc_sdcard_writesectors(u32 sector_no, u32 numsectors, const u8 *in)
 {
-    if (handleSD.isSDHC == 0)
-        sector_no <<= 9;
+    if(handleSD.isSDHC == 0) sector_no <<= 9;
     inittarget(&handleSD);
-    sdmmc_write16(REG_SDSTOP,0x100);
-
-    sdmmc_write16(REG_SDBLKCOUNT,numsectors);
-    handleSD.data = in;
+    sdmmc_write16(REG_SDSTOP, 0x100);
+    sdmmc_write16(REG_SDBLKCOUNT32, numsectors);
+    sdmmc_write16(REG_SDBLKLEN32, 0x200);
+    sdmmc_write16(REG_SDBLKCOUNT, numsectors);
+    handleSD.tData = in;
     handleSD.size = numsectors << 9;
-    sdmmc_send_command(&handleSD,0x52C19,sector_no);
+    sdmmc_send_command(&handleSD, 0x52C19, sector_no);
     return geterror(&handleSD);
 }
 
-u32 __attribute__((noinline)) sdmmc_sdcard_readsectors(u32 sector_no, u32 numsectors, vu8 *out)
+int __attribute__((noinline)) sdmmc_sdcard_readsectors(u32 sector_no, u32 numsectors, u8 *out)
 {
-    if (handleSD.isSDHC == 0)
-        sector_no <<= 9;
+    if(handleSD.isSDHC == 0) sector_no <<= 9;
     inittarget(&handleSD);
-    sdmmc_write16(REG_SDSTOP,0x100);
-
-    sdmmc_write16(REG_SDBLKCOUNT,numsectors);
-    handleSD.data = out;
+    sdmmc_write16(REG_SDSTOP, 0x100);
+    sdmmc_write16(REG_SDBLKCOUNT32, numsectors);
+    sdmmc_write16(REG_SDBLKLEN32, 0x200);
+    sdmmc_write16(REG_SDBLKCOUNT, numsectors);
+    handleSD.rData = out;
     handleSD.size = numsectors << 9;
-    sdmmc_send_command(&handleSD,0x33C12,sector_no);
+    sdmmc_send_command(&handleSD, 0x33C12, sector_no);
     return geterror(&handleSD);
 }
 
-u32 __attribute__((noinline)) sdmmc_nand_readsectors(u32 sector_no, u32 numsectors, vu8 *out)
+int __attribute__((noinline)) sdmmc_nand_readsectors(u32 sector_no, u32 numsectors, u8 *out)
 {
-    if (handleNAND.isSDHC == 0)
-        sector_no <<= 9;
+    if(handleNAND.isSDHC == 0) sector_no <<= 9;
     inittarget(&handleNAND);
-    sdmmc_write16(REG_SDSTOP,0x100);
-
-    sdmmc_write16(REG_SDBLKCOUNT,numsectors);
-
-    handleNAND.data = out;
+    sdmmc_write16(REG_SDSTOP, 0x100);
+    sdmmc_write16(REG_SDBLKCOUNT32, numsectors);
+    sdmmc_write16(REG_SDBLKLEN32, 0x200);
+    sdmmc_write16(REG_SDBLKCOUNT, numsectors);
+    handleNAND.rData = out;
     handleNAND.size = numsectors << 9;
-    sdmmc_send_command(&handleNAND,0x33C12,sector_no);
+    sdmmc_send_command(&handleNAND, 0x33C12, sector_no);
     inittarget(&handleSD);
     return geterror(&handleNAND);
 }
 
-static u32 calcSDSize(u8* csd, int type)
+int __attribute__((noinline)) sdmmc_nand_writesectors(u32 sector_no, u32 numsectors, const u8 *in) //experimental
+{
+    if(handleNAND.isSDHC == 0) sector_no <<= 9;
+    inittarget(&handleNAND);
+    sdmmc_write16(REG_SDSTOP, 0x100);
+    sdmmc_write16(REG_SDBLKCOUNT32, numsectors);
+    sdmmc_write16(REG_SDBLKLEN32, 0x200);
+    sdmmc_write16(REG_SDBLKCOUNT, numsectors);
+    handleNAND.tData = in;
+    handleNAND.size = numsectors << 9;
+    sdmmc_send_command(&handleNAND, 0x52C19, sector_no);
+    inittarget(&handleSD);
+    return geterror(&handleNAND);
+}
+
+static u32 calcSDSize(u8 *csd, int type)
 {
     u32 result = 0;
-    if (type == -1) type = csd[14] >> 6;
-    switch (type) {
+    if(type == -1) type = csd[14] >> 6;
+    switch(type)
+    {
         case 0:
-            {
-                u32 block_len = csd[9] & 0xf;
-                block_len = 1u << block_len;
-                u32 mult = (u32)(csd[4] >> 7) | (u32)((csd[5] & 3) << 1);
-                mult = 1u << (mult + 2);
-                result = csd[8] & 3;
-                result = (result << 8) | csd[7];
-                result = (result << 2) | (csd[6] >> 6);
-                result = (result + 1) * mult * block_len / 512;
-            }
+        {
+            u32 block_len = csd[9] & 0xF;
+            block_len = 1u << block_len;
+            u32 mult = (u32)((csd[4] >> 7) | ((csd[5] & 3) << 1));
+            mult = 1u << (mult + 2);
+            result = csd[8] & 3;
+            result = (result << 8) | csd[7];
+            result = (result << 2) | (csd[6] >> 6);
+            result = (result + 1) * mult * block_len / 512;
             break;
+        }
         case 1:
-            result = csd[7] & 0x3f;
+            result = csd[7] & 0x3F;
             result = (result << 8) | csd[6];
             result = (result << 8) | csd[5];
             result = (result + 1) * 1024;
             break;
-    default:
-        break; //Do nothing otherwise
+        default:
+            break; //Do nothing otherwise FIXME perhaps return some error?
     }
     return result;
 }
 
 static void InitSD()
+{
+    *(vu16 *)0x10006100 &= 0xF7FFu; //SDDATACTL32
+    *(vu16 *)0x10006100 &= 0xEFFFu; //SDDATACTL32
+    *(vu16 *)0x10006100 |= 0x402u; //SDDATACTL32
+    *(vu16 *)0x100060D8 = (*(vu16 *)0x100060D8 & 0xFFDD) | 2;
+    *(vu16 *)0x10006100 &= 0xFFFFu; //SDDATACTL32
+    *(vu16 *)0x100060D8 &= 0xFFDFu; //SDDATACTL
+    *(vu16 *)0x10006104 = 512; //SDBLKLEN32
+    *(vu16 *)0x10006108 = 1; //SDBLKCOUNT32
+    *(vu16 *)0x100060E0 &= 0xFFFEu; //SDRESET
+    *(vu16 *)0x100060E0 |= 1u; //SDRESET
+    *(vu16 *)0x10006020 |= TMIO_MASK_ALL; //SDIR_MASK0
+    *(vu16 *)0x10006022 |= TMIO_MASK_ALL>>16; //SDIR_MASK1
+    *(vu16 *)0x100060FC |= 0xDBu; //SDCTL_RESERVED7
+    *(vu16 *)0x100060FE |= 0xDBu; //SDCTL_RESERVED8
+    *(vu16 *)0x10006002 &= 0xFFFCu; //SDPORTSEL
+    *(vu16 *)0x10006024 = 0x20;
+    *(vu16 *)0x10006028 = 0x40EE;
+    *(vu16 *)0x10006002 &= 0xFFFCu; ////SDPORTSEL
+    *(vu16 *)0x10006026 = 512; //SDBLKLEN
+    *(vu16 *)0x10006008 = 0; //SDSTOP
+}
+
+static int Nand_Init()
 {
     //NAND
     handleNAND.isSDHC = 0;
@@ -233,80 +323,50 @@ static void InitSD()
     handleNAND.clk = 0x80;
     handleNAND.devicenumber = 1;
 
-    //SD
-    handleSD.isSDHC = 0;
-    handleSD.SDOPT = 0;
-    handleSD.res = 0;
-    handleSD.initarg = 0;
-    handleSD.clk = 0x80;
-    handleSD.devicenumber = 0;
-
-    *(vu16*)0x10006100 &= 0xF7FFu; //SDDATACTL32
-    *(vu16*)0x10006100 &= 0xEFFFu; //SDDATACTL32
-    *(vu16*)0x10006100 |= 0x402u; //SDDATACTL32
-    *(vu16*)0x100060D8 = (*(vu16*)0x100060D8 & 0xFFDD) | 2;
-    *(vu16*)0x10006100 &= 0xFFFDu; //SDDATACTL32
-    *(vu16*)0x100060D8 &= 0xFFDDu; //SDDATACTL
-    *(vu16*)0x10006104 = 0; //SDBLKLEN32
-    *(vu16*)0x10006108 = 1; //SDBLKCOUNT32
-    *(vu16*)0x100060E0 &= 0xFFFEu; //SDRESET
-    *(vu16*)0x100060E0 |= 1u; //SDRESET
-    *(vu16*)0x10006020 |= TMIO_MASK_ALL; //SDIR_MASK0
-    *(vu16*)0x10006022 |= TMIO_MASK_ALL>>16; //SDIR_MASK1
-    *(vu16*)0x100060FC |= 0xDBu; //SDCTL_RESERVED7
-    *(vu16*)0x100060FE |= 0xDBu; //SDCTL_RESERVED8
-    *(vu16*)0x10006002 &= 0xFFFCu; //SDPORTSEL
-    *(vu16*)0x10006024 = 0x40; //Nintendo sets this to 0x20
-    *(vu16*)0x10006028 = 0x40EB; //Nintendo sets this to 0x40EE
-    *(vu16*)0x10006002 &= 0xFFFCu; ////SDPORTSEL
-    *(vu16*)0x10006026 = 512; //SDBLKLEN
-    *(vu16*)0x10006008 = 0; //SDSTOP
-
-    inittarget(&handleSD);
-}
-
-static int Nand_Init()
-{
     inittarget(&handleNAND);
-    ioDelay(0xF000);
+    waitcycles(0xF000);
 
-    sdmmc_send_command(&handleNAND,0,0);
+    sdmmc_send_command(&handleNAND, 0, 0);
 
-    do {
-        do {
-            sdmmc_send_command(&handleNAND,0x10701,0x100000);
-        } while ( !(handleNAND.error & 1) );
-    } while((handleNAND.ret[0] & 0x80000000) == 0);
+    do
+    {
+        do
+        {
+            sdmmc_send_command(&handleNAND, 0x10701, 0x100000);
+        }
+        while(!(handleNAND.error & 1));
+    }
+    while((handleNAND.ret[0] & 0x80000000) == 0);
 
-    sdmmc_send_command(&handleNAND,0x10602,0x0);
-    if (handleNAND.error & 0x4) return -1;
+    sdmmc_send_command(&handleNAND, 0x10602, 0x0);
+    if((handleNAND.error & 0x4)) return -1;
 
-    sdmmc_send_command(&handleNAND,0x10403,handleNAND.initarg << 0x10);
-    if (handleNAND.error & 0x4) return -1;
+    sdmmc_send_command(&handleNAND, 0x10403, handleNAND.initarg << 0x10);
+    if((handleNAND.error & 0x4)) return -1;
 
-    sdmmc_send_command(&handleNAND,0x10609,handleNAND.initarg << 0x10);
-    if (handleNAND.error & 0x4) return -1;
+    sdmmc_send_command(&handleNAND, 0x10609, handleNAND.initarg << 0x10);
+    if((handleNAND.error & 0x4)) return -1;
 
-    handleNAND.total_size = calcSDSize((u8*)&handleNAND.ret[0],0);
+    handleNAND.total_size = calcSDSize((u8*)&handleNAND.ret[0], 0);
     handleNAND.clk = 1;
     setckl(1);
 
-    sdmmc_send_command(&handleNAND,0x10407,handleNAND.initarg << 0x10);
-    if (handleNAND.error & 0x4) return -1;
+    sdmmc_send_command(&handleNAND, 0x10407, handleNAND.initarg << 0x10);
+    if((handleNAND.error & 0x4)) return -1;
 
     handleNAND.SDOPT = 1;
 
-    sdmmc_send_command(&handleNAND,0x10506,0x3B70100);
-    if (handleNAND.error & 0x4) return -1;
+    sdmmc_send_command(&handleNAND, 0x10506, 0x3B70100);
+    if((handleNAND.error & 0x4)) return -1;
 
-    sdmmc_send_command(&handleNAND,0x10506,0x3B90100);
-    if (handleNAND.error & 0x4) return -1;
+    sdmmc_send_command(&handleNAND, 0x10506, 0x3B90100);
+    if((handleNAND.error & 0x4)) return -1;
 
-    sdmmc_send_command(&handleNAND,0x1040D,handleNAND.initarg << 0x10);
-    if (handleNAND.error & 0x4) return -1;
+    sdmmc_send_command(&handleNAND, 0x1040D, handleNAND.initarg << 0x10);
+    if((handleNAND.error & 0x4)) return -1;
 
-    sdmmc_send_command(&handleNAND,0x10410,0x200);
-    if (handleNAND.error & 0x4) return -1;
+    sdmmc_send_command(&handleNAND, 0x10410, 0x200);
+    if((handleNAND.error & 0x4)) return -1;
 
     handleNAND.clk |= 0x200;
 
@@ -317,113 +377,104 @@ static int Nand_Init()
 
 static int SD_Init()
 {
+    //SD
+    handleSD.isSDHC = 0;
+    handleSD.SDOPT = 0;
+    handleSD.res = 0;
+    handleSD.initarg = 0;
+    handleSD.clk = 0x80;
+    handleSD.devicenumber = 0;
+
     inittarget(&handleSD);
 
-    ioDelay(1u << 18); //Card needs a little bit of time to be detected, it seems
-    
+    waitcycles(1u << 22); //Card needs a little bit of time to be detected, it seems FIXME test again to see what a good number is for the delay
+
     //If not inserted
-    if (!(*((vu16*)0x1000601c) & TMIO_STAT0_SIGSTATE)) return -1;
-    
-    sdmmc_send_command(&handleSD,0,0);
-    sdmmc_send_command(&handleSD,0x10408,0x1AA);
-    //u32 temp = (handleSD.ret[0] == 0x1AA) << 0x1E;
+    if(!(*((vu16 *)(SDMMC_BASE + REG_SDSTATUS0)) & TMIO_STAT0_SIGSTATE)) return 5;
+
+    sdmmc_send_command(&handleSD, 0, 0);
+    sdmmc_send_command(&handleSD, 0x10408, 0x1AA);
     u32 temp = (handleSD.error & 0x1) << 0x1E;
 
-    //int count = 0;
     u32 temp2 = 0;
-    do {
-        do {
-            sdmmc_send_command(&handleSD,0x10437,handleSD.initarg << 0x10);
-            sdmmc_send_command(&handleSD,0x10769,0x00FF8000 | temp);
+    do
+    {
+        do
+        {
+            sdmmc_send_command(&handleSD, 0x10437, handleSD.initarg << 0x10);
+            sdmmc_send_command(&handleSD, 0x10769, 0x00FF8000 | temp);
             temp2 = 1;
-        } while ( !(handleSD.error & 1) );
-
-    } while((handleSD.ret[0] & 0x80000000) == 0);
+        }
+        while(!(handleSD.error & 1));
+    }
+    while((handleSD.ret[0] & 0x80000000) == 0);
 
     if(!((handleSD.ret[0] >> 30) & 1) || !temp)
         temp2 = 0;
 
     handleSD.isSDHC = temp2;
 
-    sdmmc_send_command(&handleSD,0x10602,0);
-    if (handleSD.error & 0x4) return -1;
+    sdmmc_send_command(&handleSD, 0x10602, 0);
+    if((handleSD.error & 0x4)) return -1;
 
-    sdmmc_send_command(&handleSD,0x10403,0);
-    if (handleSD.error & 0x4) return -1;
+    sdmmc_send_command(&handleSD, 0x10403, 0);
+    if((handleSD.error & 0x4)) return -2;
     handleSD.initarg = handleSD.ret[0] >> 0x10;
 
-    sdmmc_send_command(&handleSD,0x10609,handleSD.initarg << 0x10);
-    if (handleSD.error & 0x4) return -1;
+    sdmmc_send_command(&handleSD, 0x10609, handleSD.initarg << 0x10);
+    if((handleSD.error & 0x4)) return -3;
 
-    handleSD.total_size = calcSDSize((u8*)&handleSD.ret[0],-1);
+    handleSD.total_size = calcSDSize((u8*)&handleSD.ret[0], -1);
     handleSD.clk = 1;
     setckl(1);
 
-    sdmmc_send_command(&handleSD,0x10507,handleSD.initarg << 0x10);
-    if (handleSD.error & 0x4) return -1;
+    sdmmc_send_command(&handleSD, 0x10507, handleSD.initarg << 0x10);
+    if((handleSD.error & 0x4)) return -4;
 
-    sdmmc_send_command(&handleSD,0x10437,handleSD.initarg << 0x10);
-    if (handleSD.error & 0x4) return -1;
+    sdmmc_send_command(&handleSD, 0x10437, handleSD.initarg << 0x10);
+    if((handleSD.error & 0x4)) return -5;
 
     handleSD.SDOPT = 1;
-    sdmmc_send_command(&handleSD,0x10446,0x2);
-    if (handleSD.error & 0x4) return -1;
+    sdmmc_send_command(&handleSD, 0x10446, 0x2);
+    if((handleSD.error & 0x4)) return -6;
 
-    sdmmc_send_command(&handleSD,0x1040D,handleSD.initarg << 0x10);
-    if (handleSD.error & 0x4) return -1;
+    sdmmc_send_command(&handleSD, 0x1040D, handleSD.initarg << 0x10);
+    if((handleSD.error & 0x4)) return -7;
 
-    sdmmc_send_command(&handleSD,0x10410,0x200);
-    if (handleSD.error & 0x4) return -1;
+    sdmmc_send_command(&handleSD, 0x10410, 0x200);
+    if((handleSD.error & 0x4)) return -8;
     handleSD.clk |= 0x200;
 
     return 0;
 }
 
-void sdmmc_sdcard_init()
+void sdmmc_get_cid(bool isNand, u32 *info)
 {
-    InitSD();
-    Nand_Init();
-    SD_Init();
+    struct mmcdevice *device = isNand ? &handleNAND : &handleSD;
+
+    inittarget(device);
+
+    // use cmd7 to put sd card in standby mode
+    // CMD7
+    sdmmc_send_command(device, 0x10507, 0);
+
+    // get sd card info
+    // use cmd10 to read CID
+    sdmmc_send_command(device, 0x1060A, device->initarg << 0x10);
+
+    for(int i = 0; i < 4; ++i)
+        info[i] = device->ret[i];
+
+    // put sd card back to transfer mode
+    // CMD7
+    sdmmc_send_command(device, 0x10507, device->initarg << 0x10);
 }
 
-int sdmmc_get_cid(int isNand, uint32_t *info)
+u32 sdmmc_sdcard_init()
 {
-	struct mmcdevice *device;
-	if(isNand)
-		device = &handleNAND;
-	else
-		device = &handleSD;
-	
-	inittarget(device);
-	// use cmd7 to put sd card in standby mode
-	// CMD7
-	{
-		sdmmc_send_command(device,0x10507,0);
-		//if((device->error & 0x4)) return -1;
-	}
-
-	// get sd card info
-	// use cmd10 to read CID
-	{
-		sdmmc_send_command(device,0x1060A,device->initarg << 0x10);
-		//if((device->error & 0x4)) return -2;
-
-		for( int i = 0; i < 4; ++i ) {
-			info[i] = device->ret[i];
-		}
-	}
-
-	// put sd card back to transfer mode
-	// CMD7
-	{
-		sdmmc_send_command(device,0x10507,device->initarg << 0x10);
-		//if((device->error & 0x4)) return -3;
-	}
-
-	if(isNand)
-	{
-		inittarget(&handleSD);
-	}
-	
-	return 0;
+    u32 ret = 0;
+    InitSD();
+    if(Nand_Init() != 0) ret &= 1;
+    if(SD_Init() != 0) ret &= 2;
+    return ret;
 }

source/fatfs/sdmmc/sdmmc.h

@@ -1,52 +1,48 @@
-// Copyright 2014 Normmatt
-// Licensed under GPLv2 or any later version
-// Refer to the license.txt file included.
-
 #pragma once
 
-#include "common.h"
+#include "../../types.h"
 
-#define SDMMC_BASE              0x10006000u
+#define SDMMC_BASE		0x10006000
 
-#define REG_SDCMD               0x00
-#define REG_SDPORTSEL           0x02
-#define REG_SDCMDARG            0x04
-#define REG_SDCMDARG0           0x04
-#define REG_SDCMDARG1           0x06
-#define REG_SDSTOP              0x08
-#define REG_SDBLKCOUNT          0x0a
+#define REG_SDCMD		0x00
+#define REG_SDPORTSEL		0x02
+#define REG_SDCMDARG		0x04
+#define REG_SDCMDARG0		0x04
+#define REG_SDCMDARG1		0x06
+#define REG_SDSTOP		0x08
+#define REG_SDBLKCOUNT		0x0A
 
-#define REG_SDRESP0             0x0c
-#define REG_SDRESP1             0x0e
-#define REG_SDRESP2             0x10
-#define REG_SDRESP3             0x12
-#define REG_SDRESP4             0x14
-#define REG_SDRESP5             0x16
-#define REG_SDRESP6             0x18
-#define REG_SDRESP7             0x1a
+#define REG_SDRESP0		0x0C
+#define REG_SDRESP1		0x0E
+#define REG_SDRESP2		0x10
+#define REG_SDRESP3		0x12
+#define REG_SDRESP4		0x14
+#define REG_SDRESP5		0x16
+#define REG_SDRESP6		0x18
+#define REG_SDRESP7		0x1A
 
-#define REG_SDSTATUS0           0x1c
-#define REG_SDSTATUS1           0x1e
+#define REG_SDSTATUS0		0x1C
+#define REG_SDSTATUS1		0x1E
 
-#define REG_SDIRMASK0           0x20
-#define REG_SDIRMASK1           0x22
-#define REG_SDCLKCTL            0x24
+#define REG_SDIRMASK0		0x20
+#define REG_SDIRMASK1		0x22
+#define REG_SDCLKCTL		0x24
 
-#define REG_SDBLKLEN            0x26
-#define REG_SDOPT               0x28
-#define REG_SDFIFO              0x30
+#define REG_SDBLKLEN		0x26
+#define REG_SDOPT		0x28
+#define REG_SDFIFO		0x30
 
-#define REG_SDDATACTL           0xd8
-#define REG_SDRESET             0xe0
-#define REG_SDPROTECTED         0xf6 //bit 0 determines if sd is protected or not?
+#define REG_DATACTL 		0xD8
+#define REG_SDRESET		0xE0
+#define REG_SDPROTECTED		0xF6 //bit 0 determines if sd is protected or not?
 
-#define REG_SDDATACTL32         0x100
-#define REG_SDBLKLEN32          0x104
-#define REG_SDBLKCOUNT32        0x108
-#define REG_SDFIFO32            0x10C
+#define REG_DATACTL32 		0x100
+#define REG_SDBLKLEN32		0x104
+#define REG_SDBLKCOUNT32	0x108
+#define REG_SDFIFO32		0x10C
 
-#define REG_CLK_AND_WAIT_CTL    0x138
-#define REG_RESET_SDIO          0x1e0
+#define REG_CLK_AND_WAIT_CTL	0x138
+#define REG_RESET_SDIO		0x1E0
 
 #define TMIO_STAT0_CMDRESPEND    0x0001
 #define TMIO_STAT0_DATAEND       0x0004
@@ -70,31 +66,7 @@
 #define TMIO_STAT1_CMD_BUSY      0x4000
 #define TMIO_STAT1_ILL_ACCESS    0x8000
 
-//Comes from TWLSDK mongoose.tef DWARF info
-#define SDMC_NORMAL              0x00000000
-#define SDMC_ERR_COMMAND         0x00000001
-#define SDMC_ERR_CRC             0x00000002
-#define SDMC_ERR_END             0x00000004
-#define SDMC_ERR_TIMEOUT         0x00000008
-#define SDMC_ERR_FIFO_OVF        0x00000010
-#define SDMC_ERR_FIFO_UDF        0x00000020
-#define SDMC_ERR_WP              0x00000040
-#define SDMC_ERR_ABORT           0x00000080
-#define SDMC_ERR_FPGA_TIMEOUT    0x00000100
-#define SDMC_ERR_PARAM           0x00000200
-#define SDMC_ERR_R1_STATUS       0x00000800
-#define SDMC_ERR_NUM_WR_SECTORS  0x00001000
-#define SDMC_ERR_RESET           0x00002000
-#define SDMC_ERR_ILA             0x00004000
-#define SDMC_ERR_INFO_DETECT     0x00008000
-
-#define SDMC_STAT_ERR_UNKNOWN    0x00080000
-#define SDMC_STAT_ERR_CC         0x00100000
-#define SDMC_STAT_ERR_ECC_FAILED 0x00200000
-#define SDMC_STAT_ERR_CRC        0x00800000
-#define SDMC_STAT_ERR_OTHER      0xf9c70008
-
-#define TMIO_MASK_ALL           0x837f031d
+#define TMIO_MASK_ALL           0x837F031D
 
 #define TMIO_MASK_GW            (TMIO_STAT1_ILL_ACCESS | TMIO_STAT1_CMDTIMEOUT | TMIO_STAT1_TXUNDERRUN | TMIO_STAT1_RXOVERFLOW | \
                                  TMIO_STAT1_DATATIMEOUT | TMIO_STAT1_STOPBIT_ERR | TMIO_STAT1_CRCFAIL | TMIO_STAT1_CMD_IDX_ERR)
@@ -103,7 +75,8 @@
 #define TMIO_MASK_WRITEOP (TMIO_STAT1_TXRQ | TMIO_STAT1_DATAEND)
 
 typedef struct mmcdevice {
-    vu8* data;
+    u8 *rData;
+    const u8 *tData;
     u32 size;
     u32 error;
     u16 stat0;
@@ -118,12 +91,10 @@ typedef struct mmcdevice {
     u32 res;
 } mmcdevice;
 
-mmcdevice *getMMCDevice(int drive);
-
-void sdmmc_sdcard_init();
-u32 sdmmc_sdcard_readsectors(u32 sector_no, u32 numsectors, vu8 *out);
-u32 sdmmc_sdcard_writesectors(u32 sector_no, u32 numsectors, vu8 *in);
-
-u32 sdmmc_nand_readsectors(u32 sector_no, u32 numsectors, vu8 *out);
-
-int sdmmc_get_cid( int isNand, uint32_t *info);
+u32 sdmmc_sdcard_init();
+int sdmmc_sdcard_readsectors(u32 sector_no, u32 numsectors, u8 *out);
+int sdmmc_sdcard_writesectors(u32 sector_no, u32 numsectors, const u8 *in);
+int sdmmc_nand_readsectors(u32 sector_no, u32 numsectors, u8 *out);
+int sdmmc_nand_writesectors(u32 sector_no, u32 numsectors, const u8 *in);
+void sdmmc_get_cid(bool isNand, u32 *info);
+mmcdevice *getMMCDevice(int drive);

source/firm.c

@@ -24,354 +24,367 @@
 #include "config.h"
 #include "utils.h"
 #include "fs.h"
+#include "exceptions.h"
 #include "patches.h"
 #include "memory.h"
+#include "strings.h"
 #include "cache.h"
 #include "emunand.h"
 #include "crypto.h"
-#include "draw.h"
 #include "screen.h"
-#include "buttons.h"
-#include "pin.h"
-#include "../build/injector.h"
+#include "fmt.h"
+#include "../build/bundled.h"
 
-extern u16 launchedFirmTIDLow[8]; //defined in start.s
-
-static firmHeader *const firm = (firmHeader *)0x24000000;
-static const firmSectionHeader *section;
-
-u32 config,
-    emuOffset;
-
-bool isN3DS, isDevUnit;
-
-FirmwareSource firmSource;
-
-void main(void)
+static inline bool loadFirmFromStorage(FirmwareType firmType)
 {
-    bool isFirmlaunch,
-         isA9lh;
+    const char *firmwareFiles[] = {
+        "firmware.bin",
+        "firmware_twl.bin",
+        "firmware_agb.bin",
+        "firmware_safe.bin",
+        "firmware_sysupdater.bin"
+    },
+               *cetkFiles[] = {
+        "cetk",
+        "cetk_twl",
+        "cetk_agb",
+        "cetk_safe",
+        "cetk_sysupdater"
+    };
 
-    u32 newConfig,
-        emuHeader;
+    u32 firmSize = fileRead(firm, firmType == NATIVE_FIRM1X2X ? firmwareFiles[0] : firmwareFiles[(u32)firmType], 0x400000 + sizeof(Cxi) + 0x200);
 
-    FirmwareType firmType;
-    FirmwareSource nandType;
-    ConfigurationStatus needConfig;
+    if(!firmSize) return false;
 
-    //Detect the console being used
-    isN3DS = PDN_MPCORE_CFG == 7;
+    if(firmSize <= sizeof(Cxi) + 0x200) error("The FIRM in /luma is not valid.");
 
-    //Detect dev units
-    isDevUnit = CFG_UNITINFO != 0;
-
-    //Mount filesystems. CTRNAND will be mounted only if/when needed
-    mountFs();
-
-    const char configPath[] = "/luma/config.bin";
-
-    //Attempt to read the configuration file
-    needConfig = fileRead(&config, configPath) ? MODIFY_CONFIGURATION : CREATE_CONFIGURATION;
-
-    //Determine if this is a firmlaunch boot
-    if(launchedFirmTIDLow[5] != 0)
+    if(memcmp(firm, "FIRM", 4) != 0)
     {
-        if(needConfig == CREATE_CONFIGURATION) mcuReboot();
+        u8 cetk[0xA50];
 
-        isFirmlaunch = true;
-
-        //'0' = NATIVE_FIRM, '1' = TWL_FIRM, '2' = AGB_FIRM
-        firmType = launchedFirmTIDLow[7] == u'3' ? SAFE_FIRM : (FirmwareType)(launchedFirmTIDLow[5] - u'0');
-
-        nandType = (FirmwareSource)BOOTCONFIG(0, 3);
-        firmSource = (FirmwareSource)BOOTCONFIG(2, 1);
-        isA9lh = BOOTCONFIG(3, 1) != 0;
-    }
-    else
-    {
-        //Get pressed buttons
-        u32 pressed = HID_PAD;
-
-        isFirmlaunch = false;
-        firmType = NATIVE_FIRM;
-
-        //Determine if booting with A9LH
-        isA9lh = !PDN_SPI_CNT;
-
-        //Determine if the user chose to use the SysNAND FIRM as default for a R boot
-        bool useSysAsDefault = isA9lh ? CONFIG(1) : false;
-
-        newConfig = (u32)isA9lh << 3;
-
-        //If it's a MCU reboot, try to force boot options
-        if(isA9lh && CFG_BOOTENV)
-        {
-            //Always force a sysNAND boot when quitting AGB_FIRM
-            if(CFG_BOOTENV == 7)
-            {
-                nandType = FIRMWARE_SYSNAND;
-                firmSource = useSysAsDefault ? FIRMWARE_SYSNAND : (FirmwareSource)BOOTCONFIG(2, 1);
-                needConfig = DONT_CONFIGURE;
-
-                //Flag to prevent multiple boot options-forcing
-                newConfig |= 1 << 4;
-            }
-
-            /* Else, force the last used boot options unless a button is pressed
-               or the no-forcing flag is set */
-            else if(!pressed && !BOOTCONFIG(4, 1))
-            {
-                nandType = (FirmwareSource)BOOTCONFIG(0, 3);
-                firmSource = (FirmwareSource)BOOTCONFIG(2, 1);
-                needConfig = DONT_CONFIGURE;
-            }
-        }
-
-        //Boot options aren't being forced
-        if(needConfig != DONT_CONFIGURE)
-        {
-            PINData pin;
-
-            bool pinExists = CONFIG(7) && readPin(&pin);
-
-            //If we get here we should check the PIN (if it exists) in all cases
-            if(pinExists) verifyPin(&pin);
-
-            //If no configuration file exists or SELECT is held, load configuration menu
-            bool shouldLoadConfigurationMenu = needConfig == CREATE_CONFIGURATION || ((pressed & BUTTON_SELECT) && !(pressed & BUTTON_L1));
-
-            if(shouldLoadConfigurationMenu)
-            {
-                configureCFW(configPath);
-
-                if(!pinExists && CONFIG(7)) newPin();
-
-                chrono(2);
-
-                //Update pressed buttons
-                pressed = HID_PAD;
-            }
-
-            if(isA9lh && !CFG_BOOTENV && pressed == SAFE_MODE)
-            {
-                nandType = FIRMWARE_SYSNAND;
-                firmSource = FIRMWARE_SYSNAND;
-            }
-            else
-            {
-                if(CONFIG(6) && loadSplash()) pressed = HID_PAD;
-
-                /* If L and R/A/Select or one of the single payload buttons are pressed,
-                   chainload an external payload (the PIN, if any, has been verified)*/
-                bool shouldLoadPayload = (pressed & SINGLE_PAYLOAD_BUTTONS) || ((pressed & BUTTON_L1) && (pressed & L_PAYLOAD_BUTTONS));
-
-                if(shouldLoadPayload) loadPayload(pressed);
-
-                if(!CONFIG(6)) loadSplash();
-
-                //If R is pressed, boot the non-updated NAND with the FIRM of the opposite one
-                if(pressed & BUTTON_R1)
-                {
-                    nandType = (useSysAsDefault) ? FIRMWARE_EMUNAND : FIRMWARE_SYSNAND;
-                    firmSource = (useSysAsDefault) ? FIRMWARE_SYSNAND : FIRMWARE_EMUNAND;
-                }
-
-                /* Else, boot the NAND the user set to autoboot or the opposite one, depending on L,
-                   with their own FIRM */
-                else
-                {
-                    nandType = (CONFIG(0) != !(pressed & BUTTON_L1)) ? FIRMWARE_EMUNAND : FIRMWARE_SYSNAND;
-                    firmSource = nandType;
-                }
-
-                /* If we're booting emuNAND the second emuNAND is set as default and B isn't pressed,
-                   or vice-versa, boot the second emuNAND */
-                if(nandType != FIRMWARE_SYSNAND && (CONFIG(2) == !(pressed & BUTTON_B))) nandType = FIRMWARE_EMUNAND2;
-            }
-        }
+        if(fileRead(cetk, firmType == NATIVE_FIRM1X2X ? cetkFiles[0] : cetkFiles[(u32)firmType], sizeof(cetk)) != sizeof(cetk) ||
+           !decryptNusFirm((Ticket *)(cetk + 0x140), (Cxi *)firm, firmSize))
+            error("The FIRM in /luma is encrypted or corrupted.");
     }
 
-    //If we need to boot emuNAND, make sure it exists
-    if(nandType != FIRMWARE_SYSNAND)
-    {
-        locateEmuNAND(&emuOffset, &emuHeader, &nandType);
-        if(nandType == FIRMWARE_SYSNAND) firmSource = FIRMWARE_SYSNAND;
-    }
+    //Check that the FIRM is right for the console from the ARM9 section address
+    if((firm->section[3].offset != 0 ? firm->section[3].address : firm->section[2].address) != (ISN3DS ? (u8 *)0x8006000 : (u8 *)0x8006800))
+        error("The FIRM in /luma is not for this console.");
 
-    //Same if we're using emuNAND as the FIRM source
-    else if(firmSource != FIRMWARE_SYSNAND)
-        locateEmuNAND(&emuOffset, &emuHeader, &firmSource);
-
-    if(!isFirmlaunch)
-    {
-        newConfig |= (u32)nandType | ((u32)firmSource << 2);
-
-        /* If the boot configuration is different from previously, overwrite it.
-           Just the no-forcing flag being set is not enough */
-        if((newConfig & 0x2F) != (config & 0x3F))
-        {
-            //Preserve user settings (last 26 bits)
-            newConfig |= config & 0xFFFFFFC0;
-
-            if(!fileWrite(&newConfig, configPath, 4))
-                error("Error writing the configuration file");
-        }
-    }
-
-    u32 firmVersion = loadFirm(firmType);
-
-    switch(firmType)
-    {
-        case NATIVE_FIRM:
-            patchNativeFirm(firmVersion, nandType, emuHeader, isA9lh);
-            break;
-        case SAFE_FIRM:
-            patchSafeFirm();
-            break;
-        default:
-            //Skip patching on unsupported O3DS AGB/TWL FIRMs
-            if(isN3DS || firmVersion >= (firmType == TWL_FIRM ? 0x16 : 0xB)) patchLegacyFirm(firmType);
-            break;
-    }
-
-    launchFirm(firmType, isFirmlaunch);
+    return true;
 }
 
-static inline u32 loadFirm(FirmwareType firmType)
+u32 loadFirm(FirmwareType *firmType, FirmwareSource nandType, bool loadFromStorage, bool isSafeMode)
 {
-    section = firm->section;
+    //Load FIRM from CTRNAND
+    u32 firmVersion = firmRead(firm, (u32)*firmType);
 
-    //Load FIRM from CTRNAND, unless it's an O3DS and we're loading a pre-5.0 NATIVE FIRM
-    u32 firmVersion = firmRead(firm, (u32)firmType);
+    if(firmVersion == 0xFFFFFFFF) error("Failed to get the CTRNAND FIRM.");
 
-    if(!isN3DS && firmType == NATIVE_FIRM && firmVersion < 0x25)
+    bool mustLoadFromStorage = false;
+
+    if(!ISN3DS && *firmType == NATIVE_FIRM && !ISDEVUNIT)
     {
-        if(!fileRead(firm, "/luma/firmware.bin") || (((u32)section[2].address >> 8) & 0xFF) != 0x68)
-            error("An old unsupported FIRM has been detected.\nCopy firmware.bin in /luma to boot");
+        if(firmVersion < 0x18)
+        {
+            //We can't boot < 3.x EmuNANDs
+            if(nandType != FIRMWARE_SYSNAND)
+                error("An old unsupported EmuNAND has been detected.\nLuma3DS is unable to boot it.");
 
-        //No assumption regarding FIRM version
-        firmVersion = 0xffffffff;
+            if(isSafeMode) error("SAFE_MODE is not supported on 1.x/2.x FIRM.");
+
+            *firmType = NATIVE_FIRM1X2X;
+        }
+
+        //We can't boot a 3.x/4.x NATIVE_FIRM, load one from SD/CTRNAND
+        else if(firmVersion < 0x25) mustLoadFromStorage = true;
+    }
+
+    if((loadFromStorage || mustLoadFromStorage) && loadFirmFromStorage(*firmType)) firmVersion = 0xFFFFFFFF;
+    else
+    {
+        if(mustLoadFromStorage) error("An old unsupported FIRM has been detected.\nCopy a firmware.bin in /luma to boot.");
+        if(!decryptExeFs((Cxi *)firm)) error("The CTRNAND FIRM is corrupted.");
+        if(ISDEVUNIT) firmVersion = 0xFFFFFFFF;
     }
-    else decryptExeFs((u8 *)firm);
 
     return firmVersion;
 }
 
-static inline void patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32 emuHeader, bool isA9lh)
+u32 patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32 emuHeader, bool isSafeMode, bool doUnitinfoPatch, bool enableExceptionHandlers)
 {
-    u8 *arm9Section = (u8 *)firm + section[2].offset;
+    u8 *arm9Section = (u8 *)firm + firm->section[2].offset,
+       *arm11Section1 = (u8 *)firm + firm->section[1].offset;
 
-    if(isN3DS)
+    if(ISN3DS)
     {
-        //Decrypt ARM9Bin and patch ARM9 entrypoint to skip arm9loader
-        arm9Loader(arm9Section);
+        //Decrypt ARM9Bin and patch ARM9 entrypoint to skip kernel9loader
+        kernel9Loader((Arm9Bin *)arm9Section);
         firm->arm9Entry = (u8 *)0x801B01C;
     }
+    
+    //Find the Process9 .code location, size and memory address
+    u32 process9Size,
+        process9MemAddr;
+    u8 *process9Offset = getProcess9Info(arm9Section, firm->section[2].size, &process9Size, &process9MemAddr);
 
-    //Sets the 7.x NCCH KeyX and the 6.x gamecard save data KeyY on >= 6.0 O3DS FIRMs, if not using A9LH
-    else if(!isA9lh && firmVersion >= 0x29) setRSAMod0DerivedKeys();
+    //Find the Kernel11 SVC table and handler, exceptions page and free space locations
+    u32 baseK11VA;
+    u8 *freeK11Space;
+    u32 *arm11SvcHandler,
+        *arm11DAbtHandler,
+        *arm11ExceptionsPage,
+        *arm11SvcTable = getKernel11Info(arm11Section1, firm->section[1].size, &baseK11VA, &freeK11Space, &arm11SvcHandler, &arm11DAbtHandler, &arm11ExceptionsPage);
+
+    u32 kernel9Size = (u32)(process9Offset - arm9Section) - sizeof(Cxi) - 0x200,
+        ret = 0;
+
+    //Apply signature patches
+    ret += patchSignatureChecks(process9Offset, process9Size);
+
+    //Apply EmuNAND patches
+    if(nandType != FIRMWARE_SYSNAND) ret += patchEmuNand(arm9Section, kernel9Size, process9Offset, process9Size, emuHeader, firm->section[2].address);
+
+    //Apply FIRM0/1 writes patches on SysNAND to protect A9LH
+    else ret += patchFirmWrites(process9Offset, process9Size);
+
+    //Apply firmlaunch patches
+    ret += patchFirmlaunches(process9Offset, process9Size, process9MemAddr);
+
+    //Apply dev unit check patches related to NCCH encryption
+    if(!ISDEVUNIT)
+    {
+        ret += patchZeroKeyNcchEncryptionCheck(process9Offset, process9Size);
+        ret += patchNandNcchEncryptionCheck(process9Offset, process9Size);
+    }
+
+    //11.0 FIRM patches
+    if(firmVersion >= (ISN3DS ? 0x21 : 0x52))
+    {
+        //Apply anti-anti-DG patches
+        ret += patchTitleInstallMinVersionChecks(process9Offset, process9Size, firmVersion);
+
+        //Restore svcBackdoor
+        ret += reimplementSvcBackdoor(arm11Section1, arm11SvcTable, baseK11VA, &freeK11Space);
+    }
+
+    //Stub svc 0x59 on 11.3+ FIRMs
+    if(firmVersion >= (ISN3DS ? 0x2D : 0x5C)) ret += stubSvcRestrictGpuDma(arm11Section1, arm11SvcTable, baseK11VA);
+
+    ret += implementSvcGetCFWInfo(arm11Section1, arm11SvcTable, baseK11VA, &freeK11Space, isSafeMode);
+
+    //Apply UNITINFO patches
+    if(doUnitinfoPatch)
+    {
+        ret += patchUnitInfoValueSet(arm9Section, kernel9Size);
+        if(!ISDEVUNIT) ret += patchCheckForDevCommonKey(process9Offset, process9Size);
+    }
+
+    if(enableExceptionHandlers)
+    {
+        //ARM11 exception handlers
+        u32 codeSetOffset,
+            stackAddress = getInfoForArm11ExceptionHandlers(arm11Section1, firm->section[1].size, &codeSetOffset);
+        ret += installArm11Handlers(arm11ExceptionsPage, stackAddress, codeSetOffset, arm11DAbtHandler, baseK11VA + ((u8 *)arm11DAbtHandler - arm11Section1));
+        patchSvcBreak11(arm11Section1, arm11SvcTable, baseK11VA);
+        ret += patchKernel11Panic(arm11Section1, firm->section[1].size);
+
+        //ARM9 exception handlers
+        ret += patchArm9ExceptionHandlersInstall(arm9Section, kernel9Size);
+        ret += patchSvcBreak9(arm9Section, kernel9Size, (u32)firm->section[2].address);
+        ret += patchKernel9Panic(arm9Section, kernel9Size);
+    }
+
+    bool patchAccess = CONFIG(PATCHACCESS),
+         patchGames = CONFIG(PATCHGAMES);
+
+    if(patchAccess || patchGames)
+    {
+        ret += patchK11ModuleChecks(arm11Section1, firm->section[1].size, &freeK11Space, patchGames);
+
+        if(patchAccess)
+        {
+            ret += patchArm11SvcAccessChecks(arm11SvcHandler, (u32 *)(arm11Section1 + firm->section[1].size));
+            ret += patchP9AccessChecks(process9Offset, process9Size);
+        }
+    }
+
+    return ret;
+}
+
+u32 patchTwlFirm(u32 firmVersion, bool doUnitinfoPatch)
+{
+    u8 *arm9Section = (u8 *)firm + firm->section[3].offset;
+
+    //On N3DS, decrypt ARM9Bin and patch ARM9 entrypoint to skip kernel9loader
+    if(ISN3DS)
+    {
+        kernel9Loader((Arm9Bin *)arm9Section);
+        firm->arm9Entry = (u8 *)0x801301C;
+    }
 
     //Find the Process9 .code location, size and memory address
     u32 process9Size,
         process9MemAddr;
-    u8 *process9Offset = getProcess9(arm9Section + 0x15000, section[2].size - 0x15000, &process9Size, &process9MemAddr);
+    u8 *process9Offset = getProcess9Info(arm9Section, firm->section[3].size, &process9Size, &process9MemAddr);
 
-    //Apply signature patches
-    patchSignatureChecks(process9Offset, process9Size);
+    u32 kernel9Size = (u32)(process9Offset - arm9Section) - sizeof(Cxi) - 0x200,
+        ret = 0;
 
-    //Apply emuNAND patches
-    if(nandType != FIRMWARE_SYSNAND)
-    {
-        u32 branchAdditive = (u32)firm + section[2].offset - (u32)section[2].address;
-        patchEmuNAND(arm9Section, section[2].size, process9Offset, process9Size, emuOffset, emuHeader, branchAdditive);
-    }
+    ret += patchLgySignatureChecks(process9Offset, process9Size);
+    ret += patchTwlInvalidSignatureChecks(process9Offset, process9Size);
+    ret += patchTwlNintendoLogoChecks(process9Offset, process9Size);
+    ret += patchTwlWhitelistChecks(process9Offset, process9Size);
+    if(ISN3DS || firmVersion > 0x11) ret += patchTwlFlashcartChecks(process9Offset, process9Size, firmVersion);
+    else if(!ISN3DS && firmVersion == 0x11) ret += patchOldTwlFlashcartChecks(process9Offset, process9Size);
+    ret += patchTwlShaHashChecks(process9Offset, process9Size);
 
-    //Apply FIRM0/1 writes patches on sysNAND to protect A9LH
-    else if(isA9lh) patchFirmWrites(process9Offset, process9Size);
+    //Apply UNITINFO patch
+    if(doUnitinfoPatch) ret += patchUnitInfoValueSet(arm9Section, kernel9Size);
 
-    //Apply firmlaunch patches
-    patchFirmlaunches(process9Offset, process9Size, process9MemAddr);
-
-    //11.0 FIRM patches
-    if(firmVersion >= (isN3DS ? 0x21 : 0x52))
-    {
-        //Apply anti-anti-DG patches
-        patchTitleInstallMinVersionCheck(process9Offset, process9Size);
-
-        //Restore svcBackdoor
-        reimplementSvcBackdoor((u8 *)firm + section[1].offset, section[1].size);
-    }
+    return ret;
 }
 
-static inline void patchLegacyFirm(FirmwareType firmType)
+u32 patchAgbFirm(bool doUnitinfoPatch)
 {
-    if(isN3DS)
+    u8 *arm9Section = (u8 *)firm + firm->section[3].offset;
+
+    //On N3DS, decrypt ARM9Bin and patch ARM9 entrypoint to skip kernel9loader
+    if(ISN3DS)
     {
-        //Decrypt ARM9Bin and patch ARM9 entrypoint to skip arm9loader
-        arm9Loader((u8 *)firm + section[3].offset);
+        kernel9Loader((Arm9Bin *)arm9Section);
         firm->arm9Entry = (u8 *)0x801301C;
     }
 
-    applyLegacyFirmPatches((u8 *)firm, firmType);
+    //Find the Process9 .code location, size and memory address
+    u32 process9Size,
+        process9MemAddr;
+    u8 *process9Offset = getProcess9Info(arm9Section, firm->section[3].size, &process9Size, &process9MemAddr);
+
+    u32 kernel9Size = (u32)(process9Offset - arm9Section) - sizeof(Cxi) - 0x200,
+        ret = 0;
+
+    ret += patchLgySignatureChecks(process9Offset, process9Size);
+    if(CONFIG(SHOWGBABOOT)) ret += patchAgbBootSplash(process9Offset, process9Size);
+
+    //Apply UNITINFO patch
+    if(doUnitinfoPatch) ret += patchUnitInfoValueSet(arm9Section, kernel9Size);
+
+    return ret;
 }
 
-static inline void patchSafeFirm(void)
+u32 patch1x2xNativeAndSafeFirm(bool enableExceptionHandlers)
 {
-    u8 *arm9Section = (u8 *)firm + section[2].offset;
+    u8 *arm9Section = (u8 *)firm + firm->section[2].offset;
 
-    if(isN3DS)
+    if(ISN3DS)
     {
-        //Decrypt ARM9Bin and patch ARM9 entrypoint to skip arm9loader
-        arm9Loader(arm9Section);
+        //Decrypt ARM9Bin and patch ARM9 entrypoint to skip kernel9loader
+        kernel9Loader((Arm9Bin *)arm9Section);
         firm->arm9Entry = (u8 *)0x801B01C;
-
-        patchFirmWrites(arm9Section, section[2].size);
     }
-    else patchFirmWriteSafe(arm9Section, section[2].size);
-}
 
-static inline void copySection0AndInjectLoader(void)
-{
-    u8 *arm11Section0 = (u8 *)firm + section[0].offset;
+    //Find the Process9 .code location, size and memory address
+    u32 process9Size,
+        process9MemAddr;
+    u8 *process9Offset = getProcess9Info(arm9Section, firm->section[2].size, &process9Size, &process9MemAddr);
 
-    u32 loaderSize;
-    u32 loaderOffset = getLoader(arm11Section0, &loaderSize);
+    u32 kernel9Size = (u32)(process9Offset - arm9Section) - sizeof(Cxi) - 0x200,
+        ret = 0;
 
-    memcpy(section[0].address, arm11Section0, loaderOffset);
-    memcpy(section[0].address + loaderOffset, injector, injector_size);
-    memcpy(section[0].address + loaderOffset + injector_size, arm11Section0 + loaderOffset + loaderSize, section[0].size - (loaderOffset + loaderSize));
-}
+    ret += ISN3DS ? patchFirmWrites(process9Offset, process9Size) : patchOldFirmWrites(process9Offset, process9Size);
 
-static inline void launchFirm(FirmwareType firmType, bool isFirmlaunch)
-{
-    //If we're booting NATIVE_FIRM, section0 needs to be copied separately to inject 3ds_injector
-    u32 sectionNum;
-    if(firmType == NATIVE_FIRM)
+    ret += ISN3DS ? patchSignatureChecks(process9Offset, process9Size) : patchOldSignatureChecks(process9Offset, process9Size);
+
+    if(enableExceptionHandlers)
     {
-        copySection0AndInjectLoader();
+        //ARM9 exception handlers
+        ret += patchArm9ExceptionHandlersInstall(arm9Section, kernel9Size);
+        ret += patchSvcBreak9(arm9Section, kernel9Size, (u32)firm->section[2].address);
+    }
+
+    return ret;
+}
+
+static inline void copySection0AndInjectSystemModules(FirmwareType firmType, bool loadFromStorage)
+{
+    u32 maxModuleSize = firmType == NATIVE_FIRM ? 0x80000 : 0x600000,
+        srcModuleSize,
+        dstModuleSize;
+    const char *extModuleSizeError = "The external FIRM modules are too large.";
+
+    for(u8 *src = (u8 *)firm + firm->section[0].offset, *srcEnd = src + firm->section[0].size, *dst = firm->section[0].address;
+        src < srcEnd; src += srcModuleSize, dst += dstModuleSize, maxModuleSize -= dstModuleSize)
+    {
+        srcModuleSize = ((Cxi *)src)->ncch.contentSize * 0x200;
+        const char *moduleName = ((Cxi *)src)->exHeader.systemControlInfo.appTitle;
+
+        if(loadFromStorage)
+        {
+            char fileName[24];
+
+            //Read modules from files if they exist
+            sprintf(fileName, "sysmodules/%.8s.cxi", moduleName);
+
+            dstModuleSize = getFileSize(fileName);
+
+            if(dstModuleSize != 0)
+            {
+                if(dstModuleSize > maxModuleSize) error(extModuleSizeError);
+
+                if(dstModuleSize <= sizeof(Cxi) + 0x200 ||
+                   fileRead(dst, fileName, dstModuleSize) != dstModuleSize ||
+                   memcmp(((Cxi *)dst)->ncch.magic, "NCCH", 4) != 0 ||
+                   memcmp(moduleName, ((Cxi *)dst)->exHeader.systemControlInfo.appTitle, sizeof(((Cxi *)dst)->exHeader.systemControlInfo.appTitle)) != 0)
+                    error("An external FIRM module is invalid or corrupted.");
+
+                continue;
+            }
+        }
+
+        const u8 *module;
+
+        if(firmType == NATIVE_FIRM && memcmp(moduleName, "loader", 6) == 0)
+        {
+            module = injector_bin;
+            dstModuleSize = injector_bin_size;
+        }
+        else
+        {
+            module = src;
+            dstModuleSize = srcModuleSize;
+        }
+
+        if(dstModuleSize > maxModuleSize) error(extModuleSizeError);
+
+        memcpy(dst, module, dstModuleSize);
+    }
+}
+
+void launchFirm(FirmwareType firmType, bool loadFromStorage)
+{
+    //Allow module injection and/or inject 3ds_injector on new NATIVE_FIRMs and LGY FIRMs
+    u32 sectionNum;
+    if(firmType == NATIVE_FIRM || (loadFromStorage && (firmType == TWL_FIRM || firmType == AGB_FIRM)))
+    {
+        copySection0AndInjectSystemModules(firmType, loadFromStorage);
         sectionNum = 1;
     }
     else sectionNum = 0;
 
     //Copy FIRM sections to respective memory locations
-    for(; sectionNum < 4 && section[sectionNum].size; sectionNum++)
-        memcpy(section[sectionNum].address, (u8 *)firm + section[sectionNum].offset, section[sectionNum].size);
-
-    //Determine the ARM11 entry to use
-    vu32 *arm11;
-    if(isFirmlaunch) arm11 = (u32 *)0x1FFFFFFC;
-    else
-    {
-        deinitScreens();
-        arm11 = (u32 *)0x1FFFFFF8;
-    }
+    for(; sectionNum < 4 && firm->section[sectionNum].size != 0; sectionNum++)
+        memcpy(firm->section[sectionNum].address, (u8 *)firm + firm->section[sectionNum].offset, firm->section[sectionNum].size);
 
+    if(!isFirmlaunch) deinitScreens();
+    
     //Set ARM11 kernel entrypoint
-    *arm11 = (u32)firm->arm11Entry;
+    ARM11_CORE0_MAILBOX_ENTRYPOINT = (u32)firm->arm11Entry;
 
-    flushEntireDCache(); //Ensure that all memory transfers have completed and that the data cache has been flushed 
+    //Ensure that all memory transfers have completed and that the caches have been flushed
+    flushEntireDCache();
     flushEntireICache();
 
     //Final jump to ARM9 kernel
     ((void (*)())firm->arm9Entry)();
-}
+}

source/firm.h

@@ -23,40 +23,13 @@
 #pragma once
 
 #include "types.h"
+#include "3dsheaders.h"
 
-#define PDN_MPCORE_CFG (*(vu32 *)0x10140FFC)
-#define PDN_SPI_CNT    (*(vu32 *)0x101401C0)
-#define CFG_BOOTENV    (*(vu32 *)0x10010000)
-#define CFG_UNITINFO   (*(vu8 *)0x10010010)
+static Firm *const firm = (Firm *const)0x24000000;
 
-//FIRM Header layout
-typedef struct firmSectionHeader {
-    u32 offset;
-    u8 *address;
-    u32 size;
-    u32 procType;
-    u8 hash[0x20];
-} firmSectionHeader;
-
-typedef struct firmHeader {
-    u32 magic;
-    u32 reserved1;
-    u8 *arm11Entry;
-    u8 *arm9Entry;
-    u8 reserved2[0x30];
-    firmSectionHeader section[4];
-} firmHeader;
-
-typedef enum ConfigurationStatus
-{
-    DONT_CONFIGURE = 0,
-    MODIFY_CONFIGURATION = 1,
-    CREATE_CONFIGURATION = 2
-} ConfigurationStatus;
- 
-static inline u32 loadFirm(FirmwareType firmType);
-static inline void patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32 emuHeader, bool isA9lh);
-static inline void patchLegacyFirm(FirmwareType firmType);
-static inline void patchSafeFirm(void);
-static inline void copySection0AndInjectLoader(void);
-static inline void launchFirm(FirmwareType firmType, bool isFirmlaunch);
+u32 loadFirm(FirmwareType *firmType, FirmwareSource nandType, bool loadFromStorage, bool isSafeMode);
+u32 patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32 emuHeader, bool isSafeMode, bool doUnitinfoPatch, bool enableExceptionHandlers);
+u32 patchTwlFirm(u32 firmVersion, bool doUnitinfoPatch);
+u32 patchAgbFirm(bool doUnitinfoPatch);
+u32 patch1x2xNativeAndSafeFirm(bool enableExceptionHandlers);
+void launchFirm(FirmwareType firmType, bool loadFromStorage);

source/fmt.c

@@ -0,0 +1,293 @@
+/* File : barebones/ee_printf.c
+	This file contains an implementation of ee_printf that only requires a method to output a char to a UART without pulling in library code.
+
+This code is based on a file that contains the following:
+ Copyright (C) 2002 Michael Ringgaard. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the distribution.
+ 3. Neither the name of the project nor the names of its contributors
+    may be used to endorse or promote products derived from this software
+    without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGE.
+
+*/
+
+//TuxSH's changes: add support for 64-bit numbers, remove floating-point code
+
+#include "strings.h"
+#include "fmt.h"
+
+#define ZEROPAD   (1<<0) //Pad with zero
+#define SIGN      (1<<1) //Unsigned/signed long
+#define PLUS      (1<<2) //Show plus
+#define SPACE     (1<<3) //Spacer
+#define LEFT      (1<<4) //Left justified
+#define HEX_PREP  (1<<5) //0x
+#define UPPERCASE (1<<6) //'ABCDEF'
+
+#define IS_DIGIT(c) ((c) >= '0' && (c) <= '9')
+
+static s32 skipAtoi(const char **s)
+{
+    s32 i = 0;
+
+    while(IS_DIGIT(**s)) i = i * 10 + *((*s)++) - '0';
+
+    return i;
+}
+
+static char *processNumber(char *str, s64 num, bool isHex, s32 size, s32 precision, u32 type)
+{
+    char sign = 0;
+
+    if(type & SIGN)
+    {
+        if(num < 0)
+        {
+            sign = '-';
+            num = -num;
+            size--;
+        }
+        else if(type & PLUS)
+        {
+            sign = '+';
+            size--;
+        }
+        else if(type & SPACE)
+        {
+            sign = ' ';
+            size--;
+        }
+    }
+
+    static const char *lowerDigits = "0123456789abcdef",
+                      *upperDigits = "0123456789ABCDEF";
+
+    s32 i = 0;
+    char tmp[20];
+    const char *dig = (type & UPPERCASE) ? upperDigits : lowerDigits;
+
+    if(num == 0)
+    {
+        if(precision != 0) tmp[i++] = '0';
+        type &= ~HEX_PREP;
+    }
+    else
+    {
+        while(num != 0)
+        {
+            u64 base = isHex ? 16ULL : 10ULL;
+            tmp[i++] = dig[(u64)num % base];
+            num = (s64)((u64)num / base);
+        }
+    }
+
+    if(type & LEFT || precision != -1) type &= ~ZEROPAD;
+    if(type & HEX_PREP && isHex) size -= 2;
+    if(i > precision) precision = i;
+    size -= precision;
+    if(!(type & (ZEROPAD | LEFT))) while(size-- > 0) *str++ = ' ';
+    if(sign) *str++ = sign;
+
+    if(type & HEX_PREP && isHex)
+    {
+        *str++ = '0';
+        *str++ = 'x';
+    }
+
+    if(type & ZEROPAD) while(size-- > 0) *str++ = '0';
+    while(i < precision--) *str++ = '0';
+    while(i-- > 0) *str++ = tmp[i];
+    while(size-- > 0) *str++ = ' ';
+
+    return str;
+}
+
+u32 vsprintf(char *buf, const char *fmt, va_list args)
+{
+    char *str;
+
+    for(str = buf; *fmt; fmt++)
+    {
+        if(*fmt != '%')
+        {
+            *str++ = *fmt;
+            continue;
+        }
+
+        //Process flags
+        u32 flags = 0; //Flags to number()
+        bool loop = true;
+
+        while(loop)
+        {
+            switch(*++fmt)
+            {
+                case '-': flags |= LEFT; break;
+                case '+': flags |= PLUS; break;
+                case ' ': flags |= SPACE; break;
+                case '#': flags |= HEX_PREP; break;
+                case '0': flags |= ZEROPAD; break;
+                default: loop = false; break;
+            }
+        }
+
+        //Get field width
+        s32 fieldWidth = -1; //Width of output field
+        if(IS_DIGIT(*fmt)) fieldWidth = skipAtoi(&fmt);
+        else if(*fmt == '*')
+        {
+            fmt++;
+
+            fieldWidth = va_arg(args, s32);
+
+            if(fieldWidth < 0)
+            {
+                fieldWidth = -fieldWidth;
+                flags |= LEFT;
+            }
+        }
+
+        //Get the precision
+        s32 precision = -1; //Min. # of digits for integers; max number of chars for from string
+        if(*fmt == '.')
+        {
+            fmt++;
+
+            if(IS_DIGIT(*fmt)) precision = skipAtoi(&fmt);
+            else if(*fmt == '*')
+            {
+                fmt++;
+                precision = va_arg(args, s32);
+            }
+
+            if(precision < 0) precision = 0;
+        }
+
+        //Get the conversion qualifier
+        u32 integerType = 0;
+        if(*fmt == 'l')
+        {
+            if(*++fmt == 'l')
+            {
+                fmt++;
+                integerType = 1;
+            }
+            
+        }
+        else if(*fmt == 'h')
+        {
+            if(*++fmt == 'h')
+            {
+                fmt++;
+                integerType = 3;
+            }
+            else integerType = 2;
+        }
+
+        bool isHex;
+
+        switch(*fmt)
+        {
+            case 'c':
+                if(!(flags & LEFT)) while(--fieldWidth > 0) *str++ = ' ';
+                *str++ = (u8)va_arg(args, s32);
+                while(--fieldWidth > 0) *str++ = ' ';
+                continue;
+
+            case 's':
+            {
+                char *s = va_arg(args, char *);
+                if(!s) s = "<NULL>";
+                u32 len = (precision != -1) ? strnlen(s, precision) : strlen(s);
+                if(!(flags & LEFT)) while((s32)len < fieldWidth--) *str++ = ' ';
+                for(u32 i = 0; i < len; i++) *str++ = *s++;
+                while((s32)len < fieldWidth--) *str++ = ' ';
+                continue;
+            }
+
+            case 'p':
+                if(fieldWidth == -1)
+                {
+                    fieldWidth = 8;
+                    flags |= ZEROPAD;
+                }
+                str = processNumber(str, va_arg(args, u32), true, fieldWidth, precision, flags);
+                continue;
+
+            //Integer number formats - set up the flags and "break"
+            case 'X':
+                flags |= UPPERCASE;
+
+            case 'x':
+                isHex = true;
+                break;
+
+            case 'd':
+            case 'i':
+                flags |= SIGN;
+
+            case 'u':
+                isHex = false;
+                break;
+
+            default:
+                if(*fmt != '%') *str++ = '%';
+                if(*fmt) *str++ = *fmt;
+                else fmt--;
+                continue;
+        }
+
+        s64 num;
+
+        if(flags & SIGN)
+        {
+            if(integerType == 1) num = va_arg(args, s64);
+            else num = va_arg(args, s32);
+
+            if(integerType == 2) num = (s16)num;
+            else if(integerType == 3) num = (s8)num;
+        }
+        else
+        {
+            if(integerType == 1) num = va_arg(args, u64);
+            else num = va_arg(args, u32);
+
+            if(integerType == 2) num = (u16)num;
+            else if(integerType == 3) num = (u8)num;
+        }
+
+        str = processNumber(str, num, isHex, fieldWidth, precision, flags);
+    }
+
+    *str = 0;
+    return str - buf;
+}
+
+u32 sprintf(char *buf, const char *fmt, ...)
+{
+    va_list args;
+    va_start(args, fmt);
+    u32 res = vsprintf(buf, fmt, args);
+    va_end(args);
+    return res;
+}

source/fmt.h

@@ -0,0 +1,6 @@
+#pragma once
+#include "memory.h"
+#include <stdarg.h>
+
+u32 vsprintf(char *buf, const char *fmt, va_list args);
+u32 sprintf(char *buf, const char *fmt, ...);

source/fs.c

@@ -22,138 +22,349 @@
 
 #include "fs.h"
 #include "memory.h"
+#include "strings.h"
+#include "fmt.h"
+#include "crypto.h"
 #include "cache.h"
 #include "screen.h"
+#include "draw.h"
+#include "utils.h"
+#include "config.h"
 #include "fatfs/ff.h"
 #include "buttons.h"
-#include "../build/loader.h"
+#include "firm.h"
+#include "crypto.h"
+#include "../build/bundled.h"
 
 static FATFS sdFs,
              nandFs;
 
-void mountFs(void)
+static bool switchToMainDir(bool isSd)
 {
-    f_mount(&sdFs, "0:", 1);
-    f_mount(&nandFs, "1:", 0);
+    const char *mainDir = isSd ? "/luma" : "/rw/luma";
+
+    switch(f_chdir(mainDir))
+    {
+        case FR_OK:
+            return true;
+        case FR_NO_PATH:
+            f_mkdir(mainDir);
+            return switchToMainDir(isSd);
+        default:
+            return false;
+    }
 }
 
-u32 fileRead(void *dest, const char *path)
+bool mountFs(bool isSd, bool switchToCtrNand)
+{
+    return isSd ? f_mount(&sdFs, "0:", 1) == FR_OK && switchToMainDir(true) :
+                  f_mount(&nandFs, "1:", 1) == FR_OK && (!switchToCtrNand || (f_chdrive("1:") == FR_OK && switchToMainDir(false)));
+}
+
+u32 fileRead(void *dest, const char *path, u32 maxSize)
 {
     FIL file;
-    u32 size;
+    u32 ret = 0;
 
-    if(f_open(&file, path, FA_READ) == FR_OK)
-    {
-        unsigned int read;
-        size = f_size(&file);
-        if(dest != NULL)
-            f_read(&file, dest, size, &read);
-        f_close(&file);
-    }
-    else size = 0;
+    if(f_open(&file, path, FA_READ) != FR_OK) return ret;
 
-    return size;
+    u32 size = f_size(&file);
+    if(dest == NULL) ret = size;
+    else if(size <= maxSize)
+        f_read(&file, dest, size, (unsigned int *)&ret);
+    f_close(&file);
+
+    return ret;
 }
 
 u32 getFileSize(const char *path)
 {
-    return fileRead(NULL, path);
+    return fileRead(NULL, path, 0);
 }
 
 bool fileWrite(const void *buffer, const char *path, u32 size)
 {
     FIL file;
 
-    if(f_open(&file, path, FA_WRITE | FA_OPEN_ALWAYS) == FR_OK)
+    switch(f_open(&file, path, FA_WRITE | FA_OPEN_ALWAYS))
     {
-        unsigned int written;
-        f_write(&file, buffer, size, &written);
-        f_close(&file);
+        case FR_OK:
+        {
+            unsigned int written;
+            f_write(&file, buffer, size, &written);
+            f_truncate(&file);
+            f_close(&file);
 
-        return true;
+            return (u32)written == size;
+        }
+        case FR_NO_PATH:
+            for(u32 i = 1; path[i] != 0; i++)
+                if(path[i] == '/')
+                {
+                    char folder[i + 1];
+                    memcpy(folder, path, i);
+                    folder[i] = 0;
+                    f_mkdir(folder);
+                }
+
+            return fileWrite(buffer, path, size);
+        default:
+            return false;
     }
+}
 
+void fileDelete(const char *path)
+{
+    f_unlink(path);
+}
+
+static __attribute__((noinline)) bool overlaps(u32 as, u32 ae, u32 bs, u32 be)
+{
+    if (as <= bs && bs <= ae)
+        return true;
+    else if (bs <= as && as <= be)
+        return true;
     return false;
 }
 
-void createDirectory(const char *path)
+static bool checkFirmPayload(void)
 {
-    f_mkdir(path);
+    if(memcmp(firm->magic, "FIRM", 4) != 0)
+        return false;
+
+    if(firm->arm9Entry == NULL)  //allow for the arm11 entrypoint to be zero in which case nothing is done on the arm11 side
+        return false;
+
+    u32 size = 0x200;
+    for(u32 i = 0; i < 4; i++)
+        size += firm->section[i].size;
+
+    bool arm9EpFound = false, arm11EpFound = false;
+    for(u32 i = 0; i < 4; i++)
+    {
+        __attribute__((aligned(4))) u8 hash[0x20];
+
+        FirmSection *section = &firm->section[i];
+
+        // allow empty sections
+        if (section->size == 0)
+            continue;
+
+        if(section->offset < 0x200)
+            return false;
+
+        if(section->address + section->size < section->address) //overflow check
+            return false;
+
+        if(((u32)section->address & 3) || (section->offset & 0x1FF) || (section->size & 0x1FF)) //alignment check
+            return false;
+
+        if(overlaps((u32)section->address, (u32)section->address + section->size, 0x27FFE000, 0x28000000))
+            return false;
+        else if(overlaps((u32)section->address, (u32)section->address + section->size, 0x27FFE000 - 0x1000, 0x27FFE000))
+            return false;
+        else if(overlaps((u32)section->address, (u32)section->address + section->size, (u32)firm, (u32)firm + size))
+            return false;
+
+        sha(hash, (u8 *)firm + section->offset, section->size, SHA_256_MODE);
+        if(memcmp(hash, section->hash, 0x20) != 0)
+            return false;
+
+        if(firm->arm9Entry >= section->address && firm->arm9Entry < (section->address + section->size))
+            arm9EpFound = true;
+
+        if(firm->arm11Entry >= section->address && firm->arm11Entry < (section->address + section->size))
+            arm11EpFound = true;
+    }
+
+    return arm9EpFound && (firm->arm11Entry == NULL || arm11EpFound);
 }
 
-void loadPayload(u32 pressed)
+void loadPayload(u32 pressed, const char *payloadPath)
 {
-    const char *pattern;
+    u32 *loaderAddress = (u32 *)0x27FFE000;
+    u32 payloadSize = 0,
+        maxPayloadSize = (u32)((u8 *)loaderAddress - (u8 *)firm);
 
-    if(pressed & BUTTON_RIGHT) pattern = PATTERN("right");
-    else if(pressed & BUTTON_LEFT) pattern = PATTERN("left");
-    else if(pressed & BUTTON_UP) pattern = PATTERN("up");
-    else if(pressed & BUTTON_DOWN) pattern = PATTERN("down");
-    else if(pressed & BUTTON_X) pattern = PATTERN("x");
-    else if(pressed & BUTTON_Y) pattern = PATTERN("y");
-    else if(pressed & BUTTON_R1) pattern = PATTERN("r");
-    else if(pressed & BUTTON_A) pattern = PATTERN("a");
-    else if(pressed & BUTTON_START) pattern = PATTERN("start");
-    else pattern = PATTERN("select");
+    char absPath[24 + _MAX_LFN] = {0};
+    char path[10 + _MAX_LFN] = {0};
 
+    if(payloadPath == NULL)
+    {
+        const char *pattern;
+
+        if(pressed & BUTTON_LEFT) pattern = PATTERN("left");
+        else if(pressed & BUTTON_RIGHT) pattern = PATTERN("right");
+        else if(pressed & BUTTON_UP) pattern = PATTERN("up");
+        else if(pressed & BUTTON_DOWN) pattern = PATTERN("down");
+        else if(pressed & BUTTON_START) pattern = PATTERN("start");
+        else if(pressed & BUTTON_B) pattern = PATTERN("b");
+        else if(pressed & BUTTON_X) pattern = PATTERN("x");
+        else if(pressed & BUTTON_Y) pattern = PATTERN("y");
+        else if(pressed & BUTTON_R1) pattern = PATTERN("r");
+        else if(pressed & BUTTON_A) pattern = PATTERN("a");
+        else pattern = PATTERN("select");
+
+        DIR dir;
+        FILINFO info;
+        FRESULT result;
+
+        result = f_findfirst(&dir, &info, "payloads", pattern);
+
+        if(result != FR_OK) return;
+
+        f_closedir(&dir);
+
+        if(!info.fname[0]) return;
+
+        sprintf(path, "payloads/%s", info.fname);
+
+    }
+    else sprintf(path, "%s", payloadPath);
+
+    payloadSize = fileRead(firm, path, maxPayloadSize);
+
+    if(!payloadSize || !checkFirmPayload()) return;
+
+    writeConfig(true);
+
+    if(memcmp(launchedPath, u"nand", 8) == 0)
+        sprintf(absPath, "nand:/rw/luma/%s", path);
+    else
+        sprintf(absPath, "sdmc:/luma/%s", path);
+
+    char *argv[1] = {absPath};
+    memcpy(loaderAddress, loader_bin, loader_bin_size);
+
+    initScreens();
+
+    flushDCacheRange(loaderAddress, loader_bin_size);
+    flushICacheRange(loaderAddress, loader_bin_size);
+
+    ((void (*)(int, char **, u32))loaderAddress)(1, argv, 0x0000BEEF);
+}
+
+void payloadMenu(void)
+{
     DIR dir;
-    FILINFO info;
-    char path[28] = "/luma/payloads";
+    char path[62] = "payloads";
 
-    FRESULT result = f_findfirst(&dir, &info, path, pattern);
+    if(f_opendir(&dir, path) != FR_OK) return;
+
+    FILINFO info;
+    u32 payloadNum = 0;
+    char payloadList[20][49];
+
+    while(f_readdir(&dir, &info) == FR_OK && info.fname[0] != 0 && payloadNum < 20)
+    {
+        if(info.fname[0] == '.') continue;
+
+        u32 nameLength = strlen(info.fname);
+
+        if(nameLength < 6 || nameLength > 52) continue;
+
+        nameLength -= 5;
+
+        if(memcmp(info.fname + nameLength, ".firm", 5) != 0) continue;
+
+        memcpy(payloadList[payloadNum], info.fname, nameLength);
+        payloadList[payloadNum][nameLength] = 0;
+        payloadNum++;
+    }
 
     f_closedir(&dir);
 
-    if(result == FR_OK && info.fname[0])
+    if(!payloadNum) return;
+
+    u32 pressed = 0,
+        selectedPayload = 0;
+
+    if(payloadNum != 1)
     {
         initScreens();
 
-        u32 *const loaderAddress = (u32 *)0x24FFFF00;
+        drawString(true, 10, 10, COLOR_TITLE, "Luma3DS chainloader");
+        drawString(true, 10, 10 + SPACING_Y, COLOR_TITLE, "Press A to select, START to quit");
 
-        memcpy(loaderAddress, loader, loader_size);
+        for(u32 i = 0, posY = 10 + 3 * SPACING_Y, color = COLOR_RED; i < payloadNum; i++, posY += SPACING_Y)
+        {
+            drawString(true, 10, posY, color, payloadList[i]);
+            if(color == COLOR_RED) color = COLOR_WHITE;
+        }
 
-        path[14] = '/';
-        memcpy(&path[15], info.altname, 13);
+        while(pressed != BUTTON_A && pressed != BUTTON_START)
+        {
+            do
+            {
+                pressed = waitInput(true);
+            }
+            while(!(pressed & MENU_BUTTONS));
 
-        loaderAddress[1] = fileRead((void *)0x24F00000, path);
+            u32 oldSelectedPayload = selectedPayload;
 
-        flushDCacheRange(loaderAddress, loader_size);
-        flushICacheRange(loaderAddress, loader_size);
+            switch(pressed)
+            {
+                case BUTTON_UP:
+                    selectedPayload = !selectedPayload ? payloadNum - 1 : selectedPayload - 1;
+                    break;
+                case BUTTON_DOWN:
+                    selectedPayload = selectedPayload == payloadNum - 1 ? 0 : selectedPayload + 1;
+                    break;
+                case BUTTON_LEFT:
+                    selectedPayload = 0;
+                    break;
+                case BUTTON_RIGHT:
+                    selectedPayload = payloadNum - 1;
+                    break;
+                default:
+                    continue;
+            }
 
-        ((void (*)())loaderAddress)();
+            if(oldSelectedPayload == selectedPayload) continue;
+
+            drawString(true, 10, 10 + (3 + oldSelectedPayload) * SPACING_Y, COLOR_WHITE, payloadList[oldSelectedPayload]);
+            drawString(true, 10, 10 + (3 + selectedPayload) * SPACING_Y, COLOR_RED, payloadList[selectedPayload]);
+        }
     }
+
+    if(pressed != BUTTON_START)
+    {
+        sprintf(path, "payloads/%s.firm", payloadList[selectedPayload]);
+        loadPayload(0, path);
+        error("The payload is too large or corrupted.");
+    }
+
+    while(HID_PAD & MENU_BUTTONS);
+    wait(2000ULL);
 }
 
 u32 firmRead(void *dest, u32 firmType)
 {
-    const char *firmFolders[4][2] = {{ "00000002", "20000002" },
-                                    { "00000102", "20000102" },
-                                    { "00000202", "20000202" },
-                                    { "00000003", "20000003" }};
+    const char *firmFolders[][2] = {{"00000002", "20000002"},
+                                    {"00000102", "20000102"},
+                                    {"00000202", "20000202"},
+                                    {"00000003", "20000003"},
+                                    {"00000001", "20000001"}};
 
-    char path[48] = "1:/title/00040138/00000000/content";
-    memcpy(&path[18], firmFolders[firmType][isN3DS ? 1 : 0], 8);
+    char folderPath[35],
+         path[48];
+
+    sprintf(folderPath, "1:/title/00040138/%s/content", firmFolders[firmType][ISN3DS ? 1 : 0]);
 
     DIR dir;
-    FILINFO info;
-
-    f_opendir(&dir, path);
-
     u32 firmVersion = 0xFFFFFFFF;
 
+    if(f_opendir(&dir, folderPath) != FR_OK) goto exit;
+
+    FILINFO info;
+
     //Parse the target directory
-    while(f_readdir(&dir, &info) == FR_OK && info.fname[0])
+    while(f_readdir(&dir, &info) == FR_OK && info.fname[0] != 0)
     {
         //Not a cxi
-        if(info.altname[9] != 'A') continue;
+        if(info.fname[9] != 'a' || strlen(info.fname) != 12) continue;
 
-        //Convert the .app name to an integer
-        u32 tempVersion = 0;
-        for(char *tmp = info.altname; *tmp != '.'; tmp++)
-        {
-            tempVersion <<= 4;
-            tempVersion += *tmp > '9' ? *tmp - 'A' + 10 : *tmp - '0';
-        }
+        u32 tempVersion = hexAtoi(info.altname, 8);
 
         //Found an older cxi
         if(tempVersion < firmVersion) firmVersion = tempVersion;
@@ -161,22 +372,31 @@ u32 firmRead(void *dest, u32 firmType)
 
     f_closedir(&dir);
 
+    if(firmVersion == 0xFFFFFFFF) goto exit;
+
     //Complete the string with the .app name
-    memcpy(&path[34], "/00000000.app", 14);
+    sprintf(path, "%s/%08x.app", folderPath, firmVersion);
 
-    //Last digit of the .app
-    u32 i = 42;
+    if(fileRead(dest, path, 0x400000 + sizeof(Cxi) + 0x200) <= sizeof(Cxi) + 0x200) firmVersion = 0xFFFFFFFF;
 
-    //Convert back the .app name from integer to array
-    u32 tempVersion = firmVersion;
-    while(tempVersion)
+exit:
+    return firmVersion;
+}
+
+void findDumpFile(const char *folderPath, char *fileName)
+{
+    DIR dir;
+    FRESULT result;
+
+    for(u32 n = 0; n <= 99999999; n++)
     {
-        static const char hexDigits[] = "0123456789ABCDEF";
-        path[i--] = hexDigits[tempVersion & 0xF];
-        tempVersion >>= 4;
+        FILINFO info;
+
+        sprintf(fileName, "crash_dump_%08u.dmp", n);
+        result = f_findfirst(&dir, &info, folderPath, fileName);
+
+        if(result != FR_OK || !info.fname[0]) break;
     }
 
-    fileRead(dest, path);
-
-    return firmVersion;
-}
+    if(result == FR_OK) f_closedir(&dir);
+}

source/fs.h

@@ -24,14 +24,14 @@
 
 #include "types.h"
 
-#define PATTERN(a)      a "_*.bin"
+#define PATTERN(a) a "_*.firm"
 
-extern bool isN3DS;
-
-void mountFs(void);
-u32 fileRead(void *dest, const char *path);
+bool mountFs(bool isSd, bool switchToCtrNand);
+u32 fileRead(void *dest, const char *path, u32 maxSize);
 u32 getFileSize(const char *path);
 bool fileWrite(const void *buffer, const char *path, u32 size);
-void createDirectory(const char *path);
-void loadPayload(u32 pressed);
-u32 firmRead(void *dest, u32 firmType);
+void fileDelete(const char *path);
+void loadPayload(u32 pressed, const char *payloadPath);
+void payloadMenu(void);
+u32 firmRead(void *dest, u32 firmType);
+void findDumpFile(const char *folderPath, char *fileName);

source/i2c.c

@@ -20,6 +20,10 @@
 *   Notices displayed by works containing it.
 */
 
+/*
+*   Thanks to the everyone who contributed in the development of this file
+*/
+
 #include "i2c.h"
 
 //-----------------------------------------------------------------------------
@@ -75,7 +79,7 @@ static inline void i2cWaitBusy(u8 bus_id)
     while (*i2cGetCntReg(bus_id) & 0x80);
 }
 
-static inline u32 i2cGetResult(u8 bus_id)
+static inline bool i2cGetResult(u8 bus_id)
 {
     i2cWaitBusy(bus_id);
 
@@ -91,7 +95,7 @@ static void i2cStop(u8 bus_id, u8 arg0)
 
 //-----------------------------------------------------------------------------
 
-static u32 i2cSelectDevice(u8 bus_id, u8 dev_reg)
+static bool i2cSelectDevice(u8 bus_id, u8 dev_reg)
 {
     i2cWaitBusy(bus_id);
     *i2cGetDataReg(bus_id) = dev_reg;
@@ -100,7 +104,7 @@ static u32 i2cSelectDevice(u8 bus_id, u8 dev_reg)
     return i2cGetResult(bus_id);
 }
 
-static u32 i2cSelectRegister(u8 bus_id, u8 reg)
+static bool i2cSelectRegister(u8 bus_id, u8 reg)
 {
     i2cWaitBusy(bus_id);
     *i2cGetDataReg(bus_id) = reg;
@@ -111,10 +115,35 @@ static u32 i2cSelectRegister(u8 bus_id, u8 reg)
 
 //-----------------------------------------------------------------------------
 
-u32 i2cWriteRegister(u8 dev_id, u8 reg, u8 data)
+u8 i2cReadRegister(u8 dev_id, u8 reg)
 {
-    u8 bus_id = i2cGetDeviceBusId(dev_id);
-    u8 dev_addr = i2cGetDeviceRegAddr(dev_id);
+    u8 bus_id = i2cGetDeviceBusId(dev_id),
+       dev_addr = i2cGetDeviceRegAddr(dev_id);
+
+    for(u32 i = 0; i < 8; i++)
+    {
+        if(i2cSelectDevice(bus_id, dev_addr) && i2cSelectRegister(bus_id, reg))
+        {
+            if(i2cSelectDevice(bus_id, dev_addr | 1))
+            {
+                i2cWaitBusy(bus_id);
+                i2cStop(bus_id, 1);
+                i2cWaitBusy(bus_id);
+
+                return *i2cGetDataReg(bus_id);
+            }
+        }
+        *i2cGetCntReg(bus_id) = 0xC5;
+        i2cWaitBusy(bus_id);
+    }
+
+    return 0xFF;
+}
+
+bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data)
+{
+    u8 bus_id = i2cGetDeviceBusId(dev_id),
+       dev_addr = i2cGetDeviceRegAddr(dev_id);
 
     for(u32 i = 0; i < 8; i++)
     {
@@ -125,12 +154,11 @@ u32 i2cWriteRegister(u8 dev_id, u8 reg, u8 data)
             *i2cGetCntReg(bus_id) = 0xC1;
             i2cStop(bus_id, 0);
 
-            if(i2cGetResult(bus_id))
-                return 1;
+            if(i2cGetResult(bus_id)) return true;
         }
         *i2cGetCntReg(bus_id) = 0xC5;
         i2cWaitBusy(bus_id);
     }
 
-    return 0;
+    return false;
 }

source/i2c.h

@@ -21,7 +21,7 @@
 */
 
 /*
-*	Thanks to the everyone who contributed in the development of this file 
+*   Thanks to the everyone who contributed in the development of this file
 */
 
 #pragma once
@@ -41,4 +41,5 @@
 #define I2C_DEV_GYRO 10
 #define I2C_DEV_IR   13
 
-u32 i2cWriteRegister(u8 dev_id, u8 reg, u8 data);
+u8 i2cReadRegister(u8 dev_id, u8 reg);
+bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data);

source/main.c

@@ -0,0 +1,323 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#include "config.h"
+#include "emunand.h"
+#include "fs.h"
+#include "firm.h"
+#include "utils.h"
+#include "exceptions.h"
+#include "draw.h"
+#include "strings.h"
+#include "buttons.h"
+#include "pin.h"
+#include "crypto.h"
+#include "fmt.h"
+#include "memory.h"
+
+extern CfgData configData;
+extern ConfigurationStatus needConfig;
+extern FirmwareSource firmSource;
+
+bool isFirmlaunch;
+u16 launchedPath[41];
+
+void main(int argc, char **argv)
+{
+    bool isSafeMode = false,
+         isNoForceFlagSet = false;
+    char errbuf[46];
+    u32 emuHeader;
+    FirmwareType firmType;
+    FirmwareSource nandType;
+
+    switch(argc)
+    {
+        case 0:
+            error("Unsupported launcher (argc = 0).");
+            break;
+
+        case 1: //Normal boot
+        {
+            u32 i;
+            for(i = 0; i < 40 && argv[0][i] != 0; i++) //Copy and convert the path to utf16
+                launchedPath[i] = argv[0][i];
+            for(; i < 41; i++)
+                launchedPath[i] = 0;
+
+            isFirmlaunch = false;
+            break;
+        }
+
+        case 2: //Firmlaunch
+        {
+            u32 i;
+            u16 *p = (u16 *)argv[0];
+            for(i = 0; i < 40 && p[i] != 0; i++)
+                launchedPath[i] = p[i];
+            for(; i < 41; i++)
+                launchedPath[i] = 0;
+
+            isFirmlaunch = true;
+            break;
+        }
+
+        default:
+        {
+            sprintf(errbuf, "Unsupported launcher (argc = %d).", argc);
+            error(errbuf);
+            break;
+        }
+    }
+
+    //Mount SD or CTRNAND
+    bool isSdMode;
+
+    if(memcmp(launchedPath, u"sdmc", 8) == 0)
+    {
+        if(!mountFs(true, false)) error("Failed to mount SD.");
+        isSdMode = true;
+    }
+    else if(memcmp(launchedPath, u"nand", 8) == 0)
+    {
+        firmSource = FIRMWARE_SYSNAND;
+        if(!mountFs(false, true)) error("Failed to mount SD and CTRNAND.");
+        isSdMode = false;
+    }
+    else
+    {
+        char mountPoint[5] = {0};
+        for(u32 i = 0; i < 4 && launchedPath[i] != u':'; i++)
+            mountPoint[i] = (char)launchedPath[i];
+        sprintf(errbuf, "Launched from an unsupported location: %s.", mountPoint);
+        error(errbuf);
+    }
+
+    //Attempt to read the configuration file
+    needConfig = readConfig() ? MODIFY_CONFIGURATION : CREATE_CONFIGURATION;
+
+    //Determine if this is a firmlaunch boot
+    if(isFirmlaunch)
+    {
+        if(needConfig == CREATE_CONFIGURATION) mcuPowerOff();
+
+        switch(argv[1][14])
+        {
+            case '2':
+                firmType = (FirmwareType)(argv[1][10] - '0');
+                break;
+            case '3':
+                firmType = SAFE_FIRM;
+                break;
+            case '1':
+                firmType = SYSUPDATER_FIRM;
+                break;
+        }
+
+        nandType = (FirmwareSource)BOOTCFG_NAND;
+        firmSource = (FirmwareSource)BOOTCFG_FIRM;
+
+        goto boot;
+    }
+
+    detectAndProcessExceptionDumps();
+    installArm9Handlers();
+
+    firmType = NATIVE_FIRM;
+
+    //Get pressed buttons
+    u32 pressed = HID_PAD;
+
+    //If it's a MCU reboot, try to force boot options
+    if(CFG_BOOTENV && needConfig != CREATE_CONFIGURATION)
+    {
+
+        //Always force a SysNAND boot when quitting AGB_FIRM
+        if(CFG_BOOTENV == 7)
+        {
+            nandType = FIRMWARE_SYSNAND;
+            firmSource = (BOOTCFG_NAND != 0) == (BOOTCFG_FIRM != 0) ? FIRMWARE_SYSNAND : (FirmwareSource)BOOTCFG_FIRM;
+
+            //Prevent multiple boot options-forcing
+            isNoForceFlagSet = true;
+
+            goto boot;
+        }
+
+        /* Else, force the last used boot options unless a button is pressed
+           or the no-forcing flag is set */
+        if(!pressed && !BOOTCFG_NOFORCEFLAG)
+        {
+            nandType = (FirmwareSource)BOOTCFG_NAND;
+            firmSource = (FirmwareSource)BOOTCFG_FIRM;
+
+            goto boot;
+        }
+    }
+
+    u32 pinMode = MULTICONFIG(PIN);
+    bool pinExists = pinMode != 0 && verifyPin(pinMode);
+
+    //If no configuration file exists or SELECT is held, load configuration menu
+    bool shouldLoadConfigMenu = needConfig == CREATE_CONFIGURATION || ((pressed & (BUTTON_SELECT | BUTTON_L1)) == BUTTON_SELECT);
+
+    if(shouldLoadConfigMenu)
+    {
+        configMenu(isSdMode, pinExists, pinMode);
+
+        //Update pressed buttons
+        pressed = HID_PAD;
+    }
+
+    if(!CFG_BOOTENV && pressed == SAFE_MODE)
+    {
+        nandType = FIRMWARE_SYSNAND;
+        firmSource = FIRMWARE_SYSNAND;
+
+        isSafeMode = true;
+
+        //If the PIN has been verified, wait to make it easier to press the SAFE_MODE combo
+        if(pinExists && !shouldLoadConfigMenu)
+        {
+            while(HID_PAD & PIN_BUTTONS);
+            wait(2000ULL);
+        }
+
+        goto boot;
+    }
+
+    u32 splashMode = MULTICONFIG(SPLASH);
+
+    if(splashMode == 1 && loadSplash()) pressed = HID_PAD;
+
+    if((pressed & (BUTTON_START | BUTTON_L1)) == BUTTON_START)
+    {
+        payloadMenu();
+        pressed = HID_PAD;
+    }
+    else if(((pressed & SINGLE_PAYLOAD_BUTTONS) && !(pressed & (BUTTON_L1 | BUTTON_R1 | BUTTON_A))) ||
+            ((pressed & L_PAYLOAD_BUTTONS) && (pressed & BUTTON_L1))) loadPayload(pressed, NULL);
+
+    if(splashMode == 2) loadSplash();
+
+    //If booting from CTRNAND, always use SysNAND
+    if(!isSdMode) nandType = FIRMWARE_SYSNAND;
+
+    //If R is pressed, boot the non-updated NAND with the FIRM of the opposite one
+    else if(pressed & BUTTON_R1)
+    {
+        if(CONFIG(USEEMUFIRM))
+        {
+            nandType = FIRMWARE_SYSNAND;
+            firmSource = FIRMWARE_EMUNAND;
+        }
+        else
+        {
+            nandType = FIRMWARE_EMUNAND;
+            firmSource = FIRMWARE_SYSNAND;
+        }
+    }
+
+    /* Else, boot the NAND the user set to autoboot or the opposite one, depending on L,
+       with their own FIRM */
+    else firmSource = nandType = (CONFIG(AUTOBOOTEMU) == ((pressed & BUTTON_L1) == BUTTON_L1)) ? FIRMWARE_SYSNAND : FIRMWARE_EMUNAND;
+
+    //If we're booting EmuNAND or using EmuNAND FIRM, determine which one from the directional pad buttons, or otherwise from the config
+    if(nandType == FIRMWARE_EMUNAND || firmSource == FIRMWARE_EMUNAND)
+    {
+        FirmwareSource tempNand;
+        switch(pressed & DPAD_BUTTONS)
+        {
+            case BUTTON_UP:
+                tempNand = FIRMWARE_EMUNAND;
+                break;
+            case BUTTON_RIGHT:
+                tempNand = FIRMWARE_EMUNAND2;
+                break;
+            case BUTTON_DOWN:
+                tempNand = FIRMWARE_EMUNAND3;
+                break;
+            case BUTTON_LEFT:
+                tempNand = FIRMWARE_EMUNAND4;
+                break;
+            default:
+                tempNand = (FirmwareSource)(1 + MULTICONFIG(DEFAULTEMU));
+                break;
+        }
+
+        if(nandType == FIRMWARE_EMUNAND) nandType = tempNand;
+        else firmSource = tempNand;
+    }
+
+boot:
+
+    //If we need to boot EmuNAND, make sure it exists
+    if(nandType != FIRMWARE_SYSNAND)
+    {
+        locateEmuNand(&emuHeader, &nandType);
+        if(nandType == FIRMWARE_SYSNAND) firmSource = FIRMWARE_SYSNAND;
+    }
+
+    //Same if we're using EmuNAND as the FIRM source
+    else if(firmSource != FIRMWARE_SYSNAND)
+        locateEmuNand(&emuHeader, &firmSource);
+
+    if(!isFirmlaunch)
+    {
+        configData.config = (configData.config & 0xFFFFFF80) | ((u32)isNoForceFlagSet << 6) | ((u32)firmSource << 3) | (u32)nandType;
+        writeConfig(false);
+    }
+
+    if(isSdMode && !mountFs(false, false)) error("Failed to mount CTRNAND.");
+
+    bool loadFromStorage = CONFIG(LOADEXTFIRMSANDMODULES);
+    u32 firmVersion = loadFirm(&firmType, firmSource, loadFromStorage, isSafeMode);
+
+    bool doUnitinfoPatch = CONFIG(PATCHUNITINFO),
+         enableExceptionHandlers = CONFIG(ENABLEEXCEPTIONHANDLERS);
+    u32 res;
+    switch(firmType)
+    {
+        case NATIVE_FIRM:
+            res = patchNativeFirm(firmVersion, nandType, emuHeader, isSafeMode, doUnitinfoPatch, enableExceptionHandlers);
+            break;
+        case TWL_FIRM:
+            res = patchTwlFirm(firmVersion, doUnitinfoPatch);
+            break;
+        case AGB_FIRM:
+            res = patchAgbFirm(doUnitinfoPatch);
+            break;
+        case SAFE_FIRM:
+        case SYSUPDATER_FIRM:
+        case NATIVE_FIRM1X2X:
+            res = patch1x2xNativeAndSafeFirm(enableExceptionHandlers);
+            break;
+    }
+
+    if(res != 0)
+    {
+        sprintf(errbuf, "Failed to apply %u FIRM patch(es).", res);
+        error(errbuf);
+    }
+
+    launchFirm(firmType, loadFromStorage);
+}

source/memory.c

@@ -20,9 +20,8 @@
 *   Notices displayed by works containing it.
 */
 
-
 /*
-*   Quick Search algorithm adapted from http://igm.univ-mlv.fr/~lecroq/string/node19.html#SECTION00190
+*   Boyer-Moore Horspool algorithm adapted from http://www-igm.univ-mlv.fr/~lecroq/string/node18.html#SECTION00180
 *   memcpy, memset32 and memcmp adapted from https://github.com/mid-kid/CakesForeveryWan/blob/557a8e8605ab3ee173af6497486e8f22c261d0e2/source/memfuncs.c
 */
 
@@ -37,23 +36,32 @@ void memcpy(void *dest, const void *src, u32 size)
         destc[i] = srcc[i];
 }
 
+void *memset(void *dest, u32 value, u32 size)
+{
+    u8 *destc = (u8 *)dest;
+
+    for(u32 i = 0; i < size; i++) destc[i] = (u8)value;
+
+    return dest;
+}
+
 void memset32(void *dest, u32 filler, u32 size)
 {
     u32 *dest32 = (u32 *)dest;
 
-    for (u32 i = 0; i < size / 4; i++)
+    for(u32 i = 0; i < size / 4; i++)
         dest32[i] = filler;
 }
 
 int memcmp(const void *buf1, const void *buf2, u32 size)
 {
-    const u8 *buf1c = (const u8 *)buf1;
-    const u8 *buf2c = (const u8 *)buf2;
+    const u8 *buf1c = (const u8 *)buf1,
+             *buf2c = (const u8 *)buf2;
 
     for(u32 i = 0; i < size; i++)
     {
         int cmp = buf1c[i] - buf2c[i];
-        if(cmp) return cmp;
+        if(cmp != 0) return cmp;
     }
 
     return 0;
@@ -62,24 +70,23 @@ int memcmp(const void *buf1, const void *buf2, u32 size)
 u8 *memsearch(u8 *startPos, const void *pattern, u32 size, u32 patternSize)
 {
     const u8 *patternc = (const u8 *)pattern;
-
-    //Preprocessing
     u32 table[256];
 
-    for(u32 i = 0; i < 256; ++i)
-        table[i] = patternSize + 1;
-    for(u32 i = 0; i < patternSize; ++i)
-        table[patternc[i]] = patternSize - i;
+    //Preprocessing
+    for(u32 i = 0; i < 256; i++)
+        table[i] = patternSize;
+    for(u32 i = 0; i < patternSize - 1; i++)
+        table[patternc[i]] = patternSize - i - 1;
 
     //Searching
     u32 j = 0;
-
     while(j <= size - patternSize)
     {
-        if(memcmp(patternc, startPos + j, patternSize) == 0)
+        u8 c = startPos[j + patternSize - 1];
+        if(patternc[patternSize - 1] == c && memcmp(pattern, startPos + j, patternSize - 1) == 0)
             return startPos + j;
-        j += table[startPos[j + patternSize]];
+        j += table[c];
     }
 
     return NULL;
-}
+}

source/memory.h

@@ -20,9 +20,8 @@
 *   Notices displayed by works containing it.
 */
 
-
 /*
-*   Quick Search algorithm adapted from http://igm.univ-mlv.fr/~lecroq/string/node19.html#SECTION00190
+*   Boyer-Moore Horspool algorithm adapted from http://www-igm.univ-mlv.fr/~lecroq/string/node18.html#SECTION00180
 *   memcpy, memset32 and memcmp adapted from https://github.com/mid-kid/CakesForeveryWan/blob/557a8e8605ab3ee173af6497486e8f22c261d0e2/source/memfuncs.c
 */
 
@@ -31,6 +30,7 @@
 #include "types.h"
 
 void memcpy(void *dest, const void *src, u32 size);
+void *memset(void *dest, u32 value, u32 size) __attribute__((used));
 void memset32(void *dest, u32 filler, u32 size);
 int memcmp(const void *buf1, const void *buf2, u32 size);
-u8 *memsearch(u8 *startPos, const void *pattern, u32 size, u32 patternSize);
+u8 *memsearch(u8 *startPos, const void *pattern, u32 size, u32 patternSize);

source/patches.c

@@ -20,179 +20,590 @@
 *   Notices displayed by works containing it.
 */
 
+/*
+*   Signature patches by an unknown author
+*   Signature patches for old FIRMs by SciresM
+*   firmlaunches patching code originally by delebile
+*   FIRM partition writes patches by delebile
+*   ARM11 modules patching code originally by Subv
+*   Idea for svcBreak patches from yellows8 and others on #3dsdev
+*   TWL_FIRM patches by Steveice10 and others
+*/
+
 #include "patches.h"
+#include "fs.h"
 #include "memory.h"
 #include "config.h"
-#include "../build/rebootpatch.h"
+#include "utils.h"
+#include "../build/bundled.h"
 
-u8 *getProcess9(u8 *pos, u32 size, u32 *process9Size, u32 *process9MemAddr)
+u8 *getProcess9Info(u8 *pos, u32 size, u32 *process9Size, u32 *process9MemAddr)
 {
-    u8 *off = memsearch(pos, "ess9", size, 4);
+    u8 *temp = memsearch(pos, "NCCH", size, 4);
 
-    *process9Size = *(u32 *)(off - 0x60) * 0x200;
-    *process9MemAddr = *(u32 *)(off + 0xC);
+    if(temp == NULL) error("Failed to get Process9 data.");
 
-    //Process9 code offset (start of NCCH + ExeFS offset + ExeFS header size)
-    return off - 0x204 + (*(u32 *)(off - 0x64) * 0x200) + 0x200;
+    Cxi *off = (Cxi *)(temp - 0x100);
+
+    *process9Size = (off->ncch.exeFsSize - 1) * 0x200;
+    *process9MemAddr = off->exHeader.systemControlInfo.textCodeSet.address;
+
+    return (u8 *)off + (off->ncch.exeFsOffset + 1) * 0x200;
 }
 
-void patchSignatureChecks(u8 *pos, u32 size)
+u32 *getKernel11Info(u8 *pos, u32 size, u32 *baseK11VA, u8 **freeK11Space, u32 **arm11SvcHandler, u32 **arm11DAbtHandler, u32 **arm11ExceptionsPage)
 {
-    const u16 sigPatch[2] = {0x2000, 0x4770};
+    const u8 pattern[] = {0x00, 0xB0, 0x9C, 0xE5},
+             pattern2[] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
 
+    *arm11ExceptionsPage = (u32 *)memsearch(pos, pattern, size, sizeof(pattern));
+    *freeK11Space = memsearch(pos, pattern2, size, sizeof(pattern2));
+
+    if(*arm11ExceptionsPage == NULL || *freeK11Space == NULL) error("Failed to get Kernel11 data.");
+
+    u32 *arm11SvcTable;
+
+    *arm11ExceptionsPage -= 0xB;
+    u32 svcOffset = (-(((*arm11ExceptionsPage)[2] & 0xFFFFFF) << 2) & (0xFFFFFF << 2)) - 8; //Branch offset + 8 for prefetch
+    u32 dabtOffset = (-(((*arm11ExceptionsPage)[4] & 0xFFFFFF) << 2) & (0xFFFFFF << 2)) - 8; //Branch offset + 8 for prefetch
+    u32 pointedInstructionVA = 0xFFFF0008 - svcOffset;
+    *baseK11VA = pointedInstructionVA & 0xFFFF0000; //This assumes that the pointed instruction has an offset < 0x10000, iirc that's always the case
+    arm11SvcTable = *arm11SvcHandler = (u32 *)(pos + *(u32 *)(pos + pointedInstructionVA - *baseK11VA + 8) - *baseK11VA); //SVC handler address
+    while(*arm11SvcTable) arm11SvcTable++; //Look for SVC0 (NULL)
+
+    pointedInstructionVA = 0xFFFF0010 - dabtOffset;
+    *arm11DAbtHandler = (u32 *)(pos + *(u32 *)(pos + pointedInstructionVA - *baseK11VA + 8) - *baseK11VA);
+    (*freeK11Space)++;
+
+    return arm11SvcTable;
+}
+
+u32 patchSignatureChecks(u8 *pos, u32 size)
+{
     //Look for signature checks
     const u8 pattern[] = {0xC0, 0x1C, 0x76, 0xE7},
              pattern2[] = {0xB5, 0x22, 0x4D, 0x0C};
 
-    u16 *off = (u16 *)memsearch(pos, pattern, size, 4),
-        *off2 = (u16 *)(memsearch(pos, pattern2, size, 4) - 1);
+    u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
+    u8 *temp = memsearch(pos, pattern2, size, sizeof(pattern2));
 
-    *off = sigPatch[0];
-    off2[0] = sigPatch[0];
-    off2[1] = sigPatch[1];
+    if(off == NULL || temp == NULL) return 1;
+
+    u16 *off2 = (u16 *)(temp - 1);
+    *off = off2[0] = 0x2000;
+    off2[1] = 0x4770;
+
+    return 0;
 }
 
-void patchFirmlaunches(u8 *pos, u32 size, u32 process9MemAddr)
+u32 patchOldSignatureChecks(u8 *pos, u32 size)
+{
+    // Look for signature checks
+    const u8 pattern[] = {0xC0, 0x1C, 0xBD, 0xE7},
+             pattern2[] = {0xB5, 0x23, 0x4E, 0x0C};
+
+    u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
+    u8 *temp = memsearch(pos, pattern2, size, sizeof(pattern2));
+
+    if(off == NULL || temp == NULL) return 1;
+
+    u16 *off2 = (u16 *)(temp - 1);
+    *off = off2[0] = 0x2000;
+    off2[1] = 0x4770;
+
+    return 0;
+}
+
+u32 patchFirmlaunches(u8 *pos, u32 size, u32 process9MemAddr)
 {
     //Look for firmlaunch code
-    const u8 pattern[] = {0xDE, 0x1F, 0x8D, 0xE2};
+    const u8 pattern[] = {0xE2, 0x20, 0x20, 0x90};
 
-    u8 *off = memsearch(pos, pattern, size, 4) - 0x10;
+    u32 pathLen;
+    for(pathLen = 0; pathLen < 41 && launchedPath[pathLen] != 0; pathLen++);
+
+    if(launchedPath[pathLen] != 0) return 1;
+
+    u8 *off = memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(off == NULL) return 1;
+
+    off -= 0x13;
 
     //Firmlaunch function offset - offset in BLX opcode (A4-16 - ARM DDI 0100E) + 1
     u32 fOpenOffset = (u32)(off + 9 - (-((*(u32 *)off & 0x00FFFFFF) << 2) & (0xFFFFFF << 2)) - pos + process9MemAddr);
 
     //Copy firmlaunch code
-    memcpy(off, reboot, reboot_size);
+    memcpy(off, reboot_bin, reboot_bin_size);
 
     //Put the fOpen offset in the right location
-    u32 *pos_fopen = (u32 *)memsearch(off, "OPEN", reboot_size, 4);
+    u32 *pos_fopen = (u32 *)memsearch(off, "OPEN", reboot_bin_size, 4);
     *pos_fopen = fOpenOffset;
+
+    u16 *fname = (u16 *)memsearch(off, "FILE", reboot_bin_size, 8);
+    memcpy(fname, launchedPath, 2 * (1 + pathLen));
+
+    return 0;
 }
 
-void patchFirmWrites(u8 *pos, u32 size)
+u32 patchFirmWrites(u8 *pos, u32 size)
 {
-    const u16 writeBlock[2] = {0x2000, 0x46C0};
-
     //Look for FIRM writing code
-    u8 *const off1 = memsearch(pos, "exe:", size, 4);
+    u8 *off = memsearch(pos, "exe:", size, 4);
+
+    if(off == NULL) return 1;
+
     const u8 pattern[] = {0x00, 0x28, 0x01, 0xDA};
 
-    u16 *off2 = (u16 *)memsearch(off1 - 0x100, pattern, 0x100, 4);
+    u16 *off2 = (u16 *)memsearch(off - 0x100, pattern, 0x100, sizeof(pattern));
 
-    off2[0] = writeBlock[0];
-    off2[1] = writeBlock[1];
+    if(off2 == NULL) return 1;
+
+    off2[0] = 0x2000;
+    off2[1] = 0x46C0;
+
+    return 0;
 }
 
-void patchFirmWriteSafe(u8 *pos, u32 size)
+u32 patchOldFirmWrites(u8 *pos, u32 size)
 {
-    const u16 writeBlockSafe[2] = {0x2400, 0xE01D};
-
     //Look for FIRM writing code
     const u8 pattern[] = {0x04, 0x1E, 0x1D, 0xDB};
 
-    u16 *off = (u16 *)memsearch(pos, pattern, size, 4);
+    u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
 
-    off[0] = writeBlockSafe[0];
-    off[1] = writeBlockSafe[1];
+    if(off == NULL) return 1;
+
+    off[0] = 0x2400;
+    off[1] = 0xE01D;
+
+    return 0;
 }
 
-void reimplementSvcBackdoor(u8 *pos, u32 size)
+u32 patchTitleInstallMinVersionChecks(u8 *pos, u32 size, u32 firmVersion)
 {
+    const u8 pattern[] = {0xFF, 0x00, 0x00, 0x02};
+
+    u8 *off = memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(off == NULL) return firmVersion == 0xFFFFFFFF ? 0 : 1;
+
+    off++;
+
+    //Zero out the first TitleID in the list
+    memset32(off, 0, 8);
+
+    return 0;
+}
+
+u32 patchZeroKeyNcchEncryptionCheck(u8 *pos, u32 size)
+{
+    const u8 pattern[] = {0x28, 0x2A, 0xD0, 0x08};
+
+    u8 *temp = memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(temp == NULL) return 1;
+
+    u16 *off = (u16 *)(temp - 1);
+    *off = 0x2001; //mov r0, #1
+
+    return 0;
+}
+
+u32 patchNandNcchEncryptionCheck(u8 *pos, u32 size)
+{
+    const u8 pattern[] = {0x07, 0xD1, 0x28, 0x7A};
+
+    u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(off == NULL) return 1;
+
+    off--;
+    *off = 0x2001; //mov r0, #1
+
+    return 0;
+}
+
+u32 patchCheckForDevCommonKey(u8 *pos, u32 size)
+{
+    const u8 pattern[] = {0x03, 0x7C, 0x28, 0x00};
+
+    u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(off == NULL) return 1;
+
+    *off = 0x2301; //mov r3, #1
+
+    return 0;
+}
+
+u32 reimplementSvcBackdoor(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA, u8 **freeK11Space)
+{
+    if(arm11SvcTable[0x7B] != 0) return 0;
+
     //Official implementation of svcBackdoor
-    const u8  svcBackdoor[40] = {0xFF, 0x10, 0xCD, 0xE3,  //bic   r1, sp, #0xff
-                                 0x0F, 0x1C, 0x81, 0xE3,  //orr   r1, r1, #0xf00
-                                 0x28, 0x10, 0x81, 0xE2,  //add   r1, r1, #0x28
-                                 0x00, 0x20, 0x91, 0xE5,  //ldr   r2, [r1]
-                                 0x00, 0x60, 0x22, 0xE9,  //stmdb r2!, {sp, lr}
-                                 0x02, 0xD0, 0xA0, 0xE1,  //mov   sp, r2
-                                 0x30, 0xFF, 0x2F, 0xE1,  //blx   r0
-                                 0x03, 0x00, 0xBD, 0xE8,  //pop   {r0, r1}
-                                 0x00, 0xD0, 0xA0, 0xE1,  //mov   sp, r0
-                                 0x11, 0xFF, 0x2F, 0xE1}; //bx    r1
+    const u8 svcBackdoor[] = {0xFF, 0x10, 0xCD, 0xE3,  //bic   r1, sp, #0xff
+                              0x0F, 0x1C, 0x81, 0xE3,  //orr   r1, r1, #0xf00
+                              0x28, 0x10, 0x81, 0xE2,  //add   r1, r1, #0x28
+                              0x00, 0x20, 0x91, 0xE5,  //ldr   r2, [r1]
+                              0x00, 0x60, 0x22, 0xE9,  //stmdb r2!, {sp, lr}
+                              0x02, 0xD0, 0xA0, 0xE1,  //mov   sp, r2
+                              0x30, 0xFF, 0x2F, 0xE1,  //blx   r0
+                              0x03, 0x00, 0xBD, 0xE8,  //pop   {r0, r1}
+                              0x00, 0xD0, 0xA0, 0xE1,  //mov   sp, r0
+                              0x11, 0xFF, 0x2F, 0xE1}; //bx    r1
 
-    const u8 pattern[] = {0x00, 0xB0, 0x9C, 0xE5}; //cpsid aif
-    
-    u32 *exceptionsPage = (u32 *)memsearch(pos, pattern, size, 4) - 0xB;
+    if(*(u32 *)(*freeK11Space + sizeof(svcBackdoor) - 4) != 0xFFFFFFFF) return 1;
 
-    u32 svcOffset = (-((exceptionsPage[2] & 0xFFFFFF) << 2) & (0xFFFFFF << 2)) - 8; //Branch offset + 8 for prefetch
-    u32 *svcTable = (u32 *)(pos + *(u32 *)(pos + 0xFFFF0008 - svcOffset - 0xFFF00000 + 8) - 0xFFF00000); //SVC handler address
-    while(*svcTable) svcTable++; //Look for SVC0 (NULL)
+    memcpy(*freeK11Space, svcBackdoor, sizeof(svcBackdoor));
 
-    if(svcTable[0x7B] == 0)
-    {
-        u32 *freeSpace;
-        for(freeSpace = exceptionsPage; *freeSpace != 0xFFFFFFFF; freeSpace++);
+    arm11SvcTable[0x7B] = baseK11VA + *freeK11Space - pos;
+    *freeK11Space += sizeof(svcBackdoor);
 
-        memcpy(freeSpace, svcBackdoor, 40);
-
-        svcTable[0x7B] = 0xFFFF0000 + ((u8 *)freeSpace - (u8 *)exceptionsPage);
-    }
+    return 0;
 }
 
-void patchTitleInstallMinVersionCheck(u8 *pos, u32 size)
+u32 stubSvcRestrictGpuDma(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA)
 {
-    const u8 pattern[] = {0x0A, 0x81, 0x42, 0x02};
-    
-    u8 *off = memsearch(pos, pattern, size, 4);
-    
-    if(off != NULL) off[4] = 0xE0;
-}
-
-void applyLegacyFirmPatches(u8 *pos, FirmwareType firmType)
-{
-    const patchData twlPatches[] = {
-        {{0x1650C0, 0x165D64}, {{ 6, 0x00, 0x20, 0x4E, 0xB0, 0x70, 0xBD }}, 0},
-        {{0x173A0E, 0x17474A}, { .type1 = 0x2001 }, 1},
-        {{0x174802, 0x17553E}, { .type1 = 0x2000 }, 2},
-        {{0x174964, 0x1756A0}, { .type1 = 0x2000 }, 2},
-        {{0x174D52, 0x175A8E}, { .type1 = 0x2001 }, 2},
-        {{0x174D5E, 0x175A9A}, { .type1 = 0x2001 }, 2},
-        {{0x174D6A, 0x175AA6}, { .type1 = 0x2001 }, 2},
-        {{0x174E56, 0x175B92}, { .type1 = 0x2001 }, 1},
-        {{0x174E58, 0x175B94}, { .type1 = 0x4770 }, 1}
-    },
-    agbPatches[] = {
-        {{0x9D2A8, 0x9DF64}, {{ 6, 0x00, 0x20, 0x4E, 0xB0, 0x70, 0xBD }}, 0},
-        {{0xD7A12, 0xD8B8A}, { .type1 = 0xEF26 }, 1}
-    };
-
-    /* Calculate the amount of patches to apply. Only count the boot screen patch for AGB_FIRM
-       if the matching option was enabled (keep it as last) */
-    u32 numPatches = firmType == TWL_FIRM ? (sizeof(twlPatches) / sizeof(patchData)) :
-                                            (sizeof(agbPatches) / sizeof(patchData) - !CONFIG(5));
-    const patchData *patches = firmType == TWL_FIRM ? twlPatches : agbPatches;
-
-    //Patch
-    for(u32 i = 0; i < numPatches; i++)
+    if(arm11SvcTable[0x59] != 0)
     {
-        switch(patches[i].type)
-        {
-            case 0:
-                memcpy(pos + patches[i].offset[isN3DS ? 1 : 0], patches[i].patch.type0 + 1, patches[i].patch.type0[0]);
-                break;
-            case 2:
-                *(u16 *)(pos + patches[i].offset[isN3DS ? 1 : 0] + 2) = 0;
-            case 1:
-                *(u16 *)(pos + patches[i].offset[isN3DS ? 1 : 0]) = patches[i].patch.type1;
-                break;
-        }
-    }
-}
-
-u32 getLoader(u8 *pos, u32 *loaderSize)
-{
-    u8 *off = pos;
-    u32 size;
-
-    while(true)
-    {
-        size = *(u32 *)(off + 0x104) * 0x200;
-        if(*(u32 *)(off + 0x200) == 0x64616F6C) break;
-        off += size;
+        u32 *off = (u32 *)(pos + arm11SvcTable[0x59] - baseK11VA);
+        off[1] = 0xE1A00000; //replace call to inner function by a NOP
     }
 
-    *loaderSize = size;
+    return 0;
+}
 
-    return (u32)(off - pos);
-}
+u32 implementSvcGetCFWInfo(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA, u8 **freeK11Space, bool isSafeMode)
+{
+    if(*(u32 *)(*freeK11Space + svcGetCFWInfo_bin_size - 4) != 0xFFFFFFFF) return 1;
+
+    memcpy(*freeK11Space, svcGetCFWInfo_bin, svcGetCFWInfo_bin_size);
+
+    struct CfwInfo
+    {
+        char magic[4];
+
+        u8 versionMajor;
+        u8 versionMinor;
+        u8 versionBuild;
+        u8 flags;
+
+        u32 commitHash;
+
+        u32 config;
+    } __attribute__((packed)) *info = (struct CfwInfo *)memsearch(*freeK11Space, "LUMA", svcGetCFWInfo_bin_size, 4);
+
+    const char *rev = REVISION;
+
+    info->commitHash = COMMIT_HASH;
+    info->config = configData.config;
+    info->versionMajor = (u8)(rev[1] - '0');
+    info->versionMinor = (u8)(rev[3] - '0');
+
+    bool isRelease;
+
+    if(rev[4] == '.')
+    {
+        info->versionBuild = (u8)(rev[5] - '0');
+        isRelease = rev[6] == 0;
+    }
+    else isRelease = rev[4] == 0;
+
+    if(isRelease) info->flags = 1;
+    if(ISN3DS) info->flags |= 1 << 4;
+    if(isSafeMode) info->flags |= 1 << 5;
+
+    arm11SvcTable[0x2E] = baseK11VA + *freeK11Space - pos; //Stubbed svc
+    *freeK11Space += svcGetCFWInfo_bin_size;
+
+    return 0;
+}
+
+u32 patchArm9ExceptionHandlersInstall(u8 *pos, u32 size)
+{
+    const u8 pattern[] = {0x80, 0xE5, 0x40, 0x1C};
+
+    u8 *temp = memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(temp == NULL) return 1;
+
+    u32 *off = (u32 *)(temp - 0xA);
+
+    for(u32 r0 = 0x08000000; *off != 0xE3A01040; off++) //Until mov r1, #0x40
+    {
+        //Discard everything that's not str rX, [r0, #imm](!)
+        if((*off & 0xFE5F0000) != 0xE4000000) continue;
+
+        u32 rD = (*off >> 12) & 0xF,
+            offset = (*off & 0xFFF) * ((((*off >> 23) & 1) == 0) ? -1 : 1);
+        bool writeback = ((*off >> 21) & 1) != 0,
+             pre = ((*off >> 24) & 1) != 0;
+
+        u32 addr = r0 + ((pre || !writeback) ? offset : 0);
+        if((addr & 7) != 0 && addr != 0x08000014 && addr != 0x08000004) *off = 0xE1A00000; //nop
+        else *off = 0xE5800000 | (rD << 12) | (addr & 0xFFF); //Preserve IRQ and SVC handlers
+
+        if(!pre) addr += offset;
+        if(writeback) r0 = addr;
+    }
+
+    return 0;
+}
+
+u32 getInfoForArm11ExceptionHandlers(u8 *pos, u32 size, u32 *codeSetOffset)
+{
+    const u8 pattern[] = {0x1B, 0x50, 0xA0, 0xE3}, //Get TitleID from CodeSet
+             pattern2[] = {0xE8, 0x13, 0x00, 0x02}; //Call exception dispatcher
+
+    u32 *loadCodeSet = (u32 *)memsearch(pos, pattern, size, sizeof(pattern));
+    u8 *temp = memsearch(pos, pattern2, size, sizeof(pattern2));
+
+    if(loadCodeSet == NULL || temp == NULL) error("Failed to get ARM11 exception handlers data.");
+
+    loadCodeSet -= 2;
+    *codeSetOffset = *loadCodeSet & 0xFFF;
+
+    return *(u32 *)(temp + 9);
+}
+
+u32 patchSvcBreak9(u8 *pos, u32 size, u32 kernel9Address)
+{
+    //Stub svcBreak with "bkpt 65535" so we can debug the panic
+
+    //Look for the svc handler
+    const u8 pattern[] = {0x00, 0xE0, 0x4F, 0xE1}; //mrs lr, spsr
+
+    u32 *arm9SvcTable = (u32 *)memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(arm9SvcTable == NULL) return 1;
+
+    while(*arm9SvcTable != 0) arm9SvcTable++; //Look for SVC0 (NULL)
+
+    u32 *addr = (u32 *)(pos + arm9SvcTable[0x3C] - kernel9Address);
+    *addr = 0xE12FFF7F;
+
+    return 0;
+}
+
+void patchSvcBreak11(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA)
+{
+    //Same as above, for NATIVE_FIRM ARM11
+    u32 *addr = (u32 *)(pos + arm11SvcTable[0x3C] - baseK11VA);
+    *addr = 0xE12FFF7F;
+}
+
+u32 patchKernel9Panic(u8 *pos, u32 size)
+{
+    const u8 pattern[] = {0xFF, 0xEA, 0x04, 0xD0};
+
+    u8 *temp = memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(temp == NULL) return 1;
+
+    u32 *off = (u32 *)(temp - 0x12);
+    *off = 0xE12FFF7E;
+
+    return 0;
+}
+
+u32 patchKernel11Panic(u8 *pos, u32 size)
+{
+    const u8 pattern[] = {0x02, 0x0B, 0x44, 0xE2};
+
+    u32 *off = (u32 *)memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(off == NULL) return 1;
+
+    *off = 0xE12FFF7E;
+
+    return 0;
+}
+
+u32 patchP9AccessChecks(u8 *pos, u32 size)
+{
+    const u8 pattern[] = {0x00, 0x08, 0x49, 0x68};
+
+    u8 *temp = memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(temp == NULL) return 1;
+
+    u16 *off = (u16 *)(temp - 3);
+    off[0] = 0x2001; //mov r0, #1
+    off[1] = 0x4770; //bx lr
+
+    return 0;
+}
+
+u32 patchArm11SvcAccessChecks(u32 *arm11SvcHandler, u32 *endPos)
+{
+    while(*arm11SvcHandler != 0xE11A0E1B && arm11SvcHandler < endPos) arm11SvcHandler++; //TST R10, R11,LSL LR
+
+    if(arm11SvcHandler == endPos) return 1;
+
+    *arm11SvcHandler = 0xE3B0A001; //MOVS R10, #1
+
+    return 0;
+}
+
+u32 patchK11ModuleChecks(u8 *pos, u32 size, u8 **freeK11Space, bool patchGames)
+{
+    /* We have to detour a function in the ARM11 kernel because builtin modules
+       are compressed in memory and are only decompressed at runtime */
+
+    //Check that we have enough free space
+    if(*(u32 *)(*freeK11Space + k11modules_bin_size - 4) != 0xFFFFFFFF) return patchGames ? 1 : 0;
+
+    //Look for the code that decompresses the .code section of the builtin modules
+    const u8 pattern[] = {0xE5, 0x48, 0x00, 0x9D};
+
+    u8 *temp = memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(temp == NULL) return 1;
+
+    //Inject our code into the free space
+    memcpy(*freeK11Space, k11modules_bin, k11modules_bin_size);
+
+    u32 *off = (u32 *)(temp - 0xB);
+
+    //Inject a jump (BL) instruction to our code at the offset we found
+    *off = 0xEB000000 | (((((u32)*freeK11Space) - ((u32)off + 8)) >> 2) & 0xFFFFFF);
+
+    *freeK11Space += k11modules_bin_size;
+
+    return 0;
+}
+
+u32 patchUnitInfoValueSet(u8 *pos, u32 size)
+{
+    //Look for UNITINFO value being set during kernel sync
+    const u8 pattern[] = {0x01, 0x10, 0xA0, 0x13};
+
+    u8 *off = memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(off == NULL) return 1;
+
+    off[0] = ISDEVUNIT ? 0 : 1;
+    off[3] = 0xE3;
+
+    return 0;
+}
+
+u32 patchLgySignatureChecks(u8 *pos, u32 size)
+{
+    const u8 pattern[] = {0x47, 0xC1, 0x17, 0x49};
+
+    u8 *temp = memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(temp == NULL) return 1;
+
+    u16 *off = (u16 *)(temp + 1);
+    off[0] = 0x2000;
+    off[1] = 0xB04E;
+    off[2] = 0xBD70;
+
+    return 0;
+}
+
+u32 patchTwlInvalidSignatureChecks(u8 *pos, u32 size)
+{
+    const u8 pattern[] = {0x20, 0xF6, 0xE7, 0x7F};
+
+    u8 *temp = memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(temp == NULL) return 1;
+
+    u16 *off = (u16 *)(temp - 1);
+    *off = 0x2001; //mov r0, #1
+
+    return 0;
+}
+
+u32 patchTwlNintendoLogoChecks(u8 *pos, u32 size)
+{
+    const u8 pattern[] = {0xC0, 0x30, 0x06, 0xF0};
+
+    u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(off == NULL) return 1;
+
+    off[1] = 0x2000;
+    off[2] = 0;
+
+    return 0;
+}
+
+u32 patchTwlWhitelistChecks(u8 *pos, u32 size)
+{
+    const u8 pattern[] = {0x22, 0x00, 0x20, 0x30};
+
+    u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(off == NULL) return 1;
+
+    off[2] = 0x2000;
+    off[3] = 0;
+
+    return 0;
+}
+
+u32 patchTwlFlashcartChecks(u8 *pos, u32 size, u32 firmVersion)
+{
+    const u8 pattern[] = {0x25, 0x20, 0x00, 0x0E};
+
+    u8 *temp = memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(temp == NULL)
+    {
+        if(firmVersion == 0xFFFFFFFF) return patchOldTwlFlashcartChecks(pos, size);
+
+        return 1;
+    }
+
+    u16 *off = (u16 *)(temp + 3);
+    off[0] = off[6] = off[0xC] = 0x2001; //mov r0, #1
+    off[1] = off[7] = off[0xD] = 0; //nop
+
+    return 0;
+}
+
+u32 patchOldTwlFlashcartChecks(u8 *pos, u32 size)
+{
+    const u8 pattern[] = {0x06, 0xF0, 0xA0, 0xFD};
+
+    u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(off == NULL) return 1;
+
+    off[0] = off[6] = 0x2001; //mov r0, #1
+    off[1] = off[7] = 0; //nop
+
+    return 0;
+}
+
+u32 patchTwlShaHashChecks(u8 *pos, u32 size)
+{
+    const u8 pattern[] = {0x10, 0xB5, 0x14, 0x22};
+
+    u16 *off = (u16 *)memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(off == NULL) return 1;
+
+    off[0] = 0x2001; //mov r0, #1
+    off[1] = 0x4770;
+
+    return 0;
+}
+
+u32 patchAgbBootSplash(u8 *pos, u32 size)
+{
+    const u8 pattern[] = {0x00, 0x00, 0x01, 0xEF};
+
+    u8 *off = memsearch(pos, pattern, size, sizeof(pattern));
+
+    if(off == NULL) return 1;
+
+    off[2] = 0x26;
+
+    return 0;
+}

source/patches.h

@@ -20,27 +20,51 @@
 *   Notices displayed by works containing it.
 */
 
+/*
+*   Signature patches by an unknown author
+*   Signature patches for old FIRMs by SciresM
+*   firmlaunches patching code originally by delebile
+*   FIRM partition writes patches by delebile
+*   ARM11 modules patching code originally by Subv
+*   Idea for svcBreak patches from yellows8 and others on #3dsdev
+*   TWL_FIRM patches by Steveice10 and others
+*/
+
 #pragma once
 
 #include "types.h"
 
-typedef struct patchData {
-    u32 offset[2];
-    union {
-        u8 type0[8];
-        u16 type1;
-    } patch;
-    u32 type;
-} patchData;
+extern CfgData configData;
 
-extern bool isN3DS;
-
-u8 *getProcess9(u8 *pos, u32 size, u32 *process9Size, u32 *process9MemAddr);
-void patchSignatureChecks(u8 *pos, u32 size);
-void patchTitleInstallMinVersionCheck(u8 *pos, u32 size);
-void patchFirmlaunches(u8 *pos, u32 size, u32 process9MemAddr);
-void patchFirmWrites(u8 *pos, u32 size);
-void patchFirmWriteSafe(u8 *pos, u32 size);
-void reimplementSvcBackdoor(u8 *pos, u32 size);
-void applyLegacyFirmPatches(u8 *pos, FirmwareType firmType);
-u32 getLoader(u8 *pos, u32 *loaderSize);
+u8 *getProcess9Info(u8 *pos, u32 size, u32 *process9Size, u32 *process9MemAddr);
+u32 *getKernel11Info(u8 *pos, u32 size, u32 *baseK11VA, u8 **freeK11Space, u32 **arm11SvcHandler, u32 **arm11DAbtHandler, u32 **arm11ExceptionsPage);
+u32 patchSignatureChecks(u8 *pos, u32 size);
+u32 patchOldSignatureChecks(u8 *pos, u32 size);
+u32 patchFirmlaunches(u8 *pos, u32 size, u32 process9MemAddr);
+u32 patchFirmWrites(u8 *pos, u32 size);
+u32 patchOldFirmWrites(u8 *pos, u32 size);
+u32 patchTitleInstallMinVersionChecks(u8 *pos, u32 size, u32 firmVersion);
+u32 patchZeroKeyNcchEncryptionCheck(u8 *pos, u32 size);
+u32 patchNandNcchEncryptionCheck(u8 *pos, u32 size);
+u32 patchCheckForDevCommonKey(u8 *pos, u32 size);
+u32 reimplementSvcBackdoor(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA, u8 **freeK11Space);
+u32 stubSvcRestrictGpuDma(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA);
+u32 implementSvcGetCFWInfo(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA, u8 **freeK11Space, bool isSafeMode);
+u32 patchArm9ExceptionHandlersInstall(u8 *pos, u32 size);
+u32 getInfoForArm11ExceptionHandlers(u8 *pos, u32 size, u32 *codeSetOffset);
+u32 patchSvcBreak9(u8 *pos, u32 size, u32 kernel9Address);
+void patchSvcBreak11(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA);
+u32 patchKernel9Panic(u8 *pos, u32 size);
+u32 patchKernel11Panic(u8 *pos, u32 size);
+u32 patchP9AccessChecks(u8 *pos, u32 size);
+u32 patchArm11SvcAccessChecks(u32 *arm11SvcHandler, u32 *endPos);
+u32 patchK11ModuleChecks(u8 *pos, u32 size, u8 **freeK11Space, bool patchGames);
+u32 patchUnitInfoValueSet(u8 *pos, u32 size);
+u32 patchLgySignatureChecks(u8 *pos, u32 size);
+u32 patchTwlInvalidSignatureChecks(u8 *pos, u32 size);
+u32 patchTwlNintendoLogoChecks(u8 *pos, u32 size);
+u32 patchTwlWhitelistChecks(u8 *pos, u32 size);
+u32 patchTwlFlashcartChecks(u8 *pos, u32 size, u32 firmVersion);
+u32 patchOldTwlFlashcartChecks(u8 *pos, u32 size);
+u32 patchTwlShaHashChecks(u8 *pos, u32 size);
+u32 patchAgbBootSplash(u8 *pos, u32 size);

source/pin.c

@@ -21,11 +21,11 @@
 */
 
 /*
-*   pin.c
-*   Code to manage pin locking for 3ds. By reworks.
+*   Code originally by reworks
 */
 
 #include "draw.h"
+#include "config.h"
 #include "screen.h"
 #include "utils.h"
 #include "memory.h"
@@ -34,134 +34,185 @@
 #include "pin.h"
 #include "crypto.h"
 
-bool readPin(PINData *out)
+static char pinKeyToLetter(u32 pressed)
 {
-    u8 __attribute__((aligned(4))) zeroes[16] = {0};
-    u8 __attribute__((aligned(4))) tmp[32] = {0};
-
-    if(fileRead(out, "/luma/pin.bin") != sizeof(PINData)) return false;
-    if(memcmp(out->magic, "PINF", 4) != 0) return false;
-
-    computePINHash(tmp, zeroes, 1);
-
-    return memcmp(out->testHash, tmp, 32) == 0; //test vector verification (SD card has (or hasn't) been used on another console)
-}
-
-static inline char PINKeyToLetter(u32 pressed)
-{
-    const char keys[] = "AB--------XY";
+    const char keys[] = "AB--RLUD--XY";
 
     u32 i;
-    __asm__ volatile("clz %[i], %[pressed]" : [i] "=r" (i) : [pressed] "r" (pressed));
+    for(i = 31; pressed > 1; i--) pressed /= 2;
 
     return keys[31 - i];
 }
 
-void newPin(void)
+void newPin(bool allowSkipping, u32 pinMode)
 {
-    clearScreens();
+    clearScreens(false);
 
-    drawString("Enter your NEW PIN: ", 10, 10, COLOR_WHITE);
+    u8 length = 4 + 2 * (pinMode - 1);
 
-    // Set the default value as 0x00 so we can check if there are any unentered characters.
-    u8 __attribute__((aligned(4))) enteredPassword[16 * ((PIN_LENGTH + 15) / 16)] = {0}; // pad to AES block length
+    drawString(true, 10, 10, COLOR_TITLE, "Enter a new PIN using ABXY and the DPad");
+    drawString(true, 10, 10 + SPACING_Y, COLOR_TITLE, allowSkipping ? "Press START to skip, SELECT to reset" : "Press SELECT to reset");
 
-    u32 cnt = 0;
-    int charDrawPos = 20 * SPACING_X;
+    drawFormattedString(true, 10, 10 + 3 * SPACING_Y, COLOR_WHITE, "PIN (%u digits): ", length);
 
-    while(cnt < PIN_LENGTH)
+    //Pad to AES block length with zeroes
+    __attribute__((aligned(4))) u8 enteredPassword[AES_BLOCK_SIZE] = {0};
+
+    bool reset = false;
+    u8 cnt = 0;
+
+    while(cnt < length)
     {
-        u32 pressed;
-        do
+        if(reset)
         {
-            pressed = waitInput();
+            for(u32 i = 0; i < cnt; i++) 
+                drawCharacter(true, 10 + (16 + 2 * i) * SPACING_X, 10 + 3 * SPACING_Y, COLOR_BLACK, (char)enteredPassword[i]);
+
+            cnt = 0;
+            reset = false;
         }
-        while(!(pressed & PIN_BUTTONS & ~BUTTON_START));
 
-        pressed &= PIN_BUTTONS & ~BUTTON_START;
-
-        if(!pressed) continue;
-        char key = PINKeyToLetter(pressed);
-        enteredPassword[cnt++] = (u8)key; // add character to password.
-
-        // visualize character on screen.
-        drawCharacter(key, 10 + charDrawPos, 10, COLOR_WHITE);
-        charDrawPos += 2 * SPACING_X;
-    }
-
-    PINData pin = {0};
-    u8 __attribute__((aligned(4))) tmp[32] = {0};
-    u8 __attribute__((aligned(4))) zeroes[16] = {0};
-
-    memcpy(pin.magic, "PINF", 4);
-    pin.formatVersionMajor = 1;
-    pin.formatVersionMinor = 0;
-
-    computePINHash(tmp, zeroes, 1);
-    memcpy(pin.testHash, tmp, 32);
-
-    computePINHash(tmp, enteredPassword, (PIN_LENGTH + 15) / 16);
-    memcpy(pin.hash, tmp, 32);
-
-    fileWrite(&pin, "/luma/pin.bin", sizeof(PINData));
-    
-    while(HID_PAD & PIN_BUTTONS);
-}
-
-void verifyPin(PINData *in)
-{
-    initScreens();
-
-    drawString("Press START to shutdown or enter pin to proceed.", 10, 10, COLOR_WHITE);
-    drawString("Pin: ", 10, 10 + 2 * SPACING_Y, COLOR_WHITE);
-
-    // Set the default characters as 0x00 so we can check if there are any unentered characters.
-    u8 __attribute__((aligned(4))) enteredPassword[16 * ((PIN_LENGTH + 15) / 16)] = {0};
-
-    u32 cnt = 0;
-    bool unlock = false;
-    int charDrawPos = 5 * SPACING_X;
-
-    while(!unlock)
-    {
         u32 pressed;
         do
         {
-            pressed = waitInput();
+            pressed = waitInput(false);
         }
         while(!(pressed & PIN_BUTTONS));
 
-        pressed &= PIN_BUTTONS & ~BUTTON_START;
+        pressed &= PIN_BUTTONS;
+        if(!allowSkipping) pressed &= ~BUTTON_START;
+
+        if(pressed & BUTTON_START) return;
+
+        if(pressed & BUTTON_SELECT)
+        {
+            reset = true;
+            continue;
+        }
 
         if(!pressed) continue;
 
+        //Add character to password
+        enteredPassword[cnt] = (u8)pinKeyToLetter(pressed);
+
+        //Visualize character on screen
+        drawCharacter(true, 10 + (16 + 2 * cnt) * SPACING_X, 10 + 3 * SPACING_Y, COLOR_WHITE, enteredPassword[cnt]);
+
+        cnt++;
+    }
+
+    PinData pin;
+
+    memcpy(pin.magic, "PINF", 4);
+    pin.formatVersionMajor = PIN_VERSIONMAJOR;
+    pin.formatVersionMinor = PIN_VERSIONMINOR;
+
+    __attribute__((aligned(4))) u8 tmp[SHA_256_HASH_SIZE],
+                                   lengthBlock[AES_BLOCK_SIZE] = {0};
+    lengthBlock[0] = length;
+
+    computePinHash(tmp, lengthBlock);
+    memcpy(pin.lengthHash, tmp, sizeof(tmp));
+
+    computePinHash(tmp, enteredPassword);
+    memcpy(pin.hash, tmp, sizeof(tmp));
+
+    if(!fileWrite(&pin, PIN_FILE, sizeof(PinData)))
+        error("Error writing the PIN file");
+}
+
+bool verifyPin(u32 pinMode)
+{
+    PinData pin;
+
+    if(fileRead(&pin, PIN_FILE, sizeof(PinData)) != sizeof(PinData) ||
+       memcmp(pin.magic, "PINF", 4) != 0 ||
+       pin.formatVersionMajor != PIN_VERSIONMAJOR ||
+       pin.formatVersionMinor != PIN_VERSIONMINOR)
+        return false;
+
+    __attribute__((aligned(4))) u8 tmp[SHA_256_HASH_SIZE],
+                                   lengthBlock[AES_BLOCK_SIZE] = {0};
+    lengthBlock[0] = 4 + 2 * (pinMode - 1);
+
+    computePinHash(tmp, lengthBlock);
+
+    //Test vector verification (check if SD card has been used on another console or PIN length changed)
+    if(memcmp(pin.lengthHash, tmp, sizeof(tmp)) != 0) return false;
+
+    initScreens();
+
+    drawString(true, 10, 10, COLOR_TITLE, "Enter the PIN using ABXY and the DPad to proceed");
+    drawString(true, 10, 10 + SPACING_Y, COLOR_TITLE, "Press START to shutdown, SELECT to clear");
+
+    drawFormattedString(true, 10, 10 + 3 * SPACING_Y, COLOR_WHITE, "PIN (%u digits): ", lengthBlock[0]);
+
+    const char *messageFile = "pinmessage.txt";
+    char message[801];
+
+    u32 messageSize = fileRead(message, messageFile, sizeof(message) - 1);
+
+    if(messageSize != 0)
+    {
+        message[messageSize] = 0;
+        drawString(false, 10, 10, COLOR_WHITE, message);
+    }
+
+    //Pad to AES block length with zeroes
+    __attribute__((aligned(4))) u8 enteredPassword[AES_BLOCK_SIZE] = {0};
+
+    bool unlock = false,
+         reset = false;
+    u8 cnt = 0;
+
+    while(!unlock)
+    {
+        if(reset)
+        {
+            for(u32 i = 0; i < cnt; i++) 
+                drawCharacter(true, 10 + (16 + 2 * i) * SPACING_X, 10 + 3 * SPACING_Y, COLOR_BLACK, '*');
+
+            cnt = 0;
+            reset = false;
+        }
+
+        u32 pressed;
+        do
+        {
+            pressed = waitInput(false);
+        }
+        while(!(pressed & PIN_BUTTONS));
+
         if(pressed & BUTTON_START) mcuPowerOff();
 
-        char key = PINKeyToLetter(pressed);
-        enteredPassword[cnt++] = (u8)key; // add character to password.
+        pressed &= PIN_BUTTONS;
 
-        // visualize character on screen.
-        drawCharacter(key, 10 + charDrawPos, 10 + 2 * SPACING_Y, COLOR_WHITE);
-        charDrawPos += 2 * SPACING_X;
-
-        if(cnt >= PIN_LENGTH)
+        if(pressed & BUTTON_SELECT)
         {
-            u8 __attribute__((aligned(4))) tmp[32] = {0};
+            reset = true;
+            continue;
+        }
 
-            computePINHash(tmp, enteredPassword, (PIN_LENGTH + 15) / 16);
-            unlock = memcmp(in->hash, tmp, 32) == 0;
+        if(!pressed) continue;
 
-            if(!unlock)
-            {
-                charDrawPos = 5 * SPACING_X;
-                cnt = 0;
+        //Add character to password
+        enteredPassword[cnt] = (u8)pinKeyToLetter(pressed);
 
-                clearScreens();
+        //Visualize character on screen
+        drawCharacter(true, 10 + (16 + 2 * cnt) * SPACING_X, 10 + 3 * SPACING_Y, COLOR_WHITE, '*');
 
-                drawString("Press START to shutdown or enter pin to proceed.", 10, 10, COLOR_WHITE);
-                drawString("Pin: ", 10, 10 + 2 * SPACING_Y, COLOR_WHITE);
-                drawString("Wrong pin! Try again!", 10, 10 + 3 * SPACING_Y, COLOR_RED); 
-            }
+        if(++cnt < lengthBlock[0]) continue;
+
+        computePinHash(tmp, enteredPassword);
+        unlock = memcmp(pin.hash, tmp, sizeof(tmp)) == 0;
+
+        if(!unlock)
+        {
+            reset = true;
+
+            drawString(true, 10, 10 + 5 * SPACING_Y, COLOR_RED, "Wrong PIN, try again"); 
         }
     }
-}
+
+    return true;
+}

source/pin.h

@@ -21,26 +21,16 @@
 */
 
 /*
-*   pin.h
-*
-*   Code to manage pin locking for 3ds. By reworks.
+*   Code originally by reworks
 */
 
 #pragma once
 
 #include "types.h"
 
-#define PIN_LENGTH  4
+#define PIN_FILE         "pin.bin"
+#define PIN_VERSIONMAJOR 1
+#define PIN_VERSIONMINOR 3
 
-typedef struct __attribute__((packed))
-{
-    char magic[4];
-    u16 formatVersionMajor, formatVersionMinor;
-
-    u8 testHash[32];
-    u8 hash[32];
-} PINData;
-
-bool readPin(PINData* out);
-void newPin(void);
-void verifyPin(PINData *in);
+void newPin(bool allowSkipping, u32 pinMode);
+bool verifyPin(u32 pinMode);

source/screen.c

@@ -21,45 +21,50 @@
 */
 
 /*
-*   Screen init code by dark_samus, bil1s, Normmatt, delebile and others.
-*   Screen deinit code by tiniVi.
+*   Screen init code by dark_samus, bil1s, Normmatt, delebile and others
+*   Screen deinit code by tiniVi
+*/
+
+/*
+*   About cache coherency:
+*
+*   Flushing the data cache for all memory regions read from/written to by both processors is mandatory on the ARM9 processor.
+*   Thus, we make sure there'll be a cache miss on the ARM9 next time it's read.
+*   Otherwise the ARM9 won't see the changes made and things will break.
+*
+*   On the ARM11, in the environment we're in, the MMU isn't enabled and nothing is cached.
 */
 
 #include "screen.h"
 #include "config.h"
 #include "memory.h"
 #include "cache.h"
-#include "draw.h"
 #include "i2c.h"
+#include "utils.h"
+
+static vu32 *arm11Entry = (vu32 *)0x1FFFFFFC;
 
-vu32 *const arm11Entry = (vu32 *)0x1FFFFFF8;
 static const u32 brightness[4] = {0x5F, 0x4C, 0x39, 0x26};
 
 void  __attribute__((naked)) arm11Stub(void)
 {
-    //Disable interrupts
-    __asm(".word 0xF10C01C0");
-
-    //Wait for the entry to be set
-    while(*arm11Entry == ARM11_STUB_ADDRESS);
-
-    //Jump to it
-    ((void (*)())*arm11Entry)();
+    WAIT_FOR_ARM9();
 }
 
 static void invokeArm11Function(void (*func)())
 {
     static bool hasCopiedStub = false;
+
     if(!hasCopiedStub)
     {
-        memcpy((void *)ARM11_STUB_ADDRESS, arm11Stub, 0x30);
-        flushDCacheRange((void *)ARM11_STUB_ADDRESS, 0x30);
+        memcpy((void *)ARM11_STUB_ADDRESS, arm11Stub, 0x2C);
         hasCopiedStub = true;
     }
 
     *arm11Entry = (u32)func;
     while(*arm11Entry);
     *arm11Entry = ARM11_STUB_ADDRESS;
+    while(*arm11Entry);
 }
 
 void deinitScreens(void)
@@ -77,7 +82,7 @@ void deinitScreens(void)
         WAIT_FOR_ARM9();
     }
 
-    if(PDN_GPU_CNT != 1) invokeArm11Function(ARM11);
+    if(ARESCREENSINITIALIZED) invokeArm11Function(ARM11);
 }
 
 void updateBrightness(u32 brightnessIndex)
@@ -101,54 +106,70 @@ void updateBrightness(u32 brightnessIndex)
     invokeArm11Function(ARM11);
 }
 
-void clearScreens(void)
-{   
+void swapFramebuffers(bool isAlternate)
+{
+    static u32 isAlternateTmp;
+    isAlternateTmp = isAlternate ? 1 : 0;
+
+    void __attribute__((naked)) ARM11(void)
+    {
+        //Disable interrupts
+        __asm(".word 0xF10C01C0");
+
+        *(vu32 *)0x10400478 = (*(vu32 *)0x10400478 & 0xFFFFFFFE) | isAlternateTmp;
+        *(vu32 *)0x10400578 = (*(vu32 *)0x10400478 & 0xFFFFFFFE) | isAlternateTmp;
+
+        WAIT_FOR_ARM9();
+    }
+
+    flushDCacheRange(&isAlternateTmp, 4);
+    invokeArm11Function(ARM11);
+}
+
+void clearScreens(bool isAlternate)
+{
+    static volatile struct fb *fbTmp;
+    fbTmp = isAlternate ? &fbs[1] : &fbs[0];
+
     void __attribute__((naked)) ARM11(void)
     {
         //Disable interrupts
         __asm(".word 0xF10C01C0");
 
         //Setting up two simultaneous memory fills using the GPU
-        vu32 *REGs_PSC0 = (vu32 *)0x10400010;
-        REGs_PSC0[0] = (u32)fb->top_left >> 3; //Start address
-        REGs_PSC0[1] = (u32)(fb->top_left + 0x46500) >> 3; //End address
+
+        vu32 *REGs_PSC0 = (vu32 *)0x10400010,
+             *REGs_PSC1 = (vu32 *)0x10400020;
+
+        REGs_PSC0[0] = (u32)fbTmp->top_left >> 3; //Start address
+        REGs_PSC0[1] = (u32)(fbTmp->top_left + SCREEN_TOP_FBSIZE) >> 3; //End address
         REGs_PSC0[2] = 0; //Fill value
         REGs_PSC0[3] = (2 << 8) | 1; //32-bit pattern; start
 
-        vu32 *REGs_PSC1 = (vu32 *)0x10400020;
-        REGs_PSC1[0] = (u32)fb->bottom >> 3; //Start address
-        REGs_PSC1[1] = (u32)(fb->bottom + 0x38400) >> 3; //End address
+        REGs_PSC1[0] = (u32)fbTmp->bottom >> 3; //Start address
+        REGs_PSC1[1] = (u32)(fbTmp->bottom + SCREEN_BOTTOM_FBSIZE) >> 3; //End address
         REGs_PSC1[2] = 0; //Fill value
         REGs_PSC1[3] = (2 << 8) | 1; //32-bit pattern; start
 
         while(!((REGs_PSC0[3] & 2) && (REGs_PSC1[3] & 2)));
 
-        if(fb->top_right != fb->top_left)
-        {
-            REGs_PSC0[0] = (u32)fb->top_right >> 3; //Start address
-            REGs_PSC0[1] = (u32)(fb->top_right + 0x46500) >> 3; //End address
-            REGs_PSC0[2] = 0; //Fill value
-            REGs_PSC0[3] = (2 << 8) | 1; //32-bit pattern; start
-
-            while(!(REGs_PSC0[3] & 2));
-        }
-
         WAIT_FOR_ARM9();
     }
 
-    flushDCacheRange((void *)fb, sizeof(struct fb));
+    flushDCacheRange((void *)fbTmp, sizeof(struct fb));
+    flushDCacheRange(&fbTmp, 4);
     invokeArm11Function(ARM11);
 }
 
 void initScreens(void)
 {
-    void __attribute__((naked)) ARM11(void)
+    void __attribute__((naked)) initSequence(void)
     {
         //Disable interrupts
         __asm(".word 0xF10C01C0");
 
-        u32 brightnessLevel = brightness[MULTICONFIG(0)];
-        
+        u32 brightnessLevel = brightness[MULTICONFIG(BRIGHTNESS)];
+
         *(vu32 *)0x10141200 = 0x1007F;
         *(vu32 *)0x10202014 = 0x00000001;
         *(vu32 *)0x1020200C &= 0xFFFEFFFE;
@@ -157,7 +178,7 @@ void initScreens(void)
         *(vu32 *)0x10202244 = 0x1023E;
         *(vu32 *)0x10202A44 = 0x1023E;
 
-        // Top screen
+        //Top screen
         *(vu32 *)0x10400400 = 0x000001c2;
         *(vu32 *)0x10400404 = 0x000000d1;
         *(vu32 *)0x10400408 = 0x000001c1;
@@ -187,11 +208,11 @@ void initScreens(void)
         *(vu32 *)0x10400490 = 0x000002D0;
         *(vu32 *)0x1040049C = 0x00000000;
 
-        // Disco register
+        //Disco register
         for(u32 i = 0; i < 256; i++)
            *(vu32 *)0x10400484 = 0x10101 * i;
 
-        // Bottom screen
+        //Bottom screen
         *(vu32 *)0x10400500 = 0x000001c2;
         *(vu32 *)0x10400504 = 0x000000d1;
         *(vu32 *)0x10400508 = 0x000001c1;
@@ -221,39 +242,56 @@ void initScreens(void)
         *(vu32 *)0x10400590 = 0x000002D0;
         *(vu32 *)0x1040059C = 0x00000000;
 
-        // Disco register
+        //Disco register
         for(u32 i = 0; i < 256; i++)
            *(vu32 *)0x10400584 = 0x10101 * i;
 
-        *(vu32 *)0x10400468 = 0x18300000;
-        *(vu32 *)0x1040046c = 0x18300000;
-        *(vu32 *)0x10400494 = 0x18300000;
-        *(vu32 *)0x10400498 = 0x18300000;
-        *(vu32 *)0x10400568 = 0x18346500;
-        *(vu32 *)0x1040056c = 0x18346500;
-
-        //Set CakeBrah framebuffers
-        fb->top_left = (u8 *)0x18300000;
-        fb->top_right = (u8 *)0x18300000;
-        fb->bottom = (u8 *)0x18346500;
-
         WAIT_FOR_ARM9();
     }
 
-    if(PDN_GPU_CNT == 1)
+    //Set CakeBrah framebuffers
+    void __attribute__((naked)) setupFramebuffers(void)
     {
-        flushDCacheRange(&config, 4);
-        flushDCacheRange((void *)fb, sizeof(struct fb));
-        invokeArm11Function(ARM11);
+        //Disable interrupts
+        __asm(".word 0xF10C01C0");
 
-        clearScreens();
+        fbs[0].top_left = (u8 *)0x18300000;
+        fbs[1].top_left = (u8 *)0x18400000;
+        fbs[0].top_right = (u8 *)0x18300000;
+        fbs[1].top_right = (u8 *)0x18400000;
+        fbs[0].bottom = (u8 *)0x18346500;
+        fbs[1].bottom = (u8 *)0x18446500;
 
-        //Turn on backlight
-        i2cWriteRegister(I2C_DEV_MCU, 0x22, 0x2A);
+        *(vu32 *)0x10400468 = (u32)fbs[0].top_left;
+        *(vu32 *)0x1040046c = (u32)fbs[1].top_left;
+        *(vu32 *)0x10400494 = (u32)fbs[0].top_right;
+        *(vu32 *)0x10400498 = (u32)fbs[1].top_right;
+        *(vu32 *)0x10400568 = (u32)fbs[0].bottom;
+        *(vu32 *)0x1040056c = (u32)fbs[1].bottom;
+
+        WAIT_FOR_ARM9();
     }
-    else
+
+    static bool needToSetup = true;
+
+    if(needToSetup)
     {
-        clearScreens();
-        updateBrightness(MULTICONFIG(0));
+        if(!ARESCREENSINITIALIZED)
+        {
+            flushDCacheRange(&configData, sizeof(CfgData));
+            invokeArm11Function(initSequence);
+
+            //Turn on backlight
+            i2cWriteRegister(I2C_DEV_MCU, 0x22, 0x2A);
+            wait(3ULL);
+        }
+        else updateBrightness(MULTICONFIG(BRIGHTNESS));
+
+        flushDCacheRange((void *)fbs, 2 * sizeof(struct fb));
+        invokeArm11Function(setupFramebuffers);
+        needToSetup = false;
     }
-}
+
+    clearScreens(false);
+    swapFramebuffers(false);
+}

source/screen.h

@@ -21,25 +21,37 @@
 */
 
 /*
-*   Screen init code by dark_samus, bil1s, Normmatt, delebile and others.
-*   Screen deinit code by tiniVi.
+*   Screen init code by dark_samus, bil1s, Normmatt, delebile and others
+*   Screen deinit code by tiniVi
 */
 
 #pragma once
 
 #include "types.h"
 
-#define PDN_GPU_CNT         (*(vu8 *)0x10141200)
-#define ARM11_STUB_ADDRESS  (0x25000000 - 0x30) //It's currently only 0x28 bytes large. We're putting 0x30 just to be sure here
-#define WAIT_FOR_ARM9()     *arm11Entry = 0; while(!*arm11Entry); ((void (*)())*arm11Entry)();
+#define PDN_GPU_CNT (*(vu8  *)0x10141200)
+
+#define ARESCREENSINITIALIZED (PDN_GPU_CNT != 1)
+
+#define ARM11_STUB_ADDRESS 0x1FFFFF00
+#define WAIT_FOR_ARM9()    *arm11Entry = 0; while(!*arm11Entry); ((void (*)())*arm11Entry)();
+
+#define SCREEN_TOP_WIDTH     400
+#define SCREEN_BOTTOM_WIDTH  320
+#define SCREEN_HEIGHT        240
+#define SCREEN_TOP_FBSIZE    (3 * SCREEN_TOP_WIDTH * SCREEN_HEIGHT)
+#define SCREEN_BOTTOM_FBSIZE (3 * SCREEN_BOTTOM_WIDTH * SCREEN_HEIGHT)
 
 static volatile struct fb {
      u8 *top_left;
      u8 *top_right;
      u8 *bottom;
-} *const fb = (volatile struct fb *)0x23FFFE00;
+}  __attribute__((packed)) *const fbs = (volatile struct fb *)0x23FFFE00;
+
+extern CfgData configData;
 
 void deinitScreens(void);
+void swapFramebuffers(bool isAlternate);
 void updateBrightness(u32 brightnessIndex);
-void clearScreens(void);
-void initScreens(void);
+void clearScreens(bool isAlternate);
+void initScreens(void);

source/start.s

@@ -24,27 +24,27 @@
 .align 4
 .global _start
 _start:
-    b start
+    @ Disable interrupts
+    mrs r4, cpsr
+    orr r4, #0x1C0
+    msr cpsr_cx, r4
 
-.global launchedFirmTIDLow
-launchedFirmTIDLow:
-    .hword 0, 0, 0, 0, 0, 0, 0, 0 
+    ldr r4, =0xBEEF
+    cmp r2, r4
+    movne r0, #0    @ check magic word
+
+    mov r9, r0
+    mov r10, r1
 
-start:
     @ Change the stack pointer
     mov sp, #0x27000000
 
-    @ Disable interrupts
-    mrs r0, cpsr
-    orr r0, #0x1C0
-    msr cpsr_cx, r0
-
     @ Disable caches / MPU
-    mrc p15, 0, r0, c1, c0, 0  @ read control register
-    bic r0, #(1<<12)           @ - instruction cache disable
-    bic r0, #(1<<2)            @ - data cache disable
-    bic r0, #(1<<0)            @ - mpu disable
-    mcr p15, 0, r0, c1, c0, 0  @ write control register
+    mrc p15, 0, r4, c1, c0, 0  @ read control register
+    bic r4, #(1<<12)           @ - instruction cache disable
+    bic r4, #(1<<2)            @ - data cache disable
+    bic r4, #(1<<0)            @ - mpu disable
+    mcr p15, 0, r4, c1, c0, 0  @ write control register
 
     @ Flush caches
     bl flushEntireDCache
@@ -58,7 +58,7 @@ start:
     @ Set MPU permissions and cache settings
     ldr r0, =0xFFFF001D @ ffff0000 32k  | bootrom (unprotected part)
     ldr r1, =0x01FF801D @ 01ff8000 32k  | itcm
-    ldr r2, =0x08000029 @ 08000000 2M   | arm9 mem (O3DS / N3DS) 
+    ldr r2, =0x08000029 @ 08000000 2M   | arm9 mem (O3DS / N3DS)
     ldr r3, =0x10000029 @ 10000000 2M   | io mem (ARM9 / first 2MB)
     ldr r4, =0x20000037 @ 20000000 256M | fcram (O3DS / N3DS)
     ldr r5, =0x1FF00027 @ 1FF00000 1M   | dsp / axi wram
@@ -80,6 +80,7 @@ start:
     @ Enable caches / MPU / ITCM
     mrc p15, 0, r0, c1, c0, 0  @ read control register
     orr r0, r0, #(1<<18)       @ - ITCM enable
+    orr r0, r0, #(1<<13)       @ - alternate exception vectors enable
     orr r0, r0, #(1<<12)       @ - instruction cache enable
     orr r0, r0, #(1<<2)        @ - data cache enable
     orr r0, r0, #(1<<0)        @ - mpu enable
@@ -90,4 +91,13 @@ start:
     mov r1, #0x340
     str r1, [r0]
 
+    @ Clear BSS
+    ldr r0, =__bss_start
+    mov r1, #0
+    ldr r2, =__bss_end
+    sub r2, r0
+    bl memset32
+
+    mov r0, r9
+    mov r1, r10
     b main

source/strings.c

@@ -0,0 +1,64 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#include "strings.h"
+#include "memory.h"
+
+u32 strlen(const char *string)
+{
+    char *stringEnd = (char *)string;
+
+    while(*stringEnd != 0) stringEnd++;
+
+    return stringEnd - string;
+}
+
+u32 strnlen(const char *string, u32 maxlen)
+{
+    u32 size;
+
+    for(size = 0; size < maxlen && *string; string++, size++);
+
+    return size;
+}
+
+u32 hexAtoi(const char *in, u32 digits)
+{
+    u32 res = 0;
+    char *tmp = (char *)in;
+
+    for(u32 i = 0; i < digits && *tmp != 0; tmp++, i++)
+        res = (*tmp > '9' ? *tmp - 'A' + 10 : *tmp - '0') + (res << 4);
+
+    return res;
+}
+
+u32 decAtoi(const char *in, u32 digits)
+{
+    u32 res = 0;
+    char *tmp = (char *)in;
+
+    for(u32 i = 0; i < digits && *tmp != 0; tmp++, i++)
+        res = *tmp - '0' + res * 10;
+
+    return res;
+}

source/strings.h

@@ -0,0 +1,30 @@
+/*
+*   This file is part of Luma3DS
+*   Copyright (C) 2016 Aurora Wright, TuxSH
+*
+*   This program is free software: you can redistribute it and/or modify
+*   it under the terms of the GNU General Public License as published by
+*   the Free Software Foundation, either version 3 of the License, or
+*   (at your option) any later version.
+*
+*   This program is distributed in the hope that it will be useful,
+*   but WITHOUT ANY WARRANTY; without even the implied warranty of
+*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*   GNU General Public License for more details.
+*
+*   You should have received a copy of the GNU General Public License
+*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
+*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
+*   Notices displayed by works containing it.
+*/
+
+#pragma once
+
+#include "types.h"
+
+u32 strlen(const char *string);
+u32 strnlen(const char *string, u32 maxlen);
+u32 hexAtoi(const char *in, u32 digits);
+u32 decAtoi(const char *in, u32 digits);