LowLevel/Luma3DS-3GX
Archived
1
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

Compare commits

base: LowLevel:v7.1
Branches Tags
LowLevel:3gx-master LowLevel:master LowLevel:release
LowLevel:v10.2-beta3 LowLevel:v10.2 LowLevel:v10.1.3-beta2 LowLevel:v10.1.4 LowLevel:v10.1.3-beta LowLevel:v10.1.3 LowLevel:v10.1.2 LowLevel:v10.1.1 LowLevel:v10.1 LowLevel:v10.0.1 LowLevel:v10.0 LowLevel:v9.1 LowLevel:v9.0-joyconhax LowLevel:v9.0 LowLevel:v8.1.1 LowLevel:v8.1 LowLevel:v8.0 LowLevel:v7.1 LowLevel:v7.0.5 LowLevel:v7.0.4 LowLevel:v7.0.3 LowLevel:v7.0.2 LowLevel:v7.0.1 LowLevel:v7.0 LowLevel:v6.6 LowLevel:v6.5 LowLevel:v6.3.1 LowLevel:v6.3 LowLevel:v6.2.3 LowLevel:v6.2.2 LowLevel:v6.2.1 LowLevel:v6.2 LowLevel:v6.1.2 LowLevel:v6.1.1 LowLevel:v6.1 LowLevel:v6.0.1 LowLevel:v6.0 LowLevel:v5.5 LowLevel:v5.4 LowLevel:v5.3.1 LowLevel:v5.3 LowLevel:v5.2 LowLevel:v5.1.2 LowLevel:v5.1.1 LowLevel:v5.1 LowLevel:v5.0 LowLevel:v4.2 LowLevel:v4.1 LowLevel:v4.0.1 LowLevel:v4.0 LowLevel:v3.14 LowLevel:v3.13 LowLevel:v3.12 LowLevel:v3.11 LowLevel:v3.9 LowLevel:v3.8.1-r2 LowLevel:v3.8 LowLevel:v3.7.3 LowLevel:v3.7.2 LowLevel:v3.7.1 LowLevel:v3.7 LowLevel:v3.6 LowLevel:v3.5.3 LowLevel:v3.5.2 LowLevel:v3.5.1 LowLevel:v3.5 LowLevel:v3.4 LowLevel:v3.3
..
compare: LowLevel:v8.0
Branches Tags
LowLevel:3gx-master LowLevel:master LowLevel:release
LowLevel:v10.2-beta3 LowLevel:v10.2 LowLevel:v10.1.3-beta2 LowLevel:v10.1.4 LowLevel:v10.1.3-beta LowLevel:v10.1.3 LowLevel:v10.1.2 LowLevel:v10.1.1 LowLevel:v10.1 LowLevel:v10.0.1 LowLevel:v10.0 LowLevel:v9.1 LowLevel:v9.0-joyconhax LowLevel:v9.0 LowLevel:v8.1.1 LowLevel:v8.1 LowLevel:v8.0 LowLevel:v7.1 LowLevel:v7.0.5 LowLevel:v7.0.4 LowLevel:v7.0.3 LowLevel:v7.0.2 LowLevel:v7.0.1 LowLevel:v7.0 LowLevel:v6.6 LowLevel:v6.5 LowLevel:v6.3.1 LowLevel:v6.3 LowLevel:v6.2.3 LowLevel:v6.2.2 LowLevel:v6.2.1 LowLevel:v6.2 LowLevel:v6.1.2 LowLevel:v6.1.1 LowLevel:v6.1 LowLevel:v6.0.1 LowLevel:v6.0 LowLevel:v5.5 LowLevel:v5.4 LowLevel:v5.3.1 LowLevel:v5.3 LowLevel:v5.2 LowLevel:v5.1.2 LowLevel:v5.1.1 LowLevel:v5.1 LowLevel:v5.0 LowLevel:v4.2 LowLevel:v4.1 LowLevel:v4.0.1 LowLevel:v4.0 LowLevel:v3.14 LowLevel:v3.13 LowLevel:v3.12 LowLevel:v3.11 LowLevel:v3.9 LowLevel:v3.8.1-r2 LowLevel:v3.8 LowLevel:v3.7.3 LowLevel:v3.7.2 LowLevel:v3.7.1 LowLevel:v3.7 LowLevel:v3.6 LowLevel:v3.5.3 LowLevel:v3.5.2 LowLevel:v3.5.1 LowLevel:v3.5 LowLevel:v3.4 LowLevel:v3.3

47 Commits
v7.1 ... v8.0

Author SHA1 Message Date
TuxSH
21db0d45bd Added Rosalina, see details 
- see release notes
- ( ͡° ͜ʖ ͡°)( ͡° ͜ʖ ͡°)( ͡° ͜ʖ ͡°)
- (∩ ͡° ͜ʖ ͡°)⊃━☆゚
- ( ͡ᵔ ͜ʖ ͡ᵔ) ♫┌( ͡° ͜ʖ ͡°)┘♪ ♫└( ͡° ͜ʖ ͡°)┐♪
 2017-06-05 02:02:04 +02:00
Aurora Wright
4429cb2095 Refactor chronometer functions 2017-06-04 18:56:44 +02:00
Aurora Wright
cab54d1b31 Move i2c delay to i2c.c 2017-06-04 18:32:09 +02:00
TuxSH
1d2909ea03 Fix ISSDMODE usage 2017-06-03 03:59:18 +02:00
Aurora Wright
d802e5329c Fix overlap check 2017-06-03 01:02:52 +02:00
TuxSH
118f81d347 0xBEEF -> 0x1BEEF 2017-06-02 20:36:58 +02:00
Aurora Wright
ba3740a77a Return if the FIRM payloads filesize is different than expected 2017-06-02 19:35:14 +02:00
Aurora Wright
47369c8f5e Should use the function here too 2017-06-02 19:35:13 +02:00
Aurora Wright
7a05dee453 Rework whitelist check patch 2017-06-02 19:35:12 +02:00
Aurora Wright
9e47369365 Add DS cart whitelist patch for home menu (both versions of the func should be supported) 2017-06-02 19:35:10 +02:00
Aurora Wright
5379c05001 Update gitignore, Minor style changes 2017-06-02 19:35:09 +02:00
TuxSH
5b34b2d114 Change directory structure 2017-06-02 19:35:08 +02:00
TuxSH
3ea8734fdd More complete TWL key init 2017-06-02 19:35:07 +02:00
Aurora Wright
8e22080e05 Backport FIRM whitelist from b9s 2017-06-02 19:35:05 +02:00
TuxSH
692a94fe5e Fix call to patchK11ModuleLoading 2017-06-02 19:35:04 +02:00
Aurora Wright
01c760ab88 Not needed/usable 2017-06-02 19:35:03 +02:00
Aurora Wright
28e5d8107f Remove hardcoded CTRNAND FAT offsets, calculate them from parsing NCSD + CTR MBR 2017-06-02 19:35:02 +02:00
Aurora Wright
710d8cd15c Fix DTCM 2017-06-02 19:35:00 +02:00
TuxSH
8395540288 Refine the N3DS check 2017-06-02 19:34:59 +02:00
TuxSH
d57d8aaae7 Use DTCM for ctrNandWrite's buffer, crt0 changes, reboot patch changes 2017-06-02 19:34:58 +02:00
Aurora Wright
10f555b6fb Fix payload size check 2017-06-02 19:34:57 +02:00
Aurora Wright
9f30244bfb Refactoring, fix bugs, move loader to itcm (without overwriting exception handlers), support for running Luma standalone 2017-06-02 19:34:55 +02:00
TuxSH
0b65fcbdd7 Add -S nand-retail to be sure 2017-06-02 19:34:54 +02:00
TuxSH
067e217909 Add proper arm11 crt0 and fix race condition 2017-06-02 19:34:53 +02:00
TuxSH
d6c6c421e9 Allow empty sections at any place in FIRMs 2017-06-02 19:34:52 +02:00
TuxSH
90b54581b0 Fix two bugs 2017-06-02 19:34:51 +02:00
TuxSH
68d9674ca3 Refactor error 2017-06-02 19:34:49 +02:00
TuxSH
a9a8edeaf4 Handle arguments in a better way 2017-06-02 19:34:48 +02:00
TuxSH
dd21a3930d Adapt changes from b9s/next 2017-06-02 19:34:47 +02:00
TuxSH
53209b9be0 Begin turning Luma3DS into a proper firm 
Unfinished work
 2017-06-02 19:34:46 +02:00
TuxSH
8308e1a8b8 Merge pull request #479 from Margen67/master 
Update ISSUE_TEMPLATE.md (..again)
 2017-05-31 21:07:39 +02:00
Margen67
986a2fb5d8 Update ISSUE_TEMPLATE.md (..again) 2017-05-31 10:57:05 -07:00
TuxSH
9570e6cbec Merge pull request #472 from gnmmarechal/master 
Updated README.md
 2017-05-31 18:46:30 +02:00
Gnm Software 2012
93a08c5ef9 Updated README.md 2017-05-29 16:41:17 +01:00
TuxSH
a187c0c7ce Update README.md w/r/t firmtool 2017-05-23 17:41:19 +02:00
Aurora Wright
43f4475272 Move sdmmc init to a more proper place 2017-05-22 04:00:10 +02:00
Aurora Wright
a7ed32e206 Consistency 2017-05-21 19:59:02 +02:00
Aurora Wright
6eadac23b3 Not needed 2017-05-21 19:38:58 +02:00
Aurora
1c7eb8f97a Merge pull request #454 from Margen67/master 
Fix typo
 2017-05-21 17:57:02 +02:00
Aurora Wright
a71c5f42fc Not needed 2017-05-20 15:30:18 +02:00
Aurora Wright
de0f1dc156 Use arm11 entry define for screen.c, fix isFirmlaunch not being always defined 2017-05-20 13:52:47 +02:00
Margen67
bb05961f70 Fix typo 2017-05-19 20:42:15 -07:00
Aurora Wright
57900e91ba Minor stuff 2017-05-20 05:26:01 +02:00
Aurora Wright
98f650a5de Make loader recognize SD/CTRNAND modes and only look in the appropriate one 2017-05-20 05:09:48 +02:00
Aurora Wright
55b2db4a8d Minor cleanup 2017-05-20 04:43:04 +02:00
Aurora Wright
fbe3088744 No longer needed 2017-05-20 03:53:36 +02:00
Aurora Wright
336ab6a64c Minor reboot patch changes 2017-05-20 03:49:03 +02:00
249 changed files with 21784 additions and 2017 deletions
Expand all files Collapse all files

54
.github/ISSUE_TEMPLATE.md vendored
View File

@@ -1,27 +1,35 @@
<!--
-- THIS IS NOT A SUPPORT FORUM! For support please go to:
-- THIS IS NOT A SUPPORT FORUM! For support go here:
-- Luma3DS GBATemp thread: https://gbatemp.net/threads/luma3ds-noob-proof-3ds-custom-firmware.411110/
-- Nintendo Hacking: https://discord.gg/MjzatM8y
--
-- Also check the Wiki (https://github.com/AuroraWright/Luma3DS/wiki) before making an issue.
--
-- For those with GBA/DSiWare/DS/AGB_FIRM/TWL_FIRM problems: https://3ds.guide/troubleshooting
-- For GBA/DSiWare/DS/AGB_FIRM/TWL_FIRM problems: https://3ds.guide/troubleshooting
-- If you're using an emu/redNAND anything related to that must also be installed to sysNAND.
-- Please make sure to read "Enable game patching" https://github.com/AuroraWright/Luma3DS/wiki/Options-and-usage before posting any issues about the "Enable game patching" option(s).
--
-- Please fill in the placeholders.
-- Luma updaters that don't support Boot9Strap/Sighax won't work.
-- This is due to support for non-B9S/Sighax entrypoints being dropped.
--
-->
**System model:** [e.g. 2DS, New 3DS, Old 3DS]
-- Please fill in the placeholders.-->
**System model:**
**SysNAND version (+emu/redNAND version if applicable):** [e.g. 11.4.0-37U]
[e.g. 2DS, New 3DS, Old 3DS]
**Entrypoint (How/what you're using to boot Luma3DS):** [e.g. A9LH]
**SysNAND version (+emu/redNAND version if applicable):**
[e.g. 11.4.0-37U SysNAND, 11.4.0-37J EmuNAND]
**Entrypoint (How/what you're using to boot Luma3DS):**
[e.g. Boot9Strap/Sighax, etc.]
**Luma3DS version:**
[e.g. 7.1 stable or if using nightly/hourly specify the commit like this https://github.com/AuroraWright/Luma3DS/commit/9570e6cbeca53128433abbf5e3473cb8a07fe69e]
<!--You can check which version you're on in System Settings. It will be on the bottom right of the top screen.-->
**Luma3DS version:** [e.g. 7.0.5 stable or if using nightly specify the commit like this https://github.com/AuroraWright/Luma3DS/commit/5fe83588eb4b8faafc7773b3739a3d3307160b04]
<!--
-- You can check which version you're on in the configuration menu. It will be on the top of the screen.
-->
**Luma3DS configuration/options:**
@@ -34,22 +42,17 @@ Splash: ( )
PIN lock: ( )
New 3DS CPU: ( )
<!--
-- This option is only available for New 3DS/2DS.
-->
<!--This option is only available for New 3DS/2DS.-->
--
Autoboot SysNAND: ( )
Autoboot EmuNAND: ( )
Use SysNAND FIRM if booting with R: ( )
Use EmuNAND FIRM if booting with R: ( )
Enable loading external FIRMs and modules: ( )
<!--
-- Firmware (.bin) files are not required by Luma, or NTR CFW anymore.
-- If you're having issues with this option enabled try deleting them from the luma folder on the root of the SD card and disabling this option.
-->
<!--Firmware (.bin) files are not required by Luma, or NTR CFW anymore.
-- If you're having issues with this option enabled try deleting them from the luma folder on the root of the SD card and disabling this option.-->
Use custom path: ( )
@@ -59,14 +62,13 @@ Show NAND or user string in System Settings: ( )
Show GBA boot screen in patched AGB_FIRM: ( )
Patch SVC/service/archive/ARM9 access: ( )
Patch ARM9 access: ( )
Set developer UNITINFO: ( )
Enable exception handlers: ( )
--
**Explanation of the issue:**
@@ -82,6 +84,6 @@ Enable exception handlers: ( )
**Dump file:**
<!-- If the issue leads to a crash you can generate a crash dump by checking the "Enable exception handlers" option.
<!--If the issue leads to a crash you can generate a crash dump by checking the "Enable exception handlers" option.
-- The error message will tell you where the dump is.
Zip the dmp file and drag & drop it below. -->
-- Zip the dmp file and drag & drop it below.-->

17
.gitignore vendored
View File

@@ -1,13 +1,18 @@
out
build
loader/build
injector/build
arm11/build
sysmodules/loader/build
chainloader/build
rosalina/build
exceptions/arm9/build
exceptions/arm11/build
haxloader/build
.vscode
.vscode/**
*.bin
*.3dsx
*.smdh
*.firm
*.o
*.d
*.elf
*.elf
*.cxi
*.bmp
*.dmp

74
Makefile
View File

@@ -4,32 +4,48 @@ ifeq ($(strip $(DEVKITARM)),)
$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM")
endif
ifneq ($(strip $(shell firmtool -v 2>&1 | grep usage)),)
$(error "Please install firmtool v1.1 or greater")
endif
include $(DEVKITARM)/base_tools
name := Luma3DS
revision := $(shell git describe --tags --match v[0-9]* --abbrev=8 | sed 's/-[0-9]*-g/-/i')
commit := $(shell git rev-parse --short=8 HEAD)
ifeq ($(strip $(revision)),)
revision := v0.0.0-0
endif
ifeq ($(strip $(commit)),)
commit := 0
endif
dir_source := source
dir_patches := patches
dir_loader := loader
dir_injector := injector
dir_arm11 := arm11
dir_chainloader := chainloader
dir_exceptions := exceptions
dir_arm9_exceptions := $(dir_exceptions)/arm9
dir_arm11_exceptions := $(dir_exceptions)/arm11
dir_sysmodules := sysmodules
dir_loader := $(dir_sysmodules)/loader
dir_rosalina := $(dir_sysmodules)/rosalina
dir_build := build
dir_out := out
ASFLAGS := -mcpu=arm946e-s
CFLAGS := -Wall -Wextra $(ASFLAGS) -fno-builtin -std=c11 -Wno-main -O2 -flto -ffast-math
LDFLAGS := -nostartfiles
LDFLAGS := -nostartfiles -Wl,--nmagic
objects = $(patsubst $(dir_source)/%.s, $(dir_build)/%.o, \
$(patsubst $(dir_source)/%.c, $(dir_build)/%.o, \
$(call rwildcard, $(dir_source), *.s *.c)))
bundled = $(dir_build)/reboot.bin.o $(dir_build)/emunand.bin.o $(dir_build)/svcGetCFWInfo.bin.o $(dir_build)/k11modules.bin.o \
$(dir_build)/injector.bin.o $(dir_build)/loader.bin.o $(dir_build)/arm9_exceptions.bin.o $(dir_build)/arm11_exceptions.bin.o
bundled = $(dir_build)/reboot.bin.o $(dir_build)/emunand.bin.o $(dir_build)/mmuHook.bin.o $(dir_build)/k11MainHook.bin.o $(dir_build)/svcConnectToPortInitHook.bin.o $(dir_build)/svcCustomBackdoor.bin.o\
$(dir_build)/chainloader.bin.o $(dir_build)/arm9_exceptions.bin.o
modules = $(dir_build)/loader.cxi $(dir_build)/rosalina.cxi
define bin2o
bin2s $< | $(AS) -o $(@)
@@ -46,38 +62,52 @@ firm: $(dir_out)/boot.firm
.PHONY: clean
clean:
@$(MAKE) -C $(dir_loader) clean
@$(MAKE) -C $(dir_arm11) clean
@$(MAKE) -C $(dir_chainloader) clean
@$(MAKE) -C $(dir_arm9_exceptions) clean
@$(MAKE) -C $(dir_arm11_exceptions) clean
@$(MAKE) -C $(dir_injector) clean
@$(MAKE) -C $(dir_loader) clean
@$(MAKE) -C $(dir_rosalina) clean
@rm -rf $(dir_out) $(dir_build)
.PRECIOUS: $(dir_build)/%.bin
.PHONY: $(dir_loader)
.PHONY: $(dir_arm11)
.PHONY: $(dir_chainloader)
.PHONY: $(dir_arm9_exceptions)
.PHONY: $(dir_arm11_exceptions)
.PHONY: $(dir_injector)
.PHONY: $(dir_loader)
.PHONY: $(dir_rosalina)
$(dir_out)/$(name)$(revision).7z: all
@mkdir -p "$(@D)"
@7z a -mx $@ ./$(@D)/* ./$(dir_exceptions)/exception_dump_parser.py
$(dir_out)/boot.firm: $(dir_build)/main.elf
$(dir_out)/boot.firm: $(dir_build)/modules.bin $(dir_build)/arm11.elf $(dir_build)/main.elf
@mkdir -p "$(@D)"
@firmtool build $@ -e 0 -D $^ -C NDMA
@firmtool build $@ -D $^ -A 0x1FF60000 -C XDMA XDMA NDMA
$(dir_build)/modules.bin: $(modules)
@mkdir -p "$(@D)"
cat $^ > $@
$(dir_build)/arm11.elf: $(dir_arm11)
@mkdir -p "$(@D)"
@$(MAKE) -C $<
$(dir_build)/main.elf: $(bundled) $(objects)
$(LINK.o) -T linker.ld $(OUTPUT_OPTION) $^
$(dir_build)/%.bin.o: $(dir_build)/%.bin
@$(bin2o)
$(dir_build)/injector.bin: $(dir_injector)
$(dir_build)/loader.cxi: $(dir_loader)
@mkdir -p "$(@D)"
@$(MAKE) -C $<
$(dir_build)/loader.bin: $(dir_loader)
$(dir_build)/rosalina.cxi: $(dir_rosalina)
@mkdir -p "$(@D)"
@$(MAKE) -C $<
$(dir_build)/%.bin.o: $(dir_build)/%.bin
@$(bin2o)
$(dir_build)/chainloader.bin: $(dir_chainloader)
@mkdir -p "$(@D)"
@$(MAKE) -C $<
@@ -85,10 +115,6 @@ $(dir_build)/arm9_exceptions.bin: $(dir_arm9_exceptions)
@mkdir -p "$(@D)"
@$(MAKE) -C $<
$(dir_build)/arm11_exceptions.bin: $(dir_arm11_exceptions)
@mkdir -p "$(@D)"
@$(MAKE) -C $<
$(dir_build)/%.bin: $(dir_patches)/%.s
@mkdir -p "$(@D)"
@armips $<
@@ -96,6 +122,8 @@ $(dir_build)/%.bin: $(dir_patches)/%.s
$(dir_build)/memory.o $(dir_build)/strings.o: CFLAGS += -O3
$(dir_build)/config.o: CFLAGS += -DCONFIG_TITLE="\"$(name) $(revision) configuration\""
$(dir_build)/patches.o: CFLAGS += -DREVISION=\"$(revision)\" -DCOMMIT_HASH="0x$(commit)"
$(dir_build)/firm.o: $(dir_build)/modules.bin
$(dir_build)/firm.o: CFLAGS += -DLUMA_SECTION0_SIZE="$(shell du -b $(dir_build)/modules.bin | cut -f1)"
$(dir_build)/bundled.h: $(bundled)
@$(foreach f, $(bundled),\

6
README.md
View File

@@ -7,12 +7,14 @@
It also allows you to run unauthorized ("homebrew") content by removing signature checks.
To use it, you will need a console capable of running homebrew software on the ARM9 processor. We recommend [Plailect's guide](https://3ds.guide/) for details on how to get your system ready.
Since Luma3DS v8.0, Luma3DS has its own in-game menu, triggerable by `L+Start+Select` (see the release notes).
---
## Compiling
First you need to clone the repository recursively with: `git clone --recursive https://github.com/AuroraWright/Luma3DS.git`
To compile, you'll need [armips](https://github.com/Kingcom/armips) and a build of a recent commit of [makerom](https://github.com/profi200/Project_CTR) added to your PATH.
First you need to clone the repository with: `git clone https://github.com/AuroraWright/Luma3DS.git`
To compile, you'll need [armips](https://github.com/Kingcom/armips) and a build of a recent commit of [makerom](https://github.com/profi200/Project_CTR) added to your PATH. You'll also need to install [firmtool](https://github.com/TuxSH/firmtool), its README contains installation instructions.
For now, you'll also need to update your [libctru](https://github.com/smealum/ctrulib) install, building from the latest commit.
For your convenience, here are [Windows](http://www91.zippyshare.com/v/ePGpjk9r/file.html) and [Linux](https://mega.nz/#!uQ1T1IAD!Q91O0e12LXKiaXh_YjXD3D5m8_W3FuMI-hEa6KVMRDQ) builds of armips (thanks to who compiled them!).
Finally just run `make` and everything should work!

19
exceptions/arm11/Makefile → arm11/Makefile
View File

@@ -6,32 +6,29 @@ endif
include $(DEVKITARM)/base_tools
name := arm11_exceptions
name := $(shell basename $(CURDIR))
dir_source := source
dir_build := build
dir_out := ../../$(dir_build)
dir_out := ../$(dir_build)
ASFLAGS := -mcpu=mpcore -mfpu=vfp
CFLAGS := -Wall -Wextra -MMD -MP -mthumb $(ASFLAGS) -fno-builtin -std=c11 -Wno-main -O2 -flto -ffast-math
LDFLAGS := -nostdlib
ASFLAGS := -mcpu=mpcore
CFLAGS := -Wall -Wextra -MMD -MP -marm $(ASFLAGS) -fno-builtin -std=c11 -Wno-main -O2 -flto -ffast-math
LDFLAGS := -nostartfiles -Wl,--nmagic
objects = $(patsubst $(dir_source)/%.s, $(dir_build)/%.o, \
$(patsubst $(dir_source)/%.c, $(dir_build)/%.o, \
$(call rwildcard, $(dir_source), *.s *.c)))
.PHONY: all
all: $(dir_out)/$(name).bin
all: $(dir_out)/$(name).elf
.PHONY: clean
clean:
@rm -rf $(dir_build)
$(dir_out)/$(name).bin: $(dir_build)/$(name).elf
$(OBJCOPY) -S -O binary $< $@
$(dir_build)/$(name).elf: $(objects)
$(CC) $(LDFLAGS) -T linker.ld $(OUTPUT_OPTION) $^
$(dir_out)/$(name).elf: $(objects)
$(LINK.o) -T linker.ld $(OUTPUT_OPTION) $^
$(dir_build)/%.o: $(dir_source)/%.c
@mkdir -p "$(@D)"

16
arm11/linker.ld Normal file
View File

@@ -0,0 +1,16 @@
OUTPUT_FORMAT("elf32-littlearm", "elf32-bigarm", "elf32-littlearm")
OUTPUT_ARCH(arm)
ENTRY(_start)
SECTIONS
{
. = 0x1FF80000;
.text : ALIGN(4) { *(.text.start) *(.text*); . = ALIGN(4); }
.rodata : ALIGN(4) { *(.rodata*); . = ALIGN(4); }
.data : ALIGN(4) { *(.data*); . = ALIGN(4); }
.bss : ALIGN(8) { __bss_start = .; *(.bss* COMMON); . = ALIGN(8); __bss_end = .; }
__stack_top__ = 0x1FFFF000;
. = ALIGN(4);
}

207
arm11/source/main.c Normal file
View File

@@ -0,0 +1,207 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
* Screen init code by dark_samus, bil1s, Normmatt, delebile and others
* LCD deinit code by tiniVi
*/
#include "types.h"
#include "memory.h"
void prepareForFirmlaunch(void);
extern u32 prepareForFirmlaunchSize;
extern volatile Arm11Operation operation;
static void initScreensSequence(u32 brightnessLevel)
{
*(vu32 *)0x10141200 = 0x1007F;
*(vu32 *)0x10202014 = 0x00000001;
*(vu32 *)0x1020200C &= 0xFFFEFFFE;
*(vu32 *)0x10202240 = brightnessLevel;
*(vu32 *)0x10202A40 = brightnessLevel;
*(vu32 *)0x10202244 = 0x1023E;
*(vu32 *)0x10202A44 = 0x1023E;
//Top screen
*(vu32 *)0x10400400 = 0x000001c2;
*(vu32 *)0x10400404 = 0x000000d1;
*(vu32 *)0x10400408 = 0x000001c1;
*(vu32 *)0x1040040c = 0x000001c1;
*(vu32 *)0x10400410 = 0x00000000;
*(vu32 *)0x10400414 = 0x000000cf;
*(vu32 *)0x10400418 = 0x000000d1;
*(vu32 *)0x1040041c = 0x01c501c1;
*(vu32 *)0x10400420 = 0x00010000;
*(vu32 *)0x10400424 = 0x0000019d;
*(vu32 *)0x10400428 = 0x00000002;
*(vu32 *)0x1040042c = 0x00000192;
*(vu32 *)0x10400430 = 0x00000192;
*(vu32 *)0x10400434 = 0x00000192;
*(vu32 *)0x10400438 = 0x00000001;
*(vu32 *)0x1040043c = 0x00000002;
*(vu32 *)0x10400440 = 0x01960192;
*(vu32 *)0x10400444 = 0x00000000;
*(vu32 *)0x10400448 = 0x00000000;
*(vu32 *)0x1040045C = 0x00f00190;
*(vu32 *)0x10400460 = 0x01c100d1;
*(vu32 *)0x10400464 = 0x01920002;
*(vu32 *)0x10400468 = 0x18300000;
*(vu32 *)0x10400470 = 0x80341;
*(vu32 *)0x10400474 = 0x00010501;
*(vu32 *)0x10400478 = 0;
*(vu32 *)0x10400490 = 0x000002D0;
*(vu32 *)0x1040049C = 0x00000000;
//Disco register
for(u32 i = 0; i < 256; i++)
*(vu32 *)0x10400484 = 0x10101 * i;
//Bottom screen
*(vu32 *)0x10400500 = 0x000001c2;
*(vu32 *)0x10400504 = 0x000000d1;
*(vu32 *)0x10400508 = 0x000001c1;
*(vu32 *)0x1040050c = 0x000001c1;
*(vu32 *)0x10400510 = 0x000000cd;
*(vu32 *)0x10400514 = 0x000000cf;
*(vu32 *)0x10400518 = 0x000000d1;
*(vu32 *)0x1040051c = 0x01c501c1;
*(vu32 *)0x10400520 = 0x00010000;
*(vu32 *)0x10400524 = 0x0000019d;
*(vu32 *)0x10400528 = 0x00000052;
*(vu32 *)0x1040052c = 0x00000192;
*(vu32 *)0x10400530 = 0x00000192;
*(vu32 *)0x10400534 = 0x0000004f;
*(vu32 *)0x10400538 = 0x00000050;
*(vu32 *)0x1040053c = 0x00000052;
*(vu32 *)0x10400540 = 0x01980194;
*(vu32 *)0x10400544 = 0x00000000;
*(vu32 *)0x10400548 = 0x00000011;
*(vu32 *)0x1040055C = 0x00f00140;
*(vu32 *)0x10400560 = 0x01c100d1;
*(vu32 *)0x10400564 = 0x01920052;
*(vu32 *)0x10400568 = 0x18300000 + 0x46500;
*(vu32 *)0x10400570 = 0x80301;
*(vu32 *)0x10400574 = 0x00010501;
*(vu32 *)0x10400578 = 0;
*(vu32 *)0x10400590 = 0x000002D0;
*(vu32 *)0x1040059C = 0x00000000;
//Disco register
for(u32 i = 0; i < 256; i++)
*(vu32 *)0x10400584 = 0x10101 * i;
}
static void setupFramebuffers(struct fb *fbs)
{
*(vu32 *)0x10400468 = (u32)fbs[0].top_left;
*(vu32 *)0x1040046c = (u32)fbs[1].top_left;
*(vu32 *)0x10400494 = (u32)fbs[0].top_right;
*(vu32 *)0x10400498 = (u32)fbs[1].top_right;
*(vu32 *)0x10400568 = (u32)fbs[0].bottom;
*(vu32 *)0x1040056c = (u32)fbs[1].bottom;
}
static void clearScreens(struct fb *fb)
{
//Setting up two simultaneous memory fills using the GPU
vu32 *REGs_PSC0 = (vu32 *)0x10400010,
*REGs_PSC1 = (vu32 *)0x10400020;
REGs_PSC0[0] = (u32)fb->top_left >> 3; //Start address
REGs_PSC0[1] = (u32)(fb->top_left + SCREEN_TOP_FBSIZE) >> 3; //End address
REGs_PSC0[2] = 0; //Fill value
REGs_PSC0[3] = (2 << 8) | 1; //32-bit pattern; start
REGs_PSC1[0] = (u32)fb->bottom >> 3; //Start address
REGs_PSC1[1] = (u32)(fb->bottom + SCREEN_BOTTOM_FBSIZE) >> 3; //End address
REGs_PSC1[2] = 0; //Fill value
REGs_PSC1[3] = (2 << 8) | 1; //32-bit pattern; start
while(!((REGs_PSC0[3] & 2) && (REGs_PSC1[3] & 2)));
}
static void swapFramebuffers(bool isAlternate)
{
u32 isAlternateTmp = isAlternate ? 1 : 0;
*(vu32 *)0x10400478 = (*(vu32 *)0x10400478 & 0xFFFFFFFE) | isAlternateTmp;
*(vu32 *)0x10400578 = (*(vu32 *)0x10400478 & 0xFFFFFFFE) | isAlternateTmp;
}
static void updateBrightness(u32 brightnessLevel)
{
//Change brightness
*(vu32 *)0x10202240 = brightnessLevel;
*(vu32 *)0x10202A40 = brightnessLevel;
}
static void deinitScreens(void)
{
//Shutdown LCDs
*(vu32 *)0x10202A44 = 0;
*(vu32 *)0x10202244 = 0;
*(vu32 *)0x10202014 = 0;
}
void main(void)
{
operation = ARM11_READY;
while(true)
{
switch(operation)
{
case ARM11_READY:
continue;
case INIT_SCREENS_SEQUENCE:
initScreensSequence(*(vu32 *)ARM11_PARAMETERS_ADDRESS);
break;
case SETUP_FRAMEBUFFERS:
setupFramebuffers((struct fb *)ARM11_PARAMETERS_ADDRESS);
break;
case CLEAR_SCREENS:
clearScreens((struct fb *)ARM11_PARAMETERS_ADDRESS);
break;
case SWAP_FRAMEBUFFERS:
swapFramebuffers(*(volatile bool *)ARM11_PARAMETERS_ADDRESS);
break;
case UPDATE_BRIGHTNESS:
updateBrightness(*(vu32 *)ARM11_PARAMETERS_ADDRESS);
break;
case DEINIT_SCREENS:
deinitScreens();
break;
case PREPARE_ARM11_FOR_FIRMLAUNCH:
memcpy((void *)0x1FFFFC00, (void *)prepareForFirmlaunch, prepareForFirmlaunchSize);
*(vu32 *)0x1FFFFFFC = 0;
((void (*)(u32, volatile Arm11Operation *))0x1FFFFC00)(ARM11_READY, &operation);
}
operation = ARM11_READY;
}
}

56
arm11/source/memory.c Normal file
View File

@@ -0,0 +1,56 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
* memcpy adapted from https://github.com/mid-kid/CakesForeveryWan/blob/557a8e8605ab3ee173af6497486e8f22c261d0e2/source/memfuncs.c
*/
#include "memory.h"
void memcpy(void *dest, const void *src, u32 size)
{
u8 *destc = (u8 *)dest;
const u8 *srcc = (const u8 *)src;
for(u32 i = 0; i < size; i++)
destc[i] = srcc[i];
}
void memset(void *dest, u32 filler, u32 size)
{
u8 *destc = (u8 *)dest;
for(u32 i = 0; i < size; i++)
destc[i] = (u8)filler;
}
void memset32(void *dest, u32 filler, u32 size)
{
u32 *dest32 = (u32 *)dest;
for(u32 i = 0; i < size / 4; i++)
dest32[i] = filler;
}

37
arm11/source/memory.h Normal file
View File

@@ -0,0 +1,37 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
* memcpy adapted from https://github.com/mid-kid/CakesForeveryWan/blob/557a8e8605ab3ee173af6497486e8f22c261d0e2/source/memfuncs.c
*/
#pragma once
#include "types.h"
void memcpy(void *dest, const void *src, u32 size);
void memset(void *dest, u32 value, u32 size) __attribute__((used));
void memset32(void *dest, u32 filler, u32 size);

81
arm11/source/start.s Normal file
View File

@@ -0,0 +1,81 @@
@ This file is part of Luma3DS
@ Copyright (C) 2016-2017 Aurora Wright, TuxSH
@
@ This program is free software: you can redistribute it and/or modify
@ it under the terms of the GNU General Public License as published by
@ the Free Software Foundation, either version 3 of the License, or
@ (at your option) any later version.
@
@ This program is distributed in the hope that it will be useful,
@ but WITHOUT ANY WARRANTY; without even the implied warranty of
@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@ GNU General Public License for more details.
@
@ You should have received a copy of the GNU General Public License
@ along with this program. If not, see <http://www.gnu.org/licenses/>.
@
@ Additional Terms 7.b and 7.c of GPLv3 apply to this file:
@ * Requiring preservation of specified reasonable legal notices or
@ author attributions in that material or in the Appropriate Legal
@ Notices displayed by works containing it.
@ * Prohibiting misrepresentation of the origin of that material,
@ or requiring that modified versions of such material be marked in
@ reasonable ways as different from the original version.
.section .text.start
.align 4
.global _start
.type _start, %function
_start:
b start
.global operation
operation:
.word 0
start:
@ Disable interrupts and switch to supervisor mode
cpsid aif, #0x13
@ Set the control register to reset default: everything disabled
ldr r0, =0x54078
mcr p15, 0, r0, c1, c0, 0
@ Set the auxiliary control register to reset default.
@ Enables instruction folding, static branch prediction,
@ dynamic branch prediction, and return stack.
mov r0, #0xF
mcr p15, 0, r0, c1, c0, 1
@ Invalidate both caches, flush the prefetch buffer then DSB
mov r0, #0
mcr p15, 0, r0, c7, c5, 4
mcr p15, 0, r0, c7, c7, 0
mcr p15, 0, r0, c7, c10, 4
@ Clear BSS
ldr r0, =__bss_start
mov r1, #0
ldr r2, =__bss_end
sub r2, r0
bl memset32
ldr sp, =__stack_top__
b main
.global prepareForFirmlaunch
.type prepareForFirmlaunch, %function
prepareForFirmlaunch:
str r0, [r1] @ tell ARM9 we're done
mov r0, #0x20000000
_wait_for_core0_entrypoint_loop:
ldr r1, [r0, #-4] @ check if core0's entrypoint is 0
cmp r1, #0
beq _wait_for_core0_entrypoint_loop
bx r1 @ jump to core0's entrypoint
prepareForFirmlaunchEnd:
.global prepareForFirmlaunchSize
prepareForFirmlaunchSize: .word prepareForFirmlaunchEnd - prepareForFirmlaunch

65
arm11/source/types.h Normal file
View File

@@ -0,0 +1,65 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once
#include <stdint.h>
#include <stdbool.h>
//Common data types
typedef uint8_t u8;
typedef uint16_t u16;
typedef uint32_t u32;
typedef uint64_t u64;
typedef volatile u8 vu8;
typedef volatile u16 vu16;
typedef volatile u32 vu32;
typedef volatile u64 vu64;
#define SCREEN_TOP_WIDTH 400
#define SCREEN_BOTTOM_WIDTH 320
#define SCREEN_HEIGHT 240
#define SCREEN_TOP_FBSIZE (3 * SCREEN_TOP_WIDTH * SCREEN_HEIGHT)
#define SCREEN_BOTTOM_FBSIZE (3 * SCREEN_BOTTOM_WIDTH * SCREEN_HEIGHT)
#define ARM11_PARAMETERS_ADDRESS 0x1FFFF000
struct fb {
u8 *top_left;
u8 *top_right;
u8 *bottom;
} __attribute__((packed));
typedef enum
{
INIT_SCREENS_SEQUENCE = 0,
SETUP_FRAMEBUFFERS,
CLEAR_SCREENS,
SWAP_FRAMEBUFFERS,
UPDATE_BRIGHTNESS,
DEINIT_SCREENS,
PREPARE_ARM11_FOR_FIRMLAUNCH,
ARM11_READY,
} Arm11Operation;

4
loader/Makefile → chainloader/Makefile
View File

@@ -13,8 +13,8 @@ dir_build := build
dir_out := ../$(dir_build)
ASFLAGS := -mcpu=arm946e-s
CFLAGS := -Wall -Wextra -mthumb $(ASFLAGS) -fno-builtin -std=c11 -Wno-main -O2 -flto -ffast-math
LDFLAGS := -nostdlib
CFLAGS := -Wall -Wextra -marm $(ASFLAGS) -fno-builtin -std=c11 -Wno-main -O2 -flto -ffast-math
LDFLAGS := -nostartfiles -Wl,--nmagic
objects = $(patsubst $(dir_source)/%.s, $(dir_build)/%.o, \
$(patsubst $(dir_source)/%.c, $(dir_build)/%.o, \

11
exceptions/arm11/linker.ld → chainloader/linker.ld
View File

@@ -4,11 +4,18 @@ OUTPUT_ARCH(arm)
ENTRY(_start)
SECTIONS
{
. = 0;
. = 0x01FF9000;
__start__ = ABSOLUTE(.);
.text : ALIGN(4) { *(.text.start) *(.text*); . = ALIGN(4); }
.rodata : ALIGN(4) { *(.rodata*); . = ALIGN(4); }
.data : ALIGN(4) { *(.data*); . = ALIGN(8); *(.bss* COMMON); . = ALIGN(8); }
. = ALIGN(4);
__end__ = ABSOLUTE(.);
__stack_top__ = 0x01FFB800;
__stack_bottom__ = 0x01FFA800;
}

14
loader/source/cache.h → chainloader/source/cache.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,13 +15,17 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once
#include "types.h"
void flushCaches(void);
void flushCaches(void);

12
loader/source/cache.s → chainloader/source/cache.s
View File

@@ -1,5 +1,5 @@
@ This file is part of Luma3DS
@ Copyright (C) 2016 Aurora Wright, TuxSH
@ Copyright (C) 2016-2017 Aurora Wright, TuxSH
@
@ This program is free software: you can redistribute it and/or modify
@ it under the terms of the GNU General Public License as published by
@@ -14,9 +14,13 @@
@ You should have received a copy of the GNU General Public License
@ along with this program. If not, see <http://www.gnu.org/licenses/>.
@
@ Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
@ reasonable legal notices or author attributions in that material or in the Appropriate Legal
@ Notices displayed by works containing it.
@ Additional Terms 7.b and 7.c of GPLv3 apply to this file:
@ * Requiring preservation of specified reasonable legal notices or
@ author attributions in that material or in the Appropriate Legal
@ Notices displayed by works containing it.
@ * Prohibiting misrepresentation of the origin of that material,
@ or requiring that modified versions of such material be marked in
@ reasonable ways as different from the original version.
.text
.arm

26
loader/source/firm.c → chainloader/source/firm.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2017 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,30 +15,28 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "firm.h"
#include "memory.h"
#include "cache.h"
void disableMpuAndJumpToEntrypoints(int argc, char **argv, void *arm11Entry, void *arm9Entry);
void launchFirm(Firm *firm, int argc, char **argv)
{
//Copy FIRM sections to respective memory locations
for(u32 sectionNum = 0; sectionNum < 4 && firm->section[sectionNum].size != 0; sectionNum++)
for(u32 sectionNum = 0; sectionNum < 4; sectionNum++)
memcpy(firm->section[sectionNum].address, (u8 *)firm + firm->section[sectionNum].offset, firm->section[sectionNum].size);
//Set ARM11 entrypoint
*(vu32 *)0x1FFFFFFC = (u32)firm->arm11Entry;
//Ensure that all memory transfers have completed and that the caches have been flushed
flushCaches();
//Jump to ARM9 entrypoint. Also give it additional arguments it can dismiss
((void (*)(int, char**, u32))firm->arm9Entry)(argc, argv, 0x0000BEEF);
disableMpuAndJumpToEntrypoints(argc, argv, firm->arm9Entry, firm->arm11Entry);
__builtin_unreachable();
}

12
loader/source/firm.h → chainloader/source/firm.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2017 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once

59
chainloader/source/main.c Normal file
View File

@@ -0,0 +1,59 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "memory.h"
#include "cache.h"
#include "firm.h"
void main(int argc, char **argv)
{
Firm *firm = (Firm *)0x20001000;
char *argvPassed[2],
absPath[24 + 255];
struct fb fbs[2];
if(argc > 0)
{
u32 i;
for(i = 0; i < sizeof(absPath) - 1 && argv[0][i] != 0; i++)
absPath[i] = argv[0][i];
absPath[i] = 0;
argvPassed[0] = (char *)absPath;
}
if(argc == 2)
{
struct fb *fbsrc = (struct fb *)argv[1];
fbs[0] = fbsrc[0];
fbs[1] = fbsrc[1];
argvPassed[1] = (char *)&fbs;
}
launchFirm(firm, argc, argvPassed);
}

14
loader/source/memory.c → chainloader/source/memory.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
@@ -33,4 +37,4 @@ void memcpy(void *dest, const void *src, u32 size)
for(u32 i = 0; i < size; i++)
destc[i] = srcc[i];
}
}

14
loader/source/memory.h → chainloader/source/memory.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
@@ -28,4 +32,4 @@
#include "types.h"
void memcpy(void *dest, const void *src, u32 size);
void memcpy(void *dest, const void *src, u32 size);

60
chainloader/source/start.s Normal file
View File

@@ -0,0 +1,60 @@
@ This file is part of Luma3DS
@ Copyright (C) 2016-2017 Aurora Wright, TuxSH
@
@ This program is free software: you can redistribute it and/or modify
@ it under the terms of the GNU General Public License as published by
@ the Free Software Foundation, either version 3 of the License, or
@ (at your option) any later version.
@
@ This program is distributed in the hope that it will be useful,
@ but WITHOUT ANY WARRANTY; without even the implied warranty of
@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@ GNU General Public License for more details.
@
@ You should have received a copy of the GNU General Public License
@ along with this program. If not, see <http://www.gnu.org/licenses/>.
@
@ Additional Terms 7.b and 7.c of GPLv3 apply to this file:
@ * Requiring preservation of specified reasonable legal notices or
@ author attributions in that material or in the Appropriate Legal
@ Notices displayed by works containing it.
@ * Prohibiting misrepresentation of the origin of that material,
@ or requiring that modified versions of such material be marked in
@ reasonable ways as different from the original version.
.arm
.section .text.start
.align 4
.global _start
_start:
ldr sp, =__stack_top__
b main
.text
.balign 4
.global disableMpuAndJumpToEntrypoints
.type disableMpuAndJumpToEntrypoints, %function
disableMpuAndJumpToEntrypoints:
mov r4, r0
mov r5, r1
mov r6, r2
mov r7, r3
bl flushCaches
@ Disable caches / MPU
mrc p15, 0, r0, c1, c0, 0 @ read control register
bic r0, #(1<<12) @ - instruction cache disable
bic r0, #(1<<2) @ - data cache disable
bic r0, #(1<<0) @ - MPU disable
mcr p15, 0, r0, c1, c0, 0 @ write control register
@ Set the ARM11 entrypoint
mov r0, #0x20000000
str r7, [r0, #-4]
@ Jump to the ARM9 entrypoint
mov r0, r4
mov r1, r5
ldr r2, =0x1BEEF
bx r6

20
loader/source/types.h → chainloader/source/types.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once
@@ -32,4 +36,10 @@ typedef uint64_t u64;
typedef volatile u8 vu8;
typedef volatile u16 vu16;
typedef volatile u32 vu32;
typedef volatile u64 vu64;
typedef volatile u64 vu64;
struct fb {
u8 *top_left;
u8 *top_right;
u8 *bottom;
} __attribute__((packed));

151
exceptions/arm11/source/handlers.s
View File

@@ -1,151 +0,0 @@
@ This file is part of Luma3DS
@ Copyright (C) 2016 Aurora Wright, TuxSH
@
@ This program is free software: you can redistribute it and/or modify
@ it under the terms of the GNU General Public License as published by
@ the Free Software Foundation, either version 3 of the License, or
@ (at your option) any later version.
@
@ This program is distributed in the hope that it will be useful,
@ but WITHOUT ANY WARRANTY; without even the implied warranty of
@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@ GNU General Public License for more details.
@
@ You should have received a copy of the GNU General Public License
@ along with this program. If not, see <http://www.gnu.org/licenses/>.
@
@ Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
@ reasonable legal notices or author attributions in that material or in the Appropriate Legal
@ Notices displayed by works containing it.
.macro GEN_HANDLER name
.global \name
.type \name, %function
\name:
ldr sp, =#0xffff3000
stmfd sp!, {r0-r7}
mov r1, #\@ @ macro expansion counter
b _commonHandler
.size \name, . - \name
.endm
.text
.arm
.align 4
.global _commonHandler
.type _commonHandler, %function
_commonHandler:
clrex
cpsid aif
mrs r2, spsr
mov r6, sp
mrs r3, cpsr
tst r2, #0x20
bne noFPUInitNorSvcBreak
sub r0, lr, #4
stmfd sp!, {lr}
bl cannotAccessVA
ldmfd sp!, {lr}
cmp r0, #0
bne noFPUInitNorSvcBreak
ldr r4, [lr, #-4]
cmp r1, #1
bne noFPUInit
lsl r4, #4
sub r4, #0xc0000000
cmp r4, #0x30000000
bcs noFPUInitNorSvcBreak
fmrx r0, fpexc
tst r0, #0x40000000
bne noFPUInitNorSvcBreak
sub lr, #4
srsfd sp!, #0x13
ldmfd sp!, {r0-r7} @ restore context
cps #0x13 @ FPU init
stmfd sp, {r0-r3, r11-lr}^
sub sp, #0x20
bl . @ will be replaced
ldmfd sp, {r0-r3, r11-lr}^
add sp, #0x20
rfefd sp!
noFPUInit:
cmp r1, #2
bne noFPUInitNorSvcBreak
ldr r5, =#0xe12fff7f
cmp r4, r5
bne noFPUInitNorSvcBreak
cps #0x13 @ switch to supervisor mode
cmp r10, #0
addne sp, #0x28
ldmfd sp, {r8-r11}^ @ implementation details of the official svc handler
ldr r2, [sp, #0x1c]
ldr r4, [sp, #0x18]
msr cpsr_c, r3 @ restore processor mode
tst r2, #0x20
addne lr, r4, #2 @ adjust address for later
moveq lr, r4
noFPUInitNorSvcBreak:
ands r4, r2, #0xf @ get the mode that triggered the exception
moveq r4, #0xf @ usr => sys
bic r5, r3, #0xf
orr r5, r4
msr cpsr_c, r5 @ change processor mode
stmfd r6!, {r8-lr}
msr cpsr_c, r3 @ restore processor mode
mov sp, r6
stmfd sp!, {r2,lr}
mrc p15,0,r4,c5,c0,0 @ dfsr
mrc p15,0,r5,c5,c0,1 @ ifsr
mrc p15,0,r6,c6,c0,0 @ far
fmrx r7, fpexc
fmrx r8, fpinst
fmrx r9, fpinst2
stmfd sp!, {r4-r9} @ it's a bit of a mess, but we will fix that later
@ order of saved regs now: dfsr, ifsr, far, fpexc, fpinst, fpinst2, cpsr, pc + (2/4/8), r8-r14, r0-r7
bic r3, #(1<<31)
fmxr fpexc, r3 @ clear the VFP11 exception flag (if it's set)
mov r0, sp
mrc p15,0,r2,c0,c0,5 @ CPU ID register
b mainHandler
GEN_HANDLER FIQHandler
GEN_HANDLER undefinedInstructionHandler
GEN_HANDLER prefetchAbortHandler
GEN_HANDLER dataAbortHandler
.global mcuReboot
.type mcuReboot, %function
mcuReboot:
b . @ will be replaced
.global cleanInvalidateDCacheAndDMB
.type cleanInvalidateDCacheAndDMB, %function
cleanInvalidateDCacheAndDMB:
mov r0, #0
mcr p15,0,r0,c7,c14,0 @ Clean and Invalidate Entire Data Cache
mcr p15,0,r0,c7,c10,4 @ Drain Memory Barrier
bx lr
.global cannotAccessVA
.type cannotAccessVA, %function
cannotAccessVA:
@ Thanks yellows8 for the hint
lsr r0, #12
lsl r0, #12
mcr p15,0,r0,c7,c8,0 @ VA to PA translation with privileged read permission check
mrc p15,0,r0,c7,c4,0 @ read PA register
and r0, #1 @ failure bit
bx lr

109
exceptions/arm11/source/mainHandler.c
View File

@@ -1,109 +0,0 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
*/
#include "handlers.h"
#define REG_DUMP_SIZE 4 * 23
#define CODE_DUMP_SIZE 48
#define CODESET_OFFSET 0xBEEFBEEF
static u32 __attribute__((noinline)) copyMemory(void *dst, const void *src, u32 size, u32 alignment)
{
u8 *out = (u8 *)dst;
const u8 *in = (const u8 *)src;
if(((u32)src & (alignment - 1)) != 0 || cannotAccessVA(src) || (size != 0 && cannotAccessVA((u8 *)src + size - 1)))
return 0;
for(u32 i = 0; i < size; i++)
*out++ = *in++;
return size;
}
void __attribute__((noreturn)) mainHandler(u32 *regs, u32 type, u32 cpuId)
{
ExceptionDumpHeader dumpHeader;
u32 registerDump[REG_DUMP_SIZE / 4];
u8 codeDump[CODE_DUMP_SIZE];
u8 *finalBuffer = cannotAccessVA((void *)0xE5000000) ? (u8 *)0xF5000000 : (u8 *)0xE5000000; //VA for 0x25000000
u8 *final = finalBuffer;
while(*(vu32 *)final == 0xDEADC0DE && *((vu32 *)final + 1) == 0xDEADCAFE);
dumpHeader.magic[0] = 0xDEADC0DE;
dumpHeader.magic[1] = 0xDEADCAFE;
dumpHeader.versionMajor = 1;
dumpHeader.versionMinor = 2;
dumpHeader.processor = 11;
dumpHeader.core = cpuId & 0xF;
dumpHeader.type = type;
dumpHeader.registerDumpSize = REG_DUMP_SIZE;
dumpHeader.codeDumpSize = CODE_DUMP_SIZE;
//Dump registers
//Current order of saved regs: dfsr, ifsr, far, fpexc, fpinst, fpinst2, cpsr, pc, r8-r12, sp, lr, r0-r7
u32 cpsr = regs[6];
u32 pc = regs[7] - (type < 3 ? (((cpsr & 0x20) != 0 && type == 1) ? 2 : 4) : 0);
registerDump[15] = pc;
registerDump[16] = cpsr;
for(u32 i = 0; i < 6; i++) registerDump[17 + i] = regs[i];
for(u32 i = 0; i < 7; i++) registerDump[8 + i] = regs[8 + i];
for(u32 i = 0; i < 8; i++) registerDump[i] = regs[15 + i];
//Dump code
u8 *instr = (u8 *)pc + ((cpsr & 0x20) ? 2 : 4) - dumpHeader.codeDumpSize; //Doesn't work well on 32-bit Thumb instructions, but it isn't much of a problem
dumpHeader.codeDumpSize = copyMemory(codeDump, instr, dumpHeader.codeDumpSize, ((cpsr & 0x20) != 0) ? 2 : 4);
//Copy register dump and code dump
final = (u8 *)(finalBuffer + sizeof(ExceptionDumpHeader));
final += copyMemory(final, registerDump, dumpHeader.registerDumpSize, 1);
final += copyMemory(final, codeDump, dumpHeader.codeDumpSize, 1);
//Dump stack in place
dumpHeader.stackDumpSize = copyMemory(final, (const void *)registerDump[13], 0x1000 - (registerDump[13] & 0xFFF), 1);
final += dumpHeader.stackDumpSize;
if(!cannotAccessVA((void *)0xFFFF9004))
{
vu64 *additionalData = (vu64 *)final;
dumpHeader.additionalDataSize = 16;
vu8 *currentKCodeSet = *(vu8 **)(*(vu8 **)0xFFFF9004 + CODESET_OFFSET); //currentKProcess + CodeSet
additionalData[0] = *(vu64 *)(currentKCodeSet + 0x50); //Process name
additionalData[1] = *(vu64 *)(currentKCodeSet + 0x5C); //Title ID
}
else dumpHeader.additionalDataSize = 0;
dumpHeader.totalSize = sizeof(ExceptionDumpHeader) + dumpHeader.registerDumpSize + dumpHeader.codeDumpSize + dumpHeader.stackDumpSize + dumpHeader.additionalDataSize;
//Copy header (actually optimized by the compiler)
*(ExceptionDumpHeader *)finalBuffer = dumpHeader;
cleanInvalidateDCacheAndDMB();
mcuReboot(); //Also contains DCache-cleaning code
}

31
exceptions/arm11/source/start.s
View File

@@ -1,31 +0,0 @@
@ This file is part of Luma3DS
@ Copyright (C) 2016 Aurora Wright, TuxSH
@
@ This program is free software: you can redistribute it and/or modify
@ it under the terms of the GNU General Public License as published by
@ the Free Software Foundation, either version 3 of the License, or
@ (at your option) any later version.
@
@ This program is distributed in the hope that it will be useful,
@ but WITHOUT ANY WARRANTY; without even the implied warranty of
@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
@ GNU General Public License for more details.
@
@ You should have received a copy of the GNU General Public License
@ along with this program. If not, see <http://www.gnu.org/licenses/>.
@
@ Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
@ reasonable legal notices or author attributions in that material or in the Appropriate Legal
@ Notices displayed by works containing it.
.section .text.start
.align 4
.global _start
_start:
add pc, r0, #(handlers - .) @ Dummy instruction to prevent compiler optimizations
handlers:
.word FIQHandler
.word undefinedInstructionHandler
.word prefetchAbortHandler
.word dataAbortHandler

14
exceptions/arm9/source/handlers.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once
@@ -43,4 +47,4 @@ u32 readMPUConfig(u32 *regionSettings);
void FIQHandler(void);
void undefinedInstructionHandler(void);
void dataAbortHandler(void);
void prefetchAbortHandler(void);
void prefetchAbortHandler(void);

12
exceptions/arm9/source/handlers.s
View File

@@ -1,5 +1,5 @@
@ This file is part of Luma3DS
@ Copyright (C) 2016 Aurora Wright, TuxSH
@ Copyright (C) 2016-2017 Aurora Wright, TuxSH
@
@ This program is free software: you can redistribute it and/or modify
@ it under the terms of the GNU General Public License as published by
@@ -14,9 +14,13 @@
@ You should have received a copy of the GNU General Public License
@ along with this program. If not, see <http://www.gnu.org/licenses/>.
@
@ Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
@ reasonable legal notices or author attributions in that material or in the Appropriate Legal
@ Notices displayed by works containing it.
@ Additional Terms 7.b and 7.c of GPLv3 apply to this file:
@ * Requiring preservation of specified reasonable legal notices or
@ author attributions in that material or in the Appropriate Legal
@ Notices displayed by works containing it.
@ * Prohibiting misrepresentation of the origin of that material,
@ or requiring that modified versions of such material be marked in
@ reasonable ways as different from the original version.
.macro GEN_HANDLER name
.global \name

16
exceptions/arm9/source/i2c.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,13 +15,17 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
* Thanks to the everyone who contributed in the development of this file
* Thanks to whoever contributed in the development of this file
*/
#include "i2c.h"
@@ -136,4 +140,4 @@ bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data)
}
return false;
}
}

16
exceptions/arm9/source/i2c.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,13 +15,17 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
* Thanks to the everyone who contributed in the development of this file
* Thanks to whoever contributed in the development of this file
*/
#pragma once
@@ -41,4 +45,4 @@
#define I2C_DEV_GYRO 10
#define I2C_DEV_IR 13
bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data);
bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data);

14
exceptions/arm9/source/mainHandler.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "i2c.h"
@@ -115,4 +119,4 @@ void __attribute__((noreturn)) mainHandler(u32 *regs, u32 type)
((void (*)())0xFFFF0830)(); //Ensure that all memory transfers have completed and that the data cache has been flushed
i2cWriteRegister(I2C_DEV_MCU, 0x20, 1 << 2); //Reboot
while(true);
}
}

12
exceptions/arm9/source/start.s
View File

@@ -1,5 +1,5 @@
@ This file is part of Luma3DS
@ Copyright (C) 2016 Aurora Wright, TuxSH
@ Copyright (C) 2016-2017 Aurora Wright, TuxSH
@
@ This program is free software: you can redistribute it and/or modify
@ it under the terms of the GNU General Public License as published by
@@ -14,9 +14,13 @@
@ You should have received a copy of the GNU General Public License
@ along with this program. If not, see <http://www.gnu.org/licenses/>.
@
@ Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
@ reasonable legal notices or author attributions in that material or in the Appropriate Legal
@ Notices displayed by works containing it.
@ Additional Terms 7.b and 7.c of GPLv3 apply to this file:
@ * Requiring preservation of specified reasonable legal notices or
@ author attributions in that material or in the Appropriate Legal
@ Notices displayed by works containing it.
@ * Prohibiting misrepresentation of the origin of that material,
@ or requiring that modified versions of such material be marked in
@ reasonable ways as different from the original version.
.section .text.start
.align 4

14
exceptions/arm9/source/types.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once
@@ -34,4 +38,4 @@ typedef uint64_t u64;
typedef volatile u8 vu8;
typedef volatile u16 vu16;
typedef volatile u32 vu32;
typedef volatile u64 vu64;
typedef volatile u64 vu64;

19
injector/source/CFWInfo.h
View File

@@ -1,19 +0,0 @@
#pragma once
#include <3ds/types.h>
typedef struct __attribute__((packed))
{
char magic[4];
u8 versionMajor;
u8 versionMinor;
u8 versionBuild;
u8 flags;
u32 commitHash;
u32 config;
} CFWInfo;
u32 svcGetCFWInfo(CFWInfo *info);

9
injector/source/CFWInfo.s
View File

@@ -1,9 +0,0 @@
.text
.arm
.align 4
.global svcGetCFWInfo
.type svcGetCFWInfo, %function
svcGetCFWInfo:
svc 0x2e
bx lr

97
injector/source/exheader.h
View File

@@ -1,97 +0,0 @@
#pragma once
#include <3ds/types.h>
typedef struct
{
u8 reserved[5];
u8 flag;
u8 remasterversion[2];
} PACKED exheader_systeminfoflags;
typedef struct
{
u32 address;
u32 nummaxpages;
u32 codesize;
} PACKED exheader_codesegmentinfo;
typedef struct
{
u8 name[8];
exheader_systeminfoflags flags;
exheader_codesegmentinfo text;
u8 stacksize[4];
exheader_codesegmentinfo ro;
u8 reserved[4];
exheader_codesegmentinfo data;
u32 bsssize;
} PACKED exheader_codesetinfo;
typedef struct
{
u64 programid[0x30];
} PACKED exheader_dependencylist;
typedef struct
{
u8 savedatasize[4];
u8 reserved[4];
u8 jumpid[8];
u8 reserved2[0x30];
} PACKED exheader_systeminfo;
typedef struct
{
u8 extsavedataid[8];
u8 systemsavedataid[8];
u8 reserved[8];
u8 accessinfo[7];
u8 otherattributes;
} PACKED exheader_storageinfo;
typedef struct
{
u64 programid;
u8 flags[8];
u16 resourcelimitdescriptor[0x10];
exheader_storageinfo storageinfo;
u64 serviceaccesscontrol[0x20];
u8 reserved[0x1f];
u8 resourcelimitcategory;
} PACKED exheader_arm11systemlocalcaps;
typedef struct
{
u32 descriptors[28];
u8 reserved[0x10];
} PACKED exheader_arm11kernelcapabilities;
typedef struct
{
u8 descriptors[15];
u8 descversion;
} PACKED exheader_arm9accesscontrol;
typedef struct
{
// systemcontrol info {
// coreinfo {
exheader_codesetinfo codesetinfo;
exheader_dependencylist deplist;
// }
exheader_systeminfo systeminfo;
// }
// accesscontrolinfo {
exheader_arm11systemlocalcaps arm11systemlocalcaps;
exheader_arm11kernelcapabilities arm11kernelcaps;
exheader_arm9accesscontrol arm9accesscontrol;
// }
struct {
u8 signature[0x100];
u8 ncchpubkeymodulus[0x100];
exheader_arm11systemlocalcaps arm11systemlocalcaps;
exheader_arm11kernelcapabilities arm11kernelcaps;
exheader_arm9accesscontrol arm9accesscontrol;
} PACKED accessdesc;
} PACKED exheader_header;

2
linker.ld
View File

@@ -4,7 +4,7 @@ OUTPUT_ARCH(arm)
ENTRY(_start)
SECTIONS
{
. = 0x23F00000;
. = 0x08006000;
.text : ALIGN(4) { *(.text.start) *(.text*); . = ALIGN(4); }
.rodata : ALIGN(4) { *(.rodata*); . = ALIGN(4); }

73
patches/k11MainHook.s Normal file
View File

@@ -0,0 +1,73 @@
.arm.little
.create "build/k11MainHook.bin", 0
.arm
bindSGI0:
; hook __kernel_main to bind SGI0 for own purposes
push {r0-r4, lr}
sub sp, #16 ; 3 args passed through the stack + alignment
ldr r0, [interruptManager]
adr r1, interruptEvent
mov r2, #0
mrc p15, 0, r3, c0, c0, 5
and r3, #3
mov r4, #0
str r4, [sp]
str r4, [sp, #4]
str r4, [sp, #8]
ldr r12, [InterruptManager_mapInterrupt]
blx r12
cmp r0, #0
blt .
add sp, #16
pop {r0-r4, pc}
executeCustomHandler:
push {r4, lr}
mrs r4, cpsr
adr r0, customHandler
bl convertVAToPA
orr r0, #(1 << 31)
ldr r12, [r0]
blx r12
mov r0, #0
msr cpsr_cx, r4
pop {r4, pc}
convertVAToPA:
mov r1, #0x1000
sub r1, #1
and r2, r0, r1
bic r0, r1
mcr p15, 0, r0, c7, c8, 0 ; VA to PA translation with privileged read permission check
mrc p15, 0, r0, c7, c4, 0 ; read PA register
tst r0, #1 ; failure bit
bic r0, r1
addeq r0, r2
movne r0, #0
bx lr
.pool
; Result InterruptManager::mapInterrupt(InterruptManager *this, InterruptEvent *iEvent, u32 interruptID, u32 coreID, s32 priority, bool willBeMasked, bool isLevelHighActive);
InterruptManager_mapInterrupt: .ascii "bind"
_vtable: .word executeCustomHandler
interruptEvent: .word _vtable
parameters:
customHandler: .ascii "hdlr"
interruptManager: .word 0
L2MMUTable: .word 0
funcs: .word 0,0,0
TTBCR: .word 0
L1MMUTableAddrs: .word 0,0,0,0
kernelVersion: .word 0
CFWInfo: .word 0,0,0,0
.close

105
patches/k11modules.s
View File

@@ -1,105 +0,0 @@
;
; This file is part of Luma3DS
; Copyright (C) 2016 Aurora Wright, TuxSH
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.
;
; Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
; reasonable legal notices or author attributions in that material or in the Appropriate Legal
; Notices displayed by works containing it.
;
; Code originally from Subv
.arm.little
.create "build/k11modules.bin", 0
.arm
; This code searches the sm module for a specific byte pattern and patches some of the instructions
; in the code to disable service access checks when calling srv:GetServiceHandle
; It also searches the fs module for archive access check code
; Save the registers we'll be using
; Register contents:
; r4: Pointer to a pointer to the exheader of the current NCCH
; r6: Constant 0
; SP + 4: Pointer to the memory location where the NCCH text was loaded
; Execute the instruction we overwrote in our detour
ldr r0, [r4]
; Save the value of the register we use
push {r0-r4}
ldr r1, [sp, #24] ; Load the .text address
ldr r2, [r0, #0x200] ; Load the low title id of the current NCCH
ldr r0, [r0, #0x18] ; Load the size of the .text
add r0, r1, r0 ; Max bounds of the memory region
ldr r3, =0x1002 ; Low title id of the sm module
cmp r2, r3 ; Compare the low title id to the id of the sm module
bne fs_patch ; Skip if they're not the same
ldr r2, =0xE1A01006 ; mov r1, r6
loop:
cmp r0, r1
blo die ; Check if we didn't go past the bounds of the memory region
ldr r3, [r1]
cmp r3, r2
ldreqh r3, [r1, #4]
cmpeq r3, #5
addne r1, #4
bne loop
; r1 now contains the start address of the pattern we found
ldr r0, =0xE3A00001 ; mov r0, #1
str r0, [r1, #8] ; Patch the bl
b out
fs_patch: ; patch adapted from BootNTR
ldr r3, =0x1102 ; Low title id of the fs module
cmp r2, r3 ; Compare the low title id to the id of the sm module
bne out ; Skip if they're not the same
ldr r2, =0x7401 ; strb r1, [r0, #16]
ldr r3, =0x2000 ; movs r0, #0
loop_fs:
cmp r0, r1
blo die
ldrh r4, [r1]
cmp r4, r2
ldreqh r4, [r1, #2]
cmpeq r4, r3
addeq r1, #8
addne r1, #2
bne loop_fs
; r1 now contains the start address of the pattern we found
ldr r0, =0x2001 ; mov r0, #1
ldr r2, =0x4770 ; bx lr
strh r0, [r1]
strh r2, [r1, #2]
out:
pop {r0-r4} ; Restore the registers we used
bx lr ; Jump back to whoever called us
die:
b die
.pool
.close

36
patches/mmuHook.s Normal file
View File

@@ -0,0 +1,36 @@
.arm.little
.create "build/mmuHook.bin", 0
.arm
; r2 = L1 table
; Thanks @Dazzozo for giving me that idea
; Maps physmem so that, if addr is in physmem(0, 0x30000000), it can be accessed uncached&rwx as addr|(1<<31)
; Save the value of all registers
push {r0-r1, r3-r7}
mov r0, #0
mov r1, #0x30000000 ; end address
ldr r3, =#0x40C02 ; supersection (rwx for all) of strongly ordered memory, shared
loop:
orr r4, r0, #0x80000000
orr r5, r0, r3
mov r6, #0 ;
loop2:
add r7, r6, r4,lsr #20
str r5, [r2, r7,lsl #2]
add r6, #1
cmp r6, #16
blo loop2
add r0, #0x01000000
cmp r0, r1
blo loop
pop {r0-r1, r3-r7}
mov r3, #0xe0000000 ; instruction that has been patched
bx lr
.pool
.close

47
patches/reboot.s
View File

@@ -2,22 +2,24 @@
.arm.little
argv_addr equ 0x27FFDF00
fname_addr equ 0x27FFDF80
low_tid_addr equ 0x27FFDFE0
copy_launch_stub_addr equ 0x27FFE000
copy_launch_stub_stack_top equ 0x01FFB800
copy_launch_stub_stack_bottom equ 0x01FFA800
copy_launch_stub_addr equ 0x01FF9000
firm_addr equ 0x24000000
firm_maxsize equ (copy_launch_stub_addr - 0x1000 - firm_addr)
argv_addr equ (copy_launch_stub_stack_bottom - 0x100)
fname_addr equ (copy_launch_stub_stack_bottom - 0x200)
low_tid_addr equ (copy_launch_stub_stack_bottom - 0x300)
firm_addr equ 0x20001000
firm_maxsize equ 0x07FFF000
arm11_entrypoint_addr equ 0x1FFFFFFC
.create "build/reboot.bin", 0
.arm
; Interesting registers and locations to keep in mind, set just before this code is ran:
; - r1: FIRM path in exefs.
; - r7 (or r8): pointer to file object
; - *r7: vtable
; - *(vtable + 0x28): fread function
; - *(vtable + 0x28): fread function
; - *(r7 + 8): file handle
sub r7, r0, #8
@@ -53,12 +55,13 @@ arm11_entrypoint_addr equ 0x1FFFFFFC
ldr r6, [r6, #0x28]
blx r6
; Copy the low TID (in UTF-16) of the wanted firm to the 5th byte of the payload
; Copy the low TID (in UTF-16) of the wanted firm
ldr r0, =low_tid_addr
add r1, r8, #0x1A
mov r2, #0x10
bl memcpy16
; Copy argv[0]
ldr r0, =fname_addr
adr r1, fname
mov r2, #42
@@ -110,9 +113,6 @@ fopen: .ascii "OPEN"
fname: .ascii "FILE"
.endarea
.pool
nand_mount: .dcw "nand"
.align 4
kernelcode_start:
@@ -120,7 +120,7 @@ nand_mount: .dcw "nand"
orr r0, #0xC0
msr cpsr, r0
ldr sp, =0x27FFDF00
ldr sp, =copy_launch_stub_stack_top
ldr r0, =copy_launch_stub_addr
adr r1, copy_launch_stub
@@ -147,32 +147,27 @@ nand_mount: .dcw "nand"
add r3, r5,lsl #5
add r3, r5,lsl #4
ldmia r3, {r6-r8}
mov r0, r7
add r1, r4, r6
mov r2, r8
bl memcpy32
cmp r8, #0
movne r0, r7
addne r1, r4, r6
movne r2, r8
blne memcpy32
add r5, #1
cmp r5, #3
blo load_section_loop
ldr r0, =arm11_entrypoint_addr
ldr r1, [r4, #0x08]
str r1, [r0]
mov r0, #2 ; argc
ldr r1, =argv_addr ; argv
ldr r2, =0xBEEF ; magic word
ldr r2, =0xBABE ; magic word
ldr r5, =arm11_entrypoint_addr
mov r5, #0x20000000
ldr r6, [r4, #0x08]
str r6, [r5]
str r6, [r5, #-4] ; store arm11 entrypoint
ldr lr, [r4, #0x0c]
bx lr
memcpy32:
cmp r2, #0
bxeq lr
add r2, r0, r2
copy_loop32:
ldr r3, [r1], #4

43
patches/svcConnectToPortInitHook.s Normal file
View File

@@ -0,0 +1,43 @@
.arm.little
.create "build/svcConnectToPortInitHook.bin", 0
.arm
push {r0-r4, lr}
adr r0, jumpAddress
bl convertVAToPA
orr r4, r0, #(1 << 31)
loop:
ldr r12, [r4]
cmp r12, #0
bne loop_end
ldr r12, [SleepThread]
ldr r0, =(10 * 1000 * 1000)
mov r1, #0
blx r12
b loop
loop_end:
pop {r0-r4, lr}
bx r12
convertVAToPA:
mov r1, #0x1000
sub r1, #1
and r2, r0, r1
bic r0, r1
mcr p15, 0, r0, c7, c8, 0 ; VA to PA translation with privileged read permission check
mrc p15, 0, r0, c7, c4, 0 ; read PA register
tst r0, #1 ; failure bit
bic r0, r1
addeq r0, r2
movne r0, #0
bx lr
.pool
_base: .ascii "base"
jumpAddressOrig: .ascii "orig"
SleepThread: .ascii "SlpT"
jumpAddress: .word 0
.close

20
patches/svcCustomBackdoor.s Normal file
View File

@@ -0,0 +1,20 @@
.arm.little
.create "build/svcCustomBackdoor.bin", 0
.arm
; Result svcCustomBackdoor(void *func, ... <up to 3 args>)
svcCustomBackdoor:
b skip_orig
orig: .word 0
skip_orig:
push {r4, lr}
mov r4, r0
mov r0, r1
mov r1, r2
mov r2, r3
blx r4
pop {r4, pc}
.pool
.close

48
patches/svcGetCFWInfo.s
View File

@@ -1,48 +0,0 @@
;
; This file is part of Luma3DS
; Copyright (C) 2016 Aurora Wright, TuxSH
;
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.
;
; Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
; reasonable legal notices or author attributions in that material or in the Appropriate Legal
; Notices displayed by works containing it.
;
.arm.little
.create "build/svcGetCFWInfo.bin", 0
.arm
adr r1, infoStart
add r2, r0, #(infoEnd - infoStart)
loop:
ldrb r3, [r1], #1
strbt r3, [r0], #1
cmp r0, r2
blo loop
mov r0, #0
bx lr
.pool
infoStart:
.ascii "LUMA" ; magic
.word 0 ; version
.word 0 ; truncated commit hash
.word 0 ; config
infoEnd:
.close

12
source/3dsheaders.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*

14
source/buttons.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once
@@ -44,4 +48,4 @@
#define SINGLE_PAYLOAD_BUTTONS (DPAD_BUTTONS | BUTTON_B | BUTTON_X | BUTTON_Y)
#define L_PAYLOAD_BUTTONS (BUTTON_R1 | BUTTON_A | BUTTON_START | BUTTON_SELECT)
#define MENU_BUTTONS (DPAD_BUTTONS | BUTTON_A | BUTTON_START)
#define PIN_BUTTONS (BUTTON_A | BUTTON_B | BUTTON_X | BUTTON_Y | DPAD_BUTTONS | BUTTON_START | BUTTON_SELECT)
#define PIN_BUTTONS (BUTTON_A | BUTTON_B | BUTTON_X | BUTTON_Y | DPAD_BUTTONS | BUTTON_START | BUTTON_SELECT)

14
source/cache.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once
@@ -36,4 +40,4 @@
void flushEntireDCache(void); //actually: "clean and flush"
void flushDCacheRange(void *startAddress, u32 size);
void flushEntireICache(void);
void flushICacheRange(void *startAddress, u32 size);
void flushICacheRange(void *startAddress, u32 size);

12
source/cache.s
View File

@@ -1,5 +1,5 @@
@ This file is part of Luma3DS
@ Copyright (C) 2016 Aurora Wright, TuxSH
@ Copyright (C) 2016-2017 Aurora Wright, TuxSH
@
@ This program is free software: you can redistribute it and/or modify
@ it under the terms of the GNU General Public License as published by
@@ -14,9 +14,13 @@
@ You should have received a copy of the GNU General Public License
@ along with this program. If not, see <http://www.gnu.org/licenses/>.
@
@ Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
@ reasonable legal notices or author attributions in that material or in the Appropriate Legal
@ Notices displayed by works containing it.
@ Additional Terms 7.b and 7.c of GPLv3 apply to this file:
@ * Requiring preservation of specified reasonable legal notices or
@ author attributions in that material or in the Appropriate Legal
@ Notices displayed by works containing it.
@ * Prohibiting misrepresentation of the origin of that material,
@ or requiring that modified versions of such material be marked in
@ reasonable ways as different from the original version.
.text
.arm

31
source/config.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "config.h"
@@ -72,7 +76,7 @@ void writeConfig(bool isPayloadLaunch)
error("Error writing the configuration file");
}
void configMenu(bool isSdMode, bool oldPinStatus, u32 oldPinMode)
void configMenu(bool oldPinStatus, u32 oldPinMode)
{
const char *multiOptionsText[] = { "Default EmuNAND: 1( ) 2( ) 3( ) 4( )",
"Screen brightness: 4( ) 3( ) 2( ) 1( )",
@@ -87,9 +91,8 @@ void configMenu(bool isSdMode, bool oldPinStatus, u32 oldPinMode)
"( ) Enable game patching",
"( ) Show NAND or user string in System Settings",
"( ) Show GBA boot screen in patched AGB_FIRM",
"( ) Patch SVC/service/archive/ARM9 access",
"( ) Patch ARM9 access",
"( ) Set developer UNITINFO",
"( ) Enable exception handlers"
};
const char *optionsDescription[] = { "Select the default EmuNAND.\n\n"
@@ -165,18 +168,14 @@ void configMenu(bool isSdMode, bool oldPinStatus, u32 oldPinMode)
"\t* SyEX = SysNAND with EmuNAND X FIRM\n"
"\t* EmuS = EmuNAND 1 with SysNAND FIRM\n"
"\t* EmXS = EmuNAND X with SysNAND FIRM\n\n"
"or an user-defined custom string in\n"
"or a user-defined custom string in\n"
"System Settings.\n\n"
"Refer to the wiki for instructions.",
"Enable showing the GBA boot screen\n"
"when booting GBA games.",
"Disable SVC, service, archive and ARM9\n"
"exheader access checks.\n\n"
"The service and archive patches\n"
"don't work on New 3DS FIRMs between\n"
"9.3 and 10.4.\n\n"
"Disable ARM9 exheader access checks.\n\n"
"Only select this if you know what you\n"
"are doing!",
@@ -187,11 +186,6 @@ void configMenu(bool isSdMode, bool oldPinStatus, u32 oldPinMode)
"and booting some developer software).\n\n"
"Only select this if you know what you\n"
"are doing!",
"Enable Luma3DS's ARM9/ARM11 exception\n"
"handlers. Luma3DS should be ran as\n"
"boot.firm\n\n"
"Useful for debugging."
};
struct multiOption {
@@ -219,7 +213,6 @@ void configMenu(bool isSdMode, bool oldPinStatus, u32 oldPinMode)
{ .visible = true },
{ .visible = true },
{ .visible = true },
{ .visible = true },
{ .visible = true }
};

21
source/config.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once
@@ -30,7 +34,7 @@
#define CONFIG_FILE "config.bin"
#define CONFIG_VERSIONMAJOR 1
#define CONFIG_VERSIONMINOR 11
#define CONFIG_VERSIONMINOR 12
#define BOOTCFG_NAND BOOTCONFIG(0, 7)
#define BOOTCFG_FIRM BOOTCONFIG(3, 7)
@@ -42,7 +46,7 @@ enum multiOptions
BRIGHTNESS,
SPLASH,
PIN,
NEWCPU,
NEWCPU
};
enum singleOptions
@@ -54,8 +58,7 @@ enum singleOptions
PATCHVERSTRING,
SHOWGBABOOT,
PATCHACCESS,
PATCHUNITINFO,
ENABLEEXCEPTIONHANDLERS
PATCHUNITINFO
};
typedef enum ConfigurationStatus
@@ -67,4 +70,4 @@ typedef enum ConfigurationStatus
bool readConfig(void);
void writeConfig(bool isPayloadLaunch);
void configMenu(bool isSdMode, bool oldPinStatus, u32 oldPinMode);
void configMenu(bool oldPinStatus, u32 oldPinMode);

166
source/crypto.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
@@ -90,7 +94,7 @@ static void aes_setkey(u8 keyslot, const void *key, u32 keyType, u32 mode)
if(keyslot <= 3)
{
if((mode & AES_CNT_INPUT_ORDER) == AES_INPUT_REVERSED)
if((mode & AES_CNT_INPUT_ORDER) == AES_INPUT_TWLREVERSED)
{
REGs_AESTWLKEYS[keyslot][keyType][0] = key32[3];
REGs_AESTWLKEYS[keyslot][keyType][1] = key32[2];
@@ -230,7 +234,7 @@ static void aes_batch(void *dst, const void *src, u32 blockCount)
}
}
void aes(void *dst, const void *src, u32 blockCount, void *iv, u32 mode, u32 ivMode)
static void aes(void *dst, const void *src, u32 blockCount, void *iv, u32 mode, u32 ivMode)
{
*REG_AESCNT = mode |
AES_CNT_INPUT_ORDER | AES_CNT_OUTPUT_ORDER |
@@ -320,11 +324,20 @@ void sha(void *res, const void *src, u32 size, u32 mode)
__attribute__((aligned(4))) static u8 nandCtr[AES_BLOCK_SIZE];
static u8 nandSlot;
static u32 fatStart;
static u32 fatStart = 0;
FirmwareSource firmSource;
void ctrNandInit(void)
__attribute__((aligned(4))) static const u8 key1s[2][AES_BLOCK_SIZE] = {
{0x07, 0x29, 0x44, 0x38, 0xF8, 0xC9, 0x75, 0x93, 0xAA, 0x0E, 0x4A, 0xB4, 0xAE, 0x84, 0xC1, 0xD8},
{0xA2, 0xF4, 0x00, 0x3C, 0x7A, 0x95, 0x10, 0x25, 0xDF, 0x4E, 0x9E, 0x74, 0xE3, 0x0C, 0x92, 0x99}
},
key2s[2][AES_BLOCK_SIZE] = {
{0x42, 0x3F, 0x81, 0x7A, 0x23, 0x52, 0x58, 0x31, 0x6E, 0x75, 0x8E, 0x3A, 0x39, 0x43, 0x2E, 0xD0},
{0xFF, 0x77, 0xA0, 0x9A, 0x99, 0x81, 0xE9, 0x48, 0xEC, 0x51, 0xC9, 0x32, 0x5D, 0x14, 0xEC, 0x25}
};
int ctrNandInit(void)
{
__attribute__((aligned(4))) u8 cid[AES_BLOCK_SIZE],
shaSum[SHA_256_HASH_SIZE];
@@ -333,19 +346,29 @@ void ctrNandInit(void)
sha(shaSum, cid, sizeof(cid), SHA_256_MODE);
memcpy(nandCtr, shaSum, sizeof(nandCtr));
if(ISN3DS)
{
__attribute__((aligned(4))) u8 keyY0x5[AES_BLOCK_SIZE] = {0x4D, 0x80, 0x4F, 0x4E, 0x99, 0x90, 0x19, 0x46, 0x13, 0xA2, 0x04, 0xAC, 0x58, 0x44, 0x60, 0xBE};
aes_setkey(0x05, keyY0x5, AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL);
nandSlot = ISN3DS ? 0x05 : 0x04;
nandSlot = 0x05;
fatStart = 0x5CAD7;
}
else
int result;
u8 __attribute__((aligned(4))) temp[0x200];
//Read NCSD header
result = firmSource == FIRMWARE_SYSNAND ? sdmmc_nand_readsectors(0, 1, temp) : sdmmc_sdcard_readsectors(emuHeader, 1, temp);
if(!result)
{
nandSlot = 0x04;
fatStart = 0x5CAE5;
u32 partitionNum = 1; //TWL partitions need to be first
for(u8 *partitionId = temp + 0x111; *partitionId != 1; partitionId++, partitionNum++);
u32 ctrMbrOffset = *((u32 *)(temp + 0x120) + (2 * partitionNum));
//Read CTR MBR
result = ctrNandRead(ctrMbrOffset, 1, temp);
//Calculate final CTRNAND FAT offset
if(!result) fatStart = ctrMbrOffset + *(u32 *)(temp + 0x1C6);
}
return result;
}
int ctrNandRead(u32 sector, u32 sectorCount, u8 *outbuf)
@@ -373,8 +396,8 @@ int ctrNandRead(u32 sector, u32 sectorCount, u8 *outbuf)
int ctrNandWrite(u32 sector, u32 sectorCount, const u8 *inbuf)
{
u8 *buffer = (u8 *)0x23000000;
u32 bufferSize = 0xF00000;
u8 *buffer = (u8 *)0xFFF00000;
u32 bufferSize = 0x4000;
__attribute__((aligned(4))) u8 tmpCtr[sizeof(nandCtr)];
memcpy(tmpCtr, nandCtr, sizeof(nandCtr));
@@ -441,6 +464,99 @@ bool decryptNusFirm(const Ticket *ticket, Cxi *cxi, u32 ncchSize)
return decryptExeFs(cxi);
}
static inline void twlConsoleInfoInit(void)
{
u64 twlConsoleId = ISDEVUNIT ? OTP_DEVCONSOLEID : (0x80000000ULL | (*(vu64 *)0x01FFB808 ^ 0x8C267B7B358A6AFULL));
CFG_TWLUNITINFO = CFG_UNITINFO;
OTP_TWLCONSOLEID = twlConsoleId;
*REG_AESCNT = 0;
vu32 *k3X = REGs_AESTWLKEYS[3][1],
*k1X = REGs_AESTWLKEYS[1][1];
k3X[0] = (u32)twlConsoleId;
k3X[3] = (u32)(twlConsoleId >> 32);
k1X[2] = (u32)(twlConsoleId >> 32);
k1X[3] = (u32)twlConsoleId;
aes_setkey(2, (u8 *)0x01FFD398, AES_KEYX, AES_INPUT_TWLNORMAL);
if(CFG_TWLUNITINFO != 0)
{
__attribute__((aligned(4))) u8 key2YDev[AES_BLOCK_SIZE] = {0x3B, 0x06, 0x86, 0x57, 0x33, 0x04, 0x88, 0x11, 0x49, 0x04, 0x6B, 0x33, 0x12, 0x02, 0xAC, 0xF3},
key3YDev[AES_BLOCK_SIZE] = {0xAA, 0xBF, 0x76, 0xF1, 0x7A, 0xB8, 0xE8, 0x66, 0x97, 0x64, 0x6A, 0x26, 0x05, 0x00, 0xA0, 0xE1};
k3X[1] = 0xEE7A4B1E;
k3X[2] = 0xAF42C08B;
aes_setkey(2, key2YDev, AES_KEYY, AES_INPUT_TWLNORMAL);
aes_setkey(3, key3YDev, AES_KEYY, AES_INPUT_TWLNORMAL);
}
else
{
u32 last3YWord = 0xE1A00005;
__attribute__((aligned(4))) u8 key3YRetail[AES_BLOCK_SIZE];
memcpy(key3YRetail, (u8 *)0x01FFD3C8, 12);
memcpy(key3YRetail + 12, &last3YWord, 4);
k3X[1] = *(vu32 *)0x01FFD3A8; //"NINT"
k3X[2] = *(vu32 *)0x01FFD3AC; //"ENDO"
aes_setkey(2, (u8 *)0x01FFD220, AES_KEYY, AES_INPUT_TWLNORMAL);
aes_setkey(3, key3YRetail, AES_KEYY, AES_INPUT_TWLNORMAL);
}
}
void setupKeyslots(void)
{
//Setup 0x24 KeyY
__attribute__((aligned(4))) u8 keyY0x24[AES_BLOCK_SIZE] = {0x74, 0xCA, 0x07, 0x48, 0x84, 0xF4, 0x22, 0x8D, 0xEB, 0x2A, 0x1C, 0xA7, 0x2D, 0x28, 0x77, 0x62};
aes_setkey(0x24, keyY0x24, AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL);
//Setup 0x25 KeyX and 0x2F KeyY
__attribute__((aligned(4))) const u8 keyX0x25s[2][AES_BLOCK_SIZE] = {
{0xCE, 0xE7, 0xD8, 0xAB, 0x30, 0xC0, 0x0D, 0xAE, 0x85, 0x0E, 0xF5, 0xE3, 0x82, 0xAC, 0x5A, 0xF3},
{0x81, 0x90, 0x7A, 0x4B, 0x6F, 0x1B, 0x47, 0x32, 0x3A, 0x67, 0x79, 0x74, 0xCE, 0x4A, 0xD7, 0x1B}
},
keyY0x2Fs[2][AES_BLOCK_SIZE] = {
{0xC3, 0x69, 0xBA, 0xA2, 0x1E, 0x18, 0x8A, 0x88, 0xA9, 0xAA, 0x94, 0xE5, 0x50, 0x6A, 0x9F, 0x16},
{0x73, 0x25, 0xC4, 0xEB, 0x14, 0x3A, 0x0D, 0x5F, 0x5D, 0xB6, 0xE5, 0xC5, 0x7A, 0x21, 0x95, 0xAC}
};
aes_setkey(0x25, keyX0x25s[ISDEVUNIT ? 1 : 0], AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
aes_setkey(0x2F, keyY0x2Fs[ISDEVUNIT ? 1 : 0], AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL);
if(ISN3DS)
{
//Setup 0x05 KeyY
__attribute__((aligned(4))) u8 keyY0x5[AES_BLOCK_SIZE] = {0x4D, 0x80, 0x4F, 0x4E, 0x99, 0x90, 0x19, 0x46, 0x13, 0xA2, 0x04, 0xAC, 0x58, 0x44, 0x60, 0xBE};
aes_setkey(0x05, keyY0x5, AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL);
}
//Setup TWL keys
twlConsoleInfoInit();
__attribute__((aligned(4))) u8 keyBlocks[2][AES_BLOCK_SIZE] = {
{0xA4, 0x8D, 0xE4, 0xF1, 0x0B, 0x36, 0x44, 0xAA, 0x90, 0x31, 0x28, 0xFF, 0x4D, 0xCA, 0x76, 0xDF},
{0xDD, 0xDA, 0xA4, 0xC6, 0x2C, 0xC4, 0x50, 0xE9, 0xDA, 0xB6, 0x9B, 0x0D, 0x9D, 0x2A, 0x21, 0x98}
}, decKey[AES_BLOCK_SIZE];
//Initialize Key 0x18
aes_setkey(0x11, key1s[ISDEVUNIT ? 1 : 0], AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
aes_use_keyslot(0x11);
aes(decKey, keyBlocks[0], 1, NULL, AES_ECB_DECRYPT_MODE, 0);
aes_setkey(0x18, decKey, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
//Initialize Key 0x19-0x1F
aes_setkey(0x11, key2s[ISDEVUNIT ? 1 : 0], AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
aes_use_keyslot(0x11);
for(u8 slot = 0x19; slot < 0x20; slot++, keyBlocks[1][0xF]++)
{
aes(decKey, keyBlocks[1], 1, NULL, AES_ECB_DECRYPT_MODE, 0);
aes_setkey(slot, decKey, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
}
}
void kernel9Loader(Arm9Bin *arm9Section)
{
//Determine the kernel9loader version
@@ -460,16 +576,6 @@ void kernel9Loader(Arm9Bin *arm9Section)
u32 *startOfArm9Bin = (u32 *)((u8 *)arm9Section + 0x800);
if(*startOfArm9Bin == 0x47704770 || *startOfArm9Bin == 0xB0862000) return; //Already decrypted
//Set 0x11 keyslot
__attribute__((aligned(4))) const u8 key1s[2][AES_BLOCK_SIZE] = {
{0x07, 0x29, 0x44, 0x38, 0xF8, 0xC9, 0x75, 0x93, 0xAA, 0x0E, 0x4A, 0xB4, 0xAE, 0x84, 0xC1, 0xD8},
{0xA2, 0xF4, 0x00, 0x3C, 0x7A, 0x95, 0x10, 0x25, 0xDF, 0x4E, 0x9E, 0x74, 0xE3, 0x0C, 0x92, 0x99}
},
key2s[2][AES_BLOCK_SIZE] = {
{0x42, 0x3F, 0x81, 0x7A, 0x23, 0x52, 0x58, 0x31, 0x6E, 0x75, 0x8E, 0x3A, 0x39, 0x43, 0x2E, 0xD0},
{0xFF, 0x77, 0xA0, 0x9A, 0x99, 0x81, 0xE9, 0x48, 0xEC, 0x51, 0xC9, 0x32, 0x5D, 0x14, 0xEC, 0x25}
};
aes_setkey(0x11, k9lVersion == 2 ? key2s[ISDEVUNIT ? 1 : 0] : key1s[ISDEVUNIT ? 1 : 0], AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
u8 arm9BinSlot = k9lVersion == 0 ? 0x15 : 0x16;

29
source/crypto.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
@@ -64,10 +68,12 @@
#define AES_CNT_FLUSH_READ 0x00000800
#define AES_CNT_FLUSH_WRITE 0x00000400
#define AES_INPUT_BE (AES_CNT_INPUT_ENDIAN)
#define AES_INPUT_LE 0
#define AES_INPUT_NORMAL (AES_CNT_INPUT_ORDER)
#define AES_INPUT_REVERSED 0
#define AES_INPUT_BE (AES_CNT_INPUT_ENDIAN)
#define AES_INPUT_LE 0
#define AES_INPUT_NORMAL (AES_CNT_INPUT_ORDER)
#define AES_INPUT_REVERSED 0
#define AES_INPUT_TWLNORMAL 0
#define AES_INPUT_TWLREVERSED (AES_CNT_INPUT_ORDER)
#define AES_BLOCK_SIZE 0x10
@@ -104,16 +110,17 @@
#define SHA_224_HASH_SIZE (224 / 8)
#define SHA_1_HASH_SIZE (160 / 8)
extern u32 emuOffset;
extern u32 emuOffset,
emuHeader;
extern FirmwareSource firmSource;
void aes(void *dst, const void *src, u32 blockCount, void *iv, u32 mode, u32 ivMode);
void sha(void *res, const void *src, u32 size, u32 mode);
void ctrNandInit(void);
int ctrNandInit(void);
int ctrNandRead(u32 sector, u32 sectorCount, u8 *outbuf);
int ctrNandWrite(u32 sector, u32 sectorCount, const u8 *inbuf);
bool decryptExeFs(Cxi *cxi);
bool decryptNusFirm(const Ticket *ticket, Cxi *cxi, u32 ncchSize);
void setupKeyslots(void);
void kernel9Loader(Arm9Bin *arm9Section);
void computePinHash(u8 *outbuf, const u8 *inbuf);

12
source/draw.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*

12
source/draw.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*

27
source/emunand.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
@@ -29,9 +33,10 @@
#include "fatfs/sdmmc/sdmmc.h"
#include "../build/bundled.h"
u32 emuOffset;
u32 emuOffset,
emuHeader;
void locateEmuNand(u32 *emuHeader, FirmwareSource *nandType)
void locateEmuNand(FirmwareSource *nandType)
{
static u8 __attribute__((aligned(4))) temp[0x200];
static u32 nandSize = 0,
@@ -70,7 +75,7 @@ void locateEmuNand(u32 *emuHeader, FirmwareSource *nandType)
if(!sdmmc_sdcard_readsectors(nandOffset + 1, 1, temp) && memcmp(temp + 0x100, "NCSD", 4) == 0)
{
emuOffset = nandOffset + 1;
*emuHeader = nandOffset + 1;
emuHeader = nandOffset + 1;
return;
}
@@ -78,7 +83,7 @@ void locateEmuNand(u32 *emuHeader, FirmwareSource *nandType)
else if(i != 2 && !sdmmc_sdcard_readsectors(nandOffset + nandSize, 1, temp) && memcmp(temp + 0x100, "NCSD", 4) == 0)
{
emuOffset = nandOffset;
*emuHeader = nandOffset + nandSize;
emuHeader = nandOffset + nandSize;
return;
}
}
@@ -90,7 +95,7 @@ void locateEmuNand(u32 *emuHeader, FirmwareSource *nandType)
if(*nandType != FIRMWARE_EMUNAND)
{
*nandType = FIRMWARE_EMUNAND;
locateEmuNand(emuHeader, nandType);
locateEmuNand(nandType);
}
else *nandType = FIRMWARE_SYSNAND;
}
@@ -161,7 +166,7 @@ static inline u32 patchMpu(u8 *pos, u32 size)
return 0;
}
u32 patchEmuNand(u8 *arm9Section, u32 kernel9Size, u8 *process9Offset, u32 process9Size, u32 emuHeader, u8 *kernel9Address)
u32 patchEmuNand(u8 *arm9Section, u32 kernel9Size, u8 *process9Offset, u32 process9Size, u8 *kernel9Address)
{
u8 *freeK9Space;
@@ -192,4 +197,4 @@ u32 patchEmuNand(u8 *arm9Section, u32 kernel9Size, u8 *process9Offset, u32 proce
ret += patchMpu(arm9Section, kernel9Size);
return ret;
}
}

16
source/emunand.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
@@ -30,5 +34,5 @@
#define ROUND_TO_4MB(a) (((a) + 0x2000 - 1) & (~(0x2000 - 1)))
void locateEmuNand(u32 *emuHeader, FirmwareSource *nandType);
u32 patchEmuNand(u8 *arm9Section, u32 kernel9Size, u8 *process9Offset, u32 process9Size, u32 emuHeader, u8 *kernel9Address);
void locateEmuNand(FirmwareSource *nandType);
u32 patchEmuNand(u8 *arm9Section, u32 kernel9Size, u8 *process9Offset, u32 process9Size, u8 *kernel9Address);

71
source/exceptions.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "exceptions.h"
@@ -46,65 +50,6 @@ void installArm9Handlers(void)
}
}
u32 installArm11Handlers(u32 *exceptionsPage, u32 stackAddress, u32 codeSetOffset, u32 *dAbtHandler, u32 dAbtHandlerMemAddress)
{
u32 *endPos = exceptionsPage + 0x400;
u32 *initFPU;
for(initFPU = exceptionsPage; initFPU < endPos && *initFPU != 0xE1A0D002; initFPU++);
u32 *freeSpace;
for(freeSpace = initFPU; freeSpace < endPos && *freeSpace != 0xFFFFFFFF; freeSpace++);
u32 *mcuReboot;
for(mcuReboot = exceptionsPage; mcuReboot < endPos && *mcuReboot != 0xE3A0A0C2; mcuReboot++);
if(initFPU == endPos || freeSpace == endPos || mcuReboot == endPos || *(u32 *)((u8 *)freeSpace + arm11_exceptions_bin_size - 36) != 0xFFFFFFFF) return 1;
initFPU += 3;
mcuReboot -= 2;
memcpy(freeSpace, arm11_exceptions_bin + 32, arm11_exceptions_bin_size - 32);
exceptionsPage[1] = MAKE_BRANCH(exceptionsPage + 1, (u8 *)freeSpace + *(u32 *)(arm11_exceptions_bin + 8) - 32); //Undefined Instruction
exceptionsPage[3] = MAKE_BRANCH(exceptionsPage + 3, (u8 *)freeSpace + *(u32 *)(arm11_exceptions_bin + 12) - 32); //Prefetch Abort
exceptionsPage[7] = MAKE_BRANCH(exceptionsPage + 7, (u8 *)freeSpace + *(u32 *)(arm11_exceptions_bin + 4) - 32); //FIQ
for(u32 *pos = dAbtHandler; *pos != stackAddress; pos++)
{
u32 va_dst = 0xFFFF0000 + (((u8 *)freeSpace + *(u32 *)(arm11_exceptions_bin + 4)) - (u8 *)exceptionsPage);
u32 va_src;
switch(*pos)
{
case 0xF96D0513: //srsdb sp!, 0x13
va_src = dAbtHandlerMemAddress + ((u8 *)pos - (u8 *)dAbtHandler);
*pos = MAKE_BRANCH((u8 *)va_src, (u8 *)va_dst);
break;
case 0xE29EF004: //subs pc, lr, 4
pos++;
*pos++ = 0xE8BD000F;// pop {r0-r3}
va_src = dAbtHandlerMemAddress + ((u8 *)pos - (u8 *)dAbtHandler);
*pos = MAKE_BRANCH((u8 *)va_src, (u8 *)va_dst);
break;
}
}
for(u32 *pos = freeSpace; pos < (u32 *)((u8 *)freeSpace + arm11_exceptions_bin_size - 32); pos++)
{
switch(*pos) //Perform relocations
{
case 0xFFFF3000: *pos = stackAddress - 0x10; break;
case 0xEBFFFFFE: *pos = MAKE_BRANCH_LINK(pos, initFPU); break;
case 0xEAFFFFFE: *pos = MAKE_BRANCH(pos, mcuReboot); break;
case 0xE12FFF1C: pos[1] = 0xFFFF0000 + 4 * (u32)(freeSpace - exceptionsPage) + pos[1] - 32; break; //bx r12 (mainHandler)
case 0xBEEFBEEF: *pos = codeSetOffset; break;
}
}
return 0;
}
void detectAndProcessExceptionDumps(void)
{
volatile ExceptionDumpHeader *dumpHeader = (volatile ExceptionDumpHeader *)0x25000000;

12
source/exceptions.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once

15
source/fatfs/diskio.c
View File

@@ -37,23 +37,12 @@ DSTATUS disk_initialize (
BYTE pdrv /* Physical drive nmuber to identify the drive */
)
{
DSTATUS ret;
static u32 sdmmcInitResult = 4;
if(sdmmcInitResult == 4) sdmmcInitResult = sdmmc_sdcard_init();
if(pdrv == CTRNAND)
{
if(!(sdmmcInitResult & 1))
{
ctrNandInit();
ret = 0;
}
else ret = STA_NOINIT;
}
else ret = (!(sdmmcInitResult & 2)) ? 0 : STA_NOINIT;
return ret;
return ((pdrv == SDCARD && !(sdmmcInitResult & 2)) ||
(pdrv == CTRNAND && !(sdmmcInitResult & 1) && !ctrNandInit())) ? 0 : STA_NOINIT;
}

315
source/firm.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "firm.h"
@@ -38,11 +42,11 @@
static inline bool loadFirmFromStorage(FirmwareType firmType)
{
const char *firmwareFiles[] = {
"firmware.bin",
"firmware_twl.bin",
"firmware_agb.bin",
"firmware_safe.bin",
"firmware_sysupdater.bin"
"native.firm",
"twl.firm",
"agb.firm",
"safe.firm",
"sysupdater.firm"
},
*cetkFiles[] = {
"cetk",
@@ -74,6 +78,92 @@ static inline bool loadFirmFromStorage(FirmwareType firmType)
return true;
}
static inline void mergeSection0(FirmwareType firmType, bool loadFromStorage)
{
u32 srcModuleSize;
const char *extModuleSizeError = "The external FIRM modules are too large.";
u32 nbModules = 0,
isCustomModule = false;
struct
{
char name[8];
u8 *src;
u32 size;
} moduleList[6];
//1) Parse info concerning Nintendo's modules
for(u8 *src = (u8 *)firm + firm->section[0].offset, *srcEnd = src + firm->section[0].size; src < srcEnd; src += srcModuleSize, nbModules++)
{
memcpy(moduleList[nbModules].name, ((Cxi *)src)->exHeader.systemControlInfo.appTitle, 8);
moduleList[nbModules].src = src;
srcModuleSize = moduleList[nbModules].size = ((Cxi *)src)->ncch.contentSize * 0x200;
}
if(firmType == NATIVE_FIRM)
{
//2) Merge that info with our own modules'
for(u8 *src = (u8 *)0x1FF60000; src < (u8 *)(0x1FF60000 + LUMA_SECTION0_SIZE); src += srcModuleSize)
{
const char *name = ((Cxi *)src)->exHeader.systemControlInfo.appTitle;
u32 i;
for(i = 0; i < nbModules && memcmp(name, moduleList[i].name, 8) != 0; i++);
if(i == nbModules) isCustomModule = true;
memcpy(moduleList[i].name, ((Cxi *)src)->exHeader.systemControlInfo.appTitle, 8);
moduleList[i].src = src;
srcModuleSize = moduleList[i].size = ((Cxi *)src)->ncch.contentSize * 0x200;
}
if(isCustomModule) nbModules++;
}
//3) Read or copy the modules
u8 *dst = firm->section[0].address;
for(u32 i = 0, dstModuleSize; i < nbModules; i++)
{
dstModuleSize = 0;
if(loadFromStorage)
{
char fileName[24];
//Read modules from files if they exist
sprintf(fileName, "sysmodules/%.8s.cxi", moduleList[i].name);
dstModuleSize = getFileSize(fileName);
if(dstModuleSize != 0)
{
if(dstModuleSize > 0x60000) error(extModuleSizeError);
if(dstModuleSize <= sizeof(Cxi) + 0x200 ||
fileRead(dst, fileName, dstModuleSize) != dstModuleSize ||
memcmp(((Cxi *)dst)->ncch.magic, "NCCH", 4) != 0 ||
memcmp(moduleList[i].name, ((Cxi *)dst)->exHeader.systemControlInfo.appTitle, sizeof(((Cxi *)dst)->exHeader.systemControlInfo.appTitle)) != 0)
error("An external FIRM module is invalid or corrupted.");
dst += dstModuleSize;
}
}
if(!dstModuleSize)
{
memcpy(dst, moduleList[i].src, moduleList[i].size);
dst += moduleList[i].size;
}
}
//4) Patch NATIVE_FIRM if necessary
if(isCustomModule)
{
if(patchK11ModuleLoading(firm->section[0].size, dst - firm->section[0].address, (u8 *)firm + firm->section[1].offset, firm->section[1].size) != 0)
error("Failed to inject custom sysmodule");
}
}
u32 loadFirm(FirmwareType *firmType, FirmwareSource nandType, bool loadFromStorage, bool isSafeMode)
{
//Load FIRM from CTRNAND
@@ -111,7 +201,7 @@ u32 loadFirm(FirmwareType *firmType, FirmwareSource nandType, bool loadFromStora
return firmVersion;
}
u32 patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32 emuHeader, bool isSafeMode, bool doUnitinfoPatch, bool enableExceptionHandlers)
u32 patchNativeFirm(u32 firmVersion, FirmwareSource nandType, bool loadFromStorage, bool isSafeMode, bool doUnitinfoPatch, bool enableExceptionHandlers)
{
u8 *arm9Section = (u8 *)firm + firm->section[2].offset,
*arm11Section1 = (u8 *)firm + firm->section[1].offset;
@@ -132,18 +222,22 @@ u32 patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32 emuHeader, boo
u32 baseK11VA;
u8 *freeK11Space;
u32 *arm11SvcHandler,
*arm11DAbtHandler,
*arm11ExceptionsPage,
*arm11SvcTable = getKernel11Info(arm11Section1, firm->section[1].size, &baseK11VA, &freeK11Space, &arm11SvcHandler, &arm11DAbtHandler, &arm11ExceptionsPage);
*arm11SvcTable = getKernel11Info(arm11Section1, firm->section[1].size, &baseK11VA, &freeK11Space, &arm11SvcHandler, &arm11ExceptionsPage);
u32 kernel9Size = (u32)(process9Offset - arm9Section) - sizeof(Cxi) - 0x200,
ret = 0;
installMMUHook(arm11Section1, firm->section[1].size, &freeK11Space);
installK11MainHook(arm11Section1, firm->section[1].size, isSafeMode, baseK11VA, arm11SvcTable, arm11ExceptionsPage, &freeK11Space);
installSvcConnectToPortInitHook(arm11SvcTable, arm11ExceptionsPage, &freeK11Space);
installSvcCustomBackdoor(arm11SvcTable, &freeK11Space, arm11ExceptionsPage);
//Apply signature patches
ret += patchSignatureChecks(process9Offset, process9Size);
//Apply EmuNAND patches
if(nandType != FIRMWARE_SYSNAND) ret += patchEmuNand(arm9Section, kernel9Size, process9Offset, process9Size, emuHeader, firm->section[2].address);
if(nandType != FIRMWARE_SYSNAND) ret += patchEmuNand(arm9Section, kernel9Size, process9Offset, process9Size, firm->section[2].address);
//Apply FIRM0/1 writes patches on SysNAND to protect A9LH
else ret += patchFirmWrites(process9Offset, process9Size);
@@ -163,16 +257,8 @@ u32 patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32 emuHeader, boo
{
//Apply anti-anti-DG patches
ret += patchTitleInstallMinVersionChecks(process9Offset, process9Size, firmVersion);
//Restore svcBackdoor
ret += reimplementSvcBackdoor(arm11Section1, arm11SvcTable, baseK11VA, &freeK11Space);
}
//Stub svc 0x59 on 11.3+ FIRMs
if(firmVersion >= (ISN3DS ? 0x2D : 0x5C)) ret += stubSvcRestrictGpuDma(arm11Section1, arm11SvcTable, baseK11VA);
ret += implementSvcGetCFWInfo(arm11Section1, arm11SvcTable, baseK11VA, &freeK11Space, isSafeMode);
//Apply UNITINFO patches
if(doUnitinfoPatch)
{
@@ -182,37 +268,22 @@ u32 patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32 emuHeader, boo
if(enableExceptionHandlers)
{
//ARM11 exception handlers
u32 codeSetOffset,
stackAddress = getInfoForArm11ExceptionHandlers(arm11Section1, firm->section[1].size, &codeSetOffset);
ret += installArm11Handlers(arm11ExceptionsPage, stackAddress, codeSetOffset, arm11DAbtHandler, baseK11VA + ((u8 *)arm11DAbtHandler - arm11Section1));
patchSvcBreak11(arm11Section1, arm11SvcTable, baseK11VA);
ret += patchKernel11Panic(arm11Section1, firm->section[1].size);
//ARM9 exception handlers
ret += patchArm9ExceptionHandlersInstall(arm9Section, kernel9Size);
ret += patchSvcBreak9(arm9Section, kernel9Size, (u32)firm->section[2].address);
ret += patchKernel9Panic(arm9Section, kernel9Size);
}
bool patchAccess = CONFIG(PATCHACCESS),
patchGames = CONFIG(PATCHGAMES);
if(CONFIG(PATCHACCESS))
ret += patchP9AccessChecks(process9Offset, process9Size);
if(patchAccess || patchGames)
{
ret += patchK11ModuleChecks(arm11Section1, firm->section[1].size, &freeK11Space, patchGames);
if(patchAccess)
{
ret += patchArm11SvcAccessChecks(arm11SvcHandler, (u32 *)(arm11Section1 + firm->section[1].size));
ret += patchP9AccessChecks(process9Offset, process9Size);
}
}
mergeSection0(NATIVE_FIRM, loadFromStorage);
firm->section[0].size = 0;
return ret;
}
u32 patchTwlFirm(u32 firmVersion, bool doUnitinfoPatch)
u32 patchTwlFirm(u32 firmVersion, bool loadFromStorage, bool doUnitinfoPatch)
{
u8 *arm9Section = (u8 *)firm + firm->section[3].offset;
@@ -242,10 +313,16 @@ u32 patchTwlFirm(u32 firmVersion, bool doUnitinfoPatch)
//Apply UNITINFO patch
if(doUnitinfoPatch) ret += patchUnitInfoValueSet(arm9Section, kernel9Size);
if(loadFromStorage)
{
mergeSection0(TWL_FIRM, true);
firm->section[0].size = 0;
}
return ret;
}
u32 patchAgbFirm(bool doUnitinfoPatch)
u32 patchAgbFirm(bool loadFromStorage, bool doUnitinfoPatch)
{
u8 *arm9Section = (u8 *)firm + firm->section[3].offset;
@@ -270,6 +347,12 @@ u32 patchAgbFirm(bool doUnitinfoPatch)
//Apply UNITINFO patch
if(doUnitinfoPatch) ret += patchUnitInfoValueSet(arm9Section, kernel9Size);
if(loadFromStorage)
{
mergeSection0(AGB_FIRM, true);
firm->section[0].size = 0;
}
return ret;
}
@@ -306,85 +389,79 @@ u32 patch1x2xNativeAndSafeFirm(bool enableExceptionHandlers)
return ret;
}
static inline void copySection0AndInjectSystemModules(FirmwareType firmType, bool loadFromStorage)
static __attribute__((noinline)) bool overlaps(u32 as, u32 ae, u32 bs, u32 be)
{
u32 maxModuleSize = firmType == NATIVE_FIRM ? 0x80000 : 0x600000,
srcModuleSize,
dstModuleSize;
const char *extModuleSizeError = "The external FIRM modules are too large.";
for(u8 *src = (u8 *)firm + firm->section[0].offset, *srcEnd = src + firm->section[0].size, *dst = firm->section[0].address;
src < srcEnd; src += srcModuleSize, dst += dstModuleSize, maxModuleSize -= dstModuleSize)
{
srcModuleSize = ((Cxi *)src)->ncch.contentSize * 0x200;
const char *moduleName = ((Cxi *)src)->exHeader.systemControlInfo.appTitle;
if(loadFromStorage)
{
char fileName[24];
//Read modules from files if they exist
sprintf(fileName, "sysmodules/%.8s.cxi", moduleName);
dstModuleSize = getFileSize(fileName);
if(dstModuleSize != 0)
{
if(dstModuleSize > maxModuleSize) error(extModuleSizeError);
if(dstModuleSize <= sizeof(Cxi) + 0x200 ||
fileRead(dst, fileName, dstModuleSize) != dstModuleSize ||
memcmp(((Cxi *)dst)->ncch.magic, "NCCH", 4) != 0 ||
memcmp(moduleName, ((Cxi *)dst)->exHeader.systemControlInfo.appTitle, sizeof(((Cxi *)dst)->exHeader.systemControlInfo.appTitle)) != 0)
error("An external FIRM module is invalid or corrupted.");
continue;
}
}
const u8 *module;
if(firmType == NATIVE_FIRM && memcmp(moduleName, "loader", 6) == 0)
{
module = injector_bin;
dstModuleSize = injector_bin_size;
}
else
{
module = src;
dstModuleSize = srcModuleSize;
}
if(dstModuleSize > maxModuleSize) error(extModuleSizeError);
memcpy(dst, module, dstModuleSize);
}
if(as <= bs && bs <= ae)
return true;
if(bs <= as && as <= be)
return true;
return false;
}
void launchFirm(FirmwareType firmType, bool loadFromStorage)
static __attribute__((noinline)) bool inRange(u32 as, u32 ae, u32 bs, u32 be)
{
//Allow module injection and/or inject 3ds_injector on new NATIVE_FIRMs and LGY FIRMs
u32 sectionNum;
if(firmType == NATIVE_FIRM || (loadFromStorage && (firmType == TWL_FIRM || firmType == AGB_FIRM)))
{
copySection0AndInjectSystemModules(firmType, loadFromStorage);
sectionNum = 1;
}
else sectionNum = 0;
//Copy FIRM sections to respective memory locations
for(; sectionNum < 4 && firm->section[sectionNum].size != 0; sectionNum++)
memcpy(firm->section[sectionNum].address, (u8 *)firm + firm->section[sectionNum].offset, firm->section[sectionNum].size);
if(!isFirmlaunch) deinitScreens();
//Set ARM11 kernel entrypoint
ARM11_CORE0_MAILBOX_ENTRYPOINT = (u32)firm->arm11Entry;
//Ensure that all memory transfers have completed and that the caches have been flushed
flushEntireDCache();
flushEntireICache();
//Final jump to ARM9 kernel
((void (*)())firm->arm9Entry)();
if(as >= bs && ae <= be)
return true;
return false;
}
bool checkFirmPayload(u32 payloadSize)
{
if(memcmp(firm->magic, "FIRM", 4) != 0 || firm->arm9Entry == NULL) //Allow for the ARM11 entrypoint to be zero in which case nothing is done on the ARM11 side
return false;
bool arm9EpFound = false,
arm11EpFound = false;
u32 size = 0x200;
for(u32 i = 0; i < 4; i++)
size += firm->section[i].size;
if(size != payloadSize) return false;
for(u32 i = 0; i < 4; i++)
{
FirmSection *section = &firm->section[i];
//Allow empty sections
if(section->size == 0)
continue;
if((section->offset < 0x200) ||
(section->address + section->size < section->address) || //Overflow check
((u32)section->address & 3) || (section->offset & 0x1FF) || (section->size & 0x1FF) || //Alignment check
(overlaps((u32)section->address, (u32)section->address + section->size, (u32)firm, (u32)firm + size)) ||
((!inRange((u32)section->address, (u32)section->address + section->size, 0x08000000, 0x08000000 + 0x00100000)) &&
(!inRange((u32)section->address, (u32)section->address + section->size, 0x18000000, 0x18000000 + 0x00600000)) &&
(!inRange((u32)section->address, (u32)section->address + section->size, 0x1FF00000, 0x1FFFFC00)) &&
(!inRange((u32)section->address, (u32)section->address + section->size, 0x20000000, 0x20000000 + 0x8000000))))
return false;
__attribute__((aligned(4))) u8 hash[0x20];
sha(hash, (u8 *)firm + section->offset, section->size, SHA_256_MODE);
if(memcmp(hash, section->hash, 0x20) != 0)
return false;
if(firm->arm9Entry >= section->address && firm->arm9Entry < (section->address + section->size))
arm9EpFound = true;
if(firm->arm11Entry >= section->address && firm->arm11Entry < (section->address + section->size))
arm11EpFound = true;
}
return arm9EpFound && (firm->arm11Entry == NULL || arm11EpFound);
}
void launchFirm(int argc, char **argv)
{
u32 *chainloaderAddress = (u32 *)0x01FF9000;
prepareArm11ForFirmlaunch();
memcpy(chainloaderAddress, chainloader_bin, chainloader_bin_size);
// No need to flush caches here, the chainloader is in ITCM
((void (*)(int, char **, u32))chainloaderAddress)(argc, argv, 0x0000BEEF);
}

24
source/firm.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once
@@ -25,11 +29,13 @@
#include "types.h"
#include "3dsheaders.h"
static Firm *const firm = (Firm *const)0x24000000;
static Firm *const firm = (Firm *const)0x20001000;
u32 loadFirm(FirmwareType *firmType, FirmwareSource nandType, bool loadFromStorage, bool isSafeMode);
u32 patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32 emuHeader, bool isSafeMode, bool doUnitinfoPatch, bool enableExceptionHandlers);
u32 patchTwlFirm(u32 firmVersion, bool doUnitinfoPatch);
u32 patchAgbFirm(bool doUnitinfoPatch);
u32 patchNativeFirm(u32 firmVersion, FirmwareSource nandType, bool loadFromStorage, bool isSafeMode, bool doUnitinfoPatch, bool enableExceptionHandlers);
u32 patchTwlFirm(u32 firmVersion, bool loadFromStorage, bool doUnitinfoPatch);
u32 patchAgbFirm(bool loadFromStorage, bool doUnitinfoPatch);
u32 patch1x2xNativeAndSafeFirm(bool enableExceptionHandlers);
void launchFirm(FirmwareType firmType, bool loadFromStorage);
bool checkFirmPayload(u32 payloadSize);
void launchFirm(int argc, char **argv);

26
source/fmt.c
View File

@@ -1,3 +1,29 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/* File : barebones/ee_printf.c
This file contains an implementation of ee_printf that only requires a method to output a char to a UART without pulling in library code.

26
source/fmt.h
View File

@@ -1,3 +1,29 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once
#include "memory.h"
#include <stdarg.h>

98
source/fs.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "fs.h"
@@ -118,76 +122,13 @@ void fileDelete(const char *path)
f_unlink(path);
}
static __attribute__((noinline)) bool overlaps(u32 as, u32 ae, u32 bs, u32 be)
{
if (as <= bs && bs <= ae)
return true;
else if (bs <= as && as <= be)
return true;
return false;
}
static bool checkFirmPayload(void)
{
if(memcmp(firm->magic, "FIRM", 4) != 0)
return false;
if(firm->arm9Entry == NULL) //allow for the arm11 entrypoint to be zero in which case nothing is done on the arm11 side
return false;
u32 size = 0x200;
for(u32 i = 0; i < 4; i++)
size += firm->section[i].size;
bool arm9EpFound = false, arm11EpFound = false;
for(u32 i = 0; i < 4; i++)
{
__attribute__((aligned(4))) u8 hash[0x20];
FirmSection *section = &firm->section[i];
// allow empty sections
if (section->size == 0)
continue;
if(section->offset < 0x200)
return false;
if(section->address + section->size < section->address) //overflow check
return false;
if(((u32)section->address & 3) || (section->offset & 0x1FF) || (section->size & 0x1FF)) //alignment check
return false;
if(overlaps((u32)section->address, (u32)section->address + section->size, 0x27FFE000, 0x28000000))
return false;
else if(overlaps((u32)section->address, (u32)section->address + section->size, 0x27FFE000 - 0x1000, 0x27FFE000))
return false;
else if(overlaps((u32)section->address, (u32)section->address + section->size, (u32)firm, (u32)firm + size))
return false;
sha(hash, (u8 *)firm + section->offset, section->size, SHA_256_MODE);
if(memcmp(hash, section->hash, 0x20) != 0)
return false;
if(firm->arm9Entry >= section->address && firm->arm9Entry < (section->address + section->size))
arm9EpFound = true;
if(firm->arm11Entry >= section->address && firm->arm11Entry < (section->address + section->size))
arm11EpFound = true;
}
return arm9EpFound && (firm->arm11Entry == NULL || arm11EpFound);
}
void loadPayload(u32 pressed, const char *payloadPath)
{
u32 *loaderAddress = (u32 *)0x27FFE000;
u32 payloadSize = 0,
maxPayloadSize = (u32)((u8 *)loaderAddress - (u8 *)firm);
maxPayloadSize = (u32)((u8 *)0x27FFE000 - (u8 *)firm);
char absPath[24 + _MAX_LFN] = {0};
char path[10 + _MAX_LFN] = {0};
char absPath[24 + _MAX_LFN];
char path[10 + _MAX_LFN];
if(payloadPath == NULL)
{
@@ -224,24 +165,17 @@ void loadPayload(u32 pressed, const char *payloadPath)
payloadSize = fileRead(firm, path, maxPayloadSize);
if(!payloadSize || !checkFirmPayload()) return;
if(payloadSize <= 0x200 || !checkFirmPayload(payloadSize)) return;
writeConfig(true);
if(memcmp(launchedPath, u"nand", 8) == 0)
sprintf(absPath, "nand:/rw/luma/%s", path);
else
sprintf(absPath, "sdmc:/luma/%s", path);
char *argv[1] = {absPath};
memcpy(loaderAddress, loader_bin, loader_bin_size);
if(isSdMode) sprintf(absPath, "sdmc:/luma/%s", path);
else sprintf(absPath, "nand:/rw/luma/%s", path);
char *argv[2] = {absPath, (char *)fbs};
initScreens();
flushDCacheRange(loaderAddress, loader_bin_size);
flushICacheRange(loaderAddress, loader_bin_size);
((void (*)(int, char **, u32))loaderAddress)(1, argv, 0x0000BEEF);
launchFirm((firm->reserved2[0] & 1) ? 2 : 1, argv);
}
void payloadMenu(void)

12
source/fs.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once

38
source/i2c.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,15 +15,20 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
* Thanks to the everyone who contributed in the development of this file
* Thanks to whoever contributed in the development of this file
*/
#include "utils.h"
#include "i2c.h"
//-----------------------------------------------------------------------------
@@ -118,9 +123,10 @@ static bool i2cSelectRegister(u8 bus_id, u8 reg)
u8 i2cReadRegister(u8 dev_id, u8 reg)
{
u8 bus_id = i2cGetDeviceBusId(dev_id),
dev_addr = i2cGetDeviceRegAddr(dev_id);
dev_addr = i2cGetDeviceRegAddr(dev_id),
ret = 0xFF;
for(u32 i = 0; i < 8; i++)
for(u32 i = 0; i < 8 && ret == 0xFF; i++)
{
if(i2cSelectDevice(bus_id, dev_addr) && i2cSelectRegister(bus_id, reg))
{
@@ -130,14 +136,16 @@ u8 i2cReadRegister(u8 dev_id, u8 reg)
i2cStop(bus_id, 1);
i2cWaitBusy(bus_id);
return *i2cGetDataReg(bus_id);
ret = *i2cGetDataReg(bus_id);
}
}
*i2cGetCntReg(bus_id) = 0xC5;
i2cWaitBusy(bus_id);
}
return 0xFF;
wait(3ULL);
return ret;
}
bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data)
@@ -145,7 +153,9 @@ bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data)
u8 bus_id = i2cGetDeviceBusId(dev_id),
dev_addr = i2cGetDeviceRegAddr(dev_id);
for(u32 i = 0; i < 8; i++)
bool ret = false;
for(u32 i = 0; i < 8 && !ret; i++)
{
if(i2cSelectDevice(bus_id, dev_addr) && i2cSelectRegister(bus_id, reg))
{
@@ -154,11 +164,13 @@ bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data)
*i2cGetCntReg(bus_id) = 0xC1;
i2cStop(bus_id, 0);
if(i2cGetResult(bus_id)) return true;
if(i2cGetResult(bus_id)) ret = true;
}
*i2cGetCntReg(bus_id) = 0xC5;
i2cWaitBusy(bus_id);
}
return false;
}
wait(3ULL);
return ret;
}

16
source/i2c.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,13 +15,17 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
* Thanks to the everyone who contributed in the development of this file
* Thanks to whoever contributed in the development of this file
*/
#pragma once
@@ -42,4 +46,4 @@
#define I2C_DEV_IR 13
u8 i2cReadRegister(u8 dev_id, u8 reg);
bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data);
bool i2cWriteRegister(u8 dev_id, u8 reg, u8 data);

124
source/main.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "config.h"
@@ -31,66 +35,47 @@
#include "buttons.h"
#include "pin.h"
#include "crypto.h"
#include "fmt.h"
#include "memory.h"
#include "screen.h"
extern CfgData configData;
extern ConfigurationStatus needConfig;
extern FirmwareSource firmSource;
bool isFirmlaunch;
bool isFirmlaunch = false,
isSdMode;
u16 launchedPath[41];
void main(int argc, char **argv)
void main(int argc, char **argv, u32 magicWord)
{
bool isSafeMode = false,
isNoForceFlagSet = false;
char errbuf[46];
u32 emuHeader;
FirmwareType firmType;
FirmwareSource nandType;
switch(argc)
if((magicWord & 0xFFFF) == 0xBEEF && argc >= 1) //Normal boot
{
case 0:
error("Unsupported launcher (argc = 0).");
break;
case 1: //Normal boot
{
u32 i;
for(i = 0; i < 40 && argv[0][i] != 0; i++) //Copy and convert the path to utf16
launchedPath[i] = argv[0][i];
for(; i < 41; i++)
launchedPath[i] = 0;
isFirmlaunch = false;
break;
}
case 2: //Firmlaunch
{
u32 i;
u16 *p = (u16 *)argv[0];
for(i = 0; i < 40 && p[i] != 0; i++)
launchedPath[i] = p[i];
for(; i < 41; i++)
launchedPath[i] = 0;
isFirmlaunch = true;
break;
}
default:
{
sprintf(errbuf, "Unsupported launcher (argc = %d).", argc);
error(errbuf);
break;
}
u32 i;
for(i = 0; i < 40 && argv[0][i] != 0; i++) //Copy and convert the path to UTF-16
launchedPath[i] = argv[0][i];
launchedPath[i] = 0;
}
else if(magicWord == 0xBABE && argc == 2) //Firmlaunch
{
u32 i;
u16 *p = (u16 *)argv[0];
for(i = 0; i < 40 && p[i] != 0; i++)
launchedPath[i] = p[i];
launchedPath[i] = 0;
//Mount SD or CTRNAND
bool isSdMode;
isFirmlaunch = true;
}
else
{
const char argv[] = "firm0:";
for(u32 i = 0; i < sizeof(argv); i++) //Copy and convert the path to UTF-16
launchedPath[i] = argv[i];
}
if(memcmp(launchedPath, u"sdmc", 8) == 0)
{
@@ -100,16 +85,27 @@ void main(int argc, char **argv)
else if(memcmp(launchedPath, u"nand", 8) == 0)
{
firmSource = FIRMWARE_SYSNAND;
if(!mountFs(false, true)) error("Failed to mount SD and CTRNAND.");
if(!mountFs(false, true)) error("Failed to mount CTRNAND.");
isSdMode = false;
}
else if(memcmp(launchedPath, u"firm", 8) == 0)
{
setupKeyslots();
if(mountFs(true, false)) isSdMode = true;
else if(mountFs(false, true)) isSdMode = false;
else error("Failed to mount SD and CTRNAND.");
}
else
{
char mountPoint[5] = {0};
for(u32 i = 0; i < 4 && launchedPath[i] != u':'; i++)
char mountPoint[5];
u32 i;
for(i = 0; i < 4 && launchedPath[i] != u':'; i++)
mountPoint[i] = (char)launchedPath[i];
sprintf(errbuf, "Launched from an unsupported location: %s.", mountPoint);
error(errbuf);
mountPoint[i] = 0;
error("Launched from an unsupported location: %s.", mountPoint);
}
//Attempt to read the configuration file
@@ -182,7 +178,7 @@ void main(int argc, char **argv)
if(shouldLoadConfigMenu)
{
configMenu(isSdMode, pinExists, pinMode);
configMenu(pinExists, pinMode);
//Update pressed buttons
pressed = HID_PAD;
@@ -273,13 +269,13 @@ boot:
//If we need to boot EmuNAND, make sure it exists
if(nandType != FIRMWARE_SYSNAND)
{
locateEmuNand(&emuHeader, &nandType);
locateEmuNand(&nandType);
if(nandType == FIRMWARE_SYSNAND) firmSource = FIRMWARE_SYSNAND;
}
//Same if we're using EmuNAND as the FIRM source
else if(firmSource != FIRMWARE_SYSNAND)
locateEmuNand(&emuHeader, &firmSource);
locateEmuNand(&firmSource);
if(!isFirmlaunch)
{
@@ -292,19 +288,18 @@ boot:
bool loadFromStorage = CONFIG(LOADEXTFIRMSANDMODULES);
u32 firmVersion = loadFirm(&firmType, firmSource, loadFromStorage, isSafeMode);
bool doUnitinfoPatch = CONFIG(PATCHUNITINFO),
enableExceptionHandlers = CONFIG(ENABLEEXCEPTIONHANDLERS);
bool doUnitinfoPatch = CONFIG(PATCHUNITINFO), enableExceptionHandlers = CONFIG(PATCHUNITINFO);
u32 res;
switch(firmType)
{
case NATIVE_FIRM:
res = patchNativeFirm(firmVersion, nandType, emuHeader, isSafeMode, doUnitinfoPatch, enableExceptionHandlers);
res = patchNativeFirm(firmVersion, nandType, loadFromStorage, isSafeMode, doUnitinfoPatch, enableExceptionHandlers);
break;
case TWL_FIRM:
res = patchTwlFirm(firmVersion, doUnitinfoPatch);
res = patchTwlFirm(firmVersion, loadFromStorage, doUnitinfoPatch);
break;
case AGB_FIRM:
res = patchAgbFirm(doUnitinfoPatch);
res = patchAgbFirm(loadFromStorage, doUnitinfoPatch);
break;
case SAFE_FIRM:
case SYSUPDATER_FIRM:
@@ -313,11 +308,8 @@ boot:
break;
}
if(res != 0)
{
sprintf(errbuf, "Failed to apply %u FIRM patch(es).", res);
error(errbuf);
}
if(res != 0) error("Failed to apply %u FIRM patch(es).", res);
launchFirm(firmType, loadFromStorage);
if(!isFirmlaunch) deinitScreens();
launchFirm(0, NULL);
}

12
source/memory.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*

12
source/memory.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*

300
source/patches.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
@@ -25,13 +29,13 @@
* Signature patches for old FIRMs by SciresM
* firmlaunches patching code originally by delebile
* FIRM partition writes patches by delebile
* ARM11 modules patching code originally by Subv
* Idea for svcBreak patches from yellows8 and others on #3dsdev
* TWL_FIRM patches by Steveice10 and others
*/
#include "patches.h"
#include "fs.h"
#include "exceptions.h"
#include "memory.h"
#include "config.h"
#include "utils.h"
@@ -51,33 +55,138 @@ u8 *getProcess9Info(u8 *pos, u32 size, u32 *process9Size, u32 *process9MemAddr)
return (u8 *)off + (off->ncch.exeFsOffset + 1) * 0x200;
}
u32 *getKernel11Info(u8 *pos, u32 size, u32 *baseK11VA, u8 **freeK11Space, u32 **arm11SvcHandler, u32 **arm11DAbtHandler, u32 **arm11ExceptionsPage)
u32 *getKernel11Info(u8 *pos, u32 size, u32 *baseK11VA, u8 **freeK11Space, u32 **arm11SvcHandler, u32 **arm11ExceptionsPage)
{
const u8 pattern[] = {0x00, 0xB0, 0x9C, 0xE5},
pattern2[] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
const u8 pattern[] = {0x00, 0xB0, 0x9C, 0xE5};
*arm11ExceptionsPage = (u32 *)memsearch(pos, pattern, size, sizeof(pattern));
*freeK11Space = memsearch(pos, pattern2, size, sizeof(pattern2));
if(*arm11ExceptionsPage == NULL || *freeK11Space == NULL) error("Failed to get Kernel11 data.");
if(*arm11ExceptionsPage == NULL) error("Failed to get Kernel11 data.");
u32 *arm11SvcTable;
*arm11ExceptionsPage -= 0xB;
u32 svcOffset = (-(((*arm11ExceptionsPage)[2] & 0xFFFFFF) << 2) & (0xFFFFFF << 2)) - 8; //Branch offset + 8 for prefetch
u32 dabtOffset = (-(((*arm11ExceptionsPage)[4] & 0xFFFFFF) << 2) & (0xFFFFFF << 2)) - 8; //Branch offset + 8 for prefetch
u32 pointedInstructionVA = 0xFFFF0008 - svcOffset;
*baseK11VA = pointedInstructionVA & 0xFFFF0000; //This assumes that the pointed instruction has an offset < 0x10000, iirc that's always the case
arm11SvcTable = *arm11SvcHandler = (u32 *)(pos + *(u32 *)(pos + pointedInstructionVA - *baseK11VA + 8) - *baseK11VA); //SVC handler address
while(*arm11SvcTable) arm11SvcTable++; //Look for SVC0 (NULL)
pointedInstructionVA = 0xFFFF0010 - dabtOffset;
*arm11DAbtHandler = (u32 *)(pos + *(u32 *)(pos + pointedInstructionVA - *baseK11VA + 8) - *baseK11VA);
(*freeK11Space)++;
u32 *freeSpace;
for(freeSpace = *arm11ExceptionsPage; freeSpace < *arm11ExceptionsPage + 0x400 && *freeSpace != 0xFFFFFFFF; freeSpace++);
*freeK11Space = (u8 *) freeSpace;
return arm11SvcTable;
}
void installMMUHook(u8 *pos, u32 size, u8 **freeK11Space)
{
const u8 pattern[] = {0x0E, 0x32, 0xA0, 0xE3, 0x02, 0xC2, 0xA0, 0xE3};
u32 *off = (u32 *)memsearch(pos, pattern, size, 8);
memcpy(*freeK11Space, mmuHook_bin, mmuHook_bin_size);
*off = MAKE_BRANCH_LINK(off, *freeK11Space);
(*freeK11Space) += mmuHook_bin_size;
}
void installK11MainHook(u8 *pos, u32 size, bool isSafeMode, u32 baseK11VA, u32 *arm11SvcTable, u32 *arm11ExceptionsPage, u8 **freeK11Space)
{
const u8 pattern[] = {0x00, 0x00, 0xA0, 0xE1, 0x03, 0xF0, 0x20, 0xE3, 0xFD, 0xFF, 0xFF, 0xEA};
u32 *off = (u32 *)memsearch(pos, pattern, size, 12);
// look for cpsie i and place our function call in the nop 2 instructions before
while(*off != 0xF1080080) off--;
off -= 2;
memcpy(*freeK11Space, k11MainHook_bin, k11MainHook_bin_size);
u32 relocBase = 0xFFFF0000 + (*freeK11Space - (u8 *)arm11ExceptionsPage);
*off = MAKE_BRANCH_LINK(baseK11VA + ((u8 *)off - pos), relocBase);
off = (u32 *)(pos + (arm11SvcTable[0x50] - baseK11VA)); //svcBindInterrupt
while(off[0] != 0xE1A05000 || off[1] != 0xE2100102 || off[2] != 0x5A00000B) off++;
off--;
signed int offset = (*off & 0xFFFFFF) << 2;
offset = offset << 6 >> 6; // sign extend
offset += 8;
u32 InterruptManager_mapInterrupt = baseK11VA + ((u8 *)off - pos) + offset;
u32 interruptManager = *(u32 *)(off - 4 + (*(off - 6) & 0xFFF) / 4);
off = (u32 *)memsearch(*freeK11Space, "bind", k11MainHook_bin_size, 4);
*off++ = InterruptManager_mapInterrupt;
// Relocate stuff
*off++ += relocBase;
*off++ += relocBase;
off++;
*off++ = interruptManager;
off += 10;
struct CfwInfo
{
char magic[4];
u8 versionMajor;
u8 versionMinor;
u8 versionBuild;
u8 flags;
u32 commitHash;
u32 config;
} __attribute__((packed)) *info = (struct CfwInfo *)off;
const char *rev = REVISION;
memcpy(&info->magic, "LUMA", 4);
info->commitHash = COMMIT_HASH;
info->config = configData.config;
info->versionMajor = (u8)(rev[1] - '0');
info->versionMinor = (u8)(rev[3] - '0');
if(rev[4] == '.')
info->versionBuild = (u8)(rev[5] - '0');
const char *revpos;
for(revpos = rev + 4; *revpos != 0 && *revpos != '-'; revpos++);
bool isRelease = *revpos != '-';
if(isRelease) info->flags = 1;
if(ISN3DS) info->flags |= 1 << 4;
if(isSafeMode) info->flags |= 1 << 5;
if(isSdMode) info->flags |= 1 << 6;
(*freeK11Space) += k11MainHook_bin_size;
}
void installSvcConnectToPortInitHook(u32 *arm11SvcTable, u32 *arm11ExceptionsPage, u8 **freeK11Space)
{
u32 addr = 0xFFFF0000 + (u32)*freeK11Space - (u32)arm11ExceptionsPage;
u32 svcSleepThreadAddr = arm11SvcTable[0x0A], svcConnectToPortAddr = arm11SvcTable[0x2D];
arm11SvcTable[0x2D] = addr;
memcpy(*freeK11Space, svcConnectToPortInitHook_bin, svcConnectToPortInitHook_bin_size);
u32 *off = (u32 *)memsearch(*freeK11Space, "orig", svcConnectToPortInitHook_bin_size, 4);
off[0] = svcConnectToPortAddr;
off[1] = svcSleepThreadAddr;
(*freeK11Space) += svcConnectToPortInitHook_bin_size;
}
void installSvcCustomBackdoor(u32 *arm11SvcTable, u8 **freeK11Space, u32 *arm11ExceptionsPage)
{
memcpy(*freeK11Space, svcCustomBackdoor_bin, svcCustomBackdoor_bin_size);
*((u32 *)*freeK11Space + 1) = arm11SvcTable[0x2F]; // temporary location
arm11SvcTable[0x2F] = 0xFFFF0000 + *freeK11Space - (u8 *)arm11ExceptionsPage;
(*freeK11Space) += svcCustomBackdoor_bin_size;
}
u32 patchSignatureChecks(u8 *pos, u32 size)
{
//Look for signature checks
@@ -237,85 +346,29 @@ u32 patchCheckForDevCommonKey(u8 *pos, u32 size)
return 0;
}
u32 reimplementSvcBackdoor(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA, u8 **freeK11Space)
u32 patchK11ModuleLoading(u32 section0size, u32 modulesSize, u8 *pos, u32 size)
{
if(arm11SvcTable[0x7B] != 0) return 0;
const u8 moduleLoadingPattern[] = {0xE2, 0x05, 0x00, 0x57},
modulePidPattern[] = {0x06, 0xA0, 0xE1, 0xF2}; //GetSystemInfo
//Official implementation of svcBackdoor
const u8 svcBackdoor[] = {0xFF, 0x10, 0xCD, 0xE3, //bic r1, sp, #0xff
0x0F, 0x1C, 0x81, 0xE3, //orr r1, r1, #0xf00
0x28, 0x10, 0x81, 0xE2, //add r1, r1, #0x28
0x00, 0x20, 0x91, 0xE5, //ldr r2, [r1]
0x00, 0x60, 0x22, 0xE9, //stmdb r2!, {sp, lr}
0x02, 0xD0, 0xA0, 0xE1, //mov sp, r2
0x30, 0xFF, 0x2F, 0xE1, //blx r0
0x03, 0x00, 0xBD, 0xE8, //pop {r0, r1}
0x00, 0xD0, 0xA0, 0xE1, //mov sp, r0
0x11, 0xFF, 0x2F, 0xE1}; //bx r1
u8 *off = memsearch(pos, moduleLoadingPattern, size, 4);
if(*(u32 *)(*freeK11Space + sizeof(svcBackdoor) - 4) != 0xFFFFFFFF) return 1;
if(off == NULL) return 1;
memcpy(*freeK11Space, svcBackdoor, sizeof(svcBackdoor));
off[1]++;
arm11SvcTable[0x7B] = baseK11VA + *freeK11Space - pos;
*freeK11Space += sizeof(svcBackdoor);
u32 *off32;
for(off32 = (u32 *)(off - 3); *off32 != 0xE59F0000; off32++);
off32 += 2;
off32[1] = off32[0] + modulesSize;
for(; *off32 != section0size; off32++);
*off32 += ((modulesSize + 0x1FF) >> 9) << 9;
return 0;
}
off = memsearch(pos, modulePidPattern, size, 4);
u32 stubSvcRestrictGpuDma(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA)
{
if(arm11SvcTable[0x59] != 0)
{
u32 *off = (u32 *)(pos + arm11SvcTable[0x59] - baseK11VA);
off[1] = 0xE1A00000; //replace call to inner function by a NOP
}
if(off == NULL) return 1;
return 0;
}
u32 implementSvcGetCFWInfo(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA, u8 **freeK11Space, bool isSafeMode)
{
if(*(u32 *)(*freeK11Space + svcGetCFWInfo_bin_size - 4) != 0xFFFFFFFF) return 1;
memcpy(*freeK11Space, svcGetCFWInfo_bin, svcGetCFWInfo_bin_size);
struct CfwInfo
{
char magic[4];
u8 versionMajor;
u8 versionMinor;
u8 versionBuild;
u8 flags;
u32 commitHash;
u32 config;
} __attribute__((packed)) *info = (struct CfwInfo *)memsearch(*freeK11Space, "LUMA", svcGetCFWInfo_bin_size, 4);
const char *rev = REVISION;
info->commitHash = COMMIT_HASH;
info->config = configData.config;
info->versionMajor = (u8)(rev[1] - '0');
info->versionMinor = (u8)(rev[3] - '0');
bool isRelease;
if(rev[4] == '.')
{
info->versionBuild = (u8)(rev[5] - '0');
isRelease = rev[6] == 0;
}
else isRelease = rev[4] == 0;
if(isRelease) info->flags = 1;
if(ISN3DS) info->flags |= 1 << 4;
if(isSafeMode) info->flags |= 1 << 5;
arm11SvcTable[0x2E] = baseK11VA + *freeK11Space - pos; //Stubbed svc
*freeK11Space += svcGetCFWInfo_bin_size;
off[0xB] = 6;
return 0;
}
@@ -351,22 +404,6 @@ u32 patchArm9ExceptionHandlersInstall(u8 *pos, u32 size)
return 0;
}
u32 getInfoForArm11ExceptionHandlers(u8 *pos, u32 size, u32 *codeSetOffset)
{
const u8 pattern[] = {0x1B, 0x50, 0xA0, 0xE3}, //Get TitleID from CodeSet
pattern2[] = {0xE8, 0x13, 0x00, 0x02}; //Call exception dispatcher
u32 *loadCodeSet = (u32 *)memsearch(pos, pattern, size, sizeof(pattern));
u8 *temp = memsearch(pos, pattern2, size, sizeof(pattern2));
if(loadCodeSet == NULL || temp == NULL) error("Failed to get ARM11 exception handlers data.");
loadCodeSet -= 2;
*codeSetOffset = *loadCodeSet & 0xFFF;
return *(u32 *)(temp + 9);
}
u32 patchSvcBreak9(u8 *pos, u32 size, u32 kernel9Address)
{
//Stub svcBreak with "bkpt 65535" so we can debug the panic
@@ -386,13 +423,6 @@ u32 patchSvcBreak9(u8 *pos, u32 size, u32 kernel9Address)
return 0;
}
void patchSvcBreak11(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA)
{
//Same as above, for NATIVE_FIRM ARM11
u32 *addr = (u32 *)(pos + arm11SvcTable[0x3C] - baseK11VA);
*addr = 0xE12FFF7F;
}
u32 patchKernel9Panic(u8 *pos, u32 size)
{
const u8 pattern[] = {0xFF, 0xEA, 0x04, 0xD0};
@@ -407,19 +437,6 @@ u32 patchKernel9Panic(u8 *pos, u32 size)
return 0;
}
u32 patchKernel11Panic(u8 *pos, u32 size)
{
const u8 pattern[] = {0x02, 0x0B, 0x44, 0xE2};
u32 *off = (u32 *)memsearch(pos, pattern, size, sizeof(pattern));
if(off == NULL) return 1;
*off = 0xE12FFF7E;
return 0;
}
u32 patchP9AccessChecks(u8 *pos, u32 size)
{
const u8 pattern[] = {0x00, 0x08, 0x49, 0x68};
@@ -435,45 +452,6 @@ u32 patchP9AccessChecks(u8 *pos, u32 size)
return 0;
}
u32 patchArm11SvcAccessChecks(u32 *arm11SvcHandler, u32 *endPos)
{
while(*arm11SvcHandler != 0xE11A0E1B && arm11SvcHandler < endPos) arm11SvcHandler++; //TST R10, R11,LSL LR
if(arm11SvcHandler == endPos) return 1;
*arm11SvcHandler = 0xE3B0A001; //MOVS R10, #1
return 0;
}
u32 patchK11ModuleChecks(u8 *pos, u32 size, u8 **freeK11Space, bool patchGames)
{
/* We have to detour a function in the ARM11 kernel because builtin modules
are compressed in memory and are only decompressed at runtime */
//Check that we have enough free space
if(*(u32 *)(*freeK11Space + k11modules_bin_size - 4) != 0xFFFFFFFF) return patchGames ? 1 : 0;
//Look for the code that decompresses the .code section of the builtin modules
const u8 pattern[] = {0xE5, 0x48, 0x00, 0x9D};
u8 *temp = memsearch(pos, pattern, size, sizeof(pattern));
if(temp == NULL) return 1;
//Inject our code into the free space
memcpy(*freeK11Space, k11modules_bin, k11modules_bin_size);
u32 *off = (u32 *)(temp - 0xB);
//Inject a jump (BL) instruction to our code at the offset we found
*off = 0xEB000000 | (((((u32)*freeK11Space) - ((u32)off + 8)) >> 2) & 0xFFFFFF);
*freeK11Space += k11modules_bin_size;
return 0;
}
u32 patchUnitInfoValueSet(u8 *pos, u32 size)
{
//Look for UNITINFO value being set during kernel sync

28
source/patches.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
@@ -25,7 +29,6 @@
* Signature patches for old FIRMs by SciresM
* firmlaunches patching code originally by delebile
* FIRM partition writes patches by delebile
* ARM11 modules patching code originally by Subv
* Idea for svcBreak patches from yellows8 and others on #3dsdev
* TWL_FIRM patches by Steveice10 and others
*/
@@ -37,7 +40,11 @@
extern CfgData configData;
u8 *getProcess9Info(u8 *pos, u32 size, u32 *process9Size, u32 *process9MemAddr);
u32 *getKernel11Info(u8 *pos, u32 size, u32 *baseK11VA, u8 **freeK11Space, u32 **arm11SvcHandler, u32 **arm11DAbtHandler, u32 **arm11ExceptionsPage);
u32 *getKernel11Info(u8 *pos, u32 size, u32 *baseK11VA, u8 **freeK11Space, u32 **arm11SvcHandler, u32 **arm11ExceptionsPage);
void installMMUHook(u8 *pos, u32 size, u8 **freeK11Space);
void installK11MainHook(u8 *pos, u32 size, bool isSafeMode, u32 baseK11VA, u32 *arm11SvcTable, u32 *arm11ExceptionsPage, u8 **freeK11Space);
void installSvcConnectToPortInitHook(u32 *arm11SvcTable, u32 *arm11ExceptionsPage, u8 **freeK11Space);
void installSvcCustomBackdoor(u32 *arm11SvcTable, u8 **freeK11Space, u32 *arm11ExceptionsPage);
u32 patchSignatureChecks(u8 *pos, u32 size);
u32 patchOldSignatureChecks(u8 *pos, u32 size);
u32 patchFirmlaunches(u8 *pos, u32 size, u32 process9MemAddr);
@@ -47,18 +54,11 @@ u32 patchTitleInstallMinVersionChecks(u8 *pos, u32 size, u32 firmVersion);
u32 patchZeroKeyNcchEncryptionCheck(u8 *pos, u32 size);
u32 patchNandNcchEncryptionCheck(u8 *pos, u32 size);
u32 patchCheckForDevCommonKey(u8 *pos, u32 size);
u32 reimplementSvcBackdoor(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA, u8 **freeK11Space);
u32 stubSvcRestrictGpuDma(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA);
u32 implementSvcGetCFWInfo(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA, u8 **freeK11Space, bool isSafeMode);
u32 patchK11ModuleLoading(u32 section0size, u32 modulesSize, u8 *startPos, u32 size);
u32 patchArm9ExceptionHandlersInstall(u8 *pos, u32 size);
u32 getInfoForArm11ExceptionHandlers(u8 *pos, u32 size, u32 *codeSetOffset);
u32 patchSvcBreak9(u8 *pos, u32 size, u32 kernel9Address);
void patchSvcBreak11(u8 *pos, u32 *arm11SvcTable, u32 baseK11VA);
u32 patchKernel9Panic(u8 *pos, u32 size);
u32 patchKernel11Panic(u8 *pos, u32 size);
u32 patchP9AccessChecks(u8 *pos, u32 size);
u32 patchArm11SvcAccessChecks(u32 *arm11SvcHandler, u32 *endPos);
u32 patchK11ModuleChecks(u8 *pos, u32 size, u8 **freeK11Space, bool patchGames);
u32 patchUnitInfoValueSet(u8 *pos, u32 size);
u32 patchLgySignatureChecks(u8 *pos, u32 size);
u32 patchTwlInvalidSignatureChecks(u8 *pos, u32 size);

12
source/pin.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*

14
source/pin.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
@@ -33,4 +37,4 @@
#define PIN_VERSIONMINOR 3
void newPin(bool allowSkipping, u32 pinMode);
bool verifyPin(u32 pinMode);
bool verifyPin(u32 pinMode);

263
source/screen.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
@@ -25,273 +29,94 @@
* Screen deinit code by tiniVi
*/
/*
* About cache coherency:
*
* Flushing the data cache for all memory regions read from/written to by both processors is mandatory on the ARM9 processor.
* Thus, we make sure there'll be a cache miss on the ARM9 next time it's read.
* Otherwise the ARM9 won't see the changes made and things will break.
*
* On the ARM11, in the environment we're in, the MMU isn't enabled and nothing is cached.
*/
#include "screen.h"
#include "config.h"
#include "memory.h"
#include "cache.h"
#include "i2c.h"
#include "utils.h"
static vu32 *arm11Entry = (vu32 *)0x1FFFFFFC;
struct fb fbs[2];
static const u32 brightness[4] = {0x5F, 0x4C, 0x39, 0x26};
void __attribute__((naked)) arm11Stub(void)
static volatile Arm11Operation *operation = (volatile Arm11Operation *)0x1FF80004;
static void invokeArm11Function(Arm11Operation op)
{
WAIT_FOR_ARM9();
while(*operation != ARM11_READY);
*operation = op;
while(*operation != ARM11_READY);
}
static void invokeArm11Function(void (*func)())
void prepareArm11ForFirmlaunch(void)
{
static bool hasCopiedStub = false;
if(!hasCopiedStub)
{
memcpy((void *)ARM11_STUB_ADDRESS, arm11Stub, 0x2C);
hasCopiedStub = true;
}
*arm11Entry = (u32)func;
while(*arm11Entry);
*arm11Entry = ARM11_STUB_ADDRESS;
while(*arm11Entry);
invokeArm11Function(PREPARE_ARM11_FOR_FIRMLAUNCH);
}
void deinitScreens(void)
{
void __attribute__((naked)) ARM11(void)
{
//Disable interrupts
__asm(".word 0xF10C01C0");
//Shutdown LCDs
*(vu32 *)0x10202A44 = 0;
*(vu32 *)0x10202244 = 0;
*(vu32 *)0x10202014 = 0;
WAIT_FOR_ARM9();
}
if(ARESCREENSINITIALIZED) invokeArm11Function(ARM11);
if(ARESCREENSINITIALIZED) invokeArm11Function(DEINIT_SCREENS);
}
void updateBrightness(u32 brightnessIndex)
{
static u32 brightnessLevel;
brightnessLevel = brightness[brightnessIndex];
void __attribute__((naked)) ARM11(void)
{
//Disable interrupts
__asm(".word 0xF10C01C0");
//Change brightness
*(vu32 *)0x10202240 = brightnessLevel;
*(vu32 *)0x10202A40 = brightnessLevel;
WAIT_FOR_ARM9();
}
flushDCacheRange(&brightnessLevel, 4);
invokeArm11Function(ARM11);
*(vu32 *)ARM11_PARAMETERS_ADDRESS = brightness[brightnessIndex];
invokeArm11Function(UPDATE_BRIGHTNESS);
}
void swapFramebuffers(bool isAlternate)
{
static u32 isAlternateTmp;
isAlternateTmp = isAlternate ? 1 : 0;
void __attribute__((naked)) ARM11(void)
{
//Disable interrupts
__asm(".word 0xF10C01C0");
*(vu32 *)0x10400478 = (*(vu32 *)0x10400478 & 0xFFFFFFFE) | isAlternateTmp;
*(vu32 *)0x10400578 = (*(vu32 *)0x10400478 & 0xFFFFFFFE) | isAlternateTmp;
WAIT_FOR_ARM9();
}
flushDCacheRange(&isAlternateTmp, 4);
invokeArm11Function(ARM11);
*(volatile bool *)ARM11_PARAMETERS_ADDRESS = isAlternate;
invokeArm11Function(SWAP_FRAMEBUFFERS);
}
void clearScreens(bool isAlternate)
{
static volatile struct fb *fbTmp;
fbTmp = isAlternate ? &fbs[1] : &fbs[0];
struct fb *fbTemp = isAlternate ? &fbs[1] : &fbs[0];
void __attribute__((naked)) ARM11(void)
{
//Disable interrupts
__asm(".word 0xF10C01C0");
*(volatile struct fb *)ARM11_PARAMETERS_ADDRESS = *fbTemp;
invokeArm11Function(CLEAR_SCREENS);
}
//Setting up two simultaneous memory fills using the GPU
static void initScreensSequence(void)
{
*(vu32 *)ARM11_PARAMETERS_ADDRESS = brightness[MULTICONFIG(BRIGHTNESS)];
invokeArm11Function(INIT_SCREENS_SEQUENCE);
}
vu32 *REGs_PSC0 = (vu32 *)0x10400010,
*REGs_PSC1 = (vu32 *)0x10400020;
static void setupFramebuffers(void)
{
fbs[0].top_left = (u8 *)0x18300000;
fbs[1].top_left = (u8 *)0x18400000;
fbs[0].top_right = (u8 *)0x18300000;
fbs[1].top_right = (u8 *)0x18400000;
fbs[0].bottom = (u8 *)0x18346500;
fbs[1].bottom = (u8 *)0x18446500;
REGs_PSC0[0] = (u32)fbTmp->top_left >> 3; //Start address
REGs_PSC0[1] = (u32)(fbTmp->top_left + SCREEN_TOP_FBSIZE) >> 3; //End address
REGs_PSC0[2] = 0; //Fill value
REGs_PSC0[3] = (2 << 8) | 1; //32-bit pattern; start
REGs_PSC1[0] = (u32)fbTmp->bottom >> 3; //Start address
REGs_PSC1[1] = (u32)(fbTmp->bottom + SCREEN_BOTTOM_FBSIZE) >> 3; //End address
REGs_PSC1[2] = 0; //Fill value
REGs_PSC1[3] = (2 << 8) | 1; //32-bit pattern; start
while(!((REGs_PSC0[3] & 2) && (REGs_PSC1[3] & 2)));
WAIT_FOR_ARM9();
}
flushDCacheRange((void *)fbTmp, sizeof(struct fb));
flushDCacheRange(&fbTmp, 4);
invokeArm11Function(ARM11);
memcpy((void *)ARM11_PARAMETERS_ADDRESS, fbs, sizeof(fbs));
invokeArm11Function(SETUP_FRAMEBUFFERS);
}
void initScreens(void)
{
void __attribute__((naked)) initSequence(void)
{
//Disable interrupts
__asm(".word 0xF10C01C0");
u32 brightnessLevel = brightness[MULTICONFIG(BRIGHTNESS)];
*(vu32 *)0x10141200 = 0x1007F;
*(vu32 *)0x10202014 = 0x00000001;
*(vu32 *)0x1020200C &= 0xFFFEFFFE;
*(vu32 *)0x10202240 = brightnessLevel;
*(vu32 *)0x10202A40 = brightnessLevel;
*(vu32 *)0x10202244 = 0x1023E;
*(vu32 *)0x10202A44 = 0x1023E;
//Top screen
*(vu32 *)0x10400400 = 0x000001c2;
*(vu32 *)0x10400404 = 0x000000d1;
*(vu32 *)0x10400408 = 0x000001c1;
*(vu32 *)0x1040040c = 0x000001c1;
*(vu32 *)0x10400410 = 0x00000000;
*(vu32 *)0x10400414 = 0x000000cf;
*(vu32 *)0x10400418 = 0x000000d1;
*(vu32 *)0x1040041c = 0x01c501c1;
*(vu32 *)0x10400420 = 0x00010000;
*(vu32 *)0x10400424 = 0x0000019d;
*(vu32 *)0x10400428 = 0x00000002;
*(vu32 *)0x1040042c = 0x00000192;
*(vu32 *)0x10400430 = 0x00000192;
*(vu32 *)0x10400434 = 0x00000192;
*(vu32 *)0x10400438 = 0x00000001;
*(vu32 *)0x1040043c = 0x00000002;
*(vu32 *)0x10400440 = 0x01960192;
*(vu32 *)0x10400444 = 0x00000000;
*(vu32 *)0x10400448 = 0x00000000;
*(vu32 *)0x1040045C = 0x00f00190;
*(vu32 *)0x10400460 = 0x01c100d1;
*(vu32 *)0x10400464 = 0x01920002;
*(vu32 *)0x10400468 = 0x18300000;
*(vu32 *)0x10400470 = 0x80341;
*(vu32 *)0x10400474 = 0x00010501;
*(vu32 *)0x10400478 = 0;
*(vu32 *)0x10400490 = 0x000002D0;
*(vu32 *)0x1040049C = 0x00000000;
//Disco register
for(u32 i = 0; i < 256; i++)
*(vu32 *)0x10400484 = 0x10101 * i;
//Bottom screen
*(vu32 *)0x10400500 = 0x000001c2;
*(vu32 *)0x10400504 = 0x000000d1;
*(vu32 *)0x10400508 = 0x000001c1;
*(vu32 *)0x1040050c = 0x000001c1;
*(vu32 *)0x10400510 = 0x000000cd;
*(vu32 *)0x10400514 = 0x000000cf;
*(vu32 *)0x10400518 = 0x000000d1;
*(vu32 *)0x1040051c = 0x01c501c1;
*(vu32 *)0x10400520 = 0x00010000;
*(vu32 *)0x10400524 = 0x0000019d;
*(vu32 *)0x10400528 = 0x00000052;
*(vu32 *)0x1040052c = 0x00000192;
*(vu32 *)0x10400530 = 0x00000192;
*(vu32 *)0x10400534 = 0x0000004f;
*(vu32 *)0x10400538 = 0x00000050;
*(vu32 *)0x1040053c = 0x00000052;
*(vu32 *)0x10400540 = 0x01980194;
*(vu32 *)0x10400544 = 0x00000000;
*(vu32 *)0x10400548 = 0x00000011;
*(vu32 *)0x1040055C = 0x00f00140;
*(vu32 *)0x10400560 = 0x01c100d1;
*(vu32 *)0x10400564 = 0x01920052;
*(vu32 *)0x10400568 = 0x18300000 + 0x46500;
*(vu32 *)0x10400570 = 0x80301;
*(vu32 *)0x10400574 = 0x00010501;
*(vu32 *)0x10400578 = 0;
*(vu32 *)0x10400590 = 0x000002D0;
*(vu32 *)0x1040059C = 0x00000000;
//Disco register
for(u32 i = 0; i < 256; i++)
*(vu32 *)0x10400584 = 0x10101 * i;
WAIT_FOR_ARM9();
}
//Set CakeBrah framebuffers
void __attribute__((naked)) setupFramebuffers(void)
{
//Disable interrupts
__asm(".word 0xF10C01C0");
fbs[0].top_left = (u8 *)0x18300000;
fbs[1].top_left = (u8 *)0x18400000;
fbs[0].top_right = (u8 *)0x18300000;
fbs[1].top_right = (u8 *)0x18400000;
fbs[0].bottom = (u8 *)0x18346500;
fbs[1].bottom = (u8 *)0x18446500;
*(vu32 *)0x10400468 = (u32)fbs[0].top_left;
*(vu32 *)0x1040046c = (u32)fbs[1].top_left;
*(vu32 *)0x10400494 = (u32)fbs[0].top_right;
*(vu32 *)0x10400498 = (u32)fbs[1].top_right;
*(vu32 *)0x10400568 = (u32)fbs[0].bottom;
*(vu32 *)0x1040056c = (u32)fbs[1].bottom;
WAIT_FOR_ARM9();
}
static bool needToSetup = true;
if(needToSetup)
{
if(!ARESCREENSINITIALIZED)
{
flushDCacheRange(&configData, sizeof(CfgData));
invokeArm11Function(initSequence);
initScreensSequence();
//Turn on backlight
i2cWriteRegister(I2C_DEV_MCU, 0x22, 0x2A);
wait(3ULL);
}
else updateBrightness(MULTICONFIG(BRIGHTNESS));
flushDCacheRange((void *)fbs, 2 * sizeof(struct fb));
invokeArm11Function(setupFramebuffers);
setupFramebuffers();
needToSetup = false;
}
clearScreens(false);
clearScreens(true);
swapFramebuffers(false);
}

33
source/screen.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
@@ -33,8 +37,7 @@
#define ARESCREENSINITIALIZED (PDN_GPU_CNT != 1)
#define ARM11_STUB_ADDRESS 0x1FFFFF00
#define WAIT_FOR_ARM9() *arm11Entry = 0; while(!*arm11Entry); ((void (*)())*arm11Entry)();
#define ARM11_PARAMETERS_ADDRESS 0x1FFFF000
#define SCREEN_TOP_WIDTH 400
#define SCREEN_BOTTOM_WIDTH 320
@@ -42,14 +45,28 @@
#define SCREEN_TOP_FBSIZE (3 * SCREEN_TOP_WIDTH * SCREEN_HEIGHT)
#define SCREEN_BOTTOM_FBSIZE (3 * SCREEN_BOTTOM_WIDTH * SCREEN_HEIGHT)
static volatile struct fb {
struct fb {
u8 *top_left;
u8 *top_right;
u8 *bottom;
} __attribute__((packed)) *const fbs = (volatile struct fb *)0x23FFFE00;
} __attribute__((packed));
typedef enum
{
INIT_SCREENS_SEQUENCE = 0,
SETUP_FRAMEBUFFERS,
CLEAR_SCREENS,
SWAP_FRAMEBUFFERS,
UPDATE_BRIGHTNESS,
DEINIT_SCREENS,
PREPARE_ARM11_FOR_FIRMLAUNCH,
ARM11_READY,
} Arm11Operation;
extern struct fb fbs[2];
extern CfgData configData;
void prepareArm11ForFirmlaunch(void);
void deinitScreens(void);
void swapFramebuffers(bool isAlternate);
void updateBrightness(u32 brightnessIndex);

71
source/start.s
View File

@@ -1,5 +1,5 @@
@ This file is part of Luma3DS
@ Copyright (C) 2016 Aurora Wright, TuxSH
@ Copyright (C) 2016-2017 Aurora Wright, TuxSH
@
@ This program is free software: you can redistribute it and/or modify
@ it under the terms of the GNU General Public License as published by
@@ -14,57 +14,60 @@
@ You should have received a copy of the GNU General Public License
@ along with this program. If not, see <http://www.gnu.org/licenses/>.
@
@ Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
@ reasonable legal notices or author attributions in that material or in the Appropriate Legal
@ Notices displayed by works containing it.
@ Thanks to the numerous people who took part in writing this file
@ Additional Terms 7.b and 7.c of GPLv3 apply to this file:
@ * Requiring preservation of specified reasonable legal notices or
@ author attributions in that material or in the Appropriate Legal
@ Notices displayed by works containing it.
@ * Prohibiting misrepresentation of the origin of that material,
@ or requiring that modified versions of such material be marked in
@ reasonable ways as different from the original version.
.section .text.start
.align 4
.global _start
_start:
@ Disable interrupts
mrs r4, cpsr
@ Disable interrupts and switch to supervisor mode (also clear flags)
mov r4, #0x13
orr r4, #0x1C0
msr cpsr_cx, r4
ldr r4, =0xBEEF
cmp r2, r4
movne r0, #0 @ check magic word
msr cpsr_cxsf, r4
mov r9, r0
mov r10, r1
mov r11, r2
@ Change the stack pointer
mov sp, #0x27000000
mov sp, #0x08100000
@ Disable caches / MPU
mrc p15, 0, r4, c1, c0, 0 @ read control register
bic r4, #(1<<16) @ - DTCM disable
bic r4, #(1<<12) @ - instruction cache disable
bic r4, #(1<<2) @ - data cache disable
bic r4, #(1<<0) @ - mpu disable
bic r4, #(1<<0) @ - MPU disable
mcr p15, 0, r4, c1, c0, 0 @ write control register
@ Flush caches
bl flushEntireDCache
bl flushEntireICache
@ Invalidate both caches, discarding any data they may contain,
@ then drain the write buffer
mov r4, #0
mcr p15, 0, r4, c7, c5, 0
mcr p15, 0, r4, c7, c6, 0
mcr p15, 0, r4, c7, c10, 4
@ Give read/write access to all the memory regions
ldr r0, =0x3333333
ldr r0, =0x33333333
mcr p15, 0, r0, c5, c0, 2 @ write data access
mcr p15, 0, r0, c5, c0, 3 @ write instruction access
@ Set MPU permissions and cache settings
ldr r0, =0xFFFF001D @ ffff0000 32k | bootrom (unprotected part)
ldr r1, =0x01FF801D @ 01ff8000 32k | itcm
ldr r2, =0x08000029 @ 08000000 2M | arm9 mem (O3DS / N3DS)
ldr r3, =0x10000029 @ 10000000 2M | io mem (ARM9 / first 2MB)
ldr r4, =0x20000037 @ 20000000 256M | fcram (O3DS / N3DS)
ldr r5, =0x1FF00027 @ 1FF00000 1M | dsp / axi wram
ldr r6, =0x1800002D @ 18000000 8M | vram (+ 2MB)
mov r7, #0
mov r8, #0x15
ldr r1, =0xFFF0001B @ fff00000 16k | dtcm
ldr r2, =0x01FF801D @ 01ff8000 32k | itcm
ldr r3, =0x08000027 @ 08000000 1M | arm9 mem
ldr r4, =0x10000029 @ 10000000 2M | io mem (ARM9 / first 2MB)
ldr r5, =0x20000035 @ 20000000 128M | fcram
ldr r6, =0x1FF00027 @ 1FF00000 1M | dsp / axi wram
ldr r7, =0x1800002D @ 18000000 8M | vram (+ 2MB)
mov r8, #0x29
mcr p15, 0, r0, c6, c0, 0
mcr p15, 0, r1, c6, c1, 0
mcr p15, 0, r2, c6, c2, 0
@@ -73,17 +76,22 @@ _start:
mcr p15, 0, r5, c6, c5, 0
mcr p15, 0, r6, c6, c6, 0
mcr p15, 0, r7, c6, c7, 0
mcr p15, 0, r8, c3, c0, 0 @ Write bufferable 0, 2, 4
mcr p15, 0, r8, c2, c0, 0 @ Data cacheable 0, 2, 4
mcr p15, 0, r8, c2, c0, 1 @ Inst cacheable 0, 2, 4
mcr p15, 0, r8, c3, c0, 0 @ Write bufferable 0, 3, 5
mcr p15, 0, r8, c2, c0, 0 @ Data cacheable 0, 3, 5
mcr p15, 0, r8, c2, c0, 1 @ Inst cacheable 0, 3, 5
@ Set DTCM address and size to the default values
ldr r1, =0xFFF0000A @ set DTCM address and size
mcr p15, 0, r1, c9, c1, 0 @ set the dtcm Region Register
@ Enable caches / MPU / ITCM
mrc p15, 0, r0, c1, c0, 0 @ read control register
orr r0, r0, #(1<<18) @ - ITCM enable
orr r0, r0, #(1<<16) @ - DTCM enable
orr r0, r0, #(1<<13) @ - alternate exception vectors enable
orr r0, r0, #(1<<12) @ - instruction cache enable
orr r0, r0, #(1<<2) @ - data cache enable
orr r0, r0, #(1<<0) @ - mpu enable
orr r0, r0, #(1<<0) @ - MPU enable
mcr p15, 0, r0, c1, c0, 0 @ write control register
@ Fix mounting of SDMC
@@ -100,4 +108,5 @@ _start:
mov r0, r9
mov r1, r10
mov r2, r11
b main

12
source/strings.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#include "strings.h"

12
source/strings.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once

24
source/types.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
#pragma once
@@ -47,18 +51,14 @@ typedef volatile s64 vs64;
#include "3dsheaders.h"
#define ARM11_CORE0_MAILBOX_ENTRYPOINT *(vu32 *)0x1FFFFFFC
#define CFG_SYSPROT9 (*(vu8 *)0x10000000)
#define CFG_BOOTENV (*(vu32 *)0x10010000)
#define CFG_UNITINFO (*(vu8 *)0x10010010)
#define CFG_TWLUNITINFO (*(vu8 *)0x10010014)
#define OTP_DEVCONSOLEID (*(vu64 *)0x10012000)
#define OTP_TWLCONSOLEID (*(vu64 *)0x10012100)
#define PDN_MPCORE_CFG (*(vu32 *)0x10140FFC)
#define PDN_SPI_CNT (*(vu32 *)0x101401C0)
#define CFG11_SOCINFO (*(vu32 *)0x10140FFC)
#define ISN3DS (PDN_MPCORE_CFG == 7)
#define ISN3DS (CFG11_SOCINFO & 2)
#define ISDEVUNIT (CFG_UNITINFO != 0)
typedef struct __attribute__((packed))
@@ -112,6 +112,8 @@ typedef enum FirmwareType
NATIVE_FIRM1X2X
} FirmwareType;
extern bool isFirmlaunch,
isSdMode;
extern u16 launchedFirmTidLow[8];
extern u16 launchedPath[41];
extern bool isFirmlaunch;

43
source/utils.c
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
@@ -30,9 +34,16 @@
#include "screen.h"
#include "draw.h"
#include "cache.h"
#include "fmt.h"
#include <stdarg.h>
static void startChrono(void)
{
static bool isChronoStarted = false;
if(isChronoStarted) return;
REG_TIMER_CNT(0) = 0; //67MHz
for(u32 i = 1; i < 4; i++) REG_TIMER_CNT(i) = 4; //Count-up
@@ -40,6 +51,8 @@ static void startChrono(void)
REG_TIMER_CNT(0) = 0x80; //67MHz; enabled
for(u32 i = 1; i < 4; i++) REG_TIMER_CNT(i) = 0x84; //Count-up; enabled
isChronoStarted = true;
}
static u64 chrono(void)
@@ -55,6 +68,7 @@ static u64 chrono(void)
u32 waitInput(bool isMenu)
{
static u64 dPadDelay = 0ULL;
u64 initialValue = 0ULL;
u32 key,
oldKey = HID_PAD;
@@ -62,6 +76,7 @@ u32 waitInput(bool isMenu)
{
dPadDelay = dPadDelay > 0ULL ? 87ULL : 143ULL;
startChrono();
initialValue = chrono();
}
while(true)
@@ -70,13 +85,13 @@ u32 waitInput(bool isMenu)
if(!key)
{
if(i2cReadRegister(I2C_DEV_MCU, 0x10) == 1) mcuPowerOff();
if((i2cReadRegister(I2C_DEV_MCU, 0x10) & 1)== 1) mcuPowerOff();
oldKey = 0;
dPadDelay = 0;
continue;
}
if(key == oldKey && (!isMenu || (!(key & DPAD_BUTTONS) || chrono() < dPadDelay))) continue;
if(key == oldKey && (!isMenu || (!(key & DPAD_BUTTONS) || chrono() - initialValue < dPadDelay))) continue;
//Make sure the key is pressed
u32 i;
@@ -101,17 +116,27 @@ void mcuPowerOff(void)
void wait(u64 amount)
{
startChrono();
while(chrono() < amount);
u64 initialValue = chrono();
while(chrono() - initialValue < amount);
}
void error(const char *message)
void error(const char *fmt, ...)
{
if(!isFirmlaunch)
{
char buf[DRAW_MAX_FORMATTED_STRING_SIZE + 1];
va_list args;
va_start(args, fmt);
vsprintf(buf, fmt, args);
va_end(args);
initScreens();
drawString(true, 10, 10, COLOR_RED, "An error has occurred:");
u32 posY = drawString(true, 10, 30, COLOR_WHITE, message);
u32 posY = drawString(true, 10, 30, COLOR_WHITE, buf);
drawString(true, 10, posY + 2 * SPACING_Y, COLOR_WHITE, "Press any button to shutdown");
waitInput(false);

14
source/utils.h
View File

@@ -1,6 +1,6 @@
/*
* This file is part of Luma3DS
* Copyright (C) 2016 Aurora Wright, TuxSH
* Copyright (C) 2016-2017 Aurora Wright, TuxSH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,9 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
* reasonable legal notices or author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* Additional Terms 7.b and 7.c of GPLv3 apply to this file:
* * Requiring preservation of specified reasonable legal notices or
* author attributions in that material or in the Appropriate Legal
* Notices displayed by works containing it.
* * Prohibiting misrepresentation of the origin of that material,
* or requiring that modified versions of such material be marked in
* reasonable ways as different from the original version.
*/
/*
@@ -35,4 +39,4 @@
u32 waitInput(bool isMenu);
void mcuPowerOff(void);
void wait(u64 amount);
void error(const char *message);
void error(const char *fmt, ...);

0
injector/LICENSE → sysmodules/loader/LICENSE
View File

9
injector/Makefile → sysmodules/loader/Makefile
View File

@@ -11,7 +11,7 @@ name := $(shell basename $(CURDIR))
dir_source := source
dir_patches := patches
dir_build := build
dir_out := ../$(dir_build)
dir_out := ../../$(dir_build)
LIBS := -lctru
LIBDIRS := $(CTRULIB)
@@ -33,7 +33,7 @@ define bin2o
endef
.PHONY: all
all: $(dir_out)/$(name).bin
all: $(dir_out)/$(name).cxi
.PHONY: clean
clean:
@@ -41,10 +41,7 @@ clean:
.PRECIOUS: $(dir_build)/%.bin
$(dir_build):
@mkdir -p "$@"
$(dir_out)/$(name).bin: $(dir_build)/$(name).elf
$(dir_out)/$(name).cxi: $(dir_build)/$(name).elf
@makerom -f ncch -rsf loader.rsf -nocodepadding -o $@ -elf $<
$(dir_build)/$(name).elf: $(bundled) $(objects)

0
injector/README.md → sysmodules/loader/README.md
View File

3
injector/loader.rsf → sysmodules/loader/loader.rsf
View File

@@ -102,6 +102,7 @@ AccessControlInfo:
UnmapMemoryBlock: 32
WaitSynchronization1: 36
WaitSynchronizationN: 37
KernelSetState: 124
InterruptNumbers:
ServiceAccessControl:
- fs:LDR
@@ -112,4 +113,4 @@ AccessControlInfo:
SystemControlInfo:
SaveDataSize: 0KB # It doesn't use any save data.
RemasterVersion: 0
StackSize: 0x1000
StackSize: 0x1000

0
injector/patches/romfsredir.s → sysmodules/loader/patches/romfsredir.s
View File

99
sysmodules/loader/source/exheader.h Executable file
View File

@@ -0,0 +1,99 @@
#pragma once
#include <3ds/types.h>
typedef struct
{
u8 reserved[5];
u8 flag;
u8 remasterversion[2];
} PACKED exheader_systeminfoflags;
typedef struct
{
u32 address;
u32 nummaxpages;
u32 codesize;
} PACKED exheader_codesegmentinfo;
typedef struct
{
u8 name[8];
exheader_systeminfoflags flags;
exheader_codesegmentinfo text;
u8 stacksize[4];
exheader_codesegmentinfo ro;
u8 reserved[4];
exheader_codesegmentinfo data;
u32 bsssize;
} PACKED exheader_codesetinfo;
typedef struct
{
u64 programid[0x30];
} PACKED exheader_dependencylist;
typedef struct
{
u8 savedatasize[4];
u8 reserved[4];
u8 jumpid[8];
u8 reserved2[0x30];
} PACKED exheader_systeminfo;
typedef struct
{
u8 extsavedataid[8];
u8 systemsavedataid[8];
u8 reserved[8];
u8 accessinfo[7];
u8 otherattributes;
} PACKED exheader_storageinfo;
typedef struct
{
u64 programid;
u32 coreversion;
u8 flags[3];
u8 priority;
u16 resourcelimitdescriptor[0x10];
exheader_storageinfo storageinfo;
u64 serviceaccesscontrol[0x22];
u8 reserved[0xf];
u8 resourcelimitcategory;
} PACKED exheader_arm11systemlocalcaps;
typedef struct
{
u32 descriptors[28];
u8 reserved[0x10];
} PACKED exheader_arm11kernelcapabilities;
typedef struct
{
u8 descriptors[15];
u8 descversion;
} PACKED exheader_arm9accesscontrol;
typedef struct
{
// systemcontrol info {
// coreinfo {
exheader_codesetinfo codesetinfo;
exheader_dependencylist deplist;
// }
exheader_systeminfo systeminfo;
// }
// accesscontrolinfo {
exheader_arm11systemlocalcaps arm11systemlocalcaps;
exheader_arm11kernelcapabilities arm11kernelcaps;
exheader_arm9accesscontrol arm9accesscontrol;
// }
struct {
u8 signature[0x100];
u8 ncchpubkeymodulus[0x100];
exheader_arm11systemlocalcaps arm11systemlocalcaps;
exheader_arm11kernelcapabilities arm11kernelcaps;
exheader_arm9accesscontrol arm9accesscontrol;
} PACKED accessdesc;
} PACKED exheader_header;

0
injector/source/fsldr.c → sysmodules/loader/source/fsldr.c
View File

0
injector/source/fsldr.h → sysmodules/loader/source/fsldr.h
View File

0
injector/source/fsreg.c → sysmodules/loader/source/fsreg.c
View File

0
injector/source/fsreg.h → sysmodules/loader/source/fsreg.h
View File

0
injector/source/ifile.c → sysmodules/loader/source/ifile.c
View File

0
injector/source/ifile.h → sysmodules/loader/source/ifile.h
View File

86
injector/source/loader.c → sysmodules/loader/source/loader.c
View File

@@ -8,7 +8,8 @@
#include "pxipm.h"
#include "srvsys.h"
#define MAX_SESSIONS 1
#define MAX_SESSIONS 1
#define HBLDR_3DSX_TID (*(vu64 *)0x1FF81100)
const char CODE_PATH[] = {0x01, 0x00, 0x00, 0x00, 0x2E, 0x63, 0x6F, 0x64, 0x65, 0x00, 0x00, 0x00};
@@ -163,13 +164,28 @@ static Result load_code(u64 progid, prog_addrs_t *shared, u64 prog_handle, int i
return 0;
}
static Result HBLDR_Init(Handle *session)
{
Result res;
while (1)
{
res = svcConnectToPort(session, "hb:ldr");
if (R_LEVEL(res) != RL_PERMANENT ||
R_SUMMARY(res) != RS_NOTFOUND ||
R_DESCRIPTION(res) != RD_NOT_FOUND
) break;
svcSleepThread(500000);
}
return res;
}
static Result loader_GetProgramInfo(exheader_header *exheader, u64 prog_handle)
{
Result res;
if (prog_handle >> 32 == 0xFFFF0000)
{
return FSREG_GetProgramInfo(exheader, 1, prog_handle);
res = FSREG_GetProgramInfo(exheader, 1, prog_handle);
}
else
{
@@ -178,13 +194,41 @@ static Result loader_GetProgramInfo(exheader_header *exheader, u64 prog_handle)
//so use PXIPM if FSREG fails OR returns "info", is the second condition a bug?
if (R_FAILED(res) || (R_SUCCEEDED(res) && R_LEVEL(res) != RL_SUCCESS))
{
return PXIPM_GetProgramInfo(exheader, prog_handle);
res = PXIPM_GetProgramInfo(exheader, prog_handle);
}
else
{
return FSREG_GetProgramInfo(exheader, 1, prog_handle);
res = FSREG_GetProgramInfo(exheader, 1, prog_handle);
}
}
if (R_SUCCEEDED(res))
{
// Force always having sdmc:/ and nand:/rw permission
exheader->arm11systemlocalcaps.storageinfo.accessinfo[0] |= 0x480;
exheader->accessdesc.arm11systemlocalcaps.storageinfo.accessinfo[0] |= 0x480;
// Tweak 3dsx placeholder title exheader
if (exheader->arm11systemlocalcaps.programid == HBLDR_3DSX_TID)
{
Handle hbldr = 0;
res = HBLDR_Init(&hbldr);
if (R_SUCCEEDED(res))
{
u32* cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(4,0,2);
cmdbuf[1] = IPC_Desc_Buffer(sizeof(*exheader), IPC_BUFFER_RW);
cmdbuf[2] = (u32)exheader;
res = svcSendSyncRequest(hbldr);
svcCloseHandle(hbldr);
if (R_SUCCEEDED(res)) {
res = cmdbuf[1];
}
}
}
}
return res;
}
static Result loader_LoadProcess(Handle *process, u64 prog_handle)
@@ -228,6 +272,39 @@ static Result loader_LoadProcess(Handle *process, u64 prog_handle)
return MAKERESULT(RL_PERMANENT, RS_INVALIDARG, 1, 2);
}
// check for 3dsx process
progid = g_exheader.arm11systemlocalcaps.programid;
if (progid == HBLDR_3DSX_TID)
{
Handle hbldr = 0;
res = HBLDR_Init(&hbldr);
if (R_FAILED(res))
{
return res;
}
u32* cmdbuf = getThreadCommandBuffer();
cmdbuf[0] = IPC_MakeHeader(1,6,0);
cmdbuf[1] = g_exheader.codesetinfo.text.address;
cmdbuf[2] = flags & 0xF00;
cmdbuf[3] = progid;
cmdbuf[4] = progid>>32;
memcpy(&cmdbuf[5], g_exheader.codesetinfo.name, 8);
res = svcSendSyncRequest(hbldr);
svcCloseHandle(hbldr);
if (R_SUCCEEDED(res))
{
res = cmdbuf[1];
}
if (R_FAILED(res))
{
return res;
}
codeset = (Handle)cmdbuf[3];
res = svcCreateProcess(process, codeset, g_exheader.arm11kernelcaps.descriptors, count);
svcCloseHandle(codeset);
return res;
}
// allocate process memory
vaddr.text_addr = g_exheader.codesetinfo.text.address;
vaddr.text_size = (g_exheader.codesetinfo.text.codesize + 4095) >> 12;
@@ -243,7 +320,6 @@ static Result loader_LoadProcess(Handle *process, u64 prog_handle)
}
// load code
progid = g_exheader.arm11systemlocalcaps.programid;
if ((res = load_code(progid, &shared_addr, prog_handle, g_exheader.codesetinfo.flags.flag & 1)) >= 0)
{
memcpy(&codesetinfo.name, g_exheader.codesetinfo.name, 8);

0
injector/source/memory.c → sysmodules/loader/source/memory.c
View File

0
injector/source/memory.h → sysmodules/loader/source/memory.h
View File

353
injector/source/patcher.c → sysmodules/loader/source/patcher.c
View File

@@ -4,10 +4,10 @@
#include "strings.h"
#include "fsldr.h"
#include "ifile.h"
#include "CFWInfo.h"
#include "../build/bundled.h"
static CFWInfo info;
static u32 config;
static bool isN3DS, isSafeMode, isSdMode;
static u32 patchMemory(u8 *start, u32 size, const void *pattern, u32 patSize, s32 offset, const void *replace, u32 repSize, u32 count)
{
@@ -40,19 +40,19 @@ static Result fileOpen(IFile *file, FS_ArchiveID archiveId, const char *path, in
return IFile_Open(file, archiveId, archivePath, filePath, flags);
}
static u32 dirCheck(FS_ArchiveID archiveId, const char *path)
static bool dirCheck(FS_ArchiveID archiveId, const char *path)
{
u32 ret;
bool ret;
Handle handle;
FS_Archive archive;
FS_Path dirPath = {PATH_ASCII, strnlen(path, 255) + 1, path},
archivePath = {PATH_EMPTY, 1, (u8 *)""};
if(R_FAILED(FSLDR_OpenArchive(&archive, archiveId, archivePath))) ret = 1;
if(R_FAILED(FSLDR_OpenArchive(&archive, archiveId, archivePath))) ret = false;
else
{
ret = R_SUCCEEDED(FSLDR_OpenDirectory(&handle, archive, dirPath)) ? 0 : 2;
if(!ret) FSDIR_Close(handle);
ret = R_SUCCEEDED(FSLDR_OpenDirectory(&handle, archive, dirPath));
if(ret) FSDIR_Close(handle);
FSLDR_CloseArchive(archive);
}
@@ -61,34 +61,36 @@ static u32 dirCheck(FS_ArchiveID archiveId, const char *path)
static bool openLumaFile(IFile *file, const char *path)
{
Result res = fileOpen(file, ARCHIVE_SDMC, path, FS_OPEN_READ);
FS_ArchiveID archiveId = isSdMode ? ARCHIVE_SDMC : ARCHIVE_NAND_RW;
if(R_SUCCEEDED(res)) return true;
//Returned if SD is not mounted
return (u32)res == 0xC88044AB && R_SUCCEEDED(fileOpen(file, ARCHIVE_NAND_RW, path, FS_OPEN_READ));
return R_SUCCEEDED(fileOpen(file, archiveId, path, FS_OPEN_READ));
}
static u32 checkLumaDir(const char *path)
{
u32 res = dirCheck(ARCHIVE_SDMC, path);
FS_ArchiveID archiveId = isSdMode ? ARCHIVE_SDMC : ARCHIVE_NAND_RW;
if(!res) return ARCHIVE_SDMC;
return res == 1 && !dirCheck(ARCHIVE_NAND_RW, path) ? ARCHIVE_NAND_RW : 0;
return dirCheck(archiveId, path) ? archiveId : 0;
}
static inline void loadCFWInfo(void)
{
static bool infoLoaded = false;
s64 out;
if(infoLoaded) return;
svcGetCFWInfo(&info);
if(R_FAILED(svcGetSystemInfo(&out, 0x10000, 2))) svcBreak(USERBREAK_ASSERT);
config = (u32)out;
if(R_FAILED(svcGetSystemInfo(&out, 0x10000, 4))) svcBreak(USERBREAK_ASSERT);
isN3DS = (bool)out;
if(R_FAILED(svcGetSystemInfo(&out, 0x10000, 5))) svcBreak(USERBREAK_ASSERT);
isSafeMode = (bool)out;
if(R_FAILED(svcGetSystemInfo(&out, 0x10000, 6))) svcBreak(USERBREAK_ASSERT);
isSdMode = (bool)out;
IFile file;
if(LOADERFLAG(ISSAFEMODE)) fileOpen(&file, ARCHIVE_SDMC, "/", FS_OPEN_READ); //Init SD card if SAFE_MODE is being booted
if(isSafeMode) fileOpen(&file, ARCHIVE_SDMC, "/", FS_OPEN_READ); //Init SD card if SAFE_MODE is being booted
infoLoaded = true;
}
@@ -164,116 +166,6 @@ exit:
IFile_Close(&file);
}
static inline u8 *getCfgOffsets(u8 *code, u32 size, u32 *CFGUHandleOffset)
{
/* HANS:
Look for error code which is known to be stored near cfg:u handle
this way we can find the right candidate
(handle should also be stored right after end of candidate function) */
u32 n = 0,
possible[24];
for(u8 *pos = code + 16; n < 24 && pos <= code + size - 16; pos += 4)
{
if(*(u32 *)pos != 0xD8A103F9) continue;
for(u32 *l = (u32 *)pos - 4; n < 24 && l < (u32 *)pos + 4; l++)
if(*l <= 0x10000000) possible[n++] = *l;
}
if(!n) return NULL;
for(u8 *CFGU_GetConfigInfoBlk2_endPos = code; CFGU_GetConfigInfoBlk2_endPos <= code + size - 12; CFGU_GetConfigInfoBlk2_endPos += 4)
{
//There might be multiple implementations of GetConfigInfoBlk2 but let's search for the one we want
u32 *cmp = (u32 *)CFGU_GetConfigInfoBlk2_endPos;
if(cmp[0] != 0xE8BD8010 || cmp[1] != 0x00010082) continue;
for(u32 i = 0; i < n; i++)
if(possible[i] == cmp[2])
{
*CFGUHandleOffset = cmp[2];
return CFGU_GetConfigInfoBlk2_endPos;
}
CFGU_GetConfigInfoBlk2_endPos += 4;
}
return NULL;
}
static inline bool patchCfgGetLanguage(u8 *code, u32 size, u8 languageId, u8 *CFGU_GetConfigInfoBlk2_endPos)
{
u8 *CFGU_GetConfigInfoBlk2_startPos; //Let's find STMFD SP (there might be a NOP before, but nevermind)
for(CFGU_GetConfigInfoBlk2_startPos = CFGU_GetConfigInfoBlk2_endPos - 4;
*((u16 *)CFGU_GetConfigInfoBlk2_startPos + 1) != 0xE92D; CFGU_GetConfigInfoBlk2_startPos -= 4)
if(CFGU_GetConfigInfoBlk2_startPos < code + 4) return false;
for(u8 *languageBlkIdPos = code; languageBlkIdPos <= code + size - 4; languageBlkIdPos += 4)
{
if(*(u32 *)languageBlkIdPos != 0xA0002) continue;
for(u8 *instr = languageBlkIdPos - 8; instr >= languageBlkIdPos - 0x1008 && instr >= code + 4; instr -= 4) //Should be enough
{
if(instr[3] != 0xEB) continue; //We're looking for BL
u8 *calledFunction = instr;
u32 i = 0;
do
{
u32 low24 = (*(u32 *)calledFunction & 0x00FFFFFF) << 2;
u32 signMask = (u32)(-(low24 >> 25)) & 0xFC000000; //Sign extension
s32 offset = (s32)(low24 | signMask) + 8; //Branch offset + 8 for prefetch
calledFunction += offset;
if(calledFunction >= CFGU_GetConfigInfoBlk2_startPos - 4 && calledFunction <= CFGU_GetConfigInfoBlk2_endPos)
{
*((u32 *)instr - 1) = 0xE3A00000 | languageId; //mov r0, sp => mov r0, =languageId
*(u32 *)instr = 0xE5CD0000; //bl CFGU_GetConfigInfoBlk2 => strb r0, [sp]
*((u32 *)instr + 1) = 0xE3B00000; //(1 or 2 instructions) => movs r0, 0 (result code)
//We're done
return true;
}
i++;
}
while(i < 2 && calledFunction[3] == 0xEA);
}
}
return false;
}
static inline void patchCfgGetRegion(u8 *code, u32 size, u8 regionId, u32 CFGUHandleOffset)
{
for(u8 *cmdPos = code; cmdPos <= code + size - 28; cmdPos += 4)
{
u32 *cmp = (u32 *)cmdPos;
if(*cmp != 0xE3A00802) continue;
for(u32 i = 1; i < 3; i++)
if((*(cmp - i) & 0xFFFF0FFF) == 0xEE1D0F70 && *((u16 *)cmdPos + 5) == 0xE59F &&
*(u32 *)(cmdPos + 16 + *((u16 *)cmdPos + 4)) == CFGUHandleOffset)
{
cmp[3] = 0xE3A00000 | regionId; //mov r0, =regionId
cmp[4] = 0xE5C40008; //strb r0, [r4, #8]
cmp[5] = 0xE3A00000; //mov r0, #0 (result code)
cmp[6] = 0xE5840004; //str r0, [r4, #4]
//The remaining, not patched, function code will do the rest for us
return;
}
}
}
static u32 findFunctionStart(u8 *code, u32 pos)
{
while(pos >= 4)
@@ -485,55 +377,97 @@ static inline bool loadTitleCodeSection(u64 progId, u8 *code, u32 size)
return ret;
}
static inline bool loadTitleLocaleConfig(u64 progId, u8 *regionId, u8 *languageId)
static inline bool loadTitleLocaleConfig(u64 progId, u8 *mask, u8 *regionId, u8 *languageId, u8 *countryId, u8 *stateId)
{
/* Here we look for "/luma/titles/[u64 titleID in hex, uppercase]/locale.txt"
If it exists it should contain, for example, "EUR IT" */
char path[] = "/luma/titles/0000000000000000/locale.txt";
progIdToStr(path + 28, progId);
*mask = *regionId = *languageId = *countryId = *stateId = 0;
IFile file;
if(!openLumaFile(&file, path)) return true;
if(!openLumaFile(&file, path)) return false;
bool ret = false;
u64 fileSize;
if(R_FAILED(IFile_GetSize(&file, &fileSize)) || fileSize < 6 || fileSize > 8) goto exit;
if(R_FAILED(IFile_GetSize(&file, &fileSize)) || fileSize < 3) goto exit;
if(fileSize >= 12) fileSize = 12;
char buf[8];
char buf[12] = "------------";
u64 total;
if(R_FAILED(IFile_Read(&file, &total, buf, fileSize))) goto exit;
static const char *regions[] = {"JPN", "USA", "EUR", "AUS", "CHN", "KOR", "TWN"},
*languages[] = {"JP", "EN", "FR", "DE", "IT", "ES", "ZH", "KO", "NL", "PT", "RU", "TW"};
ret = true;
static const char *regions[] = {"--", "JPN", "USA", "EUR", "AUS", "CHN", "KOR", "TWN"},
*languages[] = {"--", "JP", "EN", "FR", "DE", "IT", "ES", "ZH", "KO", "NL", "PT", "RU", "TW"},
*countries[] = {"--", "JP", "--", "--", "--", "--", "--", "--", "AI", "AG", "AR", "AW",
"BS", "BB", "BZ", "BO", "BR", "VG", "CA", "KY", "CL", "CO", "CR", "DM",
"DO", "EC", "SV", "GF", "GD", "GP", "GT", "GY", "HT", "HN", "JM", "MQ",
"MX", "MS", "AN", "NI", "PA", "PY", "PE", "KN", "LC", "VC", "SR", "TT",
"TC", "US", "UY", "VI", "VE", "--", "--", "--", "--", "--", "--", "--",
"--", "--", "--", "--", "AL", "AU", "AT", "BE", "BA", "BW", "BG", "HR",
"CY", "CZ", "DK", "EE", "FI", "FR", "DE", "GR", "HU", "IS", "IE", "IT",
"LV", "LS", "LI", "LT", "LU", "MK", "MT", "ME", "MZ", "NA", "NL", "NZ",
"NO", "PL", "PT", "RO", "RU", "RS", "SK", "SI", "ZA", "ES", "SZ", "SE",
"CH", "TR", "GB", "ZM", "ZW", "AZ", "MR", "ML", "NE", "TD", "SD", "ER",
"DJ", "SO", "AD", "GI", "GG", "IM", "JE", "MC", "TW", "--", "--", "--",
"--", "--", "--", "--", "KR", "--", "--", "--", "--", "--", "--", "--",
"HK", "MO", "--", "--", "--", "--", "--", "--", "ID", "SG", "TH", "PH",
"MY", "--", "--", "--", "CN", "--", "--", "--", "--", "--", "--", "--",
"AE", "IN", "EG", "OM", "QA", "KW", "SA", "SY", "BH", "JO", "--", "--",
"--", "--", "--", "--", "SM", "VA"};
u32 i;
for(i = 0; i < sizeof(regions) / sizeof(char *); i++)
{
if(memcmp(buf, regions[i], 3) == 0)
if(memcmp(buf, regions[i], 3) == 0 && i != 0)
{
*regionId = (u8)i;
*regionId = (u8)(i - 1);
*mask |= 1;
break;
}
}
if(i != sizeof(regions) / sizeof(char *))
for(i = 0; fileSize >= 6 && i < sizeof(languages) / sizeof(char *); i++)
{
for(i = 0; i < sizeof(languages) / sizeof(char *); i++)
if(memcmp(buf + 4, languages[i], 2) == 0 && i != 0)
{
if(memcmp(buf + 4, languages[i], 2) == 0)
{
*languageId = (u8)i;
ret = true;
break;
}
*languageId = (u8)(i - 1);
*mask |= 2;
break;
}
}
for(i = 0; fileSize >= 9 && i < sizeof(countries) / sizeof(char *); i++)
{
if(memcmp(buf + 7, countries[i], 2) == 0 && i != 0)
{
*countryId = (u8)i;
*mask |= 4;
break;
}
}
if(fileSize >= 12 &&
((buf[10] >= '0' && buf[10] <= '9') || (buf[10] >= 'a' && buf[10] <= 'f') || (buf[10] >= 'A' && buf[10] <= 'F')) &&
((buf[11] >= '0' && buf[11] <= '9') || (buf[11] >= 'a' && buf[11] <= 'f') || (buf[11] >= 'A' && buf[11] <= 'F')))
{
if (buf[10] >= '0' && buf[10] <= '9') *stateId = 16 * (buf[10] - '0');
else if(buf[10] >= 'a' && buf[10] <= 'f') *stateId = 16 * (buf[10] - 'a');
else if(buf[10] >= 'A' && buf[10] <= 'F') *stateId = 16 * (buf[10] - 'A');
if (buf[11] >= '0' && buf[11] <= '9') *stateId += buf[11] - '0';
else if(buf[11] >= 'a' && buf[11] <= 'f') *stateId += buf[11] - 'a';
else if(buf[11] >= 'A' && buf[11] <= 'F') *stateId += buf[11] - 'A';
*mask |= 8;
}
exit:
IFile_Close(&file);
@@ -634,29 +568,61 @@ void patchCode(u64 progId, u16 progVer, u8 *code, u32 size, u32 textSize, u32 ro
{
loadCFWInfo();
if(((progId == 0x0004003000008F02LL || //USA Home Menu
progId == 0x0004003000008202LL || //JPN Home Menu
progId == 0x0004003000009802LL) //EUR Home Menu
&& progVer > 4) ||
(progId == 0x000400300000A902LL //KOR Home Menu
&& progVer > 0) ||
progId == 0x000400300000A102LL || //CHN Home Menu
progId == 0x000400300000B102LL) //TWN Home Menu
if(progId == 0x0004003000008F02LL || //USA Home Menu
progId == 0x0004003000008202LL || //JPN Home Menu
progId == 0x0004003000009802LL || //EUR Home Menu
progId == 0x000400300000A902LL || //KOR Home Menu
progId == 0x000400300000A102LL || //CHN Home Menu
progId == 0x000400300000B102LL) //TWN Home Menu
{
bool applyRegionFreePatch = true;
switch(progId)
{
case 0x0004003000008F02LL: //USA Home Menu
case 0x0004003000008202LL: //JPN Home Menu
case 0x0004003000009802LL: //EUR Home Menu
if(progVer <= 4) applyRegionFreePatch = false;
break;
case 0x000400300000A902LL: //KOR Home Menu
if(!progVer) applyRegionFreePatch = false;
break;
}
if(applyRegionFreePatch)
{
static const u8 pattern[] = {
0x0A, 0x0C, 0x00, 0x10
},
patch[] = {
0x01, 0x00, 0xA0, 0xE3, 0x1E, 0xFF, 0x2F, 0xE1
};
//Patch SMDH region checks
if(!patchMemory(code, textSize,
pattern,
sizeof(pattern), -31,
patch,
sizeof(patch), 1
)) goto error;
}
static const u8 pattern[] = {
0x0A, 0x0C, 0x00, 0x10
},
patch[] = {
0x01, 0x00, 0xA0, 0xE3, 0x1E, 0xFF, 0x2F, 0xE1
0x10, 0xD1, 0xE5, 0x08, 0x00, 0x8D
};
//Patch SMDH region checks
if(!patchMemory(code, textSize,
pattern,
sizeof(pattern), -31,
patch,
sizeof(patch), 1
)) goto error;
u8 *temp = memsearch(code, pattern, textSize, sizeof(pattern));
if(temp == NULL) goto error;
u32 additive = findFunctionStart(code, (u32)(temp - code - 1));
if(additive == 0xFFFFFFFF) goto error;
u32 *off = (u32 *)(code + additive);
off[0] = 0xE3A00000; //mov r0, #0
off[1] = 0xE12FFF1E; //bx lr
}
else if(progId == 0x0004013000003202LL) //FRIENDS
@@ -748,7 +714,7 @@ void patchCode(u64 progId, u16 progVer, u8 *code, u32 size, u32 textSize, u32 ro
if(ret == 0 || (ret == 1 && progVer > 0xB)) goto error;
}
if(LOADERFLAG(ISN3DS))
if(isN3DS)
{
u32 cpuSetting = MULTICONFIG(NEWCPU);
@@ -769,6 +735,11 @@ void patchCode(u64 progId, u16 progVer, u8 *code, u32 size, u32 textSize, u32 ro
*(off + 3) = 0xE3800000 | cpuSetting;
}
}
// Makes ErrDisp to not start up
static const u64 errDispTid = 0x0004003000008A02ULL;
u32 *errDispTidLoc = (u32 *)memsearch(code, &errDispTid, size, sizeof(errDispTid));
*(errDispTidLoc - 6) = 0xE3A00000; // mov r0, #0
}
else if(progId == 0x0004013000001702LL) //CFG
@@ -839,33 +810,6 @@ void patchCode(u64 progId, u16 progVer, u8 *code, u32 size, u32 textSize, u32 ro
)) goto error;
}
else if(progId == 0x0004003000008A02LL && CONFIG(ENABLEEXCEPTIONHANDLERS) && !CONFIG(PATCHUNITINFO)) //ErrDisp
{
static const u8 pattern[] = {
0x00, 0xD0, 0xE5, 0xDB
},
pattern2[] = {
0x14, 0x00, 0xD0, 0xE5, 0x01
},
patch[] = {
0x00, 0x00, 0xA0, 0xE3
};
//Patch UNITINFO checks to make ErrDisp more verbose
if(!patchMemory(code, textSize,
pattern,
sizeof(pattern), -1,
patch,
sizeof(patch), 1
) ||
patchMemory(code, textSize,
pattern2,
sizeof(pattern2), 0,
patch,
sizeof(patch), 3
) != 3) goto error;
}
else if(progId == 0x0004013000002802LL) //DLP
{
static const u8 pattern[] = {
@@ -891,22 +835,15 @@ void patchCode(u64 progId, u16 progVer, u8 *code, u32 size, u32 textSize, u32 ro
if((u32)((progId >> 0x20) & 0xFFFFFFEDULL) == 0x00040000)
{
u8 regionId = 0xFF,
languageId;
u8 mask,
regionId,
languageId,
countryId,
stateId;
if(!loadTitleLocaleConfig(progId, &regionId, &languageId) ||
!patchLayeredFs(progId, code, size, textSize, roSize, dataSize, roAddress, dataAddress)) goto error;
if(regionId != 0xFF)
{
u32 CFGUHandleOffset;
u8 *CFGU_GetConfigInfoBlk2_endPos = getCfgOffsets(code, textSize, &CFGUHandleOffset);
if(CFGU_GetConfigInfoBlk2_endPos == NULL ||
!patchCfgGetLanguage(code, textSize, languageId, CFGU_GetConfigInfoBlk2_endPos)) goto error;
patchCfgGetRegion(code, textSize, regionId, CFGUHandleOffset);
}
if(loadTitleLocaleConfig(progId, &mask, &regionId, &languageId, &countryId, &stateId))
svcKernelSetState(0x10001, ((u32)stateId << 24) | ((u32)countryId << 16) | ((u32)languageId << 8) | ((u32)regionId << 4) | (u32)mask , progId);
if(!patchLayeredFs(progId, code, size, textSize, roSize, dataSize, roAddress, dataAddress)) goto error;
}
}

16
injector/source/patcher.h → sysmodules/loader/source/patcher.h
View File

@@ -5,10 +5,9 @@
#define MAKE_BRANCH(src,dst) (0xEA000000 | ((u32)((((u8 *)(dst) - (u8 *)(src)) >> 2) - 2) & 0xFFFFFF))
#define MAKE_BRANCH_LINK(src,dst) (0xEB000000 | ((u32)((((u8 *)(dst) - (u8 *)(src)) >> 2) - 2) & 0xFFFFFF))
#define CONFIG(a) (((info.config >> (a + 17)) & 1) != 0)
#define MULTICONFIG(a) ((info.config >> (a * 2 + 7)) & 3)
#define BOOTCONFIG(a, b) ((info.config >> a) & b)
#define LOADERFLAG(a) ((info.flags >> (a + 4)) & 1) != 0
#define CONFIG(a) (((config >> (a + 17)) & 1) != 0)
#define MULTICONFIG(a) ((config >> (a * 2 + 7)) & 3)
#define BOOTCONFIG(a, b) ((config >> a) & b)
#define BOOTCFG_NAND BOOTCONFIG(0, 7)
#define BOOTCFG_FIRM BOOTCONFIG(3, 7)
@@ -32,14 +31,7 @@ enum singleOptions
PATCHVERSTRING,
SHOWGBABOOT,
PATCHACCESS,
PATCHUNITINFO,
ENABLEEXCEPTIONHANDLERS
};
enum flags
{
ISN3DS = 0,
ISSAFEMODE
PATCHUNITINFO
};
void patchCode(u64 progId, u16 progVer, u8 *code, u32 size, u32 textSize, u32 roSize, u32 dataSize, u32 roAddress, u32 dataAddress);

0
injector/source/pxipm.c → sysmodules/loader/source/pxipm.c
View File

0
injector/source/pxipm.h → sysmodules/loader/source/pxipm.h
View File

Some files were not shown because too many files have changed in this diff Show More